In response to the numerous emails I have received in regards to the
proof of concept code I published for BugtraqID: 1535 (Windows 2000
Services Named Pipe Vulnerability) I have published two variants
of the original code:
The PipeUpSAM variation dumps the local SAM database to stdout in
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:12 Security Advisory
FreeBSD, Inc.
Topic: periodic
CORE SDI
http://www.core-sdi.com
Vulnerability report for buffer overflow in ATT WinVNC client
Date Published: 2001-01-29
Advisory ID: CORE-2001011503
Bugtraq ID: 2305
CVE CAN: None currently assigned.
Title; ATT VNC Windows Client
hal King [EMAIL PROTECTED] writes:
In Solaris 2.6 patch 106468-02 replaces cu in Sol 7 patch 108372-01 replaces
it for gets() use. The script does SegFault in 8, but no core file... I am
running 10/2000 revision and 108372 came out in may, so it's probably cool.
Are you implying the
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:14 Security Advisory
FreeBSD, Inc.
Topic: micq remote
Multiple vulnerabilities exist in the versions of BIND found in Slackware
7.1 and -current. Users of BIND 8.x are urged to upgrade to 8.2.3 to fix
these problems. More information can be found on the BIND website:
http://www.isc.org/products/BIND/
... and in the CERT Advisory CA-2001-02 -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
Caldera Systems, Inc. Security Advisory
Subject:MySQL buffer overflow
Advisory number:CSSA-2001-006.0
Issue date:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : bind
SUMMARY : Buffer overflow in bind
CORE SDI
http://www.core-sdi.com
Vulnerability report for server overflow in ATT VNC for Windows
Date Published: 2001-01-29
Advisory ID: CORE-2001011502
Bugtraq ID: 2306
CVE CAN: None currently assigned.
Title; ATT VNC Windows Server
After vehemently defending the procedures outlined in the many articles,
KB's, and publications from MS regarding the best practices of EFS use, I
have come across some new information (to me, anyway) which mandates that I
consume a morsel of crow.
After continuing to experiment with different
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:13 Security Advisory
FreeBSD, Inc.
Topic: sort uses
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:11 Security Advisory
FreeBSD, Inc.
Topic: inetd ident
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
Caldera Systems, Inc. Security Advisory
Subject:security problems in webmin
Advisory number:CSSA-2001-004.0
Issue date:
-BEGIN PGP SIGNED MESSAGE-
__
SuSE Security Announcement
Package:kdesu
Announcement-ID:SuSE-SA:2001:02
Date:
Affected SuSE
On Mon, Jan 29, 2001 at 12:54:42PM +0100, Paul Starzetz wrote:
1. Abstract
---
There are various format string bugs in the ntop package as mentioned in
former Bugtraq articles. This is _not_ a new problem. However, in
opposite to the '-w' option bug, an exploit for the existent '-i'
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated bind packages available
Advisory ID: RHSA-2001:007-03
Issue date:2001-01-29
Updated on:2001-01-29
Product:
hello,
the last exploit was broken with msie 5.50, in fact the background
image didn't appear at all, anyway it was a bad idea to use it.
So i decided to learn a bit more about css and this is a new version
that will work with msie 4/5/5.50, the background color is now fixed as a
blank value
Does anyone know if this is the patch for an older vulnerability, i.e.
'the man command potentially allows attackers to overwrite any arbitrary
file on the system via symlink bugs'
Thanks in advance.
Regards Eelco Duijker
Ben Greenbaum wrote:
Ben Greenbaum
Director of Site Content
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:17 Security Advisory
FreeBSD, Inc.
Topic: exmh
Hi,
The BIND 9.1.0beta releases and now BIND 9.1.0 include another hard coded
chaos record called "authors". So now even if an admin changes or
suppresses their version reply string, a remote user can still determine
whether the server is running BIND 9.x. With the recent discovery of the
tsig
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:15 Security Advisory
FreeBSD, Inc.
Topic: tinyproxy
Nobreak Tecnologies CrazyWWWBoard Remote Buffer Overflow Vulnerability
Jin Ho You, [EMAIL PROTECTED]
1 Discussion
CrazyWWWBoard(http://www.crazywwwboard.com) is a web bulletin board program
written in C/C++. Insufficient boundary checking exists in the qDecoder CGI
library code which handles
On Sat, Jan 27, 2001 at 05:55:25AM +0300, Solar Designer wrote:
The glibc 2.2 RESOLV_HOST_CONF bug which prompted this search for bugs was
reported to Debian by Dale Thatcher but apparently wasn't kept private. The
remaining bugs were discovered and dealt with within two days following the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : kde2
SUMMARY : Password sniffing via kdesu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
Caldera Systems, Inc. Security Advisory
Subject:BIND buffer overflow
Advisory number:CSSA-2001-008.0
Issue date:
Hi folks,
I found a security hole in the feature of virus scan for e-mail in
Virus Buster 2001 from Trend Micro Inc.
Virus Buster 2001 is a japanese software package that has similar
functions of PC-cillin 2000 such as eMail Virus Scanning and Browser
Scanning.
The feature of virus scan for
DOS Vulnerability in SlimServe HTTPd
Overview
SlimServe HTTPd v1.0 is a web server available from http://www.whitsoftdev.com
and http://www.download.com. A DOS vulnerability exists which allows a
remote
attacker to crash the server.
Details
If an extraoridinarily long string of
hi,
MS01-004 is out.
I sent few days ago this letter to microsoft:
-Original Message-
From: Moran [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 20, 2001 4:55 PM
To: [EMAIL PROTECTED]
Subject: .htr bug still exist after applying MS patches.
Hi,
I have server running win2000 adv.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-026-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 29, 2001
-
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated inetd packages available for Red Hat Linux 6.2
Advisory ID: RHSA-2001:006-03
Issue date:2001-01-25
Updated on:
-- Forwarded message --
Date: Tue, 30 Jan 2001 11:00:47 -0800
From: Microsoft Product Security [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Microsoft Security Bulletin (MS01-005)
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
-- Forwarded message --
Date: Mon, 29 Jan 2001 22:21:39 -0800
From: Microsoft Product Security [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Microsoft Security Bulletin (MS01-004)
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Dan Harkless [EMAIL PROTECTED] wrote:
Are you implying the above patches fix the cu long hardlink name
vulnerability? This is not the case, at least on 2.6:
# cat cu_exploit.c
#include stdio.h
void main(int argc,char **argv)
{
char *buf;
buf = (char *)
Microsoft has finally patched today the css/div hole in hotmail.
Absolute positionning in 'style' is now filtered with static.
Others web based mailers, sites with bookmark, forum etc ... should quickly
do the same.
Above, the original mail from wouter Westerveld who informed me.
Cheers,
Gregory
34 matches
Mail list logo