ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] This Forum virus hits form one subscriber - Causes...


I was, however, concise and probably more accurate than the response,
IMHO. Good post, John.  Your not making a lot of points these days,
Jeff.


Monday, May 17, 2004, 9:03:47 PM, Jeff Williams <jwkckid1@xxxxxxxxxxxxx> wrote:
JW> John,

JW>   I was born standing up and talking back John...  Sorry if that
JW> upsets you..  Live with it guy!  >;)  And I am sorry you feel
JW> a need to resort to foul language as well.  That indeed is a shame...:/

JW> John Palmer wrote:

>> Fuck you Jeff - tell me - were you born an asshole or did your mother
>> teach you how to be one?
>>
>> ----- Original Message -----
>> From: "Jeff Williams" <jwkckid1@xxxxxxxxxxxxx>
>> To: "Leah G" <jandl@xxxxxxxxx>
>> Cc: <ga@xxxxxxxxxxxxxx>
>> Sent: Monday, May 17, 2004 4:21 AM
>> Subject: Re: [ga] This Forum virus hits form one subscriber - Causes...
>>
>> > Leah and all former DNSO GA members or other interested stakeholders/users,
>> >
>> >   Oh? Well than why did you twice inform us all that you did? Oh yes
>> > and BTW I did not say you were using Norton Firewall..   And
>> > BTW as well the info I provided included  "Symantec Norton AntiSpam
>> > 2004"  So, why was it that your Email address was several times carrying
>> > a attached file that contained a virus, even after it was several times
>> > pointed out your Email address, and not spoofed as you claimed, was
>> > still sending out a virus in an attached file?
>> >
>> >   Now I can believe that VERY recently you  have changed or added
>> > additional virus protect software as you state below...  But that's after
>> > some time after the fact Leah...  Too much time after the fact...
>> >
>> >   The proof as you well know Leah is in the archives.  I have no
>> > problem what so ever providing that proof in a court of proper
>> > jurisdiction ANY TIME!  I await your service...
>> >
>> > Leah G wrote:
>> >
>> > > Can it Jeff.  I don't use Norton Firewall or Norton Internet Security.
>> > > I use Norton AV, Trend Micro online and others for virus scanning.  My
>> > > firewall is a double - Zone Alarm Pro and a linux firewall.  In
>> > > addition, I keep track of vulnerabilities in all software I use and
>> > > update regularly.  I'm probably in the minority in terms of keeping up
>> > > with security alerts.  Most people do not.
>> > >
>> > > I'm really sick of this, Jeff.  Some infected machine has my email
>> > > address and it is being spoofed.  If you can't check headers and realize
>> > > that, I'm sorry, but continuing to insist that I have an infected
>> > > machine or that my machine is the source of the viruses sent to this
>> > > list is something you need to RETRACT unless you can prove it - and you
>> > > can't because it is untrue.  Now I'm angry.
>> > >
>> > > Leah
>> > >
>> > > Jeff Williams wrote:
>> > >
>> > > > All former DNSO GA members or other interested stakeholders/users,
>> > > >
>> > > >   Lately or recently this forum has been hit by Leah's Email address
>> > > > containing viruses.  The cause seems to be from the following,
>> > > > given Leah's several self proclaimed use of Norton.
>> > > > See ( fixes now avalible, below.  Note: switch to some other
>> > > > vendors virus ware Leah )
>> > > >
>> > > > ======================
>> > > >
>> > > >  HIGH: Symantec Firewall Products Multiple Vulnerabilities
>> > > > Affected:
>> > > > Symantec Norton Internet Security 2002
>> > > > Symantec Norton Internet Security 2003
>> > > > Symantec Norton Internet Security 2004
>> > > > Symantec Norton Internet Security Professional 2002
>> > > > Symantec Norton Internet Security Professional 2003
>> > > > Symantec Norton Internet Security Professional 2004
>> > > > Symantec Norton Personal Firewall 2002
>> > > > Symantec Norton Personal Firewall 2003
>> > > > Symantec Norton Personal Firewall 2004
>> > > > Symantec Client Firewall 5.01, 5.1.1
>> > > > Symantec Client Security 1.0, 1.1, 2.0(SCF 7.1)
>> > > > Symantec Norton AntiSpam 2004
>> > > >
>> > > > Description: Symantec firewall products, used by both enterprises and
>> > > > home users, contain the following vulnerabilities in the "SYMDNS.SYS"
>> > > > module. This module validates the DNS and NetBIOS name service
>> > > > responses before allowing them to pass through the firewall.
>> > > >
>> > > > (1) The module contains a stack-based buffer overflow that can be
>> > > > triggered by a DNS response with an overlong "CNAME" field. The
>> > > > overflow can be exploited to execute arbitrary code with the
>> > > > "KERNEL" privileges.
>> > > >
>> > > > Note that the firewall processes all DNS response packets i.e. any UDP
>> > > > packet with source port 53. Hence, the flaw lends itself to easy
>> > > > exploitation via spoofed UDP packets.
>> > > >
>> > > > (2) The module contains another stack-based buffer overflow that can be
>> > > > triggered by a specially crafted NetBIOS response with an overlong
>> > > > NetBIOS name. The overflow can be exploited to execute arbitrary code
>> > > > with the "KERNEL" privileges. Note that if the client allows Windows
>> > > > file sharing, the NetBIOS name service port 137/udp is open.
>> > > >
>> > > > (3) The module contains a heap-based buffer overflow that can be
>> > > > triggered by a crafted NetBIOS response. The problem arises when the
>> > > > NetBIOS response does not contain the "Type", "Class", "Time-to-Live"
>> > > > and "Data Length" fields in a "Resource Record". The heap-based
>> > > > overflow can be leveraged to execute arbitrary code with "KERNEL"
>> > > > privileges, but is believed to be difficult to exploit reliably.
>> > > >
>> > > > (4) The module contains a denial-of-service vulnerability. The problem
>> > > > arises because a malicious domain name, constructed by using the DNS
>> > > > "compressed name pointer", can cause the decoding routine to enter an
>> > > > "infinite" loop. A hard reboot is required to restore the system to
>> > > > normalcy. The technical details required to exploit all the
>> > > > vulnerabilities have been posted.
>> > > >
>> > > > Status: Symantec has confirmed the flaws; updates available. Clients
>> > > > are advised to use the "LiveUpdate" feature to get the latest fixes.
>> > > >
>> > > > Council Site Actions:  Three of the reporting council sites are using
>> > > > the affected product.  One site has already patched their systems via
>> > > > the LiveUpdate Feature.  Another site has only notified their sysadmins
>> > > > and has not yet planned how to remediate. They are expecting a major
>> > > > effort since they were hit hard by the recent BlackIce attack.  The
>> > > > third site has a large number of Symantec users; however they do not
>> > > > officially support the software and do not plan any action at this time.
>> > > >
>> > > > They said that if there is an exploit released in the wild, they will
>> > > > inform the end users who have signed up for general security
>> > > > notifications.
>> > > >
>> > > > References:
>> > > > eEye Advisories
>> > > >
>> http://www.eeye.com/html/Research/Advisories/AD20040512D.html (DNS
>> > > > Overflow)
>> > > >
>> http://www.eeye.com/html/Research/Advisories/AD20040512A.html
>> (NetBIOS
>> > > > Stack Overflow)
>> > > >
>> http://www.eeye.com/html/Research/Advisories/AD20040512C.html
>> (NetBIOS
>> > > > Heap Overflow)
>> > > >
>> http://www.eeye.com/html/Research/Advisories/AD20040512B.html (DNS
>> DoS)
>> > > > Symantec Advisory
>> > > >
>> http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html
>> > > >
>> > > > DNS DoS Exploit
>> > > >
>> http://archives.neohapsis.com/archives/bugtraq/2004-05/0131.html
>> > > > SecurityFocus BID
>> > > > http://www.securityfocus.com/bid/10333
>> > > > http://www.securityfocus.com/bid/10334
>> > > > http://www.securityfocus.com/bid/10335
>> > > > http://www.securityfocus.com/bid/10336
>> > > >
>> ****************************************************************
>> > > >
>> > > > Regards,
>> > > >
>> > > > --
>> > > > Jeffrey A. Williams
>> > > > Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
>> > > > "Be precise in the use of words and expect precision from others" -
>> > > >     Pierre Abelard
>> > > >
>> > > > "If the probability be called P; the injury, L; and the burden, B;
>> > > > liability depends upon whether B is less than L multiplied by
>> > > > P: i.e., whether B is less than PL."
>> > > > United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
>> > > >
>> ===============================================================
>> > > > Updated 1/26/04
>> > > > CSO/DIR. Internet Network Eng. SR. Eng. Network data security
>> > > > IDNS. div. of Information Network Eng.  INEG. INC.
>> > > > E-Mail jwkckid1@xxxxxxxxxxxxx
>> > > >  Registered Email addr with the USPS
>> > > > Contact Number: 214-244-4827
>> > > >
>> > > >
>> > >
>> > > --
>> > > Leah G.
>> > > http://forums.delphiforums.com/atlargeorg
>> > > http://forums.delphiforums.com/domainwatch
>> >
>> > Regards,
>> >
>> > --
>> > Jeffrey A. Williams
>> > Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
>> > "Be precise in the use of words and expect precision from others" -
>> >     Pierre Abelard
>> >
>> > "If the probability be called P; the injury, L; and the burden, B;
>> > liability depends upon whether B is less than L multiplied by
>> > P: i.e., whether B is less than PL."
>> > United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
>> > ===============================================================
>> > Updated 1/26/04
>> > CSO/DIR. Internet Network Eng. SR. Eng. Network data security
>> > IDNS. div. of Information Network Eng.  INEG. INC.
>> > E-Mail jwkckid1@xxxxxxxxxxxxx
>> >  Registered Email addr with the USPS
>> > Contact Number: 214-244-4827
>> >
>> >
>> >
>> >

JW> Regards,

JW> --
JW> Jeffrey A. Williams
JW> Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
JW> "Be precise in the use of words and expect precision from others" -
JW>     Pierre Abelard

JW> "If the probability be called P; the injury, L; and the burden, B;
JW> liability depends upon whether B is less than L multiplied by
JW> P: i.e., whether B is less than PL."
JW> United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
JW> ===============================================================
JW> Updated 1/26/04
JW> CSO/DIR. Internet Network Eng. SR. Eng. Network data security
JW> IDNS. div. of Information Network Eng.  INEG. INC.
JW> E-Mail jwkckid1@xxxxxxxxxxxxx
JW>  Registered Email addr with the USPS
JW> Contact Number: 214-244-4827





----
Don Brown - Dallas, Texas USA     Internet Concepts, Inc.
donbrown_l@xxxxxxxxxxxxxxxx       http://www.inetconcepts.net
(972) 788-2364                    Fax: (972) 788-5049
----




<<< Chronological Index >>>    <<< Thread Index >>>