---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated Gnome-lokkit packages fix vulnerability
Advisory ID: RHSA-2003:072-00
Issue date: 2003-03-17
Updated on: 2003-03-17
Product: Re

[ more ]  [ reply ]

Remote Administration of BEA WebLogic Server and Express

Release Date:
March 18, 2003

Severity:
High

Systems Affected:
? WebLogic Server and Express 6.0
? WebLogic Server and Express 6.1
? WebLogic Server and Express 7.0

Description:
SPI Labs and S21sec have identified a serious vulnerability

[ more ]  [ reply ]

---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated 2.4 kernel fixes vulnerability
Advisory ID: RHSA-2003:098-00
Issue date: 2003-03-17
Updated on: 2003-03-17
Product: Red Hat Lin

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 263-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
March 17th, 2003

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

MIT krb5 Security Advisory 2003-004

2003-03-17

Topic: Cryptographic weaknesses in Kerberos v4 protocol

Severity: CRITICAL

SUMMARY
=======

A cryptographic weakness in version 4 of the Kerberos protocol allows
an attacker to use a chosen-plaint

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

@stake, Inc.
www.atstake.com

Security Advisory

Advisory Name: ePolicy Orchestrator Format String Vulnerability
Release Date: 03/17/2003
Application: McAfee ePolicy Or

[ more ]  [ reply ]

I've been battling this for a couple of days now too ...

I have one thing to add to what Ken said, and that is ... If you turn on
the Prompt for Unsigned ActiveX Controls, then I've found that you get a
prompt to install and run http://codecs.microsoft.com/objects/ocget.dll
Which clearly is a bug

[ more ]  [ reply ]

Hello Andrew,

1. Thanks a lot for your note about the way to remove users from the
"welcome screen".

I am sorry I was not aware of this workaround when the advisory was
published.
It is a shame MS don't add this procedure to its KB (as far as I
searched there).

I have tested this and, as promised

[ more ]  [ reply ]

Business::OnlinePayment::WorldPay::Junior is a perl module providing a
backend for perl scripts to manage credit/debit card payments through the
WorldPay Select Junior service.

I am the author of the module.

There is a bug in all version of Business::OnlinePayment::WorldPay::Junior
prior to 1.0

[ more ]  [ reply ]

-----Original Message-----
From: Jason Coombs [mailto:jasonc (at) science (dot) org [email concealed]]
Sent: Sunday, February 16, 2003 10:31 AM
To: Bruce Schneier
Subject: RE: CRYPTO-GRAM, February 15, 2003

Aloha, Bruce.

This is in response to your Crypto-Gram discussion of the Sapphire/SQL
Slammer worm that struck Microsof

[ more ]  [ reply ]

Hello,

during development of a pop3 tool I found an issue that makes it possible
for any user to check the validity of a user on a target system. If a user
is valid and an invalid password has been supplied, then the system waits
~10 seconds until it sends a disconnect message and disconnect. If

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

//@(#) Mordred Security Labs advisory

Release date: March 14, 2003
Name: RSA ClearTrust Cross Site Scripting issues
Risk: low
Author: Sir Mordred (mordred (at) s-mail (dot) com [email concealed], http://mslabs.iwebland.com)

I. Description:

The RSA ClearTrust is a Web access management sol

[ more ]  [ reply ]

PROBLEMS WITH WINDOWS SHORTCUTS

========================================================================
======================

Topic: Problems with Windows Shortcuts
Tested With: Windows 98, Windows 2000 Server
Author: S.G.Masood (sgmasood (at) yahoo (dot) com [email concealed])

=======================================

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-262-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Wichert Akkerman
March 15, 2003
- ---------------

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Denial-Of-Service holes in
JDK 1.4.1_01
Security Alert
by
Marc Schoenefeld

(html version at http://www.illegalaccess.org)

Several Java distributions (like the popular JDK 1.4.1 JRE from Sun)
have been found to contain several locally
Denial of Service

[ more ]  [ reply ]

To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed]

________________________________________________________________________
______

SCO Security Advisory

Subject: Linux: KDE rlogin.protocol and telnet.protocol url kio Vulnerability
Advisory number: CSSA-

[ more ]  [ reply ]

Project: Filebased guestbook.
Author: Copyright (c) Urs <urs (at) circle (dot) ch [email concealed]>
Version: 1.1.3
Update: 17-09-2002
Homepage: http://www.circle.ch/scripts/

This PHP guest book script is vulnerable to hostile cross scripting in the
'comment' section of guest book posts. Comments span across multip

[ more ]  [ reply ]

Hi,

I have read both of the original advisories, and all of the replies

on this subject, and nobody yet has properly assessed AND

emphasized the actual risk associated with this tax software.

Lots of software programs do not encrypt sensitive data, but what

makes this tax software differ

[ more ]  [ reply ]

Greetings,

We have run into a problem this afternoon with the copy of
ocget.dll that is located at:
http://codecs.microsoft.com/objects/ocget.dll

It seems that it is either signed improperly, or not at all.

This .dll is loaded automatically by IE when .cab files are
downloaded from the serve

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

//@(#) Mordred Security Labs advisory

Release date: March 15, 2003
Name: Texis sensitive information leak
Versions affected: all versions
Risk: average
Author: Sir Mordred (mordred (at) s-mail (dot) com [email concealed], http://mslabs.iwebland.com)

I. Description:

Thunderstone is an inde

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ]  [ reply ]

Dan Boneh and I have been researching timing attacks against software
crypto libraries. Timing attacks are usually used to attack weak
computing devices such as smartcards. We've successfully developed and
mounted timing attacks against software crypto libraries running on
general purpose PC's.

[ more ]  [ reply ]

Security advisory

Issue: GiantRat Mailer exposes plain text PoP password

Date: 03/13/03

Vendor first notified: Febuary 2003

Affected versions: All (tested v3.1, 2.x, 1.x

ABOUT GiantRat Mailer:

GiantRat Mailer is an innovative email client that has settings for the sight-impaired and has optio

[ more ]  [ reply ]

Hello,

I would like to bring to your notice a certain vulnerability that has

existed in Win 9x platforms for many years and now in Win2k/XP. Most of

us our familiar with password revealers and password stealing trojans.

Though flaws in Windows Messaging API have been show before this one

[ more ]  [ reply ]

After seeing the BitchX "DoS" problem mentioned the n'th time already, I
decided to finally audit ircII based clients to show some worse problems
they have. I had been pretty sure for years that malicious servers can
exploit them in multiple ways, and I think many others have known it as
well. EPIC

[ more ]  [ reply ]