Re: [Full-Disclosure] Phrack 62 is out!

Oh no. It seems that Project Mayhem and PHC are back again... Last year it was in August - is it something seasonal? :) W. - Original Message - From: "Vlad Galu" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, September 20, 2003 12:12 PM Subject: Re: [Full-Disclosure] Phrack

RE: [inbox] Re: [Full-Disclosure] Petition against VeriSlime's DNS abuse

It DOES work for me :-) I'm running Windows XP w/sp1 and all patches. Here's a cut/paste of the web page I get sent too, of course the actual page is prettier. Google Error Not Found The requested URL /lpc?url=www.verisign-can-suck-my-balls.com&host=www.verisign-can-suck-my-ba lls.com was no

Re: [Full-Disclosure] idea

Too late! On Fri, Sep 19, 2003 at 02:39:07PM -0700, D B wrote: > correct > > with an encryption layer that obscures the data so the > next "freq" isnt tattletailed thus making it hard to > know which packets are part of the actual data and > which are controlling before it hops > > and jus

Re: [Full-Disclosure] Phrack 62 is out!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 19 Sep 2003 17:03:28 -0700 "del" <[EMAIL PROTECTED]> wrote: > Phrack #62 has been released.Enjoy the magazine! > > http://www.phrack.nl/phrack62/ > Seems like a total hoax to me. It's full of rants. Nice lecture, anyway :) > > > >

[Full-Disclosure] [SECURITY] [DSA-388-1] New kdebase packages fix multiple vulnerabilites in KDM

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 388-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman September 19th, 2003

RE: [inbox] Re: [Full-Disclosure] Petition against VeriSlime's DNS abuse

No, that won't work. That'll only send you to Google if you request sitefinder.verisign.com specifically. It will not send you to Google if you misspell the domain. If you wanted to see Google, you would have to have the misspelled domain in your hosts file. At 08:34 PM 9/19/2003 -0400, you wro

Re: [Full-Disclosure] idea

On Fri, 19 Sep 2003 12:03:46 PDT, D B <[EMAIL PROTECTED]> said: > does an application exist that encrypts data via pgp > (gpg) then breaks that up into chunks then > connects to a remote computer via ssl and sends one > chunk , the order picked at random, then requests a > different port to b

Re: [Full-Disclosure] Re: new openssh exploit in the wild! *isFAKE AS SH@!*

Well if you look at the rule, you can see that all it's looking for is a few x86 NOOP commands in a row. It doesn't really have anything to do with an old CRC32 exploit. On Friday 19 September 2003 10:38 am, Brian Dinello wrote: > All: > > Just to add to the readily growing list of stupid thin

RE: Automat? Was (Re: [Full-Disclosure] new virus: )

This is all the Swen.a (aka Gibe.a) virus. I have seen hundreds of these today, with various message bodies and various filenames. Some of the message bodies contain a mime exploit to try to automatically execute the attachment, some don't. Some appear to come from MS, some look like mailer bou

[Full-Disclosure] Greed Kills VeriSign Inc.

Dow, Chemical & Jones Business News Greed Kills VeriSign Inc. Thursday September 18, 6:40 pm ET KNOXVILLE, Tenn. -(Dow, Chemical & Jones)- Verisign Inc. (NasdaqNM:VRSN - News) in a sudden move today filed for protection under Chapter 11 of the US Bankruptcy Code. CFO D. Ana L Evan was overheard

RES: [Full-Disclosure] Sample of Swen/Gibe.F Worm

I would like to have a copy of this virus too.   Thanks,C4m4l3on. -Mensagem original-De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Em nome de =Enviada em: sexta-feira, 19 de setembro de 2003 00:58Para: [EMAIL PROTECTED]; [EMAIL PROTECTED]Assunto: [Full-Disclosure] Sam

[Full-Disclosure] Re: Knox Arkeia 5.1.21 local/remote root exploit

> Have you tested this on other versions? I'm a party pooper. i just told Arkeia about it and they gave me a response from their CTO. He said that they were completely unaware that there was any problem before, but they tested and confirmed it and they were grateful for the information and they'll

[Full-Disclosure] Phrack 62 is out!

Phrack #62 has been released.Enjoy the magazine! http://www.phrack.nl/phrack62/ Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=mes

RE: [inbox] Re: [Full-Disclosure] Petition against VeriSlime's DNS abuse

 nah, all you need is to enter the following line in your HOSTS file:   216.239.53.99 sitefinder.verisign.com     That way you'll get google's error message and never have to see Verisign's shit again :-)     Exibar -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL P

RE: [Full-Disclosure] idea

open source... and free i would think On Fri, 2003-09-19 at 17:39, D B wrote: correct with an encryption layer that obscures the data so the next "freq" isnt tattletailed thus making it hard to know which packets are part of the actual data and which are controlling before it hops and

Re: [Full-Disclosure] new virus: (fwd)

[...] > > If you meant swen, this doesn't look like swen. Nothing mentioning > > micro$oft > > Today I received a copy of both emails and they both came from the same > host within a 15 minute interval. That makes me also believe that they are > connected somehow. > > Maybe a computer infected by

RE: [Full-Disclosure] idea

Wouldn't this have a high chance of being firewalled out? Or at least some of the packets/chunks. > -Original Message- > From: D B [mailto:[EMAIL PROTECTED] > Sent: Friday, September 19, 2003 2:04 PM > To: [EMAIL PROTECTED] > Subject: [Full-Disclosure] idea > > does an application exist

RE: [Full-Disclosure] idea

correct with an encryption layer that obscures the data so the next "freq" isnt tattletailed thus making it hard to know which packets are part of the actual data and which are controlling before it hops and just for the record if this idea is original it will be opensource licensed i

Re: [Full-Disclosure] Knox Arkeia 5.1.21 local/remote root exploit

Have you tested this on other versions? DH On Friday 19 September 2003 10:36, A. C. wrote: > Exploit attached for Knox Arkeia Pro v5.1.21 backup > software from http://www.arkeia.com. > > > > > /* > * Knox Arkiea arkiead local/remote root exploit. > * > * Portbind 5074 shellcode > * > * Test

RE: [Full-Disclosure] Sample of Swen/Gibe.F Worm

Title: Message Look in virtually any Microsoft Newsgroup. -Original Message-From: C4m4l3on-li5t [mailto:[EMAIL PROTECTED] Sent: Friday, September 19, 2003 2:29 PMTo: =; [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: RES: [Full-Disclosure] Sample of Swen/Gibe.F Worm Hel

Re: Automat? Was (Re: [Full-Disclosure] new virus: )

At 12:43 PM 9/19/2003 -0400, [EMAIL PROTECTED] wrote: Following up my own post: -- There is no virus known to us by this name. However, Norton Anti-Virus uses names like W97M.Automat. to name viruses which have been detected automatically

[Full-Disclosure] Co-location Facility Vulnerabilities: A possible scenario

For those of you not on the securityfocus list when this was published last month: Computer Co-location Facility Vulnerabilities A possible scenario of how terrorists could smuggle and detonate explosives http://www.nuclearelephant.com/papers/colo.html

Re: [Full-Disclosure] new virus:

I am now getting fake Microsoft patches with a Microsoft like mail address. Gary On Fri, 2003-09-19 at 11:30, Michael Scheidell wrote: > > > > Has anyone seen an email going around with subject bug message > > containing a supposed audio attachment that is really an exe named > > ckcwr.exe. >

[Full-Disclosure] ReExploiting Multiple .... +another NAV FLAWS

These exploits have not been submitted to Bugtraq, since that mailing list is now owned by Symantec, and they have more "selective" full disclosure than this list. Don Cheatham Wireless Network Engineer --- you are right dude, mmm... 6 month

[Full-Disclosure] Virus Sample

All- I have put a sample of the Swen virus up for research purposes at: . Interesting note, With NAV 2003 updated to the latest defs (with no restart), I was able to save it to my desktop without intervention and start installing it (as previous posters have

Re: [Full-Disclosure] idea

i was thinking more along the lines of a C++ app with guis just wanted make sure the application wasnt written so i wasnt sued when i started it on sourceforge this list is read all over by geeks that use security ...if they havent heard of it...it doesnt exist thanks D B "my tore up" --- Ti

[Full-Disclosure] idea

does an application exist that encrypts data via pgp (gpg) then breaks that up into chunks then connects to a remote computer via ssl and sends one chunk , the order picked at random, then requests a different port to be opened sends the second chunk ... so on to conclusion with the port

[Full-Disclosure] Re: New virus?

To quote the Symantec write-up (FWIW they have some great screen shots of the virus email and installation/infection) at "The worm can also impersonate mail delivery failure notices, attaching itself as a randomly named executable. One

Re: [Full-Disclosure] Exploiting Multiple Flaws in Symantec Antivirus 2004 for Windows Mobile

Eicar test virus (eicar.exe) into RAM, the scanner does not detect it. It is not until you "save" a copy of a file with the Eicar to your file system does Symantec detect it. So it is not real-time scanning of viral code, but rather just a simple monitor to activate a scan any time a file is saved

RES: [Full-Disclosure] Sample of Swen/Gibe.F Worm

Hello,   I would like to have a copy of this virus too.    Thanks,C4m4l3on. -Mensagem original-De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Em nome de =Enviada em: sexta-feira, 19 de setembro de 2003 00:58Para: [EMAIL PROTECTED]; [EMAIL PROTECTED]Assun

Re: lsh patch (was Re: [Full-Disclosure] new ssh exploit?)

I wrote: > > I'm *not* going to bet that it isn't exploitable. I'll try to get new > > releases out within a few days, until then, I recommend that you apply > > the above patch to lshd and recompile, or disable lshd service. Carl Livitt <[EMAIL PROTECTED]> writes: > I would recommend that too.

[Full-Disclosure] Re: Verisign abusing .COM/.NET monopoly

How about all you quibbling ninnies actually do something about it: Get 100 sizeable concerns world-wide and each sue the fuck out of Verisign; $100 million each. PAH! make it $200 mil. each for shits and giggles. You'll see how quickly they change their minds. Better if they go belly- up though

Re: [Full-Disclosure] new virus: (fwd)

On Fri, 19 Sep 2003, Ron Clark wrote: > > > -- Forwarded message -- > Date: Fri, 19 Sep 2003 18:22:00 +0300 > From: Eero Volotinen <[EMAIL PROTECTED]> > To: Ron Clark <[EMAIL PROTECTED]> > Subject: Re: [Full-Disclosure] new virus: > > Yes, it's swan virus. > > -- > Eero > > If

Re: [Full-Disclosure] Remote root in LSH

Hi. Jeremiah Cornelius wrote: After reading about a theoretical remote hole in OpenSSH and many detractors smugly saying that they weren't vulnerable because they run LSH (a free alternative), I'd like to present a working remote root exploit against LSH version 1.4.x. Enjoy. O.K. Already! You roc

Re: [Full-Disclosure] idea

hi, seems like a *very specific* app to me... guess you got to do this the #!/bin/sh way. > does an application exist that encrypts data via pgp > (gpg) then breaks that up into chunks then > connects to a remote computer via ssl and sends one > chunk , the order picked at random, then re

Re: [Full-Disclosure] new virus:

Yeah, swan's been a b***h the past two days. I'm getting into the habit of deleting any email in mutt that shows up as 2K (most have the "Latest Microsoft" header, but a couple are bounced). G On or about 2003.09.19 09:26:50 +, [EMAIL PROTECTED] ([EMAIL PROTECTED]) said: > Similar emails hav

Gibe (was Re: [Full-Disclosure] new virus:)

My H+BEDV AntiVir is alerting on both the Swen virus (bogus Microsoft patch) and this variant, tagging them both as Gibe.C.1 This version doesn't mention any patch. It seems more closely related to the older Gibe variants. Here's the text/html from the new 'bounce' variant: -

[Full-Disclosure] Knox Arkeia 5.1.21 local/remote root exploit

Exploit attached for Knox Arkeia Pro v5.1.21 backup software from http://www.arkeia.com. /* * Knox Arkiea arkiead local/remote root exploit. * * Portbind 5074 shellcode * * Tested on Redhat 8.0, Redhat 7.2, but all versions are presumed vulnerable. * * NULLs out least significant byte

RE: [Full-Disclosure] Re: new openssh exploit in the wild! *isFAKE AS SH@!*

> Probably a scriptkiddie or some random idiot. The fun part was > it came up totally different offsets then i mean TOTALLY different > each time you ran it and if you gave it a offset it would "work" > no matter what. For those people who ran it.. change all your > passwords. :) > > /Adam That

Re: Automat? Was (Re: [Full-Disclosure] new virus: )

Following up my own post: -- There is no virus known to us by this name. However, Norton Anti-Virus uses names like W97M.Automat. to name viruses which have been detected automatically. VARIANT: Automat.K

Re: [Full-Disclosure] new virus:

It was Swen. He sent me the file. F-Prot caught it on my mail gateway. -Josh On Sep 19, 2003, at 11:27 AM, Cael Abal wrote: You're going to have to give us more than a vague subject line and what looks like a randomly-generated filename, Ron. Have you tried any of the major AV tools? take ca

Re: [Full-Disclosure] new virus: (fwd)

it really looks like Swen : go there http://www.viruslist.com/eng/viruslist.html?id=88029 and search for "I'm afraid I wasn't able to deliver your message to the following addresses" - Original Message - From: "Ron Clark" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, Septembe

Re: [Full-Disclosure] Web counter in the new Swen/Gibe.F worm

I've had several requests both on and off the list for the data, so it's all posted here: http://smharr4.dnsalias.net/security/index.html The data is there in CSV, MS Excel and OpenOffice spreadsheet formats. Both the spreadsheets have graphs showing infection spread over time. -- Stev

Re: [Full-Disclosure] new virus: (fwd)

it is the SWEN virus. I've received dozens of them, McAfee picks it up as Swen, have no reason to doubt it :-) Exibar - Original Message - From: "Ron Clark" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, September 19, 2003 11:43 AM Subject: Re: [Full-Disclosure] new virus:

Re: [Full-Disclosure] new virus:

On Fri, 19 Sep 2003, Ron Clark wrote: > > Has anyone seen an email going around with subject bug message > containing a supposed audio attachment that is really an exe named > ckcwr.exe. Similar emails have wound up in my mailbox, with an .exe attachment claiming to be a .wav file. I don't think

Re: [Full-Disclosure] New port 901 scans

I can confirm. I've been seeing an increase in TCP/901 scans for the last 4-5 days. --Ben On September 19, 8:52 am "J. Race" <[EMAIL PROTECTED]> wrote: > I'm seeing an increase in port 901 scans this morning starting a little > over 3 hours ago, all from individual IP's outside my netblock > ori

RE: [Full-Disclosure] Re: new openssh exploit in the wild! *isFAKE AS SH@!*

All: Just to add to the readily growing list of stupid things this "exploit" does, it set off my Snort IDS when attemping to root my test box. Looks like it _may_ actually incorporate some shell code in a REALLY old CRC32 overflow from 2001. Here's the CVE link, if anyone's interested: http://cv

Automat? Was (Re: [Full-Disclosure] new virus: )

Check out Usenet or Google groups, lots of autospam postings about this to news.admin.net-abuse.sightings. One says: hqbkyk.exe was infected with the malicious virus Worm.Automat.AHB and has been deleted because the file cannot be cleaned. ...Eric On Fri, 19 Sep 2003, Ron Cla

Re: [Full-Disclosure] Remote root in LSH

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 19 September 2003 05:57, Haggis wrote: > After reading about a theoretical remote hole in OpenSSH and many > detractors smugly saying that they weren't vulnerable because they run LSH > (a free alternative), I'd like to present a working remo

Re: [Full-Disclosure] New port 901 scans?

http://isc.sans.org/diary.html?date=2003-06-04 > I'm seeing an increase in port 901 scans this morning starting a little > over 3 hours ago, all from individual IP's outside my netblock > originating from random ports. > > Anyone else? > > -jim > > ___

Re: [Full-Disclosure] Re: new openssh exploit in the wild! *isFAKE AS SH@!*

Why bother? If you were stupid enough to run that obvious piece of crap, changing your password is the least of your worries. (In fact, if you run *anything* that's posted here without first checking it out thoroughly or if you don't understand code at all, you might as well run up the white flag

[Full-Disclosure] Re: new virus: (fwd)

Visus is swen although page format is very different from the description on samantec's site. Ron Clark System Administrator Armstrong Atlantic State University -- Forwarded message -- Date: Fri, 19 Sep 2003 17:41:42 +0200 From: Michel Messerschmidt <[EMAIL PROTECTED]> To: Ron Cl

Re: [Full-Disclosure] Web counter in the new Swen/Gibe.F worm

The counter wasn't necessarily a good indication of infected hosts. Who knows what they started it as? Seeing as how it wasn't that hard to find, it could have been a low-grade publicity stunt. It could have been done in a far more stealthy manner. -jim [EMAIL PROTECTED] wrote: It's a shame t

Re: [Full-Disclosure] new virus:

It sounds like it might be the new Swen worm. According to Symantec: The worm can also impersonate mail delivery failure notices, attaching itself as a randomly named executable. One example is: I'm sorry I wasn't able to deliver your message to one or more destinations. http://securityresponse

Re: [Full-Disclosure] new virus: (fwd)

-- Forwarded message -- Date: Fri, 19 Sep 2003 18:22:00 +0300 From: Eero Volotinen <[EMAIL PROTECTED]> To: Ron Clark <[EMAIL PROTECTED]> Subject: Re: [Full-Disclosure] new virus: Yes, it's swan virus. -- Eero If you meant swen, this doesn't look like swen. Nothing mentioning mi

Re: lsh patch (was Re: [Full-Disclosure] new ssh exploit?)

> I'm *not* going to bet that it isn't exploitable. I'll try to get new > releases out within a few days, until then, I recommend that you apply > the above patch to lshd and recompile, or disable lshd service. I would recommend that too. Attached is a revised version of the exploit I posted earl

Re: [Full-Disclosure] Web counter in the new Swen/Gibe.F worm

I was tracking the number of infected computers, but around 4:30am Pacific the counter was replaced with a GIF image reading: WARNING: Your computer may be infected by W32/[EMAIL PROTECTED] worm. It's no joke. See mcaffee.com for info. The last good number I have for the hit count was 1,576,803 at

Re: [Full-Disclosure] new virus:

> > Has anyone seen an email going around with subject bug message > containing a supposed audio attachment that is really an exe named > ckcwr.exe. I am bouncing HUNDREDS AND HUNDREDS of them. most SEEM to be bounces of bounces. ___ Full-Disclosure

Re: [Full-Disclosure] new virus:

You're going to have to give us more than a vague subject line and what looks like a randomly-generated filename, Ron. Have you tried any of the major AV tools? take care, Cael Has anyone seen an email going around with subject bug message containing a supposed audio attachment that is really

[Full-Disclosure] New port 901 scans?

I'm seeing an increase in port 901 scans this morning starting a little over 3 hours ago, all from individual IP's outside my netblock originating from random ports. Anyone else? -jim ___ Full-Disclosure - We believe in it. Charter: http://lists.nets

Re: [Full-Disclosure] Web counter in the new Swen/Gibe.F worm

On Thu, 18 Sep 2003, Richard M. Smith wrote: > The URL of the counter is: > > > http://ww2.fce.vutbr.cz/bin/counter.gif/link=bacillus&width=6&set=cnt006 I was tracking the number of infected computers, but around 4:30am Pacific the counter was replaced with a GIF image reading: WARNING: Your co

RE: [Full-Disclosure] Re: new openssh exploit in the wild! *isFAKE AS SH@!*

> -Original Message- > From: Adam Balogh [mailto:[EMAIL PROTECTED] > Sent: Friday, September 19, 2003 7:59 AM > To: Full Disclosure > Subject: Re: [Full-Disclosure] Re: new openssh exploit in the > wild! *isFAKE AS [EMAIL PROTECTED] > > > Probably a scriptkiddie or some random idiot. Th

[Full-Disclosure] new virus:

Has anyone seen an email going around with subject bug message containing a supposed audio attachment that is really an exe named ckcwr.exe. Is this a possible new virus? I have recieved numerous cpoies of this email since last night. Ron Clark System Administrator Armstrong Atlantic State Unive

RE: [Full-Disclosure] want to be paid for your opinion?

Don't you think this is the wrong list for this ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ivan Dimitrov Sent: Friday, September 19, 2003 8:13 AM To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] want to be paid for your opinion? How to get rid

lsh patch (was Re: [Full-Disclosure] new ssh exploit?)

2003-09-19T18:48:24 KF: > Well I messed with it a bit more and it seems to consistantly crash in the > following areas... Sorry for not following up sooner and saving you some effort; the author has analyzed this one, posted a patch to lsh-bugs, and is working on new releases that include the pat

Re: [Full-Disclosure] Re: new openssh exploit in the wild! * isFAKE AS SH@!*

Probably a scriptkiddie or some random idiot. The fun part was it came up totally different offsets then i mean TOTALLY different each time you ran it and if you gave it a offset it would "work" no matter what. For those people who ran it.. change all your passwords. :) /Adam Vitaly Osipov wrote

Re: [Full-Disclosure] Post vs. Times (was Is Verisign Breaking th e Law)

On Thu, Sep 18, 2003 at 11:45:35AM -0700, Hornstein, Johann (Hans) said: > If I recall correctly, you're thinking of the Washington TIMES that's owned > and run by the Moonies -- the Post is the more respected of the two main > Washington papers. Respected for its complete lack of objectivity, mos

Re: [Full-Disclosure] openssh remote exploit

Hi! > Really ? I think you'll find that there are quite a number of people, > aside from myself, who think that the "1 exploit in X years" is on one > end of it as misleading and the other end, a lie, excluding this current > openssh problem. It's a statistic. 'nuf said. > Some people, like you

Re: [Full-Disclosure] Re: new openssh exploit in the wild! * isFAKE AS SH@!*

Yeah, I missed the fact that after "calculating" the offset it starts to "exploit" in the same way as if it was given an offset as a parameter. Anyway, I simply wanted to note that whoever posted it here was either knowingly lying about its purpose or not having a clue about UNIX at all :) W. --

Re: [Full-Disclosure] want to be paid for your opinion?

How to get rid my maildir from this spam? Does it have some patterns to which this can be filtered? Or should I put spamassassin or smth..? On Tue, 2003-09-16 at 17:05, [EMAIL PROTECTED] wrote: > LOL, even FD get spammed... > > > ---"Lola Elkins" <[EMAIL PROTECTED]>wrote: > Take a survey and get

RE: [Full-Disclosure] The lowdown on SSH vulnerability

I'm going to write my "Thank You Theo" to the man. I hope his mailbox fills with another 10,000,000 email like mine to which he does not need to respond. On Tue, 2003-09-16 at 16:16, Andy Wood wrote: > Well maybe he's had to answer 10,000,000 email on it, which if he > doesn't respond he'll

[Full-Disclosure] Remote root in LSH

After reading about a theoretical remote hole in OpenSSH and many detractors smugly saying that they weren't vulnerable because they run LSH (a free alternative), I'd like to present a working remote root exploit against LSH version 1.4.x. Enjoy. /* Rough and ready exploit for lsh 1.4.x (ot

Re: [Full-Disclosure] Re: new openssh exploit in the wild! * is FAKE AS SH@!*

Vitaly Osipov wrote: > which is obviously not true. Btw as far as I understand, the troyan code is > triggered when > the "exploit" is run with the offset specified, and not in a "bruteforcing" mode. > > W. Me and my friend tried to run it on a lab-box thats not connected directly to internet a

[Full-Disclosure] hooking python send()

hello, attached is a patch to timeoutsocket.py which records all the data that is parsed to a socket to be sent. timeoutsocket.py already does this but only to make sure that the send or recv or connect doesn't time out. download and patch timeoutsocket.py from here: http://www.timo-tasi.org/py

Re: [Full-Disclosure] Re: new openssh exploit in the wild! * is FAKE AS SH@!*

Lars, What you say is true. For those of you who are interested attached is an strace of this bogus exploit that I ran in my lab on disposable systems in captive network. Note, on the parent PID file I edited out quite a bit of repetitive bogus wait statements, no sense in filling your mailboxes

Re: [Full-Disclosure] Verisign abusing .COM/.NET monopoly, BIND releases new

Hi! > At least a BIND patch could be useful for ISP's running BIND or even be > reused in DJBDNS and similar. This page: http://www.imperialviolet.org/dnsfix.html has a patch for DjBDNS. > For now, it is returning the same IP address, but I have no trouble > imagining Verisign evading DNS filter

[Full-Disclosure] [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenPKG Security AdvisoryThe OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED]

[Full-Disclosure] [SECURITY] [DSA-386-1] New libmailtools-perl packages fix input validation bug

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 386-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman September 18th, 2003

[Full-Disclosure] [SECURITY] [DSA-387-1] New gopher packages fix buffer overflows

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 387-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman September 18th, 2003

[Full-Disclosure] [SECURITY] [DSA-385-1] New hztty packages fix buffer overflows

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 385-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman September 18th, 2003

RE: [Full-Disclosure] RPC DCOM Scanner

Title: Message Some really nice stuff you got there.   -Original Message- From: Jeff [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 10:14 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] RPC DCOM Scanner   I have an RPC DCOM scanner that does not limit you t

Re: [Full-Disclosure] Re: new openssh exploit in the wild! * is FAKE AS SH@!*

Another good example of why closed-source exploits and "private" exploits are bad (although it is an old story already). The rumours of their existence can make people (or should I say, script kiddies) fall for something like this one. Btw the most definite opinion on the exploit I have heard sever

Re: [Full-Disclosure] Re: new openssh exploit in the wild! * is FAKE AS SH@!*

Hi! > >> > i looked at this piece of exploit... it is binary so i'am not sure if > >> > this is a trojan or a backdoor or a virus. but i can't see anything > >> > strange while sniffing the exploit traffic. and i got root on serveral > >> > of my openbsd boxes with that. the bruteforcer seems t

Re: [Full-Disclosure] Winrar doesn't determine the actual size of compressed files

Speeking of which.. It also has the directory traversal bug described on http://lists.insecure.org/lists/bugtraq/2003/May/0113.html just test with the .zip file located there tested on 3.20 - Original Message - From: "Bipin Gautam" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tue

Re: [Full-Disclosure] Gator / Scumware research

 http://www.mail-archive.com/[EMAIL PROTECTED]/msg06934.html   D. Werner http://e2-labs.com - Original Message - From: n30 To: Full Disclosure Sent: Friday, September 19, 2003 1:18 AM Subject: [Full-Disclosure] Gator / Scumware research Guys,   Any poin

Re: [Full-Disclosure] Re: new openssh exploit in the wild! * is FAKE AS SH@!*

On Fri, 19 Sep 2003, Vitaly Osipov wrote: > This means that the original poster (gordon last) made it up himself, because he is > saying : > > >> > i looked at this piece of exploit... it is binary so i'am not sure if > >> > this is a trojan or a backdoor or a virus. but i can't see anything > >>