The advisory did not explain what was the cause of the problem.
(Rant: Why? Will the following explanation help anyone who would not be
able to find out this piece of information himself to abuse the bug?)
As far as I can tell, the problem is this: anyone, including mere mortals,
is allowed to
Digest Name: Daily Security Bulletins Digest
Created: Thu Oct 21 3:00:03 PDT 1999
Table of Contents:
Document ID Title
--- ---
HPSBUX9910-104 Security Advisory regarding automountd
I was involved with tracking down this vulnerability and reporting it
--- Advisory RFP9905 --- rfp.labs ---
Remote root compromise via Zeus webserver
(Zeus-search vulnerability)
- rain forest puppy / [EMAIL PROTECTED] --
Table of contents:
- 1.
Geeks,
Apologies for the lack of b4d sp3ll1ng and WeIrD CaPiTAliSation, but I'm
really not in the mood... :P
IBM WebSphere has the option to use the IBM HTTP Server as it's
underlying web server. If you do this, you have the further option to
use SSL connections. If you do this, you must create
-- Forwarded message --
Date: Fri, 22 Oct 1999 20:30:27 -0700 (PDT)
From: David Cantrell [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: CA-99-13: wu-ftpd upgrade available
ATTENTION: All users of Slackware 4.0 and Slackware-current
REGARDING: CERT Advisory CA-99-13 Multiple
-BEGIN PGP SIGNED MESSAGE-
__
SuSE Security Announcement
Package: ypserv prior 1.3.9
Date: Tue Sep 28 08:38:50 CEST 1999
Affected: all linux distributions
While we are discussing Hotmail, has anyone noticed that Hotmail's virus
scanner doesn't detect most macro viruses - including any of the Melissa
varients?
This article (published on Techweb last friday) notes that problem yes.
It's not much of a solution (none at all, come to think of it) but
-- Forwarded message --
Date: Sat, 23 Oct 1999 22:11:13 -0700 (PDT)
From: David Cantrell [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: CA-99-13: minimal fix for Slackware 3.5 through 4.0
Regarding the recent CERT advisory about WU-FTPD:
An alternative minimal fix is available
Ron van Daal [EMAIL PROTECTED] writes:
That's the behaviour I would expect from xmonisdn. A setuid binary
shouldn't dump core if it's being executed by a user which doesn't
match the ownership of the binary. Therefore I think there are two
problems: 1) (small) bug in xmonisdn 2) a bug in my