[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Re: Full-Disclosure digest, Vol 1 #2020 - 10 msgs

To: "full-disclosure@xxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: [Full-Disclosure] Re: Full-Disclosure digest, Vol 1 #2020 - 10 msgs
From: "jialc" <jialc@xxxxxxxxxxxxxxx>
Date: Thu, 11 Nov 2004 19:34:11 +0800
full-disclosure-request,您好！

        

======= 2004-11-04 01:00:09 您在来信中写道：=======

>Send Full-Disclosure mailing list submissions to
>       full-disclosure@xxxxxxxxxxxxxxxx
>
>To subscribe or unsubscribe via the World Wide Web, visit
>       http://lists.netsys.com/mailman/listinfo/full-disclosure
>or, via email, send a message with subject or body 'help' to
>       full-disclosure-request@xxxxxxxxxxxxxxxx
>
>You can reach the person managing the list at
>       full-disclosure-admin@xxxxxxxxxxxxxxxx
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Full-Disclosure digest..."
>
>
>Today's Topics:
>
>   1. I am NOT out of here hahaha (Frank de Wit)
>   2. Re: I am out of here (Berend-Jan Wever)
>   3. RE: Security (for the common people) in electronic vote? (Sean Crawford)
>   4. [ GLSA 200411-07 ] Proxytunnel: Format string vulnerability (Thierry 
> Carrez)
>   5. Re: I am out of here (Berend-Jan Wever)
>   6. Re: How to clear contents of protected storage - Windows 2000 (Danny)
>   7. Re: How to clear contents of protected storage - Windows 2000 (Danny)
>   8. RE: I am out of here (Banta, Will)
>   9. Re: I am out of here (Barry Fitzgerald)
>  10. Re: I am out of here (kyle l)
>
>--__--__--
>
>Message: 1
>Date: Wed, 03 Nov 2004 11:30:56 +0100
>From: Frank de Wit <frankdewit@xxxxxxx>
>CC: full-disclosure@xxxxxxxxxxxxxxxx
>Subject: [Full-Disclosure] I am NOT out of here hahaha
>
>people talking about politics are usually boring, thinking only about 
>themselves and what they can gain personally by doing politics
>politics have nothing to do with thinking about the wellbeing of 
>people... only the RedCross, SalvationArmy, MSF etc do that
>that's why those people like to mail about offtopic things on this 
>FD-list, they are too stupid to care or understand what they're doing
>personally I have fun pressing the delete key very much lately...
>they are all wrinting blisters on their fingers, and all for nothing 
>because no-one reads it hahaha
>hojje from holland
>
>Ali Campbell wrote:
>
>> Hugo van der Kooij wrote:
>>
>>> Thank you all for turning a security mailinglist into a mudpool in which
>>> throwing around dirt about political candidates has become the prime
>>> objective.
>>>
>>> However that was not my objective when I came to this list so it seems
>>> this list has become rather useless to me.
>>>
>>> Quite a pity. But that is full-disclosure for you.
>>>
>>> So long and thanks for all the fish.
>>>
>>> Hugo.
>>>
>>
>> Me too. I'm unsubscribing. Have a nice day.
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>
>
>--__--__--
>
>Message: 2
>From: "Berend-Jan Wever" <skylined@xxxxxxxxxxxxxxx>
>To: <full-disclosure@xxxxxxxxxxxxxxxx>
>Subject: Re: [Full-Disclosure] I am out of here
>Date: Wed, 3 Nov 2004 14:34:34 +0100
>
>If you can't stand the heat, get out of the kitchen!
>
>Cheers,
>SkyLined
>
>
>--__--__--
>
>Message: 3
>Reply-To: <sean01@xxxxxxxxxxxxx>
>From: "Sean Crawford" <sean01@xxxxxxxxxxxxx>
>To: <full-disclosure@xxxxxxxxxxxxxxxx>
>Subject: RE: [Full-Disclosure] Security (for the common people) in electronic 
>vote?
>Date: Thu, 4 Nov 2004 01:05:47 +1100
>
>Now Australian and the US both have angry gnomes as the heads of state.....
>
>Flame me off list please....
>
>
>
>---> 
>---> -----Messaggio originale-----
>---> Surprise!
>---> 
>---> with electronic vote win Bush,
>---> so we've made a great scientific discover:
>---> in information technology bits=bush :-)
>---> 
>---> Tiziano Radice
>
>
>--__--__--
>
>Message: 4
>Date: Wed, 03 Nov 2004 15:06:32 +0100
>From: Thierry Carrez <koon@xxxxxxxxxx>
>Organization: Gentoo Linux
>To: gentoo-announce@xxxxxxxxxx
>CC: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx,
>   security-alerts@xxxxxxxxxxxxxxxxx
>Subject: [Full-Disclosure] [ GLSA 200411-07 ] Proxytunnel: Format string 
>vulnerability
>
>This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
>--------------enig76CB791339E9D081EAF57416
>Content-Type: text/plain; charset=ISO-8859-1
>Content-Transfer-Encoding: 7bit
>
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>Gentoo Linux Security Advisory                           GLSA 200411-07
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>                                            http://security.gentoo.org/
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
>  Severity: Normal
>     Title: Proxytunnel: Format string vulnerability
>      Date: November 03, 2004
>      Bugs: #69379
>        ID: 200411-07
>
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
>Synopsis
>========
>
>Proxytunnel is vulnerable to a format string vulnerability, potentially
>allowing a remote server to execute arbitrary code with the rights of
>the Proxytunnel process.
>
>Background
>==========
>
>Proxytunnel is a program that tunnels connections to a remote server
>through a standard HTTPS proxy.
>
>Affected packages
>=================
>
>    -------------------------------------------------------------------
>     Package               /  Vulnerable  /                 Unaffected
>    -------------------------------------------------------------------
>  1  net-misc/proxytunnel       < 1.2.3                       >= 1.2.3
>
>Description
>===========
>
>Florian Schilhabel of the Gentoo Linux Security Audit project found a
>format string vulnerability in Proxytunnel. When the program is started
>in daemon mode (-a [port]), it improperly logs invalid proxy answers to
>syslog.
>
>Impact
>======
>
>A malicious remote server could send specially-crafted invalid answers
>to exploit the format string vulnerability, potentially allowing the
>execution of arbitrary code on the tunnelling host with the rights of
>the Proxytunnel process.
>
>Workaround
>==========
>
>You can mitigate the issue by only allowing connections to trusted
>remote servers.
>
>Resolution
>==========
>
>All Proxytunnel users should upgrade to the latest version:
>
>    # emerge --sync
>    # emerge --ask --oneshot --verbose ">=net-misc/proxytunnel-1.2.3"
>
>References
>==========
>
>  [ 1 ] CAN-2004-0992
>        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0992
>  [ 2 ] Proxytunnel News
>        http://proxytunnel.sourceforge.net/news.html
>
>Availability
>============
>
>This GLSA and any updates to it are available for viewing at
>the Gentoo Security Website:
>
>  http://security.gentoo.org/glsa/glsa-200411-07.xml
>
>Concerns?
>=========
>
>Security is a primary focus of Gentoo Linux and ensuring the
>confidentiality and security of our users machines is of utmost
>importance to us. Any security concerns should be addressed to
>security@xxxxxxxxxx or alternatively, you may file a bug at
>http://bugs.gentoo.org.
>
>License
>=======
>
>Copyright 2004 Gentoo Foundation, Inc; referenced text
>belongs to its owner(s).
>
>The contents of this document are licensed under the
>Creative Commons - Attribution / Share Alike license.
>
>http://creativecommons.org/licenses/by-sa/1.0
>
>
>--------------enig76CB791339E9D081EAF57416
>Content-Type: application/pgp-signature; name="signature.asc"
>Content-Description: OpenPGP digital signature
>Content-Disposition: attachment; filename="signature.asc"
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.4 (GNU/Linux)
>
>iD8DBQFBiOXtvcL1obalX08RAnYnAJwIshpFa+FYWxodGye7GhzXT3u/4QCfezXh
>UCoNhH9Pa2ynywjd+lSdtUk=
>=WJOx
>-----END PGP SIGNATURE-----
>
>--------------enig76CB791339E9D081EAF57416--
>
>
>--__--__--
>
>Message: 5
>From: "Berend-Jan Wever" <skylined@xxxxxxxxxxxxxxx>
>To: <full-disclosure@xxxxxxxxxxxxxxxx>
>Subject: Re: [Full-Disclosure] I am out of here
>Date: Wed, 3 Nov 2004 15:39:02 +0100
>
>> If you can't stand the heat, get out of the kitchen!
>
>And btw: if you're not cooking, get the fuck out too!
>
>Cheers,
>SkyLined
>
>
>
>--__--__--
>
>Message: 6
>Date: Wed, 3 Nov 2004 09:56:31 -0500
>From: Danny <nocmonkey@xxxxxxxxx>
>Reply-To: Danny <nocmonkey@xxxxxxxxx>
>To: 3APA3A <3apa3a@xxxxxxxxxxxxxxxx>
>Subject: Re: [Full-Disclosure] How to clear contents of protected storage - 
>Windows 2000
>Cc: full-disclosure@xxxxxxxxxxxxxxxx
>
>On Wed, 3 Nov 2004 11:32:40 +0300, 3APA3A <3apa3a@xxxxxxxxxxxxxxxx> wrote:
>> Dear Danny,
>> 
>> You can use Cain & Abel (http://www.oxid.it).
>
>Hi 3APA3A,
>
>Thank you for the tip. For this particular job, it does not display
>all of the entries listed from pstoreview.exe, specifically the
>INETCOMM Server passwords.
>
>Anything else I can try?
>
>...D
>
>
>--__--__--
>
>Message: 7
>Date: Wed, 3 Nov 2004 10:15:36 -0500
>From: Danny <nocmonkey@xxxxxxxxx>
>Reply-To: Danny <nocmonkey@xxxxxxxxx>
>To: 3APA3A <3apa3a@xxxxxxxxxxxxxxxx>
>Subject: Re: [Full-Disclosure] How to clear contents of protected storage - 
>Windows 2000
>Cc: full-disclosure@xxxxxxxxxxxxxxxx
>
>On Wed, 3 Nov 2004 09:56:31 -0500, Danny <nocmonkey@xxxxxxxxx> wrote:
>> On Wed, 3 Nov 2004 11:32:40 +0300, 3APA3A <3apa3a@xxxxxxxxxxxxxxxx> wrote:
>> > Dear Danny,
>> >
>> > You can use Cain & Abel (http://www.oxid.it).
>> 
>> Hi 3APA3A,
>> 
>> Thank you for the tip. For this particular job, it does not display
>> all of the entries listed from pstoreview.exe, specifically the
>> INETCOMM Server passwords.
>> 
>> Anything else I can try?
>
>I found passview from nirsoft. Works. Case closed.
>
>..D
>
>
>--__--__--
>
>Message: 8
>Subject: RE: [Full-Disclosure] I am out of here
>Date: Wed, 3 Nov 2004 09:58:06 -0600
>From: "Banta, Will" <Will.Banta@xxxxxxxxxxxxx>
>To: <full-disclosure@xxxxxxxxxxxxxxxx>
>
>>Thank you all for turning a security mailinglist into a mudpool in
>which throwing around dirt about political candidates has become
>>the prime objective.
>
>What we've seen on this list only serves to show how important this
>election is to many people the world over, not just Americans.
>The drama will subside and people will return to business. All you need
>do is wait it out and ignore the obvious OT stuff if you're
>uninterested. Granted people might be more judicious in their use of
>"reply all" over "reply". 
>
>>However that was not my objective when I came to this list so it seems
>this list has become rather useless to me.
>
>What was your objective in coming to this list?
>
>>Quite a pity. But that is full-disclosure for you.
>
>I haven't been on this list long, but I've benefited from your posts so
>I think the pity is that you've decided to "take your blocks" and stalk
>off like a child.
>
>>So long and thanks for all the fish.
>
>There's more fish so why not stay awhile longer?
>
>
>>      I hate duplicates. Just reply to the relevant mailinglist.
>>      hvdkooij@xxxxxxxxxxxxxxx
>http://hvdkooij.xs4all.nl/
>>              Don't meddle in the affairs of magicians,
>>              for they are subtle and quick to anger.
>
>
>--__--__--
>
>Message: 9
>Date: Wed, 03 Nov 2004 11:02:13 -0500
>From: Barry Fitzgerald <bkfsec@xxxxxxxxxxxxxxxx>
>To: Berend-Jan Wever <skylined@xxxxxxxxxxxxxxx>
>CC: full-disclosure@xxxxxxxxxxxxxxxx
>Subject: Re: [Full-Disclosure] I am out of here
>
>Berend-Jan Wever wrote:
>
>>>If you can't stand the heat, get out of the kitchen!
>>>    
>>>
>>
>>And btw: if you're not cooking, get the fuck out too!
>>
>>  
>>
>Yeah - how hard is it to hit delete anyway?
>
>(I don't think I've ever joined a mailing list expecting every post to 
>be interesting to me... nor even the majority.  It seems like an 
>unrealistic expectation.)
>
>          -Barry
>
>
>--__--__--
>
>Message: 10
>Date: Wed, 3 Nov 2004 10:32:46 -0600
>From: kyle l <wtfbomb@xxxxxxxxx>
>Reply-To: kyle l <wtfbomb@xxxxxxxxx>
>To: Berend-Jan Wever <skylined@xxxxxxxxxxxxxxx>
>Subject: Re: [Full-Disclosure] I am out of here
>Cc: full-disclosure@xxxxxxxxxxxxxxxx
>
>so stop bitching... it's people like you and people like me who waste
>their time sending the types of messages like this that piss everyone
>off
>
>if it didnt happen in the first place there would not be a problem
>
>consider this next time you feel the need to inform us about leaving
>the mailing list; we really dont care.
>
>honestly.
>
>
>
>[http://www.eleat.org]
>
>
>On Wed, 3 Nov 2004 15:39:02 +0100, Berend-Jan Wever
><skylined@xxxxxxxxxxxxxxx> wrote:
>> > If you can't stand the heat, get out of the kitchen!
>> 
>> And btw: if you're not cooking, get the fuck out too!
>> 
>> 
>> 
>> Cheers,
>> SkyLined
>> 
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>
>
>
>--__--__--
>
>_______________________________________________
>Full-Disclosure mailing list
>Full-Disclosure@xxxxxxxxxxxxxxxx
>http://lists.netsys.com/mailman/listinfo/full-disclosure
>
>
>End of Full-Disclosure Digest
>

= = = = = = = = = = = = = = = = = = = =
                        

　　　　　　　　致
礼！
 
                                 
　　　　　　　　jialc
　　　　　　　　jialc@xxxxxxxxxxxxxxx
　　　　　　　　　　2004-11-11

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Prev by Date: [Full-Disclosure] RE: Norton AntiVirus Script Blocking Exploit -- Symantec's response
Next by Date: [Full-Disclosure] UDP broadcast on 13364 port
Previous by thread: [Full-Disclosure] Re: Full-Disclosure digest, Vol 1 #2020 - 10 msgs
Next by thread: [Full-Disclosure] RE: Norton AntiVirus Script Blocking Exploit -- Symantec's response
Index(es):
- Date
- Thread