1. Problem Description
There exists a denial of service attack in the AVAYA Cajun P33x and P13x
switch family with firmware versions 3.x. It is possible to stop the
switch for 30 seconds. By repeating the attack access can be denied for
arbitrarily long periods of time.
2. Tested systems
The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 324-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
June 18th, 2003
Package: Portmon
Auth: http://www.aboleo.net/
Version(s):1.7 (prior ?)
Vulnerability: File arbitrary read/write access
vulnerability
Portmon is a network service monitoring daemon
(http://www.aboleo.net/software/portmon/).
In order to use ping support, Portmon must run
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] 2.4.21 kernels available (SSA:2003-168-01)
Precompiled Linux 2.4.21 kernels and source packages are now available for
Slackware 9.0 and -current. These provide an improved version of the
ptrace fix that had been applied to
Product : MidHosting FTPd
Date: 06/18/2003
Author : Frank Denis [EMAIL PROTECTED]
[ Product description ]
MidHosting FTPd is an FTP server designed for hosting servers, based upon
virtual ftpd with support for chroot, virtual users and
phpMyAdmin XSS Vulnerabilities, Transversal Directory Attack ,
Information Encoding Weakness and Path Disclosures
Product: phpMyAdmin
Vendor: phpMyAdmin Development Team
Versions:
VULNERABLE
- 2.5.2 CVS ( in Development )
- 2.5.x
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title: MIPSPro Compiler Predictable Temp File vulnerability
Number: 20030605-01-A
Date: June 17, 2003
object type=application/xml data=http://www.yahoo.com; width=500
height=500
/object
This produces a warning in IE6 before it does anything with it.
Kevin Spett
SPI Labs
http://www.spidynamics.com
Generaly html files are not well formed xml so it shouldnt be difficult to
get this to work
In-Reply-To: [EMAIL PROTECTED]
Re: thread below, the new LIST defect and long URL buffer overflow defect
have been fixed in version 5.0.2 (released June 9th). This version is
available at:
http://www.globalscape.com/cuteftp and ftp://ftp.cuteftp.com/pub/cuteftp
Please uninstall 5.0.1, 5.0 or
that's a one year old exploit against squid ftp:// parsing heap overflow
--
_
ASCII ribbon campaign ( ) www.eff.org
- against HTML email X GPG key : pgp.mit.edu
vCards / \[EMAIL PROTECTED]
/**
** *OLD* *OLD* *OLD*
Following considerable investigations by the HP Team responsible for the
CIM Agents component in Compaq Insight Manager, it has been agreed that this
is not
an issue with CIM, and I am happy to state that this bugtraq post, regarding
ftp over CIM, should be withdrawn.
A combination of testing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 316-3 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
June 17th, 2003
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title : Perl Safe.pm vulnerability
Number: 20030606-01-A
Date : June 17, 2003
Reference : SGI BUG 876818
Reference
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: BitchX
Advisory ID:
In an effort to provide customers with greater defense in depth,
Microsoft has released an Active Server Pages (ASP) replacement for the
Internet Information Server 4 and Internet Information Services 5 change
password capability, ISM.DLL. This new script code no longer runs as
SYSTEM, therefore
Issue :
Multiple buffer overflows and XSS in Kerio MailServer
Version affected
5.6.3 ( last in kerio website )
Vendor status :
Vendor was notified
Description :
Kerio develop a mail server with support for Imap , Pop3, Smtp and SSL
protocols . Besides , it includes a webmail . This webmail
If a Win NT/2000 Workstation is locked, and a Palm Cradle is connected with
Palm Desktop Software running, information can still be retrieved and
loaded into the Palm device from the PC without logging into the workstation.
Scott R. Patronik
[EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Red Hat Security Advisory
Synopsis: Updated Xpdf packages fix security vulnerability
Advisory ID: RHSA-2003:196-01
Issue date:2003-06-18
=
ConnecTalk Inc. Security Advisory
Topic: Qpopper leaks information during authentication
Vendor: Eudora
Product: qpopper 4.0.4 and qpopper 4.0.5
Note: other versions have not been tested.
Problem
This bug does not exist in QPopper 3.x, as it simply closes the connection
regardless of whether the username is valid or not.
Regards,
Justin Wheeler
--
Programmer - A red-eyed, mumbling mammal capable of conversing with inanimate objects.
On Wed, 18 Jun 2003, Marc Lafortune wrote:
20 matches
Mail list logo