Full Disclosure mailing list archives
[Full-Disclosure] Re: Full-disclosure digest, Vol 1 #2020 - 10 msgs
From: "jialc" <jialc () netpower com cn>
Date: Thu, 11 Nov 2004 19:34:11 +0800
full-disclosure-request,您好! ======= 2004-11-04 01:00:09 您在来信中写道:=======
Send Full-Disclosure mailing list submissions to full-disclosure () lists netsys com To subscribe or unsubscribe via the World Wide Web, visit http://lists.netsys.com/mailman/listinfo/full-disclosure or, via email, send a message with subject or body 'help' to full-disclosure-request () lists netsys com You can reach the person managing the list at full-disclosure-admin () lists netsys com When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..." Today's Topics: 1. I am NOT out of here hahaha (Frank de Wit) 2. Re: I am out of here (Berend-Jan Wever) 3. RE: Security (for the common people) in electronic vote? (Sean Crawford) 4. [ GLSA 200411-07 ] Proxytunnel: Format string vulnerability (Thierry Carrez) 5. Re: I am out of here (Berend-Jan Wever) 6. Re: How to clear contents of protected storage - Windows 2000 (Danny) 7. Re: How to clear contents of protected storage - Windows 2000 (Danny) 8. RE: I am out of here (Banta, Will) 9. Re: I am out of here (Barry Fitzgerald) 10. Re: I am out of here (kyle l) --__--__-- Message: 1 Date: Wed, 03 Nov 2004 11:30:56 +0100 From: Frank de Wit <frankdewit () home nl> CC: full-disclosure () lists netsys com Subject: [Full-disclosure] I am NOT out of here hahaha people talking about politics are usually boring, thinking only about themselves and what they can gain personally by doing politics politics have nothing to do with thinking about the wellbeing of people... only the RedCross, SalvationArmy, MSF etc do that that's why those people like to mail about offtopic things on this FD-list, they are too stupid to care or understand what they're doing personally I have fun pressing the delete key very much lately... they are all wrinting blisters on their fingers, and all for nothing because no-one reads it hahaha hojje from holland Ali Campbell wrote:Hugo van der Kooij wrote:Thank you all for turning a security mailinglist into a mudpool in which throwing around dirt about political candidates has become the prime objective. However that was not my objective when I came to this list so it seems this list has become rather useless to me. Quite a pity. But that is full-disclosure for you. So long and thanks for all the fish. Hugo.Me too. I'm unsubscribing. Have a nice day. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html--__--__-- Message: 2 From: "Berend-Jan Wever" <skylined () edup tudelft nl> To: <full-disclosure () lists netsys com> Subject: Re: [Full-disclosure] I am out of here Date: Wed, 3 Nov 2004 14:34:34 +0100 If you can't stand the heat, get out of the kitchen! Cheers, SkyLined --__--__-- Message: 3 Reply-To: <sean01 () accnet com au> From: "Sean Crawford" <sean01 () accnet com au> To: <full-disclosure () lists netsys com> Subject: RE: [Full-disclosure] Security (for the common people) in electronic vote? Date: Thu, 4 Nov 2004 01:05:47 +1100 Now Australian and the US both have angry gnomes as the heads of state..... Flame me off list please.... ---> ---> -----Messaggio originale----- ---> Surprise! ---> ---> with electronic vote win Bush, ---> so we've made a great scientific discover: ---> in information technology bits=bush :-) ---> ---> Tiziano Radice --__--__-- Message: 4 Date: Wed, 03 Nov 2004 15:06:32 +0100 From: Thierry Carrez <koon () gentoo org> Organization: Gentoo Linux To: gentoo-announce () gentoo org CC: bugtraq () securityfocus com, full-disclosure () lists netsys com, security-alerts () linuxsecurity com Subject: [Full-disclosure] [ GLSA 200411-07 ] Proxytunnel: Format string vulnerability This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig76CB791339E9D081EAF57416 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200411-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Proxytunnel: Format string vulnerability Date: November 03, 2004 Bugs: #69379 ID: 200411-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Proxytunnel is vulnerable to a format string vulnerability, potentially allowing a remote server to execute arbitrary code with the rights of the Proxytunnel process. Background ========== Proxytunnel is a program that tunnels connections to a remote server through a standard HTTPS proxy. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/proxytunnel < 1.2.3 >= 1.2.3 Description =========== Florian Schilhabel of the Gentoo Linux Security Audit project found a format string vulnerability in Proxytunnel. When the program is started in daemon mode (-a [port]), it improperly logs invalid proxy answers to syslog. Impact ====== A malicious remote server could send specially-crafted invalid answers to exploit the format string vulnerability, potentially allowing the execution of arbitrary code on the tunnelling host with the rights of the Proxytunnel process. Workaround ========== You can mitigate the issue by only allowing connections to trusted remote servers. Resolution ========== All Proxytunnel users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/proxytunnel-1.2.3" References ========== [ 1 ] CAN-2004-0992 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0992 [ 2 ] Proxytunnel News http://proxytunnel.sourceforge.net/news.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200411-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/1.0 --------------enig76CB791339E9D081EAF57416 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBiOXtvcL1obalX08RAnYnAJwIshpFa+FYWxodGye7GhzXT3u/4QCfezXh UCoNhH9Pa2ynywjd+lSdtUk= =WJOx -----END PGP SIGNATURE----- --------------enig76CB791339E9D081EAF57416-- --__--__-- Message: 5 From: "Berend-Jan Wever" <skylined () edup tudelft nl> To: <full-disclosure () lists netsys com> Subject: Re: [Full-disclosure] I am out of here Date: Wed, 3 Nov 2004 15:39:02 +0100If you can't stand the heat, get out of the kitchen!And btw: if you're not cooking, get the fuck out too! Cheers, SkyLined --__--__-- Message: 6 Date: Wed, 3 Nov 2004 09:56:31 -0500 From: Danny <nocmonkey () gmail com> Reply-To: Danny <nocmonkey () gmail com> To: 3APA3A <3apa3a () security nnov ru> Subject: Re: [Full-disclosure] How to clear contents of protected storage - Windows 2000 Cc: full-disclosure () lists netsys com On Wed, 3 Nov 2004 11:32:40 +0300, 3APA3A <3apa3a () security nnov ru> wrote:Dear Danny, You can use Cain & Abel (http://www.oxid.it).Hi 3APA3A, Thank you for the tip. For this particular job, it does not display all of the entries listed from pstoreview.exe, specifically the INETCOMM Server passwords. Anything else I can try? ...D --__--__-- Message: 7 Date: Wed, 3 Nov 2004 10:15:36 -0500 From: Danny <nocmonkey () gmail com> Reply-To: Danny <nocmonkey () gmail com> To: 3APA3A <3apa3a () security nnov ru> Subject: Re: [Full-disclosure] How to clear contents of protected storage - Windows 2000 Cc: full-disclosure () lists netsys com On Wed, 3 Nov 2004 09:56:31 -0500, Danny <nocmonkey () gmail com> wrote:On Wed, 3 Nov 2004 11:32:40 +0300, 3APA3A <3apa3a () security nnov ru> wrote:Dear Danny, You can use Cain & Abel (http://www.oxid.it).Hi 3APA3A, Thank you for the tip. For this particular job, it does not display all of the entries listed from pstoreview.exe, specifically the INETCOMM Server passwords. Anything else I can try?I found passview from nirsoft. Works. Case closed. ..D --__--__-- Message: 8 Subject: RE: [Full-disclosure] I am out of here Date: Wed, 3 Nov 2004 09:58:06 -0600 From: "Banta, Will" <Will.Banta () broadwing com> To: <full-disclosure () lists netsys com>Thank you all for turning a security mailinglist into a mudpool inwhich throwing around dirt about political candidates has becomethe prime objective.What we've seen on this list only serves to show how important this election is to many people the world over, not just Americans. The drama will subside and people will return to business. All you need do is wait it out and ignore the obvious OT stuff if you're uninterested. Granted people might be more judicious in their use of "reply all" over "reply".However that was not my objective when I came to this list so it seemsthis list has become rather useless to me. What was your objective in coming to this list?Quite a pity. But that is full-disclosure for you.I haven't been on this list long, but I've benefited from your posts so I think the pity is that you've decided to "take your blocks" and stalk off like a child.So long and thanks for all the fish.There's more fish so why not stay awhile longer?I hate duplicates. Just reply to the relevant mailinglist. hvdkooij () vanderkooij orghttp://hvdkooij.xs4all.nl/Don't meddle in the affairs of magicians, for they are subtle and quick to anger.--__--__-- Message: 9 Date: Wed, 03 Nov 2004 11:02:13 -0500 From: Barry Fitzgerald <bkfsec () sdf lonestar org> To: Berend-Jan Wever <skylined () edup tudelft nl> CC: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] I am out of here Berend-Jan Wever wrote:If you can't stand the heat, get out of the kitchen!And btw: if you're not cooking, get the fuck out too!Yeah - how hard is it to hit delete anyway? (I don't think I've ever joined a mailing list expecting every post to be interesting to me... nor even the majority. It seems like an unrealistic expectation.) -Barry --__--__-- Message: 10 Date: Wed, 3 Nov 2004 10:32:46 -0600 From: kyle l <wtfbomb () gmail com> Reply-To: kyle l <wtfbomb () gmail com> To: Berend-Jan Wever <skylined () edup tudelft nl> Subject: Re: [Full-disclosure] I am out of here Cc: full-disclosure () lists netsys com so stop bitching... it's people like you and people like me who waste their time sending the types of messages like this that piss everyone off if it didnt happen in the first place there would not be a problem consider this next time you feel the need to inform us about leaving the mailing list; we really dont care. honestly. [http://www.eleat.org] On Wed, 3 Nov 2004 15:39:02 +0100, Berend-Jan Wever <skylined () edup tudelft nl> wrote:If you can't stand the heat, get out of the kitchen!And btw: if you're not cooking, get the fuck out too! Cheers, SkyLined _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html--__--__-- _______________________________________________ Full-Disclosure mailing list Full-Disclosure () lists netsys com http://lists.netsys.com/mailman/listinfo/full-disclosure End of Full-Disclosure Digest
= = = = = = = = = = = = = = = = = = = = 致 礼! jialc jialc () netpower com cn 2004-11-11 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #2020 - 10 msgs jialc (Nov 11)
- <Possible follow-ups>
- [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #2020 - 10 msgs jialc (Nov 11)