Oliver,
Quickly testing the below string at the command
line does crash perl.exe. I have ActivePerl 5.8.0 Build 805 install on a
Windows 2000 machine.
perl -e "$a="A" x 256; system($a)"
-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, May 17, 20
Hello all,
Frank Knobbe wrote:
> Not really a topic for Full-Disclosure. But since you asked...
I will only answer once on this list for Tobias offered an off-topic
discussion before.
> I think more countries should have that. Not so much for the military
> service, but for the civil service. I
Seems to be working fine in version 5.8.1. No errors or crash on my system (Win2K all
patches - that 04011 -patch)
P:\>perl -v
This is perl, v5.8.1 built for MSWin32-x86-multi-thread
(with 1 registered patch, see perl -V for more detail)
Copyright 1987-2003, Larry Wall
Binary build 807 provide
http://isc.sans.org/diary.php
J
On Tue, 2004-05-18 at 15:16, Geo. wrote:
> Does anyone know what's causing the port 5000 scans yet?
>
> http://isc.incidents.org/port_details.php?isc=b4827221b7f45feeb0c12bc5040cab
> c9&port=5000&repax=1&tarax=2&srcax=2&percent=N&days=10&Redraw=Submit+Query
>
> G
Reproduced with 5.6.1/win95.
On Mon, 17 May 2004, [EMAIL PROTECTED] wrote:
> Date: Mon, 17 May 2004 22:23:56 +0200
> From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Buffer Overflow in ActivePerl ?
>
> hi folks,
>
> i played around with Acti
Hi Joel,
can u submit your mysql `users` table.
Tuesday, May 18, 2004, 10:17:03 PM, you wrote:
EJC> Could be. I didn't check, just was weird when I did it.
EJC> -Original Message-
EJC> From: Michael Gargiullo [mailto:[EMAIL PROTECTED]
EJC> Sent: Tuesday, May 18, 2004 12:35 PM
EJC>
Don't have too much experience with ldap or how you're using it, but my
money would be on prisoner.iana.org
Check google for more info
p34ce
Steele
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Soderland, Craig
Sent: Tuesday, May 18, 2004 9:16 AM
To: [EMAI
Skid, I am sorry that you misunderstood my post. I am by no means
downplaying the fact that spyware is a menace and that many unscrupulous
website owners use IE vulnerabilities to install spy / add ware on
unsuspecting user's pc. Based on how often I encounter these kind of pages I
imagine it's a h
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: kdelibs
Advisory ID:
Can anyone give me the source code to a good web application security scanner written
in C# so I can start my own company? Drop me an email with a link or code off of
the list please.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys
On Fri, 2004-05-14 at 06:22, Yan Doldonov wrote:
> After all, nobody forces anyone to purchase and use MS Products. MS has been
> selling imperfect products for years and people still continue to use them.
Intresting, I seem to recall a minor anti-trust case in the US that
kinda decided that M$ us
Hi!
I'm just playing around with my wireless LAN config in Windows 2000
Professional. There is some security dialog where you can enter your
WEP key in 26 hex digits. You may enter them but not read them because
they are masked with ***. I have a tool which reads the plaintext of
such password box
On Tue, 18 May 2004 18:54:36 +0200, "Soderland, Craig" <[EMAIL PROTECTED]> said:
> Understood, but why would this system be trying to make a connection there? I
> has no reason to be connecting and we just noticed it which raised a few
> questions.
You're missing the point - if another machine
Sorry, Jelmer, but you're WAY off base on this one. IMHO, spyware is
already larger than netsky and sobig, and will probably be larger than
nimda before the end of the year. But that's my opinion, you want
evidence, so here are some cold, hard facts.
Check out these http proxy log entries:
[05/
Soderland, Craig wrote:
ETHER: Destination = 0:0:5e:0:1:1, U.S. Department of Defense
This mac looks familiar for me,isn't it the mac address used by vrrp ID
1? Isn't your default gateway a nokia firewall (or was,in which case you
should reconfigure some device in order to remove any/m
>> Does anyone know what's causing the port 5000 scans yet?
>This seems to be it:
> Port 5000 Traffic Indicates Kibuv.b Worm At Work
Nope, it's not Kibuv.b, that uses other ports as well and traffic on those
is normal. Probably bobax worm or something new.
Geo.
_
[EMAIL PROTECTED] wrote:
hi folks,
i played around with ActiveState's ActivePerl for Win32, and crashed
Perl.exe with the following command:
perl -e "$a="A" x 256; system($a)"
I wonder if this bug isnt known?!? Because system() is a very common
command
Can anybody reproduce this?
I put toge
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
On Tuesday 18 May 2004 07:41, Paul Schmehl wrote:
> Am I the only one who thinks that this list is slowly descending into
> complete worthlessness? It's amazing. The kiddies tried to destroy it
> early on and failed. So then the members of the list did the job for them.
> Worthless topic after w
On Tue, 18 May 2004 15:15:56 +0200, "Soderland, Craig" <[EMAIL PROTECTED]> said:
> I did a snoop from our tech sandbox (xx) to port 389 using the
> following command: 'snoop -v port 389' (without the quotes). The attached
> file shows a segment of the results. Notice the line:
I don't see
Bobax and Kibuv worms
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Frank
Knobbe
Sent: Tuesday, May 18, 2004 9:46 AM
To: Geo.
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Port 5000
On Tue, 2004-05-18 at 08:16, Geo. wrote:
> Does anyone know what
On Tuesday 18 May 2004 18:24, Esler, Joel - Contractor wrote:
> I did not have the grant priv, I had select, insert on mysql db. (I did
> log in as a different user --i.e. not root) Using MysqlCC I changed the
> Grant field from N to Y, and then could grand myself all privs to every
> database.
>
> Am I the only one who thinks that this list is slowly descending into
> complete worthlessness? It's amazing. The kiddies tried to
> destroy it
> early on and failed. So then the members of the list did the
> job for them.
> Worthless topic after worthless topic until the real purpose
>
Could be. I didn't check, just was weird when I did it.
-Original Message-
From: Michael Gargiullo [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 18, 2004 12:35 PM
To: Esler, Joel - Contractor
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] User bypass privs for Mysql??
On Tue, 200
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Esler, Joel - Contractor wrote:
| I did not have the grant priv, I had select, insert on mysql db. (I did
| log in as a different user --i.e. not root) Using MysqlCC I changed the
| Grant field from N to Y, and then could grand myself all privs to eve
Hey Joel,
Comments inline...
-Oorspronkelijk bericht-
Verzonden: dinsdag 18 mei 2004 16:02
Aan: [EMAIL PROTECTED]
Onderwerp: [Full-Disclosure] User bypass privs for Mysql??
J> Not having any grant permissions. I went into the mysql/user table and
J> edited the Grant from N to Y. Logge
On Tue, May 18, 2004 at 11:01:32PM +1200, Nick FitzGerald wrote:
> Alexander Schreiber <[EMAIL PROTECTED]> to me:
>
> > Sorry, in a networked world, C2 ist just a bad joke. ...
>
> Well, at least "weak"...
>
> > ... Keep in mind, that
> > you do not get a blank certificate for 'this OS', but t
On Tue, 2004-05-18 at 10:02, Esler, Joel - Contractor wrote:
> Not having any grant permissions. I went into the mysql/user table and
> edited the Grant from N to Y. Logged out and logged back in, and I had
> full privs including Grant. I shouldn't be able to do this...
>
> Joel
but does your
On Tue, 2004-05-18 at 09:41, Paul Schmehl wrote:
> Am I the only one who thinks that this list is slowly descending into
> complete worthlessness? [...] (And *this* will devolve into
> another 250 post thread about nothing.)
Yeah, yeah, yeah. Sorry, I shouldn't have cc'ed FD on it, and pollute
t
Understood, but why would this system be trying to make a connection there? I has no
reason to be connecting and we just noticed it which raised a few questions.
This mailbox protected from junk email by MailFrontier Desktop
from MailFrontie
>and we seem to get control of EIP. Coincidence? Try yet two more:
>C:\>perl -e "$a="A" x 261; system($a)"
C:\>perl -V
Characteristics of this binary (from libperl):
Compile-time options: MULTIPLICITY USE_ITHREADS PERL_IMPLICIT_
LICIT_SYS
Locally applied patches:
ActivePerl Build 6
Am I the only one who thinks that this list is slowly descending into
complete worthlessness? It's amazing. The kiddies tried to destroy it
early on and failed. So then the members of the list did the job for them.
Worthless topic after worthless topic until the real purpose of the list
has
I did not have the grant priv, I had select, insert on mysql db. (I did
log in as a different user --i.e. not root) Using MysqlCC I changed the
Grant field from N to Y, and then could grand myself all privs to every
database.
Of course, I did have select, insert on mysql.. probably why huh?
Vendor : WEBCT
URL : http://webct.com/
Version : WebCT Campus Edition Version 4.1
Risk : Cross site scripting
Description: WebCT is the world's leading provider of e-learning systems for
educational
institutions.
WebCT's vision is to deliver innovative e-learning solutions to help
institutions
>What do other people think?
Other people think things like "why the fuck am I reading this?, I thought I signed up
to a computer security list?"
Would anyone like a recipe for apple pie while I'm here?
Maybe a transcript or a classic fawlty towers episode?
yes, I know, and yes I'm going to s
What were your other privileges. If you did not have any grants then why
in the heck did you have any access rights to the mysql database (not
product) tables? Seems that you had a DBA error, not a product error.
Jim
On Tuesday 18 May 2004 9:02 am, Esler, Joel - Contractor wrote:
> Not having
Geo. wrote:
Does anyone know what's causing the port 5000 scans yet?
http://isc.incidents.org/port_details.php?isc=b4827221b7f45feeb0c12bc5040cab
c9&port=5000&repax=1&tarax=2&srcax=2&percent=N&days=10&Redraw=Submit+Query
Geo.
___ Full-Disclosure - We
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
What permissions DID you have prior to editing your grants. How did you
edit the grant (i.e. update user set Grant_priv = 'Y' where user =
'floobie' ). What version of mysql? Did you log in as yourself to edit
the grants, or as another user? Also,
On Tue, 2004-05-18 at 06:58, Jos Osborne wrote:
> Hmmm...compulsory national service...what a cheap way of getting a labour force.
> I'm mixed on my views on this - on the one hand having this labour force is a good
> thing, and a younger me could have definately done with having some discipline a
perl, v5.8.2 MSWin32-x86-multi-thread suffer the same.
Tuesday, May 18, 2004, 7:14:41 PM, you wrote:
NF> "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
>> i played around with ActiveState's ActivePerl for Win32, and crashed
>> Perl.exe with the following command:
>>
>> perl -e "$a="A" x 256; s
Not having any grant permissions. I went into the mysql/user table and
edited the Grant from N to Y. Logged out and logged back in, and I had
full privs including Grant. I shouldn't be able to do this...
Joel
___
Full-Disclosure - We believe in it.
C
Not working at all with ActivePerl 5.8.x (up to 5.8.4) and Windows 2000
Prof. SP3, german edition.
Besides I couldn't see any Perl version in his advisory.. or maybe I'm
just too blind to see it..
*getsmorecoffeetostartwakingup*
Reproduced with 5.6.1/win95.
On Mon, 17 May 2004, [EMAIL PROTECTED
On Tuesday 18 May 2004 09:16, Geo. wrote:
> Does anyone know what's causing the port 5000 scans yet?
>
> http://isc.incidents.org/port_details.php?isc=b4827221b7f45feeb0c12bc5040ca
> bc9&port=5000&repax=1&tarax=2&srcax=2&percent=N&days=10&Redraw=Submit+Query
According to yesterday's SANS Handler's
I've spend some time with this topic. Thinking about it, that is. Here
we are, in a "free" country. Hypothetically, each of us, as a citizen
needs to participate in the framework structure of our country. As of
now, the general citizen does that through taxes. Officially, we still
have a d
On Tue, 2004-05-18 at 08:16, Geo. wrote:
> Does anyone know what's causing the port 5000 scans yet?
>
> http://isc.incidents.org/port_details.php?isc=b4827221b7f45feeb0c12bc5040cab
> c9&port=5000&repax=1&tarax=2&srcax=2&percent=N&days=10&Redraw=Submit+Query
Why yes. http://isc.sans.org/index.php
>Guys,
>
> I did a snoop from our tech sandbox (xx) to port 389 using
> the following command: 'snoop -v port 389' (without the quotes).
> The attached file shows a segment of the results. Notice the line:
>
> ETHER: Destination = 0:0:5e:0:1:1, U.S. Department of Defense
> (IANA)
>
>
[EMAIL PROTECTED] wrote:
Do they draft 21 year-olds in Germany?
Yes, they do. You can get drawn in until you're 27, but there are plenty
ways out of it as well.
No, that has been changed in the past. If you're 23 years old or above
you are not even longer needed by the military. Also they
Geo. wrote:
Does anyone know what's causing the port 5000 scans yet?
http://isc.incidents.org/port_details.php?isc=b4827221b7f45feeb0c12bc5040cab
c9&port=5000&repax=1&tarax=2&srcax=2&percent=N&days=10&Redraw=Submit+Query
Supposedly...
http://isc.sans.org/diary.php?date=2004-05-17
--
Dave Ockwell
On Tue, 18 May 2004 11:03:40 +0200 Axel Beckert <[EMAIL PROTECTED]> wrote:
> Am Mon, May 17, 2004 at 10:23:56PM +0200, [EMAIL PROTECTED] schrieb:
> > i played around with ActiveState's ActivePerl for Win32, and crashed
> > Perl.exe with the following command:
> >
> > perl -e "$a="A" x 256; system(
> This is probably the new mail notification service used by Exchange. See
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;264035
Thank you, I've missed this. Nevertheless, I've tried what the article
suggests with _no_ success. Moreover, it seems that other Office
(2003) suite applicati
Hi..
Volker Tanger wrote:
Your command line parameters for perl.exe are probably:
1.) -e
2.) "$a="
3.) A
4.) " x 256; system($a)"
Thus are you sure you get $A set with 256 "A"s?
In short: He doesn't.. Perl will just issue a syntax error ;)
Besides:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
"Lead to unexpected behavior?" That is definately not the candor and
honesty the world expects from what may be the leading Linux
distribution, or any open source project. It reeks of proprietary
vendor risk whitewashing. Either you don't understand the
Ondrej Krajicek wrote:
>PS: [1] ...netstat wouldn't do, it does not display pid (or something).
netstat -AnO will display PIDs, and tasklist will display filenames + PIDs
(on WXP and W2k3).
___
Full-Disclosure - We believe in it.
Charter: http://lists.
Does anyone know what's causing the port 5000 scans yet?
http://isc.incidents.org/port_details.php?isc=b4827221b7f45feeb0c12bc5040cab
c9&port=5000&repax=1&tarax=2&srcax=2&percent=N&days=10&Redraw=Submit+Query
Geo.
___
Full-Disclosure - We believe in it
"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
> i played around with ActiveState's ActivePerl for Win32, and crashed
> Perl.exe with the following command:
>
> perl -e "$a="A" x 256; system($a)"
Ditto -- "v5.8.0 built for MSWin32-x86-multi-thread" on Win2K SP4 plus
all but last week's securit
Guys,
I did a snoop from our
tech sandbox (xx) to port 389 using the
following command:
'snoop -v port 389' (without the quotes). The attached
file shows a segment
of the results. Notice the line:
ETHER:
Destination = 0:0:5e:0:1:1, U.S.
Department of Defense
(IANA)
I think we found what to do with this guy. You always need another hand to dig latrines
and clean them out.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
[EMAIL PROTECTED]
___
Full-Disclosu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 18 May 2004 [EMAIL PROTECTED] wrote:
> well, i just donated $10 USD long live the criminals
May Roger Ebert spit on you for eternity...
(google for Boulder Pledge)
> - Original Message -
> From: "John Galt" <[EMAIL PROTECTED]>
> To:
Hi,
On Tue, 2004-05-18 at 13:58, Jos Osborne wrote:
> Hmmm...compulsory national service...what a cheap way of getting a labour force.
> I'm mixed on my views on this - on the one hand having this labour force is a good
> thing, and a younger me could have definately done with having some discipl
Hi!
Am Mon, May 17, 2004 at 10:23:56PM +0200, [EMAIL PROTECTED] schrieb:
> i played around with ActiveState's ActivePerl for Win32, and crashed
> Perl.exe with the following command:
>
> perl -e "$a="A" x 256; system($a)"
>
> I wonder if this bug isnt known?!? Because system() is a very common
Hmmm...compulsory national service...what a cheap way of getting a labour force.
I'm mixed on my views on this - on the one hand having this labour force is a good
thing, and a younger me could have definately done with having some discipline and
structure, but then again reports of what used to
Hi,
On Tue, 2004-05-18 at 11:59, Larry Seltzer wrote:
> There's more evidence from this story that he's a "coward" than a "pacifist"
>
> Do they draft 21 year-olds in Germany?
Yes. Every German male citizen can be drafted until he is 27 or in the
case that he studied medical science he can be d
Hi Stef.
I understood as much as this guy wanted if anyone could reproduce it.
And I understood that he himself was running an x86-system (which I
mentioned). And then I just let you know that unix doesn't seem to be
affected. Sorry if I did anything wrong.
On May 18, 2004, at 07:16, Stef wrote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 504-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
May 18th, 2004
C:\Documents and Settings\Bill>Perl -v
This is perl, v5.8.0 built for MSWin32-x86-multi-thread
(with 1 registered patch, see perl -V for more detail)
Copyright 1987-2002, Larry Wall
Binary build 802 provided by ActiveState Corp. http://www.ActiveState.com
Built 00:54:02 Nov 8 2002
Perl may b
[EMAIL PROTECTED] to me:
> Actually reading what C2 *required* is quite enlightening.
More "worrying" given that MS' focus on getting C2 certified was to be
able to bid for the "more lucrative" DoD and related contracts that
required C2-level systems (no matter how arbitrarily -- incredibly few
Alexander Schreiber <[EMAIL PROTECTED]> to me:
> Sorry, in a networked world, C2 ist just a bad joke. ...
Well, at least "weak"...
> ... Keep in mind, that
> you do not get a blank certificate for 'this OS', but the certification
> always is for the full OS/hardware combo. No, you can't purcha
> Do they draft 21 year-olds in Germany?
Yes, they do. You can get drawn in until you're 27, but there are plenty
ways out of it as well.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
> Emails from the suspect showed he wanted to leave Germany to avoid
> military service. This, combined with the seriousness of computer
> sabotage charges he faced, led police to initially oppose bail. Police
> have now relented after the suspect agreed to surrender his identity
> papers and repor
There's more evidence from this story that he's a "coward" than a "pacifist"
Do they draft 21 year-olds in Germany?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[m
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
e-matters GmbH
www.e-matters.de
-= Security Advisory =-
Advisory: phpMyFAQ local file inclusion vulnerability
Release Date: 2004/05/18
Last Modified: 2004/05/18
http://www.theregister.co.uk/2004/05/17/phatbot_suspect_bailed/
Phatbot suspect released on bail
By John Leyden, The Register, 17 May 2004
The suspected author of the Phatbot Trojan was released on bail last
Friday after spending a week in custody. German authorities arrested
the 21-year-old co
Dear [EMAIL PROTECTED],
Seems not to ve Active Perl specific:
Y:\>perl -e "$a="A" x 256; system($a)"
Exception: STATUS_ACCESS_VIOLATION at eip=610760D4
eax=41004141 ebx= ecx=0022F748 edx=0022F748 esi=0A052A18 edi=
ebp=0022F730 esp=0022F5C8 program=y:\cygwin\bin\perl.exe
cs=001B ds
73 matches
Mail list logo