SecurityFocus

[RHSA-2003:053-10] Updated vte packages fix gnome-terminal vulnerability 2003-02-25
bugzilla redhat com

---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory

Synopsis: Updated vte packages fix gnome-terminal vulnerability
Advisory ID: RHSA-2003:053-10
Issue date: 2003-02-06
Updated on: 2003-02-24
P

[ more ] [ reply ]

QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities 2003-02-25
@stake Advisories (advisories atstake com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

@stake, Inc.
www.atstake.com

Security Advisory

Advisory Name: QuickTime/Darwin Streaming Administration
Server Multiple vulnerabilities
Release Da

[ more ] [ reply ]

clarkconnect(d) information disclosure 2003-02-25
Knud Erik Højgaard (kain ircop dk)

Attached document explains all.

This is also available from http://kokanins.homepage.dk

[ more ] [ reply ]

MDKSA-2003:023 - Updated lynx packages fix CRLF injection vulnerability 2003-02-24
Mandrake Linux Security Team (security linux-mandrake com)

GLSA: vnc (200302-16) 2003-02-24
Daniel Ahlberg (aliz gentoo org)

Platform independent allocating sprintf (was Re: buffer overrun 2003-02-24
Forrest J. Cavalier III (forrest mibsoftware com)

Thamer Al-Harbash <tmh (at) whitefang (dot) com [email concealed]> wrote

> On Sat, 22 Feb 2003, Richard Kettlewell wrote:
>
> > There is an internal #define (HAS_vsnprintf) that causes it to use
> > vsnprintf() instead of vsprintf(), but this is not enabled by default,
> > not tested for by the configure script, and not docum

[ more ] [ reply ]

Terminal Emulator Security Issues 2003-02-24
H D Moore (termulation digitaloffense net)

Please see the attached document, also available at the following URL:

http://www.digitaldefense.net/labs/

---------------------------------------------------------
TERMINAL EMULATOR SECURITY ISSUES
Copyright © 2003 Digital Defense Incorporated
All Rights Reserved

[ Table of Contents ]

-- Summar

[ more ] [ reply ]

[CLA-2003:570] Conectiva Linux Security Announcement - openssl 2003-02-24
secure conectiva com br

RE: Bypassing Personal Firewalls 2003-02-24
John Howie (JHowie securitytoolkit com)

Torbjörn,

> ... There are just too
> many holes in Windows for it to be feasible to plug them all. The focus
> ought to be on preventing the code execution in the first place, not on
> trying to contain it.
>

I think it unfair to paint Windows with such a broad brush, especially as most other OSe

[ more ] [ reply ]

[SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability 2003-02-24
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 253-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
February 24th, 2003

[ more ] [ reply ]

Securing Windows 2000 Server Documentation 2003-02-24
Michael Howard (mikehow microsoft com)

The Microsoft Solutions for Security team has released 'Securing Windows
2000 Server'. This is the first of several prescriptive security
solutions planned for release this year. These new security solutions
are designed to provide customers with authoritative, proven, and tested
solutions that addr

[ more ] [ reply ]

WihPhoto (PHP) 2003-02-23
Frog Man (leseulfrog hotmail com)

Informations :
°°°°°°°°°°°°°°
Version : 0.86-dev
Website : http://www.wihsy.com
problem : All files from the hard disk can be send by mail

PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
util/email.php :

------------------------------------------------------------------------

<?
class CMailFile {
var $

[ more ] [ reply ]

Nessus 2.0 is out 2003-02-24
Renaud Deraison (renaud tenablesecurity com)

I'm pleased to announce the availability of Nessus 2.0.

What is Nessus
--------------

Nessus is a vulnerability assessment tool available under the GNU General
Public Licence (GPL). It runs on many Unix-like systems (Linux/FreeBSD/OpenBSD/
Solaris/IRIX/MacOSX and probably others) but can audit

[ more ] [ reply ]

Mambo SiteServer exploit gains administrative privileges 2003-02-24
Simen Bergo (sbergo thesource no)

MAMBO SITESERVER EXPLOIT GAINS ADMINISTRATIVE PRIVILEGES

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
¯¯¯

¯

PROGRAM: Mambo SiteServer

HOMEPAGE: http://www.mamboserver.com/

TESTED: Mambo 4.0.12 RC2

LOGIN REQUIRED: No

PROOF OF CONCEPT

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

[ more ] [ reply ]

Re: Bypassing Personal Firewalls 2003-02-23
Torbjörn Hovmark (torbjorn hovmark abtrusion com)

Oliver,

> Yes. Before we go prompting users ever time someone calls
> CreateFile, though, there are much simpler measures. One of them would
make
> OpenProcess require a priviledge of some sort (see below).

Restricting OpenProcess won't help much. For example, CreateProcess will
return a handle wi

[ more ] [ reply ]

Re[2]: PHPNuke SQL Injection / General SQL Injection 2003-02-23
alias securityfocus com

MightyE,

In response to your mail of Saturday 22 February 2003 at 21:20:29:

M> Actually, user supplied input from $_COOKIES, $_POST, and $_GET
M> comes slash-escaped, so if the user enters
M> ' or 1=1
M> as their input, the sql statement will look like
M> where some_int='\' or 1=1'
M> [..sni

[ more ] [ reply ]

Vulnerability for Platinum FTP version 1.0.11 2003-02-24
Pui Kin Ser (serpuikin hotmail com)

Vulnerability in PlatinumFTPserver V1.0.11

Vendor: PlatinumFTPserver (C)2002 BYTE/400 LTD

Discovered by: SER Pui Kin, Hong Kong

serpuikin (at) hotmail (dot) com [email concealed]

Date: 24 Feb 2003

==============================================================

[ more ] [ reply ]

Re: O UT LO OK E XPRE SS 6 .00 : broken 2003-02-24
Thor Larholm (thor pivx com)

Outlook Express is not the only vulnerable product.

The culprit here is the codebase localPath vulnerability which was patched
in Internet Explorer by MS02-015 in March 2002. GreyMagic had more fun with
this at http://security.greymagic.com/adv/gm001-ie/ which is also the origin
of the example disp

[ more ] [ reply ]

multiple vulnerabilities in glftpd 2003-02-23
Karol Wiêsek (appelast bsquad sm pl)

* MULTIPLE VULNERABILITIES IN GLFTPD *

I. BACKGROUND

Glftpd is a ftpd server, but it wasn't designed as a replacement
of fptd server. It is a kind of warez ftpd ( like serv-u, war-ftpd ).
It has its own users, groups etc. ( it doesn't use system files ).
It has built in request and message system

[ more ] [ reply ]

sircd proof-of-concept / advisory 2003-02-23
Knud Erik Højgaard (kain ircop dk)

Attached documents explain all.

This is also available from http://kokanins.homepage.dk

[ more ] [ reply ]

GLSA: tightvnc (200302-15) 2003-02-24
Daniel Ahlberg (aliz gentoo org)

[LSD] Win32 assembly components 2003-02-24
Last Stage of Delirium (contact lsd-pl net)

Hello,

We have published the paper dedicated to win32 assembly components (the asmcodes), which
was released for the first time on November 27th 2002 during the Hivercon 2002 conference
in Dublin. The paper, conference presentation and accompanying package of codes can be found
in the papers/proje

[ more ] [ reply ]

poc zlib sploit just for fun :) 2003-02-23
Crazy Einstein (crazy_einstein yahoo com)

/*
\ PoC local exploit for zlib <= 1.1.4
/ just for fun..not for root :)
/ Usage: gcc -o zlib zlib.c -lz
/ by CrZ [crazy_einstein (at) yahoo (dot) com [email concealed]] lbyte
[lbyte.void.ru]
*/

#include <zlib.h>
#include <errno.h>
#include <stdio.h>

int main(int argc, char **argv) {
char shell[]=

[ more ] [ reply ]

moxftp arbitrary code execution poc/advisory 2003-02-23
Knud Erik Højgaard (kain ircop dk)

Attached document explains all.

This document is also available from http://kokanins.homepage.dk

--
Knud

[ more ] [ reply ]