Full Disclosure mailing list archives
Re: Advisory 04/2004: Net(Free)BSD Systrace local root vulnerability
From: "abhilash verma" <abhilash_scit () rediffmail com>
Date: 12 May 2004 04:34:06 -0000
Brad, Can you provide the details and the menu based exploit :) of the two vulnerabilities discovered by you last year.. It would be really helpful in doing the security assessments... Thnx, Abhilash On Tue, 11 May 2004 full-disclosure-request () lists netsys com wrote :
Send Full-Disclosure mailing list submissions to full-disclosure () lists netsys com To subscribe or unsubscribe via the World Wide Web, visit http://lists.netsys.com/mailman/listinfo/full-disclosure or, via email, send a message with subject or body 'help' to full-disclosure-request () lists netsys com You can reach the person managing the list at full-disclosure-admin () lists netsys com When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..." Today's Topics: 1. Re: Advisory 04/2004: Net(Free)BSD Systrace local root vulnerability (spender () grsecurity net) 2. RE: Learn from history? (Steffen Kluge) 3. Re: Registry Watcher (Troy Solo) 4. Vulnerabilites on a network (Daniele Carlucci) 5. Re: Learn from history? (Calum) 6. Re: Vulnerabilites on a network (Oliver Kellermann) 7. RE: Learn from history? (Jos Osborne) 8. Calcuating Loss (Michael Schaefer) 9. RE: Calcuating Loss (Jos Osborne) 10. Re: msxml3.dll Parsing Error Crashes Internet Explorer Remotely Upon Refresh (3APA3A) 11. Re: Calcuating Loss (Harlan Carvey) 12. [SECURITY] [DSA 502-1] New exim-tls packages fix buffer overflows (debian-security-announce () lists debian org) 13. Re: iDEFENSE: Security Whitepaper on Trusted Computing Platforms (Nico Golde) 14. Re: Victory day - Sasser surrenders (Rob Clark) 15. Re: Calcuating Loss (Clint Bodungen) 16. RE: Calcuating Loss (Jos Osborne) 17. Re: Victory day - Sasser surrenders (p00p () instable net) 18. info on JRE < 1.4.2_04 vulnerability (Mark W. Webb) 19. RE: Victory day - Sasser surrenders (Alerta Redsegura) 20. JRE < 1.4.2_04 vulnerability (Dolphsec) 21. Re: Calcuating Loss (Harlan Carvey) 22. Re: Victory day - Sasser surrenders (Maxime Ducharme) 23. PING: Outlook 2003 Spam (http-equiv () excite com) 24. JRE < 1.4.2_02 vulnerability (Dolphsec) --__--__-- Message: 1 Date: Tue, 11 May 2004 00:26:38 -0400 To: full-disclosure () lists netsys com From: spender () grsecurity net Subject: [Full-disclosure] Re: Advisory 04/2004: Net(Free)BSD Systrace local root vulnerability Just to clarify, this advisory does not involve either of the two vulnerabilities that I discovered over a year ago now that still remain unpatched. The one bug is a local root on Linux, NetBSD, FreeBSD, OpenBSD, and Mac OS X, and any other OS systrace is ported to in the future. The other bug is a complete bypass of systrace's "security" on Linux. Maybe keep looking Stefan ;) If you can find them, I'll release my fulling working MENU-BASED exploit. Actually, I was quite upset at first that someone had killed my bug but then I read the advisory closer and realized it was a different local root, imagine that ;) It amazes me that Niels has known a local root vulnerability has existed in his code for over a year and yet he hasn't even bothered to audit his own code, but instead continues to promote it. http://monkey.org/openbsd/archive/misc/0304/msg01400.html "I am looking forward to his local root exploit for systrace." Sorry Niels, no such luck today :( It was close! -Brad --__--__-- Message: 2 From: Steffen Kluge <kluge () fujitsu com au> To: full-disclosure () lists netsys com Date: Tue, 11 May 2004 17:23:25 +1000 Subject: RE: [Full-Disclosure] Learn from history? ----=_NextPart_ST_17_23_28_Tuesday_May_11_2004_24174 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2004-05-11 at 00:50, Michal Zalewski wrote:R =3D E x p R =3D Risk E =3D event p =3D probability of the event happening=20 If we must toy with bogus marketspeak "equations", shouldn't E - at the very least - numerically correspond to the consequences (loss?) caused by an event, rather than being an event itself?Of course. Prevalent risk management standards put "impact" in the place of "event" (which isn't quantifiable anyway). And they don't use an arithmetic product to combine impact and likelihood, but rather a matrix, which is not linear but more close to reality.Otherwise, my risk R of getting a bar of chocolate from a stranger is 0.001 * getting_chocolate_bar_from_stranger.Having avoided carbs for quite a while I can't really comment... Cheers Steffen. ----=_NextPart_ST_17_23_28_Tuesday_May_11_2004_24174 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQBAoH9tUmpSA4kzHnARAqKXAJ48SuIz+e3Yy/BOQnpAVBed8WHxugCZAT2n RtME3Nyfdy0FEi/2uBxtlnA= =h/s6 -----END PGP SIGNATURE----- ----=_NextPart_ST_17_23_28_Tuesday_May_11_2004_24174-- --__--__-- Message: 3 Date: Mon, 10 May 2004 23:09:57 -0500 From: Troy Solo <solo () dok org> Organization: DoK Heavy Industries To: undisclosed-recipients:; Subject: Re: [Full-disclosure] Registry Watcher -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pardon if list readers feel this application is 'unworthy' but AdAware Pro (the pay-for version) has a TSR called AdWatch, that will alert to ANY changes in the registry, no matter how trivial. Any time a registry entry is changed or created or deleted, AdWatch will alert you and give you the option to Accept or Deny. The only drawback is that, as far as I know, it is PC-specific. There is no distributed management of registry changes with AdWatch. You can check out AdAware (and AdWatch) at http://www.lavasoft.de Sorry if I have mis-read this thread, there has been so much signal:noise ratio in here that it's hard to keep up. Hope I didn't waste anyone's time (of course, if you've read this far, I must have kept your attention for SOME reason.) - -- /**************************/ /* Troy Solo */ /* <solo () dok org> */ /* Ignotum per Ignotius */ /**************************/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAoFIVmaXTPtvAkS0RAgbCAJ4s4rCSMdaZ+Bms9CgQMbyhGXeQlgCffYLN LbAUWB5YLehteB9S2aobVSQ= =Gyr/ -----END PGP SIGNATURE----- --__--__-- Message: 4 Date: Tue, 11 May 2004 10:25:25 +0200 From: Daniele Carlucci <danielegiuseppe.carlucci () studenti polito it> To: full-disclosure () lists netsys com Subject: [Full-disclosure] Vulnerabilites on a network Hi, My name is Daniele. I'm a student of Informatic Engineering at Politecnico of Torino in Italy. I make a study about the network's security, can you tell me a link where I can find an index of the possible lack of a network, for example, DDOS, worm, congestion, ecc ecc. Thanks for your time and for your interest. Daniele Carlucci --__--__-- Message: 5 From: Calum <full-disclosure () umtstrial co uk> Reply-To: Calum <full-disclosure () umtstrial co uk> To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Learn from history? Date: Tue, 11 May 2004 10:21:33 +0100 On Monday 10 May 2004 22:46, Gwendolynn ferch Elydyr wrote:... or you may gain glass splinters or razor blades. Do -you- trust everything that random strangers give you?Maybe we should all stay indoors in case we get hit on the head by a meteor, or get knocked over by a car. It's all about judgement, and evaluating risks. -- Random russian saying: An indispensable thing never has much value. jabber: jcalum () umtstrial co uk pgp: http://gk.umtstrial.co.uk/~calum/keys.php Linux 2.6.5-gentoo 10:19:12 up 11 days, 16 min, 1 user, load average: 0.26, 0.31, 0.19 --__--__-- Message: 6 From: "Oliver Kellermann" <mail () oliver-kellermann de> To: <full-disclosure () lists netsys com> Subject: Re: [Full-disclosure] Vulnerabilites on a network Date: Tue, 11 May 2004 11:52:36 +0200 Hi! Try www.google.com. This should usually be the best start for every informatics engineering student. Cheers, OliverHi, My name is Daniele. I'm a student of Informatic Engineering at Politecnico of Torino in Italy. I make a study about the network's security, can you tell me a link where I can find an index of the possible lack of a network, for example, DDOS, worm, congestion, ecc ecc. Thanks for your time and for your interest. Daniele Carlucci _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html--__--__-- Message: 7 Subject: RE: [Full-disclosure] Learn from history? Date: Tue, 11 May 2004 11:11:33 +0100 From: "Jos Osborne" <Jos () meltemi co uk> To: "Full-Disclosure" <full-disclosure () lists netsys com> Michal Zalewski wrote:If we must toy with bogus marketspeak "equations", shouldn't E - at the very least - numerically correspond to the consequences (loss?) caused by an event, rather than being an event itself? Otherwise, my risk R of getting a bar of chocolate from a stranger is 0.001 * getting_chocolate_bar_from_stranger.Or ten times that if you're prepared to give them your administrator password... --__--__-- Message: 8 Date: Tue, 11 May 2004 08:57:48 -0400 From: Michael Schaefer <mbs () mistrealm com> Reply-To: mbs () mistrealm com To: Full-Disclosure <full-disclosure () lists netsys com> Subject: [Full-disclosure] Calcuating Loss Loss? One of my biggest complaints is the way the industry "loses billions" whenever a virus or worm breaks out. I mean, securing and maintain your server is not a loss. Installing and updating your anti virus or IDS package is not a loss. All of these things should have been done anyway. If a server goes off line, I guess you could measure the revenue it may have produced as a loss, but technically, that is lack of income, not true loss. If you see someone complaining about all the money they lost doing what they should have been doing all along, I just see spin. And politics. MMichal Zalewski wrote:If we must toy with bogus marketspeak "equations", shouldn't E - at the very least - numerically correspond to the consequences (loss?) caused by an event, rather than being an event itself?--__--__-- Message: 9 Subject: RE: [Full-disclosure] Calcuating Loss Date: Tue, 11 May 2004 14:24:31 +0100 From: "Jos Osborne" <Jos () meltemi co uk> To: "Full-Disclosure" <full-disclosure () lists netsys com>If you see someone complaining about all the money they lost doing what they should have been doing all along, I just see spin. And politics. MEspecially when it's an AV vendor saying "Look, the IT business lost $2.8 gazillion due to their being hit by this worm. If only they'd protected their systems with a reliable anti-virus product we'd all be that much richer. Oh, by the way, wanna buy a reliable anti-virus package...?" 90% Self-serving hype 9% Overblown fear 0.9% "Statistical maths" 0.1% Reality --__--__-- Message: 10 Date: Tue, 11 May 2004 17:29:44 +0400 From: 3APA3A <3APA3A () SECURITY NNOV RU> Reply-To: 3APA3A <3APA3A () SECURITY NNOV RU> Organization: http://www.security.nnov.ru To: "Rafel Ivgi, The-Insider" <theinsider () 012 net il> Cc: "bugtraq" <bugtraq () securityfocus com>, full-disclosure () lists netsys com Subject: Re: [Full-Disclosure] msxml3.dll Parsing Error Crashes Internet Explorer Remotely Upon Refresh Dear Rafel Ivgi, The-Insider, No crash on 6.0.2800. --Monday, May 10, 2004, 10:27:40 PM, you wrote to bugtraq () securityfocus com: RITI> msxml3.dll crashes after refreshing a page which contains & inside a RITI> link/value RITI> For Example : <Ref href = "&"/> RITI> This is due to a parsing error in msxml3.dll. RITI> Version Details: RITI> --------------------- RITI> I.E Version: 6.0.2600.0 RITI> ModVer: 8.10.8308.0 RITI> Module name: msxml3.dll RITI> Offset: 000b8c10 RITI> Stack Dump: RITI> ----------------- RITI> EAX=01CEE800 RITI> EDI=01D02580 RITI> EBX=00000000 RITI> EBP=02C3F3E4 RITI> ECX=00000000 RITI> ESP=02C3FC74 RITI> EDX=02D91364 RITI> EIP=02E18C10 RITI> ESI=00000000 RITI> DS:00000004 GS:0000 ES:0023 SS:0023 CS:001B RITI> Live Example: RITI> http://theinsider.deep-ice.com/xmlcrash.xml RITI> AND REFRESH... RITI> _______________________________________________ RITI> Full-Disclosure - We believe in it. RITI> Charter: http://lists.netsys.com/full-disclosure-charter.html -- ~/ZARAZA Îñîáóþ ïðîáëåìó ñîñòàâë
Current thread:
- Re: Advisory 04/2004: Net(Free)BSD Systrace local root vulnerability spender (May 11)
- <Possible follow-ups>
- Re: Advisory 04/2004: Net(Free)BSD Systrace local root vulnerability abhilash verma (May 12)