===
Ubuntu Security Notice USN-872-1 December 11, 2009
kdebase-runtime vulnerabilities
https://launchpad.net/bugs/495301
===
A security issue affects the following Ubuntu
BID 36935
ERRATA: The previous trace POC was renamed to 36935-3.c on securityfocus
and had a small error in it. It is now fixed and available here. I'd like
to ask repositories to update.
File available here:
http://www.g-sec.lu/ssl-trace-poc.c
Original Paper:
[ Flock 2.5.2 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 11.12.2009
CVE: CVE-2009-0689
CWE: CWE-119
Risk: High
Remote: Yes
Affected Software:
- Flock 2.5.2
Fixed in:
- Flock 2.5.5
NOTE:
[ Camino 1.6.10 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 11.12.2009
CVE: CVE-2009-0689
CWE: CWE-119
Risk: High
Remote: Yes
Affected Software:
- Camino 1.6.10
Fixed in:
- Camino 2.0 =
[ Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code
execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 11.12.2009
CVE: CVE-2009-0689
CWE: CWE-119
Risk: High
Remote: Yes
Affected Software:
- Thunderbird 2.0.0.23
Fixed
[ Sunbird 0.9 Array Overrun (code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 11.12.2009
CVE: CVE-2009-0689
CWE: CWE-199
Risk: High
Remote: Yes
Affected Software:
- Sunbird 0.9
NOTE: Prior versions may also be affected.
kaspersky Portugal Vulnerable to blind SQLi by VMw4r3
./blindext.py -u http://www.kaspersky.com.pt/estore/index.php?ref=48; -s
INFORBYTE -D kavestore --schema
|---|
| rsaur...@]gmail[dot]com v3.0 |
|
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:332
http://www.mandriva.com/security/
Hello list,
I offer a 0day exploit on Microsoft Internet Explorer, versions 8, 7, 6.
Tested on Windows 2000/XP/2003/Vista/2008/7.
Serious offers only, no bullshit please :)
--
Best wishes,
Freddie Vicious
http://twitter.com/viciousf
___
On Fri, 11 Dec 2009 18:23:54 +0200, Freddie Vicious said:
I offer a 0day exploit on Microsoft Internet Explorer, versions 8, 7, 6.
Tested on Windows 2000/XP/2003/Vista/2008/7.
Serious offers only, no bullshit please :)
Extraordinary claims require extraordinary proof - so convince us that
you
Mr. Valdis Kletniesks,
I'll provide proof only for serious bidders. As I said, no bullshit please.
On Fri, Dec 11, 2009 at 6:38 PM, valdis.kletni...@vt.edu wrote:
On Fri, 11 Dec 2009 18:23:54 +0200, Freddie Vicious said:
I offer a 0day exploit on Microsoft Internet Explorer, versions 8, 7,
Send them to microsoft, pls. Or sell to zdi. This is a very serious
offer, absolutely no bs.
Hello list,
I offer a 0day exploit on Microsoft Internet Explorer, versions 8, 7, 6.
Tested on Windows 2000/XP/2003/Vista/2008/7.
Serious offers only, no bullshit please :)
--
Best wishes,
Free dorrar?
Sent from my iPhone
On 11 Dec 2009, at 16:23, Freddie Vicious fred.vici...@gmail.com
wrote:
Hello list,
I offer a 0day exploit on Microsoft Internet Explorer, versions 8,
7, 6. Tested on Windows 2000/XP/2003/Vista/2008/7.
Serious offers only, no bullshit please :)
--
Best
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If there was proof, I'd bid.
But as there is none and you don't intend to disclose any proof
without a prior bid..
Freddie Vicious schrieb:
Mr. Valdis Kletniesks,
I'll provide proof only for serious bidders. As I said, no bullshit
please.
On
Bids for what? An exploit? What does it to? How does it do it? What
context does code run (assuming code runs). What do you have to trick the
user into doing? Do you actually think people are going to offer you something
based on what you've outlined here? So far the only bullshit is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:296-1
http://www.mandriva.com/security/
Here is my 0-day for IE:
1 - Open a IE Windows;
2 - Browse your favorite URL/WEB Site
3 - Press Ctrl+W and watch
/*
* $Id: .siganture,v 1.3 2009-12-11 09:22:54-02 nbrito Exp $
*
* Author: Nelson Brito nbrito [at] sekure [dot] org
Copyright(c) 2004-2009 Nelson Brito. All
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:259-1
http://www.mandriva.com/security/
http://www.theregister.co.uk/2009/12/05/windows_bitlocker_attacks/
This method is almost as bad as Dan's grammar ;)
Among the methods discussed is what they call a hardware-level phishing
attack, in which a target machine is replaced with a counterfeit one that
provides precisely the same
P.S. - while poking fun at is rather than are, I did not mean for my
statements to suggest that Dan had qualified the nature of this attack as
brilliant. That was my own language making fun of the attack, and not
suggesting that Dan or el Reg was somehow making such a comment.
The other
/me sheepishly acquiesces to Dan publically.
Dan is right, I am wrong. After consulting our resident grammar expert, I have
been corrected. My apologies to Dan for incorrectly attributing a grammatical
error to his piece. I was going to bet on it too ;)
t
-Original Message-
From:
http://www.theregister.co.uk/2009/12/05/windows_bitlocker_attacks/
Research grant ideas for 2010:
1) Replacing not only the computer, but victim's entire apartment,
with cardboard cutouts to intercept passwords,
2) Substituting victim's spouse with a conspicuously German lookalike,
3)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Freddie Vicious wrote:
Hello list,
I offer a 0day exploit on Microsoft Internet Explorer, versions 8, 7, 6.
Tested on Windows 2000/XP/2003/Vista/2008/7.
Serious offers only, no bullshit please :)
If you are really serious about selling, you should sell it to ZDI or
iDefense. They do pay good money and it doesnt reach the bad hands, and it
guarantees your money. Thats my 2 cents.
On Fri, Dec 11, 2009 at 4:23 PM, Freddie Vicious fred.vici...@gmail.comwrote:
Hello list,
I offer a 0day
I couldn't imagine a method more reliable than thermorectal
cryptoanalysis, but you have done it with number 3). however, there is
a weak point: if, during the process of universe destruction, an
attacker are under constant observation by someone, his psi-function
might eventually collapse
zdi,idefense,securiteam,immunity,etc is a front, your exploit will anyways
end up on the blackmarket by selling it to theses company.
How can you be that naive ?
2009/12/11 Shyaam shy...@gmail.com
If you are really serious about selling, you should sell it to ZDI or
iDefense. They do pay
i am so sorry. I just don't understand this. Computer is infected. user has
DNS redirects to any and all site for help. Why can't the good guys use some
type of fast flux or url obfuscation to hide help standalone software to
down load and use? you know, maybe I am just so damn ignorant that what
On Fri, Dec 11, 2009 at 6:00 PM, RandallM randa...@fidmail.com wrote:
i am so sorry. I just don't understand this. Computer is infected. user has
DNS redirects to any and all site for help. Why can't the good guys use some
type of fast flux or url obfuscation to hide help standalone software to
On Fri, Dec 11, 2009 at 9:08 PM, frank^2 fra...@dc949.org wrote:
Obfuscate? But that's what hackers do. Those companies don't hire hackers.
Seriously.. Have a hard enough time trusting the debian contrib/non-free
repos as it is. Let me know how that fast-flux McAfee solution works out.
Real
On Fri, 11 Dec 2009 20:00:34 CST, RandallM said:
i am so sorry. I just don't understand this. Computer is infected. user has
DNS redirects to any and all site for help. Why can't the good guys use some
type of fast flux or url obfuscation to hide help standalone software to
down load and use?
On Fri, 11 Dec 2009 20:13:52 EST, Jeff Williams said:
zdi,idefense,securiteam,immunity,etc is a front, your exploit will anyways
end up on the blackmarket by selling it to theses company.
How can you be that naive ?
You're talking to somebody willing to sell to the highest bidder on F-D.
Draw
On Fri, Dec 11, 2009 at 8:29 PM, valdis.kletni...@vt.edu wrote:
On Fri, 11 Dec 2009 20:00:34 CST, RandallM said:
i am so sorry. I just don't understand this. Computer is infected. user
has
DNS redirects to any and all site for help. Why can't the good guys use
some
type of fast flux or
On Fri, Dec 11, 2009 at 8:08 PM, frank^2 fra...@dc949.org wrote:
On Fri, Dec 11, 2009 at 6:00 PM, RandallM randa...@fidmail.com wrote:
i am so sorry. I just don't understand this. Computer is infected. user
has
DNS redirects to any and all site for help. Why can't the good guys use
some
If idefense pay 7000$ for a RCE on IE, it's possibly because they sell
theses bugs to the NSA, MOSSAD, MI10 ?
From my understanding, MS do not pay for any reported vulnerability, or
maybe i missed the make a donation icon on idefense website ?
2009/12/12 Shyaam shy...@gmail.com
:) Good one
And the question is now:
should the Mossad, NSA, etc be considered as bad guys ?
2009/12/12 Jeff Williams jeffwilli...@gmail.com
If idefense pay 7000$ for a RCE on IE, it's possibly because they sell
theses bugs to the NSA, MOSSAD, MI10 ?
From my understanding, MS do not pay for any
I found a vuln in Google Chromeits called HTML 5.
-Jack
Sent from my Verizon Wireless BlackBerry
-Original Message-
From: Jeff Williams jeffwilli...@gmail.com
Date: Sat, 12 Dec 2009 14:12:04
To: Shyaamshy...@gmail.com; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure]
i am so sorry. I just don't understand this. Computer is infected. user has
DNS redirects to any and all site for help. Why can't the good guys use some
type of fast flux or url obfuscation to hide help standalone software to
down load and use? you know, maybe I am just so damn ignorant that
From: Randy
It's an iPhone Thang!
On Dec 11, 2009, at 9:26 PM, Tim tim-secur...@sentinelchicken.org
wrote:
i am so sorry. I just don't understand this. Computer is infected.
user has
DNS redirects to any and all site for help. Why can't the good guys
use some
type of fast flux or
38 matches
Mail list logo