Re: [Full-disclosure] We're letting the bad guys win

[n3td3v]

On Tue, Dec 9, 2008 at 5:55 AM, Bipin Gautam <[EMAIL PROTECTED]> wrote:
> On 12/9/08, n3td3v <[EMAIL PROTECTED]> wrote:
>> On Tue, Dec 9, 2008 at 4:53 AM, j-f sentier <[EMAIL PROTECTED]> wrote:
>>> You started that shit at least 3 years ago.
>>> Now as the wind blow in another way, you play the mature game ?
>>> let us laugh, you dont know shit and you're fucking far away from any sign
>>> of maturity, and let me tell you, this will end when you'll get the fuck
>>> out
>>> of here, as many persons on this list are expecting you to do so.
>>>
>>
>> What if I stop responding to you, what will you do then? I've been
>> letting you have my attention for some time now
>
> yeah exactly, n3td3v. good going. lets see it in practice!
>
> dont let bad guys laugh at us. lets break the trend and forget the past.
>
> lets all keep noise low, including BS. focus your time to something
> more meaningful... :)
>

I thought they were going to give me intelligence, they just seem to
seek attention for no reason. I asked them which group they were from,
they said they are loners. They appear somewhat coordinated, so maybe
from the same group? They take me on though, they fail when no
response is given anymore.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] We're letting the bad guys win

[Valdis . Kletnieks]

On Tue, 09 Dec 2008 04:03:57 GMT, n3td3v said:
> We need to stop this back and forth fighting its making infosec look
> bad, this isn't what infosec should be about.

It's making one very small insignificant corner of infosec look bad.

Let's keep a sense of perspective, guys.


pgp3gKmLlfaNv.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] U.S. Is Losing Global Cyberwar, Commission Says

[James Matthews]

They are trying to get the government to do something about it. But unless
they see the danger not just hear about it nothing will happen.

Consider remarks before Congress last year by O. Sami Saydjari, CEO of Cyber
Defense Agency , a security research and
consulting firm, and a former official at the Defense Dept.'s research arm,
DARPA. Following a major cyber-attack, he told legislators, electricity,
banking, and communications could all go dead, leaving Americans scrounging
for food, water, gasoline—even hunks of firewood traded on the black market.


On Tue, Dec 9, 2008 at 6:39 AM, Elazar Broad <[EMAIL PROTECTED]> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> They ain't called beltway bandits for nothing...
>
> On Mon, 08 Dec 2008 23:28:52 -0500 "Rafal @ IsHackingYou.com"
> <[EMAIL PROTECTED]> wrote:
> >Ivan, all,
> >
> >Hold the phone...$5k-$7k to fix an infected device!?  Really?
> >HOLY
> >CRAP... either that's a completely made-up "FUD" figure, or the
> >government
> >contractors are making *way* too much money off my taxes.
> >
> >__
> >Rafal M. Los
> >IT Security - Response | Mitigation | Strategy
> >
> >E-mail:  [EMAIL PROTECTED]
> > - Blog: http://preachsecurity.blogspot.com
> >
> >--
> >From: "Ivan ." <[EMAIL PROTECTED]>
> >Sent: Monday, December 08, 2008 5:14 PM
> >To: "Full-Disclosure mailing list"  >[EMAIL PROTECTED]>
> >Subject: [Full-disclosure] U.S. Is Losing Global Cyberwar,
> >Commission Says
> >
> >>
> >http://www.businessweek.com/bwdaily/dnflash/content/dec2008/db20081
> >27_817606.htm
> >>
> >> ___
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >
> >___
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >Hosted and sponsored by Secunia - http://secunia.com/
> -BEGIN PGP SIGNATURE-
> Charset: UTF8
> Version: Hush 3.0
> Note: This signature can be verified at https://www.hushtools.com/verify
>
> wpwEAQECAAYFAkk99owACgkQi04xwClgpZjY7AP/U3/nVeboctT47VJv9/ZmVY3EG6uE
> 0oJhSZBqOtwJwu8RpXLGHpMj7iVkWEOAdI+iaEdZsWC+yGnvAkUUI4xnHkA3gKfzSB9j
> gvG8XT/bcrbsON3dF9NOrb2hzdq8DqPbgDAIEg5wR3k3gXjrMap3BoIchz5g06HA18ih
> INTTfno=
> =3ZDD
> -END PGP SIGNATURE-
>
> --
> Save hundreds on an Unsecured Loan - Click here.
>
> http://tagline.hushmail.com/fc/PnY6qxtViPpZpPq5YJjtAbu0xAEgHnQ9Is2jctQdjJChMVzyH6VQE/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.goldwatches.com/

http://www.jewelerslounge.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] We're letting the bad guys win

[Bipin Gautam]

On 12/9/08, n3td3v <[EMAIL PROTECTED]> wrote:
> On Tue, Dec 9, 2008 at 4:53 AM, j-f sentier <[EMAIL PROTECTED]> wrote:
>> You started that shit at least 3 years ago.
>> Now as the wind blow in another way, you play the mature game ?
>> let us laugh, you dont know shit and you're fucking far away from any sign
>> of maturity, and let me tell you, this will end when you'll get the fuck
>> out
>> of here, as many persons on this list are expecting you to do so.
>>
>
> What if I stop responding to you, what will you do then? I've been
> letting you have my attention for some time now

yeah exactly, n3td3v. good going. lets see it in practice!

dont let bad guys laugh at us. lets break the trend and forget the past.

lets all keep noise low, including BS. focus your time to something
more meaningful... :)

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] We're letting the bad guys win

[n3td3v]

On Tue, Dec 9, 2008 at 4:53 AM, j-f sentier <[EMAIL PROTECTED]> wrote:
> You started that shit at least 3 years ago.
> Now as the wind blow in another way, you play the mature game ?
> let us laugh, you dont know shit and you're fucking far away from any sign
> of maturity, and let me tell you, this will end when you'll get the fuck out
> of here, as many persons on this list are expecting you to do so.
>

What if I stop responding to you, what will you do then? I've been
letting you have my attention for some time now to see if you were
going to give out any specific intelligence about yourself or a 0day
or vulnerability, but this just seems like abuse for abuses sake with
no security relation whatsoever.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] We're letting the bad guys win

[j-f sentier]

You started that shit at least 3 years ago.
Now as the wind blow in another way, you play the mature game ?
let us laugh, you dont know shit and you're fucking far away from any sign
of maturity, and let me tell you, this will end when you'll get the fuck out
of here, as many persons on this list are expecting you to do so.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] U.S. Is Losing Global Cyberwar, Commission Says

[Elazar Broad]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

They ain't called beltway bandits for nothing...

On Mon, 08 Dec 2008 23:28:52 -0500 "Rafal @ IsHackingYou.com"
<[EMAIL PROTECTED]> wrote:
>Ivan, all,
>
>Hold the phone...$5k-$7k to fix an infected device!?  Really?
>HOLY
>CRAP... either that's a completely made-up "FUD" figure, or the
>government
>contractors are making *way* too much money off my taxes.
>
>__
>Rafal M. Los
>IT Security - Response | Mitigation | Strategy
>
>E-mail:  [EMAIL PROTECTED]
> - Blog: http://preachsecurity.blogspot.com
>
>--
>From: "Ivan ." <[EMAIL PROTECTED]>
>Sent: Monday, December 08, 2008 5:14 PM
>To: "Full-Disclosure mailing list" [EMAIL PROTECTED]>
>Subject: [Full-disclosure] U.S. Is Losing Global Cyberwar,
>Commission Says
>
>>
>http://www.businessweek.com/bwdaily/dnflash/content/dec2008/db20081
>27_817606.htm
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-BEGIN PGP SIGNATURE-
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQECAAYFAkk99owACgkQi04xwClgpZjY7AP/U3/nVeboctT47VJv9/ZmVY3EG6uE
0oJhSZBqOtwJwu8RpXLGHpMj7iVkWEOAdI+iaEdZsWC+yGnvAkUUI4xnHkA3gKfzSB9j
gvG8XT/bcrbsON3dF9NOrb2hzdq8DqPbgDAIEg5wR3k3gXjrMap3BoIchz5g06HA18ih
INTTfno=
=3ZDD
-END PGP SIGNATURE-

--
Save hundreds on an Unsecured Loan - Click here.
 
http://tagline.hushmail.com/fc/PnY6qxtViPpZpPq5YJjtAbu0xAEgHnQ9Is2jctQdjJChMVzyH6VQE/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] U.S. Is Losing Global Cyberwar, Commission Says

[Rafal @ IsHackingYou.com]

Ivan, all,

Hold the phone...$5k-$7k to fix an infected device!?  Really?  HOLY 
CRAP... either that's a completely made-up "FUD" figure, or the government 
contractors are making *way* too much money off my taxes.

__
Rafal M. Los
IT Security - Response | Mitigation | Strategy

E-mail:  [EMAIL PROTECTED]
 - Blog: http://preachsecurity.blogspot.com

--
From: "Ivan ." <[EMAIL PROTECTED]>
Sent: Monday, December 08, 2008 5:14 PM
To: "Full-Disclosure mailing list" 
Subject: [Full-disclosure] U.S. Is Losing Global Cyberwar, Commission Says

> http://www.businessweek.com/bwdaily/dnflash/content/dec2008/db2008127_817606.htm
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] We're letting the bad guys win

[n3td3v]

We need to stop this back and forth fighting its making infosec look
bad, this isn't what infosec should be about.

On Tue, Dec 9, 2008 at 1:58 AM, j-f sentier <[EMAIL PROTECTED]> wrote:
> Wow this sounds serious, what's the next step punk ?
> IT tech in a daycare ?
> n3td3v reversing play-doh
>
>
> -- Forwarded message --
> From: n3td3v <[EMAIL PROTECTED]>
> Date: 2008/12/8
> Subject: Re: [Full-disclosure] Fwd: We're letting the bad guys win
> To: j-f sentier <[EMAIL PROTECTED]>
>
>
> I run the n3td3v group.
>
> On Tue, Dec 9, 2008 at 1:07 AM, j-f sentier <[EMAIL PROTECTED]> wrote:
>> Oh please, don't make us laugh anymore, you dont have any job you punk.
>> That's why your please to pollute this mailing list you fat crack-head
>> bastard.
>>
>> 2008/12/8 n3td3v <[EMAIL PROTECTED]>
>>>
>>> You'll get bored eventually and leave us all alone to get on with our
>>> jobs.
>>>
>>> On Mon, Dec 8, 2008 at 10:56 PM, Ureleet <[EMAIL PROTECTED]> wrote:
>>> > ive said it b4, and ill say it again. he leaves, i leave.
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2008:236-1 ] vim

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory   MDVSA-2008:236-1
 http://www.mandriva.com/security/
 ___

 Package : vim
 Date: December 8, 2008
 Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
   Multi Network Firewall 2.0
 ___

 Problem Description:

 Several vulnerabilities were found in the vim editor:
 
 A number of input sanitization flaws were found in various vim
 system functions.  If a user were to open a specially crafted file,
 it would be possible to execute arbitrary code as the user running vim
 (CVE-2008-2712).
 
 Ulf Härnhammar of Secunia Research found a format string flaw in
 vim's help tags processor.  If a user were tricked into executing the
 helptags command on malicious data, it could result in the execution
 of arbitrary code as the user running vim (CVE-2008-2953).
 
 A flaw was found in how tar.vim handled TAR archive browsing.  If a
 user were to open a special TAR archive using the plugin, it could
 result in the execution of arbitrary code as the user running vim
 (CVE-2008-3074).
 
 A flaw was found in how zip.vim handled ZIP archive browsing.  If a
 user were to open a special ZIP archive using the plugin, it could
 result in the execution of arbitrary code as the user running vim
 (CVE-2008-3075).
 
 A number of security flaws were found in netrw.vim, the vim plugin
 that provides the ability to read and write files over the network.
 If a user opened a specially crafted file or directory with the netrw
 plugin, it could result in the execution of arbitrary code as the
 user running vim (CVE-2008-3076).
 
 A number of input validation flaws were found in vim's keyword and
 tag handling.  If vim looked up a document's maliciously crafted
 tag or keyword, it was possible to execute arbitary code as the user
 running vim (CVE-2008-4101).
 
 A vulnerability was found in certain versions of netrw.vim where it
 would send FTP credentials stored for an FTP session to subsequent
 FTP sessions to servers on different hosts, exposing FTP credentials
 to remote hosts (CVE-2008-4677).
 
 This update provides vim 7.2 (patchlevel 65) which corrects all of
 these issues and introduces a number of new features and bug fixes.

 Update:

 The previous vim update incorrectly introduced a requirement on
 libruby and also conflicted with a file from the git-core package
 (in contribs).  These issues have been corrected with these updated
 packages.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2953
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3074
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3075
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3076
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4677
 ___

 Updated Packages:

 Mandriva Linux 2008.0:
 1ebd5f8b6c0743bab3db3113c2bb5498  
2008.0/i586/vim-common-7.2.065-9.3mdv2008.0.i586.rpm
 ecad30a24814aa1543f3e9f4548c0d8e  
2008.0/i586/vim-enhanced-7.2.065-9.3mdv2008.0.i586.rpm
 a62bc45e20c7cb05ea99471949fa057b  
2008.0/i586/vim-minimal-7.2.065-9.3mdv2008.0.i586.rpm
 e5431f23309139db47583d100ebec5fc  
2008.0/i586/vim-X11-7.2.065-9.3mdv2008.0.i586.rpm 
 f2413164a86b6635ee5ff016c3527d64  2008.0/SRPMS/vim-7.2.065-9.3mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 3fc6eb1eda476d642947ecaab7a225f2  
2008.0/x86_64/vim-common-7.2.065-9.3mdv2008.0.x86_64.rpm
 0edf2753ba8a00f8d866e559f7a2192b  
2008.0/x86_64/vim-enhanced-7.2.065-9.3mdv2008.0.x86_64.rpm
 692d5032e705bfda05b2b2618b8369d6  
2008.0/x86_64/vim-minimal-7.2.065-9.3mdv2008.0.x86_64.rpm
 87bf7a4fba22dc1773b544eeb412db06  
2008.0/x86_64/vim-X11-7.2.065-9.3mdv2008.0.x86_64.rpm 
 f2413164a86b6635ee5ff016c3527d64  2008.0/SRPMS/vim-7.2.065-9.3mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 c934d47ecaa0ed9d9bff2b89fea74f20  
2008.1/i586/vim-common-7.2.065-9.3mdv2008.1.i586.rpm
 714185e359626acb9d22a88c54608a38  
2008.1/i586/vim-enhanced-7.2.065-9.3mdv2008.1.i586.rpm
 59d119574eb3dc453305bed6da73a12e  
2008.1/i586/vim-minimal-7.2.065-9.3mdv2008.1.i586.rpm
 4543e6fba5116a1d95fddfee3ce73613  
2008.1/i586/vim-X11-7.2.065-9.3mdv2008.1.i586.rpm 
 d007fce1a939ef4e1841cf54c68dbdd0  2008.1/SRPMS/vim-7.2.065-9.3mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 f8375b1d25260274ef2b081eec0396ea  
2008.1/x86_64/vim-common-7.2.065-9.3mdv2008.1.x86_64.rpm
 20577d11a3a22ff802a7e1c749099b76  
2008.1/x86_64/vim-enhanced-7.2.065-9.3mdv2008.1.x86_64.rpm
 1aa16e6fb134f57f4faefb319bdd6840  
2008.1/x86_64/vim-minimal

[Full-disclosure] We're letting the bad guys win

[j-f sentier]

Wow this sounds serious, what's the next step punk ?
IT tech in a daycare ?
n3td3v reversing play-doh


-- Forwarded message --
From: n3td3v <[EMAIL PROTECTED]>
Date: 2008/12/8
Subject: Re: [Full-disclosure] Fwd: We're letting the bad guys win
To: j-f sentier <[EMAIL PROTECTED]>


I run the n3td3v group.

On Tue, Dec 9, 2008 at 1:07 AM, j-f sentier <[EMAIL PROTECTED]> wrote:
> Oh please, don't make us laugh anymore, you dont have any job you punk.
> That's why your please to pollute this mailing list you fat crack-head
> bastard.
>
> 2008/12/8 n3td3v <[EMAIL PROTECTED]>
>>
>> You'll get bored eventually and leave us all alone to get on with our
>> jobs.
>>
>> On Mon, Dec 8, 2008 at 10:56 PM, Ureleet <[EMAIL PROTECTED]> wrote:
>> > ive said it b4, and ill say it again. he leaves, i leave.
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] We're letting the bad guys win

[j-f sentier]

Did n3td3v just sayed that ?

LMAO
2008/12/8 n3td3v <[EMAIL PROTECTED]>

> Stop this abusive non-sense and leave our inboxes.
>
> On Tue, Dec 9, 2008 at 1:27 AM, j-f sentier <[EMAIL PROTECTED]> wrote:
> > Oh please, don't make us laugh anymore, you dont have any job you punk.
> > That's why your please to pollute this mailing list you fat crack-head
> > bastard.
> >
> > 2008/12/8 n3td3v <[EMAIL PROTECTED]>
> >>
> >> You'll get bored eventually and leave us all alone to get on with our
> >> jobs.
> >>
> >> On Mon, Dec 8, 2008 at 10:56 PM, Ureleet <[EMAIL PROTECTED]> wrote:
> >> > ive said it b4, and ill say it again. he leaves, i leave.
> >>
> >> ___
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] We're letting the bad guys win

[n3td3v]

Stop this abusive non-sense and leave our inboxes.

On Tue, Dec 9, 2008 at 1:27 AM, j-f sentier <[EMAIL PROTECTED]> wrote:
> Oh please, don't make us laugh anymore, you dont have any job you punk.
> That's why your please to pollute this mailing list you fat crack-head
> bastard.
>
> 2008/12/8 n3td3v <[EMAIL PROTECTED]>
>>
>> You'll get bored eventually and leave us all alone to get on with our
>> jobs.
>>
>> On Mon, Dec 8, 2008 at 10:56 PM, Ureleet <[EMAIL PROTECTED]> wrote:
>> > ive said it b4, and ill say it again. he leaves, i leave.
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] We're letting the bad guys win

[j-f sentier]

Oh please, don't make us laugh anymore, you dont have any job you punk.
That's why your please to pollute this mailing list you fat crack-head
bastard.

2008/12/8 n3td3v <[EMAIL PROTECTED]>

> You'll get bored eventually and leave us all alone to get on with our jobs.
>
> On Mon, Dec 8, 2008 at 10:56 PM, Ureleet <[EMAIL PROTECTED]> wrote:
> > ive said it b4, and ill say it again. he leaves, i leave.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [USN-688-1] Compiz vulnerability

[Kees Cook]

===
Ubuntu Security Notice USN-688-1  December 09, 2008
compiz-fusion-plugins-main vulnerability
https://launchpad.net/bugs/247088
===

A security issue affects the following Ubuntu releases:

Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  compiz-fusion-plugins-main  0.5.2+git20070928-0ubuntu2.2

Ubuntu 8.04 LTS:
  compiz-fusion-plugins-main  0.7.4-0ubuntu6.2

Ubuntu 8.10:
  compiz-fusion-plugins-main  0.7.8-0ubuntu2.2

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

It was discovered that the Expo plugin for Compiz did not correctly
restrict the screensaver window from being moved with the mouse.  A local
attacker could use the mouse to move the screensaver off the screen and
gain access to the locked desktop session underneath. Default installs
of Ubuntu were not vulnerable as Expo does not come pre-configured with
mouse bindings.


Updated packages for Ubuntu 7.10:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.5.2+git20070928-0ubuntu2.2.diff.gz
  Size/MD5: 6940 908f18f70e5e5ce25a80a24ee382c2cf

http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.5.2+git20070928-0ubuntu2.2.dsc
  Size/MD5: 1076 c77f41e2604af5b9c2178f5143ab43ba

http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.5.2+git20070928.orig.tar.gz
  Size/MD5:  1169880 c9d2d0a79772b0cd5f2e8d0d7ecb0b42

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.5.2+git20070928-0ubuntu2.2_amd64.deb
  Size/MD5:   684974 67fb6d639643a507a93112bda52d6d1c

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.5.2+git20070928-0ubuntu2.2_i386.deb
  Size/MD5:   605018 39d081428f3eef55fd210f334f3195a1

  lpia architecture (Low Power Intel Architecture):


http://ports.ubuntu.com/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.5.2+git20070928-0ubuntu2.2_lpia.deb
  Size/MD5:   595446 e4c85be6fdcb507ee48b4372230ab882

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.5.2+git20070928-0ubuntu2.2_powerpc.deb
  Size/MD5:   748366 99e7275d0f9c1ca83dc88912dea66cc4

  sparc architecture (Sun SPARC/UltraSPARC):


http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.5.2+git20070928-0ubuntu2.2_sparc.deb
  Size/MD5:   658196 955f0a6ceed04e7794d68079cc2cd1ae

Updated packages for Ubuntu 8.04 LTS:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.4-0ubuntu6.2.diff.gz
  Size/MD5: 9677 eaa5a32ecaef533e03bfb19470be292f

http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.4-0ubuntu6.2.dsc
  Size/MD5: 1015 867855f7a87dbcf33826f8f5e8d4bc22

http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.4.orig.tar.gz
  Size/MD5:  1946360 5f08c81a9fa665b64567a1315a687639

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.4-0ubuntu6.2_amd64.deb
  Size/MD5:  1312844 a41bce12c2767fa2fd27be7c52bd9255

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.4-0ubuntu6.2_i386.deb
  Size/MD5:  1216920 bf2589ca5e96e3064aa5211e8b2ec0f8

  lpia architecture (Low Power Intel Architecture):


http://ports.ubuntu.com/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.4-0ubuntu6.2_lpia.deb
  Size/MD5:  1208602 ac6c37f851120b25ed2d89454afc866b

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://ports.ubuntu.com/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.4-0ubuntu6.2_powerpc.deb
  Size/MD5:  1384120 7e0e2f1742eb455761d98b176a186d0c

  sparc architecture (Sun SPARC/UltraSPARC):


http://ports.ubuntu.com/pool/main/c/compiz-fusion-plugins-main/compiz-fusion-plugins-main_0.7.4-0ubuntu6.2_sparc.deb
  Size/MD5:  1275232 ba4ad36e09250b0f6bebf3331760eada

Updated packages for Ubuntu 8.10:

  Source archives:


ht

Re: [Full-disclosure] Fwd: We're letting the bad guys win

[n3td3v]

You'll get bored eventually and leave us all alone to get on with our jobs.

On Mon, Dec 8, 2008 at 10:56 PM, Ureleet <[EMAIL PROTECTED]> wrote:
> ive said it b4, and ill say it again. he leaves, i leave.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] U.S. Is Losing Global Cyberwar, Commission Says

[Ivan .]

http://www.businessweek.com/bwdaily/dnflash/content/dec2008/db2008127_817606.htm

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: We're letting the bad guys win

[Ureleet]

so r we.  so why r u here?

On Mon, Dec 8, 2008 at 2:22 PM, n3td3v <[EMAIL PROTECTED]> wrote:
> On Mon, Dec 8, 2008 at 3:37 PM, Bipin Gautam <[EMAIL PROTECTED]> wrote:
>> antionline.com governmentsecurity.org
>
> I'm only interested in specific intelligence.
>
> Let me know,
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] We're letting the bad guys win

[Ureleet]

hi, im n3td3v, i have a doublestandard, and everyone should cater 2 me.

On Mon, Dec 8, 2008 at 3:31 PM, ghost <[EMAIL PROTECTED]> wrote:
> If I ever see you im going to kick the piss out of you. Anyone who
> threatens people with getting there website hacked then a month later
> trys to act mature on a mailing list and say those antics should be
> punshied by prison is a complete and utter joke.
>
> This is not a threat, this is a promise.
>
> But youll never be seen out of maidenhead so who cares eh?
>
>
> On Sun, Dec 7, 2008 at 9:23 PM, n3td3v <[EMAIL PROTECTED]> wrote:
>> I think we're all as bad as each other, c'mon guys we shouldn't be
>> fighting like this in the infosec community, the hackers will be
>> laughing at us fighting with each other when we should be thinking up
>> new ways to beat the bad guys. One day maybe we can all meet up for a
>> beer and be good buddies, there is no need for this type of fighting
>> in infosec, live and let live. Some kind of bandwagon has been created
>> by Ureleet that some infosec members have jumped on, I urge you to
>> jump off this bandwagon, we all need to unify as a community and come
>> up with solutions to tackle big things coming up in information
>> security, like stopping the bad guys use security software that is
>> only intended for penetration testers in the security professional
>> community.
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: We're letting the bad guys win

[Ureleet]

ive said it b4, and ill say it again. he leaves, i leave.

On Mon, Dec 8, 2008 at 10:37 AM, Bipin Gautam <[EMAIL PROTECTED]> wrote:
> And if n3td3v suddenly happen to keep noise low Ureleet, you promise
> to keep noise low with him and treat him with respect? :) Give him
> some grounds to negotiate upon!
>
> n3td3v should really consider doing some certification like CCNA,
> RHCE, MCSE ed-all to start with. Lets all respect his enthusiasm but
> currently its enthusiasm without a right direction.
>
> antionline.com governmentsecurity.org
>
> visit those websites. get along in the forum. If someone makes fun
> take it with a smile... Dont be afraid to put up ideas, like your
> ideas to stop bad guys from getting metasploit but good guys can have
> it for penetration testing. But first draft your ideas/discoveries.
> post it on those forums. get it read and approved by a few first. take
> feedback from around. Ask what others think about it. optimize it and
> if all looks good post it in FD. We would love to hear from you.
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: We're letting the bad guys win

[Nick FitzGerald]

nutd1v3 wrote:

> I'm only interested in specific intelligence.

Which explains the torrents of non-specific drivel you pour into this 
list how???


Regards,

Nick FitzGerald


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] DoS attacks on MIME-capable software via complex MIME emails

[Valdis . Kletnieks]

On Mon, 08 Dec 2008 19:12:26 +0100, Bernhard Brehm said:

> I (re)discovered the bug independently in mid 2007. The bug was however
> known before. There are some advisories like secunia.com/advisories/11360/
> (for Eudora, bug still unfixed) by people who discovered the problem
> before, but did not publicly announce or did not see the scope of it. More
> recently, there has been a likewise advisory for sendmail, CVE-2006-1173.
> There have been other advisories for different antivirus solutions. This
> bug is not 0-day at all, it is really old. If you find older advisories,
> which cover this bug, or knew it before, mail me so I can update this
> section.

You want *real* loads of fun? Go read up on message/partial ;)

"Nesty" and "multikill" were already recognized as a potential issue all the
way back in 1996. Mike Weston worries about thousands of bodyparts, and Ned
Freed thought that deep nesting was more likely to be an issue:

http://www.imc.org/ietf-calendar/archive1/msg00487.html


* To: Mike Weston <[EMAIL PROTECTED]>
* Subject: Re: More on merged drafts.
* From: Ned Freed <[EMAIL PROTECTED]>
* Date: Fri, 06 Dec 1996 14:01:39 -0800 (PST)
* Cc: Alec Dun <[EMAIL PROTECTED]>, [EMAIL PROTECTED], [EMAIL PROTECTED]
* In-reply-to: "Your message dated Fri, 06 Dec 1996 10:58:29 -0800"<>
* References: <>
* Sender: [EMAIL PROTECTED]

> Alec Dun wrote:
> >
> > I believe MIME is the right way to encapsulate objects following
> > reasons:
> >
> > 1.  MIME already has a way to represent multiple objects in a message.

> My guess would be that if many MIME parsers were presented with a
> multipart MIME message with thousands of parts (like someone's entire
> schedule for a few months), they would blow up.  This is just orders of
> magnitude more complex than this mechanism is typically called upon to
> handle today.

Maybe I'm just overly proud of my own implementation, but I don't think that
most implementations will have a problem handling this sort of thing. I
routinely receive MIME messages with anywhere from several dozen to several
hundred attachments and have no real problem with it.

Nesting is very different matter, BTW. I can readily believe that many
implementations won't handle MIME structure nesting a thousand levels deep. (I
also have experience in this area to back up this assessment.) But the usage
being proposed here isn't a deeply nested structure, at least not as far as I
can tell.




pgpNqwEJDC44N.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] We're letting the bad guys win

[ghost]

If I ever see you im going to kick the piss out of you. Anyone who
threatens people with getting there website hacked then a month later
trys to act mature on a mailing list and say those antics should be
punshied by prison is a complete and utter joke.

This is not a threat, this is a promise.

But youll never be seen out of maidenhead so who cares eh?


On Sun, Dec 7, 2008 at 9:23 PM, n3td3v <[EMAIL PROTECTED]> wrote:
> I think we're all as bad as each other, c'mon guys we shouldn't be
> fighting like this in the infosec community, the hackers will be
> laughing at us fighting with each other when we should be thinking up
> new ways to beat the bad guys. One day maybe we can all meet up for a
> beer and be good buddies, there is no need for this type of fighting
> in infosec, live and let live. Some kind of bandwagon has been created
> by Ureleet that some infosec members have jumped on, I urge you to
> jump off this bandwagon, we all need to unify as a community and come
> up with solutions to tackle big things coming up in information
> security, like stopping the bad guys use security software that is
> only intended for penetration testers in the security professional
> community.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Solaris 10 Auditing

[James Matthews]

I found that Solaris is too much like old Unix and i got spoilt by Linux
already. Good luck.

On Mon, Dec 8, 2008 at 7:24 PM, Michael Holstein <
[EMAIL PROTECTED]> wrote:

>
> > I am looking for a free audit script / tool to audit host level
> > security for Solaris 10 machines. Does any one know of any such
> > scripts / tools around?
> >
>
> http://www.cisecurity.org/benchmarks.html
>
>
> Cheers,
>
> Michael Holstein CISSP GCIA
> Cleveland State University
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.astorandblack.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SECURITY] [DSA 1683-1] New streamripper packages fix potential code execution

[Florian Weimer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1683-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Florian Weimer
December 08, 2008 http://www.debian.org/security/faq
- 

Package: streamripper
Vulnerability  : buffer overflow
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)  : CVE-2007-4337 CVE-2008-4829
Debian Bug : 506377

Multiple buffer overflows involving HTTP header and playlist parsing
have been discovered in streamripper (CVE-2007-4337, CVE-2008-4829).

For the stable distribution (etch), these problems have been fixed in
version 1.61.27-1+etch1.

For the unstable distribution (sid) and the testing distribution
(lenny), these problems have been fixed in version 1.63.5-2.

We recommend that you upgrade your streamripper package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27.orig.tar.gz
Size/MD5 checksum:   294218 8761dda030f92cbdfa38e73a981cc6bc
  
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1.diff.gz
Size/MD5 checksum: 5040 0a4fe994a155d07163b3455df5c2668b
  
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1.dsc
Size/MD5 checksum:  964 67ddf22de3c0642e41245e07e534c992

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_alpha.deb
Size/MD5 checksum:84142 9450efa0b7fcfce8e976a0a1acb9e837

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_amd64.deb
Size/MD5 checksum:75808 0d0d435b05e1c7b5bf2aa375b6569ae4

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_arm.deb
Size/MD5 checksum:70992 3d77dcfe3d7785aaed4544cdfd3a8489

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_hppa.deb
Size/MD5 checksum:77884 aff00b60cc13c3c46232f86a1bfab553

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_i386.deb
Size/MD5 checksum:71180 61c43e7298aac28f4e96287e7eb8b1b0

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_ia64.deb
Size/MD5 checksum:99678 b18634cd32a198e747aa99470d3863ab

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_mips.deb
Size/MD5 checksum:78584 a417879681280d7f4640557cf1b6085a

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_mipsel.deb
Size/MD5 checksum:78814 c92e229fc90db4cf408ee44a619545ee

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_powerpc.deb
Size/MD5 checksum:76114 45d0eaaea3a1ec5d874aa9f51221d89c

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_s390.deb
Size/MD5 checksum:75984 7aaff15041ece4095eaa1ab470aed7b6

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_sparc.deb
Size/MD5 checksum:70322 78e266c09b92286776216406420f1220


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show ' and http://packages.debian.org/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJPW3fAAoJEL97/wQC1SS+xaIH/RD5w1SisDVPgeQ412g0TXVA
wx1/cUqmJ2ZR7ShBryz/IPsBRrjzsyfdqd7kWKTofJow+pdFgJDzEPFtPo9w7Db+
RVHSktWqc5qraUnIFW7qwH55TjTrPVFoUOL7uBbsJVdVHNH06tRvPpeQ4SRjdKvO
jDms08jk4pcU/Uz2yBfQJ45Ql5TXedVE0E60CkEzO

[Full-disclosure] Breaking Google Gears' Cross-Origin Communication Model

[Yair Amit]

Hello,

I recently discovered a flaw in the cross-origin communication security
model of Google Gears that could allow attackers to break-out of the
same-origin policy and mount large scale user-impersonation attacks under
certain conditions.

After coordinating a fix with Google, I can now reveal the full details.
You are invited to read them at
http://blog.watchfire.com/wfblog/2008/12/breaking-google-gears-cross-origin-communication-model.html.

To make sure you are secure, it is advisable to verify that you have the
latest version of Google-Gears (currently 0.5.4.2) installed on your
system. If that is not the case, it can be obtained from the Google Gears
website (http://gears.google.com).

I would like to thank the Google Gears security team for their quick
responses and the efficient way in which they handled this security issue.

Best Regards,
  Yair Amit
  Senior Security Researcher
  IBM Rational Application Security

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] ZDI-08-082: BMC PatrolAgent Version Logging Format String Vulnerability

[zdi-disclosures]

ZDI-08-082: BMC PatrolAgent Version Logging Format String Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-082
December 8, 2008

-- Affected Vendors:
BMC Software

-- Affected Products:
BMC Software Patrol

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 6129. 
For further product information on the TippingPoint IPS, visit:

http://www.tippingpoint.com

-- Vulnerability Details:
This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of BMC PatrolAgent. Authentication is not
required to exploit this vulnerability.

The specific flaw exists due to a format string handling error during
log message writing. Supplying an invalid version number containing
format string tokens to a vulnerable target on TCP port 3181 triggers an
exploitable format string vulnerability which can result in arbitrary
code execution.

-- Vendor Response:
BMC Software states:
BMC has issued an update to correct this vulnerability.  Customers
should upgrade PATROL Agent to version 3.7.30

-- Disclosure Timeline:
2008-05-08 - Vulnerability reported to vendor
2008-12-08 - Coordinated public release of advisory

-- Credit:
This vulnerability was discovered by:
* Anonymous

-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents 
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.

Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

http://www.zerodayinitiative.com

The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.

Our vulnerability disclosure policy is available online at:

http://www.zerodayinitiative.com/advisories/disclosure_policy/

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
is being sent by 3Com for the sole use of the intended recipient(s) and
may contain confidential, proprietary and/or privileged information.
Any unauthorized review, use, disclosure and/or distribution by any 
recipient is prohibited.  If you are not the intended recipient, please
delete and/or destroy all copies of this message regardless of form and
any included attachments and notify 3Com immediately by contacting the
sender via reply e-mail or forwarding to 3Com at [EMAIL PROTECTED] 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: We're letting the bad guys win

[n3td3v]

On Mon, Dec 8, 2008 at 3:37 PM, Bipin Gautam <[EMAIL PROTECTED]> wrote:
> antionline.com governmentsecurity.org

I'm only interested in specific intelligence.

Let me know,

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] DoS attacks on MIME-capable software via complex MIME emails

[Bernhard Brehm]

== DoS attacks on MIME-capable software via complex MIME emails ==

== Preface ==
On the phneutral 0x7d8 and RSS 08, I gave short talks on a widely unregarded
problem with MIME software. Due to popular demand, I decided to publish a
short writeup of the talk.

== What is MIME? ==
MIME is the standard format for email-messages. One could say, MIME is for
email, what html is for the web. The first RFC for MIME was published in
1992, RFC 1341. The current standard is specified in RFC 2045 from 1996.
MIME is a recursive data format. MIME objects consist of a header and a
body, where the content-type field of the header specifies the type of the
body. The body can consist of several separated MIME-objects, a single
MIME-object, a block of text, an encoded image or about anything specified
in the header. It is possible to read some real-world examples by opening
some emails and hitting "show source".

== Two examples to illustrate MIME ==
The first example is the content-type:message/rfc822, which is intended for
forwarding emails. The following body is a complete email, which starts
again with a header, followed by a body. The second example is the
content-type:multipart/mixed. A pretty much self-explanatory example is
provided below. The parts of the body are separated by strcat("--",
boundary) and the body must be ended by strcat("--", boundary, "--").

From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: example
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="n"

--n
content-type:text/plain

this is some plain text.
--n
content-type:message/rfc822

From: <[EMAIL PROTECTED]>;
Subject: example 2

This is not a MIME-mail, since the mime-version field is missing! However,
most software does not care.
--n--

== The problem ==
Even though MIME is pretty old, many people have not yet learned how to
parse MIME correctly. The problem is that the number of MIME-parts of an
email and the depth of recursion is potentially unlimited. Some software
like the popular rfc2045 library of the courier-mta solve this problem by
discarding mails with too many MIME-parts as a Denial of Service attack.
This is probably the best approach to handle this problem.

== Proof-of-Concept: Nesty ==
The nesty attack abuses the message/rfc822 type. The following example
crashes a lot of software, which tries to parse it recursively and
therefore overflows its stack:

Content-type: message/rfc822;

Content-type: message/rfc822;

Content-type: message/rfc822;

Content-type: message/rfc822;

... about 200kb. Note that this mail is not compliant to the rfc2045, since
the mime-version field is missing. However, most software does not care and
a lot of it chokes on this mail. In order to attack more rfc-abiding
software (mostly open-source), one can easily adapt the nesty mail to be
compliant. This however increases the size of the mail considerably, which
somehow takes away the elegance of crashing a server with only 200kb.


== Proof-of-Concept: Multikill ==
The multikill attack abuses the multipart/mixed type by creating an overly
large number of MIME-parts. Multipart/mixed could be used in a recursive
way, but this is not even needed for this attack. A lot of software freezes
upon the following example:

From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: multikill
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="n"


--n

b

--n

... about 800kb or 7 parts. For a lot of software, about 2^16 seems to
be the barrier, so you can't craft much more compact multikill attacks.

--n

b

--n--

== Impact ==
Firstly, the attack is DoS only. At this point it seems rather unlikely,
that command execution can be crafted on the basis of this problem.
However, the DoS vulnerability exposed by these proof-of-concept mails is
shared by many systems by different vendors and is trivial to exploit. The
ramnifications of this attack are therefore not really known yet. There is
still much testing to do.

And at last, there does not only exist a problem with emails with to many
MIME parts, but there exists a whole problem class and a whole class of
attacks, which are insufficiently researched and regarded by now. Of these
attacks, DoS via malformed MIME emails, the nesty and multikill mails are
only the first examples, the tip of the iceberg, so to say; once software
has been patched to correctly handle these emails, other people will come
up with other examples of malformed emails. To look at this attack even
more broadly, the topic of DoS attacks via overly complex instances of
recursive data types is not researched sufficiently.

== Effects on Outlook Express ==
Outlook freezes on the multikill mail. Outlook starts parsing emails while
downloading them. Upon parsing a multikill mail with more than about 2^16
parts, some library function goes into an endless loop. Outlook never
finishes downloading the multikill mail, it stays in the mailbox. Outlook
never closes the connection to the mail server, which is not nice to the
mai

Re: [Full-disclosure] Solaris 10 Auditing

[Michael Holstein]

> I am looking for a free audit script / tool to audit host level 
> security for Solaris 10 machines. Does any one know of any such 
> scripts / tools around?
>  

http://www.cisecurity.org/benchmarks.html


Cheers,

Michael Holstein CISSP GCIA
Cleveland State University

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Solaris 10 Auditing

[Jarmon, Don R]

http://blogs.sun.com/jimlaurent/entry/using_the_solaris_security_toolkit

 

 

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of KT
Sent: Monday, December 08, 2008 11:02 AM
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] Solaris 10 Auditing

 

Hello

 

I am looking for a free audit script / tool to audit host level security
for Solaris 10 machines. Does any one know of any such scripts / tools
around?

 

Thanks

 

 

From: vulcanius   

Sent: Sunday, December 07, 2008 8:44 AM

To: full-disclosure@lists.grok.org.uk 

Subject: Re: [Full-disclosure] Fwd: FD culture!?

 

It's pretty hilarious that you went and asked John to moderate those who
don't like you n3td3v and then turned around and criticized people for
wanting the same thing, except on a more unbiased level. I'm pretty
positive Cartwright doesn't give a shit about the quality of the list as
I'm guessing he unsubbed himself a looong time ago.

On Sun, Dec 7, 2008 at 1:30 AM, n3td3v <[EMAIL PROTECTED]> wrote:

On Sun, Dec 7, 2008 at 6:25 AM, Bipin Gautam <[EMAIL PROTECTED]>
wrote:
> On 12/7/08, n3td3v <[EMAIL PROTECTED]> wrote:
>>
>> What's John Cartwright got to do with an unmoderated mailing list?
You
>> joined F-D because you thought it would be partially moderated when
>> someone *you~* don't agree with annoys you? lolcopter. You know where
>> the unsubscribe button is if you don't like this style of mailing
list
>> management, please use it instead of moaning. On a side note, I
>> already asked for Ureleet to be banned, but Cartwright's not
>> interested in partially moderating an unmoderated mailing list. Would
>> you rather the list was partially moderated?
>
> No... but least, less noise! We have two eyes, two ears but one mouth
> for a reason. Listen more, look more but talk less.
>
> I am complaining because whats happening in FD contradicts to;
>
>

--
> Acceptable Content
>
> Any information pertaining to vulnerabilities is acceptable, for
> instance announcement and discussion thereof, exploit techniques and
> code, related tools and papers, and other useful information.
>
> Gratuitous advertisement, product placement, or self-promotion is
> forbidden. Disagreements, flames, arguments, and off-topic discussion
> should be taken off-list wherever possible.
>
> Humour is acceptable in moderation, providing it is inoffensive.
> Politics should be avoided at all costs.
>
> Members are reminded that due to the open nature of the list, they
> should use discretion in executing any tools or code distributed via
> this list.
>

--
>
> Lastly, i request you all to only post things that we-all may find
> interesting to read. Personal replies are better taken off-list.
> Please keep noise low.
>
> Please help us to like you more!
>

The charter is just a guideline, its got no law or authority.


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

 



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Solaris 10 Auditing

[KT]

Hello

I am looking for a free audit script / tool to audit host level security for 
Solaris 10 machines. Does any one know of any such scripts / tools around?

Thanks



From: vulcanius 
Sent: Sunday, December 07, 2008 8:44 AM
To: full-disclosure@lists.grok.org.uk 
Subject: Re: [Full-disclosure] Fwd: FD culture!?


It's pretty hilarious that you went and asked John to moderate those who don't 
like you n3td3v and then turned around and criticized people for wanting the 
same thing, except on a more unbiased level. I'm pretty positive Cartwright 
doesn't give a shit about the quality of the list as I'm guessing he unsubbed 
himself a looong time ago.


On Sun, Dec 7, 2008 at 1:30 AM, n3td3v <[EMAIL PROTECTED]> wrote:

  On Sun, Dec 7, 2008 at 6:25 AM, Bipin Gautam <[EMAIL PROTECTED]> wrote:
  > On 12/7/08, n3td3v <[EMAIL PROTECTED]> wrote:
  >>
  >> What's John Cartwright got to do with an unmoderated mailing list? You
  >> joined F-D because you thought it would be partially moderated when
  >> someone *you~* don't agree with annoys you? lolcopter. You know where
  >> the unsubscribe button is if you don't like this style of mailing list
  >> management, please use it instead of moaning. On a side note, I
  >> already asked for Ureleet to be banned, but Cartwright's not
  >> interested in partially moderating an unmoderated mailing list. Would
  >> you rather the list was partially moderated?
  >
  > No... but least, less noise! We have two eyes, two ears but one mouth
  > for a reason. Listen more, look more but talk less.
  >
  > I am complaining because whats happening in FD contradicts to;
  >
  > --
  > Acceptable Content
  >
  > Any information pertaining to vulnerabilities is acceptable, for
  > instance announcement and discussion thereof, exploit techniques and
  > code, related tools and papers, and other useful information.
  >
  > Gratuitous advertisement, product placement, or self-promotion is
  > forbidden. Disagreements, flames, arguments, and off-topic discussion
  > should be taken off-list wherever possible.
  >
  > Humour is acceptable in moderation, providing it is inoffensive.
  > Politics should be avoided at all costs.
  >
  > Members are reminded that due to the open nature of the list, they
  > should use discretion in executing any tools or code distributed via
  > this list.
  > --
  >
  > Lastly, i request you all to only post things that we-all may find
  > interesting to read. Personal replies are better taken off-list.
  > Please keep noise low.
  >
  > Please help us to like you more!
  >


  The charter is just a guideline, its got no law or authority.


  ___
  Full-Disclosure - We believe in it.
  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
  Hosted and sponsored by Secunia - http://secunia.com/








___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] FD culture!?

[Paul Schmehl]

--On Saturday, December 06, 2008 00:00:24 -0600 Bipin Gautam 
<[EMAIL PROTECTED]> wrote:

>
> Guys,
>
> This mailing list lives up to its name "Full Disclosure" for
> tolerating the monkeys and their chattering in this list for quite
> some time now without moderation or any action!

FD is an *un*moderated list.

[snip]

>
> Shame on FD moderators for putting us on a situation to neither we can
> unsubscribe from the list for the real content that pops here now and
> then...

FD is an *un*moderated list.

Per the list charter, which link is posted at the bottom of every message:

**

Moderation & Management

The [Full-Disclosure] list is unmoderated. Typically posting will be restricted 
to members only, however the administrators may choose to accept submissions 
from non-members based on individual merit and relevance.

It is expected that the list will be largely self-policing, however in special 
circumstances (eg spamming, misappropriation) then offending members may be 
removed from the list by the management.

*

FD is an *un*moderated list.

Hopefully that clears the matter up for you.

-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
Check the headers before clicking on Reply.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: We're letting the bad guys win

[Bipin Gautam]

And if n3td3v suddenly happen to keep noise low Ureleet, you promise
to keep noise low with him and treat him with respect? :) Give him
some grounds to negotiate upon!

n3td3v should really consider doing some certification like CCNA,
RHCE, MCSE ed-all to start with. Lets all respect his enthusiasm but
currently its enthusiasm without a right direction.

antionline.com governmentsecurity.org

visit those websites. get along in the forum. If someone makes fun
take it with a smile... Dont be afraid to put up ideas, like your
ideas to stop bad guys from getting metasploit but good guys can have
it for penetration testing. But first draft your ideas/discoveries.
post it on those forums. get it read and approved by a few first. take
feedback from around. Ask what others think about it. optimize it and
if all looks good post it in FD. We would love to hear from you.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] NY Time on Bots

[James Matthews]

Nice to know that we are losing the war. This was written after some botnets
almost died.

http://www.nytimes.com/2008/12/06/technology/internet/06security.html?_r=2

-- 
http://www.astorandblack.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: We're letting the bad guys win

[James Matthews]

One thing i love about all these flame wars are the choice of words. The
flames are great but i think they have flame lists for that. So please try
to keep it to a minimum

On Mon, Dec 8, 2008 at 3:34 PM, Ureleet <[EMAIL PROTECTED]> wrote:

> "plez stop picking on me guyz!"
>
> btw -- i didnt create the bandwagon.  i can find ppl flaming you since
> like 96, when u were prepubescent and jacking off to ascii printout
> porn.  (comeon u fuckers u know u did it 2)  youve said some
> outlandish bullshit comments over the years, and now we are calling u
> out 4 them.  i suggest u rethink ur strategy.
>
> On Sun, Dec 7, 2008 at 10:08 PM, j-f sentier <[EMAIL PROTECTED]> wrote:
> >
> > LMAO
> >
> > 2008/12/7 n3td3v <[EMAIL PROTECTED]>
> >>
> >> I think we're all as bad as each other, c'mon guys we shouldn't be
> >> fighting like this in the infosec community, the hackers will be
> >> laughing at us fighting with each other when we should be thinking up
> >> new ways to beat the bad guys. One day maybe we can all meet up for a
> >> beer and be good buddies, there is no need for this type of fighting
> >> in infosec, live and let live. Some kind of bandwagon has been created
> >> by Ureleet that some infosec members have jumped on, I urge you to
> >> jump off this bandwagon, we all need to unify as a community and come
> >> up with solutions to tackle big things coming up in information
> >> security, like stopping the bad guys use security software that is
> >> only intended for penetration testers in the security professional
> >> community.
> >>
> >> ___
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.astorandblack.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: FD culture!?

[Ureleet]

summarized: u shoot ur mouth off with nothing 2 back it up.  step
back, learn some shit, stop trying to lead, and follow for awhile,
cause u aint a leader.

On Sun, Dec 7, 2008 at 7:39 PM, Bipin Gautam <[EMAIL PROTECTED]> wrote:
> n3td3v see this is the problem. Your are bringing your personal ego to
> FD. You speak loose and leave lots of room for everyone (not just
> Ureleet) to comment! When someone does that you get offended and cant
> resist top-posting.
>
> You fight, you put your opinions but post your email like one
> chance-knockout. How about you focus on "security". How good is that
> to waste yours and everyone's 1 whole year chasing your ego to see
> Ureleet get tired and quit. That will not happen. Or least if he quits
> there will be another to comment on you.
>
> You dont speak loose. Dont give others room to comment on you by
> thinking before you speak and all other will fall in place.
>
> I dare you try the suggestion for once and help us to like you more!
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: FD culture!?

[Ureleet]

fail.

On Sun, Dec 7, 2008 at 7:24 PM, Bipin Gautam <[EMAIL PROTECTED]> wrote:
> --
> x-no-archive: yes
> ---
> I'm your best best friend.
>
> Usually I like it when you contradict me, it might help me learn. Just
> don't be so angry.
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: We're letting the bad guys win

[Ureleet]

"plez stop picking on me guyz!"

btw -- i didnt create the bandwagon.  i can find ppl flaming you since
like 96, when u were prepubescent and jacking off to ascii printout
porn.  (comeon u fuckers u know u did it 2)  youve said some
outlandish bullshit comments over the years, and now we are calling u
out 4 them.  i suggest u rethink ur strategy.

On Sun, Dec 7, 2008 at 10:08 PM, j-f sentier <[EMAIL PROTECTED]> wrote:
>
> LMAO
>
> 2008/12/7 n3td3v <[EMAIL PROTECTED]>
>>
>> I think we're all as bad as each other, c'mon guys we shouldn't be
>> fighting like this in the infosec community, the hackers will be
>> laughing at us fighting with each other when we should be thinking up
>> new ways to beat the bad guys. One day maybe we can all meet up for a
>> beer and be good buddies, there is no need for this type of fighting
>> in infosec, live and let live. Some kind of bandwagon has been created
>> by Ureleet that some infosec members have jumped on, I urge you to
>> jump off this bandwagon, we all need to unify as a community and come
>> up with solutions to tackle big things coming up in information
>> security, like stopping the bad guys use security software that is
>> only intended for penetration testers in the security professional
>> community.
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/