Network Security

AERAsec
Network Security
Eigene Advisories


Hier finden Sie eine Auswahl unserer eigenen Advisories.
Klicken Sie bitte auf die entsprechende ID, um den Inhalt des jeweiligen Advisories zu sehen.



System: Kaspersky Anti-Virus für Unix/Linux File Servers
Topic: Unsichere Berechtigungen im Dateisystem können zu einem lokalen Root-Exploit führen
Links: AERAsec/kav4unix-local-root-exploit, Secunia #16425, Zone-H #7941, SecurityFocus #14554 SecurePoint OSVDB #18733, FrSIRT 2005-1410, MegaSecurity.org,
NNOV.RU, ATHIAS.FR,
Heise News, INTEREST Security Base
ID: ae-200508-029


System: Verschiedene Anti-Viren-Scanner-Software
Topic: Dateien, die Escape-Sequenzen im Namen haben führen möglicherweise zur Umgehung des AV-Scans oder zur ungefilterten Protokollierung
Links: AERAsec/unfiltered-escape-sequences, AERAsec/unfiltered-escape-sequences/samples, Heise Online#57561, SecurityFocus#12793
ID: ae-200503-020


System: Verschiedene Applikationen
Topic: Denial-of-Service durch Dekompressionsbomben
Links: AERAsec/decompression-bomb-vulnerability
ae-200401-020, BugTraq, SecurityFocus/Bugtraq VulnID 9393, FullDisclosure, Packet Storm,
HeiseNews, Heise PDA, Handelsblatt, KES, ComputerBase, KoSiB, IT-Audit,
PCWorld, TechWorld, InfoWorld.com, InfoWorld NL, ITworld, Computerworld, Business Network Communications, bmonday(dot)com, IDG SE, IDG SG, NetworkWorldFusion, ForbiddenWeb, TrimMail, YOZ, InformIT, DataCompression, The Spam Weblog,
LinuxNews PL, Kitetoa, PTnix, Radium Software Development JP,
Mozilla/Bugzilla#233262, amavisd-new
ID: ae-200402-006


System: Verschiedene Anti-Viren-Scanner-Software
Topic: Denial-of-Service durch bzip2-Bombe
Links: AERAsec/bzip2bomb-antivirusengines, BugTraq, FullDisclosure, SecurityFocus/Bugtraq VulnID 9393,
HeiseNews, Heise SecurityNews, Heise PDA, Netzzeitung, LOTEK, pro-linux, IT-Audit, RotAlarm, Teccentral.de,
The Guardian, SANS, Secunia, ISS, Internet Storm Center, CCIP NZ, OSAC, TechWeb, CompterWeekly, TechWorld, InfoWorld, InternetWeek News, InternetWeek Security, ITnews, SearchSecurity, ComputerCops, CMPnetAsia, OnlyNewZ, Mega Security, DESIGNTECHNICA, TLA, zone-h, Frame 4, Wall Street & Technology, TalkRoot, WhatBoysWant, Lorky Heavy Metal Industries, Security Pipeline, Linux Pipeline, Secure Network Operations, HNS,
Security NL, Automatisering Gids, SR.net, ZDNet.NL, clearIT, ZDNet.BE, Manitari.com, Informatica BR, CERT.HU, prog.HU, SG HU, Karpatinfo, nixp.ru, Underground InformatioN Center, InfoBez RU, peko RU, Tradeline RU, codeby RU, compulenta; Chip PL, Security Wortal, FutureWorlds IT, Ironika IT, Computerworld Online IT, TechTown IT, NWI IT Säkerhet&sekretess, Virustorjunta, ITviikko FI, bittivuoto.net, 2ch.net JP, LinuxOnly, Netcenter VN, CNNS.net, AScomputadores,
Trend Micro, AMaViS
ID: ae-200401-020


System: Check Point FW-1/VPN-1
Topic: Mögliche DoS Attacke gegen den syslog-Daemon
Links: AERAsec/Check Point FW-1 syslog-crash, Check Point Alert, Security+Bugware #6087, SecurityTracker#1006355, SecurityFocus/Bugtraq VulnID 7159, SecurityFocus/Bugtraq VulnID 7161, SecAmin#38428, SecuriTeam, WinITSec, SCIP #21
ID: ae-200303-064


System: Pyramid BenHur Firewall
Topic: Portfilter-Regelsatz für aktives FTP resultiert zu einem Sicherheitsrisiko für die Firewall
Links: ae-200207-028-BenHur-activeFTPruleset, Pyramid, SecuriTeam, Security+Bugware #5548
ID: ae-200207-028


System: Linux/Unix
Topic: Unsicheres Anlegen von Dateien durch uudecode
Links: AERAsec/uudecode-pipe-exploit code, CVE: CAN-2002-0178, Security Focus #4120, RHSA-2002-065, ae-200205-037, SecurityFocus/Bugtraq VulnID 4742, CERT VU#3360832, CSSA-2002-040, ae-200210-102, OAR-2002:895, ae-200210-110
ID: ae-200204-033


System: Diverse Firewall, Caching & Antivirus Proxy Software
Topic: Umgehen von Sperren bzw. Antivirus-Filtern durch Benutzung der HTTP/CONNECT-Methode
Links: Squid-Cache/FAQ, SecurityFocus#4131, SecurityFocus/Info-Finjan, CERT VU#150227, CERT VU#868219
ID: ae-200202-051