From owner-freebsd-security@FreeBSD.ORG Mon Oct 11 07:19:44 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 40DF31065694 for ; Mon, 11 Oct 2010 07:19:44 +0000 (UTC) (envelope-from lukasz@chroot.pl) Received: from chroot.pl (lukasz-1-pt.tunnel.tserv6.fra1.ipv6.he.net [IPv6:2001:470:1f0a:3ba::2]) by mx1.freebsd.org (Postfix) with ESMTP id F39218FC12 for ; Mon, 11 Oct 2010 07:19:43 +0000 (UTC) Received: from [192.168.1.105] (zi [62.87.136.242]) by chroot.pl (Postfix) with ESMTPSA id C2B22198414 for ; Mon, 11 Oct 2010 09:19:42 +0200 (CEST) Message-ID: <4CB2BA78.6090100@chroot.pl> Date: Mon, 11 Oct 2010 09:19:20 +0200 From: uka User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.12) Gecko/20100913 Iceowl/1.0b1 Icedove/3.0.7 MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.96.3 at chroot.pl X-Virus-Status: Clean Subject: Multiple Vendors libc/glob(3) resource exhaustion (+0day remote, ftpd-anon) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2010 07:19:44 -0000 What about this: http://packetstormsecurity.org/1010-exploits/libcglob-exhaust.txt ? From owner-freebsd-security@FreeBSD.ORG Mon Oct 11 08:46:36 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CCB071065679 for ; Mon, 11 Oct 2010 08:46:36 +0000 (UTC) (envelope-from phanquochien@gmail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 625A88FC1B for ; Mon, 11 Oct 2010 08:46:36 +0000 (UTC) Received: by wyf19 with SMTP id 19so98056wyf.13 for ; Mon, 11 Oct 2010 01:46:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:cc:content-type; bh=yFhCnKQXkMVXD6YA9LJtTFjajr0jJsSQw1zLGIwpkz0=; b=LWH1G7ctGJlZYIVZf2abJ48vf9nMqrHlmxzqhRqjf5iMA4ivdJ6x/vGmmu6Wzr0zq2 3TxW+rnvBzMfIuYt7srYytZt4d8yCbjLe/drF4XBc9gykCUOlQRcOTEKg1jJZ2It4jb+ IDuJKH7d94MTQeQ8jpEtYQrS96oBRpkzVruIM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=clkIvBe5mTAtaII6KCvDdURuZ4LVKJ7TClqXaTqTryr0t3c5hgyuUirAlM1Mp1VxFk TQ1JcpDyxwHk2Dqi0lnIljvfHWES+KKa31uhQ71GlZYJw1Rc3J2C7mx0rj4OGZ/Hvhop oNjlInuk87ZHxjXRibWXP77LqF2nW9CGEJpd0= Received: by 10.227.154.211 with SMTP id p19mr5416652wbw.19.1286782810903; Mon, 11 Oct 2010 00:40:10 -0700 (PDT) MIME-Version: 1.0 Received: by 10.227.142.194 with HTTP; Mon, 11 Oct 2010 00:39:50 -0700 (PDT) In-Reply-To: <4CB2BA78.6090100@chroot.pl> References: <4CB2BA78.6090100@chroot.pl> From: Phan Quoc Hien Date: Mon, 11 Oct 2010 14:39:50 +0700 Message-ID: To: uka Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org Subject: Re: Multiple Vendors libc/glob(3) resource exhaustion (+0day remote, ftpd-anon) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2010 08:46:37 -0000 Hi! I saw this on Oct 7. But it's not verified yet ? http://www.exploit-db.com/exploits/15215/ Anyone tested it? On Mon, Oct 11, 2010 at 2:19 PM, uka wrote: > What about this: > http://packetstormsecurity.org/1010-exploits/libcglob-exhaust.txt ? > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " > -- Best regards, Mr.Hien E-mail: phanquochien@gmail.com Website: www.mrhien.info From owner-freebsd-security@FreeBSD.ORG Mon Oct 11 19:15:49 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 76D1E10656A4 for ; Mon, 11 Oct 2010 19:15:49 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 3F3208FC25 for ; Mon, 11 Oct 2010 19:15:48 +0000 (UTC) Received: by yxe42 with SMTP id 42so966403yxe.13 for ; Mon, 11 Oct 2010 12:15:48 -0700 (PDT) Received: by 10.42.1.76 with SMTP id 12mr2262455icf.54.1286823156111; Mon, 11 Oct 2010 11:52:36 -0700 (PDT) MIME-Version: 1.0 Received: by 10.231.166.77 with HTTP; Mon, 11 Oct 2010 11:52:15 -0700 (PDT) In-Reply-To: <4C4CA852.9070005@infracaninophile.co.uk> References: <201007251306.30579.lumiwa@gmail.com> <4C4CA852.9070005@infracaninophile.co.uk> From: Eitan Adler Date: Mon, 11 Oct 2010 18:52:15 +0000 Message-ID: To: Matthew Seaman Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org, ajtiM Subject: Re: portaudit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2010 19:15:49 -0000 > In the particular case of linux-f10-pango -- this is a long standing > vulnerability with no real prospect of a software patch becoming > available. =C2=A0Unfortunately that port is a vital part of the linuxulat= or, > so a lot of people are keeping it installed under case (c). > Curious - why is this unlikely to be patched? --=20 Eitan Adler