similar to: Fwd: Icecast temp patch (OR: Patches? We DO need stinkin' patches!!@$!)

Can anyone provide more details about the posting below ? >Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@securityfocus.com> >List-Help: <mailto:bugtraq-help@securityfocus.com> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> >List-Subscribe:

Contrary to the report, this only affect 1.3.x version of icecast, not _all_ versions. But this is a serious problem and I do hope you all took my advice last time and aren't running icecast as root. I'll try to have a patch today. jack. ----- Forwarded message from dizznutt@my.security.nl ----- Date: Tue, 2 Apr 2002 07:51:55 +0000 (GMT+00:00) From: dizznutt@my.security.nl To:

---------- Forwarded message ---------- Received: from lists.securityfocus.com (lists.securityfocus.com [216.102.46.4]) by blues.jpj.net (right/backatcha) with SMTP id VAA15167 for <trevor@JPJ.NET>; Tue, 27 Jul 1999 21:17:48 -0400 (EDT) Received: (qmail 28179 invoked from network); 27 Jul 1999 19:14:06 -0000 Received: from lists.securityfocus.com (216.102.46.4) by lists.securityfocus.com

Hi, This advisory has a bit more than the Red Hat one.... Roger. ----- Forwarded message from Alfred Huger ----- >>From owner-bugtraq@SECURITYFOCUS.COM Mon Nov 22 18:49:41 1999 Approved-By: aleph1@SECURITYFOCUS.COM Message-ID: <Pine.GSO.4.10.9911220906250.11753-100000@www.securityfocus.com> Date: Mon, 22 Nov 1999 09:08:08 -0800 X-Reply-To: Alfred Huger

Since there never was an answer on the secureshell at securityfocus.com list to this question, I thought I'd ask you guys on your own list and maybe I'll even get an answer. If the answer involves PAM in any way, then the most obvious question becomes "what about IRIX, Tru64, or any other platforms whose login procedure does not have PAM?". ----- Forwarded message from Atro

X-PMC-CI-e-mail-id: 13726 Hi, I have been a successful user of Openssh for some time. I am attaching two articles from BugTraq. Hopefully, they show exactly the security problems reported in the BugTraq mailing list. [Pity that no one seemed to have bothered to contact the mailing list(s) for openssh development.] I am not sure what the right fixes would be. But at least, people need to be

SSH.COM says their SSH2 is not vulnerable to the ZLIB problem even though they use the library (details below). Can OpenSSH say the same thing? In either case, it seems like there ought to be an openssh-unix-announce message about what the situation is. I may have missed it, but I don't believe there was one. Yes, openssh doesn't have its own copy of zlib source but it would still be

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [This came over BUGTRAQ this morning. Note the call for volunteers vis-a-vis rssh.] - ----- Forwarded message from Jason Wies <jason at xc.net> ----- List-Id: <bugtraq.list-id.securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe at securityfocus.com> To: bugtraq at securityfocus.com Cc: rssh-discuss at

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Zope update Advisory ID: RHSA-2000:052-04 Issue date: 2000-08-11 Updated on: 2000-08-18 Product: Red Hat Powertools Keywords: Zope Cross references: N/A

CORE SDI http://www.core-sdi.com SSH1 CRC-32 compensation attack detector vulnerability Date Published: 2001-02-08 Advisory ID: CORE-20010207 Bugtraq ID: 2347 CVE CAN: CAN-2001-0144 Title: SSH1 CRC-32 compensation attack detector vulnerability Class: Boundary Error Condition Remotely Exploitable: Yes Locally Exploitable: Yes Release Mode:

The following is pasted from SecurityFocus Newsletter #254: ------------------------- Asterisk PBX Multiple Logging Format String Vulnerabilities BugTraq ID: 10569 Remote: Yes Date Published: Jun 18 2004 Relevant URL: http://www.securityfocus.com/bid/10569 Summary: It is reported that Asterisk is susceptible to format string vulnerabilities in its logging functions. An attacker may use these

>Submitter-Id: current-users >Originator: Eygene Ryabinkin >Organization: Code Labs >Confidential: no >Synopsis: [patch] [vuxml] net/wireshark: fix DoS in SMTP dissector >Severity: serious >Priority: high >Category: ports >Class: sw-bug >Release: FreeBSD 7.1-PRERELEASE i386 >Environment: System: FreeBSD 7.1-PRERELEASE i386 >Description: Today the DoS

More patch-o-rama :-( ---Mike >From: Michal Zalewski <lcamtuf@dione.ids.pl> >To: bugtraq@securityfocus.com, <vulnwatch@securityfocus.com>, > <full-disclosure@netsys.com> >X-Nmymbofr: Nir Orb Buk >Subject: [Full-Disclosure] Sendmail 8.12.9 prescan bug (a new one) >[CAN-2003-0694] >Sender: full-disclosure-admin@lists.netsys.com >X-BeenThere:

On Mon, Jun 24, 2002 at 03:00:10PM -0600, Theo de Raadt wrote: > Date: Mon, 24 Jun 2002 15:00:10 -0600 > From: Theo de Raadt <deraadt at cvs.openbsd.org> > Subject: Upcoming OpenSSH vulnerability > To: bugtraq at securityfocus.com > Cc: announce at openbsd.org > Cc: dsi at iss.net > Cc: misc at openbsd.org > > There is an upcoming OpenSSH vulnerability that

On Mon, Jun 24, 2002 at 03:00:10PM -0600, Theo de Raadt wrote: > Date: Mon, 24 Jun 2002 15:00:10 -0600 > From: Theo de Raadt <deraadt at cvs.openbsd.org> > Subject: Upcoming OpenSSH vulnerability > To: bugtraq at securityfocus.com > Cc: announce at openbsd.org > Cc: dsi at iss.net > Cc: misc at openbsd.org > > There is an upcoming OpenSSH vulnerability that

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: gpm Advisory ID: RHSA-2000:009-02 Issue date: 2000-04-07 Updated on: 2000-04-10 Product: Red Hat Linux Keywords: gpm gpm-root gid 0 priviledge Cross references: N/A -

Recieved this email on BugTraq today. Take the necessary precautions. ---------- Forwarded message ---------- Date: Tue, 30 Nov 1999 01:53:11 +0100 From: Mixter <mixter@NEWYORKOFFICE.COM> To: BUGTRAQ@SECURITYFOCUS.COM Subject: serious Qpopper 3.0 vulnerability Greetings, There is a remote buffer overflow in the qpop 3.0 server code that can lead to remote root compromise. Exploit

Hi! I just saw this on bugtraq. Does someone have more details about this? Subject: OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow From: Marcell Fodor <m.fodor at mail.datanet.hu> Date: 19 Apr 2002 22:42:51 -0000 (Sat 01:42 EEST) To: bugtraq at securityfocus.com effect: local root vulnerable services: -pass Kerberos IV TGT -pass AFS Token bug

> maybe an outdated question: there was a message on the > securityfocus mailing list (bugtraq) today (and several month before) > about a remote buffer overflow in icecast v1.3.10 (which seems to be a > package in debian). > does this affect 1.3.11 too or is the version at > http://www.icecast.org/download.html fixed? Point me to a url at bugtraq where I can read a description

Recent events, including vulnerabilities that were reported and the subsequent discussions about how they were handled, have made those of us that manage Asterisk development decide that it is time for the Asterisk project to have a formal security vulnerability and advisory reporting process. Over the next few weeks we will begin to formalize and document this process on the asterisk.org