SecurityFocus

Re: [VulnDiscuss] Re: Opentype font file causes Windows to restart. 2003-01-08
Mark Litchfield (mark ngssoftware com)

Not to bore anyone any further - the .FON extension is also vulnerable.
(The .FON and TTF may work on the other Windows platforms where the .OTF
failed)
----- Original Message -----
From: <HalVar (at) gmx (dot) de [email concealed]>
To: "Mark Litchfield" <mark (at) ngssoftware (dot) com [email concealed]>
Cc: <aconnell (at) xtra.co (dot) nz [email concealed]>; <vulndiscuss@vulnwatch.

[ more ] [ reply ]

Re: [VulnDiscuss] Re: Opentype font file causes Windows to restart- rename .TTF 2003-01-07
Alan Olsen (alan wirex com)

On Tue, 2003-01-07 at 20:12, Mark Litchfield wrote:
> Renaming the file extension to TTF (True Type Font) also causes an instant
> reboot on Win2k, although still does not work on .NET Server (don't have XP
> in house to test on at the minute).

Something that the hackers (thankfully) have seem to f

[ more ] [ reply ]

[SECURITY] [DSA 224-1] New canna packages fix buffer overflow and denial of service 2003-01-08
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 224-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 8th, 2002

[ more ] [ reply ]

GLSA: libpng 2003-01-08
Daniel Ahlberg (aliz gentoo org)

Tanne Remote format string exploit (Proof of Concept) 2003-01-08
dong-h0un yoU (xploit hackermail com)

We announce like promise. :-)
__

/*
**
** [*] Title: Remote format string vulnerability in Tanne.
** [+] Exploit code: 0x82-Remote.tannehehe.xpl.c
**
** [+] Description --
**
** About:
** tanne is a small, secure session-management solution for HTTP.
** It replaces common sessions with a system c

[ more ] [ reply ]

GLSA: lcdproc 2003-01-07
Daniel Ahlberg (aliz gentoo org)

Re: Opentype font file causes Windows to restart. 2003-01-07
Vess Nedevski (vdn4844 bjc org)

The problem seems to be only with W2000 and WXP. W2000 with SP3 bluescreened with STOP 0x00000050, where WXP with SP1 just rebooted without even a bluescreen. W98 or WNT don't seem to be affected.

>>> "Berend-Jan Wever" <SkyLined (at) edup.tudelft (dot) nl [email concealed]> 01/07/03 12:09PM >>>
Nope, I tried this: read
http:/

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-02:44.filedesc 2003-01-07
FreeBSD Security Advisories (security-advisories freebsd org)

KaZaA - Bad Zone 2003-01-07
David Krum (bugtraq jonespg net) (1 replies)

To follow up my mid Oct post:

KaZaA is still launching ads in the local zone. KaZaA was contacted 6 Jan
03 via their bug report page.

"Pop-up ads are being spawned from the local hard disk. This puts them in
the local zone. Scripts running in this zone can be harmful."

I am now awaiting their

[ more ] [ reply ]

Re: KaZaA - Bad Zone 2003-01-07
tony 777h org

Multiple Vulnerabilities in Sendmail on IRIX 2003-01-07
SGI Security Coordinator (agent99 sgi com)

RE: Opentype font file causes Windows to restart. 2003-01-07
Discini, Sonny (Sonny Discini co mo md us)

Windows98 - No reboot.

-----Original Message-----
From: Andrew [mailto:aconnell (at) xtra.co (dot) nz [email concealed]]
Sent: Monday, January 06, 2003 10:37 AM
To: bugtraq (at) securityfocus (dot) com [email concealed]; vulnwatch (at) vulnwatch (dot) org [email concealed]
Subject: Opentype font file causes Windows to restart.

Problem
-------

The attached OpenType font file will

[ more ] [ reply ]

RE: Opentype font file causes Windows to restart. 2003-01-07
Ben Naylor (ben naylor ciria org uk)

Tested on Windows NT4 SP6a.
Had to force opening with fontview as it was not associated by default.
No restart, just message "Not a valid font file".

-----Original Message-----
From: Andrew [mailto:aconnell (at) xtra.co (dot) nz [email concealed]]
Sent: 06 January 2003 15:37
To: bugtraq (at) securityfocus (dot) com [email concealed]; vulnwatch@vulnwatch

[ more ] [ reply ]

[RHSA-2002:283-09] Updated cyrus-sasl packages fix buffer overflows 2003-01-07
bugzilla redhat com

---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory

Synopsis: Updated cyrus-sasl packages fix buffer overflows
Advisory ID: RHSA-2002:283-09
Issue date: 2003-01-07
Updated on: 2003-01-06
Produc

[ more ] [ reply ]

Re: Opentype font file causes Windows to restart. 2003-01-07
dildog (dildog atstake com) (2 replies)

I suppose that IE's 'automatic font download' support (which is on by
default) would exacerbate this problem, correct?

--dil

[ more ] [ reply ]

Re: Opentype font file causes Windows to restart. 2003-01-07
Berend-Jan Wever (SkyLined edup tudelft nl)

Re: Opentype font file causes Windows to restart. 2003-01-07
Kim Scarborough (kjs uchicago edu)

Multiple cgihtml vulnerabilities 2003-01-07
Chris Leishman (chris leishman org)

Overview
--------

cgihtml is a collection of routines for parsing World Wide Web (WWW)
Common Gateway Interface (CGI) input and outputting HyperText Markup
Language (HTML).

http://www.eekim.com/software/cgihtml/

According to the authors website, it has potentially been used in the
implementation

[ more ] [ reply ]

[SECURITY] [DSA 222-1] New xpdf packages fix arbitrary command execution 2003-01-06
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 222-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 6th, 2003

[ more ] [ reply ]

[SECURITY] [DSA 223-1] New geneweb packages fix information exposure 2003-01-07
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 223-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 7th, 2003

[ more ] [ reply ]

[INetCop Security Advisory] Remote format string vulnerability in Tanne. 2003-01-07
dong-h0un yoU (xploit hackermail com)

========================================
INetCop Security Advisory #2003-0x82-012
========================================

* Title: Remote format string vulnerability in Tanne.

0x01. Description

About:
tanne is a small, secure session-management solution for HTTP.
It replaces common sessi

[ more ] [ reply ]

GLSA: http-fetcher 2003-01-07
Daniel Ahlberg (aliz gentoo org)

A security vulnerability in S8Forum 2003-01-05
nmsh_sa canada com (1 replies)

INFORMATIONS :
=============

- Product : S8Forum
- Tested version : 3.0 maybe other versions.
- Website : http://www.kellishaver.com/
Vendor Status: not informed yet !!!
- Problem : A security vulnerability in S8Forum

PROBLEM :
=========

This forum writen by PHP. It doesn't use database,
instead

[ more ] [ reply ]

Re: A security vulnerability in S8Forum 2003-01-07
steve Watt COM (Steve Watt)

Multiple Issues in Nettelephone Dialer 2003-01-04
S G Masood (sgmasood yahoo com)

MULTIPLE ISSUES IN NETTELEPHONE DIALER

Nettelephone(Nettelephone.com) is a PC to Phone
service provider. It's dialer client can be downloaded
from
http://www.nettelephone.com/netelephone_setup325.exe.
Although it is a good service, with very cheap rates
for international calls, it suffers from a fe

[ more ] [ reply ]