Jelmer writes:
Because we avoid the adodb.stream issue all together,
You can patch it, but if you leave open other issues, well it's pointless
Instead we just swap in this instead of the old shellcode:
[snip PoC]
Well, the problem with ADODB.Stream wasn't executing files, it was writing
them
your long post seems like an advanced FUD to me.
according to your reasoning there should be a lot of worms and exploits
for
apache because of its market share. fact is ii$ is plagued by worms and
exploits though it has a small market share.
Actually, you're both wrong, in my opinion. :-)
Barry Fitzgerald [EMAIL PROTECTED] wrote:
Matthew Murphy wrote:
For instance, we can safely say that approx. 25% of all webservers are
GNU/Linux and the vast majority of those run Apache. Of those,
approximately 50% are the latest version of Red Hat (this is an
assumption, but I think it's
Hugh Mann [EMAIL PROTECTED] writes:
3. If someone can trace the origin of this worm, it might shed light on
the
origin of SQL Slammer as well?
Definitely a big NO.
Indeed this does appear to be accurate. While it looks as though the worm
is technically similar to Slammer, think about the
William Warren [EMAIL PROTECTED] wrote:
Beaty, Bryan wrote:
Correct me if I am wrong but...
I believe every worm listed below could have been prevented had everyone
patched their systems.
the blaster worm preceded the patch so this argument is DOA
Actually, you're dead wrong on that
From: Geoincidents [EMAIL PROTECTED] wrote:
Matthew Murphy [EMAIL PROTECTED] wrote:
Even though MS, by the time you factor in the large number of components
they ship, has had many times fewer patch releases than competing Linux
distributions?
Microsoft has been playing a game where
Bruce Ediger [EMAIL PROTECTED] wrote:
On Fri, 26 Sep 2003, Rick Kingslan wrote:
I'll not argue that the Windows operating systems are the target of the
majority of virus', but that's typically what happens when a system is
used
by a known large group of people that might not be qualified
Georgi Guninski [EMAIL PROTECTED] writes:
So you are collecting 0days for free, put them in a lame database and
whine more
than a script kiddie this is a hard job?
You have absolutely no point here, Georgi. The CVE for one is hardly a
database -- it is more or less a list of lists of
To list: My first message was clipped. My apologies!
Some good points.. HOWEVER, in todays world, we must balance the right
of users to know EVERY DETAIL about the exploits that could be used
against them, with the fact that the hackers generally ALREADY KNOW
these details.
In some cases
- Original Message -
From: Johan Denoyer [EMAIL PROTECTED]
To: Jasper Blackwell [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, August 12, 2003 6:09 AM
Subject: Re: [Full-Disclosure] MSblast worm
worms affects :
Microsoft Windows NT 4.0
Microsoft Windows 2000
Microsoft
Maarten [EMAIL PROTECTED] writes:
I was wondering about the following scenario:
Lots of corporate network are protected by firewalls and users are forced
to
use a proxy server to connect to the internet. Because of the firewalling,
the worm will not be able to infect the clients directly
Tri Huynh writes:
[snip]
VULNERABLE VERSIONS: MCWNDX is an ActiveX shipped with Visual Studio 6 to
support multimedia programming.
[big snip]
Has anyone actually seen this control in-the-wild? I have Visual C++ 6.0,
and Visual Basic 6.0 installed here (full installs, IIRC), and a search for
Nick FitzGerald [EMAIL PROTECTED] writes:
And, of course, if MS started messing with the DNS entries for
windowsupdate.com, it would be cutting an awful lot of users off from
much needed updates. which could be as disturbing as the rest of the
worm's effects...
Well, this could potentially be
The security alliance around Microsoft is trying to push its reasonable
vulnerability disclosure guidelines, which seeks to prevent security
researchers from publishing proof-of-concept code alltogether, and wants
them to make only limited, next to useless, information about security
flaws
Mark Bassett writes:
Anyone else getting message dupes? The same messages keep coming to me,
and half the time I get the re: to the questions before I get the post
With the question. wtf? Am I the only one?
I believe this was described in a previous Administrivia posting entitled
Duplicate
Jason Coombs writes:
Had the distribution binaries been modified, ISS may well
have been bankrupted by customer lawsuits for negligence.
Perhaps you could cite a legal case somewhere in the world that backs up
this
assertion. To my knowledge nobody has ever lost a penny in court due to
this
Some good points.. HOWEVER, in todays world, we must balance the right
of users to know EVERY DETAIL about the exploits that could be used
against them, with the fact that the hackers generally ALREADY KNOW
these details.
In some cases (MS03-007, for instance), that is correct. However, in
Mike Garegnani writes:
[snip]
all that was posted was a guid, and not to mention it was a 404 so
aside from your post showing up somewhere in a log it won't be used or
even
seen for that matter. but it certainly can be a security issue.
[snip]
Um, since when did 404's guarantee that data
Richard Smith writes:
Is it possible to also crash a Web server hosted on a Windows box using
a URL something like:
http://www.somebody.com/aux
If this particular URL is okay, maybe there are other URLs that will
cause a crash. For example, POSTing a form to a URL containing AUX.
Multiple Vulnerabilities in mod_gzip Debugging Routines
I. Synopsis
Affected Systems: mod_gzip 1.3.26.1a and prior
Risk:
* Development: High
* Production: Minimal
Developer URL: http://www.sourceforge.net/projects/mod-gzip
Status: Vendor is not supporting project at this time.
II.
After additional analysis of the Apache 2.x vulnerability described in
iDEFENSE advisory #053003 (APR vulnerability), I have found additional
modules associated with Apache that are vulnerable to this exploit. Users
running any of the following:
mod_alias**
mod_dav/mod_dav_fs
mod_dir**
Buffer Overflow
# Discovery/Exploit by Matthew Murphy
use IO::Socket;
print STDOUT What host to connect to \[\]\: ;
$host = trim(chomp($line = STDIN));
print STDOUT What port to connect to \[80\]\: ;
$port = trim(chomp($line = STDIN));
$addr = $host\:$port;
print STDOUT What script to submit
Pardon my delurk, but this is very strange worm behavior. We are seeing
100 SQL Worms per second from a single IP address on Telstra. This is
about 10k times the level of activity we are seeing from any other
address.
That is certainly odd.
Anyone here either know anyone at Telstra who
I've completed an analysis of the 'Sapphire' SQL worm targeting MS-SQL
servers. Some have reported massive slowdowns. An interesting part of this
worm results from its use of UDP. Attacked hosts/networks may generate ICMP
Host/Port Unreachable messages in response to a Sapphire attack,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ABSTRACT
Webster HTTP Server is an HTTP/1.0 server written in C++ using Microsoft
Foundation Classes (MFC). It runs on Windows 95, 98, NT, 2000, Me, and XP
platforms. It was first published as a sample application in Microsoft
Journal (MSJ).
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
There are multiple buffer overflow bugs in pServ that could lead to a remote
(root?) compromise of public servers running the daemon:
ABSTRACT
Pico Server (pServ) is a freeware web server available at
pserv.sourceforge.net running on many POSIX
Provide a little clarification please.
Can you or can you not access files after giving a bogus password?
Other than a log issue, are you claiming and real exposure or
privledge elevation ?
I guess what I'm trying to say is that it *appears* to yield control, but
we know it messes with logging.
phpNuke Module Vulnerabilities Enable Identity Theft
Systems Affected: phpNuke 6.5b1 and prior (all operating systems)
Risk: High
Impact: Identity Theft/Impersonation/Privilege Elevation
Scenario: Cross-site scripting flaws enabling cookie theft
Description
phpNuke is a popular, and very
BadBlue is a P2P/Web server offered for Microsoft Windows operating systems
by Working Resources. It has a bad security record -- file disclosure,
remote administration, denials of service, buffer overflows, directory
traversals, and more cross-site scripting flaws than I care to count. We
can
acFTP is an open-source FTP daemon for Windows platforms
(http://www.sourceforge.net/projects/acftp) that offers more functionality
than many proprietary servers (including the MS FTP service). The
authentication code of acFTP contains a flaw -- specifically, the server
treats users as logged in
Product Information
acFreeProxy (aka acfp) is an HTTP/1.x proxy for Microsoft Windows
environments. It offers caching, and several other features, and has a
plug-in format designed for extensibility. A flaw in the product may allow
attackers to execute content across domains.
Description
The
Christopher Fillion's Perception offers LiteServe, the server suite that has
recently been the subject of intensive security research. Another
vulnerability has been discovered in LiteServe. The vulnerability this time
lies in LiteServe's URL decoder, once again part of the HTTP service.
There are three different places in the directory index of LiteServe where
unsanitized user input is returned to the browser. The first is yet another
wildcard DNS vulnerability, the second centers around query strings.
Write-Up: http://www.techie.hopto.org/vulns/2002-37.txt
* DNS Wildcard XSS
The Irony:
The comment lines directly above the expose_php directive in the default
config file specifically say that it is no security threat, but having
it
enabled opens you to an XSS? Food for thought...
Sorry but this is simply not true. You are only vulnerable if you provide
a script
PHP Information Functions May Allow Cross-Site Scripting
Write-Up: http://www.techie.hopto.org/vulns/2002-36.txt
The phpinfo() debugging function is a useful tool to diagnose the causes of
errors in applications, particularly those relating to individual
environments. The procedure outputs
PHP's header() function is used to modify HTTP header information by
specifying a header line, such as this:
?php header(Location: http://www.yahoo.com/;); ?
It is commonplace to see things such as this:
--- REDIR.PHP ---
?php header(Location: $_GET['$url']); ?
--- REDIR.PHP ---
36 matches
Mail list logo