Send Full-Disclosure mailing list submissions to
full-disclosure@xxxxxxxxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.netsys.com/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
full-disclosure-request@xxxxxxxxxxxxxxxx
You can reach the person managing the list at
full-disclosure-admin@xxxxxxxxxxxxxxxx
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."
Today's Topics:
1. [TURBOLINUX SECURITY INFO] 05/Oct/2004 (Turbolinux)
2. RE: Spyware installs with no interaction in IE on fully patched XP SP2 box
(Castigliola, Angelo)
3. SUSE Security Announcement: samba (SUSE-SA:2004:035) (Thomas Biege)
4. Paranid ramblings - what's the deal? Bounded variables aren't? (Clairmont,
Jan M)
--__--__--
Message: 1
Date: Tue, 5 Oct 2004 22:30:17 +0900
From: Turbolinux security-announce@xxxxxxxxxxxxxxxx>
Reply-To: server-users-e@xxxxxxxxxxxxxxxx
To: security-announce@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] [TURBOLINUX SECURITY INFO] 05/Oct/2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 05/Oct/2004
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) squid -> DoS vulnerability in squid
(2) ImageMagick -> Multiple buffer overflow vulnerabilities in ImageMagick
===========================================================
* squid -> DoS vulnerability in squid
===========================================================
More information :
Squid is a high-performance proxy caching server for web clients, supporting
FTP, gopher, and HTTP data objects. Unlike traditional caching software,
Squid handles all requests in a single, non-blocking, I/O-driven process.
A vulnerability in the NTLM helpers in squid.
Impact :
The vulnerabilities allow remote attackers to cause a denial of service of
sauid server services.
Affected Products :
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution :
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Desktop, Turbolinux 10 F...]
# zabom -u squid
[other]
# turbopkg
or
# zabom update squid
---------------------------------------------
Source Packages
Size : MD5
squid-2.5.STABLE6-11.src.rpm
1538211 ff3e34c4b8c71d250f2781179ceec73a
Binary Packages
Size : MD5
squid-2.5.STABLE6-11.i586.rpm
825195 85c3b583674e0ac0695c4cbf0404e586
Source Packages
Size : MD5
squid-2.5.STABLE6-11.src.rpm
1538211 6b6d400ee15ee97ac6f7e98fbea26e50
Binary Packages
Size : MD5
squid-2.5.STABLE6-11.i586.rpm
825663 bed921f91e657975cc6c72d2ea8f29d4
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
1538211 b28eeeb88347c668fdb9938c4c1cd438
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
825370 335f0fe78cfb204c86ff5b05d12bfd34
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
1538211 181d72c2668f72b6e50190f784421bed
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
825810 5e52e49f4be6e555f57b38ffb241c455
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
1538211 45fd66fc13713b40beb996f664460f0e
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
829880 e2a6cf6b67a7c74249b23bce5a4adedf
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
1538211 191eab57b2adcecf91ceb4b34c94de09
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
830034 d6142042afcd410376e5a875c5436bc9
Notice :
After performing the update, it is necessary to restart the squid daemon.
To do this, run the following command as user root.
---------------------------------------------
# /etc/init.d/squid restart
or
# /etc/rc.d/init.d/squid restart
---------------------------------------------
References:
CVE
[CAN-2004-0832]
http://cve.mitre.org/cgi-bin/cvename.cgi\?name=CAN-2004-0832
===========================================================
* ImageMagick -> Multiple buffer overflow vulnerabilities in ImageMagick
===========================================================
More information :
ImageMagick(TM) is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF and
Photo CD image file formats.
Multiple buffer overflow vulnerabilities in ImageMagick allowing remote
attackers to execute arbitrary code via a malformed image or video file.
Impact :
These vulnerabilities may allow remote attackers to execute arbitrary
code via a malformed image or video file in AVI or BMP formats.
Affected Products :
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution :
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Desktop, Turbolinux 10 F...]
# zabom -u ImageMagick ImageMagick-devel
[other]
# turbopkg
or
# zabom update ImageMagick ImageMagick-devel
---------------------------------------------
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/ImageMagick-5.5.7-5.src.rpm
5274681 6a9d3c1b208049830e7086b9aae75fe7
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-5.5.7-5.i586.rpm
2397224 dea16cf3ee2ce38381e3d2679ad8fa3c
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-devel-5.5.7-5.i586.rpm
555804 840cc5d2ec79afd5cfdbf4223f625195
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/ImageMagick-5.4.7-1.src.rpm
3614849 bb43185f084dd6e32f10694f35fb513d
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-5.4.7-2.i586.rpm
3207676 6839799de74d7439334a875a097b6049
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-c++-5.4.7-2.i586.rpm
1392173 d0af80e68a129fd41d301b7ec3469ff5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-devel-5.4.7-2.i586.rpm
855821 be80bb2b23c8b87ab831bb99201b85c8
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-perl-5.4.7-2.i586.rpm
60163 1281a234915115227a2bb2fa5071d6c7
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/ImageMagick-5.4.3-3.src.rpm
3665019 ae1a64cf87ea0e6598ca147abd3349e4
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/ImageMagick-5.4.3-3.i586.rpm
3668565 d065de9b0d5a58b6393cc4805e0eb405
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/ImageMagick-devel-5.4.3-
1267050 a3e0ef2ac5bd589f453f5ab529981fab
References:
CVE
[CAN-2004-0827]
http://cve.mitre.org/cgi-bin/cvename.cgi\?name=CAN-2004-0827
* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.
http://www.turbolinux.com/download/zabom.html
http://www.turbolinux.com/download/zabomupdate.html
Package Update Path
http://www.turbolinux.com/update
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to server-users-e-ctl@xxxxxxxxxxxxxxxx> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to server-users-e-ctl@xxxxxxxxxxxxxxxx> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
supp_info@xxxxxxxxxxxxxxxx>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFBYqHtK0LzjOqIJMwRAgNPAJ9TkkL73895x0W7UXTix5/7Ai6vRQCgr1s5
D6e2lOCXUmCWuYNVxpgAvWY=
=qIgj
-----END PGP SIGNATURE-----
--__--__--
Message: 2
Subject: RE: [Full-Disclosure] Spyware installs with no interaction in IE on
fully patched XP SP2 box
Date: Tue, 5 Oct 2004 10:50:02 -0400
From: "Castigliola, Angelo" ACastigliola@xxxxxxxxxxxxxxxxx>
To: "Alla Bezroutchko" alla@xxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxx>
I am sure there is a configuration setting or software (perhaps the
software made the configuration change) that is preventing this from
installing on your computer.
I tested with a default XP SP1 install with all the Microsoft Updates
that have been applied to stop this type of IE hack. The spyware still
installs itself on the machine.
XP SP1 with the following patches:
http://support.microsoft.com/default.aspx\?scid=kb;en-us;814078
http://support.microsoft.com/default.aspx\?scid=kb;en-us;816093
http://support.microsoft.com/default.aspx\?scid=kb;en-us;823182
http://support.microsoft.com/default.aspx\?scid=kb;en-us;825119
http://support.microsoft.com/default.aspx\?scid=kb;en-us;832894
http://support.microsoft.com/default.aspx\?scid=kb;en-us;835732
http://support.microsoft.com/default.aspx\?scid=kb;en-us;840374
http://support.microsoft.com/default.aspx\?scid=kb;en-us;840315
http://support.microsoft.com/default.aspx\?scid=kb;en-us;839645
http://support.microsoft.com/default.aspx\?scid=kb;en-us;867801
These are _ALL_ the Microsoft Updates that specifically patch up IE
holes.
My question to the forum is: If this is not a 0-day IE exploit that
allows software to install on a computer with no user interaction then
what Microsoft Update applies to this exploit?
Again I fear there is no Microsoft Update available that will fix this
hole.
Can someone confirm that a Default install of XP SP2 with all patches
will not stop spyware from themexp.org from installing?
Angelo Castigliola III
Operations Technical Analyst I
UnumProvident IT Services
207.575.3820
-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[full-disclosure-admin@xxxxxxxxxxxxxxxx','','','')">full-disclosure-admin@xxxxxxxxxxxxxxxx]
On Behalf Of Alla
Bezroutchko
Sent: Tuesday, October 05, 2004 7:01 AM
To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Spyware installs with no interaction in
IE on fully patched XP SP2 box
Carr, Robert wrote:
Interesting...
I just went there, and he's right. Atpartners.cab installed without
permission. My McAfee picked it right up as Atpartners.dll, downloaded
to Temp Internet files. Spyware detected as NetPals. On the other
hand, I'm admin of my machine, I wonder if a "user" would get an error
message about not having the correct rights...
I have tested it on Windows XP SP2 and on fully patched Windows 2000. In
both cases _nothing_ gets run or installed. Both systems are more or
less standard installations without any special IE hardening (except
patches).
When I surf to the site with Windows XP "Installing components...
ATpartners.cab" briefly appears in the status bar and then the site gets
displayed. Under the normal browser bars there is a message saying "The
site might require the following ActiveX control: FREE on-line games and
special offers from... Click here to install...". I don't click on it.
Searching the disk for atpartnets.cab or atpartners.dll finds nothing.
The CLSID of the ActiveX control only appears in the registry in
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\"
.
With Windows 2000 I also get "Installing components... ATpartners.cab"
in the status bar and then the dialog box asking if I want to install
"Free online games from ATgames.com". This is a usual dialog box you get
when a page attempts to install an ActiveX control. If I click "No",
nothing gets installed, no atpartners files on the file system, no
traces of the CLSID in the registry.
I suppose the cab file gets downloaded so that Windows can read and
display the signature of the file. It does not get run or installed
unless explicitly permitted by user.
So, as far as I can see this is no 0-day.
Alla.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
--__--__--
Message: 3
Date: Tue, 05 Oct 2004 16:57:52 +0200
From: Thomas Biege thomas@xxxxxxx>
To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] SUSE Security Announcement: samba (SUSE-SA:2004:035)
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SUSE Security Announcement
Package: samba
Announcement-ID: SUSE-SA:2004:035
Date: Tuesday, Oct 5th 2004 16:53:01 MEST
Affected products: 8.1, 8.2, 9.0
SUSE Linux Enterprise Server 8
SUSE Linux Desktop 1.0
Vulnerability Type: remote file disclosure
Severity (1-10): 6
SUSE default package: Yes
Cross References: CAN-2004-0815
Content of this advisory:
1) security vulnerability resolved:
- Samba file access problem
problem description
2) solution/workaround
3) special instructions and notes
4) package location and checksums
5) pending vulnerabilities, solutions, workarounds:
- opera
- kernel
- mozilla
6) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion
The Samba server, which allows to share files and resources via
the SMB/CIFS protocol, contains a bug in the sanitation code of path
names which allows remote attackers to access files outside of the
defined share. In order to access these files, they must be readable
by the account used for the SMB session.
CAN-2004-0815 has been assigned to this issue.
2) solution/workaround
As a temporary workaround you can set the
wide links = no
option in smb.conf and restart the samba server. However an update
is recommended nevertheless.
3) special instructions and notes
After successfully updating the samba package, you need to issue the
following command as root:
rcsmb restart
4) package location and checksums
Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command "rpm -Fhv file.rpm" to apply
the update.
Our maintenance customers are being notified individually. The packages
are being offered to install from the maintenance web.
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/samba-2.2.8a-226.i586.rpm
eb71869029b35d2a97d55e26514524db
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/samba-2.2.8a-226.i586.patch.rpm
48bb3e455079fcfdf4ad2baa28f28557
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/samba-2.2.8a-226.src.rpm
d162ea5a39b14ee16ae1c6d5df9211bb
SUSE Linux 8.2:
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/samba-2.2.8a-225.i586.rpm
79b0514a827bdd782e6d3f62bb92fb85
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/samba-2.2.8a-225.i586.patch.rpm
a50dd448212245d51e9ac59ae50514e8
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/samba-2.2.8a-225.src.rpm
25d488678b607b3c67612ee065abd77a
SUSE Linux 8.1:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-2.2.8a-224.i586.rpm
93d0fb2502f30593548dbe2f41ec8948
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-2.2.8a-224.i586.patch.rpm
da5b107fb71c5daf5972b6e0aaca4f5c
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/samba-2.2.8a-224.src.rpm
e0b9f9af6c5348cb9840b5d98a1c59dc
x86-64 Platform:
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/samba-2.2.8a-226.x86_64.rpm
0f1c94aa23653b0cf9b318646d9153af
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/samba-2.2.8a-226.x86_64.patch.rpm
569974c359702c263b0968ce8fb9810f
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/samba-2.2.8a-226.src.rpm
75c1a01d03af42835809691840eaa331
______________________________________________________________________________
5) Pending vulnerabilities in SUSE Distributions and Workarounds:
- opera
New opera packages are available on our ftp servers, fixing
CAN-2004-0691, CAN-2004-0597, CAN-2004-0598, CAN-2004-0599 and
CAN-2004-0746.
- kernel
Update kernels for the kNFSd problem for SLES 8 and SL 8.1 have been
released.
- mozilla
We are in the process of releasing updates for mozilla (and related
browsers), fixing various issues: CAN-2004-0597, CAN-2004-0718,
CAN-2004-0722, CAN-2004-0757, CAN-2004-0758, CAN-2004-0759,
CAN-2004-0760, CAN-2004-0761, CAN-2004-0762, CAN-2004-0763,
CAN-2004-0764 and CAN-2004-0765.
We will give you concrete details in a separate mozilla advisory when
the updates are available.
______________________________________________________________________________
6) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SUSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.
1) execute the command
md5sum
after you downloaded the file from a SUSE ftp server or its mirrors.
Then, compare the resulting md5sum with the one that is listed in the
announcement. Since the announcement containing the checksums is
cryptographically signed (usually using the key security@xxxxxxx),
the checksums show proof of the authenticity of the package.
We disrecommend to subscribe to security lists which cause the
email message containing the announcement to be modified so that
the signature does not match after transport through the mailing
list software.
Downsides: You must be able to verify the authenticity of the
announcement in the first place. If RPM packages are being rebuilt
and a new version of a package is published on the ftp server, all
md5 sums for the files are useless.
2) rpm package signatures provide an easy way to verify the authenticity
of an rpm package. Use the command
rpm -v --checksig
to verify the signature of the package, where is the
filename of the rpm package that you have downloaded. Of course,
package authenticity verification can only target an un-installed rpm
package file.
Prerequisites:
a) gpg is installed
b) The package is signed using a certain key. The public part of this
key must be installed by the gpg program in the directory
~/.gnupg/ under the user's home directory who performs the
signature verification (usually root). You can import the key
that is used by SUSE in rpm packages for SUSE Linux by saving
this announcement to a file ("announcement.txt") and
running the command (do "su -" to be root):
gpg --batch; gpg
SUSE Linux distributions version 7.1 and thereafter install the
key "build@xxxxxxx" upon installation or upgrade, provided that
the package gpg is installed. The file containing the public key
is placed at the top-level directory of the first CD (pubring.gpg)
and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security@xxxxxxxx
- general/linux/SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an email to
suse-security-subscribe@xxxxxxxx>.
suse-security-announce@xxxxxxxx
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an email to
suse-security-announce-subscribe@xxxxxxxx>.
For general information or the frequently asked questions (faq)
send mail to:
suse-security-info@xxxxxxxx> or
suse-security-faq@xxxxxxxx> respectively.
=====================================================================
SUSE's security contact is security@xxxxxxxx> or security@xxxxxxx>.
The security@xxxxxxx> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular,
it is desired that the clear-text signature shows proof of the
authenticity of the text.
SUSE Linux AG makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team security@xxxxxxx>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key build@xxxxxxx>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iQEVAwUBQWK1Q3ey5gA9JdPZAQG2XAf/brEQk2j1Eh3S7Q3r9jnNHM/0oJ6rfish
wS/GcWazRcIV7I8JnUqspDU9zYamS2oB8Vu977yTFc+nhTryvpWsbJDnQIjtYE52
bEMMFW6gYTzUqG2U31mWKaqtpuFJJNuA3Lu0HgsxaQJ5F7qjVcsBOwX5PqCARMFp
KIcGJi8BtLsQ36x2ZWOXKG6p8jXxx8kSVln7T6e1T0v4tVURA6BaEkE4Dh0ZoKh1
V+lYw0QipbBIByWnY/rT4T1tvZE9NUG3JSHe0olyvDekmm/WzoHLIqOe2cKfR77a
nNb+cA81JW7JJk10NWKY4hzUX9oLCN8/mAvl40nvCHX+9YHldeM3Ag==
=LbT6
-----END PGP SIGNATURE-----
--__--__--
Message: 4
Date: Tue, 5 Oct 2004 11:48:59 -0400
From: "Clairmont, Jan M" jan.m.clairmont@xxxxxxxxxxxxx>
To: full-disclosure@xxxxxxxxxxxxxxxx>
Subject: [Full-Disclosure] Paranid ramblings - what's the deal? Bounded
variables aren't?
Every time I send out a memo to full-disclosure i get this this mail bounce
message and
it gets posted on full-disclosure. Anybody have an idea what's happening.
Message Follows:
From: Mailer-Daemon@xxxxxxx
Subject: NDN: [Full-Disclosure] Shows when no limits are set or restricted shell or bat ac
Sorry. Your message could not be delivered to:
tycho,IC&S (The name was not found at the remote site. Check that the name
has been entered correctly.)
Are these guys phishing, swishing or whatever Netherlands uber alles?
Or is this just their mail-server barfing? Should probably point dig at it
and debug it but I have gotten in trouble for that type of "help" before?
Keep on computing, even though your bytes are fried.
Jan Clairmont, Paladin of the Dept. of Insecurity Department, where no redundancy is allowed or is it redundancy is