** This advisory supersedes the IP spoofing portion of CA-95:01. ** It describes denial-of-service attacks through TCP SYN flooding and IP spoofing. Advice about filtering is included.
52e062591c7e9869b251e4205ec6250ca5ac156dba405b1482d50588105faae4This advisory describes a vulnerability in all versions of sendmail prior to 8.7.6, and includes a workaround and patch information.
998a5cd9ce2b9e87b63e0503272f4368f6cf1ba92ea6129af45d3aeb0b7de397** This advisory supersedes CA-93:09 and CA-93:09a. ** It provides information about a vulnerability in the expreserve utility. A workaround and vendor information are included.
5d67e47a10afdc2c890b0693fac3fcae7aa4ae79e6739d23e27d0f949d9e46c2This advisory reports a configuration problem in the floating license server for Adobe FrameMaker (fm_fls). A workaround is provided.
b02d28358d675be8162ff04c3ce6ade3f4b5ff142a7e17582e5a80775e6acf26This advisory describes a vulnerability in the Solaris volume management daemon (vold) and gives a workaround.
2456c89d8f7b0a0a749c3fcf0ffb80e9ceb859033d7d07c13325065dfc4402a4This advisory describes a vulnerability in the Solaris admintool and gives a workaround.
a67fc62c820aac9ee488503d3dba867f74410e0bd3a1058e3c9d42f5ca783d2bThis advisory describes a vulnerability in the Solaris 2.5 kcms programs and suggests a workaround.
9a62a5bd7be91efc27f8127c7c794a6e79c656958e5800630e84e759fbc084f4** This advisory supersedes CA-91:20 and CA-94:04. ** It describes a vulnerability in the lookup subroutine of rdist, for which an exploitation script is available. Vendor information and a pointer to a new version of rdist are included.
22aa745dc6f62c2568343a61b66386bee6c1133ea35cf7e21da38c9fba72a46eThis advisory describes a vulnerability in systems that contain the suidperl program and that support saved set-user-ID and saved set-group-ID. Patch information is included.
3fc97f399a3d3ba7a8e1c5ae55a8c646b8ebf36a73a40ec13a161fabcf25bbe8This advisory describes a vulnerability in the dip program, which is shipped with most Linux systems. Other UNIX systems may also use it. Pointers to dip 3.3.7 are included.
ed591a6b9d53447eea5878fb6f1ffa77bed5b64a763106b5cd2442625952be8fThis advisory warns users not to put interpreters in a Web server's CGI bin directory and to evaluate all programs in that directory.
53753e5bf01f05a243f70609248bfa7a4d0f252272c5a0f2ed66c25b065fac12This advisory was originally released as AUSCERT advisory AA-96.02a. It describes a vulnerability and workarounds for versions of NIS+ in which the access rights on the NIS+ passwd table are left in an unsecure state.
1df885e22aa4d137bafc7e4aad398ff8c524de9b4031db9d76f307cbc7f9e8d4This advisory describes a vulnerability in the rpc.statd (or statd) program that allows authorized users to remove or create any file that a root user can. Vendor information is included.
e09f0d9b98976356ddad749cc029ac07cc36fa0590e1d1822b09e8fe3e9bb14bThis advisory describes a vulnerability in the pcnfsd program (also known as rpc.pcnfsd). A patch is included.
7fd12b4ccccf1b36bafdf25384c161751722c327d3c50316bf3185739d1418c6This advisory describes a vulnerability in the Java bytecode verifier portion of Sun Microsystems' Java Development Kit (JDK) 1.0 and 1.0.1. Workarounds are provided for this product and Netscape Navigator 2.0 and 2.01, which have the JDK built in.
cc70f47d859a0754e88ef63ee0c86b3e5f3bfd4a27039c44fef5f0b4df6b545cThis advisory describes a problem with example CGI code, as found in
5a36824f9034fc19514120426e89567e1db843951c7a1ddf10b5d53f65dfa797This advisory describes a vulnerability in the Netscape Navigator 2.0 Java implementation and in Release 1.0 of the Java Developer's Kit from Sun Microsystems, Inc. Workarounds and pointers to a patch are included.
bbf339ee85871e6bdc4e0accee5513c66ec61321475dac3b989e6e62f82601fdThis advisory describes a vulnerability in network servers that can lead to corrupt information. The advisory includes information on subroutines for validating host names and IP addresses, patches for sendmail, and the status of vendor activity relating to the problem.
ab520e4a498206e5ef116e255eb52739ffea19778c76eb3f80eb83c60e201d9dThis advisory describes a problem with the Kerberos 4 key server, points to patches, and provides vendor information.
de577388a7fd18adc1775697f39ca57df3037dac623db31c1ece854eba136b2fThis advisory describes UDP port denial-of-service attacks, for which an exploitation script has been publicly posted. The advisory includes a workaround.
e2c31f1c00a2288fc396d7cd8eb66db6acc1df86925318aa1a434e911eaa0c6bThis advisory warns readers of attacks on hundreds of Internet sites in which intruders exploit known vulnerabilities, all of which have been addressed in previous CERT advisories. These advisories are listed.
605f919c21d637b5d9f046a226c4c8f9fed3fb781d3039ac6f870f952425140aThis advisory describes a vulnerability in the rpc.ypupdated program, for which an exploitation program has been posted to several newsgroups. The advisory includes vendor information and a workaround.
dfb7d8c41d58a499b0fa774900fe3541554fd48fda6f89dc90cab6f3c4fdf728This advisory describes a vulnerability in the wu-fptd SITE EXEC command and provides solutions for both Linux users and others.
35ecc7741553c9485ddea15365f5c4d40cc623e1c2aeee495baaffe3d76db8adThis advisory points out accounts that are distributed without passwords and urges SGI customers to create passwords for those accounts.
0034542ee4160cb697f2a51a0589e2a130a4ac0fefba087c0674bc2a6996fb50This advisory describes a vulnerability with some telnet daemons and includes patch information from vendors, along with a workaround.
3cf719e0acc122edbbfe59fcfb75f9bd79c54bb101e9faa3d7119f55700f1a27
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed