VANHULLEBUS Yvan wrote:
On Tue, Dec 13, 2005 at 09:49:40PM +0100, Paul Wouters wrote:
On Mon, 12 Dec 2005, Thierry Carrez wrote:
[...]
Impact
==
A remote attacker can create a specially crafted packet using 3DES with
an invalid key length, resulting in a Denial of Service attack, format
Trend Micro PC-Cillin Internet Security Insecure File Permission
Vulnerability
iDefense Security Advisory 12.14.05
www.idefense.com/application/poi/display?id=351type=vulnerabilities
December 14, 2005
I. BACKGROUND
Trend Micro PC-Cillin Internet Security is antivirus protection software
for
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200512-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
David,
I haven't read the original attack description recently, but; I seam
to remember that the ability of the tampered compiler to inject
malicious code could be stateful. Either a timing attack, or a attack
after n-builds, so that malicious code is injected in an arbitrary,
pseudo-random, less
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 922-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
December 14th, 2005
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2005:227
http://www.mandriva.com/security/
Mike Lisanke wrote:
David,
I haven't read the original attack description recently, but; I seam
to remember that the ability of the tampered compiler to inject
malicious code could be stateful. Either a timing attack, or a attack
after n-builds, so that malicious code is injected in an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2005:228
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2005:229
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2005:230
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2005:231
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2005:232
http://www.mandriva.com/security/
David Litchfield of NGSSoftware has discovered a multiple high risk
vulnerabilities in IBM's AIX operating systems.
1) There is a buffer overflow in the malloc debug system that when exploited
can yeild root privileges.
2) There is a buffer overflow in muxatmd which is setuid root.
3) There
Notacon, an annual hacker conference in Cleveland, Ohio, will be held this
year from April 7th through 9th, 2006. The event seeks to explore
technology not only in traditional ways, but also as relevant to graphics,
art, music, and social interaction. Two tracks of presentations centered on
the
The Metasploit staff is proud to present the first alpha release of the
3.0 branch of the Metasploit Framework. This release marks a major
milestone in the evolution of the Metasploit Framework and is based on a
complete rewrite of the 2.x series.
The 3.0 branch is designed to provide
(The following advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_AppScanQA_RemoteCodeExec.pdf)
CYBSEC S.A.
www.cybsec.com
Advisory Name: Watchfire AppScan QA Remote Code Execution
==
Vulnerability Class: Buffer Overflow
MarmaraWeb E-commerce Remote Command Exucetion
###Hi all
###B3g0k[at]hackermail.com
###Kurdish Hacker
###Special Thanx All Kurdish Hackers
###Freedom For Ocalan!!!
###---
###MarmaraWeb E-commerce Remote Command Exucetion
###---
MarmaraWeb E-commerce Script Cross Site Scripting
###Hi all
###B3g0k[at]hackermail.com
###Kurdish Hacker
###Special Thanx All Kurdish Hackers
###Freedom For Ocalan!!!
###---
###MarmaraWeb E-commerce Script Cross Site Scripting
###---
I agree that this is in fact a DoS, however it is using the old
LanD attack (from 1997) syntax/style. That fact that it is a packet
to itself, from it's self, obviously spoofed. As this was the same
way it was done back in the 90's. The difference here, is the fact
that the LanD attack can
To All:
As requested:
MSWord (.doc): http://www.teamtrinix.com/exploits/rla/RLA.doc
Plain Text (.txt): http://www.teamtrinix.com/exploits/rla/RLA.txt
HTML: http://www.teamtrinix.com/exploits/rla/RLA.htm
PDF; (Coming Soon)
I will go ahead and create the PDF later this evening. The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00579189
Version: 1
HPSBUX02087 SSRT4728 rev.1 - HP-UX running TCP/IP Remote Denial of
Service (DoS)
NOTICE: The information in this Security Bulletin should be acted
upon as soon as possible.
I've just published a paper on AIX heap overflows. I wrote it back in August
but wanted to wait until a couple of flaws I discovered whilst researching
the topic were fixed by IBM. IBM released the patches today. You can get the
paper at http://www.databasesecurity.com/dbsec/aix-heap.pdf
Cheers,
In GOD We Trust
Kachal667 Under9round Team (KuT)
Hi,
Here's my(LrK) new advisory about Hosting Controller.
Hosting Controller - CSS vulnerabilities
Found date : Pri8
Public Date: 02/11/2005
Summary
---
Hosting Controller is an all-in-one
Some versions of Nessus can log in through SSH and check the system
locally. I'm unsure if Retina can do that, but it wouldn't surprise me.
Joshua Russel wrote:
It is a local vulnerability, then how does Retina claims to scan it remotely?
On 12/13/05, Advisories [EMAIL PROTECTED] wrote:
On 12/6/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Ipswitch Collaboration Suite SMTP Format String Vulnerability
[...]
Remote exploitation of a format string vulnerability in Ipswitch
IMail allows remote attackers to execute arbitrary code.
Can iDEFENSE (or anyone else) elaborate on this?
25 matches
Mail list logo