|
Bugtraq
mailing list archives
bugtraq () security nnov ru list issues
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Thu, 20 Jun 2002 14:00:51 +0400
Dear bugtraq () securityfocus com,
There were few issues reported to bugtraq () security nnov ru list in
Russian during last months.
This issues have no relation to SECURITY.NNOV team.
Please contact authors directly if you have any questions.
1. Dmitry Zubov <dimka at dz.dn.ua> reports vulnerability in
APC PowerChute for Windows 95/98:
APC (American Power Conversion Corp.) http://www.apc.com
PowerChute plus 5.0.2 for Windows 95/98
During installation Program Files\Pwrchute folder is shared as
PWRCHUTE world writable without user notification. It makes it
possible to trojan program files.
References:
http://www.security.nnov.ru/search/news.asp?binid=2064
2. A.V. Komlin <avkvladru at mail.ru> reports few vulnerabilities in
El Gamal - based algorithms
A weakness found in El Gamal - based algorithms allows to create
valid signature without knowledge of private key by introducing minor
modifications in document. This problem is known to exist in Russian
official GOST 34.19-2001 standard. It's not known if it affects
ECDSA. There are also few minor problems mostly connected with
unclear border values definitions.
References:
http://www.security.nnov.ru/search/news.asp?binid=1917
http://www.bugtraq.ru/cgi-bin/forum.mcgi?type=sb&b=15&m=46049
3. There was also report by DocSoft <docsoft at mail.ru> on buffer
overflow in some older version of ncftpd on Solaris , but I was not
able to reproduce it at least on demo version of ncftpd >= 2.5.0 under
FreeBSD, so it was bounced. Overflow is on FTP DELE command with
buffer > 256 bytes. Feel free to contact DocSoft if you can confirm
vulnerability.
--
http://www.security.nnov.ru
/\_/\
{ , . } |\
+--oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A }
+-------------o66o--+ /
|/
You know my name - look up my number (The Beatles)
 By Date 
By Thread
Current thread:
- bugtraq () security nnov ru list issues 3APA3A (Jun 20)
|
Intro
