[Full-Disclosure] Re: Full-disclosure digest, Vol 1 #883 - 11 msgs

[Rodrigo Gutierrez <packet () vtr net>]

We all agree that oner person is no1 when it comes to change the law of
different countries, however the FoI you mention allow us to share our
views, get united and perhaps do something about it later on.

It would be just stupid me jumping outside congress, pretending them to
the law.

Rgds

Rod.-


On Thu, 2003-06-12 at 02:32, full-disclosure-request () lists netsys com
wrote:
> Send Full-Disclosure mailing list submissions to
>       full-disclosure () lists netsys com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>       http://lists.netsys.com/mailman/listinfo/full-disclosure
> or, via email, send a message with subject or body 'help' to
>       full-disclosure-request () lists netsys com
>
> You can reach the person managing the list at
>       full-disclosure-admin () lists netsys com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Full-Disclosure digest..."
>
>
> Today's Topics:
>
>    1. Re: USDOJ BRAINWASHING TECHNIQUES (Klaw)
>    2. MDKSA-2003:066 - Updated kernel packages fix multiple vulnerabilities (Mandrake Linux Security Team)
>    3. Re: Re: USDOJ BRAINWASHING TECHNIQUES (sockz loves you)
>    4. iDEFENSE Security Advisory 06.11.03: Denial of Service Vulnerability in SMC Networks' Barricade Wireless Router 
> (iDEFENSE Labs)
>    5. Re: USDOJ BRAINWASHING TECHNIQUES (martin f krafft)
>    6. Re: USDOJ BRAINWASHING TECHNIQUES (martin f krafft)
>    7. Re: Re: USDOJ BRAINWASHING TECHNIQUES (Darren Reed)
>    8. Re: Re: USDOJ BRAINWASHING TECHNIQUES (morning_wood)
>    9. [SECURITY] [DSA-309-2] New eterm packages fix error introduced in DSA-309-1 (debian-security-announce () lists 
> debian org)
>   10. [SECURITY] [DSA-313-1] New ethereal packages fix buffer overflows, integer overflows (debian-security-announce 
> () lists debian org)
>   11. [SECURITY] [DSA-314-1] New atftp packages fix buffer overflow (debian-security-announce () lists debian org)
>
> --__--__--
>
> Message: 1
> Date: 11 Jun 2003 14:21:05 -0300
> From: "Klaw" <klaw () jogos net>
> To: full-disclosure () lists netsys com
> Subject: [Full-disclosure] Re: USDOJ BRAINWASHING TECHNIQUES
>
> Hi every body,
>
> 1st of all, sorry for my poor english, but ill try to make myself as clear as possible.
>
> About the topic, thats very funny that none of the "DOJs defensors" (its in quotes couse what i want to mean is the 
> ppl that is defending the way USA Gov thinks) talked about what fbi and cia does, hacking into everybodys accounts. 
> Secondly, how come you say that:
>
> "Kidnapping is illegal, but apprehending criminals and putting them in jail is not repellent." 
>
> What about a President killing milions of inocent ppl claiming thats becouse they have chemical weapon in theier 
> country when 75% of the rest of world was claiming him not to do it ? Criminal depends on the point of view!!! How 
> come the DOJs say:
> "What is privacy worth to you? What information about you (or your parents) do you think is private: medical 
> information? grades? how much money you have? how much money you owe? your letters to a friend? To a boyfriend or 
> girlfriend?" 
> When they r the first to get into (or HACK into) your privacy stuff just to be sure that u arent doing what they dont 
> want u to do.
>
> cmon guys... please lets open our eyes to the real truth. They want to manipulate and do BRAIN WASHING yes!!! we all 
> know it. 
>
> Its not interesting to inform and clarify the minds, so they take conclusion from theyer selfs. Its much better to 
> "inser" info and tell u to obey.
>
> I, personally, dont think it has a solution, but, trying to justify what is "unjustfiable" is worthless.
>
> klaw
>
> KLAW
> klaw () jogos net
>
>
> --__--__--
>
> Message: 2
> Date: 11 Jun 2003 21:56:14 -0000
> From: Mandrake Linux Security Team <security () linux-mandrake com>
> To: full-disclosure () lists netsys com
> Subject: [Full-disclosure] MDKSA-2003:066 - Updated kernel packages fix multiple vulnerabilities
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ________________________________________________________________________
>
>                 Mandrake Linux Security Update Advisory
> ________________________________________________________________________
>
> Package name:           kernel
> Advisory ID:            MDKSA-2003:066
> Date:                   June 11th, 2003
>
> Affected versions:    9.1
> ________________________________________________________________________
>
> Problem Description:
>
>  Multiple vulnerabilities were discovered and fixed in the Linux kernel.
>  
>  * CAN-2003-0001: Multiple ethernet network card drivers do not pad
>    frames with null bytes which allows remote attackers to obtain
>    information from previous packets or kernel memory by using
>    special malformed packets.
>  
>  * CAN-2003-0244: The route cache implementation in the 2.4 kernel and
>    the Netfilter IP conntrack module allows remote attackers to cause a
>    Denial of Service (DoS) via CPU consumption due to packets with
>    forged source addresses that cause a large number of hash table
>    collisions related to the PREROUTING chain.
>  
>  * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier
>    kernels does not properly restrict privileges, which allows local
>    users to gain read or write access to certain I/O ports.
>  
>  * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel
>    allows attackers to cause a kernel oops resulting in a DoS.
>  
>  * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to
>    modify CPU state registers via a malformed address.
>  
>  As well, a number of bug fixes were made in the 9.1 kernel including:
>  
>  * Support for more machines that did not work with APIC
>  * Audigy2 support
>  * New/updated modules: prims25, adiusbadsl, thinkpad, ieee1394,
>    orinoco, via-rhine, 
>  * Fixed SiS IOAPIC
>  * IRQ balancing has been fixed for SMP
>  * Updates to ext3
>  * The previous ptrace fix has been redone to work better
>  
>  MandrakeSoft encourages all users to upgrade to these new kernels.
>  Updated kernels will be available shortly for other supported platforms
>  and architectures.
> ________________________________________________________________________
>
> References:
>   
>   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001
>   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0244
>   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0246
>   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0247
>   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0248
> ________________________________________________________________________
>
> Updated Packages:
>   
>  Mandrake Linux 9.1:
>  bca5bada0476e53911f157e9ec5ca504  9.1/RPMS/kernel-2.4.21.0.18mdk-1-1mdk.i586.rpm
>  57ee4b2b038598cbd020f1e0752a61dd  9.1/RPMS/kernel-BOOT-2.4.21.0.18mdk-1-1mdk.i586.rpm
>  b14c3291fab83bd1894c8b5217311dfa  9.1/RPMS/kernel-doc-2.4.21-0.18mdk.i586.rpm
>  ed766922171751e1f05c6ce590af9755  9.1/RPMS/kernel-enterprise-2.4.21.0.18mdk-1-1mdk.i586.rpm
>  64c554564115626ff86cf3fd5e40ece1  9.1/RPMS/kernel-secure-2.4.21.0.18mdk-1-1mdk.i586.rpm
>  944017f71e79714767d94517cd41110d  9.1/RPMS/kernel-smp-2.4.21.0.18mdk-1-1mdk.i586.rpm
>  9621bebecb94bc6031ffaa073c4967f1  9.1/RPMS/kernel-source-2.4.21-0.18mdk.i586.rpm
>  9d0c651808a2874256489f3a90ad6fdb  9.1/SRPMS/kernel-2.4.21.0.18mdk-1-1mdk.src.rpm
> ________________________________________________________________________
>
> Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
> ________________________________________________________________________
>
> To upgrade automatically, use MandrakeUpdate.  The verification of md5
> checksums and GPG signatures is performed automatically for you.
>
> If you want to upgrade manually, download the updated package from one
> of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
> FTP mirrors can be obtained from:
>
>   http://www.mandrakesecure.net/en/ftp.php
>
> Please verify the update prior to upgrading to ensure the integrity of
> the downloaded package.  You can do this with the command:
>
>   rpm --checksig <filename>
>
> All packages are signed by MandrakeSoft for security.  You can obtain
> the GPG public key of the Mandrake Linux Security Team from:
>
>   https://www.mandrakesecure.net/RPM-GPG-KEYS
>
> Please be aware that sometimes it takes the mirrors a few hours to
> update.
>
> You can view other update advisories for Mandrake Linux at:
>
>   http://www.mandrakesecure.net/en/advisories/
>
> MandrakeSoft has several security-related mailing list services that
> anyone can subscribe to.  Information on these lists can be obtained by
> visiting:
>
>   http://www.mandrakesecure.net/en/mlist.php
>
> If you want to report vulnerabilities, please contact
>
>   security_linux-mandrake.com
>
> Type Bits/KeyID     Date       User ID
> pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
>   <security linux-mandrake.com>
>
> - -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: GnuPG v1.0.7 (GNU/Linux)
>
> mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
> L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
> WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
> P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
> hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
> PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
> 2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
> iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
> LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
> ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
> PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
> /NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA
> BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP
> WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w
> Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPaIRgQQEQIA
> BgUCPI+UAwAKCRDniYrgcHcf8xK5AKCm/Mq8qP8GE0o1hEX22QsJMZwH5gCfZ72H
> 8TacOb3oAmBdprf+K6gkdOiIRgQQEQIABgUCOtOieAAKCRCv2bZyU0yB80MeAJ9K
> +jXt0cKuaUonRU+CRGetk6t9dgCfTRRL6/puOKdD6md70+K5EBBSvsG0OE1hbmRy
> YWtlIExpbnV4IFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QG1hbmRyYWtlc29mdC5j
> b20+iFcEExECABcFAjyPnuUFCwcKAwQDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmFi+
> AJsHhohgnU3ik4+gy3EdFlB2i/MBoACg6lHn5cnVvTcmgNccWxeNxLLZI5e5AQ0E
> OWnn7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ
> 9F779FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzR
> xBXVJb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z
> 269s+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN
> 6SCXVl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZ
> jTcl3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo
> 0NAiRYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJ
> EJGXlA==
> =yGlX
> - -----END PGP PUBLIC KEY BLOCK-----
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
>
> iD8DBQE+56V+mqjQ0CJFipgRAu0bAJsElc3QmEl4WBRhUO7PNwit3HAjrwCfSClk
> 972cH4+NoFhTz+l8rQg1o88=
> =rOjs
> -----END PGP SIGNATURE-----
>
> --__--__--
>
> Message: 3
> From: "sockz loves you" <sockz () email com>
> To: full-disclosure () lists netsys com
> Date: Wed, 11 Jun 2003 21:10:33 -0100
> Subject: Re: [Full-disclosure] Re: USDOJ BRAINWASHING TECHNIQUES
>
>
> ----- Original Message -----
> From: "Klaw" <klaw () jogos net>
> Date: 11 Jun 2003 14:21:05 -0300 
> To: full-disclosure () lists netsys com
> Subject: [Full-disclosure] Re: USDOJ BRAINWASHING TECHNIQUES
>
> > About the topic, thats very funny that none of the "DOJs defensors" (its
> > in quotes couse what i want to mean is the ppl that is defending the way USA
> > Gov thinks) talked about what fbi and cia does, hacking into everybodys 
> > accounts. Secondly, how come you say that:
> >
> > "Kidnapping is illegal, but apprehending criminals and putting them in jail
> > is not repellent." 
> >
> > What about a President killing milions of inocent ppl claiming thats becouse
> > they have chemical weapon in theier country when 75% of the rest of world was
> > claiming him not to do it ? Criminal depends on the point of view!!! How come
> > the DOJs say:
>
> i agree entirely.  when hackers start to kill millions of people, maybe THEN
> can we turn around and say "okay, its illegal".  the governments of our nations
> commit far worse crimes on a daily basis than we do as citizens.  citizens who
> are concerned about their civil rights, or are naturally curious about the
> world around them.  this is why hacking should be decriminalised.  its a white
> collar crime that wouldn't even be an issue if it weren't for corporations
> whining about losing money.  okay sure, there have been a few major digital
> protests in the past, but how are these different from real life demonstrations?
> is not resistance, freedom of information, and activism a fundamental right of
> being human?  this is no more the DOJ's world than it is my world, so why should
> there be a different set of rules for Government and People?
>
> > I, personally, dont think it has a solution, but, trying to justify what is
> > "unjustfiable" is worthless.
>
> exactly
>  
> oh and darren, no i wasn't joking about encouraging the young hacker to develop
> his skills.  its a legitimate option.
>
> enuff from me now ;\
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html