-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1005-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
March 16th, 2006
-
Fedora Legacy Update Advisory
Synopsis: Updated kdelibs packages fix security issues
Advisory ID: FLSA:178606
Issue date:2006-03-16
Product: Red Hat Linux, Fedora Core
Keywords:
This does not repro on IE7 though
-Hariharan
- Original Message -
From: Michal Zalewski [EMAIL PROTECTED]
To: Daniel Bonekeeper [EMAIL PROTECTED]
Cc: bugtraq@securityfocus.com; [EMAIL PROTECTED];
full-disclosure@lists.grok.org.uk
Sent: Friday, March 17, 2006 2:43 AM
Subject: Re:
-
Fedora Legacy Update Advisory
Synopsis: Updated kernel packages fix security issues
Advisory ID: FLSA:157459-3
Issue date:2006-03-16
Product: Fedora Core
Keywords: Bugfix
Tested on Win2k3 Standard, fully patched...
Mshtml.dll 6.0.3790.2577
Iexplore.exe 6.0.3790.1830
PoC does work.
David Schenz
[EMAIL PROTECTED]
-Original Message-
From: Michal Zalewski [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 16, 2006 4:14 PM
To: Daniel Bonekeeper
Cc:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
What is your point exactly? How secure are Verisign, Thawte or
anyone elses servers outside of them just stating We take X
Precautions. Look at just about all of the top companies,
Microsoft, Sun, Yahoo, Citibank. They've all been hit at some point
-
Fedora Legacy Update Advisory
Synopsis: Updated kernel packages fix security issues
Advisory ID: FLSA:157459-4
Issue date:2006-03-16
Product: Fedora Core
Keywords: Bugfix
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200603-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Michal Zalewski wrote:
iexplore http://lcamtuf.coredump.cx/iedie.html
In this way it works on IE7 Beta as well
--
Tomasz Onyszko
http://www.w2k.pl/blog/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200603-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-
Fedora Legacy Update Advisory
Synopsis: Updated xpdf package fixes security issues
Advisory ID: FLSA:175404
Issue date:2006-03-16
Product: Red Hat Linux, Fedora Core
Keywords:
--On den 8 mars 2006 14.58.20 -0500 gboyce [EMAIL PROTECTED] wrote:
On Wed, 8 Mar 2006, Security Lists wrote:
Sorry, I don't see this as amplification in your example, because YOUR
dns servers are 100% of the traffic. 1:1 ratio.
Once the first request to the nameservers is made, the
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200603-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
On Wed, 8 Mar 2006 15:55:21 -0700 Mark wrote:
MS Correct me if I'm wrong, but I was under the impression that DNS
MS responses that go over the max size of a UDP datagram won't get split
MS into multiple UDP datagrams. Rather, a response with only partial
MS data will be sent back, and the client
I had an off-list request for a packet capture or log entries of
examples.
http://www.criticalstop.com/malicious_dns.txt
Only the IP of our affected DNS server is sanitized. But this should
put to rest questions about fragmentation, etc...
The DNS server providing the cached response is pretty
[EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
What is your point exactly? How secure are Verisign, Thawte or
anyone elses servers outside of them just stating We take X
Precautions.
Do you argue Some chains are weak implies All chains are weak? Please
explain. I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
XCon2006 Call For Paper
XCon2006 the Fifth Information Security Conference will be held
in Beijing, China, during August 18-20, 2006. China has long been
known as a famous cultural country, while Beijing is the most
splendid place in its
Software: Invision Power Board
Web Site:http://www.invisionpower.com
tested in v2.0.4
exploit :
forum/index.php?act=Searchnav=auCODE=showsearchid=5f25843edb0242889889796819a2b367search_in=oooresult_type='scriptalert(document.cookie)/script
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Symantec Security Advisory
SYM06-004
17 March 2006
Veritas Backup Exec: Application Memory Denial of Service
Revision History
None
Severity
Medium
Remote Access - Yes
Local Access - No
Authentication Required -No
Exploit publicly available - No
On Fri, 17 Mar 2006, Hariharan wrote:
This does not repro on IE7 though
It generally does, according to tests by a couple of folks.
/mz
At OffensiveComputing we were looking at ways to detect virtual machines and
had found and discarded many unsophisticated methods such as looking for VMWare
Tools running as a service or VMWare related registy keys, etc. Then we
discovered Joanna Rutkowska's very interesting Redpill method.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200603-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-
Fedora Legacy Update Advisory
Synopsis: Updated kernel packages fix security issues
Advisory ID: FLSA:157459-1
Issue date:2006-03-16
Product: Red Hat Linux
Keywords:
Worked like a treat first time on IE 6.0.2900.2180.xpsp_sp2_gdr.050301-1519
and exited with error:
Unhandled exception at 0x7d56a08d in iexplore.exe: 0xC005: Access
violation writing location 0x037c7eb8.
c0redump
- Original Message -
From: Michal Zalewski
To: Daniel Bonekeeper
As we sent out today's security advisories, one of our servers
experienced an outage before completely syncing to the mirrors.
As a result, the updates repository contains missing packages.
This situation should be corrected shortly. I apologize for any problems
this may cause.
Marc.
Something strange...
I tried under FireFox 1.0.7 and seems that when you check the sources, it's
crashing.
I tried also under FireFox 1.5.0.1, it's also crashing when i check the
sources... but that one depend, another friend tried it under the same version
and it's also crashing ... is it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1006-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
March 16th, 2005
On Tue, 7 Mar 2006 19:26:19 +0200 Ventsislav wrote:
VG Are you sure about that amplification process??
Yes.
VG In the scenario you describe, I cannot see any actual amplification...
The amplification isn't in the number of hosts responding, but in packet size.
A very small DNS request packet
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1008-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
March 17th, 2006
On Thu, 16 Mar 2006, Master Phoxpherus wrote:
Hmm. I'm running a Windows 98 SE box and just tried what you said.
Didn't effect me instantly or after a time period. You sure you're not
just seeing shit? :P
Yes, and a number of people have confirmed this problem thus far
(including the author
Hmm. I'm running a Windows 98 SE box and just tried what you said. Didn't
effect me instantly or after a time period. You sure you're not just
seeing shit? :P
Plus, keeping it real, there's a fair difference between a BoF that you can
perform easily remotely, and a BoF you have to talk people
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1007-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
March 17th, 2006
-
Fedora Legacy Update Advisory
Synopsis: Updated gdk-pixbuf packages fix security issues
Advisory ID: FLSA:173274
Issue date:2006-03-16
Product: Red Hat Linux, Fedora Core
Confirmed on XP SP2, latest greatest, etc.
Unhandled exception at 0x7dcfa61d in iexplore.exe: 0xC005: Access
violation writing location 0x002911d8.
I had to shut all (Windows) explorer and Internet Explorer windows first though.
cheers,
Jamie
On 17/03/06, Michal Zalewski [EMAIL PROTECTED]
Hi Marco!
Hey Andrea,
- [PIRELLI HOME ACCESS GATEWAY]
Based on your tests, this device shows the standard incremental IP ID
behaviour: so, nothing special here.
- [MY BOX WITH 2.6.15.6 #1 i686 pentium4 GNU/Linux (vanilla)]
[snip]
(closed port + S flag)
[EMAIL PROTECTED]:~$ cat
Oxynews Sql #304;njection
Website:http://www.oxynews.net/
Demo:http://www.scriptevi.com/files/demo/news/oxynews/
---
Credit:R00t3RR0R
Website:www.biyosecurity.be / www.biyo.tk
mail: [EMAIL PROTECTED]
New eVuln Advisory:
NMDeluxe XSS SQL Injection Vulnerabilities
http://evuln.com/vulns/93/summary.html
Summary
eVuln ID: EV0093
CVE: CVE-2006-1107 CVE-2006-1108
Software: NMDeluxe
Sowtware's Web Site: http://nmdeluxe.com/
Versions: 1.0.0 STABLE
Critical Level:
-
Fedora Legacy Update Advisory
Synopsis: Updated libungif packages fix security issues
Advisory ID: FLSA:174479
Issue date:2006-03-16
Product: Red Hat Linux, Fedora Core
Keywords:
-
Fedora Legacy Update Advisory
Synopsis: Updated kernel packages fix security issues
Advisory ID: FLSA:157459-2
Issue date:2006-03-16
Product: Fedora Core
Keywords: Bugfix
D3vil-0x1 | Devil-00
New MyBB bug that will giv you the ' Full Path Disclosure ' at vic. server
MyBB 1.10 .. New Bugs
1- Full Path Disclosure
= mybb/polls.php?action=votepid=[PID]option[]=null
- Where PID Poll ID
Microsoft Commerce Server 2002:
Logon as known user with a false password
Vulnerable:
Microsoft
Windows Server 2000/2003
+ Internet Information Server 5/6
+ Commerce Server 2002
Discussion:
Microsoft Commerce Server is used by company's who want to give customers
the opportunity to change
41 matches
Mail list logo