John Richard Moser wrote:
Here is a simple hack to break sudo and su to get free root. Add this
to ~/.bashrc and fill in the following blanks:
* ~/.root_kit/rk_su
Your hacked su to give root on su --now-dammit
* ~/.root_kit/silent_install_root_kit
Your script to silently install rk_su
Theo de Raadt wrote:
You would probably expect me to the be last person to say
that Sendmail is perfectly within their rights. I have
had a lot of problems with what they are doing.
But what did you pay for Sendmail? Was it a dollar, or was
it more? Let me guess. It was much
Theo de Raadt wrote:
Sendmail has been an important part of the Internet infrastructure and
has gained a lot of honour and respect. Many people use this piece of
software and a lot of distributors/vendors are proliferating this
software. They do deserve better, as do the users who decide to
Theo de Raadt wrote:
Sendmail has been an important part of the Internet infrastructure and
has gained a lot of honour and respect. Many people use this piece of
software and a lot of distributors/vendors are proliferating this
software. They do deserve better, as do the users who decide to
It's been a while since my last post to Bugtraq and it's been over
three years since I first announced Systrace. Here is:
Systrace 1.6: Phoenix Release
---
You all know that Systrace ships by default with OpenBSD and NetBSD.
However, Linux adoption has been
New eVuln Advisory:
DSCounter 'X-Forwarded-For' SQL Injection Vulnerability
http://evuln.com/vulns/98/summary.html
Summary
eVuln ID: EV0098
CVE: CVE-2006-1234
Software: DSCounter
Sowtware's Web Site: http://dsportal.uw.hu/
Versions: 1.2
Critical Level: Moderate
New eVuln Advisory:
DSDownload Multiple SQL Injection Vulnerabilities
http://evuln.com/vulns/99/summary.html
Summary
eVuln ID: EV0099
CVE: CVE-2006-1232
Software: DSDownload
Sowtware's Web Site: http://dsportal.uw.hu/
Versions: 1.0
Critical Level: Moderate
On Fri, 24 Mar 2006, Gadi Evron wrote:
On Thu, 23 Mar 2006, Claus Assmann wrote:
It took Sendmail a mounth to fix this. A mounth.
No. It took sendmail a week to fix this. The rest of the time was
used to coordinate the release with all the involved vendors etc.
There are a few choices,
PoC can be optimized:
[ PoC code ]--
script
for(s='a onclick=',i=0;i8||(document.write(s+''));i++)s+=s;
/script
[ 83 bytes ]--
You got it wrong the over-flow hapen's here
print $socket user . A x 10240 . \r\n;
print $socket user . A x 21048 . \r\n;
and there are more i put this right and re released this exploit.
Theo,
ISS explained it to us and
told us that they had managed to craft an exploit in their lab, but
frankly we don't see how it can be practical.
I know the guy who exploited it. He's better than you think he is.
I'm sorry, I was not trying to imply in any way that Mark was blowing
We discussed recursive DNS servers before (servers which allow to query
anything - including what they are not authoritative for, through them).
...
One of the problems is obviously the spoofing. ...
Maybe I'm misunderstanding the problem here (but I don't think so). It
seems to be the issue
MaddHatter wrote:
We discussed recursive DNS servers before (servers which allow to query
anything - including what they are not authoritative for, through them).
...
One of the problems is obviously the spoofing. ...
Maybe I'm misunderstanding the problem here (but I don't think so). It
[+]UBBThreads
[-]Founded By Moroccan Security Team
[+]we are [DaBDouB-MoSiKaR,simo64,ki11er,Dr.E-Vil,|ucifier]
[+]special 10x: to all friends SnIpEr_SA,Crash_OvEr_rIdE
king-hacker,CiM-TeaM,ameer,Dranzelz,Esp!onLeRaVaGe and www.lezr.com
[+]Solution:Upgrade to a version 6.0.3
14 matches
Mail list logo