On Tuesday 20 February 2001 18:29 US Central Time, Kras Hish wrote:
Telocity provides DSL to their customers through what they call the
Telocity "Gateway Modem".
In the modems, you can connect to them through your web browser to view
usage statistics, your assigned IP, the DHCP server IP
On 20 Feb, Kras Hish wrote:
| Telocity provides DSL to their customers through what they call the Telocity
| "Gateway Modem".
| In the modems, you can connect to them through your web browser to view
| usage statistics, your assigned IP, the DHCP server IP (Modems IP),
| Management's IP (Modem's
Here is a message I just popped off to infopop about their
Ultimate Bulletin Board v5 product. It's not really meant for someone not
used to their product.
If a user has info stored in a cookie, replies to
a message and is using IE 4.0+ there is a way for a hacker to trap his IP
/
Author: Stan Bubrouski ([EMAIL PROTECTED])
Date: February 20, 2001
Package: Chili!Soft ASP
Versions affected: 3.5.2 and possibly previous versions.
Severity: (1) A remote user could potentially view sensative information and
take remote control of the server. (2) The
- Forwarded message from [EMAIL PROTECTED] -
Subject: Sun Security Bulletin #00201
Date: Wed, 21 Feb 2001 13:06:46 -0500 (EST)
From: [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
On Tue, Feb 20, 2001 at 12:48:09PM +0100, Johannes Geiger wrote:
The following patch is UNTESTED and supplied only to make myself clear.
If anybody is interested: Thomas Themel (thanks) pointed out to me an
error in my patch. In rsaglue.c it should read of course
+ success = (value[0] == 0
Telocity provides DSL to their customers through what they call the Telocity
"Gateway Modem".
In the modems, you can connect to them through your web browser to view
usage statistics, your assigned IP, the DHCP server IP (Modems IP),
Management's IP (Modem's IP, different than the previous), DNS
Attached is a simple program that sets the SYN, FIN and More Fragments bits,
which causes a DoS on Fore/Marconi ASX switches. I do not know if this works,
but it performs the desired operations as Keith Pachulski described. Congrats to
Keith for the discovery of this bug.
Jim
/*
This DoS attack
The email gateway included in FirstClass 5.50 can be tricked into
sending mail appearing to the users of the firstclass system as coming
from a local user on the server, including a priviliged user. Doing a
manual sending to the stmp-server specifying username_on_system as the
origin of the email
This issue has been resolved in version 5.47e, currently available in the
UBB Members Area at Infopop.com
Please note that Mister Ashman gave less than five hours between notifying
Infopop of the security issue and posting this issue to Bugtraq. The fixed
version was released nearly at the same
It is working under Solaris 2.7 for me:
user@otherhost telnet targethost
Trying XXX.YYY.ZZZ.Z...
Connected to targethost.
Escape character is '^]'.
SunOS 5.7
login: iouas
Password:
Login incorrect
login: lkjsad
Password:
Login incorrect
login: lkjsad
Password:
Login incorrect
login: lksajd
Yes, I can confirm that this bug has been fixed in Solaris 7.
The patches for Solaris 2.6 are:
105665-01 SPARC
105666-01 x86
On Wednesday 21 February 2001 15:11, Ricardo Creisstoff wrote:
There was a bug identified under Solaris 2.6 as follows:
"Solaris 2.6 does not write anything in
Diversified Software Industries, Inc.
http://www.dsi-inc.net/dsi
Security Advisory
February 22, 2001
Denial of Service attack against computers running Microsoft PPTP (NT 4.0)
1. Description
2. Steps to reproduce (exploits)
3. Vendor status, solution, workarounds
4. Disclaimer
5. Credits
6.
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
-BEGIN PGP SIGNED MESSAGE-
-
This bulletin is in response to an issue originally brought up on the
vuln-dev list. Here is the original post, which can be viewed in the
archives at:
http://www.securityfocus.com/archive/82/148411
To: Vuln-Dev
Subject: UDP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 22 Feb 2001, Anders Ingeborn wrote:
Solution: We have discussed this with MS support (2001-01-29) and
according to them this should be handled/prevented by setting access
control lists so that users are given read-only rights and
I reported this problem to BUGTRAQ on November 8, 2000. See
http://www.securityfocus.com/bid/1922 for more details. I believe Sun
has now released patches for this issue. It always helps to do a search
before reporting a "new" vulnerability. :-)
Regards,
Christian.
Hi
Under Solaris 8, the minimum number of login failures before it gets
logged
can be reduced to less than 5 by editing /etc/default/login file.
I am not sure if this is possible under Solaris 7.
yes it is possible under sol 7 too. same way.
/etc/default/login just lacks the commented
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If you have access to any of the Microsoft Office products, you already have
an easy way to execute commands, modify the registry, or create a network
backdoor. VBA macros can be used to do ANYTHING. Every office product
supports them and almost
On Thu, Feb 22, 2001 at 11:49:45AM -0500, Dan Astoorian wrote:
On Wed, 21 Feb 2001 15:37:45 EST, Markus Friedl writes:
OpenSSH checks whether the two calls to rsa_private_decrypt()
success and the resulting session keys has the correct size.
Otherwise it just uses a 'random' session
SunOS phxasn2 5.6 Generic_105181-23 sun4u sparc SUNW,Ultra-Enterprise-1
SunOS phxasn4 5.8 Generic_108528-04 sun4u sparc SUNW,Ultra-4
After five unsuccessful login attempts, all the attempts are
logged in the file /var/adm/loginlog. This file contains one
record for each
___
TurboLinux Security Announcement
Vulnerable Packages: All versions previous to 8.11.2-5
Date: 02/21/2001 5:00 PDT
Affected TurboLinux versions:TL 6.1 WorkStation,
I would first like to remind the reader that the
software version in question is clearly marked as
Beta software on our website with approporate
disclaimers.
Secondly we did release a new beta version that
night to fix this problem and have released other
versions since, all containing the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Linux-Mandrake Security Update Advisory
Package name: cups
Date:
StarOffice creates a temporary directory in /tmp called soffice.tmp,
with permissions 0777. Into this directory other temporary files are
creates,
with the format: sv.tmp, where in a four or five digits number.
Staroffice honors $TMP, so create /home/foo/tmp and set your TMP
___
TurboLinux Security Announcement
Package: Bind
Vulnerable Packages: All versions previous to 8.2.3
Date: 02/21/2001 5:00 PDT
Affected TurboLinux versions:TL 6.1
Hi, Jon,
(This message was sent to [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED])
Regarding to Jon's posting at:
http://www.securityfocus.com/templates/archive.pik
e?list=1mid=162712
I would like to provide more information.
Basically, there are two factors in the security
issue
27 matches
Mail list logo