Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: WMF round-up, updates and de-mystification
From: InfoSecBOFH <infosecbofh () gmail com>
Date: Thu, 5 Jan 2006 04:03:05 -0800

Try some english as a second language courses fuckbag

On 1/3/06, ad () heapoverflow com <ad () heapoverflow com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

he try to be good , but everyone remember his shit talks firing about
netdev & cie , nice try ..

InfoSecBOFH wrote:
So this patch is trusted because you said so?

I have tested and confirmed that this patch only works in specific
scnenarios and does not mitigate the entire issue.  Variations still
work.

On 1/3/06, Gadi Evron <ge () linuxbox org> wrote:
Quite a bit of confusing and a vast amount of information coming from
all directions about the WMF 0day. Here are some URL's and generic facts
to set us straight.

The "patch" by Ilfak Guilfanov works, but by disabling a DLL in Windows.
So far no problems have been observed by anyone using this patch. You
should naturally check it out for yourselves but I and many others
recommend it until Microsoft bothers to show up with their own patch.

Ilfak is trusted and is in no way a Bad Guy.

You can find more information about it at his blog:
http://www.hexblog.com/2005/12/wmf_vuln.html

If you are still not sure about the patch by Ilfak, check out the
discussion of it going on in the funsec list about the patch, with Ilfak
participating:
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Occasional information of new WMF problems keep coming in over there.

In this URL you can find the best summary I have seen of the WMF issue:
http://isc.sans.org/diary.php?storyid=994
by the "SANS ISC diary" team.

In this URL you can find the best write-up I have seen on the WMF issue:
http://blogs.securiteam.com/index.php/archives/167
By Matthew Murphy at the "Securiteam Blogs".

Also, it should be noted at this time that since the first public
discovery of this "problem", a new one has been coming in - every day.
All the ones seen so far are variants of the original and in all ways
the SAME problem. So, it would be best to acknowledge them as the
same... or we will keep having a NEW 0day which really isn't for about 2
months when all these few dozen variations are exhausted.

A small BUT IMPORTANT correction for future generations:
The 0day was originally found and reported by Hubbard Dan from Websense
on a closed vetted security mailing list, and later on at the Websense
public page. All those who took credit for it took it wrongly.

Thanks, and a better new year to us all,

       Gadi.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/






-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iQIVAwUBQ7sAOa+LRXunxpxfAQJCChAA58xG3lsiY5Gi5dQd/lPtRcznLAGKAY9i
Hosk4mWRnXep9Gd2XpztNNBbePg4l6tSvKKu26bFan+B3A3jYvMpZ8CBq9nptRz+
MrCb9N4vApJhPTKL1jiydj2/No9QB9g5e6S23Krjj4cLZTLQJqwE2/sHm70ZqIzO
BUUc8EKDuDgqx//EC4NZwQtZTQmBJNtn252tqP5F5et1t7RRPmbz7Yz5FPqP26wF
PpNxDXONEMCdDL0RiTdPM6qUpKI510BwuBOJPrJxrb8CCas6wEDSOkb2QiIO//35
yQKpBV4RK2mJcA28BoHkLPrYbOnMTSbioGSFaJ7FJBlsGi14rXWchpZS8ougjYX4
hZCxcz1y05ONM37f2RBLffszp96pi83x3HCjIYtMGCwG8oJJ3KteR7ScTOGrccLC
xIASkilhdWppKfG6J9+TWp5xOXHxjOtn8RiacOovslBnl5FssB4WjQdqtKuGnstf
B2/+VKOtck7mRue/W6Dz0qFrG+teC2MQUNJX66zSyJnTEvrqFgWvlr/j9MEDqXQR
K2oTV8XnK8R4vCi813LxHkFlVO6Vj5CYUnrWoMMjQdEyznN3IVGU3IQXXIiDuPpb
3Pa2YJvxl6gcGRPaSNVGrxH6Yp238jsdynMKvsWNSYsVZuxoiM3i052tmbTY8b89
DBwptgDJqo0=
=YwgE
-----END PGP SIGNATURE-----



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]