|
Full Disclosure
mailing list archives
Re: Full-Disclosure Digest, Vol 42, Issue 42
From: badr muhyeddin <gigiyousef () hotmail com>
Date: Sun, 17 Aug 2008 07:30:03 +0300
unsubscribe > From: full-disclosure-request () lists grok org uk> Subject: Full-Disclosure Digest, Vol 42, Issue 42>
To: full-disclosure () lists grok org uk> Date: Sat, 16 Aug 2008 12:00:01 +0100> > Send Full-Disclosure mailing list
submissions to> full-disclosure () lists grok org uk> > To subscribe or unsubscribe via the World Wide Web, visit>
https://lists.grok.org.uk/mailman/listinfo/full-disclosure> or, via email, send a message with subject or body 'help'
to> full-disclosure-request () lists grok org uk> > You can reach the person managing the list at>
full-disclosure-owner () lists grok org uk> > When replying, please edit your Subject line so it is more specific> than
"Re: Contents of Full-Disclosure digest..."> > > Note to digest recipients - when replying to digest posts, please trim
your post appropriately. Thank you.> > > Today's Topics:> > 1. Re: weev, baby (hERB)> 2. Re: weev, baby (coderman)> 3.
Health website vulnerable to hacking, no response from admins> after multiple at
tempts (Kristian Erik Hermansen)> 4. Re: weev, baby (n3td3v)> 5. [ MDVSA-2008:171 ] postfix (security () mandriva
com)> 6. [ MDVSA-2008:172 ] amarok (security () mandriva com)> 7. [PLSA 2008-25] Postfix: Local privilege escalation>
(P?nar Yanarda?)> 8. Step-by-step instructions for debugging Cisco IOS using gdb> (Smiler S)> 9. Tool: PorkBind v1.3
Nameserver Security Scanner (New Version)> (Derek Callaway)> 10. Re: [funsec] Internet attacks against Georgian web
sites> (Radoslav Dejanovi?)> 11. Beware the firefox ZERO DAYZZZZ (T Biehn)> 12. Linus summarizes state of the "security
industry" with> precision and accuracy. (coderman)> 13. Re: Linus summarizes state of the "security industry" with>
precision and accuracy. (silky)> > > ----------------------------------------------------------------------> > Message:
1> Date: Fri, 15 Aug 2008 12:15:55 +0100> From: hERB <herbster () gmail com>> Subject: Re: [Full-disclosure] weev,
baby> To: full-disclosure () lists grok org uk> Message-ID:> <216
0f86c0808150415n59d79459o4f841b2f0579af4f () mail gmail com>> Content-Type: text/plain; charset="iso-8859-1"> > Think
you credit too much intelligence, more likely its:> > http://www.urbandictionary.com/define.php?term=TEABAG> > /hERB> >
On Fri, Aug 15, 2008 at 8:42 AM, Gadi Evron <ge () linuxbox org> wrote:> > > Tea Baggins tebaggins at gmail.com> >> >
Teatime from Pratchett and Bilbo Baggins from Tolkien?> >> > Nice touch.> >> > No idea what the rest of the trolling
means.> >> > Gadi.> >> > _______________________________________________> > Full-Disclosure - We believe in it.> >
Charter: http://lists.grok.org.uk/full-disclosure-charter.html> > Hosted and sponsored by Secunia -
http://secunia.com/> >> > > > -- > #include <stddisclaimer.h>> -------------- next part --------------> An HTML
attachment was scrubbed...> URL:
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080815/98ac25b5/attachment-0001.html > >
------------------------------> > Message: 2> Date: Fri,
15 Aug 2008 09:56:19 -0700> From: coderman <coderman () gmail com>> Subject: Re: [Full-disclosure] weev, baby> To:
hERB <herbster () gmail com>> Cc: full-disclosure () lists grok org uk> Message-ID:>
<4ef5fec60808150956i67602f8h9e0872bb2310ef70 () mail gmail com>> Content-Type: text/plain; charset=ISO-8859-1> > On
Fri, Aug 15, 2008 at 4:15 AM, hERB <herbster () gmail com> wrote:> > Think you credit too much intelligence, more
likely its:> >> > http://www.urbandictionary.com/define.php?term=TEABAG> > sir, the etymology of the fine Tea Baggins,
son of Frodo Baggins,> begat from Bilbo, son of Bungo Baggins, sired by Mungo Baggins, who's> father, the great Balbo
Baggins, is patriarch of the tree of Baggins,> including all Tea Baggins, is not a matter to be taken lightly!> >
please excuse yourself for such dishonor implied by this obscene> "TEABAG" reference.> > (also, contrary to popular
misconception, the great Gandalf has never> enjoyed "lemon parties"; this rumor merely one of the many fre
nzied> insults devised by Saruman's groupies...)> > > > ------------------------------> > Message: 3> Date: Fri, 15
Aug 2008 13:02:30 -0700> From: "Kristian Erik Hermansen" <kristian.hermansen () gmail com>> Subject: [Full-disclosure]
Health website vulnerable to hacking, no> response from admins after multiple attempts> To: full-disclosure () lists
grok org uk> Message-ID:> <fe37588d0808151302g25d8aa8eq928d29ff6e42e0ea () mail gmail com>> Content-Type: text/plain;
charset=ISO-8859-1> > I tried repeatedly to contact them. For the benefit of the health> patients using this website,
can someone please investigate?> Thanks...> > https://secure.westclifflabs.com/secure/billing/default.asp> -- >
Kristian Erik Hermansen> > > > ------------------------------> > Message: 4> Date: Fri, 15 Aug 2008 21:29:22 +0100>
From: n3td3v <xploitable () gmail com>> Subject: Re: [Full-disclosure] weev, baby> To: full-disclosure () lists grok
org uk> Message-ID:> <4b6ee9310808151329n3d75ee72g1e666c8d232caab5 () mail
.gmail.com>> Content-Type: text/plain; charset=ISO-8859-1> > On Fri, Aug 15, 2008 at 8:42 AM, Gadi Evron <ge ()
linuxbox org> wrote:> > Tea Baggins tebaggins at gmail.com> >> > Teatime from Pratchett and Bilbo Baggins from
Tolkien?> >> > Nice touch.> >> > No idea what the rest of the trolling means.> >> > Gadi.> >> > You're the oldest troll
on this list, you should know what all the> secret troll messages mean.> > All the best,> > n3td3v> > > >
------------------------------> > Message: 5> Date: Fri, 15 Aug 2008 14:44:00 -0600> From: security () mandriva com>
Subject: [Full-disclosure] [ MDVSA-2008:171 ] postfix> To: full-disclosure () lists grok org uk> Message-ID:
<E1KU69Q-0005TT-Rg () titan mandriva com>> > > -----BEGIN PGP SIGNED MESSAGE-----> Hash: SHA1> >
_______________________________________________________________________> > Mandriva Linux Security Advisory
MDVSA-2008:171> http://www.mandriva.com/security/>
______________________________________________________________________
_> > Package : postfix> Date : August 15, 2008> Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0>
_______________________________________________________________________> > Problem Description:> > Sebastian Krahmer of
the SUSE Security Team discovered a flaw in> the way Postfix dereferenced symbolic links. If a local user had> write
access to a mail spool directory without a root mailbox file,> it could be possible for them to append arbitrary data
to files that> root had write permissions to (CVE-2008-2936).> > The updated packages have been patched to correct this
issue.> _______________________________________________________________________> > References:> >
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2936>
_______________________________________________________________________> > Updated Packages:> > Mandriva Linux 2007.1:>
26e470b9c59a7f942865ff4c9a029f33 2007.1/i586/libpostfix1-2.3.8-1.1mdv2007.1.i586.rpm> 886bae30f28144d5cd12330eadc29beb
2007
.1/i586/postfix-2.3.8-1.1mdv2007.1.i586.rpm> 4490c64a7b39685f04dff74ce114edd1
2007.1/i586/postfix-ldap-2.3.8-1.1mdv2007.1.i586.rpm> 03bc15e8554bb5519bccc27147dc49c5
2007.1/i586/postfix-mysql-2.3.8-1.1mdv2007.1.i586.rpm> 4ce6d3583264a3d9a89e99554d8f5334
2007.1/i586/postfix-pcre-2.3.8-1.1mdv2007.1.i586.rpm> 1fa256a3a7306dc4711d2c1f394e4779
2007.1/i586/postfix-pgsql-2.3.8-1.1mdv2007.1.i586.rpm > 585a32ed0e7d643bec4be76ca56e96a3
2007.1/SRPMS/postfix-2.3.8-1.1mdv2007.1.src.rpm> > Mandriva Linux 2007.1/X86_64:> c5b9aba41a5f7d4762e07611ab796ba9
2007.1/x86_64/lib64postfix1-2.3.8-1.1mdv2007.1.x86_64.rpm> 34aaf8a7f5489382ae2fe752239c1ad3
2007.1/x86_64/postfix-2.3.8-1.1mdv2007.1.x86_64.rpm> c1bbbc34d1a6951dfea07b479e7546a6
2007.1/x86_64/postfix-ldap-2.3.8-1.1mdv2007.1.x86_64.rpm> 72c368adfd81383032aee96564edd1dc
2007.1/x86_64/postfix-mysql-2.3.8-1.1mdv2007.1.x86_64.rpm> b6e9329425e1e4f6f1b591ca01c07527
2007.1/x86_64/postfix-pcre-2.3.8-1.1mdv2007.1.x86_64.rpm> 858ac67feca2fae49be70f752a
9f5688 2007.1/x86_64/postfix-pgsql-2.3.8-1.1mdv2007.1.x86_64.rpm > 585a32ed0e7d643bec4be76ca56e96a3
2007.1/SRPMS/postfix-2.3.8-1.1mdv2007.1.src.rpm> > Mandriva Linux 2008.0:> 28f80755d3e08a050a3294f15bcdf0b0
2008.0/i586/libpostfix1-2.4.5-2.1mdv2008.0.i586.rpm> 8e5a684b87309c502f34d76104e7291f
2008.0/i586/postfix-2.4.5-2.1mdv2008.0.i586.rpm> fd4bd15f398bb8f9a90e59216b4a01dc
2008.0/i586/postfix-ldap-2.4.5-2.1mdv2008.0.i586.rpm> 63e5be0f5c1dc8b28f173726c1648831
2008.0/i586/postfix-mysql-2.4.5-2.1mdv2008.0.i586.rpm> 75e6b126fd04ce8cbef1d024a8d4af94
2008.0/i586/postfix-pcre-2.4.5-2.1mdv2008.0.i586.rpm> 3eb0a04a986f20d4771b774b0707d5ff
2008.0/i586/postfix-pgsql-2.4.5-2.1mdv2008.0.i586.rpm > d18e696ddd9948b311e84c1df3b4edfa
2008.0/SRPMS/postfix-2.4.5-2.1mdv2008.0.src.rpm> > Mandriva Linux 2008.0/X86_64:> 25c8159e3a2b78ab281dcf6c7b5886d1
2008.0/x86_64/lib64postfix1-2.4.5-2.1mdv2008.0.x86_64.rpm> 56bc517d9bb1cf9221ce8d35999ac7de
2008.0/x86_64/postfix-2.4.5-2.1mdv2008.0.x86_64.rpm> 08
af0c3454a642e57252180f6f8b8b1c 2008.0/x86_64/postfix-ldap-2.4.5-2.1mdv2008.0.x86_64.rpm>
c8777d4816b661a2853df44228c97e26 2008.0/x86_64/postfix-mysql-2.4.5-2.1mdv2008.0.x86_64.rpm>
08579717946ec5c32df7674286f9f45a 2008.0/x86_64/postfix-pcre-2.4.5-2.1mdv2008.0.x86_64.rpm>
fda669add03041fa744d5738c7457c3a 2008.0/x86_64/postfix-pgsql-2.4.5-2.1mdv2008.0.x86_64.rpm >
d18e696ddd9948b311e84c1df3b4edfa 2008.0/SRPMS/postfix-2.4.5-2.1mdv2008.0.src.rpm> > Mandriva Linux 2008.1:>
5a3804f2c3effc218f5c2e2e3df27564 2008.1/i586/libpostfix1-2.5.1-2.1mdv2008.1.i586.rpm> 506d51b49e9c8c0e439fc8bc4c63ba29
2008.1/i586/postfix-2.5.1-2.1mdv2008.1.i586.rpm> 34ef86dd70c956f2a99bdfac81183e09
2008.1/i586/postfix-ldap-2.5.1-2.1mdv2008.1.i586.rpm> 1d07b91d48c60906f28b8a2eba99ca1c
2008.1/i586/postfix-mysql-2.5.1-2.1mdv2008.1.i586.rpm> 70ba3c286521579fc49a54bba84472dd
2008.1/i586/postfix-pcre-2.5.1-2.1mdv2008.1.i586.rpm> dca57a1b0579a8418ad10aac03322b2e
2008.1/i586/postfix-pgsql-2.5.1-2.1mdv2008.1.i586.rpm
> 0f3cb76c3893354103745ee331942f0d 2008.1/SRPMS/postfix-2.5.1-2.1mdv2008.1.src.rpm> > Mandriva Linux 2008.1/X86_64:>
16d38a5b0b47edb0fc3395c63511bd6c 2008.1/x86_64/lib64postfix1-2.5.1-2.1mdv2008.1.x86_64.rpm>
546f25ac9ea5aa167b9282bd8d4f537a 2008.1/x86_64/postfix-2.5.1-2.1mdv2008.1.x86_64.rpm> f1a917d26a5366044e570f6571c2fb10
2008.1/x86_64/postfix-ldap-2.5.1-2.1mdv2008.1.x86_64.rpm> 4b2f2a4d53ef97dbd2c609afc9e61c77
2008.1/x86_64/postfix-mysql-2.5.1-2.1mdv2008.1.x86_64.rpm> 266433d35cd238e9132b6225bc5d1258
2008.1/x86_64/postfix-pcre-2.5.1-2.1mdv2008.1.x86_64.rpm> 78f8df45bf1c009701112a60294ccdeb
2008.1/x86_64/postfix-pgsql-2.5.1-2.1mdv2008.1.x86_64.rpm > 0f3cb76c3893354103745ee331942f0d
2008.1/SRPMS/postfix-2.5.1-2.1mdv2008.1.src.rpm> > Corporate 3.0:> 7d6dc0a422fa43c691a6819a9954d29c
corporate/3.0/i586/libpostfix1-2.1.1-0.4.C30mdk.i586.rpm> 6c90a40a69bcd261d1fff8124d087d48
corporate/3.0/i586/postfix-2.1.1-0.4.C30mdk.i586.rpm> 9e3468e37e512a5207a982ba606d8fb8 corporate/3.0/i
586/postfix-ldap-2.1.1-0.4.C30mdk.i586.rpm> 8018f6af47a5659396a3d903c27b33d4
corporate/3.0/i586/postfix-mysql-2.1.1-0.4.C30mdk.i586.rpm> ac40a515260bd75fe00c5e1610b11e7b
corporate/3.0/i586/postfix-pcre-2.1.1-0.4.C30mdk.i586.rpm> f8675212bf047f8373846efe438d6e34
corporate/3.0/i586/postfix-pgsql-2.1.1-0.4.C30mdk.i586.rpm > 0b9d6b89f64cf5c5ba64d4234ba958d3
corporate/3.0/SRPMS/postfix-2.1.1-0.4.C30mdk.src.rpm> > Corporate 3.0/X86_64:> f695f71cf4e3cff94b76ffaa79e79276
corporate/3.0/x86_64/lib64postfix1-2.1.1-0.4.C30mdk.x86_64.rpm> 479831782b7e851ee64b8686e5435742
corporate/3.0/x86_64/postfix-2.1.1-0.4.C30mdk.x86_64.rpm> a52bf688f3f842c8062ca1e43748a442
corporate/3.0/x86_64/postfix-ldap-2.1.1-0.4.C30mdk.x86_64.rpm> e286020374420577f7372bf98b3145f0
corporate/3.0/x86_64/postfix-mysql-2.1.1-0.4.C30mdk.x86_64.rpm> 7c4d75cb5df1951918a3baf56aff0dcd
corporate/3.0/x86_64/postfix-pcre-2.1.1-0.4.C30mdk.x86_64.rpm> e1b6ff7a49ab9dbd1cc8559ec9a747fe
corporate/3.0/x86_64/postfix-pgsql-2.1.1-0.4
.C30mdk.x86_64.rpm > 0b9d6b89f64cf5c5ba64d4234ba958d3 corporate/3.0/SRPMS/postfix-2.1.1-0.4.C30mdk.src.rpm> >
Corporate 4.0:> c7e11fa492370b389f507fc3ae2b1d4a corporate/4.0/i586/libpostfix1-2.3.5-0.2.20060mlcs4.i586.rpm>
f78b08147813d142dbebccfa3f2d1fc1 corporate/4.0/i586/postfix-2.3.5-0.2.20060mlcs4.i586.rpm>
982fb6adba17ab2acfd477323a55db4c corporate/4.0/i586/postfix-ldap-2.3.5-0.2.20060mlcs4.i586.rpm>
163b41ad32263b2a319720144153f5af corporate/4.0/i586/postfix-mysql-2.3.5-0.2.20060mlcs4.i586.rpm>
7be21bfdc0f6e70d6da173d5005516f8 corporate/4.0/i586/postfix-pcre-2.3.5-0.2.20060mlcs4.i586.rpm>
26c0b02352463bd5c33b67c146330701 corporate/4.0/i586/postfix-pgsql-2.3.5-0.2.20060mlcs4.i586.rpm >
f9251f61013674ae03a5122d8c5cfd25 corporate/4.0/SRPMS/postfix-2.3.5-0.2.20060mlcs4.src.rpm> > Corporate 4.0/X86_64:>
91d8789d61bc41409d96b0442ffb8d13 corporate/4.0/x86_64/lib64postfix1-2.3.5-0.2.20060mlcs4.x86_64.rpm>
db6e1d07cd48fd215db13b6c0812629f corporate/4.0/x86_64/postfix-2.3.5-0.2.2
0060mlcs4.x86_64.rpm> 6d57adb992f1903344a12c213116e2d9
corporate/4.0/x86_64/postfix-ldap-2.3.5-0.2.20060mlcs4.x86_64.rpm> c3217315a710dddef6addc566542dbef
corporate/4.0/x86_64/postfix-mysql-2.3.5-0.2.20060mlcs4.x86_64.rpm> 21db2224670acce491ff87269f21ec5e
corporate/4.0/x86_64/postfix-pcre-2.3.5-0.2.20060mlcs4.x86_64.rpm> 89d5796c4d94bb6ab1ef26de400d032f
corporate/4.0/x86_64/postfix-pgsql-2.3.5-0.2.20060mlcs4.x86_64.rpm > f9251f61013674ae03a5122d8c5cfd25
corporate/4.0/SRPMS/postfix-2.3.5-0.2.20060mlcs4.src.rpm>
_______________________________________________________________________> > To upgrade automatically use MandrivaUpdate
or urpmi. The verification> of md5 checksums and GPG signatures is performed automatically for you.> > All packages are
signed by Mandriva for security. You can obtain the> GPG public key of the Mandriva Security Team by executing:> > gpg
--recv-keys --keyserver pgp.mit.edu 0x22458A98> > You can view other update advisories for Mandriva Linux at:> > ht
tp://www.mandriva.com/security/advisories> > If you want to report vulnerabilities, please contact> >
security_(at)_mandriva.com> _______________________________________________________________________> > Type Bits/KeyID
Date User ID> pub 1024D/22458A98 2000-07-10 Mandriva Security Team> <security*mandriva.com>> -----BEGIN PGP
SIGNATURE-----> Version: GnuPG v1.4.9 (GNU/Linux)> > iD8DBQFIpbu8mqjQ0CJFipgRApsdAJ0XV7YMQObXpiNScy6r/ct8BPjTIACg0mow>
TLWvKH+6JSz18dJfpEjIxFw=> =rHfX> -----END PGP SIGNATURE-----> > > > ------------------------------> > Message: 6> Date:
Fri, 15 Aug 2008 15:54:00 -0600> From: security () mandriva com> Subject: [Full-disclosure] [ MDVSA-2008:172 ] amarok>
To: full-disclosure () lists grok org uk> Message-ID: <E1KU7FA-0005Z8-El () titan mandriva com>> > > -----BEGIN PGP
SIGNED MESSAGE-----> Hash: SHA1> > _______________________________________________________________________> > Mandriva
Linux Security Advisory MDVSA-2008:172> http://www.mandriva.com/security/> _
______________________________________________________________________> > Package : amarok> Date : August 15, 2008>
Affected: 2008.0, 2008.1> _______________________________________________________________________> > Problem
Description:> > A flaw in Amarok prior to 1.4.10 would allow local users to overwrite> arbitrary files via a symlink
attack on a temporary file that Amarok> created with a predictable name (CVE-2008-3699).> > The updated packages have
been patched to correct this issue.> _______________________________________________________________________> >
References:> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699>
_______________________________________________________________________> > Updated Packages:> > Mandriva Linux 2008.0:>
add9881887c5e33288947a836ea829f7 2008.0/i586/amarok-1.4.7-9.1mdv2008.0.i586.rpm> 6cb1913a6bc874ea77a25d76521e39a8
2008.0/i586/amarok-engine-xine-1.4.7-9.1mdv2008.0.i586.rpm> 66b1e073cc975872fb15e1d674462d6e 2008.0/i586/am
arok-scripts-1.4.7-9.1mdv2008.0.i586.rpm> 9decca6e5825541b00c7942340308065
2008.0/i586/libamarok0-1.4.7-9.1mdv2008.0.i586.rpm> f52da39d55c1ad5a475e14a7f4a42d11
2008.0/i586/libamarok0-scripts-1.4.7-9.1mdv2008.0.i586.rpm> 130e958096e23249244e7e2ff02aa1f6
2008.0/i586/libamarok-devel-1.4.7-9.1mdv2008.0.i586.rpm> 8d5dd406aa2cb0a56e922f8ff7d9ea34
2008.0/i586/libamarok-scripts-devel-1.4.7-9.1mdv2008.0.i586.rpm > 36da208a1bb60169c8b721bfc9d38f15
2008.0/SRPMS/amarok-1.4.7-9.1mdv2008.0.src.rpm> > Mandriva Linux 2008.0/X86_64:> c01e9b41a520a3a65398866daca707cf
2008.0/x86_64/amarok-1.4.7-9.1mdv2008.0.x86_64.rpm> b300777e4a9db10814ba3a920ce690d0
2008.0/x86_64/amarok-engine-xine-1.4.7-9.1mdv2008.0.x86_64.rpm> c24609bda65290240c8689b2863de9cb
2008.0/x86_64/amarok-scripts-1.4.7-9.1mdv2008.0.x86_64.rpm> eb04320a5d103aef042f29ed9731ac8b
2008.0/x86_64/lib64amarok0-1.4.7-9.1mdv2008.0.x86_64.rpm> c71f5eda86c58ad9bd78bebc06b63f01
2008.0/x86_64/lib64amarok0-scripts-1.4.7-9.1mdv2008.0.x86_64.rpm> d
f9206ff03dad2f1b2e3ce40e1cc190d 2008.0/x86_64/lib64amarok-devel-1.4.7-9.1mdv2008.0.x86_64.rpm>
a9a45984a13f545e828c957e98ca2051 2008.0/x86_64/lib64amarok-scripts-devel-1.4.7-9.1mdv2008.0.x86_64.rpm >
36da208a1bb60169c8b721bfc9d38f15 2008.0/SRPMS/amarok-1.4.7-9.1mdv2008.0.src.rpm> > Mandriva Linux 2008.1:>
35bb66001f0a6efb796d476b1ba35098 2008.1/i586/amarok-1.4.8-12.1mdv2008.1.i586.rpm> 39f5f1cba6d2a2dd347e2004eb37b6b6
2008.1/i586/amarok-engine-void-1.4.8-12.1mdv2008.1.i586.rpm> b54d096ed180078cc0adbf13ee9c1234
2008.1/i586/amarok-engine-xine-1.4.8-12.1mdv2008.1.i586.rpm> c47c5274f6419497e83b9d9e129f0cee
2008.1/i586/amarok-engine-yauap-1.4.8-12.1mdv2008.1.i586.rpm> f710c717a6bb71e445671688edca63c7
2008.1/i586/amarok-scripts-1.4.8-12.1mdv2008.1.i586.rpm> d07c5193757104a086c798bd4acfa1ff
2008.1/i586/libamarok0-1.4.8-12.1mdv2008.1.i586.rpm> 0886969d0cf8a00a24ec3767f7e26d52
2008.1/i586/libamarok0-scripts-1.4.8-12.1mdv2008.1.i586.rpm> b448749b86d31cce3fe37803a6d76955 2008.1/i586/li
bamarok-devel-1.4.8-12.1mdv2008.1.i586.rpm> 00b6a0c87044ad127837dd6b0eaaaf05
2008.1/i586/libamarok-scripts-devel-1.4.8-12.1mdv2008.1.i586.rpm > d98786eee09881cdaa238f00e29e7c48
2008.1/SRPMS/amarok-1.4.8-12.1mdv2008.1.src.rpm> > Mandriva Linux 2008.1/X86_64:> 4c90ca190be22b80aa57df40a054fb22
2008.1/x86_64/amarok-1.4.8-12.1mdv2008.1.x86_64.rpm> 1a3c01858fcfbd321f65b8140252fa3e
2008.1/x86_64/amarok-engine-void-1.4.8-12.1mdv2008.1.x86_64.rpm> d62f9425e5917415066c16f170b9f079
2008.1/x86_64/amarok-engine-xine-1.4.8-12.1mdv2008.1.x86_64.rpm> d4ff899bf669f9f676df2e6b809f2fc8
2008.1/x86_64/amarok-engine-yauap-1.4.8-12.1mdv2008.1.x86_64.rpm> 35a26a4ee0d82eaa8e52436dcf1bfaa9
2008.1/x86_64/amarok-scripts-1.4.8-12.1mdv2008.1.x86_64.rpm> 9738454dec262ef9d19c93e7e78328c8
2008.1/x86_64/lib64amarok0-1.4.8-12.1mdv2008.1.x86_64.rpm> 93414b3bd1d5b12a6cdb8fc48091785b
2008.1/x86_64/lib64amarok0-scripts-1.4.8-12.1mdv2008.1.x86_64.rpm> a11bccff3c601e5d2f3a8501c72e709f
2008.1/x86_64/lib64amarok-deve
l-1.4.8-12.1mdv2008.1.x86_64.rpm> ec100b8483103dc815b52b3f546df167
2008.1/x86_64/lib64amarok-scripts-devel-1.4.8-12.1mdv2008.1.x86_64.rpm > d98786eee09881cdaa238f00e29e7c48
2008.1/SRPMS/amarok-1.4.8-12.1mdv2008.1.src.rpm>
_______________________________________________________________________> > To upgrade automatically use MandrivaUpdate
or urpmi. The verification> of md5 checksums and GPG signatures is performed automatically for you.> > All packages are
signed by Mandriva for security. You can obtain the> GPG public key of the Mandriva Security Team by executing:> > gpg
--recv-keys --keyserver pgp.mit.edu 0x22458A98> > You can view other update advisories for Mandriva Linux at:> >
http://www.mandriva.com/security/advisories> > If you want to report vulnerabilities, please contact> >
security_(at)_mandriva.com> _______________________________________________________________________> > Type Bits/KeyID
Date User ID> pub 1024D/22458A98 2000-07-10 Mandriva Security Team> <secu
rity*mandriva.com>> -----BEGIN PGP SIGNATURE-----> Version: GnuPG v1.4.9 (GNU/Linux)> >
iD8DBQFIpc66mqjQ0CJFipgRAs8UAJ9zaZ2Q2gNIZIH2QjEkb24qy/p75wCfdjI9> 6ws9cZQ3VJO2BMZpRcO+NGY=> =uJ0s> -----END PGP
SIGNATURE-----> > > > ------------------------------> > Message: 7> Date: Sat, 16 Aug 2008 03:12:16 +0300> From: P?nar
Yanarda? <pinar () pardus org tr>> Subject: [Full-disclosure] [PLSA 2008-25] Postfix: Local privilege> escalation> To:
pardus-security () pardus org tr> Cc: full-disclosure () lists grok org uk> Message-ID: <48A61B60.3040004 () pardus org
tr>> Content-Type: text/plain; charset=UTF-8; format=flowed> >
------------------------------------------------------------------------> Pardus Linux Security Advisory 2008-25
security () pardus org tr> ------------------------------------------------------------------------> Date: 2008-08-16>
Severity: 2> Type: Local> ------------------------------------------------------------------------> > Summary> =======>
Sebastian Krahmer has reporte
d some security issues in Postfix, which> can be exploited by malicious, local users to disclose potentially>
sensitive information and perform certain actions with escalated> privileges.> > > Description> ===========> > 1) A
security issue is caused due to Postfix incorrectly handling> symlink files. This can be exploited to e.g. append mail
messages to> arbitrary files by creating a hardlink to a symlink owned by the root> user.> > Successful exploitation
requires write permission to the mail spool> directory, that there is no "root" mailbox, and users can create a>
hardlink to a symlink.> > 2) A security issue is caused due to Postfix not correctly checking the> ownership of the
destination when delivering email. This can be> exploited to e.g. disclose emails by creating an insecure mailbox file>
for other users.> > Affected packages:> > Pardus 2008:> postfix, all before 2.5.4-20-4> Pardus 2007:> postfix, all
before 2.3.4-12-11> > > Resolution> ==========> > There are upd
ate(s) for postfix. You can update them via Package Manager> or with a single command from console:> > Pardus 2008:>
pisi up postfix> > Pardus 2007:> pisi up postfix> > > References> ==========> > *
http://de.postfix.org/ftpmirror/official/postfix-2.5.4.HISTORY> *
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2936> *
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2937> *
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html> * http://secunia.com/advisories/31485> >
------------------------------------------------------------------------> > -- > Pardus Security Team>
http://security.pardus.org.tr> > > > > ------------------------------> > Message: 8> Date: Fri, 15 Aug 2008 19:20:18
+0100> From: "Smiler S" <smiler808 () googlemail com>> Subject: [Full-disclosure] Step-by-step instructions for
debugging> Cisco IOS using gdb> To: full-disclosure () lists grok org uk> Message-ID:>
<46d5a9ed0808151120j54d980d2lcb085c0de5d93d07 () mail gmail com>> Conte
nt-Type: text/plain; charset="iso-8859-1"> > From: Andy Davis>
<iosftpexploit_at_googlemail.com<iosftpexploit_at_googlemail.com?Subject=Re:%20Step-by-step%20instructions%20for%20debugging%20Cisco%20IOS%20using%20gdb>>>
Date: Tue, 12 Aug 2008 22:01:37 +0100> > >Congratulations you are now debugging IOS ;-)> >One unusual feature, which
I have yet to explain is that when the> >registers are displayed they are all offset by 1 e.g:> > If a vector variable
is stored in a register, gcc writes debug information> telling gdb which register the variable is stored in. This
mapping is> changed between gcc2 & gcc3. Since there isn't anything in the debug output> to distinguish code compiled
by gcc3 from code compiled by gcc2, there is no> way for gdb to know the right map. gdb supports the gcc3 map.> > If
vector code is compiled by gcc2 as in the case of IOS, then the register> assignment will be off by 1.> > PS - Stop
ripping Gyan and Varuns IOS research work you jackass cause you> ai
n't getting no fame with that bullshit :P :P :P> -------------- next part --------------> An HTML attachment was
scrubbed...> URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080815/9f01f697/attachment-0001.html
------------------------------> > Message: 9> Date: Fri, 15 Aug 2008 14:31:41 -0400 (EDT)> From: Derek Callaway
<super () innu org>> Subject: [Full-disclosure] Tool: PorkBind v1.3 Nameserver Security> Scanner (New Version)> To:
bugtraq () securityfocus com> Cc: full-disclosure () lists grok org uk> Message-ID: <20080815142431.C36041 () innu
org>> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed> > This program retrieves version information for the
nameservers of a domain> and produces a report that describes possible vulnerabilities of each.> Vulnerability
information is configurable through a configuration> file; the default is porkbind.conf. Each nameserver is tested for
recursive queries and zone transfers. The code is parallelized with > l
ibpthread.> > http://www.innu.org/~super/tools/porkbind-1.3.tar.gz> > ChangeLog for this version:> > porkbind-1.3>
------------> Wrote in-a-bind shell script that scans random domain names from DMOZ> Implemented recursive query
testing> Changed porkbind.conf to use CVE numbers in addition to CERT alerts> Modified text displayed on stdout to make
it more parsable> Licensed with GNU Lesser General Public License> Fixed timeout/concurrency/memory corruption bugs>
Fixed improper comparison of alpha/beta version numbering bug> Added typecasts to silence compiler warnings> > > -
Derek> > > > ------------------------------> > Message: 10> Date: Fri, 15 Aug 2008 22:18:32 +0200> From: Radoslav
Dejanovi? <radoslav.dejanovic () opsus hr>> Subject: Re: [Full-disclosure] [funsec] Internet attacks against> Georgian
web sites> To: Paul Ferguson <fergdawg () netzero net>> Cc: funsec () linuxbox org, full-disclosure () lists grok org
uk,> bugtraq () securityfocus com, ge () linuxbox org> Message-ID: <48A5E498
.308 () opsus hr>> Content-Type: text/plain; charset=ISO-8859-2> > Paul Ferguson wrote:> > > Also, I wish to say:> > >
"It is clear that there are anti-Georgian forces at work on the> > Internet."> > > > "Who they are, and what their
motivations are 9at this point),> > remains to be seen."> > Just for the record...> > There were in the past several
such "cyber wars" between Croatia and> Serbia, with the scenario not quite unlike this one. The scenario is as>
follows:> > 1. there's some political tension between countries;> > 2. someone on one side decides that it would be
highly patriotic to> attack servers on the other side;> > 3. someone on the other side retaliates by attacking other
country's> servers;> > 4. more individuals join in, adding to the magnitude of the event;> clueless media joins in with
headlines like "brave local patriots are> hacking the (evil) other side into oblivion; we have won the real war,> we're
going to win this one too";> > 5. governments do not q
uite understand what is going on, but they do not> intervene because they can get some political points out of that
mess> (cracked government web pages are collateral damage and in fact good for> propaganda);> > 6. after some time, the
"cyberwar" ceases.> > > IMHO, what is going on in Georgia is a scenario like the one above. I> don't think there's any
real cyberwar between governments going on, but> in fact local groups of people who believe that they're showing their>
patriotism. Therefore:> > - who they are: groups of individuals, not a state operated force> > - what are their
motivations: showing patriotism and having a> "legitimate" target to practice "cyberwar", as nobody is going to>
prosecute a patriotic attack on enemy country's infrastructure.> > - how to end it: it will end by itself.> > > >
------------------------------> > Message: 11> Date: Fri, 15 Aug 2008 21:54:02 -0400> From: "T Biehn" <tbiehn () gmail
com>> Subject: [Full-disclosure] Beware the firefox ZERO DA
YZZZZ> To: "Full Disclosure" <Full-Disclosure () lists grok org uk>> Message-ID:>
<2d6724810808151854g5f0acab2x7273f8498cd0c752 () mail gmail com>> Content-Type: text/plain; charset=ISO-8859-1> > Watch
out for those a.exe droppers boys and girls. Ran into in the wild.> >
http://anubis.iseclab.org/result.php?taskid=cd5d6669682e89049195a55b6f982a84&refresh=1> > > >
------------------------------> > Message: 12> Date: Fri, 15 Aug 2008 19:42:34 -0700> From: coderman <coderman () gmail
com>> Subject: [Full-disclosure] Linus summarizes state of the "security> industry" with precision and accuracy.> To:
"Full Disclosure" <full-disclosure () lists grok org uk>> Message-ID:> <4ef5fec60808151942h1f6866a8nd633c6a5a11eecc4 ()
mail gmail com>> Content-Type: text/plain; charset=ISO-8859-1> > ... hypothesis that "security researchers" are all
masturbating monkey> whores is now proven definitively. [0]> > """> Too often, so-called "security" is split into two
camps: one that> believes in nondisclosure of
problems by hiding knowledge until a bug> is fixed, and one that "revels in exposing vendor security holes> because
they see that as just another proof that the vendors are> corrupt and crap, which admittedly mostly are," Torvalds
states.> > Torvalds went on to say he views both camps as "crazy."> > "Both camps are whoring themselves out for their
own reasons, and both> camps point fingers at each other as a way to cement their own reason> for existence," Torvalds
asserts.> """> > 0. Torvalds Interview with Network World , 08/14/2008>
http://www.networkworld.com/news/2008/081408-torvalds-security-circus.html> > > [ ED: Dr. Diggle the Zoologist grunt /
proctologist has lots of company, lol ]> > > > ------------------------------> > Message: 13> Date: Sat, 16 Aug 2008
13:34:36 +1000> From: silky <michaelslists () gmail com>> Subject: Re: [Full-disclosure] Linus summarizes state of the
"security> industry" with precision and accuracy.> To: coderman <coderman () gmail com>> Cc: Full D
isclosure <full-disclosure () lists grok org uk>> Message-ID:> <5e01c29a0808152034u3aab5ae2q5703e118babc3ac1 () mail
gmail com>> Content-Type: text/plain; charset=ISO-8859-1> > On Sat, Aug 16, 2008 at 12:42 PM, coderman <coderman ()
gmail com> wrote:> > ... hypothesis that "security researchers" are all masturbating monkey> > whores is now proven
definitively. [0]> > I feel I can speak for the entire monkeynet project> (http://www.themonkeynet.com/) when saying we
are offended by this> comparision.> > > > """> > Too often, so-called "security" is split into two camps: one that> >
believes in nondisclosure of problems by hiding knowledge until a bug> > is fixed, and one that "revels in exposing
vendor security holes> > because they see that as just another proof that the vendors are> > corrupt and crap, which
admittedly mostly are," Torvalds states.> >> > Torvalds went on to say he views both camps as "crazy."> >> > "Both
camps are whoring themselves out for their own reasons, and bot
h> > camps point fingers at each other as a way to cement their own reason> > for existence," Torvalds asserts.> >
"""> >> > 0. Torvalds Interview with Network World , 08/14/2008> >
http://www.networkworld.com/news/2008/081408-torvalds-security-circus.html> >> > [ ED: Dr. Diggle the Zoologist grunt /
proctologist has lots of company, lol ]> > -- > noon silky> http://www.themonkeynet.com/armada/>
http://www.themonkeynet.com/> > > > ------------------------------> > _______________________________________________>
Full-Disclosure - We believe in it.> Charter: http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and
sponsored by Secunia - http://secunia.com/> > End of Full-Disclosure Digest, Vol 42, Issue 42>
***********************************************
_________________________________________________________________
Discover the new Windows Vista
http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE _______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: Full-Disclosure Digest, Vol 42, Issue 42 badr muhyeddin (Aug 17)
|
