From chedder1 at gmail.com  Thu Feb  1 02:48:12 2007
From: chedder1 at gmail.com (chedder1 at gmail.com)
Date: Wed, 31 Jan 2007 18:48:12 -0800
Subject: [Full-disclosure] PC/Laptop microphones
In-Reply-To: <20070130180447.EA91BDA84B@mailserver8.hushmail.com>
References: <20070130180447.EA91BDA84B@mailserver8.hushmail.com>
Message-ID: <20070201024812.GA2790@cheesebox.vc.shawcable.net>

Last i checked, the klan was defined as a terrorist organization... 
Fighting terrorism with more terrorism is very effective in eleminating terrorism.
Also, do not forget peanuts kill many more americains each year, who is fighting the god damned peanuts!

... Damned peanuts
On Tue, Jan 30, 2007 at 01:04:46PM -0500, auto458033 at hushmail.com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> YOU AREN'T EVEN AN AMERICAN
> 
> MUSLIM TERRORISTS LIKE YOU ARE RESPONSIBLE FOR KILLING A YOUNG MAN
> ON THIS LIST
> 
> AT LEAST YOUR KURAN COMES IN TWO-PLY NOW
> 
> FUCK YOU TERRORIST I WILL SEND THE KLAN AFTER YOU GET OUT OF MY
> COUNTRY BUT CRASH A PLANE INTO SIMON FIRST
> 
> THANKS

-- 
 _______________________________________________
|hello, my name is				|
|       .__               .___  .___            |
|  ____ |  |__   ____   __| _/__| _/___________ |
|_/ ___\|  |  \_/ __ \ / __ |/ __ |/ __ \_  __ \|
|\  \___|   Y  \  ___// /_/ / /_/ \  ___/|  | \/|
| \___  >___|  /\___  >____ \____ |\___  >__|   |
|    \/     \/     \/     \/    \/    \/        |
|            http://chedder.hacked.in           |
|_______________________________________________|
           "You don't exist. Go away"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070131/dfb1cafe/attachment.bin 

From nytrokiss at gmail.com  Thu Feb  1 02:47:16 2007
From: nytrokiss at gmail.com (James Matthews)
Date: Wed, 31 Jan 2007 21:47:16 -0500
Subject: [Full-disclosure] Defeating Microsoft Office Genuine Advantage
	(OGA) Check
In-Reply-To: <698856.8592.qm@web60924.mail.yahoo.com>
References: <698856.8592.qm@web60924.mail.yahoo.com>
Message-ID: <8a6b8e350701311847y33e0c4afqba77a75924061b11@mail.gmail.com>

I use some of the same methods that the author uses the fact remains that
securing a OS and it's downloads is like looking for a diamond in a beach!

On 1/31/07, Simon Roberts <thorpflyer at yahoo.com> wrote:
>
>
> ----- Original Message ----
> On 1/30/07, Debasis Mohanty <debasis.mohanty.listmails at gmail.com> wrote:
> > Some lame methods to defeat a lame attempt to *prevent* Piracy or
> illegal
> > usage of software -
> >
> > http://hackingspirits.com/vuln-rnd/vuln-rnd.html
> >
> > -d
>
> I find it amusing that the author of this PoC code took the trouble to
> assert copyright on his code!
>
>
>
>
>
>
>
>
> ____________________________________________________________________________________
> Now that's room service!  Choose from over 150,000 hotels
> in 45,000 destinations on Yahoo! Travel to find your fit.
> http://farechase.yahoo.com/promo-generic-14795097
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.goldwatches.com
http://www.wazoozle.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070131/915571b7/attachment.html 

From mkmaxx at gmail.com  Thu Feb  1 11:10:38 2007
From: mkmaxx at gmail.com (v3dt3n)
Date: Thu, 1 Feb 2007 16:40:38 +0530
Subject: [Full-disclosure] PC/Laptop microphones
Message-ID: <44952da30702010310y1e88be41kadb884f8ca4121f7@mail.gmail.com>

>
> No Offense, but why would he send you any of that. Get a life... You
> know the ones that exist away from your computer. Its ALMOST funny
> reading you, then I realize that this is an actual person and I have to
> shed a  tear because humanity has stooped to new levels of ignorance.


Not really Natural selection should take care of him sooner or later.

n33tty: buzz off..

--
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070201/ecee8c5b/attachment.html 

From TLR at portcullis-security.com  Thu Feb  1 09:52:18 2007
From: TLR at portcullis-security.com (Thomas L. Romanis)
Date: Thu, 1 Feb 2007 09:52:18 -0000
Subject: [Full-disclosure] stompy the session stomper - tool availability
Message-ID: <78FA4E96C9E69341989E9416E06225DBC28860@tgbex.otl.portcullis-security.com>

IT would help if DansGuardian did stop you downloading the updated
version! ; )

 

-----Original Message-----
From: listbounce at securityfocus.com [mailto:listbounce at securityfocus.com]
On Behalf Of Michal Zalewski
Sent: 31 January 2007 23:19
To: webappsec at securityfocus.com
Cc: bugtraq at securityfocus.com; full-disclosure at lists.grok.org.uk
Subject: Re: stompy the session stomper - tool availability

On Sat, 27 Jan 2007, Michal Zalewski wrote:

> I'd like to announce the availability of 'stompy', a free tool to 
> perform a fairly detailed black-box assessment of WWW session 
> identifier generation algorithms.

I'm genuinely surprised by the amount of (mostly positive ;-) feedback I
got! Just an one-time, quick heads up: in response to numerous
suggestions, I added a couple of fairly significant features to the tool
that should make it capable of discovering far more - so if you
downloaded it several days ago, you might want to update your copy:

  - It now supports SSL connections, custom-crafted requests including
    POSTs, and input from external sources (for evaluation of non-WWW
    tokens of any type),

  - It now uses GNU MP library to losslessly handle alphabets that do
not
    directly map to binary (this is big),

  - Can run spatial correlation checks as well as temporal analysis of
    bitstreams in acquired samples,

  - The output is much more readable, some minor bugs were fixed.

A much better documentation is available, as well. The tarball for
version
0.04 is available here: http://lcamtuf.coredump.cx/stompy.tgz

Regards (and shutting up!),
/mz

------------------------------------------------------------------------
-
Sponsored by: Watchfire

Today's hackers exploit web applications to expose, embarrass and even
steal. Firewalls and SSL may be commonplace but recent studies indicate
3 out of 4 websites remain vulnerable to attack. Watchfire's "Addressing
Challenges in Application Security" whitepaper, explains what to do and
provides a guideline to improving your own application security. 
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHF
------------------------------------------------------------------------
--



 




*************************************************************
The information in this email is confidential and may be
legally privileged. It is intended solely for the addressee.
Any opinions expressed are those of the individual and do not
represent the opinion of the organisation. 
Access to this email by persons other than the intended
recipient is strictly prohibited.
If you are not the intended recipient, any disclosure, copying,
distribution or other action taken or omitted to be taken in
reliance on it, is prohibited and may be unlawful. 
When addressed to our clients any opinions or advice contained
in this email is subject to the terms and conditions expressed
in the applicable Portcullis Computer Security Limited terms
of business.
**************************************************************



From kokanin at gmail.com  Thu Feb  1 11:48:13 2007
From: kokanin at gmail.com (=?ISO-8859-1?Q?Knud_Erik_H=F8jgaard?=)
Date: Thu, 1 Feb 2007 12:48:13 +0100
Subject: [Full-disclosure] [Full-Disclosure] (Psexec on *NIX)
In-Reply-To: <20070131193123.89B6940002@mydoom.unipd.it>
References: <20070131193123.89B6940002@mydoom.unipd.it>
Message-ID: <a2e8ca0702010348x58ec0d57ga743a46403919975@mail.gmail.com>

> something similar to PSExec under linux.

ssh-keygen
ssh-add
for i in `cat serverlist` ; do ssh root@$i rm -rf / ; done



From research at matousec.com  Thu Feb  1 11:40:39 2007
From: research at matousec.com (Matousec - Transparent security Research)
Date: Thu, 01 Feb 2007 12:40:39 +0100
Subject: [Full-disclosure] Comodo Multiple insufficient argument validation
 of hooked SSDT function Vulnerability
Message-ID: <45C1D1B7.3050908@matousec.com>

Hello,

We would like to inform you about a vulnerability in Comodo Firewall Pro.


Description:

Comodo Firewall Pro (former Comodo Personal Firewall) hooks many functions in SSDT and in at least seven cases it fails 
to validate arguments that come from the user mode. User calls to NtConnectPort (CFP 2.4.16.174 is not affected), 
NtCreatePort (CFP 2.4.16.174 is not affected), NtCreateSection, NtOpenProcess, NtOpenSection, NtOpenThread and 
NtSetValueKey with invalid argument values can cause system crashes because of errors in CFP driver cmdmon.sys. Further 
impacts of this bug (like arbitrary code execution in the kernel mode) were not examined.


Vulnerable software:

     * Comodo Firewall Pro 2.4.16.174
     * Comodo Personal Firewall 2.3.6.81
     * probably all older versions of Comodo Personal Firewall 2
     * possibly older versions of Comodo Personal Firewall


More details and a proof of concept including its source code are available here:
http://www.matousec.com/info/advisories/Comodo-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php


Regards,

-- 
Matousec - Transparent security Research
http://www.matousec.com/



From shirkdog_list at hotmail.com  Thu Feb  1 15:47:54 2007
From: shirkdog_list at hotmail.com (M. Shirk)
Date: Thu, 01 Feb 2007 10:47:54 -0500
Subject: [Full-disclosure] [Full-Disclosure] (Psexec on *NIX)
In-Reply-To: <20070131193123.89B6940002@mydoom.unipd.it>
Message-ID: <BAY129-F25C40E4F858176927A015095A40@phx.gbl>

>Did you solve the problem? Have you been able to find out something
>interesting? Should I give up with this?

yes, yes, and yes.


Shirkdog
' or 1=1--
http://www.shirkdog.us





>From: Gianluca Giacometti <gianluca.giacometti at unipd.it>
>To: full-disclosure at lists.grok.org.uk
>Subject: [Full-disclosure] [Full-Disclosure] (Psexec on *NIX)
>Date: Wed, 31 Jan 2007 20:31:21 +0100
>
>Hi,
>some years later but we're having the same problem in our lab.
>I'm developing an administrative tool through an internal website in
>PHP, which runs on a linux machine. We have 150 computers and we
>already use some linux commands to interact with our computers
>through the website.
>Moreover I already use PSExec on my windows PCs to do all the stuff.
>What I would like to do is use just the website platform and for that
>reason I'm looking for something similar to PSExec under linux.
>Did you solve the problem? Have you been able to find out something
>interesting? Should I give up with this?
>
>Thank you very much in advance for any suggestion you can give me.
>
>Best regards
>
>Gianluca Giacometti
>
>
>Dr. Gianluca Giacometti
>PINECA - University of Padova
>via Marzolo, 9 - 35131 Padova (Italy)
>ph./fax +39 049 8275621
>e-mail: gianluca.giacometti at unipd.it
>skype: gianlucagiacometti
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/

_________________________________________________________________
Check out all that glitters with the MSN Entertainment Guide to the Academy 
Awards?   http://movies.msn.com/movies/oscars2007/?icid=ncoscartagline2



From pauls at utdallas.edu  Thu Feb  1 16:48:58 2007
From: pauls at utdallas.edu (Paul Schmehl)
Date: Thu, 01 Feb 2007 10:48:58 -0600
Subject: [Full-disclosure] [Full-Disclosure] (Psexec on *NIX)
In-Reply-To: <a2e8ca0702010348x58ec0d57ga743a46403919975@mail.gmail.com>
References: <20070131193123.89B6940002@mydoom.unipd.it>
	<a2e8ca0702010348x58ec0d57ga743a46403919975@mail.gmail.com>
Message-ID: <8711FCB949739D9308E22477@utd59514.utdallas.edu>

--On Thursday, February 01, 2007 12:48:13 +0100 Knud Erik H?jgaard 
<kokanin at gmail.com> wrote:

>> something similar to PSExec under linux.
>
> ssh-keygen
> ssh-add
> for i in `cat serverlist` ; do ssh root@$i rm -rf / ; done
>
For anyone who follows these instructions, let me know.  For a fee, I'll 
help you get back up and running.  :-)

Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pkcs7-signature
Size: 4085 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070201/c3e52ee8/attachment.bin 

From kiwi at oav.net  Thu Feb  1 17:36:50 2007
From: kiwi at oav.net (Xavier Beaudouin)
Date: Thu, 1 Feb 2007 18:36:50 +0100
Subject: [Full-disclosure] [Full-Disclosure] (Psexec on *NIX)
In-Reply-To: <8711FCB949739D9308E22477@utd59514.utdallas.edu>
References: <20070131193123.89B6940002@mydoom.unipd.it>
	<a2e8ca0702010348x58ec0d57ga743a46403919975@mail.gmail.com>
	<8711FCB949739D9308E22477@utd59514.utdallas.edu>
Message-ID: <3E3A53BD-F51E-4AC9-8A1A-CB8ABA878034@oav.net>


Le 1 f?vr. 07 ? 17:48, Paul Schmehl a ?crit :

> --On Thursday, February 01, 2007 12:48:13 +0100 Knud Erik H?jgaard  
> <kokanin at gmail.com> wrote:
>
>>> something similar to PSExec under linux.
>>
>> ssh-keygen
>> ssh-add
>> for i in `cat serverlist` ; do ssh root@$i rm -rf / ; done
>>
> For anyone who follows these instructions, let me know.  For a fee,  
> I'll help you get back up and running.  :-)

In general on most unix box you have in /etc/ssh/sshd_config :

PermitRootLogin no

People who use root login with ssh are dangerous, sudo exist or can  
be installed...

Allowing direct root login even with SSH is IMHO stupid...

My 0,02c

/Xavier




From tcregger at kennedyinfo.com  Thu Feb  1 20:20:58 2007
From: tcregger at kennedyinfo.com (Troy Cregger)
Date: Thu, 01 Feb 2007 15:20:58 -0500
Subject: [Full-disclosure] [Full-Disclosure] (Psexec on *NIX)
In-Reply-To: <a2e8ca0702010348x58ec0d57ga743a46403919975@mail.gmail.com>
References: <20070131193123.89B6940002@mydoom.unipd.it>
	<a2e8ca0702010348x58ec0d57ga743a46403919975@mail.gmail.com>
Message-ID: <45C24BAA.60800@kennedyinfo.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yep, that'll wreak some havoc alright.

Knud Erik H?jgaard wrote:
>> something similar to PSExec under linux.
> 
> ssh-keygen
> ssh-add
> for i in `cat serverlist` ; do ssh root@$i rm -rf / ; done
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFwkuqnBEWLrrYRl8RAjymAJ4sjuLQpmegCUruRaV1Inuf2FECjQCfaxNL
Eu2ewtWgsgW8UllG+RK8JH0=
=4mEi
-----END PGP SIGNATURE-----



From kees at ubuntu.com  Thu Feb  1 20:16:27 2007
From: kees at ubuntu.com (Kees Cook)
Date: Thu, 1 Feb 2007 12:16:27 -0800
Subject: [Full-disclosure] [USN-415-1] GTK vulnerability
Message-ID: <20070201201627.GP2912@outflux.net>

=========================================================== 
Ubuntu Security Notice USN-415-1          February 01, 2007
gtk+2.0 vulnerability
CVE-2007-0010
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  libgtk2.0-0                              2.8.6-0ubuntu2.2

Ubuntu 6.06 LTS:
  libgtk2.0-0                              2.8.20-0ubuntu1.1

Ubuntu 6.10:
  libgtk2.0-0                              2.10.6-0ubuntu3.1

After a standard system upgrade you need to restart your session to 
effect the necessary changes.

Details follow:

A flaw was discovered in the error handling of GTK's image loading 
library.  Applications opening certain corrupted images could be made to 
crash, causing a denial of service.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.8.6-0ubuntu2.2.diff.gz
      Size/MD5:    53567 95c724004c1bb76494afaa5c1da242f3
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.8.6-0ubuntu2.2.dsc
      Size/MD5:     2109 2b693a76afee2529de8f319d1ee965e3
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.8.6.orig.tar.gz
      Size/MD5: 17454378 9787feb9a4ece62aec9cf1d7e676ba6d

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-common_2.8.6-0ubuntu2.2_all.deb
      Size/MD5:  3413690 432f25a61507d20643d2ad0d6c99dcb9
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-doc_2.8.6-0ubuntu2.2_all.deb
      Size/MD5:  2378196 b422bb5c644130368b3376e0d6e3899a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.8.6-0ubuntu2.2_amd64.deb
      Size/MD5:    52580 3ab1b0fac35302ad09ad9c4a02ff2bed
    http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.8.6-0ubuntu2.2_amd64.deb
      Size/MD5:   270872 df5eb1d63f2efa811390a7680bb23580
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.8.6-0ubuntu2.2_amd64.deb
      Size/MD5:  4236666 c36e972a9c697b86e228724aa7c4a419
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.8.6-0ubuntu2.2_amd64.deb
      Size/MD5:  2273224 f1b4178aa23273faf3cf61520904133c
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.8.6-0ubuntu2.2_amd64.deb
      Size/MD5:    23074 517678fe1aeba00dbd282e32a5e57b40
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.8.6-0ubuntu2.2_amd64.deb
      Size/MD5:  2609232 ba871db6a75e2a625ffde146b308848f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.8.6-0ubuntu2.2_i386.deb
      Size/MD5:    46860 8b1894d2c838a293df689d3b72dd1588
    http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.8.6-0ubuntu2.2_i386.deb
      Size/MD5:   264494 94aeef4b0bc7a73c142f9141b0b28ef6
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.8.6-0ubuntu2.2_i386.deb
      Size/MD5:  3564270 2ef6527a62f806098d27e6ee954ae56d
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.8.6-0ubuntu2.2_i386.deb
      Size/MD5:  2052718 3040cccf99b69bae9e470a70cc35b71a
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.8.6-0ubuntu2.2_i386.deb
      Size/MD5:    21318 1416fc8f37d3b818287bc9248a30de2e
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.8.6-0ubuntu2.2_i386.deb
      Size/MD5:  2215558 7fefdbb5a5326d5b08b678467aac9060

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.8.6-0ubuntu2.2_powerpc.deb
      Size/MD5:    53444 52c89263439997ab446f9b03cff2a22e
    http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.8.6-0ubuntu2.2_powerpc.deb
      Size/MD5:   269698 a59f45e4a19f1733007409ec3a981275
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.8.6-0ubuntu2.2_powerpc.deb
      Size/MD5:  4190084 4b0fb76503bf11660193d600b2280a86
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.8.6-0ubuntu2.2_powerpc.deb
      Size/MD5:  2250150 81eb6be71a7f0ebdcf30f3a67c8e0394
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.8.6-0ubuntu2.2_powerpc.deb
      Size/MD5:    25734 52e3775c12a7a00c6704210a2bfaa38d
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.8.6-0ubuntu2.2_powerpc.deb
      Size/MD5:  2709446 a6979caef7b0e7b3487467b4cd4a1641

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.8.6-0ubuntu2.2_sparc.deb
      Size/MD5:    48278 992476b395d17a91abc83265b10029b5
    http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.8.6-0ubuntu2.2_sparc.deb
      Size/MD5:   266330 462a5d68e9e04f470594679be5e57f29
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.8.6-0ubuntu2.2_sparc.deb
      Size/MD5:  3579788 ad56264068853a9a44ae2f34e0abf4db
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.8.6-0ubuntu2.2_sparc.deb
      Size/MD5:  2168996 4ed31dd46d0422da88a3bb9a13bca0eb
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.8.6-0ubuntu2.2_sparc.deb
      Size/MD5:    21312 a766555cc9cddcb2bc33450ff5acce80
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.8.6-0ubuntu2.2_sparc.deb
      Size/MD5:  2469436 3797581c342f564b0c155d6a09aeb0cd

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.8.20-0ubuntu1.1.diff.gz
      Size/MD5:    58252 d88469fa8fc499f671771520be9ebb02
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.8.20-0ubuntu1.1.dsc
      Size/MD5:     2103 22a61291e41ac5027225a99901f14618
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.8.20.orig.tar.gz
      Size/MD5: 18183644 3dae3292a8651f1e176cdfe21907add5

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-common_2.8.20-0ubuntu1.1_all.deb
      Size/MD5:  3709368 0e964c279739a12e118dc6ad0b312000
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-doc_2.8.20-0ubuntu1.1_all.deb
      Size/MD5:  2489678 ebec0df568ca72d728a6d995c599e225

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.8.20-0ubuntu1.1_amd64.deb
      Size/MD5:    77170 2417ad4ebfa4a39d23214f90e28c3177
    http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.8.20-0ubuntu1.1_amd64.deb
      Size/MD5:   294850 105e63733dfde5df76e732dffac6df98
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.8.20-0ubuntu1.1_amd64.deb
      Size/MD5:  4234430 d489cfae906150b37f091c749540b799
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.8.20-0ubuntu1.1_amd64.deb
      Size/MD5:  2309008 9c75fb993fcef69234496f30aec179a2
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.8.20-0ubuntu1.1_amd64.deb
      Size/MD5:    23044 15a8e02e6f67cd0a016930d9deb9619c
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.8.20-0ubuntu1.1_amd64.deb
      Size/MD5:  2614154 aa0b05a9affbb0fdd6643ecf12f2ffe6

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.8.20-0ubuntu1.1_i386.deb
      Size/MD5:    71446 675a693cde0d70f869957c8a700c8cf8
    http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.8.20-0ubuntu1.1_i386.deb
      Size/MD5:   288556 0fa8de41e8641df9e6b2c114561176b9
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.8.20-0ubuntu1.1_i386.deb
      Size/MD5:  3565166 4a036551f810f2f2ec2639275237ca76
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.8.20-0ubuntu1.1_i386.deb
      Size/MD5:  2086866 0a350ca4886387f665e7ed6e47f21e22
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.8.20-0ubuntu1.1_i386.deb
      Size/MD5:    21190 807336102e043f6660e49699fb46ca2a
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.8.20-0ubuntu1.1_i386.deb
      Size/MD5:  2220058 74745ebaaf25afd6770d903790931c49

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.8.20-0ubuntu1.1_powerpc.deb
      Size/MD5:    77798 c02cbed6afbd0ef2c31bf5343978b49b
    http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.8.20-0ubuntu1.1_powerpc.deb
      Size/MD5:   293918 64bf576dc1728dbc5a8f4fb1180faa57
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.8.20-0ubuntu1.1_powerpc.deb
      Size/MD5:  4187682 914f9017cb9c9ef6025040b735f2f79a
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.8.20-0ubuntu1.1_powerpc.deb
      Size/MD5:  2283174 70279a914f074f58649b4eb379569a1f
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.8.20-0ubuntu1.1_powerpc.deb
      Size/MD5:    25654 acaf81d57e4030e94aed468bfd2a48b3
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.8.20-0ubuntu1.1_powerpc.deb
      Size/MD5:  2715360 cbd6dd4e922c49378262a735ea87e358

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.8.20-0ubuntu1.1_sparc.deb
      Size/MD5:    72330 4e18d93fe87135846459c7396b1037cf
    http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.8.20-0ubuntu1.1_sparc.deb
      Size/MD5:   290492 061b443c712aa8c1daee21279c48d8d8
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.8.20-0ubuntu1.1_sparc.deb
      Size/MD5:  3574884 dc6f928b9a9b5a33be0a0b793e168782
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.8.20-0ubuntu1.1_sparc.deb
      Size/MD5:  2198290 1b78c9d5cf5e955072aacd80a886c2d8
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.8.20-0ubuntu1.1_sparc.deb
      Size/MD5:    21194 cfcb0172331ec5fd7e5430087a82023e
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.8.20-0ubuntu1.1_sparc.deb
      Size/MD5:  2470704 cae8ea5731c9a3009fb29fd0911a711a

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.10.6-0ubuntu3.1.diff.gz
      Size/MD5:    64053 fc5ad4f058e697dd5c0e62950d255bf9
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.10.6-0ubuntu3.1.dsc
      Size/MD5:     1872 77ab92bcb1c1ae0120cdeee322fa317a
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.10.6.orig.tar.gz
      Size/MD5: 21303067 6a5e27f9a70a9791bd71208ad9e91a40

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-common_2.10.6-0ubuntu3.1_all.deb
      Size/MD5:  4453594 cc2557afc7d150965bc6e61708208cd2
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-doc_2.10.6-0ubuntu3.1_all.deb
      Size/MD5:  2629228 2d5d6f3967744f460146c05930ca05ed

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2-engines-pixbuf_2.10.6-0ubuntu3.1_amd64.deb
      Size/MD5:   153102 b44ae277a41a72ac3485cae69e853d34
    http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.10.6-0ubuntu3.1_amd64.deb
      Size/MD5:   374760 1b730e89cc725808b15fc5c98d93155a
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.10.6-0ubuntu3.1_amd64.deb
      Size/MD5:  4624338 6bc8e98525e5b0ea2c1b9a951f1c1724
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.10.6-0ubuntu3.1_amd64.deb
      Size/MD5:  2648908 1baa91c4b199f5bd16f0c84cca3b1b27
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.10.6-0ubuntu3.1_amd64.deb
      Size/MD5:    23872 d79cea942090cfcca5553104b802d59b
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.10.6-0ubuntu3.1_amd64.deb
      Size/MD5:  2933722 33f833d0f7afd67b9ed6de45647e58d7

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2-engines-pixbuf_2.10.6-0ubuntu3.1_i386.deb
      Size/MD5:   148538 59ce2e12e7525233d6968a16f01b20f0
    http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.10.6-0ubuntu3.1_i386.deb
      Size/MD5:   372116 77a7e3f16e281072fe059d99e5ec06ab
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.10.6-0ubuntu3.1_i386.deb
      Size/MD5:  4359740 4dd1213be97dc76e2078fb308e68968b
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.10.6-0ubuntu3.1_i386.deb
      Size/MD5:  2478760 6f9b2dd4f49652a491843ce3c416df48
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.10.6-0ubuntu3.1_i386.deb
      Size/MD5:    22414 b0f7603cbfbe6fd1823d475795239da8
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.10.6-0ubuntu3.1_i386.deb
      Size/MD5:  2572082 596ad0522027452db14a9d3cbee2c79c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2-engines-pixbuf_2.10.6-0ubuntu3.1_powerpc.deb
      Size/MD5:   153580 4ca14cf2fa8e14ebf5c45ebfba3f0bb7
    http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.10.6-0ubuntu3.1_powerpc.deb
      Size/MD5:   374938 04fbf250cdeb9c5560a9fa9bc4c1d75b
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.10.6-0ubuntu3.1_powerpc.deb
      Size/MD5:  4648720 cfa4c3a4c35d10fa896157f9246de702
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.10.6-0ubuntu3.1_powerpc.deb
      Size/MD5:  2634786 5e5a8b0444b2cdcb36278bacae29ddc7
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.10.6-0ubuntu3.1_powerpc.deb
      Size/MD5:    26410 cea38564398a2718a3f193eb70404d37
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.10.6-0ubuntu3.1_powerpc.deb
      Size/MD5:  3065080 12d36eb7f1deb6fad832c9afc26eddc5

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2-engines-pixbuf_2.10.6-0ubuntu3.1_sparc.deb
      Size/MD5:   148546 a539e163ca04a8a8bda52433cbf775bb
    http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.10.6-0ubuntu3.1_sparc.deb
      Size/MD5:   372490 fc1ff17bb515d024110f5bc98ad47196
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.10.6-0ubuntu3.1_sparc.deb
      Size/MD5:  4197868 62a1b237740cf2fc7d93bd5ebe947149
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.10.6-0ubuntu3.1_sparc.deb
      Size/MD5:  2529100 c5bb01ef0683ff65028a0cd0e3c95df8
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.10.6-0ubuntu3.1_sparc.deb
      Size/MD5:    21940 bf16e7ec4d29924ff59fa6eda3796302
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.10.6-0ubuntu3.1_sparc.deb
      Size/MD5:  2775314 030a096adef73c1f9b26591f9d65f519

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070201/5992d028/attachment.bin 

From barros001 at gmail.com  Thu Feb  1 20:12:03 2007
From: barros001 at gmail.com (Carlos Barros)
Date: Thu, 1 Feb 2007 18:12:03 -0200
Subject: [Full-disclosure] umount crash and xterm (kind of) information leak!
Message-ID: <64bb86df0702011212h38476b46m212764c61468392c@mail.gmail.com>

Hi!
In the past few days I faced two "interesting" situations!
One was a "SEGFAULT" in umount command, and
other is some kind of "information leak" in terminal
emulators (tested in xterm). Here is the link os the posts,
so anyone can check it out.

http://gotfault.wordpress.com/2007/01/18/umount-bug/
http://gotfault.wordpress.com/2007/02/01/a-funny-case/

Sorry for posting links, that is not a ADV. I just didnt want
to post it here again.. ;)

regards

---

Carlos Barros
http://www.barrossecurity.com
http://www.gotfault.net
http://gotfault.wordpress.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070201/7a632e86/attachment.html 

From auto189837 at hushmail.com  Fri Feb  2 05:40:10 2007
From: auto189837 at hushmail.com (auto189837 at hushmail.com)
Date: Thu,  1 Feb 2007 21:40:10 -0800 (PST)
Subject: [Full-disclosure] Hushmail from
	full-disclosure-request@lists.grok.org.uk
Message-ID: <20070202054010.6E53A28460@smtp5.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From propolice at gmail.com  Fri Feb  2 05:25:11 2007
From: propolice at gmail.com (Eduardo Tongson)
Date: Fri, 2 Feb 2007 13:25:11 +0800
Subject: [Full-disclosure] [Full-Disclosure] (Psexec on *NIX)
In-Reply-To: <3E3A53BD-F51E-4AC9-8A1A-CB8ABA878034@oav.net>
References: <20070131193123.89B6940002@mydoom.unipd.it>
	<a2e8ca0702010348x58ec0d57ga743a46403919975@mail.gmail.com>
	<8711FCB949739D9308E22477@utd59514.utdallas.edu>
	<3E3A53BD-F51E-4AC9-8A1A-CB8ABA878034@oav.net>
Message-ID: <b18fbe3c0702012125k4f240e22jf768f7b53547f741@mail.gmail.com>

On 2/2/07, Xavier Beaudouin <kiwi at oav.net> wrote:
<>
>
> Allowing direct root login even with SSH is IMHO stupid...
>

Please elaborate why is it IYHO stupid.

- ed



From auto253657 at hushmail.com  Fri Feb  2 06:30:30 2007
From: auto253657 at hushmail.com (auto253657 at hushmail.com)
Date: Thu,  1 Feb 2007 22:30:30 -0800 (PST)
Subject: [Full-disclosure] Hushmail from propolice@gmail.com
Message-ID: <20070202063030.109872841A@smtp5.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From Valdis.Kletnieks at vt.edu  Fri Feb  2 06:38:20 2007
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
Date: Fri, 02 Feb 2007 01:38:20 -0500
Subject: [Full-disclosure] [Full-Disclosure] (Psexec on *NIX)
In-Reply-To: Your message of "Fri, 02 Feb 2007 13:25:11 +0800."
	<b18fbe3c0702012125k4f240e22jf768f7b53547f741@mail.gmail.com>
References: <20070131193123.89B6940002@mydoom.unipd.it>
	<a2e8ca0702010348x58ec0d57ga743a46403919975@mail.gmail.com>
	<8711FCB949739D9308E22477@utd59514.utdallas.edu>
	<3E3A53BD-F51E-4AC9-8A1A-CB8ABA878034@oav.net>
	<b18fbe3c0702012125k4f240e22jf768f7b53547f741@mail.gmail.com>
Message-ID: <200702020638.l126cKfa014655@turing-police.cc.vt.edu>

On Fri, 02 Feb 2007 13:25:11 +0800, Eduardo Tongson said:
> On 2/2/07, Xavier Beaudouin <kiwi at oav.net> wrote:
> <>
> >
> > Allowing direct root login even with SSH is IMHO stupid...
> >
> 
> Please elaborate why is it IYHO stupid.

In environments where more than 1 person has root access, allowing direct
login to root means you can't keep an audit trail of which person logged in.

And if your environment only one person has root access, that's just looking
for a DoS if the one person is hit by a bus..... 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070202/ff533a18/attachment.bin 

From auto253657 at hushmail.com  Fri Feb  2 06:39:12 2007
From: auto253657 at hushmail.com (auto253657 at hushmail.com)
Date: Thu,  1 Feb 2007 22:39:12 -0800 (PST)
Subject: [Full-disclosure] Hushmail from Valdis.Kletnieks@vt.edu
Message-ID: <20070202063912.B13EDDA888@smtp6.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto143245 at hushmail.com  Fri Feb  2 06:39:20 2007
From: auto143245 at hushmail.com (auto143245 at hushmail.com)
Date: Thu,  1 Feb 2007 22:39:20 -0800 (PST)
Subject: [Full-disclosure] Hushmail from Valdis.Kletnieks@vt.edu
Message-ID: <20070202063920.8296C28431@smtp5.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto149161 at hushmail.com  Fri Feb  2 06:39:11 2007
From: auto149161 at hushmail.com (auto149161 at hushmail.com)
Date: Thu,  1 Feb 2007 22:39:11 -0800 (PST)
Subject: [Full-disclosure] Hushmail from Valdis.Kletnieks@vt.edu
Message-ID: <20070202063911.3E07C2841A@smtp5.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto187684 at hushmail.com  Fri Feb  2 06:39:21 2007
From: auto187684 at hushmail.com (auto187684 at hushmail.com)
Date: Thu,  1 Feb 2007 22:39:21 -0800 (PST)
Subject: [Full-disclosure] Hushmail from Valdis.Kletnieks@vt.edu
Message-ID: <20070202063922.08D1FDA889@smtp6.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto51495 at hushmail.com  Fri Feb  2 06:39:26 2007
From: auto51495 at hushmail.com (auto51495 at hushmail.com)
Date: Thu,  1 Feb 2007 22:39:26 -0800 (PST)
Subject: [Full-disclosure] Hushmail from Valdis.Kletnieks@vt.edu
Message-ID: <20070202063926.46EF02841A@smtp5.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto88814 at hushmail.com  Fri Feb  2 06:39:30 2007
From: auto88814 at hushmail.com (auto88814 at hushmail.com)
Date: Thu,  1 Feb 2007 22:39:30 -0800 (PST)
Subject: [Full-disclosure] Hushmail from Valdis.Kletnieks@vt.edu
Message-ID: <20070202063930.28D07DA88B@smtp6.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto271301 at hushmail.com  Fri Feb  2 06:39:35 2007
From: auto271301 at hushmail.com (auto271301 at hushmail.com)
Date: Thu,  1 Feb 2007 22:39:35 -0800 (PST)
Subject: [Full-disclosure] Hushmail from Valdis.Kletnieks@vt.edu
Message-ID: <20070202063935.DB7CD2841A@smtp5.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto29856 at hushmail.com  Fri Feb  2 06:39:47 2007
From: auto29856 at hushmail.com (auto29856 at hushmail.com)
Date: Thu,  1 Feb 2007 22:39:47 -0800 (PST)
Subject: [Full-disclosure] Hushmail from Valdis.Kletnieks@vt.edu
Message-ID: <20070202063947.D9589DA852@smtp8.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto284028 at hushmail.com  Fri Feb  2 06:29:19 2007
From: auto284028 at hushmail.com (auto284028 at hushmail.com)
Date: Thu,  1 Feb 2007 22:29:19 -0800 (PST)
Subject: [Full-disclosure] Hushmail from propolice@gmail.com
Message-ID: <20070202062919.DFEF4DA861@smtp8.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto117847 at hushmail.com  Fri Feb  2 06:29:57 2007
From: auto117847 at hushmail.com (auto117847 at hushmail.com)
Date: Thu,  1 Feb 2007 22:29:57 -0800 (PST)
Subject: [Full-disclosure] Hushmail from propolice@gmail.com
Message-ID: <20070202062957.6CF1EDA82D@smtp8.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto189837 at hushmail.com  Fri Feb  2 06:29:19 2007
From: auto189837 at hushmail.com (auto189837 at hushmail.com)
Date: Thu,  1 Feb 2007 22:29:19 -0800 (PST)
Subject: [Full-disclosure] Hushmail from propolice@gmail.com
Message-ID: <20070202062919.70373DA84E@smtp8.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto56638 at hushmail.com  Fri Feb  2 06:29:57 2007
From: auto56638 at hushmail.com (auto56638 at hushmail.com)
Date: Thu,  1 Feb 2007 22:29:57 -0800 (PST)
Subject: [Full-disclosure] Hushmail from propolice@gmail.com
Message-ID: <20070202062957.DAE24DA868@smtp8.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto149161 at hushmail.com  Fri Feb  2 06:29:07 2007
From: auto149161 at hushmail.com (auto149161 at hushmail.com)
Date: Thu,  1 Feb 2007 22:29:07 -0800 (PST)
Subject: [Full-disclosure] Hushmail from propolice@gmail.com
Message-ID: <20070202062907.1F049DA84A@smtp6.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto275291 at hushmail.com  Fri Feb  2 06:29:14 2007
From: auto275291 at hushmail.com (auto275291 at hushmail.com)
Date: Thu,  1 Feb 2007 22:29:14 -0800 (PST)
Subject: [Full-disclosure] Hushmail from propolice@gmail.com
Message-ID: <20070202062914.0646ADA852@smtp6.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto187684 at hushmail.com  Fri Feb  2 06:29:22 2007
From: auto187684 at hushmail.com (auto187684 at hushmail.com)
Date: Thu,  1 Feb 2007 22:29:22 -0800 (PST)
Subject: [Full-disclosure] Hushmail from propolice@gmail.com
Message-ID: <20070202062922.DB3B5DA882@smtp6.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto236137 at hushmail.com  Fri Feb  2 06:29:13 2007
From: auto236137 at hushmail.com (auto236137 at hushmail.com)
Date: Thu,  1 Feb 2007 22:29:13 -0800 (PST)
Subject: [Full-disclosure] Hushmail from propolice@gmail.com
Message-ID: <20070202062913.8BDC1DA847@smtp6.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto51495 at hushmail.com  Fri Feb  2 06:57:52 2007
From: auto51495 at hushmail.com (auto51495 at hushmail.com)
Date: Thu,  1 Feb 2007 22:57:52 -0800 (PST)
Subject: [Full-disclosure] Hushmail from propolice@gmail.com
Message-ID: <20070202065752.1FA5A28464@smtp5.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto29856 at hushmail.com  Fri Feb  2 06:57:53 2007
From: auto29856 at hushmail.com (auto29856 at hushmail.com)
Date: Thu,  1 Feb 2007 22:57:53 -0800 (PST)
Subject: [Full-disclosure] Hushmail from propolice@gmail.com
Message-ID: <20070202065753.81386DA83D@smtp6.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto271301 at hushmail.com  Fri Feb  2 06:58:14 2007
From: auto271301 at hushmail.com (auto271301 at hushmail.com)
Date: Thu,  1 Feb 2007 22:58:14 -0800 (PST)
Subject: [Full-disclosure] Hushmail from propolice@gmail.com
Message-ID: <20070202065814.D0751DA847@smtp6.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto473378 at hushmail.com  Fri Feb  2 06:58:16 2007
From: auto473378 at hushmail.com (auto473378 at hushmail.com)
Date: Thu,  1 Feb 2007 22:58:16 -0800 (PST)
Subject: [Full-disclosure] Hushmail from propolice@gmail.com
Message-ID: <20070202065816.D7F3C28460@smtp5.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto189837 at hushmail.com  Fri Feb  2 07:15:57 2007
From: auto189837 at hushmail.com (auto189837 at hushmail.com)
Date: Thu,  1 Feb 2007 23:15:57 -0800 (PST)
Subject: [Full-disclosure] Hushmail from Valdis.Kletnieks@vt.edu
Message-ID: <20070202071557.734E9DA83D@smtp6.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto284028 at hushmail.com  Fri Feb  2 07:15:58 2007
From: auto284028 at hushmail.com (auto284028 at hushmail.com)
Date: Thu,  1 Feb 2007 23:15:58 -0800 (PST)
Subject: [Full-disclosure] Hushmail from Valdis.Kletnieks@vt.edu
Message-ID: <20070202071558.78D62DA852@smtp6.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto473378 at hushmail.com  Fri Feb  2 07:31:29 2007
From: auto473378 at hushmail.com (auto473378 at hushmail.com)
Date: Thu,  1 Feb 2007 23:31:29 -0800 (PST)
Subject: [Full-disclosure] Hushmail from Valdis.Kletnieks@vt.edu
Message-ID: <20070202073129.6249FDA861@smtp6.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto88814 at hushmail.com  Fri Feb  2 07:32:00 2007
From: auto88814 at hushmail.com (auto88814 at hushmail.com)
Date: Thu,  1 Feb 2007 23:32:00 -0800 (PST)
Subject: [Full-disclosure] Hushmail from propolice@gmail.com
Message-ID: <20070202073200.E4DF3DA863@smtp8.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto236137 at hushmail.com  Fri Feb  2 08:05:02 2007
From: auto236137 at hushmail.com (auto236137 at hushmail.com)
Date: Fri,  2 Feb 2007 00:05:02 -0800 (PST)
Subject: [Full-disclosure] Hushmail from Valdis.Kletnieks@vt.edu
Message-ID: <20070202080502.F3447DA843@smtp8.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto275291 at hushmail.com  Fri Feb  2 08:05:03 2007
From: auto275291 at hushmail.com (auto275291 at hushmail.com)
Date: Fri,  2 Feb 2007 00:05:03 -0800 (PST)
Subject: [Full-disclosure] Hushmail from Valdis.Kletnieks@vt.edu
Message-ID: <20070202080503.71898DA855@smtp8.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From raju at linux-delhi.org  Fri Feb  2 08:10:47 2007
From: raju at linux-delhi.org (Raj Mathur)
Date: Fri, 2 Feb 2007 13:40:47 +0530
Subject: [Full-disclosure] [Full-Disclosure] (Psexec on *NIX)
In-Reply-To: <200702020638.l126cKfa014655@turing-police.cc.vt.edu>
References: <20070131193123.89B6940002@mydoom.unipd.it>
	<b18fbe3c0702012125k4f240e22jf768f7b53547f741@mail.gmail.com>
	<200702020638.l126cKfa014655@turing-police.cc.vt.edu>
Message-ID: <200702021340.53125.raju@linux-delhi.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 02 February 2007 12:08, Valdis.Kletnieks at vt.edu wrote:
> On Fri, 02 Feb 2007 13:25:11 +0800, Eduardo Tongson said:
> > On 2/2/07, Xavier Beaudouin <kiwi at oav.net> wrote:
> > <>
> >
> > > Allowing direct root login even with SSH is IMHO stupid...
> >
> > Please elaborate why is it IYHO stupid.
>
> In environments where more than 1 person has root access, allowing
> direct login to root means you can't keep an audit trail of which
> person logged in.
>
> And if your environment only one person has root access, that's
> just looking for a DoS if the one person is hit by a bus.....

I believe we have had this discussion before, but I'll iterate my 
beliefs in favour of allowing direct root access again:

- - Key-based root logins are quite secure.  I don't see any reason why 
key-based root login would be any less secure than permitting a user 
login followed by an sudo.

- - Password management is a bitch.  I don't remember passwords for 
about half the accounts I have.  Using a key-based root login, I 
don't need to remember those passwords either.  If you take the sudo 
route, every user has to remember each password for each account, 
unless you take the deprecated route of reusing passwords (or 
*horrors* allow sudo without password).

- - With a little bit of configuration, it's easy to figure out which 
key was used to login to an account; the audit trail can be managed 
that way.

- - Managing which users have access to which root accounts is trivial 
this way: just add or delete their keys from .ssh/authorized_keys[2].

Of course, ideally you could use a combination of user-based and 
key-based logins: allow users to login any which way they want, then 
only allow key-based root ssh from localhost.  Hmm, that's an idea 
worth exploring...

Regards,

- -- Raju
- -- 
Raj Mathur ? ? ? ? ? ?raju at kandalaya.org ? http://kandalaya.org/
? ? ? ?GPG: 78D4 FC67 367F 40E2 0DD5 ?0FEF C968 D0EF CC68 D17F
? ? ? ? ? ? ? ? ? ? ? It is the mind that moves
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFwvINyWjQ78xo0X8RAs9tAJ9fc7PXCY/ITlhWZdx0Pang0/mWMgCfcOkg
eSmt2EEur8Jr3W9rodZEhn4=
=DSri
-----END PGP SIGNATURE-----



From auto189837 at hushmail.com  Fri Feb  2 09:15:49 2007
From: auto189837 at hushmail.com (auto189837 at hushmail.com)
Date: Fri,  2 Feb 2007 01:15:49 -0800 (PST)
Subject: [Full-disclosure] Hushmail from raju@linux-delhi.org
Message-ID: <20070202091549.DC36EDA84E@smtp8.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto284028 at hushmail.com  Fri Feb  2 09:15:50 2007
From: auto284028 at hushmail.com (auto284028 at hushmail.com)
Date: Fri,  2 Feb 2007 01:15:50 -0800 (PST)
Subject: [Full-disclosure] Hushmail from raju@linux-delhi.org
Message-ID: <20070202091550.CCF52DA855@smtp8.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto51495 at hushmail.com  Fri Feb  2 09:15:55 2007
From: auto51495 at hushmail.com (auto51495 at hushmail.com)
Date: Fri,  2 Feb 2007 01:15:55 -0800 (PST)
Subject: [Full-disclosure] Hushmail from raju@linux-delhi.org
Message-ID: <20070202091555.CDD9828464@smtp5.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto117847 at hushmail.com  Fri Feb  2 09:44:45 2007
From: auto117847 at hushmail.com (auto117847 at hushmail.com)
Date: Fri,  2 Feb 2007 01:44:45 -0800 (PST)
Subject: [Full-disclosure] Hushmail from raju@linux-delhi.org
Message-ID: <20070202094445.F13CDDA878@smtp8.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto56638 at hushmail.com  Fri Feb  2 09:44:46 2007
From: auto56638 at hushmail.com (auto56638 at hushmail.com)
Date: Fri,  2 Feb 2007 01:44:46 -0800 (PST)
Subject: [Full-disclosure] Hushmail from raju@linux-delhi.org
Message-ID: <20070202094446.8253EDA87F@smtp8.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From Valdis.Kletnieks at vt.edu  Fri Feb  2 09:56:46 2007
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
Date: Fri, 02 Feb 2007 04:56:46 -0500
Subject: [Full-disclosure] [Full-Disclosure] (Psexec on *NIX)
In-Reply-To: Your message of "Fri, 02 Feb 2007 13:40:47 +0530."
	<200702021340.53125.raju@linux-delhi.org>
References: <20070131193123.89B6940002@mydoom.unipd.it>
	<b18fbe3c0702012125k4f240e22jf768f7b53547f741@mail.gmail.com>
	<200702020638.l126cKfa014655@turing-police.cc.vt.edu>
	<200702021340.53125.raju@linux-delhi.org>
Message-ID: <200702020956.l129ukKb004597@turing-police.cc.vt.edu>

On Fri, 02 Feb 2007 13:40:47 +0530, Raj Mathur said:
> I believe we have had this discussion before, but I'll iterate my
> beliefs in favour of allowing direct root access again:

> - Key-based root logins are quite secure.  I don't see any reason why
> key-based root login would be any less secure than permitting a user
> login followed by an sudo.

It's not the security of the login itself - it's the ability to create
an audit trail of which userid performed an action.  If you can find
some other way to...

> - With a little bit of configuration, it's easy to figure out which
> key was used to login to an account; the audit trail can be managed
> that way.

... like the above, then most of the issues can be worked around.

The *problem* with "direct login to root" is that it's the very rare site
that actually manages to implement it with proper audit trails.

It's a variant on the old "If you have to ask how much, you can't afford it",
just in this case "If you have to ask why they're bad, you're not qualified
to do it right".

(Also - note that if you consider the set of computers in the same
administrative domain as a whole, your system is *STILL* "login as another
user, then as root" - just that the first login is happening on another system.
You're not doing a direct login to root when viewed from the context of the
administrative domain as a whole.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070202/addb4aa3/attachment.bin 

From auto149161 at hushmail.com  Fri Feb  2 09:58:01 2007
From: auto149161 at hushmail.com (auto149161 at hushmail.com)
Date: Fri,  2 Feb 2007 01:58:01 -0800 (PST)
Subject: [Full-disclosure] Hushmail from Valdis.Kletnieks@vt.edu
Message-ID: <20070202095801.DFDD228455@smtp5.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto51495 at hushmail.com  Fri Feb  2 09:58:17 2007
From: auto51495 at hushmail.com (auto51495 at hushmail.com)
Date: Fri,  2 Feb 2007 01:58:17 -0800 (PST)
Subject: [Full-disclosure] Hushmail from Valdis.Kletnieks@vt.edu
Message-ID: <20070202095817.9327728460@smtp5.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From talargoni at gmail.com  Thu Feb  1 18:12:50 2007
From: talargoni at gmail.com (tal argoni)
Date: Thu, 1 Feb 2007 20:12:50 +0200
Subject: [Full-disclosure] Remote Sql Injection in EasyMoblog 0.5.1 # 2
Message-ID: <948402e40702011012s27f6ac6csb6f47f0593e656f0@mail.gmail.com>

Original Advisory Can Be Found at
www.zion-security.com -> [advisories].


-- 
Thanks in advance,
Tal Argoni,CEH
www.zion-security.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070201/7b443ee6/attachment.html 
-------------- next part --------------
                                                                                                                                                                                                                                                             
?= Security Advisory =?

Issue: Sql injection Vulnerability in EasyMoblog by Umberto Caldera.
Discovered Date: 30/01/07
Author: Tal Argoni, LegendaryZion. [talargoni at gmail.com]
Product Vendor: http://sourceforge.net/project/showfiles.php?group_id=88633
Ver: easymoblog-0.5.1
Details:

EasyMoblog is prone to a Sql Injection Vulnerability.
The vulnerability exists in comment_add function, caused by the lack of
Input Validation/Filtering of quotation and malicious characters
in the GET parameter "i" OR in the POST parameter "post_id".

The use of post_details function is done by "add_comment.php"
that exist in "libraries.inc.php".


Contents of libraries.inc.php:
---------------------------------
...

function comment_add ($comment) { .....


   $query = "
            insert into       ".CFG_MYSQL_TABPREFIX."comments
            (comment_author,comment_author_email,comment_text,comment_added,post_id)
            values (
                     '".addslashes($comment['comment_author'])."',
                     '".addslashes($comment['comment_author_email'])."',
                     '".addslashes($comment['comment_text'])."',
                     '".time()."',
                     '".$comment['post_id']."'
            )
   ";
   $res = mysql_query($query);

...

Contents of add_comment.php:
---------------------------------
...

$form['post_id'] = '';
if(isset($_POST['post_id']))                    $form['post_id'] = $_POST['post_id'];
elseif(isset($_GET['i']))                       $form['post_id'] = $_GET['i'];
else                                            exit(); 
.........

   if (count($errors) == 0) {
      $comment = $form;
      
      $comment = comment_add ($comment);
      Header ("Location: list_comments.php?i=".$comment['post_id']);
      exit();
...




Exploitation URL:
http://www.example.com/easymoblog/add_comment.php?i='[SQL]

Successful exploitation may allow execution of Sql code. 
This could also be exploited to get the passwords, users
and a lot of informaion, commit Denial Of Service attacks and more...

Proof Of Concept:
http://www.example.com/easymoblog/add_comment.php?i='[SQL]



From talargoni at gmail.com  Thu Feb  1 18:15:58 2007
From: talargoni at gmail.com (tal argoni)
Date: Thu, 1 Feb 2007 20:15:58 +0200
Subject: [Full-disclosure] Xss Vulnerability in EasyMoblog 0.5.1
Message-ID: <948402e40702011015o1c43f8a6v4048fc6a78748c96@mail.gmail.com>

Original Advisory Can Be Found at
www.zion-security.com -> [advisories].


-- 
Thanks in advance,
Tal Argoni,CEH
www.zion-security.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070201/775561d5/attachment.html 
-------------- next part --------------



?= Security Advisory =?

Issue: Cross Site Scripting (XSS) Vulnerability in "img.php" by Umberto Caldera.
Discovered Date: 30/01/2007
Author: Tal Argoni [talargoni at gmail d0t com]
Product Vendor: http://sourceforge.net/project/showfiles.php?group_id=88633
Ver: easymoblog-0.5.1

Details:

EasyMoblog is prone to a Cross Site Scripting Vulnerability.
The vulnerability exists in "img.php" file, caused by the lack of Input 
Validation/Filtering of quotation and HTML characters in the 
GET parameter "i".


Contents of "img.php"
---------------------------------
...

<?php
$img_name = $_GET['i'];
?>

...

<body>
   <img src="img/posts/<?php echo $img_name; ?>" border="0" alt="" />
</body>
...




Exploitation URL:
http://www.example.com/easymoblog/img.php?i="><script>alert(document.cookie);</script><img src=

Successful exploitation may allow execution of script code. This could also be exploited to 
spoof the entire website's content,
create fake login menu's for all the platform's users, commit Denial Of Service attacks and more...

Proof Of Concept:
http://www.example.com/easymoblog/img.php?i="><script>alert(document.cookie);</script><img src=

From talargoni at gmail.com  Thu Feb  1 18:08:03 2007
From: talargoni at gmail.com (tal argoni)
Date: Thu, 1 Feb 2007 20:08:03 +0200
Subject: [Full-disclosure] Remote Sql Injection in EasyMoblog 0.5.1
Message-ID: <948402e40702011008u715ca306t210facbaa83af800@mail.gmail.com>

Original Advisory Can Be Found at
www.zion-security.com -> [advisories].

-- 
Thanks in advance,
Tal Argoni,CEH
www.zion-security.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070201/971749c6/attachment.html 
-------------- next part --------------
                                                                                                                                                                                                                                                             
?= Security Advisory =?

Issue: Sql injection Vulnerability in EasyMoblog by Umberto Caldera.
Discovered Date: 30/01/07
Author: Tal Argoni, LegendaryZion. [talargoni at gmail.com]
Product Vendor: http://sourceforge.net/project/showfiles.php?group_id=88633
Ver: easymoblog-0.5.1
Details:

EasyMoblog is prone to a Sql Injection Vulnerability.
The vulnerability exists in post_details function, caused by the 
lack of Input Validation/Filtering of quotation and malicious 
characters in the GET parameter "i".

The use of post_details function is done by "list_comments.php"
that exist in "libraries.inc.php".




Contents of libraries.inc.php:
---------------------------------
...

function post_details ($post_id) {
   if (CFG_USE_PATH_INFO == 'no')
      $iisbug = '?';
   else
      $iisbug = '';

   $query = "
            select      p.*, count(c.post_id) as post_comments, count(tr.post_id) as post_trackback_pings, t.topic_name, concat(t.img_id,'.',i.img_extension) as topic_img
            from        ".CFG_MYSQL_TABPREFIX."posts p
            left join   ".CFG_MYSQL_TABPREFIX."comments c
            on          p.post_id = c.post_id
            left join   ".CFG_MYSQL_TABPREFIX."trackback_pings tr
            on          p.post_id = tr.post_id
            left join   ".CFG_MYSQL_TABPREFIX."topics t
            on          p.topic_id = t.topic_id
            left join   ".CFG_MYSQL_TABPREFIX."images i
            on          t.img_id = i.img_id
            where       p.post_id = '".$post_id."'
            group by    p.post_id
   ";
   $res = mysql_query($query);

...

Contents of list_comments.php:
---------------------------------
...

$post_id = '';
if (isset($_GET['i']))    $post_id = $_GET['i'];

$post = post_details ($post_id);
...




Exploitation URL:
http://www.example.com/easymoblog/list_comments.php?i='[SQL]

Successful exploitation may allow execution of Sql code. 
This could also be exploited to get the passwords, users,
and a lot of informaion, commit Denial Of Service attacks and more...

Proof Of Concept:
http://www.example.com/easymoblog/list_comments.php?i='[SQL]



From auto29856 at hushmail.com  Fri Feb  2 09:58:26 2007
From: auto29856 at hushmail.com (auto29856 at hushmail.com)
Date: Fri,  2 Feb 2007 01:58:26 -0800 (PST)
Subject: [Full-disclosure] Hushmail from Valdis.Kletnieks@vt.edu
Message-ID: <20070202095826.C28DB28455@smtp5.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto29856 at hushmail.com  Fri Feb  2 10:02:45 2007
From: auto29856 at hushmail.com (auto29856 at hushmail.com)
Date: Fri,  2 Feb 2007 02:02:45 -0800 (PST)
Subject: [Full-disclosure] Hushmail from raju@linux-delhi.org
Message-ID: <20070202100246.097312841D@smtp5.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From eddiea at tau.ac.il  Fri Feb  2 06:40:49 2007
From: eddiea at tau.ac.il (Edward Aronovich)
Date: Fri, 2 Feb 2007 08:40:49 +0200
Subject: [Full-disclosure] [TAUSEC] Next meeting of TAUSEC on Feb 11, 6 P.M
Message-ID: <CA6DD70F3F91A64091D3A658835979F306E9@onyx.cs.tau.ac.il>

The Security Forum, TAUSEC at Tel Aviv University, next lecture will be on Feb 11 at 18:00 (6 P.M)

Location: Tel Aviv University Lev Auditorium
Map: http://www2.tau.ac.il/map/unimapl1.asp

Attendance is free, light refreshments will be served

Schedule:
---------
18:00 Economic analysis of globally deployed attach counter-measures - Shachar Shemesh Lecture level: high level, no technical knowledge required

Abstract:
	The lecturer will try to prove, using nothing but a few
	hand gestures and 12 coins, that the time is not yet ripe to 
	deploy outgres filtering world wide. We will try to analyze 
	what may cause the balance to tip, and will outline the 
	lecturer very private, and somewhat insane, idea of how the 
	world will slowly change once the tipping point arrives.



19:00 - Break

19:20 - IE Exploits Treats - History, JavaScript evasion techniques, 
	  Heap Spray, Ajax worms - Dror Shalev      
Level: Technical / Very High Level

Title: IE Exploits Treats - History, JavaScript evasion techniques, Heap Spray, Ajax worms

	In the "IE Exploits Treats" I will show lots of code and techniques , 
	but will not include 0 days exploits.
	The "JavaScript evasion techniques" research include the following demos :
	http://www.drorshalev.com/dev/metascripts/
	the "History" section include : 
	https://secure11.brinkster.com/drorshalev/checkpoint/products/main.htm
	the  "Heap Spray" include : Internet Exploiter , PwnZilla By SkyLined
	MS07-004 VML integer overflow exploit , Moti Joseph
	browserfun by HDM , metasploit
	setRequestHeader(), setSlice(), createTextRange() 
	the "Ajax worms" include :
	An analysis of the 180 Solutions Trojan -  2003
	Yahoo & Hotmail Potential web-based e-mail worm - 2003
	Samy is my Hero -MySpace - 2005

	Visit our web site at: http://www.cs.tau.ac.il/tausec/

C U,
Eddie



From auto149161 at hushmail.com  Fri Feb  2 10:06:35 2007
From: auto149161 at hushmail.com (auto149161 at hushmail.com)
Date: Fri,  2 Feb 2007 02:06:35 -0800 (PST)
Subject: [Full-disclosure] Hushmail from talargoni@gmail.com
Message-ID: <20070202100635.27C5828433@smtp5.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto284028 at hushmail.com  Fri Feb  2 10:06:50 2007
From: auto284028 at hushmail.com (auto284028 at hushmail.com)
Date: Fri,  2 Feb 2007 02:06:50 -0800 (PST)
Subject: [Full-disclosure] Hushmail from talargoni@gmail.com
Message-ID: <20070202100650.4C07128434@smtp5.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto189837 at hushmail.com  Fri Feb  2 10:06:49 2007
From: auto189837 at hushmail.com (auto189837 at hushmail.com)
Date: Fri,  2 Feb 2007 02:06:49 -0800 (PST)
Subject: [Full-disclosure] Hushmail from talargoni@gmail.com
Message-ID: <20070202100649.CBCB528433@smtp5.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto29856 at hushmail.com  Fri Feb  2 10:07:23 2007
From: auto29856 at hushmail.com (auto29856 at hushmail.com)
Date: Fri,  2 Feb 2007 02:07:23 -0800 (PST)
Subject: [Full-disclosure] Hushmail from talargoni@gmail.com
Message-ID: <20070202100723.0155A28433@smtp5.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From auto253657 at hushmail.com  Fri Feb  2 10:13:34 2007
From: auto253657 at hushmail.com (auto253657 at hushmail.com)
Date: Fri,  2 Feb 2007 02:13:34 -0800 (PST)
Subject: [Full-disclosure] Hushmail from talargoni@gmail.com
Message-ID: <20070202101334.F260428433@smtp5.hushmail.com>

You have received mail at your Hushmail address.  To cease receiving these notices, click the "Preferences" link in the toolbar once you have logged in.



From reh.schreurs at home.nl  Fri Feb  2 10:01:32 2007
From: reh.schreurs at home.nl (Rob Schreurs)
Date: Fri, 2 Feb 2007 11:01:32 +0100
Subject: [Full-disclosure] Hushmail from raju@linux-delhi.org
In-Reply-To: <20070202094445.F13CDDA878@smtp8.hushmail.com>
Message-ID: <007f01c746b1$1d950690$6501a8c0@spaniellaptop>

WTF?

-----Oorspronkelijk bericht-----
Van: full-disclosure-bounces at lists.grok.org.uk
[mailto:full-disclosure-bounces at lists.grok.org.uk] Namens
auto117847 at hushmail.com
Verzonden: vrijdag, februari 2007 10:45
Aan: full-disclosure at lists.grok.org.uk
Onderwerp: [Full-disclosure] Hushmail from raju at linux-delhi.org

You have received mail at your Hushmail address.  To cease receiving these
notices, click the "Preferences" link in the toolbar once you have logged
in.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



From Valdis.Kletnieks at vt.edu  Fri Feb  2 14:45:58 2007
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
Date: Fri, 02 Feb 2007 09:45:58 -0500
Subject: [Full-disclosure] Hushmail from raju@linux-delhi.org
In-Reply-To: Your message of "Fri, 02 Feb 2007 11:01:32 +0100."
	<007f01c746b1$1d950690$6501a8c0@spaniellaptop>
References: <007f01c746b1$1d950690$6501a8c0@spaniellaptop>
Message-ID: <200702021445.l12EjwGW006461@turing-police.cc.vt.edu>

On Fri, 02 Feb 2007 11:01:32 +0100, Rob Schreurs said:
> WTF?

It's OK, just somebody who can't configure their e-mail account..

> [mailto:full-disclosure-bounces at lists.grok.org.uk] Namens
> auto117847 at hushmail.com

Actually, looks like 4 or 5 somebodies, or one person who got it wrong
4 or 5 times in a row.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070202/2385d432/attachment.bin 

From Thierry at Zoller.lu  Fri Feb  2 15:23:24 2007
From: Thierry at Zoller.lu (Thierry Zoller)
Date: Fri, 2 Feb 2007 16:23:24 +0100
Subject: [Full-disclosure] Vista Speech recognition
Message-ID: <733918728.20070202162324@Zoller.lu>

---------------------------------------------------------------
Posting of your message titled "Re[2]: [Dailydave] Vista speach
recognition"  has been rejected by the list moderator.
The moderator gave the following reason for rejecting
your request: "No reason given"
---------------------------------------------------------------

Dear George,

With all due respect, I think you are crying wolf a tad bit too much.
Speech recognition is inherently unreliable, (btw remember the presentation
they gave?). Since you deem the problem as remotely exploitable,let's ignore
for one that I have to actively browse to a website and as such be physically
in front of the PC and assume we use XSS to zombie the browser and play the
audio 5 minutes later.  Then we assume there is not too much background
noise, assume the audio level is ok, assume the microphone is on,
assume Speech recognition is used, assume audio is on, and so forth.

Too many assumption to make it a real risk for me remotely, sorry. That's
my personal opinion. Is is a vulnerability ? Yes. Is it likely to work
100% like a good crafted exploit? No

GO> So
GO> I'm asking Microsoft to reconsider their stance that "there is little if any
GO> need to worry" and implement some sort of safety mechanism rather than
GO> relying on the user to be self vigilant.  It doesn't matter that there
GO> aren't that many people using this feature; Microsoft should fix it if
GO> they're going to offer it and market it as a key Vista advantage.
I have not read they don't plan to, it's just that .. well they don't
consider it an emergency, and I can understand. The thing is they have
a different scale than you, the next wormable exploit is something
they worry about, an exploit that immediately might compromise a system
is something I think they rate as Important, this thing is exploitable
only if X+n conditions are met, if x+n assumptions are made. I don't
say it's not a problem, I say the probability of it being a problem
for a defined person is low to very low.

GO> Since
GO> Microsoft is promoting Voice recognition for healthcare, we should consider
GO> the safety of patient health records.
[X] Hysteria

GO> At present time, Vista Speech Recognition wakes up to the command "start
GO> listening".  How hard would it be for Microsoft to make that a
GO> user-definable phrase or word?  For example: A user would pick "Zelda" as
GO> the word to wake speech mode while someone else picks "439" as their wake
GO> word.  How hard would it be for Microsoft to implement a wake timeout so
GO> that Speech Recognition would sleep after 5 minutes idle?
I haven't seen any mention that they don't plan to do so, maybe I have
not read everything. My opinion: they will implement this, BUT hopefully make it an option.

GO> I'm also running a poll at the end asking if Microsoft should patch this
GO> with a pass phrase and echo cancellation.
Why would that make sense? People will vote  for a fix.


-- 
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45  2E57 28B3 75DD 0AC6 F1C7



From Valdis.Kletnieks at vt.edu  Fri Feb  2 15:38:06 2007
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
Date: Fri, 02 Feb 2007 10:38:06 -0500
Subject: [Full-disclosure] Vista Speech recognition
In-Reply-To: Your message of "Fri, 02 Feb 2007 16:23:24 +0100."
	<733918728.20070202162324@Zoller.lu>
References: <733918728.20070202162324@Zoller.lu>
Message-ID: <200702021538.l12Fc6ZW009870@turing-police.cc.vt.edu>

On Fri, 02 Feb 2007 16:23:24 +0100, Thierry Zoller said:
> With all due respect, I think you are crying wolf a tad bit too much.
> Speech recognition is inherently unreliable, (btw remember the presentation
> they gave?). Since you deem the problem as remotely exploitable,let's ignore
> for one that I have to actively browse to a website and as such be physically
> in front of the PC and assume we use XSS to zombie the browser and play the
> audio 5 minutes later.  Then we assume there is not too much background
> noise, assume the audio level is ok, assume the microphone is on,
> assume Speech recognition is used, assume audio is on, and so forth.
> 
> Too many assumption to make it a real risk for me remotely, sorry. That's
> my personal opinion. Is is a vulnerability ? Yes. Is it likely to work
> 100% like a good crafted exploit? No

On the other hand, it's the sort of attack that is really handy to have
if you're doing a targeted attack against a corporation - send a crafted
spam that delivers the XSS to zombie the box, sleep for a few hours, and
when nobody's left in the office, crank up the volume and yell "PANTS DOWN!"
to every computer within range.... :)

(Remember - the average office is nice and quiet at 11PM if the janitors
aren't around - and nobody ever *said* the computer making the noise was
the one getting pwned... :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070202/e5adcf41/attachment.bin 

From tyoptyop at gmail.com  Fri Feb  2 15:51:36 2007
From: tyoptyop at gmail.com (Tyop?)
Date: Fri, 2 Feb 2007 16:51:36 +0100
Subject: [Full-disclosure] [Full-Disclosure] (Psexec on *NIX)
In-Reply-To: <200702021340.53125.raju@linux-delhi.org>
References: <20070131193123.89B6940002@mydoom.unipd.it>
	<b18fbe3c0702012125k4f240e22jf768f7b53547f741@mail.gmail.com>
	<200702020638.l126cKfa014655@turing-police.cc.vt.edu>
	<200702021340.53125.raju@linux-delhi.org>
Message-ID: <985b1a3d0702020751s76e110fbu2e2afadc7e52f921@mail.gmail.com>

On 2/2/07, Raj Mathur <raju at linux-delhi.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On Friday 02 February 2007 12:08, Valdis.Kletnieks at vt.edu wrote:
> > On Fri, 02 Feb 2007 13:25:11 +0800, Eduardo Tongson said:
> > > On 2/2/07, Xavier Beaudouin <kiwi at oav.net> wrote:
> > > <>
> > > > Allowing direct root login even with SSH is IMHO stupid...
> > > Please elaborate why is it IYHO stupid.
> > In environments where more than 1 person has root access, allowing
> > direct login to root means you can't keep an audit trail of which
> > person logged in.
> >
> > And if your environment only one person has root access, that's
> > just looking for a DoS if the one person is hit by a bus.....
>
> I believe we have had this discussion before, but I'll iterate my
> beliefs in favour of allowing direct root access again:
>
> - - Password management is a bitch.  I don't remember passwords for
> about half the accounts I have.  Using a key-based root login, I
> don't need to remember those passwords either.  If you take the sudo
> route, every user has to remember each password for each account,
> unless you take the deprecated route of reusing passwords (or
> *horrors* allow sudo without password).

key-based login without passphrase is like eating cheese without
bred. useless (IMHO).

> - - With a little bit of configuration, it's easy to figure out which
> key was used to login to an account; the audit trail can be managed
> that way.
> - - Managing which users have access to which root accounts is trivial
> this way: just add or delete their keys from .ssh/authorized_keys[2].

Totally agree.

-- 
Tyop?
http://altmylife.blogspot.com



From nytrokiss at gmail.com  Fri Feb  2 17:16:36 2007
From: nytrokiss at gmail.com (James Matthews)
Date: Fri, 2 Feb 2007 12:16:36 -0500
Subject: [Full-disclosure] Hushmail from
	full-disclosure-request@lists.grok.org.uk
In-Reply-To: <20070202054010.6E53A28460@smtp5.hushmail.com>
References: <20070202054010.6E53A28460@smtp5.hushmail.com>
Message-ID: <8a6b8e350702020916r6625016eq6d60f1864be478f1@mail.gmail.com>

Again WTF!

On 2/2/07, auto189837 at hushmail.com <auto189837 at hushmail.com> wrote:
>
> You have received mail at your Hushmail address.  To cease receiving these
> notices, click the "Preferences" link in the toolbar once you have logged
> in.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.goldwatches.com
http://www.wazoozle.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070202/2cecd0c3/attachment.html 

From chedder1 at gmail.com  Fri Feb  2 16:22:39 2007
From: chedder1 at gmail.com (chedder1 at gmail.com)
Date: Fri, 02 Feb 2007 08:22:39 -0800
Subject: [Full-disclosure] [Full-Disclosure] (Psexec on *NIX)
In-Reply-To: <985b1a3d0702020751s76e110fbu2e2afadc7e52f921@mail.gmail.com>
References: <20070131193123.89B6940002@mydoom.unipd.it>
	<b18fbe3c0702012125k4f240e22jf768f7b53547f741@mail.gmail.com>
	<200702020638.l126cKfa014655@turing-police.cc.vt.edu>
	<200702021340.53125.raju@linux-delhi.org>
	<985b1a3d0702020751s76e110fbu2e2afadc7e52f921@mail.gmail.com>
Message-ID: <20070202162239.GA96254@cheesebox.vc.shawcable.net>

On Fri, Feb 02, 2007 at 04:51:36PM +0100, Tyop? wrote:
> On 2/2/07, Raj Mathur <raju at linux-delhi.org> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > On Friday 02 February 2007 12:08, Valdis.Kletnieks at vt.edu wrote:
> > > On Fri, 02 Feb 2007 13:25:11 +0800, Eduardo Tongson said:
> > > > On 2/2/07, Xavier Beaudouin <kiwi at oav.net> wrote:
> > > > <>
> > > > > Allowing direct root login even with SSH is IMHO stupid...
> > > > Please elaborate why is it IYHO stupid.
> > > In environments where more than 1 person has root access, allowing
> > > direct login to root means you can't keep an audit trail of which
> > > person logged in.
> > >
> > > And if your environment only one person has root access, that's
> > > just looking for a DoS if the one person is hit by a bus.....
> >
> > I believe we have had this discussion before, but I'll iterate my
> > beliefs in favour of allowing direct root access again:
> >
> > - - Password management is a bitch.  I don't remember passwords for
> > about half the accounts I have.  Using a key-based root login, I
> > don't need to remember those passwords either.  If you take the sudo
> > route, every user has to remember each password for each account,
> > unless you take the deprecated route of reusing passwords (or
> > *horrors* allow sudo without password).
> 
> key-based login without passphrase is like eating cheese without
> bred. useless (IMHO).
> 
> > - - With a little bit of configuration, it's easy to figure out which
> > key was used to login to an account; the audit trail can be managed
> > that way.
> > - - Managing which users have access to which root accounts is trivial
> > this way: just add or delete their keys from .ssh/authorized_keys[2].
> 
> Totally agree.
> 
> -- 
> Tyop?
> http://altmylife.blogspot.com
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
... i eat cheese without bread
-- 
 _______________________________________________
|hello, my name is				|
|       .__               .___  .___            |
|  ____ |  |__   ____   __| _/__| _/___________ |
|_/ ___\|  |  \_/ __ \ / __ |/ __ |/ __ \_  __ \|
|\  \___|   Y  \  ___// /_/ / /_/ \  ___/|  | \/|
| \___  >___|  /\___  >____ \____ |\___  >__|   |
|    \/     \/     \/     \/    \/    \/        |
|            http://chedder.hacked.in           |
|_______________________________________________|
           "You don't exist. Go away"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070202/d8d00421/attachment.bin 

From nytrokiss at gmail.com  Fri Feb  2 17:15:20 2007
From: nytrokiss at gmail.com (James Matthews)
Date: Fri, 2 Feb 2007 12:15:20 -0500
Subject: [Full-disclosure] Vista Speech recognition
In-Reply-To: <733918728.20070202162324@Zoller.lu>
References: <733918728.20070202162324@Zoller.lu>
Message-ID: <8a6b8e350702020915tdc53afbxa1a770d2c8233512@mail.gmail.com>

This is great!

On 2/2/07, Thierry Zoller <Thierry at zoller.lu> wrote:
>
> ---------------------------------------------------------------
> Posting of your message titled "Re[2]: [Dailydave] Vista speach
> recognition"  has been rejected by the list moderator.
> The moderator gave the following reason for rejecting
> your request: "No reason given"
> ---------------------------------------------------------------
>
> Dear George,
>
> With all due respect, I think you are crying wolf a tad bit too much.
> Speech recognition is inherently unreliable, (btw remember the
> presentation
> they gave?). Since you deem the problem as remotely exploitable,let's
> ignore
> for one that I have to actively browse to a website and as such be
> physically
> in front of the PC and assume we use XSS to zombie the browser and play
> the
> audio 5 minutes later.  Then we assume there is not too much background
> noise, assume the audio level is ok, assume the microphone is on,
> assume Speech recognition is used, assume audio is on, and so forth.
>
> Too many assumption to make it a real risk for me remotely, sorry. That's
> my personal opinion. Is is a vulnerability ? Yes. Is it likely to work
> 100% like a good crafted exploit? No
>
> GO> So
> GO> I'm asking Microsoft to reconsider their stance that "there is little
> if any
> GO> need to worry" and implement some sort of safety mechanism rather than
> GO> relying on the user to be self vigilant.  It doesn't matter that there
> GO> aren't that many people using this feature; Microsoft should fix it if
> GO> they're going to offer it and market it as a key Vista advantage.
> I have not read they don't plan to, it's just that .. well they don't
> consider it an emergency, and I can understand. The thing is they have
> a different scale than you, the next wormable exploit is something
> they worry about, an exploit that immediately might compromise a system
> is something I think they rate as Important, this thing is exploitable
> only if X+n conditions are met, if x+n assumptions are made. I don't
> say it's not a problem, I say the probability of it being a problem
> for a defined person is low to very low.
>
> GO> Since
> GO> Microsoft is promoting Voice recognition for healthcare, we should
> consider
> GO> the safety of patient health records.
> [X] Hysteria
>
> GO> At present time, Vista Speech Recognition wakes up to the command
> "start
> GO> listening".  How hard would it be for Microsoft to make that a
> GO> user-definable phrase or word?  For example: A user would pick "Zelda"
> as
> GO> the word to wake speech mode while someone else picks "439" as their
> wake
> GO> word.  How hard would it be for Microsoft to implement a wake timeout
> so
> GO> that Speech Recognition would sleep after 5 minutes idle?
> I haven't seen any mention that they don't plan to do so, maybe I have
> not read everything. My opinion: they will implement this, BUT hopefully
> make it an option.
>
> GO> I'm also running a poll at the end asking if Microsoft should patch
> this
> GO> with a pass phrase and echo cancellation.
> Why would that make sense? People will vote  for a fix.
>
>
> --
> http://secdev.zoller.lu
> Thierry Zoller
> Fingerprint : 5D84 BFDC CD36 A951 2C45  2E57 28B3 75DD 0AC6 F1C7
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.goldwatches.com
http://www.wazoozle.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070202/f712ddab/attachment.html 

From stan.bubrouski at gmail.com  Fri Feb  2 18:01:47 2007
From: stan.bubrouski at gmail.com (Stan Bubrouski)
Date: Fri, 2 Feb 2007 13:01:47 -0500
Subject: [Full-disclosure] [Full-Disclosure] (Psexec on *NIX)
In-Reply-To: <985b1a3d0702020751s76e110fbu2e2afadc7e52f921@mail.gmail.com>
References: <20070131193123.89B6940002@mydoom.unipd.it>
	<b18fbe3c0702012125k4f240e22jf768f7b53547f741@mail.gmail.com>
	<200702020638.l126cKfa014655@turing-police.cc.vt.edu>
	<200702021340.53125.raju@linux-delhi.org>
	<985b1a3d0702020751s76e110fbu2e2afadc7e52f921@mail.gmail.com>
Message-ID: <122827b90702021001l349a976bv762aad11fcd18b0a@mail.gmail.com>

On 2/2/07, Tyop? <tyoptyop at gmail.com> wrote:
>
> key-based login without passphrase is like eating cheese without
> bred. useless (IMHO).
>

Totally, if someone compromises the machine and gets root they get all
your keys and without a passphrase... yeah no good.

> > - - With a little bit of configuration, it's easy to figure out which
> > key was used to login to an account; the audit trail can be managed
> > that way.
> > - - Managing which users have access to which root accounts is trivial
> > this way: just add or delete their keys from .ssh/authorized_keys[2].
>
> Totally agree.
>

Ditto.

-sb

> --
> Tyop?
> http://altmylife.blogspot.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



From kyphros at gmail.com  Fri Feb  2 21:40:30 2007
From: kyphros at gmail.com (Mike Owen)
Date: Fri, 2 Feb 2007 13:40:30 -0800
Subject: [Full-disclosure] Hushmail from
	full-disclosure-request@lists.grok.org.uk
In-Reply-To: <8a6b8e350702020916r6625016eq6d60f1864be478f1@mail.gmail.com>
References: <20070202054010.6E53A28460@smtp5.hushmail.com>
	<8a6b8e350702020916r6625016eq6d60f1864be478f1@mail.gmail.com>
Message-ID: <8f5ca2210702021340i62b7bc03j63201b3cad60023f@mail.gmail.com>

On 2/2/07, James Matthews <nytrokiss at gmail.com> wrote:
> Again WTF!
>

It's just someone trying to get hushmail filtered from full-disclosure.



From matthew.flaschen at gatech.edu  Fri Feb  2 21:56:59 2007
From: matthew.flaschen at gatech.edu (Matthew Flaschen)
Date: Fri, 02 Feb 2007 16:56:59 -0500
Subject: [Full-disclosure] Hushmail
	from	full-disclosure-request@lists.grok.org.uk
In-Reply-To: <8f5ca2210702021340i62b7bc03j63201b3cad60023f@mail.gmail.com>
References: <20070202054010.6E53A28460@smtp5.hushmail.com>	<8a6b8e350702020916r6625016eq6d60f1864be478f1@mail.gmail.com>
	<8f5ca2210702021340i62b7bc03j63201b3cad60023f@mail.gmail.com>
Message-ID: <45C3B3AB.1020905@gatech.edu>

Mike Owen wrote:
> On 2/2/07, James Matthews <nytrokiss at gmail.com> wrote:
>> Again WTF!
>>
> 
> It's just someone trying to get hushmail filtered from full-disclosure.

This may backfire, as it seems Full Disclosure doesn't filter anything...

Matthew Flaschen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070202/77b65026/attachment.bin 

From matthew.flaschen at gatech.edu  Fri Feb  2 22:01:22 2007
From: matthew.flaschen at gatech.edu (Matthew Flaschen)
Date: Fri, 02 Feb 2007 17:01:22 -0500
Subject: [Full-disclosure] JavaScript inLine Debugger - The fastest web
 sites debugger (technique, not a tool)
In-Reply-To: <8ba534860701170549k226b996cice2d20ff89fccc67@mail.gmail.com>
References: <8ba534860701170549k226b996cice2d20ff89fccc67@mail.gmail.com>
Message-ID: <45C3B4B2.3010701@gatech.edu>

SirDarckCat wrote:
> JaSiLDBG
> JavaScript inLine Debugger
> 
> We wrote a document, explaining some of the capacities of this technique,
> and in the meantime, we also created some functions in a library that can
> help you using JaSiLDBG. The library is named: estigma its instalation, is
> very simple, just clicking a bookmark, in any browser that supports
> javascript will load it, and you can start using it.
> 

Thank you.  I had forgotten how to execute statements without destroying
the page (put it in void()).

Matthew Flaschen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070202/c770ef25/attachment.bin 

From info at beskerming.com  Fri Feb  2 22:20:30 2007
From: info at beskerming.com (=?ISO-8859-1?Q?S=FBnnet_Beskerming?=)
Date: Sat, 3 Feb 2007 08:50:30 +1030
Subject: [Full-disclosure] Vista Speech recognition
In-Reply-To: <200702021538.l12Fc6ZW009870@turing-police.cc.vt.edu>
References: <733918728.20070202162324@Zoller.lu>
	<200702021538.l12Fc6ZW009870@turing-police.cc.vt.edu>
Message-ID: <3B30F6B6-894B-4E4D-9FEB-9A97DF8D542A@beskerming.com>

If you have to use a side channel attack to ensure that the  
microphone is on and the speakers are active (what ideal target  
environment will have them both enabled or even fitted? No, I don't  
believe healthcare will be one), why don't you just use that channel  
to launch the primary attack?  While there is a real concern about  
this issue, that is all it is - a concern.

I agree with Thierry that this is a low risk situation.  It will be  
fun for pranking and the occasional exploit (hmm, it appears my drink  
holder has been replaced with a credit card slot on my computer), but  
will be harmless for most.  It will be more fun to bind sound to  
system events, so that every time a dialogue box was presented the  
system helpfully shouts out 'Cancel'.

Okay, so Microsoft's implementation of this feature could have been  
somewhat better, but it isn't really worth the hype and coverage that  
it has received to date.

Carl

S?nnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com




From security at mandriva.com  Fri Feb  2 23:16:20 2007
From: security at mandriva.com (security at mandriva.com)
Date: Fri, 02 Feb 2007 16:16:20 -0700
Subject: [Full-disclosure] [ MDKSA-2007:031 ] - Updated kdelibs packages fix
	KHTML vulnerability
Message-ID: <E1HD7dk-0005L6-I0@artemis.annvix.ca>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:031
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kdelibs
 Date    : February 2, 2007
 Affected: 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 FIXME Konqueror 3.5.5 does not properly parse HTML comments in title
 tags, which allows remote attackers to conduct cross-site scripting
 (XSS) attacks and bypass some XSS protection schemes by embedding
 certain HTML tags within a comment, a related issue to CVE-2007-0478.

 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 7882590402c82ff347205c176380153e  2007.0/i586/kdelibs-common-3.5.4-19.2mdv2007.0.i586.rpm
 01c4eb64ef06a8a8759843be0c07a920  2007.0/i586/kdelibs-devel-doc-3.5.4-19.2mdv2007.0.i586.rpm
 e63e9a2d3a07d3f2cfa20e495a5b1010  2007.0/i586/libkdecore4-3.5.4-19.2mdv2007.0.i586.rpm
 1ad276143d78de84b08606a815eecda9  2007.0/i586/libkdecore4-devel-3.5.4-19.2mdv2007.0.i586.rpm 
 34ee09ad1644f5685f6ebb6e7e214939  2007.0/SRPMS/kdelibs-3.5.4-19.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 081d768881b4f012e75854738189327d  2007.0/x86_64/kdelibs-common-3.5.4-19.2mdv2007.0.x86_64.rpm
 051e3625e87627e52c47590961523b51  2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.2mdv2007.0.x86_64.rpm
 6a2b0171144925bd21073553816f33b1  2007.0/x86_64/lib64kdecore4-3.5.4-19.2mdv2007.0.x86_64.rpm
 ae2202556fccf0bb820ed3e8401825ec  2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.2mdv2007.0.x86_64.rpm 
 34ee09ad1644f5685f6ebb6e7e214939  2007.0/SRPMS/kdelibs-3.5.4-19.2mdv2007.0.src.rpm

 Corporate 3.0:
 6afd1be3e42d77e131e44f9ed969c80e  corporate/3.0/i586/kdelibs-common-3.2-36.17.C30mdk.i586.rpm
 c00a10231de66159fecb2106e56ec1ca  corporate/3.0/i586/libkdecore4-3.2-36.17.C30mdk.i586.rpm
 733852a68f994ace4eb35017342443fb  corporate/3.0/i586/libkdecore4-devel-3.2-36.17.C30mdk.i586.rpm 
 4d4c9fee93b93f2c76f5092ff5ef23f3  corporate/3.0/SRPMS/kdelibs-3.2-36.17.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 418170a92387d41c49f3d32c91c97c9b  corporate/3.0/x86_64/kdelibs-common-3.2-36.17.C30mdk.x86_64.rpm
 590e047f677eb717c40a9e2fd77590e8  corporate/3.0/x86_64/lib64kdecore4-3.2-36.17.C30mdk.x86_64.rpm
 ec04fe80ee4a983e1ad98f54d75681af  corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.17.C30mdk.x86_64.rpm 
 4d4c9fee93b93f2c76f5092ff5ef23f3  corporate/3.0/SRPMS/kdelibs-3.2-36.17.C30mdk.src.rpm

 Corporate 4.0:
 2dc94e4e225b74d3f2e283b04c836273  corporate/4.0/i586/kdelibs-arts-3.5.4-2.3.20060mlcs4.i586.rpm
 826d76e2f3d50f48513ed18c4360dd67  corporate/4.0/i586/kdelibs-common-3.5.4-2.3.20060mlcs4.i586.rpm
 f7dad3711d9406d1123428f2c0cd9453  corporate/4.0/i586/kdelibs-devel-doc-3.5.4-2.3.20060mlcs4.i586.rpm
 88f0164705a9d71f21c3c4edfe7822b2  corporate/4.0/i586/libkdecore4-3.5.4-2.3.20060mlcs4.i586.rpm
 e00f9222203a3c51a747a694e3ab32c7  corporate/4.0/i586/libkdecore4-devel-3.5.4-2.3.20060mlcs4.i586.rpm 
 79690e9ab56836b4adc7a4d59bb872db  corporate/4.0/SRPMS/kdelibs-3.5.4-2.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 88d9b2f945bd62aa89b5f7743320cc0a  corporate/4.0/x86_64/kdelibs-arts-3.5.4-2.3.20060mlcs4.x86_64.rpm
 c1e462eaeb2127939d0d3775fb7a04a4  corporate/4.0/x86_64/kdelibs-common-3.5.4-2.3.20060mlcs4.x86_64.rpm
 a559376fde6f8513904010fc377293e7  corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-2.3.20060mlcs4.x86_64.rpm
 d97e4c4dd9859b6e43f3399e3e2c5fa1  corporate/4.0/x86_64/lib64kdecore4-3.5.4-2.3.20060mlcs4.x86_64.rpm
 f3e43bca041aeca542bba33a0bac1d43  corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-2.3.20060mlcs4.x86_64.rpm 
 79690e9ab56836b4adc7a4d59bb872db  corporate/4.0/SRPMS/kdelibs-3.5.4-2.3.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFw5r6mqjQ0CJFipgRAnJ4AJ9RqADSMDbkaQkcR9ZPi2ArjF9rtACgrhPc
7PYBsjk/ZTsogFdYFeWPWdc=
=r0d9
-----END PGP SIGNATURE-----



From security at mandriva.com  Sat Feb  3 00:18:04 2007
From: security at mandriva.com (security at mandriva.com)
Date: Fri, 02 Feb 2007 17:18:04 -0700
Subject: [Full-disclosure] [ MDKSA-2007:032 ] - Updated mpg123 packages fix
	DoS vulnerability.
Message-ID: <E1HD8bU-0005bg-8S@artemis.annvix.ca>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:032
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : mpg123
 Date    : February 2, 2007
 Affected: 2006.0, 2007.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 The http_open function in httpget.c in mpg123 before 0.64 allows remote
 attackers to cause a denial of service (infinite loop) by closing the
 HTTP connection early.

 Packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0578
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 babe8d78bc25c2dd132fa920880ba753  2006.0/i586/mpg123-0.59r-23.2.20060mdk.i586.rpm 
 ba97940bced19952befcacd2f3543adf  2006.0/SRPMS/mpg123-0.59r-23.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 df5b4948cc199f99cb922c501529ea6d  2006.0/x86_64/mpg123-0.59r-23.2.20060mdk.x86_64.rpm 
 ba97940bced19952befcacd2f3543adf  2006.0/SRPMS/mpg123-0.59r-23.2.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 63d1e8b57d1883657612bc4655ef9479  2007.0/i586/mpg123-0.60-2.1mdv2007.0.i586.rpm 
 6e6643dbbb5f0f837af32ca764568189  2007.0/SRPMS/mpg123-0.60-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 a84d45f47bcb660148c1a8294b4aec65  2007.0/x86_64/mpg123-0.60-2.1mdv2007.0.x86_64.rpm 
 6e6643dbbb5f0f837af32ca764568189  2007.0/SRPMS/mpg123-0.60-2.1mdv2007.0.src.rpm

 Corporate 3.0:
 b4f1ca196054a9d7e40359bd15bcf708  corporate/3.0/i586/mpg123-0.59r-22.4.C30mdk.i586.rpm 
 396f3b1659f5ea06471b8c8f4a077043  corporate/3.0/SRPMS/mpg123-0.59r-22.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 893735fab9e27cd51cac70f64f4aa831  corporate/3.0/x86_64/mpg123-0.59r-22.4.C30mdk.x86_64.rpm 
 396f3b1659f5ea06471b8c8f4a077043  corporate/3.0/SRPMS/mpg123-0.59r-22.4.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFw6jrmqjQ0CJFipgRAnS4AJ9nSuXylv+q+NanqNWUpwi+5F+K/ACeJZNc
QipMayieg+BkKXqXt6bvWMc=
=AuJY
-----END PGP SIGNATURE-----



From security at mandriva.com  Sat Feb  3 03:04:27 2007
From: security at mandriva.com (security at mandriva.com)
Date: Fri, 02 Feb 2007 20:04:27 -0700
Subject: [Full-disclosure] [ MDKSA-2007:033 ] - Updated wireshark packages
	fix multiple vulnerabilities
Message-ID: <E1HDBCV-0006QZ-9I@artemis.annvix.ca>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:033
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : wireshark
 Date    : February 2, 2007
 Affected: 2007.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Vulnerabilities in the LLT, IEEE 802.11, HTTP, and TCP dissectors were
 discovered in versions of wireshark less than 0.99.5, as well as
 various other bugs.

 This updated provides wireshark 0.99.5 which is not vulnerable to these
 issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0456
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0457
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0458
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0459
 http://www.wireshark.org/security/wnpa-sec-2007-01.html
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 740873204531526e4cc6878444af8362  2007.0/i586/libwireshark0-0.99.5-0.1mdv2007.0.i586.rpm
 add82ec56d6f77ee7368cd080a82a465  2007.0/i586/tshark-0.99.5-0.1mdv2007.0.i586.rpm
 d193c2b44c08aac1b67d64613532ef80  2007.0/i586/wireshark-0.99.5-0.1mdv2007.0.i586.rpm
 858bbb85edc9783b155ef0a0ac6c3b90  2007.0/i586/wireshark-tools-0.99.5-0.1mdv2007.0.i586.rpm 
 1df4c1838fe6b746a782e133de279827  2007.0/SRPMS/wireshark-0.99.5-0.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 8ef87dcfc0cc5ac18a31945959e7aa7c  2007.0/x86_64/lib64wireshark0-0.99.5-0.1mdv2007.0.x86_64.rpm
 a3f7656a6b2c90d23bac921d472bffaf  2007.0/x86_64/tshark-0.99.5-0.1mdv2007.0.x86_64.rpm
 81050abf3144fd206f8a2f0a7e910836  2007.0/x86_64/wireshark-0.99.5-0.1mdv2007.0.x86_64.rpm
 b2f12630475a24dec626092e231cc24a  2007.0/x86_64/wireshark-tools-0.99.5-0.1mdv2007.0.x86_64.rpm 
 1df4c1838fe6b746a782e133de279827  2007.0/SRPMS/wireshark-0.99.5-0.1mdv2007.0.src.rpm

 Corporate 4.0:
 26813537c4e24420d2cb1bbcbaad3185  corporate/4.0/i586/libwireshark0-0.99.5-0.1.20060mlcs4.i586.rpm
 55d76fd9bc65b2cd4eb602a8e8b034d1  corporate/4.0/i586/tshark-0.99.5-0.1.20060mlcs4.i586.rpm
 8aaf460bab2133abe4c7d5973f190d8c  corporate/4.0/i586/wireshark-0.99.5-0.1.20060mlcs4.i586.rpm
 4b12b3ad9f259bb9099208cb530bc42d  corporate/4.0/i586/wireshark-tools-0.99.5-0.1.20060mlcs4.i586.rpm 
 5937c2654ada4050818cc4d2f88d13ce  corporate/4.0/SRPMS/wireshark-0.99.5-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 b6da34d5d4f983d981f298b20f26222c  corporate/4.0/x86_64/lib64wireshark0-0.99.5-0.1.20060mlcs4.x86_64.rpm
 1a7b1c1d3c142f7e735f0b4e94b6fee8  corporate/4.0/x86_64/tshark-0.99.5-0.1.20060mlcs4.x86_64.rpm
 103ef9c506489cf585aa01bf71c8e24a  corporate/4.0/x86_64/wireshark-0.99.5-0.1.20060mlcs4.x86_64.rpm
 b9b872ed0afc643f40fc35983d0a7302  corporate/4.0/x86_64/wireshark-tools-0.99.5-0.1.20060mlcs4.x86_64.rpm 
 5937c2654ada4050818cc4d2f88d13ce  corporate/4.0/SRPMS/wireshark-0.99.5-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFw9EcmqjQ0CJFipgRAnDtAKCjD5xWhqIieHZJ1sXG6QHpMu5M0QCfesmh
Gbkbxd4FLH/gNMJxW9I0X2c=
=sFUw
-----END PGP SIGNATURE-----



From tyoptyop at gmail.com  Sat Feb  3 03:38:41 2007
From: tyoptyop at gmail.com (Tyop?)
Date: Sat, 3 Feb 2007 04:38:41 +0100
Subject: [Full-disclosure] [Full-Disclosure] (Psexec on *NIX)
In-Reply-To: <20070202162239.GA96254@cheesebox.vc.shawcable.net>
References: <20070131193123.89B6940002@mydoom.unipd.it>
	<b18fbe3c0702012125k4f240e22jf768f7b53547f741@mail.gmail.com>
	<200702020638.l126cKfa014655@turing-police.cc.vt.edu>
	<200702021340.53125.raju@linux-delhi.org>
	<985b1a3d0702020751s76e110fbu2e2afadc7e52f921@mail.gmail.com>
	<20070202162239.GA96254@cheesebox.vc.shawcable.net>
Message-ID: <985b1a3d0702021938p2106dddeu87e7293500e49680@mail.gmail.com>

On 2/2/07, chedder1 at gmail.com <chedder1 at gmail.com> wrote:
> On Fri, Feb 02, 2007 at 04:51:36PM +0100, Tyop? wrote:
> > On 2/2/07, Raj Mathur <raju at linux-delhi.org> wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > > On Friday 02 February 2007 12:08, Valdis.Kletnieks at vt.edu wrote:
> > > > On Fri, 02 Feb 2007 13:25:11 +0800, Eduardo Tongson said:
> > > > > On 2/2/07, Xavier Beaudouin <kiwi at oav.net> wrote:
> > > > > <>
> > > > > > Allowing direct root login even with SSH is IMHO stupid...
> > > > > Please elaborate why is it IYHO stupid.
> > > > In environments where more than 1 person has root access, allowing
> > > > direct login to root means you can't keep an audit trail of which
> > > > person logged in.
> > > >
> > > > And if your environment only one person has root access, that's
> > > > just looking for a DoS if the one person is hit by a bus.....
> > >
> > > I believe we have had this discussion before, but I'll iterate my
> > > beliefs in favour of allowing direct root access again:
> > >
> > > - - Password management is a bitch.  I don't remember passwords for
> > > about half the accounts I have.  Using a key-based root login, I
> > > don't need to remember those passwords either.  If you take the sudo
> > > route, every user has to remember each password for each account,
> > > unless you take the deprecated route of reusing passwords (or
> > > *horrors* allow sudo without password).
> >
> > key-based login without passphrase is like eating cheese without
> > bred. useless (IMHO).
> >
> > > - - With a little bit of configuration, it's easy to figure out which
> > > key was used to login to an account; the audit trail can be managed
> > > that way.
> > > - - Managing which users have access to which root accounts is trivial
> > > this way: just add or delete their keys from .ssh/authorized_keys[2].
> >
> > Totally agree.
> ... i eat cheese without bread

It's dangerous.

-- 
Tyop?
http://altmylife.blogspot.com



From kokanin at gmail.com  Sat Feb  3 10:22:51 2007
From: kokanin at gmail.com (=?ISO-8859-1?Q?Knud_Erik_H=F8jgaard?=)
Date: Sat, 3 Feb 2007 11:22:51 +0100
Subject: [Full-disclosure] [Full-Disclosure] (Psexec on *NIX)
In-Reply-To: <985b1a3d0702021938p2106dddeu87e7293500e49680@mail.gmail.com>
References: <20070131193123.89B6940002@mydoom.unipd.it>
	<b18fbe3c0702012125k4f240e22jf768f7b53547f741@mail.gmail.com>
	<200702020638.l126cKfa014655@turing-police.cc.vt.edu>
	<200702021340.53125.raju@linux-delhi.org>
	<985b1a3d0702020751s76e110fbu2e2afadc7e52f921@mail.gmail.com>
	<20070202162239.GA96254@cheesebox.vc.shawcable.net>
	<985b1a3d0702021938p2106dddeu87e7293500e49680@mail.gmail.com>
Message-ID: <a2e8ca0702030222s7134eb11qa6fe4767df5dcef1@mail.gmail.com>

On 2/2/07, Tyop? <tyoptyop at gmail.com> wrote:


> key-based login without passphrase is like eating cheese without
> bred. useless (IMHO).


It's good for backup using scponly as shell in the remote end. Cheese
without bread is equally good. Ever heard of CRACKERS LOL LOL?!"?!"?



From news at bucksch.org  Sat Feb  3 11:51:33 2007
From: news at bucksch.org (Ben Bucksch)
Date: Sat, 03 Feb 2007 12:51:33 +0100
Subject: [Full-disclosure] JavaScript inLine Debugger - The fastest web
 sites debugger (technique, not a tool)
In-Reply-To: <8ba534860701170549k226b996cice2d20ff89fccc67@mail.gmail.com>
References: <8ba534860701170549k226b996cice2d20ff89fccc67@mail.gmail.com>
Message-ID: <45C47745.8070604@bucksch.org>

SirDarckCat wrote:
> JaSiLDBG
> JavaScript inLine Debugger

Are you selling us the "javascript:" URL as "JaSiLDBG JavaScript inLine 
Debugger"? From all I can tell from your doc, you simply renamed 
"javascript:" to "JaSiLDBG".

Would have been more appropriate, and more useful, if you would have 
called your doc "How to use the javascript: URL
Dynamically inspect and modify webpages".

The doc does seem to be a useful as introduction.

It contains an error right on the second page, though (I didn't read 
much further): "the difference between properties and attributes is that 
you can?t change attributes". That's not correct. Properties are (in C++ 
language) "member variables" of JS objects, while attributes are 
conceptually more or less the same, just on DOM/XML/HTML nodes. Most of 
them are not represented as JS properties due to potential name 
collisions, but you can get them via the getAttribute() function, and 
you can set/change them via setAttribute(). You mention it yourself on 
page 14. The whole DHTML / AJAX movement bases on that.

See also
<http://www.w3.org/TR/2000/REC-DOM-Level-2-Core-20001113/idl-definitions.html>

A very interesting and very stretching use of javascript: URLs can be 
found at <http://www.squarefree.com/bookmarklets/>. Highly recommended.

Ben



From lcamtuf at dione.ids.pl  Sat Feb  3 20:57:01 2007
From: lcamtuf at dione.ids.pl (Michal Zalewski)
Date: Sat, 3 Feb 2007 21:57:01 +0100 (CET)
Subject: [Full-disclosure] Web 2.0 backdoors made easy with MSIE &
	XMLHttpRequest
Message-ID: <Pine.LNX.4.58.0702032000440.30846@dione>

As you probably know, the famous "web 2.0" XMLHttpRequest object allows
client-side web scripts to send nearly arbitrary HTTP requests, and then
freely analyze and manipulate the returned response, including HTTP
headers.

This gives an unprecedented level of control over your browser to the
author of a visited site. For this reason, to prevent various types of
abuse, XMLHttpRequest is restricted to interacting only with the site from
where the script originated, based on protocol, port, and host name
observed.

Unfortunately, due to a programming error, Microsoft's Msxml2.XMLHTTP
ActiveX object that MSIE relies on allows you to bypass this restriction
with the use of - BEHOLD - a highly sophisticated newline-and-tab
technology.

If the victim uses a proxy server (which is very common in corporate
settings), any intranet or Internet site can be interacted with in this
arcane manner:

  xmlhttp.open("GET\thttp://dione.ids.pl/\tHTTP/1.0\n\n", "x",true);

Otherwise, only sites co-hosted on the same server or load balancer can be
interacted with - which today can still mean quite a lot, for example
foxyteens.googlepages.com and gmail.com go nicely together. In such a
case, the request is:

  xmlhttp.open("GET\t/\tHTTP/1.0\nHost:\tdione.ids.pl\n\n", "x",true);

All contents of the requested page, including cookies, hidden form tokens,
etc, can be then extracted through the use of responseText and
getResponseHeader(), manipulated by the script, and used into subsequent
GET or POST requests.

A test page is available here:

  http://lcamtuf.coredump.cx/iexmltest.html

The browser will think it's still talking to the site from which the
script originated, so no session cookies will be sent to that server - but
some interesting activity is still possible: in the true spirit of Web
2.0, this can be trivially turned into an interactive client-side backdoor
proxy that may send shivers down the spines of some corporate security
dudes.

Consider this example: a guy working for company X is sent a link to
hotbrunette25's blog or a really cute video of singing hamsters. While he
is preoccupied with that resource, the creator of a malicious script can
order victim's browser to:

  1) Rapidly scan company's internal web services (XMLHttpRequest
     supports asynchronous connections and connection notification),

  2) Obtain real-time copies of site fronts (raw HTML responseText can be
     sent back directly to the attacker through a "legitimate"
     XMLHttpRequest).

  3) Interact with interesting ones in real-time in a virtually
     unrestricted manner (POSTs and GETs with any payloads can be
     requested, cookies can be set with setRequestHeader, etc).

Attacker functionality can be esentially implemented as a browser plugin
or a custom proxy and allow what amounts to highly-responsive,
feel-like-you're-there, remote presence - which certainly takes what used
to be blind bounce scanning and XSS to a 2.0 level.

In a setting where no proxy is available, and no elaborate private
infrastructure would be exposed to the attacker, the author of
foxyteens.googlepages.com can of course still use this to send possum
gang-rape spam through GMail from victim's IP, or whatnot - but that's of
course less exciting.

/mz



From lcamtuf at dione.ids.pl  Sat Feb  3 21:34:02 2007
From: lcamtuf at dione.ids.pl (Michal Zalewski)
Date: Sat, 3 Feb 2007 22:34:02 +0100 (CET)
Subject: [Full-disclosure] Web 2.0 backdoors made easy with MSIE &
	XMLHttpRequest
In-Reply-To: <Pine.LNX.4.58.0702032000440.30846@dione>
References: <Pine.LNX.4.58.0702032000440.30846@dione>
Message-ID: <Pine.LNX.4.58.0702032231410.30846@dione>

On Sat, 3 Feb 2007, Michal Zalewski wrote:

>   xmlhttp.open("GET\thttp://dione.ids.pl/\tHTTP/1.0\n\n", "x",true);

Funny enough, Paul Szabo was quick to point out that Amit Klein found the
same vector that I used here for client-side backdoors in May 2006 (still
not patched?! *shrieks in horror*), but for cache poisoning:

  "IE + some popular forward proxy servers = XSS, defacement (browser cache poisoning)"
  http://www.securityfocus.com/archive/1/434931

This is getting depressing. May 2006.

/mz




From tyoptyop at gmail.com  Sun Feb  4 00:55:09 2007
From: tyoptyop at gmail.com (Tyop?)
Date: Sun, 4 Feb 2007 01:55:09 +0100
Subject: [Full-disclosure] Web 2.0 backdoors made easy with MSIE &
	XMLHttpRequest
In-Reply-To: <985b1a3d0702031654o3abde24bna035ee746f3c2f83@mail.gmail.com>
References: <Pine.LNX.4.58.0702032000440.30846@dione>
	<Pine.LNX.4.58.0702032231410.30846@dione>
	<985b1a3d0702031654o3abde24bna035ee746f3c2f83@mail.gmail.com>
Message-ID: <985b1a3d0702031655l526e4f91jee327939ebabbb42@mail.gmail.com>

On 2/3/07, Michal Zalewski <lcamtuf at dione.ids.pl> wrote:
> On Sat, 3 Feb 2007, Michal Zalewski wrote:
>>   xmlhttp.open("GET\thttp://dione.ids.pl/\tHTTP/1.0\n\n", "x",true);
> Funny enough, Paul Szabo was quick to point out that Amit Klein found the
> same vector that I used here for client-side backdoors in May 2006 (still
> not patched?! *shrieks in horror*), but for cache poisoning:
>   "IE + some popular forward proxy servers = XSS, defacement
> (browser cache poisoning)"
>   http://www.securityfocus.com/archive/1/434931
>
> This is getting depressing. May 2006.

but not really surprising, yes?

Remember browserfun#18 (Tuesday, July 18, 2006)
http://osvdb.org/27110
Metasploit, "exploit in the wild" like they said.

Patched in October. 3 months of "real insecurity".
(^o^)

<troll>
Thx to Determina.
http://www.determina.com/security_center/security_advisories/securityadvisory_0day_09282.asp
</troll>

--
Tyop? [Fr]
http://altmylife.blogspot.com



From lcamtuf at dione.ids.pl  Sun Feb  4 01:18:02 2007
From: lcamtuf at dione.ids.pl (Michal Zalewski)
Date: Sun, 4 Feb 2007 02:18:02 +0100 (CET)
Subject: [Full-disclosure] Web 2.0 backdoors made easy with MSIE &
 XMLHttpRequest
In-Reply-To: <985b1a3d0702031655l526e4f91jee327939ebabbb42@mail.gmail.com>
References: <Pine.LNX.4.58.0702032000440.30846@dione>
	<Pine.LNX.4.58.0702032231410.30846@dione>
	<985b1a3d0702031654o3abde24bna035ee746f3c2f83@mail.gmail.com>
	<985b1a3d0702031655l526e4f91jee327939ebabbb42@mail.gmail.com>
Message-ID: <Pine.LNX.4.58.0702040204590.30846@dione>

On Sun, 4 Feb 2007, Tyop? wrote:

>> This is getting depressing. May 2006.
> but not really surprising, yes?

No, though this bug is truly remarkable in that a quick fix, I'm quite
certain, amounts to changing "!= ' '" to "> ' '" in the code.

That's two characters, and no chance for a negative impact on any
legitimate application, simply no way.

Oh, and actually,did I say May? It gets even better!

If you look at that paper, Amit initially noticed that \n and \t are not
filtered in September 2005 (17 months ago), and described it as a referrer
spoofing bug (granted, not an earth-shattering discovery).

He then followed up in May 2006 demonstrating how this can be used to do
local cache poisoning, which is kinda more problematic.

It's February 2007, the attack can be obviously used to do a really nasty
interactive firewall bypass attack in corporate environments - so... ugh.

At least they managed to fix it in IE7's new native XMLHttpRequest code,
which I bet happened by accident.

/mz



From giorgio.fedon at gmail.com  Sun Feb  4 00:26:48 2007
From: giorgio.fedon at gmail.com (Giorgio Fedon)
Date: Sun, 4 Feb 2007 01:26:48 +0100
Subject: [Full-disclosure] Fwd: Web 2.0 backdoors made easy with MSIE &
	XMLHttpRequest
In-Reply-To: <a30fee8f0702031621v3039152fyf8acae97a39de037@mail.gmail.com>
References: <Pine.LNX.4.58.0702032000440.30846@dione>
	<Pine.LNX.4.58.0702032231410.30846@dione>
	<a30fee8f0702031621v3039152fyf8acae97a39de037@mail.gmail.com>
Message-ID: <a30fee8f0702031626u4655a936t4360ef75cadd014a@mail.gmail.com>

During the lecture we presented at 23C3 "Subverting Ajax" we focused on many
topics about Ajax client side attacks.
One of these was called Cross Domain Scripting (Aka XDS or AICS) that
exploited a Http Request Splitting Vulnerability to bypass DOM restrictions
and  inject in realtime javascript code during the user browsing session.

This kind of attack relies on:
1) Request Splitting Vulnerability (in Web Browser or Browser Plug-in like
flash, + Web Proxy)
2) Frame Injection
3) Some tricks to make it working

The goal was to have control over a browsing session among different
domains, extending control and interaction.

More info are  in the last Chapter of our Subverting Ajax Paper
(Autoinjecting Cross Domain Scripting):
http://events.ccc.de/congress/2006/Fahrplan/events/1602.en.html

At 23C3, we also had a nice conversation with Dan Kaminsky about the IE 6
vulnerability reported by Amit Klein, which was exploited to leverage the
Request Splitting. Indeed Amit Klein did a great job and he's a pioneer in
this kind of research.

Giorgio Fedon, Stefano Di Paola

> Amit Klein found the  same vector that I used here for client-side
backdoors in May 2006 (still
> not patched?! *shrieks in horror*), but for cache poisoning:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070204/8af784b1/attachment.html 

From nytrokiss at gmail.com  Sun Feb  4 00:13:03 2007
From: nytrokiss at gmail.com (James Matthews)
Date: Sat, 3 Feb 2007 19:13:03 -0500
Subject: [Full-disclosure] Web 2.0 backdoors made easy with MSIE &
	XMLHttpRequest
In-Reply-To: <Pine.LNX.4.58.0702032231410.30846@dione>
References: <Pine.LNX.4.58.0702032000440.30846@dione>
	<Pine.LNX.4.58.0702032231410.30846@dione>
Message-ID: <8a6b8e350702031613r76aca8a9lda1e97635be4348d@mail.gmail.com>

Yes this is bad!

On 2/3/07, Michal Zalewski <lcamtuf at dione.ids.pl> wrote:
>
> On Sat, 3 Feb 2007, Michal Zalewski wrote:
>
> >   xmlhttp.open("GET\thttp://dione.ids.pl/\tHTTP/1.0\n\n", "x",true);
>
> Funny enough, Paul Szabo was quick to point out that Amit Klein found the
> same vector that I used here for client-side backdoors in May 2006 (still
> not patched?! *shrieks in horror*), but for cache poisoning:
>
>   "IE + some popular forward proxy servers = XSS, defacement (browser
> cache poisoning)"
>   http://www.securityfocus.com/archive/1/434931
>
> This is getting depressing. May 2006.
>
> /mz
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.goldwatches.com
http://www.wazoozle.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070203/bd3e1c7a/attachment.html 

From sirdarckcat at gmail.com  Sun Feb  4 03:00:49 2007
From: sirdarckcat at gmail.com (SirDarckCat)
Date: Sat, 3 Feb 2007 21:00:49 -0600
Subject: [Full-disclosure] JavaScript inLine Debugger - The fastest web
	sites debugger (technique, not a tool)
In-Reply-To: <45C47745.8070604@bucksch.org>
References: <8ba534860701170549k226b996cice2d20ff89fccc67@mail.gmail.com>
	<45C47745.8070604@bucksch.org>
Message-ID: <8ba534860702031900q2d963c2cxcefef64952443413@mail.gmail.com>

Hi!

well "javascript:" is not an URL is an URI..
the document is not about the name of the technique (JaSiLDBG is the "code
name" we decided to use, you are free to name it as you want).

the document really is a handbook on how to use the "javascript" URI for
debugging web sites "on the fly".. I think that most of the persons that
should know how to use "javascript URI" for debugging purposes doesn't know
it, that's why we wrote the document.

about the attribute/property issue, I think you are right :P there has been
a problem when transcribing the document from my notes :P

Greetz!!

On 2/3/07, Ben Bucksch <news at bucksch.org> wrote:
>
> SirDarckCat wrote:
> > JaSiLDBG
> > JavaScript inLine Debugger
>
> Are you selling us the "javascript:" URL as "JaSiLDBG JavaScript inLine
> Debugger"? From all I can tell from your doc, you simply renamed
> "javascript:" to "JaSiLDBG".
>
> Would have been more appropriate, and more useful, if you would have
> called your doc "How to use the javascript: URL
> Dynamically inspect and modify webpages".
>
> The doc does seem to be a useful as introduction.
>
> It contains an error right on the second page, though (I didn't read
> much further): "the difference between properties and attributes is that
> you can't change attributes". That's not correct. Properties are (in C++
> language) "member variables" of JS objects, while attributes are
> conceptually more or less the same, just on DOM/XML/HTML nodes. Most of
> them are not represented as JS properties due to potential name
> collisions, but you can get them via the getAttribute() function, and
> you can set/change them via setAttribute(). You mention it yourself on
> page 14. The whole DHTML / AJAX movement bases on that.
>
> See also
> <
> http://www.w3.org/TR/2000/REC-DOM-Level-2-Core-20001113/idl-definitions.html
> >
>
> A very interesting and very stretching use of javascript: URLs can be
> found at <http://www.squarefree.com/bookmarklets/>. Highly recommended.
>
> Ben
>



-- 
Att.
SirDarckCat at GMail.com

http://www.google.com/search?q=sirdarckcat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070203/41ac52f5/attachment.html 

From jammer128 at gmail.com  Sun Feb  4 09:57:17 2007
From: jammer128 at gmail.com (Jason Miller)
Date: Sun, 4 Feb 2007 03:57:17 -0600
Subject: [Full-disclosure] Any one saw these attacks before?
In-Reply-To: <4653002b0701301200y316957a3w66b3eb97342f40a0@mail.gmail.com>
References: <4653002b0701301200y316957a3w66b3eb97342f40a0@mail.gmail.com>
Message-ID: <829b2de40702040157y657a2cf9g7cd38753077a36fb@mail.gmail.com>

what are you babbling on about?

On 1/30/07, Jianqiang Xin <jqxin2006 at gmail.com> wrote:
>
> Did anyone see web attack like this? If yes, is the attack generated by
> worm, spamware, or virus? Thanks.
>
>
> It is one packet with too many headers: The headers are as following:
>
> Headers
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : www.doityourself.com
>
> Host : www.usps.gov
>
> Host : www.fedex.com
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : www.etoys.com
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : Desktop.presario.net
>
> Host : store.presario.net
>
> Host : Desktop.presario.net
>
> Host : Desktop.presario.net
>
> Host : www.sportingnews.com
>
> Host : cbs.sportsline.com
>
> Host : www.microsoft.com
>
> Host : www.freebyte.com
>
> Host : dmoz.org
>
> Host : www.microsoft.com
>
> Host : g.msn.com
>
> Host : www.microsoft.com
>
> Host : g.msn.com
>
> Host : moneycentral.msn.com
>
> Host : moneycentral.msn.com
>
> Host : home.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : www.microsoft.com
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : www.wired.com
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : www.doityourself.com
>
> Host : www.usps.gov
>
> Host : www.fedex.com
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : www.etoys.com
>
> Host : desktop.presario.net
>
> Host : desktop.presario.net
>
> Host : Desktop.presario.net
>
> Host : store.presario.net
>
> Host : Desktop.presario.net
>
> Host : Desktop.presario.net
>
> Host : www.sportingnews.com
>
> Host : cbs.sportsline.com
>
> Host : www.microsoft.com
>
> Host : www.freebyte.com
>
> Host : dmoz.org
>
> Host : www.microsoft.com
>
> Host : g.msn.com
>
> Host : www.microsoft.com
>
> Host : g.msn.com
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070204/3f10b2fa/attachment.html 

From eitancaspi at yahoo.com  Sat Feb  3 22:30:30 2007
From: eitancaspi at yahoo.com (EitanCaspi@yahoo.com)
Date: Sun, 4 Feb 2007 00:30:30 +0200
Subject: [Full-disclosure] Vmare workstation guest isolation weaknesses
	(clipboard transfer)
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAAJz0KZpHP7wRvCX295XW5YHCgAAAEAAAAOuEIDhzk15CjCGmX9IsG5sBAAAAAA==@yahoo.com>


Suggested severity level: Low


Type of Risk: isolation failure, information leakage, infection path


Affected Software:  VMware Workstation, version 5.5.3 build 34685 (including
installation of "VMware tools" of the same version on the guest OS).
(Other products by the vendor using the same isolation components may be
effected as well, but they weren't tested due to lack of resources. I advise
administrators who use the corporate products of VMware to test this issues
if they use this products in a production environment)
Guest and Host OS: Windows XP Pro with SP2 and all the latest operational
and security patches from the "windows update" site, up to 31-Jan-2007.
(Other guest OS (especially ones by Microsoft) maybe effected as well, but
they weren't tested).


Local / Remote activated: Local


Summary: Each VM has its own settings. one settings category is "Guest
Isolation", which includes a checkbox named "Enable copy and paste to and
from this virtual machine".
This feature can work only if the "VMware tools" component is installed on
the guest OS.
The clipboard copy operation can transfer only text, not files or streams.
I have discovered the following issues regarding this component:

1. Changing the value of