Bugtraq (bugtraq) Mailing List

[Full-disclosure] [tool] SDT Cleaner 1.0

Wed, 23 Jul 2008 19:49:33 -0300

Posted by Nahuel C. Riva on Jul 23

Hello!

You can find it here:
http://oss.coresecurity.com/projects/sdtcleaner.html

Package:
http://oss.coresecurity.com/repo/SDTCleaner-v1.0.zip

What is the SDT Cleaner?

SDT Cleaner is a tool that intends to clean the SSDT (system service
descriptor table) from hooks.

...

[ MDVSA-2008:154 ] - Updated xemacs packages fix vulnerability

Wed, 23 Jul 2008 17:29:00 -0600

Posted by security_at_mandriva.com on Jul 23

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:154
http://www.mandriva.com/security/
_______________________________________________________________________

...

[SECURITY] [DSA 1616-1] new clamav packages fix denial of service

Thu, 24 Jul 2008 07:36:24 +0000

Posted by Devin Carraway on Jul 24

------------------------------------------------------------------------
Debian Security Advisory DSA-1616-1 security_at_debian.org
http://www.debian.org/security/ Devin Carraway
July 24, 2008 ...

CAU-EX-2008-0002: Kaminsky DNS Cache Poisoning Flaw Exploit

Wed, 23 Jul 2008 18:34:26 -0500

Posted by Iruid on Jul 23

____ ____ __ __
/ \...

[ MDVSA-2008:153 ] - Updated emacs packages fix vulnerability

Wed, 23 Jul 2008 15:56:00 -0600

Posted by security_at_mandriva.com on Jul 23

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:153
http://www.mandriva.com/security/
_______________________________________________________________________

...

Re: Wordpress Malicious File Execution Vulnerability

23 Jul 2008 19:44:51 -0000

Posted by otto_at_ottodestruct.com on Jul 23

('binary' encoding is not supported, stored as-is) Regarding this report of May 2008:
http://www.securityfocus.com/bid/29276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2392

The report is invalid. This is not a vulnerability or a security flaw. Quite frankly, I think it's a joke.

...

[SECURITY] [DSA 1615-1] New xulrunner packages fix several vulnerabilities

Wed, 23 Jul 2008 22:33:58 +0200

Posted by Moritz Muehlenhoff on Jul 23

------------------------------------------------------------------------
Debian Security Advisory DSA-1615-1 security_at_debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 23, 2008 ...

[SECURITY] [DSA 1614-1] New iceweasel packages fix several vulnerabilities

Wed, 23 Jul 2008 22:07:11 +0200

Posted by Moritz Muehlenhoff on Jul 23

------------------------------------------------------------------------
Debian Security Advisory DSA-1614-1 security_at_debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 23, 2008 ...

[USN-628-1] PHP vulnerabilities

Wed, 23 Jul 2008 15:39:07 -0400

Posted by Jamie Strandboge on Jul 23

===========================================================
Ubuntu Security Notice USN-628-1 July 23, 2008
php5 vulnerabilities
CVE-2007-4782, CVE-2007-4850, CVE-2007-5898, CVE-2007-5899,
CVE-2008-0599, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051,
CVE-2008-2107, CVE-2008-2108,...

Vim: Flawed Fix of Arbitrary Code Execution Vulnerability in filetype.vim

Wed, 23 Jul 2008 19:29:01 +0100

Posted by Jan Min on Jul 23

1. SUMMARY

Product : Vim -- Vi IMproved
Version : Tested with Vim 7.2b.10, filetype.vim 2008-07-17
Impact : Arbitrary code execution
Wherefrom: Local and remote
CVE : CVE-2008-2712
Original : http://www.rdancer.org/vulnerablevim-filetype.vim.updated.html
...

[SECURITY] [DSA 1540-3] New lighttpd packages fix regression

Wed, 23 Jul 2008 20:59:43 +0200 (CEST)

Posted by Thijs Kinkhorst on Jul 23

------------------------------------------------------------------------
Debian Security Advisory DSA-1540-3 security_at_debian.org
http://www.debian.org/security/ Thijs Kinkhorst
July 23, 2008 ...

RE: Windows Vista Power Management amp Local Security Policy

Wed, 23 Jul 2008 13:16:06 -0400

Posted by Good Securitypractice on Jul 23

People in this discussion have been focusing on the technical aspects
rather than the people aspect.

The current power management system is MUCH more secure because people
do not have to be given an account on the machine for them to shut it
down.

This is helpful when an admin can not get to...

RE: Windows Vista Power Management amp Local Security Policy

Tue, 22 Jul 2008 18:37:07 -0400

Posted by Abe Getchell on Jul 22

Correct. Power management in Windows Vista is apparently given a pass to
bypass local security policy, which is a bad thing, and sets a bad
precedence. I will leave it to others to exploit this security issue, given
that I know little about the programmatic aspect of power management in
...

AST-2008-011: Traffic amplification in IAX2 firmware provisioning system

Tue, 22 Jul 2008 18:16:07 -0500

Posted by Asterisk Security Team on Jul 22

Asterisk Project Security Advisory - AST-2008-011

+------------------------------------------------------------------------+
| Product | Asterisk...

AST-2008-010: Asterisk IAX POKE resource exhaustion

Tue, 22 Jul 2008 18:15:49 -0500

Posted by Asterisk Security Team on Jul 22

Asterisk Project Security Advisory - AST-2008-010

+------------------------------------------------------------------------+
| Product | Asterisk...