search for: globalintersec

According to the authors of the original advisory, this is _definitely_ a hoax. -------- Original Message -------- Subject: Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS Date: Mon, 06 Jan 2003 20:05:32 +0000 From: Global InterSec Research <lists at globalintersec.com> To: bugtraq at securityfocus.com As some may have gathered, the advisory recently posted by mmhs at hushmail.com was indeed a fake, intended to highlight several unclear statements made in GIS2002062801. The advisory in question is currently being updated with more detailed informatio...

...is only valuable if it makes a difference. (*) in the case of a leap year, we of course provide a 24 x 7, 366 days premier service. TECHNICAL BACKGROUND - -------------------- The following advisory is based on the excellent advisory published by Global InterSec LLC *six months ago*: http://www.globalintersec.com/adv/openssh-2002062801.txt After more than six months of intensive underground research, our ISO 31337 certified security department evidenced that the bug (an integer overflow, resulting in a heap overflow) described in the aforementioned advisory still exists in OpenSSH 3.5p1 and 3.4p1, and...

...n error output. <URL:http://puf.sourceforge.net/ChangeLog> +------------------------------------------------------------------------+ Port name: sudo Affected: versions < sudo-1.6.6 Status: Fixed Heap overflow may allow local users to gain root access. <URL:http://www.globalintersec.com/adv/sudo-2002041701.txt> +------------------------------------------------------------------------+ Port name: webalizer Affected: versions < webalizer-2.1.10 Status: Fixed Buffer overflow in the DNS resolver code. <URL:http://www.mrunix.net/webalizer/news.html> &...