> You all still don't understand the problem.
>
> I have setuid smbmnt on the client side and one remote with smb share, I own.
>
> I create setuid binary on the share, and MOUNT THE SHARE under regular user
> with uid!=0. Then run that binary and gain root privileges.
>
> Is it clear? This is no

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in Microsoft ASN.1 Library

Original issue date: February 10, 2004
Last revised: --
Source: US-CERT

A complete revision history is at the end of this document.

Systems Affected

* Microsoft Windows NT 4.0

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : gaim
SUMMARY : Several remote vulnerabilities

[ more ]  [ reply ]

Yes, I am not sure what Microsoft did with the wording there that seems
to be misleading to at least a few people so far.

There is just as much, if not more, chance of people using this
vulnerability on server side applications as there is on client-side
applications.

For example we setup a totall

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

iDEFENSE Security Advisory 02.10.04

XFree86 Font Information File Buffer Overflow
http://www.idefense.com/application/poi/display?id=72
February 10, 2004

I. BACKGROUND

In short, XFree86 is an open source X11-based desktop infrastructure.

XFree86, pr

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : vim
SUMMARY : Arbitrary commands execution th

[ more ]  [ reply ]

This attack can be performed through various encryption systems such as
Kerberos and almost anything using CERTs... I am not sure about
Microsofts wording in their advisory.

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Netw

[ more ]  [ reply ]

In the security bulletin published by MS it states,
"In the most likely exploitable scenario, an attacker
would have to have direct access to the user's
network."

The bulletin published by eEye states "...applications
that make use of certificates (SSL, digitally-signed
e-mail, signed ActiveX contr

[ more ]  [ reply ]

> -----Original Message-----
> From: dotsecure (at) hushmail (dot) com [email concealed] [mailto:dotsecure (at) hushmail (dot) com [email concealed]]
> Sent: Tuesday, February 10, 2004 10:21 AM
> To: full-disclosure (at) lists.netsys (dot) com [email concealed];
> bugtraq (at) securityfocus (dot) com [email concealed];
> patchmanagement (at) listserv.patchmanagement (dot) org [email concealed]
> Subject: Another Low Blow From Microsoft

[ more ]  [ reply ]

As you know MyDoom.A machines are exploited by MyDoom.C and Vesser - There is a faster and more dangerous worm exploiting these machines : his name is "kiddies" !!

so here is one of the codes used by hax0rz to exploit Mydoom.A machines (many other codes in the wild)

Regards.

Fabien // K-OTi

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Another Low Blow from Microsoft.

Within the last few weeks at our company we have been doing testing to
find out total number of patched machines we have against the latest
Messenger Service Vulnerability. After checking few thousand computers
we have

[ more ]  [ reply ]

Microsoft ASN.1 Library Bit String Heap Corruption

Release Date:
February 10, 2004

Date Reported:
September 25, 2003

Severity:
High (Remote Code Execution)

Systems Affected:
Microsoft Windows NT 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003

Description:
eEye Digi

[ more ]  [ reply ]

Microsoft ASN.1 Library Length Overflow Heap Corruption

Release Date:
February 10, 2004

Date Reported:
July 25, 2003

Severity:
High (Remote Code Execution)

Systems Affected:
Microsoft Windows NT 4.0 (all versions)
Microsoft Windows 2000 (SP3 and earlier)
Microsoft Windows XP (all versions)

Soft

[ more ]  [ reply ]

Hi,

I was looking over the MyDoom email messages that I received today and found
about 15 copies of the worm which came from postmasters in bounce messages.
Some postmasters, when sending out a bounce message, include the original
email message as an attachment. If a bounce message is for a
MyDoom

[ more ]  [ reply ]

<!--

Cheng Peng Su Wrote:

<a href="shell:My Music"

-->

Excellent ! The revival of the Pull's shell game:

"directoryInfo.html", ie the "file://::{CLSID}"

[see: http://www.securityfocus.com/bid/3867/]

The following on this so-called Microsoft Windows XP machine:

Control Panel
Administr

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

XBOX EvolutionX ftp 'cd' command and telnet 'dir' buffer overflow

Vendor:
- -------

http://www.evolutionx.info

Vulnerable version:
- -------------------

Test on EvolutionX 3921 3935, maybe all version of EvolutionX

Vunlnerablity:
- --------------

[ more ]  [ reply ]

Products: PHPNuke 6.9 > (posibbly 7.x) (http://www.phpnuke.org)
Date: 10 February 2004
Author: pokleyzz <pokleyzz_at_scan-associates.net>
Contributors: sk_at_scan-associates.net
shaharil_at_scan-associates.net
munir_at_scan-associates.net
URL: http://www.scan-associates.net

Summary: PHPNuke 6.

[ more ]  [ reply ]