|
|
Colapse all |
Post message
bogofilter contrib/bogopass temp file vulnerability 2002-11-29 Matthias Andree (matthias andree gmx de) bogofilter-SA-2002:01.bogopass Topic: vulnerability in bogopass Announcement: bogofilter-SA-2002:01 Writer: Matthias Andree Version: 1.00 Announced: 2002-11-29 Category: contrib Type: temporary file created insecurely Impact: anonymous local file destruction or change Credits: - Danger: mediu [ more ] [ reply ] [ElectronicSouls] - BOOZT CGI Exploit 2002-11-29 es hush com -----BEGIN PGP SIGNED MESSAGE----- Dear List, We apologize for the cross posting, but we feel it is important that everyone see this as it covers a new CGI hole. # cat ES-booz.c /* ----------------------------------------------------------------------- BOOZT! Not so Standard 0.9.8 CGI vulner [ more ] [ reply ] [OpenPKG-SA-2002.012] OpenPKG Security Advisory (samba) 2002-11-29 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] Moby NetSuite POST Denial of Service Vulnerability 2002-11-29 Matthew Murphy (mattmurphy kc rr com) Advisory: Moby NetSuite POST Denial of Service Vulnerability Moby NetSuite is an HTTP/SMTP package designed for simplicity. It supports CGI, including POST form submissions. A vulnerability in the POST handler could lead to denial of service against the server. When faced with a POST request, NetS [ more ] [ reply ] re: Solaris priocntl exploit 2002-11-27 Jeff Damens (jdamens ebbets poly edu) > Solaris's Got Big problem on System Call priocntl() > syscall priocntl(2) is used as process scheduler control > ... > as it said, pc_clname points to a string specify the module. > priocntl() will load the module without any privilege check. > The module's name is a relative path, priocntl will [ more ] [ reply ] User downgraded from Administrator to User retains the ability to list other user's running tasks 2002-11-29 Eitan Caspi (eitan_c 012 net il) (1 replies) Summary: Windows XP presents a new option called "Fast User Switching" (FUS). This option enables multiple users to be logged on locally to the same PC at the same time, although only one user at a time can work at the station's GUI. This option is a variant of the Terminal services (which you wil [ more ] [ reply ] RE: User downgraded from Administrator to User retains the ability to list other user's running tasks 2002-11-29 John Tolmachofft (sflist-bugtraq reliance net) MDKSA-2002:083 - Updated sendmail packages fix smrsh insecurities 2002-11-28 Mandrake Linux Security Team (security linux-mandrake com) Kerberos login sniffer and cracker for Windows 2000/XP 2002-11-28 Arne Vidstrom (arne vidstrom ntsecurity nu) Re: Solaris priocntl exploit 2002-11-28 Casper Dik (Casper Dik Sun COM) > >>The module's name is a relative path, priocntl will search the module file >>in only /kernel/sched and /usr/kernel/sched/ dirs. >>but unfortunately, priocntl() never check '../' in pc_clname arg >>we can use '../../../tmp/module' to make priocntl() load a module from anywhere > > >The "pc_clnam [ more ] [ reply ] RE: Cracking OpenVMS passwords with John the Ripper 2002-11-26 moose microsoftsucks org Although OpenVMS passwords are not case sensitive and limited to alphanumeric characters, that does not mean cracking passwords is easier on OpenVMS than on other systems. The algorithm used to encode OpenVMS passwords is irreversible (mentioned for the sake of completeness). The password length [ more ] [ reply ] TracerouteNG - never ending story 2002-11-28 Paul Starzetz (paul starzetz de) Hi everyone, I want to provide some additional information about the recently discovered traceroute-ng flaw. I decided to disclose to details right now because I do not believe that the flaw is easily exploitable. 1) The vulnerablilty. The patch provided by vendors like SuSE is not sufficient. [ more ] [ reply ] On vulnerabilities in open and closed source products 2002-11-27 Steven M. Christey (coley linus mitre org) Dave Aitel said: >on Open Source platforms (or platforms for which the source code is so >readily available as to make it open source in all but name) people >are now hunting down obscure integer overflows, and on closed source >platforms fuzzers are happily picking out stack overflows in initial [ more ] [ reply ] Re: d_path() truncating excessive long path name vulnerability 2002-11-27 psz maths usyd edu au (Paul Szabo) (1 replies) Back in March 2002, Wojciech Purczynski <cliph (at) isec (dot) pl [email concealed]> wrote (original article at http://online.securityfocus.com/archive/1/264117 ): > Name: Linux kernel > Version: up to 2.2.20 and 2.4.18 > ... > In case of excessively long path names d_path kernel internal function > returns truncated trailing [ more ] [ reply ] Re: d_path() truncating excessive long path name vulnerability 2002-11-28 Solar Designer (solar openwall com) pWins Perl Web Server Directory Transversal Vulnerability 2002-11-27 Matthew Wagenknecht (mattwagenknecht hotmail com) From www.sourceforge.net/projects/pwins: "pWins is a webserver-software based on perl and ruby (not yet) code. My aim is to make it fast, small and secure, supporting cgi (perl, ruby) and php scripts. It's easy to install and configurate!" versions: 0.2.5 and earlier, tested on Windows only.. d [ more ] [ reply ] Remote Multiple Buffer Overflow(s) vulnerability in Libcgi-tuxbr. 2002-11-28 dong-h0un U (xploit hackermail com) ======================================== INetCop Security Advisory #2002-0x82-008 ======================================== * Title: Remote Multiple Buffer Overflow(s) vulnerability in Libcgi-tuxbr. 0x01. Description LIBCGI is a simple of functions to create CGI programs in C. It provides [ more ] [ reply ] RE: CAIS-ALERT: Vulnerability in the sending requests control of BIND 2002-11-27 Iván Arce (core lists bugtraq core-sdi com) (1 replies) Vagner Sacramento wrote: > ----------------------------------------------------------------------- > @ Copyright CAIS - Brazilian Research Network CSIRT > Security Incidents Response Center (CAIS/RNP) > > Subject : Vulnerability in the sending requests control of BIND > [ more ] [ reply ] RE: CAIS-ALERT: Vulnerability in the sending requests control of BIND 2002-11-28 Vagner Sacramento (vagner natalnet br) (1 replies) RE: CAIS-ALERT: Vulnerability in the sending requests control of BIND 2002-11-28 Iván Arce (core lists bugtraq core-sdi com) ASI Sybase Security Alert: Buffer overflow in DBCC CHECKVERIFY 2002-11-27 Aaron C. Newman (Application Security, Inc.) (anewman appsecinc com) Sybase Adaptive Server buffer overflow in DBCC CHECKVERIFY http://www.appsecinc.com/resources/alerts/sybase/02-0001.html To determine if you should apply this hot fix, download AppDetective for Sybase from http://www.sybasesecurity.net/products/appdetective/sybase/. Risk level: High Threat: Allo [ more ] [ reply ] ASI Sybase Security Alert: Buffer overflow in DROP DATABASE 2002-11-27 Aaron C. Newman (Application Security, Inc.) (anewman appsecinc com) Sybase Adaptive Server buffer overflow in DROP DATABASE http://www.appsecinc.com/resources/alerts/sybase/02-0002.html To determine if you should apply this hot fix, download AppDetective for Sybase from http://www.sybasesecurity.net/products/appdetective/sybase/. Risk level: High Threat: Allows [ more ] [ reply ] ASI Sybase Security Alert: Buffer overflow in xp_freedll 2002-11-27 Aaron C. Newman (Application Security, Inc.) (anewman appsecinc com) Sybase Adaptive Server buffer overflow in xp_freedll extended stored procedure http://www.appsecinc.com/resources/alerts/sybase/02-0003.html To determine if you should apply this hot fix, download AppDetective for Sybase from http://www.sybasesecurity.net/products/appdetective/sybase/. Risk leve [ more ] [ reply ] Solaris priocntl exploit 2002-11-27 ÝþÒãÁ? (kk_qq 263 net) (1 replies) ** Moderator note: Messages with links to technical details outside of the message are not approved. Because of the potential delay waiting for another submission, the original message has been modified to include the details. Details follow: Solaris's Got Big problem on System Call priocntl( [ more ] [ reply ] |
|
Privacy Statement |
Attached is a working proof-of-concept exploit for the traceroute-nanog local
root hole. It works on SuSE 7.x/8.0 and maybe others too.
It includes detailed information on where the vulnerability lies in the source
code, problems in exploitation and solutions to those problems.
It also highlig
[ more ] [ reply ]