-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 244-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 27th, 2003

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+-----------------------------------------------------------------------
-+
| EnGarde Secure Linux Security Advisory January 27, 2003 |
| http://www.engardelinux.org/ ESA-20030127-001 |
|

[ more ]  [ reply ]

Hypermail buffer overflows

PROGRAM: Hypermail
HOMEPAGE: http://www.hypermail.org/
SOURCEFORGE PAGE: http://sourceforge.net/projects/hypermail/
VULNERABLE VERSIONS: 2.1.3, 2.1.4, 2.1.5, possibly others
IMMUNE VERSIONS: 2.1.6

DESCRIPTION:

"Hypermail 2 is a much enhanced version of the popular too

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+-----------------------------------------------------------------------
-+
| EnGarde Secure Linux Security Advisory January 27, 2003 |
| http://www.engardelinux.org/ ESA-20030127-002 |
|

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Synopsis: at -r job name handling and race condition vulnerabilities
Product: Sun Microsystems Solaris
Version: all

URL: http://isec.pl/vulnerabilities/isec-0008-sun-at.txt
Author: Wojciech Purczynski <cliph (at) isec (dot) pl [email concealed]>
Date: November 1, 2002
Update:

[ more ]  [ reply ]

I'm releasing a tool that I've developed to discover and fingerprint
systems running IKE (i.e. IPsec VPN systems).

The program is written in C and runs on Linux and most Unix-like systems.
It's being released under the GPL license.

See: http://www.nta-monitor.com/ike-scan/

I recommend that you

[ more ]  [ reply ]

dotproject Remote File Access Vulnerability ( By Mindwarper :: mindwarper (at) hush (dot) com [email concealed] :: )

<------- ------->

----------------------
Vendor Information:
----------------------

Homepage : http://www.dotproject.net
Vendor : informed
Mailed advisory: 26/01/02
Vender Response : None

-----------------

[ more ]  [ reply ]

A patch has been created for this hole and can be found on
http://www.phpsecure.org/.

>From: MGhz <magas (at) mail (dot) lt [email concealed]>
>To: bugtraq (at) securityfocus (dot) com [email concealed]
>Subject: Zorum Portal (PHP)
>Date: 22 Jan 2003 19:45:26 -0000
>
>
>
>Version : 3.0;3.1;3.2
>Website : http://zorum.phpoutsourcing.com/
>Problem :

[ more ]  [ reply ]

We had a lot of requests to put together a quick free scanner, like we've
done in the past, for this SQL worm.

This is the first version and it is bound to have bugs. Feel free to email
me any issues directly and we can work on them.

The scanner is non-intrusive, wont crash your servers, in identi

[ more ]  [ reply ]

I've completed an analysis of the 'Sapphire' SQL worm targeting MS-SQL
servers. Some have reported massive slowdowns. An interesting part of this
worm results from its use of UDP. Attacked hosts/networks may generate ICMP
Host/Port Unreachable messages in response to a Sapphire attack, amplifying

[ more ]  [ reply ]

Jason,

I can't believe you wrote this - seriously, I can't.

>
> As of now we don't know who wrote the worm, but we do know that it
looks
> like a concept worm with no malicious payload. There is a good
argument to
> be made in favor of such worms.
>

What good can come of a widespread DoS of the

[ more ]  [ reply ]