Archive for August, 2002
OpenSSH Advisory, Patch Released
August 28, 2002
Details and a patch have been issued a day earlier than expected for the OpenSSH security hole uncovered late last week. A vulnerability in the challenge/response authentication mechanism of the OpenSSH daemon, versions 3.3 and earlier, could allow remote superuser compromise. ISS’s advisory has more details (they actually gave the developers a few days before [...]
N-Stealth Scanner 3.5 Released
August 19, 2002
We’re proud to announce the release of the latest build of N-Stealth 3.5 – our premier HTTP security scanning tool. This update includes checks for the most recent web server vulnerabilities, including the Apache Directory Traversal, Sun iPlanet overflow, PHP Gallery code injection bugs, and much more. Check out our N-Stealth page for more information, [...]
Directory Traversal Bug in Non-Unix Apache
August 16, 2002
PivX has released details on the critical Apache security hole for which they gave a vague early warning last week. The web server is vulnerable to a directory traversal attack which can be used to execute arbitrary commands on a system using the cgi-bin. In addition, any file on the system could be read. PivX [...]
