Does anyone know if IBM's version of ntp is vulnerable, and if so, if they
have released fixes? I have been waiting for this, but I either missed the
announcement, or there was none...
I need fixes for AIX 4.1.5, 4.2.1 and 4.3.3
Best Regards
> From: Vittal Aithal [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, April 17, 2001 4:11 AM
> To: [EMAIL PROTECTED]
> A possible workaround is to add a pattern match in your desktop anti-virus
> software to pick up on such extensions. For instance, adding
> {----} as
On Mon, 16 Apr 2001 08:43:04 EDT, Neil W Rickert writes:
> Scott Howard <[EMAIL PROTECTED]> wrote:
>
> >Solaris 8 (Sparc at least) is not affected as ipcs is not suid/sgid.
>
> This might be a matter of looking in the wrong place.
>
> For programs where there are both 32bit and 64bit versions, the
Sorry for not clarifying. This is another vulnerability. The patch made
DOES NOT fix this vulnerability.
The CGISecurity hole only allowed read, not execute, and the patch did not
affect the az field.
At 11:07 AM 4/17/01 +0200, Wolfgang Wiese wrote:
>Hi,
>
> > Version Tested: DCForum 2000 1.0
Hello,
>>> Microsoft ISA server includes a web proxy component
>>> (W3PROXY.EXE) that is used for both the "publishing"
>>> of internal web servers to the external network
>>> and for proxying of internal requests to external web servers.
>>> Sending a URL with a long pathname comp
Am i missing something, or is there no vendor information listed in this?
Who wrote processit.pl, and what package is it a part of?
On Sun, 15 Apr 2001, UkR hacking team wrote:
> Name: Environment and Setup Variables can be Viewed through processit.pl CGI script
> Author: UkR-XblP /UkR security
[ Advisory for SimpleServer:WWW (analogX) ]
[ SimpleServer:WWW is made by Analogx. Site: http://www.analogx.com ]
[ by nemesystm of the DHC ]
[ (http://dhcorp.cjb.net - [EMAIL PROTECTED]) ]
[ ADV-0103
On Mon, Apr 16, 2001 at 04:48:06PM -0400, Robert Sink wrote:
> I've tried:
>
> TZ=`/usr/local/bin/perl -e 'print "A"x1107'`
>
> ...on... both 64 bit Solaris 8 and Solaris 7 (we have no 32 bit
> machines here) and cannot get the programs to crash. They just
> happily display the A's, plus the othe
[ Advisory for Lotus Domino webserver ]
[ Lotus Domino is made by Lotus. ]
[ Site: http://www.lotus.com ]
[ by nemesystm of the DHC ]
[ (http://dhcorp.cjb.net - [EMAIL PROTECTED]) ]
[ ADV-0101
>PLATFORM>> solaris 2.7/SPARC
>
>
>$ uname -a
>SunOS 5.7 Generic_106541-14 sun4u sparc
>$
>$ TZ=`/usr/local/bin/perl -e 'print "A"x2048'`
>$
>$ /bin/ipcs
>Segmentation Fault
>$
>$ /usr/bin/sparcv7/ipcs
>/usr/bin/sparcv7/ipcs: /dev/ksyms is not a 32-bit kernel namelist
>$
>$ /usr/bin
Hi,
Solaris 7 on sparc 64bits crashes but you need to fill the
buffer with more than 1200 bytes.
The segfault occurs on a ldsb instruction, so I don't know if
its feasible to exploit this bug (Haven't done enough investigation).
Knowdays I'm using wrappers to preven
[ Advisory for GoAhead Webserver v2.1 ]
[ GoAhead Webserver is made by GoAhead. ]
[ Site: http://www.goahead.com]
[ by nemesystm of the DHC ]
[ (http://dhcorp.cjb.net - [EMAIL PROTECTED]) ]
[ ADV-0104
i'm sending this because I was not able to find it in the bugtraq archive
yet. iPlanet does not seem to inform bugtraq (why?). The information posted
herein can be found in
http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert4.16.html
---
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : netscape
SUMMARY : Remote javascript vulnera
Verified on NT SP6 Workstation with all NeverShowExt values
removed from registry. I used an existing HTA file and just
added the extension. Side notes:
1) Right-clicking and selecting "rename" will not show the
CLSID extension.
2) Type shows as "HTML Application" in detailed view and propert
[ Advisory for Viking ]
[ Viking is made by Robtex. ]
[ Site: http://www.robtex.com/viking ]
[ by nemesystm of the DHC ]
[ (http://dhcorp.cjb.net - [EMAIL PROTECTED]) ]
[ ADV-0107
This is true for Windows 2000 SP1, and no setting of "always show file
extension" seems to be able to make Explorer display the entire filename. It
must be noted, however, that the icon of the file is not the one of a text
file, but rather the default icon with the Windows logo.
When I attached t
FSC Internet Corp. / SecureXpert Labs Advisory [SX-20010320-2b]
This is a follow-up to:
[SX-20010320-2] Denial of Service in Microsoft ISA server v1.0
Several individuals have pointed out an easier exploit scenario for this
vulnerability, which additionally does NOT require the Web Publishing
Published in mid-March:
http://vil.nai.com/vil/virusSummary.asp?virus_k=99048
And:
http:[EMAIL PROTECTED]
> -Original Message-
> From: Georgi Guninski [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, April 16, 2001 7:24 AM
> To: [EMAIL PROTECTED]
> Subject: Double clicking on innocent l
> I shall skip the oft-mentioned rant on the subject
> of running
> unknown and unexpected files of strange types from unknown
> and untrusted
> sources ;-)
I think the issue here is that even when the sensible user has disabled
"hide extensions" he should be safe to assume that a .txt file is
[ Advisory for Xitami 2.4d7, 2.5d4 ]
[ Xitami is made by Imatix. ]
[ Site: http://xitami.com ]
[ by nemesystm of the DHC ]
[ (http://dhcorp.cjb.net - [EMAIL PROTECTED]) ]
[ ADV-0105
> > If the file extension is certain CLSID e.g.:
> > testhta.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}
> > then Windows explorer and IE do not show the CLSID and only the .txt
> > extension, while the above file is in fact .hta file.
>
> Verified on Windows 98 SE Dutch version (all patches applie
Hi,
> Version Tested: DCForum 2000 1.0
> Severity: Any remote attacker may gain read/write/execute privilleges
Isn't that the same security-leak CGISecurity (http://www.CGISecurity.com/)
reportet Nov 2000 about?
Moreover the current version of DCForum is 6.1. The security-leak was
affecting ve
On Mon, Apr 16, 2001 at 04:48:06PM -0400, Robert Sink wrote:
> I've tried:
>
> TZ=`/usr/local/bin/perl -e 'print "A"x1107'`
>
> ...on... both 64 bit Solaris 8 and Solaris 7 (we have no 32 bit
> machines here) and cannot get the programs to crash. They just
> happily display the A's, plus the ot
Yes. It is possible that local user can get the part of shadow file in
Solaris 2.6 since the core file is world readable.
[root@ /usr/sbin]> telnet localhost 21
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 sun26 FTP server (SunOS 5.6) ready.
user warning3
331 Password
> On Mon, 16 Apr 2001 04:14:05 -0700, "Mark (Mookie)" <[EMAIL PROTECTED]> said:
Mark> Weren't these issues actually discovered by Renaud Deraison in November 2000?
Mark> He added code to his Nessus program to check for the problems and didn't
Mark> consider it worth an advisory si
---
TOPIC: NTP remote buffer overflow
PRODUCTS AFFECTED: UnixWare 7.1.0 and 7.1.1
PATCH: System Security Enhancement (SSE) SSE074
PATCH LOCATION: ftp://ftp.sco.com/SSE/sse074.Z
ftp://ftp.sco.com/SSE/sse074.ltr
SUM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This advisory is also available at:
http://www.tempest.com.br/advisories/01-2001.html
Cristiano Lincoln Mattos, CISSP, SSCP
CESAR - Centro de Estudos e Sistemas Avançados do Recife
=[ Tempest Security Technologies - Advisory #
qDefense Advisory Number QDAV-5-2000-1
Product: DCForum
Vendor: DCScripts (www.dcscripts.com)
Version Tested: DCForum 2000 1.0
Severity: Any remote attacker may gain read/write/execute privilleges
Cause: Failure to validate input; Trust of hidden fields; Allows uploading
of arbitrary files by defa
Actually, did you attempt to do this with a device that doesn't have a
partnership with the desktop computer already? I just attempted to try to
sync with my ipaq using active sync with the cradle and activesync
attached, but did not do anything else since the screen "do you want to
set up a partn
-BEGIN PGP SIGNED MESSAGE-
Hi Jeff,
We've checked our records, but are unable to find any record of a
mail from you to the Security Response Center. If you did indeed
send to [EMAIL PROTECTED], could you send us a copy of the mail to
assist us in troubleshooting?
In regards to the beha
On Mon, Apr 16, 2001 at 05:23:51PM +0300, Georgi Guninski wrote:
> If the file extension is certain CLSID e.g.:
> testhta.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}
> then Windows explorer and IE do not show the CLSID and only the .txt
> extension,
> while the above file is in fact .hta file.
Ve
32 matches
Mail list logo
