Vulnerable systems: redhat 7.0 with man-1.5h1-10 (default
package) and earlier.
=
Heap Based Overflow of man via -S option gives GID man.
Due to a slight error in a length
Hi,
I have attached the iis5hack.zip file that is availabe
to hacking community from may 5th from
www.hackersclub.com
There is a port of exploit to perl language and also
win32,(both C and EXE included in attached file)
written by CyrusTheGreat the same day that jill.c
exploit published,
I
Hi,
I found Buffer Overflow vulnerabilities in Becky! Internet Mail 2.00.05
Becky! Internet Mail is popular MUA (Mail User Agent) designed for
Windows operating systems.
Problem Description
---
If the message includes over 65536 bytes without new line characters,
the buffer
I'm not sure why all of the Solaris mail programs are actually set-gid
mail.
If you strip set-gid mail from /usr/bin/mail,, /usr/bin/mailx,
/usr/SUNWale/bin/mailx, /usr/dt/bin/dtmail, /usr/dt/bin/dtmailpr,
/usr/openwin/bin/mailtool nothing should break.
(At least not if you /var/mail
==
Defcom Labs Advisory def-2001-25
Carello E-Commerce Arbitrary Command Execution
Author: Peter Gründl [EMAIL PROTECTED]
Release Date: 2001-05-14
I've just detected a new Product Alert on iPlanets Web Site. I'm
sending this information because I was not able to find it in the
bugtraq archive yet. iPlanet does not seem to inform bugtraq
(why?). The information posted herein can be found in
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
-BEGIN PGP SIGNED MESSAGE-
-
Sunday, May 13, 2001, 10:07:34 PM, zenith napisa³(a):
Vulnerable systems: redhat 7.0 with man-1.5h1-10 (default
package) and earlier.
=
Heap Based Overflow of man via -S option
-- Corsaire Limited Security Advisory --
Title: Symantec/Axent NetProwler 3.5.x password restrictions
Date: 17.03.01
Application: Symantec/Axent NetProwler 3.5.x
Environment: WinNT
Author: Martin O'Neal [[EMAIL PROTECTED]]
Audience: General distribution
-- Scope --
The aim of this
Personal Web Sharing Remote Stop.
Versions affected: Personal Web sharing v1.5.5, probably earlier.
Problem:
Personal Web Sharing extension, which ships with MacOS 9, can\'t handle
a request longer than 6000 characters. A request, which contains 6000 or
more characters seems to stop
-- Corsaire Limited Security Advisory --
Title: Symantec/Axent NetProwler 3.5.x database configuration
Date: 07.04.01
Application: Symantec/Axent NetProwler 3.5.x
Environment: WinNT
Author: Martin O'Neal [[EMAIL PROTECTED]]
Audience: General distribution
-- Scope --
The aim of this
On Sun, May 13, 2001 at 08:07:34PM -, zenith parsec wrote:
man -S `perl -e 'print : x 100'`
Will cause a seg fault if you are vulnerable.
This and several other man vulnerabilities have been discussed on
security-audit last year. See:
MARC: thrd 'Multiple man vulnerabilities with Red
Crussaider wrote:
After I patched servers, webexplt.pl was still reporting
servers vulnerable but I was unable to place eeye's txt file on the
server via iishack2000 and I was unable to get reverse cmd shell
via jill. Nether from linux or windows.
That's
NSFBUGTRAQOCUS Security Advisory(SA2001-02)
Topic: Microsoft IIS CGI Filename Decode Error Vulnerability
Release Date£º 2001-5-15
CVE Candidate Numbers: CAN-2001-0333
BUGTRAQ ID : 2708
Affected system:
- Microsoft IIS 4.0
- Microsoft IIS 5.0
Not affected system:
Denis Ducamp wrote:
[snip]
Now some systems protects against been used to spoof-scan :
[snip]
. Linux 2.4.x : IPID is null if the packet is small enought to be carried
unfragmented in which case the DF (don't fragment) bit is set
. others perhaps ?
Ah-ha!!! So that might be the
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title: IRIX rpc.espd Buffer Overflow
Reference: CVE CAN-2001-0331
Number:20010501-01-P
Date:
It's out there. I've seen logs indicating the attacker put a root.exe file
on the IIS5 host and then were able to issue a command to run this file via
the overflow. I don't have any more specific information on the contents of
the root.exe file or the exact script used, etc. at this time.
Some follow up comments. All messages to the list now have a List-Id
header. This is a recently proposed RFC to standardize mailing list
identification. Please make use of it for filtering messages.
RFC2919: http://www.mit.edu/afs/athena/reference/rfc/authors/rfc2919.txt
Subject line prefixing
On Mon, May 14, 2001 at 10:24:10AM +0200, Casper Dik wrote:
I'm not sure why all of the Solaris mail programs are actually set-gid
mail.
If you strip set-gid mail from /usr/bin/mail,, /usr/bin/mailx,
/usr/SUNWale/bin/mailx, /usr/dt/bin/dtmail, /usr/dt/bin/dtmailpr,
NSFBUGTRAQOCUS Security Advisory(SA2001-02)
Topic: Microsoft IIS CGI Filename Decode Error Vulnerability
Affected system:
- Microsoft IIS 4.0
- Microsoft IIS 5.0
Not affected system:
- Microsoft IIS 4.0
+ Microsoft Windows NT 4
Previously Kris Kennaway wrote:
I think this is a Linux-specific enhancement to vixie cron; nothing
remotely similar to the affected code seems to be in the FreeBSD
version, and I thought we were using the most recent vendor version.
As the Debian advisory mentioned, this was the result of a
-BEGIN PGP SIGNED MESSAGE-
__
SuSE Security Announcement
Package:cron-3.0.1-296
Announcement-ID:SuSE-SA:2001:17
Date:
Yesterday night I discovered a vulnerabilty. The router is a 3COM
OfficeConnect 812 and the vulnerability is on the HTTP server, on port 80.
When you enter with a browser on one of this router, you are asked for
user/password, if you fail, you can see a web page telling you that is a
protected
Casper Dik [EMAIL PROTECTED] writes:
I'm not sure why all of the Solaris mail programs are actually set-gid
mail.
If you strip set-gid mail from /usr/bin/mail,, /usr/bin/mailx,
/usr/SUNWale/bin/mailx, /usr/dt/bin/dtmail, /usr/dt/bin/dtmailpr,
/usr/openwin/bin/mailtool nothing should
-BEGIN PGP SIGNED MESSAGE-
Internet Security Systems Security Advisory
May 9, 2001
Remote Buffer Overflow Vulnerability in IRIX Embedded Support Partner
Infrastructure
Synopsis:
ISS X-Force has discovered a buffer overflow in the rpc.espd component
of the Embedded Support Partner
/*
*
* execiis.c - (c)copyright Filip Maertens
* BUGTRAQ ID: 2708 - Microsoft IIS CGI Filename Decode Error
*
* DISCLAIMER:This is proof of concept code. This means, this
code
* may only be used on approved systems in order to test the
availability
* and integrity of machines
On Mon, 14 May 2001 04:24:10 EDT, Casper Dik writes:
By forcing a file permission of 600 on mailboxes, group mail should not
gain you anything.
Under some older Solaris releases (e.g., including 2.5.1), the /etc/mail
directory belongs to group mail and is group-writable, by default;
that'll
Maxum(maxum.com) Rumpus FTP server DoS vulnerability
Versions Affected: tested on v1.3.3, 2.0 dev 3(MacOS 8.6, 9.1), probably
earlier,
Not affected: v1.3.4
Description:
If you try to make a directory which name is 65 characters long, the
Rumpus FTP service and the computer freezes. You can
DCForum Password File Manipulation Vulnerability
qDefense Advisory Number QDAV-5-2000-2
Product: DCForum
Vendor: D.C. Script
Version Tested: DCForum 2000 1.0 (Version 6.0 is believed to be vulnerable as well)
Severity: Remote; Any attacker may gain DCForum admin privileges, which result in
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: New samba packages available to fix /tmp races
Advisory ID: RHSA-2001:044-08
Issue date:2001-04-05
Updated on:2001-05-14
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: New Zope packages are available
Advisory ID: RHSA-2001:065-05
Issue date:2001-05-02
Updated on:2001-05-14
Product:
31 matches
Mail list logo