Crank is a project to provide a GUI toolkit to facilitate (and where possible, automate) the breaking of classical (pen-and-paper) cryptosystems. Initial focus is on the cryptanalysis of monoalphabetic substitution ciphers.
bf08c5e600f98082bec24ad70656dcb1e9b7e71bf2a24c4229ebe49f897064f7
Bind-tsig.c is a trojan which pretends to be a Bind 8 exploit, but actually attacks dns1.nai.com.
10c2b4ca2df782e81fa88f0f3754c17edbda8d021f0e95790037e92d99e82698
FreeBSD Security Advisory FreeBSD-SA-01:18 - An overflowable buffer related to the processing of transaction signatures (TSIG) exists in all versions of BIND prior to 8.2.3-RELEASE. The vulnerability is exploitable regardless of configuration options and affects both recursive and non-recursive DNS servers.
5e91111bb54539b59b65f448d0e27bdf893cd206dcbc161e9c6cb098614fea12
SuSE Security Announcement SuSE-SA:2001:02 - Kdesu can give users the root password if the 'keep password' option is enabled.
56856c8ac9a58ae68d4160c526bcdd21a888930d51ba0e9c639b25ca63460e51
FreeBSD Security Advisory FreeBSD-SA-01:17 - The exmh2 port, versions prior to 2.3.1, contains a local temp file vulnerability at startup.
96e5fe291b7642d9f29512df60460e31d894dace776d62f0a211213e29fe1b65
FreeBSD Security Advisory FreeBSD-SA-01:16 - The mysql323-server port, versions prior to 3.23.22, and all mysql322-server ports contain remote vulnerabilities. Due to a buffer overflow, a malicious remote user can access to all databases and have the ability to leverage other local attacks as the mysqld user.
5042f4f9576393ff5bc422e393f0fbdaa672752e9ceb13bc6bcfd9a7faf4f68f
FreeBSD Security Advisory FreeBSD-SA-01:15 - The tinyproxy port, versions prior to 1.3.3a, contains remote vulnerabilities: due to a heap overflow, malicious remote users can cause arbitrary code to be executed as the user running tinyproxy.
8ab124d8f193e2fd06bc0b8a238ccead0da8be819e9e440d63812f0b175b987f
FreeBSD Security Advisory FreeBSD-SA-01:14 - The micq port, versions prior to 0.4.6.1, contains a remote vulnerability: due to a buffer overflow, a malicious remote user sending specially-crafted packets may be able to execute arbitrary code on the local system with the privileges of the micq process.
691e5322ca5bbc8ac5680820e80dcfdccf4028b1db7857e4b583b367041adc19
FreeBSD Security Advisory FreeBSD-SA-01:07 - The XFree86-3.3.6 port, versions prior to 3.3.6_1, has multiple vulnerabilities that may allow local or remote users to cause a denial of service attack against a vulnerable X server. Additionally, local users can often obtain elevated privileges. A malformed packet to TCP port 6000 causes the X server to freeze for several minutes. Due to various coding flaws in libX11, privileged programs linked against libX11 allow local users to obtain privileged access. In addition, any application using libICE to listen on a network port can be crashed due to inadequate bounds checking in libICE.
f38b8c5e38dd0bfd7f6a70b76bcfecc7bdd44b20ce9d030ccf9afb74f2db810d
Microsoft Security Advisory MS01-004 - This vulnerability involves a new variant of the "File Fragment Reading via .HTR" vulnerability, previous variants of which were discussed in Microsoft Security Bulletins MS00-031 and MS00-044. Like the original variants, this enables attackers to at fragments of server-side files like .ASP files can be sent to the attacker. Microsoft FAQ on this issue available here.
291b51c24f6a7f084a9b6cb34d89b2cfd78b55d409cf594fa01dac860fe4593c
ISS X-Force is aware of several vulnerabilities in current versions of Internet Software Consortiums Berkeley Internet Name Domain (BIND). There is a buffer overflow present in BIND version 8 that an attacker could use to remotely execute arbitrary code. Version 4 of BIND contains three vulnerabilities, a buffer overflow and a format string vulnerability, both of which allow a remote attacker to execute arbitrary code, and a vulnerability which can expose the environment variables of the BIND server. BIND is the most popular implementation of the Domain Name Service (DNS) protocol. DNS is the Internet protocol that converts host and domain names into their corresponding IP addresses and vice-versa.
5e7225bf4a9af61e978fa9688324e60943dcb7419ee5c653d86f400962442dd1
Weekly Newsletter from Help Net Security - Covers weekly roundups of security events that were in the News the past week. In this issue: Some thoughts on the NSA Linux release, and more.
b28a53f90b67b0ff93d996653c0f1a669499432ce00f55098bded4a2edc5b898