lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: iaf at cert.org (Ian A. Finlay)
Subject: iDEFENSE OSF1/Tru64 3.x vuln clarification

Hi KF et al.,

> This was the information CERT STILL has not released... (included in our
> labor day release)

Most of them have been published (see http://www.kb.cert.org/vuls). Some 
are still pending, and we will get them out as soon as we can. Thanks again 
for reporting these to us Kevin.

VU#612833 08/30/2002 HP Tru64 UNIX "ping" contains locally exploitable 
vulnerability (SSRT2229)
VU#846307 08/30/2002 HP Tru64 UNIX "dxsysinfo" contains buffer overflow 
(SSRT2275)
VU#693803 08/30/2002 HP Tru64 UNIX "dxpause" contains buffer overflow 
(SSRT2275)
VU#584243 08/30/2002 HP Tru64 UNIX "dtsession" contains buffer overflow 
(SSRT2282)
VU#320067 08/30/2002 HP Tru64 UNIX "dtterm" contains buffer overflow 
(SSRT2280)
VU#408771 08/30/2002 HP Tru64 UNIX "mailcv" contains buffer overflow 
(SSRT2193)
VU#506441 08/30/2002 HP Tru64 UNIX ".upd..loader" contains buffer overflow 
(SSRT2275)
VU#416427 05/09/2002 HP Tru64 UNIX "deliver" contains buffer overflow 
(SSRT2275)
VU#567963 08/30/2002 HP Tru64 UNIX "imapd" contains buffer overflow 
(SSRT2275)
VU#531355 08/30/2002 HP Tru64 UNIX "rdist" contains buffer overflow 
(SSRT2275)
VU#916443 09/10/2001 HP Tru64 UNIX "msgchk" contains buffer overflow 
(SSRT2275)
VU#592515 08/30/2002 HP Tru64 UNIX "inc" contains buffer overflow (SSRT2275)
VU#158499 08/30/2002 HP Tru64 UNIX "csh" contains buffer overflow (SSRT2275)
VU#448987 08/30/2002 HP Tru64 UNIX "uucp" contains buffer overflow 
(SSRT2275)
VU#437899 08/30/2002 HP Tru64 UNIX "uux" contains buffer overflow (SSRT2275)
VU#173977 08/30/2002 HP Tru64 UNIX "ps" contains buffer overflow (SSRT2256)
VU#115731 05/22/2002 HP Tru64 UNIX "quot" contains buffer overflow 
(SSRT2191)
VU#435611 08/30/2002 HP Tru64 UNIX "at" contains buffer overflow (SSRT2189)
VU#771155 07/19/2002 HP Tru64 UNIX "ipcs" contains buffer overflow 
(SSRT0794U)
VU#602009 08/30/2002 HP Tru64 UNIX "binmail" contains buffer overflow 
(SSRT0796U)
VU#955065 08/30/2002 HP Tru64 UNIX "lpd" contains buffer overflow (SSRT2275)
VU#651377 08/30/2002 HP Tru64 UNIX "lpr" contains buffer overflow (SSRT2275)
VU#557481 08/30/2002 HP Tru64 UNIX "lpq" contains buffer overflow (SSRT2275)
VU#293305 08/30/2002 HP Tru64 UNIX "lprm" contains buffer overflow 
(SSRT2260)
VU#965097 08/30/2002 HP Tru64 UNIX "lpc" contains buffer overflow (SSRT2260)
VU#629289 08/30/2002 HP Tru64 UNIX "traceroute" contains buffer overflow 
(SSRT2261)
VU#177067 08/01/2002 HP Tru64 UNIX "passwd" contains buffer overflow 
(SSRT2192)
VU#706817 08/31/2002 HP Tru64 UNIX "ypmatch" contains buffer overflow 
(SSRT2277)
VU#193347 04/17/2002 HP Tru64 UNIX contains buffer overflow in libc 
libraries (SSRT2257)

Regards,
Ian

Internet Systems Security Analyst - CERT/CC Operations
Networked Systems Survivability Program
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
CERT (R) Coordination Center             Email: cert@...t.org
Software Engineering Institute           WWW: http://www.cert.org
Carnegie Mellon University               Hotline: +1-412-268-7090
Pittsburgh, PA  USA  15213-3890          FAX: +1-412-268-6989
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ