Re: [Full-disclosure] Why FD should unban n3td3v.

GO SUCK A LEMON -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Lane Christiansen Sent: 31. august 2009 06:07 To: John Q Publix Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Why FD

[Full-disclosure] Illustrating the Linux sock_sendpage() NULL pointer dereference on Power/Cell BE Architecture

I've released an exploit for the Linux sock_sendpage() NULL pointer dereference[1], discovered by Tavis Ormandy and Julien Tinnes. This exploit was written to illustrate the exploitability of this vulnerability on Power/Cell BE architecture. The exploit makes use of the SELinux and the

Re: [Full-disclosure] windows future

On Sun, 30 Aug 2009 01:09:55 BST, lsi said: The biological metaphor does suggest that Microsoft would take some kind of evasive action, and I think their only option is to license unix, just as Apple did (although Apple did it for different reasons). Doing this will solve many problems,

Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday

Confirmed. Ask yourselves why your fuzzers haven't found that one - Combination of MKDIR are required before reaching vuln code ? -- http://blog.zoller.lu Thierry Zoller ___ Full-Disclosure - We believe in it. Charter:

Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday

Dear Thierry Zoller, I think yes, MKDIR is required. It should be variation of S99-003/MS02-018. fuzzer should be very smart to create directory and user both oversized buffer and ../ in NLST - it makes path longer than MAX_PATH with existing directory. --Monday, August 31,

[Full-disclosure] [SECURITY] [DSA 1875-1] New ikiwiki packages fix information disclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1875-1 secur...@debian.org http://www.debian.org/security/ Moritz Muehlenhoff August 31, 2009

Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday

Hello list, I have to clarify some things on the globbing vulnerability here. The posted PoC (with the fine art) does NOT exploit IIS6 ftp servers, IIS6 ftp server IS affected by the buffer overflow but is properly protected by stack canaries. AFAIK it looks like a DoS on Windows Server 2003.

[Full-disclosure] CORE-2009-0820: Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server 1. *Advisory Information* Title: Dnsmasq Heap Overflow and

Re: [Full-disclosure] Why FD should unban n3td3v.

The readers did decide, that's why he's banned. If you still like reading his garbage go find whatever bridge he's currently living under and subscribe. If you believe that the days with n3td3v on the list were FD's glory days you're either ignorant or stupid. On Mon, Aug 31, 2009 at 1:56 AM,

Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday

why would anyone write a 0day with... # bug found exploited by Kingcope, kcope2atgooglemail.com # Affects IIS6 with stack cookie protection # August 2009 - KEEP THIS 0DAY PRIV8 ... then plaster it all over the internet? have you forgotten what you, yourself wrote? if you guys really wanna

Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday

Nice find Kingcope, As Thierry mentioned it, i guess it was a pain to find it, nice one as always, your finding rocks. Cheers 2009/8/31 r1d1nd1rty r1d1nd1...@hush.com why would anyone write a 0day with... # bug found exploited by Kingcope, kcope2atgooglemail.com # Affects IIS6 with stack

[Full-disclosure] VMSA-2009-0011 VMware Studio 2.0 addresses a security issue in the public beta version of Studio 2.0

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - VMware Security Advisory Advisory ID: VMSA-2009-0011 Synopsis: VMware Studio 2.0 addresses a security issue in the public