Global InterSec LLC
http://www.globalintersec.com
GIS Advisory ID: 2002041701
Changed: 25/04/2002
Author: [EMAIL PROTECTED]
Reference: http://www.globalintersec.com/adv/sudo-2002041701.txt
Summary:
Sudo - A popular utility for allowing users to execute
commands as other users contains
-- Forwarded message --
Date: Thu, 25 Apr 2002 10:34:13 -0600
From: Todd C. Miller [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Sudo version 1.6.6 now available
Sudo version 1.6.6 is now available (ftp sites listed at the end).
Changes since Sudo 1.6.5p2:
o Fixed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : ethereal
SUMMARY : Packet handling
Jonas Eriksson [EMAIL PROTECTED] napisal(a):
o Fixed a security hole in prompt rewriting found by Global InterSec.
Looks like, it won't be easy to exploit.
There are possible few scenarios: using a unlink() or frontlink()
macro in chunk_alloc() or chunk_free(). In both cases we can control
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated icecast packages are available
Advisory ID: RHSA-2002:063-05
Issue date:2002-04-11
Updated on:2002-04-24
Product:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
The current version for interscan solaris is 1207 and correct your
issue.
regards
-Message d'origine-
De : Ishay Sommer [mailto:[EMAIL PROTECTED]]
Envoye : mercredi, 24. avril 2002 10:49
A : [EMAIL PROTECTED]
Objet :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: sudo
Advisory ID:
Affected systems:
Intel D845HV / WN (tested on BIOS revisions P05-0022,
P09-0035, P10-0038)
and D845PT (tested on BIOS P01-0012) Pentium 4 motherboards
Problem:
If the user hits the F8 key during the POST they are
presented with a Please select boot device dialog,
enabling them to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: imlib
Advisory ID:
Heres some code for this post a while back ...
http://online.securityfocus.com/archive/82/258763
This is NOT the same issue in the my_strings.c there are MULTIPLE issues
in ecartis still and the same goes for listar...
This issue is a strcpy from argv to a fixed buffer nothing special.
On Wed, Apr 24, 2002 at 10:49:08AM +0200, Ishay Sommer ([EMAIL PROTECTED])
wrote:
Hello.
The problem is that, each one of the recipients receives to his mailbox
the spam warning message,
including all addresses of which the original message was sent to, even
if they were sent as Bcc:
Heres an exploit for the slrnpull -d post ...
http://online.securityfocus.com/archive/1/268963. Much thanks to
[EMAIL PROTECTED] / safemode.org. Can anyone point me at some generic
sparc64 linux execve shellcode?
-KF
#!/bin/sh
echo DEFANGED.5
exit
#!/usr/bin/perl
#
# Credits for the
Subject: More Cross site Scripting in PHPNuke
Date: 23 Apr 2002 09:50:48 +0200
Cross site scripting is a serious problem, (even if some people
doesn't believe it), On this second round i'll show 8 new XSS
vulnerabilities in PHP Nuke (most of them are also path disclosure
vulns)
u can do other
In-Reply-To: 254c01c1eb18$7af4f1a0$2e58a8c0@ffornicario
The MS /GS switch has an equally fatal flaw in its stack
layout that makes it unnecessary to deal with the random
canary: the Structured Exception Handler frame (which has a
function pointer) comes after the canary (or cookie in MS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 01:51 AM 4/25/2002, 3APA3A wrote:
Dear Menashe Eliezer,
Sorry for asking, but it's unclear from advisory: is it possible to
access reports with either:
1. ActiveX element marked safe for scripting
2. Javascript or VBscript from Internet
New sudo packages are available to fix a security problem which may allow
users to become root, or to execute arbitrary code as root.
Here's the information from the Slackware 8.0 ChangeLog:
Thu Apr 25 12:00:50 PDT 2002
patches/packages/sudo.tgz: Upgraded to
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED]
__
Caldera International, Inc. Security Advisory
Subject:Linux: squid compressed DNS answer message boundary failure
Advisory
-BEGIN PGP SIGNED MESSAGE-
-
Debian Security Advisory DSA-128-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
April 26, 2002
-
The new Fragroute and its interactions with Snort and related
software pieces has been getting a lot of exposure over on Bugtraq.
This is great -- Snort is a fantastic tool, but there is also a rather
large installed base of ISS products, and thus far (to my knowledge) ISS
has not
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated sudo packages are available
Advisory ID: RHSA-2002:072-07
Issue date:2002-04-22
Updated on:2002-04-25
Product:
The vulnerabilities' list is accessible even by unprivileged user account.
The ability of active content to access this report depends on
security setting of the browser.
For example, signed ActiveX that runs in browser with low security
setting, doesn't need user's approval. User can also choose
21 matches
Mail list logo
