+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| January 14th, 2005 Volume 6, Number 2a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@private ben@private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
This week, advisories were released for php, ethereal, krb, kerberos,
lintian, kdelibs, linpopup, bmv, exim, libc6, exim-tls, gopher, libtiff,
gtk, selinux-policy-targeted, epiphany, kernel, yum, samba, cups,
subversion, vim, samba, gdpdf, dillo, tikiwiki, pdftohelp, mpg123,
imlib2, poppassed_pam, kde, nfs-utils, hylafax, fcron, lesstif,
and unarj. The distributors include Contectiva, Debian, Fedora,
Gentoo, Mandrake, Red Hat, SuSE, Trustix, and TurboLinux.
----
Internet Productivity Suite: Open Source Security
Trust Internet Productivity Suite's open source architecture to give
you the best security and productivity applications available.
Collaborating with thousands of developers, Guardian Digital security
engineers implement the most technologically advanced ideas and
methods into their design.
http://store.guardiandigital.com/html/eng/products/software/ips_overview.sh=
tml
---
Ape about EtherApe
It is always the same scene in Hollywood films. The networks are
penetrated; cryptic images and characters are scrolling across the
screen. We're being hacked! Did you ever wish you could keep a closer
eye on your network? Sure we have sniffers and other tools, but did
you ever want something graphical?
I've always been a huge fan of ntop, but feel that it lacks on graphical
end. My curiosity drives the question, what is happening on my network?
Another interesting program that I enjoy using is EtherApe. It is a
network monitor that displays traffic graphically. It supports a wide
range of protocols and network types. The display is color-coded allowing
users to quickly understand the type of traffic on a network.
The project is several years old, originally being based on etherman.
It is licensed under the GPL and is currently packaged for many
different Linux distributions. The hardware requirements are minimal,
however it does require you to use X and have libcap installed.
With EtherApe you'll find the network monitoring has never been this
fun. On an active network, one can easily be drawn to just watching
the activity. It can be a very useful tool, but the entertainment
value should not be discounted.
One of the most useful features of EtherApe is the dynamic graphic
images it creates. These can be used to further explain concepts or
attacks methodologies to business decision makers who wouldn't normally
understand the output of tcpdump.
More information about EtherApe can be found at the project
website: http://etherape.sourceforge.net/
Also, for those of you who are just curious, severals screenshots
are also available: http://etherape.sourceforge.net/images/
Until next time, cheers!
Benjamin D. Thomas
----------------------
Encrypting Shell Scripts
Do you have scripts that contain sensitive information like
passwords and you pretty much depend on file permissions to keep
it secure? If so, then that type of security is good provided
you keep your system secure and some user doesn't have a "ps -ef"
loop running in an attempt to capture that sensitive info (though
some applications mask passwords in "ps" output).
http://www.linuxsecurity.com/content/view/117920/49/
---
A 2005 Linux Security Resolution
Year 2000, the coming of the new millennium, brought us great joy
and celebration, but also brought great fear. Some believed it would
result in full-scale computer meltdown, leaving Earth as a nuclear
wasteland. Others predicted minor glitches leading only to
inconvenience. The following years (2001-2004) have been tainted
with the threat of terrorism worldwide.
http://www.linuxsecurity.com/content/view/117721/49/
---
State of Linux Security 2004
In 2004, security continued to be a major concern. The beginning of the
year was plagued with several kernel flaws and Linux vendor advisories
continue to be released at an ever-increasing rate. This year, we have
seen the reports touting Window's security superiority, only to be
debunked by other security experts immediately after release. Also,
Guardian Digital launched the new LinuxSecurity.com, users continue to
be targeted by automated attacks, and the need for security awareness
and education continues to rise.
http://www.linuxsecurity.com/content/view/117655/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
* Conectiva: php4 Fixes for multiple php4 vulnerabilities
13th, January, 2005
This announcement fixes seven vulnerabilities[2] found by Stefan
Esser and four other vulnerabilities. For further information, please
refer to php4's changelog[3].
http://www.linuxsecurity.com/content/view/117904
* Conectiva: ethereal Fixes for security vulnerabilities in ethereal
13th, January, 2005
This update fixes several vulnerabilities[2,3,4] in ethereal.
http://www.linuxsecurity.com/content/view/117905
* Conectiva: krb5 Fix for buffer overflow in libkadm5srv
13th, January, 2005
Michael Tautschnig noticed that the MIT Kerberos 5 administration
library (libkadm5srv) contains a heap buffer overflow[2] in password
history handling code which could be exploited by an authenticated
user to execute arbitrary code on a Key Distribution Center (KDC)
host.
http://www.linuxsecurity.com/content/view/117911
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: kerberos arbitrary code execution fix
7th, January, 2005
A buffer overflow has been discovered in the MIT Kerberos 5
administration library (libkadm5srv) that could lead to the execution
of arbitrary code upon exploition by an authenticated user, not
necessarily one with administrative privileges.
http://www.linuxsecurity.com/content/view/117819
* Debian: lintian insecure temporary directory fix
10th, January, 2005
Jeroen van Wolffelaar discovered a problem in lintian, the Debian
package checker. The program removes the working directory even if
it wasn't created at program start, removing an unrelated file or
directory a malicious user inserted via a symlink attack.
http://www.linuxsecurity.com/content/view/117827
* Debian: kdelibs arbitrary FTP command execution fix
10th, January, 2005
Thiago Macieira discovered a vulnerability in the kioslave library,
which is part of kdelibs, which allows a remote attacker to execute
arbitrary FTP commands via an ftp:// URL that contains an URL-encoded
newline before the FTP command.
http://www.linuxsecurity.com/content/view/117828
* Debian: linpopup arbitrary code execution fix
10th, January, 2005
Stephen Dranger discovered a buffer overflow in linpopup, an X11 port
of winpopup, running over Samba, that could lead to the execution of
arbitrary code when displaying a maliciously crafted message.
http://www.linuxsecurity.com/content/view/117829
* Debian: bmv insecure temporary file creation fix
11th, January, 2005
Peter Samuelson, upstream maintainer of bmv, a PostScript viewer for
SVGAlib, discovered that temporary files are created in an insecure
fashion. A malicious local user could cause arbitrary files to be
overwritten by a symlink attack.
http://www.linuxsecurity.com/content/view/117857
* Debian: HylaFAX unauthorised access fix
11th, January, 2005
Patrice Fournier discovered a vulnerability in the authorisation
subsystem of hylafax, a flexible client/server fax system. A local
or remote user guessing the contents of the hosts.hfaxd database
could gain unauthorised access to the fax system.
http://www.linuxsecurity.com/content/view/117872
* Debian: exim arbitrary code execution fix
12th, January, 2005
Philip Hazel announced a buffer overflow in the host_aton function in
exim, the default mail-tranport-agent in Debian, which can lead to
the execution of arbitrary code via an illegal IPv6 address.
http://www.linuxsecurity.com/content/view/117878
* Debian: New libc6 packages fix insecure temporary files
12th, January, 2005
Several insecure uses of temporary files have been discovered in
support scripts in the libc6 package which provices the c library for
a GNU/Linux system. Trustix developers found that the catchsegv
script uses temporary files insecurely. Openwall developers
discovered insecure temporary files in the glibcbug script. These
scripts are vulnerable to a symlink attack.
http://www.linuxsecurity.com/content/view/117889
* Debian: New exim-tls packages fix arbitrary code execution
13th, January, 2005
Philip Hazel announced a buffer overflow in the host_aton function in
exim-tls, the SSL-enabled version of the default mail-tranport-agent
in Debian, which can lead to the execution of arbitrary code via an
illegal IPv6 address.
http://www.linuxsecurity.com/content/view/117903
* Debian: New gopher packages fix several vulnerabilities
13th, January, 2005
"jaguar" has discovered two security relevant problems in gopherd,
the
Gopher server in Debian which is part of the gopher package.
http://www.linuxsecurity.com/content/view/117915
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
* Fedora: sane-backends-1.0.15-1.4 update (corrected)
7th, January, 2005
This is version 1.0.15 of the sane-backends scanner drivers. This
package also resolves the issues concerning device permissions for
USB scanners which are always connected.
http://www.linuxsecurity.com/content/view/117815
* Fedora: libtiff-3.6.1-9.fc3 update
7th, January, 2005
The updated libtiff package fixes an integer overflow which could
lead to a buffer overflow in the tiffdump utility.
http://www.linuxsecurity.com/content/view/117820
* Fedora: libtiff-3.5.7-22.fc2 update
7th, January, 2005
The updated libtiff package fixes an integer overflow which could
lead to a buffer overflow in the tiffdump utility.
http://www.linuxsecurity.com/content/view/117821
* Fedora: gtk2-2.4.14-2.fc3 update
7th, January, 2005
The updated gtk2 package fixes several cases of missing locking in
the file chooser which could cause deadlocks in threaded
applications.
http://www.linuxsecurity.com/content/view/117822
* Fedora: selinux-policy-targeted-1.17.30-2.68 update
7th, January, 2005
Allow ldconfig to run with full privs.
http://www.linuxsecurity.com/content/view/117823
* Fedora: epiphany-1.2.7-0.2.0 update
10th, January, 2005
Rebuild because of Mozilla API changes.
http://www.linuxsecurity.com/content/view/117840
* Fedora: epiphany-1.2.7-0.2.2 update
10th, January, 2005
Rebuild because of Mozilla API changes.
http://www.linuxsecurity.com/content/view/117841
* Fedora: policycoreutils-1.18.1-2.3 update
10th, January, 2005
backport restorecon and fixfiles from rawhide. to eliminate bad
warning. messages and fix handling of rpm files
http://www.linuxsecurity.com/content/view/117842
* Fedora: selinux-policy-targeted-1.17.30-2.68 update
10th, January, 2005
Require policycoreutils for selinux-policy-targeted. Run ldconfig as
an unconfined_domain
http://www.linuxsecurity.com/content/view/117843
* Fedora: kernel-2.6.10-1.8_FC2 update
10th, January, 2005
This update rebases the kernel to match the upstream 2.6.10 release,
and adds a number of security fixes by means of adding the latest -ac
patch.
http://www.linuxsecurity.com/content/view/117849
* Fedora: kernel-2.6.10-1.737_FC3 update
10th, January, 2005
This update rebases the kernel to match the upstream 2.6.10 release,
and adds a number of security fixes by means of adding the latest -ac
patch.
http://www.linuxsecurity.com/content/view/117850
* Fedora: yum-2.1.12-0.fc3 update
10th, January, 2005
New yum release fixes many small bugs.
http://www.linuxsecurity.com/content/view/117851
* Fedora: system-config-samba-1.2.23-0.fc3.1 update
11th, January, 2005
Unfortunately there have slipped in some bugs in this release which
were detected after the sign and push request went out. The bugs in
question prevent proper configuring of global preferences.
http://www.linuxsecurity.com/content/view/117859
* Fedora: system-config-services-0.8.17-0.fc3.1 update
11th, January, 2005
throw away stderr to not be confused by error messages (#142983).
don't hardcode python 2.3 (#142246). remove some cruft from
configure.in
http://www.linuxsecurity.com/content/view/117860
* Fedora: cups-1.1.20-11.9 update
11th, January, 2005
This package fixes a small regression introduced by FEDORA-2004-574.
http://www.linuxsecurity.com/content/view/117861
* Fedora: cups-1.1.22-0.rc1.8.3 update
11th, January, 2005
This package fixes a small regression introduced by FEDORA-2004-575.
http://www.linuxsecurity.com/content/view/117862
* Fedora: subversion-1.1.2-2.3 update
11th, January, 2005
This update includes the latest release of Subversion 1.1, including
a number of bug fixes.
http://www.linuxsecurity.com/content/view/117863
* Fedora: initscripts-7.55.2-1 update
11th, January, 2005
This update fixes the mouting of usbfs on boot, along with various
other accumulated fixes.
http://www.linuxsecurity.com/content/view/117875
* CORRECTION: Fedora Core 2 Update: epiphany-1.2.7-0.2.0
12th, January, 2005
Rebuild because of Mozilla API changes.
http://www.linuxsecurity.com/content/view/117885
* CORRECTION: Fedora Core 2 Update: epiphany-1.2.7-0.2.2
12th, January, 2005
Rebuild because of Mozilla API changes.
http://www.linuxsecurity.com/content/view/117886
* Fedora Core 2 Update: vim-6.3.054-0.fc2.1
12th, January, 2005
Ciaran McCreesh discovered a modeline vulnerability in VIM. It is
possible that a malicious user could create a file containing a
specially crafted modeline which could cause arbitrary command
execution when viewed by a victim. Please note that this issue only
affects users who have modelines and filetype plugins enabled, which
is not the default. Javier Fern=C3=A1ndez-Sanguino Pe=C3=B1a discovered
insecure usage of temporary files in two scripts shipped with vim. It
is possible that a malicious user could guess the names of the
temporary files and start a symlink attack.
http://www.linuxsecurity.com/content/view/117887
* Fedora Core 3 Update: vim-6.3.054-0.fc3.1
12th, January, 2005
Ciaran McCreesh discovered a modeline vulnerability in VIM. It is
possible that a malicious user could create a file containing a
specially crafted modeline which could cause arbitrary command
execution when viewed by a victim. Please note that this issue only
affects users who have modelines and filetype plugins enabled, which
is not the default. Javier Fern=C3=A1ndez-Sanguino Pe=C3=B1a discovered
insecure usage of temporary files in two scripts shipped with vim. It
is possible that a malicious user could guess the names of the
temporary files and start a symlink attack.
http://www.linuxsecurity.com/content/view/117888
* Fedora: system-config-samba-1.2.26-0.fc3.1 update
12th, January, 2005
ignore case of share name when deleting share (#144504). when double
clicking share, open properties dialog. assume default is "security
=3D=3D user" to avoid traceback on users dialog (#144511). update main
window when changing share path (#144168). include Ukranian
translation in desktop file (#143659).
http://www.linuxsecurity.com/content/view/117892
* Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.72
12th, January, 2005
Allow dhcpd and nscd to read certs files in usr_t.
Allow postgresql to use ypbind and fix db creation calls.
http://www.linuxsecurity.com/content/view/117899
* Fedora Core 2 Update: gpdf-2.8.2-1.1
13th, January, 2005
Update to 2.8.2. Remove all patches, they are upstream
http://www.linuxsecurity.com/content/view/117912
* Fedora Core 3 Update: gpdf-2.8.2-1.2
13th, January, 2005
Update to 2.8.2. Remove all patches, they are upstream
http://www.linuxsecurity.com/content/view/117913
* Fedora Core 3 Update: exim-4.43-1.FC3.1
13th, January, 2005
This erratum fixes two relatively minor security issues which were
discovered in Exim in the last few weeks. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the names
CAN-2005-0021 and CAN-2005-0022 to these, respectively.
http://www.linuxsecurity.com/content/view/117914
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: dillo Format string vulnerability
9th, January, 2005
Dillo is vulnerable to a format string bug, which may result in the
execution of arbitrary code.
http://www.linuxsecurity.com/content/view/117831
* Gentoo: TikiWiki Arbitrary command execution
10th, January, 2005
A bug in TikiWiki allows certain users to upload and execute
malicious PHP scripts.
http://www.linuxsecurity.com/content/view/117832
* Gentoo: pdftohtml Vulnerabilities in included Xpdf
10th, January, 2005
pdftohtml includes vulnerable Xpdf code to handle PDF files, making
it vulnerable to execution of arbitrary code upon converting a
malicious PDF file.
http://www.linuxsecurity.com/content/view/117833
* Gentoo: UnRTF Buffer overflow
10th, January, 2005
A buffer overflow in UnRTF allows an attacker to execute arbitrary
code by way of a specially crafted RTF file.
http://www.linuxsecurity.com/content/view/117852
* Gentoo: mpg123 Buffer overflow
10th, January, 2005
An attacker may be able to execute arbitrary code by way of specially
crafted MP2 or MP3 files.
http://www.linuxsecurity.com/content/view/117853
* Gentoo: konqueror Java sandbox vulnerabilities
11th, January, 2005
The Java sandbox environment in Konqueror can be bypassed to access
arbitrary packages, allowing untrusted Java applets to perform
unrestricted actions on the host system.
http://www.linuxsecurity.com/content/view/117854
* Gentoo: Kpdf, Koffice More vulnerabilities in included Xpdf
11th, January, 2005
KPdf and KOffice both include vulnerable Xpdf code to handle PDF
files, making them vulnerable to the execution of arbitrary code if a
user is enticed to view a malicious PDF file.
http://www.linuxsecurity.com/content/view/117855
* Gentoo: KDE FTP KIOslave Command injection
11th, January, 2005
The FTP KIOslave contains a bug allowing users to execute arbitrary
FTP commands.
http://www.linuxsecurity.com/content/view/117864
* Gentoo: imlib2 Buffer overflows in image decoding
11th, January, 2005
Multiple overflows have been found in the imlib2 library image
decoding routines, potentially allowing the execution of arbitrary
code.
http://www.linuxsecurity.com/content/view/117865
* Gentoo: o3read Buffer overflow during file conversion
11th, January, 2005
A buffer overflow in o3read allows an attacker to execute arbitrary
code by way of a specially crafted XML file.
http://www.linuxsecurity.com/content/view/117867
* Gentoo: HylaFAX hfaxd unauthorized login vulnerability
11th, January, 2005
HylaFAX is subject to a vulnerability in its username matching code,
potentially allowing remote users to bypass access control lists.
http://www.linuxsecurity.com/content/view/117868
* Gentoo: poppassd_pam Unauthorized password changing
11th, January, 2005
poppassd_pam allows anyone to change any user's password without
authenticating the user first.
http://www.linuxsecurity.com/content/view/117874
* Gentoo: CUPS Multiple vulnerabilities
12th, January, 2005
CUPS was vulnerable to multiple vulnerabilities and as a fix we
recommended upgrading to version 1.1.23_rc1. This version is affected
by a remote Denial Of Service, so we now recommend upgrading to the
final 1.1.23 release which does not have any known vulnerability.
http://www.linuxsecurity.com/content/view/117879
* Gentoo: Exim Two buffer overflows
12th, January, 2005
Buffer overflow vulnerabilities, which could lead to arbitrary code
execution, have been found in the handling of IPv6 addresses as well
as in the SPA authentication mechanism in Exim.
http://www.linuxsecurity.com/content/view/117900
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
* Mandrake: g-wrap compilation error fix
10th, January, 2005
A compilation error in g-wrap prevented gnucash from running on
Mandrakelinux 10.1/x86_64. The updated packages correct the problem.
http://www.linuxsecurity.com/content/view/117846
* Mandrake: xscreensave bug with KDE fix
10th, January, 2005
A bug in xscreensaver existed when running under KDE. When selecting
a screensaver, it can be tested and seen properly, but when it
actually is supposed to start, only a black screen would come up.
http://www.linuxsecurity.com/content/view/117848
* Mandrake: kde numerous bugs fix
11th, January, 2005
Updates are provided for various components of kdeaddons, kdebase,
kdelibs, kdenetwork, and kdepim that fix a variety of bugs.
http://www.linuxsecurity.com/content/view/117866
* Mandrake: nfs-utils 64bit vulnerability fix
11th, January, 2005
Arjan van de Ven discovered a buffer overflow in rquotad on 64bit
architectures; an improper integer conversion could lead to a buffer
overflow. An attacker with access to an NFS share could send a
specially crafted request which could then lead to the execution of
arbitrary code.
http://www.linuxsecurity.com/content/view/117877
* Mandrake: hylafax vulnerability fix
12th, January, 2005
Patrice Fournier discovered a vulnerability in the authorization
sub-system of hylafax.=09A local or remote user guessing the contents
of the hosts.hfaxd database could gain unauthorized access to the
fax system.
http://www.linuxsecurity.com/content/view/117901
* Mandrake: Updated imlib packages fix
12th, January, 2005
Pavel Kankovsky discovered several heap overflow flaw in the imlib
image handler.=09An attacker could create a carefully crafted image
file in such a way that it could cause an application linked with
imlib to execute arbitrary code when the file was opened by a user
(CAN-2004-1025). As well, Pavel also discovered several integer
overflows in imlib.
These could allow an attacker, creating a carefully crafted image
file, to cause an application linked with imlib to execute arbitrary
code or crash (CAN-2004-1026).
http://www.linuxsecurity.com/content/view/117902
+---------------------------------+
| Distribution: Trustix | ----------------------------//
+---------------------------------+
* Trustix: fcron, kernel vulnerabilities
13th, January, 2005
Security vulnerabilites have been found in fcronsighup, the program
used by fcrontab to tell fcron it should reload its configuration.
Fcron 2.9.5.1 fixes the reported bugs and improves fcronsighup's
overall security.
http://www.linuxsecurity.com/content/view/117918
* Trustix: glibc iproute setup tsl-utils bug fixes
13th, January, 2005
glibc: Added success/failure to nscd.init to make it consistent with
other init scripts. iproute: Now make /etc/iproute2/*
config(noreplace). setup: Added lmtp ports in /etc/services.
tsl-utils: Now handle more release tags in kernel names. Take II.
http://www.linuxsecurity.com/content/view/117919
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Updated lesstif package fixes image vulnerability
12th, January, 2005
An updated lesstif package that fixes flaws in the Xpm library is now
available for Red Hat Enterprise Linux 2.1.
http://www.linuxsecurity.com/content/view/117893
* RedHat: Updated unarj package fixes security issue
12th, January, 2005
An updated unarj package that fixes a buffer overflow vulnerability
and a directory traversal vulnerability is now available.
http://www.linuxsecurity.com/content/view/117894
* RedHat: Updated CUPS packages fix security issues
12th, January, 2005
Updated CUPS packages that fix several security issues are now
available.
http://www.linuxsecurity.com/content/view/117895
* RedHat: Updated nfs-utils package fixes security
12th, January, 2005
An updated nfs-utils package that fixes various security issues is
now available.
http://www.linuxsecurity.com/content/view/117896
* RedHat: Updated Pine packages fix security vulnerability
12th, January, 2005
An updated Pine package is now available for Red Hat Enterprise Linux
2.1
to fix a denial of service attack.
http://www.linuxsecurity.com/content/view/117897
* RedHat: Updated Xpdf packages fix security issues
12th, January, 2005
Updated Xpdf packages that fix several security issues are now
available.
http://www.linuxsecurity.com/content/view/117898
* RedHat: Updated libtiff packages fix security issues
13th, January, 2005
Updated libtiff packages that fix various integer overflows are now
available.
http://www.linuxsecurity.com/content/view/117906
* RedHat: Updated mozilla packages fix a buffer overflow
13th, January, 2005
Updated mozilla packages that fix a buffer overflow issue are now
available.
http://www.linuxsecurity.com/content/view/117907
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
* SuSE: libtiff/tiff remote system compromise
10th, January, 2005
Libtiff supports reading, writing, and manipulating of TIFF image
files. iDEFENSE reported an integer overflow in libtiff that can be
exploited by specific TIFF images to trigger a heap-based buffer
overflow afterwards.
http://www.linuxsecurity.com/content/view/117830
+---------------------------------+
| Distribution: TurboLinux | ----------------------------//
+---------------------------------+
* TurboLinux: php, httpd multiple vulnerabilities
13th, January, 2005
The vulnerabilities can allow remote attackers to cause a denial of
service and possibly execute arbitrary code.
http://www.linuxsecurity.com/content/view/117908
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Sun Jan 16 2005 - 23:55:00 PST