Displaying 20 results from an estimated 1000 matches similar to: "Fwd: Icecast temp patch (OR: Patches? We DO need stinkin' patches!!@$!)"
2004 Sep 17
1
Fwd: FreeBSD kernel buffer overflow
Can anyone provide more details about the posting below ?
>Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@securityfocus.com>
>List-Help: <mailto:bugtraq-help@securityfocus.com>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
>List-Subscribe:
2004 Aug 06
2
[dizznutt@my.security.nl: icecast 1.3.11 remote shell/root exploit - #temp]
Contrary to the report, this only affect 1.3.x version of icecast, not
_all_ versions.
But this is a serious problem and I do hope you all took my advice last
time and aren't running icecast as root.
I'll try to have a patch today.
jack.
----- Forwarded message from dizznutt@my.security.nl -----
Date: Tue, 2 Apr 2002 07:51:55 +0000 (GMT+00:00)
From: dizznutt@my.security.nl
To:
1999 Jul 30
0
Linux 2.2.10 ipchains Advisory (fwd)
---------- Forwarded message ----------
Received: from lists.securityfocus.com (lists.securityfocus.com [216.102.46.4])
by blues.jpj.net (right/backatcha) with SMTP id VAA15167
for <trevor@JPJ.NET>; Tue, 27 Jul 1999 21:17:48 -0400 (EDT)
Received: (qmail 28179 invoked from network); 27 Jul 1999 19:14:06 -0000
Received: from lists.securityfocus.com (216.102.46.4)
by lists.securityfocus.com
1999 Nov 23
0
DoS with sysklogd, glibc (Caldera) (fwd)
Hi,
This advisory has a bit more than the Red Hat one....
Roger.
----- Forwarded message from Alfred Huger -----
>>From owner-bugtraq@SECURITYFOCUS.COM Mon Nov 22 18:49:41 1999
Approved-By: aleph1@SECURITYFOCUS.COM
Message-ID: <Pine.GSO.4.10.9911220906250.11753-100000@www.securityfocus.com>
Date: Mon, 22 Nov 1999 09:08:08 -0800
X-Reply-To: Alfred Huger
2004 Feb 17
0
OpenSSH 3.7 released (fwd)
Since there never was an answer on the secureshell at securityfocus.com list
to this question, I thought I'd ask you guys on your own list and maybe
I'll even get an answer.
If the answer involves PAM in any way, then the most obvious question
becomes "what about IRIX, Tru64, or any other platforms whose login
procedure does not have PAM?".
----- Forwarded message from Atro
2000 Oct 02
0
(from BugTraq) openssh2.2.p1 - Re: scp file transfer hole
X-PMC-CI-e-mail-id: 13726
Hi,
I have been a successful user of Openssh for some time.
I am attaching two articles from BugTraq.
Hopefully, they show exactly the security problems
reported in the BugTraq mailing list.
[Pity that no one seemed to have bothered to contact the
mailing list(s) for openssh development.]
I am not sure what the right fixes would be.
But at least, people need to be
2002 Mar 22
1
Is OpenSSH vulnerable to the ZLIB problem or isn't it?
SSH.COM says their SSH2 is not vulnerable to the ZLIB problem even though
they use the library (details below). Can OpenSSH say the same thing?
In either case, it seems like there ought to be an openssh-unix-announce
message about what the situation is. I may have missed it, but I don't
believe there was one. Yes, openssh doesn't have its own copy of zlib
source but it would still be
2004 Dec 03
1
[BUGTRAQ] rssh and scponly arbitrary command execution
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[This came over BUGTRAQ this morning. Note the call for volunteers
vis-a-vis rssh.]
- ----- Forwarded message from Jason Wies <jason at xc.net> -----
List-Id: <bugtraq.list-id.securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe at securityfocus.com>
To: bugtraq at securityfocus.com
Cc: rssh-discuss at
2000 Aug 18
0
[RHSA-2000:052-04] Zope update
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Zope update
Advisory ID: RHSA-2000:052-04
Issue date: 2000-08-11
Updated on: 2000-08-18
Product: Red Hat Powertools
Keywords: Zope
Cross references: N/A
2001 Feb 08
0
[CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector vulnerability
CORE SDI
http://www.core-sdi.com
SSH1 CRC-32 compensation attack detector vulnerability
Date Published: 2001-02-08
Advisory ID: CORE-20010207
Bugtraq ID: 2347
CVE CAN: CAN-2001-0144
Title: SSH1 CRC-32 compensation attack detector vulnerability
Class: Boundary Error Condition
Remotely Exploitable: Yes
Locally Exploitable: Yes
Release Mode:
2004 Jun 28
2
Security Vulnerability in Asterisk
The following is pasted from SecurityFocus Newsletter #254:
-------------------------
Asterisk PBX Multiple Logging Format String Vulnerabilities
BugTraq ID: 10569
Remote: Yes
Date Published: Jun 18 2004
Relevant URL: http://www.securityfocus.com/bid/10569
Summary:
It is reported that Asterisk is susceptible to format string
vulnerabilities in its logging functions.
An attacker may use these
2008 Nov 22
0
[patch] [vuxml] net/wireshark: fix DoS in SMTP dissector
>Submitter-Id: current-users
>Originator: Eygene Ryabinkin
>Organization: Code Labs
>Confidential: no
>Synopsis: [patch] [vuxml] net/wireshark: fix DoS in SMTP dissector
>Severity: serious
>Priority: high
>Category: ports
>Class: sw-bug
>Release: FreeBSD 7.1-PRERELEASE i386
>Environment:
System: FreeBSD 7.1-PRERELEASE i386
>Description:
Today the DoS
2003 Sep 17
0
Fwd: [Full-Disclosure] Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]
More patch-o-rama :-(
---Mike
>From: Michal Zalewski <lcamtuf@dione.ids.pl>
>To: bugtraq@securityfocus.com, <vulnwatch@securityfocus.com>,
> <full-disclosure@netsys.com>
>X-Nmymbofr: Nir Orb Buk
>Subject: [Full-Disclosure] Sendmail 8.12.9 prescan bug (a new one)
>[CAN-2003-0694]
>Sender: full-disclosure-admin@lists.netsys.com
>X-BeenThere:
2002 Jun 24
2
Upcoming OpenSSH vulnerability
On Mon, Jun 24, 2002 at 03:00:10PM -0600, Theo de Raadt wrote:
> Date: Mon, 24 Jun 2002 15:00:10 -0600
> From: Theo de Raadt <deraadt at cvs.openbsd.org>
> Subject: Upcoming OpenSSH vulnerability
> To: bugtraq at securityfocus.com
> Cc: announce at openbsd.org
> Cc: dsi at iss.net
> Cc: misc at openbsd.org
>
> There is an upcoming OpenSSH vulnerability that
2002 Jun 24
2
Upcoming OpenSSH vulnerability
On Mon, Jun 24, 2002 at 03:00:10PM -0600, Theo de Raadt wrote:
> Date: Mon, 24 Jun 2002 15:00:10 -0600
> From: Theo de Raadt <deraadt at cvs.openbsd.org>
> Subject: Upcoming OpenSSH vulnerability
> To: bugtraq at securityfocus.com
> Cc: announce at openbsd.org
> Cc: dsi at iss.net
> Cc: misc at openbsd.org
>
> There is an upcoming OpenSSH vulnerability that
2000 Apr 12
0
[SECURITY] RHSA-2000:009-02.text: New gpm packages available
-----BEGIN PGP SIGNED MESSAGE-----
- ---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: gpm
Advisory ID: RHSA-2000:009-02
Issue date: 2000-04-07
Updated on: 2000-04-10
Product: Red Hat Linux
Keywords: gpm gpm-root gid 0 priviledge
Cross references: N/A
-
1999 Nov 30
0
serious Qpopper 3.0 vulnerability (fwd)
Recieved this email on BugTraq today. Take the necessary precautions.
---------- Forwarded message ----------
Date: Tue, 30 Nov 1999 01:53:11 +0100
From: Mixter <mixter@NEWYORKOFFICE.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: serious Qpopper 3.0 vulnerability
Greetings,
There is a remote buffer overflow in the qpop 3.0 server code
that can lead to remote root compromise. Exploit
2002 Apr 20
0
Buffer overflow in OpenSSH 2.2.0-3.1.0
Hi!
I just saw this on bugtraq. Does someone have more details about this?
Subject: OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable
buffer overflow
From: Marcell Fodor <m.fodor at mail.datanet.hu>
Date: 19 Apr 2002 22:42:51 -0000 (Sat 01:42 EEST)
To: bugtraq at securityfocus.com
effect:
local root
vulnerable services:
-pass Kerberos IV TGT
-pass AFS Token
bug
2004 Aug 06
0
icecast security
> maybe an outdated question: there was a message on the
> securityfocus mailing list (bugtraq) today (and several month before)
> about a remote buffer overflow in icecast v1.3.10 (which seems to be a
> package in debian).
> does this affect 1.3.11 too or is the version at
> http://www.icecast.org/download.html fixed?
Point me to a url at bugtraq where I can read a description
2007 Apr 24
0
Asterisk Project Security Adivsory Process
Recent events, including vulnerabilities that were reported and the
subsequent discussions about how they were handled, have made those of
us that manage Asterisk development decide that it is time for the
Asterisk project to have a formal security vulnerability and advisory
reporting process.
Over the next few weeks we will begin to formalize and document this
process on the asterisk.org