|
|
Colapse all |
Post message
Corsaire Security Advisory - Clearswift MAILsweeper MIME attachment evasion issue 2003-03-07 Martin O'Neal (bugtraq corsaire com) [ESA-20030307-008] 'file' ELF parsing routine buffer overflow vulnerability. 2003-03-07 EnGarde Secure Linux (security guardiandigital com) Re: [EC-SA-01.2003] Windows XP "welcome screen" exposes the names of all the members of the local administrators group 2003-03-08 Andrew G. Tereschenko (secure bugtraq tag odessa ua) > Direct solution: > No direct solution at this time. > > > Workaround: > Avoid using the welcome screen and use only the normal logon screen. > http://www.kellys-korner-xp.com/xp_wel_screen.htm or http://www.google.com/search?q=%2BSpecialAccounts+%2BWindows+%2BXP Wellknown and supported way [ more ] [ reply ] Re: Siemens *35 and 45 series phones SMS Danial of Service 2003-03-08 kornau bn-online net In-Reply-To: <20030307134857.25216.qmail (at) www.securityfocus (dot) com [email concealed]> Hello Bugtraq There is a Fix for this Problem without Updating the Firmware using the GSM Utils for Linux you can safely read and delete the Message using this Tool. it does not consume Battery and does not harm the Phone T [ more ] [ reply ] MySQL user can be changed to root 2003-03-08 =?iso-8859-1?Q??= bugsman (at) libero (dot) it [email concealed] (bugsman libero it) Hi. I tried this on my own MySQL 3.23.55 !!! I found out that logging as the root user, we can change mysqld to run as root instead that i.e. mysql but this works only if there's just one my.cnf file and it is locate in /etc... Here's how I did it... I logged in as root and than I did this: [ more ] [ reply ] Re: Sendmail exploit released??? 2003-03-07 zero_latency hushmail com In-Reply-To: <20030305194707.15514.qmail (at) www.securityfocus (dot) com [email concealed]> in reference to the cworld article, i would say some1 is kinda confused around here.....:) The "russian hacker web site" is actually www.security.nnov.ru, a well known infosec news and advisory site, not in the business of "prod [ more ] [ reply ] Vulnerability in Upload Lite 3.22 that could allow somebody to upload/execute code on a remote host. 2003-03-08 Sil (sil linuxquestions net) There is a vulnerability in Upload Lite 3.22 that could allow somebody to upload/execute code on a remote host. The exploit was tested on Windows and as far as I know it will only work on windows.. It will not work on *nix because of file permissions. Upload Lite 3.22 from PerlScriptsJav [ more ] [ reply ] OpenBSD lprm(1) exploit 2003-03-08 Claes Nyberg (md0claes mdstud chalmers se) -- Begin lprmexp.c /* * lprmexp.c * * OpenBSD <= 3.1 lprm(1) local root exploit * * By CMN <cmn (at) darklab (dot) org [email concealed]>/<md0claes (at) mdstud.chalmers (dot) se [email concealed]> * * Tested on OpenBSD 3.0 and 3.1. * * Fiddle with -a option from 1 to 7 to indent address in * buffer. * */ #include <stdio.h> #include <stdlib.h> [ more ] [ reply ] NII Advisory - Buffer Overflow in SQLBase (Revised) 2003-03-08 Network Intelligence India Pvt. Ltd. (info nii co in) NII Advisory (Revised with vendor response and partial workaround) ================== Buffer Overflow in SQLBase Original Advisory: http://www.nii.co.in/vuln/sqlbase.html This is a revision to the earlier advisory about a buffer overflow in SQLBase 8.0 and 8.1. To briefly recap: This BO occurs by i [ more ] [ reply ] Security Update: [CSSA-2003-SCO.5] UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : remote buffer overflow in sendmail (CERT CA-2003-07) 2003-03-07 security sco com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] scoannmod (at) xenitec.on (dot) ca [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : remote buffer overflow in sendmail (CERT CA-2003-07) A [ more ] [ reply ] [EC-SA-01.2003] Windows XP "welcome screen" exposes the names of all the members of the local administrators group 2003-03-07 Eitan Caspi (eitancaspi yahoo com) Re: sendmail 8.12.8 available 2003-03-07 Bennett Todd (bet rahul net) On Mon, 3 Mar 2003, Florian Weimer wrote: > Would people be willing to share filter rules for other MTAs to > block offending messages on relays? Wietse Venema offered the following responses for Postfix. First out of the gate was [1], this regexp-based quick-response; capable of false-positives, b [ more ] [ reply ] Re: Siemens *35 and 45 series phones SMS Danial of Service 2003-03-07 Mark Schellhase (Mark Schellhase t-online de) In-Reply-To: <20030303010643.16735.qmail (at) www.securityfocus (dot) com [email concealed]> The Siemens *50 series also seems affected by the bug. I tried it on an A50 , M50 and on an MT50 and it worked on all three. But you can easily cancel the "Please Wait" screen on all of them by pressing the "hang up" button for [ more ] [ reply ] Smoothwall Firewall SNORT buffer overflow 2003-03-07 Martinez, Sylvain (Sylvain_Martinez eu1 bp com) (1 replies) All, Please note that the Linux based firewall smoothwall (http://www.smoothwall.org) is using a vulnerable version of snort. A patch has been released for the stable GPL 1.0 version: http://www.smoothwall.org/home/news/item/20030305.01.html However, no patch has been released for the beta version [ more ] [ reply ] Re: potential buffer overflow in lprm (fwd) 2003-03-06 noir sin (noir olympos org) > A bounds check that was added to lprm in 1996 does its checking too > late to be effective. Because of the insufficient check, it may > be possible for a local user to exploit lprm to gain elevated > privileges. It is not know at this time whether or not the bug is > actually exploitable. a re [ more ] [ reply ] DBTools' DBManager Information Leak Vulnerability 2003-03-07 Ignacio Vazquez (infosecmanager centaura com ar) Centaura Technologies Security Research Lab Advisory Product Name: DBTools DBManager Professional Systems: Windows 9x/NT/2000/2003 Server Severity: Medium Remote: No Category: Information Leak Vendor URL: http://www.dbtools.com.br Advisory Author: Ignacio Vazquez Advisory URL: http://www.c [ more ] [ reply ] [ESA-20030307-007] 'snort' RPC preprocessor buffer overflow. 2003-03-07 EnGarde Secure Linux (security guardiandigital com) MDKSA-2003:030 - Updated file packages fix stack overflow vulnerability 2003-03-06 Mandrake Linux Security Team (security linux-mandrake com) Security Update: [CSSA-2003-009.0] Linux: slocate command line buffer overflows 2003-03-06 security sco com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: Linux: slocate command line buffer overflows Advisory numbe [ more ] [ reply ] |
|
Privacy Statement |
-- Corsaire Security Advisory --
Title: Clearswift MAILsweeper MIME attachment evasion issue
Date: 03.03.03
Application: Clearswift MAILsweeper 4.x
Environment: Windows NT 4.0, Windows 2000,
Author: Martin O'Neal [martin.oneal (at) corsaire (dot) com [email concealed]]
Audience: General distribution
-- Scope --
The aim o
[ more ] [ reply ]