From pinar at pardus.org.tr Mon Sep 1 02:14:09 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Mon, 01 Sep 2008 04:14:09 +0300 Subject: [Full-disclosure] [PLSA 2008-34] GNU ed: Heap Overflow Message-ID: <48BB41E1.90300@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-34 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-01 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability was reported in GNU ed. A remote user can cause arbitrary code to be executed on the target user's system. Description =========== A remote user can create a specially crafted file that, when processed by the target user, will trigger a heap overflow and potentially execute arbitrary code on the target system. The code will run with the privileges of the target user. The vulnerability resides in strip_escapes() in signal.c. Note: This vulnerability found by Alfredo Ortega from Core Security Technologies. Affected packages: Pardus 2008: ed, all before 1.0-9-2 Pardus 2007: ed, all before 1.0-7-8 Resolution ========== There are update(s) for ed. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up ed Pardus 2007: pisi up ed References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8092 * http://www.securitytracker.com/alerts/2008/Aug/1020734.html * http://lists.gnu.org/archive/html/bug-ed/2008-06/msg00000.html ------------------------------------------------------------------------ -- P?nar Yanarda? Pardus Security Team http://security.pardus.org.tr From pinar at pardus.org.tr Mon Sep 1 02:22:30 2008 From: pinar at pardus.org.tr (=?UTF-8?B?UMSxbmFyIFlhbmFyZGHEnw==?=) Date: Mon, 01 Sep 2008 04:22:30 +0300 Subject: [Full-disclosure] [PLSA 2008-35] Ruby: Denial of Service Message-ID: <48BB43D6.9090207@pardus.org.tr> ------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-35 security at pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-01 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been reported in Ruby, which can be exploited by malicious people to cause a DoS (Denial of Service). Description =========== The vulnerability is caused due to an error in the REXML library when processing recursively nested XML entities. This can be exploited to cause a DoS via a specially crafted XML document. Note: This vulnerability found by Luka Treiber and Mitja Kolsek of ACROS Security. Affected packages: Pardus 2008: ruby, all before 1.8.7_p72-17-5 ruby-mode, all before 1.8.7_p72-17-5 Pardus 2007: ruby, all before 1.8.7_p72-17-14 ruby-mode, all before 1.8.7_p72-17-5 Resolution ========== There are update(s) for ruby, ruby-mode. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up ruby ruby-mode Pardus 2007: pisi up ruby ruby-mode References ========== * http://security.pardus.org.tr/en/2008-35 * http://bugs.pardus.org.tr/show_bug.cgi?id=8044 * http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/ * http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3790 * http://secunia.com/advisories/31602 ------------------------------------------------------------------------ -- P?nar Yanarda? Pardus Security Team http://security.pardus.org.tr From exibar at thelair.com Mon Sep 1 03:39:31 2008 From: exibar at thelair.com (Exibar) Date: Sun, 31 Aug 2008 22:39:31 -0400 Subject: [Full-disclosure] [inbox] Monthly Hands-On Meetups In-Reply-To: <782434a70808311419r7f352b05kaf38c2fdb0ae6306@mail.gmail.com> Message-ID: <20080901024139.AA819304@lists.grok.org.uk> This coming from the guy who basically insults everyone on the list at any chance he gets... C'mon, you really are n3td3v right.....? Exibar -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Professor Micheal Chatner Sent: Sunday, August 31, 2008 5:20 PM To: full-disclosure at lists.grok.org.uk Subject: [inbox] [Full-disclosure] Monthly Hands-On Meetups Hey Guys, I was wondering if anyone would like to start something like a Full-Disclosure monthly group in cities all over the world. It could be like 2600 meetings except with real security professionals because personally I don't want to even talk to someone unless they have a CEH cert. I just started a new job in digital forensics. It would be fun to meet other people who like hacking and trading Ubuntu tips and tricks! Let me know what you think! Professor Micheal Chatner, M.D., CISSP _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From Valdis.Kletnieks at vt.edu Mon Sep 1 04:55:56 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Sun, 31 Aug 2008 23:55:56 -0400 Subject: [Full-disclosure] [inbox] Monthly Hands-On Meetups In-Reply-To: Your message of "Sun, 31 Aug 2008 22:39:31 EDT." <20080901024139.AA819304@lists.grok.org.uk> References: <20080901024139.AA819304@lists.grok.org.uk> Message-ID: <6089.1220241356@turing-police.cc.vt.edu> On Sun, 31 Aug 2008 22:39:31 EDT, Exibar said: > This coming from the guy who basically insults everyone on the list at any > chance he gets... > > C'mon, you really are n3td3v right.....? The phrase "I just started a new job in digital forensics." would tend to indicate otherwise... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080831/05353223/attachment.bin From smenard at nbnet.nb.ca Mon Sep 1 04:07:48 2008 From: smenard at nbnet.nb.ca (Stephen Menard) Date: Mon, 01 Sep 2008 00:07:48 -0300 Subject: [Full-disclosure] Monthly Hands-On Meetups In-Reply-To: <782434a70808311419r7f352b05kaf38c2fdb0ae6306@mail.gmail.com> References: <782434a70808311419r7f352b05kaf38c2fdb0ae6306@mail.gmail.com> Message-ID: <48BB5C84.4070105@nbnet.nb.ca> Professor Micheal Chatner wrote: > I just started a new job in digital forensics. It would be fun to meet > other people who like hacking and trading Ubuntu tips and tricks! > oh aren't you top of the class > Let me know what you think! > Professor Micheal Chatner, M.D., CISSP > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > From fernando.gont at gmail.com Mon Sep 1 06:44:35 2008 From: fernando.gont at gmail.com (Fernando Gont) Date: Mon, 01 Sep 2008 02:44:35 -0300 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft Message-ID: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Folks, We have published a revision of our IETF Internet-Draft about port randomization. It is available at: http://www.gont.com.ar/drafts/port-randomization/draft-ietf-tsvwg-port-rand omization-02.txt (you can find the document in other fancy formats at: http://www.gont.com.ar/drafts/port-randomization/index.html) This new revision of the document addresses the feedback we got from Amit Klein, Matthias Bethke, and Alfred Hoenes. The abstract of the document is: - ---- cut here ---- Recently, awareness has been raised about a number of "blind" attacks that can be performed against the Transmission Control Protocol (TCP) and similar protocols. The consequences of these attacks range from throughput-reduction to broken connections or data corruption. These attacks rely on the attacker's ability to guess or know the five- tuple (Protocol, Source Address, Destination Address, Source Port, Destination Port) that identifies the transport protocol instance to be attacked. This document describes a number of simple and efficient methods for the random selection of the client port number, such that the possibility of an attacker guessing the exact value is reduced. While this is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead. The algorithms described in this document are local policies that may be incrementally deployed, and that do not violate the specifications of any of the transport protocols that may benefit from them, such as TCP, UDP, UDP-lite, SCTP, DCCP, and RTP. - ---- cut here ---- Any comments will be more than welcome. Thanks! Kind regards, - -- Fernando Gont e-mail: fernando at gont.com.ar || fgont at acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) - not licensed for commercial use: www.pgp.com wsBVAwUBSLqZM5buqe/Qdv/xAQinYggA0q0ko/QOu4UBCYT8pVGrLL6N1sWJimOz wdVFXYcMyGiwxX4zb9ozqMmfnGHxsHSLJ9PMcA8BR9ToKgJ/ZwuVYFTMYj9WvyuP ZcXHr/e1R1JT4AJS305RGOwH+oZPk6szdn0im4Ax8yCFJnJRtD0Hc7IWDIomO93R jwfC2E1G4ElE343RX/mFjf2kzmjUOaoiM8MHxq9NZZRfliJbAdkDovtb3XKgiiU4 uFF+UEcC8Vkg/ISo9X5dlqJf4N3ogHaomfsaP8g5JZ6tP4kMZ1lmRvF8L2MAw0b4 wSyVp9yA4+vJ0w24bVDs/BPlicXUblUPZdmoKwzMCJck8AuvqL0c9A== =xta0 -----END PGP SIGNATURE----- -- Fernando Gont e-mail: fernando at gont.com.ar || fgont at acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 From exibar at thelair.com Mon Sep 1 06:53:16 2008 From: exibar at thelair.com (Exibar) Date: Mon, 1 Sep 2008 01:53:16 -0400 Subject: [Full-disclosure] [inbox] Monthly Hands-On Meetups In-Reply-To: <6089.1220241356@turing-police.cc.vt.edu> Message-ID: <20080901061103.3533D337@lists.grok.org.uk> hehe, true, but n3td3v basically claims to be the foremost security person in the world... Maybe he bought EnCase and thinks he's starting a new business... Exibar -----Original Message----- From: Valdis.Kletnieks at vt.edu [mailto:Valdis.Kletnieks at vt.edu] Sent: Sunday, August 31, 2008 11:56 PM To: Exibar Cc: 'Professor Micheal Chatner'; full-disclosure at lists.grok.org.uk Subject: Re: [Full-disclosure] [inbox] Monthly Hands-On Meetups On Sun, 31 Aug 2008 22:39:31 EDT, Exibar said: > This coming from the guy who basically insults everyone on the list at any > chance he gets... > > C'mon, you really are n3td3v right.....? The phrase "I just started a new job in digital forensics." would tend to indicate otherwise... From fernando.gont at gmail.com Mon Sep 1 07:51:53 2008 From: fernando.gont at gmail.com (Fernando Gont) Date: Mon, 01 Sep 2008 03:51:53 -0300 Subject: [Full-disclosure] New IETF I-D-: Security Assessment of the Internet Protocol version 4 Message-ID: <48bb9215.08045a0a.324d.390b@mx.google.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello, folks, We have published an IETF Internet-Draft entitled "Security Assessment of the Internet Protocol version 4", which is heavily based on the "Security Assessment of the Internet Protocol" that was recently released by the UK CPNI (http://www.cpni.gov.uk/Products/technicalnotes/3677.aspx). The IETF I-D is available at: http://www.gont.com.ar/drafts/ip-security/index.html (and is also available at the IETF internet-drafts repository) Our IETF I-D is an effort to take the results of the IP security assessment to the IETF, so that all the identified issues get documented in an official IETF document, and hopefully the IETF standards are modified as necessary. Any feedback on the IETF I-D and/or the original UK CPNI document will be more than welcome. Thanks! Kind regards, Fernando Gont -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) - not licensed for commercial use: www.pgp.com wsBVAwUBSLuQ+5buqe/Qdv/xAQigBAf7BEKquCyCFS4gkVWoydMMD2jg9Hd0GkHr Ygeh3tpcL26yCetskCo+OE098LXMEn8jLiudY3LhW6VLJ02AfxxZh0M0ONT6Aala 2G0mUR0A2COF7W/xWMtWLEAfxZLeE0Uf53tJ/mpwIeewiJfdD8Vyzbq8SIuGa/A/ qCZtFMXAJWw71roXSd91WBKKP5k1Sk2yvwHDLDHoe2FSsu/Y79vO+OW94fmFn84F HLN+WXEdLNZfeJZzSEm48hKYuHYKc6j/X95Il4K4Ev/+9nX3ta602uilOkfIAQYr XwMJnDDOMe1RF0k0gwndtDz8Dgii+LlmBWnVnLJp7+lZhIkDjtUPUA== =Xvbl -----END PGP SIGNATURE----- -- Fernando Gont e-mail: fernando at gont.com.ar || fgont at acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 From james at djavul.furryhelix.webhop.org Mon Sep 1 09:30:02 2008 From: james at djavul.furryhelix.webhop.org (james at djavul.furryhelix.webhop.org) Date: Mon, 1 Sep 2008 09:30:02 +0100 Subject: [Full-disclosure] everyone who quotes large amounts of text. In-Reply-To: References: Message-ID: <20080901083002.GA30894@djavul.furryhelix.webhop.org> Thedjatclubrock wrote: > *snip vast quote here* > lame... Just using this as an example, but could we please trim quotes please? And it would be appreciated if people didn't quote pages and pages of junk, then just add a one line comment underneath. I can't be the only one who this annoys, can I? From fabian at datensalat.eu Mon Sep 1 10:24:01 2008 From: fabian at datensalat.eu (Fabian Fingerle) Date: Mon, 1 Sep 2008 11:24:01 +0200 Subject: [Full-disclosure] Multiple Cross Site Scripting (XSS) Vulnerabilities in vtigerCRM 5.0.4, CVE-2008-3101 Message-ID: <20080901112401.4a51701a@mobile.fabian.datensalat.eu> Multiple Cross Site Scripting (XSS) Vulnerabilities in vtigerCRM 5.0.4, CVE-2008-3101 References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3101 http://www.vtiger.de/ Description vtigerCRM is a Open Source Customer Relationship Management (CRM) Software. The application is vulnerable to simple Cross Site Scripting, which can be used for several isues Example Assuming vtigerCRM is installed on http://localhost/vtigercrm/, one can inject JavaScript with: http://localhost/vtigercrm/index.php?module=Products&action=index&parenttab="> http://localhost/vtigercrm/index.php?module=Users&action=Authenticate&user_password="> http://localhost/vtigercrm/index.php?module=Home&action=UnifiedSearch&query_string="> Workaround/Fix vtiger CRM Security Patch for 5.0.4 [1] Disclosure Timeline 2008-07-28 Vendor contacted 2008-07-28 Vendor fixed issue in test environment 2008-07-30 Vender released patch 2008-07-30 Vendor dev statet they'll release a second patch within days 2008-09-01 published advisory, no second patch from upstream yet CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3101 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Credits and copyright This vulnerability was discovered by Fabian Fingerle [2] (published with help from Hanno Boeck [3]). It's licensed under the creative commons attribution license [4]. Fabian Fingerle, 2008-09-01 [1] http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&cHash=e16be773a5 [2] http://www.fabian-fingerle.de [3] http://www.hboeck.de [4] http://creativecommons.org/licenses/by/3.0/de/ -- _GPG_ 3D17 CAC8 1955 1908 65ED 5C51 FDA3 6A09 AB41 AB85 _chaos events near stuttgart_ www.datensalat.eu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080901/84716945/attachment.bin From Valdis.Kletnieks at vt.edu Mon Sep 1 10:33:04 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Mon, 01 Sep 2008 05:33:04 -0400 Subject: [Full-disclosure] everyone who quotes large amounts of text. In-Reply-To: Your message of "Mon, 01 Sep 2008 09:30:02 BST." <20080901083002.GA30894@djavul.furryhelix.webhop.org> References: <20080901083002.GA30894@djavul.furryhelix.webhop.org> Message-ID: <7555.1220261584@turing-police.cc.vt.edu> On Mon, 01 Sep 2008 09:30:02 BST, james at furryhelix.webhop.org said: > Thedjatclubrock wrote: > > *snip vast quote here* > > lame... > > Just using this as an example, but could we please trim quotes please? > And it would be appreciated if people didn't quote pages and pages of > junk, then just add a one line comment underneath. > I can't be the only one who this annoys, can I? It's almost enough to make you wish the bozos would top-post their one-line comment so you can hit delete as soon as you realize they're a top-posting bozo, rather than making you scroll all the way to the bottom to discover they're a different sort of bozo... ;) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080901/364b1db8/attachment.bin From bernardo.damele at gmail.com Mon Sep 1 14:30:17 2008 From: bernardo.damele at gmail.com (Bernardo Damele A. G.) Date: Mon, 01 Sep 2008 15:30:17 +0200 Subject: [Full-disclosure] [Tool] sqlmap 0.6 released Message-ID: <48BBEE69.9060701@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I am glad to release sqlmap version 0.6. Introduction ============ sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more. Changes ======= Some of the new features include: * Added multithreading support to set the maximum number of concurrent HTTP requests. * Implemented SQL shell (--sql-shell) functionality and fixed SQL query (--sql-query, before called -e) to be able to run whatever SELECT statement and get its output in both inband and blind SQL injection attack. * Added an option (--privileges) to retrieve DBMS users privileges, it also notifies if the user is a DBMS administrator. * Added support (-c) to read options from configuration file, an example of valid INI file is sqlmap.conf and support (--save) to save command line options on a configuration file. * Implemented support for HTTPS requests over HTTP(S) proxy. * Enhanced logging system: added three more levels of verbosity to show also HTTP sent and received traffic. Complete list of changes at http://sqlmap.sourceforge.net/doc/ChangeLog. Download ======== You can download it in various formats: * Source gzip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.tar.gz * Source bzip2 compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.tar.bz2 * Source zip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.zip * DEB binary package, http://downloads.sourceforge.net/sqlmap/sqlmap_0.6-1_all.deb * RPM binary package, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6-1.noarch.rpm * Portable executable for Windows that does not require the Python interpreter to be installed on the operating system, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6_exe.zip Note: the subversion repository is not accessible anymore so the only way to get the new release is to download it from one of the above links. Documentation ============= * sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf * sqlmap developer's documentation: http://sqlmap.sourceforge.net/dev/ Happy hacking! - -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile number: +39-3493821385 PGP Key ID: 0x05F5A30F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIu+5pdntYwQX1ow8RAjHjAKCq9IJWyiHhgIh5M1oBYrpBGyqnvwCfdNyn 5SR/4ThRFfezNMt24x9WZ+0= =V2iP -----END PGP SIGNATURE----- From fw at deneb.enyo.de Mon Sep 1 19:45:03 2008 From: fw at deneb.enyo.de (Florian Weimer) Date: Mon, 01 Sep 2008 20:45:03 +0200 Subject: [Full-disclosure] [SECURITY] [DSA 1633-1] New slash packages fix multiple vulnerabilities Message-ID: <87tzczr9hs.fsf@mid.deneb.enyo.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1633-1 security at debian.org http://www.debian.org/security/ Florian Weimer September 01, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : slash Vulnerability : SQL Injection, Cross-Site Scripting Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-2231, CVE-2008-2553 Debian Bug : 484499 It has been discovered that Slash, the Slashdot Like Automated Storytelling Homepage suffers from two vulnerabilities related to insufficient input sanitation, leading to execution of SQL commands (CVE-2008-2231) and cross-site scripting (CVE-2008-2553). For the stable distribution (etch), these problems have been fixed in version 2.2.6-8etch1. In the unstable distribution (sid), the slash package is currently uninstallable and will be removed soon. We recommend that you upgrade your slash package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1.dsc Size/MD5 checksum: 954 70b86d7e0c6f4d70e6ecc1e027739be5 http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6.orig.tar.gz Size/MD5 checksum: 584128 a9886e1e08e47e0db4f3ba3e750102ff http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1.diff.gz Size/MD5 checksum: 21622 2b23a32433e9b168b09ad43e0fd1d160 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_alpha.deb Size/MD5 checksum: 591940 9e38837b0a8f3cc1d3459dacc58c23c6 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_amd64.deb Size/MD5 checksum: 588970 e81e95ed88e082dc56cd10b3770c4360 arm architecture (ARM) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_arm.deb Size/MD5 checksum: 589446 925a97d085854e35f4e9bd678b99454e hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_hppa.deb Size/MD5 checksum: 594236 702a6635658253ad1c5c69169174dcfc i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_i386.deb Size/MD5 checksum: 587830 005ed926fe7595e45d2780c37bd6d09f ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_ia64.deb Size/MD5 checksum: 589356 a75d5d65a4499f1d9278df08849959ce mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_mips.deb Size/MD5 checksum: 586112 a2b1336b77de1682ae764c3e05a5950e mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_mipsel.deb Size/MD5 checksum: 587726 25c8ea639b4aa9c924e26ab33e5d59d6 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_powerpc.deb Size/MD5 checksum: 590880 71de67c5a29a3c3122f74570ea090435 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_s390.deb Size/MD5 checksum: 587744 c4809262d63d3449c41e8816b2a8cea1 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_sparc.deb Size/MD5 checksum: 588014 8ef8f770f5f22f9473133f382fd7bb18 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJIvDgqAAoJEL97/wQC1SS+zx4H+wURQWes0P5UxmnaggJbnM4C 4bIcxFIphdumrQChejR9eOBvVkDd5dBLmOOFMJpAuMP7QQPWJFIY1cnhprIw27Kj 76VDV6lC19X+wb0c8/vkVbYRaJ7eUB1zooZ0wHgpFgYYmMO/jGysYntmPRq5dWO0 H/buUll72HNWH0OPwp4KS5yP4jnUHqddrJNrqIOyqF5lZJXc5GVTCI1Eun8maLxw fol5MTP5CaJ4mZzaKhDd9ZcnbWyHiE1bNCFdVAnt73aWjG66yQjNfmIJ8d3bYBvX NiudvGKuV3kAQ3pa9QiMTxgcpozkUJt/g0+Y8YvJElPqzSEhBD2ghRMxSIjvLxg= =xUYM -----END PGP SIGNATURE----- From coderman at gmail.com Mon Sep 1 20:41:49 2008 From: coderman at gmail.com (coderman) Date: Mon, 1 Sep 2008 12:41:49 -0700 Subject: [Full-disclosure] everyone who quotes large amounts of text. In-Reply-To: <7555.1220261584@turing-police.cc.vt.edu> References: <20080901083002.GA30894@djavul.furryhelix.webhop.org> <7555.1220261584@turing-police.cc.vt.edu> Message-ID: <4ef5fec60809011241v5985b413m56824e32b7f923b9@mail.gmail.com> On Mon, Sep 1, 2008 at 2:33 AM, wrote: > ... making you scroll all the way to the bottom valdis: this is a known temporal denial of service attack. they can't make you do anything. please update your mental faculties to latest service pack... From coderman at gmail.com Mon Sep 1 20:50:07 2008 From: coderman at gmail.com (coderman) Date: Mon, 1 Sep 2008 12:50:07 -0700 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> Message-ID: <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> On Sun, Aug 31, 2008 at 10:44 PM, Fernando Gont wrote: > ... IETF Internet-Draft about port randomization... wget -qO - http://www.gont.com.ar/drafts/port-randomization/draft-ietf-tsvwg-port-randomization-02.txt | grep -i grsec is still empty. why do you dismiss grsec? From Valdis.Kletnieks at vt.edu Mon Sep 1 21:13:18 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Mon, 01 Sep 2008 16:13:18 -0400 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: Your message of "Mon, 01 Sep 2008 12:50:07 PDT." <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> Message-ID: <38325.1220299998@turing-police.cc.vt.edu> On Mon, 01 Sep 2008 12:50:07 PDT, coderman said: > On Sun, Aug 31, 2008 at 10:44 PM, Fernando Gont wrote: > > ... IETF Internet-Draft about port randomization... > > wget -qO - http://www.gont.com.ar/drafts/port-randomization/draft-ietf-tsvwg-port-randomization-02.txt > | grep -i grsec > > is still empty. why do you dismiss grsec? Because he's writing about the *BASE* system kernel for Linux and the *BSD's. If he included grsec, he'd *also* have to start adding 'NetBSD does this, unless you've applied this patch to your kernel, in which case it does that, or if this other patch was added, making it do this instead...' Or you can get Linus to merge the code in question. See the the helpful info in the file Documentation/SubmittingPatches. You want to send them to the netdev at vger.kernel.org list for review, that's where the network developers hang out. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080901/a1c9ae9e/attachment.bin From rholgstad at gmail.com Mon Sep 1 21:51:35 2008 From: rholgstad at gmail.com (rholgstad) Date: Mon, 01 Sep 2008 15:51:35 -0500 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: <38325.1220299998@turing-police.cc.vt.edu> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> <38325.1220299998@turing-police.cc.vt.edu> Message-ID: <48BC55D7.3010109@gmail.com> Linus doesn't care about security Valdis.Kletnieks at vt.edu wrote: > Or you can get Linus to merge the code in question. See the the helpful info > in the file Documentation/SubmittingPatches. You want to send them to the > netdev at vger.kernel.org list for review, that's where the network developers > hang out. From Valdis.Kletnieks at vt.edu Mon Sep 1 23:23:26 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Mon, 01 Sep 2008 18:23:26 -0400 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: Your message of "Mon, 01 Sep 2008 15:51:35 CDT." <48BC55D7.3010109@gmail.com> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> <38325.1220299998@turing-police.cc.vt.edu> <48BC55D7.3010109@gmail.com> Message-ID: <43513.1220307806@turing-police.cc.vt.edu> On Mon, 01 Sep 2008 15:51:35 CDT, rholgstad said: > Linus doesn't care about security No, he actually *does* care about security - he's just pf the opinion that security fixes don't automatically rate a 'ZOMG! PWNED!' flag on them like certain *BSD variants think. He thinks that sticking a big SECURITY PATCH tag on a fix tends to make people cherry-pick and install just those fixes - even though the patch they *didn't* install that fixes a system crash or a silent data corruption is actually more critical. Your chances of getting it accepted improve greatly if you have a nice writeup of *why* the patch is a good idea - summarize the current state, explain how the new version works, list what attacks it minimizes. Oh - and I *guarantee* that somebody will make a (quite valid) issue about the drain on the /dev/random entropy pool if you're using that as your (possibly indirect) source of random bits. You may want to make sure that you have either Kconfig magic for compile time selection, and/or a /sys file or something for runtime tweaking. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080901/8bf4e5be/attachment.bin From fernando.gont at gmail.com Tue Sep 2 10:06:36 2008 From: fernando.gont at gmail.com (Fernando Gont) Date: Tue, 02 Sep 2008 06:06:36 -0300 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.co m> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> Message-ID: <48bd038b.1c1d640a.5688.3991@mx.google.com> At 04:50 p.m. 01/09/2008, coderman wrote: >On Sun, Aug 31, 2008 at 10:44 PM, Fernando Gont > wrote: > > ... IETF Internet-Draft about port randomization... > >wget -qO - >http://www.gont.com.ar/drafts/port-randomization/draft-ietf-tsvwg-port-randomization-02.txt >| grep -i grsec > >is still empty. why do you dismiss grsec? Valdis has already answered your question. That said, the document itself is not a survey of what every OS or OS+patch does with respect to ephemeral ports, and that little survey we included is not meant to be complete (for instance, there's no description of what Windows does). Also, the base Linux system already implements Algorithm #3. So I wonder why anybody would patch the Linux ephemeral port selection algorithm.... (unless it is to implement algorithm #4 of our draft). Regarding me "dismissing" grsec, I tried to (but couldn't) get the guy whose e-mail address is available at the grsec web site to review one of the documents I have been working on, so that he could provide his perspective on each of the issues discussed. P.S.: The "survey" section must be about 1% of the document. I'd be glad to hear comments on the rest of the document. Kind regards, -- Fernando Gont e-mail: fernando at gont.com.ar || fgont at acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 From victor.harutyunyan at arca.am Tue Sep 2 08:23:36 2008 From: victor.harutyunyan at arca.am (victor.harutyunyan at arca.am) Date: Tue, 02 Sep 2008 12:23:36 +0500 Subject: [Full-disclosure] test Message-ID: <48BCE9F8.5030204@arca.am> test From p.labushev at gmail.com Tue Sep 2 10:17:43 2008 From: p.labushev at gmail.com (Pavel Labushev) Date: Tue, 02 Sep 2008 17:17:43 +0800 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: <43513.1220307806@turing-police.cc.vt.edu> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> <38325.1220299998@turing-police.cc.vt.edu> <48BC55D7.3010109@gmail.com> <43513.1220307806@turing-police.cc.vt.edu> Message-ID: <48BD04B7.60702@gmail.com> Valdis.Kletnieks at vt.edu ?????: > On Mon, 01 Sep 2008 15:51:35 CDT, rholgstad said: >> Linus doesn't care about security > > No, he actually *does* care about security - he's just pf the opinion > that security fixes don't automatically rate a 'ZOMG! PWNED!' flag on > them like certain *BSD variants think. He thinks that sticking a big Linus is not a security expert. Not even close. He's not educated and not experienced enough to make security decisions, but he does. That's the problem. He cares somehow, but he's wrong. > SECURITY PATCH tag on a fix tends to make people cherry-pick and install > just those fixes - even though the patch they *didn't* install that > fixes a system crash or a silent data corruption is actually more critical. "SECURITY PATCH tag on a fix" helps me to know that there is the problem and I must consider the patch, check its correctness and maybe test/backport/apply it to my production systems ASAP. Just as another tags helps me to know that there are realiability and other issues I must care about. From thijs at debian.org Mon Sep 1 20:17:47 2008 From: thijs at debian.org (Thijs Kinkhorst) Date: Mon, 1 Sep 2008 21:17:47 +0200 (CEST) Subject: [Full-disclosure] [SECURITY] [DSA 1634-1] New wordnet packages fix arbitrary code execution Message-ID: <20080901191747.6F115326F0B@morgana.loeki.tv> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1634-1 security at debian.org http://www.debian.org/security/ Thijs Kinkhorst September 01, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : wordnet Vulnerability : stack and heap overflows Problem type : local (remote) Debian-specific: no CVE id(s) : CVE-2008-2149 Debian Bug : 481186 Rob Holland discovered several programming errors in WordNet, an electronic lexical database of the English language. These flaws could allow arbitrary code execution when used with untrusted input, for example when WordNet is in use as a back end for a web application. For the stable distribution (etch), these problems have been fixed in version 1:2.1-4+etch1. For the testing distribution (lenny), these problems have been fixed in version 1:3.0-11+lenny1. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your wordnet package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1.dsc Size/MD5 checksum: 772 24980d288101a1c11e60e38fe5ea945a http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1.diff.gz Size/MD5 checksum: 22912 bb970bd2ccd457c6310ba0c75e5ed2be http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1.orig.tar.gz Size/MD5 checksum: 6379385 95a6e8144254a92a5ea0e97771ef9d07 Architecture independent packages: http://security.debian.org/pool/updates/main/w/wordnet/wordnet-sense-index_2.1-4+etch1_all.deb Size/MD5 checksum: 2242538 dc75e162b0013a5d7d0c0679115b134c http://security.debian.org/pool/updates/main/w/wordnet/wordnet-base_2.1-4+etch1_all.deb Size/MD5 checksum: 8701430 a680094a45ddf87dd0bcbb5fd63ceae2 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_alpha.deb Size/MD5 checksum: 80734 3186aeb6b9365a333fdd608d5fa62ffe http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_alpha.deb Size/MD5 checksum: 109466 cc441b73b2ded97fff9fc5c668f2fbb0 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_amd64.deb Size/MD5 checksum: 104990 b7b3225b10df973e2d8a652f770a6e1b http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_amd64.deb Size/MD5 checksum: 65118 bc75f17d4f5b1375fc3862ba80335d2f arm architecture (ARM) http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_arm.deb Size/MD5 checksum: 61020 57e49d1f532015f07cbf3f71bba24237 http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_arm.deb Size/MD5 checksum: 100056 43a1c7d6c272412f4f1eff5ff284fd54 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_hppa.deb Size/MD5 checksum: 108312 f6ed8345d69a1e13e9cd87f7974566fd http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_hppa.deb Size/MD5 checksum: 69896 a1649115a5bba73602f4c6dba8a57964 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_i386.deb Size/MD5 checksum: 63096 ff93d37e8edeb63fd9268b19b052f3e2 http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_i386.deb Size/MD5 checksum: 101738 65a6a41a5bf4de85c6ce474de7155c73 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_ia64.deb Size/MD5 checksum: 83014 98d7592aac60e394cca7262dbae45dc5 http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_ia64.deb Size/MD5 checksum: 119716 a4a53c0fe7acf1828386d2e08e443b7a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_mips.deb Size/MD5 checksum: 105498 f76685b8631f82c01b0fc604d22cb7b3 http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_mips.deb Size/MD5 checksum: 73082 73a315a1e3706cc313559c7f8532232f mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_mipsel.deb Size/MD5 checksum: 104700 22d5b12949930d49d4d49ac63f106747 http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_mipsel.deb Size/MD5 checksum: 71604 78f164f9758891934cb3854c8a10c6e7 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_powerpc.deb Size/MD5 checksum: 108852 0b0448af12ac1052b11833252a269765 http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_powerpc.deb Size/MD5 checksum: 69846 44d14734b11f31fb1f3522d68fae68ad s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_s390.deb Size/MD5 checksum: 107032 a83524f4bc09a6f78a53216356043175 http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_s390.deb Size/MD5 checksum: 65640 241a7fa7673077cfc762492a44c7764d sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_sparc.deb Size/MD5 checksum: 102918 1f7f85106a3f41cfc2162db49ce0ac1f http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_sparc.deb Size/MD5 checksum: 64812 89d27a34508044af76f2eeac4e1c696a These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSLw/n2z0hbPcukPfAQJtQwgAsW+ORtd4lhMAsOaZ6mFQrHj3EJ7AnXRH 0hMoBxUM/ViyWJ/iKFgGKzbmAndl/ylRH3dWKkd4j/E08yQocvM5Ym3kSlV9ni1X sF6zNdD8eY9FLT6Ja7yT5RrKn7rriNhAr9MaktMq276eCaCpSoB85KfhJ+UGapPJ cMXLPW59z5BqgFi708stButXe0PHUmMcp/Zd+pvSTvsH+fLaxKK3DBRp2pH4DNLM Dceugrdzt10uZfeZGRClcDAX4u9HUPwHs7gW7EuaQH5Ni7Y+aZhsigJOGTOl4DOF 4nEgh5eth1WJ0iK1I01KOunfhXVxXWAxh6b27sZbHhpAvYoYl3aKNg== =EsVl -----END PGP SIGNATURE----- From coderman at gmail.com Tue Sep 2 15:15:20 2008 From: coderman at gmail.com (coderman) Date: Tue, 2 Sep 2008 07:15:20 -0700 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: <48bd038b.1c1d640a.5688.3991@mx.google.com> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> <48bd038b.1c1d640a.5688.3991@mx.google.com> Message-ID: <4ef5fec60809020715o5f952350l3f485237e209b8b1@mail.gmail.com> On Tue, Sep 2, 2008 at 2:06 AM, Fernando Gont wrote: > ... there's no description of what Windows does some things speak for themselves... :) > Also, the base Linux system already implements Algorithm #3... why > ... patch if you seed/key #3 poorly, as just one example. (which you reference via RFC4086, etc) > P.S.: The "survey" section must be about 1% of the document. I'd be glad to > hear comments on the rest of the document. sure... section #4 should be: s/should consider randomizing/must randomize/ From Valdis.Kletnieks at vt.edu Tue Sep 2 17:05:31 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Tue, 02 Sep 2008 12:05:31 -0400 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: Your message of "Tue, 02 Sep 2008 17:17:43 +0800." <48BD04B7.60702@gmail.com> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> <38325.1220299998@turing-police.cc.vt.edu> <48BC55D7.3010109@gmail.com> <43513.1220307806@turing-police.cc.vt.edu> <48BD04B7.60702@gmail.com> Message-ID: <12267.1220371531@turing-police.cc.vt.edu> On Tue, 02 Sep 2008 17:17:43 +0800, Pavel Labushev said: > "SECURITY PATCH tag on a fix" helps me to know that there is the problem > and I must consider the patch, check its correctness and maybe > test/backport/apply it to my production systems ASAP. Just as another > tags helps me to know that there are realiability and other issues I > must care about. OK, now s/security patch/silent data corruption/ and tell me what's *actually* different. Wow, you still need to consider it, check it, test it, and deploy it. Unless of course you don't give a shit about your data. But in that case, the security patch can probably be overlooked too. That's Linus's point - if the patch is important enough to go into one of the -stable tree kernels, it's probably something you want to install, whether or not it's a security patch. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080902/96656963/attachment.bin From anonymouspimp at gmail.com Tue Sep 2 17:51:22 2008 From: anonymouspimp at gmail.com (anonymous pimp) Date: Tue, 2 Sep 2008 19:51:22 +0300 Subject: [Full-disclosure] die Message-ID: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> die On 9/2/08, victor.harutyunyan at arca.am wrote: > test > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From tdjacr.wiki at gmail.com Tue Sep 2 18:50:26 2008 From: tdjacr.wiki at gmail.com (Thedjatclubrock) Date: Tue, 02 Sep 2008 13:50:26 -0400 Subject: [Full-disclosure] die In-Reply-To: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> References: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> Message-ID: <48BD7CE2.9060003@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 anonymous pimp wrote: > die > > > On 9/2/08, victor.harutyunyan at arca.am wrote: >> test >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > Can we please avoid messages like this one in the future, thank you. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAki9fOIACgkQJoEx0rzyOBl5vACfWrtUOAOVlObh1BMx8C6GRNB8 r1wAoI6OYiwhaAWDgMKMjd36M5uyWVAd =smCy -----END PGP SIGNATURE----- From nytrokiss at gmail.com Tue Sep 2 18:50:58 2008 From: nytrokiss at gmail.com (James Matthews) Date: Tue, 2 Sep 2008 10:50:58 -0700 Subject: [Full-disclosure] die In-Reply-To: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> References: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> Message-ID: <8a6b8e350809021050x4b0c77ccq1b3db513f26477e@mail.gmail.com> Double Die On Tue, Sep 2, 2008 at 9:51 AM, anonymous pimp wrote: > die > > > On 9/2/08, victor.harutyunyan at arca.am wrote: > > test > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- http://www.goldwatches.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080902/3848a10c/attachment.html From jdemott at crucialsecurity.com Tue Sep 2 18:57:05 2008 From: jdemott at crucialsecurity.com (Jared DeMott) Date: Tue, 02 Sep 2008 13:57:05 -0400 Subject: [Full-disclosure] die In-Reply-To: <8a6b8e350809021050x4b0c77ccq1b3db513f26477e@mail.gmail.com> References: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> <8a6b8e350809021050x4b0c77ccq1b3db513f26477e@mail.gmail.com> Message-ID: <48BD7E71.30306@crucialsecurity.com> James Matthews wrote: > Double Die Gang, telling people to die is not nice. Please refer to [1] or [2]. [1] http://www.elliottsamazing.com/kindergarden.html [2] http://en.wikipedia.org/wiki/Ethic_of_reciprocity From xploitable at gmail.com Tue Sep 2 19:07:35 2008 From: xploitable at gmail.com (n3td3v) Date: Tue, 2 Sep 2008 19:07:35 +0100 Subject: [Full-disclosure] security news on cnet??? Message-ID: <4b6ee9310809021107p60f02f4fl7bf9c54c5068037c@mail.gmail.com> you've not post any security news all week, what's going on cnet??? is the journalist that does the security news off ill??? :( yours, cnet fan -- https://groups.google.com/group/n3td3v From Valdis.Kletnieks at vt.edu Tue Sep 2 19:13:26 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Tue, 02 Sep 2008 14:13:26 -0400 Subject: [Full-disclosure] die In-Reply-To: Your message of "Tue, 02 Sep 2008 13:57:05 EDT." <48BD7E71.30306@crucialsecurity.com> References: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> <8a6b8e350809021050x4b0c77ccq1b3db513f26477e@mail.gmail.com> <48BD7E71.30306@crucialsecurity.com> Message-ID: <21110.1220379206@turing-police.cc.vt.edu> On Tue, 02 Sep 2008 13:57:05 EDT, Jared DeMott said: > James Matthews wrote: > > Double Die > Gang, telling people to die is not nice. Please refer to [1] or [2]. Ever notice that most of the 'die in a fire' comments come from top-posters? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080902/784d0ce6/attachment.bin From p.labushev at gmail.com Tue Sep 2 19:18:13 2008 From: p.labushev at gmail.com (Pavel Labushev) Date: Wed, 03 Sep 2008 02:18:13 +0800 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: <12267.1220371531@turing-police.cc.vt.edu> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> <38325.1220299998@turing-police.cc.vt.edu> <48BC55D7.3010109@gmail.com> <43513.1220307806@turing-police.cc.vt.edu> <48BD04B7.60702@gmail.com> <12267.1220371531@turing-police.cc.vt.edu> Message-ID: <48BD8365.2060308@gmail.com> Valdis.Kletnieks at vt.edu ?????: > On Tue, 02 Sep 2008 17:17:43 +0800, Pavel Labushev said: > >> "SECURITY PATCH tag on a fix" helps me to know that there is the problem >> and I must consider the patch, check its correctness and maybe >> test/backport/apply it to my production systems ASAP. Just as another >> tags helps me to know that there are realiability and other issues I >> must care about. > > OK, now s/security patch/silent data corruption/ and tell me what's *actually* > different. The consequences are actually and obviously different. Now, please, try to figure out that by yourself. Forget about Linus' point. Pretend you're system administrator and try to think like one. > Wow, you still need to consider it, check it, test it, and deploy it. Not exactly. > Unless of course you don't give a shit about your data. But in that case, > the security patch can probably be overlooked too. Hint: the data can be backed up. > That's Linus's point - if the patch is important enough to go into one of > the -stable tree kernels, it's probably something you want to install, whether > or not it's a security patch. Whether or not so-called -stable kernels are always stable - is another question. And not a last one - there are more. From nytrokiss at gmail.com Tue Sep 2 19:17:12 2008 From: nytrokiss at gmail.com (James Matthews) Date: Tue, 2 Sep 2008 11:17:12 -0700 Subject: [Full-disclosure] security news on cnet??? In-Reply-To: <4b6ee9310809021107p60f02f4fl7bf9c54c5068037c@mail.gmail.com> References: <4b6ee9310809021107p60f02f4fl7bf9c54c5068037c@mail.gmail.com> Message-ID: <8a6b8e350809021117u7046d373uf711a04edd1d0d0f@mail.gmail.com> I also enjoy Cnet security news. On Tue, Sep 2, 2008 at 11:07 AM, n3td3v wrote: > > you've not post any security news all week, what's going on cnet??? is > the journalist that does the security news off ill??? > > :( > > yours, > > cnet fan > > -- > https://groups.google.com/group/n3td3v > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- http://search.goldwatches.com/search.aspx?Search=Movado+Watches -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080902/85ece3ca/attachment.html From fernando.gont at gmail.com Tue Sep 2 19:30:48 2008 From: fernando.gont at gmail.com (Fernando Gont) Date: Tue, 02 Sep 2008 15:30:48 -0300 Subject: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft In-Reply-To: <4ef5fec60809020715o5f952350l3f485237e209b8b1@mail.gmail.co m> References: <48bb8247.3a17260a.4768.ffff8ccc@mx.google.com> <4ef5fec60809011250g7eddd0a9k56c97a15463fcca1@mail.gmail.com> <48bd038b.1c1d640a.5688.3991@mx.google.com> <4ef5fec60809020715o5f952350l3f485237e209b8b1@mail.gmail.com> Message-ID: <48bd875d.02c3f10a.364a.7c3b@mx.google.com> At 11:15 a.m. 02/09/2008, coderman wrote: >On Tue, Sep 2, 2008 at 2:06 AM, Fernando Gont wrote: > > ... there's no description of what Windows does > >some things speak for themselves... :) What speaks for itself? Our work is a proposal for a few alternatives for doing port randomization. Two of them are new, and are supposed to avoid some of the problems that are usually caused by a trivial port randomization algorithm (e.g., algorithm #1 and algorithm #2). Full stop. We simply provide a small survey in case you ask yourself "what is being done out there" by popular TCP implementations. The survey is simply an appendix, and was added as I was examining the Linux and *BSD code myself. > > Also, the base Linux system already implements Algorithm #3... why > > ... patch > >if you seed/key #3 poorly, as just one example. (which you reference >via RFC4086, etc) If algorithm #3 is seeded poorly, then I think you should document it, and send a patch so that that problem is fixed in the base system. > > P.S.: The "survey" section must be about 1% of the document. I'd be glad to > > hear comments on the rest of the document. > >sure... section #4 should be: >s/should consider randomizing/must randomize/ If anything, it should be "should randomize". "MUSTs" are meant to mandate specific behaviors/rules that, if not followed, would lead to interoperability problems. -- Fernando Gont e-mail: fernando at gont.com.ar || fgont at acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 From randy at procyonlabs.com Tue Sep 2 19:35:23 2008 From: randy at procyonlabs.com (Randal T. Rioux) Date: Tue, 2 Sep 2008 14:35:23 -0400 (EDT) Subject: [Full-disclosure] security news on cnet??? In-Reply-To: <8a6b8e350809021117u7046d373uf711a04edd1d0d0f@mail.gmail.com> References: <4b6ee9310809021107p60f02f4fl7bf9c54c5068037c@mail.gmail.com> <8a6b8e350809021117u7046d373uf711a04edd1d0d0f@mail.gmail.com> Message-ID: <60c228f48c77372e2e505ab1b29d5fe1.squirrel@meteor.procyonlabs.com> On Tue, Sep 2, 2008 at 11:07 AM, n3td3v wrote: > > you've not post any security news all week, what's going on cnet??? is > the journalist that does the security news off ill??? > > :( > > yours, > > cnet fan surely they will cave to pressure from the global powers of the netdev group. i bet they'll be a story up for comment pretty soon now. randy From security at mandriva.com Tue Sep 2 20:08:01 2008 From: security at mandriva.com (security at mandriva.com) Date: Tue, 02 Sep 2008 13:08:01 -0600 Subject: [Full-disclosure] [ MDVSA-2008:182 ] wordnet Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:182 http://www.mandriva.com/security/ _______________________________________________________________________ Package : wordnet Date : September 2, 2008 Affected: 2008.0, 2008.1 _______________________________________________________________________ Problem Description: Rob Holland found several programming errors in WordNet which could lead to the execution or arbitrary code when used with untrusted input (CVE-2008-2149). The updated packages have been patched to prevent these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2149 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 1c6a1df61fe91dda3ae4dac057401fbc 2008.0/i586/libwordnet3.0-3.0-6.1mdv2008.0.i586.rpm 1802486553d178a0802fd0ad89b6cef6 2008.0/i586/libwordnet3.0-devel-3.0-6.1mdv2008.0.i586.rpm 751310829f7f292fa358fe30111dff14 2008.0/i586/wordnet-3.0-6.1mdv2008.0.i586.rpm 719473d84e3be3fdf46333f6faa74a41 2008.0/SRPMS/wordnet-3.0-6.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 5ff81320990de26154b15e56b30b51e1 2008.0/x86_64/lib64wordnet3.0-3.0-6.1mdv2008.0.x86_64.rpm 99d9ad1f9abaefbf9f6acb8b31f52027 2008.0/x86_64/lib64wordnet3.0-devel-3.0-6.1mdv2008.0.x86_64.rpm b91a656c9dc2d6ec69d51ba335c78b3d 2008.0/x86_64/wordnet-3.0-6.1mdv2008.0.x86_64.rpm 719473d84e3be3fdf46333f6faa74a41 2008.0/SRPMS/wordnet-3.0-6.1mdv2008.0.src.rpm Mandriva Linux 2008.1: 70639dc3c0f6905ee668f17dc9e6d0fb 2008.1/i586/libwordnet3.0-3.0-6.1mdv2008.1.i586.rpm abb67cb73d41e34361933e1f684b7b31 2008.1/i586/libwordnet3.0-devel-3.0-6.1mdv2008.1.i586.rpm 365af128c071777483b61ed89b760802 2008.1/i586/wordnet-3.0-6.1mdv2008.1.i586.rpm d5371cdefa639f61fc303c3804218c95 2008.1/SRPMS/wordnet-3.0-6.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 14bbe9699fe4d0b6b6aa6660a22799a7 2008.1/x86_64/lib64wordnet3.0-3.0-6.1mdv2008.1.x86_64.rpm 45c1a11f43f3b53517b63f9a74e15a1b 2008.1/x86_64/lib64wordnet3.0-devel-3.0-6.1mdv2008.1.x86_64.rpm 615b4e49a4be1edac0fc5320a46f1e9d 2008.1/x86_64/wordnet-3.0-6.1mdv2008.1.x86_64.rpm d5371cdefa639f61fc303c3804218c95 2008.1/SRPMS/wordnet-3.0-6.1mdv2008.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIvWLZmqjQ0CJFipgRAhdfAJ4/nXJx0C4bu8vaDBN/26S3fXdNngCeI7Gw 6d9rt5zYII6WCveNT/Sa2Y4= =pXug -----END PGP SIGNATURE----- From dr at kyx.net Tue Sep 2 20:10:36 2008 From: dr at kyx.net (Dragos Ruiu) Date: Tue, 2 Sep 2008 12:10:36 -0700 Subject: [Full-disclosure] die In-Reply-To: <21110.1220379206@turing-police.cc.vt.edu> References: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> <8a6b8e350809021050x4b0c77ccq1b3db513f26477e@mail.gmail.com> <48BD7E71.30306@crucialsecurity.com> <21110.1220379206@turing-police.cc.vt.edu> Message-ID: <02FEEEFC-BA0D-4AD8-9C90-96F8A0FC875C@kyx.net> Please support the Internet campaign to de-vilify top posting. On 2-Sep-08, at 11:13 AM, Valdis.Kletnieks at vt.edu wrote: > On Tue, 02 Sep 2008 13:57:05 EDT, Jared DeMott said: >> James Matthews wrote: >>> Double Die >> Gang, telling people to die is not nice. Please refer to [1] or [2]. > > Ever notice that most of the 'die in a fire' comments come from top- > posters? > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ Seriously... with modern multi-paned mail readers, top-posting is a better way to communicate. cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques Buenos Aires, Argentina Sept. 30 / Oct. 1 - 2008 http://ba-con.com.ar Tokyo, Japan November 12/13 2008 http://pacsec.jp Vancouver, Canada March 16-20 2009 http://cansecwest.com pgpkey http://dragos.com/ kyxpgp From william at lefkovics.net Tue Sep 2 20:17:13 2008 From: william at lefkovics.net (william at lefkovics.net) Date: Tue, 2 Sep 2008 13:17:13 -0600 Subject: [Full-disclosure] die Message-ID: <2d89d200$514dffa$4edaddf0$@com> It's often way too time consuming to navigate to bottom-posted commentary to form a reasonable sample size for assessment, so I'll have to take your word for it. ---------------------------------------- From: Valdis.Kletnieks at vt.edu Sent: Tuesday, September 02, 2008 11:14 AM To: "Jared DeMott" Subject: Re: [Full-disclosure] die On Tue, 02 Sep 2008 13:57:05 EDT, Jared DeMott said: > James Matthews wrote: > > Double Die > Gang, telling people to die is not nice. Please refer to [1] or [2]. Ever notice that most of the 'die in a fire' comments come from top-posters? _______________________________________________ Full-Disclosure - We believe in it. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080902/74d4826d/attachment.html From xploitable at gmail.com Tue Sep 2 21:41:05 2008 From: xploitable at gmail.com (n3td3v) Date: Tue, 2 Sep 2008 21:41:05 +0100 Subject: [Full-disclosure] die In-Reply-To: <48BD7CE2.9060003@gmail.com> References: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> <48BD7CE2.9060003@gmail.com> Message-ID: <4b6ee9310809021341v25349c53t4f4603faea01fd5b@mail.gmail.com> On Tue, Sep 2, 2008 at 6:50 PM, Thedjatclubrock wrote: > Can we please avoid messages like this one in the future, thank you. Who do you think you are, Gadi Evron or something? Don't tell people what to do. -- https://groups.google.com/group/n3td3v From razishaban at gmail.com Tue Sep 2 21:59:03 2008 From: razishaban at gmail.com (Razi Shaban) Date: Tue, 2 Sep 2008 23:59:03 +0300 Subject: [Full-disclosure] die In-Reply-To: <4b6ee9310809021341v25349c53t4f4603faea01fd5b@mail.gmail.com> References: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> <48BD7CE2.9060003@gmail.com> <4b6ee9310809021341v25349c53t4f4603faea01fd5b@mail.gmail.com> Message-ID: <2d792fb20809021359u3f07b51cmc1d08cca144eb92f@mail.gmail.com> On 9/2/08, n3td3v wrote: > On Tue, Sep 2, 2008 at 6:50 PM, Thedjatclubrock wrote: > > Can we please avoid messages like this one in the future, thank you. > > > Who do you think you are, Gadi Evron or something? Don't tell people what to do. > Who do you think you are, Gadi Evron or something? Don't tell people what to do. From kees at ubuntu.com Tue Sep 2 21:25:06 2008 From: kees at ubuntu.com (Kees Cook) Date: Tue, 2 Sep 2008 13:25:06 -0700 Subject: [Full-disclosure] [USN-639-1] tiff vulnerability Message-ID: <20080902202506.GO12974@outflux.net> =========================================================== Ubuntu Security Notice USN-639-1 September 02, 2008 tiff vulnerability CVE-2008-2327 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libtiff4 3.7.4-1ubuntu3.3 Ubuntu 7.04: libtiff4 3.8.2-6ubuntu1 Ubuntu 7.10: libtiff4 3.8.2-7ubuntu2.1 Ubuntu 8.04 LTS: libtiff4 3.8.2-7ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Drew Yao discovered that the TIFF library did not correctly validate LZW compressed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could execute arbitrary code or cause an application linked against libtiff to crash, leading to a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.3.diff.gz Size/MD5: 19356 56610d9fbd62d610f7004b3d30099c8e http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.3.dsc Size/MD5: 802 426326dc802835cf100d63d6842b9939 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz Size/MD5: 1280113 02cf5c3820bda83b35bb35b45ae27005 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.3_amd64.deb Size/MD5: 220614 ff6387e7888bdf3b1d3515d0eede40c1 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.3_amd64.deb Size/MD5: 282146 75b17acb52792737598afba03b1cb835 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.3_amd64.deb Size/MD5: 475444 624f548a9b16339c5214b87a8587e0af http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.3_amd64.deb Size/MD5: 44520 1522729abef4145d8ae4fb125892e03b http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.3_amd64.deb Size/MD5: 49702 32735e413d785c456f8e340dbb3e974f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.3_i386.deb Size/MD5: 205772 330fd846b4c42cfea4a86db7cd578032 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.3_i386.deb Size/MD5: 258868 4248ca40bb9516d3f15af5ea0b7d82e3 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.3_i386.deb Size/MD5: 461668 8e64e0f252f0cf1805a95503763a7ee7 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.3_i386.deb Size/MD5: 44496 38356372e09eacc21c85147a64730863 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.3_i386.deb Size/MD5: 49028 0f209680ec3fe2d63b8f2ee1eb82d671 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.3_powerpc.deb Size/MD5: 239612 85752da1b75412f455964b6e330d9b9c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.3_powerpc.deb Size/MD5: 287816 7dbabece275f8672edb8a23d55a7a473 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.3_powerpc.deb Size/MD5: 475776 4aa903c0a0ff484a56c5fe1704a4e727 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.3_powerpc.deb Size/MD5: 46734 bb81db39da467e2625c0d042d3a8cd28 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.3_powerpc.deb Size/MD5: 51374 a98d703c16b08432c5faba227b49a11c sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.3_sparc.deb Size/MD5: 208422 3403ad880d5a4928093e37077325b249 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.3_sparc.deb Size/MD5: 269832 9e31723f565218781859094e02157832 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.3_sparc.deb Size/MD5: 466524 60370fd4a11ed2ab9405d1d34ec89613 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.3_sparc.deb Size/MD5: 44444 d55f667802302d260a0e9fa818a84062 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.3_sparc.deb Size/MD5: 49580 8e9cf307f440d06e4fac7f8a0e72b575 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-6ubuntu1.diff.gz Size/MD5: 17421 c27407897402d8784aaa78872df66084 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-6ubuntu1.dsc Size/MD5: 894 7f473766d9506c9cf8c9dc9fc301899a http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-6ubuntu1_amd64.deb Size/MD5: 185580 b0e5244445e5b5842e15ede52b62a464 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-6ubuntu1_amd64.deb Size/MD5: 248558 f870334e57d6cf450c113b434ec7dc1f http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-6ubuntu1_amd64.deb Size/MD5: 491096 f082f77dec69c785f86c7da6a34e30bf http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-6ubuntu1_amd64.deb Size/MD5: 4948 2af2beb4111fec29a89f4fc5b345dd4d http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-6ubuntu1_amd64.deb Size/MD5: 10380 2ae539b37bfc0a4fdf0b4d1f79d71c01 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-6ubuntu1_i386.deb Size/MD5: 174706 06ddc26a9eb1f25e51a537f4d13d0cd7 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-6ubuntu1_i386.deb Size/MD5: 230880 1e263f73724556b229ce53da89f1bb6c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-6ubuntu1_i386.deb Size/MD5: 483176 c204eee64ba32343630090710e886ce5 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-6ubuntu1_i386.deb Size/MD5: 4948 0583b395261bfc9e8971845183aa1370 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-6ubuntu1_i386.deb Size/MD5: 9870 afb43b9979860ab71d5b18f667a94234 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-6ubuntu1_powerpc.deb Size/MD5: 221280 67928c23965f4aad6dc9bd0904a5de3c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-6ubuntu1_powerpc.deb Size/MD5: 255168 1ee1410c16e8878c1363714c7def2039 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-6ubuntu1_powerpc.deb Size/MD5: 496328 0efa9338a0a0a74593785ad710bff29c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-6ubuntu1_powerpc.deb Size/MD5: 7444 5b6cf616b9371fb54ba7cd4d74671539 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-6ubuntu1_powerpc.deb Size/MD5: 13110 c3192321c2d2a212b4acb12a95958338 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-6ubuntu1_sparc.deb Size/MD5: 178680 5b6c97cd81cd4a6df4d4228ee48bb81e http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-6ubuntu1_sparc.deb Size/MD5: 236610 7e3286d3b39739a92c131d841fc6fa53 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-6ubuntu1_sparc.deb Size/MD5: 482248 8cf86b28cc0b967efaa635f28408e70e http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-6ubuntu1_sparc.deb Size/MD5: 4690 0d8ef4cc1149bc175e1b4cef56a533ac http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-6ubuntu1_sparc.deb Size/MD5: 10630 4fab06812752f458f00bbe408c4a5e51 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu2.1.diff.gz Size/MD5: 17693 d8bfc71ab431317d9d7776e8904d41cb http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu2.1.dsc Size/MD5: 898 0e2bd83921a76666aaad9f0db1d2143f http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu2.1_amd64.deb Size/MD5: 186046 5eca7cf38e7a627ac9ff35e05341c6a3 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu2.1_amd64.deb Size/MD5: 572732 6d8a9c1762acb37ac98637f5838677bd http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu2.1_amd64.deb Size/MD5: 167514 7c316c12186064ce36fa302eeb1a9d35 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu2.1_amd64.deb Size/MD5: 5030 36e2e41d1c74cba5f6226adcdb9635d4 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu2.1_amd64.deb Size/MD5: 10482 398ee14c1a54bf682843ab5b4d5a1ef2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu2.1_i386.deb Size/MD5: 175032 35f9d040cf7bb70a3e0cdcaed891e8ea http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu2.1_i386.deb Size/MD5: 555062 b95d128052ee5deddde5512404116d93 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu2.1_i386.deb Size/MD5: 159682 6fecbcf423292c8afb087b717bc39733 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu2.1_i386.deb Size/MD5: 5036 58dea786bf7ab7b9f124864076f98bc7 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu2.1_i386.deb Size/MD5: 9950 4530d1926d2776a808b92451d241b40a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu2.1_lpia.deb Size/MD5: 176688 c34dd42b7fb2c866a337cf0a831500dd http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu2.1_lpia.deb Size/MD5: 554916 5c89af650f71fa329f9b27c964e159b5 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu2.1_lpia.deb Size/MD5: 159016 0e4f184a9264ecd2669df232f031f5bc http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu2.1_lpia.deb Size/MD5: 4886 c365fc0610f673b5b514190f52c9b2cd http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu2.1_lpia.deb Size/MD5: 9950 eedb7a284fd8ccfde7373719c5aa8e09 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu2.1_powerpc.deb Size/MD5: 221632 d54b58c8832e981a496517aee739e96d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu2.1_powerpc.deb Size/MD5: 579494 ab32f5a3bdb94d98cfd5cec17fdbdb8b http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu2.1_powerpc.deb Size/MD5: 172920 6221864857865170ebc103e8e9ca2f1d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu2.1_powerpc.deb Size/MD5: 7524 cce4cd11ab76e2a20fb23231128013d3 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu2.1_powerpc.deb Size/MD5: 13184 4417c793e3b787fb4925052e5628a487 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu2.1_sparc.deb Size/MD5: 179138 e056aaaf8281aeeec8e93bb4c646b11e http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu2.1_sparc.deb Size/MD5: 560334 28115f9f96039c2ea6a861be5418d2e4 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu2.1_sparc.deb Size/MD5: 159258 951e1ad2ff233ccf9a2357d6fd7c9d5a http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu2.1_sparc.deb Size/MD5: 4794 4da0d6d8b2c59f8d834f26893d056a77 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu2.1_sparc.deb Size/MD5: 10734 2430febfadfa3afef94890422229333a Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.1.diff.gz Size/MD5: 17739 3df53cb9be4eac8018114eca54eeddd0 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.1.dsc Size/MD5: 898 63c01af90b1a28f341cda765cb388af5 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.1_amd64.deb Size/MD5: 186212 cb1aa7ea448c64d8a071db1e7103abde http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.1_amd64.deb Size/MD5: 570784 d42a106beb13b5fada52bb49b23348e0 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.1_amd64.deb Size/MD5: 130572 d92ef8e00a2c11a92ef2258c9ee34509 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.1_amd64.deb Size/MD5: 5076 505cb2e12de00a198f6043cfa5826f99 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.1_amd64.deb Size/MD5: 10500 3f4885e033e8b49ac0ace8a25033bd70 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.1_i386.deb Size/MD5: 175046 e1968da8535ff6051d1fd16fa515e77f http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.1_i386.deb Size/MD5: 552288 b22a3ffa9d2bd620aa7dcb5897ecb65d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.1_i386.deb Size/MD5: 122264 c7e7c7b3d1f51471a67495a82c8c318c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.1_i386.deb Size/MD5: 5038 c15e0e405b52dac9ae0ba43bf0bf2929 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.1_i386.deb Size/MD5: 9936 d295285a90e2f40f4c6be563f4feecf8 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.1_lpia.deb Size/MD5: 177130 feec0c26db46f966db003e73e04e42ca http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.1_lpia.deb Size/MD5: 554830 6833fbea686cd3780bd8e814aea90693 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.1_lpia.deb Size/MD5: 123436 ba48f119c3690bafac6dc0914b080076 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.1_lpia.deb Size/MD5: 4920 74d243746774e0ad29fc9a5c888f88fa http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.1_lpia.deb Size/MD5: 9976 79dd38d3c74419e2f3af36599c3c0ed0 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.1_powerpc.deb Size/MD5: 223256 dc107cbd87d9106985537d6c275a0544 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.1_powerpc.deb Size/MD5: 576802 7b70d820ee684cdccda2abb2f0803578 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.1_powerpc.deb Size/MD5: 133868 bdfb766eeab2dfc1ee4e30c64464a581 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.1_powerpc.deb Size/MD5: 7508 47e95d771f3e56e8d0edb098a227699d http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.1_powerpc.deb Size/MD5: 13288 df5e73b79db7688fbb097123a8893886 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.1_sparc.deb Size/MD5: 178648 76db5473a395f84e57f74882d4276032 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.1_sparc.deb Size/MD5: 558200 2fa5edc2be0a83f0d8b5a872ad2852cc http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.1_sparc.deb Size/MD5: 122054 d54617bcf0f9ee0eb0593dc57f6cacaa http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.1_sparc.deb Size/MD5: 4802 bdc15c3e7f4658e9747e6092e7c118a5 http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.1_sparc.deb Size/MD5: 10696 0cbe55aa53a298214936bcd103370ad6 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 235 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080902/85310008/attachment.bin From security at mandriva.com Tue Sep 2 22:14:00 2008 From: security at mandriva.com (security at mandriva.com) Date: Tue, 02 Sep 2008 15:14:00 -0600 Subject: [Full-disclosure] [ MDVSA-2008:183 ] opensc Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:183 http://www.mandriva.com/security/ _______________________________________________________________________ Package : opensc Date : September 2, 2008 Affected: 2007.1, 2008.0, 2008.1, Corporate 4.0 _______________________________________________________________________ Problem Description: Chaskiel M Grundman found that OpenSC would initialize smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN without first having the PIN or PUK, or the superuser's PIN or PUK (CVE-2008-2235). Please note that this issue can not be used to discover the PIN on a card. If the PIN on a card is the same that was always there, it is unlikely that this vulnerability has been exploited. As well, this issue only affects smart cards and USB crypto tokens based on Siemens CardOS M4, and then only those devices that were initialized by OpenSC. Users of other smart cards or USB crypto tokens, or cards that were not initialized by OpenSC, are not affected. After applying the update, executing 'pkcs15-tool -T' will indicate whether the card is fine or vulnerable. If the card is vulnerable, the security settings need to be updated by executing 'pkcs15-tool -T -U'. The updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2235 http://www.opensc-project.org/security.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 77f7d7afda2b14397fd49eb9a40fe277 2007.1/i586/libopensc2-0.11.1-3.1mdv2007.1.i586.rpm 63ac5b681a7c32ff5fa5a19eaacd99c4 2007.1/i586/libopensc2-devel-0.11.1-3.1mdv2007.1.i586.rpm 70e9d0aa9fd4ee98e44acb640cca7334 2007.1/i586/mozilla-plugin-opensc-0.11.1-3.1mdv2007.1.i586.rpm 9990fd668eb0db7a2c3a067663935e6c 2007.1/i586/opensc-0.11.1-3.1mdv2007.1.i586.rpm 2ef9d3fd31d521b775f36480608f5494 2007.1/SRPMS/opensc-0.11.1-3.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 7ff78a629ff3fc4ebae26081445476b5 2007.1/x86_64/lib64opensc2-0.11.1-3.1mdv2007.1.x86_64.rpm d782522d41b4c9c3740d6d3917560a9f 2007.1/x86_64/lib64opensc2-devel-0.11.1-3.1mdv2007.1.x86_64.rpm 6e7cc1f3c8dd8485a182704d64a59c8b 2007.1/x86_64/mozilla-plugin-opensc-0.11.1-3.1mdv2007.1.x86_64.rpm 9337e42a69c15124642ed8f9756fd3c2 2007.1/x86_64/opensc-0.11.1-3.1mdv2007.1.x86_64.rpm 2ef9d3fd31d521b775f36480608f5494 2007.1/SRPMS/opensc-0.11.1-3.1mdv2007.1.src.rpm Mandriva Linux 2008.0: 4ce42db0e198b6ce9c9287594ee3fafd 2008.0/i586/libopensc2-0.11.3-2.1mdv2008.0.i586.rpm 70546abd01b00bab812fa6fea4ae4d16 2008.0/i586/libopensc-devel-0.11.3-2.1mdv2008.0.i586.rpm eba548b0a0547b26056233f5e8ca6adb 2008.0/i586/mozilla-plugin-opensc-0.11.3-2.1mdv2008.0.i586.rpm 7220fd9c1e95158f787cc8369826ec32 2008.0/i586/opensc-0.11.3-2.1mdv2008.0.i586.rpm ce97f832256d12037e51bafb9d70e5ef 2008.0/SRPMS/opensc-0.11.3-2.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 5378764b2b2d3cd848ac0ac542287b94 2008.0/x86_64/lib64opensc2-0.11.3-2.1mdv2008.0.x86_64.rpm a6dbaabff7dbd6cabc1202a334c663b2 2008.0/x86_64/lib64opensc-devel-0.11.3-2.1mdv2008.0.x86_64.rpm f3b2891c740068fa7f328690f8a53c0a 2008.0/x86_64/mozilla-plugin-opensc-0.11.3-2.1mdv2008.0.x86_64.rpm 9ad409a7e667a9bc7c448ad207ce2afd 2008.0/x86_64/opensc-0.11.3-2.1mdv2008.0.x86_64.rpm ce97f832256d12037e51bafb9d70e5ef 2008.0/SRPMS/opensc-0.11.3-2.1mdv2008.0.src.rpm Mandriva Linux 2008.1: d2f1aecf3d76a0de1eb2314467e8039c 2008.1/i586/libopensc2-0.11.3-2.1mdv2008.1.i586.rpm 25cbd704341f975c3608b2415f73876a 2008.1/i586/libopensc-devel-0.11.3-2.1mdv2008.1.i586.rpm afeb1a983ab5dc9175abe9a3d4d2a043 2008.1/i586/mozilla-plugin-opensc-0.11.3-2.1mdv2008.1.i586.rpm 2e4f8fbf6baf274e24d0d68713c20bb0 2008.1/i586/opensc-0.11.3-2.1mdv2008.1.i586.rpm 53c7c0bc38eb3210137ce329559705cf 2008.1/SRPMS/opensc-0.11.3-2.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 78655b07b2736207d38d165f695f5e72 2008.1/x86_64/lib64opensc2-0.11.3-2.1mdv2008.1.x86_64.rpm 55f4a5fe2db33ec43b74353b92b01c6d 2008.1/x86_64/lib64opensc-devel-0.11.3-2.1mdv2008.1.x86_64.rpm 70d7f144e01d25f79b622484db2ef0bd 2008.1/x86_64/mozilla-plugin-opensc-0.11.3-2.1mdv2008.1.x86_64.rpm 807e29fd2d0560f65eff7fff274aa5e2 2008.1/x86_64/opensc-0.11.3-2.1mdv2008.1.x86_64.rpm 53c7c0bc38eb3210137ce329559705cf 2008.1/SRPMS/opensc-0.11.3-2.1mdv2008.1.src.rpm Corporate 4.0: f429cd809bb72592a21b37921ef4c3a0 corporate/4.0/i586/libopensc2-0.10.1-2.1.20060mlcs4.i586.rpm f91cc391ac3c574701b27d65ff2f14eb corporate/4.0/i586/libopensc2-devel-0.10.1-2.1.20060mlcs4.i586.rpm 7eb7c1057b2c47306482d0afc1e6e859 corporate/4.0/i586/mozilla-plugin-opensc-0.10.1-2.1.20060mlcs4.i586.rpm 4c69219b2f389fe050df05985deecb86 corporate/4.0/i586/opensc-0.10.1-2.1.20060mlcs4.i586.rpm 8830d7341d49f9da956a907e21e9a7a0 corporate/4.0/SRPMS/opensc-0.10.1-2.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: d92325b44dbf5deb8cfcd0cbf4f59012 corporate/4.0/x86_64/lib64opensc2-0.10.1-2.1.20060mlcs4.x86_64.rpm 2944306bed9b725e7c0bc196416de3c2 corporate/4.0/x86_64/lib64opensc2-devel-0.10.1-2.1.20060mlcs4.x86_64.rpm 424b680dbde7f548b731ecc4bf8021fc corporate/4.0/x86_64/mozilla-plugin-opensc-0.10.1-2.1.20060mlcs4.x86_64.rpm 70c9f7f70ca3e6635c80608189a220e0 corporate/4.0/x86_64/opensc-0.10.1-2.1.20060mlcs4.x86_64.rpm 8830d7341d49f9da956a907e21e9a7a0 corporate/4.0/SRPMS/opensc-0.10.1-2.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIvX6MmqjQ0CJFipgRAoRWAKDJeFahAQ2AR414gjXP8O5e9kA+IQCdGkgV NXjfAeIK16LGCRR9/DHUvlU= =BPKk -----END PGP SIGNATURE----- From maillists at thelonecoder.com Tue Sep 2 22:07:55 2008 From: maillists at thelonecoder.com (Stephen Johnson) Date: Tue, 02 Sep 2008 14:07:55 -0700 Subject: [Full-disclosure] die In-Reply-To: <2d792fb20809021359u3f07b51cmc1d08cca144eb92f@mail.gmail.com> Message-ID: > Subject: Re: [Full-disclosure] die > > >> Who do you think you are, Gadi Evron or something? Don't tell people what to >> do. >> > > Who do you think you are, Gadi Evron or something? Don't tell people what to > do. Firefox has detected that the server is redirecting the request for this address in a way that will never complete -- Stephen Johnson c | eh The Lone Coder http://www.thelonecoder.com continuing the struggle against bad code http://www.fortheloveofgeeks.com I?m a geek and I?m OK! -- From xploitable at gmail.com Tue Sep 2 23:33:50 2008 From: xploitable at gmail.com (n3td3v) Date: Tue, 2 Sep 2008 23:33:50 +0100 Subject: [Full-disclosure] die In-Reply-To: References: <2d792fb20809021359u3f07b51cmc1d08cca144eb92f@mail.gmail.com> Message-ID: <4b6ee9310809021533i4c4b8d01l822b7520dcecc6e3@mail.gmail.com> On Tue, Sep 2, 2008 at 10:07 PM, Stephen Johnson wrote: > >> Subject: Re: [Full-disclosure] die >> >> >>> Who do you think you are, Gadi Evron or something? Don't tell people what to >>> do. >>> >> >> Who do you think you are, Gadi Evron or something? Don't tell people what to >> do. > > Firefox has detected that the server is redirecting the request for this > address in a way that will never complete > As long as Marcus Sachs doesn't make cyber security a national security agenda as the next administration is coming in. n3td3v saw that as a real threat to other countries national security specifically the United Kingdom, and as such I am on false flag alert. I'm convinced Marcus Sachs is hungry for power in Washington to do with cyber security. I think thats what was behind his senseless domain name reportage on the Sans Dairy, he wanted to put cyber security infront of the next administration as it is coming in. He thought Gustav was gonna be a major cat 4, cat 5 hurricane and thought this is a perfect way to put cyber security infront of the next next administration as they are coming in. Unfortunately for him his postings of domain names just turned into an alert board for the cyber criminals and helped them in knowing which domains not to use in cyber attacks. Plus the hurricane ended up making landfall on the Gulf Coast as a cat 2, cat 1 hurricane, so made his attempts to artificially ramp up cyber security as a national security agenda a damp squid. Although there is a flaw in his thinking, why make something a national security agenda when it isn't one? And thats what worries me. Why not let it naturally be a national security agenda or not be a natural national security agenda, why do you need to ramp something up to be a national security agenda when it isn't one? Cyber security isn't a national security agenda, but folks like Marcus Sachs want it to be one, so he can gain control of "cyber" in Washington. This is what i'm afraid of and Marcus Sachs and whoever he is related to need to be watched closely, I seen that Youtube video as a real threat and i'm keeping a close eye on him and any future dialog he outputs into the security community and wider world. Gadi Evron is small fry in comparison to Marcus Sachs, although Gadi is power hungry and could become a national security threat, he isn't right now, the real concern is that of Marcus Sachs and the Cnet News Youtube clip that mentions he or people he has obviously been having discussions with behind the scenes are wanting to artificially ramp up cyber security in timing with Obama or McCain getting into the White House, either so Marcus Sachs or his associates can A) Grab front focus power for the next four years, B) Get funding for various "projects" they deem as important. When you've got big leaders talking about influencing the next administration as they are coming in to a bunch of folks at Black Hat 2008, it really sends alarm bells ringing, I just hope the guy is being wiretapped. Sure, Gadi Evron is power hungry, but there are bigger fish to fry... Marcus Sachs. http://www.youtube.com/watch?v=FSUPTZVlkyU We need to get the full video of the Youtube video link i've post above put online, does Cnet News have the full video of the presentation? If so post it onto Youtube. Also, if Blackhat.com have the full video of the presentation, please post it online. Can everyone keep an eye on https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html#Sachs and email me when and if the video full appears there, we need to track this guy and keep an eye on him. If I ever get into MI5, i'll be focusing all my efforts on Sachs, so I hope the people who do work in MI5 keep an eye on Sachs in the run up to the election and beyond. Gadi is only causing collateral damage right now, by him pumping out about Estonia and Georgia being blamed on Russia and the news journalists believing that, when really both of those incidents were the work of the U.S government. The other governments can put up with Gadi's bot net claims and what appears in the media because of him, because its not really his fault unless the CIA have leaned on Mossad, to lean on Gadi Evron, to post on the internet who is to blame for Estonia, Georgia and whatever else Sachs and company may have planned to artificially ramp up cyber security as a national security agenda as the next president is coming in, (See Youtube video for Marcus Sachs quotes). All the best, n3td3v From psy.echo at gmail.com Wed Sep 3 00:50:45 2008 From: psy.echo at gmail.com (Rishi Narang) Date: Wed, 3 Sep 2008 05:20:45 +0530 Subject: [Full-disclosure] Google Chrome Browser Vulnerability Message-ID: <985632087.20080903052045@gmail.com> Hi, --------------------------------------------------- Software: Google Chrome Browser 0.2.149.27 Tested: Windows XP Professional SP3 Result: Google Chrome Crashes with All Tabs Problem: An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It fails in dealing with the POP EBP instruction when pointed out by the EIP register at 0x01002FF4. Proof of Concept: http://evilfingers.com/advisory/google_chrome_poc.php Credit: Rishi Narang (psy.echo) www.greyhat.in www.evilfingers.com --------------------------------------------------- -- Thanks & Regards, Rishi Narang | Security Researcher Founder, GREYHAT Insight Key: 0x8D67A3A3 (www.greyhat.in/key.asc) www.greyhat.in ... eschew obfuscation, espouse elucidation. From nick at virus-l.demon.co.uk Wed Sep 3 00:53:41 2008 From: nick at virus-l.demon.co.uk (Nick FitzGerald) Date: Wed, 03 Sep 2008 11:53:41 +1200 Subject: [Full-disclosure] die In-Reply-To: <02FEEEFC-BA0D-4AD8-9C90-96F8A0FC875C@kyx.net> References: <2d792fb20809020951s43391a96u1823aac520f4a6c7@mail.gmail.com> <21110.1220379206@turing-police.cc.vt.edu> <02FEEEFC-BA0D-4AD8-9C90-96F8A0FC875C@kyx.net> Message-ID: <48BE7AC5.6973.177F702B@nick.virus-l.demon.co.uk> Dragos Ruiu wrote: > Seriously... with modern multi-paned mail readers, top-posting is a > better way to communicate. That depends on how you define "communicate"... It also assumes that everyone will gladly, sheepfully use "modern, multi- paned mail readers". You may be a sheep whose communications consist of little more than adding simple confirming, negating or further-detail-requesting bleats to others' messages, but "discussion lists" and many other forms of communication commonly engaged via Email by higher order, bi-pedal mammals demand more sophistication of all of the communicator, mail reader and medium... If you dislike "no top posting" because of neanderthals who haven't grokked that it is about better communication and thus mindlessly quote an entire message to add their simple confirming, negating or further- detail-requesting grunts at the bottom, then you are making a false comparison, as such stupidity is equally anti-communication-assisting as your preferred top-bleating approach. Regards, Nick FitzGerald From xploitable at gmail.com Wed Sep 3 01:21:19 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Sep 2008 01:21:19 +0100 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <985632087.20080903052045@gmail.com> References: <985632087.20080903052045@gmail.com> Message-ID: <4b6ee9310809021721r3ee811d1o4c719055f22cac04@mail.gmail.com> On Wed, Sep 3, 2008 at 12:50 AM, Rishi Narang wrote: > > Proof of Concept: > http://evilfingers.com/advisory/google_chrome_poc.php > You didn't manage to jail break the entire browser, thats whats unique about Chrome, each tab is in jail, so the entire application doesn't crash. The real elite exploits will come with you can jail break the entire Chrome application... "Chrome's architecture lends itself to secure browsing. Each Web page, or tab, runs in its own process, and is blocked from accessing other processes on the computer. "We've taking the existing process boundary," the comic says, "and made it into a jail." Different and more flexible permissions are being developed for plug-ins, however." http://news.cnet.com/8301-17939_109-10029914-2.html From larry at larryseltzer.com Wed Sep 3 01:13:40 2008 From: larry at larryseltzer.com (Larry Seltzer) Date: Tue, 2 Sep 2008 20:13:40 -0400 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <985632087.20080903052045@gmail.com> References: <985632087.20080903052045@gmail.com> Message-ID: <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> Holy crap, a crash bug in a beta browser! Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer at ziffdavisenterprise.com -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Rishi Narang Sent: Tuesday, September 02, 2008 7:51 PM To: full-disclosure at lists.grok.org.uk Subject: [Full-disclosure] Google Chrome Browser Vulnerability Hi, --------------------------------------------------- Software: Google Chrome Browser 0.2.149.27 Tested: Windows XP Professional SP3 Result: Google Chrome Crashes with All Tabs Problem: An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It fails in dealing with the POP EBP instruction when pointed out by the EIP register at 0x01002FF4. Proof of Concept: http://evilfingers.com/advisory/google_chrome_poc.php Credit: Rishi Narang (psy.echo) www.greyhat.in www.evilfingers.com --------------------------------------------------- -- Thanks & Regards, Rishi Narang | Security Researcher Founder, GREYHAT Insight Key: 0x8D67A3A3 (www.greyhat.in/key.asc) www.greyhat.in ... eschew obfuscation, espouse elucidation. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From psy.echo at gmail.com Wed Sep 3 01:28:59 2008 From: psy.echo at gmail.com (Rishi Narang) Date: Wed, 3 Sep 2008 05:58:59 +0530 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> Message-ID: <1337764015.20080903055859@gmail.com> Hello Larry, Ya, a beta browser (though I forgot to mention it) but, is there any product from Google not in Beta ;) Thanks, our searches are not through a beta search engine. Anyways, it's just an attempt to make it a better place to browse and help it come out of Beta. Rest, I very much liked the minimalist approach and simplicity of it + fast surfing speed. Cheers! Just my 2 cents. -- Thanks & Regards, Rishi Narang | Security Researcher Founder, GREYHAT Insight Key: 0x8D67A3A3 (www.greyhat.in/key.asc) www.greyhat.in ... eschew obfuscation, espouse elucidation. Wednesday, September 3, 2008, 5:43:40 AM, you wrote: > Holy crap, a crash bug in a beta browser! > Larry Seltzer > eWEEK.com Security Center Editor > http://security.eweek.com/ > http://blogs.pcmag.com/securitywatch/ > Contributing Editor, PC Magazine > larry.seltzer at ziffdavisenterprise.com > -----Original Message----- > From: full-disclosure-bounces at lists.grok.org.uk > [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Rishi > Narang > Sent: Tuesday, September 02, 2008 7:51 PM > To: full-disclosure at lists.grok.org.uk > Subject: [Full-disclosure] Google Chrome Browser Vulnerability > Hi, > --------------------------------------------------- > Software: > Google Chrome Browser 0.2.149.27 > Tested: > Windows XP Professional SP3 > Result: > Google Chrome Crashes with All Tabs > Problem: > An issue exists in how chrome behaves with undefined-handlers in > chrome.dll version 0.2.149.27. A crash can result without user > interaction. When a user is made to visit a malicious link, which has an > undefined handler followed by a 'special' character, the chrome crashes > with a Google Chrome message window "Whoa! Google Chrome has crashed. > Restart now?". It fails in dealing with the POP EBP instruction when > pointed out by the EIP register at 0x01002FF4. > Proof of Concept: > http://evilfingers.com/advisory/google_chrome_poc.php > Credit: > Rishi Narang (psy.echo) > www.greyhat.in > www.evilfingers.com > --------------------------------------------------- > -- > Thanks & Regards, > Rishi Narang | Security Researcher > Founder, GREYHAT Insight > Key: 0x8D67A3A3 (www.greyhat.in/key.asc) > www.greyhat.in > ... eschew obfuscation, espouse elucidation. > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ From xploitable at gmail.com Wed Sep 3 01:30:23 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Sep 2008 01:30:23 +0100 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> Message-ID: <4b6ee9310809021730o45bc7f9em3af3a34ad10d0b21@mail.gmail.com> On Wed, Sep 3, 2008 at 1:13 AM, Larry Seltzer wrote: > Holy crap, a crash bug in a beta browser! > Only the current tab I am in, not the entire application. There is also an option to restore the crashed tab after I click on "OK", so none of the data within that tab has been lost. From michaelslists at gmail.com Wed Sep 3 01:35:02 2008 From: michaelslists at gmail.com (silky) Date: Wed, 3 Sep 2008 10:35:02 +1000 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> Message-ID: <5e01c29a0809021735k5b74f0b5v433a9b6cafb96058@mail.gmail.com> On Wed, Sep 3, 2008 at 10:13 AM, Larry Seltzer wrote: > Holy crap, a crash bug in a beta browser! oh fuck off with referring to it as "beta". beta is just a lame tag so you can release something that you don't entirely trust. imho if it's "beta" keep it fucking private. if it's public, grow a set of balls and don't call it "beta" so you can hide behind that when it fails. grow the fuck up, google. > Larry Seltzer > eWEEK.com Security Center Editor > http://security.eweek.com/ > http://blogs.pcmag.com/securitywatch/ > Contributing Editor, PC Magazine > larry.seltzer at ziffdavisenterprise.com -- noon silky http://www.themonkeynet.com/armada/ From michaelslists at gmail.com Wed Sep 3 01:58:01 2008 From: michaelslists at gmail.com (silky) Date: Wed, 3 Sep 2008 10:58:01 +1000 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> <5e01c29a0809021735k5b74f0b5v433a9b6cafb96058@mail.gmail.com> Message-ID: <5e01c29a0809021758y4cae624m70e1165669773034@mail.gmail.com> On Wed, Sep 3, 2008 at 10:55 AM, Jardel Weyrich wrote: > I'd recommend you to read > http://en.wikipedia.org/wiki/Software_release_life_cycle#Beta i'd recommend you re-read my post, and even that link. beta does not go public. and even if you do, don't release something publically only later to claim "oh it wasn't really ready, that's why that's not done". it's just pathetic. can't have it both ways. if you put up, expect to be shot down if there is an angle. -- noon silky http://www.themonkeynet.com/armada/ From xploitable at gmail.com Wed Sep 3 01:59:29 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Sep 2008 01:59:29 +0100 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <1337764015.20080903055859@gmail.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> <1337764015.20080903055859@gmail.com> Message-ID: <4b6ee9310809021759p25346452xd9622415c9ee7001@mail.gmail.com> On Wed, Sep 3, 2008 at 1:28 AM, Rishi Narang wrote: > Hello Larry, > > Ya, a beta browser (though I forgot to mention it) but, is there any product from Google not in Beta ;) Thanks, our searches are not through a beta search engine. Anyways, it's just an attempt to make it a better place to browse and help it come out of Beta. > Rest, I very much liked the minimalist approach and simplicity of it + fast surfing speed. Cheers! > > Just my 2 cents. > It didn't break out of jail for me, did it break out of jail for anyone else? All the best, n3td3v From w.jardel at gmail.com Wed Sep 3 01:55:19 2008 From: w.jardel at gmail.com (Jardel Weyrich) Date: Tue, 2 Sep 2008 21:55:19 -0300 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <5e01c29a0809021735k5b74f0b5v433a9b6cafb96058@mail.gmail.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> <5e01c29a0809021735k5b74f0b5v433a9b6cafb96058@mail.gmail.com> Message-ID: I'd recommend you to read http://en.wikipedia.org/wiki/Software_release_life_cycle#Beta On Tue, Sep 2, 2008 at 9:35 PM, silky wrote: > On Wed, Sep 3, 2008 at 10:13 AM, Larry Seltzer > wrote: > > Holy crap, a crash bug in a beta browser! > > oh fuck off with referring to it as "beta". beta is just a lame tag so > you can release something that you don't entirely trust. > > imho if it's "beta" keep it fucking private. if it's public, grow a > set of balls and don't call it "beta" so you can hide behind that when > it fails. > > grow the fuck up, google. > > > > Larry Seltzer > > eWEEK.com Security Center Editor > > http://security.eweek.com/ > > http://blogs.pcmag.com/securitywatch/ > > Contributing Editor, PC Magazine > > larry.seltzer at ziffdavisenterprise.com > > -- > noon silky > http://www.themonkeynet.com/armada/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080902/323580cb/attachment.html From cfp at ruxcon.org.au Tue Sep 2 06:14:33 2008 From: cfp at ruxcon.org.au (cfp at ruxcon.org.au) Date: Tue, 2 Sep 2008 05:14:33 +0000 (UTC) Subject: [Full-disclosure] RUXCON 2008 Final Call For Papers Message-ID: <20080902051433.D1CB836F0C5@mail.ruxcon.org.au> RUXCON 2008 FINAL CALL FOR PAPERS Ruxcon would like to announce the final call for papers for the fifth annual Ruxcon conference. This year the conference will take place over the weekend of 29th to the 30th of November. As with previous years, Ruxcon will be held at the University of Technology, Sydney, Australia. The deadline for submissions is the 15th of November. * What is Ruxcon? Ruxcon strives to be Australia's most technical and interesting computer security conference. We're back for the fifth year and intend on bringing you another high quality conference. The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves whilst expanding their knowledge of security. Live presentations and activities will cover a full range of defensive and offensive security topics, varying from unpublished research to required reading for the public security community. For more information, please visit http://www.ruxcon.org.au * Presentation Information Presentations are set to run for 50 minutes, and will be of a formal nature, with slides and a speech. * Presentation Submissions Ruxcon would like to invite people who are interested in security to submit a presentation. Topics of interest include, but are not limited to: o Code analysis o Exploitation techniques o Network scanning and analysis o Cryptography o Malware Analysis o Reverse engineering o Forensics and Anti-forensics o Social engineering o Web application security o Database security o Legal aspects of computer security and surrounding issues o Law enforcement activities o Telecommunications security (mobile, GSM, VOIP, etc.) Submissions should thoroughly outline your desired presentation subject. Accompanying your submission should be the slides you intend to use or a detailed paper explaining your subject. If you have any enquiries about submissions, or would like to make a submission, please send an e-mail to presentations @ ruxcon dot org dot au The deadline for submissions is the 15th of November. If approved we will additionally require: i. A brief personal biography (between 2-5 paragraphs in length), including: skill set, experience, and credentials. ii. A description on your presentation or workshop (between 2-5 paragraphs in length). * Contact Details Presentation Submissions: presentations @ ruxcon dot org dot au General Enquiries: staff @ ruxcon dot org dot au From xploitable at gmail.com Wed Sep 3 02:13:54 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Sep 2008 02:13:54 +0100 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <5e01c29a0809021758y4cae624m70e1165669773034@mail.gmail.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> <5e01c29a0809021735k5b74f0b5v433a9b6cafb96058@mail.gmail.com> <5e01c29a0809021758y4cae624m70e1165669773034@mail.gmail.com> Message-ID: <4b6ee9310809021813i8811b04ybeed247b0dd47c17@mail.gmail.com> On Wed, Sep 3, 2008 at 1:58 AM, silky wrote: > On Wed, Sep 3, 2008 at 10:55 AM, Jardel Weyrich wrote: >> I'd recommend you to read >> http://en.wikipedia.org/wiki/Software_release_life_cycle#Beta > > i'd recommend you re-read my post, and even that link. > > beta does not go public. and even if you do, don't release something > publically only later to claim "oh it wasn't really ready, that's why > that's not done". it's just pathetic. can't have it both ways. if you > put up, expect to be shot down if there is an angle. > > -- > noon silky > http://www.themonkeynet.com/armada/ > Ok, so can someone answer the question, does this break out of jail, yes or no? -- A security mailing list for computer security news and relevant world news in a breaking news format. https://groups.google.com/group/n3td3v From linux-fan at onda.com.br Wed Sep 3 03:01:24 2008 From: linux-fan at onda.com.br (Giancarlo Razzolini) Date: Tue, 02 Sep 2008 23:01:24 -0300 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <4b6ee9310809021813i8811b04ybeed247b0dd47c17@mail.gmail.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> <5e01c29a0809021735k5b74f0b5v433a9b6cafb96058@mail.gmail.com> <5e01c29a0809021758y4cae624m70e1165669773034@mail.gmail.com> <4b6ee9310809021813i8811b04ybeed247b0dd47c17@mail.gmail.com> Message-ID: <48BDEFF4.4040203@onda.com.br> n3td3v escreveu: > On Wed, Sep 3, 2008 at 1:58 AM, silky wrote: > >> On Wed, Sep 3, 2008 at 10:55 AM, Jardel Weyrich wrote: >> >>> I'd recommend you to read >>> http://en.wikipedia.org/wiki/Software_release_life_cycle#Beta >>> >> i'd recommend you re-read my post, and even that link. >> >> beta does not go public. and even if you do, don't release something >> publically only later to claim "oh it wasn't really ready, that's why >> that's not done". it's just pathetic. can't have it both ways. if you >> put up, expect to be shot down if there is an angle. >> >> -- >> noon silky >> http://www.themonkeynet.com/armada/ >> >> > > Ok, so can someone answer the question, does this break out of jail, yes or no? > > Discover it by yourself. Aren't you the bad ass guy of security? Really, i'm tired of seeing netshit just making noise on this list. Also, a bug in a beta browser is just a bug in a beta browser. I won't expect using it in a near future, so i don't care if it has bugs now. My 2 cents, -- Giancarlo Razzolini http://lock.razzolini.adm.br Linux User 172199 Red Hat Certified Engineer no:804006389722501 Verify:https://www.redhat.com/certification/rhce/current/ Moleque Sem Conteudo Numero #002 OpenBSD Stable Ubuntu 8.04 Hardy Heron 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 From xploitable at gmail.com Wed Sep 3 03:21:20 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Sep 2008 03:21:20 +0100 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <48BDEFF4.4040203@onda.com.br> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> <5e01c29a0809021735k5b74f0b5v433a9b6cafb96058@mail.gmail.com> <5e01c29a0809021758y4cae624m70e1165669773034@mail.gmail.com> <4b6ee9310809021813i8811b04ybeed247b0dd47c17@mail.gmail.com> <48BDEFF4.4040203@onda.com.br> Message-ID: <4b6ee9310809021921k50be7c8cj289a52584c8ae476@mail.gmail.com> On Wed, Sep 3, 2008 at 3:01 AM, Giancarlo Razzolini wrote: > Discover it by yourself. Aren't you the bad ass guy of security? > I'm just a member of the public, unemployed and stupid... maybe you can help me be badass... although i'd rather be a goodass, cause being badass is bad!!! Take care if your security, n3td3v From urlancomp at gmail.com Wed Sep 3 03:28:33 2008 From: urlancomp at gmail.com (Urlan) Date: Tue, 2 Sep 2008 23:28:33 -0300 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <4b6ee9310809021921k50be7c8cj289a52584c8ae476@mail.gmail.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> <5e01c29a0809021735k5b74f0b5v433a9b6cafb96058@mail.gmail.com> <5e01c29a0809021758y4cae624m70e1165669773034@mail.gmail.com> <4b6ee9310809021813i8811b04ybeed247b0dd47c17@mail.gmail.com> <48BDEFF4.4040203@onda.com.br> <4b6ee9310809021921k50be7c8cj289a52584c8ae476@mail.gmail.com> Message-ID: <8b88d71c0809021928r328c5753qef27ce23d3cf7d16@mail.gmail.com> Por que todo esse alvoro?o por causa de um bug na vers?o beta?! Viagem... Urlan On Tue, Sep 2, 2008 at 11:21 PM, n3td3v wrote: > On Wed, Sep 3, 2008 at 3:01 AM, Giancarlo Razzolini > wrote: > > Discover it by yourself. Aren't you the bad ass guy of security? > > > > I'm just a member of the public, unemployed and stupid... maybe you > can help me be badass... although i'd rather be a goodass, cause being > badass is bad!!! > > Take care if your security, > > n3td3v > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080902/30b4c0fe/attachment.html From tmdhat at gmail.com Wed Sep 3 04:18:06 2008 From: tmdhat at gmail.com (The Mad Hatter) Date: Wed, 3 Sep 2008 00:18:06 -0300 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <8b88d71c0809021928r328c5753qef27ce23d3cf7d16@mail.gmail.com> References: <985632087.20080903052045@gmail.com> <4b6ee9310809021921k50be7c8cj289a52584c8ae476@mail.gmail.com> <8b88d71c0809021928r328c5753qef27ce23d3cf7d16@mail.gmail.com> Message-ID: <200809030018.07155.tmdhat@gmail.com> On Tuesday 02 September 2008 23:28:33 Urlan wrote: > Por que todo esse alvoro?o por causa de um bug na vers?o beta?! > pt: n?o seja t?o imbecil en: don't be such a moron you are lame twice; first for posting in portuguese, then for giving a stupid negative contribution to the thread. if you don't have shit to say at least don't say shit. -- tmh From nytrokiss at gmail.com Wed Sep 3 05:34:58 2008 From: nytrokiss at gmail.com (James Matthews) Date: Tue, 2 Sep 2008 21:34:58 -0700 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> References: <985632087.20080903052045@gmail.com> <9B9E7EA67E1B1342B2D25F3FD1B32930012692C1@BE35.exg3.exghost.com> Message-ID: <8a6b8e350809022134w232c17cbrb7c7e31e2e4f5e8@mail.gmail.com> The same thing happened to safari when it came out on windows. On Tue, Sep 2, 2008 at 5:13 PM, Larry Seltzer wrote: > Holy crap, a crash bug in a beta browser! > > Larry Seltzer > eWEEK.com Security Center Editor > http://security.eweek.com/ > http://blogs.pcmag.com/securitywatch/ > Contributing Editor, PC Magazine > larry.seltzer at ziffdavisenterprise.com > > > -----Original Message----- > From: full-disclosure-bounces at lists.grok.org.uk > [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Rishi > Narang > Sent: Tuesday, September 02, 2008 7:51 PM > To: full-disclosure at lists.grok.org.uk > Subject: [Full-disclosure] Google Chrome Browser Vulnerability > > Hi, > > --------------------------------------------------- > Software: > Google Chrome Browser 0.2.149.27 > > Tested: > Windows XP Professional SP3 > > Result: > Google Chrome Crashes with All Tabs > > Problem: > An issue exists in how chrome behaves with undefined-handlers in > chrome.dll version 0.2.149.27. A crash can result without user > interaction. When a user is made to visit a malicious link, which has an > undefined handler followed by a 'special' character, the chrome crashes > with a Google Chrome message window "Whoa! Google Chrome has crashed. > Restart now?". It fails in dealing with the POP EBP instruction when > pointed out by the EIP register at 0x01002FF4. > > Proof of Concept: > http://evilfingers.com/advisory/google_chrome_poc.php > > Credit: > Rishi Narang (psy.echo) > www.greyhat.in > www.evilfingers.com > --------------------------------------------------- > > -- > Thanks & Regards, > Rishi Narang | Security Researcher > Founder, GREYHAT Insight > Key: 0x8D67A3A3 (www.greyhat.in/key.asc) > www.greyhat.in > > ... eschew obfuscation, espouse elucidation. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- http://www.goldwatches.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080902/326e4dbc/attachment.html From fergdawg at netzero.net Wed Sep 3 05:48:18 2008 From: fergdawg at netzero.net (Paul Ferguson) Date: Wed, 3 Sep 2008 04:48:18 GMT Subject: [Full-disclosure] Google Chrome Browser Vulnerability Message-ID: <20080902.214818.9950.0@webmail15.vgs.untd.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "James Matthews" wrote: > The same thing happened to safari when it came out on windows. Well, no kidding. :-) Maybe the flaws that will hound Chrome are due to the fact that it uses Safari as a codebase? See also: http://raffon.net/research/google/chrome/carpet.html http://www.microsoft.com/technet/security/advisory/953818.mspx Enjoy. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIvhcOq1pz9mNUZTMRAstlAKCPqFEaeSc96HHG1gyL5+EbgAYEQACdHBIK kZWN+fHmLdspT7LNmS8Ey08= =fvYJ -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ From andfarm at gmail.com Wed Sep 3 08:09:56 2008 From: andfarm at gmail.com (Andrew Farmer) Date: Wed, 3 Sep 2008 00:09:56 -0700 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <20080902.214818.9950.0@webmail15.vgs.untd.com> References: <20080902.214818.9950.0@webmail15.vgs.untd.com> Message-ID: <125874D1-5583-4D90-BCF9-954613A83EC1@gmail.com> On 02 Sep 08, at 21:48, Paul Ferguson wrote: > - -- "James Matthews" wrote: >> The same thing happened to safari when it came out on windows. > > Well, no kidding. :-) > > Maybe the flaws that will hound Chrome are due to the fact that > it uses Safari as a codebase? WebKit != Safari. Security-related bugs in rendering engines are pretty uncommon. From fergdawg at netzero.net Wed Sep 3 08:37:06 2008 From: fergdawg at netzero.net (Paul Ferguson) Date: Wed, 3 Sep 2008 07:37:06 GMT Subject: [Full-disclosure] Google Chrome Browser Vulnerability Message-ID: <20080903.003706.20417.1@webmail08.vgs.untd.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- Andrew Farmer wrote: >On 02 Sep 08, at 21:48, Paul Ferguson wrote: >> - -- "James Matthews" wrote: >>> The same thing happened to safari when it came out on windows. >> >> Well, no kidding. :-) >> >> Maybe the flaws that will hound Chrome are due to the fact that >> it uses Safari as a codebase? > >WebKit != Safari. Security-related bugs in rendering engines are pretty uncommon. > Okay, well you cannot deny this is a lackluster starting point. I hope Google can use this inauspicious starting point to build the advertising empire they desire. I for one do not welcome the advertisement overlords. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIvj6aq1pz9mNUZTMRAgEKAKC8rCgCiSPDcSLX8sAe1/ZJRR4fDACeIq9x X1b4Rd9bxRevUo78azKBi5o= =ic8T -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ From michaelslists at gmail.com Wed Sep 3 08:52:49 2008 From: michaelslists at gmail.com (silky) Date: Wed, 3 Sep 2008 17:52:49 +1000 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <20080903.003706.20417.1@webmail08.vgs.untd.com> References: <20080903.003706.20417.1@webmail08.vgs.untd.com> Message-ID: <5e01c29a0809030052x47f06d72hb6788f8d9fdb42a9@mail.gmail.com> On Wed, Sep 3, 2008 at 5:37 PM, Paul Ferguson wrote: > Okay, well you cannot deny this is a lackluster starting point. > > I hope Google can use this inauspicious starting point to build > the advertising empire they desire. > > I for one do not welcome the advertisement overlords. you're not the only one; don't worry. > - - ferg > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > > wj8DBQFIvj6aq1pz9mNUZTMRAgEKAKC8rCgCiSPDcSLX8sAe1/ZJRR4fDACeIq9x > X1b4Rd9bxRevUo78azKBi5o= > =ic8T > -----END PGP SIGNATURE----- > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > fergdawg(at)netzero.net > ferg's tech blog: http://fergdawg.blogspot.com/ -- noon silky http://www.themonkeynet.com/armada/ From xploitable at gmail.com Wed Sep 3 10:04:43 2008 From: xploitable at gmail.com (n3td3v) Date: Wed, 3 Sep 2008 10:04:43 +0100 Subject: [Full-disclosure] Google Chrome Browser Vulnerability In-Reply-To: <5e01c29a0809030052x47f06d72hb6788f8d9fdb42a9@mail.gmail.com> References: <20080903.003706.20417.1@webmail08.vgs.untd.com> <5e01c29a0809030052x47f06d72hb6788f8d9fdb42a9@mail.gmail.com> Message-ID: <4b6ee9310809030204y2f01e1bdo301dace11ac08e1f@mail.gmail.com> On Wed, Sep 3, 2008 at 8:52 AM, silky wrote: > On Wed, Sep 3, 2008 at 5:37 PM, Paul Ferguson wrote: >> Okay, well you cannot deny this is a lackluster starting point. >> >> I hope Google can use this inauspicious starting point to build >> the advertising empire they desire. >> >> I for one do not welcome the advertisement overlords. > > you're not the only one; don't worry. > > >> - - ferg >> I think the world's biggest hacker HD Moore will be releasing exploits for the browser soon, you know what he's like, so you shouldn't need to worry. All the best, n3td3v From beckett.samuel at gmail.com Wed Sep 3 10:31:25 2008 From: beckett.samuel at gmail.com (Samuel Beckett) Date: Wed, 3 Sep 2008 16:31:25 +0700 Subject: [Full-disclosure] Hardcoded Keys Message-ID: <4d413ee20809030231y43db8a44s4045876b1e91d57e@mail.gmail.com> What would be the the worst case if you implement the following scenario for a credit card transaction: - Store the private keys as disk files and place them in an area on a server that is readable from a DLL that contains the decryption algorithm -Hardcode one password into a DLL and the other password will be supplied by the service that requests the decryption. This password is then SHA1 hashed with a passphrase -- the result is used to decrypt the private key. After the successful credit card transaction, certain credit card details are then encrypted and stored wi