Hello,
Your 'race condition possibly leading to root'is a myth...
Yes thats maybe because race condition or not, it is ASLR wich will prevent
from ANY rootshell,and Yes, it has bveen tried... You can do better, go
right ahed ;-)
I am betting you thats why it aint being ptached in any hurry,
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201110-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
24405398b27585676f0191b493839e9c02f3ec5a file1
e676c17b21f5a96fe278c0cdb32152357d5e10f6 file2
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
xD 0x41 sec...@gmail.com wrote:
Hello,
Your 'race condition possibly leading to root'is a myth...
Yes thats maybe because race condition or not, it is ASLR wich will
prevent from ANY rootshell,and Yes, it has bveen tried... You can do
better, go right ahed ;-) I am betting you thats why
Oh, thanks. Much appreciated.
Gee, I sure don't understand sarcasm...
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
I also got that impression :( where is that clarified?
On Mon, Oct 24, 2011 at 6:13 PM, char...@funkymunkey.com wrote:
Withdrawn :P
Quoting char...@funkymunkey.com:
I got the impression that they have fully compromised the actual TOR
network, not a dummy network, am I wrong?
Charlie
zFtp Server = 2011-04-13 | STAT,CWD Remote Denial of Service Vulnerability
1. OVERVIEW
The zFTP server is found to be vulnerable to denial of service in
handling multiple STAT and CWD command requests.
2. BACKGROUND
The zFTP server is a Windows based FTP server with focus on clever
Active
http://www.dailymotion.com/gkallenborn#videoId=xlo02x
http://www.dailymotion.com/gkallenborn#videoId=xlo05e
good luck with french
[[ char...@funkymunkey.com ]] @ [[ 24/10/2011 18:09
]]--
I got the impression that they have fully
Rumors of Tor's compromise are greatly exaggerated
https://blog.torproject.org/blog/rumors-tors-compromise-are-greatly-exaggerated
[[ Mohit Kumar ]] @ [[ 24/10/2011 16:31
]]--
French researchers from ESIEA
And please remember ninja's words:
http://twitter.com/#!/moxie__/status/115844171142664192
[[ Mohit Kumar ]] @ [[ 24/10/2011 16:31
]]--
French researchers from ESIEA
http://www.esiea.fr/c/en/Web.Esiea.Public.cuke?, a French engineering
I think it was ln -T ?
xD 0x41 sec...@gmail.com wrote:
Hello,
Your 'race condition possibly leading to root'is a myth...
Yes thats maybe because race condition or not, it is ASLR wich will
prevent from ANY rootshell,and Yes, it has bveen tried... You can do
better, go right ahed ;-) I
On Tue, Oct 25, 2011 at 08:56:10AM -0400, b...@fbi.dhs.org wrote:
I think it was ln -T ?
Oops, thanks, a typo.
Tavis.
--
-
tav...@cmpxchg8b.com | pgp encrypted mail preferred
---
On Mon, Oct 24, 2011 at 4:14 PM, r...@segfault.net wrote:
Today the German hacker group The Hacker's Choice officially
released a new DDoS tool. The tool exploits a weakness in SSL to kick a
server off the Internet.
Finally!
Thank you!
Until we have a better technology, I'd like to discuss
If you want to check a site versus actually bringing it down if it is
vulnerable, you can use the modifed version of the THC utility that I
pasted here: http://pastebin.com/bKLue33X
___
Full-Disclosure - We believe in it.
Charter:
To make it more difficult to DOS servers using SSL, the protocol could
somehow be modified to challenge the client with some useless** but
cpu-heavy calculation before the server starts acting. Of course it
must be something that does not involve heavy calculation at the
server side,
I have never actually looked at doing this and would be interested if
there is actually a way to do this without it being weak in some way.
I don't know either, it was just an idea. Something like: You want me
to do heavy calculation, so, then do a heavy calculation first, so we
are even.
It is
==
Microsoft Outlook Web Access Session
sidejacking/Session Replay Vulnerability
===
On 25 October 2011 19:26, information security
informationhacke...@gmail.com wrote:
#Product Outlook Web Access 8.2.254.0
#Vulnerability
SideJacking is the process of sniffing web cookies, then replaying them to
clone another user's web session. Using a cloned web session, the jacker can
ln actually succeeds, but created /tmp/foo/foo instead. The attacker still
owns /tmp/foo, so he quickly rename()s it and replaces /tmp/foo with his
exploit.
You can make it bypass Aslr ?
This is what im talking about tavis, not the well known ln and other bugs
you have pleasured us all with :)
You can make it bypass Aslr ?
No, you are absolutely correct, this vulnerability can't be used to
bypass ASLR. Score one for address space randomization.
/mz
___
Full-Disclosure - We believe in it.
Charter:
I do know, this is quite confusing,
I have reproduced this, so has another well known exploit-eer on this list,
and both failed, altho, i have been able to use actually, parts of YOUR
poc's from debian, to gain root to almost anything, but it is not so
straight forward as just the actual scenaro
On Wed, 26 Oct 2011 09:56:24 +1100, xD 0x41 said:
You can make it bypass Aslr ?
Nope. It can't, because ASLR doesn't enter into the picture. But then, *who
cares*? Are you going to make it make it through a passport check too? Because
that's as relevant to this exploit as ASLR is.
It still
Hi Michael,
I will try to lever it past , using some extra code, but it will still
bump into aslr I think.
When i see you commenting on it and backing iwhat i have said, It makes me
think that, i am pobably right on this one.
Anyhow, i will leave it here , I think i have said what needs to be,
and, this is pwning nothing :)
On 26 October 2011 10:29, valdis.kletni...@vt.edu wrote:
On Wed, 26 Oct 2011 09:56:24 +1100, xD 0x41 said:
You can make it bypass Aslr ?
Nope. It can't, because ASLR doesn't enter into the picture. But then, *who
cares*? Are you going to make it make it
valdis.kletni...@vt.edu wrote:
On Wed, 26 Oct 2011 09:56:24 +1100, xD 0x41 said:
You can make it bypass Aslr ?
Nope. It can't, because ASLR doesn't enter into the picture. But then,
*who cares*? Are you going to make it make it through a passport check
too? Because that's as relevant
Still possible when ssl connections are enforced?
On Oct 25, 2011, at 4:47 PM, Darren McDonald ath...@dmcdonald.net wrote:
On 25 October 2011 19:26, information security
informationhacke...@gmail.com wrote:
#Product Outlook Web Access 8.2.254.0
#Vulnerability
SideJacking is the
How would a remote attacker be able to read my systems memory?
On Oct 25, 2011, at 7:28 PM, Darren McDonald dar...@dmcdonald.net wrote:
On 25 October 2011 23:36, William Reyor opticfi...@gmail.com wrote:
Still possible when ssl connections are enforced?
Yes, because if an attacker is able
Hi,
On Tue, Oct 25, 2011 at 12:06:25PM +0200, Tavis Ormandy wrote:
xD 0x41 sec...@gmail.com wrote:
Your 'race condition possibly leading to root'is a myth...
Yes thats maybe because race condition or not, it is ASLR wich will
prevent from ANY rootshell,and Yes, it has bveen tried...
On Tue, Oct 25, 2011 at 6:51 AM, HI-TECH .
isowarez.isowarez.isowa...@googlemail.com wrote:
24405398b27585676f0191b493839e9c02f3ec5a file1
e676c17b21f5a96fe278c0cdb32152357d5e10f6 file2
A bit of netiquette and use the subject 'noise' for hashes.
http://seclists.org/fulldisclosure/2011/Jul/21
I think someone fed bugtraq archives into scigen.
I thought we're doing Twilight fanfic instead?
/mz
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
On 25 October 2011 23:36, William Reyor opticfi...@gmail.com wrote:
Still possible when ssl connections are enforced?
Yes, because if an attacker is able read your system's memory then
they will be able to decrypt your SSL traffic by using your symmetric
encryption keys. I call this the
Even if bzexe is not used that much, I found similar configurations
(compressed binaries launched via crond) on embedded systems (I think
this is why bzexe was made for).
This is true, your correct , but then, you dont have to even use a
compression agent.. there is still many other holes not
On 26 October 2011 00:30, William Reyor opticfi...@gmail.com wrote:
How would a remote attacker be able to read my systems memory?
... how would someone gain access to your session token?
___
Full-Disclosure - We believe in it.
Charter:
On 26 October 2011 00:30, William Reyor opticfi...@gmail.com wrote:
How would a remote attacker be able to read my systems memory?
... how would someone gain access to your session token?
___
Full-Disclosure - We believe in it.
Charter:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Race condition != Memory corruption...
(and therefore ASLR has NOTHING to do with it...)
http://i.imgur.com/l1l3o.gif = me after reading this.
On 10/25/2011 06:56 PM, xD 0x41 wrote:
ln actually succeeds, but created /tmp/foo/foo instead. The
I think you'll find that it was my point as well :) Sidejacking isnt a
vulnerability. It's the end result after an actual vulnerability has
been exploited. I.e. crappy session management, not setting the secure
flag, poor use of HTTPS, SSLv2/cipher reuse+weak ciphers+crap browser,
or whatever
Hello!
I dont know why, but i really enjoyed his talk.
I guess i was abit in tune with the humorous side ofit, but, i think he did
a great, fun job :P
I mean, it was prettymuch a session of , dont use svn/cvs , use git ,but
with abit of fun
for once!
I like this,m aslong as it doesnt become a
Aw, Even if you loop and copy a binary continuously into that directory
say bash is bzexe'd.
and our exploit does the following
#!/bin/sh
chmod 777 /etc/shadow
You'll get,
kemical:~# bzexe bash
bash: 2.214:1, 3.614 bits/byte, 54.83% saved, 700492 in, 316442 out.
kemical:~# ./bash
Hello List,
Id like people to also, like this thread asks, to pls give some opinion,
other than mine.. wich, i am yet to make;
http://www.hackerthreads.org/Topic-5973
Please look at this .c code on here, if you wish, and tell me, why
A. It is still in circulation, seeminlgly, on MANY MANY
Exploits this, maybe?
http://www.us-cert.gov/cas/bulletins/SB05-040.html#smb
On Tue, Oct 25, 2011 at 6:50 PM, xD 0x41 sec...@gmail.com wrote:
Hello List,
Id like people to also, like this thread asks, to pls give some opinion,
other than mine.. wich, i am yet to make;
Hrm, exactly what im wondering about, is that packet just 'junk' in effect
, or just hiding more :s
I will investiagte it.
It is strange tho, as nothing of the *normal* has detected anything malign
yet to me, but, i just started the OS i use for this stuff 20seconds ago,
and it has only read a
On 26 October 2011 10:40, Michal Zalewski lcam...@coredump.cx wrote:
I think someone fed bugtraq archives into scigen.
I thought we're doing Twilight fanfic instead?
/mz
I hate that thing : (/me unsubscribes).
___
Full-Disclosure - We believe in
I use darknets to help me,
they send me the info i need.
simple answer to simple question.
look them up, they may oneday protect you, also.
On 26 October 2011 13:15, adam a...@papsy.net wrote:
http://home.no/exploited/exploits/kmodaxx.c (almost[?] identical code,
claims to be a remote kernel
http://home.no/exploited/exploits/kmodaxx.c (almost[?] identical code,
claims to be a remote kernel root exploit)
http://www.securitylab.ru/forum/forum32/topic3728/?PAGEN_1=2 (very similar
code, claims to be an IIS exploit)
http://seclists.org/fulldisclosure/2003/Jun/456 (didn't read entire
Ok... i see now, it is being disguised, from along time ago...
strange why it is being used, unless people have started to rename things
maybe... to suit old things, wich dont work :s
it is possible...
I will see what it is doing and done sofar in the darknet i have setup in a
sec and, that will
h the idiot who thinks im laurelai... meh , your a fool yourself just for
even thinking that much :s
your but an echo on the list, wich, does not echo the rest of it, wich is a
good place to be.
unfortunately, your one of the few who should just be blocked, for making
absolutely nothing but
Do yourself a favor and run that code dumbass.
On Tue, Oct 25, 2011 at 10:18 PM, xD 0x41 sec...@gmail.com wrote:
I use darknets to help me,
they send me the info i need.
simple answer to simple question.
look them up, they may oneday protect you, also.
On 26 October 2011 13:15, adam
My apolgies.
I have a grammar problem,Its in part me not changing my old kb,and then
also, im in an office sometimes and have to be quick :
You do have a good point tho, I will try better.
xd
On 26 October 2011 13:29, Julian DeMarchi jul...@jdcomputers.com.au wrote:
On 10/26/2011 12:24 PM,
Using your smartphone while flipping burger can be dangerous pandawan.
More over if you work at burger king.
On Tue, Oct 25, 2011 at 10:26 PM, xD 0x41 sec...@gmail.com wrote:
h the idiot who thinks im laurelai... meh , your a fool yourself just for
even thinking that much :s
your but an
yer ofc... anyhow, ignoring you now...
you obv think your some leet troll, your not, your ONLY a TROLL :)
have a nice day or is that
*Goplamamamama Ignananayu*
forget the jedi oky, you gotta brushup on ya troll trash talk!
bah hahaha.
fool
xd
On 26 October 2011 13:44, Antony widmal
50 matches
Mail list logo