=?iso-8859-1?Q?Iv=E1n_Arce?= [EMAIL PROTECTED] writes:
Solution/Vendor Information/Workaround:
[...]
SSH.com
ssh-1 up to version 1.2.31 is vulnerable.
The official response from SSH.com follows:
-SSH1 is deprecated and SSH.com does not support it
anymore, the official response is
The problem exists in the Slackware x86 7.1.0 Distro as well.
On Fre, Feb 02, 2001 at 09:36:29 +0100, Tomasz Kuniar wrote:
The same problem in most (all?) distributions is with m4 - GNU macro
processor code, when trying use -G option:
mezon@beata:~$ m4 -G %x%x%x%x
m4:
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:22 Security Advisory
FreeBSD, Inc.
Topic: dc20ctrl
Just a small correction to the advisory just released:
http://www.core-sdi.com/bid/1949
http://www.core-sdi.com/bid/1426
http://www.core-sdi.com/bid/1323
http://www.core-sdi.com/bid/1006
http://www.core-sdi.com/bid/843
http://www.core-sdi.com/bid/660
should be:
BindView Security Advisory
Local promotion vulnerability in NT4's NTLM Security Support Provider
Issue Date: February 7, 2001
Contact: [EMAIL PROTECTED]
Topic:
Local promotion vulnerability in NT4's NTLM Security Support Provider
Overview:
Due to a flaw in the NTLM Security Support
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
VERSIONS AFFECTED
Internet Explorer 5.0 on the Macintosh and 4.0 on Windows both
have the problem. IE 5 on Windows did not seem vulnerable, however
it also didn't display the test image correctly, so there may still be issues.
SUMMARY
First.
For those of you keeping score, here are the (very unscientific) tallied
repro reports so far on this issue:
OS Yes No
BSDi 4.01
BSD/OS 4.1 1
BSD/OS 4.2 1
Debian 2.2 3
FreeBSD 2.26
It seems I should have been in a bit less of a rush and dug a bit
deeper into this problem.
BIND-9.1.0 is not entirely to blame for the crash it suffers on some
systems when probed in some circumstances by nmap.
I wish to thank ISC and especially Andreas Gustafsson for their quick
response to
Hi,
After two days of recieving comments on my original posting and doing some
testing, here's a summary:
* The 'bug' seems to manifest itself randomly. Named on my machine crashes
maybe 1 in 5 tries. This might explain why relatively few people were able to
reproduce it.
* Running nmap
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
Caldera Systems, Inc. Security Advisory
Subject:security problems in ptrace and sysctl
Advisory number:CSSA-2001-009.0
Issue
In message 073f01c09136$ddc04240$2e58a8c0@ffornicario, =?iso-8859-1?Q?Iv=E1n_
Arce?= writes:
OpenSSH
The vulnerability is present in OpenSSH up to version 2.3.0,
although it is not possible to exploit it due to limits imposed
on the number of simultaneous connections the server is allowed
Avro Nelson wrote:
The problem exists in the Slackware x86 7.1.0 Distro as well.
On Fre, Feb 02, 2001 at 09:36:29 +0100, Tomasz Kuniar wrote:
The same problem in most (all?) distributions is with m4 - GNU macro
processor code, when trying use -G option:
mezon@beata:~$ m4 -G
TurboLinux Security Announcement
Vulnerable Packages: netscape-communicator 4.75-1 and earlier
Date: 02/05/2001 5:00 PDT
Affected TurboLinux
___
TurboLinux Security Announcement
Vulnerable Packages: slocate-2.3-1 and earlier
Date: 02/02/2001 5:00 PDT
Affected TurboLinux versions:TL 6.1 WorkStation,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : proftpd
SUMMARY : Denial of Service
DATE
Remote vulnerability in SSH daemon crc32 compensation attack detector
---
Issue date: 8 February 2001
Author: Michal Zalewski [EMAIL PROTECTED]
Contact: Scott Blake [EMAIL PROTECTED]
CVE: CAN-2001-0144
Topic:
Remotely
From: [EMAIL PROTECTED]
Date: Tue, 6 Feb 2001 02:31:40 -0800
. . .
AOLserver v3.2 is a web server available from http://www.aolserver.com.
A vulnerability exists which allows a remote user user to break out of the
web root using relative paths (ie: '...').
CORE SDI
http://www.core-sdi.com
SSH1 CRC-32 compensation attack detector vulnerability
Date Published: 2001-02-08
Advisory ID: CORE-20010207
Bugtraq ID: 2347
CVE CAN: CAN-2001-0144
Title: SSH1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-028-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
February 9, 2001
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-027-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
February 8, 2001
-
Please, check http://www.openssh.com/security.html for a full summary of
security related issues in OpenSSH.
OpenBSD Security Advisory
February 8, 2001
21 matches
Mail list logo