[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4162F257.7050509@emmanuelcomputerconsulting.com>
From: hescominsoon at emmanuelcomputerconsulting.com (William Warren)
Subject: Re: Full-Disclosure digest, Vol 1 #1950 - 4
msgs
go here to change your subscription:
http://lists.netsys.com/mailman/listinfo/full-disclosure
chris_tang@...net.com.hk wrote:
> Hi,
>
> Please be advised that my email has been changed to:
>
> chriskftang@...oo.com
>
> Please send all "full-disclosure" newsletters or related messages to
> the above email address.
>
> Thanx
>
> Best Rgds,
> Chris Tang
> ======================================================================
>
>
> On Tue, 05 Oct 2004 12:00 , full-disclosure-request@...ts.netsys.com sent:
>
>
>>Send Full-Disclosure mailing list submissions to
>> full-disclosure@...ts.netsys.com
>>
>>To subscribe or unsubscribe via the World Wide Web, visit
>> http://lists.netsys.com/mailman/listinfo/full-disclosure
>>or, via email, send a message with subject or body 'help' to
>> full-disclosure-request@...ts.netsys.com
>>
>>You can reach the person managing the list at
>> full-disclosure-admin@...ts.netsys.com
>>
>>When replying, please edit your Subject line so it is more specific
>>than "Re: Contents of Full-Disclosure digest..."
>>
>>
>>Today's Topics:
>>
>> 1. [TURBOLINUX SECURITY INFO] 05/Oct/2004 (Turbolinux)
>> 2. RE: Spyware installs with no interaction in IE on fully patched XP SP2 box (Castigliola, Angelo)
>> 3. SUSE Security Announcement: samba (SUSE-SA:2004:035) (Thomas Biege)
>> 4. Paranid ramblings - what's the deal? Bounded variables aren't? (Clairmont, Jan M)
>>
>>--__--__--
>>
>>Message: 1
>>Date: Tue, 5 Oct 2004 22:30:17 +0900
>>From: Turbolinux security-announce@...bolinux.co.jp>
>>Reply-To: server-users-e@...bolinux.co.jp
>>To: security-announce@...bolinux.co.jp
>>Subject: [Full-Disclosure] [TURBOLINUX SECURITY INFO] 05/Oct/2004
>>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>This is an announcement only email list for the x86 architecture.
>>============================================================
>>Turbolinux Security Announcement 05/Oct/2004
>>============================================================
>>
>>The following page contains the security information of Turbolinux Inc.
>>
>>- Turbolinux Security Center
>> http://www.turbolinux.com/security/
>>
>>(1) squid -> DoS vulnerability in squid
>>(2) ImageMagick -> Multiple buffer overflow vulnerabilities in ImageMagick
>>
>>===========================================================
>>* squid -> DoS vulnerability in squid
>>===========================================================
>>
>>More information :
>> Squid is a high-performance proxy caching server for web clients, supporting
>> FTP, gopher, and HTTP data objects. Unlike traditional caching software,
>> Squid handles all requests in a single, non-blocking, I/O-driven process.
>>
>> A vulnerability in the NTLM helpers in squid.
>>
>>Impact :
>> The vulnerabilities allow remote attackers to cause a denial of service of sauid server services.
>>
>>Affected Products :
>> - Turbolinux Appliance Server 1.0 Hosting Edition
>> - Turbolinux Appliance Server 1.0 Workgroup Edition
>> - Turbolinux 8 Server
>> - Turbolinux 8 Workstation
>> - Turbolinux 7 Server
>> - Turbolinux 7 Workstation
>>
>>Solution :
>> Please use the turbopkg (zabom) tool to apply the update.
>>---------------------------------------------
>>[Turbolinux 10 Desktop, Turbolinux 10 F...]
>># zabom -u squid
>>
>>[other]
>># turbopkg
>>or
>># zabom update squid
>>---------------------------------------------
>>
>>
>>
>>
>> Source Packages
>> Size : MD5
>>
>> squid-2.5.STABLE6-11.src.rpm
>> 1538211 ff3e34c4b8c71d250f2781179ceec73a
>>
>> Binary Packages
>> Size : MD5
>>
>> squid-2.5.STABLE6-11.i586.rpm
>> 825195 85c3b583674e0ac0695c4cbf0404e586
>>
>>
>>
>> Source Packages
>> Size : MD5
>>
>> squid-2.5.STABLE6-11.src.rpm
>> 1538211 6b6d400ee15ee97ac6f7e98fbea26e50
>>
>> Binary Packages
>> Size : MD5
>>
>> squid-2.5.STABLE6-11.i586.rpm
>> 825663 bed921f91e657975cc6c72d2ea8f29d4
>>
>>
>>
>> Source Packages
>> Size : MD5
>>
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
>> 1538211 b28eeeb88347c668fdb9938c4c1cd438
>>
>> Binary Packages
>> Size : MD5
>>
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
>> 825370 335f0fe78cfb204c86ff5b05d12bfd34
>>
>>
>>
>> Source Packages
>> Size : MD5
>>
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
>> 1538211 181d72c2668f72b6e50190f784421bed
>>
>> Binary Packages
>> Size : MD5
>>
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
>> 825810 5e52e49f4be6e555f57b38ffb241c455
>>
>>
>>
>> Source Packages
>> Size : MD5
>>
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
>> 1538211 45fd66fc13713b40beb996f664460f0e
>>
>> Binary Packages
>> Size : MD5
>>
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
>> 829880 e2a6cf6b67a7c74249b23bce5a4adedf
>>
>>
>>
>> Source Packages
>> Size : MD5
>>
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
>> 1538211 191eab57b2adcecf91ceb4b34c94de09
>>
>> Binary Packages
>> Size : MD5
>>
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
>> 830034 d6142042afcd410376e5a875c5436bc9
>>
>>
>>Notice :
>> After performing the update, it is necessary to restart the squid daemon.
>> To do this, run the following command as user root.
>>---------------------------------------------
>># /etc/init.d/squid restart
>>or
>># /etc/rc.d/init.d/squid restart
>>---------------------------------------------
>>
>>References:
>>
>>CVE
>> [CAN-2004-0832]
>> http://cve.mitre.org/cgi-bin/cvename.cgi\?name=CAN-2004-0832
>>
>>
>>===========================================================
>>* ImageMagick -> Multiple buffer overflow vulnerabilities in ImageMagick
>>===========================================================
>>
>>More information :
>> ImageMagick(TM) is an image display and manipulation tool for the X
>> Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF and
>> Photo CD image file formats.
>>
>> Multiple buffer overflow vulnerabilities in ImageMagick allowing remote
>> attackers to execute arbitrary code via a malformed image or video file.
>>
>>Impact :
>> These vulnerabilities may allow remote attackers to execute arbitrary
>> code via a malformed image or video file in AVI or BMP formats.
>>
>>Affected Products :
>> - Turbolinux 10 F...
>> - Turbolinux 10 Desktop
>> - Turbolinux 8 Server
>> - Turbolinux 8 Workstation
>> - Turbolinux 7 Server
>> - Turbolinux 7 Workstation
>>
>>Solution :
>> Please use the turbopkg (zabom) tool to apply the update.
>>---------------------------------------------
>>[Turbolinux 10 Desktop, Turbolinux 10 F...]
>># zabom -u ImageMagick ImageMagick-devel
>>
>>[other]
>># turbopkg
>>or
>># zabom update ImageMagick ImageMagick-devel
>>---------------------------------------------
>>
>>
>>
>>
>> Source Packages
>> Size : MD5
>>
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/ImageMagick-5.5.7-5.src.rpm
>> 5274681 6a9d3c1b208049830e7086b9aae75fe7
>>
>> Binary Packages
>> Size : MD5
>>
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-5.5.7-5.i586.rpm
>> 2397224 dea16cf3ee2ce38381e3d2679ad8fa3c
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-devel-5.5.7-5.i586.rpm
>> 555804 840cc5d2ec79afd5cfdbf4223f625195
>>
>>
>>
>> Source Packages
>> Size : MD5
>>
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/ImageMagick-5.4.7-1.src.rpm
>> 3614849 bb43185f084dd6e32f10694f35fb513d
>>
>> Binary Packages
>> Size : MD5
>>
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-5.4.7-2.i586.rpm
>> 3207676 6839799de74d7439334a875a097b6049
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-c++-5.4.7-2.i586.rpm
>> 1392173 d0af80e68a129fd41d301b7ec3469ff5
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-devel-5.4.7-2.i586.rpm
>> 855821 be80bb2b23c8b87ab831bb99201b85c8
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-perl-5.4.7-2.i586.rpm
>> 60163 1281a234915115227a2bb2fa5071d6c7
>>
>>
>>
>> Source Packages
>> Size : MD5
>>
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/ImageMagick-5.4.3-3.src.rpm
>> 3665019 ae1a64cf87ea0e6598ca147abd3349e4
>>
>> Binary Packages
>> Size : MD5
>>
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/ImageMagick-5.4.3-3.i586.rpm
>> 3668565 d065de9b0d5a58b6393cc4805e0eb405
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/ImageMagick-devel-5.4.3-
>
> 3.i586.rpm
>
>> 971835 df0dda9a20ad43b2a8b3ee7a5313f6a8
>>
>>
>>
>> Source Packages
>> Size : MD5
>>
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/ImageMagick-5.3.3-3.src.rpm
>> 3656626 6197f1b2ff6d1a831d532a3fce210f94
>>
>> Binary Packages
>> Size : MD5
>>
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/ImageMagick-5.3.3-3.i586.rpm
>> 3038600 0276001bdf52d75ab65dcac7ff4ebb49
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/ImageMagick-devel-5.3.3-3.i586.rpm
>> 1267440 9e21404db4bf10a005a89f974fd8558e
>>
>>
>>
>> Source Packages
>> Size : MD5
>>
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/ImageMagick-5.3.3-3.src.rpm
>> 3656626 084f8247af6313928f5dcdae20ed9713
>>
>> Binary Packages
>> Size : MD5
>>
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/ImageMagick-5.3.3-3.i586.rpm
>> 3039080 e3ca8b73f9a5f6cbaf8a136d121fdebf
>> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/ImageMagick-devel-5.3.3-
>
> 3.i586.rpm
>
>> 1267050 a3e0ef2ac5bd589f453f5ab529981fab
>>
>>
>>References:
>>
>>CVE
>> [CAN-2004-0827]
>> http://cve.mitre.org/cgi-bin/cvename.cgi\?name=CAN-2004-0827
>>
>>
>>* You may need to update the turbopkg tool before applying the update.
>>Please refer to the following URL for detailed information.
>>
>> http://www.turbolinux.com/download/zabom.html
>> http://www.turbolinux.com/download/zabomupdate.html
>>
>>Package Update Path
>>http://www.turbolinux.com/update
>>
>>============================================================
>>* To obtain the public key
>>
>>Here is the public key
>>
>>http://www.turbolinux.com/security/
>>
>>* To unsubscribe from the list
>>
>>If you ever want to remove yourself from this mailing list,
>> you can send a message to server-users-e-ctl@...bolinux.co.jp> with
>>the word `unsubscribe' in the body (don't include the quotes).
>>
>>unsubscribe
>>
>>* To change your email address
>>
>>If you ever want to chage email address in this mailing list,
>> you can send a message to server-users-e-ctl@...bolinux.co.jp> with
>>the following command in the message body:
>>
>> chaddr 'old address' 'new address'
>>
>>If you have any questions or problems, please contact
>>supp_info@...bolinux.co.jp>
>>
>>Thank you!
>>
>>-----BEGIN PGP SIGNATURE-----
>>Version: GnuPG v1.2.6 (GNU/Linux)
>>
>>iD8DBQFBYqHtK0LzjOqIJMwRAgNPAJ9TkkL73895x0W7UXTix5/7Ai6vRQCgr1s5
>>D6e2lOCXUmCWuYNVxpgAvWY=
>>=qIgj
>>-----END PGP SIGNATURE-----
>>
>>
>>
>>
>>
>>--__--__--
>>
>>Message: 2
>>Subject: RE: [Full-Disclosure] Spyware installs with no interaction in IE on fully patched XP SP2 box
>>Date: Tue, 5 Oct 2004 10:50:02 -0400
>>From: "Castigliola, Angelo" ACastigliola@...mprovident.com>
>>To: "Alla Bezroutchko" alla@...nit.be>, full-disclosure@...ts.netsys.com>
>>
>>I am sure there is a configuration setting or software (perhaps the
>>software made the configuration change) that is preventing this from
>>installing on your computer.
>>
>>I tested with a default XP SP1 install with all the Microsoft Updates
>>that have been applied to stop this type of IE hack. The spyware still
>>installs itself on the machine.
>>
>>XP SP1 with the following patches:
>>http://support.microsoft.com/default.aspx\?scid=kb;en-us;814078
>>http://support.microsoft.com/default.aspx\?scid=kb;en-us;816093
>>http://support.microsoft.com/default.aspx\?scid=kb;en-us;823182
>>http://support.microsoft.com/default.aspx\?scid=kb;en-us;825119
>>http://support.microsoft.com/default.aspx\?scid=kb;en-us;832894
>>http://support.microsoft.com/default.aspx\?scid=kb;en-us;835732
>>http://support.microsoft.com/default.aspx\?scid=kb;en-us;840374
>>http://support.microsoft.com/default.aspx\?scid=kb;en-us;840315
>>http://support.microsoft.com/default.aspx\?scid=kb;en-us;839645
>>http://support.microsoft.com/default.aspx\?scid=kb;en-us;867801
>>
>>These are _ALL_ the Microsoft Updates that specifically patch up IE
>>holes.
>>
>>My question to the forum is: If this is not a 0-day IE exploit that
>>allows software to install on a computer with no user interaction then
>>what Microsoft Update applies to this exploit?
>>
>>Again I fear there is no Microsoft Update available that will fix this
>>hole.
>>
>>Can someone confirm that a Default install of XP SP2 with all patches
>>will not stop spyware from themexp.org from installing?
>>
>>Angelo Castigliola III
>>Operations Technical Analyst I
>>UnumProvident IT Services
>>207.575.3820
>>
>>-----Original Message-----
>>From: full-disclosure-admin@...ts.netsys.com
>>[full-disclosure-admin@...ts.netsys.com','','','')">full-disclosure-admin@...ts.netsys.com] On Behalf Of Alla
>>Bezroutchko
>>Sent: Tuesday, October 05, 2004 7:01 AM
>>To: full-disclosure@...ts.netsys.com
>>Subject: Re: [Full-Disclosure] Spyware installs with no interaction in
>>IE on fully patched XP SP2 box
>>
>>
>>Carr, Robert wrote:
>>
>>>Interesting...
>>>
>>>I just went there, and he's right. Atpartners.cab installed without
>>>permission. My McAfee picked it right up as Atpartners.dll, downloaded
>>
>>>to Temp Internet files. Spyware detected as NetPals. On the other
>>>hand, I'm admin of my machine, I wonder if a "user" would get an error
>>
>>>message about not having the correct rights...
>>
>>I have tested it on Windows XP SP2 and on fully patched Windows 2000. In
>>
>>both cases _nothing_ gets run or installed. Both systems are more or
>>less standard installations without any special IE hardening (except
>>patches).
>>
>>When I surf to the site with Windows XP "Installing components...
>>ATpartners.cab" briefly appears in the status bar and then the site gets
>>
>>displayed. Under the normal browser bars there is a message saying "The
>>site might require the following ActiveX control: FREE on-line games and
>>
>>special offers from... Click here to install...". I don't click on it.
>>Searching the disk for atpartnets.cab or atpartners.dll finds nothing.
>>The CLSID of the ActiveX control only appears in the registry in
>>"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\"
>>.
>>
>>With Windows 2000 I also get "Installing components... ATpartners.cab"
>>in the status bar and then the dialog box asking if I want to install
>>"Free online games from ATgames.com". This is a usual dialog box you get
>>
>>when a page attempts to install an ActiveX control. If I click "No",
>>nothing gets installed, no atpartners files on the file system, no
>>traces of the CLSID in the registry.
>>
>>I suppose the cab file gets downloaded so that Windows can read and
>>display the signature of the file. It does not get run or installed
>>unless explicitly permitted by user.
>>
>>So, as far as I can see this is no 0-day.
>>
>>Alla.
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>>
>>--__--__--
>>
>>Message: 3
>>Date: Tue, 05 Oct 2004 16:57:52 +0200
>>From: Thomas Biege thomas@...e.de>
>>To: full-disclosure@...ts.netsys.com
>>Subject: [Full-Disclosure] SUSE Security Announcement: samba (SUSE-SA:2004:035)
>>
>>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>
>>______________________________________________________________________________
>>
>> SUSE Security Announcement
>>
>> Package: samba
>> Announcement-ID: SUSE-SA:2004:035
>> Date: Tuesday, Oct 5th 2004 16:53:01 MEST
>> Affected products: 8.1, 8.2, 9.0
>> SUSE Linux Enterprise Server 8
>> SUSE Linux Desktop 1.0
>> Vulnerability Type: remote file disclosure
>> Severity (1-10): 6
>> SUSE default package: Yes
>> Cross References: CAN-2004-0815
>>
>> Content of this advisory:
>> 1) security vulnerability resolved:
>> - Samba file access problem
>> problem description
>> 2) solution/workaround
>> 3) special instructions and notes
>> 4) package location and checksums
>> 5) pending vulnerabilities, solutions, workarounds:
>> - opera
>> - kernel
>> - mozilla
>> 6) standard appendix (further information)
>>
>>______________________________________________________________________________
>>
>>1) problem description, brief discussion
>>
>> The Samba server, which allows to share files and resources via
>> the SMB/CIFS protocol, contains a bug in the sanitation code of path
>> names which allows remote attackers to access files outside of the
>> defined share. In order to access these files, they must be readable
>> by the account used for the SMB session.
>> CAN-2004-0815 has been assigned to this issue.
>>
>>2) solution/workaround
>>
>> As a temporary workaround you can set the
>> wide links = no
>> option in smb.conf and restart the samba server. However an update
>> is recommended nevertheless.
>>
>>3) special instructions and notes
>>
>> After successfully updating the samba package, you need to issue the
>> following command as root:
>>
>> rcsmb restart
>>
>>4) package location and checksums
>>
>> Please download the update package for your distribution and verify its
>> integrity by the methods listed in section 3) of this announcement.
>> Then, install the package using the command "rpm -Fhv file.rpm" to apply
>> the update.
>> Our maintenance customers are being notified individually. The packages
>> are being offered to install from the maintenance web.
>>
>> SUSE Linux 9.0:
>> ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/samba-2.2.8a-226.i586.rpm
>> eb71869029b35d2a97d55e26514524db
>> patch rpm(s):
>> ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/samba-2.2.8a-226.i586.patch.rpm
>> 48bb3e455079fcfdf4ad2baa28f28557
>> source rpm(s):
>> ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/samba-2.2.8a-226.src.rpm
>> d162ea5a39b14ee16ae1c6d5df9211bb
>>
>> SUSE Linux 8.2:
>> ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/samba-2.2.8a-225.i586.rpm
>> 79b0514a827bdd782e6d3f62bb92fb85
>> patch rpm(s):
>> ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/samba-2.2.8a-225.i586.patch.rpm
>> a50dd448212245d51e9ac59ae50514e8
>> source rpm(s):
>> ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/samba-2.2.8a-225.src.rpm
>> 25d488678b607b3c67612ee065abd77a
>>
>> SUSE Linux 8.1:
>> ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-2.2.8a-224.i586.rpm
>> 93d0fb2502f30593548dbe2f41ec8948
>> patch rpm(s):
>> ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-2.2.8a-224.i586.patch.rpm
>> da5b107fb71c5daf5972b6e0aaca4f5c
>> source rpm(s):
>> ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/samba-2.2.8a-224.src.rpm
>> e0b9f9af6c5348cb9840b5d98a1c59dc
>>
>>
>> x86-64 Platform:
>> SUSE Linux 9.0:
>> ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/samba-2.2.8a-226.x86_64.rpm
>> 0f1c94aa23653b0cf9b318646d9153af
>> patch rpm(s):
>> ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/samba-2.2.8a-226.x86_64.patch.rpm
>> 569974c359702c263b0968ce8fb9810f
>> source rpm(s):
>> ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/samba-2.2.8a-226.src.rpm
>> 75c1a01d03af42835809691840eaa331
>>
>>______________________________________________________________________________
>>
>>5) Pending vulnerabilities in SUSE Distributions and Workarounds:
>>
>> - opera
>> New opera packages are available on our ftp servers, fixing
>> CAN-2004-0691, CAN-2004-0597, CAN-2004-0598, CAN-2004-0599 and
>> CAN-2004-0746.
>>
>> - kernel
>> Update kernels for the kNFSd problem for SLES 8 and SL 8.1 have been
>> released.
>>
>> - mozilla
>> We are in the process of releasing updates for mozilla (and related
>> browsers), fixing various issues: CAN-2004-0597, CAN-2004-0718,
>> CAN-2004-0722, CAN-2004-0757, CAN-2004-0758, CAN-2004-0759,
>> CAN-2004-0760, CAN-2004-0761, CAN-2004-0762, CAN-2004-0763,
>> CAN-2004-0764 and CAN-2004-0765.
>> We will give you concrete details in a separate mozilla advisory when
>> the updates are available.
>>
>>
>>______________________________________________________________________________
>>
>>6) standard appendix: authenticity verification, additional information
>>
>> - Package authenticity verification:
>>
>> SUSE update packages are available on many mirror ftp servers all over
>> the world. While this service is being considered valuable and important
>> to the free and open source software community, many users wish to be
>> sure about the origin of the package and its content before installing
>> the package. There are two verification methods that can be used
>> independently from each other to prove the authenticity of a downloaded
>> file or rpm package:
>> 1) md5sums as provided in the (cryptographically signed) announcement.
>> 2) using the internal gpg signatures of the rpm package.
>>
>> 1) execute the command
>> md5sum
>> after you downloaded the file from a SUSE ftp server or its mirrors.
>> Then, compare the resulting md5sum with the one that is listed in the
>> announcement. Since the announcement containing the checksums is
>> cryptographically signed (usually using the key security@...e.de),
>> the checksums show proof of the authenticity of the package.
>> We disrecommend to subscribe to security lists which cause the
>> email message containing the announcement to be modified so that
>> the signature does not match after transport through the mailing
>> list software.
>> Downsides: You must be able to verify the authenticity of the
>> announcement in the first place. If RPM packages are being rebuilt
>> and a new version of a package is published on the ftp server, all
>> md5 sums for the files are useless.
>>
>> 2) rpm package signatures provide an easy way to verify the authenticity
>> of an rpm package. Use the command
>> rpm -v --checksig
>> to verify the signature of the package, where is the
>> filename of the rpm package that you have downloaded. Of course,
>> package authenticity verification can only target an un-installed rpm
>> package file.
>> Prerequisites:
>> a) gpg is installed
>> b) The package is signed using a certain key. The public part of this
>> key must be installed by the gpg program in the directory
>> ~/.gnupg/ under the user's home directory who performs the
>> signature verification (usually root). You can import the key
>> that is used by SUSE in rpm packages for SUSE Linux by saving
>> this announcement to a file ("announcement.txt") and
>> running the command (do "su -" to be root):
>> gpg --batch; gpg
>> SUSE Linux distributions version 7.1 and thereafter install the
>> key "build@...e.de" upon installation or upgrade, provided that
>> the package gpg is installed. The file containing the public key
>> is placed at the top-level directory of the first CD (pubring.gpg)
>> and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .
>>
>>
>> - SUSE runs two security mailing lists to which any interested party may
>> subscribe:
>>
>> suse-security@...e.com
>> - general/linux/SUSE security discussion.
>> All SUSE security announcements are sent to this list.
>> To subscribe, send an email to
>> suse-security-subscribe@...e.com>.
>>
>> suse-security-announce@...e.com
>> - SUSE's announce-only mailing list.
>> Only SUSE's security announcements are sent to this list.
>> To subscribe, send an email to
>> suse-security-announce-subscribe@...e.com>.
>>
>> For general information or the frequently asked questions (faq)
>> send mail to:
>> suse-security-info@...e.com> or
>> suse-security-faq@...e.com> respectively.
>>
>> =====================================================================
>> SUSE's security contact is security@...e.com> or security@...e.de>.
>> The security@...e.de> public key is listed below.
>> =====================================================================
>>______________________________________________________________________________
>>
>> The information in this advisory may be distributed or reproduced,
>> provided that the advisory is not modified in any way. In particular,
>> it is desired that the clear-text signature shows proof of the
>> authenticity of the text.
>> SUSE Linux AG makes no warranties of any kind whatsoever with respect
>> to the information contained in this security advisory.
>>
>>Type Bits/KeyID Date User ID
>>pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team security@...e.de>
>>pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key build@...e.de>
>>
>>
>>-----BEGIN PGP SIGNATURE-----
>>Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
>>
>>iQEVAwUBQWK1Q3ey5gA9JdPZAQG2XAf/brEQk2j1Eh3S7Q3r9jnNHM/0oJ6rfish
>>wS/GcWazRcIV7I8JnUqspDU9zYamS2oB8Vu977yTFc+nhTryvpWsbJDnQIjtYE52
>>bEMMFW6gYTzUqG2U31mWKaqtpuFJJNuA3Lu0HgsxaQJ5F7qjVcsBOwX5PqCARMFp
>>KIcGJi8BtLsQ36x2ZWOXKG6p8jXxx8kSVln7T6e1T0v4tVURA6BaEkE4Dh0ZoKh1
>>V+lYw0QipbBIByWnY/rT4T1tvZE9NUG3JSHe0olyvDekmm/WzoHLIqOe2cKfR77a
>>nNb+cA81JW7JJk10NWKY4hzUX9oLCN8/mAvl40nvCHX+9YHldeM3Ag==
>>=LbT6
>>-----END PGP SIGNATURE-----
>>
>>
>>--__--__--
>>
>>Message: 4
>>Date: Tue, 5 Oct 2004 11:48:59 -0400
>>From: "Clairmont, Jan M" jan.m.clairmont@...igroup.com>
>>To: full-disclosure@...ts.netsys.com>
>>Subject: [Full-Disclosure] Paranid ramblings - what's the deal? Bounded variables aren't?
>>
>>Every time I send out a memo to full-disclosure i get this this mail bounce message and
>>it gets posted on full-disclosure. Anybody have an idea what's happening.
>>
>>
>>Message Follows:
>>
>>From: Mailer-Daemon@...s.nl
>>
>>Subject: NDN: [Full-Disclosure] Shows when no limits are set or restricted shell or bat ac
>>
>>Sorry. Your message could not be delivered to:
>>
>>tycho,IC&S (The name was not found at the remote site. Check that the name
>>has been entered correctly.)
>>
>>
>>
>>Are these guys phishing, swishing or whatever Netherlands uber alles?
>>Or is this just their mail-server barfing? Should probably point dig at it
>>and debug it but I have gotten in trouble for that type of "help" before?
>>
>>
>>Keep on computing, even though your bytes are fried.
>>
>>Jan Clairmont, Paladin of the Dept. of Insecurity Department, where no redundancy is allowed or is it redundancy is
>
> required, have to look that up in the book of insecurity security chapter 4 verse 3(The bible of the Mad Arab Adulah
> Medula, taken from
>
>>the NecronoMicron or the latest M$ directorate).
>>
>>Unix Security Support/Consultant I think?
>>
>>
>>
>>
>>--__--__--
>>
>>_______________________________________________
>>Full-Disclosure mailing list
>>Full-Disclosure@...ts.netsys.com
>>http://lists.netsys.com/mailman/listinfo/full-disclosure
>>
>>
>>End of Full-Disclosure Digest
>>
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
--
My "Foundation" verse:
Isa 54:17 No weapon that is formed against thee shall prosper;
and every tongue that shall rise against thee in judgment thou
shalt condemn. This is the heritage of the servants of the LORD,
and their righteousness is of me, saith the LORD.
-- carpe ductum -- "Grab the tape"
Powered by blists - more mailing lists