Re[2]: [Full-Disclosure] MS03-039 has been released - critical

Dear Jared, Thursday, September 11, 2003, 12:53:12 AM, you wrote: BJ> The eeye tool does a better job at this than the current MS tool... BJ> ... That's quite strange for me. I ran all the patches on one of my servers. After it the Scan-tool form microsoft said: x.x.x.x patched with KB924146 and KB

[Full-Disclosure] Pine: .procmailrc rule against integer overflow

A procmail rule something like: ===CUT-BEGIN-RULE=== :0B: * [a-zA-Z-]+\*[0-9]+\*= $HOME/pine.int-overflow.attacks.do.not.open.with.pine. CUT-END-RULE should make exploitation of the integer overflow a little harder. -- zen-parse -- --

RE : [inbox] [Full-Disclosure] Re: MS03-039 has been released (DoS) sploit ?

Seems guys you are mistaking. Here is the NSfocus advisory. In fact they found (as the M$ advisory is not clear on the subject) the 2nd BoF(CAN-2003-0528)  and not the DoS. The one you are talking of is an old (few weeks) vulnerability related to MS03-026 found by Ben Jurry.   http://www.nsf

RE: [Full-Disclosure] MS03-039 - Exploit ...

Please correct me if I am wrong but it looks like this nessus script was written for the eeye exploit. (judging by the 4 requests in the script).    Andre Ludwig, CISSP -Original Message-From: Elv1S [mailto:[EMAIL PROTECTED]Sent: Wednesday, September 10, 2003 4:24 PMTo: [EM

Re: [Full-Disclosure] Israeli boffins crack GSM code

Umm, it seems they can decrypt SMS too... A friend of mine wrote a small Java app for mobile phones, which allows for user-level encryption of SMS messages before they are sent out; maybe this approach can be expended - probably not for encrypting voice itself, but for GPRS/WAP data? http://se

RE: [inbox] RE: [Full-Disclosure] MS03-039 has been released - critical

On a somewhat related note, although a tad off-topic... I'm curious as to how some of you using IDS are capturing sessions that don't make it past the first line of defense packet filtering. I have an IDS on a spanned port of a packet filter, who only allows established traffic in. Obviously I'd

RE: [Full-Disclosure] Local variable memory allocation

Hi, gcc 3.x will add some padding between the last variable and the frame pointer. This should prevent exploitation of some off-by-one bugs. There was a nice discussion on vuln-dev mailing list, I suggest you to check that first: http://www.securityfocus.com/archive/82/335587/2003-08-30/2003-09-

RE: [Full-Disclosure] MS03-039 has been released - critical

After reading this again, and again, and again it seems that they are talking about an exploit for 039 not 026 like I first thought. Crap have to patch super quick now -Pete -Original Message- From: Ryan, Pete Sent: Wednesday, September 10, 2003 6:31 PM To: '[EMAIL PROTECTED]' Subje

RE: [Full-Disclosure] MS03-039 has been released - critical

>According to ISS, http://xforce.iss.net/xforce/alerts/id/152, they >claim that functional exploit code is already in use on the Internet. I don't think the advisory claims that. The "functional exploit code" they describe is for the null-pointer Denial of Service vulnerability that was reported

RE: [inbox] RE: [Full-Disclosure] MS03-039 has been released - critical

Sounds good to me, I've already given my IDS guy the details that you've posted and he's going to write his IDS rules by them. No problem here :-) Exibar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Marc Maiffret Sent: Wednesday, September 10, 2003 6

[Full-Disclosure] Liu Die Yu findings verified, details

Some of you may find that Lius webpage at safecenter.net/liudieyu is inaccessible - this is caused by DNS problems. My USA based machines resolve safecenter.net to 64.85.73.31 which doesn't know about any liudieyu, while my EU based machines resolve safecenter.net to 66.70.10.15 where you can find

[Full-Disclosure] RE: MS03-039 DoS Exploit

as i replyed to Exibar,   ISS : "The new DoS vulnerability was disclosed by a hacking group in China onJuly 25, 2003, and functional exploit code is already in use on theInternet."   talking about this : http://www.k-otik.com/exploits/07.21.win2kdos.c.php "Bobby, Paul" <[EMAIL PROTECTED]> wrote: Ac

RE: [Full-Disclosure] MS03-039 has been released - critical

The eeye tool does a better job at this than the current MS tool... Sanitized output... 1 xxx.xxx.xxx.32 plantscape1.xxx.xxx.xxx VULNERABLE to MS03-026/MS03-039 Authentication failed. Log in with proper credentials to check infection status. 2 x

RE: [inbox] [Full-Disclosure] Re: MS03-039 has been released (DoS) sploit ?

Sure looks that way, especially with the 7/21 datestamp for the directory and in the page name :-)     It's *very* unlikely that we see a worm that acts on the DoS vuln, it's just too much work.  The BoF's are the ones that has my attention and need to patch urgently.     Exibar -Or

[Full-Disclosure] [UPDATED] OpenServer 5.0.5 OpenServer 5.0.6 : Various security fixes for Apache.

To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ SCO Security Advisory Subject:OpenServer 5.0.5 OpenServer 5.0.6 : Vario

[Full-Disclosure] [UPDATED] OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Multiple Remote Vulnerabilities in BIND

To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ SCO Security Advisory Subject:OpenServer 5.0.7 OpenServer 5.0.6 OpenSer

Re: [Full-Disclosure] MS03-039 has been released - critical

> According to ISS, http://xforce.iss.net/xforce/alerts/id/152, they claim > that functional exploit code is already in use on the Internet. This is for the DoS attack / privilege escalation requiring an account. Nothing to serious (compared to the remote holes). Can't be used remotely as far as i

RE: [Full-Disclosure] MS03-039 has been released - critical

They are talking about MS03-026 in that case correct? Sounds like it to me. -Pete -Original Message- From: Bobby, Paul [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 10, 2003 3:47 PM To: '[EMAIL PROTECTED]' Subject: RE: [Full-Disclosure] MS03-039 has been released - critical Acc

RE: [Full-Disclosure] MS03-039 has been released - critical

Paul Schmehl ([EMAIL PROTECTED]) Wrote: >> I downloaded the MS scanner today and ran it against one 24. It reports >> the computers as "patched with KB823980", so it doesn't look like it's >> testing for the new stuff yet. The results of the scan are a bit misleading. What you have to look for i

[Full-Disclosure] [UPDATED] OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : Samba security update available avaliable for download.

To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ SCO Security Advisory Subject:OpenServer 5.0.5 OpenServer 5.0.6 OpenSer

[Full-Disclosure] CERT Advisory CA-2003-23 RPCSS Vulnerabilities in Microsoft Windows (fwd)

Regards Muhammad Faisal Rauf Danka *** There is an attachment in this mail. *** _ --- [ATTITUDEX.COM] http://www.attitudex.com/ --- --- Begin Message --- -BEGIN PGP SIGNED

Re: [Full-Disclosure] Re: MS03-039 has been released (DoS) sploit ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 11 September 2003 00:48, Elv1S wrote: > thinkin' that they talking about the xfocus sploit public since 07-21 ? for > the DoS vuln MS03-032 > > true or not ? > > http://www.k-otik.com/exploits/07.21.win2kdos.c.php Indeed.

[Full-Disclosure] MS03-039 - Exploit ...

from nessus lol # The script code starts here#function dcom_recv(socket){local_var buf, len;buf = recv(socket:socket, length:10);if(strlen(buf) != 10)return NULL;len = ord(buf[8]);len += ord(buf[9])*256;buf += recv(socket:socket, length:len - 10);return buf;}port = 135;if(!get_port_state(port))po

[Full-Disclosure] MS03-039 - Exploit ...

from nessus lol # The script code starts here#function dcom_recv(socket){local_var buf, len;buf = recv(socket:socket, length:10);if(strlen(buf) != 10)return NULL;len = ord(buf[8]);len += ord(buf[9])*256;buf += recv(socket:socket, length:len - 10);return buf;}port = 135;if(!get_port_state(port))por

RE: [Full-Disclosure] EEYE: Microsoft RPC Heap Corruption Vulnerability - Part II

Yes, the correct version is now available on eEye's site. "Chris DeVoney"

RE: [Full-Disclosure] MS03-039 has been released - critical

According to ISS, http://xforce.iss.net/xforce/alerts/id/152, they claim that functional exploit code is already in use on the Internet. anyone know of a 'sploit for this one yet? Or even proof of concept code? - Original Message - From: "Ryan, Pete" <[EMAIL PROTECTED]> To: <[EMAIL P

[Full-Disclosure] Re: MS03-039 has been released (DoS) sploit ?

thinkin' that they talking about the xfocus sploit public since 07-21 ? for the DoS vuln MS03-032   true or not ?   http://www.k-otik.com/exploits/07.21.win2kdos.c.php Mike Tancsa <[EMAIL PROTECTED]> wrote: http://xforce.iss.net/xforce/alerts/id/152 says,"The new DoS vulnerability was disclosed by

RE: [Full-Disclosure] MS03-039 has been released - critical

Hi, Just to cut off any stupid debate, that I promise anyone stepping to will lose... ;-) Giving details of where a flaw is does not make exploits/worms happen any more often. The "bad guys" do not need details in order to write exploits and worms. That is apparent when you look at the first RPC f

RE: [Full-Disclosure] EEYE: Microsoft RPC Heap Corruption Vulnerability - Part II

On Wednesday, September 10, 2003 1:26 PM, [EMAIL PROTECTED] wrote: > The version number in eEye's supposed *new* scanner is the > same version number as the one they release for the previous > RPC exploit, v1.0.4. Pardon my interuption, but the version I downloaded about noon-ish PDT has versi

RE: [Full-Disclosure] EEYE: Microsoft RPC Heap Corruption Vulnerability - Part II

1.0.4 is not the latest version. Version 1.1.0 is the latest. Upgrade to that. Again, if you think you have found a bug just contact us and we can help you out. Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Securit

RE: [Full-Disclosure] Authorities eye MSBlaster suspect

> I'm not certain what I said that is your issue. My intent is, > this young man is caught in possession of a nickel bag. ah, I read your statement "nickel-bagger" to mean somebody who sells drugs to the end-user on the street, a small-time regional distributor. you meant "somebody in possession

[Full-Disclosure] Buffer overflow in MySQL

Product : MySQL Date: 10/09/2003 Author : Frank Denis <[EMAIL PROTECTED]> [ Product description ] From the web site : MySQL is the world's most popular open source database, recognized for its speed and reliability. Today MySQL is

SV: [Full-Disclosure] MS03-039 has been released - critical

Hi, > "The new DoS vulnerability was disclosed by a hacking group > in China on July 25, 2003, and functional exploit code is > already in use on the Internet. " This is well known. However it´s not the BoF exploit. Yet again, the detailed advisory from Eeye makes it fairly easy to write a wor

RE: [Full-Disclosure] MS03-039 has been released - critical

Actually, it does. It just outputs the information differently. Here's the output from a short scan done against a segment that has boxes patched with only 026 and also with 039. x.x.x.x: patched with KB823980 x.x.x.x: patched with KB823980 x.x.x.x: patched with KB823980 x.x.x.x: connection refu

Re: [Full-Disclosure] MS03-039 has been released - critical

This has been confirmed, just in case anyone was still fuzzy on this. "039 has 1 DoS and 2 (new) BOs. All of the info in 039 is "new" and doesn't recycle 026 info. Though 039 also includes 026 fixes, of course. Important point - the NEW (ms03-039) bulletin is all NEW info." Exibar - Origina

[Full-Disclosure] New MS scanner for MS03-39

I was wrong in what I posted earlier. I wasn't paying attention and ran the older scanner without realizing it. I'm running the new scanner now, and here's the results from a patched machine: patched with KB824146 and KB823980 Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Office

Re: [Full-Disclosure] MS03-039 has been released - critical

Yes, this vulnerability is completely different than MS03-026. Although Microsoft did include the fix for 026 in MS03-039 Exibar - Original Message - From: "Robert Ahnemann" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 10, 2003 2:30 PM Subject: RE: [Full-Disclos

Re: [Full-Disclosure] EEYE: Microsoft RPC Heap Corruption Vulnerability - Part II

The version number in eEye's supposed *new* scanner is the same version number as the one they release for the previous RPC exploit, v1.0.4. In my initial tests of the scanner, it did not find any vulnerable hosts for the new RPC security hole on my network, except the ones that I already patche

RE: [Full-Disclosure] MS03-039 has been released - critical

MS03-026 patched against 1 buffer overflow. MS03-039 patches against 3 new buffer overflows. That means there are 4 problems in all. All 4 problems occur via DCOM over RPC. All 4 problems could be attacked in a similar fashion. All 4 problems (as they are likely to occur in an Internet-wide attack

RE: [Full-Disclosure] MS03-039 has been released - critical

Yes.

[Full-Disclosure] iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDEFENSE Security Advisory 09.10.03: http://www.idefense.com/advisory/09.10.03.txt Two Exploitable Overflows in PINE September 10, 2003 I. BACKGROUND PINE (The Program for Internet News & Email) is a popular e-mail client shipped with many Linux and

RE: [Full-Disclosure] MS03-039 has been released - critical

> -Original Message- > From: Robert Ahnemann [mailto:[EMAIL PROTECTED] > Sent: Wednesday, September 10, 2003 1:31 PM > To: [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] MS03-039 has been released - critical > > > I ran the test program (as linked by MS) to see if the > network show

RE: [Full-Disclosure] MS03-039 has been released - critical

Does anybody else find it disturbing that 4 different sources worked with Microsoft on this vulnerability? The odds of 4 different groups finding the same hole in the same time window in my opinion are pretty darn low... - Original Message - From: "Ryan, Pete" <[EMAIL PROTECTED]> To: <[EM

Re: [Full-Disclosure] MS03-039 has been released - critical

Isn't this a bit different than simply a DoS though? Although, now that I'm thinking about it, this one combines ms03-026 with the DoS that was found to be the RPC service failing. M$ makes it sound like this is 100% but if your patched with MS03-026, your safe from all but the DoS. Is that w

Re: [Full-Disclosure] MS03-039 has been released - critical

Eeye gives a fairly detailed writeup: http://www.eeye.com/html/Research/Advisories/AD20030910.html Doubt it'll be long. -- Jordan Wiens, CISSP UF Network Incident Response Team (352)392-2061 On Wed, 10 Sep 2003, Exibar wrote: > anyone know of a 'sploit for this one yet? Or even proof of conce

Re: [Full-Disclosure] MS03-039 has been released - critical

To add to my previous reply. The DoS is the only thing in MS03-039 that is "old". The two buffer overflows are brand new and are not the same as MS03-026. These are the real dangers here, not that the DoS isn't dangerous, but the buffer overflows are the keys to the security alert. Does any

RE: [Full-Disclosure] MS03-039 has been released - critical

There's none out in the wild yet except for some proof of concept given to M$, but I'm sure one will be made public. Then, of course, some jackass(es) will make a worm that takes advantage of it. All I can say is get patching folks, you have at least a week or two. -Original Message- F

[Full-Disclosure] Multiple* bug's associated with Win xp default zip Manager...

1). ---DESCRIPTION--- Win xp default zip manager prompt's for a password, [even* when there is no password] if the zipped file has folder/s with more than 121 sub directories in it, but this situation does vary with some condition as specified below... ---Bug Demonstration--- --- Cr

Re: [Full-Disclosure] MS03-039 has been released - critical

http://xforce.iss.net/xforce/alerts/id/152 says, "The new DoS vulnerability was disclosed by a hacking group in China on July 25, 2003, and functional exploit code is already in use on the Internet. " ---Mike At 01:41 PM 10/09/2003, Exibar wrote: anyone know of a 'sploit for this one yet?

Re: [Full-Disclosure] Why does a home computer user need DCOM?

Once again, I wouldn't mind a way to turn off *ALL* the RPC stuff, including the RPC service itself, without paying the price of having almost everything I do afterward just sit there and stupidly wait for it to respond. A box with it disabled *will* run, just barely, it'll just be sluggish as hel

[Full-Disclosure] Local variable memory allocation

I am trying to learn about the security vulnerabilities created by buffer overflows. I am trying to work through Aleph1's excellent paper 'Smashing the stack for fun and profit', but when I compile the examples, I get different results. I know the results will not be exactly the same, but I get

Re: [Full-Disclosure] Bill Gates blames the victim

Richard M. Smith wrote: > snip If three guys in Poland can find a buffer overflow in DCOM without access to Windows source code, why can't Microsoft? These guys from Poland are hackers. High profile hackers. m$ are just a bunch of money driven users. Can you see the difference? Think it this way:

Re: [Full-Disclosure] MS03-039 has been released - critical

If you do, please don't hesitate to keep it private for another 10 days or so to give us poor admins the chance to get patching ;-) > anyone know of a 'sploit for this one yet? Or even proof of concept code? > ___ Full-Disclosure - We believe in it. C

[Full-Disclosure] Keeping IE up to date on a Windows Server

(posted this morning to NTBugTraq but I guess Russ is busy) Wondering what other's thoughts are on the maintenance of Internet Explorer on a Windows (NT4 or W2K) server. Specifically, what about the default IE4 installed on an NT4 machine? Patch it? Update it to the latest version? Admins claim th

[Full-Disclosure] Why does a home computer user need DCOM?

Hello, Yet another buffer overflow error has been found in DCOM and Microsoft has released a new patch for it today according to a security bulletin on their Web site. If I am running a Windows PC at home, why would I want DCOM turned on in the first place? What purpose does it serve? Has Micros

RE: [Full-Disclosure] MS03-039 has been released - critical

I ran the test program (as linked by MS) to see if the network showed as patched. I haven't patched any of the machines with the 039 code, but all are patched with the 026 one (original one as of July 16th) Does this exploit still work (as in leave a vuln) if we have patched 026? Might be a dumb

[Full-Disclosure] Re: Popular Net anonymity service back-doored

On Thu, 21 Aug 2003, Alex Russell wrote: > > It's likely were legally prevented from issuing a clear warning, which is > > why I say they should have taken the service down in protest. I don't know > > German law, but I'd be surprised if the courts can force you to provide a > > communications se

Re: [Full-Disclosure] MS03-039 has been released - critical - IRONY

At 11:23 AM 9/10/2003 -0500, Ryan, Pete wrote: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ bulletin/MS03-039.asp Ah, the irony: http://story.news.yahoo.com/news?tmpl=story&cid=528&ncid=528&e=1&u=/ap/20030910/ap_on_hi_te/microsoft_security -- B.

[Full-Disclosure] Administrivia: Posts Delayed

Hi It seems out emergency virus filter has caused a handful of false positives over the last two weeks. I'm working to restore these messages now, so they should appear in the archives (and your mailbox) fairly soon. Apologies for this, I'm now monitoring this closely to prevent this from happe

Re: [Full-Disclosure] Microsoft Security Bulletin MS03-039

On Wed, Sep 10, 2003 at 12:54:54PM -0400, Noel, Marcus wrote: > http://www.microsoft.com/technet/security/bulletin/MS03-039.asp As I would expect before, the RPC stuff will never be secured that fast. Even on UNIX it took them years to make it secure.

Re: [Full-Disclosure] Need contact in the BTOPENWORLD.COM security department

Montana Tenor wrote: machines, am I not at some fault. The easy way out is to just swear at the guys at MS for creating bad code. They deserve to be cursed at, nothing wrong with it. georgi ___ Full-Disclosure - We believe in it. Charter: http://lists.n

[Full-Disclosure] EEYE: Microsoft RPC Heap Corruption Vulnerability - Part II

Here we go again. :-o -Marc Microsoft RPC Heap Corruption Vulnerability - Part II Release Date: September 10, 2003 Severity: High (Remote Code Execution) Systems Affected: Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Server 4.0 Microsoft Windows NT Server 4.0, Terminal Ser

[Full-Disclosure] AppSecInc Security Alert: Buffer Overflow in UDP broadcasts for Microsoft SQL Server client utilities

Buffer Overflow in UDP broadcasts for Microsoft SQL Server client utilities Risk level: High http://www.appsecinc.com/resources/alerts/mssql/02-0015.html Summary: A Unicode buffer overflow exists in MDAC which is used by the SQL Server SQL-DMO library that could allow a remote user to execute ma

Re: [Full-Disclosure] Office 2000 Vulnerability

Killing a thief and putting him in jail are two radically different punishments and I think everyone can agree that if a thief steals a typical truck but the brakes are out, the potential unintended loss of human life is too high to simply ignore it and let the problem "solve itself," by means of t

Re: [Full-Disclosure] Sobig has a surprise...

On Friday 22 August 2003 03:19 pm, Florian Weimer wrote: > 18 of 20 addresses where known to the AV community since Tuesday. I > don't know what F-Secure is doing here. > > Why don't they publish the list of IP addresses so that people can put > filters on their networks? 67.73.21.6 68.38.159.161

Re: [Full-Disclosure] Re: Filtering sobig with postfix

On Wednesday, Aug 20, 2003, at 20:51 US/Pacific, Bojan Zdrnja wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of martin f krafft Sent: Wednesday, 20 August 2003 10:43 p.m. To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Re: Filtering sobig with postfi

Re: [Full-Disclosure] MS03-039 has been released - critical

anyone know of a 'sploit for this one yet? Or even proof of concept code? - Original Message - From: "Ryan, Pete" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 10, 2003 12:23 PM Subject: [Full-Disclosure] MS03-039 has been released - critical > > http://www.mic

[Full-Disclosure] Microsoft Security Bulletin MS03-039

http://www.microsoft.com/technet/security/bulletin/MS03-039.asp     Marcus Noel Technology Systems, and Resources Cuyahoga Community College 2900 Community College Ave. Cleveland, OH 44115 [EMAIL PROTECTED] 216-987-3275  

[Full-Disclosure] MS03-039 has been released - critical

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ bulletin/MS03-039.asp -Pete ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] W32/Welchia, W32/Nachi backdoor?

On Wednesday 20 August 2003 11:20 am, Barry Irwin wrote: > >creates a backdoor listening on TCP/707 or some other randomly chosen port > > between TCP/666 and >TCP/765 [2] > > Telnetting to this port seems to disconnected after 1-5 characters have > been entered? This doesn't look like TFTP (port

RE: [Full-Disclosure] Office 2000 Vulnerability

> Yes I have seen pirated copies on clients machines that can > have SP1 and SP2 > applied but it is tricky and not for the novice user. Once > SP1 and Sp2 have > been applied it can then be updated fully to all the > vulnerabilities. I am > sure there are tons of pirated copies floating around

RE: [Full-Disclosure] Office 2000 Vulnerability

Yes I have seen pirated copies on clients machines that can have SP1 and SP2 applied but it is tricky and not for the novice user. Once SP1 and Sp2 have been applied it can then be updated fully to all the vulnerabilities. I am sure there are tons of pirated copies floating around that the usual us

RE: [Full-Disclosure] HTA/ vulnerability

>>> Has anyone has been able to confirm that the >>> HTA/ tag vulnerability >>> is exploitable in Outlook and Outlook express? If someone is running an old version of Outlook or they have fiddled with their Outlook security settings, then the bug is, of course, exploitable from an HTML

Re: [Full-Disclosure] Fwd: How to Steal a Mainframe

--On 05/09/03 21:56:21 -0400 [EMAIL PROTECTED] wrote: Even a *small* S/390 or z-series system can have 48 channel cables on it, 128 is not at all uncommon - and IBM uses some pretty hefty screws to hold them in place. Just to point out the (maybe) obvious - why unscrew all those screws when you c

RE: [Full-Disclosure] 9/11 virus

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have also heard that this one may be destructive as well. - -b > -Original Message- > From: [EMAIL PROTECTED] [mailto:full-disclosure- > [EMAIL PROTECTED] On Behalf Of Bassett, Mark > Sent: Wednesday, September 10, 2003 10:07 AM > To: [EM

Re: [Full-Disclosure] HTA/ vulnerability

> Has anyone has been able to confirm that the HTA/ tag vulnerability > is exploitable in Outlook and Outlook express? The EEYE advisory states > that its possible but I haven't seen it work. The following does not > work. > > http://server/evil.php";> in my observance, at least OE, even if you

Re: [Full-Disclosure] 9/11 virus

Have these sorts of articles *ever* done any good? "The 9/11 virus contains the headline "It's Near 911" or a similar variation, as well as an attachment labeled "911.jpg." Users should not open the e-mail or the attached file." Coaching like this gives precisely the wrong message -- 'Don't open t

Re: [Full-Disclosure] RE: BAD NEWS: Microsoft Security Bulletin MS03-032

I agree that firewall is not the place to catch this. Any properly configured HIPS should be able to catch this or nay other similar-configured exploit without any issues though. We have OKENA and simple rule to prohibit (or prompt) program executions from within IE has stopped this (and dozen of

RE: [Full-Disclosure] Office 2000 Vulnerability

> > ... I guess this > > means network administrators have a small window of time to > start patching > > up systems before a virus is released. Does anyone know of > a work around > > when updating Office 2000 with an update? It asks for the > original CD that > > Office was installed fr

[Full-Disclosure] HTA/ vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Has anyone has been able to confirm that the HTA/ tag vulnerability is exploitable in Outlook and Outlook express? The EEYE advisory states that its possible but I haven't seen it work. The following does not work. http://server/evil.php";> Info fr

Re: [Full-Disclosure] Office 2000 Vulnerability

Nick FitzGerald wrote: > means network administrators have a small window of time to start > patching up systems before a virus is released. Does anyone know of > a work around when updating Office 2000 with an update? It asks for > the original CD that Office was installed from. Any thoughts? m

[Full-Disclosure] 9/11 virus

Here we go again.. :P http://www.nwfusion.com/news/2003/0904firstofpe.html By Dan Verton Computerworld 09/04/03 Antivirus researchers late Wednesday discovered what is being described as the first of potentially many "9/11" anniversary viruses spreading on the Internet. While it's too early to

[Full-Disclosure] RE: BAD NEWS: Microsoft Security Bulletin MS03-032

> -Original Message- > From: Nathan Wallwork [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 09, 2003 1:18 PM > To: Drew Copley > Cc: [EMAIL PROTECTED]; 'GreyMagic Software'; 'Bugtraq'; > [EMAIL PROTECTED]; [EMAIL PROTECTED]; > 'NTBugtraq'; 'Microsoft Security Response Center'; >

Re: [Full-Disclosure] Re: InlineEgg library release

seeing that your syscall proxying implementation was the first of it's kind (publicly) , it really doesn't paralell to the current situation. this is the first code published by CORE that is directly included in IMPACT no? as dave aitel as been openly sharing pieces of his CANVAS since it's inc

Re: [Full-Disclosure] Bill Gates blames the victim

Richard M. Smith wrote: > snip > If three guys in Poland can find a buffer overflow in DCOM > without access to Windows source code, why can't Microsoft? These guys from Poland are hackers. High profile hackers. m$ are just a bunch of money driven users. Can you see the difference? Think it this

Re: [Full-Disclosure] Office 2000 Vulnerability

"Michael De La Cruz" <[EMAIL PROTECTED]> wrote: > Do any of you have some information on the latest MS Office > vulnerability? I just read that an exploit has been released. ... Well, some PoC exploit details were available in some of the discoverer advisories and there was a "broken WP

Re: [Full-Disclosure] Israeli boffins crack GSM code

If your interested, check out their paper. http://cryptome.org/gsm-crack-bbk.pdf (18 Pages, 234KB) "Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communications," by Elad Barkan, Eli Biham, Nathan Keller" Thanks Andrew T. ;p - Original Message - From: "Damian Gerow" <[EMAIL P

RE: [Full-Disclosure] Winrar doesn't determine the actual size of compressed files

Dear Rainer, Dear List, > tested with 3.20 - can't reproduce. It says "file is > corrupt", I press "close" - nothing happened Me too. I am using WinRar 3.00 on Microsoft Windows XP Professional. Yours, Marc ___ Full-Disclosure - We believe in it

RE: [Full-Disclosure] Winrar doesn't determine the actual size of compressed files

> i don't think so... even the developre agrees on the bug... > discussion took place in 01 Security Sumbission's > > forum with the developer of Winrar (Eugene Roshal) : > > URL: > http://www.ysgnet.com/phorum/read.php?f=1&i=341&t=324#reply_341 strange... I just ask my collague in a differen