===
Ubuntu Security Notice USN-582-2 March 06, 2008
mozilla-thunderbird
https://launchpad.net/bugs/197504
===
A security issue affects the following Ubuntu releases:
Ubuntu
Luigi Auriemma wrote:
Application: Double-Take
Double Take responded:
You may be aware of a recent posting of “vulnerabilities” in Double-Take
5.0 by an Italian gentleman, Luigi Auriemma. Essentially he found that
sending packets of malformed data to our service will crash the service.
He
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:061
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1513-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
March 06, 2008
###
Luigi Auriemma
Application: MicroWorld eScan Server (aka eScan Management Console)
http://www.mwti.net
Versions: <= 9.0.742.98
Platforms:Windows
Bug: directory tra
>>Roger, you should note that Adam's "Hit by a Bus" paper includes
information about how Linux users can load their OS' Firewire driver in
a way that should disallow physical memory DMA access, and close this
attack vector.
What are the implications for firewire device compatibility of doing
this
Actually they can be prevented by instructing the controller to filter the
adresses the devices send. Then again, that's work, and physical attacks
are typically considered low-risk, so I guess it's not found worth it.
The obvious reason to mention Vista is of course that Microsoft likes
to ta
Hi Alexandr!
I added a "monkey-patch" for this in the Metasploit source tree -- even if
you use Metasploit 3.1 with an unpatched version of Ruby, the patched
handler code is loaded into memory on top of the existing module. Since
the msfweb service will bind to 127.0.0.1 by default, this is not
RBT-4 Crew
rbt-4.net
PHP-Nuke KutubiSitte "kid" SQL Injection
http://www.rbt-4.net/forum/viewthread.php?forum_id=51&thread_id=3058
AUTHOR : Lovebug
# modules.php?name=KutubiSitte&h_op=hadisgoster&kid=
Exploit :
-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0,aid,pwd,4%2
Salut, Roger,
On Wed, 5 Mar 2008 16:30:35 -0500, Roger A. Grimes wrote:
> As somewhat indicated in the paper itself, these types of physical
> DMA attacks are possible against any PC-based OS, not just Windows.
> If that's true, why is the paper titled around Windows Vista?
That's very easy: beca
Hi,
A couple more JPEG ICC parsing bugs were fixed in the latest JDK updates.
Full technical details:
http://scary.beasts.org/security/CESA-2007-005.html
The most interesting part is the faulty code:
Limit = SpGetUInt32 (Buf);
...
UInt16Ptr = (KpUInt16_t *)SpMalloc (Limit * (KpInt32_t)sizeof
Louhi Networks
Security Advisory
Advisory: Checkpoint VPN-1 UTM Edge cross-site scripting
Release Date: 2008/03/06
Last Modified: 2008/03/06
Authors: Henri Lindberg, Associate of (ISC)²
[EMAIL PROTECTED]
Application
On Thu, 6 Mar 2008, Roger A. Grimes wrote:
> As somewhat indicated in the paper itself, these types of physical
> DMA attacks are possible against any PC-based OS, not just Windows.
> If that's true, why is the paper titled around Windows Vista?
>
> I guess it makes headlines faster. But isn't as
On Wed, Mar 05, 2008 at 04:30:35PM -0500, Roger A. Grimes wrote:
> As somewhat indicated in the paper itself, these types of physical DMA
> attacks are possible against any PC-based OS, not just Windows. If that's
> true, why is the paper titled around Windows Vista?
>
> I guess it makes headlin
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-018
Application:Ruby 1.8.6 (WEBrick Web server Toolkit and
applications that used WEBrick, like Metasploit 3.1)
Versions Affected: Ruby
1.8.4 and all prior versi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200803-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
===
Ubuntu Security Notice USN-584-1 March 05, 2008
openldap2.2, openldap2.3 vulnerabilities
CVE-2007-6698, CVE-2008-0658
===
A security issue affects the following Ubuntu r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:060
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200803-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
19 matches
Mail list logo