ZDI-09-067: Novell NetWare NFS Portmapper and RPC Module Stack Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-067
September 30, 2009
-- Affected Vendors:
Novell
-- Affected Products:
Novell Netware
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS
A new exploit for the _Smb2ValidateProviderCallback() function has been
released by the same person who created the Denial of Service exploit,
except this one is able to execute code remotely. It seems that ms is sort
of delaying the quick fix for this exploit. Whats even sadder is that they
knew
Hi All,
Any one used mudos provided by pcapr.net.
Is it possible to generate our own exploit pattern using that tool. If
so please provide me the steps to generate the traffic.
Thanks Regards
SujayKumar
___
Full-Disclosure - We believe in it.
I'm pretty sure that Microsoft has already released a fix for this. I know
they've patched Vista and Windows 7, and they've decided publicly not to
backport the fix to Windows XP.
--Rohit Patnaik
On Wed, Sep 30, 2009 at 8:34 PM, Nick nic...@gmail.com wrote:
A new exploit for the
it seems...and I'm pretty sure
Is this FD or some fantasyland where everybody can just make up shit?
If you don't KNOW and can't CONFIRM (with links or FACTS) then stfu.
- Original Message -
From: Rohit Patnaik
To: Nick
Cc: full-disclosure@lists.grok.org.uk
Subject: Re:
Same here. RHEL doesn't even have /var/log/auth. We call it /var/log/secure
- which is 0600:
-rw--- 1 root root 509 Oct 1 09:37 secure
- Original Message -
From: bo...@civ.zcu.cz bo...@civ.zcu.cz
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Modifying
It sounds like you're talking about the tcp/ip stack flaws rather than
the smb2 issue.
On Oct 1, 2009, at 9:09 AM, Rohit Patnaik quanti...@gmail.com wrote:
I'm pretty sure that Microsoft has already released a fix for this.
I know they've patched Vista and Windows 7, and they've decided
Microsoft has released Internet Explorer 8 on March 19, 2009 and up to now
there's no reliable method to exploit memory corruption vulnerabilities on
it?
I mean, on IE6 and IE7 we had SkyLined heap spray technique, first seen in
the IFRAME overflow exploit [1] which have been used by almost every
This vulnerability is still unpatched and the exploit was written by Stephen
Fewer and H D Moore, not by Laurent Gaffie, the original bug finder.
On Wed, Sep 30, 2009 at 6:34 PM, Nick nic...@gmail.com wrote:
A new exploit for the _Smb2ValidateProviderCallback() function has been
released by
Freddie Vicious wrote:
Microsoft has released Internet Explorer 8 on March 19, 2009 and up to
now there's no reliable method to exploit memory corruption
vulnerabilities on it?
I mean, on IE6 and IE7 we had SkyLined heap spray technique, first
seen in the IFRAME overflow exploit [1] which
Yes, I am aware of the JVM and the Flash AVM heap spray techniques, no
DEP/ASLR there... But as you said, so far there's no known catch-all
technique against IE8.
Along with other security features (
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:253
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
How does it feel to be a hypocrite? And we quote:
22:02 weev im all for white people cleaning up the nigger problem
22:03 weev i hate niggers
22:03 weev i hate niggers.
Now besides the fact that weev is an annoying little bitch who
cannot seem to
And we should give a damn because?
On Thu, Oct 1, 2009 at 10:14 AM, Wintermute winterm...@hush.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
How does it feel to be a hypocrite? And we quote:
22:02 weev im all for white people cleaning up the nigger problem
22:03 weev i hate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:254
http://www.mandriva.com/security/
===
- Rooted CON 2010 -
C A L L F O R P A P E R S
===
.: [ ABOUT ]
Rooted CON is a Security Congress to be held in Madrid (Spain) on
March 2010. Our goal is to
===
Ubuntu Security Notice USN-839-1 October 01, 2009
samba vulnerabilities
CVE-2009-1886, CVE-2009-1888, CVE-2009-2813, CVE-2009-2906,
CVE-2009-2948
===
A security issue
FYI: ASLR DEP can be bypassed on x86, there's just nothing public at the
moment.
Cheers,
SkyLined
Berend-Jan Wever berendjanwe...@gmail.com
http://skypher.com/SkyLined
On Thu, Oct 1, 2009 at 6:44 PM, Freddie Vicious fred.vici...@gmail.comwrote:
Yes, I am aware of the JVM and the Flash
On Thu, 01 Oct 2009 21:55:37 +0200, Berend-Jan Wever said:
FYI: ASLR DEP can be bypassed on x86, there's just nothing public at the
moment.
Is that I believe it can, but there's no proof yet, or based on non-public
sources, I know for a fact it can?
pgpGarY5dXHrE.pgp
Description: PGP
Along with other security features
(http://blogs.msdn.com/architecture/archive/2009/08/13/internet-explorer-8-rated-tops-against-malware-and-phishing-attacks.aspx)
this basicly means that IE8 is the most secure web browser nowadays?
If memory serves me right, it's been a while since we've
Follow up posted, which includes:
- analysis of some tools most likely used against me
- information on an operator of a botnet very similar to the one that was
attacking me
- code samples, screenshots, etc.
http://paulmakowski.wordpress.com/2009/09/30/from-pass_file-to-script-kiddies/
On
Greetings.
I'd like to chime in here and mirror this.
Crime is bad. So is the subversive rhetoric that is drains the resources of law
enforcement, and in actuality, because of it's abusive nature increases the
likely we'll lose our liberties if you do something stupid.
You have any idea the
She's gorgeous and looks like a great mother.
I'm totally surprised, he sounds like he has the nicest family in the world.
Mom
http://imgur.com/AQpSd.jpg / (http://img19.imageshack.us/img19/1967/aqpsd.jpg)
/
(http://img.waffleimages.com/41c1f9036d350871dbedf177ffd1109cf3bc6ab8/aqpsd.jpg)
/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Description of Vulnerability:
- -
Drupal (http://drupal.org) is a robust content management system (CMS)
written in PHP and MySQL that provides extensibility through various
third party modules. The CCK module
I posted on here earlier as netdev.doctor questioning weev on how
he feels psychologically.
*spins weev around*
*grins*
You came from the net, You planted your seeds of hatred and now
with nature you fall here.
I feel such invigorating justice seeing your real identity
mirrored. Redundancy.
I posted on here earlier as netdev.doctor questioning weev on how
he feels psychologically.
*spins weev around*
*grins*
I feel such invigorating justice seeing your real identity
mirrored. Redundancy. Freedom of information.
I hypothesize weev may possibly kill himself, unfortunately. I'm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
VMware Security Advisory
Advisory ID: VMSA-2009-0013
Synopsis: VMware Fusion resolves two security issues
Issue date:2009-10-01
27 matches
Mail list logo