|
|
Colapse all |
Post message
[SECURITY] [DSA 229-1] New IMP packages fix SQL injection 2003-01-15 joey infodrom org (Martin Schulze) Re: Local/remote mpg123 exploit 2003-01-15 Benjamin Tober (btober0 hotmail com) In-Reply-To: <200301131823.h0DINJbE014752 (at) mailserver3.hushmail (dot) com [email concealed]> I'm not going to address the veracity of the narrative text of this posting, however the exploit is real. I believe that the patch to mpg123 given below closes this particular hole. I have no affiliation with the authors of m [ more ] [ reply ] MDKSA-2003:005 - Updated leafnode packages fix remote DoS vulnerability 2003-01-15 Mandrake Linux Security Team (security linux-mandrake com) Vulnerability in WebCollection Plus (TM) 2003-01-14 f0urtyfive ceteranet com These vulnerabilities were found / tested on: WebCollection Plus (TM) Copyright 2001 Follett Software Company Version 5.00 Revision 12-01-A Dec 19 2001 Program protects from reading other non-webserver accessible files by checking for a : or excessive .'s in a string. If the URL has a / at the beg [ more ] [ reply ] MDKSA-2003:004 - Updated KDE packages fix multiple vulnerabilities 2003-01-14 Mandrake Linux Security Team (security linux-mandrake com) Buffer Overflow in uucp of SunOS 5.8 2003-01-13 hipnosis hipnosis (hipnosis softhome net) Hi everybody Though I dont know if this vulnerability has be discovered previously I found a buffer overflow in the app uucp of SunOS 5.8 that it could be used to get privileges of uucp. Buffer is overflow when the app uucp is executed with the parameter -s continued of a string bigger [ more ] [ reply ] Local/remote mpg123 exploit 2003-01-13 gobbles hushmail com -----BEGIN PGP SIGNED MESSAGE----- ___ ___ ___ ___ _ ___ ___ ___ ___ ___ _ _ ___ ___ _______ / __|/ _ \| _ ) _ ) | | __/ __| / __| __/ __| | | | _ \_ _|_ _\ \ / / | (_ | (_) | _ \ _ \ |__| _|\__ \ \__ \ _| (__| |_| | /| | | | \ V / \___|\___/|___/___/____|___|___/ |___/___\___|\___/|_|_\___| |_| |_ [ more ] [ reply ] SIGCHLD problem in Stunnel 2003-01-12 Jonas Eriksson (je sekure net) Some SIGCHLD handler problem in Stunnel.. from the announce-list ---------- Forwarded message ---------- Date: Sun, 12 Jan 2003 16:57:02 +0100 From: Michal Trojnara <Michal.Trojnara (at) mirt (dot) net [email concealed]> To: openssl-users (at) openssl (dot) org [email concealed], stunnel-announce (at) mirt (dot) net [email concealed], stunnel-users (at) mirt (dot) net [email concealed] Subject: Stunnel 4 [ more ] [ reply ] Bug in w-agora 2003-01-12 sonyy 2vias com ar ======================= ==Shell Security Team== ======================= ============================== ====Advisory For W-agora====== ============================== - Product : w-agora - Tested version : version 4.1.5 - Website : http://www.w-agora.net - Discovery By Sonyy - Vendor Statu [ more ] [ reply ] A patch for "Windows WM_TIMER Message Handling flaw" causes random crashes on Windows NT 2003-01-12 Tomasz Ostrowski (tometzky zodiac mimuw edu pl) A patch for a flaw in "Windows WM_TIMER Message Handling", released with "Microsoft Security Bulletin MS02-071" (Q328310), causes random crashes (blue screens of death) on WindowsNT systems. Besides annoyance it forces uninstallation of this patch leaving systems vunerable for the flaw. Microsoft w [ more ] [ reply ] GLSA: mod_php php 2003-01-13 Daniel Ahlberg (aliz gentoo org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200301-8 - - -------------------------------------------------------------------- PACKAGE : mod_php php SUMMARY : buffer overflow DATE : 2003 [ more ] [ reply ] [SECURITY] [DSA 227-1] New openldap packages fix buffer overflows and remote exploit 2003-01-13 joey infodrom org (Martin Schulze) Vulnerabilties in Xynph FTP Server 1.0 2003-01-11 Zero-X www.lobnan.de Team (zero-x linuxmail org) Vulnerabilties in Xynph FTP Server 1.0 Xynph FTP Server allows Directory Traversal Example: ####################################################### Verbindung mit zero-x. 220 Herzlich Willkommen! <-Xynph FTP-Server-> Benutzer (zero-x:(none)): anonymous 331 Password required for anonymous. Kennwor [ more ] [ reply ] [VSA0303] Half-Life StatsMe remote (root) hole 2003-01-10 VOID.AT Security (crew void at) [void.at Security Advisory VSA0303] Overview ======== "statsme"[1] is a popular plugin for the Half-Life Dedicated Server (hlds). hlds is not only the server for the most popular online game today, "Counter-Strike", but for many other games too. Two security bugs in statsme make it possible to ex [ more ] [ reply ] [VSA0302] Half-Life Adminmod remote (root) hole 2003-01-10 VOID.AT Security (crew void at) [void.at Security Advisory VSA0302] Adminmod[1] is a plugin for the "Half-Life Server", hosting the most popular online game today, "Counter-Strike", among others. Overview ======== Due to a format string bug in adminmod, it is possible for a remote attacker who knows the rcon-password to remotel [ more ] [ reply ] [VSA0302] Half-Life Adminmod remote (root) hole 2003-01-11 VOID.AT Security (crew void at) [void.at Security Advisory VSA0302] Adminmod[1] is a plugin for the "Half-Life Server", hosting the most popular online game today, "Counter-Strike", among others. Overview ======== Due to a format string bug in adminmod, it is possible for a remote attacker who knows the rcon-password to remotel [ more ] [ reply ] Security Update: [CSSA-2003-002.0] Linux: Webmin Cross-site Scripting and Session ID Spoofing Vulnerabilities 2003-01-10 security caldera com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: Linux: Webmin Cross-site Scripting and Session ID Spoofing [ more ] [ reply ] BitKeeper remote shell command execution/local vulnerability 2003-01-11 Maurycy Prodeus (z33d isec pl) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Synopsis: BitKeeper remote shell command execution/local vulnerability Product: BitKeeper (http://www.bitkeeper.com) Version: 3.0.x Author: Maurycy Prodeus <z33d (at) isec (dot) pl [email concealed]> Date: 11 November 2002 Issue: - ------ BitKeeper is a so [ more ] [ reply ] middleman-1.2 and prior off-by-one bug 2003-01-10 qitest1 (qitest1 bespin org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QITEST1 SECURITY ADVISORY #006 middleman-1.2 and prior off-by-one bug PROGRAM DESCRIPTION Middleman is a powerful proxy server with many features designed to make browsing the Internet a more pleasant experience. It can do much more than just proxyi [ more ] [ reply ] [SECURITY] [DSA 225-1] New tomcat packages fix source disclosure vulnerability 2003-01-09 joey infodrom org (Martin Schulze) Request for assistance: trying to find Zardoz Security Digest Files 2003-01-08 Curator at The 'Security Digest' Archives (curator securitydigest org) I am the owner of a project designed to preserve computer security digests and I need to ask the community for help locating material relating to the Zardoz Security Digest. Without this material, I am not able to comprehensively document the history of this digest. In particular, I am unable t [ more ] [ reply ] MDKSA-2003:002 - Updated xpdf packages fix integer overflow vulnerability 2003-01-10 Mandrake Linux Security Team (security linux-mandrake com) |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 229-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 15th, 2003
[ more ] [ reply ]