Full Disclosure mailing list archives
Re: WMF round-up, updates and de-mystification
From: "Anthony R. Nemmer" <intertwingled () qwest net>
Date: Thu, 05 Jan 2006 15:44:28 -0700
Microsoft just released patches for this vulnerability: http://www.microsoft.com/technet/security/bulletin/ms06-001.mspxUnfortunately there are no Microsoft patches for this critical exploit for Win 98, Win 98 SE, or Win 98 ME. Millions of people still use these operating systems. Why didn't Microsoft issue patches for them? Also, is there an unnofficial patch out there that will work for these operating systems?
Thanks, Anthony R. Nemmer InfoSecBOFH wrote:
So this patch is trusted because you said so? I have tested and confirmed that this patch only works in specific scnenarios and does not mitigate the entire issue. Variations still work. On 1/3/06, Gadi Evron <ge () linuxbox org> wrote:Quite a bit of confusing and a vast amount of information coming from all directions about the WMF 0day. Here are some URL's and generic facts to set us straight. The "patch" by Ilfak Guilfanov works, but by disabling a DLL in Windows. So far no problems have been observed by anyone using this patch. You should naturally check it out for yourselves but I and many others recommend it until Microsoft bothers to show up with their own patch. Ilfak is trusted and is in no way a Bad Guy. You can find more information about it at his blog: http://www.hexblog.com/2005/12/wmf_vuln.html If you are still not sure about the patch by Ilfak, check out the discussion of it going on in the funsec list about the patch, with Ilfak participating: https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Occasional information of new WMF problems keep coming in over there. In this URL you can find the best summary I have seen of the WMF issue: http://isc.sans.org/diary.php?storyid=994 by the "SANS ISC diary" team. In this URL you can find the best write-up I have seen on the WMF issue: http://blogs.securiteam.com/index.php/archives/167 By Matthew Murphy at the "Securiteam Blogs". Also, it should be noted at this time that since the first public discovery of this "problem", a new one has been coming in - every day. All the ones seen so far are variants of the original and in all ways the SAME problem. So, it would be best to acknowledge them as the same... or we will keep having a NEW 0day which really isn't for about 2 months when all these few dozen variations are exhausted. A small BUT IMPORTANT correction for future generations: The 0day was originally found and reported by Hubbard Dan from Websense on a closed vetted security mailing list, and later on at the Websense public page. All those who took credit for it took it wrongly. Thanks, and a better new year to us all, Gadi. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- SKYKING, SKYKING, DO NOT ANSWER _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- WMF round-up, updates and de-mystification Gadi Evron (Jan 03)
- Re: WMF round-up, updates and de-mystification Nancy Kramer (Jan 03)
- Re: WMF round-up, updates and de-mystification gat0r (Jan 03)
- Re: WMF round-up, updates and de-mystification InfoSecBOFH (Jan 03)
- Re: WMF round-up, updates and de-mystification ad () heapoverflow com (Jan 03)
- Re: WMF round-up, updates and de-mystification InfoSecBOFH (Jan 05)
- Message not available
- Re: WMF round-up, updates and de-mystification Crist J. Clark (Jan 04)
- Re: WMF round-up, updates and de-mystification ad () heapoverflow com (Jan 03)
- Message not available
- Re: WMF round-up, updates and de-mystification InfoSecBOFH (Jan 05)
- Re: WMF round-up, updates and de-mystification Nancy Kramer (Jan 03)
- Message not available
- Re: WMF round-up, updates and de-mystification InfoSecBOFH (Jan 05)
- Re: WMF round-up, updates and de-mystification Anthony R. Nemmer (Jan 05)
- Re: WMF round-up, updates and de-mystification Scott Renna (Jan 05)
- RE: WMF round-up, updates and de-mystification Mario Contestabile (Jan 04)
- Re: RE: WMF round-up, updates and de-mystification InfoSecBOFH (Jan 05)
- Re: Re: WMF round-up, updates and de-mystification InfoSecBOFH (Jan 05)
- <Possible follow-ups>
- RE: WMF round-up, updates and de-mystification Krpata, Tyler (Jan 03)
- RE: WMF round-up, updates and de-mystification Brance Amussen (Jan 04)
- RE: WMF round-up, updates and de-mystification James Bruce (Jan 04)