Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: InfoSec News (isn_at_c4i.org)
Date: Fri Sep 27 2002 - 02:06:31 CDT
Forarded from: Kurt Seifried <listuserseifried.org>
I don't mean to be rude but EnGarde is far from "secure". Duct-taping
LIDS on top of the system helps but attackers can still compromise
services, load code into memory and do naughty things. Check out the
following list of advisories for 2002 alone. Please also note that
they haven't issued advisories for the last ~2 months, leaving users
vulnerable to several major issues.
ESA-20020114-001 January 14, 2002 'sudo' MTA invocation as root
ESA-20020114-002 January 14, 2002 'pine' URL handling vulnerability
ESA-20020114-003 January 14, 2002 Several LIDS vulnerabilities
ESA-20020125-004 January 25, 2002 'rsync' signed integer handling
ESA-20020301-005 March 1, 2002 mod_ssl's session caching potential
ESA-20020301-006 March 1, 2002 Several flaws in PHP's MIME parsing.
ESA-20020307-007 March 7, 2002 Local vulnerability in OpenSSH's
ESA-20020311-008 March 11, 2002 Double free() in zlib may lead to
ESA-20020423-009 April 23, 2002 webalizer contains a potentially
exploitable buffer overflow.
ESA-20020429-010 April 29, 2002 sudo heap corruption vulnerability
EBA-20020515-011 May 15, 2002 Fix defaults in php.ini
EBA-20020515-012 May 15, 2002 Minor parsing fixes in Daily
ESA-20020607-013 June 07, 2002 Remote buffer overflow in imap
ESA-20020619-014 June 19, 2002 'apache' chunk handling overflow
ESA-20020625-015 June 25, 2002 openssh: introduce privilege
separation into sshd
ESA-20020702-016 July 02, 2002 several vulnerabilities in the
ESA-20020702-017 July 02, 2002 off-by-one in mod_ssl's
configuration directive handling
ESA-20020724-018 July 24, 2002 Buffer overflow in BIND4-derived
ESA-20020730-019 July 30, 2002 Several vulnerabilities in the
ESA-20020807-020 August 7, 2002 OpenSSL ASN.1 vulnerability fix
Kurt Seifried, kurtseifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.