AERAsec - Network Security - Eigene Advisories

Network Security

Network Security

Eigene Advisories

Hier finden Sie eine Auswahl unserer eigenen Advisories.
Klicken Sie bitte auf die entsprechende ID, um den Inhalt des jeweiligen Advisories zu sehen.

System:	Kaspersky Anti-Virus für Unix/Linux File Servers
Topic:	Unsichere Berechtigungen im Dateisystem können zu einem lokalen Root-Exploit führen
Links:	AERAsec/kav4unix-local-root-exploit, Secunia #16425, Zone-H #7941, SecurityFocus #14554 SecurePoint OSVDB #18733, FrSIRT 2005-1410, MegaSecurity.org, NNOV.RU, ATHIAS.FR, Heise News, INTEREST Security Base
ID:	ae-200508-029

System:	Verschiedene Anti-Viren-Scanner-Software
Topic:	Dateien, die Escape-Sequenzen im Namen haben führen möglicherweise zur Umgehung des AV-Scans oder zur ungefilterten Protokollierung
Links:	AERAsec/unfiltered-escape-sequences, AERAsec/unfiltered-escape-sequences/samples, Heise Online#57561, SecurityFocus#12793
ID:	ae-200503-020

System:	Verschiedene Applikationen
Topic:	Denial-of-Service durch Dekompressionsbomben
Links:	AERAsec/decompression-bomb-vulnerability ae-200401-020, BugTraq, SecurityFocus/Bugtraq VulnID 9393, FullDisclosure, Packet Storm, HeiseNews, Heise PDA, Handelsblatt, KES, ComputerBase, KoSiB, IT-Audit, PCWorld, TechWorld, InfoWorld.com, InfoWorld NL, ITworld, Computerworld, Business Network Communications, bmonday(dot)com, IDG SE, IDG SG, NetworkWorldFusion, ForbiddenWeb, TrimMail, YOZ, InformIT, DataCompression, The Spam Weblog, LinuxNews PL, Kitetoa, PTnix, Radium Software Development JP, Mozilla/Bugzilla#233262, amavisd-new
ID:	ae-200402-006

System:	Verschiedene Anti-Viren-Scanner-Software
Topic:	Denial-of-Service durch bzip2-Bombe
Links:	AERAsec/bzip2bomb-antivirusengines, BugTraq, FullDisclosure, SecurityFocus/Bugtraq VulnID 9393, HeiseNews, Heise SecurityNews, Heise PDA, Netzzeitung, LOTEK, pro-linux, IT-Audit, RotAlarm, Teccentral.de, The Guardian, SANS, Secunia, ISS, Internet Storm Center, CCIP NZ, OSAC, TechWeb, CompterWeekly, TechWorld, InfoWorld, InternetWeek News, InternetWeek Security, ITnews, SearchSecurity, ComputerCops, CMPnetAsia, OnlyNewZ, Mega Security, DESIGNTECHNICA, TLA, zone-h, Frame 4, Wall Street & Technology, TalkRoot, WhatBoysWant, Lorky Heavy Metal Industries, Security Pipeline, Linux Pipeline, Secure Network Operations, HNS, Security NL, Automatisering Gids, SR.net, ZDNet.NL, clearIT, ZDNet.BE, Manitari.com, Informatica BR, CERT.HU, prog.HU, SG HU, Karpatinfo, nixp.ru, Underground InformatioN Center, InfoBez RU, peko RU, Tradeline RU, codeby RU, compulenta; Chip PL, Security Wortal, FutureWorlds IT, Ironika IT, Computerworld Online IT, TechTown IT, NWI IT Säkerhet&sekretess, Virustorjunta, ITviikko FI, bittivuoto.net, 2ch.net JP, LinuxOnly, Netcenter VN, CNNS.net, AScomputadores, Trend Micro, AMaViS
ID:	ae-200401-020

System:	Check Point FW-1/VPN-1
Topic:	Mögliche DoS Attacke gegen den syslog-Daemon
Links:	AERAsec/Check Point FW-1 syslog-crash, Check Point Alert, Security+Bugware #6087, SecurityTracker#1006355, SecurityFocus/Bugtraq VulnID 7159, SecurityFocus/Bugtraq VulnID 7161, SecAmin#38428, SecuriTeam, WinITSec, SCIP #21
ID:	ae-200303-064

System:	Pyramid BenHur Firewall
Topic:	Portfilter-Regelsatz für aktives FTP resultiert zu einem Sicherheitsrisiko für die Firewall
Links:	ae-200207-028-BenHur-activeFTPruleset, Pyramid, SecuriTeam, Security+Bugware #5548
ID:	ae-200207-028

System:	Linux/Unix
Topic:	Unsicheres Anlegen von Dateien durch uudecode
Links:	AERAsec/uudecode-pipe-exploit code, CVE: CAN-2002-0178, Security Focus #4120, RHSA-2002-065, ae-200205-037, SecurityFocus/Bugtraq VulnID 4742, CERT VU#3360832, CSSA-2002-040, ae-200210-102, OAR-2002:895, ae-200210-110
ID:	ae-200204-033

System:	Diverse Firewall, Caching & Antivirus Proxy Software
Topic:	Umgehen von Sperren bzw. Antivirus-Filtern durch Benutzung der HTTP/CONNECT-Methode
Links:	Squid-Cache/FAQ, SecurityFocus#4131, SecurityFocus/Info-Finjan, CERT VU#150227, CERT VU#868219
ID:	ae-200202-051