2010/2/4 Thor (Hammer of God) t...@hammerofgod.com:
It's actually you're, but I never bothered correcting him, even though
having it in his signature was kind of bad.
Whoops - I've grabbed that signature ages ago and it never occured to
me that there was a typo - anyhow, will correct that
My native language is not English, if Full-disclosure rejected the non-English
connection, I can opt out!
Date: Fri, 5 Feb 2010 10:28:46 +0100
Subject: Re: [Full-disclosure] about jit and dep+aslr
From: ravi.borgaon...@gmail.com
To: yuange1...@hotmail.com
dude,
dont you know that we
Giuseppe Iuculano wrote:
CVE-2009-0945
CVE-2009-1687
CVE-2009-1690
CVE-2009-1698
CVE-2009-1711
CVE-2009-1712
CVE-2009-1725
CVE-2009-2700
Hmmm, 7 remote vulns in qt4 that allow execution of arbitrary code plus 1
mitm. How far is the day when someone will write a virus for
It's not a rule, it's simply common courtesy.
I don't speak native English either, neither the dozens of Dutch,
German, French and Italian I've met with on FD.
If you want to write in your native language, at least provide some
suitable translation.
Cheers.
2010/2/5 yuange
As far as I know it's been done. The question isn't writing a virus
for linux, but rather attacking linux.
Pirus, ran on linux since linux comes bundled with PHP, as other
script virii. Linux also supports a lot of scripting languages, unlike
Windows which supports less (batch/js/vb/hta).
This
Well, given that the accent in the American South derives from the
Essex accent, its not surprising.
Does it?!? I've always wondered, Back to that in a moment.
My original remark was meant to imply that the posting to which I was
referring was incoherent, but sounded vaguely critical.
That looked like perfect English to me – even if it is not your native language
(and btw : neither is mine…)
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of yuange
Sent: vrijdag 5 februari 2010 11:59
To:
|--|
| __ __ |
| _ / /___ _ / / _ ___ |
| / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ |
| / /__/ /_/ / / /
Ravi stop being a douchebag
On 2/5/10 11:58 AM, yuange yuange1...@hotmail.com wrote:
My native language is not English, if Full-disclosure rejected the
non-English connection, I can opt out!
Date: Fri, 5 Feb 2010 10:28:46 +0100
Subject: Re: [Full-disclosure] about jit and dep+aslr
Full-Disclosure has been submitted to ISO as a discussion standard, requiring
English posting, but allowing for a subposting field with referrals to
internationalized versions
Larry Seltzer
Contributing Editor, PC Magazine
larry_selt...@ziffdavis.com
http://blogs.pcmag.com/securitywatch/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA-1992-1secur...@debian.org
http://www.debian.org/security/ Nico Golde
February 4th, 2010
|--|
| __ __ |
| _ / /___ _ / / _ ___ |
| / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ |
| / /__/ /_/ / / /
==
Secunia Research 05/02/2010
- libmikmod Module Parsing Vulnerabilities -
==
Table of Contents
Affected
Arian,
Sorry for the slow reply. I'm overseas right now and it's tough to
keep up with email.
I think this thread might be about dead, but I will respond to a few
comments:
All good ideas, but I believe stillborn at this point. You would get
far more mileage IMO out of promoting HTTP 2.0
As previously stated, I was born in the south. That's not native English
either :)
t
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-
disclosure-boun...@lists.grok.org.uk] On Behalf Of Security
Sent: Friday, February 05, 2010 3:33 AM
To:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:033
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers
1. *Advisory Information*
Title: Multiple Vulnerabilities with 8.3 Filename
Dear Kingcope,
The samba server follows symlinks by default. There are options
(follow symlinks, wide links) for turning it off:
http://www.samba.org/samba/docs/using_samba/ch08.html#samba2-CHP-8-SECT-1.2
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#FOLLOWSYMLINKS
Dear Dan,
The bug here is that out-of-path symlinks are remotely writable. ...
You mean creatable.
... the fact that he can *generate* the symlink breaks ...
Nothing breaks if the admin sets wide links = no for that share: the
link is not followed.
But Samba supports dropping a user into a
The bug here is that out-of-path symlinks are remotely writable. If a
pre-existing symlink is there, it's not a problem. But Kingcope's bug is
legit, the fact that he can *generate* the symlink breaks the entire path
concept of SMB shares. As long as cd .. wasn't working, symlink ..
mustn't
Hello Paul,
First and foremost I did not know about the configuration setting which
closes the bug when i posted the advisory. So this was my mistake.
But for the most servers which are not entirely hardened (and my
assumption is that this applies to many servers in internal networks)
the
Dear Kingcope,
Turning off symlink support in samba closes the hole but then no
access to symlinks created by the administrator is possible ...
Correct.
Maybe what you want is for Samba to add and support an option like
allow create symlink (with default no). I myself do not think it
would be
22 matches
Mail list logo
