Hi,
Here is exploit for ptrace/execve race condition bug in Linux kernels up
to 2.2.18.
It works even on openwall patched kernels (including broken fix in 2.2.18ow4)
if you use address of BSS section in memory (use objdump -h /suid/binary
to get .bss section address).
It does not use brute-for
Vulnerability in Solaris tip(1)
Date Published: March 27, 2001
Advisory ID: N/A
Bugtraq ID: N/A
CVE CAN: Non currently assigned.
Title: Solaris tip(1) Buffer Overflow Vulnerability
Class: Boundary Error Condition
Remotely Exploitable: No
Locally Exploitable: Yes
Vulnerability Description:
==
Defcom Labs Advisory def-2001-14
Bea Weblogic Directory Browsing
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001-03-26
Re-release Date: 2001-03-27
==
There appears to be vulnerability with Mail Sweeper for SMTP email by
Content Technologies.
(Tested on Version 4.19, others may be vulnerable)
My test system is -
Windows NT 4 Service Pack 5
MailSweeper for SMTP version 4.1.9
I have two separate incoming and outgoing policies scenarios,
---=== UkR security team - Advisory no. 11 ===---
Anaconda Clipper - 'arbitrary file retreival' vulnerability
Date: 27.03.2001
Problem: input validation error.
Vulnerable products: Anaconda Clipper ver. 3.3 (probably others, but not tested)
Product vendor: Anaconda / http://www.anaconda.net
C
Hi,
someone told me that the patch NT--SG6500-20010206-00 - HTTPD of 14.02.2001
should be save.
Is that true? Does anyone have this patch installed an and the vulnerability
still remains?
Regards Erik
Most http Proxy solutions (including squid and fw1) do this unless you
specify otherwise.
If you don't know what your doing... you don't know what your doing!!.
Don't blame the software.
This is NOT a bug, just a feature .. Often you want people to use their
proxy to access web sites on oth
...on Tue, Mar 27, 2001 at 12:26:32AM +0200, Alexander Bochmann wrote:
> (On another note, at least with 6.5, if spoofing protection
> isn't activated and configured correctly on the internal
> interfaces, you can also flood the internal network with
> packets generated by the firewall as ans
Hi,
...on Tue, Mar 27, 2001 at 10:16:55PM +1000, Peter Robinson wrote:
> Most http Proxy solutions (including squid and fw1) do this unless you
> specify otherwise.
> If you don't know what your doing... you don't know what your doing!!.
> Don't blame the software.
Ok, I'm going to blam
-- Forwarded message --
Date: Tue, 27 Mar 2001 19:31:26 +0300 (EEST)
From: Michael Widenius <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: MySQL 3.23.36 is relased
Hi!
This release should fix the final bugs we accidently got into 3.23.34
and a long securit
Ingenius,
Just for you - read newsgroups and NDA first.
Just to prevent lame backdoor threads in news:
This account/password is a random generated
and _designed_ for making system secure.
From: "Justin Kwak[MS]" <[EMAIL PROTECTED]>
Subject: Re: SUPPORT_NNxN account?
Date: Fri, 10 Nov 20
Peter Gutmann <[EMAIL PROTECTED]> wrote:
>
> Elias Levy <[EMAIL PROTECTED]> writes:
>
> > Actually checking most of the CA certificates shipped with IE
> > less than half have a CPD field. Of the big CA only Entrust
> > seems to use the field.
>
> That's not surprising, they invented and, I believ
---
Immunix OS Security Advisory
Packages updated: kernel
Affected products: Immunix OS 6.2, 7.0-beta, and 7.0
Bugs Fixed: immunix/1512
Date: March 26, 2001
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Linux-Mandrake Security Update Advisory
Package name: vim
Date:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : licq
SUMMARY : Remote command execution
DATE
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated openssh packages available
Advisory ID: RHSA-2001:033-04
Issue date:2001-03-23
Updated on:2001-03-27
Product:
BindView Security Advisory
Remote buffer overflow in DCOM VB T-SQL debugger
Issue Date: March 27, 2001
Contact: [EMAIL PROTECTED]
Topic:
Remote buffer overflow in DCOM VB T-SQL debugger
Overview:
Microsoft Developer Studio version 6 installs a world-launchable DCOM
object, known as t
I have recently found a bug in the latest firmware
(6.0.0.0) of SonicWall's Tele2 and SOHO firewalls.
Product details:
http://www.sonicwall.com/products/tele/details.html
http://www.sonicwall.com/products/soho/details.html
Bug disovery:
I was recently configuring the Tele2 and SOHO
versions of
On Tue, Mar 27, 2001 at 02:05:54PM +0200, Wojciech Purczynski wrote:
>
> Hi,
Hi,
> Here is exploit for ptrace/execve race condition bug in Linux kernels up
> to 2.2.18.
>
> It works even on openwall patched kernels (including broken fix in 2.2.18ow4)
> if you use address of BSS section in memory
On Tue, 27 Mar 2001, Russ Hayward wrote:
> There appears to be vulnerability with Mail Sweeper for SMTP email by
> Content Technologies.
> (Tested on Version 4.19, others may be vulnerable)
>
> My test system is -
>
> Windows NT 4 Service Pack 5
> MailSweeper for SMTP version 4.1.9
Versi
>>Actually checking most of the CA certificates shipped with IE less than
>>half have a CPD field.
How many of those certs are self signed root certs? A CDP in a self signed
root cert is, obviously, useless since the revoked cert contains the key
used to sign the CRL. The fact that the cert is
At 10:16 PM 27-03-2001 +1000, Peter Robinson wrote:
>Most http Proxy solutions (including squid and fw1) do this unless you
>specify otherwise.
>If you don't know what your doing... you don't know what your doing!!.
>
>Don't blame the software.
>
>This is NOT a bug, just a feature .. Often yo
Hi.
I have tested it on Solaris platform and it doesn't seem to be vulnerable,
neither on single or cluster versions (tested on 5.x) so it applies
obviously only to Windows platform.(No wonder :) )
My 2 cents.
Mik-
==
Strategic Reconnaissance Team Security Advisory(SRT2001-05)
Topic: SCO 5.0.6 issues (lpusers)
Vendor: SCO
Release Date: 03/27/01
==
.: Description
SCO OpenServ
==
Strategic Reconnaissance Team Security Advisory(SRT2001-04)
Topic: SCO 5.0.6 issues (lpshut)
Vendor: SCO
Release Date: 03/27/01
==
.: Description
SCO OpenServe
==
Strategic Reconnaissance Team Security Advisory(SRT2001-02)
Topic: SCO 5.0.6 issues (recon)
Vendor: SCO
Release Date: 03/27/01
==
.: Description
SCO OpenServer
==
Strategic Reconnisiance Team Security Advisory(SRT2001-06)
Topic: SCO 5.0.6 issues (lpforms)
Vendor: SCO
Release Date: 03/27/01
==
.: Description
SCO OpenServe
On Tue, Mar 27, 2001 at 02:05:54PM +0200, Wojciech Purczynski wrote:
Hi,
> Here is exploit for ptrace/execve race condition bug in Linux kernels up
> to 2.2.18.
Thanks for not releasing this before Linux 2.2.19 is out. It would
be even better if you delayed this until the vendor updates are re
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : sgml-tools
SUMMARY : Insecure temporary file
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated Kerberos 5 and pam_krb5 packages available
Advisory ID: RHSA-2001:025-14
Issue date:2001-03-08
Updated on:2001-03-27
Pr
> =[Affected Systems]=--
> - Bea Weblogic Server 6.0 for Windows NT/2000
> - It appears that versions prior to 6.0 might also be vulnerable!
>
They are indeed - I turned directory listing back on and was able to
reproduce the originally described ef
To our Valued Customers,
We would like to take this opportunity to respond to the Raptor Firewall
6.5 HTTP issue recently reported on
http://www.securiteam.com/securitynews/Raptor_Firewall_HTTP_Forwarding_Vulnerability.html.
The first point we would like to make is that although we do agree wi
On Tue, 27 Mar 2001, Wojciech Purczynski wrote:
>
> Hi,
>
> Here is exploit for ptrace/execve race condition bug in Linux kernels up
> to 2.2.18.
>
Hi!
I've seen a tool that works better than this, useing different aproach to
the same bug explits it on all platforms giving instant root without
==
Strategic Reconnisiance Team Security Advisory(SRT2001-07)
Topic: SCO 5.0.6 issues (lpadmin)
Vendor: SCO
Release Date: 03/27/01
==
.: Description
SCO OpenServe
==
Strategic Reconnisiance Team Security Advisory(SRT2001-03)
Topic: SCO 5.0.6 MMDF issues (deliver)
Vendor: SCO
Release Date: 03/27/01
==
.: Description
SCO Open
==
Strategic Reconnaissance Team Security Advisory(SRT2001-01)
Topic: SCO 5.0.6 MMDF issues (sendmail 8.9.3)
Vendor: SCO
Release Date: 03/27/01
==
.: Description
Hiya Russ,
> MailSweeper will apply the OUTGOING scenario (i.e. nothing) and forwards
> the mail internally to the intended victim. This email could contain any
> content.
If you take a look at the routing section in the MMC help for the
MAILsweeper product, there is a whole page that describes
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
-BEGIN PGP SIGNED MESSAGE-
- --
38 matches
Mail list logo