[Full-disclosure] !ADVISORY! # [Thu Mar 16 02:47:12 EST 2006] # DoS Vulnerability in AOL Client Software
!ADVISORY! # [Thu Mar 16 02:47:12 EST 2006] # DoS Vulnerability in AOL Client Software 8===D BACKGROUND This product had no identified background information on this product at hand. 8===D DESCRIPTION Sending a specially crafted malformed packet to the services communication socket can create a loss of service. 8===D WORKAROUND There was no identified workarounds. 8===D CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-771905 to this issue CONTACT Paul S. Brown [EMAIL PROTECTED] CCE CEH CSFA SSP-CNSA SSP-MPA GIPS GHTQ CAP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- | x Thu Mar 16 02:49:11 EST 2006 x | Integer Overflow in AOL Client Software
-ADVISORY- | x Thu Mar 16 02:49:11 EST 2006 x | Integer Overflow in AOL Client Software I. DESCRIPTION AOL Client Software incorrectly parses integer data, and this can be used to execute arbitrary code. II. WORKAROUND There was no identified workarounds regarding the vulnerability at hand. III. VENDOR RESPONSE AOL Client Software is extended no identified commentary about this problem at hand. APPENDIX A VENDOR INFORMATION http://www.aol.com APPENDIX B REFERENCES RFC 6920 CONTACT Sune Kloppenborg Jeppesen [EMAIL PROTECTED] CISSP CSFA ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Advisory] ~ x Thu Mar 16 02:49:27 EST 2006 x ~ Local Privilege Escalation Vulnerability in Microsoft Windows 2000
[Advisory] ~ x Thu Mar 16 02:49:27 EST 2006 x ~ Local Privilege Escalation Vulnerability in Microsoft Windows 2000 8===D Background There had been no identified background commentary about the product at hand. 8===D Description Microsoft Windows 2000 incorrectly validates user input, making privilege escalation possible. 8===D History 2-15-2006 8==D Vendor Notification. 3-16-2006 8==D Public Disclosure. 8===D Workaround There was no identified workarounds for this problem in question. Contact [EMAIL PROTECTED] [EMAIL PROTECTED] 1-888-565-9428 BEWARE THE JIZZTAPO!!! .. _ .' `. /\) / / / / /\ \ \ / \ _ \ \/ /\ \ (/\ \ / \ \ \ \ / \ (Y ) \ \/ /\ \ \ / \ \ \/ / / / / ( Y) CISSP GSAE CEH GREM GIPS CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -Advisory- # -Thu Mar 16 02:49:34 EST 2006- # Directory Transversal in Microsoft Word
-Advisory- # -Thu Mar 16 02:49:34 EST 2006- # Directory Transversal in Microsoft Word 8D~~~ 1. Background 8D~~~ There is no background commentary about the vulnerability. 8D~~~ 2. History 8D~~~ 23-1-2006 - Vendor Notification. 16-3-2006 - Public Disclosure. 8D~~~ 3. CVE Information 8D~~~ The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-419858 to this issue 8D~~~ Appendix A Vendor Information 8D~~~ http://www.microsoft.com 8D~~~ Appendix B References 8D~~~ RFC 5699 8D~~~ Contact 8D~~~ John Goh [EMAIL PROTECTED] CISSP GSAE CEH CSFA SSP-CNSA GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- $ +Thu Mar 16 02:47:23 EST 2006+ $ DoS Vulnerability in ISC INN
-ADVISORY- $ +Thu Mar 16 02:47:23 EST 2006+ $ DoS Vulnerability in ISC INN === I. Background === This problem had no identified background. === II. Description === Sending a specially crafted malformed packet to the services communication socket can create a loss of service. === III. History === 2/2/2006 - Vendor Notification. 1/3/2006 - Vendor Reply. 3/16/2006 - Public Disclosure. === IV. CVE Information === The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-595263 to this issue ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory - [Thu Mar 16 02:47:29 EST 2006] - Local Privilege Escalation Vulnerability in Microsoft Excel
Advisory - [Thu Mar 16 02:47:29 EST 2006] - Local Privilege Escalation Vulnerability in Microsoft Excel 1. Background This vulnerability has no identified background information on the vulnerability. Appendix A Vendor Information http://www.microsoft.com Appendix B References RFC 7094 Contact Micheal Espinola Jr [EMAIL PROTECTED] SSP-CNSA SSP-MPA GWAS CAP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] !ADVISORY! | [Thu Mar 16 02:47:34 EST 2006] | Buffer Overflow in Apple iTunes
!ADVISORY! | [Thu Mar 16 02:47:34 EST 2006] | Buffer Overflow in Apple iTunes I. WORKAROUND This problem has no identified workarounds regarding the problem at hand. II. VENDOR RESPONSE Apple iTunes is presented no commentary. III. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-113139 to this issue CONTACT byte_jump [EMAIL PROTECTED] 1-888-565-9428 CISSP CCE GHTQ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -advisory- + [Thu Mar 16 02:48:22 EST 2006] + DoS Vulnerability in ISC OpenReg
-advisory- + [Thu Mar 16 02:48:22 EST 2006] + DoS Vulnerability in ISC OpenReg == 8===D BACKGROUND == This issue had no background. == 8===D DESCRIPTION == Sending a specially crafted malformed packet to the services communication socket can create a loss of service. == 8===D VENDOR RESPONSE == ISC OpenReg is presented no identified information regarding this issue in question. == 8===D CVE INFORMATION == The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-943578 to this issue == CONTACT == [EMAIL PROTECTED] [EMAIL PROTECTED] CCE CEH GREM GIPS GHTQ GWAS SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] !ADVISORY! % [Thu Mar 16 02:48:34 EST 2006] % Buffer Overflow in Ethereal
!ADVISORY! % [Thu Mar 16 02:48:34 EST 2006] % Buffer Overflow in Ethereal I. Background This problem has no background. II. History 8/1/2006 - Vendor Notification. 15/2/2006 - Vendor Reply. 16/3/2006 - Public Disclosure. III. Workaround This problem has no identified workarounds. Appendix A Vendor Information http://www.ethereal.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] !ADVISORY! + x Thu Mar 16 02:49:51 EST 2006 x + Directory Transversal in Apple MacOSX
!ADVISORY! + x Thu Mar 16 02:49:51 EST 2006 x + Directory Transversal in Apple MacOSX 1. BACKGROUND There has been no background. 2. DESCRIPTION Remote exploitation of a directory traversal vulnerability in Apple MacOSX could allow attackers to overwrite or view arbitrary files with user-supplied contents. 3. VENDOR RESPONSE Apple MacOSX was offered no explanation. APPENDIX A VENDOR INFORMATION http://www.apple.com/macosx/ APPENDIX B REFERENCES RFC 4112 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- # x Thu Mar 16 02:49:57 EST 2006 x # Directory Transversal in Microsoft Word
-ADVISORY- # x Thu Mar 16 02:49:57 EST 2006 x # Directory Transversal in Microsoft Word - 8===D BACKGROUND - There is no background commentary regarding the product at hand. - 8===D DESCRIPTION - Remote exploitation of a directory traversal vulnerability in Microsoft Word could allow attackers to overwrite or view arbitrary files with user-supplied contents. - 8===D WORKAROUND - This issue had no workarounds on the issue at hand. - 8===D VENDOR RESPONSE - Microsoft Word had presented no commentary. - CONTACT - Chris Adams [EMAIL PROTECTED] 1-888-565-9428 BEWARE THE JIZZTAPO!!! .. _ .' `. /\) / / / / /\ \ \ / \ _ \ \/ /\ \ (/\ \ / \ \ \ \ / \ (Y ) \ \/ /\ \ \ / \ \ \/ / / / / ( Y) GSAE CCE CEH CSFA SSP-MPA GHTQ GWAS CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- $ =Thu Mar 16 02:50:42 EST 2006= $ Local Privilege Escalation Vulnerability in Microsoft Word
-ADVISORY- $ =Thu Mar 16 02:50:42 EST 2006= $ Local Privilege Escalation Vulnerability in Microsoft Word [+] Description Microsoft Word incorrectly validates user input, making privilege escalation possible. [+] History 16/1/2006 [+] Vendor Notification. 16/3/2006 [+] Public Disclosure. Contact Nic Werner [EMAIL PROTECTED] CCE CEH CSFA GREM GIPS SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- + -Thu Mar 16 02:50:51 EST 2006- + Integer Overflow in VMware
-ADVISORY- + -Thu Mar 16 02:50:51 EST 2006- + Integer Overflow in VMware o/ å BACKGROUND This vulnerability has no background information on the product in question. å \o DESCRIPTION VMware incorrectly parses integer data, and this can be used to execute arbitrary code. o/ å CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-790568 to this issue CONTACT Bernhard Mueller [EMAIL PROTECTED] CISSP CEH CSFA GREM SSP-CNSA SSP-MPA GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -advisory- - -Thu Mar 16 02:54:19 EST 2006- - DoS Vulnerability in VMware
-advisory- - -Thu Mar 16 02:54:19 EST 2006- - DoS Vulnerability in VMware +++ 8===D BACKGROUND +++ There is no identified background commentary about the problem at hand. +++ 8===D DESCRIPTION +++ Sending a specially crafted malformed packet to the services communication socket can create a loss of service. +++ 8===D HISTORY +++ 8/1/2006 8==D Vendor Notification. 5/2/2006 8==D Vendor Reply. 16/3/2006 8==D Public Disclosure. +++ 8===D CVE INFORMATION +++ The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-816867 to this issue +++ APPENDIX A VENDOR INFORMATION +++ http://www.vmware.com/ +++ APPENDIX B REFERENCES +++ RFC 4713 +++ CONTACT +++ Anthony Aykut [EMAIL PROTECTED] CISSP CCE SSP-MPA GIPS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ADVISORY - =Thu Mar 16 03:00:35 EST 2006= - Off-by-one in Microsoft Excel
ADVISORY - =Thu Mar 16 03:00:35 EST 2006= - Off-by-one in Microsoft Excel 1. Description It is possible to make Microsoft Excel crash by the use of malformed input. 2. History 8-1-2006 - Vendor Notification. 15-2-2006 - Vendor Reply. 16-3-2006 - Public Disclosure. Appendix A Vendor Information http://www.microsoft.com Appendix B References RFC 1864 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] !ADVISORY! | x Thu Mar 16 03:00:40 EST 2006 x | Heap Overflow in Apple iTunes
!ADVISORY! | x Thu Mar 16 03:00:40 EST 2006 x | Heap Overflow in Apple iTunes 8==D~ 8===D BACKGROUND 8==D~ This problem had no background. 8==D~ 8===D DESCRIPTION 8==D~ It is possible to make Apple iTunes crash or run arbitrary code by the use of malformed input. 8==D~ 8===D VENDOR RESPONSE 8==D~ Apple iTunes had extended no explanation on the problem at hand. 8==D~ 8===D CVE INFORMATION 8==D~ The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-258518 to this issue 8==D~ APPENDIX A VENDOR INFORMATION 8==D~ http://www.apple.com/itunes/ 8==D~ CONTACT 8==D~ naveed [EMAIL PROTECTED] GSAE CEH CSFA SSP-CNSA GWAS SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ADVISORY] % [Thu Mar 16 03:00:53 EST 2006] % Heap Overflow in AOL Client Software
[ADVISORY] % [Thu Mar 16 03:00:53 EST 2006] % Heap Overflow in AOL Client Software 8===D~ o/ å DESCRIPTION It is possible to make AOL Client Software crash or run arbitrary code by the use of malformed input. 8===D~ å \o WORKAROUND This problem has no identified workarounds on the issue at hand. 8===D~ CONTACT Eduardo Palma [EMAIL PROTECTED] 1-888-565-9428 CEH GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] !ADVISORY! | [Thu Mar 16 03:01:42 EST 2006] | DoS Vulnerability in Apple MacOSX
!ADVISORY! | [Thu Mar 16 03:01:42 EST 2006] | DoS Vulnerability in Apple MacOSX === 1. Background There had been no identified background information regarding the issue. === 2. Description Sending a specially crafted malformed packet to the services communication socket can create a loss of service. === 3. History 22/1/2006 - Vendor Notification. 26/2/2006 - Vendor Reply. 16/3/2006 - Public Disclosure. === 4. Vendor Response Apple MacOSX is extended no information. === 5. CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-912128 to this issue === Appendix A Vendor Information http://www.apple.com/macosx/ === Appendix B References RFC 6719 === Contact Ripe Md [EMAIL PROTECTED] 1-888-565-9428 CEH CSFA SSP-CNSA CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] !ADVISORY! # -Thu Mar 16 03:08:48 EST 2006- # Heap Overflow in ISC NTP
!ADVISORY! # -Thu Mar 16 03:08:48 EST 2006- # Heap Overflow in ISC NTP -- 1. Description It is possible to make ISC NTP crash or run arbitrary code by the use of malformed input. -- 2. History 27-1-2006 - Vendor Notification. 22-2-2006 - Vendor Reply. 16-3-2006 - Public Disclosure. -- 3. CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-675200 to this issue -- Appendix A Vendor Information http://www.isc.org/index.pl?/sw/ntp/ -- Appendix B References RFC 7559 -- Contact waldo alvarez [EMAIL PROTECTED] 1-888-565-9428 BEWARE THE JIZZTAPO!!! .. _ .' `. /\) / / / / /\ \ \ / \ _ \ \/ /\ \ (/\ \ / \ \ \ \ / \ (Y ) \ \/ /\ \ \ / \ \ \/ / / / / ( Y) GSAE CCE SSP-CNSA GIPS GHTQ SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ADVISORY] * =Thu Mar 16 03:01:54 EST 2006= * Directory Transversal in VMware
[ADVISORY] * =Thu Mar 16 03:01:54 EST 2006= * Directory Transversal in VMware ++ [+] Workaround There has been no workarounds regarding this problem indentified. ++ [+] Vendor Response VMware was offered no identified information. ++ Appendix A Vendor Information http://www.vmware.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- ~ [Thu Mar 16 03:09:47 EST 2006] ~ Local Privilege Escalation Vulnerability in ISC DHCP
-ADVISORY- ~ [Thu Mar 16 03:09:47 EST 2006] ~ Local Privilege Escalation Vulnerability in ISC DHCP ++ o/ å BACKGROUND ++ There has been no background commentary about this issue in question. ++ å \o DESCRIPTION ++ ISC DHCP incorrectly validates user input, making privilege escalation possible. ++ o/ å CVE INFORMATION ++ The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-437287 to this issue ++ CONTACT ++ Marc Maiffret [EMAIL PROTECTED] 1-888-565-9428 CSFA SSP-MPA GHTQ CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- - =Thu Mar 16 03:13:43 EST 2006= - Directory Transversal in Microsoft Windows XP
-ADVISORY- - =Thu Mar 16 03:13:43 EST 2006= - Directory Transversal in Microsoft Windows XP 8D~ 1. BACKGROUND 8D~ There was no background commentary regarding this problem in question. 8D~ 2. HISTORY 8D~ 3/16/2006 - Public Disclosure. 8D~ 3. WORKAROUND 8D~ There was no identified workarounds regarding the problem. 8D~ 4. CVE INFORMATION 8D~ The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-14891 to this issue 8D~ CONTACT 8D~ Disco Jonny [EMAIL PROTECTED] GSAE CSFA GREM GHTQ GWAS CAP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ADVISORY] | +Thu Mar 16 03:18:06 EST 2006+ | Directory Transversal in ISC OpenReg
[ADVISORY] | +Thu Mar 16 03:18:06 EST 2006+ | Directory Transversal in ISC OpenReg ++ 1. BACKGROUND ++ This product had no background. ++ 2. DESCRIPTION ++ Remote exploitation of a directory traversal vulnerability in ISC OpenReg could allow attackers to overwrite or view arbitrary files with user-supplied contents. ++ 3. HISTORY ++ 2-1-2006 - Vendor Notification. 14-2-2006 - Vendor Reply. 16-3-2006 - Public Disclosure. ++ 4. VENDOR RESPONSE ++ ISC OpenReg had extended no commentary. ++ 5. CVE INFORMATION ++ The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-989455 to this issue ++ CONTACT ++ Dave King [EMAIL PROTECTED] CEH CSFA GREM SSP-CNSA SSP-MPA GIPS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -advisory- % +Thu Mar 16 03:20:46 EST 2006+ % Buffer Overflow in Microsoft PowerPoint
-advisory- % +Thu Mar 16 03:20:46 EST 2006+ % Buffer Overflow in Microsoft PowerPoint - 1. BACKGROUND - This product has no identified background. - 2. DESCRIPTION - It is possible to make Microsoft PowerPoint crash or run arbitrary code by the use of malformed input. - 3. CVE INFORMATION - The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-754253 to this issue - APPENDIX A VENDOR INFORMATION - http://www.microsoft.com - CONTACT - Andrew Haninger [EMAIL PROTECTED] 1-888-565-9428 BEWARE THE JIZZTAPO!!! .. _ .' `. /\) / / / / /\ \ \ / \ _ \ \/ /\ \ (/\ \ / \ \ \ \ / \ (Y ) \ \/ /\ \ \ / \ \ \/ / / / / ( Y) GSAE CCE SSP-MPA GIPS GHTQ SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- $ x Thu Mar 16 03:30:09 EST 2006 x $ Off-by-one in Apple iTunes
-ADVISORY- $ x Thu Mar 16 03:30:09 EST 2006 x $ Off-by-one in Apple iTunes 8==D~~ [+] BACKGROUND 8==D~~ This product has no identified background. 8==D~~ [+] DESCRIPTION 8==D~~ It is possible to make Apple iTunes crash by the use of malformed input. 8==D~~ [+] HISTORY 8==D~~ 5-1-2006 [+] Vendor Notification. 17-2-2006 [+] Vendor Reply. 16-3-2006 [+] Public Disclosure. 8==D~~ [+] WORKAROUND 8==D~~ There was no identified workarounds. 8==D~~ [+] VENDOR RESPONSE 8==D~~ Apple iTunes has presented no identified information. 8==D~~ [+] CVE INFORMATION 8==D~~ The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-137848 to this issue 8==D~~ APPENDIX A VENDOR INFORMATION 8==D~~ http://www.apple.com/itunes/ 8==D~~ APPENDIX B REFERENCES 8==D~~ RFC 4231 8==D~~ CONTACT 8==D~~ John Bond [EMAIL PROTECTED] CSFA GREM SSP-CNSA SSP-MPA GWAS CAP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] !ADVISORY! + =Thu Mar 16 03:44:16 EST 2006= + Directory Transversal in Snort
!ADVISORY! + =Thu Mar 16 03:44:16 EST 2006= + Directory Transversal in Snort = 1. History = 13/2/2006 - Vendor Reply. 16/3/2006 - Public Disclosure. = 2. Vendor Response = Snort had extended no explanation regarding this problem indentified. = Contact = h4cky0u [EMAIL PROTECTED] 1-888-565-9428 CISSP GSAE CSFA SSP-CNSA SSP-MPA GIPS GWAS CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -Advisory- - =Thu Mar 16 03:47:35 EST 2006= - Buffer Overflow in Microsoft Office
-Advisory- - =Thu Mar 16 03:47:35 EST 2006= - Buffer Overflow in Microsoft Office + [+] Description + It is possible to make Microsoft Office crash or run arbitrary code by the use of malformed input. + [+] Workaround + This vulnerability has no identified workarounds on the issue at hand. + [+] Vendor Response + Microsoft Office is offered no identified information. + [+] CVE Information + The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-947159 to this issue + Appendix A Vendor Information + http://www.microsoft.com + Contact + nullman [EMAIL PROTECTED] 1-888-565-9428 BEWARE THE JIZZTAPO!!! .. _ .' `. /\) / / / / /\ \ \ / \ _ \ \/ /\ \ (/\ \ / \ \ \ \ / \ (Y ) \ \/ /\ \ \ / \ \ \/ / / / / ( Y) CCE CEH CSFA GREM SSP-MPA GIPS GWAS CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: [VulnWatch] [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 no, but our discoveries are all patched with the same patch, look at the MS advisory closely: http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx Microsoft thanks http://go.microsoft.com/fwlink/?LinkId=21127 the following for working with us to help protect customers: ? Ollie Whitehouse of Symantec http://symantec.com/ for reporting the Microsoft Office Remote Code Execution Using a Malformed Routing Slip Vulnerability - CVE-2006-0009 ? FelicioX mailto:[EMAIL PROTECTED] for working with Microsoft on the Microsoft Office Excel Remote Code Execution Using a Malformed Range Vulnerability ? CVE-2005-4131 ? Peter Winter-Smith of NGS Software http://www.ngssoftware.com/index.htm for reporting similar behavior to the Remote Code Execution with Microsoft Office Excel Vulnerability - - CVE-2005-4131 ? TippingPoint http://www.tippingpoint.com/ and the Zero Day Initiative http://www.zerodayinitiative.com/ for reporting the Microsoft Office Excel Remote Code Execution Using a Malformed File Format Parsing Vulnerability - CVE-2006-0028 ? Dejun of the Fortinet Security Response Team http://www.fortinet.com for reporting the Microsoft Office Excel Remote Code Execution Using a Malformed Description Vulnerability - CVE-2006-0029 ? Eyas of the XFOCUS Security Team http://www.xfocus.org/ for reporting the Microsoft Office Excel Remote Code Execution Using a Malformed Record Vulnerability ? CVE-2006-0031 only FelicioX and NGSS found the same bug ;) Thierry Zoller wrote: Dear XFOCUS Team, Is this the same vuln as discovered by class101 ? http://www.zerodayinitiative.com/advisories/ZDI-06-004.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.1 (MingW32) iD8DBQFEGSZUFJS99fNfR+YRAh9xAJwM9sP9dSlqsn9IsO3czfdj+1sknQCdH/MD Y01obA6+miFI7VGgcYHeOQ0= =KczF -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- # -Thu Mar 16 03:48:11 EST 2006- # DoS Vulnerability in Microsoft Windows XP
-ADVISORY- # -Thu Mar 16 03:48:11 EST 2006- # DoS Vulnerability in Microsoft Windows XP 8===D BACKGROUND This issue had no identified background information about the product indentified. 8===D DESCRIPTION Sending a specially crafted malformed packet to the services communication socket can create a loss of service. 8===D HISTORY 2-6-2006 8==D Vendor Notification. 1-24-2006 8==D Vendor Reply. 3-16-2006 8==D Public Disclosure. CONTACT [EMAIL PROTECTED] [EMAIL PROTECTED] GSAE SSP-MPA GIPS GHTQ GWAS CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Advisory] % [Thu Mar 16 03:49:21 EST 2006] % Local Privilege Escalation Vulnerability in Ethereal
[Advisory] % [Thu Mar 16 03:49:21 EST 2006] % Local Privilege Escalation Vulnerability in Ethereal + [+] BACKGROUND + This problem had no identified background commentary about the product in question. + [+] HISTORY + 1-9-2006 [+] Vendor Reply. 3-16-2006 [+] Public Disclosure. + [+] VENDOR RESPONSE + Ethereal had presented no explanation. + [+] CVE INFORMATION + The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-23204 to this issue ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Filtering Latest Spam Run (radio.toad.com)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 radio.toad.com Er, I meant to say thanks for the tip :) -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRBkpkl/Ie1ANMtLuEQLMGQCgzS0qF/SJRqGzCt3BwjQ/arEZJ/4AoKc4 o+12ImJScumJ4LGqgTbBTtO2 =GVR1 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Filtering Latest Spam Run (radio.toad.com)
Don Bailey wrote: Stop interrupting the spam, I'm trying to read. The spam attacks would never have gotten through if Len Rose were still in charge of FD. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Filtering Latest Spam Run (radio.toad.com)
And I would have never shot hot steamy load of man juice inside you if you were not fucking faggot On Thu, 16 Mar 2006 01:15:32 -0800 Jason Coombs [EMAIL PROTECTED] wrote: Don Bailey wrote: Stop interrupting the spam, I'm trying to read. The spam attacks would never have gotten through if Len Rose were still in charge of FD. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Filtering Latest Spam Run (radio.toad.com)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 or for those with thunderbird and no admin access to the mail administration in menu Tools Message Filters select wich inbox click New name it FD SPAM click Match any of the following instead of selecting Subject, select Customize add yours manually Received select contains add radio.toad.com and select your approriate actions as Delete Message Delete from POP server is good hope it helps Don Bailey wrote: radio.toad.com Stop interrupting the spam, I'm trying to read. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.1 (MingW32) iD8DBQFEGS4KFJS99fNfR+YRAqgZAKCSPQQmGx9FgthZQxriVjJPWsuWEQCfZ1x2 qCu+/I8I2qrx5gb7rMH93XA= =FWA7 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Filtering Latest Spam Run (radio.toad.com)
Matthew Murphy wrote: attack also appears isolated to one host (radio.toad.com) that can be successfully filtered until the admin can make the necessary rule change. Good luck with that. toad.com is John Gilmore's infamous open relay that he's been running out of protest since... forever. http://www.google.com/search?q=john+gilmore+open+relay ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Filtering Latest Spam Run (radio.toad.com)
[EMAIL PROTECTED] wrote: And I would have never shot hot steamy load of man juice inside you if you were not fucking faggot uh huh, and now we know the spam kiddie responsible. I pay by the KB to receive all your junk, so you can expect a lawsuit in the near future. Send your address for service of process, please. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Filtering Latest Spam Run (radio.toad.com)
Address is your daddy home. On Thu, 16 Mar 2006 01:23:51 -0800 Jason Coombs [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: And I would have never shot hot steamy load of man juice inside you if you were not fucking faggot uh huh, and now we know the spam kiddie responsible. I pay by the KB to receive all your junk, so you can expect a lawsuit in the near future. Send your address for service of process, please. Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] HTTP AUTH BASIC monowall
tim-security at sentinelchicken.org wrote: (assuming the admin doesn't notice the cert changes and all that good stuff.) There's your problem. If you assume this, you will always be vulnerable to MitM if the software you're using allows you to communicate anyway. If you're SSH client lets you connect to systems whose keys have changed, same problem. If your VPN client allows it, same problem. This is why I wanted you to think about what you are trusting in the first place. You are trusting your CA and the certificate chain. If you can't do that, then you have no trust. How trustworthy are the CA certificates included in the average browser? There are a couple of dozen CA certificates shipped with my browser. Some of the vendors associated with these CA certificates offer to give me a certificate for my web site in 10 minutes or less for a couple of hundred dollars. This sounds like a really ripe opportunity for social engineering to me. - Brian ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Filtering Latest Spam Run (radio.toad.com)
Jason Coombs wrote: Don Bailey wrote: Stop interrupting the spam, I'm trying to read. The spam attacks would never have gotten through if Len Rose were still in charge of FD. Ahh, yes. Terrorism wouldn't be a problem if Hoover was still in charge of the FBI - right? Give me a break. I'm sure Len likes the criticism, but you are obviously just yet another FD flamer. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200603-11 ] Freeciv: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200603-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Freeciv: Denial of Service Date: March 16, 2006 Bugs: #125304 ID: 200603-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A memory allocation bug in Freeciv allows a remote attacker to perform a Denial of Service attack. Background == Freeciv is an open source turn-based multiplayer strategy game, similar to the famous Civilization series. Affected packages = --- Package / Vulnerable / Unaffected --- 1 games-strategy/freeciv2.0.8 = 2.0.8 Description === Luigi Auriemma discovered that Freeciv could be tricked into the allocation of enormous chunks of memory when trying to uncompress malformed data packages, possibly leading to an out of memory condition which causes Freeciv to crash or freeze. Impact == A remote attacker could exploit this issue to cause a Denial of Service by sending specially crafted data packages to the Freeciv game server. Workaround == Play solo games or restrict your multiplayer games to trusted parties. Resolution == All Freeciv users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =games-strategy/freeciv-2.0.8 References == [ 1 ] CVE-2006-0047 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0047 [ 2 ] Original advisory http://aluigi.altervista.org/adv/freecivdos-adv.txt Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200603-11.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 pgp5RuJIRmwdm.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200603-12 ] zoo: Buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200603-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: zoo: Buffer overflow Date: March 16, 2006 Bugs: #125622 ID: 200603-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow in zoo may be exploited to execute arbitrary when creating archives of specially crafted directories and files. Background == zoo is a file archiving utility for maintaining collections of files, written by Rahul Dhesi. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-arch/zoo 2.10-r2= 2.10-r2 Description === zoo is vulnerable to a new buffer overflow due to insecure use of the strcpy() function when trying to create an archive from certain directories or filenames. Impact == An attacker could exploit this issue by enticing a user to create a zoo archive of specially crafted directories and filenames, possibly leading to the execution of arbitrary code with the rights of the user running zoo. Workaround == There is no known workaround at this time. Resolution == All zoo users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-arch/zoo-2.10-r2 References == [ 1 ] RedHat Bug #183426 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183426 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200603-12.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 pgp4bULeRVrkS.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Filtering Latest Spam Run (radio.toad.com)
On Thu, 16 Mar 2006, [EMAIL PROTECTED] wrote: in menu Tools Message Filters select wich inbox click New name it FD SPAM click Match any of the following instead of selecting Subject, select Customize add yours manually Received select contains add radio.toad.com And any sentient being still accepting mail from Gilmore's open relays desperately needs to have its head(s) examined. -- Dave ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Macromedia Flash play vulnerability
I have seen no mention here of a new vulnerability in Macromedia Flash Player see: http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html Question is, is this really exploitable? Doesn't the Flash player check for updates and download latest - or is it possible to run a malicious SWF against old version of the player? Vince Horan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1003-1] New xpvm packages fix insecure temporary file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1003-1[EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze March 16th, 2006http://www.debian.org/security/faq - -- Package: xpvm Vulnerability : insecure temporary file Problem type : remote Debian-specific: no CVE ID : CAN-2005-2240 Debian Bug : 318285 Eric Romang discoverd that xpvm, a graphical console and monitor for PVM, creates a temporary file that allows local attackers to create or overwrite arbitrary files with the privileges of the user running xpvm. For the old stable distribution (woody) this problem has been fixed in version 1.2.5-7.2woody1. For the stable distribution (sarge) this problem has been fixed in version 1.2.5-7.3sarge1. For the unstable distribution (sid) this problem has been fixed in version 1.2.5-8. We recommend that you upgrade your xpvm package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1.dsc Size/MD5 checksum: 578 e23e82b7f0ff80c89f5d398487e9bae0 http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1.diff.gz Size/MD5 checksum: 6818 9f38fd365ee274cbd6bf4e7a11f2e64f http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5.orig.tar.gz Size/MD5 checksum: 193901 dfdaa0dc8433ab15d6899312c2355e56 Alpha architecture: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_alpha.deb Size/MD5 checksum: 192732 03aa819d7f03740ea88c8c4f62185cbe ARM architecture: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_arm.deb Size/MD5 checksum: 179226 8b369479bb83d81b380e9b9d74def5ec Intel IA-32 architecture: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_i386.deb Size/MD5 checksum: 170050 2bb210c8f0c22a468bfc0e625db6c784 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_ia64.deb Size/MD5 checksum: 231764 e4bc6ee3f41fc8a401d66b8fb81afeb4 HP Precision architecture: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_hppa.deb Size/MD5 checksum: 192568 55fe8f452a97e8ebeb570abb6189762c Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_m68k.deb Size/MD5 checksum: 161240 0acf0fe7d58ec17e7eb2022ab974631e Big endian MIPS architecture: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_mips.deb Size/MD5 checksum: 185354 3b64125f1b9e9d7e0a9cd3e68884bbe4 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_mipsel.deb Size/MD5 checksum: 184380 9cd8290f7a8079e5aacfb72992052c51 PowerPC architecture: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_powerpc.deb Size/MD5 checksum: 177318 e886c63da2ec9c1709f42581fd099580 IBM S/390 architecture: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_s390.deb Size/MD5 checksum: 170366 2d178c7ea0cd7adf104def5ec1ff04e8 Sun Sparc architecture: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_sparc.deb Size/MD5 checksum: 174756 c032fe787399c178a923e18c580eabe6 Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1.dsc Size/MD5 checksum: 583 91a79d771abce0da5a05f39b51db43d6 http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1.diff.gz Size/MD5 checksum: 6879 4f34cd8274c09a525854ae010e41725e http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5.orig.tar.gz Size/MD5 checksum: 193901 dfdaa0dc8433ab15d6899312c2355e56 Alpha architecture: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_alpha.deb Size/MD5 checksum: 192062 dcf8219bac63f15bea7b0b40c0e23f76 AMD64 architecture: http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_amd64.deb Size/MD5
Re: [Full-disclosure] Yahoo recommends you write down account information
I think you people are missing the point entirely. Let me tooth pick it for you since you can't work it out yourself.On http://security.yahoo.com/about_passwords.htmlYahoo say, never write down your password. If you do, make sure its kept in a nuclear bunker.However, on sucessfully creating a new account at http://edit.yahoo.com/config/register the wording says "Yahoo recommends you print out this page" and gives a print out functionality link.You see, they tell you NEVER to write down your PASSWORD on one site and contradict themselves on another by recommending you print out all the information you would need to get a new password.Don't under estimate my intelligence and Valdis, I can't see how you could possibily know t he scope in my mind thought of how a print out might be used in a real life scenario. The issue of printouts isn't a problem for home users as the other poster mentioned, The threat comes more in small business and large corporations. However, I wasn't looking into the serious side of how the print out would be used to actually compromise an account. I was more having some fun with Yahoo Security (and some of those folks I know personally over IM and Email), in the way security professionals at security.yahoo.com say one advice, but then folks who setup the edit.yahoo.com/config/register are saying another. In other words, abreak down in co-ordination at Yahoo between the security team and the folks who look after config/register. Anyway I spoke with someone from security last night and they confirmed it was silly, and it was going to be fixed.See you guys later,n3td3v (not system_outage :P) [EMAIL PROTECTED] wrote:__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: Re: HTTP AUTH BASIC monowall.
Simon Smith wrote: Who ever said I was going to issue a security advisory or warning as you called it? You did. Have you got amnesia or what? ---quote From: Simon Smith [EMAIL PROTECTED] Subject: Re: HTTP AUTH BASIC monowall. Date: Mon, 13 Mar 2006 15:37:03 -0500 Message-ID: [EMAIL PROTECTED] References: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] ---snips So, I guess I've really answered my own question, perhaps I should release some sort of an advisory on all of these products that are using basic auth. ---quote To which my response was, to paraphrase, No, perhaps you should not. Gee, you must have missed the entire thread... who said internet? As the above demonstrates, I seem to have taken in more of it than you have. There's nothing wrong with BASIC AUTH. Aside from the fact that its... um... insecure? You don't seem to get the concept of security. It's not an absolute, all-or-nothing. It's a continuum. It's meaningless to ask whether something is 'secure' or 'not secure' in the abstract. You can ask whether things are more or less secure, against certain threats, under certain assumptions. This applies to absolutely any kind of anything, not just authentication, and not just basic auth. Basic auth is highly secure when deployed correctly in a well-managed LAN. It's a good match to a lot of the problems it is called on to solve. It does not solve, and does not attempt to solve because that is not within its remit, the problems that happen if your entire network infrastructure is already owned from within. Nor does any other sort of authentication protocol. In this, basic is no different from any other. Some auth protocols may offer more or less security against some kinds of compromises or others, but there's no general rule here. Well, you are a good example. You don't write very good emails and you aren't very well aware of the entire email thread now are you? You've already said this, and as I demonstrated, I'm more aware of it than you are. I'll make it a point to not be as silly as you. ;] You've certainly succeeded in not being *as* silly as me. Next time, though, try doing it by being /less/ silly than me! cheers, DaveK AH you are from the UK, you said Cheers! Cheers is/was an American TV show, isn't it? cheers, DaveK -- Can't think of a witty .sigline today ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Re: HTTP AUTH BASIC monowall.
Dave, No shit, maybe I do have amnesia. I had one of those stupid days yesterday anyway and you'd think that I'd know better than to write to FD when I'm like that... but no... I'd rather make myself look like an ass. ;] Dave Korn wrote: Simon Smith wrote: Who ever said I was going to issue a security advisory or warning as you called it? You did. Have you got amnesia or what? ---quote From: Simon Smith [EMAIL PROTECTED] Subject: Re: HTTP AUTH BASIC monowall. Date: Mon, 13 Mar 2006 15:37:03 -0500 Message-ID: [EMAIL PROTECTED] References: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] ---snips So, I guess I've really answered my own question, perhaps I should release some sort of an advisory on all of these products that are using basic auth. ---quote To which my response was, to paraphrase, No, perhaps you should not. Gee, you must have missed the entire thread... who said internet? As the above demonstrates, I seem to have taken in more of it than you have. There's nothing wrong with BASIC AUTH. Aside from the fact that its... um... insecure? You don't seem to get the concept of security. It's not an absolute, all-or-nothing. It's a continuum. It's meaningless to ask whether something is 'secure' or 'not secure' in the abstract. You can ask whether things are more or less secure, against certain threats, under certain assumptions. This applies to absolutely any kind of anything, not just authentication, and not just basic auth. Basic auth is highly secure when deployed correctly in a well-managed LAN. It's a good match to a lot of the problems it is called on to solve. It does not solve, and does not attempt to solve because that is not within its remit, the problems that happen if your entire network infrastructure is already owned from within. Nor does any other sort of authentication protocol. In this, basic is no different from any other. Some auth protocols may offer more or less security against some kinds of compromises or others, but there's no general rule here. Well, you are a good example. You don't write very good emails and you aren't very well aware of the entire email thread now are you? You've already said this, and as I demonstrated, I'm more aware of it than you are. I'll make it a point to not be as silly as you. ;] You've certainly succeeded in not being *as* silly as me. Next time, though, try doing it by being /less/ silly than me! cheers, DaveK AH you are from the UK, you said Cheers! Cheers is/was an American TV show, isn't it? cheers, DaveK N -- Regards, Adriel T. Desautels Harvard Security Group http://www.harvardsecuritygroup.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HTTP AUTH BASIC monowall.
Alright, First off, I apologize for being such a dumb fuck yesterday, I was having a bad day and a stupid day. So go ahead and flame me, tell me what you like, I'm horribly sorry... I beg for forgiveness and ask for mercy. ;] I understand that SSL is the industry accepted standard for protecting sensitive data in transit with respect to web applications and other applications. In conjunction, I understand that firewall administrators will most probably catch certificate warnings and identify bunk certs. I understand that if the SSL pipe is compromised there will be much larger issues than just simple authentication. I'm not contesting anything that anyone is saying here at all, but I am still not getting any ideas or theories on what I am looking for. Encoding a username and password combination using base64 is not secure, but, I understand why it is encoded in base64. Having said that, I am trying to discover/create an alternate method for authentication that is secure even if the SSL pipe is compromised. I liked the idea of creating a secondary tunnel within the initial SSL tunnel but I am not certain that it would be the best way to do it. This concern came about initially because I was sniffing a LAN and I noticed a lot of clear text http communications. Within those communications was the basic authentication header. When I decoded the auth string I successfully logged into the system receiving the packets. Very quickly I found that I was connected to a centralized IT management system that allowed me to control any other computer on the network. Not only that, but it also allowed me to record emails, key strokes, install software, remove software, etc. I took the liberty of hardening the system by implementing SSL internally. That really didn't do much for the security of the system though. I had one of my co-workers attempt a Man in the Middle attack, and he did it successfully. Sure enough, once the SSL session was had the encoded string could be decoded and access to the main console could be gained. My concern isn't firewall management. My concern isn't with SSL going over the Internet. My concern is more with SSL on a LAN and that this IT tool and other similar tools can be compromised easily once a LAN is penetrated. Providing an extra layer of security within the SSL tunnel would help to prevent this tool and others like it from being compromised so easily. My first thought was on how to harden the authentication because the basic auth didn't cut it for me. Thats what I am looking for ideas for. Andrew Simmons wrote: Simon Smith wrote: Ok, so what's your alternative? [...] Some form of challenge response? If you can already perform a man in the middle attack, than challenge response is just as vulnerable. Just connect to the server when the client hits you, and pass them the challenge you recieved. Use the credential yourself, and pass them a failure. When they try again, connect them to the server. You're right again. Does everyone here think that the majority of companies hire security aware people? We're not talking about general staff, we're talking about your firewall admin. If your firewall admin doesn't care about security you've got much bigger problems. Which appears to be the case... \a -- Regards, Adriel T. Desautels Harvard Security Group http://www.harvardsecuritygroup.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HTTP AUTH BASIC monowall.
At the risk of being flamed, I'll chime in with this since I don't think it's been mentioned as an alternative: How about SecurID one-time passwords? Ride the HTTP Auth on SSL which hides it all, and a Malcolm in the Middle attack just gets username/PIN and a one-time password (MitM gives ability to DoS lockout your account). -Mark Coleman gboyce wrote: Ok, so what's your alternative? You're already assuming that the user of the firewall is already misusing SSL. They need to blindly accept unsigned SSL certificates, and changes to the certificates. Just about any security restrictions you can apply can be done away with if the user is incompetant enough. Some form of challenge response? If you can already perform a man in the middle attack, than challenge response is just as vulnerable. Just connect to the server when the client hits you, and pass them the challenge you recieved. Use the credential yourself, and pass them a failure. When they try again, connect them to the server. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HTTP AUTH BASIC monowall.
First off, I think 3 days spent on this topic is sufficient -- epically since you fail to grasp some of the more basic concepts which underly the OSI model. Encoding a username and password combination using base64 is not secure, but, I understand why it is encoded in base64. Having said that, I am trying to discover/create an alternate method for authentication that is secure even if the SSL pipe is compromised. I liked the idea of creating a secondary tunnel within the initial SSL tunnel but I am not certain that it would be the best way to do it. Basic Auth via SSL is secure. I could use ROT-13 encoding inside SSL, and it'd still be 128 bit encryption over the pipe. What matters here is not how the password is encoded for transmission, but HOW it's transmitted (in this case, via a SSL session). This concern came about initially because I was sniffing a LAN and I noticed a lot of clear text http communications. Within those communications was the basic authentication header. When I decoded the auth string I successfully logged into the system receiving the packets. Very quickly I found that I was connected to a centralized IT management system that allowed me to control any other computer on the network. Not only that, but it also allowed me to record emails, key strokes, install software, remove software, etc. Duh. If I can sniff a network, I can do all sorts of stuff. Welcome to the world of tcpdump, ethereal, and promiscious capture. I took the liberty of hardening the system by implementing SSL internally. That really didn't do much for the security of the system though. I had one of my co-workers attempt a Man in the Middle attack, and he did it successfully. Sure enough, once the SSL session was had the encoded string could be decoded and access to the main console could be gained. Then he tricked you into accepting the bogus certificate. Shame on you. My concern isn't firewall management. My concern isn't with SSL going over the Internet. My concern is more with SSL on a LAN and that this IT tool and other similar tools can be compromised easily once a LAN is penetrated. Providing an extra layer of security within the SSL tunnel would help to prevent this tool and others like it from being compromised so easily. My first thought was on how to harden the authentication because the basic auth didn't cut it for me. Thats what I am looking for ideas for. Good grief .. if you're that worried about it, use client-side certificates (with a password). If you're even MORE worried, put that certificate on a hardware token that protects the key in hardware. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HTTP AUTH BASIC monowall.
Mark, Thats a good alternative. I'll add that to my list of options. Thanks! Mark Coleman wrote: At the risk of being flamed, I'll chime in with this since I don't think it's been mentioned as an alternative: How about SecurID one-time passwords? Ride the HTTP Auth on SSL which hides it all, and a Malcolm in the Middle attack just gets username/PIN and a one-time password (MitM gives ability to DoS lockout your account). -Mark Coleman gboyce wrote: Ok, so what's your alternative? You're already assuming that the user of the firewall is already misusing SSL. They need to blindly accept unsigned SSL certificates, and changes to the certificates. Just about any security restrictions you can apply can be done away with if the user is incompetant enough. Some form of challenge response? If you can already perform a man in the middle attack, than challenge response is just as vulnerable. Just connect to the server when the client hits you, and pass them the challenge you recieved. Use the credential yourself, and pass them a failure. When they try again, connect them to the server. -- Regards, Jackass ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HTTP AUTH BASIC monowall.
Mike, Flames like yours are useless. If you do not know how to answer the question that I am asking, then just be quiet. Mark Coleman is one of the few people that seems to have understood my question and provided me with a viable solution. Again, thanks Mark! Michael Holstein wrote: First off, I think 3 days spent on this topic is sufficient -- epically since you fail to grasp some of the more basic concepts which underly the OSI model. Encoding a username and password combination using base64 is not secure, but, I understand why it is encoded in base64. Having said that, I am trying to discover/create an alternate method for authentication that is secure even if the SSL pipe is compromised. I liked the idea of creating a secondary tunnel within the initial SSL tunnel but I am not certain that it would be the best way to do it. Basic Auth via SSL is secure. I could use ROT-13 encoding inside SSL, and it'd still be 128 bit encryption over the pipe. What matters here is not how the password is encoded for transmission, but HOW it's transmitted (in this case, via a SSL session). This concern came about initially because I was sniffing a LAN and I noticed a lot of clear text http communications. Within those communications was the basic authentication header. When I decoded the auth string I successfully logged into the system receiving the packets. Very quickly I found that I was connected to a centralized IT management system that allowed me to control any other computer on the network. Not only that, but it also allowed me to record emails, key strokes, install software, remove software, etc. Duh. If I can sniff a network, I can do all sorts of stuff. Welcome to the world of tcpdump, ethereal, and promiscious capture. I took the liberty of hardening the system by implementing SSL internally. That really didn't do much for the security of the system though. I had one of my co-workers attempt a Man in the Middle attack, and he did it successfully. Sure enough, once the SSL session was had the encoded string could be decoded and access to the main console could be gained. Then he tricked you into accepting the bogus certificate. Shame on you. My concern isn't firewall management. My concern isn't with SSL going over the Internet. My concern is more with SSL on a LAN and that this IT tool and other similar tools can be compromised easily once a LAN is penetrated. Providing an extra layer of security within the SSL tunnel would help to prevent this tool and others like it from being compromised so easily. My first thought was on how to harden the authentication because the basic auth didn't cut it for me. Thats what I am looking for ideas for. Good grief .. if you're that worried about it, use client-side certificates (with a password). If you're even MORE worried, put that certificate on a hardware token that protects the key in hardware. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Regards, Jackass ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
It seems that this case has the name Dotless IP Address Security Issue and KB article #168617 http://support.microsoft.com/?kbid=168617 describes it even in IE4. Correct if I'm wrong. - Juha-Matti IIRC, Microsoft changed that as one of the security updates to IE. For a time, it was a popular phishing trick. I also remember there was a way to do that (or something similar) to bypass the security zones in IE and make it think it was a trusted site, but can't find that reference at hand. The rest of windows will still do it though. Try ping 2887060730 or telnet 2887060730 80. ~Mike. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability fixed in E-gold
On Thu, Mar 16, 2006 at 01:17:49AM +0300, 3APA3A wrote: 3. Vendor gave permission to publish vulnerability information. wtf is this? who cares if v3nd0r gives permission or not? irresponsible v3nd0r tries to rob hard working responsible exploit writer? -- where do you want bill gates to go today? junk ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HTTP AUTH BASIC monowall.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Simon! On Thu, 16 Mar 2006, Simon Smith wrote: Encoding a username and password combination using base64 is not secure, but, I understand why it is encoded in base64. Having said that, I am trying to discover/create an alternate method for authentication that is secure even if the SSL pipe is compromised. If you do not like HTTP AUTH in SSL then why not just step up to HTTP AUTH DIGEST? http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.1 (GNU/Linux) iD8DBQFEGZvp8KZibdeR3qURAu3+AKD3GWCYBGSSKTDPtrEyWFXsb4AnvACgoPbS Zosdi9zPVZO25tsl8nGsRkM= =8/g1 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HTTP AUTH BASIC monowall
On Wed, 15 Mar 2006 15:14:47 EST, Brian Eaton said: tim-security at sentinelchicken.org wrote: How trustworthy are the CA certificates included in the average browser? There are a couple of dozen CA certificates shipped with my browser. Some of the vendors associated with these CA certificates offer to give me a certificate for my web site in 10 minutes or less for a couple of hundred dollars. This sounds like a really ripe opportunity for social engineering to me. Been there, done that already. There was a phishing run a while ago, the guys even had a functional SSL cert for www.mountain-america.net (the actual bank was mntamerica.net or something like that..) Only real solution there is to get a good grip on what a CA is actually certifying, which is a certain (usually very minimal) level of *authentication*. They're certifying that somebody convinced them that the cert was for who they claimed it was for. That's it. Anybody who attaches any *other* meaning to it is making a big mistake. In particular, authorization is totally out-of-scope here You are now talking to the site that one of the CAs you trust thinks belongs to Frobozz, Inc.. If you don't trust that CA's judgment, you better heave their root cert overboard... pgpyUf62onYBR.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Yahoo recommends you write down account information
On Thu, 16 Mar 2006 06:21:14 PST, n3td3v group said: The issue of printouts isn't a problem for home users as the other poster mentioned, The threat comes more in small business and large corporations. Actually, the issue of printouts *is* a problem for home users - dumpster diving is a major source of identity theft. The single biggest leakage is all those credit card applications you turned down, just due to the sheer volume. However, if the diver can score a printout from your online banking, they're probably golden, because then they have name, address, and probably account number all right there. pgpiqlanzZMTg.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] !ADVISORY! + +Thu Mar 16 13:23:16 EST 2006+ + Integer Overflow in Snort
!ADVISORY! + +Thu Mar 16 13:23:16 EST 2006+ + Integer Overflow in Snort == I. BACKGROUND There has had been no background. == II. WORKAROUND This advisory had no identified workarounds on this issue. == APPENDIX A VENDOR INFORMATION http://www.snort.org/ == APPENDIX B REFERENCES RFC 8484 == CONTACT Exibar [EMAIL PROTECTED] CISSP GSAE CSFA SSP-CNSA SSP-MPA GHTQ SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- % =Thu Mar 16 13:23:37 EST 2006= % Buffer Overflow in Microsoft Access
-ADVISORY- % =Thu Mar 16 13:23:37 EST 2006= % Buffer Overflow in Microsoft Access 8===D CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-172087 to this issue Contact Chris Umphress [EMAIL PROTECTED] 1-888-565-9428 BEWARE THE JIZZTAPO!!! .. _ .' `. /\) / / / / /\ \ \ / \ _ \ \/ /\ \ (/\ \ / \ \ \ \ / \ (Y ) \ \/ /\ \ \ / \ \ \/ / / / / ( Y) GSAE CCE GREM SSP-CNSA SSP-MPA GWAS CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -advisory- $ -Thu Mar 16 13:26:19 EST 2006- $ Local Privilege Escalation Vulnerability in Microsoft Excel
-advisory- $ -Thu Mar 16 13:26:19 EST 2006- $ Local Privilege Escalation Vulnerability in Microsoft Excel + 1. BACKGROUND This issue had no identified background. + 2. WORKAROUND This problem has no workarounds on the vulnerability. + 3. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-533731 to this issue + APPENDIX A VENDOR INFORMATION http://www.microsoft.com + APPENDIX B REFERENCES RFC 5609 + CONTACT Technica Forensis [EMAIL PROTECTED] CEH CSFA SSP-CNSA GIPS GHTQ GWAS SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- ~ x Thu Mar 16 13:26:26 EST 2006 x ~ Directory Transversal in Microsoft Excel
-ADVISORY- ~ x Thu Mar 16 13:26:26 EST 2006 x ~ Directory Transversal in Microsoft Excel o/ å BACKGROUND There was no background commentary about the issue. å \o WORKAROUND There has been no identified workarounds. o/ å CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-596192 to this issue APPENDIX A VENDOR INFORMATION http://www.microsoft.com APPENDIX B REFERENCES RFC 6768 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- * +Thu Mar 16 13:27:06 EST 2006+ * DoS Vulnerability in VMware
-ADVISORY- * +Thu Mar 16 13:27:06 EST 2006+ * DoS Vulnerability in VMware 1. Background There was no background. 2. History 0/2/2006 - Vendor Reply. 16/3/2006 - Public Disclosure. 3. Workaround This problem had no workarounds for this issue in question. 4. Vendor Response VMware is presented no information. 5. CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-162700 to this issue Contact Devdas Bhagat [EMAIL PROTECTED] 1-888-565-9428 BEWARE THE JIZZTAPO!!! .. _ .' `. /\) / / / / /\ \ \ / \ _ \ \/ /\ \ (/\ \ / \ \ \ \ / \ (Y ) \ \/ /\ \ \ / \ \ \/ / / / / ( Y) CISSP CCE CEH GHTQ SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -Advisory- % x Thu Mar 16 13:27:25 EST 2006 x % Heap Overflow in ISC DHCP
-Advisory- % x Thu Mar 16 13:27:25 EST 2006 x % Heap Overflow in ISC DHCP === I. Workaround === This issue had no workarounds regarding the vulnerability at hand. === II. CVE Information === The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-557111 to this issue === Contact === Dowling, Gabrielle [EMAIL PROTECTED] CISSP CCE CSFA SSP-CNSA CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] !ADVISORY! | +Thu Mar 16 13:28:55 EST 2006+ | Buffer Overflow in Microsoft Office
!ADVISORY! | +Thu Mar 16 13:28:55 EST 2006+ | Buffer Overflow in Microsoft Office 8D~~ 8===D VENDOR RESPONSE 8D~~ Microsoft Office was presented no identified explanation. 8D~~ 8===D CVE INFORMATION 8D~~ The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-396560 to this issue 8D~~ APPENDIX A VENDOR INFORMATION 8D~~ http://www.microsoft.com 8D~~ APPENDIX B REFERENCES 8D~~ RFC 8812 8D~~ CONTACT 8D~~ ascii [EMAIL PROTECTED] 1-888-565-9428 CISSP CCE GIPS GHTQ GWAS CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory - [Thu Mar 16 13:29:19 EST 2006] - Off-by-one in Microsoft Windows 2000
Advisory - [Thu Mar 16 13:29:19 EST 2006] - Off-by-one in Microsoft Windows 2000 - 1. BACKGROUND This product has no background commentary about the issue at hand. - 2. DESCRIPTION It is possible to make Microsoft Windows 2000 crash by the use of malformed input. - 3. HISTORY 1-1-2006 - Vendor Notification. 16-3-2006 - Public Disclosure. - 4. VENDOR RESPONSE Microsoft Windows 2000 has had extended no commentary. - 5. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-852970 to this issue - CONTACT Randall M [EMAIL PROTECTED] 1-888-565-9428 CISSP CCE CEH SSP-MPA GIPS GHTQ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Advisory] $ =Thu Mar 16 13:30:03 EST 2006= $ Directory Transversal in Microsoft PowerPoint
[Advisory] $ =Thu Mar 16 13:30:03 EST 2006= $ Directory Transversal in Microsoft PowerPoint == [+] BACKGROUND There is no background. == [+] DESCRIPTION Remote exploitation of a directory traversal vulnerability in Microsoft PowerPoint could allow attackers to overwrite or view arbitrary files with user-supplied contents. == [+] HISTORY 2/25/2006 [+] Vendor Notification. 3/16/2006 [+] Public Disclosure. == [+] WORKAROUND There had been no workarounds. == [+] VENDOR RESPONSE Microsoft PowerPoint had offered no identified information about this issue. == [+] CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-66324 to this issue ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ADVISORY] ~ [Thu Mar 16 13:30:20 EST 2006] ~ Directory Transversal in Microsoft Windows XP
[ADVISORY] ~ [Thu Mar 16 13:30:20 EST 2006] ~ Directory Transversal in Microsoft Windows XP 1. DESCRIPTION Remote exploitation of a directory traversal vulnerability in Microsoft Windows XP could allow attackers to overwrite or view arbitrary files with user-supplied contents. 2. HISTORY 2-24-2006 - Vendor Notification. 3-16-2006 - Public Disclosure. 3. WORKAROUND This problem had no workarounds. CONTACT Horatiu Bandoiu [EMAIL PROTECTED] 1-888-565-9428 BEWARE THE JIZZTAPO!!! .. _ .' `. /\) / / / / /\ \ \ / \ _ \ \/ /\ \ (/\ \ / \ \ \ \ / \ (Y ) \ \/ /\ \ \ / \ \ \/ / / / / ( Y) CISSP CCE CSFA SSP-MPA GHTQ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] !ADVISORY! - x Thu Mar 16 13:30:36 EST 2006 x - DoS Vulnerability in ISC DHCP
!ADVISORY! - x Thu Mar 16 13:30:36 EST 2006 x - DoS Vulnerability in ISC DHCP -- o/ å BACKGROUND -- This vulnerability has no identified background commentary on this problem at hand. -- å \o VENDOR RESPONSE -- ISC DHCP had offered no explanation about the vulnerability at hand. -- APPENDIX A VENDOR INFORMATION -- http://www.isc.org/index.pl?/sw/dhcp/ -- CONTACT -- Jason Coombs [EMAIL PROTECTED] CCE CEH GIPS GHTQ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] !ADVISORY! | =Thu Mar 16 13:29:35 EST 2006= | Heap Overflow in VMware
!ADVISORY! | =Thu Mar 16 13:29:35 EST 2006= | Heap Overflow in VMware [+] DESCRIPTION It is possible to make VMware crash or run arbitrary code by the use of malformed input. [+] WORKAROUND This problem had no identified workarounds. [+] VENDOR RESPONSE VMware had offered no identified commentary on the issue at hand. CONTACT Michael Hale [EMAIL PROTECTED] 1-888-565-9428 BEWARE THE JIZZTAPO!!! .. _ .' `. /\) / / / / /\ \ \ / \ _ \ \/ /\ \ (/\ \ / \ \ \ \ / \ (Y ) \ \/ /\ \ \ / \ \ \/ / / / / ( Y) CISSP GSAE CSFA GREM GIPS GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory | =Thu Mar 16 13:29:46 EST 2006= | Local Privilege Escalation Vulnerability in AOL Client Software
Advisory | =Thu Mar 16 13:29:46 EST 2006= | Local Privilege Escalation Vulnerability in AOL Client Software 1. HISTORY 2-14-2006 - Vendor Notification. 3-16-2006 - Public Disclosure. 2. VENDOR RESPONSE AOL Client Software has offered no commentary. 3. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-538369 to this issue APPENDIX A VENDOR INFORMATION http://www.aol.com APPENDIX B REFERENCES RFC 5656 CONTACT [EMAIL PROTECTED] [EMAIL PROTECTED] GSAE CEH SSP-MPA GWAS CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Advisory] | =Thu Mar 16 13:31:18 EST 2006= | DoS Vulnerability in AOL Client Software
[Advisory] | =Thu Mar 16 13:31:18 EST 2006= | DoS Vulnerability in AOL Client Software o/ å HISTORY 27-1-2006 o/ Vendor Notification. 24-2-2006 o/ Vendor Reply. 16-3-2006 o/ Public Disclosure. å \o VENDOR RESPONSE AOL Client Software has presented no information on this vulnerability in question. o/ å CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-648225 to this issue ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory - =Thu Mar 16 13:31:54 EST 2006= - Directory Transversal in ISC BIND
Advisory - =Thu Mar 16 13:31:54 EST 2006= - Directory Transversal in ISC BIND I. HISTORY 3/16/2006 - Public Disclosure. II. WORKAROUND This advisory has no workarounds for the vulnerability at hand. III. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-729412 to this issue ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Advisory] * [Thu Mar 16 13:32:05 EST 2006] * Directory Transversal in Ethereal
[Advisory] * [Thu Mar 16 13:32:05 EST 2006] * Directory Transversal in Ethereal o/ å CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-237363 to this issue APPENDIX A VENDOR INFORMATION http://www.ethereal.com/ APPENDIX B REFERENCES RFC 1510 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -Advisory- # +Thu Mar 16 13:34:39 EST 2006+ # DoS Vulnerability in ISC INN
-Advisory- # +Thu Mar 16 13:34:39 EST 2006+ # DoS Vulnerability in ISC INN = Contact = Ty Bodell [EMAIL PROTECTED] 1-888-565-9428 BEWARE THE JIZZTAPO!!! .. _ .' `. /\) / / / / /\ \ \ / \ _ \ \/ /\ \ (/\ \ / \ \ \ \ / \ (Y ) \ \/ /\ \ \ / \ \ \/ / / / / ( Y) CISSP GSAE CEH GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory $ x Thu Mar 16 13:35:11 EST 2006 x $ Buffer Overflow in Microsoft Office
Advisory $ x Thu Mar 16 13:35:11 EST 2006 x $ Buffer Overflow in Microsoft Office ++ [+] Description ++ It is possible to make Microsoft Office crash or run arbitrary code by the use of malformed input. ++ [+] Workaround ++ There was no workarounds. ++ Contact ++ Andres Tarasco [EMAIL PROTECTED] CISSP GSAE CSFA GREM SSP-MPA GHTQ GWAS SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -Advisory- ~ x Thu Mar 16 13:35:18 EST 2006 x ~ Directory Transversal in ISC NTP
-Advisory- ~ x Thu Mar 16 13:35:18 EST 2006 x ~ Directory Transversal in ISC NTP o/ å Background This product had no background commentary on this product in question. å \o History 26-1-2006 o/ Vendor Notification. 16-3-2006 o/ Public Disclosure. o/ å Workaround This problem had no identified workarounds. å \o Vendor Response ISC NTP has extended no explanation. Contact Ray P [EMAIL PROTECTED] CCE CSFA GREM SSP-CNSA GHTQ GWAS CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ADVISORY] | =Thu Mar 16 13:35:25 EST 2006= | Off-by-one in Microsoft Word
[ADVISORY] | =Thu Mar 16 13:35:25 EST 2006= | Off-by-one in Microsoft Word [+] Background There was no identified background. [+] History 29-1-2006 [+] Vendor Notification. 8-2-2006 [+] Vendor Reply. 16-3-2006 [+] Public Disclosure. [+] Vendor Response Microsoft Word has presented no explanation. Appendix A Vendor Information http://www.microsoft.com Appendix B References RFC 3763 Contact nodialtone [EMAIL PROTECTED] 1-888-565-9428 BEWARE THE JIZZTAPO!!! .. _ .' `. /\) / / / / /\ \ \ / \ _ \ \/ /\ \ (/\ \ / \ \ \ \ / \ (Y ) \ \/ /\ \ \ / \ \ \/ / / / / ( Y) GSAE CCE CEH CSFA SSP-CNSA SSP-MPA CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] !ADVISORY! % x Thu Mar 16 13:32:15 EST 2006 x % Directory Transversal in ISC BIND
!ADVISORY! % x Thu Mar 16 13:32:15 EST 2006 x % Directory Transversal in ISC BIND APPENDIX A VENDOR INFORMATION http://www.isc.org/index.pl?/sw/bind/ APPENDIX B REFERENCES RFC 1593 CONTACT Jei [EMAIL PROTECTED] GSAE CCE CEH CSFA GREM SSP-CNSA GIPS GHTQ GWAS CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] -ADVISORY- % =Thu Mar 16 13:23:37 EST 2006= % Buffer Overflow in Microsoft Access
Hi, oh. more of this crap. let me guess...another open relay. its like 1994 all over again. could the owner of 85-31-186-26.blue.kundencontroller.de - aka unixgu.ru sort out their system? ESMTP Sendmail 8.13.4 isnt too difficult to manage as a 'guru' ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory % =Thu Mar 16 13:35:36 EST 2006= % Local Privilege Escalation Vulnerability in ISC INN
Advisory % =Thu Mar 16 13:35:36 EST 2006= % Local Privilege Escalation Vulnerability in ISC INN I. Background This product had no identified background information regarding the vulnerability indentified. II. Description ISC INN incorrectly validates user input, making privilege escalation possible. III. Workaround There are no workarounds. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -Advisory- - [Thu Mar 16 13:35:44 EST 2006] - Off-by-one in ISC INN
-Advisory- - [Thu Mar 16 13:35:44 EST 2006] - Off-by-one in ISC INN 8==D~~ o/ å DESCRIPTION 8==D~~ It is possible to make ISC INN crash by the use of malformed input. 8==D~~ å \o HISTORY 8==D~~ 1-26-2006 o/ Vendor Reply. 3-16-2006 o/ Public Disclosure. 8==D~~ o/ å WORKAROUND 8==D~~ There was no identified workarounds. 8==D~~ å \o CVE INFORMATION 8==D~~ The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-447942 to this issue 8==D~~ APPENDIX A VENDOR INFORMATION 8==D~~ http://www.isc.org/index.pl?/sw/inn/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Advisory] $ +Thu Mar 16 13:35:57 EST 2006+ $ Directory Transversal in Microsoft Windows 2003
[Advisory] $ +Thu Mar 16 13:35:57 EST 2006+ $ Directory Transversal in Microsoft Windows 2003 === [+] BACKGROUND === There has had been no background commentary about the product at hand. === [+] DESCRIPTION === Remote exploitation of a directory traversal vulnerability in Microsoft Windows 2003 could allow attackers to overwrite or view arbitrary files with user-supplied contents. === [+] HISTORY === 0/1/2006 [+] Vendor Notification. 26/2/2006 [+] Vendor Reply. 16/3/2006 [+] Public Disclosure. === [+] WORKAROUND === This advisory had no identified workarounds. === [+] VENDOR RESPONSE === Microsoft Windows 2003 has offered no commentary about this problem indentified. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ADVISORY] | -Thu Mar 16 13:37:09 EST 2006- | Directory Transversal in ISC INN
[ADVISORY] | -Thu Mar 16 13:37:09 EST 2006- | Directory Transversal in ISC INN === 1. Background === There has had been no background commentary on this problem indentified. === 2. Description === Remote exploitation of a directory traversal vulnerability in ISC INN could allow attackers to overwrite or view arbitrary files with user-supplied contents. === 3. History === 2-26-2006 - Vendor Notification. 1-15-2006 - Vendor Reply. 3-16-2006 - Public Disclosure. === 4. Workaround === This vulnerability has no identified workarounds. === 5. CVE Information === The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-665571 to this issue === Appendix A Vendor Information === http://www.isc.org/index.pl?/sw/inn/ === Appendix B References === RFC 1100 === Contact === Ray P [EMAIL PROTECTED] 1-888-565-9428 GSAE GREM SSP-CNSA SSP-MPA GIPS GHTQ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- * +Thu Mar 16 13:37:44 EST 2006+ * Directory Transversal in Apple iTunes
-ADVISORY- * +Thu Mar 16 13:37:44 EST 2006+ * Directory Transversal in Apple iTunes 8==D~~~ 1. Background 8==D~~~ This issue had no background. 8==D~~~ 2. Description 8==D~~~ Remote exploitation of a directory traversal vulnerability in Apple iTunes could allow attackers to overwrite or view arbitrary files with user-supplied contents. 8==D~~~ 3. Vendor Response 8==D~~~ Apple iTunes has extended no identified information regarding this issue at hand. 8==D~~~ Appendix A Vendor Information 8==D~~~ http://www.apple.com/itunes/ 8==D~~~ Appendix B References 8==D~~~ RFC 6496 8==D~~~ Contact 8==D~~~ James Patterson Wicks [EMAIL PROTECTED] 1-888-565-9428 GSAE CCE CEH SSP-MPA GIPS GHTQ GWAS SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Advisory] | [Thu Mar 16 13:38:05 EST 2006] | Off-by-one in ISC DHCP
[Advisory] | [Thu Mar 16 13:38:05 EST 2006] | Off-by-one in ISC DHCP 1. DESCRIPTION It is possible to make ISC DHCP crash by the use of malformed input. 2. WORKAROUND This advisory has no workarounds regarding the vulnerability. 3. VENDOR RESPONSE ISC DHCP had extended no explanation regarding this issue. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- ~ =Thu Mar 16 13:39:26 EST 2006= ~ Heap Overflow in Apple MacOSX
-ADVISORY- ~ =Thu Mar 16 13:39:26 EST 2006= ~ Heap Overflow in Apple MacOSX 8D I. DESCRIPTION It is possible to make Apple MacOSX crash or run arbitrary code by the use of malformed input. 8D II. VENDOR RESPONSE Apple MacOSX has presented no information on the problem indentified. 8D III. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-295259 to this issue 8D APPENDIX A VENDOR INFORMATION http://www.apple.com/macosx/ 8D CONTACT Chris Umphress [EMAIL PROTECTED] 1-888-565-9428 BEWARE THE JIZZTAPO!!! .. _ .' `. /\) / / / / /\ \ \ / \ _ \ \/ /\ \ (/\ \ / \ \ \ \ / \ (Y ) \ \/ /\ \ \ / \ \ \/ / / / / ( Y) GREM GHTQ GWAS SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory - =Thu Mar 16 13:39:35 EST 2006= - Buffer Overflow in Dantz Retrospect
Advisory - =Thu Mar 16 13:39:35 EST 2006= - Buffer Overflow in Dantz Retrospect 1. Description It is possible to make Dantz Retrospect crash or run arbitrary code by the use of malformed input. 2. Vendor Response Dantz Retrospect has offered no information on the problem indentified. 3. CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-21362 to this issue Appendix A Vendor Information http://www.dantz.com Appendix B References RFC 5455 Contact ggfirst [EMAIL PROTECTED] 1-888-565-9428 CISSP GSAE CCE CEH CSFA SSP-CNSA SSP-MPA GIPS GHTQ GWAS CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -advisory- $ -Thu Mar 16 13:39:46 EST 2006- $ Off-by-one in ISC NTP
-advisory- $ -Thu Mar 16 13:39:46 EST 2006- $ Off-by-one in ISC NTP --- o/ å Description --- It is possible to make ISC NTP crash by the use of malformed input. --- å \o History --- 27-1-2006 o/ Vendor Notification. 29-2-2006 o/ Vendor Reply. 16-3-2006 o/ Public Disclosure. --- o/ å Vendor Response --- ISC NTP is presented no identified information. --- å \o CVE Information --- The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-308510 to this issue --- Appendix A Vendor Information --- http://www.isc.org/index.pl?/sw/ntp/ --- Appendix B References --- RFC 4599 --- Contact --- adnan habib [EMAIL PROTECTED] 1-888-565-9428 CISSP GSAE CCE GREM SSP-MPA GIPS GHTQ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ADVISORY] | +Thu Mar 16 13:37:19 EST 2006+ | Local Privilege Escalation Vulnerability in Microsoft Office
[ADVISORY] | +Thu Mar 16 13:37:19 EST 2006+ | Local Privilege Escalation Vulnerability in Microsoft Office ++ 8===D Workaround This issue has no identified workarounds. ++ 8===D Vendor Response Microsoft Office has presented no identified explanation regarding the issue indentified. ++ Appendix A Vendor Information http://www.microsoft.com ++ Appendix B References RFC 2116 ++ Contact Jim Duncan [EMAIL PROTECTED] CEH CSFA SSP-CNSA GIPS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -advisory- $ x Thu Mar 16 13:39:58 EST 2006 x $ Off-by-one in Microsoft Excel
-advisory- $ x Thu Mar 16 13:39:58 EST 2006 x $ Off-by-one in Microsoft Excel - 8===D WORKAROUND - This advisory had no identified workarounds for this vulnerability. - 8===D CVE INFORMATION - The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-346455 to this issue ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ADVISORY + +Thu Mar 16 13:41:17 EST 2006+ + Buffer Overflow in Apple iTunes
ADVISORY + +Thu Mar 16 13:41:17 EST 2006+ + Buffer Overflow in Apple iTunes 1. Background There has been no identified background information on this problem indentified. 2. Vendor Response Apple iTunes has offered no information regarding this vulnerability. Appendix A Vendor Information http://www.apple.com/itunes/ Appendix B References RFC 9619 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- + [Thu Mar 16 13:41:45 EST 2006] + Local Privilege Escalation Vulnerability in Apple iTunes
-ADVISORY- + [Thu Mar 16 13:41:45 EST 2006] + Local Privilege Escalation Vulnerability in Apple iTunes 8===D~~ [+] DESCRIPTION 8===D~~ Apple iTunes incorrectly validates user input, making privilege escalation possible. 8===D~~ [+] WORKAROUND 8===D~~ This vulnerability had no workarounds. 8===D~~ [+] VENDOR RESPONSE 8===D~~ Apple iTunes is offered no identified commentary regarding this problem at hand. 8===D~~ APPENDIX A VENDOR INFORMATION 8===D~~ http://www.apple.com/itunes/ 8===D~~ CONTACT 8===D~~ [EMAIL PROTECTED] [EMAIL PROTECTED] GSAE CCE CEH CSFA SSP-CNSA GIPS GHTQ CAP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- % -Thu Mar 16 13:41:58 EST 2006- % Off-by-one in ISC INN
-ADVISORY- % -Thu Mar 16 13:41:58 EST 2006- % Off-by-one in ISC INN 8D~~ 1. BACKGROUND 8D~~ This product has no identified background information on the issue in question. 8D~~ 2. DESCRIPTION 8D~~ It is possible to make ISC INN crash by the use of malformed input. 8D~~ 3. HISTORY 8D~~ 0-1-2006 - Vendor Notification. 16-3-2006 - Public Disclosure. 8D~~ 4. CVE INFORMATION 8D~~ The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-101228 to this issue 8D~~ APPENDIX A VENDOR INFORMATION 8D~~ http://www.isc.org/index.pl?/sw/inn/ 8D~~ APPENDIX B REFERENCES 8D~~ RFC 6096 8D~~ CONTACT 8D~~ [EMAIL PROTECTED] [EMAIL PROTECTED] CEH GREM SSP-CNSA SSP-MPA GWAS CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Advisory] + +Thu Mar 16 13:42:07 EST 2006+ + Buffer Overflow in Microsoft PowerPoint
[Advisory] + +Thu Mar 16 13:42:07 EST 2006+ + Buffer Overflow in Microsoft PowerPoint o/ å Description It is possible to make Microsoft PowerPoint crash or run arbitrary code by the use of malformed input. å \o Workaround There was no identified workarounds on the vulnerability at hand. o/ å CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-530471 to this issue Contact J u a n [EMAIL PROTECTED] GSAE CCE CEH SSP-CNSA SSP-MPA GIPS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ADVISORY] - -Thu Mar 16 13:43:24 EST 2006- - DoS Vulnerability in Microsoft Windows 2003
[ADVISORY] - -Thu Mar 16 13:43:24 EST 2006- - DoS Vulnerability in Microsoft Windows 2003 + 8===D Vendor Response + Microsoft Windows 2003 is extended no identified commentary. + 8===D CVE Information + The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-453521 to this issue + Contact + Technica Forensis [EMAIL PROTECTED] CISSP GREM SSP-CNSA GHTQ GWAS CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- # =Thu Mar 16 13:44:30 EST 2006= # Heap Overflow in Microsoft Windows XP
-ADVISORY- # =Thu Mar 16 13:44:30 EST 2006= # Heap Overflow in Microsoft Windows XP + I. History 1/20/2006 - Vendor Reply. 3/16/2006 - Public Disclosure. + II. Workaround This vulnerability has no workarounds regarding the issue indentified. + III. Vendor Response Microsoft Windows XP has offered no information. + IV. CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-847841 to this issue ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ADVISORY] - x Thu Mar 16 13:44:47 EST 2006 x - Integer Overflow in VMware
[ADVISORY] - x Thu Mar 16 13:44:47 EST 2006 x - Integer Overflow in VMware 8D~~ o/ å DESCRIPTION 8D~~ VMware incorrectly parses integer data, and this can be used to execute arbitrary code. 8D~~ å \o CVE INFORMATION 8D~~ The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-529309 to this issue 8D~~ CONTACT 8D~~ alex [EMAIL PROTECTED] CCE CEH CSFA GREM SSP-CNSA GIPS GWAS CAP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- + -Thu Mar 16 13:44:56 EST 2006- + Heap Overflow in VMware
-ADVISORY- + -Thu Mar 16 13:44:56 EST 2006- + Heap Overflow in VMware ++ Contact ++ mike king [EMAIL PROTECTED] CISSP GSAE CCE SSP-CNSA CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] -ADVISORY- - -Thu Mar 16 13:45:04 EST 2006- - Integer Overflow in Snort
-ADVISORY- - -Thu Mar 16 13:45:04 EST 2006- - Integer Overflow in Snort [+] Background This issue has no identified background. [+] History 2/19/2006 [+] Vendor Notification. 3/16/2006 [+] Public Disclosure. Contact Pablo A. Rolon [EMAIL PROTECTED] 1-888-565-9428 BEWARE THE JIZZTAPO!!! .. _ .' `. /\) / / / / /\ \ \ / \ _ \ \/ /\ \ (/\ \ / \ \ \ \ / \ (Y ) \ \/ /\ \ \ / \ \ \/ / / / / ( Y) CISSP GSAE CSFA GREM GIPS GHTQ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ADVISORY + x Thu Mar 16 13:45:38 EST 2006 x + Heap Overflow in ISC OpenReg
ADVISORY + x Thu Mar 16 13:45:38 EST 2006 x + Heap Overflow in ISC OpenReg 8=D 1. BACKGROUND 8=D There has had been no identified background commentary on this issue in question. 8=D 2. CVE INFORMATION 8=D The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-702067 to this issue 8=D APPENDIX A VENDOR INFORMATION 8=D http://www.isc.org/index.pl?/sw/openreg/ 8=D APPENDIX B REFERENCES 8=D RFC 4279 8=D CONTACT 8=D ZATAZ Audits [EMAIL PROTECTED] 1-888-565-9428 BEWARE THE JIZZTAPO!!! .. _ .' `. /\) / / / / /\ \ \ / \ _ \ \/ /\ \ (/\ \ / \ \ \ \ / \ (Y ) \ \/ /\ \ \ / \ \ \/ / / / / ( Y) GSAE CEH CSFA SSP-MPA GIPS CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/