Re: [Full-Disclosure] IE is just as safe as FireFox
[EMAIL PROTECTED] wrote: >Interesting tool to downsize rights when logged on as Administrator > >(Link may wrap) > >http://msdn.microsoft.com/security/securecode/columns/default.aspx?p >ull=/library/en-us/dncode/html/secure11152004.asp My favourite part is the sample directory used by Microsoft: Quote: - For example: C:\warez\dropmyrights.exe "c:\program files\internet explorer\iexplore.exe" - It seems consistent with the recent announcement that some media player sample files were created with cracked software. -Eric ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception
Hi all,
Same flaw works for Firefox as well as MSIE:
a = new Array(); while (1) { (a = new Array(a)).sort(); }
a = new Array(); while (1) { (a = new Array(a)).sort(); }
Added to the list:
http://www.edup.tudelft.nl/~bjwever/advisory_firefox_flaws.html
I'd have loved to CC mozilla about this, but I didn't have the time to do the
crash course "how to write a bug report" and go through all that bugzilla crap.
Cheers,
SkyLined
http://www.edup.tudelft.nl/~bjwever
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Windows user privileges
Use "IEXPLORE.EXE [PATH]" to get a working copy of explorer using the runas service. eg. runas /user:system\user "%PROGRAMFILES%\Intern~1\iexplore.exe [path]" No bitching about the fact that its the IE exe we are loading, it makes no difference, thats just a wrapper to load the libraries, you can do the opposite and turn an explorer window into IE by [F4] HTTP:// [ENTER]. As for people who uninstall IE, well thats fine I have, but the EXE is still lurking there (it could otherwise be done with the windows update explorer window spawning). If you want to construct a proper right click option for folders in explorer then the place to put it would be some where around HKEY_CLASSES\Directory\shellex\ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] previledge password in cisco routers
enter the law enforcement module. there are better ways to say a thing. And hey u dnt have to be PRESSURISED ur health conditions bother me. chill out -- (FROM LINKS TO LINKS WE ARE ALL LINKED) cheers. morris ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
this is quite possibly the most ridiculous thing ive ever read. normally i would respond to it in more detail but i have received literally dozens of responses from members of this list who either sympathize with my position or have outright called you an idiot/lamer. i therefore see no need to defend myself or #hackphreak publicly when the public does not require it. they already know you're a moron, i dont need to beat a dead horse by making you look the fool over and over again. --vord On Wed, 24 Nov 2004 22:07:26 +, n3td3v <[EMAIL PROTECTED]> wrote: > On Tue, 23 Nov 2004 21:56:41 -0600, vord <[EMAIL PROTECTED]> wrote: > > [flame] > > > > n3td3v/malformed, > > > > please think before you speak. ive already explained this to you more > > than once. #hackphreak is no longer associated with a "group" and no > > longer intends to be a channel dedicated primarily to matters of > > hacking/phreaking technical discussion [we therefore accommodate > > "lamers" who "don't know anything" and "give IRC/hackers/phreakers a > > bad name" whatever the fuck that means -- suffice it to say, its not > > primarily a help channel anymore. > > Yeah, you said it. You had to move stance on it being a lamer channel, > because no one with intelligence is on the channel anymore. You make > out as if it was planned. The channel went down hill and you have no > choice but to admit its a lamer channel, full of script kiddies, who > consider themselves "real hackers". > > > we talk to each other about whatever > > the fuck we want and answer questions when and if we damn well feel > > like it. we do not congregate there for your enjoyment, we do so for > > our own. moreover, most of us deal with computers all day long and > > don't particularly care to talk about them 24/7. > > I don't disagree with you on that. Lots of script kiddies are online > 24/7. Even some of them work in computers as a job, then come home and > go straight on the computer at home and spend all night on #hackphreak > because they have no friends of social lives. > > > > > oh hey, remind us why no one reads your forum even though you spam the > > link on this list several times a day. :X > > Probably because its not a public forum and its not been online for > very long, and probably because I keep deleteing and adding forum > sections alot at the moment. > > Its not really ment to be a public forum with loads of authors. Its > really a place for me to post stuff i'm doing and let various vendors > read it. The majority of members are infact vendors from various > e-mails i've sent them on a security issue, and i've welcomed them to > read some posts i've put up on my forum they may be interested in. The > link I post on this list and other sites is for the homepage, not the > forum. You'll notice I don't firectly link to the forum. Its really > the homepage I intend people to read more than the forum, so people > who read my posts on mailing lists and online forums can get a taste > about what I stand for and believe in. > > > as far as "real hackers" are concerned ... it takes one to know one; > > Are you calling me a hacker? If so, then you must be a hacker as well, > as it takes a hacker to know a hacker. I'm not a hacker, if you read > my homepage instead of going to the forum, you'll see I work against > hackers, and report them whenever possible to vendors, to stop them > being evil hax0rs. > > if there are real hackers anywhere its #hackphreak. if you > > like, you can send all of your hacking/security related questions > > directly to us from now on ... we would be glad to make you look like > > an idiot on a regular basis as it would certainly be entertaining. i > > will personally see to it that all of your questions are answered in a > > timely fashion. > > I think you seriously don't know the difference between script kiddies > and real hackers. hackphreak has no real hackers as you admitted at > the start of this e-mail, the channel is full of lamers, who only do > general chat. The only real thing you do have is real script kiddies, > thats the only *real* thing the channel has. Yes a script kiddie can > be online infront of computers 24/7 and also work in I.T during the > day, thats pretty run-of-the-mill for a script kiddie, unless you are > thinking more of the teenger script kiddie who goes to school and > comes home at night infront of mom and dads computer, which is also a > script kiddie. > > Yeah, I would glady come back on the channel and further make a fool > of you, but at the moment its only my bot on it, relaying the > transcript to me outside the channel, for me to read at any casual > time i've got spare time too. If you hadn't noticed the majority of > nicks on the channel are various peoples bots, rather than sados like > you who are *actually* on the channel, thinking youre a real cool guy > being an op. You only have say 20 real people on the channel out of > say 100. > > Now whose the real mug, the sa
RE: [Full-Disclosure] MS Windows Screensaver Privilege Escalation
This vector has been out there since Windows NT has had screen savers, it isn't quite as easy to take advantage of though. Not sure why this is being published now like it is a new discovery as it has been extremely well known in Windows circles for years and years and well years and years. I think I first saw it mentioned in a trade rag probably in 1996 or 1997. I guess it is good to have it "officially" documented within securityfocus... Heh. Anyway... > with a specially crafted version designed to execute programs The screensavers shipped with Windows are handled by WFP. While this isn't a security mechanism, it can slow someone down since they can't just replace the files with an arbitrary piece of code without defeating WFP. One method is to use some other WFP file in its place as that won't get updated, say CMD. > This level is not accessible even to administrators. This is incorrect, it isn't that it isn't accessible, it is that an admin running in admin context can't normally access some info localsystem can unless ACL's have been modified/relaxed to allow that access. At any point in time, there are multiple ways that an admin can elavate into localsystem context. Actually as you see below, it doesn't take admin to elevate into localsystem and it doesn't take waiting for a screen saver exploit to do it. > by default, any user with the exception of guest can replace > the login screensaver file with a modified version. Well this isn't really correct unless your file system perms are dorked up. Default ACLs should give power users the ability to modify these files but not normal users, they are maintained in the system32 folder. And again, if the SCR is the one from the main dist, well you have WFP to deal with. I agree that is still too wide open. You could lock down the permissions on the file system so that PU can't do this pretty easily. However MS has already admitted in KB that power users can escalate their perms. There are multiple vectors for it, anyone with an understanding of how Windows works and takes a moment to look at ACLs could find at least three vectors within 15 minutes to get an elevation. You could probably go through and lock all of those ACLs down but at that point, you might as well just make someone run as a user instead of a poweruser. Faster, easier, better. http://support.microsoft.com/?kbid=825069 I am not playing down that this isn't the best default configuration/design, but this certainly isn't some new thing that anyone needs to get hopped up about. I don't see or expect any worms coming around the corner having to do with anything about this. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Walker Sent: Wednesday, November 24, 2004 12:36 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] MS Windows Screensaver Privilege Escalation To Whom it May Concern; The Original Post is http://www.securityfocus.com/bid/11711 On Windows XP all releases, when you replace, or change the screensaver displayed on the login screen with a specially crafted version designed to execute programs, those programs are launched under the SYSTEM SID, IE: they are given automatically the highest access level avalible to Windows. This level is not accessible even to administrators. This flaw is important because while one would need Power User privledges or above to change the Login Screensaver, by default, any user with the exception of guest can replace the login screensaver file with a modified version. In theory, any determined user could execute ANYTHING with SYSTEM privledges. A similar flaw exists in Win2K, but Microsoft has ignored it. Sincerly; Matt Walker ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Shellcode encoder used in IFRAME exploit.
Hi all, I have been getting a lot of questions about the encoded shellcode I used in InternetExploiter. That's why I've decided to release the source to my encoder, so you can all use it in your personal version of my exploit. (Remember that the origional code was released under GPL! I'm still hoping I get to see the guy who wrote those MyDoom worms in court, he violated the GPL and spread millions(?) of copies of my (modified) source). The program is called "beta" and it can encode your shellcode in a lot of ways, more details can be found in the documentation. Documentation: http://www.edup.tudelft.nl/~bjwever/documentation_beta.html Source: http://www.edup.tudelft.nl/~bjwever/src/beta.c Have fun! Cheers, SkyLined http://www.edup.tudelft.nl/~bjwever/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] University Researchers Challenge Bush Win In Florida
Did the charter say something about political messages?..please take it off the list guys if possible... > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Paul Schmehl > Sent: Wednesday, November 24, 2004 11:22 AM > To: Jason Coombs; Gregory Gilliss; [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] University Researchers > Challenge Bush Win In Florida > > --On Wednesday, November 24, 2004 05:39:31 AM + Jason > Coombs <[EMAIL PROTECTED]> wrote: > > > > In the case in point, even with the variables you mention, > the entire > > technical problem can be reduced to observing how the election > > officials in various places have historically constructed > ballots and > > influence just those that can be influenced in just those > states where > > it will matter. The Republican party (my party) apparently has > > advantages over others when it comes to influencing the technical > > details of the design of voting machines. Diebold, for example. > > > The horse has already been packed up and shipped from the > rendering plant, but I'll give this *one* more try. (One > side note - the management of Diebold are mostly Democrats, > not Republicans, not that *that* makes one iota of difference > in the competence (or lack thereof) in designing electronic > balloting equipment. Pointing to someone's party affiliation > as proof of something is merely a distraction from the real issues.) > > You are talking about an extremely complex and unlikely set > of possibilities, *all* of which have to fall into place > perfectly for this to happen. It might be fun as > speculation, but the implementation would be nigh until > impossible and would take some real genius to pull off. > > > > It makes just about as much sense for every regional > election office > > to do their ballot construction differently as it does for > everyone to > > create their own home grown crypto. > > > And yet it's done all over America. Imagine that. > > > > Your point about differences in ballot construction is also a red > > herring to begin with. If you think that there is the same > degree of > > variability with ballots in electronic voting machines as there is > > with legacy ballots, then perhaps you are the one who does not know > > how the process really works with the machines in question. > > > Why would you assume the ballots all have to be the same just > because the same machines are being used to count them? > > Given three candidates for President (and there are usually > more than that) there are at least six different ways the > ballot could be arranged *even* if the basic design was the same. > > Furthermore, the methodology used by an electronic voting > machine is independent of the ballot design, for all intents > and purposes. For example, an optical reader merely senses > the dark spots where a vote has been cast. *Which* candidate > that represents is determined by the configuration, which is > determined by the construction of the ballot. > Having to fit within certain machine-driven parameters does > not force the ballot design into one pattern. The votes > could be on the left, in the center, on the right, staggered > from left to right, staggered from right to left. The > possibilities are great. > > Yet you want to control *all* of that to "take advantage of > statistical anomalies" in the equipment? > > Do we have a mathematician on this list who can calculate the > probabilities of this? > > I would contend that it is infinitely more likely that the > machines would be either deliberately tampered with or > incompetently misconfigured, ending up in statistical > anomalies then I would ever consider your scenario possible. > > > > You really need to stop making things seem so complicated that the > > difficulty of influencing their behavior or outcome > couldn't possibly > > be surmounted. > > > Jason, I'm not making anything complicated. I'm observing > the complication that already exists - the complication that > you apparently refuse to acknowledge. > > Paul Schmehl ([EMAIL PROTECTED]) > Adjunct Information Security Officer > The University of Texas at Dallas > AVIEN Founding Member > http://www.utdallas.edu > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] IE is just as safe as FireFox
Excuse me, but i won't join and rejoice. Until, as i have posted on this list elsewhere, this item makes it further than the obscure devel / kb article but gets actually pulled as a critical security update and the 'linking/shortcut' procedure automatised for key components / applications in the process, i am afraid this would not reach lower than the admin / techy / power user type. Another big trouble will be eventually the inability to use windows update with the browser. Once again i am talking in an user context, out of the box settings. Maybe MS will finally code a graphical "su" for IE ? => To update this computer, please enter the admin password etc etc ... From MS ? u i am highly doubting they are ready to sacrifice this level of useability ( lets be admin by default ! ) for real security. I am saying no chance. Time will tell. joe wrote: FYI. This is just one of the many items currently in the oven that I was alluding to previously. Of course some people will take this and complain that people shouldn't be running as admins in the first place (to which I agree) but prior to complaining about it, hold tight and watch for what else comes out. MS really shocked me and some others with some of the stuff they are putting together. It is just taking some time to get spun up in this newer direction but I think once they are fully aimed that way people will be a bit dazzled by how much starts coming out. I don't expect the coming changes will make every one happy both because there are some area that just can't be easily fixed and because some people will never be happy no matter what MS does. joe -- Pro-Choice Let me choose if I even want a browser loaded thanks! ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Winamp vulnerability : technical study and Exploit released
This may have something to do with why that article is crap: http://www.winamp.com/about/article.php?aid=10627 On Wed, 24 Nov 2004 11:04:56 -0600, Rich Eicher <[EMAIL PROTECTED]> wrote: > This may have something to do with why there is no patch out from Nullsoft. > > http://www.betanews.com/article/Death_Knell_Sounds_for_Nullsoft_Winamp/1100111204 > > > > > On Wed, 24 Nov 2004 07:08:52 -0800 (PST), ElviS .de <[EMAIL PROTECTED]> wrote: > > > > > > exploit and technical study of the Winamp flaw posted by k-otik > > http://www.k-otik.com/exploits/20041124.winampm3u.c.php > > > > "..the cdda library only reserves 20 bytes for names when files are .cda, so > > the stack will be overwritten and exception occurs when a name looks like > > .cda" > > > > but still NO patch from Winamp !!! > > > > > > Do you Yahoo!? > > Yahoo! Mail - You care about security. So do we. > > > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] previledge password in cisco routers
Sorry but cisco can only be blamed for so much. If you allow telnet to your router from the internet...then how is that Cisco's fault? Or even if you allow SSH from the internet...network protection is the key. Software will have holes and problems with be found. Only thru good network design and layered security will you be protected. Server are open to attack also if you allow FTP, SSH and TS from the internet...what do you think will happen? SNMP strings are like gold..and very few people understand they need to change them and guard them as such...but again that isn't cisco's fault. Should you use the web interface to connect your routers? Well no..there are problem with it...learn the command line and therefore the problem doesn't exist. > -Original Message- > From: Gary E. Miller [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 24, 2004 1:20 PM > To: Todd Towles > Cc: [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] previledge password in cisco routers > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Yo Todd! > > On Wed, 24 Nov 2004, Todd Towles wrote: > > > Do you seriously think there is a easy way to get the > enable password > > remotely? > > Cisco has previously had bugs that allowed easy enable > password recovery remotely using SNMP and the web management > interface. If it is an older unpatched router, showing one > of these services to you, then a search of standard exploits > will turn up what you need. > > There was a particularly nasty telnet hack a while back. > Even if you had an ACL on the port you were easily hacked. > > If past performance is any indicator or future performance > then there will again be a Cisco bug, or sloppy admin, that > allows this. > > RGDS > GARY > - > -- > - > Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 > [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.3 (GNU/Linux) > > iD8DBQFBpN748KZibdeR3qURAh6DAJ4zZnYcMO0uhg6lfs83ScS3IpsVxgCgiVBK > 9rIjcwwiaIDhHAK15G8x0wk= > =wREb > -END PGP SIGNATURE- > > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [in] [Full-Disclosure] MS Windows Screensaver Privilege Escalation
Matthew Walker wrote: > The Original Post is http://www.securityfocus.com/bid/11711 > > On Windows XP all releases, when you replace, or change the > screensaver displayed on the login screen with a specially > crafted version designed to execute programs, those programs > are launched under the SYSTEM SID, IE: they are given > automatically the highest access level available to Windows. > This level is not accessible even to administrators. Nice find Mathew. But this is amazingly bad. Though I only run windoze as a VM under SuSE, this has made me decide to shut the VM down rather than let it run with a locked screen saver. My choice now is to either run it with such a short lock period that I will constantly have to take time to log back in, or just shut it down every time I leave my desk and restart the VM when I need it (less and less these days). I have chosen the later as the least time consuming. Amazing that M$ has decided to disregard the hole... no, more like a valley. I can just imagine all the company crackers walking around with a trojaned logon.scr on their USB stick looking for unattended boxes. Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA Information Security Engineer DP Solutions - If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity zar Richard Clarke ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] previledge password in cisco routers
Note that password recovery doesn't give you the password. It lets you create a new one which replaces the existing password. It also deletes some information stored in private nvram. You don't actually get the same configuration after password recovery that you had before. Note that password recovery can only be done on the serial console port - this is the physical access you need. You can't do it remotely michael Mister Coffee wrote: john morris wrote: Is there a quick and decent way to obtain the previledge password of a cisco router my version is as follows cisco 3640 (R4700) processor > If you have physical access, there is a password recovery method that's detailed in Cisco's documentation on the 3600 series. If it's your box, or one you're responsible for (and can thus get someone to go on-site and have physical access for you), it's a no-brainer. If it's not your box, then . . . Cheers, L4J ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- Michael Reilly[EMAIL PROTECTED] Cisco Systems, California ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida
On Wed, 24 Nov 2004 13:07:06 CST, Paul Schmehl said: > Did you not watch the mess in 2000? The *counties* decided how their > ballot would be constructed and how the elections would be run. Now how is > Jeb Bush and/or his Commissioner going to influence *Democratic* counties > run by *Democrats*? > > Simple answer is, he *isn't*. In a close election, he may not even NEED to sway the Democratic counties. Let's say that we have 100 counties, of which 50 are slanted 51/49 for one party and 50 are slanted 51/49 for the other party. If you can introduce a 2% bias in "your" 50, so they're slanted 53/47, you end up with an overall win. > > Simply issuing an edict that candidates shall be listed alphabetically > > (and leaving the rest to the slight "first candidate listed" bias) would > > suffice unless the Democrats fielded somebody who's name started with > > 'A' > > > Except that state law *explicitly* places that responsibility in the hands > of the county election board for *that very reason*. OK.. You don't make it an "edict", you make it a "reasonable suggestion". Remember - you don't have to sway *all* of the opponents = if all YOUR guys toe the line, and you issue something that 95% of the opponents reject, but 5% decide it sounds reasonable and do it... you win. And if the politics dictate that the opposition party will Do The Opposite of your suggestion just to be contrary, you just suggest The Opposite of the Opposite, and let them come to you... ;) (And if you don't have a good grasp on which county commissioners will sway which way, you shouldn't be in that line of work ;) Geez Paul, how the do you *ever* get work done at a university, if you haven't learned the fine art of telling hostile professors what you want them to hear in a way that makes them think it was their idea? ;) > > Might want to study up a bit - political machines from Boss Tweed to > > Richard Daley have had absolutely *no* problems in getting the ballot > > to go the way they wanted > > Yes, *before* electronic balloting. Red Herring. That's like saying that the new redesigned $20 bill will stop customers from defrauding a merchant, even when the customer pays with a credit card. Notice that the question of influencing a county board of elections into designing a biased ballot doesn't have *ANYTHING* to do with the underlying technology, be it punch card, mark-sense bubbles, mechanical levers, or what have you. What mechanism does electronic balloting bring into the picture that stops the tricks that Tweed and Daley pulled? Especially when the lack of an audit trail on many of them introduce *more* avenues for mischief?? pgp9wujsmOMs4.pgp Description: PGP signature
Re: [Full-Disclosure] Network Security in India
then there was this little diddy... "HYDERABAD: The hacker is on the prowl and the government can do little to stop him in his tracks. At least, that's what the IT department - custodian of the government web sites and servers" ... http://timesofindia.indiatimes.com/articleshow/320561.cms cheers, D.W ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [in] Re: [Full-Disclosure] previledge password in cisco routers
Alen Capalik wrote: > When did this list become a "how-to" of hacking for script kiddies? > Why don't you just do it for him too? Answer: always has been > Who in his right mind > would ask a question like he did, unless he's an idiot and > has NO CLUE what that question means. Personally, I am very interested in questions like this. They help improve my auditing abilities, whether it is specific methodologies I can use to compromise a client's box before the bad guys do, or whether the answer just sparks an idea that I find interesting. Either way that is what F-D is all about. The only BS I don't like on this list is when those kiddies are stupid enough to open their mouth instead of lurking and learning like I did on the BBS's and newsgroups of my younger days. Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA Information Security Engineer DP Solutions - If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity zar Richard Clarke ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] IE is just as safe as FireFox
FYI. This is just one of the many items currently in the oven that I was alluding to previously. Of course some people will take this and complain that people shouldn't be running as admins in the first place (to which I agree) but prior to complaining about it, hold tight and watch for what else comes out. MS really shocked me and some others with some of the stuff they are putting together. It is just taking some time to get spun up in this newer direction but I think once they are fully aimed that way people will be a bit dazzled by how much starts coming out. I don't expect the coming changes will make every one happy both because there are some area that just can't be easily fixed and because some people will never be happy no matter what MS does. joe -- Pro-Choice Let me choose if I even want a browser loaded thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of devis Sent: Wednesday, November 24, 2004 6:45 PM Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] IE is just as safe as FireFox >http://msdn.microsoft.com/security/securecode/columns/default.aspx?p >ull=/library/en-us/dncode/html/secure11152004.asp > > > Nice ...fresh from the oven too. This, if it works, should be a 'extremely critical' update from Ms. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Winamp vulnerability : technical study and Exploit released
Nope, that is what this is for... "Only a few employees remain to prop up the once-ubiquitous digital audio player with minor updates, but no further improvements to Winamp are expected." Therefore no big changes but they can fix small things. They tried with 5.0.6 but they will have to try again. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Rich Eicher > Sent: Wednesday, November 24, 2004 11:05 AM > To: [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] Winamp vulnerability : > technical study and Exploit released > > This may have something to do with why there is no patch out > from Nullsoft. > > http://www.betanews.com/article/Death_Knell_Sounds_for_Nullsof > t_Winamp/1100111204 > > > On Wed, 24 Nov 2004 07:08:52 -0800 (PST), ElviS .de > <[EMAIL PROTECTED]> wrote: > > > > > > exploit and technical study of the Winamp flaw posted by k-otik > > http://www.k-otik.com/exploits/20041124.winampm3u.c.php > > > > "..the cdda library only reserves 20 bytes for names when files are > > .cda, so the stack will be overwritten and exception occurs when a > > name looks like .cda" > > > > but still NO patch from Winamp !!! > > > > > > Do you Yahoo!? > > Yahoo! Mail - You care about security. So do we. > > > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] previledge password in cisco routers
Good point. "Access recovery" might be a more appropriate description. I had several opportunities to recover access to 3600 series routers when their previous admin left without bothering to document Enable for us. It's also possible to do remotely - assuming you have remote access to the console _and_ a way to remote power cycle the router - but this requires a bit of forethought. Remote console access isn't uncommon (Cisco 2511's, anyone?) but remote power control is considerably less common. Michael Reilly wrote: Note that password recovery doesn't give you the password. It lets you create a new one which replaces the existing password. It also deletes some information stored in private nvram. You don't actually get the same configuration after password recovery that you had before. Note that password recovery can only be done on the serial console port - this is the physical access you need. You can't do it remotely michael Mister Coffee wrote: john morris wrote: Is there a quick and decent way to obtain the previledge password of a cisco router my version is as follows cisco 3640 (R4700) processor > If you have physical access, there is a password recovery method that's detailed in Cisco's documentation on the 3600 series. If it's your box, or one you're responsible for (and can thus get someone to go on-site and have physical access for you), it's a no-brainer. If it's not your box, then . . . Cheers, L4J ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] previledge password in cisco routers
Title: Message Do a whois on the domain that the router belongs to and email the contact with: "i ar3 ty1ng to h4ck yur b0x. pl33z3 h3lp." That should take care of everything. -Original Message-From: john morris [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 24, 2004 1:15 AMTo: Scott T. CameronCc: [EMAIL PROTECTED]Subject: Re: [Full-Disclosure] previledge password in cisco routers Ooops.. i reframe my question. Is there a way to get the enablepassword remotely . Brute force is not my option(FROM LINKS TO LINKS WE ARE ALL LINKED)cheers.morris___Full-Disclosure - We believe in it.Charter: http://lists.netsys.com/full-disclosure-charter.html__This email has been scanned by the MessageLabs Email Security System.For more information please visit http://www.messagelabs.com/email__
RE: [Full-Disclosure] previledge password in cisco routers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Todd! On Wed, 24 Nov 2004, Todd Towles wrote: > Do you seriously think there is a easy way to get the enable password > remotely? Cisco has previously had bugs that allowed easy enable password recovery remotely using SNMP and the web management interface. If it is an older unpatched router, showing one of these services to you, then a search of standard exploits will turn up what you need. There was a particularly nasty telnet hack a while back. Even if you had an ACL on the port you were easily hacked. If past performance is any indicator or future performance then there will again be a Cisco bug, or sloppy admin, that allows this. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBpN748KZibdeR3qURAh6DAJ4zZnYcMO0uhg6lfs83ScS3IpsVxgCgiVBK 9rIjcwwiaIDhHAK15G8x0wk= =wREb -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] MS Windows Screensaver Privilege Escalation
To Whom it May Concern; The Original Post is http://www.securityfocus.com/bid/11711 On Windows XP all releases, when you replace, or change the screensaver displayed on the login screen with a specially crafted version designed to execute programs, those programs are launched under the SYSTEM SID, IE: they are given automatically the highest access level avalible to Windows. This level is not accessible even to administrators. This flaw is important because while one would need Power User privledges or above to change the Login Screensaver, by default, any user with the exception of guest can replace the login screensaver file with a modified version. In theory, any determined user could execute ANYTHING with SYSTEM privledges. A similar flaw exists in Win2K, but Microsoft has ignored it. Sincerly; Matt Walker ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] mod_pl/sql (oracle http server) - help
Hi Fellas,I wanted to know how to configure oracle HTTP server to allow calling sys.* storedprocedures through http? It seems by default, sys.*, dbms_* etc. stored procedures are not allowed to be invoked through http. Also, it seems configuration files are different for 8i, 9i and 10g. I am using Oracle 9i(9.2.0.1.0).-Thanksraza <[EMAIL PROTECTED]> wrote: Well as a security professional I can testify that the sites you wantclosed down ie reference to zone-h etc.. Are a valued source ofknowledge!Obviously your not plugged into security and as such use these groups totalk Shi* and justify your views of closing IRC Channels.Thankfully your not in government and btw , not all readers on this listare in the US , I am from the UK and its clear to me that you don'tunderstand the concept of freedom of information !r-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of BruceEdigerSent: 17 November 2004 20:29To: [EMAIL PROTECTED]Subject: Re: FW: [Full-Disclosure] Shadowcrew Grand Jury IndictmentOn Wed, 17 Nov 2004, n3td3v wrote:...> > If I wa! s in gov, I would shut a site down that looks remotely> > hax0rish, even if they've done nothing wrong. All these crews and> > hacker groups, fk them all. The net needs zero tollerence withonline> > crime. Govs should have the authority to close anything done because> > they feel like it, without needing to prove shit.> >> > I would even close IRC channels. Hackphreak on undernet looks> > harmless, but fk that. Close it anyway, its time to get a tightergrip> > on things> Same for zone-h.org, close the crap down.. f**k anything that looks> remotely hax0rish.Unfortunately, the US Government operates under the auspices of a smalldocument called "The Constitution", and a little concept called "CommonLaw".Now, I know that you trendy kids call things like that "quaint" (Ibelievethat's what our new Attorney general calls things like the GenevaConvention.Seehttp://www.telegraph.co.uk/news/main.jhtml?xml=/news/2004/06/13/wguan13.xml&sSheet=/news/2004/06/13/ixworld.html)but fortunately for the rest of us, "presumption of innocence" remainsthe standard of the land.If you small-minded totalitarians don't like that sacred principle, getthe hell out of the US. We don't need your kind. Move to some BananaRepublic where they change the rules all the time in the face of 1000years of tradition and philosophy and the Blood of Patriots who died toprotect these rights."Zero tollerence". What will these doofuses think of next? I bet theystart up a cult of personality around the nation's leader, including anew salute borrowed from the Romans.___Full-Disclosure - We believe in it.Charter: http://lists.netsys.com/full-disclosure-charter.html___Full-Disclosure - We believe in it.Charter: http://lists.netsys.com/full-disclosure-charter.html Do you Yahoo!? Meet the all-new My Yahoo! Try it today!
RE: [Full-Disclosure] Network Security in India
Yes, it's pretty ironic that although India is emerging fast as a global provider of Managed Security Services, however there is still lot of work to be done in the domestic security scene. The situation is pretty bad in Government, ISPs and other miscellany. However ITES and BPO are now better aware. Thanks to NASSCOM-ITAA stress on security and data regulations. As regarding the second question. There are, in fact, many active Indian security mailing lists. Their membership is surprisingly large and has security enthusiasts from many countries (and lot of people from Full-Disclosure) and the quality of discussion is pleasing. You can subscribe to Ring-Of-Fire (Yahoo group), pentest (www.oissg.org) and Security_Auditors (Yahoo group). -Pukhraj Singh"Gautam R. Singh" <[EMAIL PROTECTED]> wrote: Hi,I am sure there would have been many lapses in security. And one suchtrend I see here is a number of small "cable" internet providers thathave sprung up in my area (Delhi, NCR). All of them use RF links etcfrom ISP likeBharti, Primus etc and provide internet thru ethernet on a Cat5 cable.And now imagine the possibilities. :) Users of such systems are onLAN, plagued by worms, DoS, privacy issues, sniffing passwords,monitoring what sites other peepz are visiting etc etc.//is there any security list specific for India where we can just"discuss" & learn new thingsRegards,Gautam --__--__--Message: 14Date: Wed, 24 Nov 2004 03:03:00 +0530From: john morris <[EMAIL PROTECTED]>Reply-To: john morris <[EMAIL PROTECTED]>To: [EMAIL PROTECTED]Subject: [Full-Disclosure] N! etwork Security in IndiaI had a brief stint Primus Telecom in delhi ( www.primus-direct.com).It has a flat network with absolutely no security. The routers as asvulnerable to any known exploit and the same applies to a few webservers they host. The basics such as patch management is never takencare of.This mail doesnot intend to harm any one but i want to know is thisthe way major ISP around the globe function.The company functions on illegal frequencies (Primus's major customersconnect through RF links). I have the proofs to show that they dofunction on frequencies not allocated to them and during routine checkups by the DoT ( Department of Telecommunications Govt. of India) Theyhave to change the frequency for a while and do favors to the Govt.Employees to keep the business going.Well this is not my concern but somehow this seems unhealthy. Is thisa practise worldwide.During my interview with a company major i i! nsisted on my securityconern but the company was least bothered.Would someone tell me is this the way the whole industry functions.Inspite of reminders to the company that any lamer has the potentialto run them out of business by bringing their whole network downwithin a few min( which includes the ETBwmgr , the netcache box oreven the main router(7500 series with a backup)) has been given a deafear.Is this the way a ISP with important clients in the pvt and the govtkey sectors functions.I personally doubt the future.Is Primus listening. Its time to wake up.--(FROM LINKS TO LINKS WE ARE ALL LINKED)cheers.morris-- Gautam R. Singh[mcp, ccna, cspfa, unemployed] t: +91 9848 525 074 | pgp:http://gautam.techwhack.com/key/ | ymsgr: er-333 | msn: [EMAIL PROTECTED]___Full-Disclosure - We believe in it.Charter: http://lists.netsys.com/full-disclosure-charter.html Do you Yahoo!? Yahoo! Mail - You care about security. So do we.
Re: [Full-Disclosure] IE is just as safe as FireFox
[EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Interesting tool to downsize rights when logged on as Administrator (Link may wrap) http://msdn.microsoft.com/security/securecode/columns/default.aspx?p ull=/library/en-us/dncode/html/secure11152004.asp Nice ...fresh from the oven too. This, if it works, should be a 'extremely critical' update from Ms. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
On Tue, 23 Nov 2004 21:56:41 -0600, vord <[EMAIL PROTECTED]> wrote: > [flame] > n3td3v/malformed, > > please think before you speak. ive already explained this to you more > than once. #hackphreak is no longer associated with a "group" and no > longer intends to be a channel dedicated primarily to matters of > hacking/phreaking technical discussion [we therefore accommodate > "lamers" who "don't know anything" and "give IRC/hackers/phreakers a > bad name" whatever the fuck that means -- suffice it to say, its not > primarily a help channel anymore. Yeah, you said it. You had to move stance on it being a lamer channel, because no one with intelligence is on the channel anymore. You make out as if it was planned. The channel went down hill and you have no choice but to admit its a lamer channel, full of script kiddies, who consider themselves "real hackers". we talk to each other about whatever > the fuck we want and answer questions when and if we damn well feel > like it. we do not congregate there for your enjoyment, we do so for > our own. moreover, most of us deal with computers all day long and > don't particularly care to talk about them 24/7. I don't disagree with you on that. Lots of script kiddies are online 24/7. Even some of them work in computers as a job, then come home and go straight on the computer at home and spend all night on #hackphreak because they have no friends of social lives. > > oh hey, remind us why no one reads your forum even though you spam the > link on this list several times a day. :X Probably because its not a public forum and its not been online for very long, and probably because I keep deleteing and adding forum sections alot at the moment. Its not really ment to be a public forum with loads of authors. Its really a place for me to post stuff i'm doing and let various vendors read it. The majority of members are infact vendors from various e-mails i've sent them on a security issue, and i've welcomed them to read some posts i've put up on my forum they may be interested in. The link I post on this list and other sites is for the homepage, not the forum. You'll notice I don't firectly link to the forum. Its really the homepage I intend people to read more than the forum, so people who read my posts on mailing lists and online forums can get a taste about what I stand for and believe in. > as far as "real hackers" are concerned ... it takes one to know one; Are you calling me a hacker? If so, then you must be a hacker as well, as it takes a hacker to know a hacker. I'm not a hacker, if you read my homepage instead of going to the forum, you'll see I work against hackers, and report them whenever possible to vendors, to stop them being evil hax0rs. if there are real hackers anywhere its #hackphreak. if you > like, you can send all of your hacking/security related questions > directly to us from now on ... we would be glad to make you look like > an idiot on a regular basis as it would certainly be entertaining. i > will personally see to it that all of your questions are answered in a > timely fashion. I think you seriously don't know the difference between script kiddies and real hackers. hackphreak has no real hackers as you admitted at the start of this e-mail, the channel is full of lamers, who only do general chat. The only real thing you do have is real script kiddies, thats the only *real* thing the channel has. Yes a script kiddie can be online infront of computers 24/7 and also work in I.T during the day, thats pretty run-of-the-mill for a script kiddie, unless you are thinking more of the teenger script kiddie who goes to school and comes home at night infront of mom and dads computer, which is also a script kiddie. Yeah, I would glady come back on the channel and further make a fool of you, but at the moment its only my bot on it, relaying the transcript to me outside the channel, for me to read at any casual time i've got spare time too. If you hadn't noticed the majority of nicks on the channel are various peoples bots, rather than sados like you who are *actually* on the channel, thinking youre a real cool guy being an op. You only have say 20 real people on the channel out of say 100. Now whose the real mug, the saddo with no social life op(vord), or the guy with a bot keeping logs of keywords(n3td3v), to try and to stop script kiddies hacking the internet? My bot is joined by various other intelligence agency bots and other security researcher bots. You decide. > --v > #hackphreak/undernet > giving irc and real hackers/phreakers a bad name since 1998. I really feel sorry for you if you've been on the channel since 1998, you must be so proud. No friends, no social life for all those years. What a great thing. Yet again, the length of time you've been online or infront of computers does not make you anything less than a script kiddie. Real hackers are defined by skill. Not the length of time you've been online or on a IRC channel. Someon
Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida
On Wed, 24 Nov 2004 09:17:27 -0600, st3ng4h <[EMAIL PROTECTED]> wrote: > The point, though, is that the discussion is valid and worthwhile > and ought not be silenced. The presidential election is one of the > few official expressions of democracy left open to the populace, > and those who think that that's important will be a little more > paranoid about it, and rightly so. This is one area where I am not > satisfied with a basic assumption that the election is "legitimate > until proven otherwise", and I think you will find many others who > agree. You're indeed correct. I agree that it should not be silenced, nor should it be discounted. This is why I didn't say the discussion as a whole was flawed. The discussants, particularly Jason, are. They've already taken positions that can only be preceived as self-interest, to which the outcome can only be negative. Like it or not, perceptual filters will be applied to every item, and everything said will be scrutinized and interpretted with this same filter. > > It is my observation that your thinly veiled concern for the process > > is merely out of self-interest, if not sour grapes. Your fixation and > > continued posting on the subject does nothing to add to your > > credibility. And further, it helps perpetuate the stereotype that > > liberals are wackos, nut-jobs, conspiracy theorists, and underground > > members of the peoples' tin-foil hat militia. > > You whine about impartiality and then write this? Are you not aware of the stereotypes applied to the discussants because of their affiliation? Think of the one you described earlier in this email regarding Paul. > Quite a disturbing message: Just Shut Up and Trust In Your Leaders. Nothing of the sort was insinuated. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] University Researchers Challenge Bush Win In Florida
Give it up folks we are looking at the second quarter of a 16 year republitard bush dynasty. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Schmehl Sent: Wednesday, November 24, 2004 2:07 PM To: [EMAIL PROTECTED] Cc: Gregory Gilliss; [EMAIL PROTECTED]; Jason Coombs Subject: Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida --On Wednesday, November 24, 2004 01:28:07 PM -0500 [EMAIL PROTECTED] wrote: > > So when Jeb Bush, Governor of Florida, appoints a State Commissioner > of Elections, and drops a hint or two, there's NO way for said > Commissioner to make sure that things happen the way Jeb's brother > wants them to happen? > Did you not watch the mess in 2000? The *counties* decided how their ballot would be constructed and how the elections would be run. Now how is Jeb Bush and/or his Commissioner going to influence *Democratic* counties run by *Democrats*? Simple answer is, he *isn't*. > Simply issuing an edict that candidates shall be listed alphabetically > (and leaving the rest to the slight "first candidate listed" bias) > would suffice unless the Democrats fielded somebody who's name started > with 'A' > Except that state law *explicitly* places that responsibility in the hands of the county election board for *that very reason*. > Might want to study up a bit - political machines from Boss Tweed to > Richard Daley have had absolutely *no* problems in getting the ballot > to go the way they wanted Yes, *before* electronic balloting. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] previledge password in cisco routers
Ask me in private and you might get some better answers. peanuter @ dalnet #routers . You would have to verify to me however that you do have rights to enable. Which would involve me calling you at work ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Government Uses Color Laser Printers to Track Documents.
Chris Umphress wrote: Next time you make a printout from your color laser printer, shine an LED flashlight beam on it and examine it closely with a magnifying glass. You might be able to see the small, scattered yellow dots printed there that could be used to trace the document back to you. So they're using my yellow toner and expecting me to be happy about it? Is it tax deductable? ;) Who else thinks a class action lawsuit is in order? :) -Barry ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] previledge password in cisco routers
Another possibility is compromising a machine that runs some common config archiver such as Rancid (http://www.shrubbery.net/rancid/). This utility uses a .cloginrc in the Rancid user's home directory containing the hostnames and passwords of Cisco devices. Network administrators who manage a large number of devices often use this to track and audit config changes. You could also try determining if a central AAA system is used such as TACACS+ and go after that box instead. But, like the previous poster said, sniffing is probably the easiest way unless SSH is used. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of amilabs Sent: Wednesday, November 24, 2004 12:16 PM To: 'Todd Towles'; 'john morris'; 'Scott T. Cameron' Cc: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] previledge password in cisco routers The only way to get it remotely is to get hold of and compromise a machine on the network where the routers/switches resides. Then run a sniffer app for just telnet and capture the individual keystrokes when someone logs into the router and then enters the enable password. Remember inside the network most telnet support functions to routers and switches are not encrypted so by capturing a support personnel's telnet session will give you the enable password. This can be done with SNMP also but that is another discussion. The trick is to get the compromised machine to run the sniffer like tcpdump etc.. Even if tacacs is used you will still see the open unencrypted telnet keystrokes from the admin to the router. The router will then encrypt that info and send it to the tacacs server for its backend process. You need to just watch the admin's. steps. That is how you can get it remotely... Unless the routers are configured for ssh for telnet you can see everything in the clear with a sniffer.. Regards.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Towles Sent: Wednesday, November 24, 2004 9:38 AM To: john morris; Scott T. Cameron Cc: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] previledge password in cisco routers Do you seriously think there is a easy way to get the enable password remotely? If you have the config, you can get it from there..if you have the box you can do a password recovery by booting in rommon...otherwise the box isn't yours..and you won't find a clear exact answer because there isn't one. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of john > morris > Sent: Wednesday, November 24, 2004 3:15 AM > To: Scott T. Cameron > Cc: [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] previledge password in cisco routers > > Ooops.. i reframe my question. Is there a way to get the enable > password remotely . Brute force is not my option > > > > (FROM LINKS TO LINKS WE ARE ALL LINKED) > > cheers. > > morris > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Fwd: [Full-Disclosure] University Researchers Challenge Bush Win In Florida
I forgot to make sure everybody else has a chance to view my remarks to Barry's obviously short-sighted arguments. -- Forwarded message -- From: Thomas Sutpen <[EMAIL PROTECTED]> Date: Wed, 24 Nov 2004 14:31:49 -0700 Subject: Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida To: bkfsec <[EMAIL PROTECTED]> On Wed, 24 Nov 2004 11:02:41 -0500, bkfsec <[EMAIL PROTECTED]> wrote: > So anyone who is concerned about the system and has shown that they > aren't on your side of the political fence should have their opinion > sumarily tossed out? I never said what side of the fence I'm on. You, however, have made it more than amply clear where you are. You've already shown your hand, and like it or not, you're be labelled accordingly. > Well, since you so clearly have shown your own allegiance, wouldn't the > case be the same for you? Thanks for the opening. > > Everyone, please disregard Thomas' opinions - he's shown himself to not > be impartial. This coming from you. Sorry, that doesn't wash. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] previledge password in cisco routers
When did this list become a "how-to" of hacking for script kiddies? Why don't you just do it for him too? Who in his right mind would ask a question like he did, unless he's an idiot and has NO CLUE what that question means. I would like to hear his excuse for the actual REASON that he's doing this. If not, I would be pressured to send him some unpleasent law enforcement officials to his door. So, John Morris, what'll be? What's the reason for the question? What r u doing? -- Alen Capalik On Wed, 24 Nov 2004 12:16:29 -0500, amilabs <[EMAIL PROTECTED]> wrote: > The only way to get it remotely is to get hold of and compromise a machine > on the network where the routers/switches resides. Then run a sniffer app > for just telnet and capture the individual keystrokes when someone logs into > the router and then enters the enable password. Remember inside the network > most telnet support functions to routers and switches are not encrypted so > by capturing a support personnel's telnet session will give you the enable > password. This can be done with SNMP also but that is another discussion. > The trick is to get the compromised machine to run the sniffer like tcpdump > etc.. Even if tacacs is used you will still see the open unencrypted telnet > keystrokes from the admin to the router. The router will then encrypt that > info and send it to the tacacs server for its backend process. You need to > just watch the admin's. steps. That is how you can get it remotely... Unless > the routers are configured for ssh for telnet you can see everything in the > clear with a sniffer.. > > Regards.. > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Todd Towles > Sent: Wednesday, November 24, 2004 9:38 AM > To: john morris; Scott T. Cameron > Cc: [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] previledge password in cisco routers > > Do you seriously think there is a easy way to get the enable password > remotely? If you have the config, you can get it from there..if you have the > box you can do a password recovery by booting in rommon...otherwise the box > isn't yours..and you won't find a clear exact answer because there isn't > one. > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of john > > morris > > Sent: Wednesday, November 24, 2004 3:15 AM > > To: Scott T. Cameron > > Cc: [EMAIL PROTECTED] > > Subject: Re: [Full-Disclosure] previledge password in cisco routers > > > > Ooops.. i reframe my question. Is there a way to get the enable > > password remotely . Brute force is not my option > > > > > > > > (FROM LINKS TO LINKS WE ARE ALL LINKED) > > > > cheers. > > > > morris > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida
--On Wednesday, November 24, 2004 01:28:07 PM -0500 [EMAIL PROTECTED] wrote: So when Jeb Bush, Governor of Florida, appoints a State Commissioner of Elections, and drops a hint or two, there's NO way for said Commissioner to make sure that things happen the way Jeb's brother wants them to happen? Did you not watch the mess in 2000? The *counties* decided how their ballot would be constructed and how the elections would be run. Now how is Jeb Bush and/or his Commissioner going to influence *Democratic* counties run by *Democrats*? Simple answer is, he *isn't*. Simply issuing an edict that candidates shall be listed alphabetically (and leaving the rest to the slight "first candidate listed" bias) would suffice unless the Democrats fielded somebody who's name started with 'A' Except that state law *explicitly* places that responsibility in the hands of the county election board for *that very reason*. Might want to study up a bit - political machines from Boss Tweed to Richard Daley have had absolutely *no* problems in getting the ballot to go the way they wanted Yes, *before* electronic balloting. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [SECURITY] [DSA 596-2] New sudo packages removes debug output
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 596-2 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze November 24th, 2004 http://www.debian.org/security/faq - -- Package: sudo Vulnerability : missing input sanitising Problem-Type : local Debian-specific: no CVE ID : CAN-2004-1051 Debian Bug : 281665 This update removes the debug output which was left over in the update from DSA 596-1. For completeness below is the original advisory text: Liam Helmer noticed that sudo, a program that provides limited super user privileges to specific users, does not clean the environment sufficiently. Bash functions and the CDPATH variable are still passed through to the program running as privileged user, leaving possibilities to overload system routines. These vulnerabilities can only be exploited by users who have been granted limited super user privileges. For the stable distribution (woody) these problems have been fixed in version 1.6.6-1.3. For the unstable distribution (sid) these problems have been fixed in version 1.6.8p3. We recommend that you upgrade your sudo package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3.dsc Size/MD5 checksum: 587 7e0e281b341966fba3cc20466b1e154e http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3.diff.gz Size/MD5 checksum:12267 f3d0958f06ddf2fd1be7514b4ad6e562 http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6.orig.tar.gz Size/MD5 checksum: 333074 4da4bf6cf31634cc7a17ec3b69fdc333 Alpha architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_alpha.deb Size/MD5 checksum: 151454 170391b07188d41496c2f59f5dca39c6 ARM architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_arm.deb Size/MD5 checksum: 141446 5b10c35c58bd29124c38a4468319cf32 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_i386.deb Size/MD5 checksum: 135090 35bccb8d3e98c2744c3b59de7354903b Intel IA-64 architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_ia64.deb Size/MD5 checksum: 172448 22393a9f963d07de325714d61fdeb3b1 HP Precision architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_hppa.deb Size/MD5 checksum: 147522 2d8554ba955b14400c09bba843a9abf1 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_m68k.deb Size/MD5 checksum: 132668 4ad7676118bb6362978d79ce44eef297 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_mips.deb Size/MD5 checksum: 144396 4f272d539a01d91310c9a8600878f0ca Little endian MIPS architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_mipsel.deb Size/MD5 checksum: 144246 5655087c2674e4fbd58c701b4c06ec7b PowerPC architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_powerpc.deb Size/MD5 checksum: 140580 e296b3686cb6dee29ba30bb212a09d43 IBM S/390 architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_s390.deb Size/MD5 checksum: 140218 727a318f9a365baa2b6aed43e382f72e Sun Sparc architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_sparc.deb Size/MD5 checksum: 143022 38a86a386e6cf03dc83222397e30b90f These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBpL5CW5ql+IAeqTIRAu1VAKCNh0NXRt5OXsVoR523uKuNMzXceQCgjORl lLEF6qOfPz64UJKuu4kZar4= =YvlD -END PGP SIGNATURE- ___ Full-Disclos
[Full-Disclosure] IE is just as safe as FireFox
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Interesting tool to downsize rights when logged on as Administrator (Link may wrap) http://msdn.microsoft.com/security/securecode/columns/default.aspx?p ull=/library/en-us/dncode/html/secure11152004.asp -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkGkupwACgkQ/wWrZLOJU0KyCgCeMCl8dBfX9RtIfDjTlv6XMh7oWwMA nRrEgTSl0ASvr7mApAJUfQodv5vI =vqgu -END PGP SIGNATURE- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Re: signatures for Oracle Alert 68
On Wed, 24 Nov 2004 12:54:31 +0100, "Antonio Javier G. M." said: > We really know what are we talking about. Please, use google to search for > IDP or IPS technologies and snortinline. And *I* know as well - if you *READ* what I said: > Just a reminder for everybody and the archives - unless you're using some sort > of firewall appliance that doesn't pass a packet that triggers a signature, > having a signature doesn't actually protect you. In other words, it's a WARNING to those who *DONT* know the difference between IDP/IPS and an IDS. pgpu27OHx6eSe.pgp Description: PGP signature
Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida
On Tue, 23 Nov 2004 22:41:07 CST, Paul Schmehl said: > I'm no mathematician, but I suspect the probability of this is somewhere > slightly south of null. Do you have any concept of how elections are run? > In *many* states each *county* determines the ballot type and layout, the > voting machines used, etc., etc. Merely to calculate the odds and determine > the proper order of the ballot would be an astronomical task, and *then* > you'd have to convince the election board in each county, *including* those > controlled by the opposing party, to design the ballot the way *you* wanted > it designed. So when Jeb Bush, Governor of Florida, appoints a State Commissioner of Elections, and drops a hint or two, there's NO way for said Commissioner to make sure that things happen the way Jeb's brother wants them to happen? Simply issuing an edict that candidates shall be listed alphabetically (and leaving the rest to the slight "first candidate listed" bias) would suffice unless the Democrats fielded somebody who's name started with 'A' Might want to study up a bit - political machines from Boss Tweed to Richard Daley have had absolutely *no* problems in getting the ballot to go the way they wanted pgpxauKqQvb0R.pgp Description: PGP signature
Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida
--On Wednesday, November 24, 2004 05:39:31 AM + Jason Coombs <[EMAIL PROTECTED]> wrote: In the case in point, even with the variables you mention, the entire technical problem can be reduced to observing how the election officials in various places have historically constructed ballots and influence just those that can be influenced in just those states where it will matter. The Republican party (my party) apparently has advantages over others when it comes to influencing the technical details of the design of voting machines. Diebold, for example. The horse has already been packed up and shipped from the rendering plant, but I'll give this *one* more try. (One side note - the management of Diebold are mostly Democrats, not Republicans, not that *that* makes one iota of difference in the competence (or lack thereof) in designing electronic balloting equipment. Pointing to someone's party affiliation as proof of something is merely a distraction from the real issues.) You are talking about an extremely complex and unlikely set of possibilities, *all* of which have to fall into place perfectly for this to happen. It might be fun as speculation, but the implementation would be nigh until impossible and would take some real genius to pull off. It makes just about as much sense for every regional election office to do their ballot construction differently as it does for everyone to create their own home grown crypto. And yet it's done all over America. Imagine that. Your point about differences in ballot construction is also a red herring to begin with. If you think that there is the same degree of variability with ballots in electronic voting machines as there is with legacy ballots, then perhaps you are the one who does not know how the process really works with the machines in question. Why would you assume the ballots all have to be the same just because the same machines are being used to count them? Given three candidates for President (and there are usually more than that) there are at least six different ways the ballot could be arranged *even* if the basic design was the same. Furthermore, the methodology used by an electronic voting machine is independent of the ballot design, for all intents and purposes. For example, an optical reader merely senses the dark spots where a vote has been cast. *Which* candidate that represents is determined by the configuration, which is determined by the construction of the ballot. Having to fit within certain machine-driven parameters does not force the ballot design into one pattern. The votes could be on the left, in the center, on the right, staggered from left to right, staggered from right to left. The possibilities are great. Yet you want to control *all* of that to "take advantage of statistical anomalies" in the equipment? Do we have a mathematician on this list who can calculate the probabilities of this? I would contend that it is infinitely more likely that the machines would be either deliberately tampered with or incompetently misconfigured, ending up in statistical anomalies then I would ever consider your scenario possible. You really need to stop making things seem so complicated that the difficulty of influencing their behavior or outcome couldn't possibly be surmounted. Jason, I'm not making anything complicated. I'm observing the complication that already exists - the complication that you apparently refuse to acknowledge. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] security iptables rules apache (DoS in Apache 2.0.52)
Hi, Did you try googleing at all??? Anyway... > what's rules in iptables against DoS in Apache 2.0.52 ? You can try something along the lines of: iptables -A INPUT âp TCP --dport 80 --syn -m limit --limit 5/second -j ACCEPT Or maybe install this mod and configure it: http://www.nuclearelephant.com/projects/dosevasive/ I hope that is of some help. Cheers, Daniel. -- DanB UK London, UK ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] previledge password in cisco routers
The only way to get it remotely is to get hold of and compromise a machine on the network where the routers/switches resides. Then run a sniffer app for just telnet and capture the individual keystrokes when someone logs into the router and then enters the enable password. Remember inside the network most telnet support functions to routers and switches are not encrypted so by capturing a support personnel's telnet session will give you the enable password. This can be done with SNMP also but that is another discussion. The trick is to get the compromised machine to run the sniffer like tcpdump etc.. Even if tacacs is used you will still see the open unencrypted telnet keystrokes from the admin to the router. The router will then encrypt that info and send it to the tacacs server for its backend process. You need to just watch the admin's. steps. That is how you can get it remotely... Unless the routers are configured for ssh for telnet you can see everything in the clear with a sniffer.. Regards.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Towles Sent: Wednesday, November 24, 2004 9:38 AM To: john morris; Scott T. Cameron Cc: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] previledge password in cisco routers Do you seriously think there is a easy way to get the enable password remotely? If you have the config, you can get it from there..if you have the box you can do a password recovery by booting in rommon...otherwise the box isn't yours..and you won't find a clear exact answer because there isn't one. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of john > morris > Sent: Wednesday, November 24, 2004 3:15 AM > To: Scott T. Cameron > Cc: [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] previledge password in cisco routers > > Ooops.. i reframe my question. Is there a way to get the enable > password remotely . Brute force is not my option > > > > (FROM LINKS TO LINKS WE ARE ALL LINKED) > > cheers. > > morris > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Winamp vulnerability : technical study and Exploit released
This may have something to do with why there is no patch out from Nullsoft. http://www.betanews.com/article/Death_Knell_Sounds_for_Nullsoft_Winamp/1100111204 On Wed, 24 Nov 2004 07:08:52 -0800 (PST), ElviS .de <[EMAIL PROTECTED]> wrote: > > > exploit and technical study of the Winamp flaw posted by k-otik > http://www.k-otik.com/exploits/20041124.winampm3u.c.php > > "..the cdda library only reserves 20 bytes for names when files are .cda, so > the stack will be overwritten and exception occurs when a name looks like > .cda" > > but still NO patch from Winamp !!! > > > Do you Yahoo!? > Yahoo! Mail - You care about security. So do we. > > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Buffer Overflow in Open Dc Hub 0.7.14
Donato Ferrante
Application: Open Dc Hub
http://opendchub.sourceforge.net/
Version: 0.7.14
Bug: Buffer Overflow
Date: 24-Nov-2004
Author: Donato Ferrante
e-mail: [EMAIL PROTECTED]
web:www.autistici.org/fdonato
xxx
1. Description
2. The bug
3. The code
4. The fix
xxx
1. Description:
Vendor's Description:
"An Open Source Linux/Unix version of the hub software for Direct
Connect."
xxx
2. The bug:
The program doesn't correctly manage the $RedirectAll command.
In fact it will have a buffer overflow, letting an attacker to execute
arbitrary code on the victim system.
NOTE: To exploit the bug the attacker needs to have admin privilege on
the victim hub.
xxx
-
3. The code:
-
To test the vulnerability:
http://www.autistici.org/fdonato/poc/OpenDcHub[0714]BOF-poc.zip
xxx
4. The fix:
No fix.
The vendor has not not replied to my mails.
In the meantime give admin access only to trusted people.
If you want you can use my following little patch that should fix this
bug:
/* patch */
--- commands.c 2004-11-21 13:01:48.0 +0100
+++ patch.c 2004-11-21 13:05:33.0 +0100
@@ -2842,7 +2842,7 @@
{
char move_string[MAX_HOST_LEN+20];
- sprintf(move_string, "$ForceMove %s", buf);
+ snprintf(move_string, MAX_HOST_LEN, "$ForceMove %s", buf);
send_to_humans(move_string, REGULAR | REGISTERED | OP, user);
remove_all(UNKEYED | NON_LOGGED | REGULAR | REGISTERED | OP, 1, 1);
/* end patch */
xxx
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] previledge password in cisco routers
john morris wrote: Is there a quick and decent way to obtain the previledge password of a cisco router my version is as follows cisco 3640 (R4700) processor > If you have physical access, there is a password recovery method that's detailed in Cisco's documentation on the 3600 series. If it's your box, or one you're responsible for (and can thus get someone to go on-site and have physical access for you), it's a no-brainer. If it's not your box, then . . . Cheers, L4J ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] previledge password in cisco routers
Interesting point. I assumed a legit access therefore my suggestions, but I guess you are right, a legit person would most probably not consider a brute force attack on his own box. Although some times people do shoot themselves in the foot doing something stupid that kicks them out of the box and then have to travel a few hundred miles to get access to the box. Paulo Pereira > And may I add that your other posts look more or less the same > I'm putting my money on you being a skiddie :) > > l8r > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Michael > Rutledge > Sent: Wednesday, November 24, 2004 2:42 PM > To: [EMAIL PROTECTED] > Cc: john morris > Subject: Re: [Full-Disclosure] previledge password in cisco routers > > The amount of help you receive on this mailing list is going to depend > greatly on one question: Do you own the box? (or the router as it is > in your case). As it stands, and I mean this in the best way possible, > you look like a script kiddie looking to get some leetness by doing > something easy. The suggestions you get on FD are not going to be as > helpful to you if you are trying to hack someone else's hardware. > > That said, I happily look forward to the flames you are about to get for > asking how to hack someone's router. This will be an entertaining > Wednesday after all. :) > > -Michael > > > On Wed, 24 Nov 2004 04:28:18 -0800 (PST), Paulo Pereira > <[EMAIL PROTECTED]> wrote: >> John, >> >> if you have an old config you may decode it with some available tools >> in the web. A google search for "cisco password recovery" may help > you. >> >> If you use TACACS change it there... or force the TACACS to disappear >> to use the local one... it really depends on the configs you have in > the box. >> >> Regards, >> >> Paulo Pereira >> >> >> >> >> > Ooops.. i reframe my question. Is there a way to get the enable >> > password remotely . Brute force is not my option >> > >> > >> > >> > (FROM LINKS TO LINKS WE ARE ALL LINKED) >> > >> > cheers. >> > >> > morris >> > >> > ___ >> > Full-Disclosure - We believe in it. >> > Charter: http://lists.netsys.com/full-disclosure-charter.html >> > >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.netsys.com/full-disclosure-charter.html >> > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > === > > De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is alleen > bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, > wordt u verzocht de inhoud niet te gebruiken en de afzender direct te > informeren door het bericht te retourneren. Hoewel Orange maatregelen > heeft genomen om virussen in deze email of attachments te voorkomen, dient > u ook zelf na te gaan of virussen aanwezig zijn aangezien Orange niet > aansprakelijk is voor computervirussen die veroorzaakt zijn door deze > email. > > The information contained in this message may be confidential and is > intended to be only for the addressee. Should you receive this message > unintentionally, please do not use the contents herein and notify the > sender immediately by return e-mail. Although Orange has taken steps to > ensure that this email and attachments are free from any virus, you do > need to verify the possibility of their existence as Orange can take no > responsibility for any computer virus which might be transferred by way of > this email. > > === > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida
Thomas Sutpen wrote: Any sort of impartiality and vested interest in the actual security of the whole process that you might have claimed to had was pissed away in your very first post on the subject. The one where you came out waving the Kerry flag. Remember? It is my observation that your thinly veiled concern for the process is merely out of self-interest, if not sour grapes. Your fixation and continued posting on the subject does nothing to add to your credibility. And further, it helps perpetuate the stereotype that liberals are wackos, nut-jobs, conspiracy theorists, and underground members of the peoples' tin-foil hat militia. At least your previous email wasn't one of your six-page, vaguely coherent, pedantic and almost meaningless rants that make you sound stoned. Shut up about it, already. So anyone who is concerned about the system and has shown that they aren't on your side of the political fence should have their opinion sumarily tossed out? Well, since you so clearly have shown your own allegiance, wouldn't the case be the same for you? Thanks for the opening. Everyone, please disregard Thomas' opinions - he's shown himself to not be impartial. -Barry ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] University Researchers Challenge Bush Win In Florida
>As for source code or other security vulnerabilities in closed- or open-soure vote tabulators, there is little point in rigging such >schemes, and less point in exploiting them. Good old fashion statistical abberations exploited for the benefit of the party that finds >them first will win every time. This sounds like a more nuanced version of the general election fraud conspiracy theory making the rounds now. I must admit to being tempted by the idea that fraud, whether through overt manipulation of counts or certain "statistical aberrations," was at work in this election. However, with much more discussion and analysis of the results having occurred since Nov 2 I'm convinced that the GOP just did a really thorough "snow job" on the electorate. >If anything, that is what I believe is most likely to have happened in 2004. Bush elected through the (fair ?) exploitation of >statistical anomalies tied to misbehaving or ill-conceived electronic voting equipment. Teamed with the fact that partisan, interested >voters are in charge of the process this is very plausible... With the vote being as close as it has been in the past two elections your idea carries more weight, however I think a more plausible explanation of the result of the 2004 election centers around what shaped the dominant political discourse available to the American people during this election year. Instead of focusing on their real agenda, which was pretty clearly observable to anyone who cared to look at the Bush Administration's first term record - tax breaks for the rich, increased corporate welfare, more environmental degradation, making the workplace a more dangerous place to be and the waging of an unnecessary war in Iraq - the GOP focused on terrorism and gay marriage. They made the election about safety and morals which clearly hit home with more people than did the milquetoast mumblings of John Kerry, who thoroughly failed to define himself as a leader and let himself be characterized by the likes of Karl Rove. IMO Kerry and the Democratic Party clearly have the high ground on many issues that affect people's day-to-day lives more than the threat of terrorism, but they frittered it away AGAIN. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] previledge password in cisco routers
maybe the original request should have gone to [EMAIL PROTECTED] instead;) Scot - Original Message - From: "Michael Rutledge" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: "john morris" <[EMAIL PROTECTED]> Sent: Wednesday, November 24, 2004 8:42 AM Subject: Re: [Full-Disclosure] previledge password in cisco routers > The amount of help you receive on this mailing list is going to depend > greatly on one question: Do you own the box? (or the router as it is > in your case). As it stands, and I mean this in the best way > possible, you look like a script kiddie looking to get some leetness > by doing something easy. The suggestions you get on FD are not going > to be as helpful to you if you are trying to hack someone else's > hardware. > > That said, I happily look forward to the flames you are about to get > for asking how to hack someone's router. This will be an entertaining > Wednesday after all. :) > > -Michael > > > On Wed, 24 Nov 2004 04:28:18 -0800 (PST), Paulo Pereira > <[EMAIL PROTECTED]> wrote: > > John, > > > > if you have an old config you may decode it with some available tools in > > the web. A google search for "cisco password recovery" may help you. > > > > If you use TACACS change it there... or force the TACACS to disappear to > > use the local one... it really depends on the configs you have in the box. > > > > Regards, > > > > Paulo Pereira > > > > > > > > > > > Ooops.. i reframe my question. Is there a way to get the enable > > > password remotely . Brute force is not my option > > > > > > > > > > > > (FROM LINKS TO LINKS WE ARE ALL LINKED) > > > > > > cheers. > > > > > > morris > > > > > > ___ > > > Full-Disclosure - We believe in it. > > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] previledge password in cisco routers
Do you seriously think there is a easy way to get the enable password remotely? If you have the config, you can get it from there..if you have the box you can do a password recovery by booting in rommon...otherwise the box isn't yours..and you won't find a clear exact answer because there isn't one. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > john morris > Sent: Wednesday, November 24, 2004 3:15 AM > To: Scott T. Cameron > Cc: [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] previledge password in cisco routers > > Ooops.. i reframe my question. Is there a way to get the > enable password remotely . Brute force is not my option > > > > (FROM LINKS TO LINKS WE ARE ALL LINKED) > > cheers. > > morris > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] security iptables rules apache (DoS in Apache 2.0.52)
Hi, what's rules in iptables against DoS in Apache 2.0.52 ? -- Thank's Silvio Cesar L. dos Santos Divisão de Tecnologia da Informação Universidade do Grande Rio - UNIGRANRIO - BRAZIL (o_ //\- Software Livre - V_/_ conhecimento ao alcance de todos ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] previledge password in cisco routers
Well logically, a person that owns a Cisco device could get help from Cisco or at the very least their website. But he instead posted on a grey security list, interesting...you know what they say, smells like a kiddie, looks like a kiddie..you know the rest. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Leeuwen, Allan van > Sent: Wednesday, November 24, 2004 8:27 AM > To: [EMAIL PROTECTED] > Cc: john morris > Subject: RE: [Full-Disclosure] previledge password in cisco routers > > And may I add that your other posts look more or less the same > I'm putting my money on you being a skiddie :) > > l8r > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Michael Rutledge > Sent: Wednesday, November 24, 2004 2:42 PM > To: [EMAIL PROTECTED] > Cc: john morris > Subject: Re: [Full-Disclosure] previledge password in cisco routers > > The amount of help you receive on this mailing list is going > to depend greatly on one question: Do you own the box? (or > the router as it is in your case). As it stands, and I mean > this in the best way possible, you look like a script kiddie > looking to get some leetness by doing something easy. The > suggestions you get on FD are not going to be as helpful to > you if you are trying to hack someone else's hardware. > > That said, I happily look forward to the flames you are about > to get for asking how to hack someone's router. This will be > an entertaining Wednesday after all. :) > > -Michael > > > On Wed, 24 Nov 2004 04:28:18 -0800 (PST), Paulo Pereira > <[EMAIL PROTECTED]> wrote: > > John, > > > > if you have an old config you may decode it with some > available tools > > in the web. A google search for "cisco password recovery" may help > you. > > > > If you use TACACS change it there... or force the TACACS to > disappear > > to use the local one... it really depends on the configs you have in > the box. > > > > Regards, > > > > Paulo Pereira > > > > > > > > > > > Ooops.. i reframe my question. Is there a way to get the enable > > > password remotely . Brute force is not my option > > > > > > > > > > > > (FROM LINKS TO LINKS WE ARE ALL LINKED) > > > > > > cheers. > > > > > > morris > > > > > > ___ > > > Full-Disclosure - We believe in it. > > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > === > > De informatie opgenomen in dit bericht kan vertrouwelijk zijn > en is alleen bestemd voor de geadresseerde. Indien u dit > bericht onterecht ontvangt, wordt u verzocht de inhoud niet > te gebruiken en de afzender direct te informeren door het > bericht te retourneren. Hoewel Orange maatregelen heeft > genomen om virussen in deze email of attachments te > voorkomen, dient u ook zelf na te gaan of virussen aanwezig > zijn aangezien Orange niet aansprakelijk is voor > computervirussen die veroorzaakt zijn door deze email. > > The information contained in this message may be confidential > and is intended to be only for the addressee. Should you > receive this message unintentionally, please do not use the > contents herein and notify the sender immediately by return > e-mail. Although Orange has taken steps to ensure that this > email and attachments are free from any virus, you do need to > verify the possibility of their existence as Orange can take > no responsibility for any computer virus which might be > transferred by way of this email. > > === > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Network Security in India
Hi, I am sure there would have been many lapses in security. And one such trend I see here is a number of small "cable" internet providers that have sprung up in my area (Delhi, NCR). All of them use RF links etc from ISP like Bharti, Primus etc and provide internet thru ethernet on a Cat5 cable. And now imagine the possibilities. :) Users of such systems are on LAN, plagued by worms, DoS, privacy issues, sniffing passwords, monitoring what sites other peepz are visiting etc etc. //is there any security list specific for India where we can just "discuss" & learn new things Regards, Gautam --__--__-- Message: 14 Date: Wed, 24 Nov 2004 03:03:00 +0530 From: john morris <[EMAIL PROTECTED]> Reply-To: john morris <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Network Security in India I had a brief stint Primus Telecom in delhi ( www.primus-direct.com). It has a flat network with absolutely no security. The routers as as vulnerable to any known exploit and the same applies to a few web servers they host. The basics such as patch management is never taken care of. This mail doesnot intend to harm any one but i want to know is this the way major ISP around the globe function. The company functions on illegal frequencies (Primus's major customers connect through RF links). I have the proofs to show that they do function on frequencies not allocated to them and during routine check ups by the DoT ( Department of Telecommunications Govt. of India) They have to change the frequency for a while and do favors to the Govt. Employees to keep the business going. Well this is not my concern but somehow this seems unhealthy. Is this a practise worldwide. During my interview with a company major i insisted on my security conern but the company was least bothered. Would someone tell me is this the way the whole industry functions. Inspite of reminders to the company that any lamer has the potential to run them out of business by bringing their whole network down within a few min( which includes the ETBwmgr , the netcache box or even the main router(7500 series with a backup)) has been given a deaf ear. Is this the way a ISP with important clients in the pvt and the govt key sectors functions. I personally doubt the future. Is Primus listening. Its time to wake up. -- (FROM LINKS TO LINKS WE ARE ALL LINKED) cheers. morris -- Gautam R. Singh [mcp, ccna, cspfa, unemployed] t: +91 9848 525 074 | pgp: http://gautam.techwhack.com/key/ | ymsgr: er-333 | msn: [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Network Security in India
Correct me if I am wrong, but a LAN that is plagued by worms, DOS attacks, people sniffing passwords and privacy issues..is called the Internet. It is a untrusted network and you should protect your network from it...defense in layers..firewalls..proxies..you know. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Gautam R. Singh > Sent: Wednesday, November 24, 2004 8:45 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] Network Security in India > > Hi, > > I am sure there would have been many lapses in security. And > one such trend I see here is a number of small "cable" > internet providers that have sprung up in my area (Delhi, > NCR). All of them use RF links etc from ISP like Bharti, > Primus etc and provide internet thru ethernet on a Cat5 cable. > And now imagine the possibilities. :) Users of such systems > are on LAN, plagued by worms, DoS, privacy issues, sniffing > passwords, monitoring what sites other peepz are visiting etc etc. > > //is there any security list specific for India where we can > just "discuss" & learn new things > > > Regards, > Gautam > --__--__-- > > Message: 14 > Date: Wed, 24 Nov 2004 03:03:00 +0530 > From: john morris <[EMAIL PROTECTED]> > Reply-To: john morris <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: [Full-Disclosure] Network Security in India > > I had a brief stint Primus Telecom in delhi ( www.primus-direct.com). > It has a flat network with absolutely no security. The > routers as as vulnerable to any known exploit and the same > applies to a few web servers they host. The basics such as > patch management is never taken care of. > This mail doesnot intend to harm any one but i want to know > is this the way major ISP around the globe function. > The company functions on illegal frequencies (Primus's major > customers connect through RF links). I have the proofs to > show that they do function on frequencies not allocated to > them and during routine check ups by the DoT ( Department of > Telecommunications Govt. of India) They have to change the > frequency for a while and do favors to the Govt. > Employees to keep the business going. > Well this is not my concern but somehow this seems unhealthy. > Is this a practise worldwide. > During my interview with a company major i insisted on my > security conern but the company was least bothered. > Would someone tell me is this the way the whole industry functions. > Inspite of reminders to the company that any lamer has the > potential to run them out of business by bringing their whole > network down within a few min( which includes the ETBwmgr , > the netcache box or even the main router(7500 series with a > backup)) has been given a deaf ear. > Is this the way a ISP with important clients in the pvt and > the govt key sectors functions. > > I personally doubt the future. > > Is Primus listening. Its time to wake up. > > -- > (FROM LINKS TO LINKS WE ARE ALL LINKED) > > cheers. > > morris > > -- > Gautam R. Singh > [mcp, ccna, cspfa, unemployed] t: +91 9848 525 074 | pgp: > http://gautam.techwhack.com/key/ | ymsgr: er-333 | msn: [EMAIL PROTECTED] > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] previledge password in cisco routers
john morris wrote: Ooops.. i reframe my question. Is there a way to get the enable password remotely . I should bloody well hope not! Geez... Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida
On Tue, Nov 23, 2004 at 11:48:37PM -0700, Thomas Sutpen wrote: > Any sort of impartiality and vested interest in the actual security of > the whole process that you might have claimed to had was pissed away > in your very first post on the subject. The one where you came out > waving the Kerry flag. Remember? Similar comments apply to Paul- and if we are to disdain any discussion based on even a mere hint of partisanship, they apply to many more. The point, though, is that the discussion is valid and worthwhile and ought not be silenced. The presidential election is one of the few official expressions of democracy left open to the populace, and those who think that that's important will be a little more paranoid about it, and rightly so. This is one area where I am not satisfied with a basic assumption that the election is "legitimate until proven otherwise", and I think you will find many others who agree. > It is my observation that your thinly veiled concern for the process > is merely out of self-interest, if not sour grapes. Your fixation and > continued posting on the subject does nothing to add to your > credibility. And further, it helps perpetuate the stereotype that > liberals are wackos, nut-jobs, conspiracy theorists, and underground > members of the peoples' tin-foil hat militia. You whine about impartiality and then write this? > Shut up about it, already. Quite a disturbing message: Just Shut Up and Trust In Your Leaders. st3ng4h ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] previledge password in cisco routers
And may I add that your other posts look more or less the same I'm putting my money on you being a skiddie :) l8r -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Rutledge Sent: Wednesday, November 24, 2004 2:42 PM To: [EMAIL PROTECTED] Cc: john morris Subject: Re: [Full-Disclosure] previledge password in cisco routers The amount of help you receive on this mailing list is going to depend greatly on one question: Do you own the box? (or the router as it is in your case). As it stands, and I mean this in the best way possible, you look like a script kiddie looking to get some leetness by doing something easy. The suggestions you get on FD are not going to be as helpful to you if you are trying to hack someone else's hardware. That said, I happily look forward to the flames you are about to get for asking how to hack someone's router. This will be an entertaining Wednesday after all. :) -Michael On Wed, 24 Nov 2004 04:28:18 -0800 (PST), Paulo Pereira <[EMAIL PROTECTED]> wrote: > John, > > if you have an old config you may decode it with some available tools > in the web. A google search for "cisco password recovery" may help you. > > If you use TACACS change it there... or force the TACACS to disappear > to use the local one... it really depends on the configs you have in the box. > > Regards, > > Paulo Pereira > > > > > > Ooops.. i reframe my question. Is there a way to get the enable > > password remotely . Brute force is not my option > > > > > > > > (FROM LINKS TO LINKS WE ARE ALL LINKED) > > > > cheers. > > > > morris > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html === De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is alleen bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. Hoewel Orange maatregelen heeft genomen om virussen in deze email of attachments te voorkomen, dient u ook zelf na te gaan of virussen aanwezig zijn aangezien Orange niet aansprakelijk is voor computervirussen die veroorzaakt zijn door deze email. The information contained in this message may be confidential and is intended to be only for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. Although Orange has taken steps to ensure that this email and attachments are free from any virus, you do need to verify the possibility of their existence as Orange can take no responsibility for any computer virus which might be transferred by way of this email. === ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Winamp vulnerability : technical study and Exploit released
exploit and technical study of the Winamp flaw posted by k-otik http://www.k-otik.com/exploits/20041124.winampm3u.c.php "..the cdda library only reserves 20 bytes for names when files are .cda, so the stack will be overwritten and exception occurs when a name looks like .cda" but still NO patch from Winamp !!! Do you Yahoo!? Yahoo! Mail - You care about security. So do we.
Re: [Full-Disclosure] previledge password in cisco routers
The amount of help you receive on this mailing list is going to depend greatly on one question: Do you own the box? (or the router as it is in your case). As it stands, and I mean this in the best way possible, you look like a script kiddie looking to get some leetness by doing something easy. The suggestions you get on FD are not going to be as helpful to you if you are trying to hack someone else's hardware. That said, I happily look forward to the flames you are about to get for asking how to hack someone's router. This will be an entertaining Wednesday after all. :) -Michael On Wed, 24 Nov 2004 04:28:18 -0800 (PST), Paulo Pereira <[EMAIL PROTECTED]> wrote: > John, > > if you have an old config you may decode it with some available tools in > the web. A google search for "cisco password recovery" may help you. > > If you use TACACS change it there... or force the TACACS to disappear to > use the local one... it really depends on the configs you have in the box. > > Regards, > > Paulo Pereira > > > > > > Ooops.. i reframe my question. Is there a way to get the enable > > password remotely . Brute force is not my option > > > > > > > > (FROM LINKS TO LINKS WE ARE ALL LINKED) > > > > cheers. > > > > morris > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Re: signatures for Oracle Alert 68
Well an interesting idea is network based patching systems. The solution to this problem is to have a technology using which you can achieve the same effect as patching a server but without actually patching the server physically. Something like a network based patching system. The technology is highly effective in precisely emulating (detection -> sanitization -> response) as if the application patches (as if applied locally, Oracle too). It's being worked out by a company. You may see it in market next year around. --- "Antonio Javier G. M." <[EMAIL PROTECTED]> wrote: > We need signatures for IDS/IDP for Oracle's alert > 68. > How can we protect against these attacks if we can > not apply patches in some > platforms? > > Any interesting ideas? > > ___ > Full-Disclosure - We believe in it. > Charter: > http://lists.netsys.com/full-disclosure-charter.html > __ Do you Yahoo!? All your favorites on one personal page Try My Yahoo! http://my.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [SECURITY] [DSA 596-1] New sudo packages fix privilege escalation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 596-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze November 24th, 2004 http://www.debian.org/security/faq - -- Package: sudo Vulnerability : missing input sanitising Problem-Type : local Debian-specific: no CVE ID : CAN-2004-1051 Debian Bug : 281665 Liam Helmer noticed that sudo, a program that provides limited super user privileges to specific users, does not clean the environment sufficiently. Bash functions and the CDPATH variable are still passed through to the program running as privileged user, leaving possibilities to overload system routines. These vulnerabilities can only be exploited by users who have been granted limited super user privileges. For the stable distribution (woody) these problems have been fixed in version 1.6.6-1.2. For the unstable distribution (sid) these problems have been fixed in version 1.6.8p3. We recommend that you upgrade your sudo package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2.dsc Size/MD5 checksum: 587 b4750887bf910de5d8bc4d4ef3f71b3b http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2.diff.gz Size/MD5 checksum:12251 e138445e17adf6eec25035bb8c1ef0c9 http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6.orig.tar.gz Size/MD5 checksum: 333074 4da4bf6cf31634cc7a17ec3b69fdc333 Alpha architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_alpha.deb Size/MD5 checksum: 151386 841c5cfa5405fbef08d95fb7fcd50364 ARM architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_arm.deb Size/MD5 checksum: 141442 46d1faa34df223b014c3131879ccadff Intel IA-32 architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_i386.deb Size/MD5 checksum: 135076 687519f374ef803d532e1a2c966322a6 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_ia64.deb Size/MD5 checksum: 172442 8e0f391e39197f7911069210dae06da7 HP Precision architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_hppa.deb Size/MD5 checksum: 147512 b32938d0bf2d681b4556c64d7071187a Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_m68k.deb Size/MD5 checksum: 132698 63860473eb387086c4474acc395ff96e Big endian MIPS architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_mips.deb Size/MD5 checksum: 144380 c1ffef369f073099d84704f24e2252f1 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_mipsel.deb Size/MD5 checksum: 144250 bdb34c5adaf5562908d6df4517bf0cd3 PowerPC architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_powerpc.deb Size/MD5 checksum: 140566 ff92e82812ef08d35b51239099efaca3 IBM S/390 architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_s390.deb Size/MD5 checksum: 140222 f327c3436a5a103b1d028dc2e045c226 Sun Sparc architecture: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_sparc.deb Size/MD5 checksum: 143004 6c4300c125317a6faf9e154803552485 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBpHn2W5ql+IAeqTIRAsbeAJ93UCDKx39/3F123rZPt4B+CpYN5wCcD01g heOiCeKmYQUJoqWasNWbWB0= =qta2 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] previledge password in cisco routers
John, if you have an old config you may decode it with some available tools in the web. A google search for "cisco password recovery" may help you. If you use TACACS change it there... or force the TACACS to disappear to use the local one... it really depends on the configs you have in the box. Regards, Paulo Pereira > Ooops.. i reframe my question. Is there a way to get the enable > password remotely . Brute force is not my option > > > > (FROM LINKS TO LINKS WE ARE ALL LINKED) > > cheers. > > morris > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Google homepage Italiano logo
FYI : I have had spyware that changed google search results to include 'webcrawler.com' results in the first 5 links or so. So I would search for somethng, but the spyware would insert a piece of html at the top of the page, it would look like google results but they would ALL (all 5 of them) link to webcrawler (or something similar to that name, it's been a while so I'm not 100% sure). Allan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Rutledge Sent: Tuesday, November 23, 2004 5:43 PM To: pingywon MCSE Cc: [EMAIL PROTECTED] Netsys. Com Subject: Re: [Full-Disclosure] Google homepage Italiano logo Thanks to you all for the response. The problem seemed to resolve itself. For some reason, I was seeing the Italiano Google logo for the past week. As to why this question was salient to FD, I was curious to find if this was a possible attack against Google or just something on my side. I had figured if something malicious was being done to Google, this would be the place to verify that. Thanks, -Michael PS - if pingywon is the first to open the flame gates, then let the flames roll. I'll expect to see about 75 posts discussing the validity of posting my question here. :) On Tue, 23 Nov 2004 11:27:32 -0500, pingywon MCSE <[EMAIL PROTECTED]> wrote: > And people wanna bust my balls for replying to a certification post on > here > > ~pingywon MCSE > > http://www.pingywon.com > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Michael > Rutledge > Sent: Tuesday, November 23, 2004 10:00 > To: [EMAIL PROTECTED] Netsys. Com > Subject: [Full-Disclosure] Google homepage Italiano logo > > Does anyone see Google's Italiano logo when you visit Google's > homepage? Has anyone heard of someone getting into Google's images > and switching them around? > > NOTE: If no one else sees the Italiano image then my image cache could > be fubar. If this is the case, please disregard this email! > > Thanks, > > -Michael > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.797 / Virus Database: 541 - Release Date: 11/15/2004 > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.797 / Virus Database: 541 - Release Date: 11/15/2004 > > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html === De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is alleen bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. Hoewel Orange maatregelen heeft genomen om virussen in deze email of attachments te voorkomen, dient u ook zelf na te gaan of virussen aanwezig zijn aangezien Orange niet aansprakelijk is voor computervirussen die veroorzaakt zijn door deze email. The information contained in this message may be confidential and is intended to be only for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. Although Orange has taken steps to ensure that this email and attachments are free from any virus, you do need to verify the possibility of their existence as Orange can take no responsibility for any computer virus which might be transferred by way of this email. === ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: signatures for Oracle Alert 68
[EMAIL PROTECTED] writes: On Tue, 23 Nov 2004 18:43:22 +0100, "Antonio Javier G. M." said: We need signatures for IDS/IDP for Oracle's alert 68. Just a reminder for everybody an the archives - In fact the question was very clear (see IDS/IDP --> Intrusion detection and prevention) and IDPs/IPS are condoms, not doctors, for example netscreen IDP and Nai IPS, an the last version of snort (based on snort inline). How can we protect against these attacks if we can not apply patches in some platforms? Just a reminder for everybody and the archives - unless you're using some sort of firewall appliance that doesn't pass a packet that triggers a signature, having a signature doesn't actually protect you. If you're just using Snort, and it coughs up a "Signature for Oracle 68" message, it's *too late*. That's not a condom, that's the doctor telling you the test came back positive. (An amazing number of people manage to get confused on this point, and probably get hacked as a result) We really know what are we talking about. Please, use google to search for IDP or IPS technologies and snortinline. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]
Version 2.91 is not vulnerable, does not include crappy CPU consuming useless features and plays mp3's like any other version. Cheers, SkyLined - Original Message - From: "Brett Moore" <[EMAIL PROTECTED]> To: "[EMAIL PROTECTED] Netsys. Com" <[EMAIL PROTECTED]> Sent: Wednesday, November 24, 2004 04:05 Subject: [Full-Disclosure] Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched] > > = Winamp - Buffer Overflow In IN_CDDA.dll > = > = Affected Software: > = Winamp 5.05, 5.06 > = > = Public disclosure on November 24, 2004 > > > == Overview == > > Hate to be the bearer of bad news. > > It appears that the 'patched' version 5.05 does NOT fix the buffer overflow > issue that we notified Nullsoft about. This is obviously not good. > > As we wrote in our advisory we were notified by email that the issue had > been fixed and an update posted to the website. > > We have sent Nullsoft a copy of this email, and hope that they can remedy > this problem quickly. Unfortunately, this may not be the case as was > pointed out to me by somebody. > > == Solutions == > > - Disassociate .cda and .m3u extensions from winamp > - Wait for an update > > Brett Moore > Network Intrusion Specialist, CTO > Security-Assessment.com > > > ## > CONFIDENTIALITY NOTICE: > > This message and any attachment(s) are confidential and proprietary. > They may also be privileged or otherwise protected from disclosure. If > you are not the intended recipient, advise the sender and delete this > message and any attachment from your system. If you are not the > intended recipient, you are not authorised to use or copy this message > or attachment or disclose the contents to any other person. Views > expressed are not necessarily endorsed by Security-Assessment.com > Limited. Please note that this communication does not designate an > information system for the purposes of the New Zealand Electronic > Transactions Act 2003. > ## > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] previledge password in cisco routers
Ooops.. i reframe my question. Is there a way to get the enable password remotely . Brute force is not my option (FROM LINKS TO LINKS WE ARE ALL LINKED) cheers. morris ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Network Security in India
Doesn't auger well for all this offshoring though. :( -Original Message- From: "Samir Kelekar" <[EMAIL PROTECTED]> Date: Wed, 24 Nov 2004 10:44:54 To:"john morris" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Subject: Re: [Full-Disclosure] Network Security in India Hi John: Thanks for that post. I am not at all surprised by the situation that you have described. One of India's top telecomm companies Reliance routinely violates laws and then gets away paying minimal fines. (The govt. is in their pocket). The situation wouldn't be much different in a lot of other places. Nasscom (the association of India's software companies) is trying to do its best enforcing good security practices in companies. Am not sure to what extent it has succeeded. Samir Kelekar Teknotrends Software Bangalore - Original Message - From: "john morris" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 24, 2004 3:03 AM Subject: [Full-Disclosure] Network Security in India > I had a brief stint Primus Telecom in delhi ( www.primus-direct.com). > It has a flat network with absolutely no security. The routers as as > vulnerable to any known exploit and the same applies to a few web > servers they host. The basics such as patch management is never taken > care of. > This mail doesnot intend to harm any one but i want to know is this > the way major ISP around the globe function. > The company functions on illegal frequencies (Primus's major customers > connect through RF links). I have the proofs to show that they do > function on frequencies not allocated to them and during routine check > ups by the DoT ( Department of Telecommunications Govt. of India) They > have to change the frequency for a while and do favors to the Govt. > Employees to keep the business going. > Well this is not my concern but somehow this seems unhealthy. Is this > a practise worldwide. > During my interview with a company major i insisted on my security > conern but the company was least bothered. > Would someone tell me is this the way the whole industry functions. > Inspite of reminders to the company that any lamer has the potential > to run them out of business by bringing their whole network down > within a few min( which includes the ETBwmgr , the netcache box or > even the main router(7500 series with a backup)) has been given a deaf > ear. > Is this the way a ISP with important clients in the pvt and the govt > key sectors functions. > > I personally doubt the future. > > Is Primus listening. Its time to wake up. > > > > -- > (FROM LINKS TO LINKS WE ARE ALL LINKED) > > cheers. > > morris > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html Kind regards, Des Ward ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [ GLSA 200411-33 ] TWiki: Arbitrary command execution
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200411-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: TWiki: Arbitrary command execution Date: November 24, 2004 Bugs: #71035 ID: 200411-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A bug in the TWiki search function allows an attacker to execute arbitrary commands with the permissions of the user running TWiki. Background == TWiki is a Web-based groupware tool based around the concept of wiki pages that can be edited by anybody with a Web browser. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-apps/twiki < 20040902 >= 20040902 Description === The TWiki search function, which uses a shell command executed via the Perl backtick operator, does not properly escape shell metacharacters in the user-provided search string. Impact == An attacker can insert malicious commands into a search request, allowing the execution of arbitrary commands with the privileges of the user running TWiki (usually the Web server user). Workaround == There is no known workaround at this time. Resolution == All TWiki users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/twiki-20040902" References == [ 1 ] TWiki Security Alert http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch [ 2 ] CAN-2004-1037 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1037 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200411-33.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 pgp5grTfngdQN.pgp Description: PGP signature
[Full-Disclosure] [ GLSA 200411-32 ] phpBB: Remote command execution
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: phpBB: Remote command execution
Date: November 24, 2004
Bugs: #71681
ID: 200411-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
phpBB contains a vulnerability which allows a remote attacker to
execute arbitrary commands with the rights of the web server user.
Background
==
phpBB is an Open Source bulletin board package.
Affected packages
=
---
Package / Vulnerable / Unaffected
---
1 www-apps/phpbb < 2.0.10>= 2.0.11
Description
===
phpBB contains a vulnerability in the highlighting code and several
vulnerabilities in the username handling code.
Impact
==
An attacker can exploit the highlighting vulnerability to access the
PHP exec() function without restriction, allowing them to run arbitrary
commands with the rights of the web server user (for example the apache
user). Furthermore, the username handling vulnerability might be abused
to execute SQL statements on the phpBB database.
Workaround
==
There is a one-line patch which will remediate the remote execution
vulnerability.
Locate the following block of code in viewtopic.php:
//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ',
trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight'];
for($i = 0; $i < sizeof($words); $i++)
{
Replace with the following:
//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ',
trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));
for($i = 0; $i < sizeof($words); $i++)
{
Resolution
==
All phpBB users should upgrade to the latest version to fix all known
vulnerabilities:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/phpbb-2.0.11"
References
==
[ 1 ] phpBB.com Announcement
http://www.phpbb.com/phpBB/viewtopic.php?t=240513
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200411-32.xml
Concerns?
=
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
===
Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
pgp66N8Y4FLFk.pgp
Description: PGP signature
Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida
Paul, In the case in point, even with the variables you mention, the entire technical problem can be reduced to observing how the election officials in various places have historically constructed ballots and influence just those that can be influenced in just those states where it will matter. The Republican party (my party) apparently has advantages over others when it comes to influencing the technical details of the design of voting machines. Diebold, for example. It makes just about as much sense for every regional election office to do their ballot construction differently as it does for everyone to create their own home grown crypto. Your point about differences in ballot construction is also a red herring to begin with. If you think that there is the same degree of variability with ballots in electronic voting machines as there is with legacy ballots, then perhaps you are the one who does not know how the process really works with the machines in question. > Jason, you really need to think > before posting. You're beginning > to look silly. I don't know how to think, Paul. But I have sincerely appreciated all of your attempts to teach me how. You really need to stop making things seem so complicated that the difficulty of influencing their behavior or outcome couldn't possibly be surmounted. Speaking of thinking before posting, you type more words on mailing list postings every day than I have original thoughts... How do you do it and get work done or live life, too? Is Texas really *so* dismal a place that there is nothing better to do? No wonder the Bushes leave for nicer parts as soon as they can. Regards, Jason ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida
On Wed, 24 Nov 2004 01:04:27 + GMT, Jason Coombs <[EMAIL PROTECTED]> wrote: > As for source code or other security vulnerabilities in closed- or open-soure > vote tabulators, there is little point in rigging such schemes, and less > point in exploiting them. Good old fashion statistical abberations exploited > for the benefit of the party that finds them first will win every time. > > In principle, all voters have roughly the same risk of their vote not being > counted under any electoral system. This is called 'equitable risk'. > > If, through testing of electronic voting machines, statistical anomalies can > be detected that favor the candidate that is entered into the database third > (or whatever, take your pick, and it would be different for different voting > machines and maybe in different regions, say, because Florida is full of > elderly) then you can 'rig' an election in your favor simply by having a > non-random selection for the order in which the candidates get listed, and a > failure to properly distribute that randomness across precincts. > > If anything, that is what I believe is most likely to have happened in 2004. > Bush elected through the (fair ?) exploitation of statistical anomalies tied > to misbehaving or ill-conceived electronic voting equipment. Teamed with the > fact that partisan, interested voters are in charge of the process this is > very plausible... Any sort of impartiality and vested interest in the actual security of the whole process that you might have claimed to had was pissed away in your very first post on the subject. The one where you came out waving the Kerry flag. Remember? It is my observation that your thinly veiled concern for the process is merely out of self-interest, if not sour grapes. Your fixation and continued posting on the subject does nothing to add to your credibility. And further, it helps perpetuate the stereotype that liberals are wackos, nut-jobs, conspiracy theorists, and underground members of the peoples' tin-foil hat militia. At least your previous email wasn't one of your six-page, vaguely coherent, pedantic and almost meaningless rants that make you sound stoned. Shut up about it, already. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
On Tue, 23 Nov 2004, Danny wrote: > > What a stupid article. The author has it all wrong! IRC is a bed of > roses with Celine Dion playing in the background. IRC is like the streets. You can find bad and good people, but it is stupid to say that anyone walking in the street or chatting on IRC is a criminal. -- gpg fp: 8a7e 9719 b38d 97c6 6af0 d345 12a0 3708 2c8c 3c11 http://boklm.mars-attacks.org/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [SECURITY] [DSA 595-1] New bnc packages arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 595-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze November 24th, 2004 http://www.debian.org/security/faq - -- Package: bnc Vulnerability : buffer overflow Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-1052 Leon Juranic discovered that BNC, an IRC session bouncing proxy, does not always protect buffers from being overwritten. This could exploited by a malicious IRC server to overflow a buffer of limited size and execute arbitrary code on the client host. For the stable distribution (woody) this problem has been fixed in version 2.6.4-3.3. This package does not exist in the testing or unstable distributions. We recommend that you upgrade your bnc package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3.dsc Size/MD5 checksum: 543 a1450f3cf6b80026ec903f15f6585ae8 http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3.diff.gz Size/MD5 checksum: 3062 64db73a4d5fb93cd8d039ba13eb4b3dc http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4.orig.tar.gz Size/MD5 checksum:44333 1767b5bfdfd1c7a4a51a4114a326d014 Alpha architecture: http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_alpha.deb Size/MD5 checksum:30828 e8dd80226ae437e1f3d9bbcb694467a7 ARM architecture: http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_arm.deb Size/MD5 checksum:26770 c0ee6446147dc99465cebd1bda6dda60 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_i386.deb Size/MD5 checksum:26266 c98bb8052220d7c869fd691059cc4b33 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_ia64.deb Size/MD5 checksum:36164 d7ae31f108e9b82678c06695f241e046 HP Precision architecture: http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_hppa.deb Size/MD5 checksum:29878 53cb733232eff24419c98ce67d45d056 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_m68k.deb Size/MD5 checksum:25844 d6298a6dd44eae95a2a84d38f0bc09d1 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_mips.deb Size/MD5 checksum:29236 bd291995072ad9e3172c4f2683412e7c Little endian MIPS architecture: http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_mipsel.deb Size/MD5 checksum:29262 fd73461c1b0e65fa78424fc3f9b9631b PowerPC architecture: http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_powerpc.deb Size/MD5 checksum:27718 4058b8b6d4bb98614941f6587e6f8f94 IBM S/390 architecture: http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_s390.deb Size/MD5 checksum:27232 99d2ddd170aa5b8425b9c2a0c5d74b2a Sun Sparc architecture: http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_sparc.deb Size/MD5 checksum:29906 4276473db008684a75644ce7512d9a59 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBpD3NW5ql+IAeqTIRAqRhAKC6QOgZOwqRrPB3ZM2b3QYWqMB5vgCgusrM s4nTY7nV6ZNkYl8CojVmAeQ= =NeYx -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
