Bugtraq mailing list archives
Re: RFP2K04: Mining BlackICE with RFPickAxe
From: matt () USE NET (Matt)
Date: Thu, 18 May 2000 12:19:01 -0700
On Thu, 18 May 2000, Robert Graham wrote:
1. There is no issue with BlackICE (Sentry/Defender/Agent) IDS. Only the centralized console ICEcap. 2. This isn't a problem in "officially" supported installations of ICEcap, only "eval" installations. 3. This is a problem in virtually any product that uses Access/Jet/.mdb (including many built into WinNT Server).
I believe this could've been easily avoided by making MDAC 2.1 SP2 components a required part of the installation. I can think of at least one vendor in rfp's list that did do that, which I believe eliminates the vulnerability (as well as some y2k and stability/performance issues). On a side note, I just noticed that MDAC 2.5 is out.
Current thread:
- BUFFER OVERRUN VULNERABILITIES IN KERBEROS, (continued)
- BUFFER OVERRUN VULNERABILITIES IN KERBEROS Jeffrey I. Schiller (May 16)
- Re: BUFFER OVERRUN VULNERABILITIES IN KERBEROS Kris Kennaway (May 18)
- antisniff x86/linux remote root exploit, including "fixed" 1.02 version Sebastian (May 16)
- announce : Nessus 1.0 released Renaud Deraison (May 17)
- RFP2K04: Mining BlackICE with RFPickAxe rain forest puppy (May 17)
- FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx [REVISED] FreeBSD Security Officer (May 17)
- klogin remote exploit duke (May 17)
- Re: RFP2K04: Mining BlackICE with RFPickAxe Robert Graham (May 17)
- antisniff latest ("two times fixed") version still exploitable, l0phtl0phe-kid.c Sebastian (May 18)
- Re: antisniff latest ("two times fixed") version still exploitable, l0phtl0phe-kid.c Mudge (May 18)
- Re: RFP2K04: Mining BlackICE with RFPickAxe Matt (May 18)
- AUX Security Advisory on Be/OS 5.0 (DoS) visi0n (May 17)
- Re: RFP2K04: Mining BlackICE with RFPickAxe Andrew Lambeth (May 19)
- Remote Dos attack against Intel express 8100 router Dimuthu Parussalla (May 18)
- RFP2K05: NetProwler vs. RFProwler rain forest puppy (May 19)
- Key Generation Security Flaw in PGP 5.0 gec () ACM ORG (May 23)
- Filesystem vulnerability in AIX salme () US IBM COM (May 23)
- Re: RFP2K05: NetProwler vs. RFProwler Pedro Quintanilha (May 23)
- Security Vulnerability in Qpopper 2.53 (Upgrade to 3.0.2) Qpopper Support (May 23)
- Remote xploit for MDBMS |[TDP]| (May 24)
- HP Web JetAdmin Version 6.0 Remote DoS attack Vulnerability Ussr Labs (May 24)