fulldisclosure logo
Full Disclosure Mailing List

An unmoderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately 80% of the posts are worthless drivel, so finding the gems takes patience.

List Archives

JanFebMarAprMayJunJulAugSepOctNovDec
2010637143
2009979380465318282292550455421339387502
2008615499600821681403592559639531739637
2007593629573744564661662530709935584641
200699274018658677891058770771578683545495
2005939676950667678437766107889067710651531
200413581534149911531451103113701314109111741424731
200350540529650042189212511942176318061123782
2002314835685381456313

Latest Posts

Re: Samba Remote Zero-Day Exploit Michael Wojcik (Feb 09)
So ... your original note about junctions did not cover "well-known
facts", but my note about other reparse point types did?

though,

Not in my testing, at least not for junctions and symlinks. User with
requisite authority could traverse the junctions and symlinks locally,
but not remotely via a share.

rights

Unless the reparse point already exists.

This particular exploit happened to involve a remote user creating a
symlink. That...

Re: Samba Remote Zero-Day Exploit Stefan Kanthak (Feb 09)
Michael Wojcik wrote:

s/at least//

[ well-known facts snipped ]

NO, Windows SMB server crosses reparse points!

But as Dan Kaminsky pointed out, you need to have administrative rights
to remotely create a junction on an SMB share, so the non-admin user
cant get himself access to files outside a share he's allowed to access.

Stefan

Re: Samba Remote Zero-Day Exploit Krzysztof Halasa (Feb 09)
Thierry Zoller <Thierry () zoller lu> writes:

What's wrong with creating $HOME/tmp -> /tmp/$USER (not necessarily
with Samba, maybe with xterm or ssh) and then accessing /tmp/$USER via
/host/HOME/tmp? Why is it a problem while "ssh host cat /etc/passwd" is
not?

Can you traverse a directory for which you have no +x right?
Can you, for example, write to a file for which you have no +w right?
Read without +r?

If you can't,...

Re: Samba Remote Zero-Day Exploit Michael Wojcik (Feb 09)
symlinks

And at least since Vista, it also supports symlinks, which are designed
to mimic Unix symlinks, and can point to files or directories. Junctions
and symlinks can cross volumes; symlinks can also refer to files or
directories on network filesystems.

Junctions (which Microsoft also sometimes refers to as "soft links") and
symlinks are implemented with NTFS reparse points, just like mounts. You
can see some of the differences...

XSS in mtvindia.com sachin shinde (Feb 09)
XSS is present in mtvindia.com

url:http://www.mtvindia.com/vjhunt/about.php

in this page under phone # XSS is present.

Hacktics Advisory Feb09: XSS in Oracle E-Business Suite Ofer Maor (Feb 09)
Hacktics Research Group Security Advisory
http://www.hacktics.com/#view=Resources%7CAdvisory

By Gil Cohen, Hacktics.
9-Feb-2010

===========
I. Overview
===========
During a penetration test performed by Hacktics' experts, certain
vulnerabilities were identified in an Oracle E-Business Suite deployment.
Further research has identified that a web interface showing user errors are
vulnerable to reflected cross site scripting attacks.

A friendly...

Baidu XSS Zero Day Beatyou Man (Feb 09)
Baidu.com is the bigest search engineen provider in China. After
been hacked by Iran Cyberarmy. There is another vulnerbility been found on index.baidu.com.

Description of Vulnerability:

-----------------------------

There is a XSS vulnerability exist on baidu.com which found by a Internet user.

Impact:

-------

No more repeat about such types of vulnerabilities

Mitigating factors:

-------------------

Proof of concept:

-----------------...

[ MDVSA-2010:034 ] kernel security (Feb 08)
_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:034
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kernel
Date : February 8, 2010
Affected: 2009.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Some...

Re: about jit and dep+aslr Christian Sciberras (Feb 08)
That's a Google feature!! (remembering the Google<->China issue ;) )

2010/2/8 Thor (Hammer of God) <Thor () hammerofgod com>:

Re: about jit and dep+aslr Thor (Hammer of God) (Feb 08)
Well, *I* made the mistake of trying to be witty with one of those "google translate" Chinese tags and it didn't go so
well for me. I ended up offending a couple of people and got a few "Sun your mother" emails myself. :)

t

Re: about jit and dep+aslr Christian Sciberras (Feb 08)
Is it so difficult to do some translation prior, just as Larry did?
Sure, some members on FD are gits, but please do respect the rest, will you?

Regards,
Chistian Sciberras.

2010/2/8 Larry Seltzer <larry () larryseltzer com>:

Re: about jit and dep+aslr Larry Seltzer (Feb 08)
Google translates this as “Sun your mother!”

Larry Seltzer
Contributing Editor, PC Magazine

larry_seltzer () ziffdavis com

http://blogs.pcmag.com/securitywatch/

From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of
yuange
Sent: Monday, February 08, 2010 10:30 AM
To: vpn.1.fanatic () gmail com; charles.skoglund () bitsec se
Cc: full-disclosure
Subject: Re: [Full-disclosure]...

Re: about jit and dep+aslr yuange (Feb 08)
太阳你妈妈!

Date: Mon, 8 Feb 2010 14:48:06 +1100
Subject: Re: [Full-disclosure] about jit and dep+aslr
From: vpn.1.fanatic () gmail com
To: charles.skoglund () bitsec se
CC: yuange1975 () hotmail com; ravi.borgaonkar () gmail com; full-disclosure () lists grok org uk

No u.

Yuange - opt out you useless dogshit.

2010/2/5 Charles Skoglund <charles.skoglund () bitsec se>

Ravi stop being a douchebag

My native language is not...

[Hacking Event] Night Da Hack 2010 : Call For Proposals m . mahdjoub (Feb 08)
- Night Da Hack 2010

Date: June 19-20 2010
Time: 4 PM - 7 AM
Location: Paris, France

What is Night da Hack?
“Night da Hack” comes from a rough translation from French “Nuit du Hack”. Started in 2003 by Hackerz Voice team, and
inspired by world famous DEF CON, “Nuit du Hack” is one of the oldest French underground hacking conference.

Around computer security related talks, workshops and contests, Night da Hack aims at bringing...

CORELAN-10-010 - GeFest Web HomeServer v1.0 Remote Directory Traversal Vulnerability Security (Feb 08)
|------------------------------------------------------------------|
| __ __ |
| _________ ________ / /___ _____ / /____ ____ _____ ___ |
| / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ |
| / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / |
| \___/\____/_/ \___/_/\__,_/_/ /_/ \__/\___/\__,_/_/ /_/ /_/ |
|...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]