security.bugtraq (thread)

Multiple vulnerabilities in QNX, Simon Ouellette
SRT Security Advisory (SRT2002-04-31-1159): Mnews, zillion
AIM+ SpyWare, Pedram Amini
[[ TH 026 Inc. ]] SA #3 - Shambala Server 4.5, Directory Traversal and DoS, Daniel Nyström
Trojan/backdoor in fragroute 1.2 source distribution, Anders Nordby
- Re: Trojan/backdoor in fragroute 1.2 source distribution, uid0
- Re: Trojan/backdoor in fragroute 1.2 source distribution, Dug Song
Fwd: [EXPL] Remote Exploit for UW-IMAPd Capability (IMAP4), nexus-mail
MDKSA-2002:037-1 - dhcp update, Mandrake Linux Security Team
Security Update: [CSSA-2002-SCO.23] Open UNIX 8.0.0 UnixWare 7.1.1 : ftpd allows data connection hijacking via PASV mode, security
US TurboLinux Security Severely Out of Date, David Endler
FW: HP-UX security bulletins digest, Boyce, Nick
MDKSA-2002:034 - imap update, Mandrake Linux Security Team
[RHSA-2002:094-08] Updated tcpdump packages fix buffer overflow, bugzilla
Security Implications of Novell eDirectory., steven . sporen
CGIscript.net - csPassword.cgi - Multiple Vulnerabilities, Steve Gustin
Informix SE-7.25 /lib/sqlexec Vulnerability, pask
SECURITY vulnerability in ECS-K7S5A(L) boards, Guy Van Sanden
2 security problem Quantum SNAP server, awacs
MDKSA-2002:037 - dhcp update, Mandrake Linux Security Team
Vulnerability in Novell Netware 5.0 (part1), webmaster
Vulnerability in Novell Netware 5.0 (part 2), webmaster
Security Update: [CSSA-2002-SCO.22] OpenServer 5.0.5 OpenServer 5.0.6 : scoadmin command creates temporary files insecurely, security
Xandros based linux autorun -c, KF
New Kismet Packages available - SayText() and suid kismet_server issues, KF
Security Update: [CSSA-2002-SCO.21] OpenServer 5.0.5 OpenServer 5.0.6 : sort command creates temporary files insecurely, security
Vulnerability in Apache Tomcat v3.23 & v3.24 (part 3), webmaster
[CLA-2002:490] Conectiva Linux Security Announcement - mozilla, secure
Gafware's CFXImage vulnerability, webmaster
Vulnerability in Apache Tomcat v3.23 & v3.24 (part 2), webmaster
FreeBSD Security Advisory FreeBSD-SA-02:27.rc, FreeBSD Security Advisories
To Provide a Patch or to Service Pack?, David Litchfield
- Re: To Provide a Patch or to Service Pack?, Georgi Guninski
  - Re: To Provide a Patch or to Service Pack?, ellipse
Vulnerability in Apache Tomcat v3.23 & v3.24, webmaster
FreeBSD Security Advisory FreeBSD-SA-02:26.accept, FreeBSD Security Advisories
Addendum to advisory #NISR29052002 (JRun buffer overflow), NGSSoftware Insight Security Research
Potential security issues in Ethereal, Jonas Eriksson
Macromedia JRUN Buffer overflow vulnerability (#NISR29052002), NGSSoftware Insight Security Research
SuSE Security Announcement: tcpdump/libpcap (SuSE-SA:2002:020), Sebastian Krahmer
MDKSA-2002:035 - perl-Digest-MD5 update, Mandrake Linux Security Team
MDKSA-2002:036 - fetchmail update, Mandrake Linux Security Team
Information Disclosure Vulnerability in IDS 0.8x, isox
More ELF buggery..., the grugq
- Re: More ELF buggery..., Julien Vanegue
[SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability, Tamer Sahin
[RHSA-2002:084-17] Updated nss_ldap packages fix pam_ldap vulnerability, bugzilla
Problems with various windows FTP servers, SnakeByte / Eric Sesterhenn
- Re: Problems with various windows FTP servers, ByteRage
- Re: Problems with various windows FTP servers, Stephen Cope
- Re: Problems with various windows FTP servers, Alun Jones
Cross Site Scripting Vulnerability in phpBB2's [IMG] tag and remote avatar, Martijn Boerwinkel
OpenSSH 3.2.3 released (fwd), Jonas Eriksson
wbbboard 1.1.1 registration _new_users_vulnerability_, SeazoN
Netscreen 25 unauthorised reboot issue, quentyn
Vulnerability in 3Com® OfficeConnect® Remote 812 ADSL Router, Ismael Briones
VP-ASP shopping cart software., hkvrg thdftghr
- Re: VP-ASP shopping cart software., Noam Rathaus
Yahoo Messenger - Multiple Vulnerabilities, Phuong Nguyen
- Re: Yahoo Messenger - Multiple Vulnerabilities, Ben Laurie
AMANDA security issues, zillion
[SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability #2, Tamer Sahin
Reading ANY local file in Opera (GM#001-OP), GreyMagic Software
TrendMicro Interscan VirusWall security problem, Pedro Quintanilha
- RE: TrendMicro Interscan VirusWall security problem, Pedro Quintanilha
irssi backdoored., Martin Östlund
[DER ADV#8] - Local off by one in CVSD, david evlis reign
- Re: [DER ADV#8] - Local off by one in CVSD, Larry Jones
pks public key server DOS and remote execution, Max
Security-risk on gridscan.com, Michael Metz [SpeedPartner]
[GOBBLES] reflections on talkd hole, gobbles
[RHSA-2002:092-11] Buffer overflow in UW imap daemon, bugzilla
[CLA-2002:489] Conectiva Linux Security Announcement - mailman, secure
Cisco IDS Device Manager 3.1.1 Advisory, Andrew . Lopacki
Sendmail file locking - PoC, KF
File Locking Local Denial of Service; Impact on sendmail, Gregory Neil Shapiro
[SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability, Tamer Sahin
[CLA-2002:487] Conectiva Linux Security Announcement - imap, secure
Security Update: [CSSA-2002-SCO.20] OpenServer 5.0.5 OpenServer 5.0.6 : popper buffer overflow and denial-of-service, security
Netstd 3.07-17 multiple remote buffer overflows, Spybreak
- Re: Netstd 3.07-17 multiple remote buffer overflows, Lupe Christoph
Cisco Security Advisory: CBOS - Improving Resilience to DoS Attacks, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: ATA-186 Password Disclosure Vulnerability, Cisco Systems Product Security Incident Response Team
[Fwd: Updated version of SSH Secure Shell available], Stephanie Schiebert
Efficient Networks Contact info, Shea, Tim
- Re: Efficient Networks Contact info, Pedro Paulo Ferreira Bueno
Microsoft Active Directory security vulnerability, Jonathan Lamberson
Multiple Vulnerabilities in CISCO VoIP Phones, Johnathan Nightingale
SuSE Security Announcement: dhcp/dhcp-server (SuSE-SA:2002:019), Thomas Biege
Opty-Way Enterprise includes MSDE with sa <blank>, Philippe de Brito
MDKSA-2002:033 - webmin update, Mandrake Linux Security Team
Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1, Matt Moore
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IP Telephones, Cisco Systems Product Security Incident Response Team
[DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd, david evlis reign
MatuFtpServer Remote Buffer Overflow and Possible DoS, Kanatoko
ISS Alert: Microsoft SQL Spida Worm Propagation, X-Force
YoungZSoft CMailServer overflow, PATCH + WAREZ!@#!, 2c79cbe14ac7d0b8472d3f129fa1df55
Catalyst 4000, COULOMBE, TROY
Cisco IOS ICMP redirect DoS - Cisco's response, Damir Rajnovic
[RHSA-2002:047-10] Updated fetchmail packages available, bugzilla
- Re: [RHSA-2002:047-10] Updated fetchmail packages available, Florian Weimer
  - Re: [RHSA-2002:047-10] Updated fetchmail packages available, Nate Eldredge
    - Re: [RHSA-2002:047-10] Updated fetchmail packages available, Olaf Kirch
Cisco IOS ICMP redirect DoS, FX
Evolution of Cross-Site Scripting Attacks, David Endler
route of #phrack is a funny man!, gobbles
- Re: route of #phrack is a funny man!, George Staikos
Security Update: [CSSA-2002-SCO.19] OpenServer 5.0.5 OpenServer 5.0.6 : yppasswdd remotely exploitable buffer overflow, security
eSecurityOnline advisory 5063 - Sun AnswerBook2 gettransbitmap buffer overflow vulnerability, researchteam
"The Cross Site Scripting FAQ", zeno
[SecurityOffice] Stronghold Secure Webserver Sample Script Path Disclosure Vulnerability, Tamer Sahin
Multiple vendors web server source code disclosure (8.3 name form at vulnerability - take II), Ory Segal
Foundstone Advisory - Buffer Overflow in Ipswitch Imail 7.1 and prior (fwd), Dave Ahmad
CAPZLOCK SECURITY ADVISORY NO. 1, capzlock
Plain Text Password Vulnerability in Winamp 2.80, isox
- Re: Plain Text Password Vulnerability in Winamp 2.80, Muhammad Faisal Rauf Danka
Another vulnerability in hosting controller, Bao Dai Nhan
IE dot bug - Sandblad advisory #7, Andreas Sandblad
FreeBSD Security Advisory FreeBSD-SA-02:25.bzip2, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-02:24.k5su, FreeBSD Security Advisories
[CSICON] - Registration is now open for CSICON, CSICONdotNET
cross-site scripting bug of ViewCVS, office
Verisign PKI: anyone to subordinate CA, Pidgorny, Slav
- Re: Verisign PKI: anyone to subordinate CA, George Capehart
- Re: Verisign PKI: anyone to subordinate CA, Muller Zsolt
- RE: Verisign PKI: anyone to subordinate CA, John Howie
ps under FreeBSD, Jakub Filonik
- Re: ps under FreeBSD, Yuri A. Kabaenkov
  - Re: ps under FreeBSD, Crist J. Clark
- Re: ps under FreeBSD, Torbjorn Kristoffersen
- Re: ps under FreeBSD, Guillaume PELAT
- Re: ps under FreeBSD, Crist J. Clark
Phorum 3.3.2a has another bug for remote command execution, Markus Arndt
14+ CGIscript.net scripts - Path Disclosure, Steve Gustin
OpenSSH 3.2.2 released (fwd), Jonas Eriksson
Xerox DocuTech problems, J Edgar Hoover
- Re: Xerox DocuTech problems, kikaiju
  - Re: Xerox DocuTech problems, Ken Weaverling
- RE: Xerox DocuTech problems, Darren W. MacDonald
- Re: Xerox DocuTech problems, uid0
Phorum 3.3.2a remote command execution, Markus Arndt
- Re: Phorum 3.3.2a remote command execution, Gabriel A. Maggiotti
  - Re: Phorum 3.3.2a remote command execution, Thomas Seifert
Grsecurity problem - modifying "read-only kernel", Guillaume PELAT
Security Update: [CSSA-2002-023.0] Linux: PHP multipart/form-data vulnerabilities, security
Hosting Controller still have dangerous bugs!, hdlkha
Sonicwall SOHO Content Blocking Script Injection, LogFile Denial of Service, E M
MDKSA-2002:032 - tcpdump update, Mandrake Linux Security Team
Re: [security-intern] [security@xxxxxxx] FWD - GNU rm fileutils race condition problems on SuSE, Thomas Biege
MDKSA-2002:031 - fileutils update, Mandrake Linux Security Team
SuSE Security Announcement: shadow (SuSE-SA:2002:017), Sebastian Krahmer
[RHSA-2002:078-04] Updated mpg321 packages available, bugzilla
GNU rm fileutils race condition problems on SuSE, Paul Starzetz
Update and comments on the MS02-023 patch, holes still remain, Thor Larholm
- Re: Update and comments on the MS02-023 patch, holes still remain, Andrew Clover
- RE: Update and comments on the MS02-023 patch, holes still remain, Thor Larholm
MS02-023 does not patch actual issue!, GreyMagic Software
- Re: MS02-023 does not patch actual issue!, .-=D3FC0N/=-.
  - Re: MS02-023 does not patch actual issue!, Tom Gilder
- RE: MS02-023 does not patch actual issue!, David McKenzie
- RE: MS02-023 does not patch actual issue!, John . Airey
- RE: MS02-023 does not patch actual issue!, John . Airey
SuSE Security Announcement: lukemftp, nkitb, nkitserv (SuSE-SA:2002:018), Thomas Biege
[SNS Advisory No.48] Microsoft Internet Explorer Still Download And Execute ANY Program Automatically, snsadv@xxxxxxxxx
Security Update: [CSSA-2002-022.0] Linux: OpenSSH ticket and token passing buffer overflow, security
[RHSA-2002:079-13] Updated Mozilla packages fix a security issue, bugzilla
Cisco Security Advisory: Content Service Switch HTTP Processing Vulnerabilities, Cisco Systems Product Security Incident Response Team
Security Update: [CSSA-2002-021.0] Linux: imapd buffer overflow when fetching partial mailbox attributes, security
Cisco Security Advisory: Transparent Cache Engine and Content Engine TCP Relay Vulnerability, Cisco Systems Product Security Incident Response Team
Opera javascript protocoll vulnerability [Sandblad advisory #6], Andreas Sandblad
swatch bug in throttle, SUZUKI Yasuhiro
dH team & SECURITY.NNOV: special device access, information leakage and DoS in Outlook Express, ERRor
- Re: dH team & SECURITY.NNOV: special device access, information leakage and DoS in Outlook Express, Chad Loder
  - Re[2]: dH team & SECURITY.NNOV: special device access, information leakage and DoS in Outlook Express, 3APA3A
Remote quake 2 3.2x server cvar leak, Richard Stanway
(SSRT0822) Security Bulletin - Compaq & Java Proxy/VM Potential Security Vulnerabilities (fwd), Dave Ahmad
Security Update: [CSSA-2002-018.1] Linux: REVISED: Race condition in fileutils, security
NetPad eq MALWARE, was: LevCGI.coms NetPad 1.0.2 multiple vulnerabilities, superpetz
[RHSA-2002:065-13] Updated sharutils package fixes uudecode issue, bugzilla
dH team & SECURITY.NNOV: A variant of "Word Mail Merge" vulnerability, ERRor
LevCGI.coms NetPad 1.0.2 multiple vulnerabilities, BrainRawt .
NOCC: cross-site-scripting bug, ppp-design
Security Update: [CSSA-2002-020.0] Linux: icecast buffer overflows and denial-of-service, security
nCipher Security Advisory #3: MSCAPI CSP Install Wizard, nCipher Support
ATMSNMPD Vulnerable but not Addressed, Ross Coppage
- Re: ATMSNMPD Vulnerable but not Addressed, Emre Yildirim
- ATMSNMPD Vulnerable but not Addressed, Coppage, Ross
Gaim abritary Email Reading, Scott Mackenzie
Fwd: GOBBLES RESPONSE TO THE BLUE BOAR ("fixed version"), gobbles
- Re: Fwd: GOBBLES RESPONSE TO THE BLUE BOAR ("fixed version"), 3APA3A
  - Re: Fwd: GOBBLES RESPONSE TO THE BLUE BOAR ("fixed version"), Georgi Guninski
Re: Flaw caused by default rulesets in many desktop firewalls under windows, Christian decoder Holler
Bug in mnogosearch-3.1.19, qitest1
CERT Advisory CA-2002-13 Buffer Overflow in Microsoft's MSN Chat ActiveX, CERT Advisory
Linux kernel 2.4 "weak end host" issue (previously discussed here as "arp problem"), Felix von Leitner
- Re: Linux kernel 2.4 "weak end host" issue (previously discussed here as "arp problem"), Dax Kelson
- Re: Linux kernel 2.4 "weak end host" issue Explained, Matthew G. Marsh
FIRST 2002 reminder, Roger Safian
FW: New Macromedia Security Zone Bulletins Posted, Benjamin Keller
Hole in AOL Instant Messenger, InterWN Labs
1st Linux and Free Software Festival - Ankara 2002, Burc Yildirim
MDKSA-2002:030 - temporary fix for netfilter information leak, Mandrake Linux Security Team
Cisco ATA-186 admin password can be trivially circumvented, Patrick Michael Kane
GOBBLES SECURITY ADVISORY #33, Dave Ahmad
- Re: GOBBLES SECURITY ADVISORY #33, Blue Boar
- Re: GOBBLES SECURITY ADVISORY #33, Andrew Clover
SafeWeb Vulnerability - Fingerprinting Websites Using Traffic Analysis, Andrew Hintz (Drew)
Two (2) Critical Path inJoin V4.0 Directory Server Issues, Information Anarchy 2K01
Fix available for Sgdynamo, Stuart Moore
Possible Buffer Overflow in ACDSee 4.0, Markus Arndt
Flaw caused by default rulesets in many desktop firewalls under windows, Christian decoder Holler
- Re: Flaw caused by default rulesets in many desktop firewalls under windows, Frank Knobbe
[RHSA-2002:081-06] perl-Digest-MD5 UTF8 bug results in incorrect MD5 sums, bugzilla
wu-imap buffer overflow condition, Marcell Fodor
- Re: wu-imap buffer overflow condition, Jeff Franklin
OpenBSD local DoS and root exploit, fozzy
- Re: OpenBSD local DoS and root exploit, Dave Ahmad
  - Re: OpenBSD local DoS and root exploit, Jonas Eriksson
Re: Cisco Security Advisory: NTP vulnerability (fwd), Tina Bird
[CLA-2002:483] Conectiva Linux Security Announcement - dhcp, secure
[RHSA-2002:086-05] Netfilter information leak, bugzilla
Nearly undocumented NT security feature - the solution to executable attachments?, KJK::Hyperion
- Re: Nearly undocumented NT security feature - the solution to executable attachments?, Keary Suska
- Re: Nearly undocumented NT security feature - the solution to executable attachments?, Vanja Hrustic
- Re: Nearly undocumented NT security feature - the solution to executable attachments?, 3APA3A
[RHSA-2002:070-08] Updated mod_python packages available, bugzilla
Summercon 2002 Announce, Summercon Admin
Re: Patrol security bugs, Mike Crane
Unfortunate interaction between EZMLM and MessageLabs virus scanning, Ben Laurie
- Re: Unfortunate interaction between EZMLM and MessageLabs virus scanning, Alun Jones
  - Re: Unfortunate interaction between EZMLM and MessageLabs virus scanning, Stephen Cope
  - Re: Unfortunate interaction between EZMLM and MessageLabs virus scanning, der Mouse
ADVISORY: MSN Messenger OCX Buffer Overflow, Marc Maiffret
IRIX fsr_xfs vulnerability, SGI Security Coordinator
Security Update: [CSSA-2002-SCO.18] Open UNIX 8.0.0 UnixWare 7.1.1 : CDE /var/dt and subdirectories are writable by world, security
[NGSEC-2002-2] ISC DHCPDv3, remote root compromise, NGSEC Research Team
NTFS and PGP interact to expose EFS encrypted data, Ry Jones
CERT Advisory CA-2002-12 Format String Vulnerability in ISC DHCPD, CERT Advisory
[CLA-2002:481] Conectiva Linux Security Announcement - imlib, secure
[CARTSA-20020402] Linux Netfilter NAT/ICMP code information leak, Philippe Biondi
CRLF Injection, Ulf Harnhammar
Cisco Security Advisory: NTP vulnerability, Cisco Systems Product Security Incident Response Team
SuSE Security Announcement: sysconfig (SuSE-SA:2002:016), Sebastian Krahmer
cqure.net.20020408.netware_nwftpd.a, Patrik Karlsson
- Re: cqure.net.20020408.netware_nwftpd.a, Brian Eckman
cqure.net.20020412.netware_client.a, Patrik Karlsson
cqure.net.20020412.bordermanager_36_mv1.a, Patrik Karlsson
- Re: cqure.net.20020412.bordermanager_36_mv1.a, Corey J. Steele
cqure.net.20020412.netware_sdmr.a, Patrik Karlsson
[SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability, snsadv@xxxxxxxxx
[SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability, snsadv@xxxxxxxxx
Lysias Lidik Webserver suffers from a Directory Traversal Vulnerability, Florian Hobelsberger / BlueScreen
Multiple Vulnerabilities in MDaemon + WorldClient, Obscure
- RE: Multiple Vulnerabilities in MDaemon + WorldClient, Terry Lavoie
[CLA-2002:480] Conectiva Linux Security Announcement - tcpdump, secure
IRIX netstat vulnerability, SGI Security Coordinator
KPMG-2002018: Pointsec for PalmOS PIN disclosure, Binken, Rens
SuSE Security Announcement: imlib (SuSE-SA:2002:015), Thomas Biege
CERT Advisory CA-2002-11 Heap Overflow in Cachefs Daemon (cachefsd), CERT Advisory
cURL remote PoC for Linux, KF
w00w00 on AOL Instant Messenger remote overflow #2, Matt Conover
cURL remote PoC for FBSD, KF
ldap vulnerabilities, blackshell
Misformated message header causes msn messenger to crash, underdoc
- Re: Misformated message header causes msn messenger to crash, Beck Mr . R
b2 php remote command execution, Frank
[LSD] Solaris cachefsd remote buffer overflow vulnerability, Last Stage of Delirium
Reverse Challenge - Binary released, Lance Spitzner
Administrivia, Dave Ahmad
Windows 2000 Server IIS 5.0 .ASP Overflow Exploit, CHINANSL Security Team
UPDATE (1-May-2002): Reading local files in Netscape 6 and Mozilla (GM#001-NS), GreyMagic Software
Beonex Communicator 0.8-pre based on Mozilla 1.0-branch released, Ben Bucksch
Re: trusting user-supplied data (was Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio), Paul Starzetz
[CLA-2002:477] Conectiva Linux Security Announcement - mod_python, secure
Announcing DEF CON 10!, The Dark Tangent
Re: Intel D845HV/WN/PT series motherboard vulnerability, Dave Oliver
Fix for Mozilla XMLHttpRequest file disclosure vulnerability, Frank Hecker
Macromedia Flash Activex Buffer overflow, Marc Maiffret
iXsecurity.20020404.4d_webserver.a, Jonas Ländin
latest Progress patch has suid issues AGAIN., KF
Logitech Keyboard Insecurity, keyboardhacker
- Re: Logitech Keyboard Insecurity, Paul Cardon
  - Re: Logitech Keyboard Insecurity, KJK::Hyperion
- Re: Logitech Keyboard Insecurity, richard . fuser
- Re: Logitech Keyboard Insecurity, big bon
R7-0003: Nautilus Symlink Vulnerability, Joe Testa
[RHSA-2002:064-12] Updated Nautilus for symlink vulnerability writing metadata files, bugzilla
IRIX Xlib vulnerability, SGI Security Coordinator
KPMG-2002017: Snapgear Lite+ Firewall Denial of Service, Peter Gründl
Honeynet Project -> The Reverse Challenge, Lance Spitzner
- RE: Honeynet Project -> The Reverse Challenge, REAVA, JEFFREY [IT/0200]
[RHSA-2002:070-06] Updated mod_python packages available, bugzilla
Security Update: [CSSA-2002-SCO.17] OpenServer 5.0.5 : sar -o buffer overflow, security
IRIX nsd symlink vulnerability, SGI Security Coordinator
Classic Cross Site Scripting: Gibson Research Corporation, http-equiv@xxxxxxxxxx
CERT Advisory CA-2002-10 Format String Vulnerability in rpc.rwalld, CERT Advisory
FW: Fscan advisory (fwd), Dave Ahmad
Re: eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy dis play name buffer overflow vulnerability, rogersk
- Re: eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy dis play name buffer overflow vulnerability, Ken . Williams
[RHSA-2002:062-08] Insecure DocBook stylesheet option, bugzilla
Re: eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy dis play name buffer overflow vulnerability, Charles M. Richmond