Displaying 20 results from an estimated 3000 matches similar to: "[labs@idefense.com: iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x]"
2006 Oct 10
3
iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
Bill Moran wrote:
> This report seems pretty vague. I'm unsure as to whether the alleged
> "bug" gives the user any more permissions than he'd already have? Anyone
> know any details?
This is a local denial of service bug, which was fixed 6 weeks ago in HEAD
and RELENG_6. There is no opportunity for either remote denial of service
or any privilege escalation.
>
2004 Nov 08
0
[SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability in Samba 3.0.x <= 3.0.7
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Subject: Potential Remote Denial of Service
CVE #: CAN-2004-0930
Affected
Versions: Samba 3.0.x <= 3.0.7
Summary: A remote attacker could cause and smbd process
to consume abnormal amounts of system resources
due to an input validation error when matching
filenames containing wildcard characters.
Patch Availability
- ------------------
A
2003 Nov 13
2
Apache leaks sensitive info in PHP phpinfo() calls
Hi,
I wanted to get some opinions on this subject before I submit a PR about
it. I don't know if there are any pitfalls with the 'fix' I suggested
and though it best to run it past people here before submitting. If
there's a better place to post this please let me know (freebsd-ports?).
The send-pr output I was about to send explains everything so I'll just
paste it here:
2004 Mar 02
0
FreeBSD Security Advisory FreeBSD-SA-04:04.tcp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-04:04.tcp Security Advisory
The FreeBSD Project
Topic: many out-of-sequence TCP packets denial-of-service
Category: core
Module: kernel
2004 Mar 02
7
FreeBSD Security Advisory FreeBSD-SA-04:04.tcp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-04:04.tcp Security Advisory
The FreeBSD Project
Topic: many out-of-sequence TCP packets denial-of-service
Category: core
Module: kernel
2004 Sep 20
0
FreeBSD Security Advisory FreeBSD-SA-04:14.cvs
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-04:14.cvs.asc Security Advisory
The FreeBSD Project
Topic: CVS
Category: contrib
Module: cvs
Announced: 2004-09-19
Credits: Stefan
2004 Sep 20
0
FreeBSD Security Advisory FreeBSD-SA-04:14.cvs
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-04:14.cvs.asc Security Advisory
The FreeBSD Project
Topic: CVS
Category: contrib
Module: cvs
Announced: 2004-09-19
Credits: Stefan
2004 Feb 18
2
is this mbuf problem real?
BM_207650
MEDIUM
Vulnerability
Version: 1 2/18/2004@03:47:29 GMT
Initial report
<https://ialert.idefense.com/KODetails.jhtml?irId=207650>
ID#207650:
FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability
(iDEFENSE Exclusive): Remote exploitation of a denial of service (DoS)
vulnerability in FreeBSD's memory buffers (mbufs) could allow attackers
to launch a DoS attack.
2005 Mar 28
0
FreeBSD Security Advisory FreeBSD-SA-05:01.telnet
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-05:01.telnet Security Advisory
The FreeBSD Project
Topic: telnet client buffer overflows
Category: contrib
Module: contrib/telnet
Announced:
2004 Jan 06
5
Logging user activities
Hello,
What do you recommend for keeping track of user
activities? For preserving bash histories I followed
these recommendations:
http://www.defcon1.org/secure-command.html
They include using 'chflags sappnd .bash_history',
enabling process accounting, and the like.
My goal is to "watch the watchers," i.e. watch for
abuse of power by SOC people with the ability to view
2004 Sep 13
0
Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Subject: Samba 3.0.x Denial of Service Flaw
Summary: (i) A DoS bug in smbd may allow an
unauthenticated user to cause smbd to
spawn new processes each one entering
an infinite loop. After sending a sufficient
amount of packets it is possible to exhaust
the memory resources on the server.
(ii) A DoS bug in nmbd may allow an attacker
to
2004 Sep 13
0
Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Subject: Samba 3.0.x Denial of Service Flaw
Summary: (i) A DoS bug in smbd may allow an
unauthenticated user to cause smbd to
spawn new processes each one entering
an infinite loop. After sending a sufficient
amount of packets it is possible to exhaust
the memory resources on the server.
(ii) A DoS bug in nmbd may allow an attacker
to
2004 Jan 09
1
Problem with DNS (UDP) queries
Hi all
I am trying to get rid of strings:
kernel: Connection attempt to UDP FREEBSD_IP:port from DNSSERVER_IP:53
on my console and in log file
I understand that those are replies on DNS queries that for some reason
took too long time to be answered.
I do not want to turn off the "log in vain" feature.
As these strings fill up my log I am afraid to miss some sensitive
messages (e.g.
2004 Jan 23
2
keyboard activity logging in FreeBSD
Hi,
I would like to log all keyboard activities in all ttys in my FreeBSD 5.2 box.
Is there anyway to do it? I read the watch man page and it seems like
I should run watch with tty as many times as number of ttys. Am I right?
Also is it possible to do the log in invisible way?
The main reason is to log all commands typed in shell and tty and send the
log to the remote server.
How can I
1998 Dec 22
0
CERT Advisory CA-98.13 - TCP/IP Denial of Service (fwd)
The following advisory was issued by CERT yesterday. Because it affects
FreeBSD systems as well, we are forwarding it to the appropriate FreeBSD
mailing lists. We would like to thanks CERT for cooperation with the
FreeBSD security officer on this subject.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-98-13-tcp-denial-of-service
Original Issue Date: December 21, 1998
Last Revised
2007 May 18
0
RMagick users - ImageMagick security advisory
Please see
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496
for information about a vulnerability in versions of ImageMagick prior
to 6.3.3-5. If you''re using a version of ImageMagick that is
administered by your web host please let them know about this advisory.
--
RMagick [http://rmagick.rubyforge.org]
RMagick Installation FAQ
[da@securityfocus.com: ISS Security Brief: ProFTPD ASCII File Remote Compromise Vulnerability (fwd)]
2003 Sep 23
2
[da@securityfocus.com: ISS Security Brief: ProFTPD ASCII File Remote Compromise Vulnerability (fwd)]
Recent proftpd security vulnerability release FYI. Ports has latest
patched proftpd distribution.
--
Jez
http://www.munk.nu/
-------------- next part --------------
An embedded message was scrubbed...
From: Dave Ahmad <da@securityfocus.com>
Subject: ISS Security Brief: ProFTPD ASCII File Remote Compromise
Vulnerability (fwd)
Date: Tue, 23 Sep 2003 10:25:54 -0600 (MDT)
Size: 4588
Url:
2004 Feb 29
5
mbuf vulnerability
In
http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903
it seems RELENG_4 is vulnerable. Is there any work around to a system that
has to have ports open ?
Version: 1 2/18/2004@03:47:29 GMT
>Initial report
>
<<https://ialert.idefense.com/KODetails.jhtml?irId=207650>https://ialert.idefense.com/KODetails.jhtml?irId=207650;
>ID#207650:
>FreeBSD Memory Buffer
2004 Mar 02
1
Re: FreeBSD Security AdvisoryFreeBSD-SA-04:04.tcp
yes unless you use the version as of :> 2004-03-02 17:24:46
UTC (RELENG_5_2, 5.2.1-RELEASE-p1)
check it out with uname -a
if it does not say -p1
it affects you.
My guess, you are affected :)
cheers
--
Kind regards,
Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene
-----Oorspronkelijk bericht-----
Van:
2008 Jun 11
0
X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
X.Org security advisory, June 11th, 2008
Multiple vulnerabilities in X server extensions
CVE IDs: CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361,
~ CVE-2008-2362
Overview
Several vulnerabilities have been found in the server-side code
of some extensions in the X Window System. Improper validation of
client-provided data can