Re: [Full-disclosure] Benachrichtung zum +ANw-bermittlungsstatus (Fehlgeschlagen)
Hi. Please stop sending your mails, belonging to wrong message routing from Stadt Salzgitter, to the complete fd list! The mails, you are receiving, are bounces. Keep in mind, that the sender is a german city, so you are talking to german bureaucrats that don't work before 9 a.m.! So long, Holger Librenz rholgstad schrieb: if you don't stop I will pull PDP out of hiding and have him xss your web admin interface [EMAIL PROTECTED] wrote: Dies ist eine automatisch erstellte Benachrichtigung über den Zustellstatus. Übermittlung an folgende Empfänger fehlgeschlagen. [EMAIL PROTECTED] Reporting-MTA: dns;SRV-EXCH2.it.sz Received-From-MTA: dns;srv-exch2.it.sz Arrival-Date: Wed, 19 Nov 2008 06:46:49 퍝 Final-Recipient: rfc822;[EMAIL PROTECTED] Action: failed Status: 5.7.1 X-Display-Name: Mamontow, Tobias Subject: Re: [Full-disclosure] Benachrichtung zum +ANw-bermittlungsstatus (Fehlgeschlagen) From: rholgstad [EMAIL PROTECTED] Date: Tue, 18 Nov 2008 23:43:17 -0600 To: [EMAIL PROTECTED], full-disclosure@lists.grok.org.uk To: [EMAIL PROTECTED], full-disclosure@lists.grok.org.uk why do you keep spamming me in a language I don't understand [EMAIL PROTECTED] wrote: Dies ist eine automatisch erstellte Benachrichtigung über den Zustellstatus. Übermittlung an folgende Empfänger fehlgeschlagen. [EMAIL PROTECTED] Reporting-MTA: dns;SRV-EXCH2.it.sz Received-From-MTA: dns;srv-exch2.it.sz Arrival-Date: Tue, 18 Nov 2008 23:24:50 퍝 Final-Recipient: rfc822;[EMAIL PROTECTED] Action: failed Status: 5.7.1 X-Display-Name: Mamontow, Tobias Subject: Re: [Full-disclosure] New hackers defacing the internets From: rholgstad [EMAIL PROTECTED] Date: Tue, 18 Nov 2008 16:13:19 -0600 To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: full-disclosure@lists.grok.org.uk Juha will be updating his blog as soon as he gets material from symantec or ISS to copy/paste [EMAIL PROTECTED] wrote: Sup. Valdis' mustache and I would like to share information with you. It is obvious this hacker group has taken control of securiteam.com. The absence of a blog entry from Juha Evron on the group proves their successful hack. -al On Tue, 18 Nov 2008 16:43:43 -0500 Razi Shaban [EMAIL PROTECTED] wrote: They are a very serious threat. They seem to know how to penetrate the security of any and every website. I have been following them for sometime, and have accumulated some information on them. If anyone has any information about them, please contact me. -- Razi Shaban ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Click for free information on accounting careers, $150 hour potential. http://tagline.hushmail.com/fc/PnY6qxsY9x2NeQRr3fZYRecN5sQyfJUgtW1jM4pq4y4BxhRyJdeyc/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Metasploit Framework 3.2 Released
888 888d8b888 888 888Y8P888 888 888 888 8b.d88b. .d88b. 88 b. .db 8b. 888 .d88b. 8 888 888 88bd8P Y8b888 88b88K 888 88b888db88 888 888 88 .d88Yb.888 8 8 888 888 888Y8b.Y88b. 888 888 X8 d88P888Y88..88P888Y88b. 888 888 888 Y Y888Y88 8P'8P 888 Y88P 888 Y888 888 888 888 Contact: H D Moore FOR IMMEDIATE RELEASE Email: hdm[at]metasploit.com Austin, Texas, November 19th, 2008 -- The Metasploit Project announced today the free, world-wide availability of version 3.2 of their exploit development and attack framework. The latest version is provided under a true open source software license (BSD) and is backed by a community-based development team. Metasploit runs on all modern operating systems, including Linux, Windows, Mac OS X, and most flavors of BSD. Metasploit has been used on a wide range of hardware platforms, from massive Unix mainframes to the iPhone. Users can access Metasploit using the tab-completing console interface, the Gtk GUI, the command line scripting interface, or the AJAX-enabled web interface. The Windows version of Metasploit includes all software dependencies and a selection of useful networking tools. The latest version of the Metasploit Framework, as well as screen shots, video demonstrations, documentation and installation instructions for many platforms, can be found online at - http://metasploit.com/framework/ This release includes a significant number of new features and capabilities, many of which are highlighted below. Version 3.2 includes exploit modules for recent Microsoft flaws, such as MS08-041, MS08-053, MS08-059, MS08-067, MS08-068, and many more. The module format has been changed in version 3.2. The new format removes the previous naming and location restrictions and paved the way to an improved module loading and caching backend. For users, this means being able to copy a module into nearly any subdirectory and be able to immediately use it without edits. The Byakugan WinDBG extension developed by Pusscat has been integrated with this release, enabling exploit developers to quickly exploit new vulnerabilities using the best Win32 debugger available today. The Context-Map payload encoding system development by I)ruid is now enabled in this release, allowing for any chunk of known process memory to be used as an encoding key for Windows payloads. The Incognito token manipulation toolkit, written by Luke Jennings, has been integrated as a Meterpreter module. This allows an attacker to gain new privleges through token hopping. The most common use is to hijack domain admin credentials once remote system access is obtained. The PcapRub, Scruby, and Packetfu libraries have all been linked into the Metasploit source tree, allowing easy packet injection and capture. The METASM pure-Ruby assembler, written by Yoann Guillot and Julien Tinnes, has gone through a series of updates. The latest version has been integrated with Metasploit and now supports MIPS assembly and the ability to compile C code. The Windows payload stagers have been updated to support targets with NX CPU support. These stagers now allocate a read/write/exec segment of memory for all payload downloads and execution. Executables which have been generated by msfpayload or msfencode now support NX CPUs. The generated executable is now smaller and more reliable, opening the door to a wider range of uses. The psexec and smb_relay modules now use an executable template thats acts like a real Windows service, improving the reliability and cleanup requirements of these modules. The Reflective DLL Injection technique pioneered by Stephen Fewer of Harmony Security has been integrated into the framework. The new payloads use the reflectivedllinjection stager prefix and share the same binaries as the older DLL injection method. Client-side browser exploits now benefit from a set of new javascript obfuscation techniques developed by Egypt. This improvement leads to a greater degree of anti-virus bypass for client-side exploits. Metasploit contains dozens of exploit modules for web browsers and third-party plugins. The new browser_autopwn module ties many of these together with advanced fingerprinting techniques to deliver more shells than most pen-testers know what to do with. This release includes a set of man-in-the-middle, authentication relay, and authentication capture modules. These modules can be integrated with a fake proxy (WPAD), a malicious access point (Karmetasploit), or basic network traffic
[Full-disclosure] BNP (british national party) membership list has been leaked
BNP (British National Party) membership (supposedly) has been leaked. I don't want to link to the URL here. You can find it in my blog post: http://gadievron.blogspot.com/2008/11/bnp-british-national-party-membership.html Gadi. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Secunia Research: Streamripper Multiple Buffer Overflows
== Secunia Research 19/11/2008 - Streamripper Multiple Buffer Overflows - == Table of Contents Affected Software1 Severity.2 Vendor's Description of Software.3 Description of Vulnerability.4 Solution.5 Time Table...6 Credits..7 References...8 About Secunia9 Verification10 == 1) Affected Software * Streamripper 1.63.5. NOTE: Other versions may also be affected. == 2) Severity Rating: Moderately critical Impact: System access Where: Remote == 3) Vendor's Description of Software Records Shoutcast and Live365 MP3 streams to a hard disk, creating separate files for each track. Runs under Unix and Windows. Product Link: http://streamripper.sourceforge.net/ == 4) Description of Vulnerability Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user's system. 1) A boundary error exists within http_parse_sc_header() in lib/http.c when parsing an overly long HTTP header starting with Zwitterion v. 2) A boundary error exists within http_get_pls() in lib/http.c when parsing a specially crafted pls playlist containing an overly long entry. 3) A boundary error exists within http_get_m3u() in lib/http.c when parsing a specially crafted m3u playlist containing an overly long File entry. Successful exploitation allows execution of arbitrary code, but requires that a user is tricked into connecting to a malicious server. == 5) Solution Patches should be available shortly. == 6) Time Table 05/11/2008 - Vendor notified. 10/11/2008 - Vendor response. 14/11/2008 - Vendor informs that fixes are ready and will be uploaded to CVS on the agreed disclosure date. 19/11/2008 - Public disclosure. == 7) Credits Discovered by Stefan Cornelius, Secunia Research. == 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2008-4829 for the vulnerabilities. == 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ == 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2008-50/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ == ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Outdated and vulnerable OpenSource libraries used in Deutsche Telekom home banking software
The Deutsche Telekom resp. their T-Online branch offer their own home banking software for Windows under ftp://software.t-online.de/pub/service/banking/banking70.exe The current release is version 7.00.0004 from 2008-03-17. This software is but insecure; it installs and uses: - the libraries LIBEAY32.DLL and SSLEAY32.DLL of the completely outdated, unsupported and vulnerable OpenSSL 0.9.6g from 2002-08-19 (see http://www.openssl.org/news/); - the library LIBCURL.DLL of the outdated, unsupported and vulnerable cURL 7.14.1 from 2005-09-05 (see http://curl.haxx.se/libcurl/); - the libraries xerces-c_2_6.dll and xerces-depdom_2_6.dll of the outdated and unsupported Xerces 2.6 (see http://xerces.apache.org/xerces-c/releases.html as well as http://xerces.apache.org/xerces-c/releases_archive.html); - the library CM32L7.DLL of vendor combit GmbH which has been built with a completely outdated, unsupported and vulnerable ZLIB (see http://zlib.net/); - an SSL certifikate container CAcerts.pem with an expired certificate (Validity: not after Feb 23 23:59:00 2006 GMT); Two other certificates will expire next week, and another two more in three weeks. To put the icing on the cake: - the software installs without any error message on Windows 2000, although it needs Windows XP or Windows Vista to run (see http://service.t-online.de/c/12/70/32/44/12703244.html), and fails to start with error message Library UXTHEME.DLL missing after successful installation. The vendor has been informed via its own hotline, its own CERT, its press spokesman for security (the Deutsche Telekom is member of the german initiative Sicher im Netz, see https://www.sicher-im-netz.de/wir_ueber_uns/146.aspx) and its security officer, both per mail and phone (where available). Response(s): NONE Reaction(s): NONE Stefan Kanthak PS: http://service.t-online.de/c/12/70/85/92/12708592.html states that this software has been evaluated by TUeV Saarland and got their label TUeV Saarland: Gepruefte Home-Banking Software. Whatever they checked: it wasn't the security of this software! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus
On Tuesday 18 November 2008 11:06:20 am n3td3v wrote: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus. [...snipped...] The spokesman said the virus was not malicious, and the infection was self-contained. How did the computer(s) get infected? -- http://zoidtechnologies.com/ information systems that suck less ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus
On Wed, 19 Nov 2008 11:32:53 -0400, Jeff MacDonald said: The spokesman said the virus was not malicious, and the infection was self-contained. How did the computer(s) get infected? He's using the term self-contained to mean 100% of the machines on the net are infected so it can't get much worse. You know, kind of how a fire will eventually go out once it runs out of combustibles. (And yes, I know there's tire dump, peat, and coal mine fires that have been smoldering for 30-40 year now... eventually doesn't always mean in your lifetime) pgpqQUuxLBgnc.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus
On Wed, Nov 19, 2008 at 3:32 PM, Jeff MacDonald [EMAIL PROTECTED] wrote: On Tuesday 18 November 2008 11:06:20 am n3td3v wrote: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus. [...snipped...] The spokesman said the virus was not malicious, and the infection was self-contained. How did the computer(s) get infected? According to n3td3v sources it was the Mytob worm that done it... -- Forwarded message -- From: n3td3v [EMAIL PROTECTED] Date: Tue, Nov 18, 2008 at 8:58 PM Subject: Computer virus infects three London hospitals To: n3td3v [EMAIL PROTECTED] The virus is believed to be the Mytob worm, which spreads via e-mail and plants a backdoor Trojan on infected computers that can be used to remotely take control of the machine, according to security firm Sophos. There will, no doubt, be concerns that the confidentiality of patients' data may have been put at risk, and the hospitals will surely be keen to reassure the public that security has been maintained, Graham Cluley, senior technology consultant at Sophos, wrote in a post on his blog. http://news.cnet.com/8301-1009_3-10101392-83.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus
On Wed, 19 Nov 2008 17:14:28 GMT, n3td3v said: According to n3td3v sources it was the Mytob worm that done it... Hint: When trying to make it look like you have actual personal sources, it helps when you *don't* include the cnet.com URL that you cut-n-pasted your source from. pgpPftMdaVRTv.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1667-1] New python2.4 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1667-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff November 19, 2008 http://www.debian.org/security/faq - Package: python2.4 Vulnerability : several Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-2315 David Remahl discovered several integer overflows in the stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule modules. CVE-2008-3142 Justin Ferguson discovered that incorrect memory allocation in the unicode_resize() function can lead to buffer overflows. CVE-2008-3143 Several integer overflows were discovered in various Python core modules. CVE-2008-3144 Several integer oberflows were discovered in the PyOS_vsnprintf() function. For the stable distribution (etch), these problems have been fixed in version 2.4.4-3+etch2. For the unstable distribution (sid) and the upcoming stable distribution (lenny), these problems have been fixed in version 2.4.5-5. We recommend that you upgrade your python2.4 packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz Size/MD5 checksum: 9508940 f74ef9de91918f8927e75e8c3024263a http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2.dsc Size/MD5 checksum: 1201 0b3898b3477ae37a81d28f9539c50de6 http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2.diff.gz Size/MD5 checksum: 205713 ac023a02c39a7e70b10c268e7169cbc7 Architecture independent packages: http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch2_all.deb Size/MD5 checksum: 589678 9c6aef28fb1ff9a804fa1a147ce69d9e http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch2_all.deb Size/MD5 checksum:60906 f03f5452778817758dfce037ba571001 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_alpha.deb Size/MD5 checksum: 965736 6f3adc06d80c3fdeda48e3bc0b12e5d9 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_alpha.deb Size/MD5 checksum: 5238160 680f07c3e87cb20b05b37745cf80f39a http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_alpha.deb Size/MD5 checksum: 2970930 e9f0951b39f36de2bd288aa34ca0dbc4 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_alpha.deb Size/MD5 checksum: 1850704 3ccfc06ca31ae9f7f6cb631e8ee3a000 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_amd64.deb Size/MD5 checksum: 967804 0b594b7a4e03004672043d5c58019f80 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_amd64.deb Size/MD5 checksum: 1637308 bcb8e0ccd455c2487ee2721d3d84aca1 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_amd64.deb Size/MD5 checksum: 5592228 441466ec5cbe0a3bf5b7d55a6fed7d8b http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_amd64.deb Size/MD5 checksum: 2968524 145a0af7bfaaae7d9ad2203241ec4ee8 arm architecture (ARM) http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_arm.deb Size/MD5 checksum: 5358352 bb915c2a61cdc006db13a8d0c440c56d http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_arm.deb Size/MD5 checksum: 1502304 84153862216da31338aba857c90871d4 http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_arm.deb Size/MD5 checksum: 902236 6427dc210675b5cce39ab5f928b298db
Re: [Full-disclosure] Fwd: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus
On Wed, Nov 19, 2008 at 6:08 PM, [EMAIL PROTECTED] wrote: On Wed, 19 Nov 2008 17:14:28 GMT, n3td3v said: According to n3td3v sources it was the Mytob worm that done it... Hint: When trying to make it look like you have actual personal sources, it helps when you *don't* include the cnet.com URL that you cut-n-pasted your source from. you're the only one who mentioned personal sources i was talking about cnet the whole time. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus
On Wed, Nov 19, 2008 at 8:14 PM, [EMAIL PROTECTED] wrote: On Wed, 19 Nov 2008 20:01:14 GMT, you said: According to n3td3v sources it was the Mytob worm that done it... ^^ you're the only one who mentioned personal sources i was talking about cnet the whole time. Usually, when people say my sources told me, it doesn't mean they frikking saw it on CNN. Or maybe in your cut-n-paste-blogger world, it does. why don't you complain about cut-n-paste bloggers on funsec who don't have any unique information of their own and just copypaste lines from the written media? why are you spear targeting me, when lord evron co do exactly the same thing. or don't you have a problem with cut-n-paste bloggers and infact you're just knit-picking over words that *i* copypaste for the benefit of others? it just seems rich that you talk about cut-n-paste bloggers when thats all funsec is and is all lord evron, paul ferguson and juha-matti ever do. are you just jealous that i have managed to get such a following in the security community that at present i have a mailing list group of 5000 subscribers and growing? go and screw your self valdis and give your mustache a brush down. thanks :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2008:232 ] dovecot
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:232 http://www.mandriva.com/security/ ___ Package : dovecot Date: November 19, 2008 Affected: 2009.0 ___ Problem Description: The ACL plugin in dovecot prior to version 1.1.4 treated negative access rights as though they were positive access rights, which allowed attackers to bypass intended access restrictions (CVE-2008-4577). The ACL plugin in dovecot prior to version 1.1.6 allowed attackers to bypass intended access restrictions by using the 'k' right to create unauthorized 'parent/child/child' mailboxes (CVE-2008-4578). In addition, two bugs were discovered in the dovecot package shipped with Mandriva Linux 2009.0. The default permissions on the dovecot.conf configuration file were too restrictive, which prevents the use of dovecot's 'deliver' command as a non-root user. Secondly, dovecot should not start until after ntpd, if ntpd is active, because if ntpd corrects the time backwards while dovecot is running, dovecot will quit automatically, with the log message 'Time just moved backwards by X seconds. This might cause a lot of problems, so I'll just kill myself now.' The update resolves both these problems. The default permissions on dovecot.conf now allow the 'deliver' command to read the file. Note that if you edited dovecot.conf at all prior to installing the update, the new permissions may not be applied. If you find the 'deliver' command still does not work following the update, please run these commands as root: # chmod 0640 /etc/dovecot.conf # chown root:mail /etc/dovecot.conf Dovecot's initialization script now configures it to start after the ntpd service, to ensure ntpd resetting the clock does not interfere with Dovecot operation. This package corrects the above-noted bugs and security issues by upgrading to the latest dovecot 1.1.6, which also provides additional bug fixes. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4577 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4578 https://qa.mandriva.com/44926 ___ Updated Packages: Mandriva Linux 2009.0: 437fcab249d5274b3101bb7c953c2a79 2009.0/i586/dovecot-1.1.6-0.1mdv2009.0.i586.rpm 0ca908249ab050c56e61dadfd0fb1c33 2009.0/i586/dovecot-devel-1.1.6-0.1mdv2009.0.i586.rpm 48b2d085ef9a6a1c1dfcb55f3af6090b 2009.0/i586/dovecot-plugins-gssapi-1.1.6-0.1mdv2009.0.i586.rpm 8698367ab382293be85e3e7fb65b38ca 2009.0/i586/dovecot-plugins-ldap-1.1.6-0.1mdv2009.0.i586.rpm c2878a5f597b8a9f66605df32cf65a06 2009.0/SRPMS/dovecot-1.1.6-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 1c4936b072f401ea2c94c6c7b3d6b427 2009.0/x86_64/dovecot-1.1.6-0.1mdv2009.0.x86_64.rpm 5d86de273e36c8bda186fb2610a0 2009.0/x86_64/dovecot-devel-1.1.6-0.1mdv2009.0.x86_64.rpm 9bc71b93dce1b7995039e0cbf7623803 2009.0/x86_64/dovecot-plugins-gssapi-1.1.6-0.1mdv2009.0.x86_64.rpm 264aaf2cbec7ef2ea7071f14b6bf174a 2009.0/x86_64/dovecot-plugins-ldap-1.1.6-0.1mdv2009.0.x86_64.rpm c2878a5f597b8a9f66605df32cf65a06 2009.0/SRPMS/dovecot-1.1.6-0.1mdv2009.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJJFP0mqjQ0CJFipgRAuoeAJ0WfJeaYMYjf3AqlqNMB5bgLqLUyACfVeUw J+LV2A2JkunA7NIvHpNp96M= =mVwB -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus
On Wed, 19 Nov 2008 20:45:34 GMT, n3td3v said: why don't you complain about cut-n-paste bloggers on funsec who don't Because the cut-n-paste bloggers on funsec are up-front about it, and don't start off with my sources tell me... you talk about cut-n-paste bloggers when thats all funsec is and is all lord evron, paul ferguson and juha-matti ever do. The *real* problem here is that when they cut-n-paste a URL about Intercage or McColo or similar, you know two things: 1) They almost certainly were more involved in it than the cut-n-paste says. 2) You weren't. And it bugs the crap out of you. pgpHeh85ZY3aI.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Fredrick Diggle Security is looking for a few good men (or mediocre women)
Fredrick Diggle Security has taken the the world wide web by storm in recent years with disclosures in some of the most popular software ever written including - The Internet - Notepad - The Linux - Fredrick Diggle Security execve exploit program Due to the massive feedback they have received Fredrick Diggle Security is now in a position where it needs to hire several individuals to pick up some of the slack. Did you ever want to work for the best at something? (google code search regexs) Even better -- do you want to work *with* the best at something? (Fredrick Diggle... duh) Would like a chance to become *one of* the best at something? (XSS maybe?) Do you want to become an expert at web application security? (and eventually write a book/give a blackhat presentation) Do you want to learn the ins and outs of general software security? (as well as the what-have-yous) Do you want to become legitimate hacker? (And be invited to the cool kids channels on IRC) Would you like the challenge of testing your skills and your mettle and hack some of the most important and famous software on the planet? (PHP guestbooks beware) Would you like to see how some of the largest websites in the world actually work, and rethink your assumptions about the Internet? (Is it really tubes after all?) If your answer to any of these is yes, then you want to work for WhiteHat^H^H^H^H^H^H^H^HFredrick Diggle Security, and we just may have a place for you. Fredrick Diggle security is looking for only the best Whitehat Ethical Certified Security Professionals. A successful candidate will have. - A PHD in the hacking of computer systems - Certified Ethical Hacker Certification - References to at least 20 vulnerabilities verifiably disclosed by the applicant - A Core Impact License - Pictures of a sweet modded computer case - A copy of XSS Exploits: Cross Site Scripting Attacks and Defense (preferably signed by the authors) - Capability to lift up to 50 pounds - A love for wildlife (specifically a familiarity with hippopotamuses and penguins and their breeding habits is required) - Advanced skill in name dropping (specifically interested in individuals who have had occasion to meet past Blackhat presenters or security book authors) The following are desirable but not required - Geographically close to Sao Paolo - A basement where we can hang out - A wife/girlfriend/mother who can cook and make us snacks when we are hacking stuff - Some knowledge of ruby on rails (we are still trying to get metasploit working) The successful candidate will send a resume and cover letter with a supplemental 500 word essay explaining why Fredrick Diggle Security is so cool to [EMAIL PROTECTED] We will be contacting qualified candidates and performing technical interviews over the next few months. YAY! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Don't argue with the stache. On Wed, 19 Nov 2008 16:47:52 -0500 n3td3v [EMAIL PROTECTED] wrote: On Wed, Nov 19, 2008 at 9:34 PM, [EMAIL PROTECTED] wrote: 1) They almost certainly were more involved in it than the cut-n- paste says. so why do they offer no unique information with their cut-n-paste if they are so heavily involved? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkkkomsACgkQ8J2EGU1ixm5gYgP/fmf8qMRCmfLW7duJZPSWu8zVSpLl IoZoF8wSteuDytil3nLa5qCa5NoJ/B9slzJHhKwShnS2CnjJHGVkdKG6xzhihKg68Eiu ZW9D8CFKzOztjAG45WYfZSE8f1O5G/JTPP/H3arDb0K9WYLQHlKF00WWVMd80znp/Uue 4ZqTiZk= =rjbb -END PGP SIGNATURE- -- Save hundreds on an Unsecured Loan - Click here. http://tagline.hushmail.com/fc/PnY6qxtViP3XygkuzofdiB00PEZ8pGCJ0SN3sYa7AquO258kqUOGs/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2008:220-1 ] kernel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:220-1 http://www.mandriva.com/security/ ___ Package : kernel Date: November 19, 2008 Affected: Corporate 4.0 ___ Problem Description: Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information. (CVE-2008-3272) Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary. (CVE-2008-0598) The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 does not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service (overflow of the UBIFS orphan area) via a series of attempted file creations within deleted directories. (CVE-2008-3275) Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option. (CVE-2008-3525) fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. (CVE-2007-6716) fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O. (CVE-2008-4210) Additionaly, support for Intel's ICH9 controller was added, and 'tg3' driver was updated to version 3.71b. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate Update: Support for Intel's ICH9 controller and the updated 'tg3' driver were actually missing in the previous update, this new update adds them. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3272 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0598 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3525 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6716 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4210 ___ Updated Packages: Corporate 4.0: 9f8ef0b687cf2a757be8956e4d546bb4 corporate/4.0/i586/kernel-2.6.12.38mdk-1-1mdk.i586.rpm 6a187165a2d24afd3cc036496c2fce16 corporate/4.0/i586/kernel-BOOT-2.6.12.38mdk-1-1mdk.i586.rpm ccc98a0f3dae3455640b06a84a1e8aa1 corporate/4.0/i586/kernel-doc-2.6.12.38mdk-1-1mdk.i586.rpm aedad3957e3db5ba959ccb384ededc31 corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.38mdk-1-1mdk.i586.rpm 4237b7a724f2e1e4a31b6d4b2bfa3040 corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.38mdk-1-1mdk.i586.rpm 0a5113e41447386fb793cc5c01f503aa corporate/4.0/i586/kernel-smp-2.6.12.38mdk-1-1mdk.i586.rpm 65a067bc2fc12a1c67d0537b6b0385f9 corporate/4.0/i586/kernel-source-2.6.12.38mdk-1-1mdk.i586.rpm bceea0d3d936700b34102e632c49725c corporate/4.0/i586/kernel-source-stripped-2.6.12.38mdk-1-1mdk.i586.rpm 027fa12058aa65462a8d2d25ead0d486 corporate/4.0/i586/kernel-xbox-2.6.12.38mdk-1-1mdk.i586.rpm ca2b5dffac21b0ec374b8e516f39293b corporate/4.0/i586/kernel-xen0-2.6.12.38mdk-1-1mdk.i586.rpm cdcf076659a64f3aaf34f9e58c106b4c corporate/4.0/i586/kernel-xenU-2.6.12.38mdk-1-1mdk.i586.rpm a4405a0b20aa4c12bb2ca70f801708b8 corporate/4.0/SRPMS/kernel-2.6.12.38mdk-1-1mdk.src.rpm Corporate 4.0/X86_64: 7dd636f428eded3fce2b8bfc438e6a89 corporate/4.0/x86_64/kernel-2.6.12.38mdk-1-1mdk.x86_64.rpm fd0efcb2081d6a71c0d5109ec916a5e0 corporate/4.0/x86_64/kernel-BOOT-2.6.12.38mdk-1-1mdk.x86_64.rpm 13ca275d306ed326dba2ff4e967954a3
Re: [Full-disclosure] Fwd: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus
don't argue with the heavily involved cut-n-paste people! they are far better than the non-involved cut-n-paste people at cutting and pasting. even though the same news that is on funsec is on n3td3v hours before funsec. im faster at cutting and pasting than they are, and its known that the funsec'ers are taking cut-n-paste ideas from the n3td3v group and posting them into funsec. there are too many familiar match ups with the stories on funsec that are on n3td3v group. in news its all about timing, and funsec just don't cut-n-paste good enough compared to n3td3v mailing-list-group. i've had a look at my members list, and yes, key funsec members are subscribed and are sleuthing cut-n-paste ideas from my group into their group. who's the cut-n-paste daddy then? On Wed, Nov 19, 2008 at 11:34 PM, [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Don't argue with the stache. On Wed, 19 Nov 2008 16:47:52 -0500 n3td3v [EMAIL PROTECTED] wrote: On Wed, Nov 19, 2008 at 9:34 PM, [EMAIL PROTECTED] wrote: 1) They almost certainly were more involved in it than the cut-n- paste says. so why do they offer no unique information with their cut-n-paste if they are so heavily involved? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkkkomsACgkQ8J2EGU1ixm5gYgP/fmf8qMRCmfLW7duJZPSWu8zVSpLl IoZoF8wSteuDytil3nLa5qCa5NoJ/B9slzJHhKwShnS2CnjJHGVkdKG6xzhihKg68Eiu ZW9D8CFKzOztjAG45WYfZSE8f1O5G/JTPP/H3arDb0K9WYLQHlKF00WWVMd80znp/Uue 4ZqTiZk= =rjbb -END PGP SIGNATURE- -- Click to become an artist and quit your boring job. http://tagline.hushmail.com/fc/PnY6qxtRjnqalw3zIXZdTScyx331TILb2axFfPDERdG7hjzGOJne1/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus
Just a quick note to the list that I am not a subscriber of that n3td3v mailing list mentioned and I have no need to use ideas from that list. Additionally, I don't even know where the n3td3v mailing list archive exists. Juha-Matti n3td3v [EMAIL PROTECTED] kirjoitti: don't argue with the heavily involved cut-n-paste people! they are far better than the non-involved cut-n-paste people at cutting and pasting. even though the same news that is on funsec is on n3td3v hours before funsec. im faster at cutting and pasting than they are, and its known that the funsec'ers are taking cut-n-paste ideas from the n3td3v group and posting them into funsec. there are too many familiar match ups with the stories on funsec that are on n3td3v group. in news its all about timing, and funsec just don't cut-n-paste good enough compared to n3td3v mailing-list-group. i've had a look at my members list, and yes, key funsec members are subscribed and are sleuthing cut-n-paste ideas from my group into their group. who's the cut-n-paste daddy then? On Wed, Nov 19, 2008 at 11:34 PM, [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Don't argue with the stache. On Wed, 19 Nov 2008 16:47:52 -0500 n3td3v [EMAIL PROTECTED] wrote: On Wed, Nov 19, 2008 at 9:34 PM, [EMAIL PROTECTED] wrote: 1) They almost certainly were more involved in it than the cut-n- paste says. so why do they offer no unique information with their cut-n-paste if they are so heavily involved? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkkkomsACgkQ8J2EGU1ixm5gYgP/fmf8qMRCmfLW7duJZPSWu8zVSpLl IoZoF8wSteuDytil3nLa5qCa5NoJ/B9slzJHhKwShnS2CnjJHGVkdKG6xzhihKg68Eiu ZW9D8CFKzOztjAG45WYfZSE8f1O5G/JTPP/H3arDb0K9WYLQHlKF00WWVMd80znp/Uue 4ZqTiZk= =rjbb -END PGP SIGNATURE- -- Click to become an artist and quit your boring job. http://tagline.hushmail.com/fc/PnY6qxtRjnqalw3zIXZdTScyx331TILb2axFfPDERdG7hjzGOJne1/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
