lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 11 Dec 2003 21:13:42 +0000
From: "Peter Winter-Smith" <peter4020@...mail.com>
To: bugs@...uritytracker.com, bugtraq@...urityfocus.com, news@...uriteam.com, vuln@...unia.com, vuln@...urity.nnov.ru, vulndb@...urityfocus.com, vulnwatch@...nwatch.org
Subject: eZ and eZphotoshare fixes


Dear All,

Recently I had found and released details regarding several flaws which
existed in the eZnetwork suite, packages which I have associated with this
particular flaw, or other names used when mentioning the products in
question were:

  + eZ
  + eZnetwork
  + eZphotoshare
  + eZshare
  + eZmeeting

I stated to have found two flaws within the eZnetwork suite; a stack based
buffer overflow, and a heap memory corruption flaw, both of which could
enable malicious individuals to execute arbitrary code on systems running
this software.

eZmeeting's programmers have now fixed all of the issues which I had raised,
and would like to suggest that all their customers update their software
with the latest versions which can be downloaded from their website, or
using the links below:

  + eZ (eZmeeting) (Link may not be populated for the next few days while a
new build is being finalised.)
    + http://www.ezmeeting.com/files/eZ36.EXE

  + eZphotoshare
    + http://www.ezphotoshare.com/files/eZphoto.1.2.1.EXE

I would like to take this opportunity to thank eZmeeting for working with me
to protect their customers, particularly Mr Rosenbloom who has acted very
professionally and has always put emphasis on the importance of a quick but
sound release of a fix at the earliest possible date.

I would like to ask that if possible any security websites or mailing list
archives could associate this fix information with the existing emails
regarding the flaws which I had discovered in eZ and eZphotoshare.

Kindest regards,
- Peter Winter-Smith

_________________________________________________________________
Use MSN Messenger to send music and pics to your friends 
http://www.msn.co.uk/messenger

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ