SecurityFocus

Re: IP SmartSpoofing : How to bypass all IP filters relying on source IP address 2002-10-31
Ossian Vitek (ian Vitek ixsecurity com)

The only new is that the attacker relays the packets from the trusted
client.
This is not needed for the spoof.
The solution in the defcon 8 presentation is far more easier.
You do not need to arpspoof and NAT.
* Spoof trusted client on the same LAN:
Just take the MAC and IP of the trusted host.

[ more ] [ reply ]

RE: Bypassing website filter in SonicWall 2002-10-31
Brian J. Gaia (bjgaia PerfectAngel org)

That weakness would exist in any product that filters by domain name,
because many of them will not perform a reverse DNS lookup. This would be
the behavior of most home products (such as Cyberpatrol) which allow an
administrator to specify forbidden domains, but if I wanted to see the site
bad enou

[ more ] [ reply ]

M$ VPN hole reported 2002-10-31
AK (akka_00 hotmail com)

http://zdnet.com.com/2100-1105-964057.html

[ more ] [ reply ]

Re: Motorola Cable Modem DOS 2002-10-31
Sam Hayes Merritt, III (sam merritt houston tx us)

> This is known to be effective on Software Version:
> SB4200-0.4.4.0-SCM06-NOSH. (possibly others?)

I am unable to replicate it against SB4220-0.6.3.0-SCM-01-NOSH

Perhaps you could try and get AT&T to upgrade your CM and see
if it still applies.

This might be something Motorola has already fixe

[ more ] [ reply ]

[SECURITY] [DSA 186-1] New log2mail packages fix several vulnerabilities 2002-11-01
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 186-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
November 1st, 2002

[ more ] [ reply ]

iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability 2002-11-01
David Endler (dendler idefense com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

iDEFENSE Security Advisory 10.31.02c:
http://www.idefense.com/advisory/10.31.02c.txt
PHP-Nuke SQL Injection Vulnerability
October 31, 2002

I. BACKGROUND

"PHP-Nuke is a news automated system specially designed to be used in
Intranets and Internet. The

[ more ] [ reply ]

iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router 2002-11-01
David Endler (dendler idefense com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

iDEFENSE Security Advisory 10.31.02a:
http://www.idefense.com/advisory/10.31.02a.txt
Denial of Service Vulnerability in Linksys BEFSR41 EtherFast
Cable/DSL Router
October 31, 2002

I. BACKGROUND

Linksys Group Inc.?s EtherFast Cable/DSL Router with 4-Po

[ more ] [ reply ]

iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection 2002-11-01
David Endler (dendler idefense com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

iDEFENSE Security Advisory 10.31.02b:
http://www.idefense.com/advisory/10.31.02b.txt
Prometheus Application Framework Code Injection
October 31, 2002

I. BACKGROUND

Jason Orcutt's Prometheus is a web application framework written in
PHP. It is availab

[ more ] [ reply ]

MDKSA-2002:074 - mozilla update 2002-10-31
Mandrake Linux Security Team (security linux-mandrake com)

Motorola Cable Modem DOS 2002-10-30
Ryan Sweat (rsweat attbi com)

I've found it trivial to crash the Motorola Surfboard 4200 Cable modem,
as installed default by AT&T Broadband Internet.

The modem acts as a bridge, but also has an internal RFC1918 IP address
(192.168.100.1). Simply nmap'ing the cable user's IP address, ie:
# nmap -sS -p 1-1024 12.x.x.x
will cau

[ more ] [ reply ]

RE: IBM Infoprint Remote Management Simple DoS (update) 2002-10-31
Toni Lassila (toni lassila mc-europe com)

UPDATE:

It appears this vulnerability has been rectified in later versions
of the printer controller software. As it stands, printers installed
with the controller software above a certain version are NOT
vulnerable, and it appears the latest Infoprint series printers are
indeed not vulnerable. Tha

[ more ] [ reply ]

Cisco Security Advisory: Cisco ONS15454 and Cisco ONS15327 Vulnerabilities 2002-10-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Security Update: [CSSA-2002-043.0] Linux: chfn (util-linux) temp file race vulnerability 2002-10-30
security caldera com

To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed]

________________________________________________________________________
______

SCO Security Advisory

Subject: Linux: chfn (util-linux) temp file race vulnerability
Advi

[ more ] [ reply ]

Microsoft Internet Information Server 5/5.1 Denial of Service (#NISR31102002) 2002-10-31
NGSSoftware Insight Security Research (nisr nextgenss com) (1 replies)

NGSSoftware Insight Security Research Advisory

Name: IIS 5 & 5.1 Denial Of Service Vulnerability
Systems Affected: Windows 2000 and XP all service packs.
Severity: Moderate
Category: Denial of Service
Vendor URL: http://www.mircosoft.com
Author: Mark Litchfield (mark@ngssoftw

[ more ] [ reply ]

Anyone know the security alert contact for 3com? 2002-10-31
Michael Scheidell (scheidell secnap net)

SmartMail server DOS 2002-10-31
securma massine (securma caramail com)

hi

SmartMail Server ( http://www.virtualzone.de/smartmail/)is
a full featured E-Mail Server. It can be
run on any 32Bit compatible Microsoft Windows machine and
complies with the standards of SMTP, POP3 and HTTP
(Webinterface).
SmartMail proposes two version of SmartMail server, I found
that two ve

[ more ] [ reply ]

SuSE Security Announcement: lprng/html2ps (SuSE-SA:2002:040) 2002-10-31
Sebastian Krahmer (krahmer suse de)

[SECURITY] [DSA 185-1] New heimdal packages fix buffer overflows 2002-10-31
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 185-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
October 31st, 2002

[ more ] [ reply ]

SuSE Security Announcement: syslog-ng (SuSE-SA:2002:039) 2002-10-31
Sebastian Krahmer (krahmer suse de)

GLSA: pam_ldap 2002-10-30
Daniel Ahlberg (aliz gentoo org)

[SECURITY] [DSA 184-1] New krb4 packages fix buffer overflow 2002-10-30
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 184-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
October 30th, 2002

[ more ] [ reply ]

GLSA: sharutils 2002-10-30
Daniel Ahlberg (aliz gentoo org)

XXE (Xml eXternal Entity) attack 2002-10-29
Gregory Steuck (greg-xxe nest cx) (1 replies)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gregory Steuck security advisory #1, 2002

Overview:
XXE (Xml eXternal Entity) attack is an attack on an application that parses
XML input from untrusted sources using incorrectly configured XML parser.
The application may be coerced to open arbitrar

[ more ] [ reply ]

Re: XXE (Xml eXternal Entity) attack 2002-10-30
Miles Sabin (miles milessabin com)

Re: CISCO as5350 crashes with nmap connect scan 2002-10-29
Wendy Garvin (wgarvin cisco com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thomas,

I appreciate your communication with Cisco PSIRT on September 9th regarding
questions on a 5350. Your original problem was due to a misconfiguration,
and appropriate configuration details were provided within a day of your
request. No crash

[ more ] [ reply ]