Full Disclosure mailing list archives
RE: Security Hole Found In Dave's Sock
From: "Ted Frederick" <tfrederick () ascentek com>
Date: Thu, 8 Sep 2005 13:29:56 -0400
alert toe $EXTERNAL_NET any -> $SNEAKER_NET any (msg:"EXPLOIT: Unauthorized Sock Overflow"; flow:to_Toe,established; content:"/sock/toe"; reference:FullDisclosure,2347; reference:cve,2001-0144; reference:cve,2001-0572; classtype:FootAccess-detect; sid:1324; rev:6;) -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Swain, Kenneth Sent: Thursday, September 08, 2005 1:19 PM To: John Kinsella; full-disclosure () lists grok org uk Subject: RE: [Full-disclosure] Secuirty Hole Found In Dave's Sock I have not seen any signatures for snort yet, but I heard that the bleeding snort team is working on it.I have not seen any signatures for snort yet, but I heard that the bleeding snort team is working on it. -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of John Kinsella Sent: Thursday, September 08, 2005 12:13 PM To: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Secuirty Hole Found In Dave's Sock Is anybody else seeing these attacks? Is this the China hackers again? I think I saw a hole last week, but my logs aren't that great so I'm going to have to go back and double-check. Could this be related to socks disappearing? Anybody have signatures for snort? John On Thu, Sep 08, 2005 at 01:02:09PM -0400, Dave Cawley wrote:
With the work around, putting it on the left foot, the
hole will be ABOVE the small toe and should not enlarge. This
hasn't been verifed yet, but the computer models point to this.
***************************************************************
Dave D. Cawley |
High Speed Internet | The number of Unix installations
Duryea, PA | has grown to 10, with more expected.
(570)451-4311 x104 | - The Unix Programmer's Manual,1972
dave.cawley () adelphia com |
***************************************************************
URL => http://www.adelphia.net
-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Daniel
Sent: Thursday, September 08, 2005 2:53 PM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Secuirty Hole Found In Dave's Sock
Hi all,
I see, that the hole getting greater if you use the socket without any
patches!
Can anyone verify this?
kind regards
Daniel
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Security Hole Found In Dave's Sock, (continued)
- RE: Security Hole Found In Dave's Sock Ted Frederick (Sep 08)
- RE: Security Hole Found In Dave's Sock y0himba (Sep 08)
- Re: Security Hole Found In Dave's Sock miah (Sep 08)
- RE: Security Hole Found In Dave's Sock y0himba (Sep 08)
- Re: Security Hole Found In Dave's Sock Andre Ludwig (Sep 08)
- RE: Security Hole Found In Dave's Sock y0himba (Sep 08)
- RE: Security Hole Found In Dave's Sock Raj Mathur (Sep 08)
- Re: Security Hole Found In Dave's Sock John Smith (Sep 08)
- RE: Security Hole Found In Dave's Sock Grant Rietze (Sep 08)
- RE: Security Hole Found In Dave's Sock Ted Frederick (Sep 08)