Tony Kava wrote:
Are you sure this is the default behaviour of a Red Hat installation? Your
advisory does not indicate any specific version(s) of Red Hat Linux. Is
this supposed to apply to RHL 7.2? 7.3? 8.0? 9.0? Fedora 1? In my previous
experience with the 'mysql-server' package on any Red Hat
hmmm..
why? and dont trot out all the usual stuff becasue thats why I just post
like I want to post
R
-Original Message-
From: Tomasz Konefal [mailto:[EMAIL PROTECTED]
Sent: 20 February 2004 17:15
To: Ferris, Robin
Subject: Re: [Full-Disclosure] exploit-dcomrpc.gen
Ferris, Robin
Hi again!
Patch for pam_unix which sends credentials of authentication attempts (su,
login, ssh, x-windows) encoded into DNS query to the specified host.
http://www.securitylab.ru/tools/42989.html
___
Full-Disclosure - We believe in it.
Charter:
WB I am getting double copies of every posting. Is anyone else experiencing
WB the same issue.
I seem to be getting double copies of every other posting.
___
Full-Disclosure - We believe in it.
Charter:
Lam3rZ Security Advisory #2/2004
23 Feb 2004
Remote (within a cluster) root in LSF
Name: Load Sharing Facility versions 4.x, 5.x, 6.x
Severity: High
Vendor URL: http://www.platform.com
Author: Tomasz
I dunno...
...*something* seems odd, but I can't quite put my finger on it.
On Mon, Feb 23, 2004 at 12:22:32PM +0100, [EMAIL PROTECTED] wrote:
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Double copies
Date: Mon, 23 Feb 2004 12:22:32 +0100
WWBB II aamm
Hello Na7aS,
* Na7aS [EMAIL PROTECTED] [2004-02-22 17:07]:
http://tonioj.multimania.com/win2000src.htm
Here is the WHOLE windows 2000 source code, with tree, comments and
everything you will need to find some exploits.
Updated daily with all the new exploits found.
the zip file is hosted
-BEGIN PGP SIGNED MESSAGE-
__
SUSE Security Announcement
Package:xf86/XFree86
Announcement-ID:SuSE-SA:2004:006
Date:
Hallo dick,
* dick butkiss [EMAIL PROTECTED] [2004-02-23 16:13]:
Here is the WHOLE windows 2000 source code, with tree, comments and
everything you will need to find some exploits.
all i get is a javascript popup taht says it was deleted by microsoft, i
dont have the source yet, can you
Hallo Ihsan,
* Ihsan Ur Rehman [EMAIL PROTECTED] [2004-02-23 16:13]:
The link is down and down and down. And there is a simple alert removed by
Microsoft. Now all I have to is to do nothing :) can anybody help me out???
the link never was up.
--
Nico Golde nico at ngolde dot de
public key
I dunno...
...*something* seems odd, but I can't quite put my finger on it.
On Mon, Feb 23, 2004 at 12:22:32PM +0100, [EMAIL PROTECTED] wrote:
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Double copies
Date: Mon, 23 Feb 2004 12:22:32 +0100
WWBB
WB I am getting double copies of every posting. Is anyone else
WB experiencing the same issue.
You're using Outlook. I assume you probably have a filter rule set up
for the list. Check to make sure you don't have it set to continue
filtering after the rule is applied -- this could cause one
http://www.newscientist.com/news/news.jsp?id=ns4696
Chips to ease Microsoft's big security nightmare
10:00 22 February 04
Chip makers are planning a new generation of microprocessors that should
plug the gaps that led Microsoft to issue a critical security alert last
week.
The alert was
first of all, despite of what that news website says, that is old news.
second, it's just a page execution bit implementation like other archs have,
it doesnt mean that buffer overflows can will be avoided, it just means
non-exec stack can be subject of a page-wise implementation (not that it
Hi.
Richard M. Smith [EMAIL PROTECTED] wrote:
AMD's Athlon-64 (for PCs) and Opteron (for servers) will protect against
buffer overflows when used with a new version of Windows XP. Intel plans
similar features on next generation Pentium chips.
If I'm not mistaken, this is just about AMD (and
Gregory A. Gilliss Sent: Monday, February 23, 2004 2:22 PM
You gotta love a paper that uses the word shit in the first paragraph
:-)
G
On or about 2004.02.23 11:18:51 +, Thomas
([EMAIL PROTECTED]) said:
http://www.thc.org/papers/Practical-SEH-exploitation.pdf
--
Not to mention
From:
[EMAIL PROTECTED]
Sent:
Fri 2/20/2004 9:39 PM
To:
[EMAIL PROTECTED]
Cc:
[EMAIL PROTECTED]
Subject:
[Full-Disclosure] RE: Re: is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution)
Why don't you release your
Hi,
we just release a Vulnerability scanner for the PSK Attack we've described
in april in our paper 'PSK Cracking using IKE Aggressive Mode'.
The scanner is freely available from our website:
www.ernw.de/download/ikeprobe.zip
The paper itself is available from our website too. Take a look at
This is not meant to be political by any means. It just seems there are
many people concerned about this treaty and how it may affect the IT
security industry. I'm just curious to see if other security professionals
feel it could be a *realistic* threat.
http://techbroker.com/news/
leading to cruddier and more bloated code and yet more security
problems..won't it be interesting if these hardware technologies have
overflows of their own..:)
Richard M. Smith wrote:
http://www.newscientist.com/news/news.jsp?id=ns4696
Chips to ease Microsoft's big security nightmare
This is not meant to be political by any
means. It just seems there are many people concerned about this treaty and
how it may affect the IT security industry. I'm just curious to see if
other security professionals feel it could be a *realistic* threat.
http://techbroker.com/news/
Subject: RE: [Full-Disclosure] Coming soon: CPU fix for buffer overflows
From: Richard M. Smith [EMAIL PROTECTED]
Date: Mon, 23 Feb 2004 15:39:10 -0500
To: [EMAIL PROTECTED]
Let's get to the bottom line. Would this page execution bit scheme stop
stuff like the Blaster worm?
Richard
If you use hsftp on some other system than Debian, you'll be interested in the
fact that this has been corrected in upstream's recently released version 1.14.
Another way to correct this is to apply my attached patch (diff'ed against
version 1.13).
--
Ulf Härnhammar
student, Uppsala
On Sun, 22 Feb 2004 11:03:01 EST, Poof [EMAIL PROTECTED] said:
Yeah- and makes users 'vote' for his ranking at I think his classes website.
(img src to
http://misslhc.apinc.org/index.php?onglet=misterlhcinclude=../php/profils/s
howProfiltitre_sub=Profil%20de%20Danieltype=misterlhcnum=473
On Mon, 23 Feb 2004, hybriz wrote:
Subject: RE: [Full-Disclosure] Coming soon: CPU fix for buffer overflows
From: Richard M. Smith [EMAIL PROTECTED]
Date: Mon, 23 Feb 2004 15:39:10 -0500
To: [EMAIL PROTECTED]
Let's get to the bottom line. Would this page execution bit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
STG Security Advisory: [SSA-20040217-06] Apache for cygwin directory
traversal vulnerability
Revision 1.0
Date Published: 2004-02-17 (KST)
Last Update: 2004-02-17
Disclosed by SSR Team ([EMAIL PROTECTED])
Abstract
Apache on cygwin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Exploiting The Wilderness
by Phantasmal Phantasmagoria
[EMAIL PROTECTED]
- Table of Contents -
1 - Introduction
1.1 Prelude
1.2 The wilderness
2 -
Alexander wrote:
http://www.securitylab.ru/42976.html (in russian!)
shoutdown.01.tar.gz: SHOUTcast 1.9.2 remote heap overrun exploit. Binds
rootshell on port 26112.
Note: this is binary version. Compiled on Linux/x86 with gcc3.2. Source code
wont be distributed.
Autor: D4rkGr3y of m00
On Tue, 2004-02-17 at 16:31, Zak Dechovich wrote:
I would like to answer you all together, as I was the one who started this
thread,
ASN1 is a simple data encapsulation, the problem occurs when the
decapsulation procedure fails because of any reason.
in the case at hand, the data slips into
29 matches
Mail list logo
