Hello,
We have done some brief analysis of the potential remote Sendmail vulnerability
that has been reported lately. Below you can read about our findings with regard
to this isse. We reserve the right not to be correct in whatever we write below.
This is mainly due to the fact that we did not
-BEGIN PGP SIGNED MESSAGE-
NetBSD Security Advisory 2003-002
=
Topic: Malformed header Sendmail Vulnerability
Version:NetBSD-current: source prior to March 4, 2003
NetBSD 1.6:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - -
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-4
- - -
PACKAGE : sendmail
SUMMARY : remote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-257-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
March 4, 2003
-
-BEGIN PGP SIGNED MESSAGE-
NetBSD Security Advisory 2003-001
=
Topic: Encryption weakness in OpenSSL code
Version:NetBSD-current: source prior to February 21, 2003
NetBSD-1.6.1:not
- Forwarded message from Product Security [EMAIL PROTECTED] -
Return-Path: [EMAIL PROTECTED]
Date: Mon, 03 Mar 2003 14:09:17 -0800
Subject: APPLE-SA-2003-03-03 sendmail
From: Product Security [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Message-ID: [EMAIL PROTECTED]
Mime-version: 1.0
*** There is an attachment in this mail. ***
_
---
[ATTITUDEX.COM]
http://www.attitudex.com/
---
_
Select your own custom email
Uploader Version 1.1 which is available from
http://www.phpscriptcenter.com/uploader.php
includes uploader.php, which lets you upload ANY file (even scripts eg. in
PHP) onto the server
if no password protection is specified in the configuration file (default
set to off).
The supplied files will be
HP Support Information Digests
===
o Security Bulletin Digest Split
--
The security bulletins digest has been split into multiple digests
based on the
On Mon, Mar 03, 2003 at 09:08:09AM -0800, Claus Assmann wrote:
8.12.8/8.12.8 2003/02/11
SECURITY: Fix a remote buffer overflow in header parsing by
dropping sender and recipient header comments if the
comments are too long. Problem noted by Mark Dowd
Jan Niehusmann wrote:
On Mon, Mar 03, 2003 at 01:06:43AM -, subj subj wrote:
To vulnerability are subject: All versions siemens *35 and *45.
snip
the message can be read by using
'edit message' instead of 'read message', and it can be deleted without
problems.
So while this obviously is
In-Reply-To: [EMAIL PROTECTED]
Hello Geoff,
Thank you for your reply.
Some reactions on your statements:
1. I've tested the SNMP 'set community name'. None responded
to 'internal' after I changed it to something else.
You are right when you mean the SNMP 'GET community name', that one can't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED]
: Affected Packages: Corrected Packages:
OpenPKG CURRENT = sendmail-8.12.7-20030205 = sendmail-8.12.8-20030304
OpenPKG 1.2 = sendmail-8.12.7-1.2.0= sendmail-8.12.7-1.2.1
OpenPKG 1.1 noneN.A.
Dependent Packages: none
Description
You might try their whois contact. I had some success resolving an
issue by going through them.
Administrative, Technical Contact:
AOL Domain Administration (America Online, Inc.)
22000 AOL Way
Dulles, VA 20166
US
Tel. 703 265 4670
Email: [EMAIL PROTECTED]
Florian Weimer wrote:
Claus Assmann [EMAIL PROTECTED] writes:
Sendmail, Inc., and the Sendmail Consortium announce the availability
of sendmail 8.12.8. It contains a fix for a critical security
problem discovered by Mark Dowd of ISS X-Force; we thank ISS X-Force
for bringing this problem to our
What happens if the string is sent repeatedly while the phone is turned
on but is unattended or receives text messages silently? Is the battery
drained as predicted?
Willis
-Original Message-
From: Jan Niehusmann [mailto:[EMAIL PROTECTED]
Sent: Monday, March 03, 2003 2:46 PM
To: subj
Hi,
something that could be interesting...
We have decided not to contact any vendor (many vendors are vulnerable and
we have not enough time...sorry) and made this advisory public in this
list.
ILLC - Inverse Lookup Log Corruption
We are using a technique that we have called ILLC
On Mon, 03 Mar 2003 23:46:09 +0100, Jan Niehusmann writes:
On Mon, Mar 03, 2003 at 01:06:43AM -, subj subj wrote:
To vulnerability are subject: All versions siemens *35 and *45.
[...]
languages from the phone language selection menu, will
completely disable *35 series phones and result
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 03.04.03:
http://www.idefense.com/advisory/03.04.03.txt
Locally Exploitable Buffer Overflow in file(1)
March 4, 2003
I. BACKGROUND
file(1) is an application that utilizes a magic file (typically located in
I want to emphasize one of the last sentences in this posting:
``However, we cannot exclude that there does not exist another
execution path in the sendmail code, that could lead to the program
counter overwrite.'' Please don't breath a sigh of relief because
you are running on one of the does
Hi,
Sorry for my ignorance as I have just patched sendmail for the currently
new vunerability in 8.12.7 and below. Is there a test tool yet so that I
could verify that the patch took and that the exploit has been taken care
of? I am just a little paranoid is all. I didn't see a version change or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED]
In-Reply-To: [EMAIL PROTECTED]
It seems that I'm one of the last Netscape 4.x users.
The following paste shows the IMAP mail part of this
configuration file.
You can see that the line 17 shows the unencrypted
password
Netscape 4.x is out of date - we recommend that
everyone upgrade to our
At 01:04 PM 3/4/03 -0600, John wrote:
Heavily edited from the bind-announce message:
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Subject: BIND 9.2.2 is now available.
Date: Tue, 04 Mar 2003 12:51:37 +1100
List-Id: bind-announce.isc.org>
BIND 9.2.2 is now available. This is a
Product tested : AXIS 2401 release 2.32
http://server/support/messages
responds with /var/log/messages.
That's fine ;)
2) DOS / OVERWRITING SYSTEM-FILES
3) ARBITRARY FILE CREATION
Don't work. Ask for a login/pass.
Best regards,
Jean-Philippe Gaulier
--
Hi Andreas,
Tuesday, March 4, 2003, 12:33:10 AM, you wrote:
AH An S35 locks up *completly* when one attemps to read the message -
AH worse: you had to read the message (wich is not possible) before you
AH could delete it, there is no edit option in the message list. Regarding
AH the S35 it
-BEGIN PGP SIGNED MESSAGE-
The password is not enabled by default, but the readme has the following installation
instructions:
- ---
open setup.php and edit these options
$ADMIN[RequirePass] = Yes; // Checks to see if upload has a vaild
password
$ADMIN[Password] = password; //
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
__
SCO Security Advisory
Subject:UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : ftp
vulnerability
30 matches
Mail list logo