| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jialc at netpower.com.cn (jialc) Subject: Re: Full-Disclosure digest, Vol 1 #2020 - 10 msgs full-disclosure-request,您好! ======= 2004-11-04 01:00:09 您在来信中写道:======= >Send Full-Disclosure mailing list submissions to > full-disclosure@...ts.netsys.com > >To subscribe or unsubscribe via the World Wide Web, visit > http://lists.netsys.com/mailman/listinfo/full-disclosure >or, via email, send a message with subject or body 'help' to > full-disclosure-request@...ts.netsys.com > >You can reach the person managing the list at > full-disclosure-admin@...ts.netsys.com > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of Full-Disclosure digest..." > > >Today's Topics: > > 1. I am NOT out of here hahaha (Frank de Wit) > 2. Re: I am out of here (Berend-Jan Wever) > 3. RE: Security (for the common people) in electronic vote? (Sean Crawford) > 4. [ GLSA 200411-07 ] Proxytunnel: Format string vulnerability (Thierry Carrez) > 5. Re: I am out of here (Berend-Jan Wever) > 6. Re: How to clear contents of protected storage - Windows 2000 (Danny) > 7. Re: How to clear contents of protected storage - Windows 2000 (Danny) > 8. RE: I am out of here (Banta, Will) > 9. Re: I am out of here (Barry Fitzgerald) > 10. Re: I am out of here (kyle l) > >--__--__-- > >Message: 1 >Date: Wed, 03 Nov 2004 11:30:56 +0100 >From: Frank de Wit <frankdewit@...e.nl> >CC: full-disclosure@...ts.netsys.com >Subject: [Full-Disclosure] I am NOT out of here hahaha > >people talking about politics are usually boring, thinking only about >themselves and what they can gain personally by doing politics >politics have nothing to do with thinking about the wellbeing of >people... only the RedCross, SalvationArmy, MSF etc do that >that's why those people like to mail about offtopic things on this >FD-list, they are too stupid to care or understand what they're doing >personally I have fun pressing the delete key very much lately... >they are all wrinting blisters on their fingers, and all for nothing >because no-one reads it hahaha >hojje from holland > >Ali Campbell wrote: > >> Hugo van der Kooij wrote: >> >>> Thank you all for turning a security mailinglist into a mudpool in which >>> throwing around dirt about political candidates has become the prime >>> objective. >>> >>> However that was not my objective when I came to this list so it seems >>> this list has become rather useless to me. >>> >>> Quite a pity. But that is full-disclosure for you. >>> >>> So long and thanks for all the fish. >>> >>> Hugo. >>> >> >> Me too. I'm unsubscribing. Have a nice day. >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.netsys.com/full-disclosure-charter.html >> > > >--__--__-- > >Message: 2 >From: "Berend-Jan Wever" <skylined@...p.tudelft.nl> >To: <full-disclosure@...ts.netsys.com> >Subject: Re: [Full-Disclosure] I am out of here >Date: Wed, 3 Nov 2004 14:34:34 +0100 > >If you can't stand the heat, get out of the kitchen! > >Cheers, >SkyLined > > >--__--__-- > >Message: 3 >Reply-To: <sean01@...net.com.au> >From: "Sean Crawford" <sean01@...net.com.au> >To: <full-disclosure@...ts.netsys.com> >Subject: RE: [Full-Disclosure] Security (for the common people) in electronic vote? >Date: Thu, 4 Nov 2004 01:05:47 +1100 > >Now Australian and the US both have angry gnomes as the heads of state..... > >Flame me off list please.... > > > >---> >---> -----Messaggio originale----- >---> Surprise! >---> >---> with electronic vote win Bush, >---> so we've made a great scientific discover: >---> in information technology bits=bush :-) >---> >---> Tiziano Radice > > >--__--__-- > >Message: 4 >Date: Wed, 03 Nov 2004 15:06:32 +0100 >From: Thierry Carrez <koon@...too.org> >Organization: Gentoo Linux >To: gentoo-announce@...too.org >CC: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com, > security-alerts@...uxsecurity.com >Subject: [Full-Disclosure] [ GLSA 200411-07 ] Proxytunnel: Format string vulnerability > >This is an OpenPGP/MIME signed message (RFC 2440 and 3156) >--------------enig76CB791339E9D081EAF57416 >Content-Type: text/plain; charset=ISO-8859-1 >Content-Transfer-Encoding: 7bit > >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >Gentoo Linux Security Advisory GLSA 200411-07 >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > http://security.gentoo.org/ >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > Severity: Normal > Title: Proxytunnel: Format string vulnerability > Date: November 03, 2004 > Bugs: #69379 > ID: 200411-07 > >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > >Synopsis >======== > >Proxytunnel is vulnerable to a format string vulnerability, potentially >allowing a remote server to execute arbitrary code with the rights of >the Proxytunnel process. > >Background >========== > >Proxytunnel is a program that tunnels connections to a remote server >through a standard HTTPS proxy. > >Affected packages >================= > > ------------------------------------------------------------------- > Package / Vulnerable / Unaffected > ------------------------------------------------------------------- > 1 net-misc/proxytunnel < 1.2.3 >= 1.2.3 > >Description >=========== > >Florian Schilhabel of the Gentoo Linux Security Audit project found a >format string vulnerability in Proxytunnel. When the program is started >in daemon mode (-a [port]), it improperly logs invalid proxy answers to >syslog. > >Impact >====== > >A malicious remote server could send specially-crafted invalid answers >to exploit the format string vulnerability, potentially allowing the >execution of arbitrary code on the tunnelling host with the rights of >the Proxytunnel process. > >Workaround >========== > >You can mitigate the issue by only allowing connections to trusted >remote servers. > >Resolution >========== > >All Proxytunnel users should upgrade to the latest version: > > # emerge --sync > # emerge --ask --oneshot --verbose ">=net-misc/proxytunnel-1.2.3" > >References >========== > > [ 1 ] CAN-2004-0992 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0992 > [ 2 ] Proxytunnel News > http://proxytunnel.sourceforge.net/news.html > >Availability >============ > >This GLSA and any updates to it are available for viewing at >the Gentoo Security Website: > > http://security.gentoo.org/glsa/glsa-200411-07.xml > >Concerns? >========= > >Security is a primary focus of Gentoo Linux and ensuring the >confidentiality and security of our users machines is of utmost >importance to us. Any security concerns should be addressed to >security@...too.org or alternatively, you may file a bug at >http://bugs.gentoo.org. > >License >======= > >Copyright 2004 Gentoo Foundation, Inc; referenced text >belongs to its owner(s). > >The contents of this document are licensed under the >Creative Commons - Attribution / Share Alike license. > >http://creativecommons.org/licenses/by-sa/1.0 > > >--------------enig76CB791339E9D081EAF57416 >Content-Type: application/pgp-signature; name="signature.asc" >Content-Description: OpenPGP digital signature >Content-Disposition: attachment; filename="signature.asc" > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.4 (GNU/Linux) > >iD8DBQFBiOXtvcL1obalX08RAnYnAJwIshpFa+FYWxodGye7GhzXT3u/4QCfezXh >UCoNhH9Pa2ynywjd+lSdtUk= >=WJOx >-----END PGP SIGNATURE----- > >--------------enig76CB791339E9D081EAF57416-- > > >--__--__-- > >Message: 5 >From: "Berend-Jan Wever" <skylined@...p.tudelft.nl> >To: <full-disclosure@...ts.netsys.com> >Subject: Re: [Full-Disclosure] I am out of here >Date: Wed, 3 Nov 2004 15:39:02 +0100 > >> If you can't stand the heat, get out of the kitchen! > >And btw: if you're not cooking, get the fuck out too! > >Cheers, >SkyLined > > > >--__--__-- > >Message: 6 >Date: Wed, 3 Nov 2004 09:56:31 -0500 >From: Danny <nocmonkey@...il.com> >Reply-To: Danny <nocmonkey@...il.com> >To: 3APA3A <3apa3a@...urity.nnov.ru> >Subject: Re: [Full-Disclosure] How to clear contents of protected storage - Windows 2000 >Cc: full-disclosure@...ts.netsys.com > >On Wed, 3 Nov 2004 11:32:40 +0300, 3APA3A <3apa3a@...urity.nnov.ru> wrote: >> Dear Danny, >> >> You can use Cain & Abel (http://www.oxid.it). > >Hi 3APA3A, > >Thank you for the tip. For this particular job, it does not display >all of the entries listed from pstoreview.exe, specifically the >INETCOMM Server passwords. > >Anything else I can try? > >...D > > >--__--__-- > >Message: 7 >Date: Wed, 3 Nov 2004 10:15:36 -0500 >From: Danny <nocmonkey@...il.com> >Reply-To: Danny <nocmonkey@...il.com> >To: 3APA3A <3apa3a@...urity.nnov.ru> >Subject: Re: [Full-Disclosure] How to clear contents of protected storage - Windows 2000 >Cc: full-disclosure@...ts.netsys.com > >On Wed, 3 Nov 2004 09:56:31 -0500, Danny <nocmonkey@...il.com> wrote: >> On Wed, 3 Nov 2004 11:32:40 +0300, 3APA3A <3apa3a@...urity.nnov.ru> wrote: >> > Dear Danny, >> > >> > You can use Cain & Abel (http://www.oxid.it). >> >> Hi 3APA3A, >> >> Thank you for the tip. For this particular job, it does not display >> all of the entries listed from pstoreview.exe, specifically the >> INETCOMM Server passwords. >> >> Anything else I can try? > >I found passview from nirsoft. Works. Case closed. > >..D > > >--__--__-- > >Message: 8 >Subject: RE: [Full-Disclosure] I am out of here >Date: Wed, 3 Nov 2004 09:58:06 -0600 >From: "Banta, Will" <Will.Banta@...adwing.com> >To: <full-disclosure@...ts.netsys.com> > >>Thank you all for turning a security mailinglist into a mudpool in >which throwing around dirt about political candidates has become >>the prime objective. > >What we've seen on this list only serves to show how important this >election is to many people the world over, not just Americans. >The drama will subside and people will return to business. All you need >do is wait it out and ignore the obvious OT stuff if you're >uninterested. Granted people might be more judicious in their use of >"reply all" over "reply". > >>However that was not my objective when I came to this list so it seems >this list has become rather useless to me. > >What was your objective in coming to this list? > >>Quite a pity. But that is full-disclosure for you. > >I haven't been on this list long, but I've benefited from your posts so >I think the pity is that you've decided to "take your blocks" and stalk >off like a child. > >>So long and thanks for all the fish. > >There's more fish so why not stay awhile longer? > > >> I hate duplicates. Just reply to the relevant mailinglist. >> hvdkooij@...derkooij.org >http://hvdkooij.xs4all.nl/ >> Don't meddle in the affairs of magicians, >> for they are subtle and quick to anger. > > >--__--__-- > >Message: 9 >Date: Wed, 03 Nov 2004 11:02:13 -0500 >From: Barry Fitzgerald <bkfsec@....lonestar.org> >To: Berend-Jan Wever <skylined@...p.tudelft.nl> >CC: full-disclosure@...ts.netsys.com >Subject: Re: [Full-Disclosure] I am out of here > >Berend-Jan Wever wrote: > >>>If you can't stand the heat, get out of the kitchen! >>> >>> >> >>And btw: if you're not cooking, get the fuck out too! >> >> >> >Yeah - how hard is it to hit delete anyway? > >(I don't think I've ever joined a mailing list expecting every post to >be interesting to me... nor even the majority. It seems like an >unrealistic expectation.) > > -Barry > > >--__--__-- > >Message: 10 >Date: Wed, 3 Nov 2004 10:32:46 -0600 >From: kyle l <wtfbomb@...il.com> >Reply-To: kyle l <wtfbomb@...il.com> >To: Berend-Jan Wever <skylined@...p.tudelft.nl> >Subject: Re: [Full-Disclosure] I am out of here >Cc: full-disclosure@...ts.netsys.com > >so stop bitching... it's people like you and people like me who waste >their time sending the types of messages like this that piss everyone >off > >if it didnt happen in the first place there would not be a problem > >consider this next time you feel the need to inform us about leaving >the mailing list; we really dont care. > >honestly. > > > >[http://www.eleat.org] > > >On Wed, 3 Nov 2004 15:39:02 +0100, Berend-Jan Wever ><skylined@...p.tudelft.nl> wrote: >> > If you can't stand the heat, get out of the kitchen! >> >> And btw: if you're not cooking, get the fuck out too! >> >> >> >> Cheers, >> SkyLined >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.netsys.com/full-disclosure-charter.html >> > > > >--__--__-- > >_______________________________________________ >Full-Disclosure mailing list >Full-Disclosure@...ts.netsys.com >http://lists.netsys.com/mailman/listinfo/full-disclosure > > >End of Full-Disclosure Digest > = = = = = = = = = = = = = = = = = = = = 致 礼! jialc jialc@...power.com.cn 2004-11-11
Powered by blists - more mailing lists