Re: [Full-disclosure] Samba Remote Zero-Day Exploit

Les derniers commentaires publiés sur SecuObs (1-5):

- Virtual machines being used to obfuscate malware - Implement the SSH-2 protocol in pure Java - Video : ESRT @securityshell - Nessus Scan through a Meterpreter Session - ESRT @Jhaddix Man-Just-Left-of-Middle MJLM XSS Phishing Attack Tool - An Analysis of the Skype IMBot Logic and Functionality Les derniers commentaires publiés sur SecuObs (6-25) Tous les commentaires publiés sur SecuObs avant les 5 derniers

[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] Re: [Full-disclosure] Samba Remote Zero-Day Exploit

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >The default setting is "writeable = no". If you change that, then >you are responsible for reading the docs and setting secure >options.

This is an interesting point of view. However u haven't answered my question. Is there an option to enable a traversal or lets say chdir to a path outside of the configured enviroment which is disabled by default? Regards, marx On Sat, 06 Feb 2010 21:29:14 +0100 paul.szabo@xxxxxxxxxxxxx wrote: >Dear Marx, > >> seems like u get personal pissed ...

> >No I do not take it personally.

> >> ... how it is possible per "default" ...

> >The default setting is "writeable = no". If you change that, then >you are responsible for reading the docs and setting secure >options.

> >Cheers, Paul > >Paul Szabo psz@xxxxxxxxxxxxxxxxx >link://[click] >School of Mathematics and Statistics University of Sydney >Australia -----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at link://[click] Version: Hush 3.0 wpwEAQMCAAYFAktt1HgACgkQ3FclBRq92Bd4bgQAgLruU2uXcdEYvskonAm9mxpQVgiD CNTiyEwNAyBI8FU0cPaPPNQK01EI5g8K067dgh02dO+9Tz7bRapOXkjq3MRqIgOqdrk7 ylD0j7WJFHEOhYXiPBFE1Lr5lUqL1FCTETt0VyJnQ3XTIx2x5oZ/Wx6a6GSkhUtfn5f2 oPlFMBw= =sDvn -----END PGP SIGNATURE----- Full-Disclosure - We believe in it.

Charter: link://[click] Hosted and sponsored by Secunia - link://[click]

Suivi:
- Re: [Full-disclosure] Samba Remote Zero-Day Exploit

Precedent par Date: [Full-disclosure] Samba Remote Zero-Day Exploit
Suivant par Date: Re: [Full-disclosure] Samba Remote Zero-Day Exploit
Precedent par fil : [Full-disclosure] Samba Remote Zero-Day Exploit
Suivant par fil : Re: [Full-disclosure] Samba Remote Zero-Day Exploit
Index(s):
- Date
- Fil

Archives de la liste de diffusion Secunia
Archives de la liste de diffusion BugTraq
Archives de la liste de diffusion DailyDave
Archives de la liste de diffusion FunSec
Archives de la liste de diffusion Full Disclosure
Archives de la liste de diffusion Focus-IDS (FD)
Archives de la liste de diffusion Webappsec (FD)
Archives de la liste de diffusion Security-basics (FD)
Archives de la liste de diffusion Vulndiscuss
Archives de la liste de diffusion Vulnwatch

Les derniers commentaires publiés sur SecuObs (6-25):

- sipwitch 0.7.3 - Saint Vulnerability Scanner v7.3 on the wild - JBroFuzz 2.0 Fuzzer Released - Metasploit Oracle Windows - Detecting USB Storage Usage with OSSEC - Vulnerability in phpAdsNew, OpenAds and OpenX - ESRT @devilok - Buck Security - Collection of security checks for Linux - WhatWeb v0.4 - released - SQLmap 0.8 has been Released - Video : Discovering CSRF with OWASP's CSRFTester Tool - How your email gets hacked - Sniff-n-Spit v1.0 - intercepting communications - RFID reader for iPhone - Fimap alpha v0.8 released - ESRT @Opexxx - Add IPv6 DNS Brute Forcing - Metasploit DNS Enum module - ESRT @nevdull77 - XSS demo steals password from password manager - Video : ESRT @SecurityTube - Video Internet Explorer Iepeers Pointer Exploit - ESRT @0x58 @packet_storm - Adobe PDF LibTiff Integer Overflow - Video : ESRT @TimelessP - Aurora Exploit with alternate payload passing throu - ESRT @ITVulnerability - PeerSec MatrixSSL - Embedded SSL and TLS implementati Les cinq derniers commentaires publiés sur SecuObs Tous les commentaires publiés sur SecuObs avant les 25 derniers

SecuToolBox :

Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / WEP aircrack + Ubiquiti (MadWifi) 300 mW + Yagi / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner + d'outils / + de tutoriels

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, exploit, windows, microsoft, réseau, attaque, outil, vulnérabilité, audit, système, virus, internet, données, présentation, metasploit, linux, bluetooth, protocol, vista, scanner, réseaux, shell, engineering, rootkit, paquet, conférence, trames, wishmaster, téléphone, source, sysun, noyau, mobile, https, mémoire, rapport, botnet, téléphones, libre, reverse, navigateur, patch, snort, scapy, intel + de mots clés avec l'annuaire des articles publiés sur SecuObs

Archives Failles Secunia :

- SA38875 Skype skype-plugin: URI Handling XML File Deletion Vulnerability - SA38934 Joomla Ulti RPX Component controller Local File Inclusion - SA38950 Debian update for drupal6 - SA38947 AdFreely LANG_CODE Local File Inclusion Vulnerability - SA38980 Fedora update for squid + d'archives failles avec Secunia et SecuMail

Archives Mailing Full Disclosure :

- Full-disclosure Claude Mercier/CLSC-CHSLD BVLV/Reg03/SSSS est absent(e). - Re: Full-disclosure SecurityFocus to partially shut down - Full-disclosure USN-913-1 libpng vulnerabilities - Full-disclosure USN-912-1 Audio File Library vulnerability - Re: Full-disclosure SecurityFocus to partially shut down + d'archives Full Disclosure avec SecuMail

Archives Mailing Bugtraq :

- ZDI-10-031: Apple Webkit Blink Event Dangling Pointer Remote Code Execution Vulnerability - ZoneAlarm 9 (ForceField) Security Disclosure - SyScan'10 CFP - Zigurrat CMS SQL Injection Vulnerability - Pars CMS SQL Injection Vulnerability - Tool sqlmap 0.8 released + d'archives Bugtraq avec SecuMail

Mini-Tagwall de l'annuaire video :

vmware, security, virus, biometric, windows, lockpicking, password, botnet, metasploit, tutorial, attack, crypt, linux, network, iphone, server, exploit, conficker, wimax, virtu, virtual, engineering, reverse, cisco, ettercap, wireshark, shmoocon, hacker, firewall, internet, knoppix, rootkit, arduino, source, conference, wireless, backtrack, openbsd, brucon, systm, overflow, openssh, buffer, access, remote + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité + de mots clés avec l'annuaire de la revue de presse

Mini-Tagwall des Tweets de la revue Twitter :

security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack + de mots clés avec l'annuaire de la revue Twitter