[Full-disclosure] -advisory- $ =Thu Mar 16 13:46:00 EST 2006= $ Buffer Overflow in ISC NTP
-advisory- $ =Thu Mar 16 13:46:00 EST 2006= $ Buffer Overflow in ISC NTP +++ I. HISTORY 16-3-2006 - Public Disclosure. +++ II. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-887267 to this issue +++ APPENDIX A VENDOR INFORMATION http://www.isc.org/index.pl?/sw/ntp/ +++ CONTACT [EMAIL PROTECTED] [EMAIL PROTECTED] 1-888-565-9428 CISSP GSAE CCE CEH CSFA SSP-CNSA GIPS GHTQ SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- ~ +Thu Mar 16 14:04:03 EST 2006+ ~ Buffer Overflow in Snort
-ADVISORY- ~ +Thu Mar 16 14:04:03 EST 2006+ ~ Buffer Overflow in Snort ++ I. BACKGROUND ++ There was no identified background information about this issue indentified. ++ II. WORKAROUND ++ This problem has no identified workarounds. ++ III. CVE INFORMATION ++ The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-82361 to this issue ++ CONTACT ++ Mike [EMAIL PROTECTED] 1-888-565-9428 CEH GIPS GWAS CAP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February3rd (Snort signatures included)
Does the payload get executed once it has been copied to the network share? Mike this one also spreads via network shares, then creates an AT job that will run itself on the 59th minute of every hour to further propigate. very worm like if you ask me. exibar - Original Message - From: Dude VanWinkle [EMAIL PROTECTED] To: Gadi Evron [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com Sent: Tuesday, January 24, 2006 1:52 PM Subject: Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February3rd (Snort signatures included) On 1/24/06, Gadi Evron [EMAIL PROTECTED] wrote: now known as the TISF BlackWorm task force. Why do you call a .scr you have to manually install a worm? Why not BlackVirus the worm moniker is very misleading (actually got me worried for a sec). The email worm is also misleading, because it only propagates through port 25, but that is not the point of entry. The point of entry is the user running a visual basic script _willingly_. Just so I know, what would you guys classify a real worm (blaster, slammer, nimda, etc) as? Or would you just call it an internet worm instead of an email worm and leave it at that? thanks for the mis-info, -JP still love ja tho -JP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Phishing Alert: Inland Revenue Service
This might be a more appropriate list for phishing 'discussions' [EMAIL PROTECTED] http://www.securityfocus.com/archive/135/description discussion of identification and behavior of Phishing networks and their specific scams Note, it is moderated so might not suite you. Cheers Mike www.infosec.co.nz My service has Websense alerts sent to it, what are you talking about? http://groups.google.com/groups?enc_author=Ysm7kCMAAADoSwzwEVwOrDqxRRjwu7fEAzoilD9AwWWOM_baJ4DHxVjI-r6G--cUt-pl3NuIesMscoring=d The phishing e-mail I am talking about was sent directly to my security news wire (see headers), I feel I have a responsibility to report on it. On 12/14/05, Todd Towles [EMAIL PROTECTED] wrote: Wow n3td3v, I think I am going to kill my Websense Phishing alerts and use your serviceshould we really be posting every little phishing e-mail to the FD list? Is there anything special about this e-mail? Not technique being used? ... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FAO Mark Murtagh from Websense
enough said I never said MW was right or wrong. Morning Wood didn't launch a personal attack on me. You were just someone who came on the thread and started your attacks. If it was anyone's position to launch a personal attack against me, it was MW and no one else. Yet you probably get involved with threads and conversations that don't initially involve you all the time. By the way, I know exactly who you are and the IRC channel you hang out on, and all the people connected to you. Watch your step, the feds might arrive on your doorstep one day by saying the wrong thing on your sun research facility network. Say hi to Bryno for me ;-) Bye On 11/13/05, Barrie Dempster [EMAIL PROTECTED] wrote: It wasn't an attempt at anything like that it was a conversational interest point over something that MW and I had both noticed. Incidentally I'm sure MW already had his own opinions of you which I was unlikely to sway. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Delete.gif Description: GIF image ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] J. A. Terranson
and phone numbers :-) -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Guys! Stop wasting our time and bandwidth! If you want to argue about bullshit, you have each other's email. Thanks, Honza - -- - -BEGIN GEEK CODE BLOCK- Version: 3.12 GIT/CS d- s: a-- C$ ULS$ P L+++ E--- W- N+ o? K? w- O? M-+ V? PS PE Y++ PGP+++ !t 5? X++ R tv-- b++ DI+ D++ G e h--- r++ y? - --END GEEK CODE BLOCK-- () ascii ribbon campaign - against html mail /\- against microsoft attachments -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) iD8DBQFDEirLSVzvioqX7FkRA+IdAKDXkrncL9Li1KS5VfF7k2Sigq9pVA CgilEB /dvuV2WGiufAqkt0t4J8jjM= =w0v6 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/