En mon absence, toute demande concernant les réseaux doit être envoyée au
mail : [EMAIL PROTECTED] ou (ars_transpac pour tout incident lié à ce réseau)
En cas d'urgence, Vous pouvez contacter :
La Hot-line Réseaux : 01 49 15 32 53
François LEVEQUE au 01 49 15 30 56
Pascal PAINPARAY au 0
En mon absence, toute demande concernant les réseaux doit être envoyée au
mail : [EMAIL PROTECTED] ou (ars_transpac pour tout incident lié à ce réseau)
En cas d'urgence, Vous pouvez contacter :
La Hot-line Réseaux : 01 49 15 32 53
François LEVEQUE au 01 49 15 30 56
Pascal PAINPARAY au 0
On Tue, 14 Dec 2004 15:44:41 PST, n30 said:
> Guys,
>
> Looking for few interesting security breach stories...
>
> Any database / sites that capture these??
Well, there's a problem - where do you get the stories?
The black hats probably won't be sharing their version of the stories
(at least un
MPlayer Bitmap Parsing Remote Heap Overflow Vulnerability
iDEFENSE Security Advisory 12.16.04
http://www.idefense.com/application/poi/display?id=168
December 16, 2004
I. BACKGROUND
MPlayer is a movie player for Linux that also runs on many other Unices,
and non- x86 CPUs. It plays most MPEG, VO
Veritas Backup Exec Agent Browser Registration Request Buffer Overflow
Vulnerability
iDEFENSE Security Advisory 12.16.04
http://www.idefense.com/application/poi/display?id=169
December 16, 2004
I. BACKGROUND
Backup Exec is a next generation backup and restore solution for
Microsoft Windows serve
I don't have allot to say on this topic as a whole which I have not
said before, so some of this is just repetition; maybe it'll be heard
this time. DoSing browsers will almost always be possible, as with any
other application, so long as you can load it up to process enough
information.
If the de
Short version:
-
http://www.markusjansson.net/erecent.html#comments
"The laptop computers used by members of parlament and their assistants
in here Finland have severe security holes. These laptop computers dont
have firewalls, file encryption and wiping tools, automatic update is
no
MPlayer MMST Streaming Stack Overflow Vulnerability
iDEFENSE Security Advisory 12.16.04
http://www.idefense.com/application/poi/display?id=167
December 16, 2004
I. BACKGROUND
MPlayer is a movie player for Linux that also runs on many other Unices,
and non- x86 CPUs. It plays most MPEG, VOB, AVI
On Tue, 14 Dec 2004 16:33:59 CST, wastedimage said:
> can anyone provide me with a traffic sample of this? I would really
> like to see if this is the actual exploit or just a script kiddy
> trying his little heart out.
What's this '*THE* actual exploit' stuff? These things are rarely unique ;)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: php
Advisory ID:
Net Worm Uses Google to Spread
http://it.slashdot.org/it/04/12/21/2135235.shtml?tid=220&tid=217&tid=169
-Original Message-
From: Mike [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 21, 2004 10:28 AM
To: [EMAIL PROTECTED]; L. Walker
Cc: [EMAIL PROTECTED]; full-disclosure@lists.netsys.c
Could be worse... at least they didn't include any of the recent IE
exploits in the defaced page. Given the popularity of phpbb, that
could have affected a *lot* of people really quickly.
-Brendan
___
Full-Disclosure - We believe in it.
Charter: http://l
I missed an important "F" on my previous post for these snort sigs.
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE
phpBB Highlighting Code Execution - Santy.A Worm";
flow:to_server,established; uricontent:"/viewtopic.php?"; nocase;
uricontent:"&highlight='.fwrite(fopen(
http://news.com.com/Yahoo+denies+family+access+to+dead+marines+e-mail/2100-1038_3-5500057.html?tag=st.prev
http://news.com.com/5208-1038-0.html?forumID=1&threadID=3847&messageID=21470&start=-1
___
Full-Disclosure - We believe in it.
Charter: http://lists
Sanity.A - phpBB <= 2.0.10 Web Worm Source Code (PoC)
http://www.k-otik.com/exploits/20041222.sanityworm.pl.php
__
Do you Yahoo!?
Yahoo! Mail - Find what you need with new enhanced search.
http://info.mail.yahoo.com/mail_250
En mon absence, toute demande concernant les réseaux doit être envoyée au
mail : [EMAIL PROTECTED] ou (ars_transpac pour tout incident lié à ce réseau)
En cas d'urgence, Vous pouvez contacter :
La Hot-line Réseaux : 01 49 15 32 53
François LEVEQUE au 01 49 15 30 56
Pascal PAINPARAY au 0
===
Ubuntu Security Notice USN-41-1 December 17, 2004
samba vulnerability
CAN-2004-1154
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
On Wednesday 15 December 2004 15:48, [EMAIL PROTECTED] wrote:
> Not by disabling the syscall but by replacing it in the manner that a
> rootkit replaces syscalls. Build a new kernel from the same
> source/config except for patch. Replace syscalls where there is change.
> Practical?
> Stable?
> No
When I was testing Google Groups Beta
(http://groups-beta.google.com/group/n3td3v) I found the script tags
executed on the Google Groups site. This only seems to work while
clicking on a reply thread, using the reply menu, featured on a given
groups homepage, when an older thread gets a reply.
If
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
On Tue, 2004-12-14 at 15:44 -0800, n30 wrote:
> Guys,
>
> Looking for few interesting security breach stories...
>
> Any database / sites that capture these??
http://www.mynetwatchman.com
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue
http://www.bsrf.org.uk
[ gpg --recv-keys -
Script injection in Google Groups Beta. If a user views a thread
carefully crafted by a malicious user, then the script executes,
instead of the thread.
Concept:
http://groups-beta.google.com/group/n3td3v/browse_thread/thread/2379f18f5986c985
All users are vulnerable.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Front what I have read, this can happen in any phpbb version lower than 2.0.11
This exploit is becoming frequent. Normally uploading a ddos bot.
Mark
Quoting "L. Walker" <[EMAIL PROTECTED]>:
> Just spotted two clients hit by this. One client didnt update his
> software (PHP 4.3.4, Apache 1.3.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
-BEGIN PGP SIGNED MESSAGE-
__
SUSE Security Announcement
Package:kernel
Announcement-ID:SUSE-SA:2004:044
Date: Tuesday, D
===
Ubuntu Security Notice USN-43-1 December 20, 2004
groff vulnerabilities
http://bugs.debian.org/286371,
http://bugs.debian.org/286372
===
A security issue affects the follo
on Tue Dec 21 14:54:44 EST 2004, Ron DuFresne wrote
> the non std port advice is not worth much, security through
> obscurity kinda thing.
wrong. non standard port helps quite well against automated scans.
most targets nowadays are searched via automated scans. if you are
painted red, you get att
On Tue, 21 Dec 2004, ALD, Aditya, Aditya Lalit Deshmukh wrote:
> I am going to install OpenSSH in one of my servers, but I want to make
> >sure it is secure.
> >Does anybody know about vulnerabilites on OpenSSH, if yes, would you
> >like to suggest me another remote secure shell ?
>
> There is a s
There is some information regarding this here:
http://www.pcpro.co.uk/news/67505/santya-sparks-messageboard-infection-epidemic.html
On Tue, 21 Dec 2004 07:32:20 -0800, Alex Schultz <[EMAIL PROTECTED]> wrote:
> Some of the sites I administer were alledgedly hit by a worm last night.
> It overwro
The search query used by the Santy worm uses the following template
(parentheses contain substitution choices and are not part of the
literal template) :
http://www.google.com/search?num=100&hl=en&lr=&as_qdr=all&q=allinurl%3A+%22viewtopic.php%22+%22
(random choice between "t", "p", and "topic")
Product:Gadu-Gadu,
all available versions including the latest (6.1 build156)
Vendor: SMS-EXPRESS.COM (http://www.gadu-gadu.pl)
Impact: Remote Denial of Service
Severity: Important
Author: Maciej Soltysiak <[EMAIL PROTECTED]>
Advisory: htt
On December 21, 2004 07:32, Alex Schultz wrote:
> Some of the sites I administer were alledgedly hit by a worm last night.
> It overwrote all .php/.html files that were owner writable and owned by
> apache.
> NeverEverNoSanity WebWorm generation 17.
Looks like this is the fallout from a recent
En mon absence, toute demande concernant les réseaux doit être envoyée au
mail : [EMAIL PROTECTED] ou (ars_transpac pour tout incident lié à ce réseau)
En cas d'urgence, Vous pouvez contacter :
La Hot-line Réseaux : 01 49 15 32 53
François LEVEQUE au 01 49 15 30 56
Pascal PAINPARAY au 0
On Fri, Dec 17, 2004 at 11:23:38AM +0100, Jaroslaw Sajko wrote:
> Product: Gadu-Gadu, build 155 and older
> Vendor: SMS-EXPRESS.COM (http://www.gadu-gadu.pl)
> Impact: Script execution in local zone,
> Remote DoS
> Severity: High
> Authors: Bl
There were several serious holes just released in 4.3.9 of PHP. That is
a possible attack vector from what you are saying. Get 4.3.10 of PHP for
sure. As far as what this does or what all it would do, someone needs to
get a good catch of it.
Anyone ready to setup a box? =)
> -Original Messag
[EMAIL PROTECTED] wrote:
Send Full-Disclosure mailing list submissions to
full-disclosure@lists.netsys.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.netsys.com/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
Hello
Long time has passed since advisories like
http://www.securityfocus.com/archive/1/348368
http://www.guninski.com/php1.html
for now we can only play with it :)
[-ap.ha.-]
http://projects.emiraga.com/hijack_apache/hijack_apache-0.1a.tar.gz
- hijacks only http connections on apache and apac
http://www.viruslist.com/en/weblog
http://isc.sans.org/diary.php?date=2004-12-21
Cheers,
Phil
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Alex Schultz
> Sent: 21 Decem
* Jack Shell wrote:
> Problem:
> Seems harmless right? Well, if someone was to send a request of
> "\x1a\x09" or with "\x1a\x09" at the end to a server/client running on
> a Python 2.3 platform, it could cause a denial of service.
>
> POC?:
> I tested this out by sending "GET \x1a\x09 HTTP/1.0\r\n
Affected Products:
Faronics FreezeX v. 1.00.100.0666
(http://www.faronics.com/html/Freezex.asp)
Author:
Xenzeo
FreezeX is a program that promise, it can prevent executable files from
beeing run on windows OS.
FreezeX has a database of every file from when it was installed
Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability
iDEFENSE Security Advisory 12.21.04
www.idefense.com/application/poi/display?id=172&type=vulnerabilities
December 21, 2004
I. BACKGROUND
Xpdf is an open-source viewer for Portable Document Format (PDF) files.
II. DESCRIPTION
Remote
Does this affect PHPBB2 in general, or is it platform specific as well?
Mike Fetherston
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, December 21, 2004 12:47 PM
> To: L. Walker
> Cc: [EMAIL PROTECTED]; full-disclosure@lists.netsys.com
> Subject:
On Tue, 2004-12-21 at 10:32, Alex Schultz wrote:
> Some of the sites I administer were alledgedly hit by a worm last night.
> It overwrote all .php/.html files that were owner writable and owned by
> apache. The worm put the following html in place of what was there:
>
>
>
> This site is d
On Sat, 2004-12-18 at 01:49 -0200, Carlos de Oliveira wrote:
> Hi there!
>
> I am going to install OpenSSH in one of my servers, but I want to make
> sure it is secure.
> Does anybody know about vulnerabilites on OpenSSH, if yes, would you
> like to suggest me another remote secure shell ?
OpenSS
--On Tuesday, December 21, 2004 07:32:20 AM -0800 Alex Schultz
<[EMAIL PROTECTED]> wrote:
Some of the sites I administer were alledgedly hit by a worm last night.
It overwrote all .php/.html files that were owner writable and owned by
apache.
We were running apache 2.0.52 and php 4.3.9. Have any
In addition to your post here is some more info.
http://isc.sans.org/
-Original Message-
From: L. Walker [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 21, 2004 4:23 AM
To: [EMAIL PROTECTED]
Cc: full-disclosure@lists.netsys.com
Subject: Worm hitting PHPbb2 Forums
Importance: High
Hello,
>Possible apache2/php 4.3.9 worm
Confirm, it's an epidemic. The worm is called Perl.Santy.A.
Remedy is here (unofficial):
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513
Continous info about the worm is here:
http://www.f-secure.com/weblog/
There were 40k+ infected http servers a
To be fair to the often hated, this may be why they do this:
http://msdn.microsoft.com/workshop/networking/moniker/overview/appendix_a.asp
Contrary to RFC2616.
To quote some documentation of years ago:
"If you have a file of a well-known type (e.g. .pdf) and send it with
a freely invented MIME-
- --
De_aap security advisory 1
December 20th, 2004
- --
Package: rftpd 2 and rpf 1.2.2
Vulnerability : buffer overflows, race conditions, intege
Some of the sites I administer were alledgedly hit by a worm last night.
It overwrote all .php/.html files that were owner writable and owned by
apache. The worm put the following html in place of what was there:
This site is defaced!!!
This site is defaced!!!
NeverEverNoSanity Web
some thing in the way of my mail delivery
- wrote:
This message has been processed by the Brightmail(tm) Anti-Virus
Solution using
Symantec's Norton AntiVirus Technology.
top-level-msg was infected with the malicious virus MHTMLRedir.Exploit
and has been deleted because the file cannot be cleaned
===
Ubuntu Security Notice USN-44-1 December 21, 2004
perl vulnerabilities
CAN-2004-0452
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog
==
Secunia Research 21/12/2004
- Spy Sweeper Enterprise Client Privilege Escalation Vulnerability -
==
Table of Contents
Affected Softw
I am going to install OpenSSH in one of my servers, but I want to make
>sure it is secure.
>Does anybody know about vulnerabilites on OpenSSH, if yes, would you
>like to suggest me another remote secure shell ?
There is a strong possibility that open port 22 will start attracting script
kiddie
Hi,
I am sorry but the server I had the advisory and the POC at went down last
night
while I was at home already. It is up and running now, sorry for the
inconvenience
Regards,
Maciej
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys
[Big snip]
> > For those of you who already have a "mailing list only"
> > e-mail address and a seperate address for work
> > related/corporate/company matters, do you see a different
> > level of unsolicited spam, compared to the work address or
> > other private e-mail address for friends and fa
==
Secunia Research 21/12/2004
- My Firewall Plus Privilege Escalation Vulnerability -
==
Table of Contents
Affected Software..
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
> Yeah the last time I can remember that someone tried that on FD, was
> that some called exploit that had a IRC trojan in it...it was discovered
> after about 5 secs..lol
Ah yes - that perl script that magically appeared in the tmp
directory. heh, hey, can't blame the guy for trying.
Also to tou
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
I got anonyed that the dev php response to this was curl's issue and to turn
off curl local file access so here is a hax work around i wrote maybe they will
get off there arses and submit something like this in the next release.
in ext/curl/curl.c, add the following to the function
"PHP_FUNC
IBM AIX chcod Local Privilege Escalation Vulnerability
iDEFENSE Security Advisory 12.20.04
www.idefense.com/application/poi/display?id=170&type=vulnerabilities
December 20, 2004
I. BACKGROUND
The chcod program is a setuid root application, installed by default
under newer versions of IBM AIX, th
IBM AIX invscout Local Command Execution Vulnerability
iDEFENSE Security Advisory 12.20.04
www.idefense.com/application/poi/display?id=171&type=vulnerabilities
December 20, 2004
I. BACKGROUND
The invscout program is a setuid root application, installed by default
under newer versions of IBM AIX
64 matches
Mail list logo