FreeBSD Security Advisory FreeBSD-SA-02:32.pppd

-BEGIN PGP SIGNED MESSAGE- = FreeBSD-SA-02:32.pppd Security Advisory The FreeBSD Project Topic:

[RHSA-2002:153-07] Updated mm packages fix temporary file handling

- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated mm packages fix temporary file handling Advisory ID: RHSA-2002:153-07 Issue date:2002-07-24 Updated on:2002-07-30

The SUPER Bug

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 /* * SAVE DEFCON..HELP GOBBLES..SAVE DEFCON..HELP GOBBLES * * When GOBBLES say he and he security team * are non-profit. He really mean NON-profit. * This means GOBBLES and he GOBBLES Security * Labs (GSL) friends do not have much funds. * *

Re: It takes two to tango

snip Ferson also said that HP reserves the right to sue SnoSoft and its members for monies and damages caused by the posting and any use of the buffer overflow exploit. This raises a very interesting point. Bruce Schneier has stated publicly that he believes vendors should be

Re: RAZOR advisory: Linux util-linux chfn local root vulnerability

Andrew Pimlott [EMAIL PROTECTED] wrote: If he is smart, he will check whether the file is open (eg with fuser) Not really. The file does not have to be open to be present in the system. It is prefectly possible to leave a dangling root-owned file several times, Correct, but: the admin

Re: It takes two to tango

to continue the it takes two to tango metaphor, i will say the following (inline): On Wed, 31 Jul 2002, Chris Paget wrote: 2) R attempts to contact V to reveal the bug. 3) V does not respond. this is the fault of the vendor for not having a well known and publicized contact point for

Announcing: The Zardoz 'Security Digest' Archives

The Zardoz 'Security Digest' Archives http://securitydigest.org The Zardoz 'Security Digest' Archive is dedicated to the history of the Zardoz 'Security Digest'. In time, the plan is to build a comprehensive history of the digest. At the moment, there's a part of the archive to

SuSE Security Announcement: mod_ssl, mm (SuSE-SA:2002:028)

-BEGIN PGP SIGNED MESSAGE- __ SuSE Security Announcement Package:mod_ssl, mm Announcement-ID:SuSE-SA:2002:028 Date:

[CLA-2002:513] Conectiva Linux Security Announcement - openssl

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -- PACKAGE : openssl SUMMARY : Several vulnerabilities

FW: Parachat DoS Vulnerability

-Original Message- From: Matt Smith [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 31, 2002 11:59 AM To: '[EMAIL PROTECTED]' Subject: Parachat DoS Vulnerability Parachat DoS Vulnerability Synopsis Written by Matt Smith aka Ratman ([EMAIL PROTECTED]) Contributions by Amy Marie aka

Re: It takes two to tango

Hi, I just read the article at News.com (http://news.com.com/2100-1023-947325.html?tag=fd_top) about the controversy between HP and Snosoft. It seems that HP is upset that details of a dangerous security hole in the HP Tru64 operating system were published by Phased, a security researcher

Re: It takes two to tango

I agree fully, with what both of you have to say, and I have another point to bring up. If companies like HP or Microsoft can put in their license, terms which remove all liability of themselves for damage caused security in their products or general defects, and this stands up in court (and

Security Update: [CSSA-2002-033.0] Linux: multiple vulnerabilities in openssl

To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] __ Caldera International, Inc. Security Advisory Subject:Linux: multiple vulnerabilities in openssl Advisory

Remote Buffer Overflow Vulnerability in Sun RPC

-BEGIN PGP SIGNED MESSAGE- Internet Security Systems Security Brief July 31, 2002 Remote Buffer Overflow Vulnerability in Sun RPC Synopsis: Internet Security Systems (ISS) X-Force has discovered a buffer overflow in the xdr_array filter primitive. This function is a part of the Sun

Re: It takes two to tango

Chris Paget [EMAIL PROTECTED] wrote: Does V still have the right to sue R? Let's put this a different way: Ford makes a car that seems to sell pretty well. Unfortunately, it has a fatal design flaw: if the car suffers a rear-end collision while it's in third gear during a rainstorm at night

[SECURITY] [DSA-138-1] Remote execution exploit in gallery

-BEGIN PGP SIGNED MESSAGE- - Debian Security Advisory DSA-138-1 [EMAIL PROTECTED] http://www.debian.org/security/ Wichert Akkerman August 1, 2002 -

bug in KSTAT

/* 2002-07-31#04:19 * * HIJACKING KERNEL SYMBOLS AND FUNCTIONS USED TO LOAD BINARY FORMATS * -- * * With this module you can hide tasks to KSTAT, tool used to find * attakers in your system by a direct analysis of the

Comment on DMCA, Security, and Vuln Reporting

Given the recent news about HP using DMCA to shutter a Bugtraq disclosure of Tru64 vulnerability, I felt it appropriate to chime in. I hope you find my comments of-value and worthy of relaying onto the list. The News.Com story with more details is at :

RE: It takes two to tango

There are some interesting issues being raised: snip 1) Researcher R finds a security hole in vendor V's product. 2) R attempts to contact V to reveal the bug. 3) V does not respond. 4) R attempts communication several times over the next 90 days, but never receives a response. 5) R

Re: It takes two to tango

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At some point hitherto, Riad S. Wahby hath spake thusly: Two weeks later, a story breaks in the national news that a psychopath has taken it upon himself to rear-end all Ford cars on rainy moonlit nights. So far, five people have died. Who is

Re: It takes two to tango

On Wed, 31 Jul 2002 11:15:27 -0400 (EDT), Greg A. Woods wrote: [ On Wednesday, July 31, 2002 at 11:34:57 (+0100), Chris Paget wrote: ] Subject: Re: It takes two to tango Does V still have the right to sue R? Absolutely not. They were given more than fair notice. According to the CNet

Re: It takes two to tango

[ On Wednesday, July 31, 2002 at 11:34:57 (+0100), Chris Paget wrote: ] Subject: Re: It takes two to tango Does V still have the right to sue R? Absolutely not. They were given more than fair notice. If vendors are made liable for security holes, and those vendors have the right to sue

RE: It takes two to tango (or samba for that matter)

As much as corporate liability makes sense, I doubt it will ever come to fruition. I think it will be near impossible to prove negligence. It will be a matter on interpreting the raw code and showing that the programmers intentionally cut corners. That won't be an easy thing to prove. Chris

TZ Advisores - Buffer Overflow in IBM U2 UniVerse ODBC

Systems Affecteds: All UniVerse versions with UV/ODBC Explanation: Trying to make an invalid query the client crashes and make the server slow with 5sec to 2min lag what could crash the server. Expoit: Make a query accessing UV/ODBC (I've used CrystalReports all versions) and make a

Re: It takes two to tango

On Wed, 31 Jul 2002 11:34:57 +0100, Chris Paget [EMAIL PROTECTED] said: CP snip Ferson also said that HP reserves the right to sue SnoSoft and its members for monies and damages caused by the posting and any use of the buffer overflow exploit. CP This raises a very

Re: It takes two to tango

On Wed, 2002-07-31 at 10:48, Jose Nazario wrote: 4) R attempts communication several times over the next 90 days, but never receives a response. if the researcher doesn't attempt to work with an established third party (ie CERT, SecurityFocus) to get this contact made, they are acting