Re: [Full-disclosure] Month Of Hackerrats Bugs
Well, in response: 1) If the Month of BS that you are spraying is all you can contribute to the security community, you are leagues behind Jericho who heads the OSVDB, VIM and does many other countless things, tirelessly day in and day out. 2) Who cares? If the FBI or RCMP (in my case from Canada) comes knocking at my door, and they ask Hey, we know script kiddie XYZ sent you details on how they bypassed the Net Nanny filters at their high school. I wouldn't lose any sleep handing out info, I doubt neither would you. 3) No one is really sure what you are after here? Most people, like HD, did the month of.. To open the eyes of vendors, fame, tool releases, etc. This seems strange? Maybe lame responses like my own are the reason why? Aside from that, you are barking up the wrong tree going after Jericho.. JS Following suit to the month of bugs - we are pleased to announce the disclosures of cooperating snitches liars and conmen in the industry. We present our second Hackerrat with an eye opening Jericho Jericho (Brian Martin) and his cohorts at the website Attrition were at one time mining hacker information for the FBI. They will swear they didn%u2019t an offer a barrage of verbally crafted nonsense to deter the truth about their actions, but we know better. This information or (Disinformation) comes via an earlier write up on the Hackerrat terrorist known as Mark Maiffret and eEye Security. So how does Jericho tie into eEye anyway? Simple he does so via way of Dale Coddington aka Punkis who worked at eEye. Snitches of a feather flock together. See it worked like this, once upon a time there was #dc-stuff, no wait, some may not be ready for that. krystlia, malvu and other miscreants . Anynow there was Brian Martin hacking the NYTimes as HFG. (don%u2019t worry Martin, I believe the US has a statute of limitations). Never to be discovered perhaps because Adam Penenburg would never disclose it, and perhaps because Martin had some decent friends like Carole Fennelly. Why does Jericho insist he never cooperated with the feds nor disclosed any information to them. The truth is in front of most, but most care not to look at the truth. Ask yourself logically, search any search engine, Lexis Nexis, Google, find one instance of a case of federal agents raiding someone's home and walking out without a suspect. You'd have better luck getting struck by lightning. So what happened after FBI agents raided Martin's house once upon a time? Truth be told, he cooperated with authorities and provided them with log records for moronic developmentally challenged idiots who were sending him proof of their hacks. Thinks this is propaganda? Brian Martin's information is publicly available via what is known in the United States as the Freedom of Information Act. It is highly unlikely he'd appreciate this disclosure since he would somehow have to prove everyone else except him is lying. He would have to come back with discourse on how the government is out to get him by carefully, selectively and willfully injecting disinformation into his life records. Not plausible. So a huge greeting to the federal snitch known as Jericho and his gang of buddies at Attrition. This month's second biggest federal snitch. http://hackerwars.blogsome.com/ - Brought to you by Footard: http://www.footard.com Please report spam to [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ShAnKaR: Simle machines forum CAPTCHA bypass and PHP injection
Dear [EMAIL PROTECTED],
ShAnKaR shankar at shankar.name reported vulnerabilities in Simple
Machines Forum 1.1.2 (aka SMF) http://www.simplemachines.org/
Original advisory (in Russian):
http://securityvulns.ru/Rdocument271.html
1. Weak sound-based CAPTCHA protection
In this engine sound CAPTCHA based automated registration protection
is implemented with a WAV file, generated by concatenation of few
different sound files. Developers use WAV file randomization, but
this randomization is insufficient and can be bypassed by
bruteforcing with known sound templates.
[EMAIL PROTECTED] smfh]$ ./captcha.pl http://localhost/smf/
nnrbv
created in 1.41827201843262 seconds
[EMAIL PROTECTED] smfh]$ ./captcha.pl http://localhost/smf/
vpubu
created in 1.49515509605408 seconds
[EMAIL PROTECTED] smfh]$ ./captcha.pl http://localhost/smf/
ntfhh
created in 2.31928586959839 seconds
[EMAIL PROTECTED] smfh]$ ./captcha.pl http://localhost/smf/
egudz
created in 0.823321104049683 seconds
As it can be seen, bruteforce usually takes only 1-2 seconds. See
script attached.
2. PHP injection
There is a possibility to execute any PHP code during creation or
editing of forum message.
(no further details is given by advisory author).
--
http://securityvulns.com/
/\_/\
{ , . } |\
+--oQQo-{ ^ }-+ \
| ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
+-o66o--+ /
|/
capcha.pl
Description: Binary data
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Month Of Hackerrats Bugs
I am looking forward to the Month of Lame White Motherfuckers --reference George Carlin Shirkdog ' or 1=1-- http://www.shirkdog.us From: [EMAIL PROTECTED] To: snitches[EMAIL PROTECTED] CC: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Month Of Hackerrats Bugs Date: Mon, 18 Jun 2007 01:24:25 -0400 quite a pleasure to see another well drafted composition to full disclosure. it appears we have quite a real hacker/wanker giving us some wonderful information. i hope the people you reveal had great success in working with the authorities. we should rename this to a month of heros if you should continue. perhaps if you try hard enough you could start a month of not sucking dick but some how i doubt you could succeed in such an endevour. enjoy hiding in the shadows with your useless commentary that no one on here gives a shit about. are you jealous that these people actually have something that you do not,,success and lives? get a bloody life you dumb shit. --jMcD Following suit to the month of bugs - we are pleased to announce the disclosures of cooperating snitches liars and conmen in the industry. We present our second Hackerrat with an eye opening Jericho Jericho (Brian Martin) and his cohorts at the website Attrition were at one time mining hacker information for the FBI. They will swear they didn%u2019t an offer a barrage of verbally crafted nonsense to deter the truth about their actions, but we know better. This information or (Disinformation) comes via an earlier write up on the Hackerrat terrorist known as Mark Maiffret and eEye Security. So how does Jericho tie into eEye anyway? Simple he does so via way of Dale Coddington aka Punkis who worked at eEye. Snitches of a feather flock together. See it worked like this, once upon a time there was #dc- stuff, no wait, some may not be ready for that. krystlia, malvu and other miscreants . Anynow there was Brian Martin hacking the NYTimes as HFG. (don%u2019t worry Martin, I believe the US has a statute of limitations). Never to be discovered perhaps because Adam Penenburg would never disclose it, and perhaps because Martin had some decent friends like Carole Fennelly. Why does Jericho insist he never cooperated with the feds nor disclosed any information to them. The truth is in front of most, but most care not to look at the truth. Ask yourself logically, search any search engine, Lexis Nexis, Google, find one instance of a case of federal agents raiding someone's home and walking out without a suspect. You'd have better luck getting struck by lightning. So what happened after FBI agents raided Martin's house once upon a time? Truth be told, he cooperated with authorities and provided them with log records for moronic developmentally challenged idiots who were sending him proof of their hacks. Thinks this is propaganda? Brian Martin's information is publicly available via what is known in the United States as the Freedom of Information Act. It is highly unlikely he'd appreciate this disclosure since he would somehow have to prove everyone else except him is lying. He would have to come back with discourse on how the government is out to get him by carefully, selectively and willfully injecting disinformation into his life records. Not plausible. So a huge greeting to the federal snitch known as Jericho and his gang of buddies at Attrition. This month's second biggest federal snitch. http://hackerwars.blogsome.com/ - Brought to you by Footard: http://www.footard.com Please report spam to [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Click to lower your debt and consolidate your monthly expenses http://tagline.hushmail.com/fc/CAaCXv1QPRIsBEe9Gbyddq0sRO5wpLyf/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ Need a break? Find your escape route with Live Search Maps. http://maps.live.com/default.aspx?ss=Restaurants~Hotels~Amusement%20Parkcp=33.832922~-117.915659style=rlvl=13tilt=-90dir=0alt=-1000scene=1118863encType=1FORM=MGAC01 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v says second internet exists
On Sun, 17 Jun 2007 04:36:46 +0200, Martin Zimmermann said: not only is the second internet being built incase the first one gets attaced, infact the government plan to eventually switch everyone over to the second internet because its being built with security in mind. Sh, dont tell anybody.. But theres a super secret web 1.0 page for the choosen few. Since everybody knows you are a ûberhacker I guess we better let you in on it.. - http://www.internet2.edu/ .And make sure Actually, that's not the second Internet in case the first one gets whacked. That's just a research network for high-bandwidth communications. The *real* second network could be one or more of: 1) An IPv6-based network, which supposedly includes security. To be honest, the Emperor is wearing some new really slick new threads here - the IPv6 security is basically that the same IPSEC AH/ESP stuff that nobody uses on IPv4 needs to be supported for a compliant IPv6 network stack, while it's an optional for IPv4. Some progress. ;) 2) The networks that DISA and friends run for various parts of the US government. (Hint - Google for 'DISN' - most of the hits on the first page will take you interesting places.) 3) Something else. ;) Hint: Look at the sites listed here: http://www.carrierhotels.com/properties/ and then ask yourself who interconnects at which telco hotels, and who has currently dark fiber capacity into and and out of the cities involved. Remember that for a second internet to be *useful*, it needs connections to all the places that need to be on the second internet. And of course, need is defined by the people paying for the fiber and the routers (you ever *priced* a OC-192 card for a Juniper? Yowza. :) Remember - you don't *have* to be at One Wilshire or the Westin - but if your fiber ends someplace else, the people you want to connect to will have to get fiber to the someplace else... 20 - 30 years ?? Im getting my Internet 2.0 fiber access on monday, but I do know somewbody. Welcome aboard, newcomer - some of us were connected to Abilene last century, and have been on NLR since that got started... ;) pgpu4ujkQOBH6.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CISSP
http://www.cissp.com/store/search.asp?s=%3Cscript%3Ealert(%22Look,mamma, I'm a CISSP!%22)%3C/script%3E ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Month Of Hackerrats Bugs
All, [EMAIL PROTECTED] is just another identity that gobbles aka n3td3v has created as part of his smear campaign against myself and other prominent members of the computer security community. It is best that we just ignore him. This is the only way to make him go away. Thanks, Dr. Neal Krawetz, PhD. http://www.hackerfactor.com/blog/ On Sun, Jun 17, 2007 at 10:44:00PM -0700, J. M. Seitz wrote: Well, in response: 1) If the Month of BS that you are spraying is all you can contribute to the security community, you are leagues behind Jericho who heads the OSVDB, VIM and does many other countless things, tirelessly day in and day out. 2) Who cares? If the FBI or RCMP (in my case from Canada) comes knocking at my door, and they ask Hey, we know script kiddie XYZ sent you details on how they bypassed the Net Nanny filters at their high school. I wouldn't lose any sleep handing out info, I doubt neither would you. 3) No one is really sure what you are after here? Most people, like HD, did the month of.. To open the eyes of vendors, fame, tool releases, etc. This seems strange? Maybe lame responses like my own are the reason why? Aside from that, you are barking up the wrong tree going after Jericho.. JS Following suit to the month of bugs - we are pleased to announce the disclosures of cooperating snitches liars and conmen in the industry. We present our second Hackerrat with an eye opening Jericho Jericho (Brian Martin) and his cohorts at the website Attrition were at one time mining hacker information for the FBI. They will swear they didn%u2019t an offer a barrage of verbally crafted nonsense to deter the truth about their actions, but we know better. This information or (Disinformation) comes via an earlier write up on the Hackerrat terrorist known as Mark Maiffret and eEye Security. So how does Jericho tie into eEye anyway? Simple he does so via way of Dale Coddington aka Punkis who worked at eEye. Snitches of a feather flock together. See it worked like this, once upon a time there was #dc-stuff, no wait, some may not be ready for that. krystlia, malvu and other miscreants . Anynow there was Brian Martin hacking the NYTimes as HFG. (don%u2019t worry Martin, I believe the US has a statute of limitations). Never to be discovered perhaps because Adam Penenburg would never disclose it, and perhaps because Martin had some decent friends like Carole Fennelly. Why does Jericho insist he never cooperated with the feds nor disclosed any information to them. The truth is in front of most, but most care not to look at the truth. Ask yourself logically, search any search engine, Lexis Nexis, Google, find one instance of a case of federal agents raiding someone's home and walking out without a suspect. You'd have better luck getting struck by lightning. So what happened after FBI agents raided Martin's house once upon a time? Truth be told, he cooperated with authorities and provided them with log records for moronic developmentally challenged idiots who were sending him proof of their hacks. Thinks this is propaganda? Brian Martin's information is publicly available via what is known in the United States as the Freedom of Information Act. It is highly unlikely he'd appreciate this disclosure since he would somehow have to prove everyone else except him is lying. He would have to come back with discourse on how the government is out to get him by carefully, selectively and willfully injecting disinformation into his life records. Not plausible. So a huge greeting to the federal snitch known as Jericho and his gang of buddies at Attrition. This month's second biggest federal snitch. http://hackerwars.blogsome.com/ - Brought to you by Footard: http://www.footard.com Please report spam to [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iDefense Security Advisory 06.18.07: Cerulean Studios Trillian UTF-8 Word Wrap Heap Overflow Vulnerability
Cerulean Studios Trillian UTF-8 Word Wrap Heap Overflow Vulnerability iDefense Security Advisory 06.18.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 18, 2007 I. BACKGROUND Trillian is a multi-protocol chat application that supports IRC, ICQ, AIM and MSN protocols. More information can be found on the vendor's site at the following URL. http://www.ceruleanstudios.com/learn II. DESCRIPTION Remote exploitation of a heap overflow vulnerability in Cerulean Studios Trillian Instant Messenger could allow attackers to execute arbitrary code as the currently logged on user. The vulnerability specifically exists due to improper handling of UTF-8 sequences. When word-wrapping UTF-8 text, the window width is improperly used as a buffer size value. As such, heap corruption can occur leading to a potentially exploitable condition. III. ANALYSIS Exploitation of this vulnerability could allow remote attackers to execute arbitrary code with the credentials of the currently logged on user. Exploitation occurs simply by viewing a malicious message that contains a specially constructed UTF-8 string. The MSN protocol is a known attack vector for this vulnerability. However, exploitation could potentially occur using any supported protocol. IV. DETECTION iDefense has confirmed the existence of this vulnerability in Cerulean Studios Trillian 3.1.5.1. Previous versions are suspected to be vulnerable. V. WORKAROUND iDefense is currently unaware of any effective workaround for this issue. VI. VENDOR RESPONSE The Cerulean Studios team has addressed this vulnerability by releasing version 3.1.6.0 of Trillian. More information is available at the Cerulean Studios Blog via the following URL. http://blog.ceruleanstudios.com/?p=150 VII. CVE INFORMATION A Mitre Corp. Common Vulnerabilities and Exposures (CVE) number has not been assigned yet. VIII. DISCLOSURE TIMELINE 05/04/2007 Initial vendor notification 05/04/2007 Initial vendor response 06/18/2007 Coordinated public disclosure IX. CREDIT This vulnerability was reported to iDefense by www.BlurredLogic.com. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2007 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail [EMAIL PROTECTED] for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Harry Potter 0day
* Harry Potter 0day * Dear my brothers, Voldemort killed Hermione. Yes, that's true. And we knew that 2 days ago. This is the end of the not yet published (someone could call that 0day) book Harry Potter and the Deathly Hallows . At the end of the story Hagrid was killed by Snape in the attempt of ambush Hermione and Ron. Ron and Hermione flees in privet drive but Voldermort, surprising them, engaged a magical duel with Ron and Hermione. Voldemort attacked trough the imperius curse and Hermione, to protect the life of Ron fight hardly for more than 6 pages and then finally die. (boring, very boring... it's always the same story!) Then, to make a long story short, Harry came up, killed all the bad guys and Hogwarts against became a good place to stay and have fun. Ah, i missed one important information about Draco Malfoy, he started to create Horcrux (for fun and profit!). The end. Yes, we did it. We did it by following the precious words of the great Pope Benedict XVI when he still was Cardinal Josepth Ratzinger. He explained why Harry Potter bring the youngs of our earth to Neo Paganism faith. So we make this spoiler to make reading of the upcoming book useless and boring. The attack strategy was the easiest one. The usual milw0rm downloaded exploit delivered by email/click-on-the-link/open-browser/click-on-this-animated-icon/back-connect to some employee of Bloomsbury Publishing, the company that's behind the Harry crap. It's amazing to see how much people inside the company have copies and drafts of this book. Curiosity killed the cat. Who kill curiosity? To protect you and your families God bless you Gabriel Free spot - Fight terrorism: http://www.challenging-islam.org/articles/warraq-debate-muslims.htm = -- Powered by Outblaze ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Harry Potter 0day
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Who are you people and why should I care? Maybe a new exploit would be more useful. Cheers, Scott go harry wrote: * Harry Potter 0day * Dear my brothers, Voldemort killed Hermione. Yes, that's true. And we knew that 2 days ago. This is the end of the not yet published (someone could call that 0day) book Harry Potter and the Deathly Hallows . At the end of the story Hagrid was killed by Snape in the attempt of ambush Hermione and Ron. Ron and Hermione flees in privet drive but Voldermort, surprising them, engaged a magical duel with Ron and Hermione. Voldemort attacked trough the imperius curse and Hermione, to protect the life of Ron fight hardly for more than 6 pages and then finally die. (boring, very boring... it's always the same story!) Then, to make a long story short, Harry came up, killed all the bad guys and Hogwarts against became a good place to stay and have fun. Ah, i missed one important information about Draco Malfoy, he started to create Horcrux (for fun and profit!). The end. Yes, we did it. We did it by following the precious words of the great Pope Benedict XVI when he still was Cardinal Josepth Ratzinger. He explained why Harry Potter bring the youngs of our earth to Neo Paganism faith. So we make this spoiler to make reading of the upcoming book useless and boring. The attack strategy was the easiest one. The usual milw0rm downloaded exploit delivered by email/click-on-the-link/open-browser/click-on-this-animated-icon/back-connect to some employee of Bloomsbury Publishing, the company that's behind the Harry crap. It's amazing to see how much people inside the company have copies and drafts of this book. Curiosity killed the cat. Who kill curiosity? To protect you and your families God bless you Gabriel Free spot - Fight terrorism: http://www.challenging-islam.org/articles/warraq-debate-muslims.htm = -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGdwy8elSgjADJQKsRAj/NAJ9xqF/Wd0aIG6EFb2ROtVXGpouN3ACfYj36 uOQD7CIz193AKrtSL3PBPpA= =87/Q -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Dear Neal Krawetz
n3td3v is NOT Gobbles Gobbles is NOT n3td3v n3td3v is NOT Gobbles Gobbles is NOT n3td3v n3td3v is NOT Gobbles Gobbles is NOT n3td3v n3td3v is NOT Gobbles Gobbles is NOT n3td3v n3td3v is NOT Gobbles Gobbles is NOT n3td3v n3td3v is NOT Gobbles Gobbles is NOT n3td3v n3td3v is NOT Gobbles Gobbles is NOT n3td3v n3td3v is NOT Gobbles Gobbles is NOT n3td3v n3td3v is NOT Gobbles Gobbles is NOT n3td3v n3td3v is NOT Gobbles Gobbles is NOT n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CISSP
Daniel Marsh schrieb: On 6/19/07, Bozo Bad [EMAIL PROTECTED] wrote: http://www.cissp.com/store/search.asp?s=%3Cscript%3Ealert(%22Look,mamma, I'm a CISSP!%22)%3C/script%3E That's a beautiful thing. Irony at its best. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dear Neal Krawetz, will the real n3td3v please stand up?
On 6/18/07, HACK THE GOV [EMAIL PROTECTED] wrote: n3td3v is NOT Gobbles Gobbles is NOT n3td3v a biased mind peers into the chasm that is full-disclosure: Dr._Neal_Krawetz,_PhD. my god, it's full of [n3td3v | GOBBLES] !!! ... your paper was interesting and inherently flawed; may you one day discover the concept of compounded errors. consider GOBBLES the slim shady; n3td3v the pimply imitator in a ford festiva with plywood spoiler. all you see is one annoyance, while intact intellect discerns the substance from the shallow. don't worry, i'm only pissing on your expert security credentials, Dr. Neal Krawetz, PhD., because i too am n3td3v... disguised via artificial intelligence softwarez! L'enfer, c'est les autres - Sartre ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CVE-2007-1358] Apache Tomcat XSS vulnerability in Accept-Language header processing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2007-1358: Apache Tomcat XSS vulnerability in Accept-Language header processing Severity: Low (cross-site scripting) Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.34 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.20 Tomcat 6.0.0 to 6.0.5 Description: Web pages that display the Accept-Language header value sent by the client are susceptible to a cross-site scripting attack if they assume the Accept-Language header value conforms to RFC 2616. Under normal circumstances this would not be possible to exploit, however older versions of Flash player were known to allow carefully crafted malicious Flash files to make requests with such custom headers. Tomcat now ignores invalid values for Accept-Language headers that do not conform to RFC 2616. Mitigation: 1. Upgrade to fixed version 2. Escape values obtained from Accept-Language header before use. Credit: This issue was reported by Masato Anzai and Toshiharu Sugiyama. References: http://tomcat.apache.org/security.html Mark Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGdxWMb7IeiTPGAkMRAgDgAJkBG6sVBDP/8yxGrZ7CqvEXPNW1mACgiL8M CyWgpvE5125qciTSYPJbOgU= =A84r -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dear Neal Krawetz, will the real n3td3v please stand up?
If you believe my method(s) was flawed, then demonstrate your claim(s). I used a repeatable scientific proof that conclusively proves my findings. People constantly criticize me, claiming that I am wrong. However not one of these people are able to offer a valid scientific argument against me or my methods! You are acting like an uneducated child. Is this where you are? Did you even attend a school of higher learning? I should hope that no respected academic institution would allow such a pea-brained fool as yourself entrance! Grow up, learn, and come back to speak with me once you've learned what logic is and how to apply it. Until then you are nothing. You are the sort of person that believes bananas are proof that there is a God, when the truth is there is no God. You simple-minded doofus. - neal On Mon, Jun 18, 2007 at 05:42:07PM -0700, coderman wrote: On 6/18/07, HACK THE GOV [EMAIL PROTECTED] wrote: n3td3v is NOT Gobbles Gobbles is NOT n3td3v a biased mind peers into the chasm that is full-disclosure: Dr._Neal_Krawetz,_PhD. my god, it's full of [n3td3v | GOBBLES] !!! ... your paper was interesting and inherently flawed; may you one day discover the concept of compounded errors. consider GOBBLES the slim shady; n3td3v the pimply imitator in a ford festiva with plywood spoiler. all you see is one annoyance, while intact intellect discerns the substance from the shallow. don't worry, i'm only pissing on your expert security credentials, Dr. Neal Krawetz, PhD., because i too am n3td3v... disguised via artificial intelligence softwarez! L'enfer, c'est les autres - Sartre ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dear Neal Krawetz, will the real n3td3v please stand up?
lol On 6/19/07, Dr. Neal Krawetz PhD [EMAIL PROTECTED] wrote: If you believe my method(s) was flawed, then demonstrate your claim(s). I used a repeatable scientific proof that conclusively proves my findings. People constantly criticize me, claiming that I am wrong. However not one of these people are able to offer a valid scientific argument against me or my methods! You are acting like an uneducated child. Is this where you are? Did you even attend a school of higher learning? I should hope that no respected academic institution would allow such a pea-brained fool as yourself entrance! Grow up, learn, and come back to speak with me once you've learned what logic is and how to apply it. Until then you are nothing. You are the sort of person that believes bananas are proof that there is a God, when the truth is there is no God. You simple-minded doofus. - neal On Mon, Jun 18, 2007 at 05:42:07PM -0700, coderman wrote: On 6/18/07, HACK THE GOV [EMAIL PROTECTED] wrote: n3td3v is NOT Gobbles Gobbles is NOT n3td3v a biased mind peers into the chasm that is full-disclosure: Dr._Neal_Krawetz,_PhD. my god, it's full of [n3td3v | GOBBLES] !!! ... your paper was interesting and inherently flawed; may you one day discover the concept of compounded errors. consider GOBBLES the slim shady; n3td3v the pimply imitator in a ford festiva with plywood spoiler. all you see is one annoyance, while intact intellect discerns the substance from the shallow. don't worry, i'm only pissing on your expert security credentials, Dr. Neal Krawetz, PhD., because i too am n3td3v... disguised via artificial intelligence softwarez! L'enfer, c'est les autres - Sartre ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- mike 68 65 6c 6c 6f 20 74 6f 20 79 6f 75 2c 20 68 65 78 20 64 65 63 6f 64 65 72 2e ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dear Neal Krawetz, will the real n3td3v please stand up?
This is riduculous... On 6/18/07, Michael Silk [EMAIL PROTECTED] wrote: lol On 6/19/07, Dr. Neal Krawetz PhD [EMAIL PROTECTED] wrote: If you believe my method(s) was flawed, then demonstrate your claim(s). I used a repeatable scientific proof that conclusively proves my findings. People constantly criticize me, claiming that I am wrong. However not one of these people are able to offer a valid scientific argument against me or my methods! You are acting like an uneducated child. Is this where you are? Did you even attend a school of higher learning? I should hope that no respected academic institution would allow such a pea-brained fool as yourself entrance! Grow up, learn, and come back to speak with me once you've learned what logic is and how to apply it. Until then you are nothing. You are the sort of person that believes bananas are proof that there is a God, when the truth is there is no God. You simple-minded doofus. - neal On Mon, Jun 18, 2007 at 05:42:07PM -0700, coderman wrote: On 6/18/07, HACK THE GOV [EMAIL PROTECTED] wrote: n3td3v is NOT Gobbles Gobbles is NOT n3td3v a biased mind peers into the chasm that is full-disclosure: Dr._Neal_Krawetz,_PhD. my god, it's full of [n3td3v | GOBBLES] !!! ... your paper was interesting and inherently flawed; may you one day discover the concept of compounded errors. consider GOBBLES the slim shady; n3td3v the pimply imitator in a ford festiva with plywood spoiler. all you see is one annoyance, while intact intellect discerns the substance from the shallow. don't worry, i'm only pissing on your expert security credentials, Dr. Neal Krawetz, PhD., because i too am n3td3v... disguised via artificial intelligence softwarez! L'enfer, c'est les autres - Sartre ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- mike 68 65 6c 6c 6f 20 74 6f 20 79 6f 75 2c 20 68 65 78 20 64 65 63 6f 64 65 72 2e ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dear Neal Krawetz, will the real n3td3v please stand up?
Carole Chaski gave you a run for your money tho. http://www.securityfocus.com/comments/articles/11419/34147/threaded#34147 Dr. Neal Krawetz PhD wrote: If you believe my method(s) was flawed, then demonstrate your claim(s). I used a repeatable scientific proof that conclusively proves my findings. People constantly criticize me, claiming that I am wrong. However not one of these people are able to offer a valid scientific argument against me or my methods! You are acting like an uneducated child. Is this where you are? Did you even attend a school of higher learning? I should hope that no respected academic institution would allow such a pea-brained fool as yourself entrance! Grow up, learn, and come back to speak with me once you've learned what logic is and how to apply it. Until then you are nothing. You are the sort of person that believes bananas are proof that there is a God, when the truth is there is no God. You simple-minded doofus. - neal On Mon, Jun 18, 2007 at 05:42:07PM -0700, coderman wrote: On 6/18/07, HACK THE GOV [EMAIL PROTECTED] wrote: n3td3v is NOT Gobbles Gobbles is NOT n3td3v a biased mind peers into the chasm that is full-disclosure: Dr._Neal_Krawetz,_PhD. my god, it's full of [n3td3v | GOBBLES] !!! ... your paper was interesting and inherently flawed; may you one day discover the concept of compounded errors. consider GOBBLES the slim shady; n3td3v the pimply imitator in a ford festiva with plywood spoiler. all you see is one annoyance, while intact intellect discerns the substance from the shallow. don't worry, i'm only pissing on your expert security credentials, Dr. Neal Krawetz, PhD., because i too am n3td3v... disguised via artificial intelligence softwarez! L'enfer, c'est les autres - Sartre ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0026-1: evolution-data-server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0026-1 Published: 2007-06-18 Rating: Major Updated Versions: evolution-data-server=/[EMAIL PROTECTED]:1-devel//1/1.10.2-2-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3-0.6-3 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558 https://issues.rpath.com/browse/RPL-1220 https://issues.rpath.com/browse/RPL-1460 Description: Previous versions of the evolution-data-server package are vulnerable to multiple attacks of varying severity, the most severe of which allows a compromised or malicious IMAP server to execute arbitrary code as the connecting user. - --- Copyright 2007 Foresight Linux Project Portions Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRnc7gNfwEn07iAtZAQIWCw/+PY01+X8vNjMKJJV1njlW+bx4fp0ZV33c VbINOzIzy3PGmA+CSCvAzEefaejghwC1qYvhVfYq12S/Fwj6ZxV8OfudwWX9wqML b1XyUDKIr48MD1ykrI9un+gQtDtmHIiM99rIQLF0h4RTb1p77mIidoUGQfVDWaJg YnUYb98DsBhwE1Nr7XQGESLJ9JB1HN5G7D+seWdVXAXZ7BOUjVWV2NfkVINDG+dy KJi8R4vxM9Dy7QXWEj7fcCIJlxN/eLvKDjbCi2bXLw9lnH+a57EiLzQ2EbGTQNrO aqiC/s9pOGIfufHgFQik+S0UsbNULJ1HneB7CcyVLaM8g5e0s/3hkZZCldLfDHcT G+v/ZUhtfjFhazuzCxVsVozjQA/Vyu7lCtQgPu9DbY/TUwdGayTuVZNR6AKhczEN fu3TR4IwuF2F1WOy3tZ2ENJ7YMlEBNhkdA9McqF7bcBogs5qw8814gzFJZSV5tS1 ttTUDnv2f5eUxGlFB5jy5GZovdGRH8Syqq6O4OQrJA3pLk1BV9g7ENfpx5n29wpr rCO6IYvW+mAACBHUNxkkc9Ml8DpQJGvjuJoRTAfn7Rr17LpdN+r61etAE15sERR+ OkocGnYnMfBFwEwDHfZHCJM+IecNcFl7E7/GMfIxjhPNf6qrd6+Z6faMCnZ5khJ9 YdWl6q+NYJo= =FXIn -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [CVE-2007-1358] Apache Tomcat XSS vulnerability in Accept-Language header processing
the funny part is I hit this issue everytime I assess an application configured with tomcat and was under the impression that it is already a known issue... :) On 6/19/07, Mark Thomas [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2007-1358: Apache Tomcat XSS vulnerability in Accept-Language header processing Severity: Low (cross-site scripting) Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.34 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.20 Tomcat 6.0.0 to 6.0.5 Description: Web pages that display the Accept-Language header value sent by the client are susceptible to a cross-site scripting attack if they assume the Accept-Language header value conforms to RFC 2616. Under normal circumstances this would not be possible to exploit, however older versions of Flash player were known to allow carefully crafted malicious Flash files to make requests with such custom headers. Tomcat now ignores invalid values for Accept-Language headers that do not conform to RFC 2616. Mitigation: 1. Upgrade to fixed version 2. Escape values obtained from Accept-Language header before use. Credit: This issue was reported by Masato Anzai and Toshiharu Sugiyama. References: http://tomcat.apache.org/security.html Mark Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGdxWMb7IeiTPGAkMRAgDgAJkBG6sVBDP/8yxGrZ7CqvEXPNW1mACgiL8M CyWgpvE5125qciTSYPJbOgU= =A84r -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
