|
|
Colapse all |
Post message
MDKSA-2002:087 - Updated MySQL packages fix multiple vulnerabilities 2002-12-18 Mandrake Linux Security Team (security linux-mandrake com) [securitydigest.org]: Changes for December 2002 2002-12-14 Curator at Security Digest Archives (curator securitydigest org) - - - The 'Security Digest' Archives : securitydigest.org ANNOUNCEMENT OF CHANGES December 2002 http://securitydigest.org/site/changes/20021215.txt This is a periodic announcement regarding changes and activities at The 'Security Digest' Archives (http://securitydigest.org). Unless you have receiv [ more ] [ reply ] gfxboot allows boot password circumvention, SuSE 8.1 GRUB 2002-12-14 Matthias Andree (matthias andree gmx de) SECURITY VULNERABILITY SuSE 8.1's "gfxmenu" which is configured into GRUB by default on many machines allows the user to pass in additional kernel boot parameters without entering the password, even though one is configured in the GRUB configuration file. The exact circumstances when YaST2 adds the [ more ] [ reply ] Security Paper: Session Fixation Vulnerability in Web-based Applications 2002-12-18 Mitja Kolsek (ACROS Lists) (lists acros si) ACROS Security is pleased to announce the publication of a security paper about a new class of attacks on web-based applications that we named "session fixation" attacks. The paper is available at [ http://www.acros.si/papers/session_fixation.pdf ] and could be useful to all web applications dev [ more ] [ reply ] Missing admin sql password in Okena StormWatch 2002-12-18 Marc Ruef (marc ruef computec ch) Hi! I was working with Okena StormWatch[1] - a really interesting commercial intrusion prevention product - and saw that there is the SQL password for the admin account (sa) missing. With a SQL client and a blank password it's possible for everyone who can connect to the manager to compromise the [ more ] [ reply ] RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability 2002-12-17 Michal Zalewski (lcamtuf ghettot org) RAZOR advisory: Linux kernel 2.2.x /proc/pid/mem mmap() vulnerability Issue Date : 12/17/2002 Contact : Michal Zalewski <mzalewsk (at) razor.bindview (dot) com [email concealed]> CVE number : CAN-2002-1380 Topic: A locally exploitable system crash vulnerability is present in the Linux kernel, versions 2.2. [ more ] [ reply ] export LD_LIBRARY_PATH in /etc/profile.d/* files 2002-12-17 rich annexia org (1 replies) On a machine I administrate I recently discovered an entry in /etc/profile.d/oracle.sh: export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/home/oracle/OraHome1/lib I noticed today that this leaves the value of LD_LIBRARY_PATH as: :/home/oracle/OraHome1/lib (containing an empty element). This is the cause [ more ] [ reply ] Fwd: CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations 2002-12-17 Muhammad Faisal Rauf Danka (mfrd attitudex com) *** There is an attachment in this mail. *** _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Select your own custom email a [ more ] [ reply ] Re: adelphia vulnerability within subnets 2002-12-17 0x90 (0x90 invisiblenet net) FYI: Adelphia has responded and is working on this problem, if you would like to assist with finding out if you're subnet is vulnerable, please email security (at) invisiblenet (dot) com [email concealed], as this will really help adelphia chase down the networks, and fix this problem. The layer 2 gear was from recent acquirie [ more ] [ reply ] Directory traversal vulnerabilities in several archivers processing .tar 2002-12-16 Florian Schafferhans (fs computer-security de) (1 replies) Subject Directory traversal vulnerabilities in several archivers processing .tar files Author Florian "sticky bit" Schafferhans <fs (at) computer-security (dot) de [email concealed]> http://www.computer-security.de/ Date 17. December 2002 Affected GNU cpio 2.5 http://www.g [ more ] [ reply ] Re: Directory traversal vulnerabilities in several archivers processing .tar 2002-12-17 der Mouse (mouse Rodents Montreal QC CA) [OpenPKG-SA-2002.016] OpenPKG Security Advisory (fetchmail) 2002-12-17 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] [RHSA-2002:293-09] Updated Fetchmail packages fix security vulnerability 2002-12-17 bugzilla redhat com [RHSA-2002:228-11] Updated Net-SNMP packages fix security and other bugs 2002-12-17 bugzilla redhat com [SECURITY] [DSA-212-1] Multiple MySQL vulnerabilities 2002-12-17 Wichert Akkerman (wichert wiggy net) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-212-1 security (at) debian (dot) org [email concealed] http://www.debian.org/security/ Wichert Akkerman December 17, 2002 - ------------ [ more ] [ reply ] [CLA-2002:555] Conectiva Linux Security Announcement - MySQL 2002-12-17 secure conectiva com br -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : MySQL SUMMARY : Several Vulnerabilities DATE [ more ] [ reply ] Macromedia Shockwave Flash Malformed Header Overflow #2 2002-12-17 Marc Maiffret (marc eeye com) Macromedia Shockwave Flash Malformed Header Overflow #2 Release Date: December 16, 2002 Severity: High (Remote Code Execution) Systems Affected: Macromedia Flash Player versions less than 6.0.65.0 Description: While working on some pre-release Retina® CHAM tools, multiple exploitable conditions [ more ] [ reply ] Captaris (Infinite) WebMail XSS 2002-12-16 Pedram Amini (pedram redhive com) I figured it was about time I hopped on the XSS band-wagon. Captaris (www.captaris.com) Infinite WebMail application is vulnerable to Cross-Site Scripting (XSS) attacks. The application fails to filter the following tags that can both be used to redirect a user to an attack script: Launch on e-mai [ more ] [ reply ] Security Patchs for PHP Products 2002-12-15 Frog Man (leseulfrog hotmail com) PHPSecure made some patchs for security holes in PHP products. Here is the list : - ALP - Banner Ad 2.0 : http://www.phpsecure.org/index.php?id=1&zone=pDl More details : http://online.securityfocus.com/search?category=22&query=ALP - Tight Auction 3.0 : http://www.phpsecure.org/index.php?id=6&zone [ more ] [ reply ] [CLA-2002:553] Conectiva Linux Security Announcement - kernel 2.4 2002-12-16 secure conectiva com br -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : kernel 2.4 SUMMARY : Local denial of service [ more ] [ reply ] [CLA-2002:554] Conectiva Linux Security Announcement - fetchmail 2002-12-16 secure conectiva com br -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : fetchmail SUMMARY : Remote vulnerability DATE [ more ] [ reply ] zkfingerd 0.9.1 format string vulnerabilities (#NISR16122002A) 2002-12-16 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: zkfingerd Format String vulnerability Systems: zkfingerd version 0.9.1 and earlier Severity: High Risk Vendor URL: http://sourceforge.net/projects/zkfingerd Author: David Litchfield (david (at) ngssoftware (dot) com [email concealed]) Advisory URL: http://www.ngssoftware.com [ more ] [ reply ] PFinger 0.7.8 format string vulnerability (#NISR16122002B) 2002-12-16 NGSSoftware Insight Security Research (nisr nextgenss com) (1 replies) NGSSoftware Insight Security Research Advisory Name: PFinger Format String vulnerability Systems: PFinger version 0.7.8 and earlier Severity: High Risk Vendor URL: http://www.xelia.ch/unix/pfinger/ Author: David Litchfield (david (at) ngssoftware (dot) com [email concealed]) Advisory URL: http://www.ngssoftware.com/advisories/ [ more ] [ reply ] RE: PFinger 0.7.8 format string vulnerability (#NISR16122002B) 2002-12-16 Stefan Esser (s esser e-matters de) (2 replies) Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) 2002-12-17 Valdis Kletnieks vt edu (1 replies) Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) 2002-12-17 Stefan Esser (s esser e-matters de) (1 replies) Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) 2002-12-17 der Mouse (mouse Rodents Montreal QC CA) Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) 2002-12-16 der Mouse (mouse Rodents Montreal QC CA) |
|
Privacy Statement |
Hash: SHA1
________________________________________________________________________
Mandrake Linux Security Update Advisory
________________________________________________________________________
Package name: MySQL
Advisory ID:
[ more ] [ reply ]