Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Dailydave Digest, Vol 12, Issue 9

From: James Hansen <jhansen () sensage com>
Date: Wed, 12 Jul 2006 12:48:11 -0400
Yes.  He was on a customer use case panel and was to talk about how he uses sensage.  NI and arcsight both had great 
presenters, one of which is JP morgan, who is also using us (which they didn't mention of course. )

Unfortunate that he wasn't here.

-----Original Message-----
From: dailydave-request () lists immunitysec com
To: dailydave () lists immunitysec com
Sent: 7/12/06 11:50 AM
Subject: Dailydave Digest, Vol 12, Issue 9

Send Dailydave mailing list submissions to
        dailydave () lists immunitysec com

To subscribe or unsubscribe via the World Wide Web, visit
        http://lists.immunitysec.com/mailman/listinfo/dailydave
or, via email, send a message with subject or body 'help' to
        dailydave-request () lists immunitysec com

You can reach the person managing the list at
        dailydave-owner () lists immunitysec com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Dailydave digest..."


Today's Topics:

   1. Re: DSU (H D Moore)
   2. Re: DSU (Florian Weimer)
   3. Re: DSU (pageexec () freemail hu)
   4. Re: DSU (Florian Weimer)
   5. Re: DSU (pageexec () freemail hu)
   6. Re: Question of the day: iTunes + Watermarking? (Dave Korn)
   7. iTunes (Steve Tornio)
   8. Re: MS05-027 exploits around? (Pusscat)
   9. Re: DSU (TINNES Julien RD-MAPS-ISS)
  10. Re: DSU (TINNES Julien RD-MAPS-ISS)


----------------------------------------------------------------------

Message: 1
Date: Tue, 11 Jul 2006 21:06:23 -0500
From: H D Moore <hdm-daily-dave () digitaloffense net>
Subject: Re: [Dailydave] DSU
To: dailydave () lists immunitysec com
Message-ID: <200607112106.23940.hdm-daily-dave () digitaloffense net>
Content-Type: text/plain;  charset="iso-8859-1"

Is Immunity using the cron.d technique for getting execution? I really 
like how the RS-Labs folks did it:

http://www.rs-labs.com/exploitsntools/rs_prctl_kernel.c

-HD

On Tuesday 11 July 2006 08:57, Dave Aitel wrote:

So the 2.6 prctl kernel bug is exploitable to get root. Typically on
these sorts of things, you just read what Paul Starzets has to say on
the matter and accept it. But for people who are having problems
believing it, we posted an exploit to the partner's page about it.



------------------------------

Message: 2
Date: Wed, 12 Jul 2006 06:34:23 +0200
From: Florian Weimer <fw () deneb enyo de>
Subject: Re: [Dailydave] DSU
To: pageexec () freemail hu
Cc: Dave Aitel <dave () immunityinc com>,       dailydave
        <dailydave () lists immunitysec com>
Message-ID: <87fyh7h25s.fsf () mid deneb enyo de>
Content-Type: text/plain; charset=us-ascii


On 11 Jul 2006 at 9:57, Dave Aitel wrote:

This is the difference between Linux and Windows. If this had been
Microsoft they would have just changed the behavior silently or made it
part of some other patch and hoped no one noticed.


sorry if i missed the sarcasm above, but are you suggesting that the
following is actually what it is claimed to be? ;-)

http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c85d1f9d358b24c5b05c3a2783a78423775a080


Most kernel bug fixes are not reviewed for their security impact.
This means that a lot of things are in fact fixed silently.  Perhaps
it's not as deliberate as what Microsoft is doing, but as a side
effect, some of these fixes are not picked up by vendors and do not
end up in their kernels, even though the bug fix has been published.


------------------------------

Message: 3
Date: Wed, 12 Jul 2006 10:41:23 +0200
From: pageexec () freemail hu
Subject: Re: [Dailydave] DSU
To: Florian Weimer <fw () deneb enyo de>
Cc: Dave Aitel <dave () immunityinc com>,       dailydave
        <dailydave () lists immunitysec com>
Message-ID: <44B4D1D3.4078.60835675 () pageexec freemail hu>
Content-Type: text/plain; charset=US-ASCII

On 12 Jul 2006 at 6:34, Florian Weimer wrote:

On 11 Jul 2006 at 9:57, Dave Aitel wrote:

This is the difference between Linux and Windows. If this had been
Microsoft they would have just changed the behavior silently or made it
part of some other patch and hoped no one noticed.


sorry if i missed the sarcasm above, but are you suggesting that the
following is actually what it is claimed to be? ;-)

http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c85d1f9d358b24c5b05c3a2783a78423775a080


Most kernel bug fixes are not reviewed for their security impact.
This means that a lot of things are in fact fixed silently.  Perhaps
it's not as deliberate as what Microsoft is doing, but as a side
effect, some of these fixes are not picked up by vendors and do not
end up in their kernels, even though the bug fix has been published.


nice try but then how do you explain the following:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2448

in particular note the date of the CVE entry vs. that of the commit
and the obvious discrepancy between the two descriptions. something
known to be as a security bug in May (hence the request for the CVE
entry) was committed with a rather non-descript message next month.

i for one would really like to see what went on on vendor-sec or the
kernel security list regarding this bug.



------------------------------

Message: 4
Date: Wed, 12 Jul 2006 11:00:39 +0200
From: Florian Weimer <fw () deneb enyo de>
Subject: Re: [Dailydave] DSU
To: pageexec () freemail hu
Cc: Dave Aitel <dave () immunityinc com>,       dailydave
        <dailydave () lists immunitysec com>
Message-ID: <8764i
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: