Full Disclosure mailing list archives
Re: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1950 - 4 msgs
From: William Warren <hescominsoon () emmanuelcomputerconsulting com>
Date: Tue, 05 Oct 2004 15:13:27 -0400
go here to change your subscription: http://lists.netsys.com/mailman/listinfo/full-disclosure chris_tang () so-net com hk wrote:
Hi, Please be advised that my email has been changed to: chriskftang () yahoo com Please send all "full-disclosure" newsletters or related messages to the above email address. Thanx Best Rgds, Chris Tang ======================================================================On Tue, 05 Oct 2004 12:00 , full-disclosure-request () lists netsys com sent:Send Full-Disclosure mailing list submissions to full-disclosure () lists netsys com To subscribe or unsubscribe via the World Wide Web, visit http://lists.netsys.com/mailman/listinfo/full-disclosure or, via email, send a message with subject or body 'help' to full-disclosure-request () lists netsys com You can reach the person managing the list at full-disclosure-admin () lists netsys com When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..." Today's Topics: 1. [TURBOLINUX SECURITY INFO] 05/Oct/2004 (Turbolinux) 2. RE: Spyware installs with no interaction in IE on fully patched XP SP2 box (Castigliola, Angelo) 3. SUSE Security Announcement: samba (SUSE-SA:2004:035) (Thomas Biege) 4. Paranid ramblings - what's the deal? Bounded variables aren't? (Clairmont, Jan M) --__--__-- Message: 1 Date: Tue, 5 Oct 2004 22:30:17 +0900 From: Turbolinux security-announce () turbolinux co jp> Reply-To: server-users-e () turbolinux co jp To: security-announce () turbolinux co jp Subject: [Full-disclosure] [TURBOLINUX SECURITY INFO] 05/Oct/2004 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an announcement only email list for the x86 architecture. ============================================================ Turbolinux Security Announcement 05/Oct/2004 ============================================================ The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) squid -> DoS vulnerability in squid (2) ImageMagick -> Multiple buffer overflow vulnerabilities in ImageMagick =========================================================== * squid -> DoS vulnerability in squid =========================================================== More information : Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. A vulnerability in the NTLM helpers in squid. Impact : The vulnerabilities allow remote attackers to cause a denial of service of sauid server services. Affected Products : - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution :Please use the turbopkg (zabom) tool to apply the update. ---------------------------------------------[Turbolinux 10 Desktop, Turbolinux 10 F...] # zabom -u squid [other] # turbopkg or # zabom update squid --------------------------------------------- Source Packages Size : MD5 squid-2.5.STABLE6-11.src.rpm 1538211 ff3e34c4b8c71d250f2781179ceec73a Binary Packages Size : MD5 squid-2.5.STABLE6-11.i586.rpm 825195 85c3b583674e0ac0695c4cbf0404e586 Source Packages Size : MD5 squid-2.5.STABLE6-11.src.rpm 1538211 6b6d400ee15ee97ac6f7e98fbea26e50 Binary Packages Size : MD5 squid-2.5.STABLE6-11.i586.rpm 825663 bed921f91e657975cc6c72d2ea8f29d4 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm 1538211 b28eeeb88347c668fdb9938c4c1cd438 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm 825370 335f0fe78cfb204c86ff5b05d12bfd34 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm 1538211 181d72c2668f72b6e50190f784421bed Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm 825810 5e52e49f4be6e555f57b38ffb241c455 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm 1538211 45fd66fc13713b40beb996f664460f0e Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm 829880 e2a6cf6b67a7c74249b23bce5a4adedf Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm 1538211 191eab57b2adcecf91ceb4b34c94de09 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm 830034 d6142042afcd410376e5a875c5436bc9 Notice : After performing the update, it is necessary to restart the squid daemon. To do this, run the following command as user root. --------------------------------------------- # /etc/init.d/squid restart or # /etc/rc.d/init.d/squid restart --------------------------------------------- References: CVE [CAN-2004-0832] http://cve.mitre.org/cgi-bin/cvename.cgi\?name=CAN-2004-0832 =========================================================== * ImageMagick -> Multiple buffer overflow vulnerabilities in ImageMagick =========================================================== More information : ImageMagick(TM) is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF and Photo CD image file formats. Multiple buffer overflow vulnerabilities in ImageMagick allowing remote attackers to execute arbitrary code via a malformed image or video file. Impact : These vulnerabilities may allow remote attackers to execute arbitrary code via a malformed image or video file in AVI or BMP formats. Affected Products : - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution :Please use the turbopkg (zabom) tool to apply the update. ---------------------------------------------[Turbolinux 10 Desktop, Turbolinux 10 F...] # zabom -u ImageMagick ImageMagick-devel [other] # turbopkg or # zabom update ImageMagick ImageMagick-devel --------------------------------------------- Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/ImageMagick-5.5.7-5.src.rpm 5274681 6a9d3c1b208049830e7086b9aae75fe7 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-5.5.7-5.i586.rpm 2397224 dea16cf3ee2ce38381e3d2679ad8fa3c ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-devel-5.5.7-5.i586.rpm 555804 840cc5d2ec79afd5cfdbf4223f625195 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/ImageMagick-5.4.7-1.src.rpm 3614849 bb43185f084dd6e32f10694f35fb513d Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-5.4.7-2.i586.rpm 3207676 6839799de74d7439334a875a097b6049 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-c++-5.4.7-2.i586.rpm 1392173 d0af80e68a129fd41d301b7ec3469ff5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-devel-5.4.7-2.i586.rpm 855821 be80bb2b23c8b87ab831bb99201b85c8 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-perl-5.4.7-2.i586.rpm 60163 1281a234915115227a2bb2fa5071d6c7 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/ImageMagick-5.4.3-3.src.rpm 3665019 ae1a64cf87ea0e6598ca147abd3349e4 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/ImageMagick-5.4.3-3.i586.rpm 3668565 d065de9b0d5a58b6393cc4805e0eb405 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/ImageMagick-devel-5.4.3-3.i586.rpm971835 df0dda9a20ad43b2a8b3ee7a5313f6a8 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/ImageMagick-5.3.3-3.src.rpm 3656626 6197f1b2ff6d1a831d532a3fce210f94 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/ImageMagick-5.3.3-3.i586.rpm 3038600 0276001bdf52d75ab65dcac7ff4ebb49 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/ImageMagick-devel-5.3.3-3.i586.rpm 1267440 9e21404db4bf10a005a89f974fd8558e Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/ImageMagick-5.3.3-3.src.rpm 3656626 084f8247af6313928f5dcdae20ed9713 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/ImageMagick-5.3.3-3.i586.rpm 3039080 e3ca8b73f9a5f6cbaf8a136d121fdebf ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/ImageMagick-devel-5.3.3-3.i586.rpm1267050 a3e0ef2ac5bd589f453f5ab529981fab References: CVE [CAN-2004-0827] http://cve.mitre.org/cgi-bin/cvename.cgi\?name=CAN-2004-0827 * You may need to update the turbopkg tool before applying the update. Please refer to the following URL for detailed information. http://www.turbolinux.com/download/zabom.html http://www.turbolinux.com/download/zabomupdate.html Package Update Path http://www.turbolinux.com/update ============================================================ * To obtain the public key Here is the public key http://www.turbolinux.com/security/ * To unsubscribe from the list If you ever want to remove yourself from this mailing list, you can send a message to server-users-e-ctl () turbolinux co jp> with the word `unsubscribe' in the body (don't include the quotes). unsubscribe * To change your email address If you ever want to chage email address in this mailing list, you can send a message to server-users-e-ctl () turbolinux co jp> with the following command in the message body: chaddr 'old address' 'new address' If you have any questions or problems, please contact supp_info () turbolinux co jp> Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFBYqHtK0LzjOqIJMwRAgNPAJ9TkkL73895x0W7UXTix5/7Ai6vRQCgr1s5 D6e2lOCXUmCWuYNVxpgAvWY= =qIgj -----END PGP SIGNATURE----- --__--__-- Message: 2 Subject: RE: [Full-disclosure] Spyware installs with no interaction in IE on fully patched XP SP2 box Date: Tue, 5 Oct 2004 10:50:02 -0400 From: "Castigliola, Angelo" ACastigliola () unumprovident com> To: "Alla Bezroutchko" alla () scanit be>, full-disclosure () lists netsys com> I am sure there is a configuration setting or software (perhaps the software made the configuration change) that is preventing this frominstalling on your computer.I tested with a default XP SP1 install with all the Microsoft Updates that have been applied to stop this type of IE hack. The spyware still installs itself on the machine. XP SP1 with the following patches: http://support.microsoft.com/default.aspx\?scid=kb;en-us;814078 http://support.microsoft.com/default.aspx\?scid=kb;en-us;816093 http://support.microsoft.com/default.aspx\?scid=kb;en-us;823182 http://support.microsoft.com/default.aspx\?scid=kb;en-us;825119 http://support.microsoft.com/default.aspx\?scid=kb;en-us;832894 http://support.microsoft.com/default.aspx\?scid=kb;en-us;835732 http://support.microsoft.com/default.aspx\?scid=kb;en-us;840374 http://support.microsoft.com/default.aspx\?scid=kb;en-us;840315 http://support.microsoft.com/default.aspx\?scid=kb;en-us;839645 http://support.microsoft.com/default.aspx\?scid=kb;en-us;867801 These are _ALL_ the Microsoft Updates that specifically patch up IEholes.My question to the forum is: If this is not a 0-day IE exploit that allows software to install on a computer with no user interaction then what Microsoft Update applies to this exploit? Again I fear there is no Microsoft Update available that will fix this hole. Can someone confirm that a Default install of XP SP2 with all patches will not stop spyware from themexp.org from installing? Angelo Castigliola III Operations Technical Analyst I UnumProvident IT Services 207.575.3820 -----Original Message----- From: full-disclosure-admin () lists netsys com [full-disclosure-admin () lists netsys com','','','')">full-disclosure-admin () lists netsys com] On Behalf Of Alla Bezroutchko Sent: Tuesday, October 05, 2004 7:01 AM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Spyware installs with no interaction in IE on fully patched XP SP2 box Carr, Robert wrote:Interesting...I just went there, and he's right. Atpartners.cab installed without permission. My McAfee picked it right up as Atpartners.dll, downloadedto Temp Internet files. Spyware detected as NetPals. On the other hand, I'm admin of my machine, I wonder if a "user" would get an errormessage about not having the correct rights...I have tested it on Windows XP SP2 and on fully patched Windows 2000. Inboth cases _nothing_ gets run or installed. Both systems are more or less standard installations without any special IE hardening (except patches).When I surf to the site with Windows XP "Installing components... ATpartners.cab" briefly appears in the status bar and then the site getsdisplayed. Under the normal browser bars there is a message saying "The site might require the following ActiveX control: FREE on-line games andspecial offers from... Click here to install...". I don't click on it. Searching the disk for atpartnets.cab or atpartners.dll finds nothing. The CLSID of the ActiveX control only appears in the registry in "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".With Windows 2000 I also get "Installing components... ATpartners.cab" in the status bar and then the dialog box asking if I want to install "Free online games from ATgames.com". This is a usual dialog box you getwhen a page attempts to install an ActiveX control. If I click "No", nothing gets installed, no atpartners files on the file system, no traces of the CLSID in the registry.I suppose the cab file gets downloaded so that Windows can read and display the signature of the file. It does not get run or installed unless explicitly permitted by user.So, as far as I can see this is no 0-day. Alla. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html --__--__-- Message: 3 Date: Tue, 05 Oct 2004 16:57:52 +0200 From: Thomas Biege thomas () suse de> To: full-disclosure () lists netsys com Subject: [Full-disclosure] SUSE Security Announcement: samba (SUSE-SA:2004:035) -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SUSE Security Announcement Package: samba Announcement-ID: SUSE-SA:2004:035 Date: Tuesday, Oct 5th 2004 16:53:01 MEST Affected products: 8.1, 8.2, 9.0 SUSE Linux Enterprise Server 8 SUSE Linux Desktop 1.0 Vulnerability Type: remote file disclosure Severity (1-10): 6 SUSE default package: Yes Cross References: CAN-2004-0815 Content of this advisory: 1) security vulnerability resolved: - Samba file access problem problem description 2) solution/workaround 3) special instructions and notes 4) package location and checksums 5) pending vulnerabilities, solutions, workarounds: - opera - kernel - mozilla 6) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion The Samba server, which allows to share files and resources via the SMB/CIFS protocol, contains a bug in the sanitation code of path names which allows remote attackers to access files outside of the defined share. In order to access these files, they must be readable by the account used for the SMB session. CAN-2004-0815 has been assigned to this issue. 2) solution/workaround As a temporary workaround you can set the wide links = no option in smb.conf and restart the samba server. However an update is recommended nevertheless. 3) special instructions and notes After successfully updating the samba package, you need to issue the following command as root: rcsmb restart 4) package location and checksums Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. SUSE Linux 9.0: ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/samba-2.2.8a-226.i586.rpm eb71869029b35d2a97d55e26514524db patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/samba-2.2.8a-226.i586.patch.rpm 48bb3e455079fcfdf4ad2baa28f28557 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/samba-2.2.8a-226.src.rpm d162ea5a39b14ee16ae1c6d5df9211bb SUSE Linux 8.2: ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/samba-2.2.8a-225.i586.rpm 79b0514a827bdd782e6d3f62bb92fb85 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/samba-2.2.8a-225.i586.patch.rpm a50dd448212245d51e9ac59ae50514e8 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/samba-2.2.8a-225.src.rpm 25d488678b607b3c67612ee065abd77a SUSE Linux 8.1: ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-2.2.8a-224.i586.rpm 93d0fb2502f30593548dbe2f41ec8948 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-2.2.8a-224.i586.patch.rpm da5b107fb71c5daf5972b6e0aaca4f5c source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/samba-2.2.8a-224.src.rpm e0b9f9af6c5348cb9840b5d98a1c59dc x86-64 Platform: SUSE Linux 9.0: ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/samba-2.2.8a-226.x86_64.rpm 0f1c94aa23653b0cf9b318646d9153af patch rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/samba-2.2.8a-226.x86_64.patch.rpm 569974c359702c263b0968ce8fb9810f source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/samba-2.2.8a-226.src.rpm 75c1a01d03af42835809691840eaa331 ______________________________________________________________________________ 5) Pending vulnerabilities in SUSE Distributions and Workarounds: - opera New opera packages are available on our ftp servers, fixing CAN-2004-0691, CAN-2004-0597, CAN-2004-0598, CAN-2004-0599 and CAN-2004-0746. - kernel Update kernels for the kNFSd problem for SLES 8 and SL 8.1 have been released. - mozilla We are in the process of releasing updates for mozilla (and related browsers), fixing various issues: CAN-2004-0597, CAN-2004-0718, CAN-2004-0722, CAN-2004-0757, CAN-2004-0758, CAN-2004-0759, CAN-2004-0760, CAN-2004-0761, CAN-2004-0762, CAN-2004-0763, CAN-2004-0764 and CAN-2004-0765. We will give you concrete details in a separate mozilla advisory when the updates are available. ______________________________________________________________________________ 6) standard appendix: authenticity verification, additional information - Package authenticity verification: SUSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the commandmd5sum after you downloaded the file from a SUSE ftp server or its mirrors.Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key security () suse de), the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the commandrpm -v --checksig to verify the signature of the package, where is thefilename of the rpm package that you have downloaded. Of course, package authenticity verification can only target an un-installed rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SUSE in rpm packages for SUSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root):gpg --batch; gpg SUSE Linux distributions version 7.1 and thereafter install thekey "build () suse de" upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de . - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security () suse com - general/linux/SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an email to suse-security-subscribe () suse com>. suse-security-announce () suse com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an email to suse-security-announce-subscribe () suse com>.For general information or the frequently asked questions (faq) send mail to:suse-security-info () suse com> or suse-security-faq () suse com> respectively. ===================================================================== SUSE's security contact is security () suse com> or security () suse de>. The security () suse de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, it is desired that the clear-text signature shows proof of the authenticity of the text. SUSE Linux AG makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team security () suse de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key build () suse de> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iQEVAwUBQWK1Q3ey5gA9JdPZAQG2XAf/brEQk2j1Eh3S7Q3r9jnNHM/0oJ6rfish wS/GcWazRcIV7I8JnUqspDU9zYamS2oB8Vu977yTFc+nhTryvpWsbJDnQIjtYE52 bEMMFW6gYTzUqG2U31mWKaqtpuFJJNuA3Lu0HgsxaQJ5F7qjVcsBOwX5PqCARMFp KIcGJi8BtLsQ36x2ZWOXKG6p8jXxx8kSVln7T6e1T0v4tVURA6BaEkE4Dh0ZoKh1 V+lYw0QipbBIByWnY/rT4T1tvZE9NUG3JSHe0olyvDekmm/WzoHLIqOe2cKfR77a nNb+cA81JW7JJk10NWKY4hzUX9oLCN8/mAvl40nvCHX+9YHldeM3Ag== =LbT6 -----END PGP SIGNATURE----- --__--__-- Message: 4 Date: Tue, 5 Oct 2004 11:48:59 -0400 From: "Clairmont, Jan M" jan.m.clairmont () citigroup com> To: full-disclosure () lists netsys com> Subject: [Full-disclosure] Paranid ramblings - what's the deal? Bounded variables aren't? Every time I send out a memo to full-disclosure i get this this mail bounce message and it gets posted on full-disclosure. Anybody have an idea what's happening. Message Follows: From: Mailer-Daemon () ic-s nl Subject: NDN: [Full-disclosure] Shows when no limits are set or restricted shell or bat ac Sorry. Your message could not be delivered to: tycho,IC&S (The name was not found at the remote site. Check that the name has been entered correctly.) Are these guys phishing, swishing or whatever Netherlands uber alles? Or is this just their mail-server barfing? Should probably point dig at it and debug it but I have gotten in trouble for that type of "help" before? Keep on computing, even though your bytes are fried.Jan Clairmont, Paladin of the Dept. of Insecurity Department, where no redundancy is allowed or is it redundancy isrequired, have to look that up in the book of insecurity security chapter 4 verse 3(The bible of the Mad Arab Adulah Medula, taken fromthe NecronoMicron or the latest M$ directorate). Unix Security Support/Consultant I think? --__--__-- _______________________________________________ Full-Disclosure mailing list Full-Disclosure () lists netsys com http://lists.netsys.com/mailman/listinfo/full-disclosure End of Full-Disclosure Digest_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-- My "Foundation" verse:Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD.
-- carpe ductum -- "Grab the tape" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1950 - 4 msgs chris_tang (Oct 05)
- Re: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1950 - 4 msgs William Warren (Oct 05)