Re: rh 6.2 - gid compromises, etc [+ MORE!!!]

Ya know the sad thing is I pointed out these problems in bugzilla posts the gkermit being sgid uucp I reported two+ weeks ago. No response. My description of the gkermit bug which I reported couple weeks ago can be found here: http://bugzilla.redhat.com/bugzilla/showbug.cgi?id=11870 The slrn...

Remote DoS attack in AnalogX SimpleServer WWW Version 1.05 Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remote DoS attack in AnalogX SimpleServer WWW Version 1.05 Vulnerability USSR Advisory Code: USSR-2000045 Release Date: June 15, 2000 Systems Affected: AnalogX SimpleServer WWW Version 1.05 THE PROBLEM The Ussr Labs team has recently discovered a null...

Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remote DoS attack in Real Networks Real Server Strike 2 Vulnerability USSR Advisory Code: USSR-2000043 Release Date: June 1, 2000 Systems Affected: Real Networks Real Server 7 Linuxc6 Real Networks Real Server 7 Solaris 2.6 Real Networks Real Server 7...

Advisory CA-2000-08

CERT Advisory CA-2000-08 Inconsistent Warning Messages in Netscape Navigator Original release date: May 26, 2000 Last Revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected Systems running Netscape Navigator, up to and including Navigator 4.73, withou...

windows2k.iss

I found there is a security problem about shtml.exe that allows anyone to explore the local path of IIS web server. Tested on windows2000 server.shtml.exe is a program issued with Forntpage Extention server for viewing smart HTML file, If we install Frontpage on Windows2000 server, a directory...

RFP2K04.txt

---/ RFP2K04 /----------------------------/ rfp.labs / wiretrip /--------- Mining BlackICE with RFPickAxe Remote command execution on BlackICE ICECap stations ------------------------------------/ rain forest puppy / [email protected] Table of contents: -/ 1 / For the Black Hats -/ 2 / For the Whi...

Potential security problem with mtr

Hi. One of my users asked me to install mtr, most adequately described as a GUI:ed combination of traceroute and ping. I thought it looked cool, and had a closer look. In this mail follows a warning about a potential security problem with this program if installed as suggested. No exploit has bee...

Проблемы с SimpleServer

GET-запрос длинной 17 символов приводит к краху сервера...

gpm-root

Hi! I've sent report about the following security hole to the authors of gpm, but they seemed to ignore the problem. The problem applies to every gpm version known by me, for example 1.18.1 and 1.19.0. To exploit this problem, gpm-root must be running on a machine and the user needs both login to...

CVE-1999-0849

Denial of service in BIND named via maxdname...

IKE - Aggressive Mode Shared Secret Hash Leakage

IKE - Aggressive Mode Shared Secret Hash Leakage source: https://www.securityfocus.com/bid/7423/info When a VPN is configured to use a pre-shared master secret and a client attempts to negotiate keys in aggressive mode, a hash of the secret is transmitted across the network in clear-text. This ma...

Gauntlet_Firewall_Lockup.txt

Subject: Remotely Lock Up Gauntlet 5.0 To: [email protected] / Discovered and written by: - Reply to Network Associates: "Who's watching your network?" MSG.net "Who's watching the watchers?" This can be found online at http://www.msg.net/firewalls/tis/bland.c Description: If you know an I...

nt.ntfs.mft.txt

Date: Tue, 27 Apr 1999 18:26:54 +0400 From: Vladimir Dubrovin To: [email protected] Subject: MFT problem Hello NTBUGTRAQ, Sorry for my bad English... Some times ago it was noticed the problem with MFT. I don't know if this problem was discussed in this list, so if it is - just...

lotus.notes.relay.txt

Date: Mon, 14 Jun 1999 17:40:35 +0100 From: Robert Lister To: [email protected] Subject: Lotus Notes Relay Following postings about NTMail having open relaying ability, in certain situations I have identified a problem with the Lotus SMTP MTA right up to v4.6.4, have yet to test...

chase.online.banking.txt

Date: Thu, 06 May 1999 12:40:08 GMT From: [email protected] Daniel Norton Subject: Security/privacy hole in Chase Online Banking Here's an excerpt from a letter I faxed to Chase Online Banking www.chase.com the other day. Not only have they not fixed the problem, they apparently didn't...

outlook.express.zone.txt

Date: Mon, 26 Apr 1999 05:07:19 -0700 From: "1nternal @geocities.com" To: [email protected] Subject: Minor privacy exploit in Outlook Express Outlook Express uses HTML to display ceratin information in the 'outlook today' type part of outlook express, ie, the number of unread messages in your...

outlook.express.mailbox.dos.txt

Outlook Express Win98 bug Miquel van Smoorenburg [email protected] Tue, 11 May 1999 10:58:41 +0200 There is a bug in Outlook Express delivered with Windows '98, at least version 4.72.3110.1 4.01 SP1 and 4.72.3120.0 4.01 SP1 + oepatsp1 Windows '95 updated with MSIE 4.01 has Outlook Express...

msie4-persistent-connect.txt

Date: Fri, 22 Jan 1999 14:15:32 -0600 From: Joel Moses To: [email protected] Subject: IE4 Persistent Connection Bug Hi, everyone. Working with MCI/WorldCom, we've identified a problem with IE 4 which may or may not have security implications, but is definately naughty behavior, in our opinions...

nt4+sp4.y2k.txt

Date: Tue, 23 Mar 1999 18:31:34 -0500 From: Ilya Slavin To: [email protected] Subject: NT Y2K issue post SP4 Those of you who are in the process of deploying SP4 or are planning to do so should be aware that a new Y2K problem was discovered in this service pack. Here's the scoop. I...

msie.high.sec.y2k.patch.txt

Date: Wed, 09 Jun 1999 15:54:47 -0400 From: Paul Karger Subject: Downloading Y2K fixes to Internet Explorer leads to clock problem I was attempting to install service pack 2 of Internet Explorer 4.01 in order to meet corporate Y2K requirements and ran into the following interesting problem. To...