Kernelpanik Labs Digest 2005-1

["Kernelpanik Labs - Security Lists" <seclists () kernelpanik org>]

Hi and happy new year.

This is a email digest with security fails recently published by
Kernelpanik Labs (http://www.kernelpanik.org)

Apache suEXEC Bypass
--------------------
Small document about how bypass isolating
procedures, i.e. suEXEC, in Apache WebServer.
English document: http://www.kernelpanik.org/docs/kernelpanik/suexec.en.pdf
Spanish document: http://www.kernelpanik.org/docs/kernelpanik/suexec.es.pdf
Author: frame at kernelpanik.org
 
Amphora Gate StandAlone
-----------------------
Security fails in this captive portal
Spanish document:
http://www.kernelpanik.org/docs/kernelpanik/amphora.pdf
Author: madj0ker at kernelpanik.org
 
Virtual Hosting Control System v2.2
-----------------------------------
Remote code execution in this control panel
Spanish document:
http://www.kernelpanik.org/docs/kernelpanik/vhcs22.txt
English document: http://www.kernelpanik.org/docs/kernelpanik/vhcs22.en.txt
Author: frame at kernelpanik.org
 
GreyMatter 1.3
--------------
Some security fails: race condition and XSS's
Spanish document: 
http://www.kernelpanik.org/docs/kernelpanik/greym13.txt
English document: http://www.kernelpanik.org/docs/kernelpanik/greym13.en.txt
Author: frame at kernelpanik.org
 
That's is all.
 
PD1: MaDj0kEr won't translate his stuff to shakespeare language 'cause
don't think anyone there uses amphora.
 
PD2: If you learn spanish, you'll avoid our scary translations and enjoy
more our jokes.
 
PD3: Dunno why people in securityfocus block our email... so from now,
we'll send advisories to both lists.
 
-- 
Kernelpanik Labs - kpk () kernelpanik org
http://www.kernelpanik.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html