Microsoft Works 7 WkImgSrv.dll Exploit

From coderman at gmail.com Thu May 1 00:00:10 2008 From: coderman at gmail.com (coderman) Date: Wed, 30 Apr 2008 16:00:10 -0700 Subject: [Full-disclosure] Microsoft device helps police pluck evidencefrom cyberscene of crime In-Reply-To: <4f32729a0804301417u3ea6080ft51f624b2b6cb048a@mail.gmail.com> References: <6450e99d0804291731o1f1f4b7o8196cfa56193ec2e@mail.gmail.com> <200804291541.09850.prb@lava.net> <4f32729a0804301021x5aa7c13va6f5c4df8642f3c2@mail.gmail.com> <4f32729a0804301417u3ea6080ft51f624b2b6cb048a@mail.gmail.com> Message-ID: <4ef5fec60804301600w6744b16cr64e754e25823d351@mail.gmail.com> On Wed, Apr 30, 2008 at 2:17 PM, Rob Thompson wrote: > ... > > Meaning if you disable autorun on all USB/Firewire/"hot-plug" devices > > does it potentially eliminate this threat? > > I doubt it. They probably have something coded into the device that > works with something "special" within Windows. But again, just an > assumption. I haven't gotten my paws on one of these yet. Though I'm > sure that it you look hard enough, it can be found. you'd have to epoxy over those ports. putty epoxy in the USB, firewire, PCCard , and related slots. it's been done, for regulatory compliance. works great. gets your hands messy. but seriously, who will take such measures on their home PC? last but not least, the cold boot disk encryption attacks showed how even the plugged ports could be worked around with a quick reboot and a can of keyboard cleaner... From magickal1 at gmail.com Thu May 1 01:33:34 2008 From: magickal1 at gmail.com (magickal1) Date: Wed, 30 Apr 2008 20:33:34 -0400 Subject: [Full-disclosure] Did n3td3v infulence Google Security Team In-Reply-To: References: Message-ID: <200804302033.35074.magickal1@gmail.com> I don't often write to the list nor contribute much at all at this point mostly due to work commitments but I felt a need to this time. Why on earth was this posted to the list? it provided no usefull information. It had nothing to do with full disclosure of anything. all it did was waste my time and others. At this point the author of the post has made it to the filter to hit the trash bin straight off marked as read. Do us all a favor...stop posting this crap. Its pointless, provides no information and can be used for nothing. In a word this post ranked no higher than SPAM! My 2cents worth. Flame away chances are I'm not going to respond anyway. if [ !=n3td3v ] then; mv $post spam fi On Tuesday 29 April 2008 20:50:18 full-disclosure-request at lists.grok.org.uk wrote: > Did n3td3v infulence Google Security Team From ivanhec at gmail.com Thu May 1 01:47:52 2008 From: ivanhec at gmail.com (Ivan .) Date: Thu, 1 May 2008 10:47:52 +1000 Subject: [Full-disclosure] Microsoft device helps police pluck evidencefrom cyberscene of crime In-Reply-To: <4ef5fec60804301600w6744b16cr64e754e25823d351@mail.gmail.com> References: <6450e99d0804291731o1f1f4b7o8196cfa56193ec2e@mail.gmail.com> <200804291541.09850.prb@lava.net> <4f32729a0804301021x5aa7c13va6f5c4df8642f3c2@mail.gmail.com> <4f32729a0804301417u3ea6080ft51f624b2b6cb048a@mail.gmail.com> <4ef5fec60804301600w6744b16cr64e754e25823d351@mail.gmail.com> Message-ID: <6450e99d0804301747q3e581603q58391375f7786804@mail.gmail.com> more info http://www.news.com/8301-10789_3-9932600-57.html?tag=blog.promos On Thu, May 1, 2008 at 9:00 AM, coderman wrote: > On Wed, Apr 30, 2008 at 2:17 PM, Rob Thompson > wrote: > > > ... > > > Meaning if you disable autorun on all USB/Firewire/"hot-plug" devices > > > does it potentially eliminate this threat? > > > > I doubt it. They probably have something coded into the device that > > works with something "special" within Windows. But again, just an > > assumption. I haven't gotten my paws on one of these yet. Though I'm > > sure that it you look hard enough, it can be found. > > you'd have to epoxy over those ports. putty epoxy in the USB, > firewire, PCCard , and related slots. it's been done, for regulatory > compliance. works great. gets your hands messy. > > but seriously, who will take such measures on their home PC? > > last but not least, the cold boot disk encryption attacks showed how > even the plugged ports could be worked around with a quick reboot and > a can of keyboard cleaner... > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From hermens.p at gmail.com Thu May 1 02:31:51 2008 From: hermens.p at gmail.com (Pat) Date: Thu, 1 May 2008 11:31:51 +1000 Subject: [Full-disclosure] Did n3td3v infulence Google Security Team In-Reply-To: <200804302033.35074.magickal1@gmail.com> References: <200804302033.35074.magickal1@gmail.com> Message-ID: I concur :-) 2008/5/1 magickal1 : > I don't often write to the list nor contribute much at all at this point > mostly due to work commitments but I felt a need to this time. > > Why on earth was this posted to the list? it provided no usefull > information. > It had nothing to do with full disclosure of anything. all it did was > waste > my time and others. At this point the author of the post has made it to > the > filter to hit the trash bin straight off marked as read. > > Do us all a favor...stop posting this crap. Its pointless, provides no > information and can be used for nothing. In a word this post ranked no > higher than SPAM! > > My 2cents worth. > > Flame away chances are I'm not going to respond anyway. > > if [ !=n3td3v ] then; > mv $post spam > fi > > On Tuesday 29 April 2008 20:50:18 > full-disclosure-request at lists.grok.org.uk > wrote: > > Did n3td3v infulence Google Security Team > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080501/43f0f76c/attachment.html From mducharme at cybergeneration.com Thu May 1 13:43:29 2008 From: mducharme at cybergeneration.com (Maxime Ducharme) Date: Thu, 1 May 2008 08:43:29 -0400 Subject: [Full-disclosure] Did n3td3v infulence Google Security Team In-Reply-To: <200804302033.35074.magickal1@gmail.com> Message-ID: <01bb01c8ab88$f5151280$6500a8c0@cybergeneration.com> I also agree Thanks for saying what many others think Have a nice day everyone Maxime Ducharme -----Message d'origine----- De?: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] De la part de magickal1 Envoy??: 30 avril 2008 20:34 ??: full-disclosure at lists.grok.org.uk Objet?: [Full-disclosure] Did n3td3v infulence Google Security Team I don't often write to the list nor contribute much at all at this point mostly due to work commitments but I felt a need to this time. Why on earth was this posted to the list? it provided no usefull information. It had nothing to do with full disclosure of anything. all it did was waste my time and others. At this point the author of the post has made it to the filter to hit the trash bin straight off marked as read. Do us all a favor...stop posting this crap. Its pointless, provides no information and can be used for nothing. In a word this post ranked no higher than SPAM! My 2cents worth. Flame away chances are I'm not going to respond anyway. if [ !=n3td3v ] then; mv $post spam fi On Tuesday 29 April 2008 20:50:18 full-disclosure-request at lists.grok.org.uk wrote: > Did n3td3v infulence Google Security Team _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From labs-no-reply at idefense.com Thu May 1 16:25:18 2008 From: labs-no-reply at idefense.com (iDefense Labs) Date: Thu, 01 May 2008 11:25:18 -0400 Subject: [Full-disclosure] iDefense Security Advisory 04.30.08: Akamai Download Manager Arbitrary Program Execution Vulnerability Message-ID: <4819E0DE.1070304@idefense.com> iDefense Security Advisory 04.30.08 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 30, 2008 I. BACKGROUND Akamai Download Manager is an integral component of Akamai's global distribution service. It is used to deliver big files quickly and reliably to users around world. It has been used by vendors such as Symantec and Microsoft to provide downloads to the public. Akamai provides both an ActiveX and a Java based Download Manager. If a user uses the ActiveX control once, it will remain installed on the users computer until manually removed. For more information, please visit following web sites. http://www.akamai.com/html/technology/products/http_downloads.html http://www.akamai.com/html/solutions/electronic_software_delivery.html II. DESCRIPTION Remote exploitation of a design error in Akamai Technologies, Inc's Download Manager allows attackers to execute arbitrary code in the context of the current user. The ActiveX control version has the following identifiers: Class: DownloadManager Control CLSID: 2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B CLSID: FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1 ProgId: MANAGER.DLMCtrl.1. File: C:\Windows\Downloaded Program Files\DownloadManagerV2.ocx The Java version has the following identifiers: Class: com.akamai.dm.ui.applet.DMApplet.class JAR: dlm-java-2.2.2.0.jar This problem specifically exists due to two undocumented object parameters. By using these parameters, it is possible to cause Download Manager to automatically download and execute arbitrary binaries from attacker controlled locations. III. ANALYSIS Exploitation allows an attacker to execute arbitrary code in the context of the user viewing a maliciously crafted web page. In order to exploit this vulnerability, an attacker would need to persuade, or otherwise force, a user to view a malicious web page. This is usually accomplished by getting the targeted user to click a link in a form of electronic communication such as e-mail or instant messaging. While the attack is happening, the Download Manager user interface is displayed. However, in a normal attack scenario there is insufficient time to cancel the download before exploitation occurs. IV. DETECTION iDefense confirmed the existence of this vulnerability using version 2.2.2.1 of Akamai Technologies Inc's DownloadManagerV2.ocx. Additionally, iDefense confirmed the problem exists in version 2.2.2.0 of the Download Manager Java Applet. All versions prior to the fixed version are suspected to be vulnerable. V. WORKAROUND Setting kill-bits for the associated CLSIDs will prevent the ActiveX control from being loaded within Internet Explorer, thereby preventing exploitation. Disabling Java will prevent exploitation using the Java Applet version. VI. VENDOR RESPONSE Akamai has addressed this vulnerability with the release of version 2.2.3.5 of their Download Manager product. For more information, refer to their advisory. To download the updated version, visit the following URL. http://dlm.tools.akamai.com/tools/upgrade.html VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-6339 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 12/06/2007 Initial vendor notification 12/06/2007 Initial vendor response 04/30/2008 Public disclosure IX. CREDIT This vulnerability was reported to iDefense by Peter Vreugdenhil. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright ? 2008 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice at idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. From shatter at appsecinc.com Thu May 1 15:18:56 2008 From: shatter at appsecinc.com (Team SHATTER) Date: Thu, 01 May 2008 15:18:56 +0100 Subject: [Full-disclosure] Team SHATTER Security Advisory: Oracle Database SQL Injection in SYS.DBMS_CDC_UTILITY.LOCK_CHANGE_SET (DB02) Message-ID: <4819D150.2020200@appsecinc.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory Oracle Database SQL Injection in SYS.DBMS_CDC_UTILITY.LOCK_CHANGE_SET (DB02) April 28, 2008 Risk Level: Medium Affected versions: Oracle Database Server versions 10gR1, 10gR2 and 11gR1 Remote exploitable: Yes (Authentication to Database Server is needed) Credits: This vulnerability was discovered and researched by Esteban Mart?nez Fay? of Application Security Inc. Details: The PL/SQL package DBMS_CDC_UTILITY owned by SYS has an instance of SQL Injection. A malicious user can call a vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user. Impact: Any Oracle database user with EXECUTE privilege on the package SYS.DBMS_CDC_UTILITY can exploit this vulnerability. By default, users granted SELECT_CATALOG_ROLE have the required privilege. Exploitation of this vulnerability allows an attacker to execute SQL commands with SYS privileges. Vendor Status: Vendor was contacted and a patch was released. Workaround: Restrict access to the SYS.DBMS_CDC_UTILITY package. Fix: Apply Oracle Critical Patch Update April 2008 available at Oracle Metalink. Links: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html http://www.appsecinc.com/resources/alerts/oracle/2008-01.shtml Timeline: Vendor Notification - 9/24/2007 Vendor Response - 9/28/2007 Fix - 4/15/2008 Public Disclosure - 4/28/2008 Application Security, Inc's database security solutions have helped over 1000 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFIGdFQ9EOAcmTuFN0RAsEBAJ0fnftcWJ32upbc3v1WezVYIt4m2QCguvyt QaysA2lpI/qzMSktNdEQggY= =jgW9 -----END PGP SIGNATURE----- From shatter at appsecinc.com Thu May 1 15:16:41 2008 From: shatter at appsecinc.com (Team SHATTER) Date: Thu, 01 May 2008 15:16:41 +0100 Subject: [Full-disclosure] Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11) Message-ID: <4819D0C9.4070503@appsecinc.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11) April 28, 2008 Risk Level: Medium Affected versions: Oracle Database Server versions 9iR2, 10gR1, 10gR2 and 11gR1 Remote exploitable: Yes (Authentication to Database Server is needed) Credits: This vulnerability was discovered and researched by Esteban Mart?nez Fay? of Application Security Inc. Details: Oracle Database Server provides the SYS.KUPF$FILE_INT package. This package contains the procedure GET_FULL_FILENAME which is vulnerable to buffer overflow attacks. Impact: Any Oracle database user with EXECUTE privilege on the package SYS.KUPF$FILE_INT can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DoS (Denial of service) killing the Oracle server process. Vendor Status: Vendor was contacted and a patch was released. Workaround: Restrict access to the SYS.KUPF$FILE_INT package. Fix: Apply Oracle Critical Patch Update April 2008 available at Oracle Metalink. Links: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html http://www.appsecinc.com/resources/alerts/oracle/2008-02.shtml Timeline: Vendor Notification - 8/24/2007 Vendor Response - 8/29/2007 Fix - 4/15/2008 Public Disclosure - 4/28/2008 Application Security, Inc's database security solutions have helped over 1000 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFIGdDJ9EOAcmTuFN0RAjZzAJ9tCnCrlzM2Ee2p+XvXw2QYigEdjgCggVJz vFz+7Ajire3QVAVDA+pKtK0= =GOf3 -----END PGP SIGNATURE----- From shatter at appsecinc.com Thu May 1 15:17:55 2008 From: shatter at appsecinc.com (Team SHATTER) Date: Thu, 01 May 2008 15:17:55 +0100 Subject: [Full-disclosure] Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.DBMS_AQJMS_INTERNAL (DB15) Message-ID: <4819D113.3040400@appsecinc.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory Oracle Database Buffer Overflow in SYS.DBMS_AQJMS_INTERNAL (DB15) April 28, 2008 Risk Level: Medium Affected versions: Oracle Database Server versions 9iR1, 9iR2 (9.2.0.7 and previous patchsets) and 10gR1 Remote exploitable: Yes (Authentication to Database Server is needed) Credits: This vulnerability was discovered and researched by Esteban Mart?nez Fay? of Application Security Inc. Details: Oracle Database Server provides the SYS.DBMS_AQJMS_INTERNAL package. This package contains the procedures AQ$_REGISTER and AQ$_UNREGISTER which are vulnerable to buffer overflow attacks. Impact: Any Oracle database user with EXECUTE privilege on the package SYS.DBMS_AQJMS_INTERNAL can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE, AQ_ADMINISTRATOR_ROLE or AQ_USER_ROLE have the required privilege. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DoS (Denial of service) killing the Oracle server process. Vendor Status: Vendor was contacted and a patch was released. Workaround: Restrict access to the SYS.DBMS_AQJMS_INTERNAL package. Fix: Apply Oracle Critical Patch Update April 2008 available at Oracle Metalink. Links: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html http://www.appsecinc.com/resources/alerts/oracle/2008-03.shtml Timeline: Vendor Notification - 2/22/2005 Fix - 04/15/2008 Public Disclosure - 04/28/2008 Application Security, Inc's database security solutions have helped over 1000 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFIGdES9EOAcmTuFN0RAkVzAJ0WCwZ2qJT9SB6EBSbSL4HfUCEb4gCgtoWk XxS8q/0bi1GnLt99aCg4DJ0= =p8Zl -----END PGP SIGNATURE----- From thijs at debian.org Thu May 1 18:00:13 2008 From: thijs at debian.org (Thijs Kinkhorst) Date: Thu, 1 May 2008 19:00:13 +0200 (CEST) Subject: [Full-disclosure] [SECURITY] [DSA 1564-1] New wordpress packages fix several vulnerabilities Message-ID: <20080501170013.92C13326876@morgana.loeki.tv> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1564-1 security at debian.org http://www.debian.org/security/ Thijs Kinkhorst May 01, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : wordpress Vulnerability : multiple Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-3639 CVE-2007-4153 CVE-2007-4154 CVE-2007-0540 Several remote vulnerabilities have been discovered in wordpress, a weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3639 Insufficient input sanitising allowed for remote attackers to redirect visitors to external websites. CVE-2007-4153 Multiple cross-site scripting vulnerabilities allowed remote authenticated administrators to inject arbitrary web script or HTML. CVE-2007-4154 SQL injection vulnerability allowed allowed remote authenticated administrators to execute arbitrary SQL commands. CVE-2007-0540 WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. [no CVE name yet] Insufficient input sanitising caused an attacker with a normal user account to access the administrative interface. For the stable distribution (etch), these problems have been fixed in version 2.0.10-1etch2. For the unstable distribution (sid), these problems have been fixed in version 2.2.3-1. We recommend that you upgrade your wordpress package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10.orig.tar.gz Size/MD5 checksum: 520314 e9d5373b3c6413791f864d56b473dd54 http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch2.diff.gz Size/MD5 checksum: 29327 663e0b7c1693ff63715e0253ad5cc036 http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch2.dsc Size/MD5 checksum: 891 2e297f530d472f47b40ba50ea04b1476 Architecture independent packages: http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch2_all.deb Size/MD5 checksum: 521244 4851fe016749b1b9c819fd8d5785198e These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSBn2/Wz0hbPcukPfAQLb6gf+IJCvU6dxETAGIm85x1JxfcpWyRx3Ept5 toj+TNH90JgYJsH6nIb3dLwGsv9GhSP8DOfwVS3k6hw8D4bSTzTRg+ieRwRYh14h AYhcK4Xd6XmzP4QOUp34k8bBjup/Jp9ECtXQosh6TocLR5CLS0WV88miuzsDKvTy FZqTNrzA03n0lhxaIaqombN4g+pUQab6hazqsWJferqwpublDVSQzQFDuRXNnmN0 G8294cyBCDqN4TTaMwO9LPoRQQVJbr2lrKsmOdDKoFVOCNeKpU+gonIw9xWOM2kS /Sjn95y7pTAqTXirwbcdIXyqsDo1NIZrxN/al3tnv1ZY9NSy0v9Trw== =BmFA -----END PGP SIGNATURE----- From dannf at debian.org Thu May 1 19:25:04 2008 From: dannf at debian.org (dann frazier) Date: Thu, 1 May 2008 12:25:04 -0600 Subject: [Full-disclosure] [SECURITY] [DSA 1565-1] New Linux 2.6.18 packages fix several vulnerabilities Message-ID: <20080501182504.GK7270@ldl.fc.hp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1565-1 security at debian.org http://www.debian.org/security/ dann frazier May 1, 2008 http://www.debian.org/security/faq - ---------------------------------------------------------------------- Package : linux-2.6 Vulnerability : several vulnerabilities Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-6694 CVE-2008-0007 CVE-2008-1294 CVE-2008-1375 Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-6694 Cyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS). CVE-2008-0007 Nick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code. CVE-2008-1294 David Peer discovered that users could escape administrator imposed cpu time limitations (RLIMIT_CPU) by setting a limit of 0. CVE-2008-1375 Alexander Viro discovered a race condition in the directory notification subsystem that allows local users to cause a Denial of Service (oops) and possibly result in an escalation of priveleges. For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-18etch3. The unstable (sid) and testing distributions will be fixed soon. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.18etch3 user-mode-linux 2.6.18-1um-2etch.18etch3 You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch3.dsc Size/MD5 checksum: 740 950fed7ed7c289cfea9c1b39f0f41bc0 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch2.dsc Size/MD5 checksum: 740 6f6faa132a53e808bcc61823d140290a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch3.diff.gz Size/MD5 checksum: 5395308 ae08d42b58cd3cf93a23fe31615ac2fd http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum: 14435 4d10c30313e11a24621f7218c31f3582 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch3.dsc Size/MD5 checksum: 892 ca5cdee7568704bc9f6c58f786d0daae http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch3.tar.gz Size/MD5 checksum: 55267 981e9a0a1d79b1605164588eef7da492 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch3.dsc Size/MD5 checksum: 5672 4e4714f542968b30b2c3f94e203e1e04 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch2.tar.gz Size/MD5 checksum: 55185 0a46d75b3ced870a96ea41b900f1ecaa http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch2.diff.gz Size/MD5 checksum: 16873 868c1f27ad2c8db782bbd2bdc3618d70 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch2.dsc Size/MD5 checksum: 892 52c602d55bdc301a0622ed8a63745f29 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch3.diff.gz Size/MD5 checksum: 16968 ff99991657e11545a0f557b623962c52 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-18etch3_all.deb Size/MD5 checksum: 3589210 d2033347599e8db12e2446fd75c0ce37 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-18etch3_all.deb Size/MD5 checksum: 54558 3362cfa5f1de0c80b1aa96f22d846c7e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-18etch3_all.deb Size/MD5 checksum: 1586214 a496f633c826ce730ce6150dff49209f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-18etch3_all.deb Size/MD5 checksum: 41463452 67e56915cd61f4b0058aa668e284ca8c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-18etch3_all.deb Size/MD5 checksum: 1085670 9c6513bc6e29a63d0aedc8da8958fc3f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-18etch3_all.deb Size/MD5 checksum: 3752262 e2f225858212089b10aa319236d300f3 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_alpha.deb Size/MD5 checksum: 3027694 ef8b352212a8184702407e69cb7046bd http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-18etch3_alpha.deb Size/MD5 checksum: 268330 7b7d0ab15fe537a59c68b35531750739 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_alpha.deb Size/MD5 checksum: 54038 f42aafb19b9fae6445d0581277b60e92 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-18etch3_alpha.deb Size/MD5 checksum: 23531650 8633558cda9f10fbadbc9299dde77575 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-18etch3_alpha.deb Size/MD5 checksum: 54074 f4b61f5f330a7a2248d91432fa307f41 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-18etch3_alpha.deb Size/MD5 checksum: 268076 09bdbafb6d32a4d9f8ceab5f1a6c666e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-18etch3_alpha.deb Size/MD5 checksum: 23484202 d14e2e1d8537aa0cb2f2367f6ddd6762 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-18etch3_alpha.deb Size/MD5 checksum: 23844262 0cb427290707d8a59a3afdf68f523e6b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch3_alpha.deb Size/MD5 checksum: 3052524 4323a32807ee9a2a7f13bc605ef0a9c7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-18etch3_alpha.deb Size/MD5 checksum: 268772 bcec817953f14a50253dbe83e16d6c70 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-18etch3_alpha.deb Size/MD5 checksum: 23462618 f6873f376755c4f29b24d0d11c9d70ae http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-18etch3_alpha.deb Size/MD5 checksum: 267446 376df6aed1989d65f8144f8790862e17 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch3_amd64.deb Size/MD5 checksum: 15260738 6c000df81a113d2d69a9473a3d764f08 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-18etch3_amd64.deb Size/MD5 checksum: 16859134 9480377d14efcd65c7bde090d2c18023 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-18etch3_amd64.deb Size/MD5 checksum: 3357018 fcb1a842f85110b4a37d246621027ad3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch3_amd64.deb Size/MD5 checksum: 271914 9a7953d1adbcfbbea07a1357450f34a0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch3_amd64.deb Size/MD5 checksum: 15272470 2581dfa79e27ead359eb27642748b3df http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-18etch3_amd64.deb Size/MD5 checksum: 54066 ce821a602278441fb157d2e8dffa7840 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-18etch3_amd64.deb Size/MD5 checksum: 16820486 a1540f416895111ff4a4f6dc8d5ae2ad http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch3_amd64.deb Size/MD5 checksum: 3191118 dae286014c3a55824e3cb3040948caa4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-18etch3_amd64.deb Size/MD5 checksum: 271584 5246a3f1ccb78bde203aab0338e90cd3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_amd64.deb Size/MD5 checksum: 54038 20567a8f59997151900492fbbdb5a5bf http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch3_amd64.deb Size/MD5 checksum: 54012 fcd8a752e777bf97667914fe658ca440 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_amd64.deb Size/MD5 checksum: 3167674 8fed61ce7278a060d600e54481851c2b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-18etch3_amd64.deb Size/MD5 checksum: 3334306 bd7dd1d9b1518e0e52f3d513ad9f7cea http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch3_amd64.deb Size/MD5 checksum: 1650934 92ab0f73f6d2a1699f975ebede812c99 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch3_amd64.deb Size/MD5 checksum: 54034 224990e92d1255bac74a4a540ef8ee15 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-18etch3_amd64.deb Size/MD5 checksum: 271184 4d2dfd603bf61408db599c9a972d6824 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch3_amd64.deb Size/MD5 checksum: 1682946 a2ccb197f0b4bc35e889a61c095add5e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch3_amd64.deb Size/MD5 checksum: 272850 4cab43a5199e6764b4857a91aaa52e09 arm architecture (ARM) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-18etch3_arm.deb Size/MD5 checksum: 7924514 6f93e2c2e0f3e5ddeddb95bd50d560ef http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-18etch3_arm.deb Size/MD5 checksum: 233088 acb0dd092348b024f08e0fc2467c31f3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-18etch3_arm.deb Size/MD5 checksum: 54104 1437f25c10919b2f944295b8d7f168d8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_arm.deb Size/MD5 checksum: 54064 1afdbacaa80466a4705a9b7ef50a4a9d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-18etch3_arm.deb Size/MD5 checksum: 239810 542097b2625db36fa56dfd7a29b66f37 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-18etch3_arm.deb Size/MD5 checksum: 233830 e9a09a7d2a3927486adc68e1f1f7f0f8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_arm.deb Size/MD5 checksum: 3410416 dfc64565c01ac1f01784d72a8befa378 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-18etch3_arm.deb Size/MD5 checksum: 7566074 822c9f74d2a88f4ac8e94210ecb06752 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-18etch3_arm.deb Size/MD5 checksum: 204874 1b773fb8b26f20629b8c868db90c5521 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-18etch3_arm.deb Size/MD5 checksum: 5009022 ef23e40a692019b29f03f1ef7c864e12 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-18etch3_arm.deb Size/MD5 checksum: 4586924 66c55044ecf936cf08b69e3f78f8318e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-18etch3_arm.deb Size/MD5 checksum: 8870890 a5a52727b1e019791b260c65d4793911 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-18etch3_arm.deb Size/MD5 checksum: 198750 09c8bda5566b05dd0f969dedfc316d4c hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-18etch3_hppa.deb Size/MD5 checksum: 10552252 247e3774a6493211af6575531966a8a4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_hppa.deb Size/MD5 checksum: 3020374 69fbbe6591cdab73257c9f68bacb63c0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_hppa.deb Size/MD5 checksum: 54044 77f6c66523dba6bb546b28b6b40b51e9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-18etch3_hppa.deb Size/MD5 checksum: 196344 3ed099784ab8fe2f625462b1689ea7cd http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-18etch3_hppa.deb Size/MD5 checksum: 196818 f0d8bbb055a380b4c2b6064bbd9de0ac http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-18etch3_hppa.deb Size/MD5 checksum: 54068 f91b5aa270a091f57a246e4cf1f6924a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-18etch3_hppa.deb Size/MD5 checksum: 195368 29352673ddd4364e7dab3f5a1eb6e2d1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-18etch3_hppa.deb Size/MD5 checksum: 197570 bde8500410397921905e78f71cd68a10 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-18etch3_hppa.deb Size/MD5 checksum: 11398348 8201e0a1b33c60d737fb2821dadb8d18 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-18etch3_hppa.deb Size/MD5 checksum: 10999924 6a0b08925946b094d1638ca20095df15 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-18etch3_hppa.deb Size/MD5 checksum: 11806360 7e63ef04531d59c2e3d0c93893d09bf0 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 16376092 f7e958b27f039bb044d46f94cc0c9231 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 54014 593ee26c9bed3b3c853511c6bbbd13ea http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch2_i386.deb Size/MD5 checksum: 25583354 6cc7cc34a241783bb8f3b2c9da7595a2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 278502 0f7f0e13f78438eeb1a939a637b8070c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 16466936 99c66acfa3cd0c109f0d3e2eaedf8877 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 279716 62626201a89882bab17d10ce706b2df5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 14289932 049b2b4696e9cbeec20ec8c2056c7185 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 277596 042152b79d08eea568fd7481b4849386 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 16507076 a1a5845401d351c6fa1f380565bcb5d6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 16190600 6c50e29e1616140b367e626c93db2ae4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 271900 8d74262b41e039125ce896f8e8d2f8bd http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 272690 94db026fc7d498b48c5ac0b504f63390 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 1299670 879785b1ee5f4ef0bec7423e5c7599e9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 14279230 3101d59c0d8ad8bf617f4d0eefbbb7de http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 54088 e23a1d89d0f998caed5b594c5762dc19 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 54032 d7b04d8d6f7a0d43579a499e4e0b681b http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch2_i386.deb Size/MD5 checksum: 5518204 0ce72fa3c9dfd208b1afa6912ffbcc3d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 16336828 0780d6d13e90466249f83e6d72ce1780 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch3_i386.deb Size/MD5 checksum: 5518218 b86648769c5d3db2eb79b1bf6d490c50 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 3148608 633afcaaeb9d655b8bde34977bfd0bd5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 272236 a611f8a0301e945ce72af3610bc05350 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 3054330 6cfae664f54be8c9ed3958c003f404c9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 3167916 756a4eed5e44d0530c5f20a7bc80d3d2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 279366 357140fdeff990683639e8f290593b0c http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch3_i386.deb Size/MD5 checksum: 25583596 f0c6d87c849d5384be99dba70d34fb0d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 282728 a6b21a6fc38381b3884b2d2cd052d306 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 16836766 be9c22427d5666a80bf96e4c6501ebf7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 54030 125894b7dd2b90ba5f48de2e7f04518b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 1326708 add492f75bb0337e6e69a4afb73114c6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 16404432 9411c28cfbb27329417aa28b32de764c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 3170704 6b86d80969e7f62ceaae5ee5af7f1a5c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-18etch3_i386.deb Size/MD5 checksum: 279198 92c75044e071977263a20c444ee655d0 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-18etch3_ia64.deb Size/MD5 checksum: 255464 ad4b1e9a12ca70ebb46a4c0f77bb62bf http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-18etch3_ia64.deb Size/MD5 checksum: 28013676 bacb3a11176542aa961867eaac8539d3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-18etch3_ia64.deb Size/MD5 checksum: 28181506 d0c75846976e8ebcd8baf1ee64a46414 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_ia64.deb Size/MD5 checksum: 54036 746e70c193f28c412acec61cf63e4572 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-18etch3_ia64.deb Size/MD5 checksum: 54050 fa3dc6c7671185e9ce4f7a00783990dc http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_ia64.deb Size/MD5 checksum: 3081858 970b72442606e4878d77a274d4fa4306 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-18etch3_ia64.deb Size/MD5 checksum: 255414 885054343ab6670ce1d90f7bdda61ef2 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-18etch3_mips.deb Size/MD5 checksum: 167030 7bce3329b9fc5d10faafecfac21bc70a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch3_mips.deb Size/MD5 checksum: 186870 37e9b246abeb84886cd9a6215187f229 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-18etch3_mips.deb Size/MD5 checksum: 8309262 893346de1a07ed015320fe333fc41037 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch3_mips.deb Size/MD5 checksum: 15653182 1938128d29990cc16bc3f829d3fa1cbf http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-18etch3_mips.deb Size/MD5 checksum: 6125514 e6842c7aedc7b70d5a4a5d8e624e9627 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-18etch3_mips.deb Size/MD5 checksum: 162870 5ebcff098fd97c89bc0f3057f68c3e31 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-18etch3_mips.deb Size/MD5 checksum: 54110 9408231d8eb91431b2ca495f1e94f3cb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_mips.deb Size/MD5 checksum: 54054 ed109dbb8bf134256164d6d07bd061f6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_mips.deb Size/MD5 checksum: 3413590 6013078ea705dbf5367d284f6ae401a4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-18etch3_mips.deb Size/MD5 checksum: 154266 e5775b643e07055ec7121815d9316e62 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch3_mips.deb Size/MD5 checksum: 186682 9027d5504f2739d64d1bb4111ec5e136 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch3_mips.deb Size/MD5 checksum: 15677870 4b5a1f2e56c587a0d470ea17fab07647 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-18etch3_mips.deb Size/MD5 checksum: 9075438 02f535440d5018de7b6233b232aa04de mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-18etch3_mipsel.deb Size/MD5 checksum: 9863510 a6c8def78ca64e8e8b6ef10533186d30 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-18etch3_mipsel.deb Size/MD5 checksum: 149960 2e09d53e58663189a043b7d7493cec8e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-18etch3_mipsel.deb Size/MD5 checksum: 5926528 cb0dfe477608a2da181596f9b78ceddc http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-18etch3_mipsel.deb Size/MD5 checksum: 155716 76a619c24cc74cfe22ab42f9f2964096 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_mipsel.deb Size/MD5 checksum: 54040 affef50872a733868e2e3d58d566993a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-18etch3_mipsel.deb Size/MD5 checksum: 155772 dd2d75f96ee5dd4c7a7ff8250f631649 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch3_mipsel.deb Size/MD5 checksum: 182490 f6be30e57bbff0ecace79826d4474bb3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-18etch3_mipsel.deb Size/MD5 checksum: 5941862 45689ea22cb4ebdfb71936f79e00eebe http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-18etch3_mipsel.deb Size/MD5 checksum: 178194 4baf9d4d2fed0b5e3f12add06fae014b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_mipsel.deb Size/MD5 checksum: 3350066 4938243e89da8ace26c47d00bc60acf1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch3_mipsel.deb Size/MD5 checksum: 182706 84024a93ebcd9d394f179c8ee254ef1b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch3_mipsel.deb Size/MD5 checksum: 15053292 024f0d5e1fbaf5c7d5664aca87ac8741 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mipsel_2.6.18.dfsg.1-18etch3_mipsel.deb Size/MD5 checksum: 54102 d25d6e1de865a3da93959dd8f8034d7f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-18etch3_mipsel.deb Size/MD5 checksum: 6027404 26b3c01fd8f1c798189c1ee5ec44d11c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch3_mipsel.deb Size/MD5 checksum: 15030096 69c0f1d1c25f49c3201a0b3edc1873b0 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-18etch3_powerpc.deb Size/MD5 checksum: 16402406 7f918a1714d84f8ccb6aaf1a13fc518e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-18etch3_powerpc.deb Size/MD5 checksum: 17016786 c06998d5b9b3c192bde5ecc4119830a1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-18etch3_powerpc.deb Size/MD5 checksum: 54088 3683bf42ff1af3009202bf4c6a0e30cd http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-18etch3_powerpc.deb Size/MD5 checksum: 16626352 37c3c60edcd7f7b22ededfcda073b5a8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-18etch3_powerpc.deb Size/MD5 checksum: 251358 20ade66e354f4473ff045bb0e4e2f7c5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-18etch3_powerpc.deb Size/MD5 checksum: 229986 a6996ddd8cd1f5439aecfc4693ab83f9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_powerpc.deb Size/MD5 checksum: 54036 d451146b15c05d5d630f72a3399a3464 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-18etch3_powerpc.deb Size/MD5 checksum: 253356 69fd6bca694ce1aea2788658eb530d3e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-18etch3_powerpc.deb Size/MD5 checksum: 18348404 6899ee7990a534276f4c98970a05a843 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch3_powerpc.deb Size/MD5 checksum: 3414514 54cad7ae1cd248f0125aa12c9823f0c7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-18etch3_powerpc.deb Size/MD5 checksum: 18293832 2025add962d50482de362ee202f8bb79 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-18etch3_powerpc.deb Size/MD5 checksum: 252806 ed8f3ba9ab6384096d25204af0594ed1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_powerpc.deb Size/MD5 checksum: 3392288 02cba07fa4ab35192737f7a40907cf53 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-18etch3_powerpc.deb Size/MD5 checksum: 16969082 d986973f5c4d0e577b169c96ffa0cec4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-18etch3_powerpc.deb Size/MD5 checksum: 15157518 c3ae440ddcd66b9aaa80260824f91967 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-18etch3_powerpc.deb Size/MD5 checksum: 253230 4d2e3ce370d0c3caf798cfee0dfc44d2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-18etch3_powerpc.deb Size/MD5 checksum: 246254 fa91c1654d4f46128856838066eb11bf http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-18etch3_powerpc.deb Size/MD5 checksum: 252272 5eda39b6177f4e66f082c06a159f5719 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-18etch3_s390.deb Size/MD5 checksum: 54058 9e8a26d5500ffcd7a6a29dfac6d570b8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_s390.deb Size/MD5 checksum: 54032 350d6fe5dcfdefcc6f92e364f0ffba3f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-18etch3_s390.deb Size/MD5 checksum: 5401990 4af4cf18cb011bb00bb882f7a03c9a21 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-18etch3_s390.deb Size/MD5 checksum: 143264 76db142c20b22a4d0847f6309e0a10da http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch3_s390.deb Size/MD5 checksum: 2966014 81cfb914839c4709399e25ffe9eb2cb5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-18etch3_s390.deb Size/MD5 checksum: 143688 4291bc7d9865c2842a181b22a7992188 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-18etch3_s390.deb Size/MD5 checksum: 5661534 8f7661bfe58017b2e3aa2eb9ca3ffadd http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-18etch3_s390.deb Size/MD5 checksum: 1438796 18d9f041343153cf48f441eeed112885 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-18etch3_s390.deb Size/MD5 checksum: 5619704 7213d869d6e23933ae5e55c87fade8f6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-18etch3_s390.deb Size/MD5 checksum: 144632 5df45b01064fc7de2106e8b532946cb5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_s390.deb Size/MD5 checksum: 2942938 7dcac05e6588849c7491ef1004759f39 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_sparc.deb Size/MD5 checksum: 3168126 ef5277a44be4e2fb95d7f7feca1cc568 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-18etch3_sparc.deb Size/MD5 checksum: 165126 8d82f98016c375c250105791051e3021 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-18etch3_sparc.deb Size/MD5 checksum: 6411270 7106725061d98e4036d0ebabd01ca7fa http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-18etch3_sparc.deb Size/MD5 checksum: 195102 73419b6d64a68410924a0471f0d3bf62 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-18etch3_sparc.deb Size/MD5 checksum: 10391364 f35ec6950afc88b69fa814d005b68550 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_sparc.deb Size/MD5 checksum: 54046 dbd49273f393e72c21f056d50f94cf02 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch3_sparc.deb Size/MD5 checksum: 3190444 40bc9af5142779024dea09675f833778 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-18etch3_sparc.deb Size/MD5 checksum: 194260 80fdc90e470899b21ae831aaa06702b9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-18etch3_sparc.deb Size/MD5 checksum: 195828 2036f355f29c418602074540bde81c65 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-18etch3_sparc.deb Size/MD5 checksum: 10693152 7bef279c0e967019fa5e8a07c1eb4019 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-18etch3_sparc.deb Size/MD5 checksum: 10647534 197798f662b6e4fc55d0f64dcea6eeff http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-18etch3_sparc.deb Size/MD5 checksum: 54076 8a2d9ac2067a4c8a7b090da06faf4025 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIGgmwhuANDBmkLRkRAoRpAKCCo/Ja0CkmHW8VQijCHN7Y5l113ACeKR48 1gWjfQ6MRn5jOphirPT8DZg= =22DK -----END PGP SIGNATURE----- From xploitable at gmail.com Thu May 1 22:26:17 2008 From: xploitable at gmail.com (n3td3v) Date: Thu, 1 May 2008 22:26:17 +0100 Subject: [Full-disclosure] Happy Valdis Kletnieks Day Message-ID: <4b6ee9310805011426m679da221pa8227f248950c519@mail.gmail.com> Happy Valdis Kletnieks Day, a new and innovative day where nothing gets post on FD!!! Valdis Kletnieks, Ureleet and others hope it will catch on and that it will take place every year. Its all about counter productive awareness, don't post anything on FD every May 1st. All the best, n3td3v From razishaban at gmail.com Thu May 1 22:47:39 2008 From: razishaban at gmail.com (Razi Shaban) Date: Fri, 2 May 2008 00:47:39 +0300 Subject: [Full-disclosure] Happy Valdis Kletnieks Day In-Reply-To: <4b6ee9310805011426m679da221pa8227f248950c519@mail.gmail.com> References: <4b6ee9310805011426m679da221pa8227f248950c519@mail.gmail.com> Message-ID: <2d792fb20805011447i78bb869fn5aa171c0f458003f@mail.gmail.com> Right back at you! BTW, yesterday was international labor day! Where people from all professions get a day off. I guess the security sector gets two days. -- Razi On 5/2/08, n3td3v wrote: > Happy Valdis Kletnieks Day, a new and innovative day where nothing > gets post on FD!!! > > Valdis Kletnieks, Ureleet and others hope it will catch on and that it > will take place every year. > > Its all about counter productive awareness, don't post anything on FD > every May 1st. > > All the best, > > n3td3v > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From xploitable at gmail.com Thu May 1 22:51:58 2008 From: xploitable at gmail.com (n3td3v) Date: Thu, 1 May 2008 22:51:58 +0100 Subject: [Full-disclosure] Happy Valdis Kletnieks Day In-Reply-To: <2d792fb20805011447i78bb869fn5aa171c0f458003f@mail.gmail.com> References: <4b6ee9310805011426m679da221pa8227f248950c519@mail.gmail.com> <2d792fb20805011447i78bb869fn5aa171c0f458003f@mail.gmail.com> Message-ID: <4b6ee9310805011451j599a8259obeeadd11822091fc@mail.gmail.com> On Thu, May 1, 2008 at 10:47 PM, Razi Shaban wrote: > Right back at you! > > BTW, yesterday was international labor day! > Where people from all professions get a day off. > I guess the security sector gets two days. Fuck the security sector!!! From xploitable at gmail.com Thu May 1 23:17:43 2008 From: xploitable at gmail.com (n3td3v) Date: Thu, 1 May 2008 23:17:43 +0100 Subject: [Full-disclosure] Ureleet Message-ID: <4b6ee9310805011517y45921ae4xea144f19dc310d0e@mail.gmail.com> You're fucking banned from n3td3v mailing list so don't even try anymore. From xploitable at gmail.com Thu May 1 23:33:53 2008 From: xploitable at gmail.com (n3td3v) Date: Thu, 1 May 2008 23:33:53 +0100 Subject: [Full-disclosure] HD Moore Message-ID: <4b6ee9310805011533x795c4daejbf4dc26e9aefbe07@mail.gmail.com> Suck a cock big boy, you're going down. down, down. From xploitable at gmail.com Thu May 1 23:41:33 2008 From: xploitable at gmail.com (n3td3v) Date: Thu, 1 May 2008 23:41:33 +0100 Subject: [Full-disclosure] Could n3td3v win a Pwnie award? In-Reply-To: <13a7c2d20804260613y2dced3aeq9bafeff7e92662e0@mail.gmail.com> References: <4b6ee9310804251843o7dac084cxb36527c3ba485f74@mail.gmail.com> <4b6ee9310804251904k62cb0f94x1c9568261ac1ef42@mail.gmail.com> <4b6ee9310804251948y3560dc5xf38b591180b2aec@mail.gmail.com> <13a7c2d20804260613y2dced3aeq9bafeff7e92662e0@mail.gmail.com> Message-ID: <4b6ee9310805011541w107a9ac8od1c1e83b285adf66@mail.gmail.com> On Sat, Apr 26, 2008 at 2:13 PM, G. D. Fuego wrote: > Why should ANYONE want to take part in your vulnerability notification day if you > believe that the UK Security Service should be tracking these people. > Considering you claim to be so close to them, wouldn't that just be > registering with that agency? Any day of the year you post on FD is registering with MI6. It makes no difference. All the best, n3td3v From nate.mcfeters at gmail.com Fri May 2 00:15:33 2008 From: nate.mcfeters at gmail.com (Nate McFeters) Date: Thu, 1 May 2008 18:15:33 -0500 Subject: [Full-disclosure] HD Moore In-Reply-To: <4b6ee9310805011533x795c4daejbf4dc26e9aefbe07@mail.gmail.com> References: <4b6ee9310805011533x795c4daejbf4dc26e9aefbe07@mail.gmail.com> Message-ID: <997ef2c20805011615h27d9ee49tcd48dee6f5e77576@mail.gmail.com> What the hell is this for? On 5/1/08, n3td3v wrote: > > Suck a cock big boy, you're going down. down, down. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080501/afd43dc7/attachment.html From infolookup at gmail.com Fri May 2 00:23:42 2008 From: infolookup at gmail.com (infolookup at gmail.com) Date: Thu, 1 May 2008 23:23:42 +0000 Subject: [Full-disclosure] HD Moore In-Reply-To: <997ef2c20805011615h27d9ee49tcd48dee6f5e77576@mail.gmail.com> References: <4b6ee9310805011533x795c4daejbf4dc26e9aefbe07@mail.gmail.com><997ef2c20805011615h27d9ee49tcd48dee6f5e77576@mail.gmail.com> Message-ID: <555459934-1209684220-cardhu_decombobulator_blackberry.rim.net-1280085319-@bxe139.bisx.prod.on.blackberry> I mean really, what is this list becoming? Sent from my Verizon Wireless BlackBerry -----Original Message----- From: "Nate McFeters" Date: Thu, 1 May 2008 18:15:33 To:n3td3v Cc:n3td3v , full-disclosure at lists.grok.org.uk Subject: Re: [Full-disclosure] HD Moore What the hell is this for? ? On 5/1/08, n3td3v > wrote: Suck a cock big boy, you're going down. down, down. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From version5 at gmail.com Fri May 2 00:24:23 2008 From: version5 at gmail.com (nnp) Date: Fri, 2 May 2008 00:24:23 +0100 Subject: [Full-disclosure] Could n3td3v win a Pwnie award? In-Reply-To: <4b6ee9310805011541w107a9ac8od1c1e83b285adf66@mail.gmail.com> References: <4b6ee9310804251843o7dac084cxb36527c3ba485f74@mail.gmail.com> <4b6ee9310804251904k62cb0f94x1c9568261ac1ef42@mail.gmail.com> <4b6ee9310804251948y3560dc5xf38b591180b2aec@mail.gmail.com> <13a7c2d20804260613y2dced3aeq9bafeff7e92662e0@mail.gmail.com> <4b6ee9310805011541w107a9ac8od1c1e83b285adf66@mail.gmail.com> Message-ID: <28749c0e0805011624l28e056b5he0158e04e334201c@mail.gmail.com> What's your point numbnuts? Its also registered with marc.info. Should I be afraid of a couple of linux geeks with squinty eyes and bad breath kicking down my door? (Or at least knocking politely) In case you're two stupid or paranoid to figure that one out ; no, no I shouldn't. Because like MI6 they couldn't give a flying fuck what some donkey has to say on FD unless it is backed up by some serious and reputable other information that this person is a threat. Christ your stupid. (and yet I still feel the need to respond at times... why is that? I must secretly crave your approval or want the glory and fame that comes with calling you out. Yes, that must be it.) On Thu, May 1, 2008 at 11:41 PM, n3td3v wrote: > On Sat, Apr 26, 2008 at 2:13 PM, G. D. Fuego wrote: >> Why should ANYONE want to take part in your vulnerability notification day if you >> believe that the UK Security Service should be tracking these people. >> Considering you claim to be so close to them, wouldn't that just be >> registering with that agency? > > Any day of the year you post on FD is registering with MI6. > > It makes no difference. > > All the best, > > n3td3v > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- http://www.smashthestack.org http://www.unprotectedhex.com From techie.micheal at gmail.com Fri May 2 01:12:34 2008 From: techie.micheal at gmail.com (Micheal Cottingham) Date: Thu, 1 May 2008 20:12:34 -0400 Subject: [Full-disclosure] HD Moore In-Reply-To: <555459934-1209684220-cardhu_decombobulator_blackberry.rim.net-1280085319-@bxe139.bisx.prod.on.blackberry> References: <4b6ee9310805011533x795c4daejbf4dc26e9aefbe07@mail.gmail.com> <997ef2c20805011615h27d9ee49tcd48dee6f5e77576@mail.gmail.com> <555459934-1209684220-cardhu_decombobulator_blackberry.rim.net-1280085319-@bxe139.bisx.prod.on.blackberry> Message-ID: I have kettle popcorn, anybody interested? On Thu, May 1, 2008 at 7:23 PM, wrote: > I mean really, what is this list becoming? > Sent from my Verizon Wireless BlackBerry > > > -----Original Message----- > From: "Nate McFeters" > > Date: Thu, 1 May 2008 18:15:33 > To:n3td3v > Cc:n3td3v , full-disclosure at lists.grok.org.uk > Subject: Re: [Full-disclosure] HD Moore > > > What the hell is this for? > > > On 5/1/08, n3td3v > wrote: Suck a cock big boy, you're going down. down, down. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From ureleet at gmail.com Fri May 2 01:13:26 2008 From: ureleet at gmail.com (Ureleet) Date: Thu, 1 May 2008 20:13:26 -0400 Subject: [Full-disclosure] Ureleet In-Reply-To: <4b6ee9310805011517y45921ae4xea144f19dc310d0e@mail.gmail.com> References: <4b6ee9310805011517y45921ae4xea144f19dc310d0e@mail.gmail.com> Message-ID: <6158bb410805011713l68d33839h95164b979a2cc11a@mail.gmail.com> i feel an immense loss in my life. On Thu, May 1, 2008 at 6:17 PM, n3td3v wrote: > > You're fucking banned from n3td3v mailing list so don't even try anymore. > From hackers.lounger at gmail.com Fri May 2 01:09:09 2008 From: hackers.lounger at gmail.com (hackers lounger) Date: Thu, 1 May 2008 19:09:09 -0500 Subject: [Full-disclosure] Andrew Wallace Message-ID: n3td3v, or is it Andrew Wallace? It's about time someone disclosed your real name. You need to stop causing so much trouble. By the way, how is Abertay Dundee? Are you still going there? -- lounger -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080501/4a1c5b4f/attachment.html From ureleet at gmail.com Fri May 2 01:21:29 2008 From: ureleet at gmail.com (Ureleet) Date: Thu, 1 May 2008 20:21:29 -0400 Subject: [Full-disclosure] HD Moore In-Reply-To: <555459934-1209684220-cardhu_decombobulator_blackberry.rim.net-1280085319-@bxe139.bisx.prod.on.blackberry> References: <4b6ee9310805011533x795c4daejbf4dc26e9aefbe07@mail.gmail.com> <997ef2c20805011615h27d9ee49tcd48dee6f5e77576@mail.gmail.com> <555459934-1209684220-cardhu_decombobulator_blackberry.rim.net-1280085319-@bxe139.bisx.prod.on.blackberry> Message-ID: <6158bb410805011721o37eb82e5i59328d0e396b30b8@mail.gmail.com> sad, that's ur answer. On Thu, May 1, 2008 at 7:23 PM, wrote: > I mean really, what is this list becoming? > Sent from my Verizon Wireless BlackBerry > > > -----Original Message----- > From: "Nate McFeters" > > Date: Thu, 1 May 2008 18:15:33 > To:n3td3v > Cc:n3td3v , full-disclosure at lists.grok.org.uk > Subject: Re: [Full-disclosure] HD Moore > > > What the hell is this for? > > > On 5/1/08, n3td3v > wrote: Suck a cock big boy, you're going down. down, down. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From hermens.p at gmail.com Fri May 2 01:31:25 2008 From: hermens.p at gmail.com (Pat) Date: Fri, 2 May 2008 10:31:25 +1000 Subject: [Full-disclosure] Ureleet In-Reply-To: <6158bb410805011713l68d33839h95164b979a2cc11a@mail.gmail.com> References: <4b6ee9310805011517y45921ae4xea144f19dc310d0e@mail.gmail.com> <6158bb410805011713l68d33839h95164b979a2cc11a@mail.gmail.com> Message-ID: Was there any reason for the both of you to include the mailing lists on your petty personal rants heretofore? 2008/5/2 Ureleet : > i feel an immense loss in my life. > > On Thu, May 1, 2008 at 6:17 PM, n3td3v wrote: > > > > You're fucking banned from n3td3v mailing list so don't even try > anymore. > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080502/29b95377/attachment.html From root_ at fibertel.com.ar Fri May 2 02:23:10 2008 From: root_ at fibertel.com.ar (root) Date: Thu, 01 May 2008 22:23:10 -0300 Subject: [Full-disclosure] HD Moore In-Reply-To: <6158bb410805011721o37eb82e5i59328d0e396b30b8@mail.gmail.com> References: <4b6ee9310805011533x795c4daejbf4dc26e9aefbe07@mail.gmail.com> <997ef2c20805011615h27d9ee49tcd48dee6f5e77576@mail.gmail.com> <555459934-1209684220-cardhu_decombobulator_blackberry.rim.net-1280085319-@bxe139.bisx.prod.on.blackberry> <6158bb410805011721o37eb82e5i59328d0e396b30b8@mail.gmail.com> Message-ID: <481A6CFE.6030508@fibertel.com.ar> WTF this list is becoming 4chan but less cool. Ureleet wrote: > sad, that's ur answer. > > On Thu, May 1, 2008 at 7:23 PM, wrote: >> I mean really, what is this list becoming? >> Sent from my Verizon Wireless BlackBerry >> >> >> -----Original Message----- >> From: "Nate McFeters" >> >> Date: Thu, 1 May 2008 18:15:33 >> To:n3td3v >> Cc:n3td3v , full-disclosure at lists.grok.org.uk >> Subject: Re: [Full-disclosure] HD Moore >> >> >> What the hell is this for? >> >> >> On 5/1/08, n3td3v > wrote: Suck a cock big boy, you're going down. down, down. >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From limeybastard at hushmail.com Fri May 2 01:26:32 2008 From: limeybastard at hushmail.com (limeybastard at hushmail.com) Date: Thu, 01 May 2008 19:26:32 -0500 Subject: [Full-disclosure] calling n3td3v out... of the closet Message-ID: <20080502002632.29AA615803E@mailserver6.hushmail.com> Not worth a shit has wanted to fuck hd, fuck the security sector, fuck mi6, fuck uereleet, fuck the security awarness day, fuck valdis, fuck everyone who has subscribed to fd. It makes me wonder if this is all about him being gay? We are all sorry that you can't come to feel good about where you put your wanker, but please leave it out of FD. n3tarsehole, if you are tired of your fingers smelling of pig vagina, special education students and handicapped senior citizens you should probably stop whacking to fantasies of HD performing acts of felatio and go ahead and finish your security+ certification so that you can get a job (rather than giving them) and buy some decent cunny. Than you can spend some of that money getting blown by pre-operative she males like you like, you know birds with balls and peckers. Until then, please SHUT UP. Love always, Mom and dad. P.S. dad wants to borrow some makeup, will you help him out? -- Click for information on obtaining a VA loan. http://tagline.hushmail.com/fc/Ioyw6h4d9CwT6XC5BYYmajvZPjzj2lQvmhhcgxQvCLhG2NXU6lb1BO/ From michaelslists at gmail.com Fri May 2 03:54:43 2008 From: michaelslists at gmail.com (silky) Date: Fri, 2 May 2008 12:54:43 +1000 Subject: [Full-disclosure] Ureleet In-Reply-To: References: <4b6ee9310805011517y45921ae4xea144f19dc310d0e@mail.gmail.com> <6158bb410805011713l68d33839h95164b979a2cc11a@mail.gmail.com> Message-ID: <5e01c29a0805011954v14a2614bt8415171056e8885d@mail.gmail.com> On Fri, May 2, 2008 at 10:31 AM, Pat wrote: > Was there any reason for the both of you to include the mailing lists on > your petty personal rants heretofore? dude, they're the same person. > 2008/5/2 Ureleet : -- http://lets.coozi.com.au/ From xploitable at gmail.com Fri May 2 04:33:52 2008 From: xploitable at gmail.com (n3td3v) Date: Fri, 2 May 2008 04:33:52 +0100 Subject: [Full-disclosure] Ureleet In-Reply-To: <5e01c29a0805011954v14a2614bt8415171056e8885d@mail.gmail.com> References: <4b6ee9310805011517y45921ae4xea144f19dc310d0e@mail.gmail.com> <6158bb410805011713l68d33839h95164b979a2cc11a@mail.gmail.com> <5e01c29a0805011954v14a2614bt8415171056e8885d@mail.gmail.com> Message-ID: <4b6ee9310805012033v77876ddby988775f5343047d5@mail.gmail.com> On Fri, May 2, 2008 at 3:54 AM, silky wrote: > On Fri, May 2, 2008 at 10:31 AM, Pat wrote: > > Was there any reason for the both of you to include the mailing lists on > > your petty personal rants heretofore? > > dude, they're the same person. Ureleet is nothing to do with n3td3v, he is very much an enemy!!! All the best, n3td3v From prb at lava.net Fri May 2 08:14:05 2008 From: prb at lava.net (Peter Besenbruch) Date: Thu, 1 May 2008 21:14:05 -1000 Subject: [Full-disclosure] HD Moore In-Reply-To: <555459934-1209684220-cardhu_decombobulator_blackberry.rim.net-1280085319-@bxe139.bisx.prod.on.blackberry> References: <4b6ee9310805011533x795c4daejbf4dc26e9aefbe07@mail.gmail.com> <997ef2c20805011615h27d9ee49tcd48dee6f5e77576@mail.gmail.com> <555459934-1209684220-cardhu_decombobulator_blackberry.rim.net-1280085319-@bxe139.bisx.prod.on.blackberry> Message-ID: <200805012114.05337.prb@lava.net> On Thursday 01 May 2008 13:23:42 infolookup at gmail.com wrote: > I mean really, what is this list becoming? > Sent from my Verizon Wireless BlackBerry It is what it has always been. To stay on the list, it helps to have a thick skin, and good filters. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky From xploitable at gmail.com Fri May 2 09:05:04 2008 From: xploitable at gmail.com (n3td3v) Date: Fri, 2 May 2008 09:05:04 +0100 Subject: [Full-disclosure] HD Moore In-Reply-To: <997ef2c20805011615h27d9ee49tcd48dee6f5e77576@mail.gmail.com> References: <4b6ee9310805011533x795c4daejbf4dc26e9aefbe07@mail.gmail.com> <997ef2c20805011615h27d9ee49tcd48dee6f5e77576@mail.gmail.com> Message-ID: <4b6ee9310805020105k3ae34c1do6ae250d783c25b6b@mail.gmail.com> On Fri, May 2, 2008 at 12:15 AM, Nate McFeters wrote: > What the hell is this for? > He didn't support Web Application Security Awareness Day. All the best, n3td3v From nate.mcfeters at gmail.com Fri May 2 09:32:49 2008 From: nate.mcfeters at gmail.com (Nate McFeters) Date: Fri, 2 May 2008 04:32:49 -0400 Subject: [Full-disclosure] HD Moore In-Reply-To: <4b6ee9310805020105k3ae34c1do6ae250d783c25b6b@mail.gmail.com> References: <4b6ee9310805011533x795c4daejbf4dc26e9aefbe07@mail.gmail.com> <997ef2c20805011615h27d9ee49tcd48dee6f5e77576@mail.gmail.com> <4b6ee9310805020105k3ae34c1do6ae250d783c25b6b@mail.gmail.com> Message-ID: <997ef2c20805020132s5b7961edm250dda66fc1aa64d@mail.gmail.com> Oh that... Yeah, shame on hd... Maybe he was busy updating metasploit so that real researchers have a great vulnerability development framework, or something else that provided some worth to people. What an asshole! I can't believe he wasn't on fd supporting your "cause". He must not realize you are truly powerful in the community, and especially with three letter groups. Oh and that you have a google group with 4,000.5 readers. Or maybe its because he has a job and doesn't want to waste his time on your lame posts. Nate On 5/2/08, n3td3v On Fri, May 2, 2008 at 12:15 AM, Nate McFeters > wrote: > > What the hell is this for? > > > > He didn't support Web Application Security Awareness Day. > > All the best, > > n3td3v > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From lhoang8500 at gmail.com Fri May 2 10:47:48 2008 From: lhoang8500 at gmail.com (lhoang8500) Date: Fri, 2 May 2008 16:47:48 +0700 Subject: [Full-disclosure] Microsoft Work ActiveX Insecure Method Exploit Message-ID: <41d0db50805020247p4a716249sf2c7bee8b864b0c9@mail.gmail.com> BKIS Research 21/04/2008 - Microsoft Work ActiveX Insecure Method Exploit - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Exploit code.......................................................5 Solution.............................................................6 Time Table...........................................................7 Credits..............................................................8 References...........................................................9 About BKIS........................................................10 Contact detail........................................................11 ====================================================================== 1) Affected Software * Microsoft Work 7, Microsoft Work 9 Component. NOTE: Other versions may also be affected. ====================================================================== 2) Severity Rating: Important Impact: System compromise, local code execution. Where: Local ====================================================================== 3) Vendor's Description of Software "Microsoft(R) Works 9 gives you the basic home productivity tools you need to help make your everyday tasks easier from start to finish" Product Link: http://www.microsoft.com/products/works/ProductDetails.aspx?pid=003 ====================================================================== 4) Description of Vulnerability BKIS Center has performed a deep analysis of this vulnerability. The problem is in wkimgsrv.dll module shipped with many MS Offiice Suite (tested on MS OF 2003,MS OF 2007) Actually,this is not the case of buffer overflow attack,just a exploit of insecure method WKsPictureInterface. Setting this point to any where in memory and IE will crash when wkiimgsrv's trying to access an invalid memory location. Let's get into detail : 00D473BD PUSH EBP ; Begin of Set WksPictureInterface method 00D473BE MOV EBP,ESP 00D473C0 SUB ESP,1C 00D473C3 MOV EAX,DWORD PTR SS:[EBP+C] ; Move paramater to EAX 00D473C6 PUSH ESI 00D473C7 TEST EAX,EAX ; Checking whether EAX is NULL 00D473C9 JNZ SHORT wkimgsrv.00D473D5 ; OK,if it is not null continue 00D473CB MOV EAX,80004005 ; 00D473D0 JMP wkimgsrv.00D47456 ;No,it's is NULL,exit method 00D473D5 ==> MOV ESI,DWORD PTR SS:[EBP+8] ; Do some other stuffs, we don't care 00D473D8 LEA EDX,DWORD PTR SS:[EBP-1C] ; 00D473DB PUSH EDX 00D473DC PUSH EAX 00D473DD MOV DWORD PTR DS:[ESI+2A0],EAX ; ============= 00D473E3 ==> MOV ECX,DWORD PTR DS:[EAX] ; Here is the problem,the data stored by EAX is referenced and moved into ECX 00D473E5 CALL DWORD PTR DS:[ECX+30] ;Next the address in some struct pointed by ECX is called Now if we're able to setup memory satisfied : Create a struct in memory where the first DWORD in the struct point to itself and the DWORD at offset 0x30 from struct address is point to our shellcode. We should be able to exploit this vulnerability. This seem to be nightmare because there is nothing to inject except an integer as paramater for the method. Fortunately we have prefered heapspray method Howerver we can't spray with nop (0x90 ) anymore(if this happens, all address will be 90909090 which is invalid address) , The addresses and byte to spray must comply some restrictions - Byte to spray must be single byte length instruction (or somewhat that not change execution of the program or causing exception) - Combination of 4 byte must refer to valid memory address which will point to it self. I have chosen 0x0A to spay on IE 7, and 0x05 to spay on IE 6. In Internet Explorer 7 the number passes to method is 168430090 which is 0x0A0A0A0A in hexa mode.Let's assume that we has fill 0x0A into memory at 0x0A0A0A0A. EAX will hold value of 0x0A0A0A0A. Mov ECX,DWORD PTR DS:[EAX] ;=> ECX= 0x0A0A0A0A CALL DWORD DTR DS:[ECX+30] ;=> CALL DWORD DTR:[0x0A0A0A3A] => CALL 0x0A0A0A0A Memory at 0x0A0A0A0A is filled with 0x0A ~ instruction is OR CL,BYTE PTR DS:[EDX] Fortunately this hadn't caused exception and not changed execution path of our shellcode Shellcode should be executed as expected. ====================================================================== 5) Exploit code ====================================================================== Microsoft Works 7 WkImgSrv.dll Exploit Coded by lhoang8500 lhoang8500[at]gmail[dot]com BKIS Center - Vietnam

====================================================================== 6) Solution Vendor has not released the patch for this vulnerability yet, This is temperary solution: Create a text file named work-killbit.reg. Copy and paste this text into that file. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00E1DB59-6EFD-4CE7-8C0A-2DA3BCAAD9C6}] "Compatibility Flags"=dword:00000400 Double click to import into registry ====================================================================== 7) Time Table 17/04/2008 - PoC Available in milw0rm 21/04/2008 - Exploit sucessfully ====================================================================== 8) Credits Luong Anh Hoang - BKIS Center Vietnam. lhoang8500[at]gmail[dot]com. ====================================================================== 9) References http://www.milw0rm.com/exploits/5460 for the PoC ====================================================================== 10) About BKIS We are Vietnamese leading center in reseaching, deploying network security softwares and solutions. Official website: http://bkav.com.vn/ ====================================================================== 11) Contact detail Mr. Nguyen Minh Duc Manager of Application Security Department Bach Khoa Internetwork Security Center (Bkis) Hanoi University of Technology (Vietnam) Office: 5th Floor, Hitech building - 1A Dai Co Viet, Hanoi Tel: 84-4-868 47 57 Mobile: 84-983 60 99 20 Email: security at bkav.com.vn Website: www.bkav.com.vn From razishaban at gmail.com Fri May 2 13:09:18 2008 From: razishaban at gmail.com (Razi Shaban) Date: Fri, 2 May 2008 15:09:18 +0300 Subject: [Full-disclosure] Ureleet In-Reply-To: <4b6ee9310805012033v77876ddby988775f5343047d5@mail.gmail.com> References: <4b6ee9310805011517y45921ae4xea144f19dc310d0e@mail.gmail.com> <6158bb410805011713l68d33839h95164b979a2cc11a@mail.gmail.com> <5e01c29a0805011954v14a2614bt8415171056e8885d@mail.gmail.com> <4b6ee9310805012033v77876ddby988775f5343047d5@mail.gmail.com> Message-ID: <2d792fb20805020509s33b0f244udc558aea37050d92@mail.gmail.com> Multiple personality disorder, I think. -- Razi On 5/2/08, n3td3v wrote: > On Fri, May 2, 2008 at 3:54 AM, silky wrote: > > On Fri, May 2, 2008 at 10:31 AM, Pat wrote: > > > Was there any reason for the both of you to include the mailing lists on > > > your petty personal rants heretofore? > > > > dude, they're the same person. > > > > Ureleet is nothing to do with n3td3v, he is very much an enemy!!! > > All the best, > > > n3td3v > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From razishaban at gmail.com Fri May 2 13:40:09 2008 From: razishaban at gmail.com (Razi Shaban) Date: Fri, 2 May 2008 15:40:09 +0300 Subject: [Full-disclosure] Ureleet In-Reply-To: <4b6ee9310805012033v77876ddby988775f5343047d5@mail.gmail.com> References: <4b6ee9310805011517y45921ae4xea144f19dc310d0e@mail.gmail.com> <6158bb410805011713l68d33839h95164b979a2cc11a@mail.gmail.com> <5e01c29a0805011954v14a2614bt8415171056e8885d@mail.gmail.com> <4b6ee9310805012033v77876ddby988775f5343047d5@mail.gmail.com> Message-ID: <2d792fb20805020540t5b5597a0w418f83b7888171b0@mail.gmail.com> Multiple personality disorder, I think. -- Razi On 5/2/08, n3td3v wrote: > On Fri, May 2, 2008 at 3:54 AM, silky wrote: > > On Fri, May 2, 2008 at 10:31 AM, Pat wrote: > > > Was there any reason for the both of you to include the mailing lists on > > > your petty personal rants heretofore? > > > > dude, they're the same person. > > > > Ureleet is nothing to do with n3td3v, he is very much an enemy!!! > > All the best, > > > n3td3v > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From ureleet at gmail.com Fri May 2 15:02:07 2008 From: ureleet at gmail.com (Ureleet) Date: Fri, 2 May 2008 10:02:07 -0400 Subject: [Full-disclosure] Ureleet In-Reply-To: <5e01c29a0805011954v14a2614bt8415171056e8885d@mail.gmail.com> References: <4b6ee9310805011517y45921ae4xea144f19dc310d0e@mail.gmail.com> <6158bb410805011713l68d33839h95164b979a2cc11a@mail.gmail.com> <5e01c29a0805011954v14a2614bt8415171056e8885d@mail.gmail.com> Message-ID: <6158bb410805020702o76c011bbi810af1762cc9d33d@mail.gmail.com> no, we are not the same person. it's not multiple personality disorder or sumthin. i started out (and i xplained this) trying 2 understand y evryone was shitting on n3td3v. now i understand that he is a complete paranoid freak who hasn't done anything (self-admitingly) and just seeks self-fame on the shoulders of others. On Thu, May 1, 2008 at 10:54 PM, silky wrote: > On Fri, May 2, 2008 at 10:31 AM, Pat wrote: > > Was there any reason for the both of you to include the mailing lists on > > your petty personal rants heretofore? > > dude, they're the same person. > > > > > > 2008/5/2 Ureleet : > > -- > http://lets.coozi.com.au/ > From t3ch.c0nsp1racy at gmail.com Fri May 2 14:59:36 2008 From: t3ch.c0nsp1racy at gmail.com (un believer) Date: Fri, 2 May 2008 14:59:36 +0100 Subject: [Full-disclosure] The latest in malicious code protection... Message-ID: <75f272130805020659u4f9f8934m4b8daa71fa5a224@mail.gmail.com> http://www.chichester.co.uk/chichester/He39s-the-antivirus-man.3963760.jp Sauce -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080502/d583c3b9/attachment.html From mbaiter2 at gmail.com Fri May 2 15:14:05 2008 From: mbaiter2 at gmail.com (Dr. Mark A. Baiter [Chief Scatological Consultant]) Date: Fri, 2 May 2008 19:44:05 +0530 Subject: [Full-disclosure] Virus.VBS.Redlof.k( kaspersky ) infection in http://www.sgbau.ac.in/ Message-ID: <9396129f0805020714i72a4c69ekee110cf3708c8414@mail.gmail.com> at the end of the homepage there is a code fragment < Script Language="VBScript" > which is a virus Virus.VBS.Redlof.k ( more info http://www.viruslist.com/en/search?VN=Virus.VBS.Redlof.k ) here are the phone numbers from the website http://www.sgbau.ac.in/PhDirectory.htm but no one seems to be picking up at this movement could someone please shut down this virus inferction source and please report to the proper people. From skx at debian.org Fri May 2 16:00:29 2008 From: skx at debian.org (Steve Kemp) Date: Fri, 2 May 2008 16:00:29 +0100 Subject: [Full-disclosure] [SECURITY] [DSA 1566-1] New cpio packages fix denial of service Message-ID: <20080502150029.GA17466@steve.org.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1566-1 security at debian.org http://www.debian.org/security/ Steve Kemp May 02, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : cpio Vulnerability : programming error Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2007-4476 Dmitry Levin discovered a vulnerability in path handling code used by the cpio archive utility. The weakness could enable a denial of service (crash) or potentially the execution of arbitrary code if a vulnerable version of cpio is used to extract or to list the contents of a maliciously crafted archive. For the stable distribution (etch), these problems have been fixed in version 2.6-18.1+etch1. For the unstable distribution (sid), these problems have been fixed in version 2.9-5. We recommend that you upgrade your cpio packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6.orig.tar.gz Size/MD5 checksum: 556018 76b4145f33df088a5bade3bf4373d17d http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1.dsc Size/MD5 checksum: 556 fdcfe9fa17130663f3fcb21aebb52924 http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1.diff.gz Size/MD5 checksum: 92775 78d1098c15d92c0d5bfe6c5dcc4e5652 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_alpha.deb Size/MD5 checksum: 146740 167eeae5237940f15b9eea7b1f754b65 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_amd64.deb Size/MD5 checksum: 136734 f827f70099b66a518fbd3e6782e7909b arm architecture (ARM) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_arm.deb Size/MD5 checksum: 132108 b4ecfb2b81f84d1f82c268c0ccb0081d hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_hppa.deb Size/MD5 checksum: 143166 b7ca87731e442f3eaaf117113bfc941a i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_i386.deb Size/MD5 checksum: 132096 c490f550663e524725544d389546e56f ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_ia64.deb Size/MD5 checksum: 171990 be7ca34414f4bfa4129379c9eea3473f mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_mips.deb Size/MD5 checksum: 146084 f57b7e09e1705692427220cd1932ea1a mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_mipsel.deb Size/MD5 checksum: 145348 2010baf76d3039417c6b6bca1eba1246 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_powerpc.deb Size/MD5 checksum: 138322 229edae58b3b4387dcfdcf8717932cb4 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_s390.deb Size/MD5 checksum: 143878 60c6e036d5df8c67e74f301fa14b4e9f sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_sparc.deb Size/MD5 checksum: 131248 63a51ec9ac633327f21d27c616d604ba These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIGyxnwM/Gs81MDZ0RAka1AJ99sbmauR0AiUqM7utuOjCOPru/sQCgsjTU 8N0s+d1hbnAmCRe6DzExPAU= =YK94 -----END PGP SIGNATURE----- From my.security.lists at gmail.com Fri May 2 16:44:13 2008 From: my.security.lists at gmail.com (Rob Thompson) Date: Fri, 2 May 2008 08:44:13 -0700 Subject: [Full-disclosure] HD Moore In-Reply-To: <997ef2c20805020132s5b7961edm250dda66fc1aa64d@mail.gmail.com> References: <4b6ee9310805011533x795c4daejbf4dc26e9aefbe07@mail.gmail.com> <997ef2c20805011615h27d9ee49tcd48dee6f5e77576@mail.gmail.com> <4b6ee9310805020105k3ae34c1do6ae250d783c25b6b@mail.gmail.com> <997ef2c20805020132s5b7961edm250dda66fc1aa64d@mail.gmail.com> Message-ID: <4f32729a0805020844p38d36124r894afb650b3ce168@mail.gmail.com> n3td3v - is like the William Hung of the computer world... Priceless... On Fri, May 2, 2008 at 1:32 AM, Nate McFeters wrote: > Oh that... Yeah, shame on hd... Maybe he was busy updating metasploit > so that real researchers have a great vulnerability development > framework, or something else that provided some worth to people. What > an asshole! I can't believe he wasn't on fd supporting your "cause". > He must not realize you are truly powerful in the community, and > especially with three letter groups. Oh and that you have a google > group with 4,000.5 readers. > > Or maybe its because he has a job and doesn't want to waste his time > on your lame posts. > > Nate > > On 5/2/08, n3td3v > On Fri, May 2, 2008 at 12:15 AM, Nate McFeters > > wrote: > > > What the hell is this for? > > > > > > > He didn't support Web Application Security Awareness Day. > > > > All the best, > > > > n3td3v > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Rob From nate.mcfeters at gmail.com Fri May 2 16:53:50 2008 From: nate.mcfeters at gmail.com (Nate McFeters) Date: Fri, 2 May 2008 10:53:50 -0500 Subject: [Full-disclosure] HD Moore In-Reply-To: <4f32729a0805020844p38d36124r894afb650b3ce168@mail.gmail.com> References: <4b6ee9310805011533x795c4daejbf4dc26e9aefbe07@mail.gmail.com> <997ef2c20805011615h27d9ee49tcd48dee6f5e77576@mail.gmail.com> <4b6ee9310805020105k3ae34c1do6ae250d783c25b6b@mail.gmail.com> <997ef2c20805020132s5b7961edm250dda66fc1aa64d@mail.gmail.com> <4f32729a0805020844p38d36124r894afb650b3ce168@mail.gmail.com> Message-ID: <997ef2c20805020853wb76219dr15c65df7c380957f@mail.gmail.com> Ahahahahha, that made my day! On 5/2/08, Rob Thompson wrote: > > n3td3v - is like the William Hung of the computer world... > > Priceless... > > On Fri, May 2, 2008 at 1:32 AM, Nate McFeters > wrote: > > Oh that... Yeah, shame on hd... Maybe he was busy updating metasploit > > so that real researchers have a great vulnerability development > > framework, or something else that provided some worth to people. What > > an asshole! I can't believe he wasn't on fd supporting your "cause". > > He must not realize you are truly powerful in the community, and > > especially with three letter groups. Oh and that you have a google > > group with 4,000.5 readers. > > > > Or maybe its because he has a job and doesn't want to waste his time > > on your lame posts. > > > > Nate > > > > On 5/2/08, n3td3v > > On Fri, May 2, 2008 at 12:15 AM, Nate McFeters < > nate.mcfeters at gmail.com> > > > wrote: > > > > What the hell is this for? > > > > > > > > > > He didn't support Web Application Security Awareness Day. > > > > > > All the best, > > > > > > n3td3v > > > > > > _______________________________________________ > > > Full-Disclosure - We believe in it. > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > -- > Rob > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080502/e97976e7/attachment.html From groups at digital-z.com Fri May 2 17:26:15 2008 From: groups at digital-z.com (Blaine Fleming) Date: Fri, 02 May 2008 10:26:15 -0600 Subject: [Full-disclosure] HD Moore In-Reply-To: <4f32729a0805020844p38d36124r894afb650b3ce168@mail.gmail.com> References: <4b6ee9310805011533x795c4daejbf4dc26e9aefbe07@mail.gmail.com> <997ef2c20805011615h27d9ee49tcd48dee6f5e77576@mail.gmail.com> <4b6ee9310805020105k3ae34c1do6ae250d783c25b6b@mail.gmail.com> <997ef2c20805020132s5b7961edm250dda66fc1aa64d@mail.gmail.com> <4f32729a0805020844p38d36124r894afb650b3ce168@mail.gmail.com> Message-ID: <481B40A7.1070502@digital-z.com> Rob Thompson wrote: > n3td3v - is like the William Hung of the computer world... > How dare you insult William Hung like that! Really, comparing the two...shameful. n3td3v is so much worse. --Blaine From xploitable at gmail.com Fri May 2 19:05:07 2008 From: xploitable at gmail.com (n3td3v) Date: Fri, 2 May 2008 19:05:07 +0100 Subject: [Full-disclosure] Ureleet In-Reply-To: <6158bb410805020702o76c011bbi810af1762cc9d33d@mail.gmail.com> References: <4b6ee9310805011517y45921ae4xea144f19dc310d0e@mail.gmail.com> <6158bb410805011713l68d33839h95164b979a2cc11a@mail.gmail.com> <5e01c29a0805011954v14a2614bt8415171056e8885d@mail.gmail.com> <6158bb410805020702o76c011bbi810af1762cc9d33d@mail.gmail.com> Message-ID: <4b6ee9310805021105g224005d6r48b1910f19f1d8ea@mail.gmail.com> On Fri, May 2, 2008 at 3:02 PM, Ureleet wrote: > no, we are not the same person. it's not multiple personality > disorder or sumthin. i started out (and i xplained this) trying 2 > understand y evryone was shitting on n3td3v. now i understand that he > is a complete paranoid freak who hasn't done anything > (self-admitingly) and just seeks self-fame on the shoulders of others. its fun mkin netdv flme all the time, hehe, i mde him do a 60 postr thred n now evry1's aginst him. he shldnt hav mde fun of offensive-security and remote-exploit irc and muts. we kan ply this gme 4 m0nths, it will b cool, n netdv will get all te blme, tehe. ktnx ureleet From security at mandriva.com Fri May 2 19:02:00 2008 From: security at mandriva.com (security at mandriva.com) Date: Fri, 02 May 2008 12:02:00 -0600 Subject: [Full-disclosure] [ MDVSA-2008:095 ] - Updated OpenOffice.org packages fix vulnerabilities Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:095 http://www.mandriva.com/security/ _______________________________________________________________________ Package : openoffice.org Date : May 2, 2008 Affected: 2008.0 _______________________________________________________________________ Problem Description: A vulnerability in HSQLDB before 1.8.0.9 in OpenOffice.org could allow user-assisted remote attackers to execute arbitrary Java code via crafted database documents (CVE-2007-4575). A heap overflow was discovered in OpenOffice.org's EMF parser. An attacker could create a carefully crafted EMF file that could cause OpenOffice.org to crash or potentially execute arbitrary code if the malicious EMF image was added to a document or if a document containing such an EMF file was opened (CVE-2007-5746). Multiple heap overflows and an integer underflow were discovered in the Quattro Pro(R) import filter. An attacker could create a carefully crafted Quattro Pro file that could cause OpenOffice.org ro crash or potentially execute arbitraty code (CVE-2007-5745, CVE-2007-5747). A heap overflow was discovered in the OLE Structured Storage file parser, a format used by Microsoft Office documents. An attacker could create a carefully crafted OLE file that could cause OpenOffice.org to crash or potentially execute arbitrary code (CVE-2008-0320). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4575 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0320 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 72798954ff44449ad9203fdce7130a62 2008.0/i586/openoffice.org-2.2.1-4.4mdv2008.0.i586.rpm 6a537faa29607ffef0a6544f5501a393 2008.0/i586/openoffice.org-devel-2.2.1-4.4mdv2008.0.i586.rpm 882be28f508c5b922378aafa6be1113b 2008.0/i586/openoffice.org-devel-doc-2.2.1-4.4mdv2008.0.i586.rpm d2cb90d3441f95836643e75012bf95d1 2008.0/i586/openoffice.org-galleries-2.2.1-4.4mdv2008.0.i586.rpm d0742126a62fcc7251458eebaeabd4fb 2008.0/i586/openoffice.org-gnome-2.2.1-4.4mdv2008.0.i586.rpm 0e6c20146f75d8922c679db7b06bd4be 2008.0/i586/openoffice.org-kde-2.2.1-4.4mdv2008.0.i586.rpm e1161013ec13e2e3138d578539cb5f37 2008.0/i586/openoffice.org-l10n-af-2.2.1-4.4mdv2008.0.i586.rpm b3663ed4b3c533d0e9188540acb9d6ea 2008.0/i586/openoffice.org-l10n-ar-2.2.1-4.4mdv2008.0.i586.rpm 00d753cc4308935b4a704d08385dfe21 2008.0/i586/openoffice.org-l10n-bg-2.2.1-4.4mdv2008.0.i586.rpm ce6c8bc0b6b63574d6e50d2a63b5c670 2008.0/i586/openoffice.org-l10n-br-2.2.1-4.4mdv2008.0.i586.rpm 572f6fde12b683e7ec47a2d3e49493fc 2008.0/i586/openoffice.org-l10n-bs-2.2.1-4.4mdv2008.0.i586.rpm 055e27ae44d8dc7a4322d835da7da993 2008.0/i586/openoffice.org-l10n-ca-2.2.1-4.4mdv2008.0.i586.rpm 97b37e8e03bec178607d71d0d58b14d6 2008.0/i586/openoffice.org-l10n-cs-2.2.1-4.4mdv2008.0.i586.rpm 8975fed89790697fc1d791ee040c1193 2008.0/i586/openoffice.org-l10n-cy-2.2.1-4.4mdv2008.0.i586.rpm 22b0b401e8c1dd731a455f9fbc7c7dbe 2008.0/i586/openoffice.org-l10n-da-2.2.1-4.4mdv2008.0.i586.rpm ed1a1f10985d483cb32f17e5c1d9e2d5 2008.0/i586/openoffice.org-l10n-de-2.2.1-4.4mdv2008.0.i586.rpm 95888fffe3dfd1d4e81863016c98fdd4 2008.0/i586/openoffice.org-l10n-el-2.2.1-4.4mdv2008.0.i586.rpm ddff2b506a75655ba1a864cc308bdb74 2008.0/i586/openoffice.org-l10n-en_GB-2.2.1-4.4mdv2008.0.i586.rpm 647ff67a9e986c56b858784ac409f628 2008.0/i586/openoffice.org-l10n-es-2.2.1-4.4mdv2008.0.i586.rpm 2e9730e46b79e6b5cc00ec6241d72a40 2008.0/i586/openoffice.org-l10n-et-2.2.1-4.4mdv2008.0.i586.rpm 5ebf6059a75498d3c254b3a5c26102f7 2008.0/i586/openoffice.org-l10n-eu-2.2.1-4.4mdv2008.0.i586.rpm 51770048207446d31c2560439f1f1c96 2008.0/i586/openoffice.org-l10n-fi-2.2.1-4.4mdv2008.0.i586.rpm 497785ba862bcc7ccf58e86d9339839c 2008.0/i586/openoffice.org-l10n-fr-2.2.1-4.4mdv2008.0.i586.rpm a9cd13bc39e594e2e0b328a494a05e59 2008.0/i586/openoffice.org-l10n-he-2.2.1-4.4mdv2008.0.i586.rpm acaab185b3eeedd24ade68134e0bae3a 2008.0/i586/openoffice.org-l10n-hi-2.2.1-4.4mdv2008.0.i586.rpm 416d29a882ee24fb51e37ca233650f92 2008.0/i586/openoffice.org-l10n-hu-2.2.1-4.4mdv2008.0.i586.rpm 51ee97ed40d9e3bd425e66e4643c213b 2008.0/i586/openoffice.org-l10n-it-2.2.1-4.4mdv2008.0.i586.rpm 2eec359c15bb910226c01d0c75b303cf 2008.0/i586/openoffice.org-l10n-ja-2.2.1-4.4mdv2008.0.i586.rpm 96661d4b321482c4059fd1ec0a7a3406 2008.0/i586/openoffice.org-l10n-ko-2.2.1-4.4mdv2008.0.i586.rpm b5c56e228e7f6d50f607ed2133eafdfc 2008.0/i586/openoffice.org-l10n-mk-2.2.1-4.4mdv2008.0.i586.rpm 4148b2d03b06f9e3424d7e72e6ba64a7 2008.0/i586/openoffice.org-l10n-nb-2.2.1-4.4mdv2008.0.i586.rpm b748239254d900e79161a0b8351deb75 2008.0/i586/openoffice.org-l10n-nl-2.2.1-4.4mdv2008.0.i586.rpm b9242bbea24034e0d8883fdd4ac417fe 2008.0/i586/openoffice.org-l10n-nn-2.2.1-4.4mdv2008.0.i586.rpm a9a83327869b06b85263aac4f2ce8944 2008.0/i586/openoffice.org-l10n-pl-2.2.1-4.4mdv2008.0.i586.rpm d754b3ae052cac6a9f6bd4f9f8a61cf5 2008.0/i586/openoffice.org-l10n-pt-2.2.1-4.4mdv2008.0.i586.rpm 51e3242d755dbdecb783b8c1a608d380 2008.0/i586/openoffice.org-l10n-pt_BR-2.2.1-4.4mdv2008.0.i586.rpm 2a766fb4ad705cc9815431c8f46228a3 2008.0/i586/openoffice.org-l10n-ru-2.2.1-4.4mdv2008.0.i586.rpm 4a5981bc0231b5a20bd56674c31386a8 2008.0/i586/openoffice.org-l10n-sk-2.2.1-4.4mdv2008.0.i586.rpm 06483e894447c9d6e4ca0c56bb98e4e8 2008.0/i586/openoffice.org-l10n-sl-2.2.1-4.4mdv2008.0.i586.rpm a7f4e2bcf881d7a295b8a6f6a601b598 2008.0/i586/openoffice.org-l10n-sv-2.2.1-4.4mdv2008.0.i586.rpm 0aee1180d9b1e91f36b47696765bfdcf 2008.0/i586/openoffice.org-l10n-ta-2.2.1-4.4mdv2008.0.i586.rpm 98d8d02bc3d6da0a780e6d6a09de3586 2008.0/i586/openoffice.org-l10n-tr-2.2.1-4.4mdv2008.0.i586.rpm ec82d080ba11a9bb0a4c92fd718c3ff4 2008.0/i586/openoffice.org-l10n-zh_CN-2.2.1-4.4mdv2008.0.i586.rpm b1294ebbc030c8b473d3f4cac1f0f9ad 2008.0/i586/openoffice.org-l10n-zh_TW-2.2.1-4.4mdv2008.0.i586.rpm 04420991685ad352ba76381058719d3b 2008.0/i586/openoffice.org-l10n-zu-2.2.1-4.4mdv2008.0.i586.rpm 9d7ccd1b59dd4396d4036be8145679d0 2008.0/i586/openoffice.org-mono-2.2.1-4.4mdv2008.0.i586.rpm 80590a32554d257c48b9ce42a76ea108 2008.0/i586/openoffice.org-ooqstart-2.2.1-4.4mdv2008.0.i586.rpm 1f77c6c9cfb6a0aed77a33e12cf8f1f6 2008.0/SRPMS/openoffice.org-2.2.1-4.4mdv2008.0.src.rpm 84c73385fdcb1d0a1bc2c077f744a20f 2008.0/SRPMS/openoffice.org64-2.2.1-4.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 456a8013fca659dea3938f469561ef0b 2008.0/x86_64/openoffice.org64-2.2.1-4.4mdv2008.0.x86_64.rpm c4374226d24bfc714acb6c3015d585f2 2008.0/x86_64/openoffice.org64-devel-2.2.1-4.4mdv2008.0.x86_64.rpm a963feb3099659d2e16298fa6ab93ba0 2008.0/x86_64/openoffice.org64-devel-doc-2.2.1-4.4mdv2008.0.x86_64.rpm fa6bd2c7af34ff151e2bdc5f1723a3af 2008.0/x86_64/openoffice.org64-galleries-2.2.1-4.4mdv2008.0.x86_64.rpm 44a3a7ee839a336e9b06d80d67785589 2008.0/x86_64/openoffice.org64-gnome-2.2.1-4.4mdv2008.0.x86_64.rpm 8df343f9cbccecbabcb12c8901fb1b82 2008.0/x86_64/openoffice.org64-kde-2.2.1-4.4mdv2008.0.x86_64.rpm 0b821aa43e0e78a2f99629b75211f8d9 2008.0/x86_64/openoffice.org64-l10n-af-2.2.1-4.4mdv2008.0.x86_64.rpm 8d5a1da2f98ed8eb54a77732c01cb1c1 2008.0/x86_64/openoffice.org64-l10n-ar-2.2.1-4.4mdv2008.0.x86_64.rpm 2f93835ea0677728552b6aaf8752fd98 2008.0/x86_64/openoffice.org64-l10n-bg-2.2.1-4.4mdv2008.0.x86_64.rpm 68cecc3d640bd1605b51e125e83b0842 2008.0/x86_64/openoffice.org64-l10n-br-2.2.1-4.4mdv2008.0.x86_64.rpm e89b07e667940059458c45822269297f 2008.0/x86_64/openoffice.org64-l10n-bs-2.2.1-4.4mdv2008.0.x86_64.rpm d40fc83e01482ac9eca8802ee21533f2 2008.0/x86_64/openoffice.org64-l10n-ca-2.2.1-4.4mdv2008.0.x86_64.rpm 17022bd83ffc77f40c23402b97a7bb10 2008.0/x86_64/openoffice.org64-l10n-cs-2.2.1-4.4mdv2008.0.x86_64.rpm 1de183c4eb4887d6d94acce507c46a1a 2008.0/x86_64/openoffice.org64-l10n-cy-2.2.1-4.4mdv2008.0.x86_64.rpm 10eaeace55b3e0b4e046534ae970f4f8 2008.0/x86_64/openoffice.org64-l10n-da-2.2.1-4.4mdv2008.0.x86_64.rpm b8db206a858975564012b07dccf6b04d 2008.0/x86_64/openoffice.org64-l10n-de-2.2.1-4.4mdv2008.0.x86_64.rpm 1a378d25c97f50eae98eaee30806862f 2008.0/x86_64/openoffice.org64-l10n-el-2.2.1-4.4mdv2008.0.x86_64.rpm 4fb1c541bdbc652a14d2594d122f9ee0 2008.0/x86_64/openoffice.org64-l10n-en_GB-2.2.1-4.4mdv2008.0.x86_64.rpm b3ae3401e85038f66121966ff2e7ea00 2008.0/x86_64/openoffice.org64-l10n-es-2.2.1-4.4mdv2008.0.x86_64.rpm 889faa8d4ab290954184641245f5b438 2008.0/x86_64/openoffice.org64-l10n-et-2.2.1-4.4mdv2008.0.x86_64.rpm c37864e8b058984d70e761ee3d8f856a 2008.0/x86_64/openoffice.org64-l10n-eu-2.2.1-4.4mdv2008.0.x86_64.rpm 260ed7c026eb35106190b752eaaecff7 2008.0/x86_64/openoffice.org64-l10n-fi-2.2.1-4.4mdv2008.0.x86_64.rpm 7547ae71398a8d4de6fb2762c787f08e 2008.0/x86_64/openoffice.org64-l10n-fr-2.2.1-4.4mdv2008.0.x86_64.rpm 67448bcb4f018659d9d9670c4e5962b2 2008.0/x86_64/openoffice.org64-l10n-he-2.2.1-4.4mdv2008.0.x86_64.rpm 143a4383654d1b7a875876ec98e04933 2008.0/x86_64/openoffice.org64-l10n-hi-2.2.1-4.4mdv2008.0.x86_64.rpm 8fadf6144424230f66d3145440bb0496 2008.0/x86_64/openoffice.org64-l10n-hu-2.2.1-4.4mdv2008.0.x86_64.rpm 58bb3458e51dc5671f64fc3dfe4d90d1 2008.0/x86_64/openoffice.org64-l10n-it-2.2.1-4.4mdv2008.0.x86_64.rpm 9a4e6ec140a976c29792c8b33b3999e3 2008.0/x86_64/openoffice.org64-l10n-ja-2.2.1-4.4mdv2008.0.x86_64.rpm 20c2a64e76f07090708f2baaf44005c0 2008.0/x86_64/openoffice.org64-l10n-ko-2.2.1-4.4mdv2008.0.x86_64.rpm d4e56319f91841c3bf55a0fc35edae14 2008.0/x86_64/openoffice.org64-l10n-mk-2.2.1-4.4mdv2008.0.x86_64.rpm e53c696eb99a43f04443b23646a14759 2008.0/x86_64/openoffice.org64-l10n-nb-2.2.1-4.4mdv2008.0.x86_64.rpm 53f3f10ebc2bea28bbbc2cfbdb9ad709 2008.0/x86_64/openoffice.org64-l10n-nl-2.2.1-4.4mdv2008.0.x86_64.rpm f92283b6cebdaec9b69750a84b2788f0 2008.0/x86_64/openoffice.org64-l10n-nn-2.2.1-4.4mdv2008.0.x86_64.rpm 7b8351a79f6d7a2697a0951ccf367e23 2008.0/x86_64/openoffice.org64-l10n-pl-2.2.1-4.4mdv2008.0.x86_64.rpm 63a53749499281ab09f6bbd7f10afc53 2008.0/x86_64/openoffice.org64-l10n-pt-2.2.1-4.4mdv2008.0.x86_64.rpm 4b86a348590d07619d53a00ad2ba76d6 2008.0/x86_64/openoffice.org64-l10n-pt_BR-2.2.1-4.4mdv2008.0.x86_64.rpm fd9688c0f0e0667086c8ff2866b0bec0 2008.0/x86_64/openoffice.org64-l10n-ru-2.2.1-4.4mdv2008.0.x86_64.rpm e11d3f9d3cfdc0d0ee2f552dab06c2b8 2008.0/x86_64/openoffice.org64-l10n-sk-2.2.1-4.4mdv2008.0.x86_64.rpm f1e88e0f1c3893b280a1fa27d1ac3dd5 2008.0/x86_64/openoffice.org64-l10n-sl-2.2.1-4.4mdv2008.0.x86_64.rpm 530ebf4cb28e2447ae2b6ed8a270a3d2 2008.0/x86_64/openoffice.org64-l10n-sv-2.2.1-4.4mdv2008.0.x86_64.rpm 114ec61047b4fd849389f1b375a37678 2008.0/x86_64/openoffice.org64-l10n-ta-2.2.1-4.4mdv2008.0.x86_64.rpm 81a7be4777a6a2533cfd1c4d13bd8ffe 2008.0/x86_64/openoffice.org64-l10n-tr-2.2.1-4.4mdv2008.0.x86_64.rpm a79b6c988ddacbb65576965911f187ae 2008.0/x86_64/openoffice.org64-l10n-zh_CN-2.2.1-4.4mdv2008.0.x86_64.rpm 5ff29c0bcf13f362513db31b43afece2 2008.0/x86_64/openoffice.org64-l10n-zh_TW-2.2.1-4.4mdv2008.0.x86_64.rpm 8574f6c677faca78c6e26f050e5a880e 2008.0/x86_64/openoffice.org64-l10n-zu-2.2.1-4.4mdv2008.0.x86_64.rpm 8856df860bf381f5d92f962fceaa49c7 2008.0/x86_64/openoffice.org64-mono-2.2.1-4.4mdv2008.0.x86_64.rpm 3bfcc8d0f2008cf53b23eb1287fdb0b5 2008.0/x86_64/openoffice.org64-ooqstart-2.2.1-4.4mdv2008.0.x86_64.rpm 1f77c6c9cfb6a0aed77a33e12cf8f1f6 2008.0/SRPMS/openoffice.org-2.2.1-4.4mdv2008.0.src.rpm 84c73385fdcb1d0a1bc2c077f744a20f 2008.0/SRPMS/openoffice.org64-2.2.1-4.4mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIGyximqjQ0CJFipgRAjhzAJ92SagdMcfpQ+8+yUkIDfQwWHHXtQCdFatU AP1ht4X2KMYbLfHKsiEBKoY= =4vxy -----END PGP SIGNATURE----- From aluigi at autistici.org Fri May 2 20:14:34 2008 From: aluigi at autistici.org (Luigi Auriemma) Date: Fri, 2 May 2008 21:14:34 +0200 Subject: [Full-disclosure] Denial of Service in Call of Duty 4 1.5 Message-ID: <20080502211434.f98c4deb.aluigi@autistici.org> ####################################################################### Luigi Auriemma Application: Call of Duty 4: Modern Warfare http://www.callofduty.com Versions: <= 1.5 Platforms: Windows (tested) and Linux Bug: Denial of Service Exploitation: remote, versus server (in-game) Date: 02 May 2008 Thanx to: Chronos for the additional tests Author: Luigi Auriemma e-mail: aluigi at autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== Call of Duty 4 (CoD4) is the most recent and played game of the homonym series created by Infinity Ward (http://www.infinityward.com) with over 15000 internet servers. ####################################################################### ====== 2) Bug ====== In CoD4 has been introduced a new type of connectionless command (like getinfo, getstatus, connect and so on) called "stats" that seems related to player statistics and can be of 6 types which are sent by the client in sequential order just after having joined the remote game. Exists an additional type (7) which is accepted by the server and if a client uses it the remote server will crash due to a memcpy() with a negative size value (the attacker has no control over the source data and this value). The stats packet requires that the client is in the server since the qport value specified in it and both IP and port must match those used by the player, so the attacker must know the password if the server is protected, being not banned and moreover having a valid cdkey if the internet server requires it. ####################################################################### =========== 3) The Code =========== - plugin for the sudppipe proxy which modifies any stats packet enabling type 7: http://aluigi.org/mytoolz/sudppipe.zip http://aluigi.org/poc/cod4statz_sudp.zip Usage example: sudppipe -l cod4statz_sudp.dll SERVER PORT 20000 then from the CoD4 client type: connect 127.0.0.1:20000 the plugin does a very simple job, when a "stats" packet is received it places the 0x07 byte at offset 12. - stand-alone proof-of-concept which works versus servers without authorization (like LAN servers) for quickly testing the own servers without the need of using a CoD4 client: http://aluigi.org/poc/cod4statz.zip ####################################################################### ====== 4) Fix ====== No fix ####################################################################### --- Luigi Auriemma http://aluigi.org From fischerdk at fidoki.com Fri May 2 20:10:00 2008 From: fischerdk at fidoki.com (Douglas K. Fischer) Date: Fri, 02 May 2008 15:10:00 -0400 Subject: [Full-disclosure] defining 0day In-Reply-To: <4b6ee9310804191544v2540c511he86412232bb9e9f9@mail.gmail.com> References: <6905b1570709200621l2424978cr85de6a4c6939c283@mail.gmail.com> <46F2FF36.100@novell.com> <46F5FACF.9010807@novell.com> <20070923235235.GH41180@demeter.hydra> <64CF0185-2BDE-40D8-9BDC-9E66153186E1@e18.physik.tu-muenchen.de> <4b6ee9310804191544v2540c511he86412232bb9e9f9@mail.gmail.com> Message-ID: <481B6708.1050708@fidoki.com> -------- Original Message -------- Subject: Re: [Full-disclosure] defining 0day From: n3td3v To: Gadi Evron , full-disclosure at lists.grok.org.uk, n3td3v Date: 04/19/2008 18:44 > On Tue, Sep 25, 2007 at 8:02 PM, Gadi Evron wrote: > >> Okay. I think we exhausted the different views, and maybe we are now able >> to come to a conlusion on what we WANT 0day to mean. >> >> What do you, as professional, believe 0day should mean, regardless of >> previous definitions? >> >> Obviously, the term has become charged in the past couple of years with the >> targeted office vulnerabilities attacks, WMF, ANI, etc. >> >> We require a term to address these, just as much as we do "unpatched >> vulnerability" or "fully disclosed vulnerability". >> >> What other such descriptions should we consider before proceeding?