[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040512043406.27865.qmail@webmail35.rediffmail.com>
From: abhilash_scit at rediffmail.com (abhilash verma)
Subject: Re: Advisory 04/2004: Net(Free)BSD Systrace local root vulnerability
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040512/06973615/attachment.html
-------------- next part --------------
?
Brad,
Can you provide the details and the menu based exploit :) of the two vulnerabilities discovered by you last year.. It would be really helpful in doing the security assessments...
Thnx,
Abhilash
On Tue, 11 May 2004 full-disclosure-request@...ts.netsys.com wrote :
>Send Full-Disclosure mailing list submissions to
> full-disclosure@...ts.netsys.com
>
>To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.netsys.com/mailman/listinfo/full-disclosure
>or, via email, send a message with subject or body 'help' to
> full-disclosure-request@...ts.netsys.com
>
>You can reach the person managing the list at
> full-disclosure-admin@...ts.netsys.com
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Full-Disclosure digest..."
>
>
>Today's Topics:
>
> 1. Re: Advisory 04/2004: Net(Free)BSD Systrace local root vulnerability (spender@...ecurity.net)
> 2. RE: Learn from history? (Steffen Kluge)
> 3. Re: Registry Watcher (Troy Solo)
> 4. Vulnerabilites on a network (Daniele Carlucci)
> 5. Re: Learn from history? (Calum)
> 6. Re: Vulnerabilites on a network (Oliver Kellermann)
> 7. RE: Learn from history? (Jos Osborne)
> 8. Calcuating Loss (Michael Schaefer)
> 9. RE: Calcuating Loss (Jos Osborne)
> 10. Re: msxml3.dll Parsing Error Crashes Internet Explorer Remotely Upon Refresh (3APA3A)
> 11. Re: Calcuating Loss (Harlan Carvey)
> 12. [SECURITY] [DSA 502-1] New exim-tls packages fix buffer overflows (debian-security-announce@...ts.debian.org)
> 13. Re: iDEFENSE: Security Whitepaper on Trusted Computing Platforms (Nico Golde)
> 14. Re: Victory day - Sasser surrenders (Rob Clark)
> 15. Re: Calcuating Loss (Clint Bodungen)
> 16. RE: Calcuating Loss (Jos Osborne)
> 17. Re: Victory day - Sasser surrenders (p00p@...table.net)
> 18. info on JRE < 1.4.2_04 vulnerability (Mark W. Webb)
> 19. RE: Victory day - Sasser surrenders (Alerta Redsegura)
> 20. JRE < 1.4.2_04 vulnerability (Dolphsec)
> 21. Re: Calcuating Loss (Harlan Carvey)
> 22. Re: Victory day - Sasser surrenders (Maxime Ducharme)
> 23. PING: Outlook 2003 Spam (http-equiv@...ite.com)
> 24. JRE < 1.4.2_02 vulnerability (Dolphsec)
>
>--__--__--
>
>Message: 1
>Date: Tue, 11 May 2004 00:26:38 -0400
>To: full-disclosure@...ts.netsys.com
> From: spender@...ecurity.net
>Subject: [Full-Disclosure] Re: Advisory 04/2004: Net(Free)BSD Systrace local root vulnerability
>
>Just to clarify, this advisory does not involve either of the two
>vulnerabilities that I discovered over a year ago now that still remain
>unpatched. The one bug is a local root on Linux, NetBSD, FreeBSD,
>OpenBSD, and Mac OS X, and any other OS systrace is ported to in the
>future. The other bug is a complete bypass of systrace's "security" on
>Linux.
>
>Maybe keep looking Stefan ;)
>If you can find them, I'll release my fulling working MENU-BASED
>exploit. Actually, I was quite upset at first that someone had killed
>my bug but then I read the advisory closer and realized it was a
>different local root, imagine that ;) It amazes me that Niels has known
>a local root vulnerability has existed in his code for over a year and
>yet he hasn't even bothered to audit his own code, but instead continues
>to promote it.
>
>http://monkey.org/openbsd/archive/misc/0304/msg01400.html
>"I am looking forward to his local root exploit for systrace."
>Sorry Niels, no such luck today :(
>It was close!
>
>-Brad
>
>
>--__--__--
>
>Message: 2
> From: Steffen Kluge <kluge@...itsu.com.au>
>To: full-disclosure@...ts.netsys.com
>Date: Tue, 11 May 2004 17:23:25 +1000
>Subject: RE: [Full-Disclosure] Learn from history?
>
>
>----=_NextPart_ST_17_23_28_Tuesday_May_11_2004_24174
>Content-Type: text/plain
>Content-Transfer-Encoding: quoted-printable
>
>On Tue, 2004-05-11 at 00:50, Michal Zalewski wrote:
> > > R =3D E x p
> > >
> > > R =3D Risk
> > > E =3D event
> > > p =3D probability of the event happening
> >=20
> > If we must toy with bogus marketspeak "equations", shouldn't E - at the
> > very least - numerically correspond to the consequences (loss?) caused by
> > an event, rather than being an event itself?
>
>Of course. Prevalent risk management standards put "impact" in the place
>of "event" (which isn't quantifiable anyway). And they don't use an
>arithmetic product to combine impact and likelihood, but rather a
>matrix, which is not linear but more close to reality.
>
> > Otherwise, my risk R of getting a bar of chocolate from a stranger is
> > 0.001 * getting_chocolate_bar_from_stranger.
>
>Having avoided carbs for quite a while I can't really comment...
>
>Cheers
>Steffen.
>
>
>----=_NextPart_ST_17_23_28_Tuesday_May_11_2004_24174
>Content-Type: application/pgp-signature; name=signature.asc
>Content-Description: This is a digitally signed message part
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.2 (GNU/Linux)
>
>iD8DBQBAoH9tUmpSA4kzHnARAqKXAJ48SuIz+e3Yy/BOQnpAVBed8WHxugCZAT2n
>RtME3Nyfdy0FEi/2uBxtlnA=
>=h/s6
>-----END PGP SIGNATURE-----
>
>----=_NextPart_ST_17_23_28_Tuesday_May_11_2004_24174--
>
>
>--__--__--
>
>Message: 3
>Date: Mon, 10 May 2004 23:09:57 -0500
> From: Troy Solo <solo@....org>
>Organization: DoK Heavy Industries
>To: undisclosed-recipients:;
>Subject: Re: [Full-Disclosure] Registry Watcher
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Pardon if list readers feel this application is 'unworthy' but AdAware
>Pro (the pay-for version) has a TSR called AdWatch, that will alert to
>ANY changes in the registry, no matter how trivial. Any time a registry
>entry is changed or created or deleted, AdWatch will alert you and give
>you the option to Accept or Deny.
>
>The only drawback is that, as far as I know, it is PC-specific. There
>is no distributed management of registry changes with AdWatch.
>
>You can check out AdAware (and AdWatch) at http://www.lavasoft.de
>
>Sorry if I have mis-read this thread, there has been so much
>signal:noise ratio in here that it's hard to keep up. Hope I didn't
>waste anyone's time (of course, if you've read this far, I must have
>kept your attention for SOME reason.)
>
>- --
>/**************************/
>/* Troy Solo */
>/* <solo@....org> */
>/* Ignotum per Ignotius */
>/**************************/
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.4 (MingW32)
>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
>iD8DBQFAoFIVmaXTPtvAkS0RAgbCAJ4s4rCSMdaZ+Bms9CgQMbyhGXeQlgCffYLN
>LbAUWB5YLehteB9S2aobVSQ=
>=Gyr/
>-----END PGP SIGNATURE-----
>
>
>--__--__--
>
>Message: 4
>Date: Tue, 11 May 2004 10:25:25 +0200
> From: Daniele Carlucci <danielegiuseppe.carlucci@...denti.polito.it>
>To: full-disclosure@...ts.netsys.com
>Subject: [Full-Disclosure] Vulnerabilites on a network
>
>Hi,
>My name is Daniele.
>I'm a student of Informatic Engineering at Politecnico of Torino in Italy.
>I make a study about the network's security, can you tell me a link
>where I can find an index of the possible lack of a network, for
>example, DDOS, worm, congestion, ecc ecc.
>
>Thanks for your time and for your interest.
>
>Daniele Carlucci
>
>
>--__--__--
>
>Message: 5
> From: Calum <full-disclosure@...strial.co.uk>
>Reply-To: Calum <full-disclosure@...strial.co.uk>
>To: full-disclosure@...ts.netsys.com
>Subject: Re: [Full-Disclosure] Learn from history?
>Date: Tue, 11 May 2004 10:21:33 +0100
>
>On Monday 10 May 2004 22:46, Gwendolynn ferch Elydyr wrote:
>
> > ... or you may gain glass splinters or razor blades. Do -you- trust
> > everything that random strangers give you?
>
>Maybe we should all stay indoors in case we get hit on the head by a meteor,
>or get knocked over by a car.
>
>It's all about judgement, and evaluating risks.
>
>--
>
>Random russian saying: An indispensable thing never has much value.
>
>jabber: jcalum@...strial.co.uk
>pgp: http://gk.umtstrial.co.uk/~calum/keys.php
>Linux 2.6.5-gentoo 10:19:12 up 11 days, 16 min, 1 user, load average: 0.26,
>0.31, 0.19
>
>
>--__--__--
>
>Message: 6
> From: "Oliver Kellermann" <mail@...ver-kellermann.de>
>To: <full-disclosure@...ts.netsys.com>
>Subject: Re: [Full-Disclosure] Vulnerabilites on a network
>Date: Tue, 11 May 2004 11:52:36 +0200
>
>Hi!
>
>Try www.google.com. This should usually be the best start for every
>informatics engineering student.
>
>Cheers,
>Oliver
>
> >
> > Hi,
> > My name is Daniele.
> > I'm a student of Informatic Engineering at Politecnico of Torino in Italy.
> > I make a study about the network's security, can you tell me a link
> > where I can find an index of the possible lack of a network, for
> > example, DDOS, worm, congestion, ecc ecc.
> >
> > Thanks for your time and for your interest.
> >
> > Daniele Carlucci
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>--__--__--
>
>Message: 7
>Subject: RE: [Full-Disclosure] Learn from history?
>Date: Tue, 11 May 2004 11:11:33 +0100
> From: "Jos Osborne" <Jos@...temi.co.uk>
>To: "Full-Disclosure" <full-disclosure@...ts.netsys.com>
>
>Michal Zalewski wrote:
>
> > If we must toy with bogus marketspeak "equations", shouldn't E - at the
> > very least - numerically correspond to the consequences (loss?) caused by
> > an event, rather than being an event itself?
> >
> > Otherwise, my risk R of getting a bar of chocolate from a stranger is
> > 0.001 * getting_chocolate_bar_from_stranger.
> >
>
>Or ten times that if you're prepared to give them your administrator password...
>
>
>--__--__--
>
>Message: 8
>Date: Tue, 11 May 2004 08:57:48 -0400
> From: Michael Schaefer <mbs@...trealm.com>
>Reply-To: mbs@...trealm.com
>To: Full-Disclosure <full-disclosure@...ts.netsys.com>
>Subject: [Full-Disclosure] Calcuating Loss
>
>Loss?
>
>One of my biggest complaints is the way the industry "loses billions"
>whenever a virus or worm breaks out.
>
>I mean, securing and maintain your server is not a loss. Installing and
>updating your anti virus or IDS package is not a loss. All of these
>things should have been done anyway.
>
>If a server goes off line, I guess you could measure the revenue it may
>have produced as a loss, but technically, that is lack of income, not
>true loss.
>
>If you see someone complaining about all the money they lost doing what
>they should have been doing all along, I just see spin. And politics.
>
>M
>
>
>
>
> >Michal Zalewski wrote:
> >
> >
> >
> >>If we must toy with bogus marketspeak "equations", shouldn't E - at the
> >>very least - numerically correspond to the consequences (loss?) caused by
> >>an event, rather than being an event itself?
> >>
> >>
>
>
>--__--__--
>
>Message: 9
>Subject: RE: [Full-Disclosure] Calcuating Loss
>Date: Tue, 11 May 2004 14:24:31 +0100
> From: "Jos Osborne" <Jos@...temi.co.uk>
>To: "Full-Disclosure" <full-disclosure@...ts.netsys.com>
>
> >
> >If you see someone complaining about all the money they lost doing what
> >they should have been doing all along, I just see spin. And politics.
> >
> >M
>
>Especially when it's an AV vendor saying "Look, the IT business lost $2.8 gazillion due to their being hit by this worm. If only they'd protected their systems with a reliable anti-virus product we'd all be that much richer. Oh, by the way, wanna buy a reliable anti-virus package...?"
>
>90% Self-serving hype
>9% Overblown fear
>0.9% "Statistical maths"
>0.1% Reality
>
>
>--__--__--
>
>Message: 10
>Date: Tue, 11 May 2004 17:29:44 +0400
> From: 3APA3A <3APA3A@...URITY.NNOV.RU>
>Reply-To: 3APA3A <3APA3A@...URITY.NNOV.RU>
>Organization: http://www.security.nnov.ru
>To: "Rafel Ivgi, The-Insider" <theinsider@....net.il>
>Cc: "bugtraq" <bugtraq@...urityfocus.com>, full-disclosure@...ts.netsys.com
>Subject: Re: [Full-Disclosure] msxml3.dll Parsing Error Crashes Internet Explorer Remotely Upon Refresh
>
>Dear Rafel Ivgi, The-Insider,
>
>No crash on 6.0.2800.
>
>--Monday, May 10, 2004, 10:27:40 PM, you wrote to bugtraq@...urityfocus.com:
>
>RITI> msxml3.dll crashes after refreshing a page which contains & inside a
>RITI> link/value
>RITI> For Example : <Ref href = "&"/>
>RITI> This is due to a parsing error in msxml3.dll.
>
>RITI> Version Details:
>RITI> ---------------------
>RITI> I.E Version: 6.0.2600.0
>RITI> ModVer: 8.10.8308.0
>RITI> Module name: msxml3.dll
>RITI> Offset: 000b8c10
>
>RITI> Stack Dump:
>RITI> -----------------
>RITI> EAX=01CEE800
>RITI> EDI=01D02580
>RITI> EBX=00000000
>RITI> EBP=02C3F3E4
>RITI> ECX=00000000
>RITI> ESP=02C3FC74
>RITI> EDX=02D91364
>RITI> EIP=02E18C10
>RITI> ESI=00000000
>RITI> DS:00000004 GS:0000 ES:0023 SS:0023 CS:001B
>
>RITI> Live Example:
>RITI> http://theinsider.deep-ice.com/xmlcrash.xml
>RITI> AND REFRESH...
>
>RITI> _______________________________________________
>RITI> Full-Disclosure - We believe in it.
>RITI> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>--
>~/ZARAZA
>?????? ???????? ???????
Powered by blists - more mailing lists