el so small compared to your great worx
>> MrReepass
>> stfu kthnx
>>
>>
>> - Original Message -
>> From: "reepex" <[EMAIL PROTECTED]>
>> To: "Morning Wood" <[EMAIL PROTECTED]>;
>>
>> Sent: Wednesday, December 12, 200
> From: "reepex" <[EMAIL PROTECTED]>
> To: "Morning Wood" <[EMAIL PROTECTED]>;
>
> Sent: Wednesday, December 12, 2007 9:01 PM
> Subject: Re: [Full-disclosure] Microsoft FTP Client Multiple
> Bufferoverflow
> Vulnerability
>
>
> > wow t
5%72%66%6c%6f%77
>>
>> *hugz*
>>
>>
>> - Original Message -
>> From: "reepex" <[EMAIL PROTECTED]>
>> To: "Morning Wood" <[EMAIL PROTECTED]>;
>>
>> Sent: Tuesday, December 11, 2007 1:58 PM
>> Subject:
http://www.google.com/search?q=%22Dude+VanWinkle%22+popsicle
Nice work Dude!
YAY!
On Dec 12, 2007 11:00 PM, Dude VanWinkle <[EMAIL PROTECTED]> wrote:
> BTW:
> http://www.google.com/search?hl=en&q=%22Fredrick+Diggle%22+%2B2003&btnG=Search
>
> Nice work Fred!
>
> On Dec 12, 2007 10:32 PM, Fredric
orning Wood" <[EMAIL PROTECTED]>;
>
> Sent: Tuesday, December 11, 2007 1:58 PM
> Subject: Re: [Full-disclosure] Microsoft FTP Client Multiple
> Bufferoverflow
> Vulnerability
>
>
> > are you serious?
> >
> >
> http://www.derkeiler.com/Mailing-Lists/sec
BTW:
http://www.google.com/search?hl=en&q=%22Fredrick+Diggle%22+%2B2003&btnG=Search
Nice work Fred!
On Dec 12, 2007 10:32 PM, Fredrick Diggle <[EMAIL PROTECTED]> wrote:
> Yes way to go MW you made his day! MW I understand how hard it is to turn
> things into viable exploits :(... sometimes the b
On Dec 12, 2007 10:32 PM, Fredrick Diggle <[EMAIL PROTECTED]> wrote:
> also Dude, your pillow joke was damn hilarious :D how did you think of it?
> can you give me joke lessons?
No, but I can give you some pointers on sarcasm.. ;-)
-JP
___
Full-Disclo
Yes way to go MW you made his day! MW I understand how hard it is to turn
things into viable exploits :(... sometimes the best move is just to wait
for the metasploit guys to do it. They are elite at bof sploitin' etc. You
should stick to the more interesting research like XSS and SQL tampering :<
On Dec 12, 2007 3:38 AM, Morning Wood <[EMAIL PROTECTED]> wrote:
> One of my first advisories and was rediscovered later, turned into a viable
> exploit 2 years after by another researcher.
>
> http://framework.metasploit.com/exploits/view/?refname=windows:ftp:netterm_netftpd_user
>
> http://metasp
e%65%74%66%74%70%64%5f%75%73%65%72%5f%6f%76%65%72%66%6c%6f%77
*hugz*
- Original Message -
From: "reepex" <[EMAIL PROTECTED]>
To: "Morning Wood" <[EMAIL PROTECTED]>;
Sent: Tuesday, December 11, 2007 1:58 PM
Subject: Re: [Full-disclosure] Microsof
are you serious?
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-07/0259.html
I guess you are a 'brain dead india wannabe sec researcher' also?
On Dec 11, 2007 6:22 AM, Morning Wood <[EMAIL PROTECTED]> wrote:
> advisories like this are typical of brain dead India wannabe sec
advisories like this are typical of brain dead India wannabe sec researchers
nuff said
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
On Thursday 29 November 2007 07:11:58 [EMAIL PROTECTED] wrote:
> I wouldn't be surprised if a large percentage of those FTP client users
> aren't suffering from the same smug "I'm too klewed to fall for it"
> attitude that many Mac users have
One would hope they would be "klewed" enough to use
Dude VanWinkle wrote:
> On Nov 29, 2007 12:11 PM, <[EMAIL PROTECTED]> wrote:
>> On Wed, 28 Nov 2007 21:44:40 PST, "Daniel H. Renner" said:
>>> From what I've noticed, users of MS' FTP client aren't the usual
>>> Windows GUI user. So that would be one good social engineering trick...
>> I wouldn'
On Nov 29, 2007 12:11 PM, <[EMAIL PROTECTED]> wrote:
> On Wed, 28 Nov 2007 21:44:40 PST, "Daniel H. Renner" said:
> > From what I've noticed, users of MS' FTP client aren't the usual
> > Windows GUI user. So that would be one good social engineering trick...
>
> I wouldn't be surprised if a larg
On Wed, 28 Nov 2007 21:44:40 PST, "Daniel H. Renner" said:
> From what I've noticed, users of MS' FTP client aren't the usual
> Windows GUI user. So that would be one good social engineering trick...
I wouldn't be surprised if a large percentage of those FTP client users
aren't suffering from t
Tonnerre Lombard ha scritto:
Isn't the FTP client compiled with stack overflow protection?
>>> If so, how is that supposed to help?
>> By terminating the program before the payload is executed
> May I suggest that this protection is not perfect? I was hoping that
> people on this mailing list
Dawson" <[EMAIL PROTECTED]>
> Subject: Re: [Full-disclosure] Microsoft FTP Client Multiple
> Bufferoverflow Vulnerability
> To: "Stan Bubrouski" <[EMAIL PROTECTED]>
> Cc: full-disclosure@lists.grok.org.uk
> Message-ID:
> <[EMAIL PROT
hat someone else has been reporting on full disclosure
> > >
> > > Date: Wed, 28 Nov 2007 09:11:30 -0600
> > > From: [EMAIL PROTECTED]
> > > To: [EMAIL PROTECTED] ; full-disclosure@lists.grok.org.uk
> > > Subject: Re: [Ful
> exceptions that someone else has been reporting on full disclosure
> >
> > Date: Wed, 28 Nov 2007 09:11:30 -0600
> > From: [EMAIL PROTECTED]
> > To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk
> > Subject: Re: [Full-disclosure] Micros
20 other non exploitable stack overflow
> exceptions that someone else has been reporting on full disclosure
>
> Date: Wed, 28 Nov 2007 09:11:30 -0600
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk
> Subject: Re: [
lolerowned, kinda like the 20 other non exploitable stack overflow exceptions
that someone else has been reporting on full disclosure
Date: Wed, 28 Nov 2007 09:11:30 -0600
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Microsoft
On Wed, 28 Nov 2007 12:05:24 +0100, "KJK::Hyperion" said:
> Rajesh Sethumadhavan ha scritto:
> > Microsoft FTP Client Multiple Bufferoverflow
> > Vulnerability
>
> Isn't the FTP client compiled with stack overflow protection?
Not all buffers live on the stack.
pgpr4k1SBQBZE.pgp
Description: PG
so... what fuzzer that you didnt code did you use to find these amazing
vulns?
Also nice 'payload' in your exploits meaning 'nice long lists of "a"s'. You
should not claim code execution when your code does not perform it.
Well I guess it has been good talking until your fuzzer crashes another
a
Salut,
On Wed, 28 Nov 2007 13:16:34 +0100 "KJK::Hyperion" <[EMAIL PROTECTED]> wrote:
> Tonnerre Lombard ha scritto:
> >>> Microsoft FTP Client Multiple Bufferoverflow
> >>> Vulnerability
> >> Isn't the FTP client compiled with stack overflow protection?
> > If so, how is that supposed to help?
>
Tonnerre Lombard ha scritto:
>>> Microsoft FTP Client Multiple Bufferoverflow
>>> Vulnerability
>> Isn't the FTP client compiled with stack overflow protection?
> If so, how is that supposed to help?
By terminating the program before the payload is executed
___
Salut,
On Wed, 28 Nov 2007 12:05:24 +0100 "KJK::Hyperion" <[EMAIL PROTECTED]> wrote:
> Rajesh Sethumadhavan ha scritto:
> > Microsoft FTP Client Multiple Bufferoverflow
> > Vulnerability
>
> Isn't the FTP client compiled with stack overflow protection?
If so, how is that supposed to help?
Rajesh Sethumadhavan ha scritto:
> Microsoft FTP Client Multiple Bufferoverflow
> Vulnerability
Isn't the FTP client compiled with stack overflow protection?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-chart
Microsoft FTP Client Multiple Bufferoverflow
Vulnerability
#
XDisclose Advisory : XD100096
Vulnerability Discovered: November 20th 2007
Advisory Reported : November 28th 2007
Credit : Rajesh Sethumadha
29 matches
Mail list logo