Security Assessment of the Internet Protocol

2008-08-14 Thread Fernando Gont
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello, folks, The United Kingdom's Centre for the Protection of National Infrastructure has just released the document "Security Assessment of the Internet Protocol", on which I have had the pleasure to work during the last year or so. The motivat

ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability

2008-08-14 Thread zdi-disclosures
ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-053 August 14, 2008 -- Affected Vendors: Symantec -- Affected Products: Symantec Veritas Storage Foundation -- Vulnerability Deta

SYM08-015_SFW_SecurityUpdateBypass

2008-08-14 Thread Mike Prosser
The attached is a signed version of the security advisory for Symantec Storage Foundation for Windows 5.x that was released today. If we can get the signature to verify, please post to bugtraq Regards <> -BEGIN PGP SIGNED MESSAGE- Hash: SHA

Postfix local privilege escalation via hardlinked symlinks

2008-08-14 Thread Wietse Venema
Summary: Solaris and Linux file system behavior has changed over time, breaking one of the assumptions in Postfix. See below for a description of the behavior and how it disagrees with standards. Postfix is not affected on systems with standard (POSIX, X/Open) file system behavior, i.e. *BSD, AIX,

[ MDVSA-2008:169 ] hplip

2008-08-14 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:169 http://www.mandriva.com/security/

[security bulletin] HPSBOV02357 SSRT080058 rev.1 - HP OpenVMS TCP/IP Services running BIND, Remote DNS Cache Poisoning

2008-08-14 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01523520 Version: 1 HPSBOV02357 SSRT080058 rev.1 - HP OpenVMS TCP/IP Services running BIND, Remote DNS Cache Poisoning NOTICE: The information in this Security Bulletin should be acted upon as

[ MDVSA-2008:168 ] stunnel

2008-08-14 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:168 http://www.mandriva.com/security/

Microsoft Windows Messenger Remote Illegal Access Vulnerability

2008-08-14 Thread cocoruder
Microsoft Windows Messenger Remote Illegal Access Vulnerability by cocoruder(frankruder_at_hotmail.com) http://ruder.cdut.net Summary: A remote illegal access vulnerability exists in Microsoft Windows Live Messenger. A vicious attacker can control the Live Messenger via constructing a malic

[ MDVSA-2008:170 ] cups

2008-08-14 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:170 http://www.mandriva.com/security/