Q&A: Evans says feds steaming ahead on cybersecurity plan, but with privacy in mind

 ( 630 days 11 hours ago)

Karen Evans, the federal government's de facto CIO, said in an interview that an expanded network security initiative ordered by President Bush will be carried out "in a very transparent way."

[ MDVSA-2008:056 ] - Updated gnumeric packages fix vulnerability

 ( 630 days 12 hours ago)

Mandriva Linux Security Advisory MDVSA-2008:056 Package : gnumeric Date : February 29, 2008 Affected: 2007.1, 2008.0 Problem Description: A vulnerability was found in the excelreadHLINK function in the Microsoft Excel plugin in Gnumeric prior to version 1.8.1 that would ...

[USN-582-1] Thunderbird vulnerabilities

 ( 630 days 12 hours ago)

Ubuntu Security Notice USN-582-1 February 29, 2008 mozilla-thunderbird, thunderbird vulnerabilities CVE-2008-0304, CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0418, CVE-2008-0420 A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. ...

rPSA-2008-0094-1 kernel

 ( 630 days 12 hours ago)

rPath Security Advisory: 2008-0094-1 Published: 2008-02-29 Products: rPath Linux 1 rPath Appliance Platform Linux Service 1 Rating: Major Exposure Level Classification: Local User Deterministic Denial of Service Updated Versions: kernel=conary.rpath.comatrpl:1-vmware/2.6.22.19-0.1-1 kernel=conary.rpath.comatrpl:1/2.6.22.19-0.1-1 kernel=rap.rpath.comatrpath:linux-1/2.6.22.19-1-1 rPath Issue Tracking System: References: Description: ...

rPSA-2008-0093-1 thunderbird

 ( 630 days 12 hours ago)

rPath Security Advisory: 2008-0093-1 Published: 2008-02-29 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: thunderbird=conary.rpath.comatrpl:1/2.0.0.12-0.1-1 rPath Issue Tracking System: References: Description: Previous versions of the thunderbird package are vulnerable to several ...

Release: Pass-The-Hash toolkit v1.3

 ( 630 days 12 hours ago)

SOURCE CODE: BINARIES: DOCUMENTATION: WHATSNEW: Pass-The-Hash Toolkit 1.3 by Hernan Ochoa (hochoaatcoresecurity.com, hernanatgmail.com) What's new?: * PASSTHEHASH.IDC: This .IDC IDA Pro script can be used to obtain the addresses iam and whosthere need to obtain/modify logon session credentials. Load LSASRV.DLL ...

rPSA-2008-0092-1 tshark wireshark

 ( 630 days 12 hours ago)

rPath Security Advisory: 2008-0092-1 Published: 2008-02-29 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Indirect User Deterministic Denial of Service Updated Versions: tshark=conary.rpath.comatrpl:1/0.99.8-0.1-1 wireshark=conary.rpath.comatrpl:1/0.99.8-0.1-1 rPath Issue Tracking System: References: Description: Previous versions of the wireshark package are vulnerable ...

rPSA-2008-0091-1 cups

 ( 630 days 12 hours ago)

rPath Security Advisory: 2008-0091-1 Published: 2008-02-29 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Remote Deterministic Denial of Service Updated Versions: cups=conary.rpath.comatrpl:1/1.1.23-14.6-1 rPath Issue Tracking System: References: Description: Previous versions of the cups package are vulnerable to multiple Denial ...

netOffice Dwins 1.3 Remote code execution.

 ( 630 days 12 hours ago)

netOffice Dwins 1.3 Remote code execution. Product: netOffice Dwins Version: 1.3 p2 Vendor: Date: 02/29/08 - Introduction "netOffice Dwins is a free web based time tracking, timesheet, and project management environment." - Details It is possible for an attacker to bypass authorization, upload arbitrary ...

Mandriva: 'ghostscript' arbitrary code execution

 ( 630 days 13 hours ago)

LinuxSecurity.com: Chris Evans found a buffer overflow condition in Ghostscript, which can lead to arbitrary code execution as the user running any application using it to process a maliciously crafted Postscript file. The updated packages have been patched to prevent this issue.

Centreon <= 1.4.2.3 (index.php) Remote File Disclosure

 ( 630 days 17 hours ago)

[] Info: [] Software: Centreon <= 1.4.2.3 [] HomePage: [] Exploit: Remote File Disclosure [High] [] Where: include/doc/index.php [] Bug Found By: Jose Luis Góngora FernándezJosS [] Contact: sys-project[at]hotmail.com [] Web: [] Spanish Hackers Team [SHT] [] Bug In include/doc/index.php: [] line 33: $doc = fopen("../doc/".$oreon->user->getlang()."/".$GET["page"], "r"); ...

Ghostscript buffer overflow

 ( 630 days 17 hours ago)

Hi, Buffer overflow in Ghostscript. A useful attack vector because a lot of UNIX workstations will put PS files on the web through Ghostscript. The problem is a stack-based buffer overflow in the zseticcspace() function in zicc.c. The issue is over-trust of the length of a ...

[ MDVSA-2008:055 ] - Updated ghostscript packages fix arbitrary code execution vulnerability

 ( 630 days 17 hours ago)

Mandriva Linux Security Advisory MDVSA-2008:055 Package : ghostscript Date : February 29, 2008 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 Problem Description: Chris Evans found a buffer overflow condition in Ghostscript, which can ...

PHPMyTourney Remote file include Vulnerability

 ( 630 days 17 hours ago)

Hello PHPMyTourney Remote file include Vulnerability Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : Email Address : securityatsoqor.net home page : Script : PHPMyTourney vulnerable file : phpmytourney/sources/tourney/index.php code $page = $GET['page']; if(isset($page)) include($page . '.php'); ...

Re: Loginwindow.app and Mac OS X

 ( 630 days 17 hours ago)

On Thu, Feb 28, 2008 at 06:28:51PM -0800, Jacob Appelbaum wrote: > oc photon wrote: net> wrote: > >> Moin moin Bugtraq readers, > >> > >> Bill Paul and I have discovered that LoginWindow.app doesn't clear > >> credentials after a user is authenticated. ...

Re: Loginwindow.app and Mac OS X

 ( 630 days 17 hours ago)

oc photon wrote: net> wrote: >> Moin moin Bugtraq readers, >> >> Bill Paul and I have discovered that LoginWindow.app doesn't clear >> credentials after a user is authenticated. > This has already been discovered in 2004. While the author only looks ...

Re: Loginwindow.app and Mac OS X

 ( 630 days 17 hours ago)

n Thu, Feb 28, 2008 at 1:56 PM, Jacob Appelbaum wrote: > Moin moin Bugtraq readers, > > Bill Paul and I have discovered that LoginWindow.app doesn't clear > credentials after a user is authenticated. This has already been discovered in 2004. While the author only looks ...

Beehive/SendFile.NET - Secure File Transfer Appliance Hardcoded Credentials

 ( 630 days 17 hours ago)

Title: Beehive/SendFile.NET - Secure File Transfer Appliance Hardcoded Credentials Vendor: Beehive Software Vendor URL: Affected File: [ >>> ]/sfcommon/SendFile.jar Vendor Contact Date: 7/26/2007 Vendor Response: None Workaround: The simplest way to protect against this attack is to block access to unnecessary services (e.g FTP) from the internet. ...

Feds downplay privacy fears on plan to expand monitoring of government networks

 ( 631 days 3 hours ago)

At a congressional hearing, federal officials said a network monitoring initiative ordered by President Bush is aimed only at improving the government's ability to detect and stop cyberattacks.

[ MDVSA-2008:054 ] - Updated dbus packages fix vulnerability

 ( 631 days 4 hours ago)

Mandriva Linux Security Advisory MDVSA-2008:054 Package : dbus Date : February 28, 2008 Affected: 2007.0, 2007.1, 2008.0 Problem Description: A vulnerability was discovered by Havoc Pennington in how the dbus-daemon applied its security policy. A user with the ability ...

Loginwindow.app and Mac OS X

 ( 631 days 4 hours ago)

Moin moin Bugtraq readers, Bill Paul and I have discovered that LoginWindow.app doesn't clear credentials after a user is authenticated. We discovered this while testing our EFI-based memory recovery utilities discussed recently[0]. We've found that depending on the state of capture, the passwords for ...

rPSA-2008-0082-1 espgs

 ( 631 days 4 hours ago)

rPath Security Advisory: 2008-0082-1 Published: 2008-02-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: espgs=conary.rpath.comatrpl:1/8.15.1-1.5-1 rPath Issue Tracking System: References: Description: Previous versions of the espgs package are vulnerable to an Arbitrary ...

rPSA-2008-0088-1 am-utils

 ( 631 days 4 hours ago)

rPath Security Advisory: 2008-0088-1 Published: 2008-02-28 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Local Non-deterministic Unauthorized Access Updated Versions: am-utils=conary.rpath.comatrpl:1/6.0.9-11.4-1 rPath Issue Tracking System: Description: Previous versions of the am-utils package are vulnerable to an attack ...

rPSA-2008-0086-1 pcre

 ( 631 days 4 hours ago)

rPath Security Advisory: 2008-0086-1 Published: 2008-02-28 Products: rPath Linux 1 rPath Appliance Platform Linux Service 1 Rating: Major Exposure Level Classification: Remote Unauthorized Access Updated Versions: pcre=conary.rpath.comatrpl:1/7.6-0.1-1 rPath Issue Tracking System: References: Description: ...