|
|
Colapse all |
Post message
pgp4pine stack overflow vulnerability 2003-03-12 Eric AUGE (eric auge cw com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Following informations: I Background: pgp4pine is a mail encryption/decryption/signature/verification wrapper to gpg for pine, it is called from pine to parse mail body and get PGP information from the file. more information : http://pgp4pine. [ more ] [ reply ] [Opera 7/6] Long Filename Buffer Overflow Vulnerability in Download 2003-03-11 nesumin (nesumin softhome net) Hi, all. We release the information about the vulnerability of Opera, here. And we hope that this vulnerability be fixed by Vendor immediately. ___________________________________________________ ----------------------------------------------------------------- Synopsis: [Opera 7/6] [ more ] [ reply ] 802.11b DoS exploit 2003-03-11 Mark Osborne (mark loud-fat-bloke co uk) While working to develop code for WIDZ that is equivalent to a standard Intrusion Detection system?s RESET or SHUN functionality, an effective 802.11b disruption of service attack has been discovered. I haven?t spotted any other postings so here we go?. FATA-jack - a modified version o [ more ] [ reply ] Re: Corsaire Security Advisory - Clearswift MAILsweeper MIME attachme nt evasion issue 2003-03-11 http-equiv (at) excite (dot) com [email concealed] (http-equiv malware com) Re: QPopper 4.0.x buffer overflow vulnerability 2003-03-11 Jonas Frey (jonas frey gmx de) Hello, i just checked and got: Suse 7.3 (qpopper.rpm 4.0.3-34) is vulnerable, you get id uid=503(test) gid=0(root) groups=0(root) (Using Mailuser "test"). Same goes for Suse 8.0 (qpopper-4.0.3-168) The overflow isnt logged anywhere, you just see normal pop logins. Jonas On Mon, 2003-03-10 at [ more ] [ reply ] Re: .MHT Buffer Overflow in Internet Explorer 2003-03-11 http-equiv (at) excite (dot) com [email concealed] (http-equiv malware com) <!-- The following sample format contains malformed MIME header along with the Base64 encoded executable. ---------------------------------------------- MIME-Version: 1.0 ------=_NextPart_000_0000_01C2E1F4.0D559EA0 Content-Location:file:///tomatell.exe Content-Transfer-Encoding: base64 [ more ] [ reply ] Vulnerability in man < 1.5l 2003-03-11 Jack Lloyd (lloyd acm jhu edu) man 1.5l was released today, fixing a bug which results in arbitrary code execution upon reading a specially formatted man file. The basic problem is, upon finding a string with a quoting problem, the function my_xsprintf in util.c will return "unsafe" (rather than returning a string which could be [ more ] [ reply ] [Summary of Responses] Bound by Tradition: A sampling of the security posture of the Internet's DNS servers 2003-03-11 Mike Schiffman (mike infonexus com) (1 replies) - Chris Gordon <chris.gordon (at) gettyimages (dot) com [email concealed]> has been watching DNS traffic at www.dshield.org and was wondering if "something was coming" and wanted to know if I had seen anything to indicate a DNS worm or virus was propagating. Chris, I have not noticed anything along those lines but all I did was [ more ] [ reply ] Re: [Summary of Responses] Bound by Tradition: A sampling of the security posture of the Internet's DNS servers 2003-03-12 Mike Bell (mike mikebell org) .MHT Buffer Overflow in Internet Explorer 2003-03-10 Tom Tanaka (tomatell canon-sol jp) (2 replies) CANON SYSTEM SOLUTIONS INC. Security Alert VULNERABILITY:.MHT Buffer Overflow in Internet Explorer DATE FOUND:March 2, 2003 Severity:High Risk(code can be executed remotely) ======================================================================== == ==== SUMMARY: IE5 introduced the [ more ] [ reply ] QPopper 4.0.x buffer overflow vulnerability 2003-03-10 Florian Heinz (heinz cronon-ag de) (2 replies) Hello, Under certain conditions it is possible to execute arbitrary code using a buffer overflow in the recent qpopper. You need a valid username/password-combination and code is (depending on the setup) usually executed with the user's uid and gid mail. Explanation: Qualcomm provides their own [ more ] [ reply ] Re: QPopper 4.0.x buffer overflow vulnerability 2003-03-12 Randall Gellens (rg_public 1 flagg qualcomm com) Re: QPopper 4.0.x buffer overflow vulnerability 2003-03-12 Torsten Mueller (torsten archesoft de) (1 replies) [SNS Advisory No.63] DeleGate Pointer Array Overflow May Let Remote Users Execute Arbitrary Code 2003-03-10 Secure Net Service(SNS) Security Advisory (snsadv lac co jp) ---------------------------------------------------------------------- SNS Advisory No.63 DeleGate Pointer Array Overflow May Let Remote Users Execute Arbitrary Code Problem first discovered on: Sun, 02 Mar 2003 Published on: Mon, 10 Mar 2003 -------------------------------------------------------- [ more ] [ reply ] Security Update: [CSSA-2003-010.0] Linux: remote buffer overflow in sendmail (CERT CA-2003-07) 2003-03-10 security sco com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: Linux: remote buffer overflow in sendmail (CERT CA-2003-07) Advisory number: CSSA-2003-010. [ more ] [ reply ] Security Update: [CSSA-2003-011.0] Linux: format string vulnerability in zlib (gzprintf) 2003-03-10 security sco com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: Linux: format string vulnerability in zlib (gzprintf) Advisory number: CSSA-2003-011.0 Iss [ more ] [ reply ] [SECURITY] [DSA 258-1] New ethereal packages fix arbitrary code execution 2003-03-10 joey infodrom org (Martin Schulze) Security Update: [CSSA-2003-SCO.4.1] UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : REVISED: Lax permissions on /dev/X 2003-03-10 security sco com To: ler (at) lerctr (dot) org [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : REVISED: Lax permissions on /dev/X Advisory number: CSSA-2003- [ more ] [ reply ] Re: MySQL user can be changed to root 2003-03-10 Sergei Golubchik (serg mysql com) Hi! Both to bugtraq and mysql list: This issue has been adressed in 3.23.56 (release build is started today), and some steps were taken to alleviate the threat. In particular, MySQL will no longer read config files that are world-writeable (and SELECT ... OUTFILE always creates world-writeable fi [ more ] [ reply ] PHP-Nuke 6.0 & 6.5RC2 SQL Injection Again 2003-03-10 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°°° Language : PHP Website : http://www.phpnuke.org Version : 6.0 & 6.5 RC2 Modules : Forums, Private_Messages Problem : SQL Injection PHP Code/Location : °°°°°°°°°°°°°°°°°°° /modules/Forums/viewtopic.php : -------------------------------------------------------------- [ more ] [ reply ] Cross-Referencing Linux vulnerability 2003-03-11 Albert Puigsech Galicia (ripe 7a69ezine org) Info. ----- + Type: To gain visibility + Software: Cross-Referencing Linux. + Verions: until 0.9.2 + Exploit: Si. + Autor: Albert Puigsech Galicia + Contact: ripe (at) 7a69ezine (dot) org [email concealed] Introduction. ------------- Cross-Referencing Linux, as known as LXR, allow read all linux kernel [ more ] [ reply ] MDKSA-2003:029 - Updated snort packages fix buffer overflow vulnerability 2003-03-06 Mandrake Linux Security Team (security linux-mandrake com) |
|
Privacy Statement |
--
Michael Walton
Asst-Manager Tech Support
mwalton (at) abilene (dot) com [email concealed]
(915)677-7900
[ more ] [ reply ]