search for: idefense

FYI -------------- next part -------------- An embedded message was scrubbed... From: "iDEFENSE Labs" <labs@idefense.com> Subject: iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x Date: Tue, 8 Apr 2003 12:44:39 -0400 Size: 4554 Url: http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030408/43598086/attachment.eml

BM_207650 MEDIUM Vulnerability Version: 1 2/18/2004@03:47:29 GMT Initial report <https://ialert.idefense.com/KODetails.jhtml?irId=207650> ID#207650: FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability (iDEFENSE Exclusive): Remote exploitation of a denial of service (DoS) vulnerability in FreeBSD's memory buffers (mbufs) could allow attackers to launch a DoS attack. By sending ma...

...may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - -------- Both security issues were reported to Samba developers by iDEFENSE (http://www.idefense.com/). The defect discovery was anonymously reported to iDEFENSE via their Vulnerability Contributor Program (http://www.idefense.com/poi/teams/vcp.jsp). - -- Our Code, Our Bugs, Our Responsibility. -- The Samba Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2....

...may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - -------- Both security issues were reported to Samba developers by iDEFENSE (http://www.idefense.com/). The defect discovery was anonymously reported to iDEFENSE via their Vulnerability Contributor Program (http://www.idefense.com/poi/teams/vcp.jsp). - -- Our Code, Our Bugs, Our Responsibility. -- The Samba Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2....

Bill Moran wrote: > This report seems pretty vague. I'm unsure as to whether the alleged > "bug" gives the user any more permissions than he'd already have? Anyone > know any details? This is a local denial of service bug, which was fixed 6 weeks ago in HEAD and RELENG_6. There is no opportunity for either remote denial of service or any privilege escalation. >

...-04:04.tcp Security Advisory The FreeBSD Project Topic: many out-of-sequence TCP packets denial-of-service Category: core Module: kernel Announced: 2004-03-02 Credits: iDEFENSE Affects: All FreeBSD releases Corrected: 2004-03-02 17:19:18 UTC (RELENG_4) 2004-03-02 17:24:46 UTC (RELENG_5_2, 5.2.1-RELEASE-p1) 2004-03-02 17:26:33 UTC (RELENG_4_9, 4.9-RELEASE-p3) 2004-03-02 17:27:47 UTC (RELENG_4_8, 4.8-RELEASE-p16) C...

...not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. ======= Credits ======= This security issue was reported to Samba developers by iDEFENSE Labs. The vulnerability was discovered by Greg MacManus, iDEFENSE Labs. ========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ========================================================== -----BEGIN PGP SIGNATURE----- Version: G...

...mediately possible, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html ======= Credits ======= This vulnerability was discovered by an anonymous researcher and reported to Samba developers by Joshua J. Drake, iDefense Labs (http://www.idefense.com/), as part of their Vulnerability Contributor Program. The time line is as follows: * May 7, 2007: Initial defect disclosure to the security@samba.org email alias. * May 7, 2007: Initial developer response by Samba developer Gerald Carter. * May 9, 2007: Patch re...

...<affects> <package> <name>clamav</name> <range><ge>0.90rc3</ge><lt>0.90.2</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>iDefense Security Advisory 04.16.07:</p> <blockquote cite="http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=513"> <p>Remote exploitation of a buffer overflow vulnerability in Clam AntiVirus' ClamAV allows attackers to execute arbitrary code w...

...eBSD-SA-05:01.telnet Security Advisory The FreeBSD Project Topic: telnet client buffer overflows Category: contrib Module: contrib/telnet Announced: 2005-03-28 Credits: iDEFENSE Affects: All FreeBSD releases prior to 5.4-RELEASE Corrected: 2005-03-28 15:50:00 UTC (RELENG_5, 5.4-PRERELEASE) 2005-03-28 15:48:00 UTC (RELENG_4, 4.11-STABLE) 2005-03-28 15:52:00 UTC (RELENG_5_3, 5.3-RELEASE-p6) 2005-03-28 15:57:00 UTC (...

...Security Advisory The FreeBSD Project Topic: CVS Category: contrib Module: cvs Announced: 2004-09-19 Credits: Stefan Esser, Sebastian Krahmer, Derek Price iDEFENSE Affects: All FreeBSD versions Corrected: 2004-06-29 16:10:50 UTC (RELENG_4) 2004-09-19 22:26:22 UTC (RELENG_4_10, 4.10-RELEASE-p3) 2004-09-19 22:27:36 UTC (RELENG_4_9, 4.9-RELEASE-p12) 2004-09-19 22:28:14 UTC (RELENG_4_8, 4.8-RELEASE-p25)...

...Security Advisory The FreeBSD Project Topic: CVS Category: contrib Module: cvs Announced: 2004-09-19 Credits: Stefan Esser, Sebastian Krahmer, Derek Price iDEFENSE Affects: All FreeBSD versions Corrected: 2004-06-29 16:10:50 UTC (RELENG_4) 2004-09-19 22:26:22 UTC (RELENG_4_10, 4.10-RELEASE-p3) 2004-09-19 22:27:36 UTC (RELENG_4_9, 4.9-RELEASE-p12) 2004-09-19 22:28:14 UTC (RELENG_4_8, 4.8-RELEASE-p25)...

...may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - -------- Both security issues were reported to Samba developers by iDEFENSE (http://www.idefense.com/). Karol Wiesek is credited with this discovery. - -- Our Code, Our Bugs, Our Responsibility. -- The Samba Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBW91mIR7qMdg1EfY...

...may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - -------- Both security issues were reported to Samba developers by iDEFENSE (http://www.idefense.com/). Karol Wiesek is credited with this discovery. - -- The source code can be downloaded from : http://download.samba.org/samba/ftp/ The uncompressed tarball and patch file have been signed using GnuPG. The Samba public key is available at http://download.samba.org/...

...may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - -------- Both security issues were reported to Samba developers by iDEFENSE (http://www.idefense.com/). Karol Wiesek is credited with this discovery. - -- Please report any security related issues to <security@samba.org> Our Code, Our Bugs, Our Responsibility. -- The Samba Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment:...

...t may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - -------- This security issue was reported to Samba developers by iDEFENSE (http://www.idefense.com/). Karol Wiesek is credited with this discovery. - -- Our Code, Our Bugs, Our Responsibility. -- The Samba Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBj7G0IR7qMdg1EfYRA...

...not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. ======= Credits ======= This security issue was reported to Samba developers by iDEFENSE Labs. The vulnerability was discovered by Greg MacManus, iDEFENSE Labs. ========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ========================================================== -----BEGIN PGP SIGNATURE----- Version: G...

...may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - -------- Both security issues were reported to Samba developers by iDEFENSE (http://www.idefense.com/). Karol Wiesek is credited with this discovery. - -- Our Code, Our Bugs, Our Responsibility. -- The Samba Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBW91bIR7qMdg1EfYR...

...may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - -------- Both security issues were reported to Samba developers by iDEFENSE (http://www.idefense.com/). Karol Wiesek is credited with this discovery. - -- The source code can be downloaded from : http://download.samba.org/samba/ftp/ The uncompressed tarball and patch file have been signed using GnuPG. The Samba public key is available at http://download.samba.org/...

...may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - -------- Both security issues were reported to Samba developers by iDEFENSE (http://www.idefense.com/). Karol Wiesek is credited with this discovery. - -- Please report any security related issues to <security@samba.org> Our Code, Our Bugs, Our Responsibility. -- The Samba Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment:...