http://www.seclists.org/lists/bugtraq/2008/May/date.html Latest posts to bugtraq with detailed descriptions fyodor@NOSPAMinsecure.org (fyodor) djeaux@NOSPAMdjeaux.com (djeaux) Scythe 2.10 Sat, 17 May 2008 01:50:05 PDT http://www.djeaux.com/images/scraped_88x31.png http://www.seclists.org/lists/bugtraq/2008/May bugtraq scraped from insecure.org en-us http://www.seclists.org/lists/bugtraq/2008/May/0182.html security@NOSPAMmandriva.com (security_at_mandriva.com) Fri, 16 May 2008 14:33:00 -0600 Mandriva Linux Security Advisory MDVSA-2008:101 Package : rdesktop Date : May 16, 2008 Affected: 2007.1, 2008.0, 2008.1, Corporate 4.0 Problem Description: Several vulnerabilities were discovered in rdesktop, a Remote Desktop Protocol client. An integer underflow vulnerability allowed attackers to cause a ... http://www.seclists.org/lists/bugtraq/2008/May/0181.html security@NOSPAMmandriva.com (security_at_mandriva.com) Fri, 16 May 2008 14:50:00 -0600 Mandriva Linux Security Advisory MDVSA-2008:102 Package : libvorbis Date : May 16, 2008 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 Problem Description: Will Drewry of the Google Security Team reported several ... http://www.seclists.org/lists/bugtraq/2008/May/0180.html noahm@NOSPAMdebian.org (Noah Meyerhans) Fri, 16 May 2008 18:14:27 +0200 - Debian Security Advisory DSA-1576-2 securityatdebian.org Noah Meyerhans May 16, 2008 - Package : openssh Vulnerability : predictable random number generator Problem type : remote Debian-specific: yes CVE Id(s) : CVE-2008-0166 Matt Zimmerman discovered that entries in /.ssh/authorizedkeys with ... http://www.seclists.org/lists/bugtraq/2008/May/0179.html jon+bugtraq2@NOSPAMunequivocal.co.uk (Jon Ribbens) Fri, 16 May 2008 10:44:15 +0100 On Wed, May 14, 2008 at 05:20:52PM -0000, Tom.Donovanatacm.org wrote: > It appears there is little that web servers can do to thwart this, > short of changing all '' characters to %2B. That seems excessive. To be fair, this is what Microsoft has recommended, explicitly for the ... http://www.seclists.org/lists/bugtraq/2008/May/0178.html info@NOSPAMhack.lu (info) Fri, 16 May 2008 08:52:48 +0200 Call for Papers Hack.lu 2008 The purpose of the hack.lu convention is to give an open and free playground where people can discuss the implication of new technologies in society. hack.lu is a balanced mix convention where technical and non-technical ... http://www.seclists.org/lists/bugtraq/2008/May/0177.html zdi-disclosures@NOSPAM3com.com (zdi-disclosures_at_3com.com) Thu, 15 May 2008 15:25:11 -0500 ZDI-08-025: Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability May 15, 2008 -- Affected Vendors: Symantec -- Affected Products: Symantec Altiris Deployment Solution -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 5936. ... http://www.seclists.org/lists/bugtraq/2008/May/0176.html zdi-disclosures@NOSPAM3com.com (zdi-disclosures_at_3com.com) Thu, 15 May 2008 15:23:24 -0500 ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection Vulnerability May 15, 2008 -- Affected Vendors: Symantec -- Affected Products: Symantec Altiris Deployment Solution -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 5935. ... http://www.seclists.org/lists/bugtraq/2008/May/0175.html irvian.info@NOSPAMgmail.com (irvian.info_at_gmail.com) 15 May 2008 16:13:52 -0000 #!/usr/bin/perl -w use LWP::UserAgent; # scripts : SunShop Version 3.5.1 Remote Blind Sql Injection # scripts site : # Discovered # By : irvian # site : # email : irvian.infoatgmail.com print "\r\n[][]\r\n"; print "[]Blind SQL injection []\r\n"; print "[]SunShop Version 3.5.1 []\r\n"; print "[]code by irvian []\r\n"; ... http://www.seclists.org/lists/bugtraq/2008/May/0174.html theresa.walker@NOSPAMdisa.mil (Walker, Theresa A CIV DISA CSD) Wed, 14 May 2008 17:30:24 -0400 Classification: UNCLASSIFIED Caveats: NONE Please advise Theresa Original Message From: nobodyatcisco.com] On Behalf Of Cisco Systems Product Security Incident Response Team Sent: Wednesday, May 14, 2008 12:15 PM To: bugtraqatsecurityfocus.com Cc: psirtatcisco.com Subject: Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities ... http://www.seclists.org/lists/bugtraq/2008/May/0173.html Tom.Donovan@NOSPAMacm.org (Tom.Donovan_at_acm.org) 14 May 2008 17:20:52 -0000 Setting the HTTP response header: Content-Type: text/html; charset=iso-8859-1 or adding the tag: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> or even both - still does not deter IE from scanning the contents and interpreting them as UTF-7 when Encoding=Auto-Select. ... http://www.seclists.org/lists/bugtraq/2008/May/0172.html invalid@NOSPAMemail.add (Robbie Rupinder) Gill) Wed, 14 May 2008 17:07:56 -0700 Aruba Networks Security Advisory Title: Aruba Mobility Controller TACACS User Authentication and Cross Site Scripting Vulnerabilities Aruba Advisory ID: AID-051408 Revision: 1.0 For Public Release on 05/14/2008 1.) TITLE: Mobility Controller TACACS User Authentication Vulnerability SUMMARY ... http://www.seclists.org/lists/bugtraq/2008/May/0171.html mm@NOSPAMdeadbeef.de (mm_at_deadbeef.de) 15 May 2008 05:54:29 -0000 Hi Securityfocus, the debian openssl issue leads that there are only 65.536 possible ssh keys generated, cause the only entropy is the pid of the process generating the key. ... http://www.seclists.org/lists/bugtraq/2008/May/0170.html hadihadi_zedehal_2006@NOSPAMyahoo.com (hadihadi_zedehal_2006_at_yahoo.com) 15 May 2008 03:21:20 -0000 # # # ...::::Kostenloses Linkmanagementscript SQL Injection Vulnerabilities ::::... # Virangar Security Team www.virangar.net Discoverd By :virangar security team(hadihadi) special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all hackerz greetz:to my best friend in the world hadiaryaie2004 & my lovely friend arash(imm02tal) ... http://www.seclists.org/lists/bugtraq/2008/May/0169.html lament.hero@NOSPAMgmail.com (lament hero) Thu, 15 May 2008 00:10:36 +0200 Hello, Please try to understand what we did here. You might be right in here: "As all ISO, UTF-8 and related charsets were 7-bit clean, it's clear that Microsoft err'ed on the side of accepting UTF-7 charset for automatic detection in violation of RFC 2616." ... http://www.seclists.org/lists/bugtraq/2008/May/0168.html jamie@NOSPAMcanonical.com (Jamie Strandboge) Wed, 14 May 2008 16:20:25 -0400 Ubuntu Security Notice USN-612-6 May 14, 2008 openvpn regression A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. ...