search for: securityfocus

Since there never was an answer on the secureshell at securityfocus.com list to this question, I thought I'd ask you guys on your own list and maybe I'll even get an answer. If the answer involves PAM in any way, then the most obvious question becomes "what about IRIX, Tru64, or any other platforms whose login procedure does not have PAM?". ---...

---------- Forwarded message ---------- Received: from lists.securityfocus.com (lists.securityfocus.com [216.102.46.4]) by blues.jpj.net (right/backatcha) with SMTP id VAA15167 for <trevor@JPJ.NET>; Tue, 27 Jul 1999 21:17:48 -0400 (EDT) Received: (qmail 28179 invoked from network); 27 Jul 1999 19:14:06 -0000 Received: from lists.securityfocus.com (216.102.46.4)...

...rce but it would still be helpful to have a statement, especially since it appears under protocol 2 that it's potentially exploitable before authentication. - Dave Dykstra ----- Forwarded message from Erik Parker <eparker at mindsec.com> ----- Mailing-List: contact secureshell-help at securityfocus.com; run by ezmlm List-Post: <mailto:secureshell at securityfocus.com> List-Help: <mailto:secureshell-help at securityfocus.com> List-Unsubscribe: <mailto:secureshell-unsubscribe at securityfocus.com> List-Subscribe: <mailto:secureshell-subscribe at securityfocus.com> Delive...

Recent proftpd security vulnerability release FYI. Ports has latest patched proftpd distribution. -- Jez http://www.munk.nu/ -------------- next part -------------- An embedded message was scrubbed... From: Dave Ahmad <da@securityfocus.com> Subject: ISS Security Brief: ProFTPD ASCII File Remote Compromise Vulnerability (fwd) Date: Tue, 23 Sep 2003 10:25:54 -0600 (MDT) Size: 4588 Url: http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030924/8df8d723/attachment.eml

...w in icecast, is there any "official" security patch against 1.3.11 ? I am reluctant to take any un-official patch like this one ;-) There is nothing on www.icecast.org/releases, maybe it's somewhere else ? Thanks. Alfredo <p><p>>Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@securityfocus.com> >List-Help: <mailto:bugtraq-help@securityfocus.com> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> >List-Subscribe: <mailto:bug...

Can anyone provide more details about the posting below ? >Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@securityfocus.com> >List-Help: <mailto:bugtraq-help@securityfocus.com> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> >List-Subscribe: <mailto:bug...

Hi, This advisory has a bit more than the Red Hat one.... Roger. ----- Forwarded message from Alfred Huger ----- >>From owner-bugtraq@SECURITYFOCUS.COM Mon Nov 22 18:49:41 1999 Approved-By: aleph1@SECURITYFOCUS.COM Message-ID: <Pine.GSO.4.10.9911220906250.11753-100000@www.securityfocus.com> Date: Mon, 22 Nov 1999 09:08:08 -0800 X-Reply-To: Alfred Huger <ah@SECURITYFOCUS.COM> Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.C...

I joined the secureshell at securityfocus.com mailing list yesterday, and posted a message, but it doesn't seem like it ever made it to the list. Anyone know if it's down? Tnx, DR

Hello, anybody knows what happened to the ssh user mailing list on secureshell at securityfocus.com? it seems to be dead for more than two months now. I tried to post, but my postings never appeared on the list. Unfortunately, there's no administrative contact given on the subscription page, so I post to the dev list in the hope that somebody knows what's going on. Sorry for being OT...

Colin, good day! Spotted two patches for x11-servers/xorg-server port: see entries for x11r6.9.0-dbe-render.diff and x11r6.9.0-cidfonts.diff at http://xorg.freedesktop.org/releases/X11R6.9.0/patches/index.html Seems like they are not applied to the xorg-server-6.9.0_5. May be it should be added to the VuXML document? There is a ports/107733 issue that incorporates these patches. May be you

...-------------------------------------------------------+ Port name: acroread5 Affected: versions < acroread-5.06 Status: Fixed Insecure temporary file handling. The acrobatviewer, acroread4, ghostscript, gv, mgv and xpdf ports can also display PDF files. <URL:http://online.securityfocus.com/archive/1/278984> <URL:http://online.securityfocus.com/archive/1/284263> +------------------------------------------------------------------------+ Port name: aide Affected: versions < aide-0.7_1 Status: Fixed The default aide.conf silently fails to check subdirec...

The following is pasted from SecurityFocus Newsletter #254: ------------------------- Asterisk PBX Multiple Logging Format String Vulnerabilities BugTraq ID: 10569 Remote: Yes Date Published: Jun 18 2004 Relevant URL: http://www.securityfocus.com/bid/10569 Summary: It is reported that Asterisk is susceptible to format string vulnerabilitie...

http://www.securityfocus.com/bid/12825/info/ no patch or anything, is there any action on this?

...e is not available. Additionally, advisories and information on security issues in SSH can be obtained from: http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm http://www.core-sdi.com/advisories/buffer_over_ing.htm http://www.core-sdi.com/advisories/ssh-advisory.htm http://www.securityfocus.com.com/bid/2347 http://www.securityfocus.com.com/bid/2222 http://www.securityfocus.com.com/bid/2117 http://www.securityfocus.com.com/bid/1949 http://www.securityfocus.com/bid/1426 http://www.securityfocus.com/bid/1323 http://www.securityfocus.com/bid/1006 http://www.securityfocus.com/bid/84...

Hello, For some reason, I thought little about the "clear" command today.. Let's say a privileged user (root) logs on, edit a sensitive file (e.g, a file containing a password, running vipw, etc) .. then runs clear and logout. Then anyone can press the scroll-lock command, scroll back up and read the sensitive information.. Isn't "clear" ment to clear the

I did not see any commits to the OpenSSL code, recently; is anybody going to commit the fix? See http://www.securityfocus.com/archive/1/480855/30/0 for details ... Regards, STefan

...ffected application. This issue affects OpenSSH 4.3p2; other versions may also be affected. NOTE: This issue affects the portable version of OpenSSH and may not affect OpenSSH running on OpenBSD. Solution: Updates are available. Please see the references for more information. References: http://www.securityfocus.com/bid/28444 http://support.apple.com/kb/HT3137 http://www.openbsd.org/errata41.html http://www.openbsd.org/errata42.html http://www.openbsd.org/errata43.html http://www.openssh.com/txt/release-5.0 http://www.openssh.com http://sourceforge.net/project/shownotes.php?release_id=590180 http://bugs.de...

Good day. Just spotted the new advisory from CORE: http://www.securityfocus.com/archive/1/462728/30/0/threaded Not an expert, but FreeBSD's src/sys/kern/uipc_mbuf2.c has the very simular code. Robert, anyone, could you please check? Thank you. -- Eygene

...---------------------------+ Port name: linux-mozilla, mozilla Affected: versions < linux-mozilla-0.9.9.2002050810 versions < mozilla-1.0.rc1_3,1 Status: Fixed Buffer overflow in Chatzilla. XMLHttpRequest allows reading of local files. <URL:http://online.securityfocus.com/archive/1/270807> +------------------------------------------------------------------------+ Port name: mod_python Affected: versions < mod_python-2.7.8 Status: Fixed A publisher may access an indirectly imported module allowing a remote attacker to call functions from...

...DoS in SMTP dissector >Severity: serious >Priority: high >Category: ports >Class: sw-bug >Release: FreeBSD 7.1-PRERELEASE i386 >Environment: System: FreeBSD 7.1-PRERELEASE i386 >Description: Today the DoS possibility for Wireshark was disclosed via BugTraq list: http://www.securityfocus.com/archive/1/498562/30/0/threaded Vendor acknowledged the existence of this issue and had already patched it in Subversion repository: ----- http://wiki.wireshark.org/Development/Roadmap Complete: * Rev 24989 & Rev 24994 - Support for RFC 2920 SMTP Command Pipelining, which also happens to fi...