Re: [CORE SDI ADVISORY] SSH1 session key recovery vulnerability

=?iso-8859-1?Q?Iv=E1n_Arce?= [EMAIL PROTECTED] writes: Solution/Vendor Information/Workaround: [...] SSH.com ssh-1 up to version 1.2.31 is vulnerable. The official response from SSH.com follows: -SSH1 is deprecated and SSH.com does not support it anymore, the official response is

m4 (GNU) Buffer Overflow, Slackware Confirmed

The problem exists in the Slackware x86 7.1.0 Distro as well. On Fre, Feb 02, 2001 at 09:36:29 +0100, Tomasz Kuniar wrote: The same problem in most (all?) distributions is with m4 - GNU macro processor code, when trying use -G option: mezon@beata:~$ m4 -G %x%x%x%x m4:

FreeBSD Ports Security Advisory: FreeBSD-SA-01:22.dc20ctrl

-BEGIN PGP SIGNED MESSAGE- = FreeBSD-SA-01:22 Security Advisory FreeBSD, Inc. Topic: dc20ctrl

Re: [CORE SDI ADVISORY] SSH1 session key recovery vulnerability (errata)

Just a small correction to the advisory just released: http://www.core-sdi.com/bid/1949 http://www.core-sdi.com/bid/1426 http://www.core-sdi.com/bid/1323 http://www.core-sdi.com/bid/1006 http://www.core-sdi.com/bid/843 http://www.core-sdi.com/bid/660 should be:

Local promotion in NT4's NTLM Security Support Provider

BindView Security Advisory Local promotion vulnerability in NT4's NTLM Security Support Provider Issue Date: February 7, 2001 Contact: [EMAIL PROTECTED] Topic: Local promotion vulnerability in NT4's NTLM Security Support Provider Overview: Due to a flaw in the NTLM Security Support

Internet Explorer Vulnerability to Web Mail-based Spoofing Attacks

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 VERSIONS AFFECTED Internet Explorer 5.0 on the Macintosh and 4.0 on Windows both have the problem. IE 5 on Windows did not seem vulnerable, however it also didn't display the test image correctly, so there may still be issues. SUMMARY First.

Re: Bug in Bind 9.1.0? [Summary]

For those of you keeping score, here are the (very unscientific) tallied repro reports so far on this issue: OS Yes No BSDi 4.01 BSD/OS 4.1 1 BSD/OS 4.2 1 Debian 2.2 3 FreeBSD 2.26

[ISC-Bugs #811] (bind9) yes, it seems NMAP can trivially crash BIND-9.1.0, at least on i386.... (forwarded)

It seems I should have been in a bit less of a rush and dug a bit deeper into this problem. BIND-9.1.0 is not entirely to blame for the crash it suffers on some systems when probed in some circumstances by nmap. I wish to thank ISC and especially Andreas Gustafsson for their quick response to

Re: Bug in Bind 9.1.0?

Hi, After two days of recieving comments on my original posting and doing some testing, here's a summary: * The 'bug' seems to manifest itself randomly. Named on my machine crashes maybe 1 in 5 tries. This might explain why relatively few people were able to reproduce it. * Running nmap

Security Advisory: security problems in ptrace and sysctl CSSA-2001-009.0

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ Caldera Systems, Inc. Security Advisory Subject:security problems in ptrace and sysctl Advisory number:CSSA-2001-009.0 Issue

Re: [CORE SDI ADVISORY] SSH1 session key recovery vulnerability

In message 073f01c09136$ddc04240$2e58a8c0@ffornicario, =?iso-8859-1?Q?Iv=E1n_ Arce?= writes: OpenSSH The vulnerability is present in OpenSSH up to version 2.3.0, although it is not possible to exploit it due to limits imposed on the number of simultaneous connections the server is allowed

Re: m4 (GNU) Buffer Overflow, Slackware Confirmed

Avro Nelson wrote: The problem exists in the Slackware x86 7.1.0 Distro as well. On Fre, Feb 02, 2001 at 09:36:29 +0100, Tomasz Kuniar wrote: The same problem in most (all?) distributions is with m4 - GNU macro processor code, when trying use -G option: mezon@beata:~$ m4 -G

[TL-Security-Announce] netscape-communicator-4.76-5 TLSA2000020-2

TurboLinux Security Announcement Vulnerable Packages: netscape-communicator 4.75-1 and earlier Date: 02/05/2001 5:00 PDT Affected TurboLinux

[TL-Security-Announce] slocate-2.3-2 TLSA2001002-1

___ TurboLinux Security Announcement Vulnerable Packages: slocate-2.3-1 and earlier Date: 02/02/2001 5:00 PDT Affected TurboLinux versions:TL 6.1 WorkStation,

[CLA-2001:380] Conectiva Linux Security Announcement - proftpd

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -- PACKAGE : proftpd SUMMARY : Denial of Service DATE

BindView advisory: sshd remote root (bug in deattack.c)

Remote vulnerability in SSH daemon crc32 compensation attack detector --- Issue date: 8 February 2001 Author: Michal Zalewski [EMAIL PROTECTED] Contact: Scott Blake [EMAIL PROTECTED] CVE: CAN-2001-0144 Topic: Remotely

Vulnerability in AOLserver

From: [EMAIL PROTECTED] Date: Tue, 6 Feb 2001 02:31:40 -0800 . . . AOLserver v3.2 is a web server available from http://www.aolserver.com. A vulnerability exists which allows a remote user user to break out of the web root using relative paths (ie: '...').

[CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector vulnerability

CORE SDI http://www.core-sdi.com SSH1 CRC-32 compensation attack detector vulnerability Date Published: 2001-02-08 Advisory ID: CORE-20010207 Bugtraq ID: 2347 CVE CAN: CAN-2001-0144 Title: SSH1

[SECURITY] [DSA 028-1] New man-db packages released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-028-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze February 9, 2001 -

[SECURITY] [DSA 027-1] New OpenSSH packages released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-027-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze February 8, 2001 -

Authentication By-Pass Vulnerability in OpenSSH-2.3.1 (devel snapshot)

Please, check http://www.openssh.com/security.html for a full summary of security related issues in OpenSSH. OpenBSD Security Advisory February 8, 2001