Full Disclosure mailing list archives

Re: Full-Disclosure Digest, Vol 42, Issue 42

From: badr muhyeddin <gigiyousef () hotmail com>
Date: Sun, 17 Aug 2008 07:30:03 +0300


unsubscribe > From: full-disclosure-request () lists grok org uk> Subject: Full-Disclosure Digest, Vol 42, Issue 42> 
To: full-disclosure () lists grok org uk> Date: Sat, 16 Aug 2008 12:00:01 +0100> > Send Full-Disclosure mailing list 
submissions to> full-disclosure () lists grok org uk> > To subscribe or unsubscribe via the World Wide Web, visit> 
https://lists.grok.org.uk/mailman/listinfo/full-disclosure> or, via email, send a message with subject or body 'help' 
to> full-disclosure-request () lists grok org uk> > You can reach the person managing the list at> 
full-disclosure-owner () lists grok org uk> > When replying, please edit your Subject line so it is more specific> than 
"Re: Contents of Full-Disclosure digest..."> > > Note to digest recipients - when replying to digest posts, please trim 
your post appropriately. Thank you.> > > Today's Topics:> > 1. Re: weev, baby (hERB)> 2. Re: weev, baby (coderman)> 3. 
Health website vulnerable to hacking, no response from admins> after multiple at
 tempts (Kristian Erik Hermansen)> 4. Re: weev, baby (n3td3v)> 5. [ MDVSA-2008:171 ] postfix (security () mandriva 
com)> 6. [ MDVSA-2008:172 ] amarok (security () mandriva com)> 7. [PLSA 2008-25] Postfix: Local privilege escalation> 
(P?nar Yanarda?)> 8. Step-by-step instructions for debugging Cisco IOS using gdb> (Smiler S)> 9. Tool: PorkBind v1.3 
Nameserver Security Scanner (New Version)> (Derek Callaway)> 10. Re: [funsec] Internet attacks against Georgian web 
sites> (Radoslav Dejanovi?)> 11. Beware the firefox ZERO DAYZZZZ (T Biehn)> 12. Linus summarizes state of the "security 
industry" with> precision and accuracy. (coderman)> 13. Re: Linus summarizes state of the "security industry" with> 
precision and accuracy. (silky)> > > ----------------------------------------------------------------------> > Message: 
1> Date: Fri, 15 Aug 2008 12:15:55 +0100> From: hERB <herbster () gmail com>> Subject: Re: [Full-disclosure] weev, 
baby> To: full-disclosure () lists grok org uk> Message-ID:> <216
 0f86c0808150415n59d79459o4f841b2f0579af4f () mail gmail com>> Content-Type: text/plain; charset="iso-8859-1"> > Think 
you credit too much intelligence, more likely its:> > http://www.urbandictionary.com/define.php?term=TEABAG> > /hERB> > 
On Fri, Aug 15, 2008 at 8:42 AM, Gadi Evron <ge () linuxbox org> wrote:> > > Tea Baggins tebaggins at gmail.com> >> > 
Teatime from Pratchett and Bilbo Baggins from Tolkien?> >> > Nice touch.> >> > No idea what the rest of the trolling 
means.> >> > Gadi.> >> > _______________________________________________> > Full-Disclosure - We believe in it.> > 
Charter: http://lists.grok.org.uk/full-disclosure-charter.html> > Hosted and sponsored by Secunia - 
http://secunia.com/> >> > > > -- > #include <stddisclaimer.h>> -------------- next part --------------> An HTML 
attachment was scrubbed...> URL: 
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080815/98ac25b5/attachment-0001.html > > 
------------------------------> > Message: 2> Date: Fri,
  15 Aug 2008 09:56:19 -0700> From: coderman <coderman () gmail com>> Subject: Re: [Full-disclosure] weev, baby> To: 
hERB <herbster () gmail com>> Cc: full-disclosure () lists grok org uk> Message-ID:> 
<4ef5fec60808150956i67602f8h9e0872bb2310ef70 () mail gmail com>> Content-Type: text/plain; charset=ISO-8859-1> > On 
Fri, Aug 15, 2008 at 4:15 AM, hERB <herbster () gmail com> wrote:> > Think you credit too much intelligence, more 
likely its:> >> > http://www.urbandictionary.com/define.php?term=TEABAG> > sir, the etymology of the fine Tea Baggins, 
son of Frodo Baggins,> begat from Bilbo, son of Bungo Baggins, sired by Mungo Baggins, who's> father, the great Balbo 
Baggins, is patriarch of the tree of Baggins,> including all Tea Baggins, is not a matter to be taken lightly!> > 
please excuse yourself for such dishonor implied by this obscene> "TEABAG" reference.> > (also, contrary to popular 
misconception, the great Gandalf has never> enjoyed "lemon parties"; this rumor merely one of the many fre
 nzied> insults devised by Saruman's groupies...)> > > > ------------------------------> > Message: 3> Date: Fri, 15 
Aug 2008 13:02:30 -0700> From: "Kristian Erik Hermansen" <kristian.hermansen () gmail com>> Subject: [Full-disclosure] 
Health website vulnerable to hacking, no> response from admins after multiple attempts> To: full-disclosure () lists 
grok org uk> Message-ID:> <fe37588d0808151302g25d8aa8eq928d29ff6e42e0ea () mail gmail com>> Content-Type: text/plain; 
charset=ISO-8859-1> > I tried repeatedly to contact them. For the benefit of the health> patients using this website, 
can someone please investigate?> Thanks...> > https://secure.westclifflabs.com/secure/billing/default.asp> -- > 
Kristian Erik Hermansen> > > > ------------------------------> > Message: 4> Date: Fri, 15 Aug 2008 21:29:22 +0100> 
From: n3td3v <xploitable () gmail com>> Subject: Re: [Full-disclosure] weev, baby> To: full-disclosure () lists grok 
org uk> Message-ID:> <4b6ee9310808151329n3d75ee72g1e666c8d232caab5@mail
 .gmail.com>> Content-Type: text/plain; charset=ISO-8859-1> > On Fri, Aug 15, 2008 at 8:42 AM, Gadi Evron <ge () 
linuxbox org> wrote:> > Tea Baggins tebaggins at gmail.com> >> > Teatime from Pratchett and Bilbo Baggins from 
Tolkien?> >> > Nice touch.> >> > No idea what the rest of the trolling means.> >> > Gadi.> >> > You're the oldest troll 
on this list, you should know what all the> secret troll messages mean.> > All the best,> > n3td3v> > > > 
------------------------------> > Message: 5> Date: Fri, 15 Aug 2008 14:44:00 -0600> From: security () mandriva com> 
Subject: [Full-disclosure] [ MDVSA-2008:171 ] postfix> To: full-disclosure () lists grok org uk> Message-ID: 
<E1KU69Q-0005TT-Rg () titan mandriva com>> > > -----BEGIN PGP SIGNED MESSAGE-----> Hash: SHA1> > 
_______________________________________________________________________> > Mandriva Linux Security Advisory 
MDVSA-2008:171> http://www.mandriva.com/security/> 
______________________________________________________________________
 _> > Package : postfix> Date : August 15, 2008> Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0> 
_______________________________________________________________________> > Problem Description:> > Sebastian Krahmer of 
the SUSE Security Team discovered a flaw in> the way Postfix dereferenced symbolic links. If a local user had> write 
access to a mail spool directory without a root mailbox file,> it could be possible for them to append arbitrary data 
to files that> root had write permissions to (CVE-2008-2936).> > The updated packages have been patched to correct this 
issue.> _______________________________________________________________________> > References:> > 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2936> 
_______________________________________________________________________> > Updated Packages:> > Mandriva Linux 2007.1:> 
26e470b9c59a7f942865ff4c9a029f33 2007.1/i586/libpostfix1-2.3.8-1.1mdv2007.1.i586.rpm> 886bae30f28144d5cd12330eadc29beb 
2007
 .1/i586/postfix-2.3.8-1.1mdv2007.1.i586.rpm> 4490c64a7b39685f04dff74ce114edd1 
2007.1/i586/postfix-ldap-2.3.8-1.1mdv2007.1.i586.rpm> 03bc15e8554bb5519bccc27147dc49c5 
2007.1/i586/postfix-mysql-2.3.8-1.1mdv2007.1.i586.rpm> 4ce6d3583264a3d9a89e99554d8f5334 
2007.1/i586/postfix-pcre-2.3.8-1.1mdv2007.1.i586.rpm> 1fa256a3a7306dc4711d2c1f394e4779 
2007.1/i586/postfix-pgsql-2.3.8-1.1mdv2007.1.i586.rpm > 585a32ed0e7d643bec4be76ca56e96a3 
2007.1/SRPMS/postfix-2.3.8-1.1mdv2007.1.src.rpm> > Mandriva Linux 2007.1/X86_64:> c5b9aba41a5f7d4762e07611ab796ba9 
2007.1/x86_64/lib64postfix1-2.3.8-1.1mdv2007.1.x86_64.rpm> 34aaf8a7f5489382ae2fe752239c1ad3 
2007.1/x86_64/postfix-2.3.8-1.1mdv2007.1.x86_64.rpm> c1bbbc34d1a6951dfea07b479e7546a6 
2007.1/x86_64/postfix-ldap-2.3.8-1.1mdv2007.1.x86_64.rpm> 72c368adfd81383032aee96564edd1dc 
2007.1/x86_64/postfix-mysql-2.3.8-1.1mdv2007.1.x86_64.rpm> b6e9329425e1e4f6f1b591ca01c07527 
2007.1/x86_64/postfix-pcre-2.3.8-1.1mdv2007.1.x86_64.rpm> 858ac67feca2fae49be70f752a
 9f5688 2007.1/x86_64/postfix-pgsql-2.3.8-1.1mdv2007.1.x86_64.rpm > 585a32ed0e7d643bec4be76ca56e96a3 
2007.1/SRPMS/postfix-2.3.8-1.1mdv2007.1.src.rpm> > Mandriva Linux 2008.0:> 28f80755d3e08a050a3294f15bcdf0b0 
2008.0/i586/libpostfix1-2.4.5-2.1mdv2008.0.i586.rpm> 8e5a684b87309c502f34d76104e7291f 
2008.0/i586/postfix-2.4.5-2.1mdv2008.0.i586.rpm> fd4bd15f398bb8f9a90e59216b4a01dc 
2008.0/i586/postfix-ldap-2.4.5-2.1mdv2008.0.i586.rpm> 63e5be0f5c1dc8b28f173726c1648831 
2008.0/i586/postfix-mysql-2.4.5-2.1mdv2008.0.i586.rpm> 75e6b126fd04ce8cbef1d024a8d4af94 
2008.0/i586/postfix-pcre-2.4.5-2.1mdv2008.0.i586.rpm> 3eb0a04a986f20d4771b774b0707d5ff 
2008.0/i586/postfix-pgsql-2.4.5-2.1mdv2008.0.i586.rpm > d18e696ddd9948b311e84c1df3b4edfa 
2008.0/SRPMS/postfix-2.4.5-2.1mdv2008.0.src.rpm> > Mandriva Linux 2008.0/X86_64:> 25c8159e3a2b78ab281dcf6c7b5886d1 
2008.0/x86_64/lib64postfix1-2.4.5-2.1mdv2008.0.x86_64.rpm> 56bc517d9bb1cf9221ce8d35999ac7de 
2008.0/x86_64/postfix-2.4.5-2.1mdv2008.0.x86_64.rpm> 08
 af0c3454a642e57252180f6f8b8b1c 2008.0/x86_64/postfix-ldap-2.4.5-2.1mdv2008.0.x86_64.rpm> 
c8777d4816b661a2853df44228c97e26 2008.0/x86_64/postfix-mysql-2.4.5-2.1mdv2008.0.x86_64.rpm> 
08579717946ec5c32df7674286f9f45a 2008.0/x86_64/postfix-pcre-2.4.5-2.1mdv2008.0.x86_64.rpm> 
fda669add03041fa744d5738c7457c3a 2008.0/x86_64/postfix-pgsql-2.4.5-2.1mdv2008.0.x86_64.rpm > 
d18e696ddd9948b311e84c1df3b4edfa 2008.0/SRPMS/postfix-2.4.5-2.1mdv2008.0.src.rpm> > Mandriva Linux 2008.1:> 
5a3804f2c3effc218f5c2e2e3df27564 2008.1/i586/libpostfix1-2.5.1-2.1mdv2008.1.i586.rpm> 506d51b49e9c8c0e439fc8bc4c63ba29 
2008.1/i586/postfix-2.5.1-2.1mdv2008.1.i586.rpm> 34ef86dd70c956f2a99bdfac81183e09 
2008.1/i586/postfix-ldap-2.5.1-2.1mdv2008.1.i586.rpm> 1d07b91d48c60906f28b8a2eba99ca1c 
2008.1/i586/postfix-mysql-2.5.1-2.1mdv2008.1.i586.rpm> 70ba3c286521579fc49a54bba84472dd 
2008.1/i586/postfix-pcre-2.5.1-2.1mdv2008.1.i586.rpm> dca57a1b0579a8418ad10aac03322b2e 
2008.1/i586/postfix-pgsql-2.5.1-2.1mdv2008.1.i586.rpm
  > 0f3cb76c3893354103745ee331942f0d 2008.1/SRPMS/postfix-2.5.1-2.1mdv2008.1.src.rpm> > Mandriva Linux 2008.1/X86_64:> 
16d38a5b0b47edb0fc3395c63511bd6c 2008.1/x86_64/lib64postfix1-2.5.1-2.1mdv2008.1.x86_64.rpm> 
546f25ac9ea5aa167b9282bd8d4f537a 2008.1/x86_64/postfix-2.5.1-2.1mdv2008.1.x86_64.rpm> f1a917d26a5366044e570f6571c2fb10 
2008.1/x86_64/postfix-ldap-2.5.1-2.1mdv2008.1.x86_64.rpm> 4b2f2a4d53ef97dbd2c609afc9e61c77 
2008.1/x86_64/postfix-mysql-2.5.1-2.1mdv2008.1.x86_64.rpm> 266433d35cd238e9132b6225bc5d1258 
2008.1/x86_64/postfix-pcre-2.5.1-2.1mdv2008.1.x86_64.rpm> 78f8df45bf1c009701112a60294ccdeb 
2008.1/x86_64/postfix-pgsql-2.5.1-2.1mdv2008.1.x86_64.rpm > 0f3cb76c3893354103745ee331942f0d 
2008.1/SRPMS/postfix-2.5.1-2.1mdv2008.1.src.rpm> > Corporate 3.0:> 7d6dc0a422fa43c691a6819a9954d29c 
corporate/3.0/i586/libpostfix1-2.1.1-0.4.C30mdk.i586.rpm> 6c90a40a69bcd261d1fff8124d087d48 
corporate/3.0/i586/postfix-2.1.1-0.4.C30mdk.i586.rpm> 9e3468e37e512a5207a982ba606d8fb8 corporate/3.0/i
 586/postfix-ldap-2.1.1-0.4.C30mdk.i586.rpm> 8018f6af47a5659396a3d903c27b33d4 
corporate/3.0/i586/postfix-mysql-2.1.1-0.4.C30mdk.i586.rpm> ac40a515260bd75fe00c5e1610b11e7b 
corporate/3.0/i586/postfix-pcre-2.1.1-0.4.C30mdk.i586.rpm> f8675212bf047f8373846efe438d6e34 
corporate/3.0/i586/postfix-pgsql-2.1.1-0.4.C30mdk.i586.rpm > 0b9d6b89f64cf5c5ba64d4234ba958d3 
corporate/3.0/SRPMS/postfix-2.1.1-0.4.C30mdk.src.rpm> > Corporate 3.0/X86_64:> f695f71cf4e3cff94b76ffaa79e79276 
corporate/3.0/x86_64/lib64postfix1-2.1.1-0.4.C30mdk.x86_64.rpm> 479831782b7e851ee64b8686e5435742 
corporate/3.0/x86_64/postfix-2.1.1-0.4.C30mdk.x86_64.rpm> a52bf688f3f842c8062ca1e43748a442 
corporate/3.0/x86_64/postfix-ldap-2.1.1-0.4.C30mdk.x86_64.rpm> e286020374420577f7372bf98b3145f0 
corporate/3.0/x86_64/postfix-mysql-2.1.1-0.4.C30mdk.x86_64.rpm> 7c4d75cb5df1951918a3baf56aff0dcd 
corporate/3.0/x86_64/postfix-pcre-2.1.1-0.4.C30mdk.x86_64.rpm> e1b6ff7a49ab9dbd1cc8559ec9a747fe 
corporate/3.0/x86_64/postfix-pgsql-2.1.1-0.4
 .C30mdk.x86_64.rpm > 0b9d6b89f64cf5c5ba64d4234ba958d3 corporate/3.0/SRPMS/postfix-2.1.1-0.4.C30mdk.src.rpm> > 
Corporate 4.0:> c7e11fa492370b389f507fc3ae2b1d4a corporate/4.0/i586/libpostfix1-2.3.5-0.2.20060mlcs4.i586.rpm> 
f78b08147813d142dbebccfa3f2d1fc1 corporate/4.0/i586/postfix-2.3.5-0.2.20060mlcs4.i586.rpm> 
982fb6adba17ab2acfd477323a55db4c corporate/4.0/i586/postfix-ldap-2.3.5-0.2.20060mlcs4.i586.rpm> 
163b41ad32263b2a319720144153f5af corporate/4.0/i586/postfix-mysql-2.3.5-0.2.20060mlcs4.i586.rpm> 
7be21bfdc0f6e70d6da173d5005516f8 corporate/4.0/i586/postfix-pcre-2.3.5-0.2.20060mlcs4.i586.rpm> 
26c0b02352463bd5c33b67c146330701 corporate/4.0/i586/postfix-pgsql-2.3.5-0.2.20060mlcs4.i586.rpm > 
f9251f61013674ae03a5122d8c5cfd25 corporate/4.0/SRPMS/postfix-2.3.5-0.2.20060mlcs4.src.rpm> > Corporate 4.0/X86_64:> 
91d8789d61bc41409d96b0442ffb8d13 corporate/4.0/x86_64/lib64postfix1-2.3.5-0.2.20060mlcs4.x86_64.rpm> 
db6e1d07cd48fd215db13b6c0812629f corporate/4.0/x86_64/postfix-2.3.5-0.2.2
 0060mlcs4.x86_64.rpm> 6d57adb992f1903344a12c213116e2d9 
corporate/4.0/x86_64/postfix-ldap-2.3.5-0.2.20060mlcs4.x86_64.rpm> c3217315a710dddef6addc566542dbef 
corporate/4.0/x86_64/postfix-mysql-2.3.5-0.2.20060mlcs4.x86_64.rpm> 21db2224670acce491ff87269f21ec5e 
corporate/4.0/x86_64/postfix-pcre-2.3.5-0.2.20060mlcs4.x86_64.rpm> 89d5796c4d94bb6ab1ef26de400d032f 
corporate/4.0/x86_64/postfix-pgsql-2.3.5-0.2.20060mlcs4.x86_64.rpm > f9251f61013674ae03a5122d8c5cfd25 
corporate/4.0/SRPMS/postfix-2.3.5-0.2.20060mlcs4.src.rpm> 
_______________________________________________________________________> > To upgrade automatically use MandrivaUpdate 
or urpmi. The verification> of md5 checksums and GPG signatures is performed automatically for you.> > All packages are 
signed by Mandriva for security. You can obtain the> GPG public key of the Mandriva Security Team by executing:> > gpg 
--recv-keys --keyserver pgp.mit.edu 0x22458A98> > You can view other update advisories for Mandriva Linux at:> > ht
 tp://www.mandriva.com/security/advisories> > If you want to report vulnerabilities, please contact> > 
security_(at)_mandriva.com> _______________________________________________________________________> > Type Bits/KeyID 
Date User ID> pub 1024D/22458A98 2000-07-10 Mandriva Security Team> <security*mandriva.com>> -----BEGIN PGP 
SIGNATURE-----> Version: GnuPG v1.4.9 (GNU/Linux)> > iD8DBQFIpbu8mqjQ0CJFipgRApsdAJ0XV7YMQObXpiNScy6r/ct8BPjTIACg0mow> 
TLWvKH+6JSz18dJfpEjIxFw=> =rHfX> -----END PGP SIGNATURE-----> > > > ------------------------------> > Message: 6> Date: 
Fri, 15 Aug 2008 15:54:00 -0600> From: security () mandriva com> Subject: [Full-disclosure] [ MDVSA-2008:172 ] amarok> 
To: full-disclosure () lists grok org uk> Message-ID: <E1KU7FA-0005Z8-El () titan mandriva com>> > > -----BEGIN PGP 
SIGNED MESSAGE-----> Hash: SHA1> > _______________________________________________________________________> > Mandriva 
Linux Security Advisory MDVSA-2008:172> http://www.mandriva.com/security/> _
 ______________________________________________________________________> > Package : amarok> Date : August 15, 2008> 
Affected: 2008.0, 2008.1> _______________________________________________________________________> > Problem 
Description:> > A flaw in Amarok prior to 1.4.10 would allow local users to overwrite> arbitrary files via a symlink 
attack on a temporary file that Amarok> created with a predictable name (CVE-2008-3699).> > The updated packages have 
been patched to correct this issue.> _______________________________________________________________________> > 
References:> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699> 
_______________________________________________________________________> > Updated Packages:> > Mandriva Linux 2008.0:> 
add9881887c5e33288947a836ea829f7 2008.0/i586/amarok-1.4.7-9.1mdv2008.0.i586.rpm> 6cb1913a6bc874ea77a25d76521e39a8 
2008.0/i586/amarok-engine-xine-1.4.7-9.1mdv2008.0.i586.rpm> 66b1e073cc975872fb15e1d674462d6e 2008.0/i586/am
 arok-scripts-1.4.7-9.1mdv2008.0.i586.rpm> 9decca6e5825541b00c7942340308065 
2008.0/i586/libamarok0-1.4.7-9.1mdv2008.0.i586.rpm> f52da39d55c1ad5a475e14a7f4a42d11 
2008.0/i586/libamarok0-scripts-1.4.7-9.1mdv2008.0.i586.rpm> 130e958096e23249244e7e2ff02aa1f6 
2008.0/i586/libamarok-devel-1.4.7-9.1mdv2008.0.i586.rpm> 8d5dd406aa2cb0a56e922f8ff7d9ea34 
2008.0/i586/libamarok-scripts-devel-1.4.7-9.1mdv2008.0.i586.rpm > 36da208a1bb60169c8b721bfc9d38f15 
2008.0/SRPMS/amarok-1.4.7-9.1mdv2008.0.src.rpm> > Mandriva Linux 2008.0/X86_64:> c01e9b41a520a3a65398866daca707cf 
2008.0/x86_64/amarok-1.4.7-9.1mdv2008.0.x86_64.rpm> b300777e4a9db10814ba3a920ce690d0 
2008.0/x86_64/amarok-engine-xine-1.4.7-9.1mdv2008.0.x86_64.rpm> c24609bda65290240c8689b2863de9cb 
2008.0/x86_64/amarok-scripts-1.4.7-9.1mdv2008.0.x86_64.rpm> eb04320a5d103aef042f29ed9731ac8b 
2008.0/x86_64/lib64amarok0-1.4.7-9.1mdv2008.0.x86_64.rpm> c71f5eda86c58ad9bd78bebc06b63f01 
2008.0/x86_64/lib64amarok0-scripts-1.4.7-9.1mdv2008.0.x86_64.rpm> d
 f9206ff03dad2f1b2e3ce40e1cc190d 2008.0/x86_64/lib64amarok-devel-1.4.7-9.1mdv2008.0.x86_64.rpm> 
a9a45984a13f545e828c957e98ca2051 2008.0/x86_64/lib64amarok-scripts-devel-1.4.7-9.1mdv2008.0.x86_64.rpm > 
36da208a1bb60169c8b721bfc9d38f15 2008.0/SRPMS/amarok-1.4.7-9.1mdv2008.0.src.rpm> > Mandriva Linux 2008.1:> 
35bb66001f0a6efb796d476b1ba35098 2008.1/i586/amarok-1.4.8-12.1mdv2008.1.i586.rpm> 39f5f1cba6d2a2dd347e2004eb37b6b6 
2008.1/i586/amarok-engine-void-1.4.8-12.1mdv2008.1.i586.rpm> b54d096ed180078cc0adbf13ee9c1234 
2008.1/i586/amarok-engine-xine-1.4.8-12.1mdv2008.1.i586.rpm> c47c5274f6419497e83b9d9e129f0cee 
2008.1/i586/amarok-engine-yauap-1.4.8-12.1mdv2008.1.i586.rpm> f710c717a6bb71e445671688edca63c7 
2008.1/i586/amarok-scripts-1.4.8-12.1mdv2008.1.i586.rpm> d07c5193757104a086c798bd4acfa1ff 
2008.1/i586/libamarok0-1.4.8-12.1mdv2008.1.i586.rpm> 0886969d0cf8a00a24ec3767f7e26d52 
2008.1/i586/libamarok0-scripts-1.4.8-12.1mdv2008.1.i586.rpm> b448749b86d31cce3fe37803a6d76955 2008.1/i586/li
 bamarok-devel-1.4.8-12.1mdv2008.1.i586.rpm> 00b6a0c87044ad127837dd6b0eaaaf05 
2008.1/i586/libamarok-scripts-devel-1.4.8-12.1mdv2008.1.i586.rpm > d98786eee09881cdaa238f00e29e7c48 
2008.1/SRPMS/amarok-1.4.8-12.1mdv2008.1.src.rpm> > Mandriva Linux 2008.1/X86_64:> 4c90ca190be22b80aa57df40a054fb22 
2008.1/x86_64/amarok-1.4.8-12.1mdv2008.1.x86_64.rpm> 1a3c01858fcfbd321f65b8140252fa3e 
2008.1/x86_64/amarok-engine-void-1.4.8-12.1mdv2008.1.x86_64.rpm> d62f9425e5917415066c16f170b9f079 
2008.1/x86_64/amarok-engine-xine-1.4.8-12.1mdv2008.1.x86_64.rpm> d4ff899bf669f9f676df2e6b809f2fc8 
2008.1/x86_64/amarok-engine-yauap-1.4.8-12.1mdv2008.1.x86_64.rpm> 35a26a4ee0d82eaa8e52436dcf1bfaa9 
2008.1/x86_64/amarok-scripts-1.4.8-12.1mdv2008.1.x86_64.rpm> 9738454dec262ef9d19c93e7e78328c8 
2008.1/x86_64/lib64amarok0-1.4.8-12.1mdv2008.1.x86_64.rpm> 93414b3bd1d5b12a6cdb8fc48091785b 
2008.1/x86_64/lib64amarok0-scripts-1.4.8-12.1mdv2008.1.x86_64.rpm> a11bccff3c601e5d2f3a8501c72e709f 
2008.1/x86_64/lib64amarok-deve
 l-1.4.8-12.1mdv2008.1.x86_64.rpm> ec100b8483103dc815b52b3f546df167 
2008.1/x86_64/lib64amarok-scripts-devel-1.4.8-12.1mdv2008.1.x86_64.rpm > d98786eee09881cdaa238f00e29e7c48 
2008.1/SRPMS/amarok-1.4.8-12.1mdv2008.1.src.rpm> 
_______________________________________________________________________> > To upgrade automatically use MandrivaUpdate 
or urpmi. The verification> of md5 checksums and GPG signatures is performed automatically for you.> > All packages are 
signed by Mandriva for security. You can obtain the> GPG public key of the Mandriva Security Team by executing:> > gpg 
--recv-keys --keyserver pgp.mit.edu 0x22458A98> > You can view other update advisories for Mandriva Linux at:> > 
http://www.mandriva.com/security/advisories> > If you want to report vulnerabilities, please contact> > 
security_(at)_mandriva.com> _______________________________________________________________________> > Type Bits/KeyID 
Date User ID> pub 1024D/22458A98 2000-07-10 Mandriva Security Team> <secu
 rity*mandriva.com>> -----BEGIN PGP SIGNATURE-----> Version: GnuPG v1.4.9 (GNU/Linux)> > 
iD8DBQFIpc66mqjQ0CJFipgRAs8UAJ9zaZ2Q2gNIZIH2QjEkb24qy/p75wCfdjI9> 6ws9cZQ3VJO2BMZpRcO+NGY=> =uJ0s> -----END PGP 
SIGNATURE-----> > > > ------------------------------> > Message: 7> Date: Sat, 16 Aug 2008 03:12:16 +0300> From: P?nar 
Yanarda? <pinar () pardus org tr>> Subject: [Full-disclosure] [PLSA 2008-25] Postfix: Local privilege> escalation> To: 
pardus-security () pardus org tr> Cc: full-disclosure () lists grok org uk> Message-ID: <48A61B60.3040004 () pardus org 
tr>> Content-Type: text/plain; charset=UTF-8; format=flowed> > 
------------------------------------------------------------------------> Pardus Linux Security Advisory 2008-25 
security () pardus org tr> ------------------------------------------------------------------------> Date: 2008-08-16> 
Severity: 2> Type: Local> ------------------------------------------------------------------------> > Summary> =======>

Sebastian Krahmer has reporte

 d some security issues in Postfix, which> can be exploited by malicious, local users to disclose potentially> 
sensitive information and perform certain actions with escalated> privileges.> > > Description> ===========> > 1) A 
security issue is caused due to Postfix incorrectly handling> symlink files. This can be exploited to e.g. append mail 
messages to> arbitrary files by creating a hardlink to a symlink owned by the root> user.> > Successful exploitation 
requires write permission to the mail spool> directory, that there is no "root" mailbox, and users can create a> 
hardlink to a symlink.> > 2) A security issue is caused due to Postfix not correctly checking the> ownership of the 
destination when delivering email. This can be> exploited to e.g. disclose emails by creating an insecure mailbox file> 
for other users.> > Affected packages:> > Pardus 2008:> postfix, all before 2.5.4-20-4> Pardus 2007:> postfix, all 
before 2.3.4-12-11> > > Resolution> ==========> > There are upd
 ate(s) for postfix. You can update them via Package Manager> or with a single command from console:> > Pardus 2008:> 
pisi up postfix> > Pardus 2007:> pisi up postfix> > > References> ==========> > * 
http://de.postfix.org/ftpmirror/official/postfix-2.5.4.HISTORY> * 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2936> * 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2937> * 
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html> * http://secunia.com/advisories/31485> > 
------------------------------------------------------------------------> > -- > Pardus Security Team> 
http://security.pardus.org.tr> > > > > ------------------------------> > Message: 8> Date: Fri, 15 Aug 2008 19:20:18 
+0100> From: "Smiler S" <smiler808 () googlemail com>> Subject: [Full-disclosure] Step-by-step instructions for 
debugging> Cisco IOS using gdb> To: full-disclosure () lists grok org uk> Message-ID:> 
<46d5a9ed0808151120j54d980d2lcb085c0de5d93d07 () mail gmail com>> Conte
 nt-Type: text/plain; charset="iso-8859-1"> > From: Andy Davis> 
<iosftpexploit_at_googlemail.com<iosftpexploit_at_googlemail.com?Subject=Re:%20Step-by-step%20instructions%20for%20debugging%20Cisco%20IOS%20using%20gdb>>>

Date: Tue, 12 Aug 2008 22:01:37 +0100> > >Congratulations you are now debugging IOS ;-)> >One unusual feature, which

I have yet to explain is that when the> >registers are displayed they are all offset by 1 e.g:> > If a vector variable 
is stored in a register, gcc writes debug information> telling gdb which register the variable is stored in. This 
mapping is> changed between gcc2 & gcc3. Since there isn't anything in the debug output> to distinguish code compiled 
by gcc3 from code compiled by gcc2, there is no> way for gdb to know the right map. gdb supports the gcc3 map.> > If 
vector code is compiled by gcc2 as in the case of IOS, then the register> assignment will be off by 1.> > PS - Stop 
ripping Gyan and Varuns IOS research work you jackass cause you> ai
 n't getting no fame with that bullshit :P :P :P> -------------- next part --------------> An HTML attachment was 
scrubbed...> URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080815/9f01f697/attachment-0001.html

------------------------------> > Message: 9> Date: Fri, 15 Aug 2008 14:31:41 -0400 (EDT)> From: Derek Callaway

<super () innu org>> Subject: [Full-disclosure] Tool: PorkBind v1.3 Nameserver Security> Scanner (New Version)> To: 
bugtraq () securityfocus com> Cc: full-disclosure () lists grok org uk> Message-ID: <20080815142431.C36041 () innu 
org>> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed> > This program retrieves version information for the 
nameservers of a domain> and produces a report that describes possible vulnerabilities of each.> Vulnerability 
information is configurable through a configuration> file; the default is porkbind.conf. Each nameserver is tested for

recursive queries and zone transfers. The code is parallelized with > l

 ibpthread.> > http://www.innu.org/~super/tools/porkbind-1.3.tar.gz> > ChangeLog for this version:> > porkbind-1.3> 
------------> Wrote in-a-bind shell script that scans random domain names from DMOZ> Implemented recursive query 
testing> Changed porkbind.conf to use CVE numbers in addition to CERT alerts> Modified text displayed on stdout to make 
it more parsable> Licensed with GNU Lesser General Public License> Fixed timeout/concurrency/memory corruption bugs> 
Fixed improper comparison of alpha/beta version numbering bug> Added typecasts to silence compiler warnings> > > - 
Derek> > > > ------------------------------> > Message: 10> Date: Fri, 15 Aug 2008 22:18:32 +0200> From: Radoslav 
Dejanovi? <radoslav.dejanovic () opsus hr>> Subject: Re: [Full-disclosure] [funsec] Internet attacks against> Georgian 
web sites> To: Paul Ferguson <fergdawg () netzero net>> Cc: funsec () linuxbox org, full-disclosure () lists grok org 
uk,> bugtraq () securityfocus com, ge () linuxbox org> Message-ID: <48A5E498
 .308 () opsus hr>> Content-Type: text/plain; charset=ISO-8859-2> > Paul Ferguson wrote:> > > Also, I wish to say:> > >

"It is clear that there are anti-Georgian forces at work on the> > Internet."> > > > "Who they are, and what their

motivations are 9at this point),> > remains to be seen."> > Just for the record...> > There were in the past several 
such "cyber wars" between Croatia and> Serbia, with the scenario not quite unlike this one. The scenario is as> 
follows:> > 1. there's some political tension between countries;> > 2. someone on one side decides that it would be 
highly patriotic to> attack servers on the other side;> > 3. someone on the other side retaliates by attacking other 
country's> servers;> > 4. more individuals join in, adding to the magnitude of the event;> clueless media joins in with 
headlines like "brave local patriots are> hacking the (evil) other side into oblivion; we have won the real war,> we're 
going to win this one too";> > 5. governments do not q
 uite understand what is going on, but they do not> intervene because they can get some political points out of that 
mess> (cracked government web pages are collateral damage and in fact good for> propaganda);> > 6. after some time, the 
"cyberwar" ceases.> > > IMHO, what is going on in Georgia is a scenario like the one above. I> don't think there's any 
real cyberwar between governments going on, but> in fact local groups of people who believe that they're showing their> 
patriotism. Therefore:> > - who they are: groups of individuals, not a state operated force> > - what are their 
motivations: showing patriotism and having a> "legitimate" target to practice "cyberwar", as nobody is going to> 
prosecute a patriotic attack on enemy country's infrastructure.> > - how to end it: it will end by itself.> > > > 
------------------------------> > Message: 11> Date: Fri, 15 Aug 2008 21:54:02 -0400> From: "T Biehn" <tbiehn () gmail 
com>> Subject: [Full-disclosure] Beware the firefox ZERO DA
 YZZZZ> To: "Full Disclosure" <Full-Disclosure () lists grok org uk>> Message-ID:> 
<2d6724810808151854g5f0acab2x7273f8498cd0c752 () mail gmail com>> Content-Type: text/plain; charset=ISO-8859-1> > Watch 
out for those a.exe droppers boys and girls. Ran into in the wild.> > 
http://anubis.iseclab.org/result.php?taskid=cd5d6669682e89049195a55b6f982a84&refresh=1> > > > 
------------------------------> > Message: 12> Date: Fri, 15 Aug 2008 19:42:34 -0700> From: coderman <coderman () gmail 
com>> Subject: [Full-disclosure] Linus summarizes state of the "security> industry" with precision and accuracy.> To: 
"Full Disclosure" <full-disclosure () lists grok org uk>> Message-ID:> <4ef5fec60808151942h1f6866a8nd633c6a5a11eecc4 () 
mail gmail com>> Content-Type: text/plain; charset=ISO-8859-1> > ... hypothesis that "security researchers" are all 
masturbating monkey> whores is now proven definitively. [0]> > """> Too often, so-called "security" is split into two 
camps: one that> believes in nondisclosure of 
 problems by hiding knowledge until a bug> is fixed, and one that "revels in exposing vendor security holes> because 
they see that as just another proof that the vendors are> corrupt and crap, which admittedly mostly are," Torvalds 
states.> > Torvalds went on to say he views both camps as "crazy."> > "Both camps are whoring themselves out for their 
own reasons, and both> camps point fingers at each other as a way to cement their own reason> for existence," Torvalds 
asserts.> """> > 0. Torvalds Interview with Network World , 08/14/2008> 
http://www.networkworld.com/news/2008/081408-torvalds-security-circus.html> > > [ ED: Dr. Diggle the Zoologist grunt / 
proctologist has lots of company, lol ]> > > > ------------------------------> > Message: 13> Date: Sat, 16 Aug 2008 
13:34:36 +1000> From: silky <michaelslists () gmail com>> Subject: Re: [Full-disclosure] Linus summarizes state of the 
"security> industry" with precision and accuracy.> To: coderman <coderman () gmail com>> Cc: Full D
 isclosure <full-disclosure () lists grok org uk>> Message-ID:> <5e01c29a0808152034u3aab5ae2q5703e118babc3ac1 () mail 
gmail com>> Content-Type: text/plain; charset=ISO-8859-1> > On Sat, Aug 16, 2008 at 12:42 PM, coderman <coderman () 
gmail com> wrote:> > ... hypothesis that "security researchers" are all masturbating monkey> > whores is now proven 
definitively. [0]> > I feel I can speak for the entire monkeynet project> (http://www.themonkeynet.com/) when saying we 
are offended by this> comparision.> > > > """> > Too often, so-called "security" is split into two camps: one that> > 
believes in nondisclosure of problems by hiding knowledge until a bug> > is fixed, and one that "revels in exposing 
vendor security holes> > because they see that as just another proof that the vendors are> > corrupt and crap, which 
admittedly mostly are," Torvalds states.> >> > Torvalds went on to say he views both camps as "crazy."> >> > "Both 
camps are whoring themselves out for their own reasons, and bot
 h> > camps point fingers at each other as a way to cement their own reason> > for existence," Torvalds asserts.> > 
"""> >> > 0. Torvalds Interview with Network World , 08/14/2008> > 
http://www.networkworld.com/news/2008/081408-torvalds-security-circus.html> >> > [ ED: Dr. Diggle the Zoologist grunt / 
proctologist has lots of company, lol ]> > -- > noon silky> http://www.themonkeynet.com/armada/> 
http://www.themonkeynet.com/> > > > ------------------------------> > _______________________________________________> 
Full-Disclosure - We believe in it.> Charter: http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and 
sponsored by Secunia - http://secunia.com/> > End of Full-Disclosure Digest, Vol 42, Issue 42> 
***********************************************
_________________________________________________________________
Discover the new Windows Vista
http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Full-Disclosure Digest, Vol 42, Issue 42 badr muhyeddin (Aug 16)
- Re: Full-Disclosure Digest, Vol 42, Issue 42 William McAfee (Aug 17)