Bugtraq mailing list archives
bugtraq () security nnov ru list issues
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Thu, 20 Jun 2002 14:00:51 +0400
Dear bugtraq () securityfocus com, There were few issues reported to bugtraq () security nnov ru list in Russian during last months. This issues have no relation to SECURITY.NNOV team. Please contact authors directly if you have any questions. 1. Dmitry Zubov <dimka at dz.dn.ua> reports vulnerability in APC PowerChute for Windows 95/98: APC (American Power Conversion Corp.) http://www.apc.com PowerChute plus 5.0.2 for Windows 95/98 During installation Program Files\Pwrchute folder is shared as PWRCHUTE world writable without user notification. It makes it possible to trojan program files. References: http://www.security.nnov.ru/search/news.asp?binid=2064 2. A.V. Komlin <avkvladru at mail.ru> reports few vulnerabilities in El Gamal - based algorithms A weakness found in El Gamal - based algorithms allows to create valid signature without knowledge of private key by introducing minor modifications in document. This problem is known to exist in Russian official GOST 34.19-2001 standard. It's not known if it affects ECDSA. There are also few minor problems mostly connected with unclear border values definitions. References: http://www.security.nnov.ru/search/news.asp?binid=1917 http://www.bugtraq.ru/cgi-bin/forum.mcgi?type=sb&b=15&m=46049 3. There was also report by DocSoft <docsoft at mail.ru> on buffer overflow in some older version of ncftpd on Solaris , but I was not able to reproduce it at least on demo version of ncftpd >= 2.5.0 under FreeBSD, so it was bounced. Overflow is on FTP DELE command with buffer > 256 bytes. Feel free to contact DocSoft if you can confirm vulnerability. -- http://www.security.nnov.ru /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } +-------------o66o--+ / |/ You know my name - look up my number (The Beatles)
Current thread:
- bugtraq () security nnov ru list issues 3APA3A (Jun 20)