|
|
Colapse all |
Post message
RE: Ericsson HM220dp ADSL modem Insecure Web Administration Vulne rability 2003-02-19 Johan Kölhi (EAB) (Johan Kolhi etx ericsson se) [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl) 2003-02-19 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] OpenSSL 0.9.7a and 0.9.6i released 2003-02-19 Jonas Eriksson (je sekure net) From the changelog: Security fix: Vaudenay timing attack on CBC + *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked + via timing by performing a MAC computation even if incorrrect + block cipher padding has been found. This is a countermeasure + against active attack [ more ] [ reply ] [OpenPKG-SA-2003.012] OpenPKG Security Advisory (dhcpd) 2003-02-19 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] NSPW 2003 Call For Papers 2003-02-19 Abe Singer (abe sdsc edu) FOR IMMEDIATE RELEASE ---------- Call for Papers New Security Paradigms Workshop 2003 http://www.nspw.org An ACSA-sponsored workshop 18 - 21 August 2003 Centro Stefano Francini, Ascona, Switzerland (http://www.csf-mv.ethz.ch/) For eleven years the New Security Paradigms Workshop (NSPW) has prov [ more ] [ reply ] GLSA: mod_php (200302-09.1) 2003-02-19 Daniel Ahlberg (aliz gentoo org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200302-09.1 - - --------------------------------------------------------------------- PACKAGE : mod_php SUMMARY : arbitrary code execution DATE [ more ] [ reply ] [ESA-20030219-003] Several PHP vulnerabilities 2003-02-19 EnGarde Secure Linux (security guardiandigital com) GLSA: mod_php php 2003-02-19 Daniel Ahlberg (aliz gentoo org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200302-09 - - --------------------------------------------------------------------- PACKAGE : mod_php php SUMMARY : arbitrary code execution DA [ more ] [ reply ] Cpanel 5 and below remote command execution and local root vulnerabilities 2003-02-19 pokleyzz (pokleyzz scan-associates net) Products: Cpanel 5 and below (http://www.cpanel.net) Date: 19th February 2003 Author: pokleyzz <pokleyzz_at_scan-associates.net> Contributors: sk <sk_at_scan-associates.net> shaharil <shaharil_at_scan-associates.net> Special thanks: Skywizard <skywizard_at_mybsd.org.my> Description = [ more ] [ reply ] MDKSA-2003:018 - Updated apcupsd packages fix buffer overflow and remove vulnerability 2003-02-18 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2003:017 - Updated pam packages fix root authorization handling in pam_xauth module 2003-02-18 Mandrake Linux Security Team (security linux-mandrake com) Re: CSSA-2003-007.0 Advisory withdrawn. 2003-02-18 Mark J Cox (mjc apache org) -----BEGIN PGP SIGNED MESSAGE----- Just to clarify this a bit further, the mod_dav module for Apache is not vulnerable to the format string vulnerability (as outlined in the original advisory from SCO, CAN-2002-0842) mod_dav contains code that logs various errors and uses ap_log_rerror() to do so. [ more ] [ reply ] CSSA-2003-007.0 Advisory withdrawn. Re: Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav module format string vulnerability 2003-02-18 security caldera com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] This update contained a vulnerable version of the mod_dav module. The update has been withdrawn, and is no longer available. SCO Security [ more ] [ reply ] [SecurityOffice] Netcharts XBRL Server v4.0.0 Information Leakage Vulnerability 2003-02-18 Tamer Sahin (ts securityoffice net) -----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 - --[ Netcharts XBRL Server v4.0.0 Information Leakage Vulnerability ]-- - --[ Type Information Leakage - --[ Release Date March 17, 2003 - --[ Product / Vendor NetCharts XBRL Server 4.0 is a data visualization service that generates charts and gra [ more ] [ reply ] [OpenPKG-SA-2003.011] OpenPKG Security Advisory (lynx) 2003-02-18 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] [OpenPKG-SA-2003.009] OpenPKG Security Advisory (w3m) 2003-02-18 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] Kietu ( PHP ) 2003-02-15 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°°° Website : http://kietu.free.fr Version : 2.0, 2.3 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° hit.php : ------------------------------------------------------------------ if (!get_cfg_var("register_globals")) { $kietu["remote_addr"] = $HTTP_SERVER [ more ] [ reply ] [OpenPKG-SA-2003.010] OpenPKG Security Advisory (php) 2003-02-18 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] D-Forum (PHP) 2003-02-16 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°°° Website : http://www.adalis.fr/adalis.html Versions : 1.00 -> 1.11 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° /includes/header.php3 : --------------------------- <?php if ($my_header!="") { include ($my_header); } else { ?> ... -------- [ more ] [ reply ] Re: /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX 2003-02-18 Shiva Persaud (shivapd us ibm com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 <1> The aixterm issue is addressed in an efix which can be downloaded from: ftp://ftp.software.ibm.com/aix/efixes/security/libIM_efix.tar.Z. <2> The enq issue was fixed in Feb 2000. The following filesets contain the most current version of e [ more ] [ reply ] GLSA: nethack 2003-02-18 Daniel Ahlberg (aliz gentoo org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200302-08 - - --------------------------------------------------------------------- PACKAGE : nethack SUMMARY : buffer overflow DATE : 2003- [ more ] [ reply ] Re: Riched20.DLL attribute label buffer overflow vulnerability 2003-02-18 3APA3A (3APA3A SECURITY NNOV RU) Dear Jie Dong, Can't reproduce it on riched20.dll v.3.0 (5.30.23.1200) under NT. --Sunday, February 16, 2003, 4:30:50 PM, you wrote to bugtraq (at) securityfocus (dot) com [email concealed]: JD> The following RTFfile may result in illegal operation : JD> {\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\f [ more ] [ reply ] Presentation on Writing Secure Programs for Linux and Unix in Maryland 2003-02-15 dwheeler ida org I will be giving a free presentation on how to write secure programs for Linux and Unix this coming Thursday, Feb. 20, 2003, at 7-8pm. It will be at the University of Baltimore in Baltimore, Maryland (USA), in the Business Center Auditorium. The presentation is intended for software developers, and [ more ] [ reply ] DotBr (PHP) 2003-02-15 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°°° Website : http://dotbr.org Version : 0.1 Problems : - phpinfo() - Informations disclosure - System commands execution PHP Code/Location : °°°°°°°°°°°°°°°°°°° foo.php3 : --------------------- <? phpinfo(); ?> --------------------- config.inc : - SQL password - SQL [ more ] [ reply ] php-Board (php) 2003-02-15 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°°° Website : http://www.hp-planet.de Version : 1 Problem : Informations disclosure PHP Code/Location : °°°°°°°°°°°°°°°°°°° login.php : ----------------------------------------- function passwd2($user) { $password="nicht registriert"; if (file_exists("user/".$user.".txt [ more ] [ reply ] [SECURITY] [DSA 232-2] New CUPS packages fix wrong libPNG dependency 2003-02-17 joey infodrom org (Martin Schulze) |
|
Privacy Statement |
Ericsson is working on this issue now. A solution for this problem is on the way, we will come back with more information in next week on this.
Best regards,
Johan Kölhi
Ericsson Broadband Access
-----Original Message-----
From: Fredrik Björk [mailto:Fredrik.Bjork.List (at) varbergenergi (dot) se [email concealed]]
[ more ] [ reply ]