lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 17 Nov 2006 00:54:19 -0600
From: <daylasoul@...h.com>
To: <full-disclosure@...ts.grok.org.uk>
Cc: 
Subject: Re: Vulnerabilities in Client Service for NetWare

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 16 Nov 2006 14:48:25 -0600 El Camino
<elcamino74ss@...il.com> wrote:
>This isn't AVERT's first published vuln.  Most security
>professionals
>do list some certs and sigs.
>
>Don't take it out on him if you got kicked out of school or can't
>pass
>the A+ exam.
>
>
>On 11/16/06, Cyrus Grissom <cyrus_grissom@...hmail.com> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> interesting....i didnt know that avert was in the business of
>> publishing vunls...dont recall seeing any others? first time?  i
>> dont remember seeing it in my 'McAfee Avert Labs Threat News'
>email
>> alert?  would have been nice...
>>
>> and what the hell is this, "Dave Marcus, B.A., CCNA, MCSE"?  are
>> you letting everyone know that you have a bachelor's of arts
>> degree? a "Security Research and Communications Manager" who
>> advertises that he has a ba, a ccna and a mcse...you're such a
>> schmuck....how about a high school diploma, do you want to let
>us
>> know about that too?  go play with your blog or something......
>>
>> - -c
>>
>> On Thu, 16 Nov 2006 11:25:38 -0500 David_Marcus@...fee.com
>wrote:
>> >McAfee, Inc.
>> >McAfee(r) Avert(r) Labs Security Advisory
>> >Public Release Date: 2006-11-16
>> >
>> >Vulnerabilities in Client Service for NetWare
>> >
>> >CVE-2006-4688, CVE-2006-4689
>>
>>__________________________________________________________________
>_
>>
>> >_____
>> >_______
>> >
>> >*      Synopsis
>> >
>> >The Client Service for NetWare (CSNW) allows a Windows client
>to
>> >access
>> >NetWare file, print, and directory services.
>> >
>> >Successful exploitation could lead to execution of arbitrary
>code
>> >or
>> >cause the affected system to stop responding.
>>
>>__________________________________________________________________
>_
>>
>> >_____
>> >_______
>> >
>> >*      Vulnerable System or Application
>> >
>> >Microsoft Windows 2000 Service Pack 4
>> >Microsoft Windows XP Service Pack 2
>> >Microsoft Windows Server 2003 and Microsoft Windows Server 2003
>> >Service
>> >Pack 1
>> >
>>
>>__________________________________________________________________
>_
>>
>> >_____
>> >_______
>> >
>> >*      Vulnerability Information
>> >
>> >CVE-2006-4688
>> >
>> >A boundary error in Client Service for Netware (CSNW) can be
>> >exploited
>> >to cause a buffer overflow via a specially crafted network
>message
>>
>> >sent
>> >to the system. Successful exploitation allows execution of
>> >arbitrary
>> >code and an attacker could remotely take complete control of
>the
>> >affected system.
>> >
>> >CVE-2006-4689
>> >
>> >A denial of service vulnerability exists in Client Service for
>> >NetWare
>> >(CSNW) that could allow an attacker to send a specially crafted
>> >network
>> >message to an affected system running the Client Service for
>> >NetWare
>> >service. An attacker could cause the system to stop responding
>and
>> >automatically restart thus causing the affected system to stop
>> >accepting
>> >requests.
>>
>>__________________________________________________________________
>_
>>
>> >_____
>> >_______
>> >
>> >*      Resolution
>> >
>> >Microsoft has included fixes for the Client Service for Netware
>> >(CSNW)
>> >issues in the November 2006 Security Bulletin MS06-066 for
>> >affected
>> >Windows platforms.
>>
>>__________________________________________________________________
>_
>>
>> >_____
>> >_______
>> >
>> >*      Credits
>> >
>> >These vulnerabilities were discovered by Sam Arun Raj of McAfee
>> >Avert
>> >Labs.
>> >
>>
>>__________________________________________________________________
>_
>>
>> >_____
>> >_______
>> >
>> >*      Legal Notice
>> >
>> >Copyright (C) 2006 McAfee, Inc.
>> >The information contained within this advisory is provided for
>the
>> >convenience of McAfee's customers, and may be redistributed
>> >provided
>> >that no fee is charged for distribution and that the advisory
>is
>> >not
>> >modified in any way. McAfee makes no representations or
>warranties
>> >regarding the accuracy of the information referenced in this
>> >document,
>> >or the suitability of that information for your purposes.
>> >
>> >McAfee, Inc. and McAfee Avert Labs are registered Trademarks of
>> >McAfee,
>> >Inc. and/or its affiliated companies in the United States
>and/or
>> >other
>> >Countries.  All other registered and unregistered trademarks in
>> >this
>> >document are the sole property of their respective owners.
>> >
>> >
>> >Best regards,
>> >
>> >Dave Marcus, B.A., CCNA, MCSE
>> >Security Research and Communications Manager
>> >McAfee(r) Avert(r) Labs
>> >(443) 321-3771 Office
>> >(443) 668-0048 Mobile
>> >McAfee Threat Center
>> ><http://www.mcafee.com/us/threat_center/default.asp>
>> >McAfee Avert Labs Research Blog
>> ><http://www.avertlabs.com/research/blog>
>> >
>> >
>> >
>> >_______________________________________________
>> >Full-Disclosure - We believe in it.
>> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> >Hosted and sponsored by Secunia - http://secunia.com/
>> -----BEGIN PGP SIGNATURE-----
>> Note: This signature can be verified at
>https://www.hushtools.com/verify
>> Version: Hush 2.5
>>
>>
>wkYEARECAAYFAkVcqU8ACgkQUZmP8t5Ad2MnKgCgqc4gMUcV2fNoWaz7uUEgdX5CfKA
>A
>> n01HkOEaV3XV7SvYimqdujz1FeIX
>> =ccXv
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
Please take disagreements, flames, and arguments off the list if
possible.
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkVdXJsACgkQ3AEcWsxdEQ6bDgQAlXCr782U0wo75AODu9WmQNSlugf4
ocp+ZwhcNZ3CRz3gihDcIR++JqqUQMvpwE+Cl6nU/1j6hRnS4ELQrVRn1nNgg/tcH473
jlI3tDeicLyoNuhHRql9JAiQA2kKHjdO5Go7m0m1rrKkmRCGPiLBlDkigX8RC4Kg1l+x
1FjOrPs=
=33G8
-----END PGP SIGNATURE-----




Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ