http://readlist.com Full-disclosure Mailing List - New Threads feed en http://readlist.com/readlist-logo-tiny.gif http://readlist.com/ 156 30 http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43447.html Thu, 15 May 2008 23:47:42 GMT If joebloggs is banned from a Google Group and xploitable is registered with that group, joebloggs can subscribe to a mailing list such as Full-Disclosure and start forwarding all messages xploitable sends to that mailing list if xploitable is registered to it, and directly post them to the Google Group joebloggs is banned from. This is probably done by the banned joebloggs setting up a filter on Gmail Settings > Filter > ... http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43442.html Thu, 15 May 2008 20:26:53 GMT ZDI-08-025: Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-025 May 15, 2008 -- Affected Vendors: Symantec -- Affected Products: Symantec Altiris Deployment Solution -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID ... http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43441.html Thu, 15 May 2008 20:24:42 GMT ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-024 May 15, 2008 -- Affected Vendors: Symantec -- Affected Products: Symantec Altiris Deployment Solution -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 5935. For ... http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43437.html Thu, 15 May 2008 15:34:39 GMT No qualifications required http://img111.imageshack.us/my.php?image=amtvamazonlo3.jpg Amazon's artificial artificial intelligence technology starts to solve the problems machines could not easily solve; that of avoiding protection measures against automated Internet junk. Amazon has been warned many times. They just don't care. Kempelen would be proud. Найди сослуживцев http://r.mail.ru/cln3832/my.mail.ru/?from_commercial=14 ... http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43436.html Thu, 15 May 2008 12:55:47 GMT Hi, I'm developing a tool for testing the effectiveness of IPS/IDS devices against various exploits. I could not find any working Poc for this particular vulnerability. Please help me out with any information about any working exploit for this vulnerability or Poc. Details: Exploit: CA Brightstor ARCserve Backup dbasvr.exe memory corruption vulnerability Product: CA ARCserv Backup ... http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43435.html Thu, 15 May 2008 12:36:32 GMT Hi, some good news in the whole Debian OpenSSL vulnerability mess: We have tested all the CAs with 1024 and 2048 bit keys with a public exponent of 653537 which are included in the Windows or Mozilla CA store against our list of known weak keys, but none of them were affected. Not that we expected that they were, but we thought it might be better to check ;-) A minor 13% has not been tested because they were using different ... http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43434.html Thu, 15 May 2008 10:02:18 GMT _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ... http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43432.html Thu, 15 May 2008 06:41:01 GMT Hi full-disclosure, the debian openssl issue leads that there are only 65.536 possible ssh keys generated, cause the only entropy is the pid of the process generating the key. This leads to that the following perl script can be used with the precalculated ssh keys to brute force the ssh login. It works if such a keys is installed on a non-patched debian or any other system manual configured to. On an unpatched ... http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43431.html Thu, 15 May 2008 06:29:04 GMT I might be at the Masquerade in Atlanta tomorrow! I'll wear an EFF shirt so you know it's me! Looking forward to meeting you guys, Professor Micheal Chatner, MD, CISSP _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ... http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43429.html Thu, 15 May 2008 02:06:10 GMT http://www.networkworld.com/news/2008/051408-hacker-writes-rootkit-for-ciscos.ht ml _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ... http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43427.html Wed, 14 May 2008 23:35:27 GMT rPath Security Advisory: 2008-0169-1 Published: 2008-05-14 Products: rPath Linux 1 rPath Linux 2 rPath Appliance Platform Linux Service 1 Rating: Severe Exposure Level Classification: Remote User Deterministic Denial of Service Updated Versions: kernel=conary.rpath.com kernel=conary.rpath.com kernel=conary.rpath.com kernel=rap.rpath.com rPath Issue Tracking ... http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43426.html Wed, 14 May 2008 22:51:37 GMT Anything more to say before I forward all these false accusations to my lawyer? I wouldn't want to leave anything out. All the best, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ... http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43421.html Wed, 14 May 2008 21:42:48 GMT Facts: 1. On April 24, 2006 n3td3v created a google group named ####...#### - where the name was 200 sucessive # marks. 2. The email for the group owner is n3td3v-security. 3. There are exactly seven messages posted to the group. 4. All messages were posted by n3td3v. 5. Two messages contained repetitions of text urging people to purchase penis enlargement products from n3td3v. 6. Message #7 was entitled "Break ... http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43419.html Wed, 14 May 2008 21:13:34 GMT My answer is no. Though, we may have discovered the net dev agenda. From: "n3td3v" <xploita...> Date: Mon, 24 Apr 2006 14:01:35 -0700 Local: Mon, Apr 24 2006 5:01 pm Subject: ################################################################ # Buy my penis enlargement pills # Buy my penis enlargement pills # Buy my penis enlargement pills # Buy my penis enlargement pills # Buy my penis ... http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43416.html Wed, 14 May 2008 20:37:47 GMT http://metasploit.com/users/hdm/tools/debian-openssl/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ... http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43415.html Wed, 14 May 2008 20:21:31 GMT =========================================================== Ubuntu Security Notice USN-612-6 May 14, 2008 openvpn regression https://launchpad.net/bugs/230193 https://launchpad.net/bugs/230208 http://www.ubuntu.com/usn/usn-612-3 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS ... http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43412.html Wed, 14 May 2008 17:59:06 GMT - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenOffice.org: Multiple ... http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43411.html Wed, 14 May 2008 17:13:10 GMT =========================================================== Ubuntu Security Notice USN-612-5 May 14, 2008 openssh update https://launchpad.net/bugs/230029 http://www.ubuntu.com/usn/usn-612-2 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the ... http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43409.html Wed, 14 May 2008 16:58:43 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities Advisory ID: cisco-sa-20080514-cucmdos Revision 1.0 +--------------------------------------------------------------------- Summary ======= Cisco Unified Communications Manager, formerly Cisco CallManager, contains multiple ... http://readlist.com/lists/lists.netsys.com/full-disclosure/8/43408.html Wed, 14 May 2008 16:51:12 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities Advisory ID: cisco-sa-20080514-cup Revision 1.0 +--------------------------------------------------------------------- Summary ======= Cisco Unified Presence contains three denial of service (DoS) vulnerabilities that may cause an ...