Re: [Full-disclosure] Windows is 100% self-modifying assembly code? (Interesting security theory)

On 12/9/2010 8:39 PM, John Jester Wilham Patrick III wrote: > >From Andrew Auernheimer's Diary / irc memories: > >Windows is written in pure, self-modifying assembly >code. Notice how you can install 15 gigs of data from >

[Full-disclosure] iis4\iis5 cgi bug and WEB Service CGI Interface Vulnerability Analysis (continued)

Too many bad things in the belly of the fast. 2000 of iis, unicode \ decode \ cgi \ webdav \ etc vulnerability, reaching a peak, and later transferred to rpc study. Now there is a 01 or so found a serious flaw, iis4, 5 set error loading cgi vulnerability, execute arbitrary commands or view arbi

Re: [Full-disclosure] Windows is 100% self-modifying assembly code? (Interesting security theory)

On 12/9/2010 8:39 PM, John Jester Wilham Patrick III wrote: From Andrew Auernheimer's Diary / irc memories: Windows is written in pure, self-modifying assembly code. Notice how you can install 15 gigs of data from a single Windows install DVD, which can only hold 5 gigs? This is because the c

[Full-disclosure] [USN-1032-1] Exim vulnerability

=== Ubuntu Security Notice USN-1032-1 December 11, 2010 exim4 vulnerability CVE-2010-4344 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04

Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)

Wow. I guess you didn't read the post either. I'm a bit surprised that a Sr. Network Engineer thinks that Group Policies "differentiate between local and Domain administrators." You're making it sound like you think Group Policy application has some "magic permissions" or something, or that a

[Full-disclosure] TPTI-10-17: RealNetworks RealPlayer SIPR Stream Frame Dimensions Remote Code Execution Vulnerability

TPTI-10-17: RealNetworks RealPlayer SIPR Stream Frame Dimensions Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-10-17 December 10, 2010 -- CVE ID: CVE-2010-4385 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Products:

Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)

In whose universe? Did you even read the post? Local admins become LOCAL ADMINS by using a cached domain account who is a LOCAL ADMIN. You have to do it with the network cable unplugged. There is no privilege escalation here. StenoPlasma's intent was to educate people on how things worked,

[Full-disclosure] TWSL2010-008: Clear iSpot/Clearspot CSRF Vulnerabilities

Trustwave's SpiderLabs Security Advisory TWSL2010-008: Clear iSpot/Clearspot CSRF Vulnerabilities https://www.trustwave.com/spiderlabs/advisories/TWSL2010-008.txt Published: 2010-12-10 Version: 1.0 Vendor: Clear (http://www.clear.com ) Products: iSpot / ClearSpot 4G (http:

[Full-disclosure] TPTI-10-18: RealNetworks RealPlayer MDPR Chunk Size Remote Code Execution Vulnerability

TPTI-10-18: RealNetworks RealPlayer MDPR Chunk Size Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-10-18 December 10, 2010 -- CVE ID: CVE-2010-4390 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Products: RealNetworks

[Full-disclosure] TPTI-10-19: RealNetworks RealPlayer MLTI Stream Number Remote Code Execution Vulnerability

TPTI-10-19: RealNetworks RealPlayer MLTI Stream Number Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-10-19 December 10, 2010 -- CVE ID: CVE-2010-4390 -- Affected Vendors: RealNetworks -- Affected Products: RealNetworks RealPlayer -- TippingPoint(TM) IPS Cus

[Full-disclosure] ZDI-10-280: RealNetworks RealPlayer ImageMap Remote Code Execution Vulnerability

ZDI-10-280: RealNetworks RealPlayer ImageMap Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-280 December 10, 2010 -- CVE ID: CVE-2010-4392 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Products: RealNetworks Real

[Full-disclosure] ZDI-10-279: RealNetworks RealPlayer Cook Codec Initialization Remote Code Execution Vulnerability

ZDI-10-279: RealNetworks RealPlayer Cook Codec Initialization Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-279 December 10, 2010 -- CVE ID: CVE-2010-4389 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Products:

[Full-disclosure] ZDI-10-275: RealNetworks RealPlayer Cross-Zone Scripting Remote Code Execution Vulnerability

ZDI-10-275: RealNetworks RealPlayer Cross-Zone Scripting Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-275 December 10, 2010 -- CVE ID: CVE-2010-4396 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Products: Real

[Full-disclosure] ZDI-10-282: RealNetworks RealPlayer RealPix Server Header Parsing Remote Code Execution Vulnerability

ZDI-10-282: RealNetworks RealPlayer RealPix Server Header Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-282 December 10, 2010 -- CVE ID: CVE-2010-4394 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Produ

[Full-disclosure] ZDI-10-281: RealNetworks RealPlayer RMX Header Remote Code Execution Vulnerability

ZDI-10-281: RealNetworks RealPlayer RMX Header Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-281 December 10, 2010 -- CVE ID: CVE-2010-4391 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Products: RealNetworks R

[Full-disclosure] ZDI-10-281: RealNetworks RealPlayer RMX Header Remote Code Execution Vulnerability

ZDI-10-281: RealNetworks RealPlayer RMX Header Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-281 December 10, 2010 -- CVE ID: CVE-2010-4391 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Products: RealNetworks R

[Full-disclosure] ZDI-10-276: RealNetworks RealPlayer Upsell.htm getqsval Remote Code Execution Vulnerability

ZDI-10-276: RealNetworks RealPlayer Upsell.htm getqsval Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-276 December 10, 2010 -- CVE ID: CVE-2010-4388 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Products: RealN

[Full-disclosure] ZDI-10-278: RealNetworks RealPlayer Custsupport.html Remote Code Execution Vulnerability

ZDI-10-278: RealNetworks RealPlayer Custsupport.html Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-278 December 10, 2010 -- CVE ID: CVE-2010-4388 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Products: RealNetw

[Full-disclosure] ZDI-10-277: RealNetworks RealPlayer Main.html Remote Code Execution Vulnerability

ZDI-10-277: RealNetworks RealPlayer Main.html Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-277 December 10, 2010 -- CVE ID: CVE-2010-4388 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Products: RealNetworks Re

[Full-disclosure] ZDI-10-274: RealNetworks Realplayer RV20 Stream Parsing Remote Code Execution Vulnerability

ZDI-10-274: RealNetworks Realplayer RV20 Stream Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-274 December 10, 2010 -- CVE ID: CVE-2010-4378 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Products: RealN

[Full-disclosure] ZDI-10-273: RealNetworks RealPlayer AAC MLLT Atom Parsing Remote Code Execution Vulnerability

ZDI-10-273: RealNetworks RealPlayer AAC MLLT Atom Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-273 December 10, 2010 -- CVE ID: CVE-2010-2999 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Products: Rea

[Full-disclosure] ZDI-10-272: RealNetworks RealPlayer Cook Audio Codec Parsing Remote Code Execution Vulnerability

ZDI-10-272: RealNetworks RealPlayer Cook Audio Codec Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-272 December 10, 2010 -- CVE ID: CVE-2010-4377 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Products:

[Full-disclosure] ZDI-10-271: RealNetworks RealPlayer RTSP GIF Parsing Remote Code Execution Vulnerability

ZDI-10-271: RealNetworks RealPlayer RTSP GIF Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-271 December 10, 2010 -- CVE ID: CVE-2010-4376 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Products: RealNetw

[Full-disclosure] ZDI-10-270: RealNetworks RealPlayer ICY Protocol StreamTitle Remote Code Execution Vulnerability

ZDI-10-270: RealNetworks RealPlayer ICY Protocol StreamTitle Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-270 December 10, 2010 -- CVE ID: CVE-2010-2997 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Products:

[Full-disclosure] ZDI-10-269: RealNetworks RealPlayer AAC TIT2 Atom Integer Overflow Remote Code Execution Vulnerability

ZDI-10-269: RealNetworks RealPlayer AAC TIT2 Atom Integer Overflow Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-269 December 10, 2010 -- CVE ID: CVE-2010-4397 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Prod

[Full-disclosure] ZDI-10-268: RealNetworks RealPlayer Media Properties Header Parsing Remote Code Execution Vulnerability

ZDI-10-268: RealNetworks RealPlayer Media Properties Header Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-268 December 10, 2010 -- CVE ID: CVE-2010-4384 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Pro

[Full-disclosure] ZDI-10-267: RealNetworks RealPlayer Advanced Audio Coding Remote Code Execution Vulnerability

ZDI-10-267: RealNetworks RealPlayer Advanced Audio Coding Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-267 December 10, 2010 -- CVE ID: CVE-2010-4395 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Products: Rea

[Full-disclosure] ZDI-10-266: RealNetworks RealPlayer Multi-Rate Audio Remote Code Execution Vulnerability

ZDI-10-266: RealNetworks RealPlayer Multi-Rate Audio Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-266 December 10, 2010 -- CVE ID: CVE-2010-4375 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: RealNetworks -- Affected Products: RealNetw

Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)

"StenoPlasma @ www.ExploitDevelopment.com" wrote: Much ado about nothing! > TITLE: > Flaw in Microsoft Domain Account Caching Allows Local Workstation > Admins to Temporarily Escalate Privileges and Login as Cached Domain > Admin Accounts There is NO privilege escalation. A local administrator i

Re: [Full-disclosure] Windows is 100% self-modifying assemblycode?(Interesting security theory)

--On December 10, 2010 11:40:20 AM -0500 valdis.kletni...@vt.edu wrote: On Fri, 10 Dec 2010 09:23:50 MST, John Horn said: Yeah, must have been tongue in cheek, can't imagine anyone able to understand what this list is about making such a Rube Goldberg claim as stuff like a Windows self assembli

Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)

You are completely missing the point.. Local admins become Domain Admins. From: "Stefan Kanthak" To: , Cc: Date: 12/10/2010 01:08 PM Subject:Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Es

Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)

Your objections are mostly true in a normal sense. However, it is not true when Group Policy is taken into account. Group Policies differentiate between local and Domain administrators and so this vulnerability is problematic for shops that differentiate between desktop support and AD support.

[Full-disclosure] [SECURITY] [DSA-2130-1] New BIND packages fix denial of service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2130-1 secur...@debian.org http://www.debian.org/security/ Florian Weimer December 10, 2010

[Full-disclosure] LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD

# LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD # bug discovered & exploited by Kingcope # # Dec 2010 # Lame Xploit Tested with success on # FreeBSD 8.0-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86 # FreeBSD 6.3-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enter

[Full-disclosure] New vulnerabilities in Joomla

Hello Full-Disclosure! I want to warn you about Insufficient Anti-automation, Abuse of Functionality and Cross-Site Scripting vulnerabilities in Joomla. Vulnerabilities exist in component com_mailto, which is a core component of Joomla. - Affected products: ---

[Full-disclosure] Security Incident Response Testing To Meet Audit Requirements

Hi everyone, InfoSec Institute author Russ McRee has written up an overview on tools to ensure maximum readiness for incident response teams, including drill tactics. PCI-DSS audits often require IR testing validation; drill quarterly and be ready next audit cycle. http://resources.infosecinst

Re: [Full-disclosure] Windows is 100% self-modifying assembly code?(Interesting security theory)

On 12/10/2010 10:10 AM, John Horn wrote: > Is this a joke? > > > -- > > John Horn > > City of Tucson, IT Department > > Network Services (Network security) > > Phone: (520) 837-6036 > > -- > > CONFIDENTIALITY NOTICE: If you have re

Re: [Full-disclosure] Linux Kernel Bug Fixed For OpenBSD

List, look how myself, I also know how to compile me too : $ gcc foo.c -o foo $ ./foo hello world! Just to add my testimony to this ton of instructive posts. Le jeudi 09 décembre 2010 à 15:46 -0500, musnt live a écrit : > Hello full disclosure!!! > > I is like to warn you about Linux kernel exp

Re: [Full-disclosure] Windows is 100% self-modifying assemblycode?(Interesting security theory)

On Fri, 10 Dec 2010 09:23:50 MST, John Horn said: > Yeah, must have been tongue in cheek, can't imagine anyone able to > understand what this list is about making such a Rube Goldberg claim as > stuff like a Windows self assembling kernel and libraries etc Check the archives, there's been some

Re: [Full-disclosure] Windows is 100% self-modifying assemblycode?(Interesting security theory)

Yeah, must have been tongue in cheek, can't imagine anyone able to understand what this list is about making such a Rube Goldberg claim as stuff like a Windows self assembling kernel and libraries etc Window is compiled, like practically every other desktop OS. Last assembled OS I saw the s

[Full-disclosure] PHP 5.3.3 GD extension imagepstext stack buffer overflow

Description: Prior to version 5.3.4, PHP's GD extension did not properly validate the number of anti-aliasing steps passed to the function imagepstext. The value of this parameter is expected to be either 4 or 16. To accommodate this, an array of 16 integers, aa, is located on the stack. Before th

Re: [Full-disclosure] Windows is 100% self-modifying assembly code?(Interesting security theory)

Or the worst kind of trolling to have ever walked these newsgroups On Fri, Dec 10, 2010 at 4:10 PM, John Horn wrote: > Is this a joke? > > > -- > John Horn > City of Tucson, IT Department > Network Services (Network security) > Phone: (520) 837-6036 >

Re: [Full-disclosure] Windows is 100% self-modifying assembly code? (Interesting security theory)

On Thu, 09 Dec 2010 20:39:21 EST, John Jester Wilham Patrick III said: (What the heck. It's Friday, and I've got this 50 pound bag of Purina Troll Chow I'm trying to get rid of.. ;) > Windows is written in pure, self-modifying assembly code. Notice how you > can install 15 gigs of data from a sin

Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)

Hey Jeff - StenoPlasma and I took the conversation off-line, and I'm clear about what he is illustrating. As far as the local machine is concerned, there is no difference between the local admin and the domain admin or any other admin in the Administrators group. The paper illustrates how o

Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)

Hey Marsh - I think he meant LSA not SAM. With the SAM, you can brute force the local accounts. But with the LSA, you can get NTLM hashes for active users and attempt to use those. You'll typically see those types of attacks against XP boxes or Win2000 where NTLM is still being used as the d

Re: [Full-disclosure] Windows is 100% self-modifying assembly code?(Interesting security theory)

Is this a joke? -- John Horn City of Tucson, IT Department Network Services (Network security) Phone: (520) 837-6036 -- CONFIDENTIALITY NOTICE: If you have received this email in error, please immediately notify the sender by e-mail at

[Full-disclosure] [SECURITY] [DSA-2131-1] New exim4 packages fix remote code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2131-1 secur...@debian.org http://www.debian.org/security/ Stefan Fritsch December 10, 2010

Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)

No, but I am :) -Original Message- From: Bob Wilkinson [mailto:rwilkin...@messagelabs.com] Sent: Friday, December 10, 2010 3:32 AM To: Thor (Hammer of God) Cc: Mike Hale; full-disclosure@lists.grok.org.uk; stenopla...@exploitdevelopment.com Subject: Re: [Full-disclosure] Flaw in Microsof

Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)

On Thu, Dec 9, 2010 at 10:07 PM, Thor (Hammer of God) wrote: > What do you mean by "regular local administrator"?  You're a local admin, > or you're not. I believe the OP's intent was to differentiate between Local Administrators and Domain (or Enterprise) Administrators. Corrections from StenoPla

Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)

"In fact, I can just make the Domain Admin a "guest" on my workstation if I want to and there is nothing they can do about it." With the caveat that they can readd themselves using GP anytime they want...but you know. I just wanted to throw that out there. I think the key vulnerability in this is

[Full-disclosure] Windows is 100% self-modifying assembly code? (Interesting security theory)

From Andrew Auernheimer's Diary / irc memories: Windows is written in pure, self-modifying assembly code. Notice how you can install 15 gigs of data from a single Windows install DVD, which can only hold 5 gigs? This is because the code is dynamically generated to minimize attack vectors.

[Full-disclosure] PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [ PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow ] Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 11.11.2010 - - Pub.: 10.12.2010 CERT: VU#479900 CVE: CVE-2010-4409 CWE: CWE-189 Status: Fixed in PHP

Re: [Full-disclosure] Linux kernel exploit

More one test: t...@test:~/Downloads$ ./testing [*] Resolving kernel addresses... [+] Resolved econet_ioctl to 0xa0026610 [+] Resolved econet_ops to 0xa0026720 [+] Resolved commit_creds to 0x810863c0 [+] Resolved prepare_kernel_cred to 0x81086890 [*] Calculating

Re: [Full-disclosure] Linux Kernel Bug Fixed For OpenBSD

I must declare humour is very liked me in this list. [[ musnt live ]] @ [[ 09/12/2010 21:46 ]]-- > Hello full disclosure!!! > > I is like to warn you about Linux kernel exploit that is was warned > you by to from Dan Rosenberg. Is I discove