Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] FLEA-2007-0034-1:

from [Foresight Linux Essential Announcement Service] Network Security [Permanent Link]
Subject: [Full-disclosure] FLEA-2007-0034-1:
Date: Thu, 26 Jul 2007 11:52:21 -0400 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0034-1
Published: 2007-07-26

Rating: Major

Updated Versions:
    lighttpd=/conary.rpath.com@rpl:devel//1/1.4.15-0.3-1
    group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.2-0.6-2

References:
    https://issues.rpath.com/browse/RPL-1550
    https://issues.rpath.com/browse/RPL-1554

Description:
    Previous versions of the lighttpd package are vulnerable to multiple
    attacks, among which remote attackers may circumvent access-control
    settings or crash the server by issuing various malformed or malicious
    requests.  It has not been determined that these vulnerabilities can
    be exploited to execute malicious code.

    lighttpd is configured to be the default web server for the Foresight
    System Manager. If a malicious user were to cause a Denial of Service via
    the above attack vectors, the system would no longer be configurable or
    updateable via the System Manager.

- ---

Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)

iQIVAwUBRqjDLNfwEn07iAtZAQJ/GBAAhfGTlgT8142XQZNzLd2LcWBDHdRJBUZE
ciGE5gcXsD+d/ixh592s+ET4eP9NkjrMKgH42fqW/KN9vEJ5WhZ/0s3dGojiGBEs
FsxU+DFWAa7ACLUt83Izm39HBrHtanzwrHHddkXIkF04Dcv12HoK/1g4imTLFQ9p
3NICH6n/S8G4idpIotbxVvBa+AU7rM/x0m/Ekits8fDybSrFYhLyyWVELWUUB8ww
sxxnCmUfCTw6t4YgTud8BEuEf2zaGNPKybfydCVKpk6YtDzepuS+bDsblDmStA7f
O8pcwz20s8hIspchf9hAeGjsuLYW+oteEuLWcbYmbTd6nNUzk+rh62CwZrrsrsJQ
Ws0vb7fC8wbKlVwUuA746vM0JxPl5b3VeqDSRvc8olRnzx72f4LyGYSsoENxTgv+
toI9RSkAt1/Hl8gcika1tpQ+s8Rex90sBlT47W7kIaD2WP2OqmvR5hpPqusqLA/l
mwi+f0tE/kTAL4vFXOH5+GSTA9q+x6pg0JNhCh/V97Z9RWmVenRoLtxbuznsryez
td+l7fCpkk5950sBWnHCRTdPlrGrumgu9sx7/ZpSYdizqSnSXj8Jex/f2oS6KNG6
8O8BSbdcg5579k7zMzmRC+6IMWlloJToEZ8lbE230JKiXaeVIojprA/i0kRtFzv6
kbnZjntvOCg=
=N9w3
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] FLEA-2007-0034-1:, Foresight Linux Essential Announcement Service <=
Previous by Date:  RE: [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities, Williams, James K
Next by Date:  Dependet Forums (Username Field) Remote SQL Injection, Advisory
Previous by Thread:  [ MDKSA-2007:150 ] - Updated clamav packages fix vulnerabilities, security
Next by Thread:  Dependet Forums (Username Field) Remote SQL Injection, Advisory
Indexes:  [Date] [Thread] [Top] [All Lists]