Abraham Lincoln wrote:
> 1] Multiple DOS vulnerabilities with Kerio Mail Server services
>
> - By sending multiple "SYN" packet to every services of the mail
> server (POP3, SMTP, IMAP, Secure IMAP, POP3S, Web-mail, Secure
> Web-mail) it would stop the mail server services from responding.
> Sen
On Tue, 2002-08-27 at 03:23, [EMAIL PROTECTED] wrote:
>
> no specification (as far as i know) never defined IPv4 mapped address
> to be bogons.
Looking into it further, it seems you are correct. It was assigned out
of the 0/16 reserved block, but at least as far back as December, 19
>> IPv4 mapped address considered harmful
>>draft-itojun-v6ops-v4mapped-harmful-00.txt
>
>I'm not sure that I agree with your analysis. The security implications
>of IPv4-in-IPv6 addressing are no different than IPv4 addressing today.
>Rolling out IPv6 will not
If I might be so bold, but this seems to go on all the time.
We use a Contact Relationship Management (CRM) packare from e.Piphany called
ActiveSales (or e.Piphany Sales or eSales, whatever it is this week) that has a front
end client and a repository independant back end database (Access, SQL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
For Immediate Disclosure
== Summary ==
Security Alert: NOVL-2002-2961546
Title: SNMPv1 Trap and Request Handling Vulnerabilities
Date: 15-Feb-2002
Revision: Origina
In-Reply-To: <[EMAIL PROTECTED]>
We've looked at some similar issues for Word and other
formats, and various PKI packages, in
K. Kain, S.W. Smith, R. Asokan.
``Digital Signatures and Electronic Documents: A
Cautionary Tale.'' Sixth IFIP Conference on
Communications and Multimedia Security
On Tue, 2002-08-27 at 03:12, [EMAIL PROTECTED] wrote:
> the problem is that some protocol proposal do not consider IPv4 mapped
> address as "bogon" - they propose to actually use them in IPv6 traffic
> on wire.
They used to be bogons, so any currently existing bogon filters (e.
On Fri, 23 Aug 2002, Jun-ichiro itojun Hagino wrote:
>
> IPv4 mapped address considered harmful
>draft-itojun-v6ops-v4mapped-harmful-00.txt
>
[snip]
I'm not sure that I agree with your analysis. The security implications
of IPv4-in-IPv6 addressing are no diff
>Maybe I'm missing something, but I don't see whats so different about
>using mapped IPv4 addresses on the wire, especially since your bogon
>filters should already be dropping any use.
the problem is that some protocol proposal do not consider IPv4 mapped
address as "bogon" - the
Thank you very much for your prompt response.
On Fri, 23 Aug 2002 [EMAIL PROTECTED] wrote:
> >> IPv4 mapped address considered harmful
> >>draft-itojun-v6ops-v4mapped-harmful-00.txt
[snip]
> >No change to the IPv6 protocol or network stacks is required, one onl
Microsoft Baseline security analyser shows a red cross against "MS02-008,
XMLHTTP Control Can Allow Access to Local Files" on both my systems, and
this is backed up by the exploit http://jscript.dk/Jumper/xploit/xmlhttp.asp
is working on both my systems despite reapplying the required patch many
t
On 2002-08-23 01:18:40 +0900, Jun-ichiro itojun Hagino wrote:
> 2. Threats due to the use of IPv4 mapped address on wire
>
> When userland application on top of AF_INET6 API sees peers with IPv4
> mapped addresses (like by getpeername(2) or recvfrom(2)), it cannot
> detect if the packet actually
> the key difference is that it may be possible to circumvent IPv4
> filters by using IPv4 mapped address (= IPv6 address like
> :::1.2.3.4). the problem is in additional complexity due to
> the interaction between IPv4 packet and IPv6 API/packet.
I'll give you that t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT
- -
PACKAGE:gaim
SUMMARY:arbitrary program execution
DATE
Im now 100% sure where I should post this or who to tell, but here goes.
I was messing around with just installing some chat programs when I came
across Yahoo Messenger. Well I started the install, and oddly enough its a
lil different. Yahoo decided it would be easier for the user to just
Andrey Kolishak wrote:
>
>There is also article of Symeon Xenitellis "A New Avenue of Attack:
>Event-driven system vulnerabilities" http://www.isg.rhul.ac.uk/~simos/event_demo/
>
>
>
In fact, the problem is similar to U*ix signals, except that there is no
jump-to-address argument for usual. Re
>> This ambiguity creates chances to malicious party to trick victim nodes.
>> Here are a couple of examples:
>How are these any different than with IPv4? I can send bad source
>addresses in IPv4 just as easily as in IPv6. IPv6 might even make it
>easier to do, e.g., reverse-path filtering (less p
On Thu, 2002-08-22 at 12:18, Jun-ichiro itojun Hagino wrote:
> This ambiguity creates chances to malicious party to trick victim nodes.
> Here are a couple of examples:
How are these any different than with IPv4? I can send bad source
addresses in IPv4 just as easily as in IPv6. IPv6 might even
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: xinetd
Advisory ID:
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED]
__
SCO Security Advisory
Subject:Open UNIX 8.0.0 UnixWare 7.1.1 : X server insecure popen and
buffer
I'm not sure how you can categorize this as "human error" since the default
SQL Server installation includes the 'guest' user in master, msdb, and
tempdb databases. This gives all logins, no matter how lowly, access to
thoses databases and objects inside that have permissions granted to the
'publ
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 158-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
August 27th, 2002
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
General Info
-
Researched by: James Martin
Full advisory: http://www.uuuppz.com/research/adv-002-mirc.htm
Exploit: Proof of concept code available at above URL.
Product: mIRC
Website: http://www.mirc.com
Version: V6.00, V6.01, V6.02.
Fi
23 matches
Mail list logo