ZDI-06-046: Sophos Anti-Virus SIT Archive Parsing Buffer Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-046.html
December 12, 2006
-- CVE ID:
CVE-2006-6335
-- Affected Vendor:
Sophos
-- Affected Products:
All versions of Sophos Anti-Virus < v2.40 scanning e
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:231
http://www.mandriva.com/security/
___
On Thu, Dec 14, 2006 at 06:39:55PM -0600, [EMAIL PROTECTED] wrote:
> Gentoo Security Team,
>
> This statement seems to contrast greatly your practice of not following
> a "professional" responsible disclosure process; particularly, posting a
> security issue only 8.5 hours after your initial repor
Gentoo Security Team,
On your security web page
(http://www.gentoo.org/security/en/index.xml), you make the following
statement about how you work with vendors in a professional manner: "We
work directly with vendors, end users and other OSS projects to ensure
all security incidents are responde
===
Ubuntu Security Notice USN-396-1 December 14, 2006
gdm vulnerability
CVE-2006-6105
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
[EMAIL PROTECTED] wrote:
>What a frikking idiot. That's "the former chief executive officer who
> recently died of Colonium-210 poisoning under mysterious circumstances".
Colonium my arse!
cheers,
DaveK
--
Can't think of a witty .sigline today
___
Hi,
Kerio MailServer 6.3.1 changelog mentions the following bug fix:
'Fixed possible service stop when handling certain LDAP query'
It turns out that vd_kms6 vulnerability (which is a part of VulnDisco since Oct,
2006) has been fixed.
Below is a simple proof of concept code for this bug:
#!/usr
On Thu, 14 Dec 2006, Juha-Matti Laurio wrote:
> After the public release we have to accept the fact that the PoC will be
> possibly accessible outside of exploit sites too.
> The overall risk of the issue is increasing.
> To confirm the existence of PoC it was listed in several references like
> h
After the public release we have to accept the fact that the PoC will be
possibly accessible outside of exploit sites too.
The overall risk of the issue is increasing.
To confirm the existence of PoC it was listed in several references like
http://www.securityfocus.com/bid/21589/exploit
etc.
The
-- Forwarded message --
From: Nuno Treez <[EMAIL PROTECTED]>
Date: 14-dic-2006 17:33
Subject: Re: [Full-disclosure] NOT a 0day! Re: [fuzzing] OWASP Fuzzing page
To: Gadi Evron <[EMAIL PROTECTED]>
2006/12/14, Gadi Evron <[EMAIL PROTECTED]>:
> > Wow! That's fun! The so called "Word
Google AdWords Multiple HTTP response splitting (aka CRLF Injection)
vulnerabilities
http://hackingspirits.com/vuln-rnd/vuln-rnd.html
regards,
-d
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Ho
Below is the corrected CVE section.
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2006-6105 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
security problems.
_
And without any reasonable technical details it is very difficult to give a
title field for the vulnerability.
Several advisories using titles like Word Unspecified Code Execution
Vulnerability or Word Code Execution Vulnerability #2, #3 are not the trend we
want.
Related to the newest Word issu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CAID 34870: CA Anti-Virus vetfddnt.sys, vetmonnt.sys Local
Denial of Service Vulnerabilities
CA Vulnerability ID (CAID): 34870
CA Advisory Date: 2006-12-13
Discovered By: Rubén Santamarta (reversemode.com)
Impact: Local unprivileged attac
GNOME Foundation Display Manager gdmchooser Format String Vulnerability
iDefense Security Advisory 12.14.06
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 14, 2006
I. BACKGROUND
The gdmchooser program provides XDMCP (X Display Manager Control Protocol)
functionality to the GNOME Disp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:164-2
http://www.mandriva.com/security/
___
On Thu, 14 Dec 2006, Jerome Athias wrote:
> Gadi Evron a écrit :
> > On Tue, 12 Dec 2006, Joxean Koret wrote:
> >
> >> Wow! That's fun! The so called "Word 0 day" flaw also affects
> >> OpenOffice.org! At least, 1.1.3. And, oh! Abiword does something cool
> >> with the file:
> >>
> >
> > Th
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200612-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200612-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
On Thu, 14 Dec 2006 00:44:47 +0200, "Ag. System Administrator" said:
>
> S stupid... :)
> I am Dr Borris Olga I represent Mr Mikhail Khordokovsky the former chief
> executive officer of Yukos Oil Company Russia
What a frikking idiot. That's "the former chief executive officer who
recentl
On Tue, 12 Dec 2006, Joxean Koret wrote:
>
> Wow! That's fun! The so called "Word 0 day" flaw also affects
> OpenOffice.org! At least, 1.1.3. And, oh! Abiword does something cool
> with the file:
This is NOT a 0day. It is a disclosed vulnerability in full-disclosure
mode, on a mailing list (fuzzi
This is a cracked Linux server being used to host exploits for
Windows machines, which are spamvertised (presumably via a botnet) in
socially engineered emails. Kinda cute, ugly too.
- mail received from x42071c2e.ip.e-nt.net [66.7.28.46]
- e-nt.net is owned by ISP Eureka Networks
http://www.
mailing list submissions
Kuldeeep
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
===
Ubuntu Security Notice USN-380-2 December 14, 2006
avahi regression
https://launchpad.net/bugs/72728
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.1
works fine for me :)
On 12/14/06, Simon Smith <[EMAIL PROTECTED]> wrote:
> Doesn't seem to work man ;P
>
>
> On 12/13/06 10:08 AM, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
>
> > Sorry, I forgot to mention that a benchmark versus Nmap has
> > been done by someone on his blog:
> >
> > http://
On 12/14/06, Brett Moore <[EMAIL PROTECTED]> wrote:
> Not long now...
'till what, christmas?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
rPath Security Advisory: 2006-0232-1
Published: 2006-12-14
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
libgsf=/[EMAIL PROTECTED]:devel//1/1.12.0-4.2-1
References:
http://www.cve.mitre.org/cgi-bin
27 matches
Mail list logo