Mozilla Firefox "Host:" Buffer Overflow
Release Date:
September 8, 2005
Date Reported:
September 4, 2005
Severity:
Critical
Vendor:
Mozilla
Versions Affected:
Firefox Win32 1.0.6 and prior
Firefox Linux 1.0.6 and prior
Firefox 1.5 Beta 1 (Deer Park Alpha 2)
Overview:
A buffer overflow vulne
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 806-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 9th, 2005
Micheal Espinola Jr wrote:
Ahem, but they still like the products, problems or not. Killing MS is
not the answer.
Contrary to uber-nerd beleif, there is no rule about top posting - but
yea, I shoulda still trimmed.
Answer: Usually below the question.
Question: Where do you see answers in r
Ahem, but they still like the products, problems or not. Killing MS is not the answer.
Contrary to uber-nerd beleif, there is no rule about top posting - but yea, I shoulda still trimmed.
On 9/8/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Ahem. Part of the *problem* is that 90%+ of the p
Product:Remote Wireless Panties
http://www.kissntellparties.com/wirelessremote.html
Versions: All
Bug:DoS vulnerability
Impact: Attacker's can cause overflow.
Date: Septmber 08, 2005
Author: Spinoza DesCartes
Perfidious Secur
I don't know what I would do without my daily dose of drama, God forbid do NOT make me watch daytime soaps!
On 9/8/05, Andre Ludwig <[EMAIL PROTECTED]> wrote:
Would you by chance have a bit of Chabichou du Poitou? Oh its simplymarvelous with a good chardonnay.
DreOn 9/8/05, Glenn Hamblin <[EMAIL PR
Would you by chance have a bit of Chabichou du Poitou? Oh its simply
marvelous with a good chardonnay.
Dre
On 9/8/05, Glenn Hamblin <[EMAIL PROTECTED]> wrote:
>
> You guy's need some cheese to go with that WHINE!,
> Life is short and there's nothing wrong with a good laugh
> now and then. Relax
On Thu, 08 Sep 2005 16:41:34 EDT, Micheal Espinola Jr said:
> Yea, because no one likes or uses thier products. Booo000o!
Ahem. Part of the *problem* is that 90%+ of the people out there use their
products.
Oh, and (a) don't top-post, and (b) trim out any extraneous context - there was
no need
You guy's need some cheese to go with that WHINE!,
Life is short and there's nothing wrong with a good laugh
now and then. Relax and smell the roses along the way.
Glenn
At 10:35 AM 9/8/2005, you wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
i read this list now for a few
Yea, because no one likes or uses thier products. Booo000o!
On 9/8/05, Jason Coombs <[EMAIL PROTECTED]> wrote:
When will somebody get around to the important job of killing Microsoft? Original Message
Subject:MM - +ACMAJAAlAEA- Kill Google!Date: Thu, 8 Sep 2005 18:58:17
On Thu, Sep 08, 2005 at 02:39:15PM -0400, y0himba wrote:
> Date: 9/8/2005
> Vulnerability Found: Hole In y0himba's Underwear
> Affected System: Male Underwear(Possibly Female As Well)
I've done some preliminary analysis of this problem, and it appears
to be much worse
When will somebody get around to the important job of killing Microsoft?
Original Message
Subject:MM - #$%@ Kill Google!
Date: Thu, 8 Sep 2005 18:58:17 UT
From: Michael Robertson<[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
If this message is not displaying proper
Dave,
your work around is very complicated and requires usage of 2 feet. Only Windows
users
have to perform this complex task of sock switching. There is a simple
workaround for UNIX users:
It is enough for UNIX users to simply turn the sock inside out and continue
wearing it on the same foot.
the Soloman socks. long may they live :-)
Exibar
- Original Message -
From: "Mary Landesman" <[EMAIL PROTECTED]>
To:
Sent: Thursday, September 08, 2005 2:33 PM
Subject: Re: [Full-disclosure] Secuirty Hole Found In Dave's Sock
> This flaw is incredibly old. In the latter part of the
Mike Hoye [mailto:[EMAIL PROTECTED] wrote:
> I've done some preliminary analysis of this problem, and it appears to be
> much worse than the earlier Sock vulnerabilities. This particular ware ships
> with _three_ unpatched holes, and occasionally a fourth that is only
> slightly secured.
The U.S.
On 9/8/05, Dave Cawley <[EMAIL PROTECTED]> wrote:
> Date: 9/8/2005
>
> Vulnerability Found:Hole In Dave's Socket
>
> Affected System:Dave's Right Sock
>
> Severity: Rating: Moderately Critical
>Impact: System acc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Since its slow on the list, I will risk the Wrath of the Flaming Godz
and the risk of having skidmarked underwear and holy socks thrown at me
by asking if anyone knows of a system board that will support the new
Ghz memory. (whew)
Crucial 1GHz Ballist
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Update Advisory
___
Package name: apache2
Advisory ID:
Software vendor (Kmart) notified. I am the hardware vendor, so no
notification is needed.
-Original Message-
From: Mike Hoye [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 08, 2005 3:22 PM
To: y0himba
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Socks Vulner
Quoting Jason Bethune ([EMAIL PROTECTED]):
> I am protected against this attack; I have "Sandals 3.0 v.34" in place at
> this time. I urge all to switch to this robust system.
>
What are Sandals and Socks? Is this a new technology? Is it supported by
Microsockt?
__
Vladimir Parkhaev,
CISSP (C
If you've been lurking here for years, you should also
be able to remember 2 things...
1. This list is is based on unmoderated communications.
2. This list is notorious for the colorful belligerence
and of its posters and rampant barking of wild animals.
Where have you been? ;)
Searching the
All users had been warned to update their Soft Wear. Thos who didn't are now
experiencing the horrible consequences of their incompetence.
I realize that for new users, like Dave, soft wear can be confusing and
frustrating. It was for me, as well until I educated myself.
As usual, the Birkenstock
GE, Maytag, Kenmore and numerous others have been implicated in a
massive skimming scheme. Socks placed into washers and dryers with the
appropriate mate tend to exit the cleaning process alone.
Several Gov't agencies released today the findings of a multi-year
investigation and have conclude
After an exhaustive investigation - GE, Maytag, Kenmore and numerous
others have been implicated in a massive skimming scheme. Socks placed
into washers and dryers with the appropriate mate tend to exit the
cleaning process alone.
Several Gov't agencies released today the findings of a multi
Date: 9/8/2005
Vulnerability Found:Hole In y0himba's Underwear
Affected System:Male Underwear(Possibly Female As Well)
Severity: Rating: Critical
Impact: Package Access
Where: Net
Original Message
>From: Enrico Kern
>Message-Id: [EMAIL PROTECTED]
> list. Hello? there is no need to fight each other her, nor todo useless
> posts (AND REPLYS TO STUPID POSTS).
Well, how about we start with you practicing what you preach, eh?
cheers,
DaveK
--
Can't think o
This flaw is incredibly old. In the latter part of the 90s, Dr. Solomon's
antivirus team assisted afflicted users by distributing socks at various
worldwide conferences. Alas, the socks - and presumably the antivirus
software - were later acquired by McAfee, Inc. Since then, McAfee has not
only fai
Because of this hole, SANS have just gone from green to argyle as well
exibar
- Original Message -
From: "Exibar" <[EMAIL PROTECTED]>
To: "Dave Cawley" <[EMAIL PROTECTED]>;
Sent: Thursday, September 08, 2005 1:31 PM
Subject: Re: [Full-disclosure] Secuirty Hole Found In Dave's Sock
OMG! It seems the Crank-Bot.A and the Humrlss variant are now being deployed as a polymorphous worm, using the Sock vulnerability as an inital point of infection. The implications are simply enormous...we all knew a "superworm" was just waiting to be developed, but who would have guessed anybody wo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 805-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 8th, 2005
On Thu, 08 Sep 2005 19:35:08 +0200, Enrico Kern said:
> Maybe its no bad idea to get some dedicated guys to sort this bullshit out
> here. Just a suggestion.
bugtraq@securityfocus.com is over there ->
pgpRpfzJ5ND86.pgp
Description: PGP signature
I am protected against this attack; I have "Sandals 3.0 v.34" in place at
this time. I urge all to switch to this robust system.
Jason Bethune
IT Specialist
Town of Kentville
354 Main Street
Kentville, NS
B4N 1K6
www.town.kentville.ns.ca
-Original Message-
From: [EMAIL PROTECTED]
[mai
John,
John Kinsella wrote:
> Is anybody else seeing these attacks? Is this the China hackers > again?
Dave wrote it's impact is only locally exploitable, but being serious
researchers, we cannot the ignore the fact that it could be some sort of
man - or even woman ! - in-the-middle attack.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
i read this list now for a few years and a while ago it was (ok is still
is...) a good information source for vulnerabilities and other security
relevant informations.
But since a while it seems like kids do a good job on taking over this
I concur,
It was fun until it got excessive.
> -Original Message-
> From: John Smith [mailto:[EMAIL PROTECTED]
> Sent: September 8, 2005 1:28 PM
> To: full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] Security Hole Found In Dave's Sock
>
> Can we all shut up now? I know
I've found out that using Dave's right Sock 1.0 along with Sandals 2.0 will
cause this vulnerability to become very appearant and much worse. With this
known, Dave's rigth sock 1.0 should never EVER be used with any version of
Sandals (currently at v2.0).
exibar
- Original Message -
alert toe $EXTERNAL_NET any -> $SNEAKER_NET any (msg:"EXPLOIT:
Unauthorized Sock Overflow"; flow:to_Toe,established;
content:"/sock/toe"; reference:FullDisclosure,2347;
reference:cve,2001-0144; reference:cve,2001-0572;
classtype:FootAccess-detect; sid:1324; rev:6;)
-Original Message-
From
Can we all shut up now? I know most of you are bored, please try to find
something else to occupy yourselves with. I did not sign up to this list
for childish banter (even though that is what I get most of the time,
this is far exceeding the normal limit).
Raj Mathur wrote:
"Ted" == Ted Fre
> "Ted" == Ted Frederick <[EMAIL PROTECTED]> writes:
Ted> Dear list, I know that this list is not meant for personal
Ted> promotion but I think I would be remiss if I did not mention
Ted> that my company has recently released an upgrade to our
Ted> initial offering of Shoe 1.0.
I have not seen any signatures for snort yet, but I heard that the
bleeding snort team is working on it.I have not seen any signatures for
snort yet, but I heard that the bleeding snort team is working on it.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
>From my research I have found that the hole can not be exploited unless
the socks are being used. If you also use proper and clean shoes then
you should be safe from exploits on the street.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Peter
Bruderer
S
I think I can help you...
My questions:
Has somebody already detected a working exploit for this hole in the wild?
Yes. He goes by the name of "Digger The Dermatophite"
Can this hole be exploited if the socks are laying on a shelf in a cabinet?
I think that depends on how well the shelf is secu
Is anybody else seeing these attacks? Is this the China hackers again?
I think I saw a hole last week, but my logs aren't that great so I'm
going to have to go back and double-check.
Could this be related to socks disappearing? Anybody have signatures
for snort?
John
On Thu, Sep 08, 2005 at 01
I've black listed all communication with the Dave system until I can be
assured that this hole has been properly patched. A scan of my system
has found no such vulnerability. I am however also considering complete
un-installation of all sock from my system. While I wait for the vendor(s)
assuranc
This hole must be a general misconception of the product. After checking
my socks I found a hole in all of them! They are all size 9 1/2.
My questions:
Has sombody already detected a working exploit for this hole in the
wild?
Can this hole be exploited if the socks are laying on a shelf in a
cab
Please note that the following attack vector may be present in any and
all "shoe" like devices and systems.
http://www.0x90.org/releases/laces0dayAdv.txt
Shoe 1.0 - Remote Lace Overflow
This Vulnerability is in reference to the new class of remote
Will "Shoe 2.0" protection from those ugly little trolls? The ones that
like to nip?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of miah
Sent: Thursday, September 08, 2005 1:01 PM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Secu
That's a good point Dave. Have you tried rebooting?
___
Tobin Craig, MRSC, CISSP, SCERS, EnCE, CCE
IT Forensic Director, Computer Crimes and Forensics
Department of Veterans Affairs
Office of Inspector General
801 I Street NW
Washington DC 20001
Tel: 202 565 7702
Fax: 20
With the work around, putting it on the left foot, the
hole will be ABOVE the small toe and should not enlarge. This
hasn't been verifed yet, but the computer models point to this.
***
Dave D. Cawley |
High Speed Interne
Not out of the box. However there are several third party add-ons to
provide some extra protection.
I will pass your suggestion on to our developers so that we can keep in
mind a hardened foot protection in future releases.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECT
Ok you've all had your fun now can you all shut the hell up?
Thanks
-miah
On Thu, Sep 08, 2005 at 12:58:31PM -0400, y0himba wrote:
> Is "Shoe 20" a hardened foot protection?
>
> -Original Message-
> From: Ted Frederick [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 08, 2005 12:55
Is "Shoe 20" a hardened foot protection?
-Original Message-
From: Ted Frederick [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 08, 2005 12:55 PM
To: y0himba; full-disclosure@lists.grok.org.uk; Dan Mack; Tim Doyle
Subject: RE: [Full-disclosure] Security Hole Found In Dave's Sock
Dear
Dear list,
I know that this list is not meant for personal promotion but I think I
would be remiss if I did not mention that my company has recently
released an upgrade to our initial offering of Shoe 1.0. The upgrade to
Shoe 2.0 includes a firewall/anti-virus product previously known as Sock
3.4
The sock came with the factory installed configuration.
This hole is not part of that configuration and there is no
mechanism in the origial configuration to close this one off.
***
Dave D. Cawley |
High Speed Internet
Sock Type Men's 9-12.
***
Dave D. Cawley |
High Speed Internet |The number of Unix installations
Duryea, PA | has grown to 10, with more expected.
(570)451-4311 x104 | - The Unix Programmer'
Hi all,
I see, that the hole getting greater if you use the socket without any patches!
Can anyone verify this?
kind regards
Daniel
pgpCI7Lz3Oj3t.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk
It seems that the proprietary and the open source manufacturers agreed upon a
standardized default configuration: all models are designed with one hole, used
for deployment. Are you reporting the existence of a second hole, or is this an
observation of the factory installed default configuration
What version socks are these? What type? 4? 4a? 5?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Cawley
Sent: Thursday, September 08, 2005 12:29 PM
To: Craig, Tobin (OIG); full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] Secuirt
Holey Moley!!
--- "Swain, Kenneth" <[EMAIL PROTECTED]> wrote:
> I have already heard about an exploit in the wild.
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> On Behalf Of Dave
> Cawley
> Sent: Thursday, September 08, 2005 11:10 AM
> To: full-disclosu
It's hard to get the socks from different pairs to sync up.
This can cause confusion for people viewing the socks and in turn
cause a high volume of inquiries to the system administrator.
But I'll give it the old college try. Thanks for the input!
**
Bah I was so overcome by the sheer magnitude of this vulnerability that I
double posted. Sorry. I will now nip off and shoot myself.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of y0himba
Sent: Thursday, September 08, 2005 12:19 PM
To: full-disclosure@l
Dave,
A number of patches are available, all depenent upon the severity of the
vulnerability. I had always assumed this to be a feature, but now that it's
been observed elsewhere, I'll initiate a full audit of my environment.
I also recommend that you carry spare socks to maintain continuity o
On Behalf Of Paul Farrow
>I mean for crying out loud, what use is incredibly high speed broadband
>in a residential home useful for?
Porn, cos we can't surf for it at work...
***
Dave D. Cawley |
High Speed Internet
Its ok. I haven't even reported yet so I am sure I will be just as excited.
Sit back, relax, take a breath...
-Original Message-
From: Dave Cawley [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 08, 2005 12:22 PM
To: y0himba; full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disc
Sorry, vendor is Gold Toe. I will alert them immediately.
This is my first reporting, I tried to follow protocol as closely
as possible. I just got so excited...
***
Dave D. Cawley |
High Speed Internet |The num
What company is this sock from? Should I run out and upgrade my socks? I
see you failed to notify the vendor. Is there a reason for this? You
should always notify the vendor before posting the exploit or hole in
public...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTE
Dave,
Please don't rehash 1000 year old vulnerabilities unless you are adding
new info...
Thanks
Dave Cawley wrote:
Date: 9/8/2005
Vulnerability Found:Hole In Dave's Socket
Affected System:Dave's Right Sock
Severity: Rating: Moderately
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hehe, in the UK, yep, all the kids went back to school on Monday
(thankfully!)
xyberpix
On 8 Sep 2005, at 16:58, Paul Farrow wrote:
Im used to having to fetch mail every few minutes.
Have all they kiddies gone back to school or something?!
Anyw
OH NOES!!!11
What company is this sock from? Should I run out and upgrade my socks? I
see you failed to notify the vendor. Is there a reason for this? You
should always notify the vendor before posting the exploit or hole in
public...
-Original Message-
From: [EMAIL PROTECTED]
[mailt
I have already heard about an exploit in the wild.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave
Cawley
Sent: Thursday, September 08, 2005 11:10 AM
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] Secuirty Hole Found In Dave's Sock
This vuln was already released on 7/21/05 by Thor. Please don't take credit for
other people's findings.
-Original Message-
From: Dave Cawley [mailto:[EMAIL PROTECTED]
Sent: Thu Sep 08 09:11:22 2005
To: full-disclosure@lists.grok.org.uk
Subject:[Full-disclosure] Secuirty
OH NOES!!!1
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Cawley
Sent: Thursday, September 08, 2005 12:10 PM
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] Secuirty Hole Found In Dave's Sock
Date: 9/8/2005
Vulnerabi
Date: 9/8/2005
Vulnerability Found:Hole In Dave's Socket
Affected System:Dave's Right Sock
Severity: Rating: Moderately Critical
Impact: System access
Where: Foot
Description of
Yep that would be it.
-Original Message-
From: FRLinux <[EMAIL PROTECTED]>
To: Swain, Kenneth <[EMAIL PROTECTED]>
CC: xyberpix <[EMAIL PROTECTED]>; y0himba <[EMAIL PROTECTED]>;
full-disclosure@lists.grok.org.uk
Sent: Thu Sep 08 11:05:08 2005
Subject: Re: [Full-disclosure] Quiet
On 9/8
On 9/8/05, Swain, Kenneth <[EMAIL PROTECTED]> wrote:
> Or it could be that we are all slammed with work we can not post.
You mean all busy patching our beloved cisco routers ? :p
http://www.theregister.co.uk/2005/09/08/cisco_authentication_bug/
Steph
--
"Step by step, penguins are taking my sani
Im used to having to fetch mail every few minutes.
Have all they kiddies gone back to school or something?!
Anyway... might as well start a topic for discusion.
Companys say that a pirate (read warez kiddie) for the most part (read
98%) would not enter a store, pick up an audio/movie/software c
Or it could be that we are all slammed with work we can not post.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of xyberpix
Sent: Thursday, September 08, 2005 10:53 AM
To: y0himba
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Quiet
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nope, closed for the day ;-)
xyberpix
On 8 Sep 2005, at 16:37, y0himba wrote:
The list is quiet today...
Anyone?
Anyone?
Beuller?
Beuller?
-BEGIN GEEK CODE BLOCK-
Version: 3.1
GCM/GIT/GO d- s: a C$ UL P L E W N
- EXPL-A-2005-013 exploitlabs.com Advisory 042 -
- mimicboard2 -
AFFECTED PRODUCTS
mimicboard2 #086 < and lower
http://www.chitta.com/nobu/download/#mimic2
OVERVIEW
Mimic2 is a html open forum type of blog, tailored in
particular to the Japaneese
The list is quiet today...
Anyone?
Anyone?
Beuller?
Beuller?
-BEGIN GEEK CODE BLOCK-
Version: 3.1
GCM/GIT/GO d- s: a C$ UL P L E W N+ o K++ w
O- M- V-- PS+ PE Y++ PGP++ t+ 5-- X+ R* tv++ b+ DI++ D
G++ e h r+++ y
--END GEEK CODE BL
==
Secunia Research 08/09/2005
- NOD32 Anti-Virus ARJ Archive Handling Buffer Overflow -
==
Table of Contents
Affected Software...
==
Secunia Research 07/09/2005
- ALZip ACE Archive Handling Buffer Overflow -
==
Table of Contents
Affected Software.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 804-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 8th, 2005
83 matches
Mail list logo
