search for: securiteam

Hello, There is a new asterisk vulnerability report at this address: http://www.securiteam.com/unixfocus/5HP0H1PB5S.html This is the second security report regarding asterisk for 8 days (http://www.securiteam.com/securitynews/5LP0720B5G.html) Both fixes was reported and fixed silently. My question is: Is it possible in the future such a security problems to be reported in this maili...

Hello, today I found this security report regarding Asterisk SIP Security. http://www.securiteam.com/securitynews/5LP0720B5G.html Maybe It could help somebody who isn't using a newer than 15th of August cvs version. Best regards Lubo

Several people have noticed that SecuriTeam.com is reporting a "FreeBSD ECE flag ipfw protection bypass" exploit. In an effort to save time, let me say this publicly: SecuriTeam.com is three years out of date. This problem was fixed in FreeBSD 3.5-STABLE and 4.2-STABLE in January 2001, and reported in Security Advisory FreeBSD-S...

...an't do the reverse. I found Sebastian Krahmer's OpenSSH Reverse [1] which looks very promising, but it is a few revisions behind. I was wondering if anyone has considered integrating this with the OpenSSH code base. It seems like such a useful feature... Best, Clark [1] http://www.securiteam.com/tools/6I00N0K03K.html http://teso.scene.at/releases/openssh.reverse.tgz Patched OpenSSH (cl+sv) for tunneling firewalls (client connects to server)

...4 uucp.log -rw-r----- 1 root adm 309 Feb 26 2004 uucp.log.0 -rw-rw-r-- 1 root utmp 21120 Jun 17 10:52 wtmp -rw-rw-r-- 1 root utmp 17280 May 31 17:06 wtmp.1 Hope this help debug the issue. -- Noam Rathaus CTO Beyond Security Ltd. http://www.beyondsecurity.com http://www.securiteam.com

...April - Patch available 2012-04-19 * 2012 May/June - No trace of bugfix in svn for 5.3/5.4/trunk although mentioned in bugref #61755 * 2012 June ?- No trace of bugfix in svn for 5.3/5.4/trunk, code ... * 2012 June ?- public disclosure CREDITS: -------- Discovered by 0x721427D8 via BeyondSecurity - SecuriTeam Secure Disclosure Refs: ----- http://php.net/ http://www.php.net/manual/en/intro.pdo.php http://svn.php.net/viewvc/php/php-src/trunk/ext/pdo/ http://www.securiteam.com/ ----- End forwarded message ----- -- - (2^(N-1))

In the process of investigating a Cisco ATA 186 that was locked by Vonage, I found that you can still unlock the device yourself. But there's a catch. The device's design has a great plus: a DIP32 *socketed* SST28SF040A flash chip. I found an 8 digit unlock code at 0x03FA71-0x03FA78. I do not know if that is a standard location. If you have the equipment, you're in luck. But

The basic idea of tattle (http://www.securiteam.com/tools/5JP0520G0Q.html) is that it will go through your /var/logs/messages to find brute force attack attempts on your machine via ssh. It then looks up the abuse records and emails the network owners about the attack. It worked well until the log format changed a little when I updated last and...

...overflow bug was found in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. This bug was found by Adam Zabrocki and reported via SecuriTeam's SSD program. * ssh(1), sshd(8), ssh-agent(1): add protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived fro...