[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-disclosure] Security Hole Found In Dave's Sock
- To: "Swain, Kenneth" <kswain@xxxxxxxxxxxx>, "John Kinsella" <jlk@xxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: RE: [Full-disclosure] Security Hole Found In Dave's Sock
- From: "Ted Frederick" <tfrederick@xxxxxxxxxxxx>
- Date: Thu, 8 Sep 2005 13:29:56 -0400
alert toe $EXTERNAL_NET any -> $SNEAKER_NET any (msg:"EXPLOIT:
Unauthorized Sock Overflow"; flow:to_Toe,established;
content:"/sock/toe"; reference:FullDisclosure,2347;
reference:cve,2001-0144; reference:cve,2001-0572;
classtype:FootAccess-detect; sid:1324; rev:6;)
-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Swain,
Kenneth
Sent: Thursday, September 08, 2005 1:19 PM
To: John Kinsella; full-disclosure@xxxxxxxxxxxxxxxxx
Subject: RE: [Full-disclosure] Secuirty Hole Found In Dave's Sock
I have not seen any signatures for snort yet, but I heard that the
bleeding snort team is working on it.I have not seen any signatures for
snort yet, but I heard that the bleeding snort team is working on it.
-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of John
Kinsella
Sent: Thursday, September 08, 2005 12:13 PM
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Secuirty Hole Found In Dave's Sock
Is anybody else seeing these attacks? Is this the China hackers again?
I think I saw a hole last week, but my logs aren't that great so I'm
going to have to go back and double-check.
Could this be related to socks disappearing? Anybody have signatures
for snort?
John
On Thu, Sep 08, 2005 at 01:02:09PM -0400, Dave Cawley wrote:
> With the work around, putting it on the left foot, the
> hole will be ABOVE the small toe and should not enlarge. This
> hasn't been verifed yet, but the computer models point to this.
>
> ***************************************************************
> Dave D. Cawley |
> High Speed Internet | The number of Unix installations
> Duryea, PA | has grown to 10, with more expected.
> (570)451-4311 x104 | - The Unix Programmer's Manual,1972
> dave.cawley@xxxxxxxxxxxx |
> ***************************************************************
> URL => http://www.adelphia.net
>
> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Daniel
> Sent: Thursday, September 08, 2005 2:53 PM
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: Re: [Full-disclosure] Secuirty Hole Found In Dave's Sock
>
>
> Hi all,
>
> I see, that the hole getting greater if you use the socket without any
> patches!
>
> Can anyone verify this?
>
> kind regards
> Daniel
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/