OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: InfoSec News (isn_at_c4i.org)
Date: Fri Sep 27 2002 - 02:06:31 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Forarded from: Kurt Seifried <listuserseifried.org>

    I don't mean to be rude but EnGarde is far from "secure". Duct-taping
    LIDS on top of the system helps but attackers can still compromise
    services, load code into memory and do naughty things. Check out the
    following list of advisories for 2002 alone. Please also note that
    they haven't issued advisories for the last ~2 months, leaving users
    vulnerable to several major issues.

     ESA-20020114-001 January 14, 2002 'sudo' MTA invocation as root
     
     ESA-20020114-002 January 14, 2002 'pine' URL handling vulnerability
     
     ESA-20020114-003 January 14, 2002 Several LIDS vulnerabilities
     
     ESA-20020125-004 January 25, 2002 'rsync' signed integer handling
     vulnerability
          
     ESA-20020301-005 March 1, 2002 mod_ssl's session caching potential
     buffer overflow
          
     ESA-20020301-006 March 1, 2002 Several flaws in PHP's MIME parsing.
          
     ESA-20020307-007 March 7, 2002 Local vulnerability in OpenSSH's
     channel code.
          
     ESA-20020311-008 March 11, 2002 Double free() in zlib may lead to
     buffer overflow.
          
     ESA-20020423-009 April 23, 2002 webalizer contains a potentially
     exploitable buffer overflow.
          
     ESA-20020429-010 April 29, 2002 sudo heap corruption vulnerability
          
     EBA-20020515-011 May 15, 2002 Fix defaults in php.ini
          
     EBA-20020515-012 May 15, 2002 Minor parsing fixes in Daily
     Summaries report.
          
     ESA-20020607-013 June 07, 2002 Remote buffer overflow in imap
     daemon.
          
     ESA-20020619-014 June 19, 2002 'apache' chunk handling overflow
     vulnerability
          
     ESA-20020625-015 June 25, 2002 openssh: introduce privilege
     separation into sshd
          
     ESA-20020702-016 July 02, 2002 several vulnerabilities in the
     OpenSSH daemon
          
     ESA-20020702-017 July 02, 2002 off-by-one in mod_ssl's
     configuration directive handling
          
     ESA-20020724-018 July 24, 2002 Buffer overflow in BIND4-derived
     resolver code
          
     ESA-20020730-019 July 30, 2002 Several vulnerabilities in the
     openssl library.
          
     ESA-20020807-020 August 7, 2002 OpenSSL ASN.1 vulnerability fix
     corrections.

    Kurt Seifried, kurtseifried.org
    A15B BEE5 B391 B9AD B0EF
    AEB0 AD63 0B4E AD56 E574
    http://seifried.org/security/

    -
    ISN is currently hosted by Attrition.org

    To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
    in the BODY of the mail.