-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 355-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
July 30th, 2003
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: kdelibs
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 356-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
July 30th, 2003
On Wednesday, July 30, 2003, at 10:07 h, Doug White wrote:
On Tue, 29 Jul 2003, Patrick Haruksteiner wrote:
I discoverd another security issue with the Mac OS X screensaver.
If you have installed escapepod from Ambrosia Software and hit
crtl-alt-delete(==backspace) when the screensaver with
For those interested, my co-author (Mark Graff) and I have been posting and
maintaining a free repository of analyses of some recent/topical
vulnerabilities on our book's web page, at http://www.securecoding.org --
you can alternatively go directly to the analyses at
On Tue, 29 Jul 2003, Patrick Haruksteiner wrote:
I discoverd another security issue with the Mac OS X screensaver.
If you have installed escapepod from Ambrosia Software and hit
crtl-alt-delete(==backspace) when the screensaver with password
protection is running, it kills the screensaver and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
@stake, Inc.
www.atstake.com
Security Advisory
Advisory Name: ePolicy Orchestrator multiple vulnerabilities
Release Date: 07/31/2003
Application: McAfee ePolicy Orchestrator 2.X
Synopsis: wu-ftpd fb_realpath() off-by-one bug
Product:wu-ftpd
Version:2.5.0 = 2.6.2
Vendor: http://www.wuftpd.org/
URL:http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0466
I wouldn't consider this a bug. It is like me writing a script that kills
any process named ScreenSaverEngine. If I run it with my privileges it
should allow me to kill the process (assuming I own ScreenSaverEngine).
Escape Pod does what it is meant to. OS X does what it is meant to--that is
-BEGIN PGP SIGNED MESSAGE-
__
SuSE Security Announcement
Package:wuftpd
Announcement-ID:SuSE-SA:2003:032
Date: Thursday,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: wu-ftpd
Advisory ID:
Rizwan Jiwan wrote:
I wouldn't consider this a bug. It is like me writing a script that kills
any process named ScreenSaverEngine. If I run it with my privileges it
should allow me to kill the process (assuming I own ScreenSaverEngine).
Escape Pod does what it is meant to. OS X does what it is
We believe that exploitation of other little-endian systems is also
possible.
Are big-endian systems vulnerable as well, or just little-endina systems?
On Wednesday, July 30, 2003, at 04:56 PM, Patrick Haruksteiner wrote:
On Wednesday, July 30, 2003, at 10:07 h, Doug White wrote:
On Tue, 29 Jul 2003, Patrick Haruksteiner wrote:
I discoverd another security issue with the Mac OS X screensaver.
If you have installed escapepod from Ambrosia
If anything I'd call this a security consideration of Escape Pod.
Perhaps Escape Pod should try to talk to the process it's about to kill,
and get its 'permission' for killing, and failing a timely response (2
secs?), drop the program. ScreenSaverEngine would have to be tailored
to respond
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I don't quite agree. Windows uses control-alt-delete as a security
device. It binds those keys as a hotkey in such a way that no other
aplication can replace it. This is why it is used at logon; it
prevents a user from creating a program that looked
On Thu, 31 Jul 2003, MightyE wrote:
If anything I'd call this a security consideration of Escape Pod.
Perhaps Escape Pod should try to talk to the process it's about to kill,
and get its 'permission' for killing, and failing a timely response (2
secs?), drop the program. ScreenSaverEngine
http://badWebMasters.net
ben moeckel security research
-
badWebMasters security advisory #015
SQL-Injection @ Woltlab Burning Board + MOD Guthabenhack 1.3
Discovery Date: 2003-07-28
Original Advisory:
http://badwebmasters.net/adv/015/
a) If the screensaver engine is compromised (as it was earlier this month,
though likely not in a command-execution sort of way), you don't want to
be able to give the user root privileges. Presumably, xscreensaver has
safeguards against that (or they assume it'll never be exploited). It
would
Gavin Hanover wrote:
I don't quite agree. Windows uses control-alt-delete as a security
device. It binds those keys as a hotkey in such a way that no other
aplication can replace it. This is why it is used at logon; it
prevents a user from creating a program that looked like a logon
prompt, and
MightyE wrote:
If anything I'd call this a security consideration of Escape Pod.
Perhaps Escape Pod should try to talk to the process it's about to
kill, and get its 'permission' for killing, and failing a timely
response (2 secs?), drop the program. ScreenSaverEngine would have to
be
From: Brian Eckman [EMAIL PROTECTED]
If someone were to find a way to bind to those hotkeys, would you
then consider this a security issue with Windows? If so, how is
Apple's failure to block kill calls to the screen saver not a
security issue?
Gavin
Windows does allow others to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Red Hat Security Advisory
Synopsis: Updated wu-ftpd packages fix remote vulnerability.
Advisory ID: RHSA-2003:245-01
Issue date:
Insufficient input checking on web site allows dangerous HTML TAGS
Systems: LightSurf(tm) Content Delivery system;
Sprint Picture Mail(sm) web site
Severity: Serious
Category: Arbitrary Execution of HTML of Hackers Choice
Classification: Input Validation Error
BugTraq-ID: TBA
Remote
24 matches
Mail list logo