http://zdnet.com.com/2100-1105-5229707.html
IE flaws used to spread pop-up toolbar
by Robert Lemos, CNET News, 09 June 2004
An adware purveyor has apparently used two previously unknown
security flaws in Microsoft's Internet Explorer browser to install a
toolbar on victims' computers that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200406-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
==
0xbadc0ded Advisory #04 - 2004/06/10 - smtp.proxy = 1.1.3
==
Reference
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 517-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
June 10th, 2004
On Thu, Jun 10, 2004 at 10:14:21AM +0200, Feher Tamas wrote:
http://zdnet.com.com/2100-1105-5229707.html
the early stages of building the case, Toulouse said. The company is
considering creating a patch quickly and releasing it as soon as
possible, rather than waiting for its usual
On Wed, Jun 09, 2004 at 08:59:19AM -0400, [EMAIL PROTECTED] wrote:
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Possible First Crypto Virus Definitely Disc
overed!
Date: Wed, 9 Jun 2004 08:59:19 -0400
It is a mind Virus. Can't anyone resist posting to
!--
http://zdnet.com.com/2100-1105-5229707.html
http://news.com.com/2100-1002_3-5229707.html
IE flaws used to spread pop-up toolbar
by Robert Lemos, CNET News, 09 June 2004
The possibility that a group or company has apparently used the
vulnerabilities as a way to sneak unwanted advertising
I've been in IT for many years and I am now IT
Director here at
the bank... I would think that I would know what ssl would be. I don't
think this worm has anything to do with whatever ssl is. Does
anybody even
still use ssl? That's probably why the hackers chose it.
is this flaim bait ?
Steve,
Sorry to say but it is not! I checked my incoming traffic again
this morning
and the attack on port 443 is still coming in full steam ahead! I
don't know
COULDN'T THIS BE A SSL DENIAL OF SERVICE ATTACK? ssl requires quite a lot of resourses
and if u have a web server running
dont feed the clown!
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Georgi Guninski security advisory #69, 2004
Buffer overflow in apache mod_proxy,yet still apache much better than windows
Systems affected:
modproxy from apache 1.3.31 and earlier
Risk: Unknown - at least a crash, exploitability unknown
Date: 10 June 2004
Legal Notice:
This Advisory is
I've been in IT for many years and I am now IT
Director here at
the bank... I would think that I would know what ssl would be. I don't
think this worm has anything to do with whatever ssl is. Does
anybody even
still use ssl? That's probably why the hackers chose it.
is this flaim bait ?
On Thu, 10 Jun 2004 14:38:08 +0300, Georgi Guninski said:
On Thu, Jun 10, 2004 at 10:14:21AM +0200, Feher Tamas wrote:
http://zdnet.com.com/2100-1105-5229707.html
the early stages of building the case, Toulouse said. The company is
considering creating a patch quickly and releasing it
Does anyone keep track of the record number of bites in a thread to a
Trolling run...this would have to be close to a record...
A rather successful fishing trip Bilanowhat's the catch weigh in as??...
-- Angoitia
--
-- dont feed the clown!
--
--
Feher Tamas wrote:
http://zdnet.com.com/2100-1105-5229707.html
Microsoft learned of the issue when a security researcher posted an
analysis of the problem to the Full Disclosure security mailing list
Monday. The software giant has already contacted the FBI and is in
the early stages of
We have assigned CAN-2004-0492 to this issue.
The flaw affects Apache httpd 1.3.26 to 1.3.31 inclusive that have
mod_proxy enabled and configured. Apache httpd 2.0 is unaffected.
The security issue is a buffer overflow which can be triggered by getting
mod_proxy to connect to a remote server
El jueves 10 de junio a las 10:42, insecure escribió:
You know, just from that paragraph, it could be read to mean that MS is
trying to build a case against person who posted on FD
Well, if you they don't want to patch their software and don't
want new vulnerabilites to be disclosed,
-Original Message-
From: Gadi Evron [mailto:[EMAIL PROTECTED]
Sent: Monday, June 07, 2004 1:47 PM
To: Jelmer
Cc: [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Internet explorer 6 execution of arbitrary code
(An analysis of the 180 Solutions Trojan)
On Fri, 11 Jun 2004 00:35:31 +1000, Sean Crawford [EMAIL PROTECTED] said:
Does anyone keep track of the record number of bites in a thread to a
Trolling run...this would have to be close to a record...
Maybe here in the minor leagues. Wander over to Slashdot or Usenet
sometime, where the pros
Hi Sean!
I have given up on this news group for the time being as everybody was
sending me hate mail because of my virus report and calling me nasty names
(like troll). LOL! And I can run quite fast, thank you very much!
I wound up blocking port 443 inbound and outbound on the firewall to stop
On Thursday 10 June 2004 2:06 pm, Billy B. Bilano wrote:
Since you can't get rid of a virus like this we are going to get rid of
the Windows! The CEO told me to get rid of the virus and get the servers
back up at whatever the cost! So now that I have a blank check I am
going to do what's
On Thu, Jun 10, 2004 at 04:46:45PM +0100, Mark J Cox wrote:
An official patch to correct this issue is available. See:
http://marc.theaimsgroup.com/?l=apache-httpd-devm=108687304202140
the apache guys and chix produced an official patch in two calendar days
after initial report.
m$ seems
On Thu, Jun 10, 2004 at 10:42:47AM -0500, insecure wrote:
You know, just from that paragraph, it could be read to mean that MS is
trying to build a case against person who posted on FD
i doubt m$ will engage themselves in such a losing (cyber)war.
--
georgi
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200406-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Thursday, June 10, 2004
The following was presented by 'bitlance winter' of Japan today:
a href=http://www.microsoft.com%2F redir=www.e-
gold.comtest/a
Quite inexplicable from these quarters. Perhaps someone with
server 'knowledge' can examine it.
It carries over the address into the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: ksymoops
Advisory ID:
Hi Bill!
Hey, if you've got a blank check and maybe starting from scratch,
here's a few tips to make sure everything goes smoothly! Free advice
from expert consultant since 2003!
1) When you buy those Sun computers, make sure they all weigh the
same. This is because you have to balance the
RealPlayer embd3260.dll Error Response Heap Overflow
Release Date:
June 10, 2004
Date Reported:
May 14, 2004
Severity:
High (Remote Code Execution)
Vendor:
RealNetworks
Systems Affected:
RealOne Player
RealOne Player v2
RealPlayer 10
RealPlayer 8
RealPlayer Enterprise
Description:
eEye
Subject: [Full-Disclosure] COELACANTH: Phreak Phishing Expedition
From:[EMAIL PROTECTED] [EMAIL PROTECTED]
Date:Thu, June 10, 2004 12:35 pm
To: [EMAIL PROTECTED]
--
Thursday, June 10, 2004
The
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200406-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
They brought a cave troll!
-- Boromir
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Let me add some notes to this:
1. Placing microsoft.com in the so-called 'trusted zone', will
render the site contents of e-gold.com in the 'trusted zone'
2. Opera fails, Mozilla functions
3. While it may appear to be related to the html form, the same
can be achieved with a normal href or
-Original Message-
From: Gadi Evron [mailto:[EMAIL PROTECTED]
Sent: Monday, June 07, 2004 1:47 PM
To: Jelmer
Cc: [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Internet explorer 6 execution of arbitrary code
(An analysis of the 180 Solutions Trojan)
You can't replicate this with most other servers because the Host header
is set to a non-existant site on most servers.
Whenever IIS or Apache receives a request it will first locate the
proper site based on the IP adress being used, after which it will
lookup based on the Host header. In the
You can't replicate this with most other servers because the Host header
is set to a non-existant site on most servers. However, you can use this
to gain both Trusted Sites and Intranet Sites privileges from arbitrary
websites.
Whenever IIS or Apache receives a request it will first locate the
From the original discover, 'bitlance winter' one big fat
coelacanth:
a href=http://www.malware.com%2F redir=www.e-gold.comtest/a
i guess that this issue is not e-gold's BUG,
IE6 and Opera7.51 is vulnerable.
Some server's DNS allow magic number subdomainname.
the server allow ,
www.site.tld
http://www.malware.com/golly.html
I see no pattern at all, but this works on some systems for me and not on others. On
some I get to Microsoft, some to e-gold.com.
And WTF is it with www.e-gold.com? Nothing else seems to work at all.
Larry Seltzer
eWEEK.com Security Center Editor
We wrap this up with a full-on ssl site spoof. It seems limited
how far you can 'shove' the real domain out of the way, but just
enough to make it convincing so we adapt the window to 'cover'
it up. Interestingly [with apologies to e-gold for playing with
their site], they have a secured
Yeah, it seems to be the host header as Thor Larholm [EMAIL PROTECTED]
pointed out.
I set up a site hard to an IP with no host header defined, and can redirect
this way to it.
If you keep trying random sites you will probably find another that works,
but who can really afford to set up every
2) Make sure you buy the security option with the servers. The XOR
isn't protected if you don't, and that's just basically bad. Security
starts at the bottom.
that's right way down like the bottom of the some thing nasty like deleted by filter
3) Make sure those servers use 3-phase
Well, if you they don't want to patch their software and don't
want new vulnerabilites to be disclosed, they can always sue the hell
out of those who dare to analyze their software.
it will simply mean that the posters will start posing anon
-aditya
Larry Seltzer [EMAIL PROTECTED] wrote:
And WTF is it with www.e-gold.com? Nothing else seems to work at all.
e-gold has wildcard DNS, so anything.e-gold.com will work. For other
domains the hostname lookup stage may fail.
(I guess... I can't actually get the exploit to work for me, but still.)
42 matches
Mail list logo
