Thor Larholm wrote:

>>From: Russ [mailto:Russ.Cooper (at) rc.on (dot) ca [email concealed]]
>>(Was: Vulnerability Disclosure Formats (was "Re: Funny article"))
>><snip http://tinyurl.com/ve83>
>>Thor Larholm proposed the idea of a "Union" to me. While I don't like
>>the concept of union's in this day and age, our field is one

[ more ]  [ reply ]

* cstrom (at) cos (dot) com [email concealed] (Chris Strom) [Wed 19 Nov 2003, 22:45 CET]:
>
> I've received a strange HTTP request on my web site from two different sources. The request is logged as:
>
> SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
2
> \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x

[ more ]  [ reply ]

I just saw the same thing on my web server log from last night. It did
no damage, but I blocked the offending IP anyway, it can't be anything
good ;-) I also reported it to the network's abuse address.

Fred

Chris Strom wrote:

>
> I've received a strange HTTP request on my web site from two

[ more ]  [ reply ]

Hello again,

I'm afraid that I have had a couple of reports which state that the

Proof of Concept code which I have written for IA WebMail does not work.

This is often due to the fact that I close the socket immediately as the

malicious data is sent, and so the server does not follow the

[ more ]  [ reply ]

=======================================================
  HPUX dtmailpr buffer overflow vulnerability
=======================================================

Davide Del Vecchio Adv#8

Discovered in: 14/07/2003
Date: 19/11/2003
Tested on HP-UX B.11.00

Description:

  The dtmailpr program reads a

[ more ]  [ reply ]

There is a bug in how the authentication mode works with the web-based

administration page.

This page resides, in the Web Servers with Sharepoint, in

http://www.example.com/_layouts/settings.htm or

http://www.example.com/some_directory/_layouts/settings.htm

This page is usually protecte

[ more ]  [ reply ]

I would like to see an organization that would do exactly that:

> promote and protect the interests of security researchers

Something that at least in the United States, would act as a voice to
the government to counter the claims of vendors. An "advocacy group", as
it were. Probably with lobbyist

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrake Linux Security Update Advisory
_______________________________________________________________________

Package name: glibc
Advisory ID:

[ more ]  [ reply ]

Hello all,

As I stated in my advisory I would release a proof of concept code

after a short period of time which the vendor could use to fix this

and any other bugs for the new release. It has now been in excess

of two weeks, and I have been informed that a fix is almost if not

completely r

[ more ]  [ reply ]

I've received a strange HTTP request on my web site from two different sources. The request is logged as:

SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
2

\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02
\xb1\x02

\xb1\x02\xb1\x02\xb1\x0

[ more ]  [ reply ]

Dear bugtraq (at) securityfocus (dot) com [email concealed],

Probably is known, but is not documented:

Vendor: Valve software
Software: hlds, all versions (including steam).
Problem: Information leak, DoS
Author: SYZo[SND]

Problem:

in server configuration, if allowdownload = 1, it's possible to download
any file from direct

[ more ]  [ reply ]

I like the idea of this, but am concerned by the terminology.

<flame-bait>
What's being proposed is an organization of *vulnerability* researchers.
There are MANY other kinds of security researchers, including those who
design new forms of access controls, security models, intrusion detection
syste

[ more ]  [ reply ]

Application: Kerio Winroute Firewall 5.10
Vendor: Kerio Technologies Inc.
Vendor Site: http://www.kerio.com
Remote: Yes
Exploitable: Yes
Risk level: Critical (if proxy requires authentication)
Authors: Alexander Antipov & 3APA3A (aka Pig Killer)
Authors Sites: http://www.securitylab.ru http://www.s

[ more ]  [ reply ]

YAK! 2.1.0 still vulnerable

===========================

for file transfer yak uses ftp mode. Yak!

listens on port 3535 for file transfer in ftp mode.

vulnerability in the previous version was, they

were using constant username and pass

combination for ftp login.

2.1.0 version seems to

[ more ]  [ reply ]

Hello Austin!

Am 18.11.2003 um 18:28 schrieb Austin Gilbert:
> it appears that Apple's Safari is vulnerable to the
> old Mozilla/IE cookie theft vulnerability outlined by
> Marc Slemko
> http://alive.znep.com/~marcs/security/mozillacookie/

This seems to even work if cookies are disabled.
Stupid, r

[ more ]  [ reply ]

> I may be wrong here, but I don't think that any of the kern.emul.*
> executable emulations are actually enabled on a default install. I have
> installed openbsd in environments requiring one of these since 3.2 and
> have had to specifically enable them every time. COMPAT_* are compiled in
> the d

[ more ]  [ reply ]

>> I don't think those capable of actually doing research require hand holding by anyone.

I don't think there is any need to be so negative : -(

Bugtraq is such a group in existence already, but is more of informal
gathering of like-minded people.

In Asia and the Middle East, Security Associates

[ more ]  [ reply ]

I may be wrong here, but I don't think that any of the kern.emul.*
executable emulations are actually enabled on a default install. I have
installed openbsd in environments requiring one of these since 3.2 and
have had to specifically enable them every time. COMPAT_* are compiled in
the default ker

[ more ]  [ reply ]

i will be releasing a paper regarding kmem allocator (heap) overflows in
kernel space and exploit for patch 005 will be in its content.

buf = malloc(user_controled_size);
vn_rdwr(UIO_READ, ..., user_buf, user_controlled_size, ...);

these types of vulnerabilities are %100 exploitable!
check kern_m

[ more ]  [ reply ]

Thor and Russ,

Adam Shostack and I have been thinking about a researchers'
organization for a while, too. We thought that an important first
step would be to host a vulnerability research workshop that would
discuss many of the key issues facing researchers, including the needs
for a researcher-f

[ more ]  [ reply ]

<snip>

> from http://www.wideopenbsd.org/errata.html
>
> All architectures
>
> 005: RELIABILITY FIX: November 4, 2003
> It is possible for a local user to cause a system panic by
> executing
> a specially crafted binary with an invalid header.
> A source code patch exists which

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated XFree86 packages provide security and bug fixes
Advisory ID: RHSA-2003:288-01
Issue date: 2003-

[ more ]  [ reply ]

<!--

What I would like to see
created is an organization that would promote and protect the interests
of security researchers, plain and simple. There is currently no
organization that exists solely to guide, help and represent security
researchers on a larger scale, yet we can all recognize the

[ more ]  [ reply ]

once again i am honored to present you a generic and robust way to own
OpenBSD 2.x-3.x, enjoy ;)

it is quite funny to name ring 0 overflow patches as "reliability fixes".
who does theo thinks he is fooling ? kiddies in his cult ?

you can patch your useless/old openbsd systems by visiting;
http://

[ more ]  [ reply ]

Steven M. Christey wrote:

> It would be very interesting to see any results that try to compare
> the timeliness of vendor response. I attemped to conduct such a
> study

I would be too.

> a year and a half ago, but the study failed due to lack of time and a
> lot of other factors such as:
(...)

[ more ]  [ reply ]

Steven M. Christey wrote:

> There are a couple proposals out there, but I don't think they've
> gotten as much attention as they deserve:
>
> Common Advisory Interchange Format
>
http://cert.uni-stuttgart.de/files/caif/requirements/split/requirements.
html
>
>
> Advisory and Notification Markup Lan

[ more ]  [ reply ]

Hi,

it appears that Apple's Safari is vulnerable to the
old Mozilla/IE cookie theft vulnerability outlined by
Marc Slemko
http://alive.znep.com/~marcs/security/mozillacookie/

Marc posted a nice demo so that you can verify the
vulnerability.
http://alive.znep.com/~marcs/security/mozillacookie/demo

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______

SUSE Security Announcement

Package: sane
Announcement-ID: SuSE-SA:2003:046
Date: Tuesday, Nov 1

[ more ]  [ reply ]

Jelmer wrote:

> thats this issue :
>
> http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-09/0654.html

>
> Unfortunatly I imagine it's being used pretty heavily to install malware
> since I had some run ins with
> it myself just browsing some sites

For the past several weeks, I've see

[ more ]  [ reply ]

To: announce (at) lists.caldera (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________
______

SCO Security Advisory

Subject: OpenLinux: L

[ more ]  [ reply ]