[Full-disclosure] Hackers Tomorrow
Hello kind fellow disclosers, Since my last article gained so much praise i have written a second part on hackers tomorrow. I have also heeded the criticism and have aquired my own domain so i look more cooler :) n3td3v.com of course. I have a new 1337 super secure mail addy [EMAIL PROTECTED] also. I love feedback :) My article is at my new home http://www.n3td3v.com/hackerstomorrow.html Enjoy!! n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 897-1] New phpsysinfo packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 897-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze November 15th, 2005 http://www.debian.org/security/faq - -- Package: phpsysinfo Vulnerability : programming errors Problem-Type : remote Debian-specific: no CVE ID : CVE-2005-0870 CVE-2005-3347 CVE-2005-3348 Debian Bug : 301118 Several vulnerabilities have been discovered in phpsysinfo, a PHP based host information application. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-0870 Maksymilian Arciemowicz discoverd several cross site scripting problems, of which not all were fixed in DSA 724. CVE-2005-3347 Christopher Kunz discovered that local variables get overwritten unconditionally and are trusted later, which could lead to the inclusion of arbitrary files. CVE-2005-3348 Christopher Kunz discovered that user-supplied input is used unsanitised, causing a HTTP Response splitting problem. For the old stable distribution (woody) these problems have been fixed in version 2.0-3woody3. For the stable distribution (sarge) these problems have been fixed in version 2.3-4sarge1. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your phpsysinfo package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody3.dsc Size/MD5 checksum: 622 c6fe8cc0dece352dead56f7319e37191 http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody3.diff.gz Size/MD5 checksum: 3091 e7ce790076394c0fc0ddd9bc2fba23cf http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0.orig.tar.gz Size/MD5 checksum:48104 abd184ebc003aeba07d9945bb9c6ff0f Architecture independent components: http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody3_all.deb Size/MD5 checksum:42334 4991a7c22521888a9aba3db88e79b6ce Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.3-4sarge1.dsc Size/MD5 checksum: 596 12c1913a974e30596f07729d8fb660f9 http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.3-4sarge1.diff.gz Size/MD5 checksum: 9861 0b621fec1be1e26a5dfa160ce9612aac http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.3.orig.tar.gz Size/MD5 checksum: 163674 8e9a2b7a099e26cbd85f140475512ccc Architecture independent components: http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.3-4sarge1_all.deb Size/MD5 checksum: 164704 2ef5fb9eb652f24ecae3f5aa4967fa3d These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDeby/W5ql+IAeqTIRAlfBAJ0eFvlQJ0wCiV6rmvx+7VLEwtgJnwCfascW uTZueR8PAEQ3YaaHxDUMKv4= =Dj86 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [FLSA-2005:158801] Updated bzip2 packages fixsecurity issues
I took about 2 minutes out of my life several months ago and created rules in Thunderbird which put all those update messages into a special folder that I ignore. It wasn't incredibly hard to do, and now I'm happy AND I didn't have to complain on the list! Win-win! hmm i just wonder why you read the full-disclosure list which is mostly about bugs, but then filter out updates? most of those mails are like updates in package xyz fix vulnerabilities... sometimes there arent any advisories released, but just silently patched and only a little note in the updates. if you are interested in vulnerabilities you should look through patches once in a while to see what they actually fixed to spot the bugs. -sk GroundZero Security Research and Software Development http://www.groundzero-security.com Wir widersprechen der Nutzung oder Übermittlung unserer Daten für Werbezwecke oder für die Markt- oder Meinungsforschung (§ 28 Abs. 4 BDSG). Key fingerprint = A93E 41F8 7E82 5F2C 3E76 41F1 4BCF 3096 6992 8CB8 -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBEFX440RBADGTKOgZR9Y9VA/cfNLWTIN/OmXe9l6UZJ6pY8Hqcv6DFE//Kt9 UfQMU470i+I7SvIHZN066Kl4ts4r90sLxXrE4r5VQCLTsJM68cliatrM8MbbZZs+ xf3ldelZrHNvHkXDk4I/n3O56F9M6tZ/S71AIj++raIbFX57fn8Z8NNOnwCgwDr6 LDVP+5N4DML1/+uvXNtoL30D/A/GUXd6lJ8i7MoZMzwKk1uwDsgWwP+Wm0hMwJMr fR/di9K55pGdlGFNO5P2L3qOl2BaC8raNkLcXaweW+bao3P66nzpdtmecsjCMWq2 tQWgu/O7S1FgzlUAKJSOc2Th5PY9Raum8bXnSv4gnHZCKjNskIdrz8WDxCzEoPtZ eCssA/9ydHRvNIPjOTmzjXoE+UbJrB/U//u3dpAsLkzclKeSgjV2eYUgHGcqYn+H cFoubD78yFWqZqYtxfiyjBlItsIn9ls0gAZFKDFHd1XfOLFSa0/NHNpHLxCZGFIA tQ0Gp47VRmTPkWJ7lB505w0XioNs1H/1K1RSp++7+t1SNkBlobQpU3RlZmFuIEts YWFzIDxza0Bncm91bmR6ZXJvLXNlY3VyaXR5LmNvbT6IVwQTEQIAFwUCQVfjjQUL BwoDBAMVAwIDFgIBAheAAAoJEEvPMJZpkoy4AnYAmwTot1PMUty1YoCuMVg6cpr7 HKy1AJ98jyzD365YkIQAEiihXlQJ4zrxBLkCDQRBV+OvEAgAiu75prsTQZdNijtY eMQhl4tEL8qi8JOFluYGnvPYjDzU0PY9E4mNx/w2BgYcM3lTVzSmaiLEJ1AzeOHn w+pLDWsorRZuVI9q3+ExW3s2yFX4ppdHAVBMuYsQyVJRkbobCkcwTbUYXr23pKzh D8WRAJ991k2lNcQHxMgixAN+55XBFLhwLB0Yz7XmhFYLid5dLxdPllLIV3ZHDeY0 SEqMSpw96+gV0QpX7YH9U2VBr3Wz7Ss6qNZkcgHQw1xmk6Yy24QnT4a9oZD06Yjr cCocXnyI/YLW1wXo/6Hh44UH3b9mKUX6eh8ybn7QCnZDG7AdxbglLiPTkdcx0YoT NANZBwADBwf8CrjVKiXSzyhUsdH1es1KQCZ/zH6PvPzdxqYuGuVVMzgaJeeOMS2G 4rLfw2ILahAS0fjng6zX2c1ndPVJ6oAq3IygWsqJH6Uh23NmKTlyx3KtSgyW7YsB Rn/4wobuojArTHTl+X3U4JZTUEb9E4osB9bFjdsgXcxNSwXghQMh1x5eS5/fcjLd tACNq0x2/zh8zTJFHK+oNCLY2+iBjTUn7K03rEhQo6HqbPYwyc3LUCwBuFHFDVWp bZqa4knO0H5BBmbiI09kaVPOs0qRLXCAf1oy9PxK5ZBJ4WfQAnMAU+TuNrTuW2SU NMh92TCELdDpl/pMDbbBGeJdMvXZmY99HIhGBBgRAgAGBQJBV+OvAAoJEEvPMJZp koy4p1QAoIaYw3VxA0/mixUsMO4R13sXIL/pAJ9zodR+A9+bLqCRlVusG8JhItv1 Ow== =E0o1 -END PGP PUBLIC KEY BLOCK- Diese E-Mail kann vertrauliche Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail oder von Teilen dieser E-Mail ist nicht gestattet. This E-mail might contain confidential information. If you are not the right addressee or you have recived this Mail in error, please inform the Sender as soon as possible and delete this E-Mail immediately. You are not allowed to make any copies or relay this E-Mail. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [PHPADSNEW-SA-2005-002] phpAdsNew and phpPgAds 2.0.7 fix multiple vulnerabilities
phpAdsNew / phpPgAds security advisory PHPADSNEW-SA-2005-002 Advisory ID: PHPADSNEW-SA-2005-002 Date: 2005-Nov-15 Security risk: highly critical Applications affetced: phpAdsNew, phpPgAds Versions affected: = 2.0.6 Versions not affected: = 2.0.7 Vulnerability 1: SQL injection Impact: database access (+ potential system access) Where: from remote Description --- Toni Koivunen reported an SQL injection vulnerablility in phpAdsNew and phpPgAds, caused by missing sanitization of the session id cookie. Kevin Fernandez Siegfried of Zone-H reported further dangerous exploitation techniques to gain access to the whole database. Depending on the database user permissions, an attacker could also gain access to the local filesystem. Solution - Upgrade to phpAdsNew or phpPgAds 2.0.7. References -- http://www.fitsec.com/advisories/FS-05-01.txt http://www.zone-h.org/en/advisories/read/id=8413/ Vulnerability 2: HTTP response splitting Impact: application admin access Where: from remote Description --- Toni Koivunen reported multiple HTTP response splitting vulnerabilities in phpAdsNew and phpPgAds. Many of them could only be made if the attacker already has access to the administration interface. A vulnerability adclick.php could be exploited without access to the application interface. Solution - Upgrade to phpAdsNew or phpPgAds 2.0.7. References -- http://www.fitsec.com/ Vulnerability 3: full path disclosure Impact: information disclosure Where: from remote Description --- Toni Koivunen reported multiple full path disclosure vulnerabilities in phpAdsNew and phpPgAds. One of them could also reveal information about files modified or added by the system administrator, using phpAdsNew's own file integrity check system, given that the webserver user has enough permissions. Solution - Upgrade to phpAdsNew or phpPgAds 2.0.7. References -- http://www.fitsec.com/advisories/FS-05-01.txt Contact informations The security contact for phpAdsNew and phpPgAds can be reached at: security AT phpadsnew DOT com Best regards -- Matteo Beccati http://phpadsnew.com/ http://phppgads.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [FS-05-02] Multiple vulnerabilities in phpMyAdmin
=== _ Security Advisory _ http://www.fitsec.com/advisories/FS-05-02.txt _ Severity: Low/Medium Title: Multiple vulnerabilities in phpMyAdmin Date: 12.11.2005 ID: FS-05-02 Author: Toni Koivunen (toni.koivunen (at) fitsec.com) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Background: phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields. Affected versions: Atleast 2.7.0-beta1, most likely others versions also. Description: Vuln 1: Full Path Disclosures in the following files: libraries/string.lib.php libraries/storage_engines.lib.php libraries/sqlparser.lib.php libraries/sql_query_form.lib.php libraries/select_theme.lib.php libraries/select_lang.lib.php libraries/relation_cleanup.lib.php libraries/left_header.inc.php libraries/import.lib.php libraries/header_meta_style.inc.php libraries/grab_globals.lib.php libraries/get_foreign.lib.php (get_foreign.lib.php?field=fooforeigners[foo]=foo) libraries/display_tbl_links.lib.php (display_tbl_links.lib.php?doWriteModifyAt=leftedit_url=foo) libraries/display_import.lib.php libraries/display_export.lib.php libraries/display_create_table.lib.php libraries/display_create_database.lib.php libraries/db_table_exists.lib.php libraries/database_interface.lib.php libraries/common.lib.php libraries/check_user_privileges.lib.php libraries/charset_conversion.lib.php (charset_conversion.lib.php?cfg[AllowAnywhereRecoding]=trueallow_recoding=true) libraries/sqlvalidator.lib.php (libraries/sqlvalidator.lib.php?cfg[SQLValidator]=use=TRUE) libraries/import/sql.php libraries/fpdf/ufpdf.php libraries/auth/cookie.auth.lib.php (libraries/auth/cookie.auth.lib.php?coming_from_common=true) Vuln 2: Http Response Splitting in libraries/header_http.inc.php The script doesn't check for direct access. If register_globals is on, it is possible for a remote attacker to cause http response splitting. Impact: A remote attacker could exploit this to learn installation paths on server. The HTTP Response splitting vulnerability can lead to user compromise amongst other things. Status: 12.11.2005 Vulnerabilities found Acknowledgements: To the community at dievo.org, keep it up :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers Tomorrow
Thank you for the shamless plug. Do you know Zach Tull ? - Original Message - From: n3td3v v3dt3n To: full-disclosure@lists.grok.org.uk Sent: Tuesday, November 15, 2005 3:22 AM Subject: [Full-disclosure] Hackers Tomorrow Hello kind fellow disclosers, Since my last article gained so much praise i have written a second part on "hackers tomorrow". I have also heeded the criticism and have aquired my own domain so i look more cooler :) n3td3v.com of course. I have a new 1337 super secure mail addy [EMAIL PROTECTED] also. I love feedback :) My article is at my new home http://www.n3td3v.com/hackerstomorrow.html Enjoy!! n3td3v ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200511-12 ] Scorched 3D: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200511-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Scorched 3D: Multiple vulnerabilities Date: November 15, 2005 Bugs: #111421 ID: 200511-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Scorched 3D allow a remote attacker to deny service or execute arbitrary code on game servers. Background == Scorched 3D is a clone of the classic Scorched Earth DOS game, adding features like a 3D island environment and Internet multiplayer capabilities. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 games-strategy/scorched3d = 39.1 Vulnerable! --- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Description === Luigi Auriemma discovered multiple flaws in the Scorched 3D game server, including a format string vulnerability and several buffer overflows. Impact == A remote attacker can exploit these vulnerabilities to crash a game server or execute arbitrary code with the rights of the game server user. Users not running a Scorched 3D game server are not affected by these flaws. Workaround == There is no known workaround at this time. Resolution == The Scorched 3D package has been hard-masked until a new version correcting these flaws is released. In the meantime, current users are advised to unmerge the package: # emerge --unmerge games-strategy/scorched3d References == [ 1 ] Original advisory http://seclists.org/lists/fulldisclosure/2005/Nov/0079.html Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200511-12.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Three years and ten months without a patch
Whilst looking over old Oracle bugs I discovered that a _fully_ _patched_ 8.1.7.4 Oracle server is still vulnerable to the old extproc flaw [http://www.ngssoftware.com/advisories/oraplsextproc.txt]; this flaw, when exploited, allows a remote attacker without a userID and password to take control of the server. Why, you may ask, has a supported product gone for so long without a patch for a serious problem that was made public 3 years and 10 months ago and reported to Oracle over 4 years ago? The answer, according to Alert 57 [http://www.oracle.com/technology/deploy/security/pdf/2003alert57.pdf], is that Oracle outright decided not to fix it. They claim architectural constraints are the problem even though they managed to overcome these same constraints on newer versions of Oracle. Users of 8.1.7.4 would do well to heed the advice offered in Alert 57 if they've not already done so. Cheers, David Litchfield http://www.databasesecurity.com/ http://www.ngssoftware.com/ More commentary on this available here http://www.databasesecurity.com/oracle-commentary.htm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers Tomorrow
I think you guys have managed to scare him off the list. He hasn't posted in a day or two. This might bring him back out though ;) On 11/15/05, n3td3v v3dt3n [EMAIL PROTECTED] wrote: Hello kind fellow disclosers, Since my last article gained so much praise i have written a second part on hackers tomorrow. I have also heeded the criticism and have aquired my own domain so i look more cooler :) n3td3v.com of course. I have a new 1337 super secure mail addy [EMAIL PROTECTED] also. I love feedback :) My article is at my new home http://www.n3td3v.com/hackerstomorrow.html Enjoy!! n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Robert Wesley McGrew http://cse.msstate.edu/~rwm8/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200511-13 ] Sylpheed, Sylpheed-Claws: Buffer overflow in LDIF importer
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200511-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Sylpheed, Sylpheed-Claws: Buffer overflow in LDIF importer Date: November 15, 2005 Bugs: #111853 ID: 200511-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Sylpheed and Sylpheed-Claws contain a buffer overflow vulnerability which may lead to the execution of arbitrary code. Background == Sylpheed is a lightweight email client and newsreader. Sylpheed-Claws is a 'bleeding edge' version of Sylpheed. They both support the import of address books in LDIF (Lightweight Directory Interchange Format). Affected packages = --- Package / Vulnerable / Unaffected --- 1 mail-client/sylpheed 2.0.4 = 2.0.4 2 mail-client/sylpheed-claws 1.0.5-r1 = 1.0.5-r1 --- 2 affected packages on all of their supported architectures. --- Description === Colin Leroy reported buffer overflow vulnerabilities in Sylpheed and Sylpheed-Claws. The LDIF importer uses a fixed length buffer to store data of variable length. Two similar problems exist also in the Mutt and Pine addressbook importers of Sylpheed-Claws. Impact == By convincing a user to import a specially-crafted LDIF file into the address book, a remote attacker could cause the program to crash, potentially allowing the execution of arbitrary code with the privileges of the user running the software. Workaround == There is no known workaround at this time. Resolution == All Sylpheed users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-client/sylpheed-2.0.4 All Sylpheed-Claws users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-client/sylpheed-claws-1.0.5-r1 References == [ 1 ] CVE-2005-3354 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3354 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200511-13.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers Tomorrow
oh n3td3v!! I finally learned to spell your name. Am I in love with you? On 11/15/05, Native.Code [EMAIL PROTECTED] wrote: oh n3td3v!! I finally learned to spell your name. Am I in love with you? On 11/15/05, n3td3v v3dt3n [EMAIL PROTECTED] wrote: Hello kind fellow disclosers, Since my last article gained so much praise i have written a second part on hackers tomorrow. I have also heeded the criticism and have aquired my own domain so i look more cooler :) n3td3v.com of course. I have a new 1337 super secure mail addy [EMAIL PROTECTED] also. I love feedback :) My article is at my new home http://www.n3td3v.com/hackerstomorrow.html Enjoy!! n3td3v ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Administrivia: Noise
Hi If we could all make an effort to avoid further personal attacks I would appreciate it. Please resist the temptation to perpetutate the noise - I have mailed individuals privately about the current situation in an attempt to prevent further offtopic postings. As has been said before, every list member is entitled to an opinion, providing they are prepared to express it in a constructive manner. I do not wish to impose any moderation unless absolutely necessary. Cheers - John ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Enough's enough...
On Mon, 2005-11-14 at 12:24 -0800, Bart Lansing wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Y'know...I usually take what you have to say with a grain of salt...and maybe a few grains of pain killer...and let it go, but enough already. If it wasn't for me you wouldn't have an internet to sent your packets on right now?? There have been a few individuals whose contributions to this list struck me as being of questionable worth, but you are the first I have felt the need to expend the trivial efforts to filter. Congratulations and goodbye. On a sort of side point, I've recently started using the highlight feature in evolution to apply colours to incoming mail where the 'sender' matches certain criteria - doing this lets me assign a pleasant (but obvious) colour to people I know and/or whose postings are interesting (respectively red and redorange), and a vile colour to those whose postings are silly/downright stupid (respectively forest green and lime green). Doing this, I've found, gives me a great indicator as to the qualities of a thread - a large amount of either colour clearly indicates the general tone of the thread (and a large amount of both tends to indicate a 'hot topic'). Suffice it to say that unless looking for a comedy moment in my afternoon, I tend to ignore those putrid green threads and head straight for a red. Particularly for high-volume lists like this one and security basics, I find that this method pays dividends! - James. On Sun, 13 Nov 2005 17:02:39 -0800 n3td3v [EMAIL PROTECTED] wrote: Yet another fuckwit basing their opinion on someone they don't know. If it wasn't for me you wouldn't have an internet to sent your packets on right now. You take people at face value instead of getting to know them first. Read my research paper on Hackers Today and you might learn something. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers Tomorrow
xploitabel != xploitable Cheers, t ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers Tomorrow
Lame ass wanabeeOn 11/15/05, n3td3v v3dt3n [EMAIL PROTECTED] wrote: Hello kind fellow disclosers, Since my last article gained so much praise i have written a second part on hackers tomorrow. I have also heeded the criticism and have aquired my own domain so i look more cooler :) n3td3v.com of course. I have a new 1337 super secure mail addy [EMAIL PROTECTED] also. I love feedback :) My article is at my new home http://www.n3td3v.com/hackerstomorrow.html Enjoy!! n3td3v ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Hackers Tomorrow
Please stop with this. We are all so sick of you forcing this thing. I think you called it cyber suicide on your web article. Just let it go. Jeez! Richard Golodner (my real name) From: n3td3v n3td3v [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 15, 2005 10:14 AM To: n3td3v v3dt3n Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Hackers Tomorrow Lame ass wanabee On 11/15/05, n3td3v v3dt3n [EMAIL PROTECTED] wrote: Hello kind fellow disclosers, Since my last article gained so much praise i have written a second part on hackers tomorrow. I have also heeded the criticism and have aquired my own domain so i look more cooler :) n3td3v.com of course. I have a new 1337 super secure mail addy [EMAIL PROTECTED] also. I love feedback :) My article is at my new home http://www.n3td3v.com/hackerstomorrow.html Enjoy!! n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers Tomorrow
know need to give your name. I know it already youz all dont get how powerful i am.On 11/15/05, Richard Golodner [EMAIL PROTECTED] wrote: Please stop with this. We are all so sick of you forcing this thing. I think you called it cyber suicide on your web article. Just let it go. Jeez! Richard Golodner (my real name) From: n3td3v n3td3v [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 15, 2005 10:14 AM To: n3td3v v3dt3n Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Hackers Tomorrow Lame ass wanabee On 11/15/05, n3td3v v3dt3n [EMAIL PROTECTED] wrote: Hello kind fellow disclosers, Since my last article gained so much praise i have written a second part on hackers tomorrow. I have also heeded the criticism and have aquired my own domain so i look more cooler :) n3td3v.com of course. I have a new 1337 super secure mail addy [EMAIL PROTECTED] also. I love feedback :) My article is at my new home http://www.n3td3v.com/hackerstomorrow.html Enjoy!! n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers Tomorrow
On Tue, Nov 15, 2005 at 09:24:50AM -0600, n3td3v n3td3v wrote: know need to give your name. I know it already youz all dont get how powerful i am. Who said British humour was dead? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers Tomorrow
On Tue, 2005-11-15 at 10:38 -0500, Scott T. Cameron wrote: On Tue, Nov 15, 2005 at 09:24:50AM -0600, n3td3v n3td3v wrote: know need to give your name. I know it already youz all dont get how powerful i am. Who said British humour was dead? It's not dead, it's just resting. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers Tomorrow
n3td3v, you are really boring me. I've never write nothing to this list because I thought that I hadn't something interesting to say. But you are all the time saying stupid things. Please people, ignore this troll. Gabriel On 11/15/05, James Eaton-Lee [EMAIL PROTECTED] wrote: On Tue, 2005-11-15 at 10:38 -0500, Scott T. Cameron wrote: On Tue, Nov 15, 2005 at 09:24:50AM -0600, n3td3v n3td3v wrote: know need to give your name. I know it already youz all dont get how powerful i am. Who said British humour was dead?It's not dead, it's just resting. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers Tomorrow
On Tue, 2005-11-15 at 15:47, James Eaton-Lee wrote: On Tue, 2005-11-15 at 10:38 -0500, Scott T. Cameron wrote: On Tue, Nov 15, 2005 at 09:24:50AM -0600, n3td3v n3td3v wrote: know need to give your name. I know it already youz all dont get how powerful i am. Who said British humour was dead? It's not dead, it's just resting. It has gone to meet its maker. Sorry, sorry, I just couldn't resist it. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers Tomorrow
$0.02 USD: This seems better suited for 2600 Magazine, or a personal blog. On 11/15/05, n3td3v v3dt3n [EMAIL PROTECTED] wrote: Hello kind fellow disclosers, Since my last article gained so much praise i have written a second part on hackers tomorrow. I have also heeded the criticism and have aquired my own domain so i look more cooler :) n3td3v.com of course. I have a new 1337 super secure mail addy [EMAIL PROTECTED] also. I love feedback :) My article is at my new home http://www.n3td3v.com/hackerstomorrow.html Enjoy!! n3td3v ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ -- ME2http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Not the real n3td3v
People it isn't the real n3td3v, as Thorsten tried to point out eariler. The e-mail address is wrong. xploitabel != xploitable Plus if would just look at the webite posted by that person..you can tell it is a mock of the original. So perhaps we should ignore the fake troll? Nice job fake troll..well donelets not waste anymore time on this subject..lol -Todd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Not the real n3td3v
The fake troll is better than the real troll though. :(On 11/15/05, Todd Towles [EMAIL PROTECTED] wrote: People it isn't the real n3td3v, as Thorsten tried to point out eariler. The e-mail address is wrong. xploitabel != xploitable Plus if would just look at the webite posted by that person..you can tell it is a mock of the original. So perhaps we should ignore the fake troll? Nice job fake troll..well donelets not waste anymore time on this subject..lol -Todd ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] How to discover customers of hosting company for n3td3v.com
That silly post about n3td3v.com led to fun playtimes with the Scottsdale, AZ web farm that hosts it. Name:n3td3v.com Address: 64.202.167.129 Nslookup of 64.202.167.129 gives: Name:pwdynamic-v02.prod.mesa1.secureserver.net Address: 64.202.167.120 A traceroute of 64.202.167.129 gives its IP address as ip-64-202-167-129.secureserver.net. Want to know all the fun customers using websites on related secureserver.net servers? Insert numbers per examples: http://documents.secureserver.net/show/document.aspx?plvid=1name=stats_eula (GoDaddy.com) http://documents.secureserver.net/show/document.aspx?plvid=2name=stats_eula ... http://documents.secureserver.net/show/document.aspx?plvid=111702name=stats_eula etc. How does one develop the procedure for uncovering all these users as noted above? That is left as an exercise for the student. Hint: it is trivial. Carolyn Meinel http://techbroker.com http://happyhacker.org 505-281-9675 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers Tomorrow
I have to say how disapointed I am that more people didn't pick up the fact that even though the name comes across as n3td3v the address is [EMAIL PROTECTED], where the origianal troll postings are from [EMAIL PROTECTED]. Also the person that set up the website in the other posts had the same thought as I did and used [EMAIL PROTECTED] and took it farther by setting up a website. The original n3td3v must be laughing his ass off for security people missing such simple bait and switch. Or am I the real n3td3v just throwing up smokescreens, who knows? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Not the real n3td3v
i agree, nice work fake n3td3v :) -sk http://www.groundzero-security.com - Original Message - From: Kevin Ponds To: full-disclosure@lists.grok.org.uk Sent: Tuesday, November 15, 2005 5:17 PM Subject: Re: [Full-disclosure] Not the real n3td3v The fake troll is better than the real troll though. :( On 11/15/05, Todd Towles [EMAIL PROTECTED] wrote: People it isn't the real n3td3v, as Thorsten tried to point out eariler. The e-mail address is wrong. xploitabel != xploitable Plus if would just look at the webite posted by that person..you can tell it is a mock of the original. So perhaps we should ignore the fake troll? Nice job fake troll..well donelets not waste anymore time on this subject..lol -Todd ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to discover customers of hosting company for
Want to know all the fun customers using websites on related secureserver.net servers? Insert numbers per examples: http://documents.secureserver.net/show/document.aspx?plvid=1name=stats_eula (GoDaddy.com) http://documents.secureserver.net/show/document.aspx?plvid=2name=stats_eula ... http://documents.secureserver.net/show/document.aspx?plvid=111702name=stats_eula etc. How does one develop the procedure for uncovering all these users as noted above? That is left as an exercise for the student. Hint: it is trivial. They buy your book so they too, can be security experts! ;p Carolyn Meinel http://techbroker.com http://happyhacker.org 505-281-9675 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Kiddiots Today
On Tue, 15 Nov 2005, n3td3v n3td3v wrote: Or am I the real n3td3v just throwing up smokescreens, who knows? No one cares much for this moronic thread nor whether or not someone is throwing up smokescreens. Can some of you guys grow up or at least grow a clue and speak about something worthwhile. This list can the tendency to bring brainrot. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x97B43D89 http://mo.fscker.com :: Obscurity through Insecurity I know what I have given you. I do not know what you have received -- Antonio Porchia ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers Tomorrow
More like, who cares. On 11/15/05, n3td3v n3td3v [EMAIL PROTECTED] wrote: Or am I the real n3td3v just throwing up smokescreens, who knows? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to discover customers of hosting company for n3td3v.com
On 11/15/05, Carolyn Meinel [EMAIL PROTECTED] wrote: How does one develop the procedure for uncovering all these users as noted above? That is left as an exercise for the student. Hint: it is trivial. A big huge thank you for pointing that out. I've never realized how EASY that is until you brought it up. Again, many thanks and have a wonderful nice day, hugskisses ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Not the real n3td3v
On 11/15/05, sk / GroundZero [EMAIL PROTECTED] wrote: i agree, nice work fake n3td3v :) It's times like these that I really mis Gobbles. :-( ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Not the real n3td3v
On 11/15/05, TheGesus [EMAIL PROTECTED] wrote: On 11/15/05, sk / GroundZero [EMAIL PROTECTED] wrote: i agree, nice work fake n3td3v :) It's times like these that I really mis Gobbles. :-( ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Thanks all, Netdev's mommy was too poor to buy n3td3v.com (he is only 15 and lives in the ghetto) so i figured i would for a few moments expand the reaches of his retardation. One day when n3td3v gets to the age of majority and stops annoying the world i will give him the site :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Not the real n3td3v
People, actions such as this are what keeps these things going. Until people just ignore idiots it will still happen. You expect to send something like this to a person and expect them to go away? Scott Schapper [EMAIL PROTECTED] You are an uneducated fuckup, and an arrogant idiot. You have to hide behind some mysterious char string to exist. You hide. Disappear I hope you can confine your communications in the future with people or vegetables who give a shit. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to discover customers of hosting company for n3td3v.com
OMG. Who let the neurotic shemale on this list. Wow, you can use whois and traceroute... can you crawl back into the hole in which you were in. Happyhacker? No are no more a hacker than you are stable and normal member of society. I would call you a cream gulping trollop but we all know that no man, other than perhaps JP, would go near you... which explains a lot for your psychological issues and general feelings of being inadequate. On 11/15/05, Carolyn Meinel [EMAIL PROTECTED] wrote: ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Three years and ten months without a patch
So why not start teaching some lessons David and release exploit code. It seems that is the only way they learn and take thing seriously. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [FLSA-2005:158801] Updated bzip2 packages fix security issues
Sheesh... just because you are not running something or don't care it does not mean that no one else cares. How about you post a complete list of all software packages you run, including complete version info, and we will be sure to post lots of bugs you do care about. On 11/14/05, Rembrandt [EMAIL PROTECTED] wrote: Could you please stop mailing your Bug-Fix-Reports aka Package xyz updated to the Full*-Mailinglist? I'm sure you've an OWN mailinglist for such things. If not: Create one Such things just suck and NERVE all others who don't use the OS/Distri. It's not related to you personaly and you're not the only one. Kind regards, Rembrandt ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to discover customers of hosting company for
omg the happy script kid Carolyn Meinel strikes again ! that is so 90's -sk http://www.groundzero-security.com - Original Message - From: [EMAIL PROTECTED] To: Carolyn Meinel [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Tuesday, November 15, 2005 5:34 PM Subject: Re: [Full-disclosure] How to discover customers of hosting company for Want to know all the fun customers using websites on related secureserver.net servers? Insert numbers per examples: http://documents.secureserver.net/show/document.aspx?plvid=1name=stats_eula (GoDaddy.com) http://documents.secureserver.net/show/document.aspx?plvid=2name=stats_eula ... http://documents.secureserver.net/show/document.aspx?plvid=111702name=stats_eula etc. How does one develop the procedure for uncovering all these users as noted above? That is left as an exercise for the student. Hint: it is trivial. They buy your book so they too, can be security experts! ;p Carolyn Meinel http://techbroker.com http://happyhacker.org 505-281-9675 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: [FLSA-2005:152794] Updated rp-pppoe package fixes security issue
Marc Deslauriers wrote: Synopsis: Updated rp-pppoe package fixes security issue Advisory ID: FLSA:152794 This is a totally bogus vulnerability, as I wrote in my response on http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0564 In fact, this so-called fix might tempt people to run rp-pppoe SUID-root, which is a Bad Thing, because there are probably tons of other reasons why a SUID-root rp-pppoe is dangerous. rp-pppoe 3.6 was released a while ago. It has a proper fix for SUID-ness. I recommend people use that instead of distro versions with dubious security patches NOTE: I have set the return path to [EMAIL PROTECTED] to avoid hundreds of responses from Bugtraq readers' broken auto-responders. To reply to me, reply to [EMAIL PROTECTED] Regards, David. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Not the real n3td3v
On Tue, 15 Nov 2005 12:21:02 -0600 n3td3v n3td3v [EMAIL PROTECTED] wrote: People, actions such as this are what keeps these things going. ack Until people just ignore idiots it will still happen. ack You expect to send something like this to a person and expect them to go away? Yes they do It's interesting how many people answer to such mails. Isn't it? ;-) Kind regards, Rembrandt ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers Tomorrow
On Tue, 15 Nov 2005, Micheal Espinola Jr wrote: $0.02 USD: This seems better suited for 2600 Magazine, or a personal blog. Heh, I was thinking this list is becoming lamer than 2600 as well... -M. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: [xfocus-AD-051115]Multiple antivirus failed to scan malicous filename bypass vulnerability
Dear Alert7 , That means that if the user clicks on it using explorer.exe or iexplorer.exe the file won't be executed because even Microsoft Windows explorer is unable to parse the file? axo Demonstration here: axo Choose a malicious file which would be detected, such as nc.exe, axo rename the file as nc??.exe (?? =Hex C0 D7 BA DC) axo Because these special names are unable directly to input, so if you axo want to run these file, you should use the following way: axo Uses the MS-DOS name specification, we can operate file with Open、 axo Read、Write、 and duplicate。 -- http://secdev.zoller.lu Thierry Zoller ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Authentication vulnerability in Belkin wireless devices
rhont Ltd. - Information Security Arhont Advisory by: Andrei Mikhailovsky (www.arhont.com) Advisory: Belkin Wireless Router Authentication Vulnerability Router Model Name: F5D7232-4 and F5D7230-4 Model Specific: Other models are likely to be vulnerable Manufacturer site: http://www.belkin.com SUMMARY: A serious security vulnerability have been found in authentication system of Belkin Wireless Routers. The vulnerability has been confirmed in Belkin Wireless Routers models F5D7232-4 and F5D7230-4 with latest firmware 4.05.03 and with firmware 4.03.03. Previous firmware versions are also likely to be effected. Other Belkin wireless devices are likely to be vulnerable. VULNERABILITY DESCRIPTION: While a legitimate device administrator is logged into the router's web management interface, any other user/attacker can access, view and change router's web configuration without authentication from any network address. This presents an opportunistic vector of attack on the device in question. Risk Factor: High/Medium WORKAROUNDS: At the release time of this advisory, Belkin didn't have an update that solves the issue. It is advised to filter all requests to web administration interface of the device. COMMUNICATION HISTORY: Manufacturer notified on 11th of October 2005 ADDITIONAL INFORMATION: *According to the Arhont Ltd. policy, all of the found vulnerabilities and security issues will be reported to the manufacturer at least 7 days before releasing them to the public domains (such as CERT and BUGTRAQ). The delay of the public release might be negotiated with the manufacturer providing reasonable justifications have been given from the manufacturer side. If you would like to get more information about this issue, please do not hesitate to contact Arhont team on info[_-at-_]arhont[_-dot-_]com -- Andrei Mikhailovsky Arhont Ltd - Information Security Web: http://www.arhont.com http://www.wi-foo.com Tel: +44 (0)870 4431337 Fax: +44 (0)117 9690141 PGP: Key ID - 0x2B3438DE PGP: Server - keyserver.pgp.com signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iDEFENSE Security Advisory 11.15.05: Multiple Vendor GTK+ gdk-pixbuf XPM Loader Heap Overflow Vulnerability
Multiple Vendor GTK+ gdk-pixbuf XPM Loader Heap Overflow Vulnerability
iDEFENSE Security Advisory 11.15.05
www.idefense.com/application/poi/display?id=339type=vulnerabilities
November 15, 2005
I. BACKGROUND
GTK+ is a multi-platform toolkit for creating graphical user interfaces.
Offering a complete set of widgets, GTK+ is suitable for projects
ranging from small one-off projects to complete application suites.
II. DESCRIPTION
Remote exploitation of heap overflow vulnerability in various vendors'
implementations of the GTK+ gdk-pixbuf XPM image rendering library could
allow for arbitrary code execution.
The vulnerability specifically exists due to an integer overflow while
processing XPM files. The following code snippet illustrates the
vulnerability:
if (n_col = 0 || n_col = G_MAXINT / (cpp + 1)) {
g_set_error (error,
GDK_PIXBUF_ERROR,
GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
_(XPM file has invalid number of colors));
return NULL;
}
[...]
colors = (XPMColor *) g_try_malloc ((sizeof (XPMColor) * n_col));
[...]
The validity check of n_col is enough to prevent an integer overflow in
the first g_try_malloc, however there is not a proper check for the
second g_try_malloc, which allows an undersized heap buffer to be
allocated, then overflowed while using n_col as an upper bounds in a
copying loop. This can be used to execute arbitrary code via traditional
heap overflow 4 byte write methods or by overwriting adjacent areas of
the heap with important values such as function pointers.
III. ANALYSIS
Exploitation could allow for arbitrary code execution in the context of
the user running the affected application. As this library is used in a
variety of applications, this vulnerability could be exploited either
remotely, via a networked application or locally.
IV. DETECTION
iDEFENSE has confirmed the existence of this vulnerability in gtk+ 2.4.0
compiled from source. It is suspected that previous versions are also
affected by this vulnerability. The following vendors include
susceptible GTK+ and GdkPixBuf packages within their respective
operating system distributions:
The Debian Project:
Debian GNU/Linux 3.0 and 3.1 (all architectures)
Mandriva (formerly Mandrakesoft):
Mandriva Linux (formerly Mandrakelinux) 10.0 and 10.1,
Corporate Server 3.0
Novell Inc.:
SuSE Linux 8.2, 9.0, 9.1 and 9.2
Red Hat Inc.:
Red Hat Enterprise Linux 2.1, 3, 4,
Fedora Core 3, 4
V. WORKAROUND
Users should not open untrusted media files.
VI. VENDOR RESPONSE
Red Hat Inc.:
This issue affects the gtk2 packages as shipped with Red Hat Enterprise
Linux 3 and 4, and the gdk-pixbuf packages as shipped with Red Hat
Enterprise Linux 2.1, 3, and 4. Updates to these packages are available
at the URL below or by using the Red Hat Network up2date tool.
http://rhn.redhat.com/errata/CVE-2005-3186.html
This issue affects the gtk2 and gdk-pixbuf packages as shipped with
Fedora Core 3 and 4.
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CAN-2005-3186 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
10/12/2005 Initial vendor notification
10/14/2005 Initial vendor response
11/15/2005 Coordinated public disclosure
IX. CREDIT
infamous41md is credited with the discovery of this vulnerability.
Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events
http://labs.idefense.com
X. LEGAL NOTICES
Copyright © 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDEFENSE. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email [EMAIL PROTECTED] for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iDEFENSE Security Advisory 11.15.05: Multiple Vendor Insecure Call to CreateProcess() Vulnerability
Multiple Vendor Insecure Call to CreateProcess() Vulnerability iDEFENSE Security Advisory 11.15.05 www.idefense.com/application/poi/display?id=340type=vulnerabilities November 15, 2005 I. BACKGROUND The Microsoft Windows API includes the CreateProcess() function as a means to create a new process and it's primary thread. CreateProcessAsUser() is similar but allows for the process to be run in the security context of a particular user. II. DESCRIPTION The format of the CreateProcess() function is as follows: BOOL CreateProcess( LPCTSTR lpApplicationName, LPTSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCTSTR lpCurrentDirectory, LPSTARTUPINFO lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation ); The 'lpApplicationName' variable contains the name of the module to be executed. However, this can be a NULL value, in which case, the module name to be executed will be the first white space-delimited token in the lpCommandLine string. It is a known issue, that if lpApplicationName contains a NULL value and the full module path in the lpCommandLine variable contains white space and is not enclosed in quotation marks, it is possible that an alternate application will be executed. Consider the following scenario: CreateProcess( NULL, c:\program files\sub dir\program.exe, ... ); In this case, the system will successively expand the string when interpreting the file path, until a module is encountered to execute. The string used in the above example would be interpreted as follows: c:\program.exe files\sub dir\program name c:\program files\sub.exe dir\program name c:\program files\sub dir\program.exe Therefore, if a file named program.exe existed in the c:\ directory, it would be executed instead of the intended application. This is a known issue, discussed directly in the API documentation: http://msdn.microsoft.com/library/en-us/dllproc/base/createprocessasuser.asp III. ANALYSIS Despite the fact that this is a known issue, several popular applications, insecurely call the CreateProcess() and CreateProcessAsUser() functions. This creates a scenario whereby arbitrary code could be executed. In the scenario detailed above, if an attacker were able to install arbitrary code in a file at c:\program.exe, when the vulnerable application was launched, the code would be executed. The arbitrary code would generally be executed under the privileges of the executing user but could also be launched with elevated privilegs if an insecure call were made CreateProcessAsUser() using elevated privileges. This attack would involve some form of social engineering or need to be combined with another attack to first get the arbitrary code installed in the correct location. IV. DETECTION The following applications have been confirmed to be vulnerable: Vendor:RealNetworks Application: RealPlayer 10.5 Files:realplay.exe realjbox.exe Vendor:Kaspersky Application: Kaspersky Anti-Virus for Windows File Servers 5.0 (English) - Installation File Files:kav5.0trial_winfsen.exe Vendor:Apple Application: iTunes 4.7.1.30 Files:iTunesHelper.exe Vendor:VMWare Application: VMWare Workstation 5.0.0 build-13124 Files:VMwareTray.exe VMwareUser.exe Vendor:Microsoft Application: Microsoft Antispyware 1.0.509 (Beta 1) Files:GIANTAntiSpywareMain.exe gcASNotice.exe gcasServ.exe gcasSWUpdater.exe GIANTAntiSpywareUpdater.exe Note: The vulnerability in Microsoft Antispyware was previously discussed on the Full-Disclosure mailing list (http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/033909.html) but remains unpatched. V. WORKAROUND Ensure that unexpected files are not stored in locations that can be used for this attack. Windows XP SP2 will alert a user of the existence of a file named c:\program.exe when it first boots, however, any path containing white space where a vulnerable application is stored could be used in this attack. VI. VENDOR RESPONSE The following vendor responses have been provided. Apple: Due to the way iTunes 5 launches its helper application, multiple system paths are searched for which program to run. This may allow a malicious user on the local system to create an environment where an alternate program will be executed by iTunes. iTunes 6 addresses this issue and can be obtained from http://www.apple.com/itunes/download/. Credit to iDEFENSE for reporting this issue to us. Kaspersky: We are currently looking into the problem, and it seems that
[Full-disclosure] Was: n3td3v.com, now: C.Meinel
Carolyn Meinel wrote: I'd be wary of anything Ms. Meinel has to say: http://attrition.org/errata/charlatan/shame/index2.html The info's old but some leopards don't change their spots. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Was: n3td3v.com, now: C.Meinel
E'sy now rude bwoy E-fight to kick off in 3. Byron Sonne wrote: Carolyn Meinel wrote: I'd be wary of anything Ms. Meinel has to say: http://attrition.org/errata/charlatan/shame/index2.html The info's old but some leopards don't change their spots. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDEFENSE Security Advisory 11.15.05: Multiple Vendor Insecure Call to CreateProcess() Vulnerability
IV. DETECTION The following applications have been confirmed to be vulnerable: Vendor: RealNetworks Application:RealPlayer 10.5 Files: realplay.exe realjbox.exe Vendor: Kaspersky Application:Kaspersky Anti-Virus for Windows File Servers 5.0 (English) - Installation File Files: kav5.0trial_winfsen.exe Vendor: Apple Application:iTunes 4.7.1.30 Files: iTunesHelper.exe Vendor: VMWare Application:VMWare Workstation 5.0.0 build-13124 Files: VMwareTray.exe VMwareUser.exe Vendor: Microsoft Application:Microsoft Antispyware 1.0.509 (Beta 1) Files: GIANTAntiSpywareMain.exe gcASNotice.exe gcasServ.exe gcasSWUpdater.exe GIANTAntiSpywareUpdater.exe I think this is not so serious vulnerability. Programs in the list are not a service so c:\Program.exe can only run as another user on same computer. I think C:\ cannot be write on Windows XP for unless Administrator, so I think this only effects to Windows 2000. Also c:\Program Files cannot be write unless Administrator on any Windows version. It is a known issue, that if lpApplicationName contains a NULL value and the full module path in the lpCommandLine variable contains white space and is not enclosed in quotation marks, it is possible that an alternate application will be executed. This is a known issue, discussed directly in the API documentation: http://msdn.microsoft.com/library/en- us/dllproc/base/createprocessasuser.asp Note: The vulnerability in Microsoft Antispyware was previously discussed on the Full-Disclosure mailing list (http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/0 33909.html) but remains unpatched. This is very old and classical vulnerability and is not so severe, maybe it only effects to Windows 2000 computer with some Administrator users, and already it has been discussed many times before. It is not surprise that discoverer wishes to remain anonymous. Maybe he was paid 50$ by iDEFENSE because he was only watching in some programs for classical vulnerability? There should not be any news story about this. Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: [xfocus-AD-051115]Multiple antivirus failedto scan malicous filename bypass vulnerability
axo Demonstration here: axo Choose a malicious file which would be detected, such as nc.exe, axo rename the file as nc??.exe (?? =Hex C0 D7 BA DC) axo Because these special names are unable directly to input, so if you axo want to run these file, you should use the following way: axo Uses the MS-DOS name specification, we can operate file with Open、 axo Read、Write、 and duplicate。 That means that if the user clicks on it using explorer.exe or iexplorer.exe the file won't be executed because even Microsoft Windows explorer is unable to parse the file? It will be executed because the if windows is not able to Access the long file name then short file name is used to Access the file in +x or execute mode... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to discover customers of hosting company for
On 11/15/05, pingywon [EMAIL PROTECTED] wrote: http://happyhacker.org/meetus.shtml is this a joke? because it sure is funny. Sadly... no. To the happyhacker AKA unhappyhardonkill this is her version of reality. So while those with a clue see it for the joke it is, there are a few that do not and actually give this charlatan money for nothing more than bullshit ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to discover customers of hosting company for
I smell a lawsuit coming ;-) Nah, that's just the small of old shriveled box. Sorry had to add FD back to this reply but I took out your email info. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Not the real n3td3v
Will the real n3td3v please stand up, please stand up? ... couldn't resist... sorry David ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
