SecurityFocus

MS02-064 fix time 2002-11-14
David Litchfield (david ngssoftware com)

MS02-064 discusses a vulnerability where clicking on start->run can lead to
an unsuspecting user running another (malicious) user's trojan.

I warned MS of this back in on September 6th 1999 whilst 2k was still in
BETA (See the bottom of the following mail)
http://security-archive.merton.ox.ac.uk/bu

[ more ] [ reply ]

IISPop remote DOS 2002-11-14
securma massine (securma caramail com)

hi

The IISPop EMail Server (http://www.curtiscomp.com/)was
designed for small networks,This is a POP3 only server,
designed to be paired with the SMTP server bundled in
Windows 2000/IIS 5.

I have found that IISpop is vulnerable has a attack DOS
caused by sends of a broad buffer (289999 byte) this

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-02:43.bind 2002-11-14
FreeBSD Security Advisories (security-advisories freebsd org)

GLSA: kdelibs 2002-11-14
Daniel Ahlberg (aliz gentoo org)

SuSE Security Announcement: Multiple vulnerabilities in BIND8 (SuSE-SA:2002:044) 2002-11-14
Olaf Kirch (okir suse de)

[CLA-2002:545] Conectiva Linux Security Announcement - php4 2002-11-13
secure conectiva com br

ZDnet forum: IE formatting local drive 2002-11-11
Alan Rouse (ARouse n2bb com)

Format a local drive by visiting a URL from a fully patched Windows / IE
platform. This appeared last night:

http://forums.zdnet.com/group/zd.Security.Virus.Alerts/community/communi

ty.tpt/@thread@33885@F@1@D-,D@ALL/@article@mark@33885?EXP=ALL&VWM=&ROS=&

OC=75

[ more ] [ reply ]

JSP processor 1.1 information disclosure 2002-11-13
Andy (andrewpremote yahoo co uk)

I've been working with IBM http server 1.0 on AS/400 and when requesting a

JSP page that doesn't exist the JSP processor returns recursive error with

a listing of information including the root paths and versions of servlets

that run on the server.

Is this a known vulnerability/misconfigu

[ more ] [ reply ]

Office XP document numbers can be linked to individual machines 2002-11-13
Woody Leonhard (woody wopr com)

When you use Outlook 2002 to attach a document, spreadsheet or

presentation to an email message, Outlook sticks four items in the

document?s File | Properties | Custom dialog box. They?re called:

_AdHocReviewCycleID

_AuthorEmail

_AuthorEmailDisplayName

_EmailSubject

The last three ent

[ more ] [ reply ]

RE: ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4 andBIND8 (fwd) 2002-11-13
Russ (Russ Cooper rc on ca)

Is this the sort of disclosure we can expect based on the (OIS) Organization for Internet Safety's "code of conduct" and/or "best practices" for vulnerability disclosure?

ISS is a founding member of OIS, together with @stake, Bindview, Caldera, Foundstone, Guardent, Microsoft, NAI, Oracle, SGI, and

[ more ] [ reply ]

Buffalo AP Denial of Service 2002-11-13
Andrei Mikhailovsky (andrei arhont com)

Arhont Ltd. - Information Security

Arhont Advisory by: Andrei Mikhailovsky

(www.arhont.com)

Advisory: Buffalo AP

AP Model Name: WLA-L11G Ver.2.31

Wireless Firmware: WLI-PCM-L11G Ver.6.14

Model Specific: Ot

[ more ] [ reply ]

RE: A technique to mitigate cookie-stealing XSS attacks 2002-11-13
Steven M. Christey (coley linus mitre org) (1 replies)

While this thread has been focused on scripting languages and cookie
theft, that's not the only issue to be concerned about with XSS.

Being able to place arbitrary HTML into an intermediate web page is
dangerous for other reasons (this is sometimes called "HTML
injection," but I view it as another

[ more ] [ reply ]

RE: A technique to mitigate cookie-stealing XSS attacks 2002-11-14
Ulf Harnhammar (ulfh update uu se)

KeyFocus KF Web Server File Disclosure Vulnerability 2002-11-13
mattmurphy (at) kc.rr (dot) com [email concealed] (mattmurphy kc rr com)

KeyFocus Web server is a Win32 HTTP server with web administration, a
variety of logging formats, such as NCSA and W3C, CGI, compression, memory
caching of static documents, directory indexing, pre-defined MIME settings,
internal authentication with support for multiple realms, and a variety of
URL

[ more ] [ reply ]

Eudora 5.2 attachment spoof 2002-11-13
psz maths usyd edu au (Paul Szabo)

Qualcomm Eudora 5.2 has been released recently. Quoting from
http://www.eudora.com/download/eudora/windows/5.2/RelNotes.txt :

> Added checks to prevent spoofed Attachment Converted: exploits.
> ...
> We now guard against exploits that rely on local file refs (using either
> fixed paths or relative

[ more ] [ reply ]

Security Update: [CSSA-2002-SCO.42] UnixWare 7.1.1 Open UNIX 8.0.0 : in.talkd format string vulnerabilities 2002-11-12
security caldera com

To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] scoannmod (at) xenitec.on (dot) ca [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed]

________________________________________________________________________
______

SCO Security Advisory

Subject: UnixWare 7.1.1 Open UNIX 8.0.0 : in.talkd format string vulnerabiliti

[ more ] [ reply ]

Gnujsp and Domino R5.0.10 2002-11-13
YM Barusseau (ymbarusseau irfces com)

I've installed gnujsp on Domino R5.0.10 which runs on NT4 (with latests

updates), but when I want to load a *.jsp page, the following error

occurs : "ERROR 404, JSP File Not Found or Internal Problem, see server

log for details". So I read my server log that tells me "addin: GNUJSP :

detec

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-02:41.smrsh 2002-11-13
FreeBSD Security Advisories (security-advisories freebsd org)

Default SNMP community in Surecom Broadband Router 2002-11-13
Andrei Mikhailovsky (andrei arhont com)

Arhont Ltd. - Information Security

Arhont Advisory by: Andrei Mikhailovsky

(www.arhont.com)

Advisory: Surecom Broadband Router

Router Model Name: EP-4501

Model Specific: Other models might be

vulnerable

Manufacturer site:

[ more ] [ reply ]

Latest libpcap & tcpdump sources from tcpdump.org contain a trojan 2002-11-13
Mincu Alexandru (alex intelinet ro)

Updates:

* Many Mirrors are infected with the trojan
Background:

* Libpcap provides a packet sniffing library for programs like
Snort.
* Tcpdump is a standard tool for packet sniffing.
Details:

* The trojan contains modifications to the configure script and

[ more ] [ reply ]

Well known flaw in web cart software remains wide open 2002-11-12
whitehat2004 yahoo com

WhiteHat Security Advisory 1004

November 11, 2002

===================

Problem Description

===================

Vulnerable web shopping cart software passes prices between web pages

using hidden form fields. What this means is that every time a customer

adds something to their shopping c

[ more ] [ reply ]

Re: i386 Linux kernel DoS 2002-11-13
Christophe Devine (DEVINE iie cnam fr)

On Wed, 13 Nov 2002, Stefan Laudat wrote:

> Regarding this issue: is it 80x86 or specifically 80386 designed ?
> Been trying it on AMD Duron, AMD Athlon MP, Intel i586 - just segfaults :(

Yep; the first version of the DoS I posted on bugtraq was defective and
worked only under special conditions

[ more ] [ reply ]

IceWarp 3.4.5 XSS *AGAIN* 2002-11-13
DarC KonQuesT (DarC_KonQuesT Phreaker net)

DarC KonQuesT IceWarp 3.4.5 XSS Release

Product: IceWarp Webmail 3.4.5
Vendor: IceWarp Software - E-mail: info (at) icewarp (dot) com [email concealed]
Web: www.icewarp.com
Problem: Cross Site Scripting
Severity: Mild
Operating System(s): Tested against Win2k
Discovered: October 29, 2002
Vendor Notified: October 29, 2002
Publi

[ more ] [ reply ]

RE: i386 Linux kernel DoS 2002-11-12
Leif Sawyer (lsawyer gci com)

Christophe Devine writes:
> /* USE AT YOUR OWN RISK ! */
>
> int main( void )
> {
> char dos[] = "\x9C" /* pushfd */
> "\x58" /* pop eax */
> "\x0D\x00\x01\x00\x00" /* or eax,100h */
>

[ more ] [ reply ]