Home page logo
/

bugtraq logo Bugtraq mailing list archives

bugtraq () security nnov ru list issues
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Thu, 20 Jun 2002 14:00:51 +0400

Dear bugtraq () securityfocus com,

  There  were  few  issues  reported to bugtraq () security nnov ru list in
  Russian during last months.

  This issues have no relation to SECURITY.NNOV team.
  Please contact authors directly if you have any questions.
  

  1.   Dmitry   Zubov  <dimka  at  dz.dn.ua>  reports  vulnerability  in
  APC PowerChute for Windows 95/98:

   APC  (American  Power  Conversion Corp.) http://www.apc.com
   PowerChute plus 5.0.2 for Windows 95/98

   During  installation  Program  Files\Pwrchute  folder  is  shared  as
   PWRCHUTE  world  writable  without  user  notification.  It  makes it
   possible to trojan program files.

   References:
   http://www.security.nnov.ru/search/news.asp?binid=2064

  2.  A.V.  Komlin <avkvladru at mail.ru> reports few vulnerabilities in
  El Gamal - based algorithms

   A  weakness  found  in  El  Gamal - based algorithms allows to create
   valid signature without knowledge of private key by introducing minor
   modifications  in document. This problem is known to exist in Russian
   official  GOST  34.19-2001  standard.  It's  not  known if it affects
   ECDSA.  There  are  also  few  minor  problems  mostly connected with
   unclear border values definitions.

   References:
   http://www.security.nnov.ru/search/news.asp?binid=1917
   http://www.bugtraq.ru/cgi-bin/forum.mcgi?type=sb&b=15&m=46049


  3.  There  was  also  report by DocSoft <docsoft at mail.ru> on buffer
  overflow  in  some  older version of ncftpd on Solaris , but I was not
  able to reproduce it at least on demo version of ncftpd >= 2.5.0 under
  FreeBSD,  so  it  was  bounced.  Overflow  is on FTP DELE command with
  buffer  >  256  bytes. Feel free to contact DocSoft if you can confirm
  vulnerability.

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   }
+-------------o66o--+ /
                    |/
You know my name - look up my number (The Beatles)


  By Date           By Thread  

Current thread:
  • bugtraq () security nnov ru list issues 3APA3A (Jun 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault