On Tue, Sep 23, 2003 at 04:13:02PM -0500, Jeff Bender wrote:
> Thanks. Do you happen to have a link where this might be posted?
Well.. Advisory talks about version higher then the one in woody.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNS
Am Dienstag, 23. September 2003 23:48 schrieb Joel HATSCH:
> > > of these fake Microsoft Update emails per day.
> > > The single part MIME filter doesn't seem to catch it though. What
Just a note: Open Antivirus programs like clamav are not perfect, because the
open virus database [1] is still to
ISS announced a remote exploit in proftpd today.
http://xforce.iss.net/xforce/alerts/id/154
Tt mentions a 'maybe' on versions earlier than 1.2.7, woody is 1.2.4. Is
this version affected by this bug, or not?
Greetings,
Arend van Waart
> > My secalert account for these lists is being drenched with 40 to 70
> > of these fake Microsoft Update emails per day.
> > My filters on my client dump them to a Junk folder, but I would
> > prefer it if my Exim filter would do the job at the server level
> > instead. I am running Nigel Metheri
Am Dienstag, 23. September 2003 23:48 schrieb Joel HATSCH:
> > > of these fake Microsoft Update emails per day.
> > > The single part MIME filter doesn't seem to catch it though. What
Just a note: Open Antivirus programs like clamav are not perfect, because the
open virus database [1] is still to
On Tue, Sep 23, 2003 at 04:13:02PM -0500, Jeff Bender wrote:
> Thanks. Do you happen to have a link where this might be posted?
http://bugs.debian.org/212416
Marcin
--
Marcin Owsiany <[EMAIL PROTECTED]> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6
Thanks. Do you happen to have a link where this might be posted?
> -Original Message-
> From: Matt Zimmerman [mailto:[EMAIL PROTECTED] On Behalf Of Matt
Zimmerman
> Sent: Tuesday, September 23, 2003 3:26 PM
> To: 'debian-security@lists.debian.org'
> Subject: Re: ProFTPD ASCII File Remote
ISS announced a remote exploit in proftpd today.
http://xforce.iss.net/xforce/alerts/id/154
Tt mentions a 'maybe' on versions earlier than 1.2.7, woody is 1.2.4. Is
this version affected by this bug, or not?
Greetings,
Arend van Waart
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a sub
On Tue, Sep 23, 2003 at 02:45:24PM -0500, Bender, Jeff wrote:
> Looking for the Debian Woody patch. Anyone know if it is available or if
> this version is exploitable?
According to the maintainer, the version in woody is not affected by this
bug.
--
- mdz
> > My secalert account for these lists is being drenched with 40 to 70
> > of these fake Microsoft Update emails per day.
> > My filters on my client dump them to a Junk folder, but I would
> > prefer it if my Exim filter would do the job at the server level
> > instead. I am running Nigel Metheri
Looking for the Debian Woody patch. Anyone know if it is available or if
this version is exploitable?
-BEGIN PGP SIGNED MESSAGE-
Internet Security Systems Security Brief
September 23, 2003
ProFTPD ASCII File Remote Compromise Vulnerability
Synopsis:
ISS X-Force has discovered a flaw
On Tue, Sep 23, 2003 at 04:13:02PM -0500, Jeff Bender wrote:
> Thanks. Do you happen to have a link where this might be posted?
http://bugs.debian.org/212416
Marcin
--
Marcin Owsiany <[EMAIL PROTECTED]> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6
Thanks. Do you happen to have a link where this might be posted?
> -Original Message-
> From: Matt Zimmerman [mailto:[EMAIL PROTECTED] On Behalf Of Matt
Zimmerman
> Sent: Tuesday, September 23, 2003 3:26 PM
> To: '[EMAIL PROTECTED]'
> Subject: Re: ProFTPD ASCII File Remote Compromise Vuln
On Tue, Sep 23, 2003 at 02:45:24PM -0500, Bender, Jeff wrote:
> Looking for the Debian Woody patch. Anyone know if it is available or if
> this version is exploitable?
According to the maintainer, the version in woody is not affected by this
bug.
--
- mdz
--
To UNSUBSCRIBE, email to [EMAIL
Looking for the Debian Woody patch. Anyone know if it is available or if
this version is exploitable?
-BEGIN PGP SIGNED MESSAGE-
Internet Security Systems Security Brief
September 23, 2003
ProFTPD ASCII File Remote Compromise Vulnerability
Synopsis:
ISS X-Force has discovered a flaw
On Tue, Sep 23, 2003 at 11:21:14AM -0300, Henrique de Moraes Holschuh wrote:
> I have opened #212357 and #212358 against vtun and CIPE due to the recent
> article on their weaknesses as secure VPN tools, and the fact that nothing
> in their descriptions tell the user about the problem.
>
> It has
On Tue, Sep 23, 2003 at 11:21:14AM -0300, Henrique de Moraes Holschuh wrote:
> I have opened #212357 and #212358 against vtun and CIPE due to the recent
> article on their weaknesses as secure VPN tools, and the fact that nothing
> in their descriptions tell the user about the problem.
>
> It has
I have opened #212357 and #212358 against vtun and CIPE due to the recent
article on their weaknesses as secure VPN tools, and the fact that nothing
in their descriptions tell the user about the problem.
It has been suggested that we could change the descriptions (so far so good)
and punt the pack
I have opened #212357 and #212358 against vtun and CIPE due to the recent
article on their weaknesses as secure VPN tools, and the fact that nothing
in their descriptions tell the user about the problem.
It has been suggested that we could change the descriptions (so far so good)
and punt the pack
> There's nothing wrong with offering data over ftp to the general public,
> especially when you can guarantee the contents in some way. There is
> something wrong when you need secure, private transfers.
And what is wrong with it when you need secure, private transfers?
> I wonder though, why
Dariush Pietrzak said:
>> ssh for pretty much everything I can, and otherwise wget. I only
> Could all those security experts recommending using sftp/scp for data
> transfers please explain how did they come to conclusion that creating
> shell accounts is the best way of giving access to few file
> There's nothing wrong with offering data over ftp to the general public,
> especially when you can guarantee the contents in some way. There is
> something wrong when you need secure, private transfers.
And what is wrong with it when you need secure, private transfers?
> I wonder though, why
22 matches
Mail list logo
