Dailydave mailing list archives
Re: Dailydave Digest, Vol 12, Issue 9
From: James Hansen <jhansen () sensage com>
Date: Wed, 12 Jul 2006 12:48:11 -0400
Yes. He was on a customer use case panel and was to talk about how he uses sensage. NI and arcsight both had great presenters, one of which is JP morgan, who is also using us (which they didn't mention of course. ) Unfortunate that he wasn't here. -----Original Message----- From: dailydave-request () lists immunitysec com To: dailydave () lists immunitysec com Sent: 7/12/06 11:50 AM Subject: Dailydave Digest, Vol 12, Issue 9 Send Dailydave mailing list submissions to dailydave () lists immunitysec com To subscribe or unsubscribe via the World Wide Web, visit http://lists.immunitysec.com/mailman/listinfo/dailydave or, via email, send a message with subject or body 'help' to dailydave-request () lists immunitysec com You can reach the person managing the list at dailydave-owner () lists immunitysec com When replying, please edit your Subject line so it is more specific than "Re: Contents of Dailydave digest..." Today's Topics: 1. Re: DSU (H D Moore) 2. Re: DSU (Florian Weimer) 3. Re: DSU (pageexec () freemail hu) 4. Re: DSU (Florian Weimer) 5. Re: DSU (pageexec () freemail hu) 6. Re: Question of the day: iTunes + Watermarking? (Dave Korn) 7. iTunes (Steve Tornio) 8. Re: MS05-027 exploits around? (Pusscat) 9. Re: DSU (TINNES Julien RD-MAPS-ISS) 10. Re: DSU (TINNES Julien RD-MAPS-ISS) ---------------------------------------------------------------------- Message: 1 Date: Tue, 11 Jul 2006 21:06:23 -0500 From: H D Moore <hdm-daily-dave () digitaloffense net> Subject: Re: [Dailydave] DSU To: dailydave () lists immunitysec com Message-ID: <200607112106.23940.hdm-daily-dave () digitaloffense net> Content-Type: text/plain; charset="iso-8859-1" Is Immunity using the cron.d technique for getting execution? I really like how the RS-Labs folks did it: http://www.rs-labs.com/exploitsntools/rs_prctl_kernel.c -HD On Tuesday 11 July 2006 08:57, Dave Aitel wrote:
So the 2.6 prctl kernel bug is exploitable to get root. Typically on these sorts of things, you just read what Paul Starzets has to say on the matter and accept it. But for people who are having problems believing it, we posted an exploit to the partner's page about it.
------------------------------ Message: 2 Date: Wed, 12 Jul 2006 06:34:23 +0200 From: Florian Weimer <fw () deneb enyo de> Subject: Re: [Dailydave] DSU To: pageexec () freemail hu Cc: Dave Aitel <dave () immunityinc com>, dailydave <dailydave () lists immunitysec com> Message-ID: <87fyh7h25s.fsf () mid deneb enyo de> Content-Type: text/plain; charset=us-ascii
On 11 Jul 2006 at 9:57, Dave Aitel wrote:This is the difference between Linux and Windows. If this had been Microsoft they would have just changed the behavior silently or made it part of some other patch and hoped no one noticed.sorry if i missed the sarcasm above, but are you suggesting that the following is actually what it is claimed to be? ;-) http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c85d1f9d358b24c5b05c3a2783a78423775a080
Most kernel bug fixes are not reviewed for their security impact. This means that a lot of things are in fact fixed silently. Perhaps it's not as deliberate as what Microsoft is doing, but as a side effect, some of these fixes are not picked up by vendors and do not end up in their kernels, even though the bug fix has been published. ------------------------------ Message: 3 Date: Wed, 12 Jul 2006 10:41:23 +0200 From: pageexec () freemail hu Subject: Re: [Dailydave] DSU To: Florian Weimer <fw () deneb enyo de> Cc: Dave Aitel <dave () immunityinc com>, dailydave <dailydave () lists immunitysec com> Message-ID: <44B4D1D3.4078.60835675 () pageexec freemail hu> Content-Type: text/plain; charset=US-ASCII On 12 Jul 2006 at 6:34, Florian Weimer wrote:
On 11 Jul 2006 at 9:57, Dave Aitel wrote:This is the difference between Linux and Windows. If this had been Microsoft they would have just changed the behavior silently or made it part of some other patch and hoped no one noticed.sorry if i missed the sarcasm above, but are you suggesting that the following is actually what it is claimed to be? ;-) http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c85d1f9d358b24c5b05c3a2783a78423775a080Most kernel bug fixes are not reviewed for their security impact. This means that a lot of things are in fact fixed silently. Perhaps it's not as deliberate as what Microsoft is doing, but as a side effect, some of these fixes are not picked up by vendors and do not end up in their kernels, even though the bug fix has been published.
nice try but then how do you explain the following: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2448 in particular note the date of the CVE entry vs. that of the commit and the obvious discrepancy between the two descriptions. something known to be as a security bug in May (hence the request for the CVE entry) was committed with a rather non-descript message next month. i for one would really like to see what went on on vendor-sec or the kernel security list regarding this bug. ------------------------------ Message: 4 Date: Wed, 12 Jul 2006 11:00:39 +0200 From: Florian Weimer <fw () deneb enyo de> Subject: Re: [Dailydave] DSU To: pageexec () freemail hu Cc: Dave Aitel <dave () immunityinc com>, dailydave <dailydave () lists immunitysec com> Message-ID: <8764i _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Dailydave Digest, Vol 12, Issue 9 James Hansen (Jul 12)