SecurityFocus

[SECURITY] [DSA-190-1] buffer overflow in Window Maker 2002-11-07
Wichert Akkerman (wichert wiggy net)

-----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------

Debian Security Advisory DSA-190-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Wichert Akkerman
November 7, 2002
- -----------------------

[ more ] [ reply ]

Remote pine Denial of Service 2002-11-07
Linus Sjöberg (lsjoberg aland net)

Security Advisory

23rd October 2002

Remote pine version 4.44 denial of service

Name: Pine version 4.44
Arch: Redhat 7.2 i386
Severity: Medium
Vendor URL: http://www.washington.edu/pine/
Author:

[ more ] [ reply ]

Linksys security contact 2002-11-07
David Endler (dendler idefense com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FYI starting today, Linksys has created the address
security (at) linksys (dot) com [email concealed] to receive information on vulnerabilities within
any of their products.

Additionally the iDEFENSE advisory, 10.31.02a: Denial of Service
Vulnerability in Linksys BEFSR41 EtherFast

[ more ] [ reply ]

[CLA-2002:544] Conectiva Linux Security Announcement - linuxconf 2002-11-06
secure conectiva com br

How to execute programs with parameters in IE - Sandblad advisory #10 2002-11-06
Andreas Sandblad (sandblad acc umu se)

- Sandblad advisory #10 -

----------------------------------------------------------------
Title: "How to execute programs with parameters in IE"
Date: [2002-11-06]
Software: Internet Explorer (webbrowser control)
Vendor: http://www.microsoft.com/
Impact: Jav

[ more ] [ reply ]

IRIX ToolTalk rpc.ttdbserverd vulnerabilities 2002-11-06
SGI Security Coordinator (agent99 sgi com)

QNX 6.1 TimeCreate weakness 2002-11-06
Pawel Pisarczyk (pawel immos com pl)

I've found bug in QNX-6.1 timer implementation. After creating
some number (at least 2) of timers with 1 ms tick system hangs.
Please consider attached source code. Code can be executed by
unprivilegged users.

Pawel Pisarczyk
------------------------
IMMOS - IMMOrtal Systems

[ more ] [ reply ]

Re: Oracle Security Contact 2002-11-06
Steven M. Christey (coley linus mitre org) (1 replies)

On the full-disclosure list, low halo asked:

>Could someone please give me the security contact address for Oracle
>Corporation? It seems as though their marketing department's
>"Unbreakable" slogan makes them think that its OK to bury their
>security advisories & contact info deep within their s

[ more ] [ reply ]

Re: [Full-Disclosure] Re: Oracle Security Contact 2002-11-06
Chris Wysopal (weld vulnwatch org)

[SECURITY] [DSA 189-1] New luxman packages fix local root exploit 2002-11-06
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 189-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
November 6th, 2002

[ more ] [ reply ]

iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan 2002-11-06
David Endler (dendler idefense com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

iDEFENSE Security Advisory 11.06.02:
http://www.idefense.com/advisory/11.06.02.txt
Non-Explicit Path Vulnerability in LuxMan
November 6, 2002

I. BACKGROUND

Frank McIngvale's LuxMan is a Linux-based game similar to Pac Man.
More information about it is

[ more ] [ reply ]

Re: ZoneEdit Account Hijack Vulnerability 2002-11-06
securityfocus zoneedit com

In-Reply-To: <000701c284d5$ccf1e2e0$0300a8c0 (at) SECONDMOTION (dot) LOCA [email concealed]L>

>

>The webmasters of this site were informed of this vulnerability on

>05 November 2002. To date, no useable information on protecting

>against this vulnerability has been received.

>

Matt and Paul were contacted on 05 Novem

[ more ] [ reply ]

[CLA-2002:535] Conectiva Linux Security Announcement - glibc 2002-10-29
secure conectiva com br

[CLA-2002:538] Conectiva Linux Security Announcement - tar/unzip 2002-10-29
secure conectiva com br

[CLA-2002:542] Conectiva Linux Security Announcement - gv/kghostview 2002-10-31
secure conectiva com br

[CLA-2002:534] Conectiva Linux Security Announcement - krb5 2002-10-25
secure conectiva com br

[CLA-2002:537] Conectiva Linux Security Announcement - tetex 2002-10-29
secure conectiva com br

[CLA-2002:540] Conectiva Linux Security Announcement - heartbeat 2002-10-30
secure conectiva com br

[CLA-2002:541] Conectiva Linux Security Announcement - mod_ssl 2002-10-30
secure conectiva com br

[CLA-2002:539] Conectiva Linux Security Announcement - ypserv 2002-10-30
secure conectiva com br

GLSA: MailTools 2002-11-06
Daniel Ahlberg (aliz gentoo org)

RE: [security bulletin] SSRT2265 HP TruCluster Server Interconnect Potential Security Vulnerability (fwd) 2002-11-05
Dave Ahmad (da securityfocus com)

David Mirza Ahmad
Symantec

0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SECURITY BULLETIN

REVISION: 0

TITLE: SSRT2265 HP TruCluster Server Interconnect
Potential Security Vulnerability

NOTICE: There are no restri

[ more ] [ reply ]

When scrubbing secrets in memory doesn't work 2002-11-05
Michael Howard (mikehow microsoft com) (1 replies)

During the Windows Security Push in Feb/Mar 2002, we noticed an
'interesting' anomaly with code to scrub passwords that looks like this:

bool DoSensitiveStuff() {
bool fOK = false;
const size_t cbPwd = 64;
char szPwd[cbPwd];
if (GetUserPassword(szPwd,cbPwd-1))
if (DoSomethingWithPassword(szP

[ more ] [ reply ]

Re: When scrubbing secrets in memory doesn't work 2002-11-05
Perry E. Metzger (perry piermont com)

Bug in Monkey Webserver 0.5.0 or minors versions 2002-11-04
Daniel (keziah uole com)

Hi all:

Recently Edgardo Silva sents me this message:

> In version <= 0.5.0, Monkey can crash following the next steps:
> 1) create a file named 'post_crash.txt'
> 2) Insert the next info inside the file:
>
> ---------- cut here -----------
> POST / HTTP/1.1
> Host:

[ more ] [ reply ]

networking_utils.php 2002-11-05
Tacettin Karadeniz (tacettinkaradeniz yahoo com)

Title:
The bug in networking_utils.php
(http://www.sourcecraft.org/downloads)
networking_utils(PHP) Show Files Vulnerability

Summary:
networking_utils.php
Includes a ping function, a traceroute function, and
an nslookup function.

Vulnerable systems:
networking_utils
networking_utils.php of the net

[ more ] [ reply ]

SnortCenter 0.9.5 temp file naming problems... 2002-11-05
Clint Byrum (cbyrum spamaps org)

Hello. I am releasing this very late, as SnortCenter v0.9.6 has been
released for a few weeks now. This bug was discovered a couple of months
ago, but not released at the request of Stefan Dens, the author of
SnortCenter.
SnortCenter is a php based tool for aggregating many snort sensors into
one pl

[ more ] [ reply ]

A technique to mitigate cookie-stealing XSS attacks 2002-11-05
Michael Howard (mikehow microsoft com) (1 replies)

During the Windows Security Push in Feb/Mar 2002, the Microsoft Internet
Explorer team devised a method to reduce the risk of cookie-stealing
attacks via XSS vulnerabilities.

In a nutshell, if Internet Explorer 6.0 SP1 detects a cookie that has a
trailing HttpOnly (case insensitive) it will retur

[ more ] [ reply ]

Re: A technique to mitigate cookie-stealing XSS attacks 2002-11-05
Florian Weimer (Weimer CERT Uni-Stuttgart DE)

IRIX CDE ToolTalk rpc.ttdbserverd vulnerabilities 2002-11-05
SGI Security Coordinator (agent99 sgi com)