Macromedia Shockwave Flash Malformed Header Overflow #2
Release Date:
December 16, 2002
Severity:
High (Remote Code Execution)
Systems Affected:
Macromedia Flash Player versions less than 6.0.65.0
Description:
While working on some pre-release Retina® CHAM tools, multiple exploitable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-212-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
December 17, 2002
-
On Mon, Dec 16, 2002 at 11:56:10PM -0500, [EMAIL PROTECTED] wrote:
*ON THE WIRE*, all 256 byte codes are legal, since DNS uses a length-data
Yes noone said it is not, but fact is, the libc resolvers simply do not
allow them, so you can send through the wire whatever you want it will
not find
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated Fetchmail packages fix security vulnerability
Advisory ID: RHSA-2002:293-09
Issue date:2002-12-16
Updated on:2002-12-17
FYI:
Adelphia has responded and is working on this problem, if you would like to
assist with finding out if you're subnet is vulnerable, please email
[EMAIL PROTECTED], as this will really help adelphia chase down the
networks, and fix this problem. The layer 2 gear was from recent acquiries
of
Uhh, you do not strictly need physical access. Simple scenarios:
Remote administrative access, does a memory dump.
Laptop or desktop system that supports suspend mode, when in suspend the
contents of memory are written to the harddrive. When brought out of suspend
this data is deleted (i.e. the
*ON THE WIRE*, all 256 byte codes are legal, since [...]
Yes noone said it is not, but fact is, the libc resolvers simply do
not allow them, so you can send through the wire whatever you want it
will not find its way to the fingerd.
This does not match my experience.
I control rDNS for my
Due to the way requests are logged the only way to exploit this
vulnerability is through setting the DNS name of the fingering host
to the attacker supplied format string.
I really wonder how you want to exploit this... Last time I checked
all tested resolvers (Linux/BSD/Solaris) did not
[...how tarfile readers don't check for .. components...]
Affected
[long list]
Not affected: my tar, when run with the appropriate option to make it
paranoid about extraction. (With the option set, it refuses to extract
anything that would be placed anywhere not under the current
directory.
On a machine I administrate I recently discovered an entry in
/etc/profile.d/oracle.sh:
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/home/oracle/OraHome1/lib
I noticed today that this leaves the value of LD_LIBRARY_PATH as:
:/home/oracle/OraHome1/lib
(containing an empty element).
This is the
*** There is an attachment in this mail. ***
_
---
[ATTITUDEX.COM]
http://www.attitudex.com/
---
_
Select your own custom email
On Mon, 16 Dec 2002 21:39:32 +0100, Stefan Esser [EMAIL PROTECTED] said:
Hello,
Due to the way requests are logged the only way to exploit this
vulnerability is through setting the DNS name of the fingering host to the
attacker supplied format string.
I really wonder how you want to
Subject
Directory traversal vulnerabilities in several
archivers processing .tar
files
Author
Florian sticky bit Schafferhans
[EMAIL PROTECTED]
http://www.computer-security.de/
Date
17. December 2002
Affected
GNU cpio 2.5
http://www.gnu.org/
RAZOR advisory: Linux kernel 2.2.x /proc/pid/mem mmap() vulnerability
Issue Date : 12/17/2002
Contact: Michal Zalewski [EMAIL PROTECTED]
CVE number : CAN-2002-1380
Topic:
A locally exploitable system crash vulnerability is present in the
Linux kernel, versions 2.2.x. The
On Tue, Dec 17, 2002 at 06:51:00PM +, [EMAIL PROTECTED] wrote:
On a machine I administrate I recently discovered an entry in
/etc/profile.d/oracle.sh:
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/home/oracle/OraHome1/lib
I noticed today that this leaves the value of LD_LIBRARY_PATH as:
15 matches
Mail list logo