Full Disclosure mailing list archives
[Full-Disclosure] Re: Full-disclosure digest, Vol 1 #883 - 11 msgs
From: Rodrigo Gutierrez <packet () vtr net>
Date: 12 Jun 2003 11:13:53 +0200
We all agree that oner person is no1 when it comes to change the law of different countries, however the FoI you mention allow us to share our views, get united and perhaps do something about it later on. It would be just stupid me jumping outside congress, pretending them to the law. Rgds Rod.- On Thu, 2003-06-12 at 02:32, full-disclosure-request () lists netsys com wrote:
Send Full-Disclosure mailing list submissions to full-disclosure () lists netsys com To subscribe or unsubscribe via the World Wide Web, visit http://lists.netsys.com/mailman/listinfo/full-disclosure or, via email, send a message with subject or body 'help' to full-disclosure-request () lists netsys com You can reach the person managing the list at full-disclosure-admin () lists netsys com When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..." Today's Topics: 1. Re: USDOJ BRAINWASHING TECHNIQUES (Klaw) 2. MDKSA-2003:066 - Updated kernel packages fix multiple vulnerabilities (Mandrake Linux Security Team) 3. Re: Re: USDOJ BRAINWASHING TECHNIQUES (sockz loves you) 4. iDEFENSE Security Advisory 06.11.03: Denial of Service Vulnerability in SMC Networks' Barricade Wireless Router (iDEFENSE Labs) 5. Re: USDOJ BRAINWASHING TECHNIQUES (martin f krafft) 6. Re: USDOJ BRAINWASHING TECHNIQUES (martin f krafft) 7. Re: Re: USDOJ BRAINWASHING TECHNIQUES (Darren Reed) 8. Re: Re: USDOJ BRAINWASHING TECHNIQUES (morning_wood) 9. [SECURITY] [DSA-309-2] New eterm packages fix error introduced in DSA-309-1 (debian-security-announce () lists debian org) 10. [SECURITY] [DSA-313-1] New ethereal packages fix buffer overflows, integer overflows (debian-security-announce () lists debian org) 11. [SECURITY] [DSA-314-1] New atftp packages fix buffer overflow (debian-security-announce () lists debian org) --__--__-- Message: 1 Date: 11 Jun 2003 14:21:05 -0300 From: "Klaw" <klaw () jogos net> To: full-disclosure () lists netsys com Subject: [Full-disclosure] Re: USDOJ BRAINWASHING TECHNIQUES Hi every body, 1st of all, sorry for my poor english, but ill try to make myself as clear as possible. About the topic, thats very funny that none of the "DOJs defensors" (its in quotes couse what i want to mean is the ppl that is defending the way USA Gov thinks) talked about what fbi and cia does, hacking into everybodys accounts. Secondly, how come you say that: "Kidnapping is illegal, but apprehending criminals and putting them in jail is not repellent." What about a President killing milions of inocent ppl claiming thats becouse they have chemical weapon in theier country when 75% of the rest of world was claiming him not to do it ? Criminal depends on the point of view!!! How come the DOJs say: "What is privacy worth to you? What information about you (or your parents) do you think is private: medical information? grades? how much money you have? how much money you owe? your letters to a friend? To a boyfriend or girlfriend?" When they r the first to get into (or HACK into) your privacy stuff just to be sure that u arent doing what they dont want u to do. cmon guys... please lets open our eyes to the real truth. They want to manipulate and do BRAIN WASHING yes!!! we all know it. Its not interesting to inform and clarify the minds, so they take conclusion from theyer selfs. Its much better to "inser" info and tell u to obey. I, personally, dont think it has a solution, but, trying to justify what is "unjustfiable" is worthless. klaw KLAW klaw () jogos net --__--__-- Message: 2 Date: 11 Jun 2003 21:56:14 -0000 From: Mandrake Linux Security Team <security () linux-mandrake com> To: full-disclosure () lists netsys com Subject: [Full-disclosure] MDKSA-2003:066 - Updated kernel packages fix multiple vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ Mandrake Linux Security Update Advisory ________________________________________________________________________ Package name: kernel Advisory ID: MDKSA-2003:066 Date: June 11th, 2003 Affected versions: 9.1 ________________________________________________________________________ Problem Description: Multiple vulnerabilities were discovered and fixed in the Linux kernel. * CAN-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. * CAN-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. As well, a number of bug fixes were made in the 9.1 kernel including: * Support for more machines that did not work with APIC * Audigy2 support * New/updated modules: prims25, adiusbadsl, thinkpad, ieee1394, orinoco, via-rhine, * Fixed SiS IOAPIC * IRQ balancing has been fixed for SMP * Updates to ext3 * The previous ptrace fix has been redone to work better MandrakeSoft encourages all users to upgrade to these new kernels. Updated kernels will be available shortly for other supported platforms and architectures. ________________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0244 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0246 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0247 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0248 ________________________________________________________________________ Updated Packages: Mandrake Linux 9.1: bca5bada0476e53911f157e9ec5ca504 9.1/RPMS/kernel-2.4.21.0.18mdk-1-1mdk.i586.rpm 57ee4b2b038598cbd020f1e0752a61dd 9.1/RPMS/kernel-BOOT-2.4.21.0.18mdk-1-1mdk.i586.rpm b14c3291fab83bd1894c8b5217311dfa 9.1/RPMS/kernel-doc-2.4.21-0.18mdk.i586.rpm ed766922171751e1f05c6ce590af9755 9.1/RPMS/kernel-enterprise-2.4.21.0.18mdk-1-1mdk.i586.rpm 64c554564115626ff86cf3fd5e40ece1 9.1/RPMS/kernel-secure-2.4.21.0.18mdk-1-1mdk.i586.rpm 944017f71e79714767d94517cd41110d 9.1/RPMS/kernel-smp-2.4.21.0.18mdk-1-1mdk.i586.rpm 9621bebecb94bc6031ffaa073c4967f1 9.1/RPMS/kernel-source-2.4.21-0.18mdk.i586.rpm 9d0c651808a2874256489f3a90ad6fdb 9.1/SRPMS/kernel-2.4.21.0.18mdk-1-1mdk.src.rpm ________________________________________________________________________ Bug IDs fixed (see https://qa.mandrakesoft.com for more information): ________________________________________________________________________ To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig <filename> All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team from: https://www.mandrakesecure.net/RPM-GPG-KEYS Please be aware that sometimes it takes the mirrors a few hours to update. You can view other update advisories for Mandrake Linux at: http://www.mandrakesecure.net/en/advisories/ MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting: http://www.mandrakesecure.net/en/mlist.php If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.7 (GNU/Linux) mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7 WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg 2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy /NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPaIRgQQEQIA BgUCPI+UAwAKCRDniYrgcHcf8xK5AKCm/Mq8qP8GE0o1hEX22QsJMZwH5gCfZ72H 8TacOb3oAmBdprf+K6gkdOiIRgQQEQIABgUCOtOieAAKCRCv2bZyU0yB80MeAJ9K +jXt0cKuaUonRU+CRGetk6t9dgCfTRRL6/puOKdD6md70+K5EBBSvsG0OE1hbmRy YWtlIExpbnV4IFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QG1hbmRyYWtlc29mdC5j b20+iFcEExECABcFAjyPnuUFCwcKAwQDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmFi+ AJsHhohgnU3ik4+gy3EdFlB2i/MBoACg6lHn5cnVvTcmgNccWxeNxLLZI5e5AQ0E OWnn7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ 9F779FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzR xBXVJb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z 269s+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN 6SCXVl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZ jTcl3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo 0NAiRYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJ EJGXlA== =yGlX - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+56V+mqjQ0CJFipgRAu0bAJsElc3QmEl4WBRhUO7PNwit3HAjrwCfSClk 972cH4+NoFhTz+l8rQg1o88= =rOjs -----END PGP SIGNATURE----- --__--__-- Message: 3 From: "sockz loves you" <sockz () email com> To: full-disclosure () lists netsys com Date: Wed, 11 Jun 2003 21:10:33 -0100 Subject: Re: [Full-disclosure] Re: USDOJ BRAINWASHING TECHNIQUES ----- Original Message ----- From: "Klaw" <klaw () jogos net> Date: 11 Jun 2003 14:21:05 -0300 To: full-disclosure () lists netsys com Subject: [Full-disclosure] Re: USDOJ BRAINWASHING TECHNIQUESAbout the topic, thats very funny that none of the "DOJs defensors" (its in quotes couse what i want to mean is the ppl that is defending the way USA Gov thinks) talked about what fbi and cia does, hacking into everybodys accounts. Secondly, how come you say that: "Kidnapping is illegal, but apprehending criminals and putting them in jail is not repellent." What about a President killing milions of inocent ppl claiming thats becouse they have chemical weapon in theier country when 75% of the rest of world was claiming him not to do it ? Criminal depends on the point of view!!! How come the DOJs say:i agree entirely. when hackers start to kill millions of people, maybe THEN can we turn around and say "okay, its illegal". the governments of our nations commit far worse crimes on a daily basis than we do as citizens. citizens who are concerned about their civil rights, or are naturally curious about the world around them. this is why hacking should be decriminalised. its a white collar crime that wouldn't even be an issue if it weren't for corporations whining about losing money. okay sure, there have been a few major digital protests in the past, but how are these different from real life demonstrations? is not resistance, freedom of information, and activism a fundamental right of being human? this is no more the DOJ's world than it is my world, so why should there be a different set of rules for Government and People?I, personally, dont think it has a solution, but, trying to justify what is "unjustfiable" is worthless.exactly oh and darren, no i wasn't joking about encouraging the young hacker to develop his skills. its a legitimate option. enuff from me now ;\
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #883 - 11 msgs Rodrigo Gutierrez (Jun 12)