Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[Full-Disclosure] Re: Full-disclosure digest, Vol 1 #2020 - 10 msgs
From: "jialc" <jialc () netpower com cn>
Date: Thu, 11 Nov 2004 19:34:11 +0800

full-disclosure-request,您好!

        

======= 2004-11-04 01:00:09 您在来信中写道:=======

Send Full-Disclosure mailing list submissions to
      full-disclosure () lists netsys com

To subscribe or unsubscribe via the World Wide Web, visit
      http://lists.netsys.com/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
      full-disclosure-request () lists netsys com

You can reach the person managing the list at
      full-disclosure-admin () lists netsys com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."


Today's Topics:

  1. I am NOT out of here hahaha (Frank de Wit)
  2. Re: I am out of here (Berend-Jan Wever)
  3. RE: Security (for the common people) in electronic vote? (Sean Crawford)
  4. [ GLSA 200411-07 ] Proxytunnel: Format string vulnerability (Thierry Carrez)
  5. Re: I am out of here (Berend-Jan Wever)
  6. Re: How to clear contents of protected storage - Windows 2000 (Danny)
  7. Re: How to clear contents of protected storage - Windows 2000 (Danny)
  8. RE: I am out of here (Banta, Will)
  9. Re: I am out of here (Barry Fitzgerald)
 10. Re: I am out of here (kyle l)

--__--__--

Message: 1
Date: Wed, 03 Nov 2004 11:30:56 +0100
From: Frank de Wit <frankdewit () home nl>
CC: full-disclosure () lists netsys com
Subject: [Full-disclosure] I am NOT out of here hahaha

people talking about politics are usually boring, thinking only about 
themselves and what they can gain personally by doing politics
politics have nothing to do with thinking about the wellbeing of 
people... only the RedCross, SalvationArmy, MSF etc do that
that's why those people like to mail about offtopic things on this 
FD-list, they are too stupid to care or understand what they're doing
personally I have fun pressing the delete key very much lately...
they are all wrinting blisters on their fingers, and all for nothing 
because no-one reads it hahaha
hojje from holland

Ali Campbell wrote:

Hugo van der Kooij wrote:

Thank you all for turning a security mailinglist into a mudpool in which
throwing around dirt about political candidates has become the prime
objective.

However that was not my objective when I came to this list so it seems
this list has become rather useless to me.

Quite a pity. But that is full-disclosure for you.

So long and thanks for all the fish.

Hugo.


Me too. I'm unsubscribing. Have a nice day.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



--__--__--

Message: 2
From: "Berend-Jan Wever" <skylined () edup tudelft nl>
To: <full-disclosure () lists netsys com>
Subject: Re: [Full-disclosure] I am out of here
Date: Wed, 3 Nov 2004 14:34:34 +0100

If you can't stand the heat, get out of the kitchen!

Cheers,
SkyLined


--__--__--

Message: 3
Reply-To: <sean01 () accnet com au>
From: "Sean Crawford" <sean01 () accnet com au>
To: <full-disclosure () lists netsys com>
Subject: RE: [Full-disclosure] Security (for the common people) in electronic vote?
Date: Thu, 4 Nov 2004 01:05:47 +1100

Now Australian and the US both have angry gnomes as the heads of state.....

Flame me off list please....



---> 
---> -----Messaggio originale-----
---> Surprise!
---> 
---> with electronic vote win Bush,
---> so we've made a great scientific discover:
---> in information technology bits=bush :-)
---> 
---> Tiziano Radice


--__--__--

Message: 4
Date: Wed, 03 Nov 2004 15:06:32 +0100
From: Thierry Carrez <koon () gentoo org>
Organization: Gentoo Linux
To: gentoo-announce () gentoo org
CC: bugtraq () securityfocus com, full-disclosure () lists netsys com,
  security-alerts () linuxsecurity com
Subject: [Full-disclosure] [ GLSA 200411-07 ] Proxytunnel: Format string vulnerability

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig76CB791339E9D081EAF57416
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200411-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Proxytunnel: Format string vulnerability
     Date: November 03, 2004
     Bugs: #69379
       ID: 200411-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Proxytunnel is vulnerable to a format string vulnerability, potentially
allowing a remote server to execute arbitrary code with the rights of
the Proxytunnel process.

Background
==========

Proxytunnel is a program that tunnels connections to a remote server
through a standard HTTPS proxy.

Affected packages
=================

   -------------------------------------------------------------------
    Package               /  Vulnerable  /                 Unaffected
   -------------------------------------------------------------------
 1  net-misc/proxytunnel       < 1.2.3                       >= 1.2.3

Description
===========

Florian Schilhabel of the Gentoo Linux Security Audit project found a
format string vulnerability in Proxytunnel. When the program is started
in daemon mode (-a [port]), it improperly logs invalid proxy answers to
syslog.

Impact
======

A malicious remote server could send specially-crafted invalid answers
to exploit the format string vulnerability, potentially allowing the
execution of arbitrary code on the tunnelling host with the rights of
the Proxytunnel process.

Workaround
==========

You can mitigate the issue by only allowing connections to trusted
remote servers.

Resolution
==========

All Proxytunnel users should upgrade to the latest version:

   # emerge --sync
   # emerge --ask --oneshot --verbose ">=net-misc/proxytunnel-1.2.3"

References
==========

 [ 1 ] CAN-2004-0992
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0992
 [ 2 ] Proxytunnel News
       http://proxytunnel.sourceforge.net/news.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 http://security.gentoo.org/glsa/glsa-200411-07.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security () gentoo org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0


--------------enig76CB791339E9D081EAF57416
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBiOXtvcL1obalX08RAnYnAJwIshpFa+FYWxodGye7GhzXT3u/4QCfezXh
UCoNhH9Pa2ynywjd+lSdtUk=
=WJOx
-----END PGP SIGNATURE-----

--------------enig76CB791339E9D081EAF57416--


--__--__--

Message: 5
From: "Berend-Jan Wever" <skylined () edup tudelft nl>
To: <full-disclosure () lists netsys com>
Subject: Re: [Full-disclosure] I am out of here
Date: Wed, 3 Nov 2004 15:39:02 +0100

If you can't stand the heat, get out of the kitchen!

And btw: if you're not cooking, get the fuck out too!

Cheers,
SkyLined



--__--__--

Message: 6
Date: Wed, 3 Nov 2004 09:56:31 -0500
From: Danny <nocmonkey () gmail com>
Reply-To: Danny <nocmonkey () gmail com>
To: 3APA3A <3apa3a () security nnov ru>
Subject: Re: [Full-disclosure] How to clear contents of protected storage - Windows 2000
Cc: full-disclosure () lists netsys com

On Wed, 3 Nov 2004 11:32:40 +0300, 3APA3A <3apa3a () security nnov ru> wrote:
Dear Danny,

You can use Cain & Abel (http://www.oxid.it).

Hi 3APA3A,

Thank you for the tip. For this particular job, it does not display
all of the entries listed from pstoreview.exe, specifically the
INETCOMM Server passwords.

Anything else I can try?

...D


--__--__--

Message: 7
Date: Wed, 3 Nov 2004 10:15:36 -0500
From: Danny <nocmonkey () gmail com>
Reply-To: Danny <nocmonkey () gmail com>
To: 3APA3A <3apa3a () security nnov ru>
Subject: Re: [Full-disclosure] How to clear contents of protected storage - Windows 2000
Cc: full-disclosure () lists netsys com

On Wed, 3 Nov 2004 09:56:31 -0500, Danny <nocmonkey () gmail com> wrote:
On Wed, 3 Nov 2004 11:32:40 +0300, 3APA3A <3apa3a () security nnov ru> wrote:
Dear Danny,

You can use Cain & Abel (http://www.oxid.it).

Hi 3APA3A,

Thank you for the tip. For this particular job, it does not display
all of the entries listed from pstoreview.exe, specifically the
INETCOMM Server passwords.

Anything else I can try?

I found passview from nirsoft. Works. Case closed.

..D


--__--__--

Message: 8
Subject: RE: [Full-disclosure] I am out of here
Date: Wed, 3 Nov 2004 09:58:06 -0600
From: "Banta, Will" <Will.Banta () broadwing com>
To: <full-disclosure () lists netsys com>

Thank you all for turning a security mailinglist into a mudpool in
which throwing around dirt about political candidates has become
the prime objective.

What we've seen on this list only serves to show how important this
election is to many people the world over, not just Americans.
The drama will subside and people will return to business. All you need
do is wait it out and ignore the obvious OT stuff if you're
uninterested. Granted people might be more judicious in their use of
"reply all" over "reply". 

However that was not my objective when I came to this list so it seems
this list has become rather useless to me.

What was your objective in coming to this list?

Quite a pity. But that is full-disclosure for you.

I haven't been on this list long, but I've benefited from your posts so
I think the pity is that you've decided to "take your blocks" and stalk
off like a child.

So long and thanks for all the fish.

There's more fish so why not stay awhile longer?


     I hate duplicates. Just reply to the relevant mailinglist.
     hvdkooij () vanderkooij org
http://hvdkooij.xs4all.nl/
             Don't meddle in the affairs of magicians,
             for they are subtle and quick to anger.


--__--__--

Message: 9
Date: Wed, 03 Nov 2004 11:02:13 -0500
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
To: Berend-Jan Wever <skylined () edup tudelft nl>
CC: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] I am out of here

Berend-Jan Wever wrote:

If you can't stand the heat, get out of the kitchen!
   


And btw: if you're not cooking, get the fuck out too!

 

Yeah - how hard is it to hit delete anyway?

(I don't think I've ever joined a mailing list expecting every post to 
be interesting to me... nor even the majority.  It seems like an 
unrealistic expectation.)

         -Barry


--__--__--

Message: 10
Date: Wed, 3 Nov 2004 10:32:46 -0600
From: kyle l <wtfbomb () gmail com>
Reply-To: kyle l <wtfbomb () gmail com>
To: Berend-Jan Wever <skylined () edup tudelft nl>
Subject: Re: [Full-disclosure] I am out of here
Cc: full-disclosure () lists netsys com

so stop bitching... it's people like you and people like me who waste
their time sending the types of messages like this that piss everyone
off

if it didnt happen in the first place there would not be a problem

consider this next time you feel the need to inform us about leaving
the mailing list; we really dont care.

honestly.



[http://www.eleat.org]


On Wed, 3 Nov 2004 15:39:02 +0100, Berend-Jan Wever
<skylined () edup tudelft nl> wrote:
If you can't stand the heat, get out of the kitchen!

And btw: if you're not cooking, get the fuck out too!



Cheers,
SkyLined

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html




--__--__--

_______________________________________________
Full-Disclosure mailing list
Full-Disclosure () lists netsys com
http://lists.netsys.com/mailman/listinfo/full-disclosure


End of Full-Disclosure Digest


= = = = = = = = = = = = = = = = = = = =
                        

        致
礼!
 
                                 
        jialc
        jialc () netpower com cn
          2004-11-11

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault