Dear bugtraq@securityfocus.com,
There were few issues reported to bugtraq@security.nnov.ru list in
Russian during last months.
This issues have no relation to SECURITY.NNOV team.
Please contact authors directly if you have any questions.
1. Dmitry Zubov <dimka at dz.dn.ua> reports vulnerability in
APC PowerChute for Windows 95/98:
APC (American Power Conversion Corp.) http://www.apc.com
PowerChute plus 5.0.2 for Windows 95/98
During installation Program Files\Pwrchute folder is shared as
PWRCHUTE world writable without user notification. It makes it
possible to trojan program files.
References:
http://www.security.nnov.ru/search/news.asp?binid=2064
2. A.V. Komlin <avkvladru at mail.ru> reports few vulnerabilities in
El Gamal - based algorithms
A weakness found in El Gamal - based algorithms allows to create
valid signature without knowledge of private key by introducing minor
modifications in document. This problem is known to exist in Russian
official GOST 34.19-2001 standard. It's not known if it affects
ECDSA. There are also few minor problems mostly connected with
unclear border values definitions.
References:
http://www.security.nnov.ru/search/news.asp?binid=1917
http://www.bugtraq.ru/cgi-bin/forum.mcgi?type=sb&b=15&m=46049
3. There was also report by DocSoft <docsoft at mail.ru> on buffer
overflow in some older version of ncftpd on Solaris , but I was not
able to reproduce it at least on demo version of ncftpd >= 2.5.0 under
FreeBSD, so it was bounced. Overflow is on FTP DELE command with
buffer > 256 bytes. Feel free to contact DocSoft if you can confirm
vulnerability.
--
http://www.security.nnov.ru
/\_/\
{ , . } |\
+--oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A }
+-------------o66o--+ /
|/
You know my name - look up my number (The Beatles)
This archive was generated by hypermail 2.1.3 : Thu Jun 20 2002 - 17:29:49 CEST