On Fri, Mar 24, 2006 at 03:26:12AM -0800, [EMAIL PROTECTED] wrote:
> Hello everyone.
>
> Doesn't the included text from the advisory really make it sound more like a
> problem with their system for managing games?
Hello, this is accurate.
> It doesn't point out any flaw
> in nethack in genera
On Thu, 23 Mar 2006, Claus Assmann wrote:
> Ask ISS about the exploit. It definitely is a programming bug,
> just read the man page for setjmp() on an OpenBSD system.
I did, ISS indeed enlightened me. Didn't I ask for just that?
:)
> > It took Sendmail a mounth to fix this. A mounth.
>
> No. It
On Thu, 23 Mar 2006, Dragos Ruiu wrote:
> On March 23, 2006 01:41 am, Gadi Evron wrote:
> > Here's what ISS releasing the Race Condition vulnerability has to say:
> > http://xforce.iss.net/xforce/alerts/id/216
> > They say it's a remote code execution. They say it's a race condition. No
> > real da
On Thu, 23 Mar 2006, Theo de Raadt wrote:
> > Sendmail is, as we know, the most used daemon for SMTP in the world. This
> > is an International Infrastructure vulnerability and should have been
> > treated that way. It wasn't. It was handled not only poorly, but
> > irresponsibly.
>
> You would pr
> Sendmail has been an important part of the Internet infrastructure and
> has gained a lot of honour and respect. Many people use this piece of
> software and a lot of distributors/vendors are proliferating this
> software. They do deserve better, as do the users who decide to trust
> this vendo
Probably you were pointing to the following vendor: FrSIRT, not FrCIRT.
Regards,
Juha-Matti
Symantec Deepsight Alert Services
SecurityMob
FrCIRT
iAlert Web
TraceAlert
SecurityTracker
Cybertrust Vulnerability/Threat Management
Vulnerability Tracking Service
X-Force Threat Analysis Service
http:
On Fri, 24 Mar 2006 [EMAIL PROTECTED] wrote:
> On Thu, 23 Mar 2006 03:59:20 CST, Gadi Evron said:
> > Oh, sorry for not mentioning earlier -
> > Operators that want to patch Sendmail, I'd suggest doing it soon. Now we
> > not only do we face risk to our mail servers, but rather trusting other
> > s
> Ask ISS about the exploit. It definitely is a programming bug,
> just read the man page for setjmp() on an OpenBSD system.
Claus is talking about this particular piece of text which we added to
our setjmp(3) manual page in late 2001:
CAVEATS
[...]
Use of longjmp() or siglongjmp() fr
On Thu, 23 Mar 2006, Eric Allman wrote:
> Talk to the vendors. I've seen quite a few of their advisories come
> by.
After or before it hit the news? You may be able to alert vendors, but
the problem with critical infrastructure is that is widely deployed around
the world. Releasing the way yo
On Fri, 2006-03-24 at 03:26 -0800, [EMAIL PROTECTED] wrote:
> Doesn't the included text from the advisory really make it sound more like a
> problem with their system for managing games? It doesn't point out any flaw
> in nethack in general, just behavior that's unexpected/unwanted/uncontrollabl
Website : http://www.vihor.de
I.Remote Exucete :
Vulnerable :
http://www.site.com/[path]/index.php?page=evilcode.txt?&cmd=id
II. Cross Attack
http://www.site.com/[path]/index.php?page=alert(document.cookie)
http://www.site.com/[path]/index.php?page=alert(Patriotic
Hackers)
Patriotic Hacke
Theo de Raadt wrote:
> > Sendmail is, as we know, the most used daemon for SMTP in the world. This
> > is an International Infrastructure vulnerability and should have been
> > treated that way. It wasn't. It was handled not only poorly, but
> > irresponsibly.
The documentation is distressingly va
Website : http://www.christian-heffner.de
Version : 1.07
I.
http://www.site.com/index.php?page=evilcode.txt?&cmd=uname -a
III. Cross Scripting Attack
http://www.site.com/index.php?page=alert(document.cookie)
http://www.site.com/index.php?page=alert(Patriotic Hackers)
Etc..
IV. Solution
No
==
Secunia Research 24/03/2006
- Quick 'n Easy/Baby Web Server ASP Code Disclosure Vulnerability -
==
Table of Contents
Affected Softwar
Hello everyone.
Doesn't the included text from the advisory really make it sound more like a
problem with their system for managing games? It doesn't point out any flaw
in nethack in general, just behavior that's unexpected/unwanted/uncontrollable
in their system.
Are any other distributions/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00622788
Version: 1
HPSBUX02105 SSRT061134 rev.1 - HP-UX Running swagentd Remote
Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted
upon as soon as possi
New eVuln Advisory:
DSNewsletter SQL Injection Vulnerability
http://evuln.com/vulns/97/summary.html
Summary
eVuln ID: EV0097
CVE: CVE-2006-1237
Software: DSNewsletter
Sowtware's Web Site: http://dsportal.uw.hu/
Versions: 1.0
Critical Level: Moderate
Type: SQL In
New eVuln Advisory:
DSPoll Multiple SQL Injection Vulnerabilities
http://evuln.com/vulns/96/summary.html
Summary
eVuln ID: EV0096
CVE: CVE-2006-1217
Software: DSPoll
Sowtware's Web Site: http://dsportal.uw.hu/
Versions: 1.1
Critical Level: Moderate
Type: SQL Inj
On Thu, 23 Mar 2006 03:59:20 CST, Gadi Evron said:
> Oh, sorry for not mentioning earlier -
> Operators that want to patch Sendmail, I'd suggest doing it soon. Now we
> not only do we face risk to our mail servers, but rather trusting other
> servers as well.
Been there, done that. All the same i
Gadi Evron said:
>"Hey mom, what's my root password? I forgot"
>"Dunno, just use the new sendmail vulnerability!"
The fact that a product has a long history of bugs should not be
regarded as an indicator of its current level of security compared to
other products.
I've been of the mindset latel
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1018-1[EMAIL PROTECTED]
http://www.debian.org/security/ Dann Frazier, Simon Horman
March 26th, 2006
New eVuln Advisory:
@1 File Store Multiple XSS and SQL Injection Vulnerabilities
http://evuln.com/vulns/95/summary.html
Summary
eVuln ID: EV0095
Software: @1 File Store
Sowtware's Web Site: http://www.upoint.info/cgi/download/
Versions: 2006.03.07
Critical Level
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1019-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
March 24th, 2006
I have to comment on these allegations by Gadi Evron.
Tech details:
Sendmail vulnerabilities were released yesterday. No real public
announcements to speak of to the security community.
Sendmail, CERT, and ISS Advisories went out. That's not a "real
public announcement"?
SecuriTeam releas
-
Fedora Legacy Update Advisory
Synopsis: Updated sendmail packages fix security issues
Advisory ID: FLSA:186277
Issue date:2006-03-23
Product: Red Hat Linux, Fedora Core
Keywords:
On Thu, Mar 23, 2006, Gadi Evron wrote:
> To begin with, anyone noticed the memory leak they (Sendmail) silently
> patched?
Hmm, which one? Please read the code carefully and tell me where
the leak is (was).
> Second, the Integer Overflow is practical, not theoretical.
It is avoided by the stan
> Sendmail is, as we know, the most used daemon for SMTP in the world. This
> is an International Infrastructure vulnerability and should have been
> treated that way. It wasn't. It was handled not only poorly, but
> irresponsibly.
You would probably expect me to the be last person to say that Sen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:060
http://www.mandriva.com/security/
___
28 matches
Mail list logo
