Dailydave mailing list archives
Re: Hahahaha
From: H D Moore <hdm-daily-dave () digitaloffense net>
Date: Tue, 2 Aug 2005 00:37:35 -0500
Tell me about it. Supposedly someone at the Shmoo Group discovered that msfconsole/msfcli doesn't strip terminal escape characters. Sad part is the vulnerabilities they reference are they ones that I found in the first place and *documented* in ./docs/SECURITY and the user guide... ( http://metasploit.com/projects/Framework/documentation.html#Security ) ---- - We recommend that you use a robust, secure terminal emulator when utilizing the command-line interfaces. Please see the references at the bottom of this document for more information. Terminal Emulator Security Issues http://www.digitaldefense.net/labs/papers/Termulation.txt ---- I didn't get a chance to see the talk, so if this is completely off base, someone correct me. I still haven't seen an email from Brian Caswell or any @shmoo.org address about it. In other news, Dino Dai Zovi actually found a *real* security hole in msfweb, more information can be found online at http://metasploit.com/archive/framework/msg00469.html -HD On Tuesday 02 August 2005 00:28, Dave Aitel wrote:
http://www.securityfocus.com/bid/14446/info Immunity CANVAS Unspecified Remote Vulnerability *Advisories:* *References:* * CANVAS Home Page <http://www.immunitysec.com/products-canvas.shtml> (Immunity Inc.) * DefCon Day 2: Patching Your Hacker Toolkit <http://blogs.washingtonpost.com/securityfix/2005/07/patching_your_e.ht ml> (Washington Post) -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Hahahaha Dave Aitel (Aug 01)
- Re: Hahahaha H D Moore (Aug 01)
- Re: Hahahaha H D Moore (Aug 01)
- Re: Hahahaha Blue Boar (Aug 01)
- Re: Hahahaha Bas Alberts (Aug 01)
- Re: Hahahaha Bas Alberts (Aug 01)
- Message not available
- Re: Hahahaha Bas Alberts (Aug 02)
- Re: Hahahaha Bas Alberts (Aug 01)
- Re: Hahahaha H D Moore (Aug 01)
- Re: Hahahaha security curmudgeon (Aug 08)
- Re: Hahahaha H D Moore (Aug 08)