Re: [Full-disclosure] Very strange nmap scan results
Use the -sV --version-all options to determine version/service info for each port. On 9/21/07, scott [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Did this particular person,or persons know what you were going to do? Looks like a honeypot,to me. Been wrong before,won't be the last.I hope,for the sake of whomever you are auditing,that this is the case. Cheers, Redwolfs always Juan B wrote: Hi all, For a client in scaning his Dmz from the internet. I know the servers are behind a pix 515 without any add security features ( they dont have any ips or the didnt enabled the ips feature of the pix). the strange is that two I receive too many open ports! for example I scan the mail relay and although just port 25 is open it report lots of more open ports! this is the nmap scan I issued: nmap -sT -vv -P0 -O -p1-1024 200.61.44.48/28 -oA cpsa.txt ( I changed the ip's here...) and the result for the mail relay for example are: nteresting ports on mail.cpsa.com (200.61.44.50): PORT STATE SERVICE 1/tcpopen tcpmux 2/tcpopen compressnet 3/tcpopen compressnet 4/tcpopen unknown 5/tcp open rje 6/tcpopen unknown 7/tcpopen echo 8/tcp filtered unknown 9/tcpopen discard 10/tcp open unknown 11/tcp open systat 12/tcp open unknown 13/tcp open daytime 14/tcp open unknown 15/tcp open netstat 16/tcp open unknown 17/tcp open qotd 18/tcp filtered msp 19/tcp open chargen 20/tcp open ftp-data 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 24/tcp open priv-mail 25/tcp open smtp 26/tcp open unknown 27/tcp open nsw-fe 28/tcp open unknown 29/tcp open msg-icp 30/tcp open unknown 31/tcp open msg-auth 32/tcp open unknown 33/tcp open dsp 34/tcp open unknown this continues up to port 1024.. any ideas how to eliminate so many false positives? thanks a lot, Juan Catch up on fall's hot new shows on Yahoo! TV. Watch previews, get listings, and more! http://tv.yahoo.com/collections/3658 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG81G8srt057ENXO4RAkAoAJ9QAmp65M7nICyOvK0IBDb5ZGgdvwCg2iqL 0AffiGeALD+T9XlXXblycek= =Drx9 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A Request To Everyone
Surely you mean dalnet :) I'm in favor of booting them all off the list. Let 'em keep their flame wars on EFNet. Geoff Sent from my BlackBerry wireless handheld. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [irc-security] Multiple vulnerabilities in ircu
Please be careful labeling something as vulnerabilities when they aren't. You've described software bugs which should be reported to the maintainer, none of them so far as I can see are vulnerabilities or exploits. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day: PDF pwns Windows
back online - too many users .. On 9/21/07, Rohit Srivastwa [EMAIL PROTECTED] wrote: And your website is down at this moment http://www.gnucitizen.org/ 403 http://www.gnucitizen.org/blog/ 403 http://www.gnucitizen.org/blog/0day-pdf-pwns-windows 404 Is it a reverse attack by someone hurt :) --Through the Firewall,Out the Router,Down the T1,Across the Backbone,Bounced from Satellite Nothing but the Internet - Original Message From: pdp (architect) [EMAIL PROTECTED] To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Sent: Thursday, September 20, 2007 6:51:33 PM Subject: [Full-disclosure] 0day: PDF pwns Windows http://www.gnucitizen.org/blog/0day-pdf-pwns-windows I am closing the season with the following HIGH Risk vulnerability: Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page which embeds one. The issue is quite critical given the fact that PDF documents are in the core of today's modern business. This and the fact that it may take a while for Adobe to fix their closed source product, are the reasons why I am not going to publish any POCs. You have to take my word for it. The POCs will be released when an update is available. Adobe's representatives can contact me from the usual place. My advise for you is not to open any PDF files (locally or remotely). Other PDF viewers might be vulnerable too. The issues was verified on Windows XP SP2 with the latest Adobe Reader 8.1, although previous versions and other setups are also affected. A formal summary and conclusion of the GNUCITIZEN bug hunt to be expected soon. cheers -- pdp (architect) | petko d. petkov http://www.gnucitizen.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online. http://smallbusiness.yahoo.com/webhosting -- pdp (architect) | petko d. petkov http://www.gnucitizen.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day: PDF pwns Windows
Hi, Too interesting and dangerousLast couple of months there were PDF spamming (Stocks Information) all over the internet..I analyzed those PDF i didn't find any such thingDid you checked them? Are they related to any vulnerability? Regards, Taneja Vikas http://annysoft.wordpress.com On 9/20/07, pdp (architect) [EMAIL PROTECTED] wrote: My upcoming research feature everything regarding this and the issue you have already discussed. really :).. which one... the one from last year? On 9/20/07, Aditya K Sood [EMAIL PROTECTED] wrote: pdp (architect) wrote: http://www.gnucitizen.org/blog/0day-pdf-pwns-windows I am closing the season with the following HIGH Risk vulnerability: Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page which embeds one. The issue is quite critical given the fact that PDF documents are in the core of today's modern business. This and the fact that it may take a while for Adobe to fix their closed source product, are the reasons why I am not going to publish any POCs. You have to take my word for it. The POCs will be released when an update is available. Adobe's representatives can contact me from the usual place. My advise for you is not to open any PDF files (locally or remotely). Other PDF viewers might be vulnerable too. The issues was verified on Windows XP SP2 with the latest Adobe Reader 8.1, although previous versions and other setups are also affected. A formal summary and conclusion of the GNUCITIZEN bug hunt to be expected soon. cheers Hi Your point is right. But there are a number of factors other than this in exploiting pdf in other sense. My latest research is working over the exploitation of PDF. Even if you look at the core then there are no restriction on READ in PDF in most of the versions. Only outbound data is filtered to some extent. you can even read /etc/passwd file from inside of PDF. Other infection vector includes infection through Local Area Networks through sharing and printing PDF docs and all. My upcoming research feature everything regarding this and the issue you have already discussed. Regards Aks http://ww.secniche.org -- pdp (architect) | petko d. petkov http://www.gnucitizen.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [irc-security] Multiple vulnerabilities in ircu
Colin Alston wrote: Please be careful labeling something as vulnerabilities when they aren't. You've described software bugs which should be reported to the maintainer, none of them so far as I can see are vulnerabilities or exploits. I can see crashbugs, operfloods, channel takeovers and ways to find out people's IP addresses who think they are hidden thanks to the IP hiding feature. Having this malfunction certainly looks like a vulnerability to me. Most vulnerabilities are indeed software bugs, and the exploits are actually documented in the post you comment on. Tom ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A Request To Everyone
Dear Lamer Buster, Thanks for busting some lamers but now the situation in FD is going out of hands. I seriously do not think that it is worth increasing the noise in the list just to prove that Aditya K Sood is an idiot. We already know he is. I am sure none of us take Aditya seriously because of his extremely poor career record in the field of security. No offence meant to you, but I genuinely request you to ignore Aditya because we all know that Aditya is an idiot. Dear Aditya K Sood, I request you to kindly not post fake vulnerabilities and documents which you merely copy paste from somewhere else without knowing what they mean. If someday, you come with something real, that you can call your own and which you have verified from someone else who knows a thing or two about security, then you are most welcome to post your article in our list. But posting lame documents, like you do always, which mostly have technical errors, wrong facts, misleading arguments, etc. are extremely detrimental to our list. Also, you do not realise that by doing this again and again you are spoiling your image in the field of security community. Have you ever searched yourself in Google? See the results. aditya k sood - Lame ass of the month - http://seclists.org/fulldisclosure/2007/Sep/0028.html lame ass of the month - Full Disclosure: Lame ass of the month - Aditya K Sood (from India) - http://seclists.org/fulldisclosure/2007/Sep/0028.html I sincerely request you to verify your claims before posting so that we do not have to deal with more flame wars where everyone is trying to attack you for your foolishness and stupid documents. Thanks everybody, Jimby On 9/21/07, Nikolay Kichukov [EMAIL PROTECTED] wrote: I'd request that all of you stop fighting and leave the list to deal with what it's meant to. Cheers, -Nikolay [EMAIL PROTECTED] wrote: I'm in favor of booting them all off the list. Let 'em keep their flame wars on EFNet. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Aditya K Sood [EMAIL PROTECTED] Date: Thu, 20 Sep 2007 12:57:57 To:full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] A Request To Everyone Hi After looking at the mail wars , I want to say only two lines. I dont know who Meta Info is , Lamer Buster is , LSNN is and all. I dont know how they are generating mails and putting my name everywhere. Thats it. Thanks to all. Regards Aks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A Request To Everyone
Can't we all just get along? Now let's all have a nice giant group hug ;) Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Jimby Sharp [EMAIL PROTECTED] Date: Fri, 21 Sep 2007 15:24:36 To:Nikolay Kichukov [EMAIL PROTECTED] Cc:[EMAIL PROTECTED], Aditya K Sood [EMAIL PROTECTED],full-disclosure@lists.grok.org.uk,[EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [Full-disclosure] A Request To Everyone Dear Lamer Buster, Thanks for busting some lamers but now the situation in FD is going out of hands. I seriously do not think that it is worth increasing the noise in the list just to prove that Aditya K Sood is an idiot. We already know he is. I am sure none of us take Aditya seriously because of his extremely poor career record in the field of security. No offence meant to you, but I genuinely request you to ignore Aditya because we all know that Aditya is an idiot. Dear Aditya K Sood, I request you to kindly not post fake vulnerabilities and documents which you merely copy paste from somewhere else without knowing what they mean. If someday, you come with something real, that you can call your own and which you have verified from someone else who knows a thing or two about security, then you are most welcome to post your article in our list. But posting lame documents, like you do always, which mostly have technical errors, wrong facts, misleading arguments, etc. are extremely detrimental to our list. Also, you do not realise that by doing this again and again you are spoiling your image in the field of security community. Have you ever searched yourself in Google? See the results. aditya k sood - Lame ass of the month - http://seclists.org/fulldisclosure/2007/Sep/0028.html lame ass of the month - Full Disclosure: Lame ass of the month - Aditya K Sood (from India) - http://seclists.org/fulldisclosure/2007/Sep/0028.html I sincerely request you to verify your claims before posting so that we do not have to deal with more flame wars where everyone is trying to attack you for your foolishness and stupid documents. Thanks everybody, Jimby On 9/21/07, Nikolay Kichukov [EMAIL PROTECTED] wrote: I'd request that all of you stop fighting and leave the list to deal with what it's meant to. Cheers, -Nikolay [EMAIL PROTECTED] wrote: I'm in favor of booting them all off the list. Let 'em keep their flame wars on EFNet. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Aditya K Sood [EMAIL PROTECTED] Date: Thu, 20 Sep 2007 12:57:57 To:full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] A Request To Everyone Hi After looking at the mail wars , I want to say only two lines. I dont know who Meta Info is , Lamer Buster is , LSNN is and all. I dont know how they are generating mails and putting my name everywhere. Thats it. Thanks to all. Regards Aks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] AIRRAID2 Wireless Hacking Tournament - Dec 2007, Bangkok Thailand
ThinkSECURE (securitystartshere.org) will be running AIRRAID2 in Bangkok Thailand at the CentralWorld Shopping Complex (the ex-World Trade Center) on 21 December 2007. If you would like to register and participate in the event, read on: === What is AIRRAID2? === AIRRAID2 (http://airraid2.securitystartshere.org) is a cutting-edge wireless and wired hacking tournament. It challenges participants with WiFi and Bluetooth wireless hacking against an enterprise infrastructure which is specially designed to mirror a typical corporate wireless and wired network deployment. AIRRAID2 is the successor to the original AIRRAID tournament, Asia's first-ever true (i.e. not mere wardriving!) wireless hacking tournament, which was held in Singapore's Suntec Convention Center in August 2005. Photo archives of the original AIRRAID are available at http://airraid.securitystartshere.org. ThinkSECURE now brings this unique brand of wireless hacking excitement and flavor to the Land of a Thousand Smiles! === Who is it intended for? === AIRRAID2 continues our tradition of giving back to the Asian IT- security community by providing them an entertaining and fun way of testing their skills against each other and against a realistic enterprise-class wireless-and-wired infrastructure setup. As many security professionals rarely get a chance to do some real, full- bore, hands-on hacking, our purpose-built tournament infrastructure mirrors an extensive corporate wireless/wired network which allows them to fully and legitimately employ all their skills to meet the in- game challenges we've put in place, said Mr. Julian Ho, ThinkSECURE's co-founder. === Why is there a need for it? === Many reports cover wireless security incidents and issues after-the- fact or re-hash old generic warnings and stories. AIRRAID2 cuts through this fluff by: - showing in real life the capabilities that modern hackers and security professionals possess; - revealing as-it-happens how they utilize those abilities to compromise a representative and realistic enterprise-class environment; - showcasing the abilities of today's hackers and their security professional counterparts in a real world setting; - highlighting the importance of applying security to wireless networks in a holistic manner and not relying on vendors' technology alone; - illustrating the benefits to IT professionals of attending practical technical certifications such as the Organizational Systems Wireless Auditor and Organizational Systems Security Analyst to develop and upgrade their wireless and enterprise security skills; - making organizations realize that partners' and vendor support/maintenance networks can also be a weak link in the security posture of an organization. === When and Where will the event be held? === AIRRAID2 will be held at the following venue, date and time: Venue: CentralWorld Shopping Complex (former World Trade Center) Level 1, Eden Zone 4 Rajdamri Road, Patumwan Bangkok Thailand Date: Friday, 21 December 2007 Time: 0930hrs - 1900hrs (Bangkok Time) === How do you register to participate in it? === Registration and participation is free! To register, please visit http://airraid2.securitystartshere.org Registration is now open and officially ends on 14 Dec 2007, 2359hrs (GMT+8) Note: interested parties should try to register as early as possible, preferably before 5 Dec 2007. Participants are free to register a team of anywhere between 1 to 4 pax inclusive. After registration, further directions and instructions will be emailed to registrants. Although participation is free, registrants will have to make their own travel and accommodation arrangements. Registrants should not make any travel or accommodation arrangements until they have received and read the official email containing the further directions and instructions. Qualifying teams stand a chance to win various prizes and the bonus cash prize. Plus, the event will be recorded for Thai national TV so you could become (in)famous in Thailand...! For more details, please visit http://airraid2.securitystartshere.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A Request To Everyone
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Good idear... Am 21.09.2007 um 10:49 schrieb Nikolay Kichukov: I'd request that all of you stop fighting and leave the list to deal with what it's meant to. Cheers, -Nikolay [EMAIL PROTECTED] wrote: I'm in favor of booting them all off the list. Let 'em keep their flame wars on EFNet. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Aditya K Sood [EMAIL PROTECTED] Date: Thu, 20 Sep 2007 12:57:57 To:full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] A Request To Everyone Hi After looking at the mail wars , I want to say only two lines. I dont know who Meta Info is , Lamer Buster is , LSNN is and all. I dont know how they are generating mails and putting my name everywhere. Thats it. Thanks to all. Regards Aks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (Darwin) iD8DBQFG85g5ivpgT1glX4cRArWfAKCJ48LbT9u1+gpSYhXEz/UXVzf3pgCglqaj It5ketzn1lQ2S38NYjqkAJc= =Qkzb -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A Request To Everyone
Nikolay, best thing I have read on Fool Disclosure for a least a week now. Aditya, STFU and please with sugar on it. Listen to what we are saying. Your professional reputation is through unless you post some real work and vulnerabilities. I really am tired of the S/N ratio at If's current level. Let's bring it down to where it once was. YOU do not impress anyone on here except yourself. Great suggestion Nikolay. Richard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimby Sharp Sent: Friday, September 21, 2007 5:55 AM To: Nikolay Kichukov Cc: Aditya K Sood; [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] A Request To Everyone Dear Lamer Buster, Thanks for busting some lamers but now the situation in FD is going out of hands. I seriously do not think that it is worth increasing the noise in the list just to prove that Aditya K Sood is an idiot. We already know he is. I am sure none of us take Aditya seriously because of his extremely poor career record in the field of security. No offence meant to you, but I genuinely request you to ignore Aditya because we all know that Aditya is an idiot. Dear Aditya K Sood, I request you to kindly not post fake vulnerabilities and documents which you merely copy paste from somewhere else without knowing what they mean. If someday, you come with something real, that you can call your own and which you have verified from someone else who knows a thing or two about security, then you are most welcome to post your article in our list. But posting lame documents, like you do always, which mostly have technical errors, wrong facts, misleading arguments, etc. are extremely detrimental to our list. Also, you do not realise that by doing this again and again you are spoiling your image in the field of security community. Have you ever searched yourself in Google? See the results. aditya k sood - Lame ass of the month - http://seclists.org/fulldisclosure/2007/Sep/0028.html lame ass of the month - Full Disclosure: Lame ass of the month - Aditya K Sood (from India) - http://seclists.org/fulldisclosure/2007/Sep/0028.html I sincerely request you to verify your claims before posting so that we do not have to deal with more flame wars where everyone is trying to attack you for your foolishness and stupid documents. Thanks everybody, Jimby On 9/21/07, Nikolay Kichukov [EMAIL PROTECTED] wrote: I'd request that all of you stop fighting and leave the list to deal with what it's meant to. Cheers, -Nikolay [EMAIL PROTECTED] wrote: I'm in favor of booting them all off the list. Let 'em keep their flame wars on EFNet. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Aditya K Sood [EMAIL PROTECTED] Date: Thu, 20 Sep 2007 12:57:57 To:full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] A Request To Everyone Hi After looking at the mail wars , I want to say only two lines. I dont know who Meta Info is , Lamer Buster is , LSNN is and all. I dont know how they are generating mails and putting my name everywhere. Thats it. Thanks to all. Regards Aks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1376-1] New kdebase packages fix authentication bypass
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1376[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp September 21, 2007http://www.debian.org/security/faq - Package: kdebase Vulnerability : programming error Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-4569 iKees Huijgen discovered that under certain circumstances KDM, an X session manage for KDE, it is possible for KDM to be tricked into allowing user logins without a password. For the stable distribution (etch), this problem has been fixed in version 4:3.5.5a.dfsg.1-6etch1. For the old stable distribution (sarge), this problem was not present. We recommend that you upgrade your kdebase package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Source archives: http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.5a.dfsg.1-6etch1.diff.gz Size/MD5 checksum: 680950 a147755180984a77b3f512da2bd846f8 http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.5a.dfsg.1.orig.tar.gz Size/MD5 checksum: 28613054 72aedf0a7be0ace9363ad0ba9fe89585 http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.5a.dfsg.1-6etch1.dsc Size/MD5 checksum: 2062 7616918057238c96be6994216f549fac Architecture independent packages: http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.5a.dfsg.1-6etch1_all.deb Size/MD5 checksum:41038 a922b0428c8445cde739bf3486a4d898 http://security.debian.org/pool/updates/main/k/kdebase/kdebase-data_3.5.5a.dfsg.1-6etch1_all.deb Size/MD5 checksum: 9763624 da0e01a3a6deac38ce579e38f135f999 http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc-html_3.5.5a.dfsg.1-6etch1_all.deb Size/MD5 checksum: 390408 56eae457d3f49d7fce34b4d4767e9a7d http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc_3.5.5a.dfsg.1-6etch1_all.deb Size/MD5 checksum: 1916664 2ef4c7189a7ac6715e449ca98dda8cd5 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 392430 711d621bb264e30d172958c7cad3c408 http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 496870 7c0c21af47d2926999fccb1bbca6e252 http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 3120190 afaf77e08ca02aeee2b25b9e2979f460 http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 796332 ce50b0bcdd6f85066c4b3a0ec3180d8a http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 412 12b352ec677cc32ba67ae0607ac20433 http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 285008 931b0d4a6cd3a3931570457ae651503a http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 2104618 e4c2604dd98ac111db4e8bc6fb1aab3e http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 33814914 98d43406dccc44a4ba8269eb394954d0 http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 665190 eb0417b64bfe2031644d1b70c4f01d97 http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 120178 752be58902a498d7b8a257cfb30649ca http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 722402 63545bb53717729557ca88d6efa8a0a2 http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 286770 3e1a2d8c08861394a2884eda77b40a72 http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 813820 27da09d10f164b91840ac0d99469fe29 http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 247164 0b7692f4e11a83f99237ed565c5caa2d
[Full-disclosure] [SECURITY] [DSA 1377-1] New fetchmail packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1377[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp September 21, 2007http://www.debian.org/security/faq - Package: fetchmail Vulnerability : null pointer dereference Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-4565 Matthias Andree discovered that fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder, can under certain circumstances attempt to dereference a NULL pointer and crash. For the stable distribution (etch), this problem has been fixed in version 6.3.6-1etch1. For the old stable distribution (sarge), this problem was not present. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your fetchmail package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1.diff.gz Size/MD5 checksum:44533 19b72a3a0b2cf08f833ea21c3e18902c http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6.orig.tar.gz Size/MD5 checksum: 1680200 04175459cdf32fdb10d9e8fc46b633c3 http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1.dsc Size/MD5 checksum: 874 0aa3d869aba6fdfe87d1c4a626f5380e Architecture independent packages: http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.3.6-1etch1_all.deb Size/MD5 checksum:61564 f587ce05ee98694f3bd4db0fa88742f7 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_amd64.deb Size/MD5 checksum: 650278 b00d2237d26d9e588e6c03ad17f79a74 arm architecture (ARM) http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_arm.deb Size/MD5 checksum: 645026 67e5ebf76d55cc857610d3b326784d3c hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_hppa.deb Size/MD5 checksum: 654006 58d5770e497d405c1e2f867add9d6f87 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_ia64.deb Size/MD5 checksum: 700752 df4c57c97970537cb2f6a885bc03e54d mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_mips.deb Size/MD5 checksum: 650540 49b888adc52c5bf8d4be82c4b51d68f5 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_powerpc.deb Size/MD5 checksum: 647060 a278efba96b95e15977628bd85af5c85 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_s390.deb Size/MD5 checksum: 646896 e520c2c6febf1e756a75b75cbc06c723 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_sparc.deb Size/MD5 checksum: 641102 938f11eb5071c7e141c6ff8795af87e7 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG86n1wM/Gs81MDZ0RAvPVAKC4lgA5aDOauQRj+GuilRf6KQh4awCfRNIO T3VniMNQLomlcq+S3Pv1uyU= =bHlq -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [USN-515-1] t1lib vulnerability
Dear Kees Cook, CVE-2007-4033 is Buffer overflow in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long argument to the imagepsloadfont function. Please, provide valid CVE entry. --Thursday, September 20, 2007, 12:18:02 AM, you wrote to [EMAIL PROTECTED]: KC === KC Ubuntu Security Notice USN-515-1 September 19, 2007 KC t1lib vulnerability KC CVE-2007-4033 KC === -- ~/ZARAZA http://securityvulns.com/ Sir Isaac Newton discovered an apple falling to the ground (Mark Twain) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ISR] - Barracuda Spam Firewall. Cross-Site Scripting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 || [ISR] || || Infobyte Security Research || www.infobyte.com.ar || 09.21.2007 || .:: SUMMARY Barracuda Spam Firewall Cross-Site Scripting Version: Barracuda Spam Firewall firmware v3.4.10.102 It is suspected that all previous versions of Barracuda Spam Firewall are vulnerable. .:: BACKGROUND The Barracuda Spam Firewall is an integrated hardware and software solution designed to protect your email server from spam, virus, spoofing, phishing and spyware attacks. More info:http://www.barracudanetworks.com .:: DESCRIPTION The Web Administration Console is vulnerable to a Pre-Auth Cross-Site Scripting due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated web document when logging in with a username that contains javascript injections and only while the Monitor Web Syslog screen is open. Example : - - - Inserting HTML/Javascript in the username form it will be injected, only if an autheticated user has the Monitor Web Syslog open. john@scriptalert(String)/script.blah.com .:: IMPACT This can lead to credentials stealing. .:: VENDOR RESPONSE Vendor advisory: http://www.barracudanetworks.com/ns/support/tech_alert.php; Vendor patch: Upgrade to Firmware 3.5.10.016 .:: DISCLOSURE TIMELINE 08/24/2007 Initial vendor notification 08/27/2007 Initial vendor response 09/06/2007 Fix released by vendor 09/21/2007 Coordinated public disclosure .:: CREDIT Federico Kirschbaum is credited with discovering this vulnerability. fedek][at][infobyte][dot][com][dot][ar .:: LEGAL NOTICES Copyright (c) 2007 by [ISR] Infobyte Security Research. Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Infobyte Security Research Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from infobyte com ar Disclaimer The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -BEGIN PGP SIGNATURE- Version: PGP Desktop wsBVAwUBRvPAIvr3+fypwNnjAQgSdwgAsn0E6SbaGcQTEzioQ5871C/EUpo3Iz/L bb6wE3/0S97WQKbyDZLa6fQHKTHxoHDxnmw5H8GszsZSGtfdHvgmeSGyom6r1BIw cqtfV8u3FTb7P/ULZt9pR5odfI71lz7JU08M5oWqpFbxrcBE3owAfrmf4WmvfxlP 6XYKxyIhEQ+qzZEnYUD9gA771Vj3TnmyyUiqObSOl4tBDUSZU6wOVHSfEqtM/u0G W5x6KqU05aTEsMCc/e26OgPLJd5ZaR3u5XSXIAR1zEs6waIp+g79sy3Q2yiI2EcP 2b4JhA9lrnFRmUjqgdCXVi5qwSabaras+x2VfjaEMGVtwxS9mOM8Jw== =SovY -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again)
Dear Panda Security Response, [EMAIL PROTECTED] was contacted about this same vulnerability in Panda Antivirus 2007 on August, 11 2006 (more than year ago) without any results and response, until information was published in Bugtraq. As far, as I can see, pandasecurity.com is Swedish domain of Panda while pandasoftware.com is international one. I believe it's quite reasonable to have [EMAIL PROTECTED] to be forwarded to [EMAIL PROTECTED], don't you think so? --Thursday, September 20, 2007, 12:58:42 AM, you wrote to full-disclosure@lists.grok.org.uk: PSR Users of vulnerable 2007 versions should upgrade to Panda Antivirus PSR 2008 and apply the fix provided. skipped PSR For future vulnerability reporting to Panda please write specifically PSR and exclusively to Panda Security Response PSR [EMAIL PROTECTED] instead of generic beta or informational PSR contact mailboxes. skipped PSR blog: http://research.pandasoftware.com -- ~/ZARAZA http://securityvulns.com/ Да, ему чертовски повезло. Эх и паршиво б ему пришлось если бы он выжил! (Твен) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A Request To Everyone
I think anybody giving heat to Aditya is lame. He's just doin' what he do. What's it got to do with you? Get real people. Stop complainin' 'cause you're jealous of someone else's research. I'm sure it's the under 20's complainin' on here. On 9/21/07, Fabrizio [EMAIL PROTECTED] wrote: whirred. On 9/21/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Can't we all just get along? Now let's all have a nice giant group hug ;) Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Jimby Sharp [EMAIL PROTECTED] Date: Fri, 21 Sep 2007 15:24:36 To:Nikolay Kichukov [EMAIL PROTECTED] Cc:[EMAIL PROTECTED], Aditya K Sood [EMAIL PROTECTED] ,full-disclosure@lists.grok.org.uk, [EMAIL PROTECTED] , [EMAIL PROTECTED] Subject: Re: [Full-disclosure] A Request To Everyone Dear Lamer Buster, Thanks for busting some lamers but now the situation in FD is going out of hands. I seriously do not think that it is worth increasing the noise in the list just to prove that Aditya K Sood is an idiot. We already know he is. I am sure none of us take Aditya seriously because of his extremely poor career record in the field of security. No offence meant to you, but I genuinely request you to ignore Aditya because we all know that Aditya is an idiot. Dear Aditya K Sood, I request you to kindly not post fake vulnerabilities and documents which you merely copy paste from somewhere else without knowing what they mean. If someday, you come with something real, that you can call your own and which you have verified from someone else who knows a thing or two about security, then you are most welcome to post your article in our list. But posting lame documents, like you do always, which mostly have technical errors, wrong facts, misleading arguments, etc. are extremely detrimental to our list. Also, you do not realise that by doing this again and again you are spoiling your image in the field of security community. Have you ever searched yourself in Google? See the results. aditya k sood - Lame ass of the month - http://seclists.org/fulldisclosure/2007/Sep/0028.html lame ass of the month - Full Disclosure: Lame ass of the month - Aditya K Sood (from India) - http://seclists.org/fulldisclosure/2007/Sep/0028.html I sincerely request you to verify your claims before posting so that we do not have to deal with more flame wars where everyone is trying to attack you for your foolishness and stupid documents. Thanks everybody, Jimby On 9/21/07, Nikolay Kichukov [EMAIL PROTECTED] wrote: I'd request that all of you stop fighting and leave the list to deal with what it's meant to. Cheers, -Nikolay [EMAIL PROTECTED] wrote: I'm in favor of booting them all off the list. Let 'em keep their flame wars on EFNet. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Aditya K Sood [EMAIL PROTECTED] Date: Thu, 20 Sep 2007 12:57:57 To:full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] A Request To Everyone Hi After looking at the mail wars , I want to say only two lines. I dont know who Meta Info is , Lamer Buster is , LSNN is and all. I dont know how they are generating mails and putting my name everywhere. Thats it. Thanks to all. Regards Aks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day: PDF pwns Windows
Not in my book. I guess the people on this list are working off too many different definitions of 0day. 0day to me is something for which there is no patch/update at the time of the exploit being coded/used. So if I code an exploit for IE right now and they don't patch it until April September 2008, it's a 0day exploit for a year. It's not necessarily new and it doesn't have to be used maliciously. If I code an exploit (for which there is no patch) and use it on my own servers, does that mean it's not 0day? I don't think so. If my WordPress blog gets owned by pwnpress, that's not 0day.. there's patches/updates for everything on there. It just makes me an idiot for not upgrading. Now if I get hit with some WP exploit that's not patched, then that's another [0-day] story. Steven securityzone.org Gadi Evron wrote: Impressive vulnerability, new. Not a 0day. Not to start an argument again, but fact is, people stop calling everything a 0day unless it is, say WMF, ANI, etc. exploited in the wild without being known. I don't like the mis-use of this buzzword. I respectfully disagree. By your definition, we have: * new vulnerability is just what it sounds like * 0day is a new vulnerability that comes to public attention because someone used it maliciously But then there is the important concept of the private 0day, a new vulnerability that a malicious person has but has not used yet. Does it really matter how the new vulnerability came to light? Do you really want to get into arguments about whether the person who discovered it was malicious? Especially for private 0days where the discoverer may be sitting on his discovery for some time, waiting for the highest bider to buy his result. If he sells it to criminals, then it becomes an 0day, and if he sells it to a vulnerability marketing company, then it is something else. I don't like this chain of logic. Whether a new vulnerability is an 0day or not depends entirely too much on the disclosure process, with funky race conditions in there. Rather, I just treat 0day as a synonym for new vulnerability and don't give a hoot about the alleged intentions of whoever discovered it. What makes it an 0 day is that whoever is announcing it is first to announce it in public. You could only invalidate the 0day claim by showing that the same vulnerability had previously been disclosed by someone else. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering http://novell.com AppArmor Chat: irc.oftc.net/#apparmor ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [USN-515-1] t1lib vulnerability
Hi, On Fri, Sep 21, 2007 at 04:30:31PM +0400, 3APA3A wrote: CVE-2007-4033 is Buffer overflow in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long argument to the imagepsloadfont function. Please, provide valid CVE entry. --Thursday, September 20, 2007, 12:18:02 AM, you wrote to [EMAIL PROTECTED]: KC === KC Ubuntu Security Notice USN-515-1 September 19, 2007 KC t1lib vulnerability KC CVE-2007-4033 KC === That is the correct CVE -- the true cause of the gd2 issue was in t1lib, not gd2: http://www.securityfocus.com/bid/25079/info -Kees -- Kees Cook signature.asc Description: Digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1377-2] New fetchmail packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1377-2 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp September 21, 2007http://www.debian.org/security/faq - Package: fetchmail Vulnerability : null pointer dereference Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-4565 Matthias Andree discovered that fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder, can under certain circumstances attempt to dereference a NULL pointer and crash. For the stable distribution (etch), this problem has been fixed in version 6.3.6-1etch1. For the old stable distribution (sarge), this problem was not present. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your fetchmail package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_i386.deb Size/MD5 checksum: 641344 2eadc43a18712b3a1763094f7c837475 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG8/RowM/Gs81MDZ0RAsV5AJ4zq/rWuYTHRafkjTPp5Eg0cv1teACfQztf 4GE7IYiy9jSuAA5hSvi0ccI= =Qmk2 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-07-053: Microsoft ISA Server SOCKS4 Proxy Connection Leakage
ZDI-07-053: Microsoft ISA Server SOCKS4 Proxy Connection Leakage http://www.zerodayinitiative.com/advisories/ZDI-07-053.html September 20, 2007 -- CVE ID: CVE-2007-4991 -- Affected Vendor: Microsoft -- Affected Products: ISA Server 2004 SP1 ISA Server 2004 SP2 -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since September 20, 2007 by Digital Vaccine protection filter ID 4085. For further product information on the TippingPoint IPS: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to extract IP addresses visited through the SOCKS4 Proxy on vulnerable ISA Server installations. Authentication is not required to exploit this vulnerability. This specific flaw exists when an empty packet is sent to the SOCKS4. The server will return a packet containing the last IP address it proxied to. -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/downloads/details.aspx?FamilyID=A05A074A-5033-4792-AF8B-58B90D841436displaylang=en -- Disclosure Timeline: 2006.01.30 - Vulnerability reported to vendor 2007.09.20 - Digital Vaccine released to TippingPoint customers 2007.09.20 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by CIRT.DK. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Hacking software is lame -- try medical research...
Some interesting discussion came up on some security lists this week and it got me to thinking. Yes, hacking software is lame. Cool, so you found some vulnerabilities in some widely distributed application, service, or OS and it is patched just as quickly. Why don't we spend our time and valuable energy researching cures for rare or popular diseases instead? For instance, my brother (Jon Hermansen) has a very rare disease called Langerhans Cell Histiocytosis. It is also better known as LCH. It can be identified as causing such further diseases as Diabetes Insipidus, which is also uncommon (not sugar diabetes). Have you heard of these diseases before? Let me educate you… General Information: http://en.wikipedia.org/wiki/Langerhans_cell_histiocytosis http://en.wikipedia.org/wiki/Diabetes_insipidus Seven Part Video Series: http://youtube.com/watch?v=KkBRqZS8nfM http://youtube.com/watch?v=w1h6ZjxF-To http://youtube.com/watch?v=0ojbJpERlt8 http://youtube.com/watch?v=dzUqdYofMCQ http://youtube.com/watch?v=lNhzwNYhi0M http://youtube.com/watch?v=nY9DDEhShcE http://youtube.com/watch?v=5_8SEYyEZGI And even worse than this, a friend of mine who is a PhD student in Math at Berkeley has an even rarer disease known as Gaucher's Disease. This costs $550,000 / year to treat. That's a hefty bill every year (you make that much doing security vulns?), and some insurance companies might refuse to accept you due to pre-existing conditions. So guess what, my friend does not have health insurance and has not been treated for two years. A genius might die. That's ludicrous. http://en.wikipedia.org/wiki/Gaucher's_disease http://youtube.com/watch?v=0nX6QM5iVaU If we consider ourselves decent hackers, why don't we put our efforts toward helping cure this and other diseases rather than some very simple programming vulnerability? Is it because then we would have to reinvent a whole new slew of tools and re-orient/re-educate ourselves to be successful? Think about it… -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Dailydave] Hacking software is lame -- try medical research...
There is more money to be made in the treatment of a disease, then actually finding a cure. Remind you of anything? Shirkdog ' or 1=1-- http://www.shirkdog.us Date: Fri, 21 Sep 2007 10:37:20 -0700 From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED] Subject: [Dailydave] Hacking software is lame -- try medical research... Some interesting discussion came up on some security lists this week and it got me to thinking. Yes, hacking software is lame. Cool, so you found some vulnerabilities in some widely distributed application, service, or OS and it is patched just as quickly. Why don't we spend our time and valuable energy researching cures for rare or popular diseases instead? For instance, my brother (Jon Hermansen) has a very rare disease called Langerhans Cell Histiocytosis. It is also better known as LCH. It can be identified as causing such further diseases as Diabetes Insipidus, which is also uncommon (not sugar diabetes). Have you heard of these diseases before? Let me educate you… General Information: http://en.wikipedia.org/wiki/Langerhans_cell_histiocytosis http://en.wikipedia.org/wiki/Diabetes_insipidus Seven Part Video Series: http://youtube.com/watch?v=KkBRqZS8nfM http://youtube.com/watch?v=w1h6ZjxF-To http://youtube.com/watch?v=0ojbJpERlt8 http://youtube.com/watch?v=dzUqdYofMCQ http://youtube.com/watch?v=lNhzwNYhi0M http://youtube.com/watch?v=nY9DDEhShcE http://youtube.com/watch?v=5_8SEYyEZGI And even worse than this, a friend of mine who is a PhD student in Math at Berkeley has an even rarer disease known as Gaucher's Disease. This costs $550,000 / year to treat. That's a hefty bill every year (you make that much doing security vulns?), and some insurance companies might refuse to accept you due to pre-existing conditions. So guess what, my friend does not have health insurance and has not been treated for two years. A genius might die. That's ludicrous. http://en.wikipedia.org/wiki/Gaucher's_disease http://youtube.com/watch?v=0nX6QM5iVaU If we consider ourselves decent hackers, why don't we put our efforts toward helping cure this and other diseases rather than some very simple programming vulnerability? Is it because then we would have to reinvent a whole new slew of tools and re-orient/re-educate ourselves to be successful? Think about it… -- Kristian Erik Hermansen ___ Dailydave mailing list [EMAIL PROTECTED] http://lists.immunitysec.com/mailman/listinfo/dailydave _ More photos; more messages; more whatever – Get MORE with Windows Live™ Hotmail®. NOW with 5GB storage. http://imagine-windowslive.com/hotmail/?locale=en-usocid=TXT_TAGHM_migration_HM_mini_5G_0907___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Dailydave] Hacking software is lame -- try medical research...
Just like technology research (hacking)... but... if you are the one that finds a cure, you'll make your buck too. M. Shirk wrote: There is more money to be made in the treatment of a disease, then actually finding a cure. Remind you of anything? Shirkdog ' or 1=1-- http://www.shirkdog.us Date: Fri, 21 Sep 2007 10:37:20 -0700 From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED] Subject: [Dailydave] Hacking software is lame -- try medical research... Some interesting discussion came up on some security lists this week and it got me to thinking. Yes, hacking software is lame. Cool, so you found some vulnerabilities in some widely distributed application, service, or OS and it is patched just as quickly. Why don't we spend our time and valuable energy researching cures for rare or popular diseases instead? For instance, my brother (Jon Hermansen) has a very rare disease called Langerhans Cell Histiocytosis. It is also better known as LCH. It can be identified as causing such further diseases as Diabetes Insipidus, which is also uncommon (not sugar diabetes). Have you heard of these diseases before? Let me educate you… General Information: http://en.wikipedia.org/wiki/Langerhans_cell_histiocytosis http://en.wikipedia.org/wiki/Diabetes_insipidus Seven Part Video Series: http://youtube.com/watch?v=KkBRqZS8nfM http://youtube.com/watch?v=w1h6ZjxF-To http://youtube.com/watch?v=0ojbJpERlt8 http://youtube.com/watch?v=dzUqdYofMCQ http://youtube.com/watch?v=lNhzwNYhi0M http://youtube.com/watch?v=nY9DDEhShcE http://youtube.com/watch?v=5_8SEYyEZGI And even worse than this, a friend of mine who is a PhD student in Math at Berkeley has an even rarer disease known as Gaucher's Disease. This costs $550,000 / year to treat. That's a hefty bill every year (you make that much doing security vulns?), and some insurance companies might refuse to accept you due to pre-existing conditions. So guess what, my friend does not have health insurance and has not been treated for two years. A genius might die. That's ludicrous. http://en.wikipedia.org/wiki/Gaucher's_disease http://youtube.com/watch?v=0nX6QM5iVaU If we consider ourselves decent hackers, why don't we put our efforts toward helping cure this and other diseases rather than some very simple programming vulnerability? Is it because then we would have to reinvent a whole new slew of tools and re-orient/re-educate ourselves to be successful? Think about it… -- Kristian Erik Hermansen ___ Dailydave mailing list [EMAIL PROTECTED] http://lists.immunitysec.com/mailman/listinfo/dailydave More photos; more messages; more whatever – Get MORE with Windows Live™ Hotmail®. NOW with 5GB storage. Get more! http://imagine-windowslive.com/hotmail/?locale=en-usocid=TXT_TAGHM_migration_HM_mini_5G_0907 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Dailydave] Hacking software is lame -- try medical research...
I notice that you didn't mention any rare disease that none of your friends or relatives have. Why is it that all of these altruistic people seem to never give a crap until it happens to them? Did Michael J Fox give one thin dime to Parkinsons until he had it? How about Christopher Reeves and spinal injury/stem cell? I'd much rather make my money, and donate to non-profit orgs that do things that I am interested in. --Curt On 9/21/07, Kristian Erik Hermansen [EMAIL PROTECTED] wrote: Some interesting discussion came up on some security lists this week and it got me to thinking. Yes, hacking software is lame. Cool, so you found some vulnerabilities in some widely distributed application, service, or OS and it is patched just as quickly. Why don't we spend our time and valuable energy researching cures for rare or popular diseases instead? For instance, my brother (Jon Hermansen) has a very rare disease called Langerhans Cell Histiocytosis. It is also better known as LCH. It can be identified as causing such further diseases as Diabetes Insipidus, which is also uncommon (not sugar diabetes). Have you heard of these diseases before? Let me educate you… General Information: http://en.wikipedia.org/wiki/Langerhans_cell_histiocytosis http://en.wikipedia.org/wiki/Diabetes_insipidus Seven Part Video Series: http://youtube.com/watch?v=KkBRqZS8nfM http://youtube.com/watch?v=w1h6ZjxF-To http://youtube.com/watch?v=0ojbJpERlt8 http://youtube.com/watch?v=dzUqdYofMCQ http://youtube.com/watch?v=lNhzwNYhi0M http://youtube.com/watch?v=nY9DDEhShcE http://youtube.com/watch?v=5_8SEYyEZGI And even worse than this, a friend of mine who is a PhD student in Math at Berkeley has an even rarer disease known as Gaucher's Disease. This costs $550,000 / year to treat. That's a hefty bill every year (you make that much doing security vulns?), and some insurance companies might refuse to accept you due to pre-existing conditions. So guess what, my friend does not have health insurance and has not been treated for two years. A genius might die. That's ludicrous. http://en.wikipedia.org/wiki/Gaucher's_disease http://youtube.com/watch?v=0nX6QM5iVaU If we consider ourselves decent hackers, why don't we put our efforts toward helping cure this and other diseases rather than some very simple programming vulnerability? Is it because then we would have to reinvent a whole new slew of tools and re-orient/re-educate ourselves to be successful? Think about it… -- Kristian Erik Hermansen ___ Dailydave mailing list [EMAIL PROTECTED] http://lists.immunitysec.com/mailman/listinfo/dailydave ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day: PDF pwns Windows
But then there is the important concept of the private 0day, a new vulnerability that a malicious person has but has not used yet. But the point is there is no such thing as a 0day *vulnerability; there's a 0day exploit, an exploit in the wild before the vulnerability id discovered. By claiming all new vulnerabilities are 0day the term becomes completely meaningless; by your reasoning there is no such thing as a non-0day vulnerabillity; well, the next they it's no longer a 0day vulnerability but the funny thing is that everybody keeps calling it that. When a vulnerability is discovered you cannot be sure no-one found it before; the only thing you can ever be sure of whether at that point an exploit was detected in the wild. I don't like this chain of logic. Whether a new vulnerability is an 0day or not depends entirely too much on the disclosure process, with funky race conditions in there. But by your reasoning *all* vulnerabilities are 0day at some point; or is the only exception those found by the vendor itself? Rather, I just treat 0day as a synonym for new vulnerability and don't give a hoot about the alleged intentions of whoever discovered it. What makes it an 0 day is that whoever is announcing it is first to announce it in public. You could only invalidate the 0day claim by showing that the same vulnerability had previously been disclosed by someone else. The point is that it is not supposed to be moniker for vulnerabilities; it's a moniker for exploits. In any other context it does not make sense. Specifically considering that 0-day exploit is the only definition which holds meaning with respect to a particular exploit over time. An exploit which existed before the vulnerability was publicly known. But a 0 day vulnerability is meaningless as a definition; it applies to a vulnerability for exactly 24 hours and then is meaningless. ALL vulnerabilities were discovered at some point and had their 24 hours of 0 day fame by your definition. It just does not make sense. Casper ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Off-By-One Vulnerability
Multiple Vendor ImageMagick Off-By-One Vulnerability iDefense Security Advisory 09.19.07 http://labs.idefense.com/intelligence/vulnerabilities/ Sep 19, 2007 I. BACKGROUND ImageMagick is a suite of image manipulation tools (animate, composite, conjure, convert, display, identify, import, mogrify and montage) that are sometimes used by other applications for processing image files. For more information about ImageMagick, visit the vendor's site at the following URL. http://www.imagemagick.org/ II. DESCRIPTION Remote exploitation of an off-by-one vulnerability in ImageMagick, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. This vulnerability specifically exists in the ReadBlobString() function in magick/blob.c as shown below. 3110for (i=0; i (long) MaxTextExtent; i++) 3111{ 3112 p=ReadBlobStream(image,1,buffer,count); ... 3119 string[i]=(char) (*p); 3120 if ((string[i] == '\n') || (string[i] == '\r')) 3121break; 3122} 3123string[i]='\0'; The variable string is a character array of length MaxTextExtent. An off-by-one buffer overflow will occur on line 3123 when i is exactly MaxTextExtent. This function is called from several image file processing routines. Most of the buffers involved are stack based, although some are on the heap. III. ANALYSIS Exploitation of this vulnerability allows an attacker to execute arbitrary code in the context of the user. One way of exploiting this vulnerability is to persuade a targeted user to open a malicious image file with a program that utilizes the ImageMagick library. As the tools that are part of ImageMagick are sometimes used as helper tools by other applications, this user may be the same as the web server user. This scenario is somewhat more severe than the previously described attack vector since the image processing can occur automatically. Exploitation in stack-based scenarios depends on the stack layout, which depends on the compiler and compiler options used to build the library. IV. DETECTION iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable. V. WORKAROUND iDefense is unaware of any effective workaround for this vulnerability. VI. VENDOR RESPONSE The ImageMagick maintainers have addressed this vulnerability with the release of version 6.3.5-9. More information is available from the following URL. http://studio.imagemagick.org/pipermail/magick-announce/2007-September/37.html VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-4987 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 09/04/2007 Initial vendor notification 09/05/2007 Initial vendor response 09/19/2007 Coordinated public disclosure IX. CREDIT This vulnerability was reported to iDefense by regenrecht. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2007 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail [EMAIL PROTECTED] for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] help analysing asn overflow
Hi, i am trying to analyse the old asn integer overflow.Can anyone guide me towards right direction?which function contains the vulnerable code?is it asn1_decode? thanks for any help. -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hacking software is lame -- try medical research...
Dear Kristian Erik Hermansen, It sounds like you are friends with a lot of people that would make good Youtube material[1]. What makes your friends so special? A lot of geniuses are dying in the world. Consider African children[2] that are smart enough to crawl towards food, but fail en route and become food for the lesser intelligent lultures. It sounds like your friend has had a good life up to this point, and is much more fortunate than most Asian children[3]. Sure his life might be ending soon, but at least he got to eyefuck a lot of babes at Berkeley. Maybe if his health were important to him he'd be studying something pertinent to helping other people. Medicine or anthropology perhaps! ... or is it because he needs the achievement of getting a PhD in something, and knows he may not live long enough to become a real doctor? Or is he too stupid to understand that not all doctors cure diseases? Maybe God wants this guy to die. I read somewhere that incest can lead to various genetic defects. If you don't have what your brother has, which one of your parents is lying? Maybe you should cross-post your stupid fucking sob story to other unrelated industries' mailing lists. I'm sure the food industry wants to stop producing frozen waffle technologies to direct their efforts to save a couple random fat people that you know. In closing, I hope you also become Youtube material sometime. Soon. [1] http://tinyurl.com/2blvo5 [2] http://tinyurl.com/2n5xk4 [3] http://tinyurl.com/yoj2a6 On Fri, 21 Sep 2007 13:37:20 -0400 Kristian Erik Hermansen [EMAIL PROTECTED] wrote: Some interesting discussion came up on some security lists this week and it got me to thinking. Yes, hacking software is lame. Cool, so you found some vulnerabilities in some widely distributed application, service, or OS and it is patched just as quickly. Why don't we spend our time and valuable energy researching cures for rare or popular diseases instead? For instance, my brother (Jon Hermansen) has a very rare disease called Langerhans Cell Histiocytosis. It is also better known as LCH. It can be identified as causing such further diseases as Diabetes Insipidus, which is also uncommon (not sugar diabetes). Have you heard of these diseases before? Let me educate you… General Information: http://en.wikipedia.org/wiki/Langerhans_cell_histiocytosis http://en.wikipedia.org/wiki/Diabetes_insipidus Seven Part Video Series: http://youtube.com/watch?v=KkBRqZS8nfM http://youtube.com/watch?v=w1h6ZjxF-To http://youtube.com/watch?v=0ojbJpERlt8 http://youtube.com/watch?v=dzUqdYofMCQ http://youtube.com/watch?v=lNhzwNYhi0M http://youtube.com/watch?v=nY9DDEhShcE http://youtube.com/watch?v=5_8SEYyEZGI And even worse than this, a friend of mine who is a PhD student in Math at Berkeley has an even rarer disease known as Gaucher's Disease. This costs $550,000 / year to treat. That's a hefty bill every year (you make that much doing security vulns?), and some insurance companies might refuse to accept you due to pre-existing conditions. So guess what, my friend does not have health insurance and has not been treated for two years. A genius might die. That's ludicrous. http://en.wikipedia.org/wiki/Gaucher's_disease http://youtube.com/watch?v=0nX6QM5iVaU If we consider ourselves decent hackers, why don't we put our efforts toward helping cure this and other diseases rather than some very simple programming vulnerability? Is it because then we would have to reinvent a whole new slew of tools and re-orient/re- educate ourselves to be successful? Think about it… -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Learn to trade futures online and make extra money. Click here to learn more! http://tagline.hushmail.com/fc/Ioyw6h4dPIlUjUmiwIG2qPHjFdMsJzUpmVa3et3DBzBz5fYynvZdCg/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day: PDF pwns Windows
[EMAIL PROTECTED] wrote: But a 0 day vulnerability is meaningless as a definition; it applies to a vulnerability for exactly 24 hours and then is meaningless. ALL vulnerabilities were discovered at some point and had their 24 hours of 0 day fame by your definition. It just does not make sense. Casper Should we now create a new term for the industry +0day or 1day. How about? nowaday -- J. Oquendo Excusatio non petita, accusatio manifesta http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xF684C42E sil . infiltrated @ net http://www.infiltrated.net smime.p7s Description: S/MIME Cryptographic Signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Will the real daddy of Aditya stand up? and spank the kidddo's ass
wow! I am going to love Aditya after sometime for his shameless nature and being even more adamant than some of the FD trolls. Aditya - we can understand your feeling that you are completely lost and looking for your daddy over internet. Guess what we have a surprise for you! Dr Neal's recent research is going to prove that n3td3v is your daddy. bty what the fuck is reverse Engineering layout? -Original Message- From: Aditya K Sood [mailto:[EMAIL PROTECTED] Sent: 21 September 2007 04:35 To: [EMAIL PROTECTED] Subject: [Mlabs] Dissecting Internals of Windows XP Svchost : Reverse Engineering Stature Hi all This is the reverse Engineering layout of Scvhost Internals. |Category : Reverse Engineering Analysis. The paper solely relates to the core internals that build up the Windows XP Svchost. The Svchost internals have not been disseminated into informative elements yet. I have found only one or two analysis but that wont satisfy my views regarding XP Svchost. The anatomy of Svchost has got complexity in its own term. This pushes me to write a specific analysis over it. The analysis provide a structural design with concept wise dissection. The point is to understand the hidden artifacts and how it affects the working aspect of prime service host controller.Every process is disseminated into primary process and secondary process. In terms related to operating system there is a parent process and its child. If one look at the implementation scenario then child processes are undertaken as thread internally. The kernel level implementation is subjugated like this. The XP Svchost runs as threads under services process.| http://mlabs.secniche.org/winxp_svchost.html http://mlabs.secniche.org/papers/Win_Xp_Svc_Int.pdf Regards Aks aka 0kn0ck http://mlabs.secniche.org | http://www.secniche.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Sign Extension Vulnerability
Multiple Vendor ImageMagick Sign Extension Vulnerability iDefense Security Advisory 09.19.07 http://labs.idefense.com/intelligence/vulnerabilities/ Sep 19, 2007 I. BACKGROUND ImageMagick is a suite of image manipulation tools (animate, composite, conjure, convert, display, identify, import, mogrify and montage) that are sometimes used by other applications for processing image files. For more information about ImageMagick, visit the vendor's site at the following URL. http://www.imagemagick.org/ II. DESCRIPTION Remote exploitation of a sign extension vulnerability in ImageMagick, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. This vulnerability specifically exists in the ReadDIBImage() as shown below. 558image-columns=(unsigned long) dib_info.width ... 620bytes_per_line=4*((image-columns*dib_info.bits_per_pixel+31)/32); 621length=bytes_per_line*image-rows; 622pixels=(unsigned char *) AcquireMagickMemory((size_t) MagickMax( 623 bytes_per_line,image-columns+256)*image-rows*sizeof(*pixels)); ... 629 count=ReadBlob(image,length,pixels); ... 638 status=DecodeImage(image,dib_info.compression ? MagickTrue : MagickFalse,pixels); At line 558, dib_info.width is a signed short, which is extended to an unsigned long and assigned to image-columns. For example, a value of 0x8000 will be extended to 0x8000. Later, it is used as a multiplier when calculating the allocation size. An integer overflow occurs, leading to a heap block of insufficient size being allocated. Consequently, a heap buffer overflow occurs. III. ANALYSIS Exploitation of this vulnerability allows an attacker to execute arbitrary code in the context of the user. One way of exploiting this vulnerability is to persuade a targeted user to open a malicious image file with a program that utilizes the ImageMagick library. As the tools that are part of ImageMagick are sometimes used as helper tools by other applications, this user may be the same as the web server user. This scenario is somewhat more severe than the previously described attack vector since the image processing can occur automatically. IV. DETECTION iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable. V. WORKAROUND Exposure to this vulnerability can be mitigated by moving or deleting the related module files. The file locations may vary between distributions. The globbing expression listed below corresponds to a Red Hat Linux system. /usr/lib/ImageMagick-*/modules*/coders/dib.* VI. VENDOR RESPONSE The ImageMagick maintainers have addressed this vulnerability with the release of version 6.3.5-9. More information is available from the following URL. http://studio.imagemagick.org/pipermail/magick-announce/2007-September/37.html VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-4988 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 09/04/2007 Initial vendor notification 09/05/2007 Initial vendor response 09/19/2007 Public disclosure IX. CREDIT This vulnerability was reported to iDefense by regenrecht. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2007 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail [EMAIL PROTECTED] for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] help analysing asn overflow
On Sat, 22 Sep 2007 00:49:30 +0530, Code Breaker said: i am trying to analyse the old asn integer overflow.Can anyone guide me towards right direction?which function contains the vulnerable code?is it asn1_decode? It's not the old asn integer, it's one of the old asn integer... There were about a zillion and a half different places in that code that were exploitable, because actual error checking was, like, a foreign language to that crew when they wrote it originally. pgpAs6qUg1AtQ.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities
* Code Audit Labs: that's funny, the above code still can be bypassed because of incorrect check order. and example code calloc(0x1001, 0x10); it will return NULL in winxp or gligc 2.5 it will return 0x10 sizes heap in glibc 2.5(maybe prior) or win2000 sp4 This bug has been fixed in GNU libc CVS in August 2002. I've just checked version 2.3.6, and it does return NULL on overflow. There is, however, a different version of calloc that GDB sees, but this is not the real one invoked by application code. On Windows, this bug depends on the Microsoft Visual C++ run-time library. As a result, it's not completely determined by the Windows version alone. By the way, the similar operator new[] issue that has been reported in conjunction with that calloc issue: http://cert.uni-stuttgart.de/advisories/calloc.php has allegedly been fixed by Microsoft as well, by throwing std::bad_alloc. G++ and libstdc++ are still vulnerable to applications that perform unbounded allocations. Over the years, it's been debated again and again what the C++ standard says on this matter, how large the performance impact would be, and so on, but no one has created a patch (which would need to change the cross-vendor C++ ABI, too). The Ada Reference Manual does not preclude a fix, but I don't think anyone has written a patch for GNAT. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] DEFCON London DC4420 meet - Monday 24th September
To quote Alien from the 4420 website: Monday 24th September, 2007 starting at 19:30 -room private till 21:30 then we might pop out to a certain local again... :-) Location: Charing Cross Sports Club, Charing Cross Hospital Tube: Hammersmith or Barons Court http://www.multimap.com/map/browse.cgi?lat=51.4857lon=-0.2194scale=5000icon=x Note: it's MONDAY this time! If you haven't been before, please do come. We've got some great talks coming in the next few months Smiley Talks Planned: - Injecting RDS-TMC Traffic Information Systems - Andrea Barisani. This talk is HIGHLY recommended - fresh from appearing at Blackhat, this is a great project that will amuse and inform you.. great possibilities. - 'MPLS Security' - Thorsten Fischer - what it is, what people are doing about it and the current issues with it. - 10 min special - TBA Additionally - we will have 36Gb of WPA rainbow tables courtesy of the Church of Wifi available - bring your laptop diskspace and grab it whilst you can. Zac Major hope to have something cool to show you too... Oh, and we'll have DC15 stickers as well :-) All welcome bring a friend. More details here: http://dc4420.org cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Multiple Integer Overflow Vulnerabilities
Multiple Vendor ImageMagick Multiple Integer Overflow Vulnerabilities iDefense Security Advisory 09.19.07 http://labs.idefense.com/intelligence/vulnerabilities/ Sep 19, 2007 I. BACKGROUND ImageMagick is a suite of image manipulation tools (animate, composite, conjure, convert, display, identify, import, mogrify and montage) that are sometimes used by other applications for processing image files. For more information about ImageMagick, visit the vendor's site at the following URL. http://www.imagemagick.org/ II. DESCRIPTION Remote exploitation of multiple integer overflow vulnerabilities in ImageMagick, as included in various vendors' operating system distributions, allows attackers to crash applications using the ImageMagick library, and in some cases, execute arbitrary code. Several integer overflow vulnerabilities have been identified in ImageMagick's handling of various file formats. By creating a specially crafted DCM, DIB, XBM, XCF, or XWD image file, an attacker can cause a heap buffer of insufficient size to be allocated. This results in a heap-based buffer overflow. III. ANALYSIS Exploitation of these vulnerabilities allows an attacker to crash the programs using ImageMagick library, or execute arbitrary code in the context of the user. One way of exploiting these vulnerabilities is to persuade a targeted user to open a malicious image file with a program that utilizes the ImageMagick library. As the tools that are part of ImageMagick are sometimes used as helper tools by other applications, this user may be the same as the web server user. This scenario is somewhat more severe than the previously described attack vector since the image processing can occur automatically. IV. DETECTION iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable. V. WORKAROUND Exposure to some of these vulnerabilities can be mitigated by moving or deleting the related module files. The file locations may vary between distributions. The globbing expressions listed below correspond to a Red Hat Linux system. /usr/lib/ImageMagick-*/modules*/coders/dcm.* /usr/lib/ImageMagick-*/modules*/coders/dib.* /usr/lib/ImageMagick-*/modules*/coders/xbm.* /usr/lib/ImageMagick-*/modules*/coders/xcf.* /usr/lib/ImageMagick-*/modules*/coders/xwd.* VI. VENDOR RESPONSE The ImageMagick maintainers have addressed these vulnerabilities with the release of version 6.3.5-9. More information is available from the following URL. http://studio.imagemagick.org/pipermail/magick-announce/2007-September/37.html VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-4986 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 09/04/2007 Initial vendor notification 09/05/2007 Initial vendor response 09/19/2007 Coordinated public disclosure IX. CREDIT These vulnerabilities were reported to iDefense by regenrecht. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2007 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail [EMAIL PROTECTED] for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day: PDF pwns Windows
Dear All, pa http://www.gnucitizen.org/blog/0day-pdf-pwns-windows Is this the way responsible disclosure works these days ? Adobes representatives can contact me from the usual place. Wow, now that's coordinated release. Knowing the bugs that you found previously it should take 10 minutes to rediscover this one. Which makes this even worse. -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Multiple Denial of Service Vulnerabilities
Multiple Vendor ImageMagick Multiple Denial of Service Vulnerabilities iDefense Security Advisory 09.19.07 http://labs.idefense.com/intelligence/vulnerabilities/ Sep 19, 2007 I. BACKGROUND ImageMagick is a suite of image manipulation tools (animate, composite, conjure, convert, display, identify, import, mogrify and montage) that are sometimes used by other applications for processing image files. For more information about ImageMagick, visit the vendor's site at the following URL. http://www.imagemagick.org/ II. DESCRIPTION Remote exploitation of multiple denial of service vulnerabilities in ImageMagick, as included in various vendors' operating system distributions, allows attackers to consume excessive CPU resources on the target system. The first vulnerability exists in the ReadDCMImage() function. Since the return value of ReadBlobByte() is not properly checked, it can enter an infinite loop. The second vulnerability exists in the ReadXCFImage() function. Since the return value of ReadBlobMSBLong() is not properly checked, it can enter an infinite loop. III. ANALYSIS Exploitation of these vulnerabilities allows an attacker to consume excessive CPU resource on the system using the ImageMagick library to process images. One way of exploiting these vulnerabilities is to persuade a targeted user to open a malicious image file with a program that utilizes the ImageMagick library. As the tools that are part of ImageMagick are sometimes used as helper tools by other applications, this user may be the same as the web server user. This scenario is somewhat more severe than the previously described attack vector since the image processing can occur automatically. IV. DETECTION iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable. V. WORKAROUND Exposure to some of these vulnerabilities can be mitigated by moving or deleting the related module files. The file locations may vary between distributions. The globbing expressions listed below correspond to a Red Hat Linux system. /usr/lib/ImageMagick-*/modules*/coders/dcm.* /usr/lib/ImageMagick-*/modules*/coders/xcf.* VI. VENDOR RESPONSE The ImageMagick maintainers have addressed these vulnerabilities with the release of version 6.3.5-9. More information is available from the following URL. http://studio.imagemagick.org/pipermail/magick-announce/2007-September/37.html VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-4985 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 09/04/2007 Initial vendor notification 09/05/2007 Initial vendor response 09/19/2007 Coordinated public disclosure IX. CREDIT These vulnerabilities were reported to iDefense by regenrecht. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2007 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail [EMAIL PROTECTED] for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day: PDF pwns Windows
pa http://www.gnucitizen.org/blog/0day-pdf-pwns-windows Is this the way responsible disclosure works these days ? Adobe?s representatives can contact me from the usual place. Wow, now that's coordinated release. Knowing the bugs that you found previously it should take 10 minutes to rediscover this one. Which makes this even worse. I just saw his video showing the exploit fireing up calculator, it looks like the same stuff (feature/exploit call it what you want) that's been around for years. See www.nthelp.com/test.pdf (warning, it won't damage anything but it may scare you) Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] help analysing asn overflow
Are you gonna blow hot air VK or are you gonna help the man/woman??? On Friday, September 21, 2007, at 12:44PM, [EMAIL PROTECTED] wrote: On Sat, 22 Sep 2007 00:49:30 +0530, Code Breaker said: i am trying to analyse the old asn integer overflow.Can anyone guide me towards right direction?which function contains the vulnerable code?is it asn1_decode? It's not the old asn integer, it's one of the old asn integer... There were about a zillion and a half different places in that code that were exploitable, because actual error checking was, like, a foreign language to that crew when they wrote it originally. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Dailydave] Hacking software is lame -- try medical research...
On 9/21/07, Curt [EMAIL PROTECTED] wrote: I notice that you didn't mention any rare disease that none of your friends or relatives have. Why is it that all of these altruistic people seem to never give a crap until it happens to them? Did Michael J Fox give one thin dime to Parkinsons until he had it? How about Christopher Reeves and spinal injury/stem cell? I'd much rather make my money, and donate to non-profit orgs that do things that I am interested in. You make some great points -- but I think you jumped the gun on assuming I am evil. Friends and people who know me understand that I am active in many circles, offering help to those in need. I highly encourage you to do the same so that we can live in a world where people are friendlier and healthier. The world is what we make of it, and I always disliked the hostility in the security and free software communities. Everyone should be nicer to each other and not bash people when they ask simple questions, even if they haven't read the manual... -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDKSA-2007:187 ] - Updated PHP packages fix numerous vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:187 http://www.mandriva.com/security/ ___ Package : php Date: September 21, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 ___ Problem Description: Numerous vulnerabilities were discovered in the PHP scripting language that are corrected with this update. An integer overflow in the substr_compare() function allows context-dependent attackers to read sensitive memory via a large value in the length argument. This only affects PHP5 (CVE-2007-1375). A stack-based buffer overflow in the zip:// URI wrapper in PECL ZIP 1.8.3 and earlier allowes remote attackers to execute arbitrary code via a long zip:// URL. This only affects Corporate Server 4.0 (CVE-2007-1399). A CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter could allow an attacker to inject arbitrary email headers via a special email address. This only affects Mandriva Linux 2007.1 (CVE-2007-1900). The mcrypt_create_iv() function calls php_rand_r() with an uninitialized seed variable, thus always generating the same initialization vector, which may allow an attacker to decrypt certain data more easily because of the guessable encryption keys (CVE-2007-2727). The soap extension calls php_rand_r() with an uninitialized seec variable, which has unknown impact and attack vectors; an issue similar to that affecting mcrypt_create_iv(). This only affects PHP5 (CVE-2007-2728). The substr_count() function allows attackers to obtain sensitive information via unspecified vectors. This only affects PHP5 (CVE-2007-2748). An infinite loop was found in the gd extension that could be used to cause a denial of service if a script were forced to process certain PNG images from untrusted sources (CVE-2007-2756). An integer overflow flaw was found in the chunk_split() function that ould possibly execute arbitrary code as the apache user if a remote attacker was able to pass arbitrary data to the third argument of chunk_split() (CVE-2007-2872). A flaw in the PHP session cookie handling could allow an attacker to create a cross-site cookie insertion attack if a victim followed an untrusted carefully-crafted URL (CVE-2007-3799). Various integer overflow flaws were discovered in the PHP gd extension that could allow a remote attacker to execute arbitrary code as the apache user (CVE-2007-3996). A flaw in the wordwrap() frunction could result in a denial of ervice if a remote attacker was able to pass arbitrary data to the function (CVE-2007-3998). A flaw in the money_format() function could result in an information leak or denial of service if a remote attacker was able to pass arbitrary data to this function; this situation would be unlikely however (CVE-2007-4658). A bug in the PHP session cookie handling could allow an attacker to stop a victim from viewing a vulnerable website if the victim first visited a malicious website under the control of the attacker who was able to use that page to set a cookie for the vulnerable website (CVE-2007-4670). Updated packages have been patched to prevent these issues. In addition, PECL ZIP version 1.8.10 is being provided for Corporate Server 4.0. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1399 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2727 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2728 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3998 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4670 ___ Updated Packages: Mandriva Linux 2007.0: 57a68f47fd8c691db93b9eadbbf19b40 2007.0/i586/libphp5_common5-5.1.6-1.9mdv2007.0.i586.rpm f82d39f70da087f4d7f9470f81211276 2007.0/i586/php-cgi-5.1.6-1.9mdv2007.0.i586.rpm a22e66bf85ab53ff1782ce331ffa60a6 2007.0/i586/php-cli-5.1.6-1.9mdv2007.0.i586.rpm c3cd07dba2182b4f583794a3b240e84e 2007.0/i586/php-devel-5.1.6-1.9mdv2007.0.i586.rpm 265ef0003e043ad3013022b1e566fd89
Re: [Full-disclosure] 0day: PDF pwns Windows
Jeez, what a bunch of whiny pussies. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] 2 vanilla XSS on Wordpress ‘ wp-register.php’
There are two vanilla XSS on 'wp-register.php'. Only versions =2.0.1 appear to be affected. More info can be found on GNUCITIZEN's BlogSecurity: http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/ Regards, -- pagvac gnucitizen.org, ikwt.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day: PDF pwns Windows
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 That's been disclosed already, but thanks for your $0.02 USD ($0.02 CDN) Cheers, - --- Tremaine Lea Network Security Consultant Intrepid ACL Paranoia for hire On 21-Sep-07, at 5:40 PM, h4h wrote: Jeez, what a bunch of whiny pussies. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iQEcBAEBAgAGBQJG9F1TAAoJEKGa22zRy9WCBqgH/3rx3uiZU7USUJP96nWJXrg9 3jsHq6TkAIkE5hlJbNePsMCTKL9DgbPSRyD7sg2m9J9yf59rGCOEOmsvkEutFxGi kYDdizGijl1aYQlqDYRztANjENdpJW0lGCsfjEEB51hIzBq6wC+o/hAZe/QTcHnT MTUVQA0+/92o1pTqVeRRkG+T6tl9EgPLbhyJXHwtTJwWPtEg0EQcxGOz4W1ODOf6 Vw2vnGv/nR/DycOvVMHRt5IxjPKJkkXBHdx2TTgJH9+CQ021PUjG4xwgJO7qkAoy Jdg5v2yzKHGwYOeRr98jh3jvh7Lh5om+PMFv+WTXD1QY6ZpSx+bxUUrCvUTmkug= =f+bR -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/