mod_ssl RSA blinding fixes

An upgrade for modssl to version 2.8.141.3.27 is now available. This version provides RSA blinding by default which prevents an extended timing analysis from revealing details of the secret key to an attacker. Note that this problem was already fixed within OpenSSL, so this is a "double fix". Wit...

CVE-2002-0429

The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface lcall...

CVE-2002-0429

CVE-2002-0429 affects Linux kernels 2.4.18 and earlier on x86, via the iBCS compatibility interface (the lcall path in arch/i386/kernel/traps.c). The vulnerability enables a local unprivileged user to kill arbitrary processes. Connected advisories confirm affected architectures and that patches e...

Checkpoint Firewall fails on CVP scanning for large files

Subject: Checkpoint Firewall fails on CVP scanning large files Affected: Check Point FireWall-1 NG Feature Pack 3 Vendor: Check Point Author: Igor U.Miturin [email protected] Date: February, 5 2003 Risk: Low Vendor Notified: Yes I. Intro Check Point FireWall-1 is enterprise firewall...

SpamAssassin / spamc+BSMTP remote buffer overflow

Well, I was going to wait until 2.50 release, but it seems to be taking and this likely affects only few installations. Besides, it's been in their public bugzilla for over a month. So: Attacker may be able to execute arbitrary code by sending a specially crafted e-mail to a system using...

CVE-2002-1235

The kadmserin function in 1 the Kerberos v4compatibility administration daemon kadmind4 in the MIT Kerberos 5 krb5 krb5-1.2.6 and earlier, 2 kadmind in KTH Kerberos 4 eBones before 1.2.1, and 3 kadmind in KTH Kerberos 5 Heimdal before 0.5.1 when compiled with Kerberos 4 support, does not properly...

ECHU Alert #3 : Meunity 1.1 script injection vulnerability

---------------------------------------------- | Meunity 1.1 script injection vulnerability | ---------------------------------------------- PROGRAM: Meunity Community System VULNERABLE VERSIONS: all IMMUNE VERSIONS: none SEVERITY: really high Tested version ============== Meunity Community Syste...

Microsoft Internet Explorer 56 Legacy Text Formatting - ActiveX Component Buffer Overflow

Microsoft Internet Explorer 56 Legacy Text Formatting - ActiveX Component Buffer Overflow source: https://www.securityfocus.com/bid/5558/info A buffer overflow vulnerability has been reported in Microsoft Internet Explorer's Legacy Text Formatting ActiveX control. The Legacy Text Formatting Activ...

Microsoft Internet Explorer 5/6 Legacy Text Formatting - ActiveX Component Buffer Overflow

source: https://www.securityfocus.com/bid/5558/info A buffer overflow vulnerability has been reported in Microsoft Internet Explorer's Legacy Text Formatting ActiveX control. The Legacy Text Formatting ActiveX control is used by Internet Explorer to display specially formatted text. Reportedly, t...

security flaw

Off-by-one buffer overflow in the sslcompatdirective function, as called by the rewritecommand hook for modssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries...

security flaw

Off-by-one buffer overflow in the sslcompatdirective function, as called by the rewritecommand hook for modssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries...

security flaw

Off-by-one buffer overflow in the sslcompatdirective function, as called by the rewritecommand hook for modssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries...

cqure.net.20020412.netware_sdmr.a

cqure.net Security Vulnerability Report No: cqure.net.20020412.netwaresdmr.a ======================================== Vulnerability Summary --------------------- Problem: The IPX compatibility issue Posted to BugTraq on July 11, 2000 by Dimuthu Parussalla applies to Netware 6.0 SP 1 as well...

MyGuestbook 1.0 - Script Injection

MyGuestbook 1.0 - Script Injection source: https://www.securityfocus.com/bid/4651/info MyGuestbook is freely available guestbook software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. MyGuestbook does not adequately filter script code from various...

XGB Guestbook 1.2 - User-Embedded Scripting

XGB Guestbook 1.2 - User-Embedded Scripting source: https://www.securityfocus.com/bid/4513/info xGB is guestbook software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems. xGB allows users to post images in guestbook entries by usin...

SSH Protocol Version 1 Session Key Retrieval

The remote SSH daemon supports connections made using the version 1.33 and/or 1.5 of the SSH protocol. These protocols are not completely cryptographically safe so they should not be used. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10882; scriptversion"1.37";...

[RHSA-2002:020-05] Updated ncurses4 compat packages are available

--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated ncurses4 compat packages are available Advisory ID: RHSA-2002:020-05 Issue date: 2002-01-29 Updated on: 2002-02-19 Product: Red Hat Linux Keywords: ncurses4 buffer overr...

New Advisory + Exploit

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++GOBBLES+SECURITY+RESEARCH+TEAM+INCORPORATED+++++++++++++++++ ALERT! ALERT! FREEBSD LOCAL ROOT VULNERABILITY! ALERT! ALERT! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ include...

ATPhttpd 0.4 DoS Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ATPhttpd 0.4 DoS Vulnerability Type: DoS, crashes Daemon Release Date: December 13, 2001 Product / Vendor: ATPhttpd, the tiny, caching, high performance webserver. ATPhttpd is ideal for serving lots of static content, especially where disk I/O is...

SA2K01.txt

-----/ SA2K01 /-------------------------------/ SecurityApex.com /---- A quick fix against RFP2101 ------------------------------------/ Max / [email protected] Table of contents: -/ 1 / Information on the exploit -/ 2 / Fix for the exploit -/ 3 / Credits...