|
|
Colapse all |
Post message
Re: 3 Comprehensive links in combat with MSBlaster Worm 2003-08-13 Jean-Luc Cavey (Jean-Luc Cavey org) Buffer overflow prevention 2003-08-13 Eygene A. Ryabinkin (rea rea mbslab kiae ru) (4 replies) Hi! I have an idea on buffer overflow prevention. I doubt that it's new, but I haven't seen an implementation of it in any freely distributable Un*x system. So, I hardly need your comments on it. Preliminary: I'm talking about Intel x86 architecture, but maybe it will be applicable to others as [ more ] [ reply ] Re: Microsoft MCWNDX.OCX ActiveX buffer overflow 2003-08-13 xenophi1e (oliver lavery sympatico ca) (1 replies) In-Reply-To: <007201c361df$c311f0c0$329f8018@youru10ixi0anw> Does anyone know what the guid for this control is? I don't have it on XP with Visual Studio 6 installed. Could this be the same as the Microsoft Multimedia Control, aka MCI32.OCX? Cheers, ~ol > Microsoft MCWNDX.OCX Acti [ more ] [ reply ] RE: Microsoft MCWNDX.OCX ActiveX buffer overflow 2003-08-13 Drew Copley (dcopley eeye com) (1 replies) RE: Microsoft MCWNDX.OCX ActiveX buffer overflow 2003-08-13 Oliver Lavery (oliver lavery sympatico ca) rpc sdbot 2003-08-13 Daniel Otis-Vigil (dvigil moosoft com) This sdbot variant has been spreading around Undernet and is a combination of the msblast worm, sdbot and spybot. It installs as a service and triggers WFP which I think was a mistake. Termination of the process causes an immediate reboot. Samples are available here: http://www.moosoft.com/th [ more ] [ reply ] Microsoft MCWNDX.OCX ActiveX buffer overflow 2003-08-13 Tri Huynh (trihuynh zeeup com) Microsoft MCWNDX.OCX ActiveX buffer overflow ================================================= PROGRAM: MICROSOFT MCIWNDX.OCX ACTIVEX BUFFER OVERFLOW HOMEPAGE: www.microsoft.com VULNERABLE VERSIONS: MCWNDX is an ActiveX shipped with Visual Studio 6 to support multimedia programming. DESCRIP [ more ] [ reply ] Denial of Service Vulnerability in NFS on IRIX 2003-08-13 SGI Security Coordinator (agent99 sgi com) Cisco Security Advisory: CiscoWorks Application Vulnerabilities 2003-08-13 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: CiscoWorks Application Vulnerabilities Revision Numeral 1.0: INTERIM ============================= For Public Release 2003 August 13 UTC 1500 - ------------------------------------------------------------------------ ------- [ more ] [ reply ] Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalatio n Vulnerabilities 2003-08-13 Omicron portcullis-security com Portcullis Security Advisory CiscoWorks 2000 Priviledge Escalation Vulnerability Vulnerability discovery and development: Omicron (at) portcullis-security (dot) com [email concealed] Affected systems: Ciscoworks 2000 Details: Portcullis have discovered that using the default Guest account which has no password set, th [ more ] [ reply ] ZH2003-24SA (security advisory): ChitChat.NET XSS Vulnerability 2003-08-13 G00db0y (G00db0y zone-h org) ZH2003-24SA (security advisory): ChitChat.NET XSS Vulnerability Published: 13 august 2003 Released: 13 august 2003 Name: ChitChat.NET Affected Systems: 2.0 Issue: Remote attackers can inject XSS script Author: G00db0y (at) zone-h (dot) org [email concealed] Vendor: http://clickcess.com/ Descripti [ more ] [ reply ] 3 Comprehensive links in combat with MSBlaster Worm 2003-08-12 Geoff Shively (gshively pivx com) More DCOM Fun, The boards and lists are flooded with data on this little bugger. Almost too much data, and vital stuff gets lost in the myriad email chains and re: threads. I summed up these 3 links for easy access. Hope it helps. DCOM ISS Scanner: http://www.iss.net/support/product_utilities/ms03- [ more ] [ reply ] ZH2003-23SA (security advisory): HostAdmin Path Disclosure 2003-08-12 G00db0y (G00db0y zone-h org) ZH2003-23SA (security advisory): HostAdmin Path Disclosure Published: 12 august 2003 Released: 12 august 2003 Name: HostAdmin Affected Systems: current version Issue: Remote attackers can know the path of the site Author: G00db0y (at) zone-h (dot) org [email concealed] Vendor: http://dreamcost.com/?page [ more ] [ reply ] Netris client Buffer Overflow Vulnerability. 2003-08-12 Shaun Colley (shaunige yahoo co uk) -[INTRODUCTION]- Netris is a Linux clone of the classic infamous game Tetr*s, giving users three main game modes: play an individual game, server mode: bind to a port and wait for an incoming connection from an opponents Netris client, and connect mode: connect to an opponents Netris client which [ more ] [ reply ] [SECURITY] [DSA-371-1] New perl packages fix cross-site scripting 2003-08-12 Matt Zimmerman (mdz debian org) RE: Microsoft RPC DCOM exploit descriptions 2003-08-12 Troy Murray (murrayt5 msu edu) Internet Security Systems (http://www.iss.net) has released a scan tool to check for the MS03-026 patch on Windows servers. I've downloaded and run this tool, command-line only, on my servers and it reports correctly that they are patched. Running a scan on the 35-10.40.x range though yields 5 sys [ more ] [ reply ] SuSE Security Announcement: kernel (SuSE-SA:2003:034) 2003-08-12 krahmer suse de (Sebastian Krahmer) KaHT II - Massive RPC Dcom exploit.. 2003-08-11 at4r ins4n3 (at4r hotmail com) multithreading &os detection && macros support... exploit can be found here: www.croulder.com/haxorcitos/kaht2.zip example: KaHT.exe 10.10.40.0 10.10.255.255 300 _________________________________________________ KAHT II - MASSIVE RPC EXPLOIT DCOM RPC exploit. Modified by aT4r@3wdes [ more ] [ reply ] RE: [Full-Disclosure] msblast.exe 2003-08-11 Robert Ersoni (rober videotron ca) Here is the latest on this from McAfee and Trend. http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547 http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSB LAST.A Rob. -----Original Message----- From: full-disclosure-admin (at) lists.netsys (dot) com [email concealed] [mailto:full [ more ] [ reply ] [CLA-2003:720] Conectiva Security Announcement - lynx 2003-08-11 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : lynx SUMMARY : CRLF injection local vulnerabi [ more ] [ reply ] DCOM worm analysis report: W32.Blaster.Worm 2003-08-11 Dave Ahmad (da securityfocus com) A Bugtraq user has already pointed out that a worm has been discovered in the wild that exploits the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (Bugtraq ID 8205) to infect host systems. Symantec has been tracking its activity and is currently conducting analysis/full disasse [ more ] [ reply ] New Windows DCOM Worm - msblast.exe (fwd) 2003-08-11 Dave Ahmad (da securityfocus com) David Mirza Ahmad Symantec PGP: 0x26005712 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12 -- The battle for the past is for the future. We must be the winners of the memory war. ---------- Forwarded message ---------- Return-Path: <david.vincent (at) mightyoaks (dot) com [email concealed]> Delivered-To: da@sec [ more ] [ reply ] |
|
Privacy Statement |
On Wed, Aug 13, 2003 at 02:28:33PM +0400, Eygene A. Ryabinkin composed:
> I have an idea on buffer overflow prevention. I doubt that it's
> new, but I haven't seen an implementation of it in any freely
> distributable Un*x system. So, I hardly need your comments on it.
Please accept my apology
[ more ] [ reply ]