I tried tried the proof of concept and indeed it looks like your 'hack' was succesful. I have WinXP with all patches from WindowsUpdate and run Sophos AV.

However, you might want to put up a warning that running the proof of concept will change a on your harddisk.

Met vriendelijke groet,

Philip W

[ more ]  [ reply ]

I just finished a first cut at a FAQ on worms and worm containment (my
obsession for the last couple of years). It should be of interest to a
number of bugtraq readers:

http://www.NetWorm.org/faq/

Stuart.

Stuart Staniford, President Tel: 707-445-4355 x 15
Silicon Defense -

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is in response to the mail posted by Joshua Wright. The original mail is
available at
http://www.securityfocus.com/archive/1/340365/2003-10-03/2003-10-09/0

On Monday 06 October 2003 05:06, Joshua Wright wrote:
> In August 2003, I sent a tool I ha

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated SANE packages fix remote vulnerabilities
Advisory ID: RHSA-2003:278-01
Issue date: 2003-10-07
U

[ more ]  [ reply ]

In-Reply-To: <20031006210520.GA3033 (at) gmx (dot) net [email concealed]>

Well, MOSDEF is fairly far along, but the C compiler is not quite done, so no, you can't compile nmap and send it over for execution.

Of course, that's not even an intended application. MOSDEF doesn't attach stdin and stdout to anything in particular

[ more ]  [ reply ]

#######################################################################

Luigi Auriemma

Application: Medieval Total War
http://www.totalwar.com
Versions: <= 1.1
Platforms: Windows
Bug: Remote crash of server and attached clients caused by

[ more ]  [ reply ]

#######################################################################

Luigi Auriemma

Application: Medieval Total War
http://www.totalwar.com
Versions: <= 1.1
Platforms: Windows
Bug: "Connection expired" message to server and connected

[ more ]  [ reply ]

GreyMagic Security Advisory GM#003-MC
=====================================

By GreyMagic Software, Israel.
07 Oct 2003.

Available in HTML format at http://security.greymagic.com/adv/gm003-mc/.

Topic: Adobe SVG Viewer Local and Remote File Reading.

Discovery date: 07 Sep 2003.

Affected applicati

[ more ]  [ reply ]

IE 6 XML Patch Bypass

I have recently been playing around with the xml+windows media player exploit, and it
seems that even with the new Microsoft patch applied, the vulnerability works.
I have tried it on 7 different people, on win2k and xp, and it worked everytime.
The 8th person was using DAP

[ more ]  [ reply ]

GreyMagic Security Advisory GM#004-MC
=====================================

By GreyMagic Software, Israel.
07 Oct 2003.

Available in HTML format at http://security.greymagic.com/adv/gm004-mc/.

Topic: Adobe SVG Viewer Cross Domain and Zone Access.

Discovery date: 07 Sep 2003.

Affected applicatio

[ more ]  [ reply ]

ZH2003-3SP (security patch): multiple vulnerabilities in mod_gzip 1.3.x debug
mode

Released: 7 October 2003
Name: mod_gzip
Affected versions: all versions (debug mode)
Issue: stack overflow, format string and insecure file creation
Author: Astharot (at Zone-H.org)
Vendor: http://sourceforge.net/pro

[ more ]  [ reply ]

Vendor: PeopleSoft

PS Solution ID: 200749183

Product: People Tools

Version: 8.42

Platform: Solaris 8, BEA WebLogic, Others?

Remote/Local: Remote, Unauthenticated

Title: File Availability

Impact: Data accessible by Everyone.

Descript

[ more ]  [ reply ]

GreyMagic Security Advisory GM#002-MC
=====================================

By GreyMagic Software, Israel.
07 Oct 2003.

Available in HTML format at http://security.greymagic.com/adv/gm002-mc/.

Topic: Adobe SVG Viewer Active Scripting Bypass.

Discovery date: 19 Aug 2003.

Affected applications:
=

[ more ]  [ reply ]

Hi,
I enclose the impurity-1.0 release. The README follows. I would like to hear
some comparisons with MOSDEF and InlineEgg; can you guys implement nmap in
your shellcode ;) ?
peace,
algo

Impurity-1.0
by Alexander E. Cuttergo <cuttergo (at) gmx (dot) net [email concealed]>

Concept
Impurity is a set of scripts which make

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Adam,

thanks for the question, here is the answer:

just downloaded the 3.0.8 from Jboss.org and
changed the port of the exploit code from
1701 to 1476, which is the HSQL port in
Version 3.0.8 of JBoss.
I can confirm that

JBOSS 3.0.8 is als

[ more ]  [ reply ]

+-----------------------------+
Advisories: JS/HTML code injection in File-Sharing for NET v1.5 and Forums Web Server v1.5
Author: nimber [nimber (at) mail (dot) ru [email concealed]]
Date: 10/06/2003
+-----------------------------+
Vendor: http://www.minihttpserver.net
Version: 1.5 (and older versions?)
Shareware :)
Mini-desc

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am answering both mails from Stefan Nordhausen to bugtraq, about symlink
race conditions in the packages susewm (1) and javarunt (Java Runtime
Environment) (2).

> Affected:               SuSE Linux 8.2Pro
> Not affected:           SuSE Linux 7.3Pro,

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

======================================================================
Security advisory 20031006
- ----------------------------------------------------------------------
Product: slocate
Vulnerability type: buffer overflow (c

[ more ]  [ reply ]

While doing some more testing I have found that some Access Runner's are actually "immune" to this type of attack. I do not know just yet why some are immune and some are not. Still trying to get in contact with Conexant on this but have yet to find any contact info.

Please do take note that t

[ more ]  [ reply ]

Vulnerabilities in Easy File Sharing Web Server (1.2 NEW).

+-----------------------------+
Vendor: www.sharing-file.com
Version: 1.2 (new)
Date: Sep 22, 2003
Size: 2115KB
Mini-description:
"Easy File Sharing Web Server contains several built-in systems including HTTP Web Server,multi-threads databa

[ more ]  [ reply ]

So now Verisign wants to protect your privacy .. and I've got a bridge or an
Eiffel Tower to sell, if you're interested.

According to Verisign, ICANN is an organization whose sole existance seems to be
to invade your privacy and spam you to death.

http://www.verisign.com/corporate/news/2003/pr_200

[ more ]  [ reply ]

SNAP Innovation's PrimeBase Database 4.2 poor default file permissions and
use of symlinks during install.
September 1, 2003

I. BACKGROUND

From the readme.txt file

"The PrimeBase Database Server is a relational Database Management System
(DBMS) for Mac, UNIX and Windows platforms. The PrimeBase

[ more ]  [ reply ]

> it is a security hole because it demonstrates that the message.cgi script

> does not have

> an input validation system.

This isn't a security hole but more of a scripting mistake. You don't gain any additional access, you don't r00t the box, you don't even steal another users session. Commo

[ more ]  [ reply ]

I could not replicate this on a 6509 using remote authentication
and secureID, and those are the only ones we have around. Has
anyone been able to replicate this?

--- Bob Niederman <btrq (at) bob-n (dot) com [email concealed]> wrote:
>
>
>
> While this is clearly a bug, the example given does not show
> that it's
> serious

[ more ]  [ reply ]

------------------------------------------------------------------------
-------
GENTOO LINUX SECURITY ANNOUNCEMENT 200310-02
------------------------------------------------------------------------
-------
Package : cfengine
Summary : stack overflow in cfengine network code

[ more ]  [ reply ]

Informations :
°°°°°°°°°°°°°
Language : PHP
Bugged Version : 2.4p3 (and less ?)
Patched version : 2.4p4
Website : http://www.freeguppy.org
Problems :
- Permanent XSS
- Files Reading
- Files Writing

PHP Code/Location :
°°°°°°°°°°°°°°°°°°°

postguest.php :

-------------------------------------------

[ more ]  [ reply ]

"Russ Uhte (Lists)" <russlists (at) mailtest.parallax (dot) ws [email concealed]> and
Sherlock <sherl0ck (at) comcast (dot) net [email concealed]> wrote:

> ... It also crashes Eudora version 6.0.0.22 ...
> ... Eudora crashed with a MSHTML.DLL error. ...

You need to disable "Use Microsoft's viewer" in Tools > Options > Viewing
Mail. This, and other Eudora

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

========================================================================
=====
FreeBSD-SA-03:15.openssh Security Advisory
The FreeBSD Project

Topic: Op

[ more ]  [ reply ]

This is in response to "Geeklog Multiple Versions Vulnerabilities",
<http://www.securityfocus.com/archive/1/339494> and a follow-up post to
Full Disclosure which, I assume, was also sent to BugTraq:

Lorenzo Hernandez Garcia-Hierro wrote:

>Due to the completely incorrect treatment and work of the

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================
Illegalaccess.org Security Alert
================================

Date : 10/04/2003
Application : JBoss, java server for running J2EE enterprise
applications
Version : 3.2.1
Website : http:/

[ more ]  [ reply ]