Lexa Software: Security-Alerts@yandex-team.ru archive

		Apache-Talk @lexa.ru
		Inet-Admins @info.east.ru
		Filmscanners @halftone.co.uk
		Security-alerts @yandex-team.ru
		nginx-ru @sysoev.ru

СТАТЬИ

ПЕРСОНАЛЬНОЕ

ПРОГРАММЫ

ПИШИТЕ
ПИСЬМА

АРХИВ :: Security-alerts

Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: [security-alerts] Fwd: [Full-disclosure] "0day was the case that they gave me"

To: eugeny gladkih <john@xxxxxxxxx>
Subject: Re[2]: [security-alerts] Fwd: [Full-disclosure] "0day was the case that they gave me"
From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
Date: Wed, 14 Feb 2007 00:28:26 +0300
Cc: Alexander Dilevskiy <dil@xxxxxx>, security-alerts@xxxxxxxxxxxxxx
In-reply-to: <87sld9bxab.fsf@xxxxxxxxxx>
List-archive: <http://www.lexa.ru/security-alerts/> (Web Archive)
List-id: <security-alerts.yandex-team.ru>
List-subscribe: <mailto:majordomo@yandex-team.ru?body=subscribe%20security-alerts>
List-unsubscribe: <mailto:majordomo@yandex-team.ru?body=unsubscribe%20security-alerts>
Organization: http://www.security.nnov.ru
References: <20070211045806.B4B121E0@xxxxxxxxxxxxxxxxx> <188767890.20070211172955@xxxxxxxxxxxxxxxx> <45CF499A.5000002@xxxxxx> <87sld9bxab.fsf@xxxxxxxxxx>

Dear eugeny gladkih,

 Что-то  или  я не въехал про журналистику или ты не так перевел. Кто-то
 ужаснулся что этот баг 10-летней давности, на что ему ответили, что это
 не  может быть, т.к. флаг -f в Солярисе появился недавно и скорее всего
 путают  с  AIX  (там  такая  бага  действительно  была  в  незапамятные
 времена).  Здесь  ошибка только в последних версиях Соляриса (начиная с
 10ки).

 В  общем, журналистика непричем, ошибка подтвержденная (CVE-2007-0882),
 много  Солярисов  уже  поломано. Даже если закрывать телнет фаерволом -
 уязвимость остается как локальная.

--Tuesday, February 13, 2007, 11:46:52 PM, you wrote to dil@xxxxxx:

>>>>>> "AD" == Alexander Dilevskiy <dil@xxxxxx> writes:

 AD>> Ужас, конечно, но у нормальных людей телнет оторван как
 AD>> класс.

eg> я не зря задавал вопрос о "F flasg", но, похоже кое-кто не поняв
eg> решил что жареность фактов для черной журналистики
eg> важнее. печальная тенденция... 

>> From: Casper.Dik@xxxxxxx
>> Subject: Re: Solaris telnet vulnberability - how many on your network?
>> To: Oliver Friedrichs <oliver_friedrichs@xxxxxxxxxxxx>
>> Cc: Gadi Evron <ge@xxxxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx,
>>      full-disclosure@xxxxxxxxxxxxxxxxx
>> Date: Tue, 13 Feb 2007 19:11:55 +0100
>> >
>> >Am I missing something?  This vulnerability is close to 10 years old.
>> >It was in one of the first versions of Solaris after Sun moved off of
>> >the SunOS BSD platform and over to SysV.  It has specifically to do w=
>> >ith
>> >how arguments are processed via getopt() if I recall correctly.
>> 
>> You're confused with AIX/Linux
>> 
>> Solaris did not have the -f option in login until much later.
>> 
>> Casper

 AD>> --  
 AD>> Alexander Dilevsky
 AD>> mailto:dil@xxxxxx

 AD>> 3APA3A wrote:
 >>> П...ец.
 >>> 
 >>> --This is a forwarded message
 >>> From: kcope <kingcope@xxxxxxx>
 >>> To: full-disclosure@xxxxxxxxxxxxxxxxx
 >>> <full-disclosure@xxxxxxxxxxxxxxxxx>
 >>> Date: Sunday, February 11, 2007, 7:59:56 AM
 >>> Subject: [Full-disclosure] "0day was the case that they gave me"
 >>> 
 >>> ===8<==============Original message text===============
 >>> "Alla pisteua gia sena,
 >>> Alla phantasomouna,
 >>> Nomisa pos magapouses,
 >>> Kai geliomouna.
 >>> Alla pisteua gia sena,
 >>> Alla phantasomouna,
 >>> Nomisa pos magapouses,
 >>> 
 >>> Kai geliomouna."
 >>> 
 >>> http://www.com-winner.com/0day_was_the_case_that_they_gave_me.pdf
 >>> http://www.com-winner.com/Alla_pisteua.mp3
 >>> http://www.com-winner.com/anothernicesong.mp3
 >>> 
 >>> G0 f3tch y0ur Sol10 r00tkitz :)
 >>> 
 >>> Signed,
 >>> Eliteboy
 >>> 
 >>> _______________________________________________
 >>> Full-Disclosure - We believe in it.
 >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 >>> Hosted and sponsored by Secunia - http://secunia.com/
 >>> 
 >>> ===8<===========End of original message text===========
 >>> 
 >>> 
 >>> 

-- 
~/ZARAZA http://securityvulns.com/
Таким образом он умирает в шестой раз - и опять на новом месте. (Твен)

References:
- [security-alerts] Fwd: [Full-disclosure] "0day was the case that they gave me"
  - From: 3APA3A
- Re: [security-alerts] Fwd: [Full-disclosure] "0day was the case that they gave me"
  - From: Alexander Dilevskiy
- Re: [security-alerts] Fwd: [Full-disclosure] "0day was the case that they gave me"
  - From: eugeny gladkih

Prev by Date: Re: [security-alerts] Fwd: [Full-disclosure] "0day was the case that they gave me"
Next by Date: [security-alerts] FW: iDefense Security Advisory 02.13.07: Microsoft 'wininet.dll' FTPReply Null Termination Heap Corruption Vulnerability
Previous by thread: Re: [security-alerts] Fwd: [Full-disclosure] "0day was the case that they gave me"
Next by thread: [security-alerts] FW: [SA24133] MIMEDefang Unspecified Buffer Overflow Vulnerability
Index(es):
- Date
- Thread