---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory

Synopsis: New kernel fixes local denial of service issue
Advisory ID: RHSA-2002:262-07
Issue date: 2002-09-23
Updated on: 2002-11-16
Product:

[ more ]  [ reply ]

To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed]

________________________________________________________________________
______

SCO Security Advisory

Subject: Linux: KDE SSL and XSS vulnerabilities
Advisory number: C

[ more ]  [ reply ]

========================================
INetCop Security Advisory #2002-0x82-004
========================================

* Title: Remote Buffer Overflow vulnerability in Zeroo HTTP Server.

0x01. Description

Zeroo HTTP Server is simple and fast webserver.
Many overflow bugs exist innumer

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

========================================================================
=====
FreeBSD-SA-02:41.smrsh Security Advisory
The FreeBSD Project

Topic: smrsh restric

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

========================================================================
=====
FreeBSD-SA-02:43.bind Security Advisory
The FreeBSD Project

Topic: multiple vuln

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 196-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Daniel Jacobowitz
November 14th, 2002

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ]  [ reply ]

I'd like to announce the availability for downlaod of the following
paper.

Security holes... Who cares?

Eric Rescorla
RTFM, Inc. <http://www.rtfm.com/>

We report on an observational study of user response following the
Op

[ more ]  [ reply ]

FYI, the HTML code is;

------------------------------------------------------------------------

<html>
<head>
</head>

<script LANGUAGE="JavaScript">

prog = 'command';
args = '/k format a: /autotest';

if (!location.hash) {
showHelp(location+"#1");
showHelp("iexplore.chm");
blur();
}
els

[ more ]  [ reply ]

David Litchfield said:

>I warned MS of this back in on September 6th 1999 whilst 2k was still
>in BETA (See the bottom of the following mail)
>http://security-archive.merton.ox.ac.uk/bugtraq-199909/0145.html
>
>I wonder if this is the longest time it has taken for a "fix" to be
>made public after

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

There was a post on Slashdot recently [1] about a trojan in tcpdump
and libpcap. The post referred to two web pages [2], and [3], which
describe the trojan.

Unfortunately, the web pages at this time say nothing about whether
or not the maintainers of tcpdump

[ more ]  [ reply ]

> From: Jan Echternach [mailto:jan (at) goneko (dot) de [email concealed]]
> Sent: Monday, November 11, 2002 11:47 AM

> On Fri, Nov 08, 2002 at 05:23:34PM +0100, Michael Zimmermann wrote:
> > Not to declare the intermediate storage for sensitive
> > data as 'volatile' is a coding flaw. An esily overlooked
> > one, yes, but nev

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name: bind
Advisory ID:

[ more ]  [ reply ]

Here is a patch http://securitylab.ru/_tools/antidote2.diff.gz for linux
kernel (2.4.18 and .19 tested) to resisting ARP spoofing.

If applied, it brings a new sysctl parameter:

net.ipv4.neigh.<interface name>.arp_antidote

that defines kernel behaviour when changes in correspondence between MAC
an

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : bind
SUMMARY : Remote vulnerabilities in the

[ more ]  [ reply ]

To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed]

________________________________________________________________________
______

SCO Security Advisory

Subject: Linux: python insecure temporary files in os._execvpe
Advi

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200211-004
- - --------------------------------------------------------------------

PACKAGE : kdenetwork
SUMMARY : rlogin.protocol and telnet.pr

[ more ]  [ reply ]

Christopher Fillion's "Perception" web site hosts the LiteServe combination
server for Win32. The server offers HTTP, FTP, SMTP, POP3, and Telnet
services. Included in the HTTP service is a Common Gateway Interface (CGI)
feature that allows you to specify a CGI alias, as well as "filters" that
are

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : syslog-ng
SUMMARY : Buffer overflow vulnerabi

[ more ]  [ reply ]

STAFF: Humbly submitted for your subscribers.

The Peon's Guide To Secure System Development

Abstract:

Increasingly incompetent developers are creeping their way into
important projects. Considering that most good programmers are pretty
bad at security, bad programmers with roles in important proj

[ more ]  [ reply ]

Monitoring which pages a user visits is also possible, and in general there
seems to be some oversights in this otherwise smooth rewrite.

Add to that some of the more odd bugs functionalitywise, and I would say
there is room for a beta 2 ;)

Regards
Thor Larholm, Security Researcher
PivX Solutions

[ more ]  [ reply ]

This is just a copy of Andreas Sandblads advisory, with a new command :)

Regards
Thor Larholm, Security Researcher
PivX Solutions, LLC

Strike Now, StrikeFirst!
http://www.pivx.com/sf.html

-----Original Message-----
From: Alan Rouse [mailto:ARouse (at) n2bb (dot) com [email concealed]]
Sent: 11. november 2002 17:22
To: bugtra

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+-----------------------------------------------------------------------
-+
| EnGarde Secure Linux Security Advisory November 14, 2002 |
| http://www.engardelinux.org/ ESA-20021114-029 |
|

[ more ]  [ reply ]

We've done some basic security tests, in cooperation with Tom Gilder, on the
new Opera 7 beta release and found two major security vulnerabilities. These
vulnerabilities are quite obvious and likely to be discovered by malicious
users.

Combined, they allow full read access to a victim's file system

[ more ]  [ reply ]

The following is the text of an advisory (with a couple of typos fixed)
that was sent to Netscape in early July.
(-rw-r--r-- 1 root root 3210 Jul 8 17:07 jar-writeup)

This was one a several vulnerabilities reported in Netscape/Mozilla over
that period. (Others included the previou

[ more ]  [ reply ]

Laurent,
Thanks for your note. In reality IP Smartspoofing is no different than
ARP cache poisoning so I'm not entirely sure why a new name was
"invented". In this particular case one is able to prevent the
following:
- key ports and corresponding MAC entries are hardcoded and secured (ie
gateway

[ more ]  [ reply ]