Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1747 - 32 msgs
From: philipp.freiberger () brodos de
Date: 05 Jul 2004 15:33:05 UT




und mir fällt dazu auch nur google ein...

sorry... aber sobald es an "bunte" sachen geht hab ich kein plan mehr...

mfg Philipp
ps: ich hab mich am So. den ganzen tag mit meinem X geprügelt damit es das macht was es soll - da kommt man sich vor 
als hätte man noch nie Linux gesehen... :)

-------- Original Message --------
Subject: Full-disclosure digest, Vol 1 #1747 - 32 msgs (05-Jul-2004 16:48)
From:    full-disclosure-request () lists netsys com
To:      philipp.freiberger () brodos de

Send Full-Disclosure mailing list submissions to
      full-disclosure () lists netsys com

To subscribe or unsubscribe via the World Wide Web, visit
      http://lists.netsys.com/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
      full-disclosure-request () lists netsys com

You can reach the person managing the list at
      full-disclosure-admin () lists netsys com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."


Today's Topics:

   1. Re: Public Review of OIS Security Vulnerability
       Reporting and Response Guidelines (dave)
   2. Re:Bugtraq Security Systems (bitlance winter)
   3. RE: The "Drew Copley is a prick" Poll update
       [Time to Grow Up] (Mortis)
   4. Gmail Information Disclosure Vulnerability (amforward () mailsurf com)
   5. Re: Public Review of OIS Security Vulnerability Reporting and
       ResponseGuidelines (Fred Mobach)
   6. [ GLSA 200407-03 ] Apache 2: Remote denial of service attack (Thierry 
Carrez)
   7. [ GLSA 200407-04 ] Pure-FTPd: Potential DoS when maximum connections
       is reached (Thierry Carrez)
   8. Re: Web sites compromised by IIS attack (Jason Coombs)
   9. Re: Gmail Information Disclosure Vulnerability (System Outage)
  10. Re: Re:Bugtraq Security Systems (System Outage)
  11. Re:Bugtraq Security Systems (Boggles)
  12. RE: IE Web Browser: "Sitting Duck" (joe)
  13. Re: Gmail Information Disclosure Vulnerability (D.J. Capelis)
  14. RE: [Dailydave] Re: [Full-Disclosure] Public Review of OIS Security 
Vulnerability Reporting and Response Guidelines (Steve W. Manzuik)
  15. Re: Gmail Information Disclosure Vulnerability (amforward () mailsurf 
com)
  16. Re: Gmail Information Disclosure Vulnerability (Rudolf Polzer)
  17. XSS in 12Planet Chat Server 2.9 (Donato Ferrante)
  18. Re: HP urges users to erase Netscape to avoid security
       problems (Szilveszter Adam)
  19. Huge amounts of Citipank phishing spam seen this weekend. (Feher 
Tamas)
  20. CYBSEC - Security Advisory: Denial of Service in IBM WebSphere
       Edge Server (Leandro Meiners)
  21. Unreal ircd 3.2 clocking subsystem vulnerability (bartavelle)
  22. Re: [FD] VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!!
 PLEASE BE ATTENTIVE !!! (Thomas Binder)
  23. Re: Public Review of OIS Security Vulnerability Reporting and 
Response Guidelines (Georgi Guninski)
  24. Re: Huge amounts of Citipank phishing spam seen this weekend. (Duncan 
Hill)
  25. Re: Gmail Information Disclosure Vulnerability (System Outage)
  26. RE: Gmail Information Disclosure Vulnerability (Mark Laurence)

--__--__--

Message: 1
Date: Sun, 04 Jul 2004 13:18:35 -0400
From: dave <dave () immunitysec com>
To: OIS <announcements () oisafety org>
CC: bugtraq () securityfocus com, NTBUGTRAQ () LISTSERV NTBUGTRAQ COM,
   full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Public Review of OIS Security Vulnerability
 Reporting and Response Guidelines

Nobody trusts the OIS or its motives. I imagine this is similar to the 
feedback you've gotten from everyone else as well, but Immunity has no 
plans to subscribe to your guidelines, and is going to oppose any 
efforts you make to legislate those guidelines as law. In section 1.1 
the draft proposes that the purpose of the OIS's model is to protect 
systems from vulnerabilities. This is fairly obviously untrue - the 
purpose of the OIS is to lobby towards a business model for Microsoft 
and the other OIS members that involves the removal of non-compliant 
security researchers.

This call for feedback is a thinly disguised attempt to get public 
legitimacy and allow the OIS to claim it has community backing, which it 
clearly does not.

It's rare, but there are still security companies and individuals who do 
not owe their entire business to money from Microsoft. It's July 4th. 
and some of us are Americans who understand the concept of independance.

Dave Aitel
Immunity, Inc.




OIS wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Organization for Internet Safety (OIS) extends an invitation to
the readers of the BugTraq, NTBugtraq, and Full-Disclosure mailing
lists to participate in the ongoing public review of the OIS Security
Vulnerability Reporting and Response Guidelines.
The OIS reviews the Guidelines annually to ensure that they remain
useful and relevant to the security community and, most importantly,
to the millions of computer users who are the ultimate beneficiaries
of effective computer security practices.  Over the past year, OIS
has received feedback from many adopters of the Guidelines as well as
from several public-private partnerships, and have incorporated much
of this feedback into an interim version that is available at
http://www.oisafety.org/review/draft-1.5.pdf.  We recommend reviewing
the interim version, but reviewers are welcome to provide feedback on
the original version at http://www.oisafety.org/reference/process.pdf
if they would like.

For more information on the public review, please visit
http://www.oisafety.org/review-1.5.html.  The closing date for the
review has been extended until 16 July 2004.  We look forward to your
feedback.

Regards,

The Organization for Internet Safety
www.oisafety.org

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQOWQgbF9hclyvjnOEQIhmACfYlaHX2NnJbHUCaCYfMHO4tkGDh0AoMzz
KWNTvxgQVKXiC1OU9CR/rXYF
=4mT/
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html




--__--__--

Message: 2
From: "bitlance winter" <bitlance_3 () hotmail com>
To: full-disclosure () lists netsys com
Date: Sun, 04 Jul 2004 17:36:50 +0000
Subject: [Full-disclosure] Re:Bugtraq Security Systems

Who are YOU,Bugtraq Security Systems?
Are YOU foo,bar.foobar?
;)
YOU say LOVE,OK.

[blockquote]
"With burning brain and heart of hate,
I sought my wronger, early, late,
And all the wretched night and day
My dream and thought was slay, and slay.
My better self rose uppermost,
The beast within my bosom lost
Itself in love; peace from afar
Shone o'er me radiant like a star.
I Slew my wronger with a deed,
A deed of love; I made him bleed
With kindness, and I filled for years
His soul with tenderness and tears."

Let those who aim at the right life, who believe that they love Truth, 
cease 
to passionately oppose themselves to others, and let them strive to calmly 
and wisely understand them, and in thus acting toward others they will be 
conquering themselves; and while sympathizing with others, their own souls 
will be fed with the heavenly dews of kindness, and their hearts be 
strengthened and refreshed in the Pleasant Pastures of Peace.
[/blockauote]

Best Regards.
--
bitlance winter.

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfeer 
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


--__--__--

Message: 3
Date: Sun, 04 Jul 2004 14:17:07 -0400
To: full-disclosure () lists netsys com
From: Mortis <m0rtis () adelphia net>
Subject: RE: [Full-disclosure] The "Drew Copley is a prick" Poll update
  [Time to Grow Up]

I told you that would be more fun than fishing with dynamite.

Plenty of fresh worms for a hungry turkey.

Sort your mail box and go to town.
--
Libel-libel,
Dan eel
http://full-disclosure.50megs.com/


--__--__--

Message: 4
Date: Sun,  4 Jul 2004 19:10:44 +0000
From: amforward () mailsurf com
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Gmail Information Disclosure Vulnerability

This message is in MIME format.

---MOQ1088968244aa66ff8657f08d3292ceb7b3ae771de7
Brief
--------------
While I was playing with Gmail, I found a bug that may disclose
information about the users currently attempting to register a new
Gmail account. This seems to be a vulnerability with low severity (at
least until now).

CheckAvailability Script
--------------
In the registration page, the "Check Availability" button queries a
certain script, namely /accounts/CheckAvailability. The script takes
the desired username, and checks if it is available. If it is not
available, it suggests other usernames by contactenating, for example,
your last name to it.

The Problem
--------------
There seems to be a thread-safety problem with CheckAvailability
script. When the script is under heavy stress, it may return answers
to queries that are not yours, revealing others' desired usernames,
and first and last names.(see attached screen shot)


Reproduction
--------------
To reproduce it, you should:

AND
a. Have a valid Gmail invitation
b. Frequently Invoke CheckAvailability by
~  OR
~  1. Creating a tool that automates the script invocation.
~  2. Having the patience and keep clicking the button frequently (this
works too!).


I have not yet carefully studied the script, but I think it might not
be a problem with this script only, but others as well. Your thoughts
are appreciated.

Regards,
Ahmed Motaz

------------------------------------------------------
Mailsurf.com your communication portal for SMS,
Email, Fax, E-Cards and more. www.mailsurf.com

---MOQ1088968244aa66ff8657f08d3292ceb7b3ae771de7
Gmail service is in Beta. You have no credibility posting this advisory. =
The correct channel to post such "bugs" is the Gmail contact link for "bu=
g reports".=20
=20
If you weren't a script kiddie or scene whore, you would have known to ho=
ld information until such a time that Gmail became a public service.
=20
Then and only then would anyone take this advisory seriously!
=20
You obviously have no understanding of the "Beta" state of a development.=
 The fact that a team of developers are in the state of "Beta" means that=
 the developers are fully aware the service may not be entirely secure an=
d they wish feedback via Google's own beta "bug report" channels.
=20
All in all, this is  a "beta bug report" and nothing else. If you had wai=
ted until the Gmail dev team declared gmail a public release, you would h=
ave gained more respect in the security community scene.
=20
Cheerio
=20
=20

      =09
---------------------------------
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
--0-509345037-1088977213=3D:9720

A name like "Bugtraq Security Systems" Sounds like a typical name a scrip=
t kiddie group or scene whore group would use to try and gain an easy nam=
e within the scene.

 They (Bugtraq Security Systems) obviously thought... Hey.. "if we whore =
a high profile name and make our website look professional, people will b=
uy it and think we're elite".=20

Lol, if you had any cred in the security community scene, you just lost i=
t by mentioning the key words "Defcon" and "Drew Copley is a prick" refer=
ences.

All you are making yourself out to be is a jealous scene whore who wishes=
 they had the 0-day exclusives that Eyee Security obtain and you wish you=
 were as good as they are.=20

You have no right to come on a high profile security mailing list with su=
ch childish remarks towards a highly respected Security Group as Eyee. Go=
 find some "elite" zero day and come back when you manage to gain as much=
 respect as Eyee Security has within the security community scene.

Cheerio

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around=20
http://mail.yahoo.com=20
--0-281874980-1088978667=3D:60119
The following advisory is also available in pdf for download at
http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf

CYBSEC S.A.
www.cybsec.com

Advisory Name: Denial of Service in WebSphere Edge Server.
Vulnerability Class: Denial of Service
Release Date: June 2nd 2004
Affected Applications:  =20

      * WebSphere Edge Components Caching Proxy 5.02 using
        JunctionRewrite with UseCookiedirective.=20

Not Affected Applications:=20

      * WebSphere Edge Components Caching Proxy 5.02 NOT using
        JunctionRewrite with UseCookie directive.  =20
      * WebSphere Edge Components Caching Proxy 5.00

Affected Platforms:=20

      * SUSE SLES 8=20
      * SUSE SLES 8 Service Pack 1=20
      * SUSE SLES 8 Service Pack 3=20
      * SUSE SLES 8 Service Pack 3=20
      * Apparently all platforms running WebSphere Edge Server

Local / Remote: Remote
Severity: High
Author: Leandro Meiners.
Vendor Status:=20

      * Fix included in WebSphere Application Server 5.0.3 (to be
        released)=20
      * Patch available from IBM for clients with Support Level 2 or 3

Reference to Vulnerability Disclosure Policy:=20
http://www.cybsec.com/vulnerability_policy.pdf

Overview:

WebSphere Edge Component Caching Proxy, part of WebSphere Application
Sever, is a reverse proxy designed to reduce bandwidth use and improve a
Web site's speed and reliability by providing a point-of-presence node
for one or more back-end content servers. It is built to work with
content provided by one or more backend WebSphere Application Servers.

Vulnerability Description:

The vulnerability discovered allows a remote attacker to generate a
denial of service condition against the WebSphere Edge Component Caching
Proxy.=20

If the reverse proxy is configured with the JunctionRewrite directive
being active, a remote attacker can trivially cause a denial of service
by executing the GET HTTP method without parameters.

Exploit:

$ echo =B4GET=A1 | nc <victim_host_ip> <proxy_port>

Solutions:

If JunctionRewrite is unnecessary, disabling it will suffice to prevent
the Denial of Service. Also if the option UseCookie in the
JunctionRewrite directive is unnecessary disabling it will suffice to
prevent the Denial of Service.

Vendor Response:

IBM opened a case regarding the vulnerability and provided a patch
within 2 weeks of the initial contact.

Contact Information:

For more information regarding the vulnerability feel free to contact
the author at lmeiners () cybsec com 

For more information regarding CYBSEC: www.cybsec.com


----------------------------
Leandro Meiners
CYBSEC S.A. Security Systems
E-mail: lmeiners () cybsec com
Tel/Fax: [54-11] 4382-1600
Web: http://www.cybsec.com

--=-KxxekzTaBeyTiwzQ+aFI
If it's not about respect then what is it about?=20
=20
You have no respect for the Gmail Team, that's for sure.
=20
I guess this list isn't about respect...
=20
It's about kiddies posting advisories and exploits for fun and little car=
e for the vendor(s).
=20
=20
Cheerio
=20

amforward () mailsurf com wrote:
System Outage wrote:

|The correct channel to post such "bugs" is the Gmail contact link for "b=
ug=20
|reports".=20

I have already contacted Gmail about 10 days ago, but I have not received=
 any=20
replies till this moment.

|If you had waited until the Gmail dev team declared gmail a public relea=
se,=20
|you would have gained more respect in the security community scene.

I don't think this is about respect afterall.

Regards,
Ahmed Motaz

------------------------------------------------------
Mailsurf.com your communication portal for SMS,
Email, Fax, E-Cards and more. www.mailsurf.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

      =09
---------------------------------
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
--0-223874168-1089035202=3D:27338
"You have no respect for the Gmail Team, that's for sure."
Why would he? Respect is earned not given for free.
=20
"It's about kiddies posting advisories and exploits for fun and little ca=
re
for the vendor(s)."
No the reason they are generally supposed to be posted AFAIK is so that t=
he
secuirty concious user is aware and can take steps to prevent them from
being exploited. Granted reasonable steps should be taken to contact the
vendor, if they dont respond then what can one do?
=20
Thanks
Mark
=20


   _____ =20

From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of System Outag=
e
Sent: 05 July 2004 14:47
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Gmail Information Disclosure Vulnerability


If it's not about respect then what is it about?=20
=20
=20
=20
I guess this list isn't about respect...
=20
It's about kiddies posting advisories and exploits for fun and little car=
e
for the vendor(s).
=20
=20
Cheerio
=20

amforward () mailsurf com wrote:

System Outage wrote:

|The correct channel to post such "bugs" is the Gmail contact link for "b=
ug=20
|reports".=20

I have already contacted Gmail about 10 days ago, but I have not received
any=20
replies till this moment.

|If you had waited until the Gmail dev team declared gmail a public relea=
se,

|you would have gained more respect in the security community scene.

I don't think this is about respect afterall.

Regards,
Ahmed Motaz

------------------------------------------------------
Mailsurf.com your communication portal for SMS,
Email, Fax, E-Cards and more. www.mailsurf.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html




   _____ =20

Do you Yahoo!?
HYPERLINK
"http://us.rd.yahoo.com/mail_us/taglines/virus/*http://promotions.yahoo.c=
om/
new_mail/static/protection.html"Yahoo! Mail - Helps protect you from nast=
y
viruses.


---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.656 / Virus Database: 421 - Release Date: 09/04/2004



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.656 / Virus Database: 421 - Release Date: 09/04/2004
=20

------=3D_NextPart_000_021E_01C462A2.A05CB230


To: full-disclosure-request () lists netsys com
    full-disclosure () lists netsys com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #1747 - 32 msgs philipp . freiberger (Jul 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault