Dear bugtraq@securityfocus.com,

  There  were  few  issues  reported to bugtraq@security.nnov.ru list in
  Russian during last months.

  This issues have no relation to SECURITY.NNOV team.
  Please contact authors directly if you have any questions.
  

  1.   Dmitry   Zubov  <dimka  at  dz.dn.ua>  reports  vulnerability  in
  APC PowerChute for Windows 95/98:

   APC  (American  Power  Conversion Corp.) http://www.apc.com
   PowerChute plus 5.0.2 for Windows 95/98

   During  installation  Program  Files\Pwrchute  folder  is  shared  as
   PWRCHUTE  world  writable  without  user  notification.  It  makes it
   possible to trojan program files.

   References:
   http://www.security.nnov.ru/search/news.asp?binid=2064

  2.  A.V.  Komlin <avkvladru at mail.ru> reports few vulnerabilities in
  El Gamal - based algorithms

   A  weakness  found  in  El  Gamal - based algorithms allows to create
   valid signature without knowledge of private key by introducing minor
   modifications  in document. This problem is known to exist in Russian
   official  GOST  34.19-2001  standard.  It's  not  known if it affects
   ECDSA.  There  are  also  few  minor  problems  mostly connected with
   unclear border values definitions.

   References:
   http://www.security.nnov.ru/search/news.asp?binid=1917
   http://www.bugtraq.ru/cgi-bin/forum.mcgi?type=sb&b=15&m=46049


  3.  There  was  also  report by DocSoft <docsoft at mail.ru> on buffer
  overflow  in  some  older version of ncftpd on Solaris , but I was not
  able to reproduce it at least on demo version of ncftpd >= 2.5.0 under
  FreeBSD,  so  it  was  bounced.  Overflow  is on FTP DELE command with
  buffer  >  256  bytes. Feel free to contact DocSoft if you can confirm
  vulnerability.

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   }
+-------------o66o--+ /
                    |/
You know my name - look up my number (The Beatles)