[Full-Disclosure] Re: Full-Disclosure digest, Vol 1 #2020 - 10 msgs
From: jialc (jialc_at_netpower.com.cn)
Date: 11/11/04
- Previous message: Jirka Kosina: "Re: [Full-Disclosure] Re: Linux ELF loader vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "full-disclosure@lists.netsys.com" <full-disclosure@lists.netsys.com> Date: Thu, 11 Nov 2004 19:33:47 +0800
full-disclosure-request,您好!
======= 2004-11-04 01:00:09 您在来信中写道:=======
>Send Full-Disclosure mailing list submissions to
> full-disclosure@lists.netsys.com
>
>To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.netsys.com/mailman/listinfo/full-disclosure
>or, via email, send a message with subject or body 'help' to
> full-disclosure-request@lists.netsys.com
>
>You can reach the person managing the list at
> full-disclosure-admin@lists.netsys.com
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Full-Disclosure digest..."
>
>
>Today's Topics:
>
> 1. I am NOT out of here hahaha (Frank de Wit)
> 2. Re: I am out of here (Berend-Jan Wever)
> 3. RE: Security (for the common people) in electronic vote? (Sean Crawford)
> 4. [ GLSA 200411-07 ] Proxytunnel: Format string vulnerability (Thierry Carrez)
> 5. Re: I am out of here (Berend-Jan Wever)
> 6. Re: How to clear contents of protected storage - Windows 2000 (Danny)
> 7. Re: How to clear contents of protected storage - Windows 2000 (Danny)
> 8. RE: I am out of here (Banta, Will)
> 9. Re: I am out of here (Barry Fitzgerald)
> 10. Re: I am out of here (kyle l)
>
>--__--__--
>
>Message: 1
>Date: Wed, 03 Nov 2004 11:30:56 +0100
>From: Frank de Wit <frankdewit@home.nl>
>CC: full-disclosure@lists.netsys.com
>Subject: [Full-Disclosure] I am NOT out of here hahaha
>
>people talking about politics are usually boring, thinking only about
>themselves and what they can gain personally by doing politics
>politics have nothing to do with thinking about the wellbeing of
>people... only the RedCross, SalvationArmy, MSF etc do that
>that's why those people like to mail about offtopic things on this
>FD-list, they are too stupid to care or understand what they're doing
>personally I have fun pressing the delete key very much lately...
>they are all wrinting blisters on their fingers, and all for nothing
>because no-one reads it hahaha
>hojje from holland
>
>Ali Campbell wrote:
>
>> Hugo van der Kooij wrote:
>>
>>> Thank you all for turning a security mailinglist into a mudpool in which
>>> throwing around dirt about political candidates has become the prime
>>> objective.
>>>
>>> However that was not my objective when I came to this list so it seems
>>> this list has become rather useless to me.
>>>
>>> Quite a pity. But that is full-disclosure for you.
>>>
>>> So long and thanks for all the fish.
>>>
>>> Hugo.
>>>
>>
>> Me too. I'm unsubscribing. Have a nice day.
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>
>
>--__--__--
>
>Message: 2
>From: "Berend-Jan Wever" <skylined@edup.tudelft.nl>
>To: <full-disclosure@lists.netsys.com>
>Subject: Re: [Full-Disclosure] I am out of here
>Date: Wed, 3 Nov 2004 14:34:34 +0100
>
>If you can't stand the heat, get out of the kitchen!
>
>Cheers,
>SkyLined
>
>
>--__--__--
>
>Message: 3
>Reply-To: <sean01@accnet.com.au>
>From: "Sean Crawford" <sean01@accnet.com.au>
>To: <full-disclosure@lists.netsys.com>
>Subject: RE: [Full-Disclosure] Security (for the common people) in electronic vote?
>Date: Thu, 4 Nov 2004 01:05:47 +1100
>
>Now Australian and the US both have angry gnomes as the heads of state.....
>
>Flame me off list please....
>
>
>
>--->
>---> -----Messaggio originale-----
>---> Surprise!
>--->
>---> with electronic vote win Bush,
>---> so we've made a great scientific discover:
>---> in information technology bits=bush :-)
>--->
>---> Tiziano Radice
>
>
>--__--__--
>
>Message: 4
>Date: Wed, 03 Nov 2004 15:06:32 +0100
>From: Thierry Carrez <koon@gentoo.org>
>Organization: Gentoo Linux
>To: gentoo-announce@gentoo.org
>CC: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com,
> security-alerts@linuxsecurity.com
>Subject: [Full-Disclosure] [ GLSA 200411-07 ] Proxytunnel: Format string vulnerability
>
>This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
>--------------enig76CB791339E9D081EAF57416
>Content-Type: text/plain; charset=ISO-8859-1
>Content-Transfer-Encoding: 7bit
>
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>Gentoo Linux Security Advisory GLSA 200411-07
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> http://security.gentoo.org/
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> Severity: Normal
> Title: Proxytunnel: Format string vulnerability
> Date: November 03, 2004
> Bugs: #69379
> ID: 200411-07
>
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
>Synopsis
>========
>
>Proxytunnel is vulnerable to a format string vulnerability, potentially
>allowing a remote server to execute arbitrary code with the rights of
>the Proxytunnel process.
>
>Background
>==========
>
>Proxytunnel is a program that tunnels connections to a remote server
>through a standard HTTPS proxy.
>
>Affected packages
>=================
>
> -------------------------------------------------------------------
> Package / Vulnerable / Unaffected
> -------------------------------------------------------------------
> 1 net-misc/proxytunnel < 1.2.3 >= 1.2.3
>
>Description
>===========
>
>Florian Schilhabel of the Gentoo Linux Security Audit project found a
>format string vulnerability in Proxytunnel. When the program is started
>in daemon mode (-a [port]), it improperly logs invalid proxy answers to
>syslog.
>
>Impact
>======
>
>A malicious remote server could send specially-crafted invalid answers
>to exploit the format string vulnerability, potentially allowing the
>execution of arbitrary code on the tunnelling host with the rights of
>the Proxytunnel process.
>
>Workaround
>==========
>
>You can mitigate the issue by only allowing connections to trusted
>remote servers.
>
>Resolution
>==========
>
>All Proxytunnel users should upgrade to the latest version:
>
> # emerge --sync
> # emerge --ask --oneshot --verbose ">=net-misc/proxytunnel-1.2.3"
>
>References
>==========
>
> [ 1 ] CAN-2004-0992
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0992
> [ 2 ] Proxytunnel News
> http://proxytunnel.sourceforge.net/news.html
>
>Availability
>============
>
>This GLSA and any updates to it are available for viewing at
>the Gentoo Security Website:
>
> http://security.gentoo.org/glsa/glsa-200411-07.xml
>
>Concerns?
>=========
>
>Security is a primary focus of Gentoo Linux and ensuring the
>confidentiality and security of our users machines is of utmost
>importance to us. Any security concerns should be addressed to
>security@gentoo.org or alternatively, you may file a bug at
>http://bugs.gentoo.org.
>
>License
>=======
>
>Copyright 2004 Gentoo Foundation, Inc; referenced text
>belongs to its owner(s).
>
>The contents of this document are licensed under the
>Creative Commons - Attribution / Share Alike license.
>
>http://creativecommons.org/licenses/by-sa/1.0
>
>
>--------------enig76CB791339E9D081EAF57416
>Content-Type: application/pgp-signature; name="signature.asc"
>Content-Description: OpenPGP digital signature
>Content-Disposition: attachment; filename="signature.asc"
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.4 (GNU/Linux)
>
>iD8DBQFBiOXtvcL1obalX08RAnYnAJwIshpFa+FYWxodGye7GhzXT3u/4QCfezXh
>UCoNhH9Pa2ynywjd+lSdtUk=
>=WJOx
>-----END PGP SIGNATURE-----
>
>--------------enig76CB791339E9D081EAF57416--
>
>
>--__--__--
>
>Message: 5
>From: "Berend-Jan Wever" <skylined@edup.tudelft.nl>
>To: <full-disclosure@lists.netsys.com>
>Subject: Re: [Full-Disclosure] I am out of here
>Date: Wed, 3 Nov 2004 15:39:02 +0100
>
>> If you can't stand the heat, get out of the kitchen!
>
>And btw: if you're not cooking, get the *** out too!
>
>Cheers,
>SkyLined
>
>
>
>--__--__--
>
>Message: 6
>Date: Wed, 3 Nov 2004 09:56:31 -0500
>From: Danny <nocmonkey@gmail.com>
>Reply-To: Danny <nocmonkey@gmail.com>
>To: 3APA3A <3apa3a@security.nnov.ru>
>Subject: Re: [Full-Disclosure] How to clear contents of protected storage - Windows 2000
>Cc: full-disclosure@lists.netsys.com
>
>On Wed, 3 Nov 2004 11:32:40 +0300, 3APA3A <3apa3a@security.nnov.ru> wrote:
>> Dear Danny,
>>
>> You can use Cain & Abel (http://www.oxid.it).
>
>Hi 3APA3A,
>
>Thank you for the tip. For this particular job, it does not display
>all of the entries listed from pstoreview.exe, specifically the
>INETCOMM Server passwords.
>
>Anything else I can try?
>
>...D
>
>
>--__--__--
>
>Message: 7
>Date: Wed, 3 Nov 2004 10:15:36 -0500
>From: Danny <nocmonkey@gmail.com>
>Reply-To: Danny <nocmonkey@gmail.com>
>To: 3APA3A <3apa3a@security.nnov.ru>
>Subject: Re: [Full-Disclosure] How to clear contents of protected storage - Windows 2000
>Cc: full-disclosure@lists.netsys.com
>
>On Wed, 3 Nov 2004 09:56:31 -0500, Danny <nocmonkey@gmail.com> wrote:
>> On Wed, 3 Nov 2004 11:32:40 +0300, 3APA3A <3apa3a@security.nnov.ru> wrote:
>> > Dear Danny,
>> >
>> > You can use Cain & Abel (http://www.oxid.it).
>>
>> Hi 3APA3A,
>>
>> Thank you for the tip. For this particular job, it does not display
>> all of the entries listed from pstoreview.exe, specifically the
>> INETCOMM Server passwords.
>>
>> Anything else I can try?
>
>I found passview from nirsoft. Works. Case closed.
>
>..D
>
>
>--__--__--
>
>Message: 8
>Subject: RE: [Full-Disclosure] I am out of here
>Date: Wed, 3 Nov 2004 09:58:06 -0600
>From: "Banta, Will" <Will.Banta@broadwing.com>
>To: <full-disclosure@lists.netsys.com>
>
>>Thank you all for turning a security mailinglist into a mudpool in
>which throwing around dirt about political candidates has become
>>the prime objective.
>
>What we've seen on this list only serves to show how important this
>election is to many people the world over, not just Americans.
>The drama will subside and people will return to business. All you need
>do is wait it out and ignore the obvious OT stuff if you're
>uninterested. Granted people might be more judicious in their use of
>"reply all" over "reply".
>
>>However that was not my objective when I came to this list so it seems
>this list has become rather useless to me.
>
>What was your objective in coming to this list?
>
>>Quite a pity. But that is full-disclosure for you.
>
>I haven't been on this list long, but I've benefited from your posts so
>I think the pity is that you've decided to "take your blocks" and stalk
>off like a child.
>
>>So long and thanks for all the fish.
>
>There's more fish so why not stay awhile longer?
>
>
>> I hate duplicates. Just reply to the relevant mailinglist.
>> hvdkooij@vanderkooij.org
>http://hvdkooij.xs4all.nl/
>> Don't meddle in the affairs of magicians,
>> for they are subtle and quick to anger.
>
>
>--__--__--
>
>Message: 9
>Date: Wed, 03 Nov 2004 11:02:13 -0500
>From: Barry Fitzgerald <bkfsec@sdf.lonestar.org>
>To: Berend-Jan Wever <skylined@edup.tudelft.nl>
>CC: full-disclosure@lists.netsys.com
>Subject: Re: [Full-Disclosure] I am out of here
>
>Berend-Jan Wever wrote:
>
>>>If you can't stand the heat, get out of the kitchen!
>>>
>>>
>>
>>And btw: if you're not cooking, get the *** out too!
>>
>>
>>
>Yeah - how hard is it to hit delete anyway?
>
>(I don't think I've ever joined a mailing list expecting every post to
>be interesting to me... nor even the majority. It seems like an
>unrealistic expectation.)
>
> -Barry
>
>
>--__--__--
>
>Message: 10
>Date: Wed, 3 Nov 2004 10:32:46 -0600
>From: kyle l <wtfbomb@gmail.com>
>Reply-To: kyle l <wtfbomb@gmail.com>
>To: Berend-Jan Wever <skylined@edup.tudelft.nl>
>Subject: Re: [Full-Disclosure] I am out of here
>Cc: full-disclosure@lists.netsys.com
>
>so stop bitching... it's people like you and people like me who waste
>their time sending the types of messages like this that piss everyone
>off
>
>if it didnt happen in the first place there would not be a problem
>
>consider this next time you feel the need to inform us about leaving
>the mailing list; we really dont care.
>
>honestly.
>
>
>
>[http://www.eleat.org]
>
>
>On Wed, 3 Nov 2004 15:39:02 +0100, Berend-Jan Wever
><skylined@edup.tudelft.nl> wrote:
>> > If you can't stand the heat, get out of the kitchen!
>>
>> And btw: if you're not cooking, get the *** out too!
>>
>>
>>
>> Cheers,
>> SkyLined
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>
>
>
>--__--__--
>
>_______________________________________________
>Full-Disclosure mailing list
>Full-Disclosure@lists.netsys.com
>http://lists.netsys.com/mailman/listinfo/full-disclosure
>
>
>End of Full-Disclosure Digest
>
= = = = = = = = = = = = = = = = = = = =
致
礼!
jialc
jialc@netpower.com.cn
2004-11-11
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Jirka Kosina: "Re: [Full-Disclosure] Re: Linux ELF loader vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
