phion Security Advisory 26/09/2002
Microsoft PPTP Server and Client remote vulnerability
Summary
-
The Microsoft PPTP Service shipping with Windows 2000 and XP contains a
remotely exploitable pre-authentication bufferoverflow.
Affected Systems
--
In-Reply-To: <[EMAIL PROTECTED]>
RC3.0.5 is released to fix a security vulnerability recently posted on
Bugtraq ML.
Overview
===
There was a vunerability when a user previews/submits a news in the News
module, HTML tags were allowed to process.
Solution
===
All users are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The CVE for this issue in gv should have been CAN-2002-0838 instead
of CAN-2001-0832. There was a little confusion when Red Hat
originally assigned it to us out of their reserved pool. Sorry for
any inconvenience.
http://cve.mitre.org/cgi-bin/cvena
> From: David Endler <[EMAIL PROTECTED]>
> Date: Thu, 26 Sep 2002 08:58:48 -0600 (MDT)
>
> A proof of concept exploit for Red Hat Linux designed by zen-parse is
> attached to this message. It packages the overflow and shellcode in
> the "%%PageOrder:" section of the PDF.
>
> [root@victim]# ls
I got an awful lot of email from BUGTRAQers saying that the solution
for PHPNUKE's problems is to use Postnuke. This is obviously not
a panacea.
http://news.postnuke.com/modules.php?op=modload&name=News&file=index&catid=&topic=>alert(document.cookie);
It's obviously apparent that CMS has a long
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Boris,
> Does not work for me:
>
> boris@reston-0491:~/convert$ gv -v
> gv 3.5.8 (debian)
> boris@reston-0491:~/convert$ gv gv-exploit.pdf
> Segmentation fault
> boris@reston-0491:~/convert$ ls -al /tmp/itworked
> ls: /tmp/itworked: No such file
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 149-2 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 26th, 2002
Hello again,
just to say that PostNuke ( fork of PHP-Nuke ) is vulnerable to the same
bugs
AND
it is possible to inject different SQL code in order to do other "funny"
but "dangerous" things.
Note to the guys of those projects:
Filter those URL entries!!!
Cheers,
Pedro Inacio
As it turns out the Postnuke issue in particular is a red herring.
As the lead developer describes it -- the cookie generated is a local
site cookie that is sandboxed within the confines of the
browser/session.
It is not the remote user's cookie.
It is easy to be fooled by such a vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Multiple vulnerabilities in WASD http server for OpenVMS
Version 1.0, 25 Sept 2002.
0. Contents
1. Summary
2. Severity: Critical
3. Vulnerable versions
4. Description
5. Solutions
6. Examples of site weaknesses
7. Conclu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 09.26.2002
Exploitable Buffer Overflow in gv
DESCRIPTION
The gv program that is shipped on many Unix systems contains a buffer
overflow which can be exploited by an attacker sending a malformed
postscript or Adobe pdf file.
11 matches
Mail list logo