What documents have you been reading?
Take a look at the actual vulnerability advisory.
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
Or the original posting by OpenSSH
http://www.securityfocus.com/archive/1/498558/30/0/threaded
Where is there any condition related to National
On Mon, Nov 24, 2008 at 11:39 PM, Damien Miller [EMAIL PROTECTED] wrote:
On Mon, 24 Nov 2008, Nick Boyce wrote:
Could someone please help the uncomprehending [i.e. me :-)] understand
why or whether this is anything to be worried about at all ?
Yes, the attack is very unlikely to work
On Mon, 24 Nov 2008, Nick Boyce wrote:
[ahem] ... Sorry to be dumb, but ...
On Fri, Nov 21, 2008 at 10:19 AM, Damien Miller [EMAIL PROTECTED] wrote:
Based on the description contained in the CPNI report and a slightly
more detailed description forwarded by CERT this issue appears to be
Call For Papers
The CanSecWest 2009 CFP is now open.
Deadline is December 8th, 2008.
CanSecWest CALL FOR PAPERS
VANCOUVER, Canada -- The tenth annual CanSecWest applied
technical security conference - where the eminent figures
in the international security industry will get
Good day.
Mon, Nov 24, 2008 at 03:17:05PM +0700, svrt wrote:
In Oct 2008, SVRT-Bkis has detected a serious buffer overflow vulnerability
in ffdshow which affects all available internet browsers.
^^^
Really? And links, elinks, lynx, dillo
The report is for ffdshow, but the referred URL is to ffdshow-tryout. I wonder
if they are the same.
Cheers
Nam
On Mon, 24 Nov 2008 15:17:05 +0700
svrt [EMAIL PROTECTED] wrote:
1. General Information
ffdshow is a DirectShow filter and VFW codec for many audio and video
formats, such as
Nick Boyce [EMAIL PROTECTED] wrote:
[ahem] ... Sorry to be dumb, but ...
On Fri, Nov 21, 2008 at 10:19 AM, Damien Miller [EMAIL PROTECTED]
wrote:
Based on the description contained in the CPNI report and a slightly
more detailed description forwarded by CERT this issue appears to be
##
#MyBB 1.4.3 my_post_key Disclosure Vulnerability by NBBN
(http://nbbnsblog.co.cc)
#
Hey all,
I've just posted a new tool and paper for Oracle forensics. The tool,
orablock, allows a forensic investigator to dump data from a cold Oracle
data file - i.e. there's no need to load up the data file in the database
which would cause the data file to be modified, so using orablock
Maybe this was always clear, but along with that reassurance I guess
you would recommend we all take your stated remedial action :
[place] the following directive in sshd_config and ssh_config:
Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc
at the very next
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01599836
Version: 1
HPSBTU02382 SSRT080132 rev.1 - HP Secure Web Server for Tru64 UNIX or Internet
Express for Tru64 UNIX running PHP, Remote Denial of Service (DoS) or Arbitrary
Code
So, let me try and understand this.
According to what you have written, and the MSDN documentation on this
CreateIpForwardEntry2 call, you need to be (at least) a member of the
Administrators group.
So how is this security vulnerability any different to me creating a program,
which will
I Reference
Title: RSA EnVision Remote Password Disclosure
URL: http://www.secfault.org/?p=78
II. BACKGROUND
RSA EnVision, a product of RSA Security, is a platform allowing gathering and
analysis of security events and logs.
RSA Security is a subsdiary company of EMC Corporation.
= noXSS.org Security Advisory ==
Advisory: WordPress XSS vulnerability in RSS Feed Generator
Author: Jeremias Reith [EMAIL PROTECTED]
Published: 2008/11/25
Affected: WordPress 2.6.5
Summary
===
WordPress prior to v2.6.3 fails to sanitize the Host header variable
correctly when
Administrator lives in Ring 3 while this crash happens in Ring 0.
Nobody, not even Admin shouldn't be able to corrupt kernel space. It's
not a security issue per se - it's just a bug.
[EMAIL PROTECTED] wrote:
So, let me try and understand this.
According to what you have written, and the
[CFP] FRHACK 01 Call For Papers
##
### # ###
# ###
## #
### ###
16 matches
Mail list logo
