-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
---
PROGENY LINUX SYSTEMS -- SECURITY ADVISORY PROGENY-SA-2001-02A
---
Topic:
From: Auriemma Luigi <[EMAIL PROTECTED]>
List of all commands that are affected:
RETRDELEMKD STORCWD APPERNFRXCWDLIST
XRMDSTOUNLST
---
Possible Security Problem in NCM - Content Management System
Package name: NCM Content Management System
Severity: Possible direct access to database of content
Date: 2001-04-10
Affected version
chris,
you wrote :
> I expect weird things from FTP, but this does not seem right. But I am
> curious how you plan to inject code if the only way to get the seg. fault
> is to enter a bare '~'? Kinda limits what you can get on the stack, no?
i forgot to mention that it is also possible to build
due to a fault in expect (the interpreter that runs the mkpasswd script) it is
trivially easy to cause arbitrary commands to be executed by someone else.
(under RH7.0 anyway)
the search path for libs for it includes /var/tmp/
check out
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28224
This fact that in.ftpd crashes with SIGSEGV does not necessarily indicate
that it is a remotely exploitable vulnerability. In this case, it is just
a simple null-pointer dereference. But, as Sun's binary code licence
forbids disassembly, I can only strongly believe or suspect that is a
register-
> curious how you plan to inject code if the only way to get the seg. fault
> is to enter a bare '~'? Kinda limits what you can get on the stack, no?
Actually you can do this:
CWD ~/fff.. (etc)
I could fit about 390 bytes after the ~/ when I tried it against Solaris
7.
also
Solaris ipcs vulnerability
Release Date:
April 11, 2001
Systems Affected:
Solaris 7 (x86)
Other versions of Solaris are most likely affected also.
Discovered by:
Riley Hassell [EMAIL PROTECTED]
Description:
We have discovered a buffer overflow in the /usr/bin/i86/ipcs utility
provided with Sol
Trend Micro Interscan VirusWall 3.01 vulnerability
Release Date:
April 12, 2001
Systems Affected:
Linux Systems with Interscan VirusWall 3.01 (and most likely older versions)
Remote Administration Enabled. Other Unix variants are most likely
vulnerable also.
Description:
A combination of bugs f
Hi there,
At 18:43 11/04/2001 +0700, Fyodor wrote:
>Cisco IOS (at least 11.x series) _IS_ vulnerable (tested, confirmed). Earlier
>versions are presumably vulnerable too. Haven't tested IOS 12.x but it may have
>the same bug inherited as well (unless cisco folks found the problem and fixed
>it si
By the way, I recently upgraded a PIX 515 at work. The folks at Cisco
inform me that the latest software binary image, 5.3.1, is broken. They
suggest upgrading to 5.2.5, which has all of the updates in 5.3.1,
including the elimination of the DoS vulnerability.
It also doesn't hurt to upgrade to
Credits: Auriemma Luigi <[EMAIL PROTECTED]>
I have found a little bug in some versions of Apache WebServer for
Win32.
I have tested 1.3.14 and 1.3.15 (default installation) on Win98SE and
Win2ksp1, and are
vulnerable; today I have tested an Apache 1.3.9 with ApacheJServ/1.0 and
it doesn't work (A
Xsun is set-uid root on Solaris/Intel where it
needs it for certain device drivers.
Xsun is set-gid sys on Solaris/SPARC.
If you run Xsun through dtlogin, you can safely strip
the set-uid bits.
Casper
On 2001-04-11 16:32:38 +0100, Shez wrote:
> The mkpasswd password generator that ships in the
> ``expect'' package of (at least RedHat 6.2) generates only a
> relatively small number (2^15 for the default password length) of
> passwords. Presumably this is a result of trying to apply too
>
I have just verified this on a Solaris 8 machine and it does the exact same
thing.
J.
| -Original Message-
| Subject: SUN SOLARIS 5.6/5.7 FTP Globbing Exploit !
|
| i've tested these globbing vulnerability on two different SPARC Solaris
| Machines.
| One with 5.6 and one with 5.7
On Wed, Apr 11, 2001 at 08:47:36AM -0800, Leif Sawyer wrote:
> Don't have a Solaris 7 box to check. Not sure why your Solaris 8 has
> a SUID Xsun install, either.
Xsun is setgid-root on Sparc, setuid-root on Intel. (The set*id bits in
either case are only needed for people starting the server f
Here's one way to disable the backdoor: I used the EXPERT login to download
/active/ip.ini by ftp, removed all the apadd and rdadd lines, turned off
forwarding for good measure, and re-uploaded it. After resetting the device,
I can't ping it or connect to it on any port, and yet it still functions
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
---
PROGENY LINUX SYSTEMS -- SECURITY ADVISORY PROGENY-SA-2001-04
---
Topic:
On Tue, 10 Apr 2001, Mike Gleason wrote:
> NcFTPd Server for UNIX from NcFTP Software is not vulnerable to the
> pathname globbing buffer overflow described by NAI COVERT Labs advisory
> (COVERT-2001-02) (which is also documented in CERT Advisory CA-2001-07).
>
> Additionally, NcFTPd Server is no
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:31 Security Advisory
FreeBSD, Inc.
Topic: ntpd contain
20 matches
Mail list logo