SecurityFocus

iDEFENSE Security Advisory 11.19.02c: Netscape Predictable Directory Structure Allows Theft of Preferences File 2002-11-19
David Endler (dendler idefense com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

iDEFENSE Security Advisory 11.19.02c:
http://www.idefense.com/advisory/11.19.02c.txt
Predictable Directory Structure Allows Theft of Netscape Preferences
File
November 19, 2002

I. BACKGROUND

Netscape Communications Corp.'s Communicator is a popular pa

[ more ] [ reply ]

iDEFENSE Security Advisory 11.19.02a: Denial of Service Vulnerability in Linksys Cable/DSL Routers 2002-11-19
David Endler (dendler idefense com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

iDEFENSE Security Advisory 11.19.02a:
http://www.idefense.com/advisory/11.19.02a.txt
Denial of Service Vulnerability in Linksys Cable/DSL Routers
November 19, 2002

I. BACKGROUND

Linksys Group Inc. currently sells several broadband router products,
inc

[ more ] [ reply ]

iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability 2002-11-19
David Endler (dendler idefense com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

iDEFENSE Security Advisory 11.19.02b:
http://www.idefense.com/advisory/11.19.02b.txt
Eudora Script Execution Vulnerability
November 19, 2002

I. BACKGROUND

Qualcomm Inc.'s Eudora is a graphical e-mail client for Windows and
Macintosh. More information

[ more ] [ reply ]

Sun Security Bulletin #00220 2002-11-20
Matt Selsky (selsky columbia edu)

----- Forwarded message from Sun Security Coordination Team <Sun_Security_Coordination_Team (at) hermes.sun (dot) com [email concealed]> -----

Date: 19 Nov 2002 15:31:12 -0800
From: "Sun Security Coordination Team" <Sun_Security_Coordination_Team (at) hermes.sun (dot) com [email concealed]>
Subject: Sun Security Bulletin #00220

-----BEGIN PGP SIGNED MESS

[ more ] [ reply ]

Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site 2002-11-20
Peter Bieringer (pb bieringer de)

Hi,

sure very late, forgotten. This is not a real advisory but for
information, because problem was found during private usage.

Problem found with version

opera-6.03-20020813.3-shared-qt.i386.rpm
(perhaps older versions, too)

on a Red Hat Linux 7.3 fully updated system (time aro

[ more ] [ reply ]

Re: [Full-Disclosure] Security Update: [CSSA-2002-050.0] Linux: tcpdump denial-of-service in print-bgp.c 2002-11-20
Silvio Cesare (silvio big net au)

Also, one quick addition to this; this problem effects all tcpdump, and is not
OpenLinux (or even Linux) specific.

It is recommended that ALL distro's upgrade their packages to the latest,
which has long resolved the specific problem this advisory is
reporting.

Anyway.. nice advisory ;-)

--
Silvi

[ more ] [ reply ]

Cisco Security Advisory: Cisco PIX Multiple Vulnerabilities 2002-11-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

GLSA: gtetrinet 2002-11-20
Daniel Ahlberg (aliz gentoo org)

Update: iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability 2002-11-20
David Endler (dendler idefense com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

After speaking with Magnus Bodin [magnus (at) bodin (dot) org [email concealed]], it is clear that
he had already discovered various components of this vulnerability.

http://online.securityfocus.com/archive/1/262704
http://online.securityfocus.com/archive/1/282631

[ more ] [ reply ]

GLSA: courier 2002-11-19
Daniel Ahlberg (aliz gentoo org)

SuSE Security Announcement: samba (SuSE-SA:2002:045) 2002-11-20
Roman Drahtmueller (draht suse de)

Clipboard in QNX Photon 2002-11-19
One Semicolon (s 4os org)

TOPIC: Clipboard in QNX Photon
ADVISORY NR: 200201
DATE: Nov 13 2002
VULNERABILITY FOUND BY: 1; (One Semicolon)

CONTACT INFORMATION:
http://www.4os.org
s (at) 4os (dot) org [email concealed]

STATUS: QNX Software Systems Ltd was contacted on November 11, 2002.
I received prompt replies and was assured that this was being sen

[ more ] [ reply ]

GLSA: php 2002-11-20
Daniel Ahlberg (aliz gentoo org)

Security Update: [CSSA-2002-049.0] Linux: lynx CRLF injection vulnerability 2002-11-19
security caldera com

To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed]

________________________________________________________________________
______

SCO Security Advisory

Subject: Linux: lynx CRLF injection vulnerability
Advisory number:

[ more ] [ reply ]

Security Update: [CSSA-2002-048.0] Linux: wwwoffled remote access vulnerability 2002-11-18
security caldera com

To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed]

________________________________________________________________________
______

SCO Security Advisory

Subject: Linux: wwwoffled remote access vulnerability
Advisory num

[ more ] [ reply ]

Updated ypserv packages fix memory leak 2002-11-19
Mandrake Linux Security Team (security linux-mandrake com)

(MSIE) when parent gives his son bad things ;) --"dialogArguments " again 2002-11-19
Liu Die Yu (liudieyuinchina yahoo com cn) (2 replies)

IFRAME in a page opened by "openModalDialog" has "dialogArguments" of its

parent.

[tested]MSIEv6(CN version)

{IEXPLORE.EXE file version: 6.0.2600.0000}

{MSHTML.DLL file version: 6.00.2600.0000}

[demo]

at

http://www16.brinkster.com/liudieyu/BadParent/BadParent-MyPage.htm

or

clik.t

[ more ] [ reply ]

RE: (MSIE) -"dialogArguments" (extended) 2002-11-20
GreyMagic Software (security greymagic com)

Re: (MSIE) when parent gives his son bad things ;) --"dialogArguments " again 2002-11-19
Dave Ahmad (da securityfocus com)

Multiple incorrect permissions in QNX. 2002-11-19
One Semicolon (s 4os org)

TOPIC: Multiple incorrect permissions in QNX.
ADVISORY NR: 200202
DATE: Nov 13 2002
VULNERABILITY FOUND BY: 1; (One Semicolon)

CONTACT INFORMATION:
http://www.4os.org
s (at) 4os (dot) org [email concealed]

STATUS: QNX Software Systems Ltd was contacted on November 11, 2002.
I received prompt replies and was assured that thi

[ more ] [ reply ]

NetBSD Security Advisory 2002-027: ftpd STAT output non-conformance can deceive firewall devices 2002-11-19
NetBSD Security Officer (security-officer netbsd org)

-----BEGIN PGP SIGNED MESSAGE-----

NetBSD Security Advisory 2002-027
=================================

Topic: ftpd STAT output non-conformance can deceive firewall devices

Version: NetBSD-current: source prior to Oct 26, 2002
NetBSD 1.6: affected
NetBSD-1.5.3: affected
NetBSD-1.5.2:

[ more ] [ reply ]

NetBSD Security Advisory 2002-028: Buffer overrun in getnetbyname/getnetbyaddr 2002-11-19
NetBSD Security Officer (security-officer netbsd org)

-----BEGIN PGP SIGNED MESSAGE-----

NetBSD Security Advisory 2002-028
=================================

Topic: Buffer overrun in getnetbyname/getnetbyaddr

Version: NetBSD-current: source prior to November 15, 2002
NetBSD 1.6: affected
NetBSD-1.5.3: affected
NetBSD-1.5.2: affected
N

[ more ] [ reply ]

Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities 2002-11-19
Marc Maiffret (marc eeye com)

There was an inaccuracy in the first advisory for the Macromedia product
versions affected.
The correct versions are:
Macromedia Coldfusion MX 6.0 (IIS ISAPI)
Macromedia JRun 3.0, 3.1 and 4.0 (IIS ISAPI)

You can always find the latest and most accurate versions of eEye advisories
at: http://www.eey

[ more ] [ reply ]

NetBSD Security Advisory 2002-029: named(8) multiple denial of service and remote execution of code 2002-11-19
NetBSD Security Officer (security-officer netbsd org)

-----BEGIN PGP SIGNED MESSAGE-----

NetBSD Security Advisory 2002-029
=================================

Topic: named(8) multiple denial of service and remote execution of code

Version: NetBSD-current: November 15, 2002
NetBSD 1.6: affected
NetBSD-1.5.3: affected
NetBSD-1.5.2: affecte

[ more ] [ reply ]

[SECURITY] [DSA 199-1] New mhonarc packages fix cross site scripting 2002-11-19
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 199-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
November 19th, 2002

[ more ] [ reply ]

iPlanet WebServer, remote root compromise 2002-11-19
labs@NGSEC (labs ngsec com)

TFTPD32 Directory Traversal Vulnerability 2002-11-18
Aviram Jenik (aviram beyondsecurity com)

Advisory available at:
http://www.securiteam.com/windowsntfocus/6D00D2061G.html

TFTPD32 Directory Traversal Vulnerability
--------------------------------------------

SUMMARY

<http://tftpd32.jounin.net> TFTPD32 is a Freeware TFTP server for
windows 9x/NT/XP. It provides an implementation of th

[ more ] [ reply ]

Linksys router vulnerability 2002-11-18
Seth Bromberger (sbbugtraq1102 yahoo com)

SUMMARY:
Linksys products running affected firmware versions
are susceptible to a bug that allows unauthenticated
access to the management interface. This bug affects
both local and remote management (if enabled).

AFFECTED PRODUCTS (per Linksys support):
BEFSR41, BEFSR11, BEFSRU31:
firmware vers

[ more ] [ reply ]