(replying to two messages at once here)
On Thu, 14 Jun 2001, Ben Gollmer wrote:
This is not a big deal if you use some validation on images (in PHP at
least).
Try the function getImageSize(); it will return an array containing the
size of the image, as well as the format. If the file
The interesting part of this bug is the fact that its exploitable on some
very large sites, and is open to a large number of users. Bulletin boards in
particular allow inline image posting, and this is what creates the
problem...inline images in a system with cookie based authentication.
One
Hmmm.. I took a Win2K Gold (no SP) machine, installed all hotfixes for the
OS and IIS5 (including the 01-026 patch). I then installed SP2 and tested
for the double decode bug - the machine was not vulnerable.
I then compared all the files that came with MS01-026 (IIS5) to the files
that
-BEGIN PGP SIGNED MESSAGE-
Since a reminder about MS01-026 and W2K SP2 was allowed through, I
thought a more long-term explanation might help folks better.
1. Security hotfixes for W2K are named according to what Service Pack
they are *expected* to be included in (there's a more
From: Colby Rice [EMAIL PROTECTED]
SP2 allows the decoding bug to work
SP2 breaks the following patch and it should be reinstalled.
http://www.microsoft.com/technet/security/current.asp?productID=17servicePackId
=2
lists 3 patches you should apply after SP2, one of which is
On Fri, 15 Jun 2001, Samuel Dralet wrote:
Vulnerable system : rxvt 2.6.2 on Debian Linux 2.2
I cannot see that this vulnerability is Debian specific, while it might
seem like that to someone just browsing bugtraq mails for something that
affects his systems.
Simon
--
GPG public key
On Fri, Jun 15, 2001 at 11:27:23AM -0400, Tony Lambiris wrote:
AFAIK its been fixed in -current, and it _will_ be in errata shortly..
in the meantime, there is a hotfix for the code itself, read the mailing
lists.. OR
in /etc/fstab, make /tmp nosuid and noexec, then mount -u /tmp (you did
Following upon the letter of Friday, June 15, 2001:
RMS This is a *very* interesting finding. It seems kind of obvious
RMS too. I wonder why no one seems to have run across it before.
It reminds me Client Side Trojans thread. Also similar problem with
authorization have been described
On Thu, Jun 14, 2001 at 09:12:05PM -0400, Chris Lambert wrote:
would it be safe to check
that if a referer is present, it contains the sites' domain name,
Yes.
but if it
isn't, it most likely wouldn't have been referenced in an img tag or
submitted via JavaScript?
You mean it's
On Thu, Jun 14, 2001 at 08:34:33PM +0200, Sverre H. Huseby wrote:
A possible solution (for web developers) seems to be to make sure the
user has been given an offer to do something before letting him do it:
Give each user a unique ticket, and for each action on a web page,
bind this ticket to
Previously Samuel Dralet wrote:
RXVT Vulnerability
Date : 2001/06/05
Vulnerable system : rxvt 2.6.2 on Debian Linux 2.2
[.. snip snip ..]
Status vendor : contacted two weeks ago but no response.
I'm curious who you contacted; from what I can see you did not contact
Debian
-- Forwarded message --
Date: Sat, 16 Jun 2001 11:08:53 -0400 (EDT)
From: Aaron Campbell [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: patch for exec+ptrace security hole available
A race condition exists in the kernel execve(2) implementation that opens
a small window of
-BEGIN PGP SIGNED MESSAGE-
-
Debian Security Advisory DSA-060-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
June 16, 2001
-
At 10:29 AM 6/15/01 -0400, Shafik Yaghmour wrote:
Yeah this is kind'a old if you have been developing sites for a
while, you also need to consider that someone can also do this off the
site as well. So if they have the ability to link to a site from your
site they can get people to go to
-BEGIN PGP SIGNED MESSAGE-
-
Debian Security Advisory DSA-061-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
June 16, 2001
-
15 matches
Mail list logo