[Full-disclosure] Re: [waraxe-2005-SA#041] - Critical Sql Injection in PhpNuke 6.x-7.6 Top module
On 7 Apr 2005, Janek Vind wrote: > http://localhost/nuke76/modules.php?name=Top&querylang=%20WHERE%201=2%20UNION > %20ALL%20SELECT%201,pwd,1,1%20FROM%20nuke_authors/* > > ... and as result we can see md5 hashes of all the admin passwords in place, > where normally > top 10 votes can be seen :) Again as before, code should be validating input. But as a simple precaution against default GET attacks, changing the table prefix from the common "nuke_" to something random like "zloqf7_" would render that sample, and all others based on "nuke_" useless. Of course in the grander scheme that isn't foolproof, but does work against the default GETs. -- Sincerely, Paul Laudanski .. Computer Cops, LLC. Microsoft MVP Windows-Security 2005 CastleCops(SM)... http://castlecops.com CC Blog . http://blog.castlecops.com Staff Blogs . http://busterbunny.castlecops.com Our Vision .. http://castlecops.com/postt63382.html http://cuddlesnkisses.com http://justalittlepoke.com http://zhen-xjell.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: [SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12
A cursory web search revealed... On 4 Apr 2005, Maksymilian Arciemowicz wrote: > - --- 1.Description --- PHP-Nuke is a Web Portal System, storytelling [SNIP] > > - --- 2. XSS --- > 2.0 > http://[HOST]/[DIR]/banners.php?op=EmailStats&name=sex&bid=[XSS] > > 2.1 > http://[HOST]/[DIR]/modules.php?name=Web_Links&l_op=TopRated&ratenum=[XSS]&ratetype=num This has been a bug for over a year now: http://www.waraxe.us/content-5.html > > 2.2 > http://[HOST]/[DIR]/modules.php?name=Web_Links&l_op=MostPopular&ratenum=%3Ch1%3E50&ratetype=num This too was pointed out nearly two years ago: http://archives.neohapsis.com/archives/fulldisclosure/2003-q2/1213.html > > 2.3 > http://[HOST]/[DIR]/modules.php?name=Web_Links&l_op=viewlinkdetails&ttitle=[XSS] > > 2.4 > http://[HOST]/[DIR]/modules.php?name=Web_Links&l_op=viewlinkeditorial&ttitle=[XSS] > > 2.5 > http://[HOST]/[DIR]/modules.php?name=Web_Links&l_op=viewlinkcomments&ttitle=[XSS] > > 2.6 > http://[HOST]/[DIR]/modules.php?name=Web_Links&l_op=ratelink&ttitle=[XSS] > > 2.7 > http://[HOST]/[DIR]/modules.php?name=Your_Account&op=userinfo&bypass=1&username=[XSS] In general a multi-layered defense system is a good idea. mod_security is a great tool for Apache which can be installed to catch certain kinds of GET injections. Certainly not fool proof as the codebase should filter inputs. > > - --- 3. Path Disclousure --- > On the topic of programming it is good practice to validate input, however, for path disclosure, it is an even better plan to disable displaying errors on a production website. > - --- 4. How to fix --- > Because phpnuke don't have security contact, you can download my patch from > securityreason.com > http://securityreason.com/patch/PhpNuke-7.6-adv.by.cXIb8O3.12-patch.tar.gz > Actually I know of a couple sites that work effortlessly to promote security in php-nuke. These days chatserv works on writing and collecting patches into a bundle for download: nukecops.com nukeresources.com ravenphpscripts.com I'd suggest posting your finds as news submissions to these sites, with always a followup to phpnuke.org's Francisco (AKA nukelite). -- Sincerely, Paul Laudanski .. Computer Cops, LLC. Microsoft MVP Windows-Security 2005 CastleCops(SM)... http://castlecops.com CC Blog . http://blog.castlecops.com Staff Blogs . http://busterbunny.castlecops.com Our Vision .. http://castlecops.com/postt63382.html http://cuddlesnkisses.com http://justalittlepoke.com http://zhen-xjell.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement
On Apr 8, 2005 10:50 AM, Jason <[EMAIL PROTECTED]> wrote: [snip] > I think that entirely depends on the format the file is distributed in. > You could take a zipfile and pad it in non critical areas to change the > MD5 without creating a substantial difference in the deliverable > content. You could do the same with gzip or bzip formatted files. You > could also pad any embedded jpeg images to engineer a collision. There > are quite a few opportunities where this method could be used to twiddle > the new MD5 without materially changing the content. > > Here is the case I am thinking about. > [snip] You can always use steganography [http://en.wikipedia.org/wiki/Steganography]* for purposes of causing the MD5 to change. There doesn't even have to be valid data to hide in what I'll just reference as the "steganography metadata stream". The key is to allow both copies to appear to operate the same, but are clearly different when compared byte for byte. bitmaps, lossless or lossy, just modify a few pixels. Find something that's not being utilized, and modify it so the data type is still ok, but the data is ever-so slightly different. Just think about crafty viruses like CIH that relocated itself in unused areas in the executable. After this, you'll have a hard time discerning between the origionals and the fakes. You'll have more ground that'll need to be researched to see if every varying signature is liable as a claimed infringment. Even if it's distorted, it's still plausible as a protected work - but to what degree I can't say ** (how much milk does plain water need to be to become milk? at what point isn't it water anymore?). Granted, exclusive use of tainting the signature weakens P2P, as this is a relative dependency. Aside from all this, it's best to avoid the appearance of evil. I won't vouch for anyone else's actions, but *do* exercise caution. (caveat emptor, no two ways about it). * Edit+Improve this article if you can. ** That's right, it's a security/disclosure mailing list - not an open legislative discussion one. I hope you've enjoyed my comments - and if not, no loss for me. Thanks, Scott Edwards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [ISR] - SiteProtector Console Sql-Injection
Its www.iss.net and not www.iss.com On Apr 8, 2005 12:25 PM, Francisco Amato <[EMAIL PROTECTED]> wrote: > || > || [ISR] > || Infobyte Security Research > || www.infobyte.com.ar > || 04.08.2005 > || > > .:: SUMMARY > > ISS - SiteProtector Console Sql-Injection > > Version: 2.0.5.690, It is suspected that all previous versions of > SiteProtector Console > are vulnerable. > > .:: BACKGROUND > > SiteProtector is a security management system that provides a centralized > view and analysis of network, > server, and desktop protection agents and appliances. > >http://www.iss.com > > .:: DESCRIPTION > > A Sql-injection vulnerability affect SiteProtector Console > This issue is due to a failure of the application to securely copy > user-supplied data into > fields "Tag Name" and "Object Name" of Incidents/Exception that user create > or modify. > > Simple string use: "'" > > Error that display when it make the injection: > > ##BEGIN > > A Database or SQL Error occurred while working with Site Rules. > net.iss.rssp.gui.site.analysis.exceptions.CommonSiteRuleException > at > net.iss.rssp.gui.site.analysis.AnalysisDataManager.throwCommonSiteRuleExcept > ion(AnalysisDataManager.java:442) > at > net.iss.rssp.gui.site.analysis.AnalysisDataManager.createSiteFilter(Analysis > DataManager.java:350) > at > net.iss.rssp.gui.site.analysis.command.AddEditSiteRuleCommand.execute(AddEdi > tSiteRuleCommand.java:48) > at > net.iss.command.CommandTemplate.templateExecute(CommandTemplate.java:179) > at net.iss.command.CommandHandler.executeCommand(CommandHandler.java:148) > at net.iss.command.CommandHandler.run(CommandHandler.java:116) > > A database error occurred in the method "createNewSiteRule". > net.iss.rssp.entity.exceptions.SiteRuleException > at > net.iss.rssp.server.AnalysisManager.addExceptionFilter(AnalysisManager.java: > 357) > at > net.iss.rssp.remote.impl.AnalysisBrokerImpl.addExceptionFilter(AnalysisBroke > rImpl.java:211) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) > at java.lang.reflect.Method.invoke(Unknown Source) > at > net.iss.rssp.security.server.SecureAdaptorAction.run(SecureAdaptorAction.jav > a:22) > at > net.iss.rssp.security.server.SecureAdaptorImpl.invoke(SecureAdaptorImpl.java > :114) > at sun.reflect.GeneratedMethodAccessor21.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) > at java.lang.reflect.Method.invoke(Unknown Source) > at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source) > at sun.rmi.transport.Transport$1.run(Unknown Source) > at java.security.AccessController.doPrivileged(Native Method) > at sun.rmi.transport.Transport.serviceCall(Unknown Source) > at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source) > at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source) > at java.lang.Thread.run(Unknown Source) > > Database Error > SQL State = 42000 > Vendor code = 105 > Vendor msg = [42000][Microsoft][ODBC SQL Server Driver][SQL > Server]Unclosed quotation mark before the character > string '') > AND NOT EXISTS (SELECT 1 > FROM ObservanceSiteFilters OSF WITH (NOLOCK) > WHERE OSF.ObservanceID = OB.ObservanceID > AND OSF.SiteFilterRuleID = 853)'. > > net.iss.rssp.db.DataAccessException > at > net.iss.rssp.server.database.DatabaseObjectHandlerBase.handleSQLException(Da > tabaseObjectHandlerBase.java:75) > at > net.iss.rssp.server.database.SiteFilterHandler.write(SiteFilterHandler.java: > 134) > at > net.iss.rssp.server.AnalysisManager.addExceptionFilter(AnalysisManager.java: > 348) > at > net.iss.rssp.remote.impl.AnalysisBrokerImpl.addExceptionFilter(AnalysisBroke > rImpl.java:211) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) > at java.lang.reflect.Method.invoke(Unknown Source) > at > net.iss.rssp.security.server.SecureAdaptorAction.run(SecureAdaptorAction.jav > a:22) > at > net.iss.rssp.security.server.SecureAdaptorImpl.invoke(SecureAdaptorImpl.java > :114) > at sun.reflect.GeneratedMethodAccessor21.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) > at java.lang.reflect.Method.invoke(Unknown Source) > at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source) > at sun.rmi.transport.Transport$1.run(Unknown Source) > at java.security.AccessController.doPrivileged(Native Method) > at sun.rmi.transport.Transport.serviceCall(Unknown Source) > at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source) > at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source) > at java.lang.Thread.run(Unknown Source) > > Error Inserting into table ObservanceSiteFilters Code: 52000 DB Key: 0 >
Re: [Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement
Thierry Zoller wrote: Dear Jason, J> I think that entirely depends on the format the file is distributed in. J> You could take a zipfile and pad it in non critical areas to change the J> MD5 without creating a substantial difference in the deliverable J> content. You could do the same with gzip or bzip formatted files. You J> could also pad any embedded jpeg images to engineer a collision. There J> are quite a few opportunities where this method could be used to twiddle J> the new MD5 without materially changing the content. Clever approach there, haven't thought about that beforehand. Different approaches are rarely thought about beforehand. If they were explored deeply we might have found efficiencies and complications that would have been avoided. This security stuff might not even exist. We would also never make progress. J> Software that is ~150M in size, it gets redistributed as a new file that J> is 160M is size but has a collision with your software which is also J> 160M in size. I imagine there would be some computational time involved J> to find the appropriate collision but a lot less computational time than J> finding a perfect match to the original. If I understood your point correctly and if my knowledge about hash algos is correct then to my believe the computational time to generate a collision is exactly the same for the perfect match as it would be to use an existing file to create a potenatial collision. I've not looked into it to be honest. I am thinking aloud. Are there cases where different bits will have a predictable and definable impact on the resulting hash? Does a null byte have a more defined impact than a non null byte? Can you use a minimal impact byte as padding and more impactful byte sequences to complete the collision? It was once said that you could not realistically create two difference sets of data that would cause a hash collision. It was once said that you could not exploit heap overflows and that stack overflows did not allow for control of the machine. It was once thought that you could not use a format string to create an exploitable condition. I see enough opportunities for motivated people to do the research and create a solution that is not computationally prohibitive. I would not be surprised if this happens in relatively short time. To use the existence of a hash and size as justification for a legal assault against a person that appears to be providing content which is under protection of some law presents an interesting area of exploration in the courts for the right team. It was once thought that being found guilty by a jury was sufficient to put someone to death. DNA has changed that! The only difference between theory and reality is implementation. I think I am done with the thread on FD. Apologies to the myopic thinkers among us. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IIS hacking contest
On Apr 9, 2005 12:16 AM, sHz <[EMAIL PROTECTED]> wrote: > I don't know how Windows IT pro magazine even came up with this silly > idea. Everyone (almost) knows that nothing remains impenetrable for > long! Not only that, but these contests give certain people > (managers/some admins) a false sense of security. > > Then again, I want to see the box hacked to shreds :-) > > sHz Hi, Remember the end goal for these morons is to sell more magazines. If you read the website, the guy is going to do a big feature on all the events that take place before/middle and after the contest. They know people will buy the magazine to read it, thats why the contest is being held. Read more about what I think here: http://blog.360.yahoo.com/blog-DDhkxBU_KLIDKLXKywM-?l=6&u=11&mx=44&lmt=5&p=137 Thanks, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Zone-H 2004 statistics are ready to be downloaded
The graphical statistics for the year 2004 are finally ready! They also contains excerpts of the year 2002 amd 2003 when needed. There are two files a nice PDF document which can be downloaded here http://www.zone-h.org/download/file=5392/ while the full set of data in txt format, ready to be imported in your spreadsheet can be downloaded here: http://www.zone-h.org/download/file=5393/ The PDF documents contain a useful disclaimer about Zone-H activity, read it please. You might be disppointed discovering that this year we made no comments on the graphs. It is simply because the graphs are self-talking. Beside this, we always get emails like: "hey, why don't you make a graph comparing the different webservers? It might be useful!" and "hey, why did you do that graph comparing the webserver? It's useless!". To avoid this, this year we did all possible graphs, up to you which one to consider and how to interpret it. I just want to add one comment: the tendence is to break through the application level, we started to tell it a couple of years ago, much earlier than anyone else. This is possible thanks to having the large database as we have. Enjoy the statistics but remember that this material is copyrighted and you can use it under the same license its currently serving our website. At the end of the PDF file you will find the details Enjoy! SyS64738 - Roberto Preatoni astharot - Gerardo Di Giacomo www.zone-h.org Original article: - http://zone-h.org/en/news/read/id=4457/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IIS hacking contest
I don't know how Windows IT pro magazine even came up with this silly idea. Everyone (almost) knows that nothing remains impenetrable for long! Not only that, but these contests give certain people (managers/some admins) a false sense of security. Then again, I want to see the box hacked to shreds :-) sHz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement
Dear Jason, J> I think that entirely depends on the format the file is distributed in. J> You could take a zipfile and pad it in non critical areas to change the J> MD5 without creating a substantial difference in the deliverable J> content. You could do the same with gzip or bzip formatted files. You J> could also pad any embedded jpeg images to engineer a collision. There J> are quite a few opportunities where this method could be used to twiddle J> the new MD5 without materially changing the content. Clever approach there, haven't thought about that beforehand. J> Software that is ~150M in size, it gets redistributed as a new file that J> is 160M is size but has a collision with your software which is also J> 160M in size. I imagine there would be some computational time involved J> to find the appropriate collision but a lot less computational time than J> finding a perfect match to the original. If I understood your point correctly and if my knowledge about hash algos is correct then to my believe the computational time to generate a collision is exactly the same for the perfect match as it would be to use an existing file to create a potenatial collision. -- Thierry Zoller ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Case ID 51560370 - Notice of Claimed Infringement
Dear Barry, b> Of course it's possible. All hashes, by their very nature, have b> collisions. The only way to have a truly unique identifier is to use b> the actual content of the file (or chunk) itself. The minute you b> distill the content down to a hash, you're guaranteeing that collisions b> will occur. You are correct of course, the possibility is there. I was refering to the fact that it is possible in another post of mine, however the possibility of collisions happening "naturaly" is "not very likely" to say at least. I still need to hear about anybody who found a non fabricated md5 collision in the wild..on files. b> somewhat rare. :) Warm food at MC Donalds is "somewhat rare". Natural occuring md5 (or coll. in sophisticated hash functions in general) are VERY rare not to say virtualy impossible. AFAIK <- b> Regarding corrupt files via P2P protocols... no file transfered via P2P b> has _ever_ tranferred bad data and wound up corrupt, right? :) b> /friendly sarcasm. Hehe, got that one :) -- Thierry Zoller ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to Report a Security Vulnerability toMicrosoft
> On Fri, Apr 08, 2005 at 12:21:05PM -0700, Microsoft Security Response Center wrote: > > If you believe you have found a security vulnerability affecting a > > Microsoft product, we would like to work with you to investigate it. > > > > hahahahahaha > > m$ doing social engineering on fd, this is a joke. this is basicly the same response I had from my OWA advisory ... >VI. VENDOR RESPONSE > >Microsoft has reviewed the issue and has made the determination that >while a bug fix may be implemented in a future service pack, a security >advisory/patch will not be released for this issue therefore, in the interest of everones security, iDefense released the advisory ( as did I ) without a patch being released first. it is quite possible they ( Microsoft ) are trying to make out like they were'nt contacted before said advisory was released but that is just my opinion on observation. my 2 bits, Donnie Werner ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Lotus Fund Acquires Controlling Interest in PIVX Solutions
On Apr 8, 2005 4:44 PM, Jason Coombs <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: > > What is this a press release mailing > > list? Full-pivx-disclosure? > > So it's okay for anonymous cowards who want to perpetrate financial crimes to > post > nonsense to the list, but I'm not allowed to? > > Nice. Shouldn't you let PIVX decide what to defend and what not to defend? ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Lotus Fund Acquires Controlling Interest in PIVX Solutions
[EMAIL PROTECTED] wrote: > What is this a press release mailing > list? Full-pivx-disclosure? So it's okay for anonymous cowards who want to perpetrate financial crimes to post nonsense to the list, but I'm not allowed to? Nice. Jason Coombs [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to Report a Security Vulnerability toMicrosoft
Georgi Guninski wrote: > basically they want your 0days > so billg becomes more rich. Aloha, Georgi. If only it were a simple business motive, everyone could dismiss it as such. The real motive is more sinister. Microsoft wants to perpetuate the misperception that secrecy makes people safer. You and I and much of FD know this is not true, and anyone who has been in business for any length of time knows that if we could only disclose our secrets without having our lives destroyed as a result, we could prove beyond any doubt that business is the most harmful force of destruction that exists today. We all go on with our daily lives believing that our neighbor won't harm themselves by disclosing their secrets, so we don't disclose ours. It is a perpetual stalemate. Business depends on secrets for viability. Without business, governments collapse and the World enters War Version 3. Coincidence that Microsoft gets everything right on the third try? Microsoft is attempting nothing short of social engineering to spread the worldwide belief that business stability equals safety for all. Microsoft has grown influential enough that they now care deeply about world stability. They depend on it for profit growth, in fact. The fact is, a world war is far more likely when secrets become compulsory. When good people become afraid to speak the truth, war is guaranteed. Microsoft won't believe this until it is too late. Therefore, good people must stand up now and speak the truth. MICROSOFT: STOP THE WAR! NO MORE SECRETS! Regards, and best wishes, Jason Coombs [EMAIL PROTECTED] -Original Message- From: Georgi Guninski <[EMAIL PROTECTED]> Date: Fri, 8 Apr 2005 23:17:08 To:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] How to Report a Security Vulnerability to Microsoft On Fri, Apr 08, 2005 at 12:21:05PM -0700, Microsoft Security Response Center wrote: > If you believe you have found a security vulnerability affecting a > Microsoft product, we would like to work with you to investigate it. > hahahahahaha m$ doing social engineering on fd, this is a joke. basically they want your 0days so billg becomes more rich. -- where do you want bill gates to go today? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Lotus Fund Acquires Controlling Interest in PIVX Solutions
On Apr 8, 2005 4:16 PM, Jason Coombs <[EMAIL PROTECTED]> wrote: > Lotus Fund Acquires Controlling Interest in PIVX Solutions From > Co-Founders; Seeks to Leverage Company's Unique Windows Security Technology > > NEWPORT BEACH, Calif.--(BUSINESS WIRE)--April 7, 2005--PIVX Solutions, > Inc. (OTCBB:PIVX), the leader in next generation Windows Host-Based > Intrusion Prevention software, announces today that the private equity > firm Lotus Fund has increased their holdings in PIVX to become the > controlling shareholder of the company. > > "We are very excited about the IT security industry, and we view host > intrusion prevention as the next significant area of growth within that > industry," said Tydus Richards, director at Lotus Fund and the new > Chairman of the Board at PIVX. "We evaluated many different companies in > this space and are impressed with the technology, the team and the > momentum at PIVX. Given the continually growing threats to PC users, > PIVX's products provide the protection that Windows users must have to > be truly protected against hackers and the malware they deploy. The > co-founders of PIVX have a legacy to be proud of and now we are > assembling the team to take the Company to the next level." > > The company's primary software product, Qwik-Fix Pro, is designed to > proactively block known and unknown software threats in all versions of > Microsoft Windows and Internet Explorer. Using Active System Hardening [...] What is this a press release mailing list? Full-pivx-disclosure? PIVX gives my Windows box a hard-on-ing. ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to Report a Security Vulnerability to Microsoft
On Apr 8, 2005 4:17 PM, Georgi Guninski <[EMAIL PROTECTED]> wrote: On Fri, Apr 08, 2005 at 12:21:05PM -0700, Microsoft Security Response Center wrote:> If you believe you have found a security vulnerability affecting a> Microsoft product, we would like to work with you to investigate it.>hahahahahaha m$ doing social engineering on fd, this is a joke. You would rather they ignore the issue? basically they want your 0days so billg becomes more rich. Wow, jealous much? --where do you want bill gates to go today?___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/-- ME2___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] I need uh Qwik-Fix please sho 'nuff!
On Apr 8, 2005 2:59 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > .:. > :|: >.:|:. >::|:: > :. ::|:: .: > :|:. .::|::. .:|: > ::|:. :::|::: .:|:; > `::|:.:::|:::.:|::' > ::|::. :::|::: .::|:; > `::|::. :::|::: .::|::' > :::|::. :::|::: .::| ::; > `:::|::.:::|:::.::|::;' > `::. `:::|::. :::|::: .::|::;' .:;' > `:::.. ?::|::. :::|::: .::|::?..::;' > `:.':|::. :::|::: .::|:' ,;' > `:.':|:|:|:' :;' > `:.:|||.,:::;' >':|:::|:::|:::;:' > ':::|::|::|:::'' >`::;' > .:;'' ::: ``::. >:':': > > CHA! Check out http://www.marijuanaparty.com/ High fives, Ketchup Eyes ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Lotus Fund Acquires Controlling Interest in PIVX Solutions
Lotus Fund Acquires Controlling Interest in PIVX Solutions From Co-Founders; Seeks to Leverage Company's Unique Windows Security Technology NEWPORT BEACH, Calif.--(BUSINESS WIRE)--April 7, 2005--PIVX Solutions, Inc. (OTCBB:PIVX), the leader in next generation Windows Host-Based Intrusion Prevention software, announces today that the private equity firm Lotus Fund has increased their holdings in PIVX to become the controlling shareholder of the company. "We are very excited about the IT security industry, and we view host intrusion prevention as the next significant area of growth within that industry," said Tydus Richards, director at Lotus Fund and the new Chairman of the Board at PIVX. "We evaluated many different companies in this space and are impressed with the technology, the team and the momentum at PIVX. Given the continually growing threats to PC users, PIVX's products provide the protection that Windows users must have to be truly protected against hackers and the malware they deploy. The co-founders of PIVX have a legacy to be proud of and now we are assembling the team to take the Company to the next level." The company's primary software product, Qwik-Fix Pro, is designed to proactively block known and unknown software threats in all versions of Microsoft Windows and Internet Explorer. Using Active System Hardening technology, Qwik-Fix Pro combines automatic remediation of critical software security flaws with targeted configuration management. This host-based technology is driven by world-class security research and mitigates critical software vulnerabilities well before Microsoft releases a patch or an anti-virus signature is written. "Defective software represents the greatest security risk facing organizations today. With tens of millions of lines of code in Microsoft Windows, the potential for abuse is extremely high and will continue to plague industries that rely upon this platform," said PIVX CTO, Alex Tosheff. "Windows users must take a different approach to mitigating this risk and by using a product like Qwik-Fix Pro as a key component in a layered-security approach, they can achieve the best possible protection against the greatest number of threats. In many cases, we are providing the 'patch before the patch.'" "We are very pleased that we are having success on multiple fronts," said Luis Curet, Interim CEO and senior vice president of sales and marketing at PIVX. "We are seeing increased traction within our OEM, International, Enterprise, Consumer and Forensic Services groups. It is clear that companies understand the unique value proposition that we provide. In addition, we're seeing a huge number of downloads of Pre>View, our recently launched security scorecard application for Windows computers." PIVX will hold an investor conference call at 4:15 p.m. Eastern Standard Time on Thursday, April 14, 2005. PIVX Solution's Chairman of the Board Tydus Richards and PIVX's Interim CEO Luis Curet will host the call. To hear the conference call as it takes place: -- Call 1-800-434-1335 in the United States or Canada or; -- Call 1-404-920-6620 in the Atlanta Area or Internationally -- Pin Code: 646636 -- Exclusive: For Expedited Entry into the Conference: Please register via this link for your Direct Access 800 number. www.AccuConference.com/PIVX To hear a recording of the call (available immediately following the call by telephone for 30 days after the call takes place): -- Call 1-800-977-8002 in the United States or Canada or; -- Call 1-404-920-6650 in the Atlanta Area or Internationally -- Pin Code: Press * then 646636 About PIVX PIVX Solutions, Inc. (OTCBB:PIVX) is a security research product and services company that leverages its domain knowledge to increase the security of corporate PCs and servers and the Internet infrastructure. PIVX also conducts highly confidential security-related work on behalf of some of the world's largest corporations. PIVX research has identified multiple vulnerabilities and ways to exploit many of the worlds widely used Operating Systems and software including Microsoft Windows, Microsoft IIS, Unreal Engine, Microsoft Internet Explorer, Cisco IOS and Turbo Tax. For more information, please visit www.pivx.com or call 949-999-1600. Forward-Looking Statements The statements contained in this press release that are not historical are "forward-looking statements" within the meaning of Section 27A of the Securities Act of 1933, as amended (the "Securities Act"), and Section 21E of the Securities Exchange Act of 1934, as amended (the "Exchange Act"), including statements, without limitation, regarding our expectations, beliefs, intentions or strategies regarding the future. PIVX intends that such forward-looking statements be subject to the safe-harbor provided by the Private Securities Litigation Reform Act of 1995. S
Re: [Full-disclosure] I need uh Qwik-Fix please sho 'nuff!
I'm glad you wrote again, 'Lor'. You missed the press release? Or maybe you fail to comprehend good news when you see it. I'll send a copy of the press release. Please let us all know what you think. Sincerely, Jason Coombs [EMAIL PROTECTED] -Original Message- From: <[EMAIL PROTECTED]> Date: Fri, 8 Apr 2005 11:59:43 To:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] I need uh Qwik-Fix please sho 'nuff! -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >You and I couldn't possibly build what PivX has built in terms of >professional corporate structure, public NASDAQ stock exchange >listing, business relationships and loyal partners, qualified >employees, paying customers, etc for anything less than PivX has >spent to get where it is today, with its existing problems-and- OTC BB:PIVX.OBYOU TO RED EYE BATTYBWOY Singer Lewak Greenbaum & Goldstein LLP ("Singer") resigned substantial doubt about the Company's ability to continue as a going concern. Robert N. Shively resigned as President, Treasurer, Chief Executive Officer and Acting Chief Financial Officer Geoff Shively resigned as Chief Scientist and a director of the Company >I will gladly testify at your criminal trial as to the technical >and forensic issues that disprove your assertions of wrongdoing by >PivX. I have an intimate understanding of these issues, and of >this company. SINSEMILLA SKIN YOUR TEETH WHOLE HEAP YA NUH SEE? .:. :|: .:|:. ::|:: :. ::|:: .: :|:. .::|::. .:|: ::|:. :::|::: .:|:; `::|:.:::|:::.:|::' ::|::. :::|::: .::|:; `::|::. :::|::: .::|::' :::|::. :::|::: .::| ::; `:::|::.:::|:::.::|::;' `::. `:::|::. :::|::: .::|::;' .:;' `:::.. ?::|::. :::|::: .::|::?..::;' `:.':|::. :::|::: .::|:' ,;' `:.':|:|:|:' :;' `:.:|||.,:::;' ':|:::|:::|:::;:' ':::|::|::|:::'' `::;' .:;'' ::: ``::. :':': CHA! -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkJW1J0ACgkQTrOyScgyfI6yigCaAq1VpeORHelde9Jv7Li4I794i50A niFcjfTs1VCi8YTaw/s7f1wjxyrr =M7BN -END PGP SIGNATURE- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to Report a Security Vulnerability to Microsoft
On Fri, Apr 08, 2005 at 12:21:05PM -0700, Microsoft Security Response Center wrote: > If you believe you have found a security vulnerability affecting a > Microsoft product, we would like to work with you to investigate it. > hahahahahaha m$ doing social engineering on fd, this is a joke. basically they want your 0days so billg becomes more rich. -- where do you want bill gates to go today? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Case ID 51560370 - Notice ofClaimedInfringement
> The content inside is still fully usable > and valid but a violation cannot be > confirmed without yourself violating > the law. First of all, what law do you believe is violated by 'downloading' an unauthorized MP3 duplication of a recording? Fair use doctrine covers this situation in a number of ways. For example, you do not violate copyright by downloading a file in order to find out what it is and where it came from, any more than you violate copyright by tuning into a radio broadcast. Somebody ELSE violates copyright if they broadcast a copyright-protected work, or distribute copies for download. You, as downloader, are fully within the fair use doctrine if you just receive, contemplate, and destroy upon recognizing that the work was not distributed by an authorized distributor/broadcaster. How do you know what is and isn't authorized? Are you required to judge a book by its cover, even though the cover is nothing more than a filename in these cases? You are fully within the fair use doctrine if you download for the sole purpose of causing your computer to examine metadata that may allow you to determine the content, or if you contemplate the content with your senses by playback or access -- when and if you are satisfied that you have received a work that perhaps has not been duly licensed, you are in fact free to locate the copyright holder and negotiate a license. Furthermore, in the get-a-clue department once again, the people who are doing the downloading to assist copyright holders with enforcement actions or investigations HAVE WRITTEN PERMISSION and therefore cannot be accused of violating the law by doing the download. Why do people insist on spreading FUD when these are simple matters of intellectual property law and contract law that any person above the mental age of 14 has no trouble understanding when the facts are presented clearly? Cheers, Jason Coombs [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ISR] - SiteProtector Console Sql-Injection
|| || [ISR] || Infobyte Security Research || www.infobyte.com.ar || 04.08.2005 || .:: SUMMARY ISS - SiteProtector Console Sql-Injection Version: 2.0.5.690, It is suspected that all previous versions of SiteProtector Console are vulnerable. .:: BACKGROUND SiteProtector is a security management system that provides a centralized view and analysis of network, server, and desktop protection agents and appliances. http://www.iss.com .:: DESCRIPTION A Sql-injection vulnerability affect SiteProtector Console This issue is due to a failure of the application to securely copy user-supplied data into fields "Tag Name" and "Object Name" of Incidents/Exception that user create or modify. Simple string use: "'" Error that display when it make the injection: ##BEGIN A Database or SQL Error occurred while working with Site Rules. net.iss.rssp.gui.site.analysis.exceptions.CommonSiteRuleException at net.iss.rssp.gui.site.analysis.AnalysisDataManager.throwCommonSiteRuleExcept ion(AnalysisDataManager.java:442) at net.iss.rssp.gui.site.analysis.AnalysisDataManager.createSiteFilter(Analysis DataManager.java:350) at net.iss.rssp.gui.site.analysis.command.AddEditSiteRuleCommand.execute(AddEdi tSiteRuleCommand.java:48) at net.iss.command.CommandTemplate.templateExecute(CommandTemplate.java:179) at net.iss.command.CommandHandler.executeCommand(CommandHandler.java:148) at net.iss.command.CommandHandler.run(CommandHandler.java:116) A database error occurred in the method "createNewSiteRule". net.iss.rssp.entity.exceptions.SiteRuleException at net.iss.rssp.server.AnalysisManager.addExceptionFilter(AnalysisManager.java: 357) at net.iss.rssp.remote.impl.AnalysisBrokerImpl.addExceptionFilter(AnalysisBroke rImpl.java:211) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at net.iss.rssp.security.server.SecureAdaptorAction.run(SecureAdaptorAction.jav a:22) at net.iss.rssp.security.server.SecureAdaptorImpl.invoke(SecureAdaptorImpl.java :114) at sun.reflect.GeneratedMethodAccessor21.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source) at sun.rmi.transport.Transport$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.Transport.serviceCall(Unknown Source) at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Database Error SQL State = 42000 Vendor code = 105 Vendor msg = [42000][Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string '') AND NOT EXISTS (SELECT 1 FROM ObservanceSiteFilters OSF WITH (NOLOCK) WHERE OSF.ObservanceID = OB.ObservanceID AND OSF.SiteFilterRuleID = 853)'. net.iss.rssp.db.DataAccessException at net.iss.rssp.server.database.DatabaseObjectHandlerBase.handleSQLException(Da tabaseObjectHandlerBase.java:75) at net.iss.rssp.server.database.SiteFilterHandler.write(SiteFilterHandler.java: 134) at net.iss.rssp.server.AnalysisManager.addExceptionFilter(AnalysisManager.java: 348) at net.iss.rssp.remote.impl.AnalysisBrokerImpl.addExceptionFilter(AnalysisBroke rImpl.java:211) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at net.iss.rssp.security.server.SecureAdaptorAction.run(SecureAdaptorAction.jav a:22) at net.iss.rssp.security.server.SecureAdaptorImpl.invoke(SecureAdaptorImpl.java :114) at sun.reflect.GeneratedMethodAccessor21.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source) at sun.rmi.transport.Transport$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.Transport.serviceCall(Unknown Source) at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Error Inserting into table ObservanceSiteFilters Code: 52000 DB Key: 0 java.sql.SQLException: [42000][Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string '') AND NOT EXISTS (SELECT 1 FROM ObservanceSiteFilters OSF WITH (NOLOCK) WHERE OSF.ObservanceID = OB.ObservanceID AND OSF.SiteFilterRuleID = 853)'. at ids.sql.IDSSocket.e
[Full-disclosure] [ISR] - Internet Security Systems, RealSecure Desktop and BlackICE PC Protection Format String
|| || [ISR] || Infobyte Security Research || www.infobyte.com.ar || 04.08.2005 || .:: SUMMARY ISS - Internet Security Systems, RealSecure Desktop and BlackICE PC Protection Format String Version: BlackIce 7.0.322, It is suspected that all previous versions of BlackIce are vulnerable. .:: BACKGROUND BlackICE products provide Intrusion Detection, personal firewall, and application protection. http://www.iss.com .:: DESCRIPTION A local format string vulnerability affect RealSecure Desktop and BlackICE PC Protection This issue is due to a failure of the application to securely copy user-supplied data into field name of rules that user create. Buffer used: %n%n%n%n Information of Registers: EAX 41414141 ECX 0004 EDX 0200 EBX 006E ESP 0012E578 EBP 0012E7D0 ESI 0012E82A ASCII "%n, " EDI 0800 EIP 7800FB05 MSVCRT.7800FB05 C 0 ES 0023 32bit 0() P 1 CS 001B 32bit 0() A 0 SS 0023 32bit 0() Z 1 DS 0023 32bit 0() S 0 FS 0038 32bit 7FFDE000(FFF) T 0 GS NULL D 0 O 0 LastErr ERROR_ALREADY_EXISTS (00B7) EFL 00010246 (NO,NB,E,BE,NS,PE,GE,LE) ST0 empty -NAN FFF8FCF8 FFF8FCF8 ST1 empty -??? ST2 empty -??? 00FE00F7 00FB00F7 ST3 empty -??? 00FE00F7 00FB00F7 ST4 empty -NAN FFF8FCF8 FFF8FCF8 ST5 empty -??? 00FF00F8 00FC00F8 ST6 empty -??? ST7 empty -??? 00800080 00800080 3 2 1 0 E S P U O Z D I FST Cond 0 0 0 0 Err 0 0 0 0 0 0 0 0 (GT) FCW 027F Prec NEAR,53 Mask1 1 1 1 1 1 .:: EXTRA We did not find any way to gain additional privileges .:: DISCLOSURE TIMELINE 03/22/2005 Initial vendor notification 03/25/2005 Initial vendor response 04/08/2005 Public disclosure .:: CREDIT Francisco Amato is credited with discovering this vulnerability. famato][at][infobyte][dot][com][dot][ar .:: LEGAL NOTICES Copyright (c) 2005 by [ISR] Infobyte Security Research. Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Infobyte Security Research Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from infobyte com ar Disclaimer The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ISR] - Internet Security Systems, RealSecure Desktop and BlackICE PC Protection Buffer Overflow
|| || [ISR] || Infobyte Security Research || www.infobyte.com.ar || 04.08.2005 || .:: SUMMARY ISS - Internet Security Systems, RealSecure Desktop and BlackICE PC Protection Buffer Overflow Version: BlackIce 7.0.322, It is suspected that all previous versions of BlackIce are vulnerable. .:: BACKGROUND BlackICE products provide Intrusion Detection, personal firewall, and application protection. http://www.iss.com .:: DESCRIPTION A local buffer overflow vulnerability affect RealSecure Desktop and BlackICE PC Protection This issue is due to a failure of the application to securely copy user-supplied data into field name of rules that user create. Buffer used: A * 445 Information of Registers: EAX 41414141 ECX 41414141 EDX 41414175 EBX 0001 ESP 0012EC5C EBP 0012EF00 ESI 0048A8E0 blackice.0048A8E0 EDI 00F29704 EIP 004055AF blackice.004055AF C 0 ES 0023 32bit 0() P 1 CS 001B 32bit 0() A 0 SS 0023 32bit 0() Z 0 DS 0023 32bit 0() S 0 FS 0038 32bit 7FFDE000(FFF) T 0 GS NULL D 0 O 0 LastErr ERROR_ALREADY_EXISTS (00B7) EFL 00010206 (NO,NB,NE,A,NS,PE,GE,G) ST0 empty -NAN FFD0D0C8 FFD0D0C8 ST1 empty -??? ST2 empty -??? 00FE00CF 00CF00C7 ST3 empty -??? 00FE00CF 00CF00C7 ST4 empty -NAN FFD0D0C8 FFD0D0C8 ST5 empty -??? 00FF00D0 00D000C8 ST6 empty -??? ST7 empty -??? 00800080 00800080 3 2 1 0 E S P U O Z D I FST Cond 0 0 0 0 Err 0 0 0 0 0 0 0 0 (GT) FCW 027F Prec NEAR,53 Mask1 1 1 1 1 1 .:: EXTRA We did not find any way to gain additional privileges .:: DISCLOSURE TIMELINE 03/22/2005 Initial vendor notification 03/25/2005 Initial vendor response 04/08/2005 Public disclosure .:: CREDIT Francisco Amato is credited with discovering this vulnerability. famato][at][infobyte][dot][com][dot][ar .:: LEGAL NOTICES Copyright (c) 2005 by [ISR] Infobyte Security Research. Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Infobyte Security Research Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from infobyte com ar Disclaimer The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] How to Report a Security Vulnerability to Microsoft
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello! The Microsoft Security Response Center investigates all reports of security vulnerabilities sent to us that affect Microsoft products. If you believe you have found a security vulnerability affecting a Microsoft product, we would like to work with you to investigate it. We are concerned that people might not know the best way to report security vulnerabilities to Microsoft. You can contact the Microsoft Security Response Center to report a vulnerability by emailing [EMAIL PROTECTED] directly, or you can submit your report via our web-based vulnerability reporting form located at: https://www.microsoft.com/technet/security/bulletin/alertus.aspx. Sincerely, Microsoft Security Response Center -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQIVAwUBQlbY4oreEgaqVbxmAQK5yhAAkm+H1/V69L5iLILNuSUSsgnd4Tw5Lzwj uyhigxfdJR9WYXSNg/7WCoMI77G6No8QvKOfkrXqbyv6SYcR5ZVDWYzeE3+jgje+ AfqWT9r0du8Wj7q+Qby/j61OaezQkGoX/WRM+KV/RAhSVgXybcUMmdyeBNY9TiBg ixlCuE75VndS0vMwkf8rzGaW/YXzMveLEXKGyYhkkZEDZ+Q2NZeFwxsXUEfw8yCL nUYm6D9KAz5ekhRNtv22eoTXfTrXOfdziEAGGB1J6hKowEgeTaKcRPuTadz4A8YB gGzJPN3J6t1Au1IHRsgfnVou9INFtahHA5B1NbfKyHGLsoztYKqXxLo4u7Z/b2+a Vj8yiZNmaFD1IPzPnb4LS4RBZSgPMcwaB6pbXt7Y9n/g8VmrkqouDEdprHlMltoS JpqYpnTdZtsxaGg6wimaFv7CocdV4CKAuOpVdjvlezc6jUYLQ/H/LzgDFDekTXZv TNJ7qzRl4GFKt2fK7+7m60x3VukWNy3JGQSxgOX7mkftfglrHzyOL6AtDwhf2ff4 uNVbWek9bTgpVvmmpxnFGu/h5hLp5/Hqe98lv2axlbEFLP1ZD00rNPPSLCxRY/xL 8DGokeQT2Oc1HysO2jo7kpFjW4mCTTh9qK1lh0ju7gGQa66SMJ9woT2V6sSsOwpS LO3tKPf9GIQ= =kT17 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] I need uh Qwik-Fix please sho 'nuff!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >You and I couldn't possibly build what PivX has built in terms of >professional corporate structure, public NASDAQ stock exchange >listing, business relationships and loyal partners, qualified >employees, paying customers, etc for anything less than PivX has >spent to get where it is today, with its existing problems-and- OTC BB:PIVX.OBYOU TO RED EYE BATTYBWOY Singer Lewak Greenbaum & Goldstein LLP ("Singer") resigned substantial doubt about the Company's ability to continue as a going concern. Robert N. Shively resigned as President, Treasurer, Chief Executive Officer and Acting Chief Financial Officer Geoff Shively resigned as Chief Scientist and a director of the Company >I will gladly testify at your criminal trial as to the technical >and forensic issues that disprove your assertions of wrongdoing by >PivX. I have an intimate understanding of these issues, and of >this company. SINSEMILLA SKIN YOUR TEETH WHOLE HEAP YA NUH SEE? .:. :|: .:|:. ::|:: :. ::|:: .: :|:. .::|::. .:|: ::|:. :::|::: .:|:; `::|:.:::|:::.:|::' ::|::. :::|::: .::|:; `::|::. :::|::: .::|::' :::|::. :::|::: .::| ::; `:::|::.:::|:::.::|::;' `::. `:::|::. :::|::: .::|::;' .:;' `:::.. ?::|::. :::|::: .::|::?..::;' `:.':|::. :::|::: .::|:' ,;' `:.':|:|:|:' :;' `:.:|||.,:::;' ':|:::|:::|:::;:' ':::|::|::|:::'' `::;' .:;'' ::: ``::. :':': CHA! -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkJW1J0ACgkQTrOyScgyfI6yigCaAq1VpeORHelde9Jv7Li4I794i50A niFcjfTs1VCi8YTaw/s7f1wjxyrr =M7BN -END PGP SIGNATURE- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement
On Fri, 08 Apr 2005 13:45:51 EDT, Jason said: > I get the point just fine. Injecting files C and D results in a > situation that cannot be resolved without downloading both files. > > Song A = mp3 format file with valid license to BSA > Song B = mp3 format file without valid license to BSA > Song C = zip of Song A plus pad to generate MD5 > Song D = zip of Song B plus pad to generate same MD5 > > It is now impossible to distinguish between C and D without downloading > both. The content inside is still fully usable and valid but a violation > cannot be confirmed without yourself violating the law. On the other hand, note the following: 1) The copyright nazi's aren't going to be looking for C *or* D, because they're only looking for files that have the same hash as A. They'd have to actually download C and D and *listen* to it, and identify it (quick - how do you tell the difference between the audio content of the original Beatles "Come Together" and the Aerosmith cover of the same song?) 2) It's of course simple to create an arms race where the copyright nazis need to expend more effort because they can't just go after the MD5 sum. However, it cuts both ways - if you see 15 copies of a file available with the same MD5 sum, you can have *some* trust it's not corrupted. If you see 15 copies with 15 different hashes, which one do you trust? 3) If you change the size, date, and MD5 hash and rename it to "Frozzle-bar.doc", you're not likely to get a note from Metallica's representative about the pirated copy of their album. But it's probably not going to be accessed very much unless you re-rename it to Frozzle-bar-really-metallica-master-of-puppets.doc. Of course, at that point, you *may* get a note from their representative.. :) pgp6CswEGMlVD.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement
[EMAIL PROTECTED] wrote: On Fri, 08 Apr 2005 12:50:24 EDT, Jason said: I think that entirely depends on the format the file is distributed in. You could take a zipfile and pad it in non critical areas to change the MD5 without creating a substantial difference in the deliverable content. You could do the same with gzip or bzip formatted files. You could also pad any embedded jpeg images to engineer a collision. There are quite a few opportunities where this method could be used to twiddle the new MD5 without materially changing the content. It's easy to tweak a file and get a different MD5. That's why Tripwire works. Software that is ~150M in size, it gets redistributed as a new file that is 160M is size but has a collision with your software which is also 160M in size. I imagine there would be some computational time involved to find the appropriate collision but a lot less computational time than finding a perfect match to the original. You're missing the point. Let's say we have a file A that's 150M in size, and a file B that's 160M in size. File B is *not* under our control, and has a known fixed MD5 hash. It's easy to take file A, and create 2 files C and D from it that happen to have the same MD5 hash as each other. What is *NOT* easy is creating a file E that has the same hash as A or B. I get the point just fine. Injecting files C and D results in a situation that cannot be resolved without downloading both files. Song A = mp3 format file with valid license to BSA Song B = mp3 format file without valid license to BSA Song C = zip of Song A plus pad to generate MD5 Song D = zip of Song B plus pad to generate same MD5 It is now impossible to distinguish between C and D without downloading both. The content inside is still fully usable and valid but a violation cannot be confirmed without yourself violating the law. What you might see in a DL dialog NAME MD5 SIZE somefile.zip ABCD321312 120M someotherfile.zip ABCD321312 120M You cannot remotely know that either file is in fact the content you are looking for without downloading both files. Both files may not be the content you are looking for. How can you remotely distinguish that a violation has occurred? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement
On Fri, 08 Apr 2005 12:50:24 EDT, Jason said: > I think that entirely depends on the format the file is distributed in. > You could take a zipfile and pad it in non critical areas to change the > MD5 without creating a substantial difference in the deliverable > content. You could do the same with gzip or bzip formatted files. You > could also pad any embedded jpeg images to engineer a collision. There > are quite a few opportunities where this method could be used to twiddle > the new MD5 without materially changing the content. It's easy to tweak a file and get a different MD5. That's why Tripwire works. > Software that is ~150M in size, it gets redistributed as a new file that > is 160M is size but has a collision with your software which is also > 160M in size. I imagine there would be some computational time involved > to find the appropriate collision but a lot less computational time than > finding a perfect match to the original. You're missing the point. Let's say we have a file A that's 150M in size, and a file B that's 160M in size. File B is *not* under our control, and has a known fixed MD5 hash. It's easy to take file A, and create 2 files C and D from it that happen to have the same MD5 hash as each other. What is *NOT* easy is creating a file E that has the same hash as A or B. pgpOR74rKyUFy.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement
[EMAIL PROTECTED] wrote: On Fri, 08 Apr 2005 12:07:08 EDT, bkfsec said: Craft a file with the same hash, time+date stamp and size, and be sure to include a program and license disclosure for a program that you wrote. Unfortunately, nobody has a good algorithm for creating a file that has the same MD5 hash as a given existing file. So while I *can* create two files "foo1" and "foo2" that happen to have the same hash (the actual value of which I have no control over), I can't (yet) create a file that has the same MD5 hash as the trailer for the next Star Wars movie... I think that entirely depends on the format the file is distributed in. You could take a zipfile and pad it in non critical areas to change the MD5 without creating a substantial difference in the deliverable content. You could do the same with gzip or bzip formatted files. You could also pad any embedded jpeg images to engineer a collision. There are quite a few opportunities where this method could be used to twiddle the new MD5 without materially changing the content. Here is the case I am thinking about. Software that is ~150M in size, it gets redistributed as a new file that is 160M is size but has a collision with your software which is also 160M in size. I imagine there would be some computational time involved to find the appropriate collision but a lot less computational time than finding a perfect match to the original. Now everyone must download both files to know for sure that there is a violation, in performing this download they are violating the law themselves. I doubt you would be awarded any royalties as a result of this but it would take all of the meat out of further prosecution efforts since they would have to be able to prove they did not violate the law and in fact downloaded only the correct version. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement
[EMAIL PROTECTED] wrote: On Fri, 08 Apr 2005 12:07:08 EDT, bkfsec said: Craft a file with the same hash, time+date stamp and size, and be sure to include a program and license disclosure for a program that you wrote. Unfortunately, nobody has a good algorithm for creating a file that has the same MD5 hash as a given existing file. So while I *can* create two files "foo1" and "foo2" that happen to have the same hash (the actual value of which I have no control over), I can't (yet) create a file that has the same MD5 hash as the trailer for the next Star Wars movie... Modding the p2p app to falsely match specific remote chunks against crafted local files seems an easier route than trying to find collisions. :) Then again, it would break the swarming feature of what ever app you modded & 'prolly be breaking some other U.S. Law. -- dk ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MSN Plus Password Change Security Bypass
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >all the MSN Messngers and MSN Plus are vulnerable. > >NOTE: successful exploitation requires that a user has logged in recently... PW cached recently? %^) BS"D, tivdok od paam. -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkJWrHAACgkQz4daOG7hUOnOIACfSfrLJfopMrA0Vq/dfFwUeGDHbR4A n3bTULupIFEnEdQjnQbSdlca6ySS =uOTp -END PGP SIGNATURE- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement
On Fri, 08 Apr 2005 12:07:08 EDT, bkfsec said: > Craft a file with the same hash, time+date stamp and size, and be sure > to include a program and license disclosure for a program that you > wrote. Unfortunately, nobody has a good algorithm for creating a file that has the same MD5 hash as a given existing file. So while I *can* create two files "foo1" and "foo2" that happen to have the same hash (the actual value of which I have no control over), I can't (yet) create a file that has the same MD5 hash as the trailer for the next Star Wars movie... pgptZPXQA6nBf.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement
Jason wrote: My point is that all you have to do is provide content they do not own but do download or attempt to download for this test to fail. Simply the existence of content with an advertised hash and name that is the same as other content does not prove they own the content or that it is even there. The act of downloading the content they think they own but in fact do not is a violation of the same law they are attempting to get you with. Interesting. I like that idea. Craft a file with the same hash, time+date stamp and size, and be sure to include a program and license disclosure for a program that you wrote. Do something to gain the attention of the BSA, share the file, and when they download it, sue them for copyright violation, demanding royalties for the software they possess. Now, there's a rub: putting the file up on a P2P network could be considered willful distribution and, as such, could invalidate the claim. However, misconfiguring your software might get you around that. You might still lose for a number of reasons, not the least of which is that on a good day, the courts are supposed to mediate these issues, not award damages by default... and on a bad day the court just becomes a tool of corporate assault on the consumer. Let's face it, lately the courts and legislature (not to mention the executive) have been more favorable to big business than to consumers and small-time producers. -Barry ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Case ID 51560370 - Notice of Claimed Infringement
Thierry Zoller wrote: You forget that the hash is not the only unique thing that specific file has in common with the pirated file/material. Calculate the following probability: - The file/chunck has the same MD5 (or whatever HASH) as the pirated material in question. - The file has the EXACT same filename (if there would be a collission how is the probability in mathametic terms that the file the collission takes place has the exact same filename?) - The file has the EXACT same size (The file has the EXACT same date etc.pp) These factors do not come into play when you're talking about P2P protocols that use seeded chunks to share their files. When a particular file is split up into chunks and each chunk is appropriately named on the host, the file itself (depending on the P2P protocol) doesn't always harbor a descriptive name. The name of the file is stored in the protocol and file names/dates can very well be different. These aren't the same issues as verifying a filesystem that you control. It's a lot more complex than that. -Barry ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Case ID 51560370 - Notice of Claimed Infringement
Thierry Zoller wrote: RP> Otherwise, it is _possible_ to have a chunk with the same fingerprint and RP> make it appear that you have said chunk of their iso. That's *AFAIK* not possible, if this would be true the edonckey/emule protocol would have a big design flaw and poeple couldn't even trade millions of files every day, some (most?) downloads would be corrutped as they could have potentialy downloaded a wrong chunk which in fact is from another file. Of course it's possible. All hashes, by their very nature, have collisions. The only way to have a truly unique identifier is to use the actual content of the file (or chunk) itself. The minute you distill the content down to a hash, you're guaranteeing that collisions will occur. They are, however, somewhat rare. That's why the system works as relatively well as it does. Regarding corrupt files via P2P protocols... no file transfered via P2P has _ever_ tranferred bad data and wound up corrupt, right? :) /friendly sarcasm. -Barry ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Case ID 51560370 - Notice of Claimed Infringement
Randall Perry wrote: No, it isn't quiet that clean. The initial post was regarding eDonkey/eMule client. The files are broken into chunks. The files are 'verified' by a one-way hash. Which brings up another couple of questions: 1. Some networks of this type distribute their seeds in random caches amongst their population. If you don't know it's there, are you liable for it? 2. For a copyright violation to occur, you need a "significant portion of the original work." Does having a chunk that qualifies as 1/30th of a copyrighted work qualify for copyright violation via unauthorized distribution? I don't know and IANAL, but I'd say that it's questionable. -Barry ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Case ID 51560370 - Notice of Claimed Infringement
Thomas Sutpen wrote: On Apr 5, 2005 5:01 AM, Ag. System Administrator <[EMAIL PROTECTED]> wrote: More nice will be if this .iso file is just 451,486k of /dev/random junk. Any proves that this file __IS__ Sybase Powerbuilder 9 Enterprise.iso? MD5? Something? The question that would begged to be asked is how they verified it. If they were to download copyrighted software from somebody sharing copyrighted software, does this not also constitute a crime? Is it not true that downloading illegally shared software is itself illegal? I'm not a lawyer, of course, but it's been my observation that the legal system doesn't often smile on those breaking the law to prove that others are breaking the law, unless it's in a Hollywood movie, no pun intended. Perhaps copyright makes some sort of concession for this. But it makes one wonder... It's not illegal if you're either the original copyright holder, or are provided a license by the original copyright holder. It's also really the act of distribution that is the "crime" (ahem, it's actually a tort violation)... -Barry ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Maxthon browser multiple vulnerabilities advisory
Maxthon browser multiple vulnerabilities advisory URL: http://www.raffon.net/advisories/maxthon/multvulns.htmlDate: April 08, 2005Author: Aviv Raff Introduction"Maxthon Internet Browser software is a powerful tabbed browser with a highly customizable interface. It is based on the Internet Explorer browser engine..." (From Maxthon website).In order to enhance the user experience, Maxthon uses a model of plug-ins. Maxthon exposes an API, which allows plug-ins to read/write to files. These functions allow the plug-ins to perform those operations on any directory in the running computer. Moreover, In order to call Maxthon's API functions from a plug-in, a "secure id" must be provided. This id can be easily fetched, and therefore the API functions can be called from any web site the user visits. Technical Details1) Maxthon's plug-ins use readFile and writeFile API functions to read and write from/to files on the plug-in's directory. It is possible to read and write from/to files on any other directory, due to lack of directory traversal character sequences validation.2) Maxthon allows calling to API functions only when a "security id" of a plug-in is provided. The "security id" of a plug-in is auto-generated when a plug-in is used for the first time in the current Maxthon session. Side bar plug-ins include the "security id" in a file named "max.src" on the plug-in's directory. By including this file in a script on a web page, it is possible to call functions that will read and write to local files, manage tabs, etc.A combination of the above vulnerabilities can be exploited to potentially allow remote code execution.Tested versions: 1.2.0; 1.2.1Older versions might also be affected. Proof of ConceptThe following is a local file reading proof of concept.Default Maxthon installation is assumed, and also that the, installed by default, M2Bookmark side bar plug-in was already used on the current Maxthon session.http://www.raffon.net/advisories/maxthon/nosecidpoc.html Timetable27-Mar-2005: Vendor informed.28-Mar-2005: Vendor confirmed vulnerability.08-Apr-2005: Vendor published a fixed version.08-Apr-2005: Public disclosure. SolutionUpgrade to version 1.2.2. Disclaimer: The information in this advisory and any of its demonstrations is provided "as is" without warranty of any kind.-- Copyright © 2005 Aviv Raff. -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement
Michael Holstein wrote: That's why if you wanted, you could sell bags of flour as cocaine and not be charged with drug dealing. Fine, it looks the same and weighs the same, however it isn't the product that's illegal. And to prove that it's illegal, they need to test it. Well ... tell that to these idiots : http://www.cleveland.com/search/index.ssf?/base/news/111269368272792.xml?nohio ~Mike. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Yes but there was actually coke in all of the mess. I guess that if they say that just because there were ones and zero's in the file that they downloaded, then they may be able to bust Jason on that level. Highly unlikely. Whatever happen to innocent until PROVEN guilty. Why does he have to prove his innocence. Let them prove his guilt. Marvin R. Myers CISSP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement
That's why if you wanted, you could sell bags of flour as cocaine and not be charged with drug dealing. Fine, it looks the same and weighs the same, however it isn't the product that's illegal. And to prove that it's illegal, they need to test it. Well ... tell that to these idiots : http://www.cleveland.com/search/index.ssf?/base/news/111269368272792.xml?nohio ~Mike. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200504-07 ] GnomeVFS, libcdaudio: CDDB response overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200504-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GnomeVFS, libcdaudio: CDDB response overflow Date: April 08, 2005 Bugs: #84936 ID: 200504-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis The GnomeVFS and libcdaudio libraries contain a buffer overflow that can be triggered by a large CDDB response, potentially allowing the execution of arbitrary code. Background == GnomeVFS is a filesystem abstraction library for the GNOME desktop environment. libcdaudio is a multi-platform CD player development library. They both include code to query CDDB servers to get Audio CD track titles. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 gnome-base/gnome-vfs < 2.8.4-r1 >= 2.8.4-r1 2 media-libs/libcdaudio < 0.99.10-r1 >= 0.99.10-r1 --- 2 affected packages on all of their supported architectures. --- Description === Joseph VanAndel has discovered a buffer overflow in Grip when processing large CDDB results (see GLSA 200503-21). The same overflow is present in GnomeVFS and libcdaudio code. Impact == A malicious CDDB server could cause applications making use of GnomeVFS or libcdaudio libraries to crash, potentially allowing the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All GnomeVFS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=gnome-base/gnome-vfs-2.8.4-r1" All libcdaudio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libcdaudio-0.99.10-r1" References == [ 1 ] CAN-2005-0706 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706 [ 2 ] GLSA 200503-21 http://www.gentoo.org/security/en/glsa/glsa-200503-21.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200504-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Case ID 51560370 - Notice ofClaimedInfringement
would be nice to done your crap discussion elsewhere, at start, this thread shouldnt be there , thx mr coombs .. - class101 Jr. Researcher Hat-Squad.com - - Original Message - From: "AJ C" <[EMAIL PROTECTED]> To: "Jason" <[EMAIL PROTECTED]>; Sent: Friday, April 08, 2005 4:48 AM Subject: Re: [Full-disclosure] Re: Case ID 51560370 - Notice ofClaimedInfringement > Civil vs Criminal cases dude, you're imposing some aspects of criminal > cases upon civil proceedings and that's not how they work. In a > criminal trial it's a dramatized version of reasonable doubt, civil > proceedings must show 51%+ responsibility on the part of the defendant > (much, much easier and why the powers that be choose this route). Not > to mention it's their content (no harm, no foul on downloading > something they already own) and MPAA/RIAA/blah have set precedence for > proactively tracking (either themselves or appointed parties) > file-sharing events (method of access is not unlawful and cannot be > brought into contention...is BitTorrent inherently illegal when used > for legit purposes? -- nope). > > If bb knocks on your door then you argue evidentiary process otherwise > in a civil proceeding you bear more of a burden to show you *didn't* > do what they're claiming (right or wrong they do have the legal upper > hand with their records versus essentially a verbal denial at best). > > 'Probably just easier to not download the crap and stay off the radar, $0.02. > > On Apr 7, 2005 7:26 PM, Jason <[EMAIL PROTECTED]> wrote: > > IANAL but it seems this thought process is broken. > > > > Jason Coombs wrote: > > > Come on, people, get a clue. > > > > > > The copyright owner has authorized the forensic investigators to > > > download the infringing material. If it was there, according to a > > > forensic investigator, then you have to prove it was not. > > > > This position does not hold water, there is no way for them to not break > > the same laws they would be attempting to enforce by performing the > > investigation from a remote location and without a valid search warrant. > > You do not have to prove that you did not have the content, you only > > have to prove that you have content that appears very similar to the > > remote reviewer. > > > > If you were to place a copyrighted work of your own there then would > > they be forced to download it and break the law in order to prove that > > it was not the other copyright owners property? If they show in the logs > > as having attempted a download does this make them guilty? > > > > It is as simple as creating a server that will return filenames and > > hashes found on the network but actually provide /dev/random for the > > download or your copyrighted content with an engineered hash collision. > > > > It only takes one case to prevent the civil suit from being filed. To > > file the suit would be admitting to having broken the law. You cannot > > bring suit when the basis of the suit is itself illegal activity. > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > -- > AJC > [EMAIL PROTECTED] > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/