-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
e-matters GmbH
www.e-matters.de
-= Security Advisory =-
Advisory: CVS remote vulnerability
Release Date: 2004/05/19
Last Modified: 2004/05/19
Author: Stefan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
e-matters GmbH
www.e-matters.de
-= Security Advisory =-
Advisory: libneon date parsing vulnerability
Release Date: 2004/05/19
Last Modified: 2004/05/19
Aloha, Paul.
The list will pick up when there isn't so much competition for people's
limited bad news attention span.
Real fear gets in the way of meaningful work (and discussion) -- we need
a happy middle ground where there's just the right amount of fear but
enough optimism to provide us
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
e-matters GmbH
www.e-matters.de
-= Security Advisory =-
Advisory: Subversion remote vulnerability
Release Date: 2004/05/19
Last Modified: 2004/05/19
Author:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 505-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
May 19th, 2004
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 506-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
May 19th, 2004
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-04:10.cvsSecurity Advisory
The FreeBSD Project
Topic:
-BEGIN PGP SIGNED MESSAGE-
__
SUSE Security Announcement
Package:cvs
Announcement-ID:SuSE-SA:2004:013
Date: Wed May 19
By Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I
Security Program Manager
Microsoft Corporation:
You cant clean a compromised system by using some vulnerability
remover. Lets say you had a system hit by Blaster. A number of
vendors (including Microsoft) published vulnerability removers for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 507-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
May 19th, 2004
On Wed, 19 May 2004, Nick FitzGerald wrote:
However, there is not likely to be a privilege escalation here unless
perhaps a script processor on a web server can be cajoled into doing
something with this?
Not terribly likely; system() in perl forks a new process, potentially
executing a
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
And written by a Microsoft employee, to boot.
On Wed, 19 May 2004 10:26 pm, Troels Bay wrote:
Wow, that's pretty amazing.
Now one can't trust somewhat 50% of all Microsoft Computers.
That's rather fun, wouldn't you say?
On May 19, 2004, at 14:11, A.H. wrote:
By Jesper M. Johansson,
Wow, that's pretty amazing.
Now one can't trust somewhat 50% of all Microsoft Computers.
That's rather fun, wouldn't you say?
On May 19, 2004, at 14:11, A.H. wrote:
By Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I
Security Program Manager
Microsoft Corporation:
You cant clean a compromised system
stephane nasdrovisky wrote:
Soderland, Craig wrote:
ETHER: Destination = 0:0:5e:0:1:1, U.S. Department of Defense
This mac looks familiar for me,isn't it the mac address used by vrrp ID
1? Isn't your default gateway a nokia firewall (or was,in which case you
should reconfigure some
Troels Bay wrote:
Now one can't trust somewhat 50% of all Microsoft Computers.
you trusted that many before? :)
Honestly though, it isn't a total writeoff.
Your data may well have been compromised - so you need to run a validation
exercise after copying to a clean system but before even
[warning, rather offtopic]
No I really didn't, I'm not a windows-user. I escaped from that
nightmare some months ago, and getting fonder and fonder of it every
day. One day I happened to surf some pretty nasty sites, and then I
found out how easy it is to compromise a windows-computer remotely.
I have to apologize, as I didn't see the original post
in my inbox...could someone forward it to me?
Now one can't trust somewhat 50% of all Microsoft
Computers.
you trusted that many before? :)
Honestly though, it isn't a total writeoff.
Your data may well have been compromised - so
hi, all:
In our research project, we need to generate background traffic. One of
the problem is how to use one or two machines to simulate hundreds of
machines? Is there any open source project for this? Thanks very much
for your help. By the way, does anyone happen to know any good project
Hi,
I suggest netwox from Laurent Constantin :
http://www.laurentconstantin.com/en/netw/netwox/
for virtual machines take a look at option 80 on the options list :
http://www.laurentconstantin.com/common/netw/netwox/download/v5/toollist.txt
I'd spawn as many netwox processes as needed.
I
Arhont Ltd.- Information Security
Arhont Advisory by: Konstantin Gavrilenko (http://www.arhont.com)
Advisory: Ph0rum phorum_uriauth replay attack
Class: design bug ?
Version:4.3.7
Model Specific: Other version might have the same bug
Hmmm...compulsory national service...what a cheap way of getting
a labour force.
I'm mixed on my views on this - on the one hand having this
labour force is a good thing, and a younger me could have
definately done with having some discipline and structure, but
then again reports of
On Tuesday 18 May 2004 15:41, Paul Schmehl wrote:
Am I the only one who thinks that this list is slowly descending into
complete worthlessness? It's amazing. The kiddies tried to destroy it
early on and failed. So then the members of the list did the job for them.
Worthless topic after
On Wed, May 19, 2004 at 09:38:23AM -0500, Jianqiang Xin wrote:
hi, all:
In our research project, we need to generate background traffic. One of
the problem is how to use one or two machines to simulate hundreds of
machines? Is there any open source project for this?
I don't know much about
On Wed, 19 May 2004 09:10:19 EDT, Aaron Gee-Clough said:
Yes, it is a VRRP address. The RFC for VRRP (at
http://www.faqs.org/rfcs/rfc2338.html ) says:
The virtual router MAC address associated with a virtual router is an
IEEE 802 MAC Address in the following format:
Since I've signed up, I've ended up deleting massive threads. For example,
the
send money to the Sasser author one
They have nothing to do with security vulnerability disclosure.
Now I just read subjects. If it gets any worse, I'll unsubscribe.
I quite agree with all this. Except for the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: cvs
Advisory ID:
On Wed, 19 May 2004 10:26 pm, Troels Bay wrote:
Wow, that's pretty amazing.
Sorry, but i am puzzled :-P
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
: Affected Packages: Corrected Packages:
OpenPKG CURRENT = subversion-1.0.2-20040518 = subversion-1.0.3-20040519
OpenPKG 2.0 = subversion-1.0.0-2.0.1= subversion-1.0.0-2.0.2
OpenPKG 1.3 N.A. N.A.
Dependent Packages: none
Description
Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]):
But, these might help:
http://tcpreplay.sourceforge.net/
There is always DIY (do it yourself) option.
http://www.perl.com
--
.signature: No such file or directory
___
Full-Disclosure - We believe in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: libneon
Advisory ID:
In our research project, we need to generate background traffic. One
of the problem is how to use one or two machines to simulate hundreds
of machines? Is there any open source project for this? Thanks very
much for your help. By the way, does anyone happen to know any good
project for background
Packages: Corrected Packages:
OpenPKG CURRENT = cvs-1.12.7-20040414 = cvs-1.12.8-20040519
OpenPKG 2.0 = cvs-1.12.5-2.0.1 = cvs-1.12.5-2.0.2
OpenPKG 1.3 = cvs-1.12.1-1.3.4 = cvs-1.12.1-1.3.5
Dependent Packages: none
Description:
Stefan Esser
Anyone have this available for me to download? I tried googling, and
kazaa to no avail.
Thanks.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title : SGI ProPack 3: Kernel Update #1 - Security and other fixes
Number: 20040504-01-U
Date : May 19, 2004
Seems a tall order
But don't send it off list, something like this would benefit us all I
should think
M
[EMAIL PROTECTED] wrote:
Can anyone give me the source code to a good web application security scanner written
in C# so I can start my own company? Drop me an email with a link or code off of
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title : SGI ProPack v2.4: Kernel Update #4 - Security and other fixes
Number: 20040505-01-U
Date : May 19, 2004
If you're looking for paravirtualization tools, I would suggest looking
at VServer (http://www.linux-vserver.org/) or Xen
(http://www.cl.cam.ac.uk/Research/SRG/netos/xen/).
Ryan
On Wed, 19 May 2004 07:38:23 -0700 Jianqiang Xin [EMAIL PROTECTED]
wrote:
hi, all:
In our research project, we need
I would recommend you to take a look at the linux-vserver project
(http://www.linux-vserver.org/). It's a very clever way to run vm's without
having to actually install a whole bunch of OS'es on the hosts. It can
utilize most of the hosts system files, require very little resources, and
are very
:no
Affected Releases: Affected Packages: Corrected Packages:
OpenPKG CURRENT = neon-0.24.5-20040414 = neon-0.24.6-20040519
= subversion-1.0.2-20040518 = subversion-1.0.3-20040519
= cadaver-0.22.1-20040415 = cadaver-0.22.2-20040519
Ben Timby [EMAIL PROTECTED] wrote:
Anyone have this available for me to download? I tried googling, and
kazaa to no avail.
Recall:
Agobot == Gaobot == Gobot == Polybot == Phatbot
...at least for some variants of one or other and depending on which
virus scanners you are familiar with...
[EMAIL PROTECTED] wrote:
Can anyone give me the source code to a good web application
security scanner written
in C# so I can start my own company? Drop me an email with a
link or code off of
the list please.
since u are starting your own company, i would be very happy to write one
44 matches
Mail list logo