Re: [Full-disclosure] DHS need to get on top of this right now
After all this crap, you guys still fall for the trollbait? f*cking sad :-( No? I've just recently applied here https://www.mi5careers.gov.uk/ homo, so watch your back with who you're talking to. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DHS need to get on top of this right now
On Wed, Oct 24, 2007 at 08:39:56AM +0200, php0t wrote: After all this crap, you guys still fall for the trollbait? f*cking sad :-( Yeah, I'll give ya that. Let's try Lack of sleep for $400, Alex. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Distributed SSH username/password brute forceattack
On Mon, 2007-10-22 at 22:34 +0200, [EMAIL PROTECTED] wrote: Hi, Oct 22 20:36:13 nms sshd[90657]: Failed password for invalid user gopher from 77.46.152.2 port 55120 ssh2 user/password authentication for SSH? one way of cleaning up your logs and killing this type of attack is to reconfigure your OpenSSH to only allow key based logins. stopped my 10M+ logfiles straight away (then the apache attacks were easier to see too ;-) ) Be careful about that. Although key-based logins are easier on your logs, they also generate the problem of transitive access to the server. Years ago, one of the boxes I was managing was hacked from the inside: the hacker got an unsecured linux box thru a script-kiddie level hack, and used the key of a local user to get in. Although you can control how the SSH server on your side works, you have no control on people's private keys and thus cannot enforce passphrases on those keys. You can unknowingly lower your security by moving to a key-based login, because some people who would type a password to log-in will not bother securing their passphrases if they are forced to use a private key. -- Vincent ARCHER [EMAIL PROTECTED] Tel : +33 (0)1 40 07 47 14 Fax : +33 (0)1 40 07 47 27 Deny All - 23, rue Notre Dame des Victoires - 75002 Paris - France ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DHS need to get on top of this right now
Hey stop making fun of netdouche! So what if he couldent hack out a bag of toastbread? I, for one, welcome Netdork as our new über official pseudo-God. Route dissapered in some torture-chamber under Cisco, the smart guys from L0pht got a haircut and a tie and sum cash. Kevin found out he was cooler in movies, and that his books sucks But what did Netno0b get? He is clearly to fucking stupid to get a it-sec business job. I forget more about it-sec in a month than he will ever learn the rest of his life? So I contacted the union, sent his data and guess what? There is hope for him. If he likes movies theres always a starring role in any movie produched by 'The Tokyo Bukakke Films' specifically the 'master of chin omelet' gay series So chip up netdouche, keep working towards becoming a fluffer.. Just do it, gag'n'guzzle with all u got! Love Dad On 10/24/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 24 Oct 2007 01:59:15 +0100 worried security [EMAIL PROTECTED] wrote: Don't fuck with me you prick or i'll track you down. Hah! You could not track your own father if your momma told you who, you lame moron. -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkcenikACgkQ/Z2CKNw3YZDVqgQA3I+6ivdWBV/TA7sg9wyxNEEUcBML N5Kfc9bNjsE50bJs+E6voXEDuzx+k9L98c6iI2NbiUn8uoiIst1fUeoRlAqBk7JUzYxd sfAc/9YjfnPeWNkjuq0kxlJAO2rdVppjgSbSFrOlNrALAlDXVyJcu5qgDdc0x4FEO0Gf zcLxmIw= =Yfsi -END PGP SIGNATURE- ___ Full-Disclosure - We believe ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to use the tools rainbowrack 1.2-src
edison schreef: hello Mr Fabien Kraemer: I have download the rainbowrack 1.2-src.But I don't know how to use the tools to find the password of the oracle user password .Would you tell me how to do it or give me an example. Thank you . ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ You first need to create rainbow table hashes. rainbow crack compares these hashes with the hashes of your win LANMAN hashes. if there is a match, you got the passwd. ifo @ http://www.antsight.com/zsl/rainbowcrack/#Documentation grtz CT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DHS need to get on top of this right now
Some people are immune to satire, and always will be... On 10/24/07, php0t wrote: After all this crap, you guys still fall for the trollbait? f*cking sad :-( ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DHS need to get on top of this right now
I'm sorry everyone I was just trying to highlight a valid point, i didn't expect a flame war to errupt. The DHS need to ban ISP's from talking about infrastructure security in public places. it should be classified information don't you all think? Just because Nanog has been offending for years by talking about similar subjects doesn't mean its ok and action should be taken now to prevent the continuation of critical infrastructure security recovery be talked about in public. For anyone who does care about what i'm talking about, I apologize about the trolls in my thread who told me I worked in Mc Donalds and KFC. I know not everyone hates me so perhaps we can have mature discussions about the DHS and Nanog instead of bashing each other saying I work in Mc Donalds, KFC etc. n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iDefense Security Advisory 10.23.07: IBM Lotus Notes Client TagAttributeListCopy Buffer Overflow Vulnerability
IBM Lotus Notes Client TagAttributeListCopy Buffer Overflow Vulnerability iDefense Security Advisory 10.23.07 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 23, 2007 I. BACKGROUND IBM Corp.'s Lotus Notes software is an integrated desktop client option for accessing e-mail, calendars and applications on an IBM Corp. Lotus Domino server. More information can be found by visiting the URL below. http://www-142.ibm.com/software/sw-lotus/products/product4.nsf/wdocs/noteshomepage II. DESCRIPTION Remote exploitation of a buffer overflow vulnerability in IBM Corp.'s Lotus Notes mail user agent could allow attackers to execute arbitrary code in the context of the current user. When a Lotus Notes user receives an HTML email, the HTML is converted to a format resembling RTF (Rich Text Format). When messages are replied to, forwarded or copied to the clipboard, the e-mail format is converted again. The buffer overflow is the result of a call to Cstrcpy when copying an attacker supplied variable length string into a fixed-sized stack buffer. The overflow occurs at the Cstrcpy call inside the TagAttributeListCopy function in nnotes.dll. III. ANALYSIS Exploitation allows attackers to execute arbitrary code in the context of the recipient of the message. In order to be successful, an attacker must social engineer the victim into processing a specially crafted message in a certain way. Specifically, the victim must either forward, reply with history, or copy the message to the clipboard in order to trigger the vulnerability. Additionally, non-printable ASCII characters are converted to the LMBCS (Lotus MultiByte Character Set) before the overflow occurs. This complicates, but does not prevent, exploitation. IV. DETECTION iDefense confirmed the existence of this vulnerability in version 7.0.2 of IBM Corp.'s Lotus Notes. Additionally, versions 6.5.1, 6.5.3 and 7.0.1 were reported to be vulnerable. Other versions are suspected to be vulnerable. V. WORKAROUND iDefense is currently unaware of any effective workaround for this issue. VI. VENDOR RESPONSE IBM Lotus has addressed this vulnerability within versions 7.0.3 and 8.0 of Lotus Notes. For more information, visit the following URL. http://www-1.ibm.com/support/docview.wss?rs=477uid=swg21272930 VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-4222 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 02/07/2007 Initial vendor notification 02/07/2007 Initial vendor response 10/23/2007 Coordinated public disclosure IX. CREDIT This vulnerability was reported to iDefense by UVInc. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2007 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail [EMAIL PROTECTED] for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iDefense Security Advisory 10.23.07: IBM Lotus Domino IMAP Buffer Overflow Vulnerability
IBM Lotus Domino IMAP Buffer Overflow Vulnerability iDefense Security Advisory 10.23.07 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 23, 2007 I. BACKGROUND IBM Lotus Domino Server software provides messaging, calendaring and scheduling capabilities on a variety of operating systems. More information about the product is available at the following URL. http://www-142.ibm.com/software/sw-lotus/domino II. DESCRIPTION Remote exploitation of a buffer overflow vulnerability within IBM Corp.'s Lotus Domino allows attackers to execute arbitrary code in the context of the IMAP service. This vulnerability exists within the IMAP component of a Domino Server. The problem specifically lies in the handling of mailbox names within specific commands. If a user has subscribed to a mailbox with an overly long name, certain commands will copy the user-supplied mailbox name into a fixed-size stack buffer without proper validation. III. ANALYSIS Exploitation allows attackers to execute arbitrary code in the context of the IMAP service. In order to conduct the attack, the attacker must be able to establish a TCP session with the IMAP service on TCP port 143. Valid credentials are required to access the vulnerable code. Under Windows, the privileges gained are (by default) that of the SYSTEM user. This allows an attacker to take complete control of the compromised system. Although the UNIX version of the service does not run as root, it does run as the same user as many other components of the Lotus Domino Server. Because of this an attacker may gain access to sensitive information or be able to maliciously subvert the system in other ways. IV. DETECTION iDefense has confirmed the existence of this vulnerability within version 7.0.2.2 of Lotus Domino running on Linux as well as Windows Server 2003. Previous versions, as well as builds for other platforms, are suspected to be vulnerable. V. WORKAROUND Employing firewalls to limit access to the affected service will mitigate exposure to this vulnerability. VI. VENDOR RESPONSE IBM Lotus has addressed this vulnerability within versions 6.5.6 Fix Pack 2 (FP2), 7.0.3 and 8.0 of Lotus Domino. For more information, visit the following URL. http://www-1.ibm.com/support/docview.wss?rs=477uid=swg21270623 VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-3510 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 06/27/2007 Initial vendor notification 06/28/2007 Initial vendor response 10/23/2007 Coordinated public disclosure IX. CREDIT This vulnerability was reported to iDefense by Manuel Santamarina Suarez. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2007 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail [EMAIL PROTECTED] for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DHS need to get on top of this right now
I suspect rather that DHS needs to first acquire the expertise to deal with these issues, and participate as helpers rather than as directors. Nanog has dealt with interruptions to the Internet in the past, with success enough that most people are unaware that major problems ever occurred. There is no reason to expect anyone in government could do as well, and blocking discussion (the general effect of banning it in public places - ever work on a spook job?) would have made the recovery in the last outage I heard about impossible. Unfortunately, wisdom and knowledge do not automatically come with authority. DHS has authority, at least within the US, but has not the record of accomplishment that Nanog has. Let them come forward with improved routing codes that are not subject to attacks, or with protocols that can be seen to be better than are current, get them discussed, and act to facilitate (often = pay for) changing over to such, and this would provide the kind of reputation that would get them followed and improve safety without writing mandates that could make things worse. They should of course be open to competing designs also, since others may come up with better designs. Participating in this way would show wisdom. Glenn Everhart (speaking for myself) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of worried security Sent: Wednesday, October 24, 2007 12:32 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] DHS need to get on top of this right now I'm sorry everyone I was just trying to highlight a valid point, i didn't expect a flame war to errupt. The DHS need to ban ISP's from talking about infrastructure security in public places. it should be classified information don't you all think? Just because Nanog has been offending for years by talking about similar subjects doesn't mean its ok and action should be taken now to prevent the continuation of critical infrastructure security recovery be talked about in public. For anyone who does care about what i'm talking about, I apologize about the trolls in my thread who told me I worked in Mc Donalds and KFC. I know not everyone hates me so perhaps we can have mature discussions about the DHS and Nanog instead of bashing each other saying I work in Mc Donalds, KFC etc. n3td3v - This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you.___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DHS need to get on top of this right now
Stop spamming the list with useless garbage and maybe some will respect rather than hate? Just a thought... -E On 10/24/07, worried security [EMAIL PROTECTED] wrote: I'm sorry everyone I was just trying to highlight a valid point, i didn't expect a flame war to errupt. The DHS need to ban ISP's from talking about infrastructure security in public places. it should be classified information don't you all think? Just because Nanog has been offending for years by talking about similar subjects doesn't mean its ok and action should be taken now to prevent the continuation of critical infrastructure security recovery be talked about in public. For anyone who does care about what i'm talking about, I apologize about the trolls in my thread who told me I worked in Mc Donalds and KFC. I know not everyone hates me so perhaps we can have mature discussions about the DHS and Nanog instead of bashing each other saying I work in Mc Donalds, KFC etc. n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] rPSA-2007-0221-1 php php-mysql php-pgsql
rPath Security Advisory: 2007-0221-1 Published: 2007-10-24 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Remote System User Deterministic Unauthorized Access Updated Versions: [EMAIL PROTECTED]:1/4.3.11-15.15-1 [EMAIL PROTECTED]:1/4.3.11-15.15-1 [EMAIL PROTECTED]:1/4.3.11-15.15-1 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-1693 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3997 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3998 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4657 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4659 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4670 Description: Previous versions of the php package are vulnerable to many attacks, the worst of which enable various remote attackers to run arbitrary code as the apache user. These vulnerabilities are exposed by a wide variety of applications written in the PHP language. http://wiki.rpath.com/Advisories:rPSA-2007-0221 Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DHS need to get on top of this right now
On Wed, 24 Oct 2007 17:32:04 BST, worried security said: The DHS need to ban ISP's from talking about infrastructure security in public places. it should be classified information don't you all think? Please note a few things: 1) The level of detail actually discussed on NANOG comes nowhere *close* to giving the bad guys anything *useful*. 2) Somebody at GMU already did a grad-school thesis about this subject, at a level of detail that *was* worrysome for many. The fact that with that amount of hints, you should be able to Google up the student's name and the date of the thesis, should tell you something about barn doors. 3) If in fact you classified the information, then you'd hit a *very* big snag - you then need to treat it as classified information, with all the attendant details. Background checks for all of your NOC staff *over and above* what you already do, you can't give the information to your customers, and so on. Though it *does* keep the phone from ringing off the hook if you can't tell your customers your NOC phone number because it's classified pgpNmBqjAfqFP.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DHS need to get on top of this right now
On 10/24/07, worried security [EMAIL PROTECTED] wrote: I'm sorry everyone I was just trying to highlight a valid point, i didn't expect a flame war to errupt. The DHS need to ban ISP's from talking about infrastructure security in public places. it should be classified information don't you all think? No, it shouldn't be classified. Besides, having DHS (lol) try to ban isps from talking is absurd in the extreme. Even ignoring the point that DHS is incompetent, there is a rather large issue with DHS being a US-centric agency, and this whole intarweb thing being world wide. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DHS need to get on top of this right now
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/24/07, worried security [EMAIL PROTECTED] wrote: Don't fuck with me you prick or i'll track you down. On 10/24/07, worried security [EMAIL PROTECTED] wrote: ... homo, ... watch your back with who you're talking to. On 10/24/07, worried security [EMAIL PROTECTED] wrote: ...perhaps we can have mature discussions... Yeah, mature discussion. Come back when you reach late teens and stop spamming the list with your lame postings, loser -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkcfhasACgkQ/Z2CKNw3YZBavQQA3F69CA0/f+7/quDOyJs9JLpBSRv5 xgb1NzC71qUrKrADb2NA5InkyRczsLMjxry8+HEGsvjdjuE4OQ/ReXD9+vePifb1h2R0 g3+gBCpWe6m5RKAi0xsJS7CkElhlR0TcqnSNGF0nSMatEq6CqC1+MWFiP5gQHwn3I4JJ oMSdpVU= =u45p -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DHS need to get on top of this right now
On 10/24/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/24/07, worried security [EMAIL PROTECTED] wrote: Don't fuck with me you prick or i'll track you down. On 10/24/07, worried security [EMAIL PROTECTED] wrote: ... homo, ... watch your back with who you're talking to. On 10/24/07, worried security [EMAIL PROTECTED] wrote: ...perhaps we can have mature discussions... Yeah, mature discussion. Come back when you reach late teens and stop spamming the list with your lame postings, loser Yeah and you and your friends baited me to respond in that way, so blame yourself if the dicussion isn't mature. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DHS need to get on top of this right now
I'm sorry everyone I was just trying to highlight a valid point, i didn't expect a flame war to errupt. Then be more judicious in your use of Reply-All. The DHS need to ban ISP's from talking about infrastructure security in public places. it should be classified information don't you all think? I doubt that the NANOG folk are posting public fiber route-maps, or anything similarly useful to a troublemaker. Heck .. most ISPs have a hard enough time finding their OWN fiber to mark it for a construction crew, much less accidentally telling somebody ELSE where it is. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Hackers can divert Vonage calls: security firm =?
I have not heard of any chatter on this one.. http://ca.today.reuters.com/news/newsArticle.aspx?type=technologyNewsstoryID=2007-10-24T183023Z_01_N24160249_RTRIDST_0_TECH-VONAGE-HACKERS-COL.XMLarchived=False does anyone know different or is this just some company pimping ?? /pd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200710-25 ] MLDonkey: Privilege escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: MLDonkey: Privilege escalation Date: October 24, 2007 Bugs: #189412 ID: 200710-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis The Gentoo MLDonkey ebuild adds a user to the system with a valid login shell and no password. Background == MLDonkey is a peer-to-peer filesharing client that connects to several different peer-to-peer networks, including Overnet and BitTorrent. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-p2p/mldonkey 2.9.0-r3 = 2.9.0-r3 Description === The Gentoo MLDonkey ebuild adds a user to the system named p2p so that the MLDonkey service can run under a user with low privileges. This user is created with a valid login shell and no password. Impact == A remote attacker could log into a vulnerable system as the p2p user. This would require an installed login service that permitted empty passwords, such as SSH configured with the PermitEmptyPasswords yes option, a local login console, or a telnet server. Workaround == See Resolution. Resolution == Change the p2p user's shell to disallow login. For example, as root run the following command: # usermod -s /bin/false p2p NOTE: updating to the current MLDonkey ebuild will not remove this vulnerability, it must be fixed manually. The updated ebuild is to prevent this problem from occurring in the future. Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-25.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp4CHHjvliWh.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200710-26 ] HPLIP: Privilege escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: HPLIP: Privilege escalation Date: October 24, 2007 Bugs: #195565 ID: 200710-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis The hpssd daemon might allow local attackers to execute arbitrary commands with root privileges. Background == The Hewlett-Packard Linux Imaging and Printing system (HPLIP) provides drivers for HP's inkjet and laser printers, scanners and fax machines. It integrates with the Common UNIX Printing System (CUPS) and Scanner Access Now Easy (SANE). Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-print/hplip 2.7.9-r1 *= 1.7.4a-r2 = 2.7.9-r1 Description === Kees Cook from the Ubuntu Security team discovered that the hpssd daemon does not correctly validate user supplied data before passing it to a popen3() call. Impact == A local attacker may be able to exploit this vulnerability by sending a specially crafted request to the hpssd daemon to execute arbitrary commands with the privileges of the user running hpssd, usually root. Workaround == There is no known workaround at this time. Resolution == All HPLIP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose net-print/hplip References == [ 1 ] CVE-2007-5208 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5208 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-26.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpUKoYvvKyXj.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200710-27 ] ImageMagick: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ImageMagick: Multiple vulnerabilities Date: October 24, 2007 Bugs: #186030 ID: 200710-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in ImageMagick, possibly resulting in arbitrary code execution or a Denial of Service. Background == ImageMagick is a collection of tools and libraries for manipulating various image formats. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 media-gfx/imagemagick 6.3.5.10 = 6.3.5.10 Description === regenrecht reported multiple infinite loops in functions ReadDCMImage() and ReadXCFImage() (CVE-2007-4985), multiple integer overflows when handling certain types of images (CVE-2007-4986, CVE-2007-4988), and an off-by-one error in the ReadBlobString() function (CVE-2007-4987). Impact == A remote attacker could entice a user to open a specially crafted image, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or an excessive CPU consumption. Note that applications relying on ImageMagick to process images can also trigger the vulnerability. Workaround == There is no known workaround at this time. Resolution == All ImageMagick users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-gfx/imagemagick-6.3.5.10 References == [ 1 ] CVE-2007-4985 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4985 [ 2 ] CVE-2007-4986 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4986 [ 3 ] CVE-2007-4987 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4987 [ 4 ] CVE-2007-4988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-27.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpxr9eMXthPD.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
