[SECURITY] [DSA 1512-1] New evolution packages fix arbitrary code execution

2008-03-05 Thread Thijs Kinkhorst
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1512-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst March 05, 2008

Firewire Attack on Windows Vista

2008-03-05 Thread Bernhard Mueller
Hello, In the light of recent discussions about firewire / DMA hacks, we would like to throw in some of the results of our past research on this topic (done mainly by Peter Panholzer) in the form of a short whitepaper. In this paper, we demonstrate that the firewire unlock attack (as implemented

Re: Firewire Attack on Windows Vista

2008-03-05 Thread Thierry Zoller
Dear All, That said the original work on this from metlstorm is in the news [1] and can be found here : http://storm.net.nz/projects/16 [1] http://it.slashdot.org/article.pl?sid=08/03/04/1258210from=rss -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3

Multiple vulnerabilities in Perforce Server 2007.3/143793

2008-03-05 Thread Luigi Auriemma
### Luigi Auriemma Application: Perforce Server http://www.perforce.com Versions: = 2007.3/143793 Platforms:Windows, Unix, Linux and Mac Bugs: NULL pointers, invalid

[ GLSA 200803-10 ] lighttpd: Multiple vulnerabilities

2008-03-05 Thread Pierre-Yves Rofes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

ERRATA: [ GLSA 200801-09 ] X.Org X server and Xfont library: Multiple vulnerabilities

2008-03-05 Thread Robert Buchholz
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory [ERRATA UPDATE]GLSA 200801-09:03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[ MDVSA-2008:059 ] - Updated tcl packages fix vulnerability

2008-03-05 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:059 http://www.mandriva.com/security/

RE: Firewire Attack on Windows Vista

2008-03-05 Thread Roger A. Grimes
As somewhat indicated in the paper itself, these types of physical DMA attacks are possible against any PC-based OS, not just Windows. If that's true, why is the paper titled around Windows Vista? I guess it makes headlines faster. But isn't as important, if not more important, to say all

[ MDVSA-2008:058 ] - Updated openldap packages fix multiple vulnerabilities

2008-03-05 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:058 http://www.mandriva.com/security/

[USN-583-1] Evolution vulnerability

2008-03-05 Thread Kees Cook
=== Ubuntu Security Notice USN-583-1 March 05, 2008 evolution vulnerability CVE-2008-0072 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS