[Full-disclosure] !ADVISORY! # [Thu Mar 16 02:47:12 EST 2006] # DoS Vulnerability in AOL Client Software

[pol]

!ADVISORY! # [Thu Mar 16 02:47:12 EST 2006] # DoS Vulnerability in AOL Client 
Software




8===D BACKGROUND
This product had no identified background information on this product at hand.
8===D DESCRIPTION
Sending a specially crafted  malformed  packet to the services communication 
socket can create a loss of service.

8===D WORKAROUND
There was no identified workarounds.
8===D CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-771905 to this issue



CONTACT
Paul S. Brown [EMAIL PROTECTED]

CCE CEH CSFA SSP-CNSA SSP-MPA GIPS GHTQ CAP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -ADVISORY- | x Thu Mar 16 02:49:11 EST 2006 x | Integer Overflow in AOL Client Software

[jaervosz]

-ADVISORY- | x Thu Mar 16 02:49:11 EST 2006 x | Integer Overflow in AOL Client 
Software




I. DESCRIPTION
AOL Client Software incorrectly parses integer data, and this can be used to 
execute arbitrary code.

II. WORKAROUND
There was no identified workarounds regarding the vulnerability at hand.
III. VENDOR RESPONSE
AOL Client Software is extended no identified commentary about this problem at 
hand.
APPENDIX A VENDOR INFORMATION
http://www.aol.com

APPENDIX B REFERENCES
RFC 6920

CONTACT
Sune Kloppenborg Jeppesen [EMAIL PROTECTED]

CISSP CSFA 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Advisory] ~ x Thu Mar 16 02:49:27 EST 2006 x ~ Local Privilege Escalation Vulnerability in Microsoft Windows 2000

[sk3tch]

[Advisory] ~ x Thu Mar 16 02:49:27 EST 2006 x ~ Local Privilege Escalation 
Vulnerability in Microsoft Windows 2000





8===D Background

There had been no identified background commentary about the product at hand.

8===D Description

Microsoft Windows 2000 incorrectly validates user input, making privilege 
escalation possible.


8===D History

2-15-2006 8==D Vendor Notification.
3-16-2006 8==D Public Disclosure.

8===D Workaround

There was no identified workarounds for this problem in question.



Contact

[EMAIL PROTECTED] [EMAIL PROTECTED]
1-888-565-9428
BEWARE THE JIZZTAPO!!!

..
_ .' `.
   /\)
  / /
 / /   /\
 \ \  /  \
  _   \ \/ /\ \
 (/\   \  /  \ \
  \ \  /  \   (Y )
   \ \/ /\ \   
\  /  \ \
 \/   / /
 / /
( Y)
 


CISSP GSAE CEH GREM GIPS CAP SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -Advisory- # -Thu Mar 16 02:49:34 EST 2006- # Directory Transversal in Microsoft Word

[naverxp]

-Advisory- # -Thu Mar 16 02:49:34 EST 2006- # Directory Transversal in 
Microsoft Word




8D~~~
1. Background
8D~~~
There is no background commentary about the vulnerability.
8D~~~
2. History
8D~~~
23-1-2006 - Vendor Notification.
16-3-2006 - Public Disclosure.
8D~~~
3. CVE Information
8D~~~
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-419858 to this issue

8D~~~
Appendix A Vendor Information
8D~~~
http://www.microsoft.com

8D~~~
Appendix B References
8D~~~
RFC 5699

8D~~~
Contact
8D~~~
John Goh [EMAIL PROTECTED]

CISSP GSAE CEH CSFA SSP-CNSA GWAS 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -ADVISORY- $ +Thu Mar 16 02:47:23 EST 2006+ $ DoS Vulnerability in ISC INN

[arjunior]

-ADVISORY- $ +Thu Mar 16 02:47:23 EST 2006+ $ DoS Vulnerability in ISC INN




===
I. Background
===
This problem had no identified background.
===
II. Description
===
Sending a specially crafted  malformed  packet to the services communication 
socket can create a loss of service.

===
III. History
===
2/2/2006 - Vendor Notification.
1/3/2006 - Vendor Reply.
3/16/2006 - Public Disclosure.
===
IV. CVE Information
===
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-595263 to this issue


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Advisory - [Thu Mar 16 02:47:29 EST 2006] - Local Privilege Escalation Vulnerability in Microsoft Excel

[michealespinola]

Advisory - [Thu Mar 16 02:47:29 EST 2006] - Local Privilege Escalation 
Vulnerability in Microsoft Excel





1. Background

This vulnerability has no identified background information on the 
vulnerability.

Appendix A Vendor Information

http://www.microsoft.com


Appendix B References

RFC 7094


Contact

Micheal Espinola Jr [EMAIL PROTECTED]

SSP-CNSA SSP-MPA GWAS CAP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] !ADVISORY! | [Thu Mar 16 02:47:34 EST 2006] | Buffer Overflow in Apple iTunes

[bytejump]

!ADVISORY! | [Thu Mar 16 02:47:34 EST 2006] | Buffer Overflow in Apple iTunes





I. WORKAROUND

This problem has no identified workarounds regarding the problem at hand.

II. VENDOR RESPONSE

Apple iTunes is presented no commentary.

III. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-113139 to this issue




CONTACT

byte_jump [EMAIL PROTECTED]
1-888-565-9428

CISSP CCE GHTQ 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -advisory- + [Thu Mar 16 02:48:22 EST 2006] + DoS Vulnerability in ISC OpenReg

[b . hines]

-advisory- + [Thu Mar 16 02:48:22 EST 2006] + DoS Vulnerability in ISC OpenReg




==
8===D BACKGROUND
==
This issue had no background.
==
8===D DESCRIPTION
==
Sending a specially crafted  malformed  packet to the services communication 
socket can create a loss of service.

==
8===D VENDOR RESPONSE
==
ISC OpenReg is presented no identified information regarding this issue in 
question.
==
8===D CVE INFORMATION
==
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-943578 to this issue



==
CONTACT
==
[EMAIL PROTECTED] [EMAIL PROTECTED]

CCE CEH GREM GIPS GHTQ GWAS SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] !ADVISORY! % [Thu Mar 16 02:48:34 EST 2006] % Buffer Overflow in Ethereal

[Vulnerability]

!ADVISORY! % [Thu Mar 16 02:48:34 EST 2006] % Buffer Overflow in Ethereal




I. Background
This problem has no background.
II. History
8/1/2006 - Vendor Notification.
15/2/2006 - Vendor Reply.
16/3/2006 - Public Disclosure.
III. Workaround
This problem has no identified workarounds.
Appendix A Vendor Information
http://www.ethereal.com/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] !ADVISORY! + x Thu Mar 16 02:49:51 EST 2006 x + Directory Transversal in Apple MacOSX

[adf]

!ADVISORY! + x Thu Mar 16 02:49:51 EST 2006 x + Directory Transversal in Apple 
MacOSX





1. BACKGROUND

There has been no background.

2. DESCRIPTION

Remote exploitation of a directory traversal vulnerability in Apple MacOSX 
could allow attackers to overwrite or view arbitrary files with user-supplied 
contents.


3. VENDOR RESPONSE

Apple MacOSX was offered no explanation.

APPENDIX A VENDOR INFORMATION

http://www.apple.com/macosx/


APPENDIX B REFERENCES

RFC 4112

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -ADVISORY- # x Thu Mar 16 02:49:57 EST 2006 x # Directory Transversal in Microsoft Word

[cmadams]

-ADVISORY- # x Thu Mar 16 02:49:57 EST 2006 x # Directory Transversal in 
Microsoft Word




-
8===D BACKGROUND
-
There is no background commentary regarding the product at hand.
-
8===D DESCRIPTION
-
Remote exploitation of a directory traversal vulnerability in Microsoft Word 
could allow attackers to overwrite or view arbitrary files with user-supplied 
contents.

-
8===D WORKAROUND
-
This issue had no workarounds on the issue at hand.
-
8===D VENDOR RESPONSE
-
Microsoft Word had presented no commentary.


-
CONTACT
-
Chris Adams [EMAIL PROTECTED]
1-888-565-9428
BEWARE THE JIZZTAPO!!!

..
_ .' `.
   /\)
  / /
 / /   /\
 \ \  /  \
  _   \ \/ /\ \
 (/\   \  /  \ \
  \ \  /  \   (Y )
   \ \/ /\ \   
\  /  \ \
 \/   / /
 / /
( Y)
 


GSAE CCE CEH CSFA SSP-MPA GHTQ GWAS CAP SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -ADVISORY- $ =Thu Mar 16 02:50:42 EST 2006= $ Local Privilege Escalation Vulnerability in Microsoft Word

[nicwerner]

-ADVISORY- $ =Thu Mar 16 02:50:42 EST 2006= $ Local Privilege Escalation 
Vulnerability in Microsoft Word





[+] Description

Microsoft Word incorrectly validates user input, making privilege escalation 
possible.


[+] History

16/1/2006 [+] Vendor Notification.
16/3/2006 [+] Public Disclosure.



Contact

Nic Werner [EMAIL PROTECTED]

CCE CEH CSFA GREM GIPS SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -ADVISORY- + -Thu Mar 16 02:50:51 EST 2006- + Integer Overflow in VMware

[research]

-ADVISORY- + -Thu Mar 16 02:50:51 EST 2006- + Integer Overflow in VMware





o/ 卍 BACKGROUND
This vulnerability has no background information on the product in question.

卍 \o DESCRIPTION
VMware incorrectly parses integer data, and this can be used to execute 
arbitrary code.


o/ 卍 CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-790568 to this issue




CONTACT
Bernhard Mueller [EMAIL PROTECTED]

CISSP CEH CSFA GREM SSP-CNSA SSP-MPA GWAS 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -advisory- - -Thu Mar 16 02:54:19 EST 2006- - DoS Vulnerability in VMware

[anthony . aykut]

-advisory- - -Thu Mar 16 02:54:19 EST 2006- - DoS Vulnerability in VMware




+++
8===D BACKGROUND
+++
There is no identified background commentary about the problem at hand.
+++
8===D DESCRIPTION
+++
Sending a specially crafted  malformed  packet to the services communication 
socket can create a loss of service.

+++
8===D HISTORY
+++
8/1/2006 8==D Vendor Notification.
5/2/2006 8==D Vendor Reply.
16/3/2006 8==D Public Disclosure.
+++
8===D CVE INFORMATION
+++
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-816867 to this issue

+++
APPENDIX A VENDOR INFORMATION
+++
http://www.vmware.com/

+++
APPENDIX B REFERENCES
+++
RFC 4713

+++
CONTACT
+++
Anthony Aykut [EMAIL PROTECTED]

CISSP CCE SSP-MPA GIPS 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] ADVISORY - =Thu Mar 16 03:00:35 EST 2006= - Off-by-one in Microsoft Excel

[adf]

ADVISORY - =Thu Mar 16 03:00:35 EST 2006= - Off-by-one in Microsoft Excel




1. Description
It is possible to make Microsoft Excel crash by the use of malformed input.

2. History
8-1-2006 - Vendor Notification.
15-2-2006 - Vendor Reply.
16-3-2006 - Public Disclosure.
Appendix A Vendor Information
http://www.microsoft.com

Appendix B References
RFC 1864

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] !ADVISORY! | x Thu Mar 16 03:00:40 EST 2006 x | Heap Overflow in Apple iTunes

[naveedafzal]

!ADVISORY! | x Thu Mar 16 03:00:40 EST 2006 x | Heap Overflow in Apple iTunes




8==D~
8===D BACKGROUND
8==D~
This problem had no background.
8==D~
8===D DESCRIPTION
8==D~
It is possible to make Apple iTunes crash or run arbitrary code by the use of 
malformed input.

8==D~
8===D VENDOR RESPONSE
8==D~
Apple iTunes had extended no explanation on the problem at hand.
8==D~
8===D CVE INFORMATION
8==D~
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-258518 to this issue

8==D~
APPENDIX A VENDOR INFORMATION
8==D~
http://www.apple.com/itunes/



8==D~
CONTACT
8==D~
naveed [EMAIL PROTECTED]

GSAE CEH CSFA SSP-CNSA GWAS SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ADVISORY] % [Thu Mar 16 03:00:53 EST 2006] % Heap Overflow in AOL Client Software

[lirrypalma]

[ADVISORY] % [Thu Mar 16 03:00:53 EST 2006] % Heap Overflow in AOL Client 
Software




8===D~
o/ 卍 DESCRIPTION
It is possible to make AOL Client Software crash or run arbitrary code by the 
use of malformed input.

8===D~
卍 \o WORKAROUND
This problem has no identified workarounds on the issue at hand.


8===D~
CONTACT
Eduardo Palma [EMAIL PROTECTED]
1-888-565-9428

CEH GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] !ADVISORY! | [Thu Mar 16 03:01:42 EST 2006] | DoS Vulnerability in Apple MacOSX

[ripemd160]

!ADVISORY! | [Thu Mar 16 03:01:42 EST 2006] | DoS Vulnerability in Apple MacOSX




===
1. Background
There had been no identified background information regarding the issue.
===
2. Description
Sending a specially crafted  malformed  packet to the services communication 
socket can create a loss of service.

===
3. History
22/1/2006 - Vendor Notification.
26/2/2006 - Vendor Reply.
16/3/2006 - Public Disclosure.
===
4. Vendor Response
Apple MacOSX is extended no information.
===
5. CVE Information
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-912128 to this issue

===
Appendix A Vendor Information
http://www.apple.com/macosx/

===
Appendix B References
RFC 6719

===
Contact
Ripe Md [EMAIL PROTECTED]
1-888-565-9428

CEH CSFA SSP-CNSA CAP SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] !ADVISORY! # -Thu Mar 16 03:08:48 EST 2006- # Heap Overflow in ISC NTP

[waldoalvarez00]

!ADVISORY! # -Thu Mar 16 03:08:48 EST 2006- # Heap Overflow in ISC NTP




--
1. Description
It is possible to make ISC NTP crash or run arbitrary code by the use of 
malformed input.

--
2. History
27-1-2006 - Vendor Notification.
22-2-2006 - Vendor Reply.
16-3-2006 - Public Disclosure.
--
3. CVE Information
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-675200 to this issue

--
Appendix A Vendor Information
http://www.isc.org/index.pl?/sw/ntp/

--
Appendix B References
RFC 7559

--
Contact
waldo alvarez [EMAIL PROTECTED]
1-888-565-9428
BEWARE THE JIZZTAPO!!!

..
_ .' `.
   /\)
  / /
 / /   /\
 \ \  /  \
  _   \ \/ /\ \
 (/\   \  /  \ \
  \ \  /  \   (Y )
   \ \/ /\ \   
\  /  \ \
 \/   / /
 / /
( Y)
 


GSAE CCE SSP-CNSA GIPS GHTQ SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ADVISORY] * =Thu Mar 16 03:01:54 EST 2006= * Directory Transversal in VMware

[andre . ludwig]

[ADVISORY] * =Thu Mar 16 03:01:54 EST 2006= * Directory Transversal in VMware




++
[+] Workaround
There has been no workarounds regarding this problem indentified.
++
[+] Vendor Response
VMware was offered no identified information.
++
Appendix A Vendor Information
http://www.vmware.com/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -ADVISORY- ~ [Thu Mar 16 03:09:47 EST 2006] ~ Local Privilege Escalation Vulnerability in ISC DHCP

[mmaiffret]

-ADVISORY- ~ [Thu Mar 16 03:09:47 EST 2006] ~ Local Privilege Escalation 
Vulnerability in ISC DHCP




++
o/ 卍 BACKGROUND
++
There has been no background commentary about this issue in question.
++
卍 \o DESCRIPTION
++
ISC DHCP incorrectly validates user input, making privilege escalation possible.

++
o/ 卍 CVE INFORMATION
++
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-437287 to this issue



++
CONTACT
++
Marc Maiffret [EMAIL PROTECTED]
1-888-565-9428

CSFA SSP-MPA GHTQ CAP SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -ADVISORY- - =Thu Mar 16 03:13:43 EST 2006= - Directory Transversal in Microsoft Windows XP

[discojonny]

-ADVISORY- - =Thu Mar 16 03:13:43 EST 2006= - Directory Transversal in 
Microsoft Windows XP




8D~
1. BACKGROUND
8D~
There was no background commentary regarding this problem in question.
8D~
2. HISTORY
8D~
3/16/2006 - Public Disclosure.
8D~
3. WORKAROUND
8D~
There was no identified workarounds regarding the problem.
8D~
4. CVE INFORMATION
8D~
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-14891 to this issue



8D~
CONTACT
8D~
Disco Jonny [EMAIL PROTECTED]

GSAE CSFA GREM GHTQ GWAS CAP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ADVISORY] | +Thu Mar 16 03:18:06 EST 2006+ | Directory Transversal in ISC OpenReg

[davefd]

[ADVISORY] | +Thu Mar 16 03:18:06 EST 2006+ | Directory Transversal in ISC 
OpenReg




++
1. BACKGROUND
++
This product had no background.
++
2. DESCRIPTION
++
Remote exploitation of a directory traversal vulnerability in ISC OpenReg could 
allow attackers to overwrite or view arbitrary files with user-supplied 
contents.

++
3. HISTORY
++
2-1-2006 - Vendor Notification.
14-2-2006 - Vendor Reply.
16-3-2006 - Public Disclosure.
++
4. VENDOR RESPONSE
++
ISC OpenReg had extended no commentary.
++
5. CVE INFORMATION
++
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-989455 to this issue



++
CONTACT
++
Dave King [EMAIL PROTECTED]

CEH CSFA GREM SSP-CNSA SSP-MPA GIPS 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -advisory- % +Thu Mar 16 03:20:46 EST 2006+ % Buffer Overflow in Microsoft PowerPoint

[ahaning]

-advisory- % +Thu Mar 16 03:20:46 EST 2006+ % Buffer Overflow in Microsoft 
PowerPoint




-
1. BACKGROUND
-
This product has no identified background.
-
2. DESCRIPTION
-
It is possible to make Microsoft PowerPoint crash or run arbitrary code by the 
use of malformed input.

-
3. CVE INFORMATION
-
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-754253 to this issue

-
APPENDIX A VENDOR INFORMATION
-
http://www.microsoft.com



-
CONTACT
-
Andrew Haninger [EMAIL PROTECTED]
1-888-565-9428
BEWARE THE JIZZTAPO!!!

..
_ .' `.
   /\)
  / /
 / /   /\
 \ \  /  \
  _   \ \/ /\ \
 (/\   \  /  \ \
  \ \  /  \   (Y )
   \ \/ /\ \   
\  /  \ \
 \/   / /
 / /
( Y)
 


GSAE CCE SSP-MPA GIPS GHTQ SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -ADVISORY- $ x Thu Mar 16 03:30:09 EST 2006 x $ Off-by-one in Apple iTunes

[john . r . bond]

-ADVISORY- $ x Thu Mar 16 03:30:09 EST 2006 x $ Off-by-one in Apple iTunes




8==D~~
[+] BACKGROUND
8==D~~
This product has no identified background.
8==D~~
[+] DESCRIPTION
8==D~~
It is possible to make Apple iTunes crash by the use of malformed input.

8==D~~
[+] HISTORY
8==D~~
5-1-2006 [+] Vendor Notification.
17-2-2006 [+] Vendor Reply.
16-3-2006 [+] Public Disclosure.
8==D~~
[+] WORKAROUND
8==D~~
There was no identified workarounds.
8==D~~
[+] VENDOR RESPONSE
8==D~~
Apple iTunes has presented no identified information.
8==D~~
[+] CVE INFORMATION
8==D~~
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-137848 to this issue

8==D~~
APPENDIX A VENDOR INFORMATION
8==D~~
http://www.apple.com/itunes/

8==D~~
APPENDIX B REFERENCES
8==D~~
RFC 4231

8==D~~
CONTACT
8==D~~
John Bond [EMAIL PROTECTED]

CSFA GREM SSP-CNSA SSP-MPA GWAS CAP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] !ADVISORY! + =Thu Mar 16 03:44:16 EST 2006= + Directory Transversal in Snort

[h4cky0u . org]

!ADVISORY! + =Thu Mar 16 03:44:16 EST 2006= + Directory Transversal in Snort




=
1. History
=
13/2/2006 - Vendor Reply.
16/3/2006 - Public Disclosure.
=
2. Vendor Response
=
Snort had extended no explanation regarding this problem indentified.


=
Contact
=
h4cky0u [EMAIL PROTECTED]
1-888-565-9428

CISSP GSAE CSFA SSP-CNSA SSP-MPA GIPS GWAS CAP SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -Advisory- - =Thu Mar 16 03:47:35 EST 2006= - Buffer Overflow in Microsoft Office

[nullman]

-Advisory- - =Thu Mar 16 03:47:35 EST 2006= - Buffer Overflow in Microsoft 
Office




+
[+] Description
+
It is possible to make Microsoft Office crash or run arbitrary code by the use 
of malformed input.

+
[+] Workaround
+
This vulnerability has no identified workarounds on the issue at hand.
+
[+] Vendor Response
+
Microsoft Office is offered no identified information.
+
[+] CVE Information
+
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-947159 to this issue

+
Appendix A Vendor Information
+
http://www.microsoft.com



+
Contact
+
nullman [EMAIL PROTECTED]
1-888-565-9428
BEWARE THE JIZZTAPO!!!

..
_ .' `.
   /\)
  / /
 / /   /\
 \ \  /  \
  _   \ \/ /\ \
 (/\   \  /  \ \
  \ \  /  \   (Y )
   \ \/ /\ \   
\  /  \ \
 \/   / /
 / /
( Y)
 


CCE CEH CSFA GREM SSP-MPA GIPS GWAS CAP SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Re: [VulnWatch] [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability

[[EMAIL PROTECTED]]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
no, but our discoveries are all patched with the same patch, look at
the MS advisory closely:

http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx

Microsoft thanks http://go.microsoft.com/fwlink/?LinkId=21127 the
following for working with us to help protect customers:

?

Ollie Whitehouse of Symantec http://symantec.com/ for reporting the
Microsoft Office Remote Code Execution Using a Malformed Routing Slip
Vulnerability - CVE-2006-0009

?

FelicioX mailto:[EMAIL PROTECTED] for working with Microsoft on the
Microsoft Office Excel Remote Code Execution Using a Malformed Range
Vulnerability ? CVE-2005-4131

?

Peter Winter-Smith of NGS Software
http://www.ngssoftware.com/index.htm for reporting similar behavior
to the Remote Code Execution with Microsoft Office Excel Vulnerability
- - CVE-2005-4131

?

TippingPoint http://www.tippingpoint.com/ and the Zero Day
Initiative http://www.zerodayinitiative.com/ for reporting the
Microsoft Office Excel Remote Code Execution Using a Malformed File
Format Parsing Vulnerability - CVE-2006-0028

?

Dejun of the Fortinet Security Response Team http://www.fortinet.com
for reporting the Microsoft Office Excel Remote Code Execution Using a
Malformed Description Vulnerability - CVE-2006-0029

?

Eyas of the XFOCUS Security Team http://www.xfocus.org/ for
reporting the Microsoft Office Excel Remote Code Execution Using a
Malformed Record Vulnerability ? CVE-2006-0031


only FelicioX and NGSS found the same bug ;)

Thierry Zoller wrote:
 Dear XFOCUS Team,

 Is this the same vuln as discovered by class101 ?
 http://www.zerodayinitiative.com/advisories/ZDI-06-004.html




-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.1 (MingW32)
 
iD8DBQFEGSZUFJS99fNfR+YRAh9xAJwM9sP9dSlqsn9IsO3czfdj+1sknQCdH/MD
Y01obA6+miFI7VGgcYHeOQ0=
=KczF
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -ADVISORY- # -Thu Mar 16 03:48:11 EST 2006- # DoS Vulnerability in Microsoft Windows XP

[fmargeli]

-ADVISORY- # -Thu Mar 16 03:48:11 EST 2006- # DoS Vulnerability in Microsoft 
Windows XP




8===D BACKGROUND
This issue had no identified background information about the product 
indentified.
8===D DESCRIPTION
Sending a specially crafted  malformed  packet to the services communication 
socket can create a loss of service.

8===D HISTORY
2-6-2006 8==D Vendor Notification.
1-24-2006 8==D Vendor Reply.
3-16-2006 8==D Public Disclosure.


CONTACT
[EMAIL PROTECTED] [EMAIL PROTECTED]

GSAE SSP-MPA GIPS GHTQ GWAS CAP SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Advisory] % [Thu Mar 16 03:49:21 EST 2006] % Local Privilege Escalation Vulnerability in Ethereal

[lukasz]

[Advisory] % [Thu Mar 16 03:49:21 EST 2006] % Local Privilege Escalation 
Vulnerability in Ethereal




+
[+] BACKGROUND
+
This problem had no identified background commentary about the product in 
question.
+
[+] HISTORY
+
1-9-2006 [+] Vendor Reply.
3-16-2006 [+] Public Disclosure.
+
[+] VENDOR RESPONSE
+
Ethereal had presented no explanation.
+
[+] CVE INFORMATION
+
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-23204 to this issue


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Filtering Latest Spam Run (radio.toad.com)

[Don Bailey]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 radio.toad.com


Er, I meant to say thanks for the tip :)


-BEGIN PGP SIGNATURE-
Version: PGP Desktop 9.0.5 (Build 5050)

iQA/AwUBRBkpkl/Ie1ANMtLuEQLMGQCgzS0qF/SJRqGzCt3BwjQ/arEZJ/4AoKc4
o+12ImJScumJ4LGqgTbBTtO2
=GVR1
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Filtering Latest Spam Run (radio.toad.com)

[Jason Coombs]

Don Bailey wrote:

Stop interrupting the spam, I'm trying to read.


The spam attacks would never have gotten through if Len Rose were still 
in charge of FD.


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Filtering Latest Spam Run (radio.toad.com)

[bigdaddyzeroday]

And I would have never shot hot steamy load of man juice inside you 
if you were not fucking faggot

On Thu, 16 Mar 2006 01:15:32 -0800 Jason Coombs 
[EMAIL PROTECTED] wrote:
Don Bailey wrote:
 Stop interrupting the spam, I'm trying to read.

The spam attacks would never have gotten through if Len Rose were 
still 
in charge of FD.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Concerned about your privacy? Instantly send FREE secure email, no account 
required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Filtering Latest Spam Run (radio.toad.com)

[[EMAIL PROTECTED]]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
or for those with thunderbird and no admin access to the mail
administration

in menu Tools  Message Filters  select wich inbox  click New  name
it FD SPAM click Match any of the following  instead of
selecting Subject, select Customize  add yours manually Received
 select contains   add radio.toad.com

and select your approriate actions as Delete Message  Delete from
POP server is good

hope it helps

Don Bailey wrote:
 radio.toad.com


 Stop interrupting the spam, I'm trying to read.

 ___ Full-Disclosure -
 We believe in it. Charter:
 http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
 sponsored by Secunia - http://secunia.com/




-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.1 (MingW32)
 
iD8DBQFEGS4KFJS99fNfR+YRAqgZAKCSPQQmGx9FgthZQxriVjJPWsuWEQCfZ1x2
qCu+/I8I2qrx5gb7rMH93XA=
=FWA7
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Filtering Latest Spam Run (radio.toad.com)

[Brian Dessent]

Matthew Murphy wrote:

 attack also appears isolated to one host (radio.toad.com) that can be
 successfully filtered until the admin can make the necessary rule change.

Good luck with that.  toad.com is John Gilmore's infamous open relay
that he's been running out of protest since... forever.

http://www.google.com/search?q=john+gilmore+open+relay

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Filtering Latest Spam Run (radio.toad.com)

[Jason Coombs]

[EMAIL PROTECTED] wrote:
And I would have never shot hot steamy load of man juice inside you 
if you were not fucking faggot


uh huh, and now we know the spam kiddie responsible. I pay by the KB to 
receive all your junk, so you can expect a lawsuit in the near future.


Send your address for service of process, please.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Filtering Latest Spam Run (radio.toad.com)

[bigdaddyzeroday]

Address is your daddy home. 

On Thu, 16 Mar 2006 01:23:51 -0800 Jason Coombs 
[EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
 And I would have never shot hot steamy load of man juice inside 
you 
 if you were not fucking faggot

uh huh, and now we know the spam kiddie responsible. I pay by the 
KB to 
receive all your junk, so you can expect a lawsuit in the near 
future.

Send your address for service of process, please.



Concerned about your privacy? Instantly send FREE secure email, no account 
required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] HTTP AUTH BASIC monowall

[Brian Eaton]

tim-security at sentinelchicken.org wrote:
 (assuming the admin doesn't notice the cert changes and all that good
 stuff.)

 There's your problem.  If you assume this, you will always be vulnerable
 to MitM if the software you're using allows you to communicate anyway.

 If you're SSH client lets you connect to systems whose keys have
 changed, same problem.  If your VPN client allows it, same problem.

 This is why I wanted you to think about what you are trusting in the
 first place.  You are trusting your CA and the certificate chain.  If
 you can't do that, then you have no trust.

How trustworthy are the CA certificates included in the average browser?

There are a couple of dozen CA certificates shipped with my browser.
Some of the vendors associated with these CA certificates offer to
give me a certificate for my web site in 10 minutes or less for a
couple of hundred dollars.

This sounds like a really ripe opportunity for social engineering to me.

- Brian

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Filtering Latest Spam Run (radio.toad.com)

[Gadi Evron]

Jason Coombs wrote:

Don Bailey wrote:


Stop interrupting the spam, I'm trying to read.



The spam attacks would never have gotten through if Len Rose were still 
in charge of FD.


Ahh, yes. Terrorism wouldn't be a problem if Hoover was still in charge 
of the FBI - right?


Give me a break.

I'm sure Len likes the criticism, but you are obviously just yet another 
FD flamer.


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200603-11 ] Freeciv: Denial of Service

[Stefan Cornelius]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200603-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Freeciv: Denial of Service
  Date: March 16, 2006
  Bugs: #125304
ID: 200603-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


A memory allocation bug in Freeciv allows a remote attacker to perform
a Denial of Service attack.

Background
==

Freeciv is an open source turn-based multiplayer strategy game, similar
to the famous Civilization series.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  games-strategy/freeciv2.0.8 = 2.0.8

Description
===

Luigi Auriemma discovered that Freeciv could be tricked into the
allocation of enormous chunks of memory when trying to uncompress
malformed data packages, possibly leading to an out of memory condition
which causes Freeciv to crash or freeze.

Impact
==

A remote attacker could exploit this issue to cause a Denial of Service
by sending specially crafted data packages to the Freeciv game server.

Workaround
==

Play solo games or restrict your multiplayer games to trusted parties.

Resolution
==

All Freeciv users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =games-strategy/freeciv-2.0.8

References
==

  [ 1 ] CVE-2006-0047
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0047
  [ 2 ] Original advisory
http://aluigi.altervista.org/adv/freecivdos-adv.txt

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200603-11.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgp5RuJIRmwdm.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200603-12 ] zoo: Buffer overflow

[Stefan Cornelius]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200603-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: zoo: Buffer overflow
  Date: March 16, 2006
  Bugs: #125622
ID: 200603-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


A buffer overflow in zoo may be exploited to execute arbitrary when
creating archives of specially crafted directories and files.

Background
==

zoo is a file archiving utility for maintaining collections of files,
written by Rahul Dhesi.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  app-arch/zoo   2.10-r2= 2.10-r2

Description
===

zoo is vulnerable to a new buffer overflow due to insecure use of the
strcpy() function when trying to create an archive from certain
directories or filenames.

Impact
==

An attacker could exploit this issue by enticing a user to create a zoo
archive of specially crafted directories and filenames, possibly
leading to the execution of arbitrary code with the rights of the user
running zoo.

Workaround
==

There is no known workaround at this time.

Resolution
==

All zoo users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =app-arch/zoo-2.10-r2

References
==

  [ 1 ] RedHat Bug #183426
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183426

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200603-12.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


pgp4bULeRVrkS.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Filtering Latest Spam Run (radio.toad.com)

[Dave Horsfall]

On Thu, 16 Mar 2006, [EMAIL PROTECTED] wrote:

 in menu Tools  Message Filters  select wich inbox  click New  name
 it FD SPAM click Match any of the following  instead of
 selecting Subject, select Customize  add yours manually Received
  select contains   add radio.toad.com

And any sentient being still accepting mail from Gilmore's open relays
desperately needs to have its head(s) examined.

-- Dave

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Macromedia Flash play vulnerability

[Vince Horan]

I have seen no mention here of a new vulnerability in Macromedia Flash
Player see: 
http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html

Question is, is this really exploitable? Doesn't the Flash player
check for updates and download latest - or is it possible to run a
malicious SWF against old version of the player?

Vince Horan
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SECURITY] [DSA 1003-1] New xpvm packages fix insecure temporary file

[Martin Schulze]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- --
Debian Security Advisory DSA 1003-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
March 16th, 2006http://www.debian.org/security/faq
- --

Package: xpvm
Vulnerability  : insecure temporary file
Problem type   : remote
Debian-specific: no
CVE ID : CAN-2005-2240
Debian Bug : 318285

Eric Romang discoverd that xpvm, a graphical console and monitor for
PVM, creates a temporary file that allows local attackers to create or
overwrite arbitrary files with the privileges of the user running
xpvm.

For the old stable distribution (woody) this problem has been fixed in
version 1.2.5-7.2woody1.

For the stable distribution (sarge) this problem has been fixed in
version 1.2.5-7.3sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 1.2.5-8.

We recommend that you upgrade your xpvm package.


Upgrade Instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- 

  Source archives:

http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1.dsc
  Size/MD5 checksum:  578 e23e82b7f0ff80c89f5d398487e9bae0

http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1.diff.gz
  Size/MD5 checksum: 6818 9f38fd365ee274cbd6bf4e7a11f2e64f
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5.orig.tar.gz
  Size/MD5 checksum:   193901 dfdaa0dc8433ab15d6899312c2355e56

  Alpha architecture:


http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_alpha.deb
  Size/MD5 checksum:   192732 03aa819d7f03740ea88c8c4f62185cbe

  ARM architecture:


http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_arm.deb
  Size/MD5 checksum:   179226 8b369479bb83d81b380e9b9d74def5ec

  Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_i386.deb
  Size/MD5 checksum:   170050 2bb210c8f0c22a468bfc0e625db6c784

  Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_ia64.deb
  Size/MD5 checksum:   231764 e4bc6ee3f41fc8a401d66b8fb81afeb4

  HP Precision architecture:


http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_hppa.deb
  Size/MD5 checksum:   192568 55fe8f452a97e8ebeb570abb6189762c

  Motorola 680x0 architecture:


http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_m68k.deb
  Size/MD5 checksum:   161240 0acf0fe7d58ec17e7eb2022ab974631e

  Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_mips.deb
  Size/MD5 checksum:   185354 3b64125f1b9e9d7e0a9cd3e68884bbe4

  Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_mipsel.deb
  Size/MD5 checksum:   184380 9cd8290f7a8079e5aacfb72992052c51

  PowerPC architecture:


http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_powerpc.deb
  Size/MD5 checksum:   177318 e886c63da2ec9c1709f42581fd099580

  IBM S/390 architecture:


http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_s390.deb
  Size/MD5 checksum:   170366 2d178c7ea0cd7adf104def5ec1ff04e8

  Sun Sparc architecture:


http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_sparc.deb
  Size/MD5 checksum:   174756 c032fe787399c178a923e18c580eabe6


Debian GNU/Linux 3.1 alias sarge
- 

  Source archives:

http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1.dsc
  Size/MD5 checksum:  583 91a79d771abce0da5a05f39b51db43d6

http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1.diff.gz
  Size/MD5 checksum: 6879 4f34cd8274c09a525854ae010e41725e
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5.orig.tar.gz
  Size/MD5 checksum:   193901 dfdaa0dc8433ab15d6899312c2355e56

  Alpha architecture:


http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_alpha.deb
  Size/MD5 checksum:   192062 dcf8219bac63f15bea7b0b40c0e23f76

  AMD64 architecture:


http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_amd64.deb
  Size/MD5 

Re: [Full-disclosure] Yahoo recommends you write down account information

[n3td3v group]

I think you people are missing the point entirely. Let me tooth pick it for you since you can't work it out yourself.On http://security.yahoo.com/about_passwords.htmlYahoo say, never write down your password. If you do, make sure its kept in a nuclear bunker.However, on sucessfully creating a new account at http://edit.yahoo.com/config/register the wording says "Yahoo recommends you print out this page" and gives a print out functionality link.You see, they tell you NEVER to write down your PASSWORD on one site and contradict themselves on another by recommending you print out all the information you would need to get a new password.Don't under estimate my intelligence and Valdis, I can't see how you could possibily know t
 he scope
 in my mind thought of how a print out might be used in a real life scenario. The issue of printouts isn't a problem for home users as the other poster mentioned, The threat comes more in small business and large corporations. However, I wasn't looking into the serious side of how the print out would be used to actually compromise an account. I was more having some fun with Yahoo Security (and some of those folks I know personally over IM and Email), in the way security professionals at security.yahoo.com say one advice, but then folks who setup the edit.yahoo.com/config/register are saying another. In other words, abreak down in co-ordination at Yahoo between the security team and the folks who look after config/register. Anyway I spoke with someone from security last night and they confirmed it was silly, and it was going to be fixed.See you guys later,n3td3v (not system_outage :P) 
 [EMAIL PROTECTED] wrote:__Do You Yahoo!?Tired of spam?  Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Re: Re: HTTP AUTH BASIC monowall.

[Dave Korn]

Simon Smith wrote:

 Who ever said I was going to issue a security advisory or warning as
 you called it?

  You did.  Have you got amnesia or what?

---quote
From: Simon Smith [EMAIL PROTECTED]
Subject: Re: HTTP AUTH BASIC monowall.
Date: Mon, 13 Mar 2006 15:37:03 -0500
Message-ID: [EMAIL PROTECTED]
References: [EMAIL PROTECTED] 
[EMAIL PROTECTED] 
[EMAIL PROTECTED]
 [EMAIL PROTECTED]
In-Reply-To: [EMAIL PROTECTED]
---snips
So, I guess I've really answered my own question, perhaps I should
release some sort of an advisory on all of these products that are using
basic auth.
---quote

  To which my response was, to paraphrase, No, perhaps you should not.

 Gee, you must have missed the entire thread... who said internet?

  As the above demonstrates, I seem to have taken in more of it than you 
have.

   There's nothing wrong with BASIC AUTH.

 Aside from the fact that its... um... insecure?

  You don't seem to get the concept of security.

  It's not an absolute, all-or-nothing.  It's a continuum.

  It's meaningless to ask whether something is 'secure' or 'not secure' in 
the abstract.  You can ask whether things are more or less secure, against 
certain threats, under certain assumptions.  This applies to absolutely any 
kind of anything, not just authentication, and not just basic auth.

  Basic auth is highly secure when deployed correctly in a well-managed LAN. 
It's a good match to a lot of the problems it is called on to solve.

  It does not solve, and does not attempt to solve because that is not 
within its remit, the problems that happen if your entire network 
infrastructure is already owned from within.  Nor does any other sort of 
authentication protocol.  In this, basic is no different from any other. 
Some auth protocols may offer more or less security against some kinds of 
compromises or others, but there's no general rule here.

 Well, you are a good example. You don't write very good emails and you
 aren't very well aware of the entire email thread now are you?

  You've already said this, and as I demonstrated, I'm more aware of it than 
you are.

I'll make it a point to not be as silly as you. ;]

  You've certainly succeeded in not being *as* silly as me.  Next time, 
though, try doing it by being /less/ silly than me!

 cheers,
   DaveK


 AH you are from the UK, you said Cheers!

  Cheers is/was an American TV show, isn't it?

cheers,
  DaveK
-- 
Can't think of a witty .sigline today 



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Re: Re: HTTP AUTH BASIC monowall.

[Simon Smith]

Dave,
No shit, maybe I do have amnesia. I had one of those stupid days
yesterday anyway and you'd think that I'd know better than to write to
FD when I'm like that... but no... I'd rather make myself look like an
ass. ;] 

Dave Korn wrote:
 Simon Smith wrote:

   
 Who ever said I was going to issue a security advisory or warning as
 you called it?
 

   You did.  Have you got amnesia or what?

 ---quote
 From: Simon Smith [EMAIL PROTECTED]
 Subject: Re: HTTP AUTH BASIC monowall.
 Date: Mon, 13 Mar 2006 15:37:03 -0500
 Message-ID: [EMAIL PROTECTED]
 References: [EMAIL PROTECTED] 
 [EMAIL PROTECTED] 
 [EMAIL PROTECTED]
  [EMAIL PROTECTED]
 In-Reply-To: [EMAIL PROTECTED]
 ---snips
 So, I guess I've really answered my own question, perhaps I should
 release some sort of an advisory on all of these products that are using
 basic auth.
 ---quote

   To which my response was, to paraphrase, No, perhaps you should not.

   
 Gee, you must have missed the entire thread... who said internet?
 

   As the above demonstrates, I seem to have taken in more of it than you 
 have.

   
   There's nothing wrong with BASIC AUTH.

   
 Aside from the fact that its... um... insecure?
 

   You don't seem to get the concept of security.

   It's not an absolute, all-or-nothing.  It's a continuum.

   It's meaningless to ask whether something is 'secure' or 'not secure' in 
 the abstract.  You can ask whether things are more or less secure, against 
 certain threats, under certain assumptions.  This applies to absolutely any 
 kind of anything, not just authentication, and not just basic auth.

   Basic auth is highly secure when deployed correctly in a well-managed LAN. 
 It's a good match to a lot of the problems it is called on to solve.

   It does not solve, and does not attempt to solve because that is not 
 within its remit, the problems that happen if your entire network 
 infrastructure is already owned from within.  Nor does any other sort of 
 authentication protocol.  In this, basic is no different from any other. 
 Some auth protocols may offer more or less security against some kinds of 
 compromises or others, but there's no general rule here.

   
 Well, you are a good example. You don't write very good emails and you
 aren't very well aware of the entire email thread now are you?
 

   You've already said this, and as I demonstrated, I'm more aware of it than 
 you are.

   
 I'll make it a point to not be as silly as you. ;]
 

   You've certainly succeeded in not being *as* silly as me.  Next time, 
 though, try doing it by being /less/ silly than me!

   
 cheers,
   DaveK

   
 AH you are from the UK, you said Cheers!
 

   Cheers is/was an American TV show, isn't it?

 cheers,
   DaveK
   
N

-- 


Regards, 
Adriel T. Desautels
Harvard Security Group
http://www.harvardsecuritygroup.com


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] HTTP AUTH BASIC monowall.

[Simon Smith]

Alright,
First off, I apologize for being such a dumb fuck yesterday, I was
having a bad day and a stupid day. So go ahead and flame me, tell me
what you like, I'm horribly sorry... I beg for forgiveness and ask
for mercy. ;]

I understand that SSL is the industry accepted standard for
protecting sensitive data in transit with respect to web applications
and other applications. In conjunction, I understand that firewall
administrators will most probably catch certificate warnings and
identify bunk certs. I understand that if the SSL pipe is compromised
there will be much larger issues than just simple authentication. I'm
not contesting anything that anyone is saying here at all, but I am
still not getting any ideas or theories on what I am looking for.

Encoding a username and password combination using base64 is not
secure, but, I understand why it is encoded in base64. Having said that,
I am trying to discover/create an alternate method for authentication
that is secure even if the SSL pipe is compromised. I liked the idea of
creating a secondary tunnel within the initial SSL tunnel but I am not
certain that it would be the best way to do it.

This concern came about initially because I was sniffing a LAN and I
noticed a lot of clear text http communications. Within those
communications was the basic authentication header. When I decoded the
auth string I successfully logged into the system receiving the packets.
Very quickly I found that I was connected to a centralized IT management
system that allowed me to control any other computer on the network. Not
only that, but it also allowed me to record emails, key strokes, install
software, remove software, etc.

I took the liberty of hardening the system by implementing SSL
internally. That really didn't do much for the security of the system
though. I had one of my co-workers attempt a Man in the Middle attack,
and he did it successfully. Sure enough, once the SSL session was had
the encoded string could be decoded and access to the main console could
be gained.

My concern isn't firewall management. My concern isn't with SSL
going over the Internet. My concern is more with SSL on a LAN and that
this IT tool and other similar tools can be compromised easily once a
LAN is penetrated. Providing an extra layer of security within the SSL
tunnel would help to prevent this tool and others like it from being
compromised so easily. My first thought was on how to harden the
authentication because the basic auth didn't cut it for me. Thats what I
am looking for ideas for.

 




Andrew Simmons wrote:
 Simon Smith wrote:

 Ok, so what's your alternative?

 [...]

 Some form of challenge response?  If you can already perform a man in
 the middle attack, than challenge response is just as vulnerable.
 Just connect to the server when the client hits you, and pass them the
 challenge you recieved.  Use the credential yourself, and pass them a
 failure.  When they try again, connect them to the server.

 You're right again.  Does everyone here think that the majority of
 companies hire security aware people?


 We're not talking about general staff, we're talking about your
 firewall admin. If your firewall admin doesn't care about security
 you've got much bigger problems. Which appears to be the case...


 \a



-- 


Regards, 
Adriel T. Desautels
Harvard Security Group
http://www.harvardsecuritygroup.com


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] HTTP AUTH BASIC monowall.

[Mark Coleman]

At the risk of being flamed, I'll chime in with this since I don't think 
it's been mentioned as an alternative:


How about SecurID one-time passwords?  Ride the HTTP Auth on SSL which 
hides it all, and a Malcolm in the Middle attack just gets username/PIN 
and a one-time password (MitM gives ability to DoS lockout your account).


-Mark Coleman


gboyce wrote:

Ok, so what's your alternative?

You're already assuming that the user of the firewall is already 
misusing SSL.  They need to blindly accept unsigned SSL certificates, 
and changes to the certificates.  Just about any security restrictions 
you can apply can be done away with if the user is incompetant enough.


Some form of challenge response?  If you can already perform a man in 
the middle attack, than challenge response is just as vulnerable.  
Just connect to the server when the client hits you, and pass them the 
challenge you recieved.  Use the credential yourself, and pass them a 
failure.  When they try again, connect them to the server. 


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] HTTP AUTH BASIC monowall.

[Michael Holstein]

First off, I think 3 days spent on this topic is sufficient -- epically 
since you fail to grasp some of the more basic concepts which underly 
the OSI model.



Encoding a username and password combination using base64 is not
secure, but, I understand why it is encoded in base64. Having said that,
I am trying to discover/create an alternate method for authentication
that is secure even if the SSL pipe is compromised. I liked the idea of
creating a secondary tunnel within the initial SSL tunnel but I am not
certain that it would be the best way to do it.


Basic Auth via SSL is secure. I could use ROT-13 encoding inside SSL, 
and it'd still be 128 bit encryption over the pipe. What matters here is 
not how the password is encoded for transmission, but HOW it's 
transmitted (in this case, via a SSL session).



This concern came about initially because I was sniffing a LAN and I
noticed a lot of clear text http communications. Within those
communications was the basic authentication header. When I decoded the
auth string I successfully logged into the system receiving the packets.
Very quickly I found that I was connected to a centralized IT management
system that allowed me to control any other computer on the network. Not
only that, but it also allowed me to record emails, key strokes, install
software, remove software, etc.


Duh. If I can sniff a network, I can do all sorts of stuff. Welcome to 
the world of tcpdump, ethereal, and promiscious capture.



I took the liberty of hardening the system by implementing SSL
internally. That really didn't do much for the security of the system
though. I had one of my co-workers attempt a Man in the Middle attack,
and he did it successfully. Sure enough, once the SSL session was had
the encoded string could be decoded and access to the main console could
be gained.


Then he tricked you into accepting the bogus certificate. Shame on you.


My concern isn't firewall management. My concern isn't with SSL
going over the Internet. My concern is more with SSL on a LAN and that
this IT tool and other similar tools can be compromised easily once a
LAN is penetrated. Providing an extra layer of security within the SSL
tunnel would help to prevent this tool and others like it from being
compromised so easily. My first thought was on how to harden the
authentication because the basic auth didn't cut it for me. Thats what I
am looking for ideas for.


Good grief .. if you're that worried about it, use client-side 
certificates (with a password). If you're even MORE worried, put that 
certificate on a hardware token that protects the key in hardware.


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] HTTP AUTH BASIC monowall.

[Simon Smith]

Mark,
Thats a good alternative. I'll add that to my list of options. Thanks!

Mark Coleman wrote:
 At the risk of being flamed, I'll chime in with this since I don't
 think it's been mentioned as an alternative:

 How about SecurID one-time passwords?  Ride the HTTP Auth on SSL which
 hides it all, and a Malcolm in the Middle attack just gets
 username/PIN and a one-time password (MitM gives ability to DoS
 lockout your account).

 -Mark Coleman


 gboyce wrote:
 Ok, so what's your alternative?

 You're already assuming that the user of the firewall is already
 misusing SSL.  They need to blindly accept unsigned SSL certificates,
 and changes to the certificates.  Just about any security
 restrictions you can apply can be done away with if the user is
 incompetant enough.

 Some form of challenge response?  If you can already perform a man in
 the middle attack, than challenge response is just as vulnerable. 
 Just connect to the server when the client hits you, and pass them
 the challenge you recieved.  Use the credential yourself, and pass
 them a failure.  When they try again, connect them to the server. 



-- 
Regards, 
Jackass


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] HTTP AUTH BASIC monowall.

[Simon Smith]

Mike,
Flames like yours are useless. If you do not know how to answer the
question that I am asking, then just be quiet. Mark Coleman is one of
the few people that seems to have understood my question and provided me
with a viable solution. Again, thanks Mark!

Michael Holstein wrote:
 First off, I think 3 days spent on this topic is sufficient --
 epically since you fail to grasp some of the more basic concepts which
 underly the OSI model.

 Encoding a username and password combination using base64 is not
 secure, but, I understand why it is encoded in base64. Having said that,
 I am trying to discover/create an alternate method for authentication
 that is secure even if the SSL pipe is compromised. I liked the idea of
 creating a secondary tunnel within the initial SSL tunnel but I am not
 certain that it would be the best way to do it.

 Basic Auth via SSL is secure. I could use ROT-13 encoding inside SSL,
 and it'd still be 128 bit encryption over the pipe. What matters here
 is not how the password is encoded for transmission, but HOW it's
 transmitted (in this case, via a SSL session).

 This concern came about initially because I was sniffing a LAN and I
 noticed a lot of clear text http communications. Within those
 communications was the basic authentication header. When I decoded the
 auth string I successfully logged into the system receiving the packets.
 Very quickly I found that I was connected to a centralized IT management
 system that allowed me to control any other computer on the network. Not
 only that, but it also allowed me to record emails, key strokes, install
 software, remove software, etc.

 Duh. If I can sniff a network, I can do all sorts of stuff. Welcome to
 the world of tcpdump, ethereal, and promiscious capture.

 I took the liberty of hardening the system by implementing SSL
 internally. That really didn't do much for the security of the system
 though. I had one of my co-workers attempt a Man in the Middle attack,
 and he did it successfully. Sure enough, once the SSL session was had
 the encoded string could be decoded and access to the main console could
 be gained.

 Then he tricked you into accepting the bogus certificate. Shame on you.

 My concern isn't firewall management. My concern isn't with SSL
 going over the Internet. My concern is more with SSL on a LAN and that
 this IT tool and other similar tools can be compromised easily once a
 LAN is penetrated. Providing an extra layer of security within the SSL
 tunnel would help to prevent this tool and others like it from being
 compromised so easily. My first thought was on how to harden the
 authentication because the basic auth didn't cut it for me. Thats what I
 am looking for ideas for.

 Good grief .. if you're that worried about it, use client-side
 certificates (with a password). If you're even MORE worried, put that
 certificate on a hardware token that protects the key in hardware.

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


-- 
Regards, 
Jackass


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] strange domain name in phishing email

[Juha-Matti Laurio]

It seems that this case has the name Dotless IP Address Security Issue 
and KB article #168617 http://support.microsoft.com/?kbid=168617 
describes it even in IE4.

Correct if I'm wrong.

- Juha-Matti


IIRC, Microsoft changed that as one of the security updates to IE. For a 
time, it was a popular phishing trick. I also remember there was a way 
to do that (or something similar) to bypass the security zones in IE and 
make it think it was a trusted site, but can't find that reference at hand.


The rest of windows will still do it though. Try ping 2887060730 or 
telnet 2887060730 80.


~Mike.


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Vulnerability fixed in E-gold

[Georgi Guninski]

On Thu, Mar 16, 2006 at 01:17:49AM +0300, 3APA3A wrote:
   3. Vendor gave permission to publish vulnerability information.


wtf is this?

who cares if v3nd0r gives permission or not?

irresponsible v3nd0r tries to rob hard working responsible exploit writer?

-- 
where do you want bill gates to go today?

























junk
 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] HTTP AUTH BASIC monowall.

[Gary E. Miller]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Yo Simon!

On Thu, 16 Mar 2006, Simon Smith wrote:

 Encoding a username and password combination using base64 is not
 secure, but, I understand why it is encoded in base64. Having said that,
 I am trying to discover/create an alternate method for authentication
 that is secure even if the SSL pipe is compromised.

If you do not like HTTP AUTH in SSL then why not just step up to HTTP
AUTH DIGEST?

http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html

RGDS
GARY
- ---
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
[EMAIL PROTECTED]  Tel:+1(541)382-8588

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQFEGZvp8KZibdeR3qURAu3+AKD3GWCYBGSSKTDPtrEyWFXsb4AnvACgoPbS
Zosdi9zPVZO25tsl8nGsRkM=
=8/g1
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] HTTP AUTH BASIC monowall

[Valdis . Kletnieks]

On Wed, 15 Mar 2006 15:14:47 EST, Brian Eaton said:
 tim-security at sentinelchicken.org wrote:

 How trustworthy are the CA certificates included in the average browser?
 
 There are a couple of dozen CA certificates shipped with my browser.
 Some of the vendors associated with these CA certificates offer to
 give me a certificate for my web site in 10 minutes or less for a
 couple of hundred dollars.
 
 This sounds like a really ripe opportunity for social engineering to me.

Been there, done that already.  There was a phishing run a while ago,
the guys even had a functional SSL cert for www.mountain-america.net (the
actual bank was mntamerica.net or something like that..)

Only real solution there is to get a good grip on what a CA is actually
certifying, which is a certain (usually very minimal) level of
*authentication*. They're certifying that somebody convinced them that the cert
was for who they claimed it was for.  That's it.  Anybody who attaches any
*other* meaning to it is making a big mistake.  In particular, authorization
is totally out-of-scope here

You are now talking to the site that one of the CAs you trust thinks belongs
to Frobozz, Inc..

If you don't trust that CA's judgment, you better heave their root cert 
overboard...



pgpyUf62onYBR.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Yahoo recommends you write down account information

[Valdis . Kletnieks]

On Thu, 16 Mar 2006 06:21:14 PST, n3td3v group said:
 The issue of printouts isn't a problem for home users as the other poster
 mentioned, The threat comes more in small business and large corporations.

Actually, the issue of printouts *is* a problem for home users - dumpster diving
is a major source of identity theft.  The single biggest leakage is all those
credit card applications you turned down, just due to the sheer volume.  
However,
if the diver can score a printout from your online banking, they're probably 
golden,
because then they have name, address, and probably account number all right 
there.


pgpiqlanzZMTg.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] !ADVISORY! + +Thu Mar 16 13:23:16 EST 2006+ + Integer Overflow in Snort

[exibar]

!ADVISORY! + +Thu Mar 16 13:23:16 EST 2006+ + Integer Overflow in Snort




==
I. BACKGROUND
There has had been no background.
==
II. WORKAROUND
This advisory had no identified workarounds on this issue.
==
APPENDIX A VENDOR INFORMATION
http://www.snort.org/

==
APPENDIX B REFERENCES
RFC 8484

==
CONTACT
Exibar [EMAIL PROTECTED]

CISSP GSAE CSFA SSP-CNSA SSP-MPA GHTQ SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -ADVISORY- % =Thu Mar 16 13:23:37 EST 2006= % Buffer Overflow in Microsoft Access

[umphress]

-ADVISORY- % =Thu Mar 16 13:23:37 EST 2006= % Buffer Overflow in Microsoft 
Access





8===D CVE Information

The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-172087 to this issue




Contact

Chris Umphress [EMAIL PROTECTED]
1-888-565-9428
BEWARE THE JIZZTAPO!!!

..
_ .' `.
   /\)
  / /
 / /   /\
 \ \  /  \
  _   \ \/ /\ \
 (/\   \  /  \ \
  \ \  /  \   (Y )
   \ \/ /\ \   
\  /  \ \
 \/   / /
 / /
( Y)
 


GSAE CCE GREM SSP-CNSA SSP-MPA GWAS CAP SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -advisory- $ -Thu Mar 16 13:26:19 EST 2006- $ Local Privilege Escalation Vulnerability in Microsoft Excel

[forensis . technica]

-advisory- $ -Thu Mar 16 13:26:19 EST 2006- $ Local Privilege Escalation 
Vulnerability in Microsoft Excel




+
1. BACKGROUND
This issue had no identified background.
+
2. WORKAROUND
This problem has no workarounds on the vulnerability.
+
3. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-533731 to this issue

+
APPENDIX A VENDOR INFORMATION
http://www.microsoft.com

+
APPENDIX B REFERENCES
RFC 5609

+
CONTACT
Technica Forensis [EMAIL PROTECTED]

CEH CSFA SSP-CNSA GIPS GHTQ GWAS SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -ADVISORY- ~ x Thu Mar 16 13:26:26 EST 2006 x ~ Directory Transversal in Microsoft Excel

[michealespinola]

-ADVISORY- ~ x Thu Mar 16 13:26:26 EST 2006 x ~ Directory Transversal in 
Microsoft Excel




o/ 卍 BACKGROUND
There was no background commentary about the issue.
卍 \o WORKAROUND
There has been no identified workarounds.
o/ 卍 CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-596192 to this issue

APPENDIX A VENDOR INFORMATION
http://www.microsoft.com

APPENDIX B REFERENCES
RFC 6768

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -ADVISORY- * +Thu Mar 16 13:27:06 EST 2006+ * DoS Vulnerability in VMware

[devdas]

-ADVISORY- * +Thu Mar 16 13:27:06 EST 2006+ * DoS Vulnerability in VMware





1. Background

There was no background.

2. History

0/2/2006 - Vendor Reply.
16/3/2006 - Public Disclosure.

3. Workaround

This problem had no workarounds for this issue in question.

4. Vendor Response

VMware is presented no information.

5. CVE Information

The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-162700 to this issue




Contact

Devdas Bhagat [EMAIL PROTECTED]
1-888-565-9428
BEWARE THE JIZZTAPO!!!

..
_ .' `.
   /\)
  / /
 / /   /\
 \ \  /  \
  _   \ \/ /\ \
 (/\   \  /  \ \
  \ \  /  \   (Y )
   \ \/ /\ \   
\  /  \ \
 \/   / /
 / /
( Y)
 


CISSP CCE CEH GHTQ SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -Advisory- % x Thu Mar 16 13:27:25 EST 2006 x % Heap Overflow in ISC DHCP

[dowlingg]

-Advisory- % x Thu Mar 16 13:27:25 EST 2006 x % Heap Overflow in ISC DHCP




===
I. Workaround
===
This issue had no workarounds regarding the vulnerability at hand.
===
II. CVE Information
===
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-557111 to this issue



===
Contact
===
Dowling, Gabrielle [EMAIL PROTECTED]

CISSP CCE CSFA SSP-CNSA CAP SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] !ADVISORY! | +Thu Mar 16 13:28:55 EST 2006+ | Buffer Overflow in Microsoft Office

[ascii]

!ADVISORY! | +Thu Mar 16 13:28:55 EST 2006+ | Buffer Overflow in Microsoft 
Office




8D~~
8===D VENDOR RESPONSE
8D~~
Microsoft Office was presented no identified explanation.
8D~~
8===D CVE INFORMATION
8D~~
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-396560 to this issue

8D~~
APPENDIX A VENDOR INFORMATION
8D~~
http://www.microsoft.com

8D~~
APPENDIX B REFERENCES
8D~~
RFC 8812

8D~~
CONTACT
8D~~
ascii [EMAIL PROTECTED]
1-888-565-9428

CISSP CCE GIPS GHTQ GWAS CAP SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Advisory - [Thu Mar 16 13:29:19 EST 2006] - Off-by-one in Microsoft Windows 2000

[randallm]

Advisory - [Thu Mar 16 13:29:19 EST 2006] - Off-by-one in Microsoft Windows 2000




-
1. BACKGROUND
This product has no background commentary about the issue at hand.
-
2. DESCRIPTION
It is possible to make Microsoft Windows 2000 crash by the use of malformed 
input.

-
3. HISTORY
1-1-2006 - Vendor Notification.
16-3-2006 - Public Disclosure.
-
4. VENDOR RESPONSE
Microsoft Windows 2000 has had extended no commentary.
-
5. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-852970 to this issue



-
CONTACT
Randall M [EMAIL PROTECTED]
1-888-565-9428

CISSP CCE CEH SSP-MPA GIPS GHTQ 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Advisory] $ =Thu Mar 16 13:30:03 EST 2006= $ Directory Transversal in Microsoft PowerPoint

[listuser]

[Advisory] $ =Thu Mar 16 13:30:03 EST 2006= $ Directory Transversal in 
Microsoft PowerPoint




==
[+] BACKGROUND
There is no background.
==
[+] DESCRIPTION
Remote exploitation of a directory traversal vulnerability in Microsoft 
PowerPoint could allow attackers to overwrite or view arbitrary files with 
user-supplied contents.

==
[+] HISTORY
2/25/2006 [+] Vendor Notification.
3/16/2006 [+] Public Disclosure.
==
[+] WORKAROUND
There had been no workarounds.
==
[+] VENDOR RESPONSE
Microsoft PowerPoint had offered no identified information about this issue.
==
[+] CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-66324 to this issue


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ADVISORY] ~ [Thu Mar 16 13:30:20 EST 2006] ~ Directory Transversal in Microsoft Windows XP

[horatiu]

[ADVISORY] ~ [Thu Mar 16 13:30:20 EST 2006] ~ Directory Transversal in 
Microsoft Windows XP




1. DESCRIPTION
Remote exploitation of a directory traversal vulnerability in Microsoft Windows 
XP could allow attackers to overwrite or view arbitrary files with 
user-supplied contents.

2. HISTORY
2-24-2006 - Vendor Notification.
3-16-2006 - Public Disclosure.
3. WORKAROUND
This problem had no workarounds.


CONTACT
Horatiu Bandoiu [EMAIL PROTECTED]
1-888-565-9428
BEWARE THE JIZZTAPO!!!

..
_ .' `.
   /\)
  / /
 / /   /\
 \ \  /  \
  _   \ \/ /\ \
 (/\   \  /  \ \
  \ \  /  \   (Y )
   \ \/ /\ \   
\  /  \ \
 \/   / /
 / /
( Y)
 


CISSP CCE CSFA SSP-MPA GHTQ 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] !ADVISORY! - x Thu Mar 16 13:30:36 EST 2006 x - DoS Vulnerability in ISC DHCP

[jasonc]

!ADVISORY! - x Thu Mar 16 13:30:36 EST 2006 x - DoS Vulnerability in ISC DHCP




--
o/ 卍 BACKGROUND
--
This vulnerability has no identified background commentary on this problem at 
hand.
--
卍 \o VENDOR RESPONSE
--
ISC DHCP had offered no explanation about the vulnerability at hand.
--
APPENDIX A VENDOR INFORMATION
--
http://www.isc.org/index.pl?/sw/dhcp/



--
CONTACT
--
Jason Coombs [EMAIL PROTECTED]

CCE CEH GIPS GHTQ 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] !ADVISORY! | =Thu Mar 16 13:29:35 EST 2006= | Heap Overflow in VMware

[michael . hale]

!ADVISORY! | =Thu Mar 16 13:29:35 EST 2006= | Heap Overflow in VMware





[+] DESCRIPTION

It is possible to make VMware crash or run arbitrary code by the use of 
malformed input.


[+] WORKAROUND

This problem had no identified workarounds.

[+] VENDOR RESPONSE

VMware had offered no identified commentary on the issue at hand.



CONTACT

Michael Hale [EMAIL PROTECTED]
1-888-565-9428
BEWARE THE JIZZTAPO!!!

..
_ .' `.
   /\)
  / /
 / /   /\
 \ \  /  \
  _   \ \/ /\ \
 (/\   \  /  \ \
  \ \  /  \   (Y )
   \ \/ /\ \   
\  /  \ \
 \/   / /
 / /
( Y)
 


CISSP GSAE CSFA GREM GIPS GWAS 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Advisory | =Thu Mar 16 13:29:46 EST 2006= | Local Privilege Escalation Vulnerability in AOL Client Software

[security]

Advisory | =Thu Mar 16 13:29:46 EST 2006= | Local Privilege Escalation 
Vulnerability in AOL Client Software




1. HISTORY
2-14-2006 - Vendor Notification.
3-16-2006 - Public Disclosure.
2. VENDOR RESPONSE
AOL Client Software has offered no commentary.
3. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-538369 to this issue

APPENDIX A VENDOR INFORMATION
http://www.aol.com

APPENDIX B REFERENCES
RFC 5656

CONTACT
[EMAIL PROTECTED] [EMAIL PROTECTED]

GSAE CEH SSP-MPA GWAS CAP SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Advisory] | =Thu Mar 16 13:31:18 EST 2006= | DoS Vulnerability in AOL Client Software

[mducharme]

[Advisory] | =Thu Mar 16 13:31:18 EST 2006= | DoS Vulnerability in AOL Client 
Software




o/ 卍 HISTORY
27-1-2006 o/ Vendor Notification.
24-2-2006 o/ Vendor Reply.
16-3-2006 o/ Public Disclosure.
卍 \o VENDOR RESPONSE
AOL Client Software has presented no information on this vulnerability in 
question.
o/ 卍 CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-648225 to this issue


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Advisory - =Thu Mar 16 13:31:54 EST 2006= - Directory Transversal in ISC BIND

[dlcmacosx]

Advisory - =Thu Mar 16 13:31:54 EST 2006= - Directory Transversal in ISC BIND




I. HISTORY
3/16/2006 - Public Disclosure.
II. WORKAROUND
This advisory has no workarounds for the vulnerability at hand.
III. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-729412 to this issue


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Advisory] * [Thu Mar 16 13:32:05 EST 2006] * Directory Transversal in Ethereal

[prb]

[Advisory] * [Thu Mar 16 13:32:05 EST 2006] * Directory Transversal in Ethereal





o/ 卍 CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-237363 to this issue


APPENDIX A VENDOR INFORMATION

http://www.ethereal.com/


APPENDIX B REFERENCES

RFC 1510

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -Advisory- # +Thu Mar 16 13:34:39 EST 2006+ # DoS Vulnerability in ISC INN

[tebodell]

-Advisory- # +Thu Mar 16 13:34:39 EST 2006+ # DoS Vulnerability in ISC INN






=
Contact
=
Ty Bodell [EMAIL PROTECTED]
1-888-565-9428
BEWARE THE JIZZTAPO!!!

..
_ .' `.
   /\)
  / /
 / /   /\
 \ \  /  \
  _   \ \/ /\ \
 (/\   \  /  \ \
  \ \  /  \   (Y )
   \ \/ /\ \   
\  /  \ \
 \/   / /
 / /
( Y)
 


CISSP GSAE CEH GHTQ GWAS 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Advisory $ x Thu Mar 16 13:35:11 EST 2006 x $ Buffer Overflow in Microsoft Office

[atarasco]

Advisory $ x Thu Mar 16 13:35:11 EST 2006 x $ Buffer Overflow in Microsoft 
Office




++
[+] Description
++
It is possible to make Microsoft Office crash or run arbitrary code by the use 
of malformed input.

++
[+] Workaround
++
There was no workarounds.


++
Contact
++
Andres Tarasco [EMAIL PROTECTED]

CISSP GSAE CSFA GREM SSP-MPA GHTQ GWAS SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -Advisory- ~ x Thu Mar 16 13:35:18 EST 2006 x ~ Directory Transversal in ISC NTP

[sixsigma98]

-Advisory- ~ x Thu Mar 16 13:35:18 EST 2006 x ~ Directory Transversal in ISC NTP




o/ 卍 Background
This product had no background commentary on this product in question.
卍 \o History
26-1-2006 o/ Vendor Notification.
16-3-2006 o/ Public Disclosure.
o/ 卍 Workaround
This problem had no identified workarounds.
卍 \o Vendor Response
ISC NTP has extended no explanation.


Contact
Ray P [EMAIL PROTECTED]

CCE CSFA GREM SSP-CNSA GHTQ GWAS CAP SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ADVISORY] | =Thu Mar 16 13:35:25 EST 2006= | Off-by-one in Microsoft Word

[nodialtone]

[ADVISORY] | =Thu Mar 16 13:35:25 EST 2006= | Off-by-one in Microsoft Word




[+] Background
There was no identified background.
[+] History
29-1-2006 [+] Vendor Notification.
8-2-2006 [+] Vendor Reply.
16-3-2006 [+] Public Disclosure.
[+] Vendor Response
Microsoft Word has presented no explanation.
Appendix A Vendor Information
http://www.microsoft.com

Appendix B References
RFC 3763

Contact
nodialtone [EMAIL PROTECTED]
1-888-565-9428
BEWARE THE JIZZTAPO!!!

..
_ .' `.
   /\)
  / /
 / /   /\
 \ \  /  \
  _   \ \/ /\ \
 (/\   \  /  \ \
  \ \  /  \   (Y )
   \ \/ /\ \   
\  /  \ \
 \/   / /
 / /
( Y)
 


GSAE CCE CEH CSFA SSP-CNSA SSP-MPA CAP SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] !ADVISORY! % x Thu Mar 16 13:32:15 EST 2006 x % Directory Transversal in ISC BIND

[jei]

!ADVISORY! % x Thu Mar 16 13:32:15 EST 2006 x % Directory Transversal in ISC 
BIND





APPENDIX A VENDOR INFORMATION
http://www.isc.org/index.pl?/sw/bind/


APPENDIX B REFERENCES
RFC 1593


CONTACT
Jei [EMAIL PROTECTED]

GSAE CCE CEH CSFA GREM SSP-CNSA GIPS GHTQ GWAS CAP SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] -ADVISORY- % =Thu Mar 16 13:23:37 EST 2006= % Buffer Overflow in Microsoft Access

[A . L . M . Buxey]

Hi,

oh. more of this crap.

let me guess...another open relay. its like 1994 all over again. could
the owner of 85-31-186-26.blue.kundencontroller.de - aka unixgu.ru
sort out their system? ESMTP Sendmail 8.13.4 isnt too difficult to
manage as a 'guru'

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Advisory % =Thu Mar 16 13:35:36 EST 2006= % Local Privilege Escalation Vulnerability in ISC INN

[lpf]

Advisory % =Thu Mar 16 13:35:36 EST 2006= % Local Privilege Escalation 
Vulnerability in ISC INN




I. Background
This product had no identified background information regarding the 
vulnerability indentified.
II. Description
ISC INN incorrectly validates user input, making privilege escalation possible.

III. Workaround
There are no workarounds.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -Advisory- - [Thu Mar 16 13:35:44 EST 2006] - Off-by-one in ISC INN

[evdo . hsdpa]

-Advisory- - [Thu Mar 16 13:35:44 EST 2006] - Off-by-one in ISC INN




8==D~~
o/ 卍 DESCRIPTION
8==D~~
It is possible to make ISC INN crash by the use of malformed input.

8==D~~
卍 \o HISTORY
8==D~~
1-26-2006 o/ Vendor Reply.
3-16-2006 o/ Public Disclosure.
8==D~~
o/ 卍 WORKAROUND
8==D~~
There was no identified workarounds.
8==D~~
卍 \o CVE INFORMATION
8==D~~
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-447942 to this issue

8==D~~
APPENDIX A VENDOR INFORMATION
8==D~~
http://www.isc.org/index.pl?/sw/inn/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Advisory] $ +Thu Mar 16 13:35:57 EST 2006+ $ Directory Transversal in Microsoft Windows 2003

[frick]

[Advisory] $ +Thu Mar 16 13:35:57 EST 2006+ $ Directory Transversal in 
Microsoft Windows 2003




===
[+] BACKGROUND
===
There has had been no background commentary about the product at hand.
===
[+] DESCRIPTION
===
Remote exploitation of a directory traversal vulnerability in Microsoft Windows 
2003 could allow attackers to overwrite or view arbitrary files with 
user-supplied contents.

===
[+] HISTORY
===
0/1/2006 [+] Vendor Notification.
26/2/2006 [+] Vendor Reply.
16/3/2006 [+] Public Disclosure.
===
[+] WORKAROUND
===
This advisory had no identified workarounds.
===
[+] VENDOR RESPONSE
===
Microsoft Windows 2003 has offered no commentary about this problem indentified.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ADVISORY] | -Thu Mar 16 13:37:09 EST 2006- | Directory Transversal in ISC INN

[sixsigma98]

[ADVISORY] | -Thu Mar 16 13:37:09 EST 2006- | Directory Transversal in ISC INN




===
1. Background
===
There has had been no background commentary on this problem indentified.
===
2. Description
===
Remote exploitation of a directory traversal vulnerability in ISC INN could 
allow attackers to overwrite or view arbitrary files with user-supplied 
contents.

===
3. History
===
2-26-2006 - Vendor Notification.
1-15-2006 - Vendor Reply.
3-16-2006 - Public Disclosure.
===
4. Workaround
===
This vulnerability has no identified workarounds.
===
5. CVE Information
===
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-665571 to this issue

===
Appendix A Vendor Information
===
http://www.isc.org/index.pl?/sw/inn/

===
Appendix B References
===
RFC 1100

===
Contact
===
Ray P [EMAIL PROTECTED]
1-888-565-9428

GSAE GREM SSP-CNSA SSP-MPA GIPS GHTQ 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -ADVISORY- * +Thu Mar 16 13:37:44 EST 2006+ * Directory Transversal in Apple iTunes

[pwicks]

-ADVISORY- * +Thu Mar 16 13:37:44 EST 2006+ * Directory Transversal in Apple 
iTunes




8==D~~~
1. Background
8==D~~~
This issue had no background.
8==D~~~
2. Description
8==D~~~
Remote exploitation of a directory traversal vulnerability in Apple iTunes 
could allow attackers to overwrite or view arbitrary files with user-supplied 
contents.

8==D~~~
3. Vendor Response
8==D~~~
Apple iTunes has extended no identified information regarding this issue at 
hand.
8==D~~~
Appendix A Vendor Information
8==D~~~
http://www.apple.com/itunes/

8==D~~~
Appendix B References
8==D~~~
RFC 6496

8==D~~~
Contact
8==D~~~
James Patterson Wicks [EMAIL PROTECTED]
1-888-565-9428

GSAE CCE CEH SSP-MPA GIPS GHTQ GWAS SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Advisory] | [Thu Mar 16 13:38:05 EST 2006] | Off-by-one in ISC DHCP

[stan . bubrouski]

[Advisory] | [Thu Mar 16 13:38:05 EST 2006] | Off-by-one in ISC DHCP




1. DESCRIPTION
It is possible to make ISC DHCP crash by the use of malformed input.

2. WORKAROUND
This advisory has no workarounds regarding the vulnerability.
3. VENDOR RESPONSE
ISC DHCP had extended no explanation regarding this issue.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -ADVISORY- ~ =Thu Mar 16 13:39:26 EST 2006= ~ Heap Overflow in Apple MacOSX

[umphress]

-ADVISORY- ~ =Thu Mar 16 13:39:26 EST 2006= ~ Heap Overflow in Apple MacOSX




8D
I. DESCRIPTION
It is possible to make Apple MacOSX crash or run arbitrary code by the use of 
malformed input.

8D
II. VENDOR RESPONSE
Apple MacOSX has presented no information on the problem indentified.
8D
III. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-295259 to this issue

8D
APPENDIX A VENDOR INFORMATION
http://www.apple.com/macosx/



8D
CONTACT
Chris Umphress [EMAIL PROTECTED]
1-888-565-9428
BEWARE THE JIZZTAPO!!!

..
_ .' `.
   /\)
  / /
 / /   /\
 \ \  /  \
  _   \ \/ /\ \
 (/\   \  /  \ \
  \ \  /  \   (Y )
   \ \/ /\ \   
\  /  \ \
 \/   / /
 / /
( Y)
 


GREM GHTQ GWAS SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Advisory - =Thu Mar 16 13:39:35 EST 2006= - Buffer Overflow in Dantz Retrospect

[guirad_g]

Advisory - =Thu Mar 16 13:39:35 EST 2006= - Buffer Overflow in Dantz Retrospect





1. Description
It is possible to make Dantz Retrospect crash or run arbitrary code by the use 
of malformed input.


2. Vendor Response
Dantz Retrospect has offered no information on the problem indentified.

3. CVE Information
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-21362 to this issue


Appendix A Vendor Information
http://www.dantz.com


Appendix B References
RFC 5455


Contact
ggfirst [EMAIL PROTECTED]
1-888-565-9428

CISSP GSAE CCE CEH CSFA SSP-CNSA SSP-MPA GIPS GHTQ GWAS CAP SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -advisory- $ -Thu Mar 16 13:39:46 EST 2006- $ Off-by-one in ISC NTP

[lifesaver68]

-advisory- $ -Thu Mar 16 13:39:46 EST 2006- $ Off-by-one in ISC NTP




---
o/ 卍 Description
---
It is possible to make ISC NTP crash by the use of malformed input.

---
卍 \o History
---
27-1-2006 o/ Vendor Notification.
29-2-2006 o/ Vendor Reply.
16-3-2006 o/ Public Disclosure.
---
o/ 卍 Vendor Response
---
ISC NTP is presented no identified information.
---
卍 \o CVE Information
---
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-308510 to this issue

---
Appendix A Vendor Information
---
http://www.isc.org/index.pl?/sw/ntp/

---
Appendix B References
---
RFC 4599

---
Contact
---
adnan habib [EMAIL PROTECTED]
1-888-565-9428

CISSP GSAE CCE GREM SSP-MPA GIPS GHTQ 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ADVISORY] | +Thu Mar 16 13:37:19 EST 2006+ | Local Privilege Escalation Vulnerability in Microsoft Office

[jnduncan]

[ADVISORY] | +Thu Mar 16 13:37:19 EST 2006+ | Local Privilege Escalation 
Vulnerability in Microsoft Office




++
8===D Workaround
This issue has no identified workarounds.
++
8===D Vendor Response
Microsoft Office has presented no identified explanation regarding the issue 
indentified.
++
Appendix A Vendor Information
http://www.microsoft.com

++
Appendix B References
RFC 2116

++
Contact
Jim Duncan [EMAIL PROTECTED]

CEH CSFA SSP-CNSA GIPS 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -advisory- $ x Thu Mar 16 13:39:58 EST 2006 x $ Off-by-one in Microsoft Excel

[jasonc]

-advisory- $ x Thu Mar 16 13:39:58 EST 2006 x $ Off-by-one in Microsoft Excel




-
8===D WORKAROUND
-
This advisory had no identified workarounds for this vulnerability.
-
8===D CVE INFORMATION
-
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-346455 to this issue


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] ADVISORY + +Thu Mar 16 13:41:17 EST 2006+ + Buffer Overflow in Apple iTunes

[slamboy]

ADVISORY + +Thu Mar 16 13:41:17 EST 2006+ + Buffer Overflow in Apple iTunes




1. Background
There has been no identified background information on this problem indentified.
2. Vendor Response
Apple iTunes has offered no information regarding this vulnerability.
Appendix A Vendor Information
http://www.apple.com/itunes/

Appendix B References
RFC 9619

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -ADVISORY- + [Thu Mar 16 13:41:45 EST 2006] + Local Privilege Escalation Vulnerability in Apple iTunes

[sikurezza]

-ADVISORY- + [Thu Mar 16 13:41:45 EST 2006] + Local Privilege Escalation 
Vulnerability in Apple iTunes




8===D~~
[+] DESCRIPTION
8===D~~
Apple iTunes incorrectly validates user input, making privilege escalation 
possible.

8===D~~
[+] WORKAROUND
8===D~~
This vulnerability had no workarounds.
8===D~~
[+] VENDOR RESPONSE
8===D~~
Apple iTunes is offered no identified commentary regarding this problem at hand.
8===D~~
APPENDIX A VENDOR INFORMATION
8===D~~
http://www.apple.com/itunes/



8===D~~
CONTACT
8===D~~
[EMAIL PROTECTED] [EMAIL PROTECTED]

GSAE CCE CEH CSFA SSP-CNSA GIPS GHTQ CAP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -ADVISORY- % -Thu Mar 16 13:41:58 EST 2006- % Off-by-one in ISC INN

[Valdis . Kletnieks]

-ADVISORY- % -Thu Mar 16 13:41:58 EST 2006- % Off-by-one in ISC INN




8D~~
1. BACKGROUND
8D~~
This product has no identified background information on the issue in question.
8D~~
2. DESCRIPTION
8D~~
It is possible to make ISC INN crash by the use of malformed input.

8D~~
3. HISTORY
8D~~
0-1-2006 - Vendor Notification.
16-3-2006 - Public Disclosure.
8D~~
4. CVE INFORMATION
8D~~
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-101228 to this issue

8D~~
APPENDIX A VENDOR INFORMATION
8D~~
http://www.isc.org/index.pl?/sw/inn/

8D~~
APPENDIX B REFERENCES
8D~~
RFC 6096

8D~~
CONTACT
8D~~
[EMAIL PROTECTED] [EMAIL PROTECTED]

CEH GREM SSP-CNSA SSP-MPA GWAS CAP SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Advisory] + +Thu Mar 16 13:42:07 EST 2006+ + Buffer Overflow in Microsoft PowerPoint

[perfectirijillo]

[Advisory] + +Thu Mar 16 13:42:07 EST 2006+ + Buffer Overflow in Microsoft 
PowerPoint




o/ 卍 Description
It is possible to make Microsoft PowerPoint crash or run arbitrary code by the 
use of malformed input.

卍 \o Workaround
There was no identified workarounds on the vulnerability at hand.
o/ 卍 CVE Information
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-530471 to this issue



Contact
J u a n [EMAIL PROTECTED]

GSAE CCE CEH SSP-CNSA SSP-MPA GIPS 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ADVISORY] - -Thu Mar 16 13:43:24 EST 2006- - DoS Vulnerability in Microsoft Windows 2003

[forensis . technica]

[ADVISORY] - -Thu Mar 16 13:43:24 EST 2006- - DoS Vulnerability in Microsoft 
Windows 2003




+
8===D Vendor Response
+
Microsoft Windows 2003 is extended no identified commentary.
+
8===D CVE Information
+
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-453521 to this issue



+
Contact
+
Technica Forensis [EMAIL PROTECTED]

CISSP GREM SSP-CNSA GHTQ GWAS CAP SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -ADVISORY- # =Thu Mar 16 13:44:30 EST 2006= # Heap Overflow in Microsoft Windows XP

[ahaning]

-ADVISORY- # =Thu Mar 16 13:44:30 EST 2006= # Heap Overflow in Microsoft 
Windows XP




+
I. History
1/20/2006 - Vendor Reply.
3/16/2006 - Public Disclosure.
+
II. Workaround
This vulnerability has no workarounds regarding the issue indentified.
+
III. Vendor Response
Microsoft Windows XP has offered no information.
+
IV. CVE Information
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-847841 to this issue


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ADVISORY] - x Thu Mar 16 13:44:47 EST 2006 x - Integer Overflow in VMware

[pigrelax]

[ADVISORY] - x Thu Mar 16 13:44:47 EST 2006 x - Integer Overflow in VMware




8D~~
o/ 卍 DESCRIPTION
8D~~
VMware incorrectly parses integer data, and this can be used to execute 
arbitrary code.

8D~~
卍 \o CVE INFORMATION
8D~~
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-529309 to this issue



8D~~
CONTACT
8D~~
alex [EMAIL PROTECTED]

CCE CEH CSFA GREM SSP-CNSA GIPS GWAS CAP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -ADVISORY- + -Thu Mar 16 13:44:56 EST 2006- + Heap Overflow in VMware

[ngiles]

-ADVISORY- + -Thu Mar 16 13:44:56 EST 2006- + Heap Overflow in VMware






++
Contact
++
mike king [EMAIL PROTECTED]

CISSP GSAE CCE SSP-CNSA CAP SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] -ADVISORY- - -Thu Mar 16 13:45:04 EST 2006- - Integer Overflow in Snort

[pablorolon]

-ADVISORY- - -Thu Mar 16 13:45:04 EST 2006- - Integer Overflow in Snort




[+] Background
This issue has no identified background.
[+] History
2/19/2006 [+] Vendor Notification.
3/16/2006 [+] Public Disclosure.


Contact
Pablo A. Rolon [EMAIL PROTECTED]
1-888-565-9428
BEWARE THE JIZZTAPO!!!

..
_ .' `.
   /\)
  / /
 / /   /\
 \ \  /  \
  _   \ \/ /\ \
 (/\   \  /  \ \
  \ \  /  \   (Y )
   \ \/ /\ \   
\  /  \ \
 \/   / /
 / /
( Y)
 


CISSP GSAE CSFA GREM GIPS GHTQ 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] ADVISORY + x Thu Mar 16 13:45:38 EST 2006 x + Heap Overflow in ISC OpenReg

[exploits]

ADVISORY + x Thu Mar 16 13:45:38 EST 2006 x + Heap Overflow in ISC OpenReg




8=D
1. BACKGROUND
8=D
There has had been no identified background commentary on this issue in 
question.
8=D
2. CVE INFORMATION
8=D
The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2006-702067 to this issue

8=D
APPENDIX A VENDOR INFORMATION
8=D
http://www.isc.org/index.pl?/sw/openreg/

8=D
APPENDIX B REFERENCES
8=D
RFC 4279

8=D
CONTACT
8=D
ZATAZ Audits [EMAIL PROTECTED]
1-888-565-9428
BEWARE THE JIZZTAPO!!!

..
_ .' `.
   /\)
  / /
 / /   /\
 \ \  /  \
  _   \ \/ /\ \
 (/\   \  /  \ \
  \ \  /  \   (Y )
   \ \/ /\ \   
\  /  \ \
 \/   / /
 / /
( Y)
 


GSAE CEH CSFA SSP-MPA GIPS CAP SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/