SecurityFocus

Fwd: CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library routines 2003-03-20
Muhammad Faisal Rauf Danka (mfrd attitudex com)

*** There is an attachment in this mail. ***

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Select your own custom email a

[ more ] [ reply ]

Microsoft Security Bulletin MS03-009: Flaw In ISA Server DNS Intrusion Detection Filter Can Cause Denial Of Service (331065) (fwd) 2003-03-20
Dave Ahmad (da securityfocus com)

David Mirza Ahmad
Symantec

"sabbe dhamma anatta"

0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12

---------- Forwarded message ----------

-----BEGIN PGP SIGNED MESSAGE-----

- -------------------------------------------------------------------
Title: Flaw In ISA Serv

[ more ] [ reply ]

[Sorcerer-spells] GLIBC-SORCERER2003-03-20 2003-03-20
Michael Walton (mwalton abilene com)

[ more ] [ reply ]

[RHSA-2003:088-01] New kernel 2.2 packages fix vulnerabilities 2003-03-20
bugzilla redhat com

---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: New kernel 2.2 packages fix vulnerabilities
Advisory ID: RHSA-2003:088-01
Issue date: 2003-03-20
Updated on: 2003-03-20
Product: Red Ha

[ more ] [ reply ]

[ESA-20030320-010] Several vulnerabilities in the OpenSSL toolkit. 2003-03-20
EnGarde Secure Linux (security guardiandigital com)

Security Update: [CSSA-2003-013.0] Linux: integer overflow vulnerability in XDR/RPC routines 2003-03-20
security sco com

To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed]

________________________________________________________________________
______

SCO Security Advisory

Subject: Linux: integer overflow vulnerability in XDR/RPC routines
Advisory number: CSSA-2003-013.0

[ more ] [ reply ]

mutt-1.4.1 fixes a buffer overflow. 2003-03-19
Thomas Roessler (roessler does-not-exist org)

Mutt versions 1.4.1 and 1.5.4 have just been released and will soon
be available from ftp://ftp.mutt.org/mutt/.

Both versions fix a buffer overflow in mutt's IMAP client code which
was identified by Core Security Technologies, and fixed by Edmund
Grimley Evans. A more detailed advisory will be pub

[ more ] [ reply ]

CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent 2003-03-19
CORE SECURITY TECHNOLOGIES ADVISORIES (advisories coresecurity com)

Core Security Technologies Advisory
http://www.coresecurity.com

Multiple vulnerabilities in Ximian's Evolution Mail User Agent

Date Published: 2003-03-19

Last Update: 2003-03-19

Advisory ID: CORE-20030304-01

Bugtraq IDs: 7117, 7118, 7119

[ more ] [ reply ]

iDEFENSE Security Advisory 03.19.03: Heap Overflow in Windows Script Engine 2003-03-19
iDEFENSE Labs (labs idefense com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

iDEFENSE Security Advisory 03.19.03:
http://www.idefense.com/advisory/03.19.03.txt
Heap Overflow in Windows Script Engine
March 19, 2003

I. BACKGROUND

Microsoft Corp.'s Windows Script Engine within the Windows operating
system (OS) interprets and exec

[ more ] [ reply ]

Java Security Fixes on IRIX 2003-03-19
SGI Security Coordinator (agent99 sgi com)

[RHSA-2003:089-00] Updated glibc packages fix vulnerabilities in RPC XDR decoder 2003-03-19
bugzilla redhat com

---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated glibc packages fix vulnerabilities in RPC XDR decoder
Advisory ID: RHSA-2003:089-00
Issue date: 2003-03-19
Updated on: 2003-03-19
Product

[ more ] [ reply ]

MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes 2003-03-19
Tom Yu (tlyu mit edu)

RE: EEYE: XDR Integer Overflow 2003-03-19
Sinan Eren (SEren entercept com)

Hi Marc,

I'm looking at the xdrmem_putbytes() from solaris 8 foundation source cd,
/cdrom/s8_foundation_src_en/osnet_volume/usr/src/lib/libnsl/rpc/xdr_mem.
c line 168

static bool_t
xdrmem_getbytes(XDR *xdrs, caddr_t addr, int len)
{
int tmp;

trace2(TR_xdrmem_getbytes, 0, len);

[ more ] [ reply ]

linux kmod/ptrace bug - details 2003-03-19
Andrzej Szombierski (qq kuku eu org)

Hello

There are many discussions (on slashdot for example) on the recent linux
ptrace (& kmod) bug. I'll try to clarify what is this all about.

It's a local root vulnerability. It's exploitable only if:
1. the kernel is built with modules and kernel module loader enabled
and
2. /proc/sys/kernel

[ more ] [ reply ]

[OpenSSL Advisory] Klima-Pokorny-Rosa attack on PKCS #1 v1.5 padding 2003-03-19
Bodo Moeller (bodo openssl org)

OpenSSL Security Advisory [19 March 2003]

Klima-Pokorny-Rosa attack on RSA in SSL/TLS
===========================================

Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa
have come up with an extension of the "Bleichenbacher attack" on RSA
with PKCS #1 v1.5 padding as us

[ more ] [ reply ]

Easy DoS on Kaspersky Anti-Hacker v1.0 2003-03-19
Bojan Zdrnja (Bojan Zdrnja LSS hr)

Product: Kaspersky Anti-Hacker
Version: 1.0
Website: http://www.kaspersky.com/buyonline.html?info=967571

1. Introduction
---------------

Kaspersky Anti-Hacker is a Kaspersky Lab personal firewall product. As other
products in this category, Kaspersky Anti-Hacker allows creation of packet
and appl

[ more ] [ reply ]

SMB/CIFS Security Vulnerability in Samba on IRIX 2003-03-19
SGI Security Coordinator (agent99 sgi com)

EEYE: XDR Integer Overflow 2003-03-19
Marc Maiffret (marc eeye com)

XDR Integer Overflow

Release Date:
March 19, 2003

Severity:
High (Remote Code Execution/Denial of Service)

Systems Affected:

Sun Microsystems Network Services Library (libnsl)
BSD-derived libraries with XDR/RPC routines (libc)
GNU C library with sunrpc (glibc)

Description:

XDR is a standard fo

[ more ] [ reply ]

WF-Chat 2003-03-19
subj (r2subj3ct dwclan org)

Product : WF-Chat

Version : 1.0 Beta

WebSite : http://jid.2yd.ru

Problem : Viewing users account.

Description:

------------

For own a admin accsess in this chat u'r needing view files:

Inicks.txt

!pwds.txt

In short, all informations about registered users be at this files

And acce

[ more ] [ reply ]

[INetCop Security Advisory] ++Danger++ Outblaze Web based e-mail that is exposed in very dangerous state !!! 2003-03-19
dong-h0un U (xploit hackermail com)

==========================================
INetCop Security Advisory #2003-0x82-014.c
==========================================

* Title: ++Danger++ Outblaze Web based e-mail that is exposed in very dangerous state !!!

0x01. Description

Outblaze Web based e-mail is used solution worldwide

[ more ] [ reply ]

SuSE Security Announcement: samba (SuSE-SA:2003:016) 2003-03-19
Marc Heuse (marc suse de)

Resent for Announcement-ID change from SuSE-SA:2003:015 to SuSE-SA:2003:016

-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______

SuSE Security Announcement

Package: samba, samba-client

[ more ] [ reply ]

[OpenPKG-SA-2003.024] OpenPKG Security Advisory (ircii) 2003-03-19
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]

[SECURITY] [DSA 264-1] New lxr packages fix information disclosure 2003-03-19
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 264-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
March 19th, 2003

[ more ] [ reply ]

[OpenPKG-SA-2003.023] OpenPKG Security Advisory (delegate) 2003-03-19
OpenPKG (openpkg openpkg org)

Some XSS vulns 2003-03-18
Ertan Kurt (ertank olympos org)

While searching for a CMS for my site I found out the following:

ezPublish 2.2.7
http://target/search/?SectionIDOverride=1&SearchText=<script>alert(docum
ent.cookie);</script>
also when entered an URL like
http://target/<script>alert('test')</script> and site admin checks
latest served URLs the scri

[ more ] [ reply ]

PHP Message Board/Guestbook 2003-03-18
subj (r2subj3ct dwclan org)

Product : PHP Message Board/Guestbook

Version : First

WebSite : http://www.cyber-cats.com/php

Problem : Viewing passwords file

Description:

------------

In this script passwords are in passwd.txt file

They are encrypted by DES algorithm.

In Shrot, all who want see the passwords can mak

[ more ] [ reply ]

TSLSA-2003-0007 - kernel 2003-03-18
tsl trustix com (Trustix Secure Linux Advisor)

TSLSA-2003-0010 - openssl 2003-03-18
tsl trustix com (Trustix Secure Linux Advisor)

TSLSA-2003-0011 - samba 2003-03-18
tsl trustix com (Trustix Secure Linux Advisor)

[] New samba packages fix security vulnerabilities 2003-03-18
bugzilla redhat com

---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: New samba packages fix security vulnerabilities
Advisory ID: RHSA-2003:095-01
Issue date: 2003-03-17
Updated on: 2003-03-17
Product: Re

[ more ] [ reply ]