Hi,
there is a security vulnerability in Firebox 0.92 (latest Version)
http://www.4rman.com/exploits/tinybmp.htm
this link causes that your virutal memory will be rise up 1,2 GB used
Memory...
maybe Thunderbird 0.72 is also vulnerable via HTML.
credits to: StupidWhiteMan
--
Best Regard
In fact, a backhoe can probably do more damage to
the Internet than Microsoft's software.
Around here it tends to be one of the biggest UK ISPs that does the most damage to the
backbone.
*fondly reminisces of the time NTL dug through their own cable, only 250 yards from
their depot*
Marek
Hi,
for me this works fine on a fully patched msie 6.0sp1 too. Firefox 0.8 doesn't seem to
be vulnerable.
Greetz
Hi,
there is a security vulnerability in Firebox 0.92 (latest Version)
http://www.4rman.com/exploits/tinybmp.htm
http://www.4rman.com/exploits/tinybmp.htm
this link causes
Hmm, it has no effect on WinXP SP2 RC2 (German) // Internet Explorer 6 SP2!
- The new security central icon appears and opens a new line under the
address field. It shows a message indicating that IE does not display active
contents that could access the computer. You can allow blocked contend
As you may already know the Mozilla's patch for the shell protocol
security issue is merely a global configuration change. But is it
enough?
If an attacker has a file writing access to the user's default profile
directory, or somehow manages to update/create the file user.js (or
even worse -
It caused the same effect on fully patched XP SP1 (according to
windowsupdate.com) with IE6.0.2800.1106.xpsp2.030422-1633 when using MyIE
(virutal memory low warning) untill i closed the tab, when opening the link
in just IE page file got to over 900mb before i ended IE's task.
Anyone have any
On Mon, 12 Jul 2004, Aviv Raff wrote:
As you may already know the Mozilla's patch for the shell protocol
security issue is merely a global configuration change. But is it
enough?
No. As someone has already pointed out, Mozilla should whitelist safe
external protocols rather than blacklist
On Mon, Jul 12, 2004 at 01:23:39PM +0200, thE_iNviNciblE wrote:
there is a security vulnerability in Firebox 0.92 (latest Version)
http://www.4rman.com/exploits/tinybmp.htm
this link causes that your virutal memory will be rise up 1,2 GB used
Memory...
maybe Thunderbird 0.72 is also
[Full-Disclosure] Firefox 0.92 DoS via TinyBMP
Hi,
for me this works fine on a fully patched msie 6.0sp1 too.
Firefox 0.8 doesn't seem to be vulnerable.
Greetz
Hi,
there is a security vulnerability in Firebox 0.92 (latest Version)
snip
I think this has more to do with the
How can it not be a security flaw of mozilla if a setting in the
user.js overrides the global security setting defined by a patch, and
any manual setting defined by the user through the about:config?
I understand that if an attacker has the ability to change the user.js
file he can do worse
ie 6 sp1 fully patched win 2k sp4 ie6 causes a 1 gig jump in
VM..not sure why mozilla does not exhibit this behavior
st3ng4h wrote:
On Mon, Jul 12, 2004 at 01:23:39PM +0200, thE_iNviNciblE wrote:
there is a security vulnerability in Firebox 0.92 (latest Version)
The shell:windows code does work in IE, the only difference being that it displays a
dialogue box when referenced asking if the user wishes to open or save the file.
Combine that with a little social engineering and you've got a potential compromise.
This behavior is indistinguishable from that
Nick Eoannidis wrote:
Larry Seltzer
eWEEK.com Security Center Editor --
buddy, the shell:windows URI handler was disabled in IE ages ago!
The fact it can be crafted into an exploit for Mozilla! is the issue
here.
Of course it wont work on your IE your probably patched to the max!
Mozilla just
is that even a new vulnerability? the buffer overflow in windows .bmp
implementation was found months ago. this looks like it's either the same
proof of concept or something derived from it.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernardo Santos
In one sense I agree this would protect you from any virus, considering that /bin is
in the path environment variable, and that the system startup scripts use it. Without
making changes to all those, you wouldn't have much of a system. Without /bin in the
path, a lot of stuff is gonna break.
exploit does not crash SAV corporate edition 8.1.1.319, Scan engine 4.2.0.7.
Scan of file completes successfully.
On Fri, Jul 09, 2004 at 08:55:45PM -0700, bipin gautam wrote:
--- Peter B. Harvey (Information Security)
[EMAIL PROTECTED] wrote:
Could you please password protect it and email
I'm using Firefox .8, and the page simply loaded like any other (i.
e., ~1 second.)
- WinXP sp1 (not fully patched, but that's another story)
- Firefox .8
- 1.5Ghz processor
- 352M RAM
--
[stlst]
___
Full-Disclosure - We believe in it.
Charter:
I'm using MSIE 6.0sp1 (can't tell if it's fully patched or not) and it
didn't do anything that I could tell... no javascript errors. What
exactly is the expected result of a null-pointer?
--
[stlst]
___
Full-Disclosure - We believe in it.
Charter:
Hmm, very funny modified BMPs?!
[EMAIL PROTECTED]:~/tiny wget -r http://www.4rman.com/exploits/tinybmp.htm
[...]
[EMAIL PROTECTED]:~/tiny/www.4rman.com/exploits ll
insgesamt 44
-rw-r--r--1 davidusers 58 2004-04-07 23:05 little.bmp
-rw-r--r--1 davidusers 58
If you don't have anyhing to say but flaming, why do you pollute the list too?
Security patches shouldn't be overridden unless intended too (i.e uninstalled).
If an attacker can override the patch by a simple line of settings in
a configuration file (aka user.js) and the user cannot change this
Anyone have any clues as to why my machine seems vunerable to it?
Yes. Look in the file and you'll see that it is a ~1Mb wide 24-bit
colour bitmap. That's going to take a lot of memory when there are
several of them (as in that example).
8^) p.
On Fri, Jul 09, 2004 at 02:29:28PM -0500, Ron DuFresne wrote:
out that you will most likely end up with an unusable system. On a number
of vender OS', if the sh shell of csh shell, hooked to root user and
startup scripts is not the expected defaults, those OS's fail to function
properly on
Adobe Reader 6.0 Filename Handler Buffer Overflow Vulnerability
iDEFENSE Security Advisory 07.12.04
www.idefense.com/application/poi/display?id=116type=vulnerabilities
July 12, 2004
I. BACKGROUND
Adobe Reader is a program used to display Portable Document Format (PDF)
documents.
II.
snip
02/02/2003 Exploit discovered by iDEFENSE
03/11/2004 Initial vendor notification
snip
Is that initial notification date a typo or did they sit on it for over
a year before notifying the vendor?
Cary Barker
Network Security Administrator
Campbell Company, Inc.
-Original
###
Luigi Auriemma
Application: Half-Life engine
http://half-life.sierra.com
http://www.steampowered.com
Versions: before the 07 July 2004 (both Steam and not-Steam)
Hi,
i can confirm it for FF 0.92 on afully Patched WindowsBox...
but it doesn't happen much...memory increases to 1,8GB but the Pc is still
acting normal, nothing is slowed down or something...
just closed it and the memory goes back to normal...
Grettings,
-Ron
-Ursprungliche
Larry Seltzer wrote:
meaningful problem either, then we can agree to disagree on the scope. I'll agree that
getting this issue to run code of the choosing of the attacker is more difficult than
some other unpatched IE holes, but it is not impossible.
I disagree completely. The Mozilla problem,
clamav has options such as:
--max-files --max-space --max-recursion and --max-ratio
..which will protect against these types of DOS attacks.
-Matt Cuttler
Richard Massa wrote:
exploit does not crash SAV corporate edition 8.1.1.319, Scan engine 4.2.0.7.
Scan of file completes
* Aviv Raff:
Security patches shouldn't be overridden unless intended too (i.e
uninstalled).
This is not standard industry practice. Especially if a patch might
break previously working configuration, I completely agree that it's
correct.
For most people, having a working system is more
On Mon, Jul 12, 2004 at 07:14:02PM +0200, David Huecking wrote:
Hmm, very funny modified BMPs?!
[snip]
So we see the true nature of this picture.
This is precisely the point that almost everyone is missing
completely (but still clamoring it works on X, it doesn't work on
Y), and that Sapheriel
Paul has posted a tantilizing demonstration to bugtraq today.
[see: http://www.securityfocus.com/archive/1/368652]
This Internet Explorer sure provides hours of free
entertainment. Let's install and run executable code on the
target computers for the hell of it. Paul's beautiful demo
On Mon, 12 Jul 2004 21:02:51 +0200, Florian Weimer [EMAIL PROTECTED] wrote:
* Aviv Raff:
On Mon, 12 Jul 2004 20:34:44 +0200, Florian Weimer [EMAIL PROTECTED] wrote:
* Aviv Raff:
Security patches shouldn't be overridden unless intended too (i.e
uninstalled).
This is not standard
On Mon, 12 Jul 2004 20:34:44 +0200, Florian Weimer [EMAIL PROTECTED] wrote:
* Aviv Raff:
Security patches shouldn't be overridden unless intended too (i.e
uninstalled).
This is not standard industry practice. Especially if a patch might
break previously working configuration, I
I can confirm it too... How bizarre. However, i've closed it, and the
Commit Charge in Windows is still up at 1851MB! It only clears when
you close the firefox process completely (as expected).
On Mon, 12 Jul 2004 14:53:37 +0200, Webmaster
[EMAIL PROTECTED] wrote:
Hi,
i can confirm it for FF
Do you mean just using a big magnet or is Big Magnet the name of a
utility?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of amilabs
Sent: Monday, July 12, 2004 2:49 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Erasing a hard disk easily
I
To whom it may concern:
The Source Code Club is now open for business. SCC is
a business focused
on delivering corporate intel to our customers. Our main
focus is selling
source code and design documents, but there are many other
facets to our
business.
To get the ball rolling, we are
Hello,
i can confirm this bug für Thunderbird 0.72, but the behavior(you don't
really detect this bug) isn't so stupid as like by Outlook Express 6
(Total Crash up to Systemcrash, if you do enough *.bmp in the eMail)
IMG ... src=http://www.4rman.com/exploits/little.bmp; .
i know this exploit
- Original Message -
From: Maarten [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 13, 2004 7:23 AM
Subject: Re: [Full-Disclosure] Erasing a hard disk easily
An overwrite with all zeros will -allegedly- not withstand a serious
data-recovery attempt by professionals, not
RU guys hiring?
--- larry hobbles [EMAIL PROTECTED] wrote:
To whom it may concern:
The Source Code Club is now open for business.
SCC is
a business focused
on delivering corporate intel to our customers. Our
main
focus is selling
source code and design documents, but there are
[ the command for dd overwrite with zeros is: dd if=/dev/zero of=/dev/hd? ]
This is probably perfectly sufficient for what you need. However,
choices are always good:
http://dban.sourceforge.net/
Many algorithms available and comes on a handy boot CD.
tim
William Warren wrote:
the mozilla developers ar already seriously considering changing
to whitelisting in the next release
http://bugzilla.mozilla.org/show_bug.cgi?id=173010
Whitelisting is definitely the way to got, at least on Windows.
Thomas
--
Thomas Kaschwig * [EMAIL PROTECTED] *
Aviv Raff wrote:
How can it not be a security flaw of mozilla if a setting in the
user.js overrides the global security setting defined by a patch, and
any manual setting defined by the user through the about:config?
Because *nobody* should be able to write to your user.js file. If someone
Gregh [EMAIL PROTECTED] writes:
- Original Message -
From: Maarten [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 13, 2004 7:23 AM
Subject: Re: [Full-Disclosure] Erasing a hard disk easily
An overwrite with all zeros will -allegedly- not withstand a serious
http://dban.sourceforge.net (boot floppy, works nicely)
signature.asc
Description: This is a digitally signed message part
This is fake.
On Sat, 10 Jul 2004 22:21:18 -0400, Matt Burke [EMAIL PROTECTED] wrote:
Well, are you going to let the cat out of the bag?
On Sat, 10 Jul 2004 22:29:58 +0200, Marcus Specht
[EMAIL PROTECTED] wrote:
Am Do, den 08.07.2004 schrieb Milan 't4c' Berger um 11:26:
You
On Tue, 13 Jul 2004, Gregh wrote:
Since that time I have seen sensationalist TV shows showing how FBI and
CIA operatives get stuff out written to a sector BEFORE the sector was
overwritten and I honestly cannot understand how that could be, if at
all possible. Am I right in thinking those
Standard data recovery tools will be stopped by writing zeros to the disk. This
includes programs such as OnTrack Data Recovery Pro.
However i have been informed that equipment exists to retrieve data that programs on a
normal system cannot. Hence the writing multiple times with all 0 then all
Hi,
thE_iNviNciblE wrote:
there is a security vulnerability in Firebox 0.92 (latest Version)
http://www.4rman.com/exploits/tinybmp.htm
this link causes that your virutal memory will be rise up 1,2 GB used
Memory...
There is no such effect with Firefox 0.9.1 on Linux, the virtual memory
W3 (FR h1gH c0uNc1l bl4ckh4t 3l33t p3op13) h4v3 d3c1d3D t0 g1v3 y0u a r34l
pr00f 0f 0ur l33t sk1lls, 4lth0uGh m0sT 0f 0uR w0rK st4yS pr1v4t3 (c4uS3 W3
fUcK tH3 s3cuR1tY 1NduStrY).
W1tH th1s pR0gr4m y0u w1ll b3 aBl3 t0 f1nD s0me s3cUr1tY buGs 1n y0urS s0urc3
c0d3s. 3x4mPl3 0f Us3 f0r l4m4h
On Mon, Jul 12, 2004 at 11:23:24PM +0200, Maarten wrote:
So, if you want to erase the data but keep the drives operational too, you
have but one means left: by plain old formatting. Depending on the level of
security you want, you can opt for:
* DOS/Windows format (beware: this does not
Darik's boot and nuke, super easy, open, floppy and cd images, multiple
types of erasure, multiple passes and verification
http://dban.sourceforge.net/
-Original Message-
From: amilabs [mailto:[EMAIL PROTECTED]
Sent: Monday, July 12, 2004 11:49 AM
To: [EMAIL PROTECTED]
Subject:
On Mon, Jul 12, 2004 at 10:12:40PM +0100, Ali Campbell wrote:
I agree when you say that it's probably a flaw in the BMP lib
implementation. But as I've pointed out once already, Windows isn't the
only afflicted platform:
[snip]
You're correct, and I'm glad you did point this out, because it
amilabs wrote:
Do you mean just using a big magnet or is Big Magnet the name of a
utility?
Run it through an MRI :-)
Jeff
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Since that time I have seen sensationalist TV shows showing how FBI and
CIA
operatives get stuff out written to a sector BEFORE the sector was
overwritten and I honestly cannot understand how that could be, if at all
possible. Am I right in thinking those shows are bull?
simple...
by
IDE drives are typically formatted at the factory so you may actually make the
drives unusable if you use a magnet.
Michael R. Schmidt
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of amilabs
Sent: Monday, July 12, 2004 11:49 AM
To: [EMAIL PROTECTED]
Hi all,
As it was pointed out to myself there is still technologies which can bypass this. If
you are workign with high sensitivity data then physical distruction is always the
best course of action. Below is considered a basic sanitation to the media. Virtually
impossible refers to the fact
not here please !
- Original Message -
From: larry hobbles [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 13, 2004 2:10 AM
Subject: [Full-Disclosure] The Source Code Club is now open for business
To whom it may concern:
The Source Code Club is now open for business.
An overwrite with alternating zeros and ones will defer almost anbody, and so
will a random-data overwrite, provided both are repeated at least 3-5 times.
[ the command for dd overwrite with zeros is: dd if=/dev/zero of=/dev/hd? ]
so here are the actual command that you will have to run,
virgil wrote:
W3 (FR h1gH c0uNc1l bl4ckh4t 3l33t p3op13) h4v3 d3c1d3D t0 g1v3 y0u a r34l
[snip]
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
wow that program works great!
i dont know how i'd
hello
i've read that physically removing the disk plates
from a modern hard disk is more than enough to make
the information contained there imposible to read. the
servo information that is stored on each plate is very
sensitive to the relative position of the disks
themselves and the heads on
what baffles me is how easily this problem could be countered. a simple
check of bfsize versus filesize(-header and such) would suffice. i suppose
you could implement a proximity algorithm to make the format more robust so
it doesn't break at the tinyest corruption.
-Original Message-
I tested it out on 2 platforms. On Mozilla 1.7
win2k I get the same results as your description.
However on Freebsd_4.10 Mozilla 1.7, Mozilla just
crashes with little or no tax on the system.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of
62 matches
Mail list logo
