| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Nov 2006 14:48:25 -0600 From: "El Camino" <elcamino74ss@...il.com> To: "Cyrus Grissom" <cyrus_grissom@...hmail.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Vulnerabilities in Client Service for NetWare This isn't AVERT's first published vuln. Most security professionals do list some certs and sigs. Don't take it out on him if you got kicked out of school or can't pass the A+ exam. On 11/16/06, Cyrus Grissom <cyrus_grissom@...hmail.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > interesting....i didnt know that avert was in the business of > publishing vunls...dont recall seeing any others? first time? i > dont remember seeing it in my 'McAfee Avert Labs Threat News' email > alert? would have been nice... > > and what the hell is this, "Dave Marcus, B.A., CCNA, MCSE"? are > you letting everyone know that you have a bachelor's of arts > degree? a "Security Research and Communications Manager" who > advertises that he has a ba, a ccna and a mcse...you're such a > schmuck....how about a high school diploma, do you want to let us > know about that too? go play with your blog or something...... > > - -c > > On Thu, 16 Nov 2006 11:25:38 -0500 David_Marcus@...fee.com wrote: > >McAfee, Inc. > >McAfee(r) Avert(r) Labs Security Advisory > >Public Release Date: 2006-11-16 > > > >Vulnerabilities in Client Service for NetWare > > > >CVE-2006-4688, CVE-2006-4689 > >___________________________________________________________________ > > >_____ > >_______ > > > >* Synopsis > > > >The Client Service for NetWare (CSNW) allows a Windows client to > >access > >NetWare file, print, and directory services. > > > >Successful exploitation could lead to execution of arbitrary code > >or > >cause the affected system to stop responding. > >___________________________________________________________________ > > >_____ > >_______ > > > >* Vulnerable System or Application > > > >Microsoft Windows 2000 Service Pack 4 > >Microsoft Windows XP Service Pack 2 > >Microsoft Windows Server 2003 and Microsoft Windows Server 2003 > >Service > >Pack 1 > > > >___________________________________________________________________ > > >_____ > >_______ > > > >* Vulnerability Information > > > >CVE-2006-4688 > > > >A boundary error in Client Service for Netware (CSNW) can be > >exploited > >to cause a buffer overflow via a specially crafted network message > > >sent > >to the system. Successful exploitation allows execution of > >arbitrary > >code and an attacker could remotely take complete control of the > >affected system. > > > >CVE-2006-4689 > > > >A denial of service vulnerability exists in Client Service for > >NetWare > >(CSNW) that could allow an attacker to send a specially crafted > >network > >message to an affected system running the Client Service for > >NetWare > >service. An attacker could cause the system to stop responding and > >automatically restart thus causing the affected system to stop > >accepting > >requests. > >___________________________________________________________________ > > >_____ > >_______ > > > >* Resolution > > > >Microsoft has included fixes for the Client Service for Netware > >(CSNW) > >issues in the November 2006 Security Bulletin MS06-066 for > >affected > >Windows platforms. > >___________________________________________________________________ > > >_____ > >_______ > > > >* Credits > > > >These vulnerabilities were discovered by Sam Arun Raj of McAfee > >Avert > >Labs. > > > >___________________________________________________________________ > > >_____ > >_______ > > > >* Legal Notice > > > >Copyright (C) 2006 McAfee, Inc. > >The information contained within this advisory is provided for the > >convenience of McAfee's customers, and may be redistributed > >provided > >that no fee is charged for distribution and that the advisory is > >not > >modified in any way. McAfee makes no representations or warranties > >regarding the accuracy of the information referenced in this > >document, > >or the suitability of that information for your purposes. > > > >McAfee, Inc. and McAfee Avert Labs are registered Trademarks of > >McAfee, > >Inc. and/or its affiliated companies in the United States and/or > >other > >Countries. All other registered and unregistered trademarks in > >this > >document are the sole property of their respective owners. > > > > > >Best regards, > > > >Dave Marcus, B.A., CCNA, MCSE > >Security Research and Communications Manager > >McAfee(r) Avert(r) Labs > >(443) 321-3771 Office > >(443) 668-0048 Mobile > >McAfee Threat Center > ><http://www.mcafee.com/us/threat_center/default.asp> > >McAfee Avert Labs Research Blog > ><http://www.avertlabs.com/research/blog> > > > > > > > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >Hosted and sponsored by Secunia - http://secunia.com/ > -----BEGIN PGP SIGNATURE----- > Note: This signature can be verified at https://www.hushtools.com/verify > Version: Hush 2.5 > > wkYEARECAAYFAkVcqU8ACgkQUZmP8t5Ad2MnKgCgqc4gMUcV2fNoWaz7uUEgdX5CfKAA > n01HkOEaV3XV7SvYimqdujz1FeIX > =ccXv > -----END PGP SIGNATURE----- > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists