On Thu, Jan 12, 2006 at 12:15:35AM +0100, Florian Weimer wrote:
> * Matt Zimmerman:
>
> >> Yes, this puzzles me too, but on the other hand, Debian became a CNA,
> >> and Debian's official policy is geared away from "responsible
> >> disclosure" -- all bug reports are supposed to be public.
> >
> >
KF (lists) wrote:
Does anyone on the list have access to a Kodak PictureMaker Kiosk? These
devices come with Bluetooth enabled and unfortunately shortly after
mentioning to a local CVS store that Bluetooth implementations are not
always up to snuff, mysteriously all the stores in the area have
Does anyone on the list have access to a Kodak PictureMaker Kiosk? These
devices come with Bluetooth enabled and unfortunately shortly after
mentioning to a local CVS store that Bluetooth implementations are not
always up to snuff, mysteriously all the stores in the area have
disabled the Bluet
This must be an unintentional repost, surely?
>From the description of CAN-2004-0431:
Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1
allows attackers to execute arbitrary code
>From the description of CERT vuln (linked from the above CVE entry):
III. Solution
Upgrade
Upgrade t
* Matt Zimmerman:
>> Yes, this puzzles me too, but on the other hand, Debian became a CNA,
>> and Debian's official policy is geared away from "responsible
>> disclosure" -- all bug reports are supposed to be public.
>
> Debian isn't a CNA; as far as I know, it isn't possible for
> organizations t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It has not been possible for me to reach an agreement with zdi nor
idefense for selling the excel bug because I have publicly warned
about a remote command execution in my forum, I have tried to excuse
me about my selfstarting mistakes in the rssponsi
HiInteresting. How much? :DRegardsWaldoOn 1/4/06, Todd Towles <[EMAIL PROTECTED]
> wrote:Not sure, the last non-exploit pen auction was up pretty high> -Original Message-
> From: Georgi Guninski [mailto:[EMAIL PROTECTED]]> Sent: Wednesday, January 04, 2006 3:57 PM> To: Todd Towles> Cc:
[EM
On Wed, 11 Jan 2006 19:01:09 GMT, Dave Korn said:
>
> George A. Theall wrote in news:[EMAIL PROTECTED]
>
> >At least the original poster didn't offer up any hostnames.
>
> Well, apart from this one:
>
> >Original-Received: from p3fed1.frb.org (p3fed1.frb.org [199.169.208.132])
Any bets as to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nothing earth-shattering for anyone here, but I thought it apropos.
http://blogs.washingtonpost.com/securityfix/2006/01/a_timeline_of_m.html
- --Ben
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDxVyU3cL8qXKvzcwRAq5dAKDv+iYu
George A. Theall wrote in news:[EMAIL PROTECTED]
>At least the original poster didn't offer up any hostnames.
Well, apart from this one:
>Original-Received: from p3fed1.frb.org (p3fed1.frb.org [199.169.208.132])
cheers,
DaveK
--
Can't think of a witty .sigline today
_
checking if this address works on the list
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Our apologies, the incorrect CVE information was provided with our Apple
advisories today. The correct CVE numbers are;
[EEYEB-20051220] Apple QuickTime QTIF Stack Overflow = CVE-2005-2340
[EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow =
CVE-2005-4092
[EEYEB-20051117A] Apple QuickT
EEYEB-20051031 Apple QuickTime Malformed GIF Heap Overflow
Release Date:
January 10, 2006
Date Reported:
October 31, 2005
Severity:
High (Code Execution)
Patch Development Time (In Days):
71 Days
Severity:
High (Code Execution)
Vendor:
Apple
Systems Affected:
Quicktime on Windows 2000
Quick
EEYEB-20051117A Apple QuickTime STSD Atom Heap Overflow
Release Date:
January 10, 2006
Date Reported:
November 17, 2005
Patch Development Time (In Days):
54 Days
Severity:
High (Code Execution)
Vendor:
Apple
Systems Affected:
Quicktime on Windows 2000
Quicktime on Windows XP
Quicktime on Mac
EEYEB-20051117B Apple iTunes (QuickTime.qts) Heap Overflow
Release Date:
January 10, 2006
Date Reported:
November 17, 2005
Patch Development Time (In Days):
54 Days
Severity:
High (Code Execution)
Vendor:
Apple
Systems Affected:
Quicktime on Windows 2000
Quicktime on Windows XP
Quicktime on M
EEYEB-20051229 Apple QuickTime QTIF Stack Overflow
Release Date:
January 10, 2006
Date Reported:
December 29, 2005
Patch Development Time (In Days):
12 days
Severity:
High (Code Execution)
Vendor:
Apple
Systems Affected:
Quicktime on Windows 2000
Quicktime on Windows XP
Quicktime on Mac O
)
=
Document ID: 68605
Advisory ID: cisco-sa-20060111-mars
http://www.cisco.com/warp/public/707/cisco-sa-20060111-mars.shtml
Revision 1.0
For Public Release 2006 January 11 1600 UTC (GMT)
- ---
Contents
Summary
Title: QUICKTIME vuln: Apple pulls a Microsoft stunt
Hey there
Just an update it seems that Apple uses the same developers as Microsoft
Apple QuickTime is still vulnerable:
Tested on MAC OS X and Windows Platform
Save the following file and open with QuickTime http://www.cirt.dk/tools
===
Ubuntu Security Notice USN-240-1 January 11, 2006
bogofilter vulnerability
CVE-2005-4591
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.10 (Breezy Ba
Hello,
CIRT.DK Advisory wrote:
Apple Quicktime are vulnerable to a buffer overflow in the handling of
.JPG/.PICT files
Read the full advisory http://www.cirt.dk/advisories/cirt-41-advisory.pdf
and additional the advisory from Apple, see
http://lists.apple.com/archives/security-announce/2006/
[EMAIL PROTECTED] wrote:
The vulnerability specifically exists due to a lack of resource checking
during the buffering of data for transfer over a pair of sockets. An
attacker can create a situation that, depending on the amount of
available system resources, can cause the kernel to panic due t
Title: [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow
Apple Quicktime are vulnerable to a buffer overflow in the handling of .JPG/.PICT files
Read the full advisory http://www.cirt.dk/advisories/cirt-41-advisory.pdf
CIRT.DK
2006/1/11, Sean Crawford <[EMAIL PROTECTED]>:
Wednesday, January 11, 2006 12:38 PM George A. Theall wrote..>>It's worse than that, I'm afraid - the Federal Reserve Bank is the
U.S.>>central bank and, as such, in charge of the country's banking system.>>At least the original poster didn't
On 11/01/06, Siegfried <[EMAIL PROTECTED]> wrote:
> omfg i hope it isn't marcos flavio who invented that shit again (100%
> old-modified exploit & fake site)
> or get a fucking brain man!
> http://downloads.securityfocus.com/vulnerabilities/exploits/ntpd-exp.c
Not only is this plagiarism of work f
omfg i hope it isn't marcos flavio who invented that shit again (100%
old-modified exploit & fake site)
or get a fucking brain man!
http://downloads.securityfocus.com/vulnerabilities/exploits/ntpd-exp.c
>
>
> We are a cell of pr0j3kt m4yh3m in Latin America and western Europe.
> We have owned ma
i fear it is more likly to be Oligarchy
On 11/01/06, franco segna <[EMAIL PROTECTED]> wrote:
> Thank you Paul, you've relieved me from a great burden.
> I feared that the right answer could be *democracy* ...
>
> Paul Melson wrote:
> > -Original Message-
> > Subject: Re: [Full-disclosure]
Nice but when you have physical access you don't need to worry about
headers:)
Plus I would never lick spoons at the company cafe, I would just take them
home and give them a good wash.
Mike
www.infosec.co.nz
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
I lick spoons in the company cafeteria when no one is looking.
(hah, mike left his terminal open)
Mike
www.infosec.co.nz
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secun
There is of course the other (remote?) possibility that Eugene's company has
experienced a serious compromise and various mail accounts are now sending
out erroneous emails.
Mike
www.infosec.co.nz
-Original Message-
From: Mike [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 11, 2006 1
You may have nailed it Nick, we used unlocked PCs to shock users into
compliance at my previous company. (One) of the techniques was to send
emails on behalf of the offender.
Looks of surprise and denial from the perceived senders "but I didn't send
that!"
"Lock your PC next time!! And while you'r
Thank you Paul, you've relieved me from a great burden.
I feared that the right answer could be *democracy* ...
Paul Melson wrote:
-Original Message-
Subject: Re: [Full-disclosure] Gerald Eisenhaur
What MP3 has done for music on the internet, MP4 might do for movies and
MP5 for ??
..
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 936-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 11th, 2006
good to see the pr0j3kt is still rolling!!
On 1/10/06, !bSt bitwarz Security Team <[EMAIL PROTECTED]> wrote:
We are a cell of pr0j3kt m4yh3m in Latin America and western Europe.We have owned many research centers in Latin America, for example the
ntp server at Observatorio Nacional, USP and UFRJ,
33 matches
Mail list logo
