All reports so far seems to indicate this IE warning was a false
alert.
"Jason M. Taylor" <[EMAIL PROTECTED]>:
I tested it on a Windows 98 SE box running IE 5.00.2614.3500 and got the
following, "Exception while fetching
image:com.ms.security.SecurityExceptionEx[example0.action]: cannot
connect
Here is the staement of the very friendly people from AVM:
eAX
- Statement german -
Das beschriebene Sicherheitsloch beschränkt sich ausschließlich auf das
firmeninterne Netzwerk. Gegenüber dem Internet ist das eigene Firmennetzwerk
komplett durch KEN! (NAT) abgeschirmt. KEN! ist nicht für groß
Hello,
I confirmed the 742-A's caused a page fault in KERNEL32.DLL
at 0167:bff87ede under FP 3.0.2.1105, installed with PWS
under Windows 98 (PWS.EXE Version 4.02.0690). However,
this length did not force A's into the EIP. Instead the stack pointer
is corrupted, now pointing to invalid memory (wh
Brief Preface:
We have found that three major backbone providers are vunerable to this
sort of probing. When notified, they locked down their network, and
threatened legal action if their names were mentioned in a bugtraq post.
Javaman
Title: Lack of Network Security and Privacy Implicat
Hello,
I apologize for the additional posting but I also tested
the buffer overflow on NT 4SP4 with IIS installed
from the Option Pack and the 742-A's did not cause
a crash.
The file disovery bug did work for files on the same
volume as the webroot. Same order of path checking.
If the files exis
The DOS exploit outlined in Alain Thivillon's posting has been addressed in
Trend Micro's InterScan v. 3.4 for Windows NT - which is currently in beta
test. The new beta release can be downloaded from:
http://www.antivirus.com/download/beta_programs/
If you do not want to use the beta version,
>Such a database is all good and fine, but it inheritly has at
>least one weakness: an attacker can install an old, but genuine
>Sun binary with a security hole in it.
>
>If you did a post mortem and found such a file, would you say
>"I must have forgotten to update that file" or would you say
>"T
"RUS-CERT, University of Stuttgart" <[EMAIL PROTECTED]> writes:
>
>
> RUS-CERT Advisory 24-01: GNU Emacs 20
>
> RUS-CERT, University of Stuttgart
>
> 2000-04-18
>
> Summary
>
>Several vulnerabilities were dis
-BEGIN PGP SIGNED MESSAGE-
Cisco Catalyst Enable Password Bypass Vulnerability
Revision 1.1
Tentatively for release 2000 April 19 08:00 AM US/Pacific (UTC+0700)
---
Summary
===
Cisco Catalyst software perm
Hi Gang,
While testing some new gear, I found a serious problem with the
Adtran MX2800 M13 Multiplexer. This device aggregates up to 28 T1's onto a
Channelized DS3 interface and is primarlly used in cases where you've got
a lot of T1's. The unit I have has dual redundant controller cards
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-00:13 Security Advisory
FreeBSD, Inc.
Topic: generic-nqs
On Mon, 17 Apr 2000 23:02:48 -0700, R. C. Dowdeswell wrote:
> Using chroot in a lot of situations is rather dangerous, and one
> must carefully set up the environment that it runs in.
Yes. This is why I would never do it by default; it's something that the site
has to turn on explictly (and they
[ Reader(s), please Cc: your comments/etc to [EMAIL PROTECTED] ]
---[ Legion2000 - Russian Security Team (ADV-150400#1) ]---
www.legion2000.cc
INFORMATION
Program Name : CERN Image Map Dispatcher
Discovered By : Narrow ([EMAIL PROTECTED])
---
> Can we please [] discuss the facts rationally?
> 1) There is no added vulnerability at all for a UNIX system which
>permits shell access.
This is not quite true. There is no added vulnerability for a system
which permits shell access with the same
pair which gives mailbox access.
One si
RUS-CERT Advisory 24-01: GNU Emacs 20
RUS-CERT, University of Stuttgart
2000-04-18
Summary
Several vulnerabilities were discovered in all Emacs versions up
to 20.6, namely:
Under certain circumst
In message <[EMAIL PROTECTED]> Mark Crispin writes:
: Last but not least, I am very interested in Kris Kennaway's claim
: that "It may also be possible to break out of the chroot jail on
: some platforms." If true, it represents a huge root-level security
: hole on those platforms. I simply do n
Hi,
Just a quick note to let people know that I've updated pwdump2 so that
it can now dump password hashes on W2K domain controllers. The
previous version was unable to get the hashes from Active Directory.
You can get it from the Tools section of the RAZOR website,
http://razor.bindview.com/to
On 956021099 seconds since the Beginning of the UNIX epoch
Mark Crispin wrote:
>
>The final form of the CHROOT_SERVER code, which will be an option in the next
>distributed version, consists of:
> if (chroot (home ? home : ANONYMOUSHOME)) return NIL;
> home = "/";
>And, yes, this will do the nec
Mark Crispin wrote:
> Last but not least, I am very interested in Kris Kennaway's claim that "It may
> also be possible to break out of the chroot jail on some platforms." If true,
> it represents a huge root-level security hole on those platforms. I simply do
> not believe the claim. I would
Georgi Guninski security advisory #10, 2000
IE 5 security vulnerablity - circumventing Cross-frame security policy
using Java/JavaScript (and disabling Active Scripting is not that easy)
Disclaimer:
The opinions expressed in this advisory and program are my own and not
of any company.
The usual
>Last but not least, I am very interested in Kris Kennaway's claim that "It
may
>also be possible to break out of the chroot jail on some platforms." If
It is possible, especially if you have /proc mounted. It is made even
more likely if you have processes inside and outside of the chroot
envir
Hi again. Another overflow and TCP/IP stack flaw.
Affected: virtually any system running on the top of Netware system with
http remote administration (including web caching solutions,
BorderManager firewall and so on)...
There's an buffer overflow in remote (http, usually on
Such a database is all good and fine, but it inheritly has at
least one weakness: an attacker can install an old, but genuine
Sun binary with a security hole in it.
If you did a post mortem and found such a file, would you say
"I must have forgotten to update that file" or would you say
"There is
Hi,
I notice xfs (the X font server) recently hit the news. It seems I never
sent the below message on to Bugtraq (at least a search doesn't show up
much). I'm guessing it's still relevant.
This message illustrates that the xfs problem recently mentioned by Michal
is but one of many minor carele
I am sending you the final call for extended abstracts for Raid 2000.
I would appreciate if you could distribute it as widely as
possible.
Also, online proceedings of RAID'98 and RAID'99 are now available at
http://www.raid-symposium.org/
Thanks for your help.
Herve
==
At 10:25 PM 4/17/00 -0300, Iván Arce wrote:
> So these seems to be quite precise WRT possible attackers and impact,
> the hype derived from the media coverage does not seem to be part of
> RFP's agenda.
This is what happens when something is just put out in front of everyone
with no notification
26 matches
Mail list logo
