Saturday, February 22, 2003
Technical silent delivery and installation of an executable no client
input other than reading an email or viewing a newsgroup message.
Outlook Express 6.00 SP1 Cumulative Pack 1 2 3 4 whatever.
This should not be possible.
When viewing an email message or a
Hi all,
Attached is an exploit for the latest Webmin vulnerability. It relies on a
non-default setting (passdelay) to be enabled.
Webmin can verify user authentication by use of a session ID (SID) that is
assigned when a user successfully authenticates to Webmin. It is possible to
inject a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - -
GENTOO LINUX SECURITY ANNOUNCEMENT 200302-14
- - -
PACKAGE : usermin
SUMMARY :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-03:03.syncookies Security Advisory
The FreeBSD Project
Topic:
--
SNS Advisory No.62
Webmin/Usermin Session ID Spoofing Vulnerability Episode 2
Problem first discovered on: Wed, 19 Feb 2003
Published on: Mon, 24 Feb 2003
Previous Issue:
Hi Drew,
Thanks, yet another really well informed and thoughtful response. I
sure am happy to have twigged all this good thinking.
As for Unix and the potential impracticality of sandtrapping system
calls... I might note that
Unix already has some effective solutions for these issues,
There is an internal #define (HAS_vsnprintf) that causes it to use
vsnprintf() instead of vsprintf(), but this is not enabled by default,
not tested for by the configure script, and not documented.
the configure script on zlib is not generated by autoconf and is optional
when building;
Shaun Clowes wrote:
Why do you believe that the responsibility of protecting users from
themselves should be bourne by the operating system? People who are
using Personal Firewall systems may indeed want to be protected in
this fashion but I suspect that for most people this is a non issue.
Hello,
We have published the paper dedicated to win32 assembly components (the asmcodes),
which
was released for the first time on November 27th 2002 during the Hivercon 2002
conference
in Dublin. The paper, conference presentation and accompanying package of codes can be
found
in the
Outlook Express is not the only vulnerable product.
The culprit here is the codebase localPath vulnerability which was patched
in Internet Explorer by MS02-015 in March 2002. GreyMagic had more fun with
this at http://security.greymagic.com/adv/gm001-ie/ which is also the origin
of the example
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - -
GENTOO LINUX SECURITY ANNOUNCEMENT 200302-15
- - -
PACKAGE : tightvnc
SUMMARY : insecure
Vulnerability in PlatinumFTPserver V1.0.11
Vendor: PlatinumFTPserver (C)2002 BYTE/400 LTD
Discovered by: SER Pui Kin, Hong Kong
[EMAIL PROTECTED]
Date: 24 Feb 2003
MightyE,
In response to your mail of Saturday 22 February 2003 at 21:20:29:
M Actually, user supplied input from $_COOKIES, $_POST, and $_GET
M comes slash-escaped, so if the user enters
M ' or 1=1
M as their input, the sql statement will look like
M where some_int='\' or 1=1'
M [..snip..]
Oliver,
Yes. Before we go prompting users ever time someone calls
CreateFile, though, there are much simpler measures. One of them would
make
OpenProcess require a priviledge of some sort (see below).
Restricting OpenProcess won't help much. For example, CreateProcess will
return a handle
MAMBO SITESERVER EXPLOIT GAINS ADMINISTRATIVE PRIVILEGES
¯¯¯
¯
PROGRAM: Mambo SiteServer
HOMEPAGE: http://www.mamboserver.com/
TESTED: Mambo 4.0.12 RC2
LOGIN REQUIRED: No
PROOF OF CONCEPT
I'm pleased to announce the availability of Nessus 2.0.
What is Nessus
--
Nessus is a vulnerability assessment tool available under the GNU General
Public Licence (GPL). It runs on many Unix-like systems (Linux/FreeBSD/OpenBSD/
Solaris/IRIX/MacOSX and probably others) but can
Shaun,
While I've just been skimming this discussion, I felt the need to respond to
one of the points you make:
While I can see your point here, from the OS's perspective a user doesn't
need to be protected from themselves.
On the contrary -- process separation is one of the fundamental
The Microsoft Solutions for Security team has released 'Securing Windows
2000 Server'. This is the first of several prescriptive security
solutions planned for release this year. These new security solutions
are designed to provide customers with authoritative, proven, and tested
solutions that
Since RTF files are opened and rendered automatically by Outlook Express
and
Internet Explorer, this is remotely exploitable through mail and web.
There are still unfixed buffer overflows (i.e. an a href= overflow,
http://securenetwork.it/szanero/bug-oe-2.htm) that can be remotely triggered
to
Hi Johan,
On Sun, Feb 23, 2003 at 09:13:42PM +0100, Johan Verrept wrote:
Shaun Clowes wrote:
Why do you believe that the responsibility of protecting users from
themselves should be bourne by the operating system? People who are
using Personal Firewall systems may indeed want to be
On Sat, 22 Feb 2003, Richard Kettlewell wrote:
There is an internal #define (HAS_vsnprintf) that causes it to use
vsnprintf() instead of vsprintf(), but this is not enabled by default,
not tested for by the configure script, and not documented.
This is a fairly normal (and somewhat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 253-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
February 24th, 2003
Torbjörn,
... There are just too
many holes in Windows for it to be feasible to plug them all. The focus
ought to be on preventing the code execution in the first place, not on
trying to contain it.
I think it unfair to paint Windows with such a broad brush, especially as most other
OSes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : openssl
SUMMARY : Information leak in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - -
GENTOO LINUX SECURITY ANNOUNCEMENT 200302-16
- - -
PACKAGE : vnc
SUMMARY : insecure
Thamer Al-Harbash [EMAIL PROTECTED] wrote
On Sat, 22 Feb 2003, Richard Kettlewell wrote:
There is an internal #define (HAS_vsnprintf) that causes it to use
vsnprintf() instead of vsprintf(), but this is not enabled by default,
not tested for by the configure script, and not documented.
Attached document explains all.
This document is also available from http://kokanins.homepage.dk
--
KnudI. BACKGROUND
According to the vendor moxftp is a Ftp shell under X Window System.
/usr/ports/ftp/moxftp
II. DESCRIPTION
Insufficient bounds checking leads to execution of arbitrary code.
Attached documents explain all.
This is also available from http://kokanins.homepage.dk
sircd.sh
Description: Binary data
I. BACKGROUND
According to the vendor The 'sircd' project started as an idea from
the QuakeNet IRC Network coding team to develop a completely new irc
server that had none
Please see the attached document, also available at the following URL:
http://www.digitaldefense.net/labs/
-
TERMINAL EMULATOR SECURITY ISSUES
Copyright © 2003 Digital Defense Incorporated
All Rights Reserved
[ Table of Contents ]
--
29 matches
Mail list logo