Moritz Muehlenhoff wrote:
> CVE-2007-3382
>
> It was discovered that single quotes (') in cookies were treated
> as a delimiter, which could lead to an information leak.
>
> CVE-2007-3385
>
> It was discovered that the character sequence \" in cookies was
> handled incorrectly, w
On Sat, Dec 28, 2002 at 12:30:53AM -0500, Phillip Hofmeister wrote:
> All,
>
> In November there was a kernel vulnerability. I don't recall whether a
> DSA was released for 2.4.18 (Debian/Stable). If this has not been
> released will it be any time soon?
Just update the kernel from Sid or somet
On Wed, Dec 25, 2002 at 03:03:19PM +0100, InfoEmergencias - Luis Gomez wrote:
> Hi all
>
> I've been running my company's server with Linux in the same computer for
> about six months. Tonight, when I arrived home (my company is in my house) at
> about 6 a.m., I noticed I could not browse any we
On Tue, Mar 25, 2003 at 09:51:02AM +0100, Pavel Jurus wrote:
> Hello,
> I have seen two or three questions but no answer on this list. What
> is the status of vulnerabilities announced on http://www.openssl.org/
> from 17-Mar-2003 and 19-Mar-2003. Are the debian packages vulnerable?
>
> I'm not su
On Tue, May 27, 2003 at 11:58:21PM -0500, Jayson Vantuyl wrote:
> He appears to modify the kernel image in memory via /dev/kmem (a
> next-generation LKM attack). I've considered removing /dev/kmem (does
> anything use it?) but I don't know about any side effects (and it
> doesn't prevent him mknod
On Tue, Jun 03, 2003 at 10:02:09AM -0400, Phillip Hofmeister wrote:
> On Mon, 02 Jun 2003 at 03:38:21PM -0500, Adam Majer wrote:
> > With something like sendmail or apache, it only needs to see a very
> > limited part of the file system, so even braking these will not do
>
On Thu, Aug 07, 2003 at 07:03:13PM +0200, Thijs Welman wrote:
> Hi,
>
> Thanks. I forgot to mantion that i am subscribed to
> debian-security-announce as well (ofcourse ;)). As far as the kernel
> updates are concerned: i use my own kernel. At this moment that's 2.4.21
> with Alan Cox' patches
On Fri, Aug 22, 2003 at 10:32:27AM -0400, Matt Zimmerman wrote:
> On Wed, Aug 20, 2003 at 05:23:30PM +0200, Adam ENDRODI wrote:
>
> > > You don't need an executable stack to get control of execution, you only
> > > need to be able to change the instruction pointer, which is stored on
> > > the sta
Hi,
I have attached a sample of a log that will break modlogan in Woody -
first run though seems ok, but then modlogan gets screwed up on
subsequent runs; the output hit rate is 1 no next run and then seems to
increment by one on each subsequent run.
I'm not sure if this is some sort of a bu
On Sat, Dec 28, 2002 at 12:30:53AM -0500, Phillip Hofmeister wrote:
> All,
>
> In November there was a kernel vulnerability. I don't recall whether a
> DSA was released for 2.4.18 (Debian/Stable). If this has not been
> released will it be any time soon?
Just update the kernel from Sid or somet
On Wed, Dec 25, 2002 at 03:03:19PM +0100, InfoEmergencias - Luis Gomez wrote:
> Hi all
>
> I've been running my company's server with Linux in the same computer for
> about six months. Tonight, when I arrived home (my company is in my house) at
> about 6 a.m., I noticed I could not browse any we
On Tue, May 27, 2003 at 11:58:21PM -0500, Jayson Vantuyl wrote:
> He appears to modify the kernel image in memory via /dev/kmem (a
> next-generation LKM attack). I've considered removing /dev/kmem (does
> anything use it?) but I don't know about any side effects (and it
> doesn't prevent him mknod
On Tue, Jun 03, 2003 at 10:02:09AM -0400, Phillip Hofmeister wrote:
> On Mon, 02 Jun 2003 at 03:38:21PM -0500, Adam Majer wrote:
> > With something like sendmail or apache, it only needs to see a very
> > limited part of the file system, so even braking these will not do
>
On Thu, Aug 07, 2003 at 07:03:13PM +0200, Thijs Welman wrote:
> Hi,
>
> Thanks. I forgot to mantion that i am subscribed to
> debian-security-announce as well (ofcourse ;)). As far as the kernel
> updates are concerned: i use my own kernel. At this moment that's 2.4.21
> with Alan Cox' patches
On Fri, Aug 22, 2003 at 10:32:27AM -0400, Matt Zimmerman wrote:
> On Wed, Aug 20, 2003 at 05:23:30PM +0200, Adam ENDRODI wrote:
>
> > > You don't need an executable stack to get control of execution, you only
> > > need to be able to change the instruction pointer, which is stored on
> > > the sta
Hi,
I have attached a sample of a log that will break modlogan in Woody -
first run though seems ok, but then modlogan gets screwed up on
subsequent runs; the output hit rate is 1 no next run and then seems to
increment by one on each subsequent run.
I'm not sure if this is some sort of a buff
Dale Amon wrote:
>The question asked was "why is anyone still using telnet
>when there is ssh".
>
>
[snip]
>So no, I was not replying about Debian fixes, I was replying
>to the general question of 'why telnet at all'.
>
>
I know I will open a can of worms here, but telnet might actually be
Michelle Konzack wrote:
>Am 2005-01-30 15:32:25, schrieb Sam Morris:
>
>
>
>>Wow, I missed that! Should not the kernel-image-2.4.28-* packages be
>>removed from the archive, since they are unsupported, and *very*
>>dangerous to use?
>>
>>
>
>Sorry, that I ask, but where ist 2.4.28 ?
>
>The
Hi,
I've uploaded a NMU for wget that should fix the problems with /tmp
symlink attack. I've looked at the sources and it seems that woody is
also affected by this bug
#308622: symlink attack (CAN-2004-2014)
And then there is the other security bug, #261755.
Is wget in woody going to be updated
Martin G.H. Minkler wrote:
Oh, and please take this thread to debian-firewall, I think although
it certainly is security-related, that newsgroup still is the better
choice for firewall questions :-)
This is not a newsgroup.
- Adam
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subjec
Bob Tanner wrote:
>How would one go about getting on the security team?
>
>If the entry into the security team is as convoluted as becoming a debian
>developer I understand why the security team does not have enough active
>members.
>
>
I would assume you need to be a DD before you can join th
Jan Lühr wrote:
>Greetings,
>
>Am Montag, 27. Juni 2005 15:54 schrieb Carl-Eric Menzel:
>
>
>>Does anybody know what the actual problem is, i.e. why there are no
>>updates?
>>
>>
>
>This is not an "actual" problem, this problem is rather imho structual. In
>it's last one to two years Woody
Steve Kemp wrote:
>On Mon, Jun 27, 2005 at 02:36:12PM -0400, Noah Meyerhans wrote:
>
>
>
>>Even allowing uploads from the secretaries could be helpful.
>>
>>
>
> Definitely.
>
> I've got fixed packages available right now for some of the
> bugs which have been raised in this thread, bu
martin f krafft wrote:
>It surprised everyone, even though it was not a real surprise -- if
>that makes sense. The security team has been a major weakness of
>Debian for a while. It was only a question of time until it all came
>down on Joey.
>
>Anyway, if you like Debian, then you should keep usi
- Adam
[1] - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685
--
Adam Majer
ad...@zombino.com
commit c15a8c2e95c7098d2372e10be0a4381c36d4fd3b
Author: Gabe da Silveira
Date: Mon Nov 16 21:17:35 2009 -0800
Make sure strip_tags removes tags which start with a non-printable character
On Mon, Jul 01, 2002 at 09:55:57PM -0700, Rafael wrote:
>
> Email should never be accepted from poorly (or intensionaly baddly) setup
> servers that do not follow RFCs.
>
> by master.debian.org with smtp (Exim 3.12 1 (Debian))
> id 17Ozil-0003W2-00; Mon, 01 Jul 2002 06:51:58 -0500
On Tue, Jul 02, 2002 at 12:05:25AM -0700, Alvin Oga wrote:
> members of a list, should be able to post to the list...
> even if they have broken rr and are listed ( incorrectly ) as
> spammers...
> member's only posting will fix that ..
It sure will, but being this the security list, let
On Thu, Jul 04, 2002 at 09:28:36PM +0200, Ralf Gerlich wrote:
> > > reading message [EMAIL PROTECTED]:7 of 16 (3715 octets)
> > > ...procmail: Program failure (-11) of "/usr/bin/spamassassin"
> > > procmail: Rescue of unfiltered data succeeded
> > > fetchmail: MDA returned nonzero status 62720
> >
> Simple. Random IP-address block scans. Having the box live on the 'net
> alone guarantees that it will get some random hits. Prepare to see lot more
> of them from here-on.
>
> Script-kiddies, trying to find suitable hosts for their mass exploitation
> tools. Worms, eagerly propagating on th
29 matches
Mail list logo
