BugTraq Mode:
(Page 1708 of 1748)  < Prev  1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713  Next >
RE: Preventing exploitation with rebasing 2003-02-07
Ilya Dubinsky (IlyaD 3vium com)
IMHO, this is not possible at all.

Take a program that uses machine code for a jump instruction as both
data value and code instruction. Clearly it can't be relocated under any
circumstances without modifying its code.

Also, an algorithm to decide whether the code can be relocated can be
reduced t

[ more ]  [ reply ]
[RHSA-2003:044-20] Updated w3m packages fix cross-site scripting issues 2003-02-07
bugzilla redhat com
---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory

Synopsis: Updated w3m packages fix cross-site scripting issues
Advisory ID: RHSA-2003:044-20
Issue date: 0000-01-01
Updated on: 2003-02-06
Pr

[ more ]  [ reply ]
HPUX Wall Buffer Overflow 2003-02-07
Scotty (smackenz oakey no-ip com)
Hi all, after looking to check if this had been reported before I couldn't
find anything, so here's my two cents:

HPUX /usr/sbin/wall Buffer Overflow.

bash-2.04$ ls -las /usr/sbin/wall
40 -r-xr-sr-x 1 bin tty 20480 Nov 7 1997
/usr/sbin/wall

Wall on HPUX works in the foll

[ more ]  [ reply ]
Re: Weak password protection in WebSphere 4.0.4 XML configuration export 2003-02-06
Arun Kumar (akumar austin ibm com)
In-Reply-To: <3E3F9426.4080204 (at) csnc (dot) ch [email concealed]>

This is not a new revelation. Most Websphere customers should be and

indeed are aware of the encoded (as opposed to encrypted) passwords. We

even document this fact in our Infocenter...

http://www7b.software.ibm.com/wsdd/WASInfoCenter/infocenter/wass_co

[ more ]  [ reply ]
RE: Observation on randomization/rebiasing... 2003-02-06
Michael Wojcik (Michael Wojcik microfocus com) (1 replies)
> From: Jason Coombs [mailto:jasonc (at) science (dot) org [email concealed]]
> Sent: Wednesday, February 05, 2003 5:08 PM

> A properly security-hardened binary DOES NOT require support
> for arbitrary relocations, arbitrary dynamic library injection,
> arbitrary code injection resulting in new execute paths defined at
> run-

[ more ]  [ reply ]
RE: Observation on randomization/rebiasing... 2003-02-06
Jason Coombs (jasonc science org)
Preventing exploitation with rebasing 2003-02-06
Fred Cohen (fc all net) (1 replies)
Readers may be interested in a more general approach to this issue:
http://all.net/
=> Technical Safeguards
=> 1992: Operating System Protection Through Program Evolution

FC
-- This communication is confidential to the parties it is intended to serve --
Fred Cohen - http://all.net/ - fc@all.

[ more ]  [ reply ]
RE: Preventing exploitation with rebasing 2003-02-06
Jason Coombs (jasonc science org)
Preventing /*exploitation with*/ rebasing 2003-02-06
Riley Hassell (rhassell eeye com) (1 replies)

So the course of this talk with most likely go into generating a totally
dynamic address space and once again, end in another theoretical solution,
to an overly complex problem.

Defeating Rebasing
-------------------------------------

Many operating systems with fault handling features and refine

[ more ]  [ reply ]
Re: Preventing /*exploitation with*/ rebasing 2003-02-07
dullien gmx de
RE: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577) 2003-02-06
John Howie (JHowie securitytoolkit com) (2 replies)
Jason,

>
> I've proposed to Microsoft that they stop publishing Mitigating
Factors in
> their security bulletins, and now it looks necessary to propose the
same
> in
> a more open forum.
>

I disagree. From a risk perspective you need to know mitigating factors.
To kill the hype that accompanies a

[ more ]  [ reply ]
RE: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577) 2003-02-06
Jason Coombs (jasonc science org) (1 replies)
RE: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577) 2003-02-07
Jason Coombs (jasonc science org)
Re: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577) 2003-02-06
Florian Weimer (Weimer CERT Uni-Stuttgart DE)
AbsoluteTelnet 2.00 buffer overflow. 2003-02-06
Knud Erik Højgaard (kain ircop dk)
<crap>
This advisory may be found at http://kokanins.homepage.dk/
This advisory may not be reproduced, in part or in full, unless this notice
is included.
This advisory was written by knud.
</crap>

I. BACKGROUND

Celestial software's AbsoluteTelnet is "the ultimate terminal client,
it provides the

[ more ]  [ reply ]
FW-1 NG FP3 Bug - Data flow problem when transferring large files 2003-02-06
Igor U.Miturin (imiturin russlavbank com)
Hi!

***

Subject: CP FW NG FP3 fails on OPSEC CVP scanning for large files
Affected: Check Point FireWall-1 NG Feature Pack 3 Build 53225
Vendor: Check Point
Vendor Notified: Yes

Intro

Check Point FireWall-1 is enterprise firewall solution.

[ more ]  [ reply ]
[RHSA-2003:043-12] Updated WindowMaker packages fix vulnerability in theme-loading 2003-02-06
bugzilla redhat com
---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory

Synopsis: Updated WindowMaker packages fix vulnerability in theme-loading
Advisory ID: RHSA-2003:043-12
Issue date: 0000-01-01
Updated on: 20

[ more ]  [ reply ]
[RHSA-2003:040-07] Updated openldap packages available 2003-02-06
bugzilla redhat com
---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory

Synopsis: Updated openldap packages available
Advisory ID: RHSA-2003:040-07
Issue date: 0000-01-01
Updated on: 2003-02-05
Product:

[ more ]  [ reply ]
FW: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577) 2003-02-06
Jason Coombs (jasonc science org)
Aloha,

I've proposed to Microsoft that they stop publishing Mitigating Factors in
their security bulletins, and now it looks necessary to propose the same in
a more open forum.

The following Mitigating Factors from MS03-005 are wrong.

> Mitigating Factors:
> ====================
> - An attacker w

[ more ]  [ reply ]
showHelp("file:") disables security in IE - Sandblad advisory #11 2003-02-06
Andreas Sandblad (sandblad acc umu se)

- Sandblad advisory #11 -

/--------------------------------------------------------------/
Title: showHelp("file:") disables security in IE
Date: [06-02-2003]
Software: Internet Explorer 6.0, 5.x
Vendor: http://www.microsoft.com/
Patch: The author has been w

[ more ]  [ reply ]
[RHSA-2003:037-09] Updated Xpdf packages fix security vulnerability 2003-02-06
bugzilla redhat com
---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory

Synopsis: Updated Xpdf packages fix security vulnerability
Advisory ID: RHSA-2003:037-09
Issue date: 0000-01-01
Updated on: 2003-02-06
Produc

[ more ]  [ reply ]
MDKSA-2003:015 - Updated slocate packages fix buffer overflow 2003-02-05
Mandrake Linux Security Team (security linux-mandrake com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name: slocate
Advisory ID:

[ more ]  [ reply ]
(Page 1708 of 1748)  < Prev  1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus