-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:157
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:158
http://www.mandriva.com/security/
Had to giggle when I saw it yesterday. ALMOST got nimped too at that,...
On Thu, Oct 20, 2011 at 9:33 PM, xD 0x41 sec...@gmail.com wrote:
eep yep sorry but i had a chuckle :P
lol.
On 21 October 2011 02:09, Laurelai laure...@oneechan.org wrote:
On 10/19/2011 06:47 PM, N Za wrote:
On Thu, 20 Oct 2011 10:09:07 CDT, Laurelai said:
Did any of the other channers on the list laugh uncontrollably at this?
.eu addresses for an of America was a nice subtle touch. ;)
pgp9pOMpAnUlp.pgp
Description: PGP signature
___
Full-Disclosure -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
TeamSHATTER Security Advisory
October 20, 2011
Risk Level:
Medium
Affected versions:
Oracle Database Server version 10gR1, 10gR2 and 11gR1
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
TeamSHATTER Security Advisory
October 20, 2011
Risk Level:
Medium
Affected versions:
Oracle Database Server version 10gR2, 11gR1 and 11gR2
Remote exploitable:
Yes
Credits:
This vulnerability was discovered and researched by Esteban Martinez Fayo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
TeamSHATTER Security Advisory
October 20, 2011
Risk Level:
High
Affected versions:
Oracle Database Server version 10gR1, 10gR2, 11gR1 and 11gR2
Remote exploitable:
No
Credits:
This vulnerability was discovered and researched by Martin Rakhmanov
For what it's worth, I found this article to be far more matter of fact in
regard to the general concept, the existing (default) conditions in play, and
the conditions which need to be in place (or manipulated) in order for this to
be exploited than some of the other material your company has
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201110-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
To fuzz Opera the hole time is boring, so i fuzzed Google Chrome. ;)
October 22, 2011
Ohh nice! What u doing google? Thx 4 ur bug! 0__o
Google Chrome PoC, killing thread. Exploitable or only a DOS!? Found no
way to exploit it. Good Luck!!!
Testsystem: WinXP SP3, Win7(64 bit)
Google Chrome
After seeing an advisory for symlink attacks in ubuntu and opensuse:
http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-1297.html
Which I thought people really didn't care too much about anymore, I took a
quick look at one of my ubuntu 8.04lts boxes:
/sbin/iscsi_discovery:
On Fri, 21 Oct 2011 19:59:59 EDT, b...@fbi.dhs.org said:
Which I thought people really didn't care too much about anymore, I took a
quick look at one of my ubuntu 8.04lts boxes:
These are so easy to fix/avoid, I don't know why developers are still
introducing them to their code.
It's
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201110-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201110-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
In any case, the *right* answer isn't to play whack-a-mole fixing /tmp races,
what you should be doing is using pam_namespace or similar so each user gets
their own /tmp namespace.
That would result in counterintuitive behavior, I suppose... /tmp is a
fairly stupid and largely unnecessary
If you are in charge of a distro, it would not hurt to nuke it
altogether and change all packages in your control to use per-user
$TMPDIR. Some third-party stuff will break - but it breaks every now
and then anyway.
Excellent suggestion, and you've piqued my curiosity. What distros exist
that
On 22 October 2011 15:39, Michal Zalewski lcam...@coredump.cx wrote:
In any case, the *right* answer isn't to play whack-a-mole fixing /tmp races,
what you should be doing is using pam_namespace or similar so each user gets
their own /tmp namespace.
That would result in counterintuitive
On Sat, 22 Oct 2011 01:23:34 EDT, Byron Sonne said:
If you are in charge of a distro, it would not hurt to nuke it
altogether and change all packages in your control to use per-user
$TMPDIR. Some third-party stuff will break - but it breaks every now
and then anyway.
Excellent
18 matches
Mail list logo