|
|
Colapse all |
Post message
[SECURITY] [DSA 234-1] New kdeadmin packages fix several vulnerabilities 2003-01-22 joey infodrom org (Martin Schulze) iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package 2003-01-21 iDEFENSE Labs (labs idefense com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package http://www.idefense.com/advisory/01.21.03.txt January 21, 2003 I. BACKGROUND MandrakeSoft Inc.'s Mandrake Linux includes the printer-drivers package in mos [ more ] [ reply ] Blackboard 5.x Password Retrieval 2003-01-21 Pedram Amini (pedram redhive com) -- Overview Through the exploitation of a SQL injection vulnerability it is possible for an unauthenticated user to query the Blackboard user directory and: - Enumerate users with a given password. - Extract the MD5 password of any given user. Blackboard Learning System 5.x, level 1 and 2 [ more ] [ reply ] [RHSA-2002:202-25] Updated python packages fix predictable temporary file 2003-01-21 bugzilla redhat com Security Update: [CSSA-2003-005.0] Linux: canna buffer overflow and denial of service 2003-01-21 security caldera com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: Linux: canna buffer overflow and denial of service Advisor [ more ] [ reply ] More Critical Vulnerabilities In PHP Topsites 2003-01-21 JeiAr (jeiar kmfms com) Version: All Script: edit.php vendor: itop10.net Type: Code Injection/Execution Vulnerability ------------------------------------------------------------------------ --- Another critical vulnerability has been found by the CyberArmy Security Research Team that effects php topsites. Basicall [ more ] [ reply ] GLSA: cvs 2003-01-21 Daniel Ahlberg (aliz gentoo org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200301-12 - - -------------------------------------------------------------------- PACKAGE : cvs SUMMARY : arbitrary code execution DATE : 20 [ more ] [ reply ] RE: Attacking EFS through cached domain logon credentials 2003-01-21 John Howie (JHowie securitytoolkit com) Todd (and lists), You wrote: > > This is not completely correct, and I wanted to clarify how an attack > against a domain-member's EFS encrypted files can work. The threat > model is this: > It is important to distinguish between a weakness in EFS (there is none, as described here) and the ris [ more ] [ reply ] IRIX ToolTalk RPC Server Format String Vulnerability update 2003-01-21 SGI Security Coordinator (agent99 sgi com) PHPMyPub (PHP) 2003-01-19 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°°° Website : http://phpmypub.free.fr Version : 1.2.0 Problem : Admin access PHP Code/Location : °°°°°°°°°°°°°°°°°°° admin/index.php : ------------------------------------------------------------------------ [...] $auth = $HTTP_COOKIE_VARS["adminpub"]; if (!$auth) { if ($ [ more ] [ reply ] Re: More information regarding Etherleak 2003-01-17 Manuel Bouyer (bouyer antioche lip6 fr) On Fri, Jan 17, 2003 at 06:25:52PM +0100, Peter Turczak wrote: > Well this correct as long as you don't use the Sun fcal and gbit card. This Strange, all gbic atapters I know do automatic padding > one does again not pad with a constant value, so i guess it is vunerable. > > 0000 00 0a 27 7d d2 [ more ] [ reply ] GLSA: dhcp 2003-01-17 Daniel Ahlberg (aliz gentoo org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200301-10 - - -------------------------------------------------------------------- PACKAGE : dhcp SUMMARY : buffer overflow DATE : 2003-01-17 [ more ] [ reply ] MDKSA-2003:007 - Updated dhcp packages fix remote code execution vulnerability 2003-01-17 Mandrake Linux Security Team (security linux-mandrake com) GLSA: kde-2.2.x 2003-01-18 Daniel Ahlberg (aliz gentoo org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200301-11 - - -------------------------------------------------------------------- PACKAGE : kde-2.2.x SUMMARY : multiple vulnerabilites in KDE [ more ] [ reply ] DoS against DHCP infrastructure with isc dhcrelay 2003-01-15 Florian Lohoff (flo rfc822 org) Hi, i discovered a bug in the dhcrelay causing it to send a continuing packet storm towards the configured dhcp server(s) in case of a malicious bootp packet. I have seen this on Linux Kernel 2.2 and 2.4 with the isc dhcp 3.0rc9 relay (I havent tested rc10 but the diff shows no obvious fix). In ca [ more ] [ reply ] [RHSA-2003:011-07] Updated dhcp packages fix security vulnerabilities 2003-01-16 bugzilla redhat com Attacking EFS through cached domain logon credentials 2003-01-16 Todd Sabin (tsabin razor bindview com) [This isn't exactly new, but it does come up now and then, so I thought it might be useful to summarize it here.] Recently, I stumbled upon a page on Microsoft's website, <URL:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/ security/news/efs.asp> which talks about possible attac [ more ] [ reply ] Gabber 0.8.7 leaks presence information without user authorization 2003-01-15 Greg Troxel (gdt ir bbn com) Gabber 0.8.7 leaks presence information without user authorization Greg Troxel <gdt (at) ir.bbn (dot) com [email concealed]> DESCRIPTION Gabber 0.8.7 sends a presence message to the Jabber ID 956878967 (at) update.jabber (dot) org [email concealed] at login and logout time. This is a privacy violation: that a user even exists should only be disc [ more ] [ reply ] php-nuke again ... 2003-01-15 Karol Wiêsek (appelast bsquad sm pl) -----BEGIN PGP SIGNED MESSAGE----- I. BACKGROUND PHP-Nuke is a popular Web portal system. Project homepage : http://www.phpnuke.org II. DESCRIPTION Remote attacker could transfer to server his own file or copy arbitrary file from system to accessible directory. The result of such acts could be [ more ] [ reply ] [RHSA-2002:288-22] Updated MySQL packages fix various security issues 2003-01-15 bugzilla redhat com GLSA: fnord 2003-01-17 Daniel Ahlberg (aliz gentoo org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200301-9 - - -------------------------------------------------------------------- PACKAGE : fnord SUMMARY : buffer overrun DATE : 2003-01-17 [ more ] [ reply ] MDKSA-2002:073-1 - Updated krb5 packages fix incorrect initscripts 2003-01-14 Mandrake Linux Security Team (security linux-mandrake com) Multiple PHP Topsites Vulnerabities found 2003-01-15 Cyberarmy Application and Code Auditing Team (paragod phreaker net) Multiple PHP Topsites Vulnerabities found PHP TopSites is a PHP/MySQL-based customizable TopList script. Main features include: Easy configuration config file; MySQL database backend; unlimited categories, Site rating on incoming votes; Special Rating from Webmaster; anti-cheating gatewa [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 234-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 22nd, 2003
[ more ] [ reply ]