From nzerozerop at gmail.com Sun Mar 1 14:52:28 2009 From: nzerozerop at gmail.com (nzerozero p) Date: Sun, 1 Mar 2009 09:52:28 -0500 Subject: [Full-disclosure] Apple Safari ... DoS Vulnerability In-Reply-To: <448e9a320902270929t17f835c2pb2d379922dc16f17@mail.gmail.com> References: <1695017750.20090227143622@Zoller.lu> <20090227140346.GA80587@infiltrated.net> <116133.1235755215@turing-police.cc.vt.edu> <448e9a320902270929t17f835c2pb2d379922dc16f17@mail.gmail.com> Message-ID: <2ae4a3e30903010652k92392bey54baeed6f9f2dd82@mail.gmail.com> A Denial of Service in a Beta browser. Wow. Stop the presses. On Fri, Feb 27, 2009 at 12:29 PM, Michal Zalewski wrote: >>> By the way, I'm now selling a Risk Management and Scoring >>> tool for $19.99 that will allow you to enter a program and >>> define what you think the risk is. The program will allow >>> you to pick your target: CIO, CEO, CSO. It will then go >>> out and create a custom chart to maximize your budgetary >>> request or downplay a potential threat. >> A sizable percentage of the list is probably thinking "Shit, I wish I had >> thought of that". :) > > My thought was that the decimal point is off to the left, by three or > four digits probably. > > /mz > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From jleffler at us.ibm.com Sun Mar 1 10:34:26 2009 From: jleffler at us.ibm.com (Jonathan Leffler) Date: Sun, 1 Mar 2009 03:34:26 -0700 Subject: [Full-disclosure] Notice to all employees In-Reply-To: References: Message-ID: Someone commented that it has been circulating for a month - I saw a draft version of it, then, about 12 years ago! Date: Wed, 20 Aug 1997 09:10:19 -0400 (EDT) Subject: AF Job security DEPARTMENT OF THE AIR FORCE MEMORANDUM FOR ALL PERSONNEL SUBJECT: Reduction in Forces. 1. Once again, as a result of the reduced funding available in the FY97 and FY98 budgets, we are forced to significantly down-size our forces. 2. Under the guidelines we have received from HQ AFMPC, those members over forty years of age will be asked to accept early retirement, thus permitting retention of younger, lower paid personnel who represent the future Air Force anyway. 3. Therefore, a program to phase out the older personnel by the end of FY97/98 via retirement will be placed into effect immediately. This program will be known as RAPE (Retire Aged Personnel Early). 4. Personnel who are RAPED will be given the opportunity to cross-train. Personnel being RAPED can request a review of their records prior to termination. This phase of the program will be called SCREW (Survey of Capabilities of Retired Early Workers). 5. All personnel being RAPED or SCREWED may file an appeal to higher headquarters, this phase will be called SHAFT (Study by Higher Authority Follow-ups Termination). Under the guidelines to the new policy, a member may only be RAPED once or SCREWED twice, but he or she may be SHAFTED as many times as the Air Force deems appropriate. 6. Provided an employee follows the above procedure, he or she will be entitled to receive HERPES (Half-Earnings for Retired Personnel's Early Severance), or CLAP (Combined Lump-sum Assistance Payment), unless he or she already has AIDS (Additional Income from Dependent or Spouse). As HERPES or CLAP are considered benefit plans, any member who has received HERPES or CLAP will no longer be RAPED or SCREWED by the Air Force. 7. The Air Force wishes to reassure the younger personnel remaining with the organization that they will continue to receive the best training possible through our Special High Intensity Training (SHIT) program. The Air Force takes great pride in the amount of SHIT that our personnel receive. We have given our personnel more SHIT than any other branch in the Department of Defense. If anyone feels that he or she has not received his or hers fair share of SHIT, please feel free to bring it to your supervisor's attention. He or she has been instructed to ensure that all personnel receive all the SHIT that they can handle. 8. Those personnel who have been RAPED, SCREWED, and SHAFTED, and previously accepted either HERPES or CLAP but now have AIDS aren't eligible for SHIT! -- Jonathan Leffler (jleffler at us.ibm.com) STSM, Informix Database Engineering, IBM Information Management 4400 N First St, San Jose, CA 95134-1257 Tel: +1 408-956-2436 Tieline: 475-2436 "I don't suffer from insanity; I enjoy every minute of it!" -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7923 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090301/5e571fe5/attachment.bin From security at mandriva.com Mon Mar 2 22:00:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Mon, 02 Mar 2009 23:00:01 +0100 Subject: [Full-disclosure] [ MDVSA-2009:062 ] shadow-utils Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:062 http://www.mandriva.com/security/ _______________________________________________________________________ Package : shadow-utils Date : March 2, 2009 Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A security vulnerability has been identified and fixed in login application from shadow-utils, which could allow local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry (CVE-2008-5394). The updated packages have been patched to prevent this. Note: Mandriva Linux is using login application from util-linux-ng by default, and therefore is not affected by this issue on default configuration. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5394 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: e82e43f364f91d855f3cd4ff8c7cce1c 2008.0/i586/shadow-utils-4.0.12-8.1mdv2008.0.i586.rpm 5df52461fd4554127eb8124fee26f643 2008.0/SRPMS/shadow-utils-4.0.12-8.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: f4ec93fe8c573d6a987307eb4f9584c1 2008.0/x86_64/shadow-utils-4.0.12-8.1mdv2008.0.x86_64.rpm 5df52461fd4554127eb8124fee26f643 2008.0/SRPMS/shadow-utils-4.0.12-8.1mdv2008.0.src.rpm Mandriva Linux 2008.1: 2efe1e314945bb00df69f8e51bf69b07 2008.1/i586/shadow-utils-4.0.12-9.1mdv2008.1.i586.rpm 79175572afdf677c2baec382aa1fccd9 2008.1/SRPMS/shadow-utils-4.0.12-9.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 4268a6e88794f7170a9576ac285aa13e 2008.1/x86_64/shadow-utils-4.0.12-9.1mdv2008.1.x86_64.rpm 79175572afdf677c2baec382aa1fccd9 2008.1/SRPMS/shadow-utils-4.0.12-9.1mdv2008.1.src.rpm Mandriva Linux 2009.0: 25cc294b080fe1fefef1abdfe02b0c55 2009.0/i586/shadow-utils-4.0.12-17.1mdv2009.0.i586.rpm d6e3c01f6acf6924bb3d014d3eca47eb 2009.0/SRPMS/shadow-utils-4.0.12-17.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: b53608b463bcbf53e6a1b44e5aa94038 2009.0/x86_64/shadow-utils-4.0.12-17.1mdv2009.0.x86_64.rpm d6e3c01f6acf6924bb3d014d3eca47eb 2009.0/SRPMS/shadow-utils-4.0.12-17.1mdv2009.0.src.rpm Corporate 3.0: eecf8b2ca9adcd2b07540d89aff4ce88 corporate/3.0/i586/shadow-utils-4.0.3-8.3.C30mdk.i586.rpm 9b6a92a2a85285c6213adc8805f8c1dc corporate/3.0/SRPMS/shadow-utils-4.0.3-8.3.C30mdk.src.rpm Corporate 3.0/X86_64: c7e18849cf9c76fa2e514ff52f2e3acd corporate/3.0/x86_64/shadow-utils-4.0.3-8.3.C30mdk.x86_64.rpm 9b6a92a2a85285c6213adc8805f8c1dc corporate/3.0/SRPMS/shadow-utils-4.0.3-8.3.C30mdk.src.rpm Corporate 4.0: 897e0e969a6947930aaae5429e0af21d corporate/4.0/i586/shadow-utils-4.0.12-2.1.20060mlcs4.i586.rpm 7da4221820c4450587adcdce390b2a74 corporate/4.0/SRPMS/shadow-utils-4.0.12-2.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: a5b683a62a9b173016eb2d974451ca34 corporate/4.0/x86_64/shadow-utils-4.0.12-2.1.20060mlcs4.x86_64.rpm 7da4221820c4450587adcdce390b2a74 corporate/4.0/SRPMS/shadow-utils-4.0.12-2.1.20060mlcs4.src.rpm Multi Network Firewall 2.0: ad2facc0ef1efdb42e5d8e7d461ae902 mnf/2.0/i586/shadow-utils-4.0.3-8.3.C30mdk.i586.rpm b2c0b4d3a30d53fbd1fc933eac4bf79b mnf/2.0/SRPMS/shadow-utils-4.0.3-8.3.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJrCl3mqjQ0CJFipgRAndrAKCMfFwTXt0nNh2JpNcbnsJWoNyZ/QCePMmx q/caPwQXSF5s9m0PGHeBpzM= =GLpj -----END PGP SIGNATURE----- From security at mandriva.com Mon Mar 2 23:39:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Tue, 03 Mar 2009 00:39:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:063 ] eog Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:063 http://www.mandriva.com/security/ _______________________________________________________________________ Package : eog Date : March 2, 2009 Affected: 2008.1, 2009.0 _______________________________________________________________________ Problem Description: Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current eog working directory (CVE-2008-5987). This update provides fix for that vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5987 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 3a5307da4e704d80ffae6cc0417cf1e8 2008.1/i586/eog-2.22.0-2.1mdv2008.1.i586.rpm d7e8fe6d4313f5f8dd74bdb3bafdd4e6 2008.1/i586/eog-devel-2.22.0-2.1mdv2008.1.i586.rpm e93aee8a13e874aad2729d8f0a9dae86 2008.1/SRPMS/eog-2.22.0-2.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: d1e9d29e243845bb4def4538ed4b2024 2008.1/x86_64/eog-2.22.0-2.1mdv2008.1.x86_64.rpm 25a7459f468c84a16ee922776f0faa4f 2008.1/x86_64/eog-devel-2.22.0-2.1mdv2008.1.x86_64.rpm e93aee8a13e874aad2729d8f0a9dae86 2008.1/SRPMS/eog-2.22.0-2.1mdv2008.1.src.rpm Mandriva Linux 2009.0: f31223e6de4f8983881dfcf285dd9edd 2009.0/i586/eog-2.24.0-1.1mdv2009.0.i586.rpm 083c380961411066f65caf0fd386ba49 2009.0/i586/eog-devel-2.24.0-1.1mdv2009.0.i586.rpm fd4ecc84ee25b93328b6a3092f6a3a40 2009.0/SRPMS/eog-2.24.0-1.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: f4ba54784ea91f0f74af8bc5c87d338c 2009.0/x86_64/eog-2.24.0-1.1mdv2009.0.x86_64.rpm 7a2ae7d440ac69276360b627c09114a4 2009.0/x86_64/eog-devel-2.24.0-1.1mdv2009.0.x86_64.rpm fd4ecc84ee25b93328b6a3092f6a3a40 2009.0/SRPMS/eog-2.24.0-1.1mdv2009.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJrEJVmqjQ0CJFipgRAqKTAJ923AHiUFAee/GCbeS/SCWOor8JGQCcCp+X hezcPNZZftljiR4q3xX3Aw8= =tzt3 -----END PGP SIGNATURE----- From scarybeasts at gmail.com Tue Mar 3 02:13:16 2009 From: scarybeasts at gmail.com (Chris Evans) Date: Mon, 2 Mar 2009 18:13:16 -0800 Subject: [Full-disclosure] Apple Safari ... DoS Vulnerability In-Reply-To: <1695017750.20090227143622@Zoller.lu> References: <1695017750.20090227143622@Zoller.lu> Message-ID: <72daeffd0903021813n56c3be5aq330518f9cd713ca8@mail.gmail.com> On Fri, Feb 27, 2009 at 5:36 AM, Thierry Zoller wrote: > > Hi, > > Michal with all due respect I'd like to beg to differ (and maybe be > too nitpicky here). > > MZ> Vulnerabilities are a subset of software engineering bugs. > I do not think this is the case (lack of the term software). How's > this for being nitpicky ? ;) > > In my book, maybe only in mine, a software bug is security relevant > (sorry for the lack of clarity - it's late over here) as soon as > Integrity / Availabilty / Confidentiality are under arbritary direct > or indirect control of a another entity ?(i.e attacker). Period, > personaly this represents the ultima ratio > > After this - it's just a measure of _how much_. And the question of how much > is a completely other one. > > Example > If a chrome tab can be crashed arbritarely (remotely) it is a DoS attack > but with ridiculy low impact to the end-user as it only crashes the tab > it was subjected to, and not the whole browser or operation system. > But the fact remains that this was the impact of a DoS condition, > the tab crashes arbritarily. Eh? If you visit www.evil.com and your tab crashes, that's no different from www.evil.com closing its own tab with Javascript. Cheers Chris > > > MZ> As the name > MZ> implies, they are defined strictly by the impact they have; if a bug > MZ> does not render the victim appreciably susceptible to anything that > MZ> would be of value to external attackers, it is not a security problem. > You define vulnerability like a boolean that is true when the impact is of > value to the attacker. "would be of value to external attacker" - I > cleary disgress, I don't think that a the nature/ of a bug > (vulnerability) can be defined by the "value" it has for the attacker. > What about damage to the victim ? What about lost revenue, agreement > breaches etc pp. I'd not recommend to measure security from the perspective > of the attacker, but rather the (potential) loss of the entity that tries to > measure. > > MZ> Anyway... bottom line is, any attempts to formalize the criteria are > MZ> bound to fail (and have mostly failed in the past), and common sense > MZ> is the best tool we have. > > If we want to arrive at a state where risk can be managed, it needs > to be measured. And if we aren't that far in 2009 I pity us all. > > -- > http://secdev.zoller.lu > Thierry Zoller > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From nick at virus-l.demon.co.uk Tue Mar 3 02:28:17 2009 From: nick at virus-l.demon.co.uk (Nick FitzGerald) Date: Tue, 03 Mar 2009 15:28:17 +1300 Subject: [Full-disclosure] Apple Safari ... DoS Vulnerability In-Reply-To: <72daeffd0903021813n56c3be5aq330518f9cd713ca8@mail.gmail.com> References: <1695017750.20090227143622@Zoller.lu> <72daeffd0903021813n56c3be5aq330518f9cd713ca8@mail.gmail.com> Message-ID: <49AD4C91.9523.C4CA7E2E@nick.virus-l.demon.co.uk> Chris Evans to Thierry Zoller: > > Example > > If a chrome tab can be crashed arbritarely (remotely) it is a DoS attack > > but with ridiculy low impact to the end-user as it only crashes the tab > > it was subjected to, and not the whole browser or operation system. > > But the fact remains that this was the impact of a DoS condition, > > the tab crashes arbritarily. > > Eh? If you visit www.evil.com and your tab crashes, that's no > different from www.evil.com closing its own tab with Javascript. But what if www.evil.com has run an injection attack of some kind (SQL, XSS in blog comments, etc, etc) against www.stupid.com? Visitors to stupid.com then suffer a DoS... Yes, stupid.com should run their site better, fix their myriad XSS holes, etc, etc. But this is the Internet, so this "software flaw" can be leveraged as security vulnerability. I'm with Thierry on this... Regards, Nick FitzGerald From jf at danglingpointers.net Tue Mar 3 10:22:53 2009 From: jf at danglingpointers.net (jf) Date: Tue, 3 Mar 2009 10:22:53 +0000 (UTC) Subject: [Full-disclosure] Apple Safari ... DoS Vulnerability In-Reply-To: <72daeffd0903021813n56c3be5aq330518f9cd713ca8@mail.gmail.com> References: <1695017750.20090227143622@Zoller.lu> <72daeffd0903021813n56c3be5aq330518f9cd713ca8@mail.gmail.com> Message-ID: > Eh? If you visit www.evil.com and your tab crashes, that's no > different from www.evil.com closing its own tab with Javascript. While I generally agree that if its just a straight DoS that there is very little difference-- but to play devils advocate some-- the difference is that with JS closing the tab, the code path was a known/valid/authorized one, whereas the other could potentially be anything, and whatever it is, it could be useful given the right circumstances. I know you know this, Chris, actually both of you (&& Thierry), so I'm somewhat preaching to the choir perhaps, but imho, all sigsegv's are at least worth investigating; 99.9% of them may be a useless dos, .09% might be useful dos's and .01% might just be the thing that turns $'s into #'s. Say saying 'lol xor eax, eax mov [eax], 0x01234567... trash' is a bit silly From bobby.mugabe at hushmail.com Tue Mar 3 03:29:39 2009 From: bobby.mugabe at hushmail.com (bobby.mugabe at hushmail.com) Date: Mon, 02 Mar 2009 22:29:39 -0500 Subject: [Full-disclosure] Apple Safari ... DoS Vulnerability Message-ID: <20090303032940.0B13C28042@smtp.hushmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Nick, You and Thierry Loller are wrong. - -bm On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald wrote: >Chris Evans to Thierry Zoller: > >> > Example >> > If a chrome tab can be crashed arbritarely (remotely) it is a >DoS attack >> > but with ridiculy low impact to the end-user as it only >crashes the tab >> > it was subjected to, and not the whole browser or operation >system. >> > But the fact remains that this was the impact of a DoS >condition, >> > the tab crashes arbritarily. >> >> Eh? If you visit www.evil.com and your tab crashes, that's no >> different from www.evil.com closing its own tab with Javascript. > >But what if www.evil.com has run an injection attack of some kind >(SQL, >XSS in blog comments, etc, etc) against www.stupid.com? > >Visitors to stupid.com then suffer a DoS... > >Yes, stupid.com should run their site better, fix their myriad XSS >holes, >etc, etc. > >But this is the Internet, so this "software flaw" can be leveraged >as >security vulnerability. > >I'm with Thierry on this... > > >Regards, > >Nick FitzGerald > > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qvh8+0 b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53fxXFm 7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5eAhp UpXIZ1s= =zgqd -----END PGP SIGNATURE----- -- Become a medical transcriptionist at home, at your own pace. http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWafc7cDXj4iASDyccuLtQA2i9f1le/ From nick at virus-l.demon.co.uk Tue Mar 3 04:35:00 2009 From: nick at virus-l.demon.co.uk (Nick FitzGerald) Date: Tue, 03 Mar 2009 17:35:00 +1300 Subject: [Full-disclosure] Apple Safari ... DoS Vulnerability In-Reply-To: <20090303032940.0B13C28042@smtp.hushmail.com> References: <20090303032940.0B13C28042@smtp.hushmail.com> Message-ID: <49AD6A44.20482.C53E83BC@nick.virus-l.demon.co.uk> bobby.mugabe at hushmail.com wrote: > Dear Nick, > > You and Thierry Loller are wrong. Thank-you for your comprehensive and compelling argument. Applying your debating technique, I now see that you are a dick-wad. Regards, Nick FitzGerald From security.mustache at gmail.com Tue Mar 3 04:41:53 2009 From: security.mustache at gmail.com (Valdis' Mustache) Date: Mon, 2 Mar 2009 23:41:53 -0500 Subject: [Full-disclosure] Apple Safari ... DoS Vulnerability In-Reply-To: <20090303032940.0B13C28042@smtp.hushmail.com> References: <20090303032940.0B13C28042@smtp.hushmail.com> Message-ID: <26eb2b870903022041j7a739de2ta594ea3cc4059140@mail.gmail.com> I would like to point out that I have been able to create a "hung" state in the Firefox browser by opening 30 simultaneous tabs pointed at http://www.welcometointernet.org/lawnmower/ and adding a 31st tab viewing http://www.hotrussianbrides.com. Also, I am not amused. Your humble servant, Ze Mustache von Kletnieks On Mon, Mar 2, 2009 at 10:29 PM, wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dear Nick, > > You and Thierry Loller are wrong. > > - -bm > > On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald l.demon.co.uk> wrote: >>Chris Evans to Thierry Zoller: >> >>> > Example >>> > If a chrome tab can be crashed arbritarely (remotely) it is a >>DoS attack >>> > but with ridiculy low impact to the end-user as it only >>crashes the tab >>> > it was subjected to, and not the whole browser or operation >>system. >>> > But the fact remains that this was the impact of a DoS >>condition, >>> > the tab crashes arbritarily. >>> >>> Eh? If you visit www.evil.com and your tab crashes, that's no >>> different from www.evil.com closing its own tab with Javascript. >> >>But what if www.evil.com has run an injection attack of some kind >>(SQL, >>XSS in blog comments, etc, etc) against www.stupid.com? >> >>Visitors to stupid.com then suffer a DoS... >> >>Yes, stupid.com should run their site better, fix their myriad XSS >>holes, >>etc, etc. >> >>But this is the Internet, so this "software flaw" can be leveraged >>as >>security vulnerability. >> >>I'm with Thierry on this... >> >> >>Regards, >> >>Nick FitzGerald >> >> >>_______________________________________________ >>Full-Disclosure - We believe in it. >>Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>Hosted and sponsored by Secunia - http://secunia.com/ > -----BEGIN PGP SIGNATURE----- > Charset: UTF8 > Version: Hush 3.0 > Note: This signature can be verified at https://www.hushtools.com/verify > > wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qvh8+0 > b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53fxXFm > 7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5eAhp > UpXIZ1s= > =zgqd > -----END PGP SIGNATURE----- > > -- > Become a medical transcriptionist at home, at your own pace. > ?http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWafc7cDXj4iASDyccuLtQA2i9f1le/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From jstarks440 at gmail.com Tue Mar 3 04:57:27 2009 From: jstarks440 at gmail.com (Jason Starks) Date: Mon, 2 Mar 2009 23:57:27 -0500 Subject: [Full-disclosure] Apple Safari ... DoS Vulnerability In-Reply-To: <26eb2b870903022041j7a739de2ta594ea3cc4059140@mail.gmail.com> References: <20090303032940.0B13C28042@smtp.hushmail.com> <26eb2b870903022041j7a739de2ta594ea3cc4059140@mail.gmail.com> Message-ID: Grow up, really. On Mon, Mar 2, 2009 at 11:41 PM, Valdis' Mustache < security.mustache at gmail.com> wrote: > I would like to point out that I have been able to create a "hung" > state in the Firefox browser by opening 30 simultaneous tabs pointed > at http://www.welcometointernet.org/lawnmower/ and adding a 31st tab > viewing http://www.hotrussianbrides.com. > > Also, I am not amused. > > > Your humble servant, > Ze Mustache von Kletnieks > > On Mon, Mar 2, 2009 at 10:29 PM, wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Dear Nick, > > > > You and Thierry Loller are wrong. > > > > - -bm > > > > On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald > l.demon.co.uk> wrote: > >>Chris Evans to Thierry Zoller: > >> > >>> > Example > >>> > If a chrome tab can be crashed arbritarely (remotely) it is a > >>DoS attack > >>> > but with ridiculy low impact to the end-user as it only > >>crashes the tab > >>> > it was subjected to, and not the whole browser or operation > >>system. > >>> > But the fact remains that this was the impact of a DoS > >>condition, > >>> > the tab crashes arbritarily. > >>> > >>> Eh? If you visit www.evil.com and your tab crashes, that's no > >>> different from www.evil.com closing its own tab with Javascript. > >> > >>But what if www.evil.com has run an injection attack of some kind > >>(SQL, > >>XSS in blog comments, etc, etc) against www.stupid.com? > >> > >>Visitors to stupid.com then suffer a DoS... > >> > >>Yes, stupid.com should run their site better, fix their myriad XSS > >>holes, > >>etc, etc. > >> > >>But this is the Internet, so this "software flaw" can be leveraged > >>as > >>security vulnerability. > >> > >>I'm with Thierry on this... > >> > >> > >>Regards, > >> > >>Nick FitzGerald > >> > >> > >>_______________________________________________ > >>Full-Disclosure - We believe in it. > >>Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >>Hosted and sponsored by Secunia - http://secunia.com/ > > -----BEGIN PGP SIGNATURE----- > > Charset: UTF8 > > Version: Hush 3.0 > > Note: This signature can be verified at https://www.hushtools.com/verify > > > > wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qvh8+0 > > b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53fxXFm > > 7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5eAhp > > UpXIZ1s= > > =zgqd > > -----END PGP SIGNATURE----- > > > > -- > > Become a medical transcriptionist at home, at your own pace. > > > http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWafc7cDXj4iASDyccuLtQA2i9f1le/ > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090302/b14840b9/attachment.html From security.mustache at gmail.com Tue Mar 3 05:29:53 2009 From: security.mustache at gmail.com (Valdis' Mustache) Date: Tue, 3 Mar 2009 00:29:53 -0500 Subject: [Full-disclosure] Apple Safari ... DoS Vulnerability In-Reply-To: References: <20090303032940.0B13C28042@smtp.hushmail.com> <26eb2b870903022041j7a739de2ta594ea3cc4059140@mail.gmail.com> Message-ID: <26eb2b870903022129na542646rca060677201a3c5e@mail.gmail.com> Jason, Initially I was not amused by your sententious and self-righteous reply, coming as it does from someone apparently unable to read GCC documentation, someone whose very question on this very list resulted in substantial wasting of time by the owner of this very mustache (time that might better be spent combing and waxing me) answering your rudimentary question in the most obtuse and abstract way possible. Nonetheless, I will overlook your slight this once, because it appears that while less than adept at the use of various Internet Lists, you are an accomplished sportsman. http://www.youtube.com/watch?v=wvYKxRmGiAA Indeed, since this mustache itself weighs far less than the 145kg hefted in the above film, I fear you could in fact rip me quite unceremoniously from my owner's face, which would cause both of us substantial harm. As such, I will pay you the respect that your girth deserves, if not your intellect. Your humble servant, Musta?a de Valdis On Mon, Mar 2, 2009 at 11:57 PM, Jason Starks wrote: > Grow up, really. > > On Mon, Mar 2, 2009 at 11:41 PM, Valdis' Mustache > wrote: >> >> I would like to point out that I have been able to create a "hung" >> state in the Firefox browser by opening 30 simultaneous tabs pointed >> at http://www.welcometointernet.org/lawnmower/ and adding a 31st tab >> viewing http://www.hotrussianbrides.com. >> >> Also, I am not amused. >> >> >> Your humble servant, >> Ze Mustache von Kletnieks >> >> On Mon, Mar 2, 2009 at 10:29 PM, ? wrote: >> > -----BEGIN PGP SIGNED MESSAGE----- >> > Hash: SHA1 >> > >> > Dear Nick, >> > >> > You and Thierry Loller are wrong. >> > >> > - -bm >> > >> > On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald > > l.demon.co.uk> wrote: >> >>Chris Evans to Thierry Zoller: >> >> >> >>> > Example >> >>> > If a chrome tab can be crashed arbritarely (remotely) it is a >> >>DoS attack >> >>> > but with ridiculy low impact to the end-user as it only >> >>crashes the tab >> >>> > it was subjected to, and not the whole browser or operation >> >>system. >> >>> > But the fact remains that this was the impact of a DoS >> >>condition, >> >>> > the tab crashes arbritarily. >> >>> >> >>> Eh? If you visit www.evil.com and your tab crashes, that's no >> >>> different from www.evil.com closing its own tab with Javascript. >> >> >> >>But what if www.evil.com has run an injection attack of some kind >> >>(SQL, >> >>XSS in blog comments, etc, etc) against www.stupid.com? >> >> >> >>Visitors to stupid.com then suffer a DoS... >> >> >> >>Yes, stupid.com should run their site better, fix their myriad XSS >> >>holes, >> >>etc, etc. >> >> >> >>But this is the Internet, so this "software flaw" can be leveraged >> >>as >> >>security vulnerability. >> >> >> >>I'm with Thierry on this... >> >> >> >> >> >>Regards, >> >> >> >>Nick FitzGerald >> >> >> >> >> >>_______________________________________________ >> >>Full-Disclosure - We believe in it. >> >>Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> >>Hosted and sponsored by Secunia - http://secunia.com/ >> > -----BEGIN PGP SIGNATURE----- >> > Charset: UTF8 >> > Version: Hush 3.0 >> > Note: This signature can be verified at https://www.hushtools.com/verify >> > >> > wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qvh8+0 >> > b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53fxXFm >> > 7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5eAhp >> > UpXIZ1s= >> > =zgqd >> > -----END PGP SIGNATURE----- >> > >> > -- >> > Become a medical transcriptionist at home, at your own pace. >> > >> > ?http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWafc7cDXj4iASDyccuLtQA2i9f1le/ >> > >> > _______________________________________________ >> > Full-Disclosure - We believe in it. >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> > Hosted and sponsored by Secunia - http://secunia.com/ >> > >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From scarybeasts at gmail.com Tue Mar 3 06:49:41 2009 From: scarybeasts at gmail.com (Chris Evans) Date: Mon, 2 Mar 2009 22:49:41 -0800 Subject: [Full-disclosure] Apple Safari ... DoS Vulnerability In-Reply-To: <49AD4C91.9523.C4CA7E2E@nick.virus-l.demon.co.uk> References: <1695017750.20090227143622@Zoller.lu> <72daeffd0903021813n56c3be5aq330518f9cd713ca8@mail.gmail.com> <49AD4C91.9523.C4CA7E2E@nick.virus-l.demon.co.uk> Message-ID: <72daeffd0903022249w76833ea3gf93fd80df9df3fcc@mail.gmail.com> On Mon, Mar 2, 2009 at 6:28 PM, Nick FitzGerald wrote: > Chris Evans to Thierry Zoller: > >> > Example >> > If a chrome tab can be crashed arbritarely (remotely) it is a DoS attack >> > but with ridiculy low impact to the end-user as it only crashes the tab >> > it was subjected to, and not the whole browser or operation system. >> > But the fact remains that this was the impact of a DoS condition, >> > the tab crashes arbritarily. >> >> Eh? If you visit www.evil.com and your tab crashes, that's no >> different from www.evil.com closing its own tab with Javascript. > > But what if www.evil.com has run an injection attack of some kind (SQL, > XSS in blog comments, etc, etc) against www.stupid.com? > > Visitors to stupid.com then suffer a DoS... So, you have injected HTML into stupid.com, and you choose to inflict the fury of a closing tab upon hapless visitors? Cheers Chris > > Yes, stupid.com should run their site better, fix their myriad XSS holes, > etc, etc. > > But this is the Internet, so this "software flaw" can be leveraged as > security vulnerability. > > I'm with Thierry on this... > > > Regards, > > Nick FitzGerald > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From scarybeasts at gmail.com Tue Mar 3 06:53:24 2009 From: scarybeasts at gmail.com (Chris Evans) Date: Mon, 2 Mar 2009 22:53:24 -0800 Subject: [Full-disclosure] Apple Safari ... DoS Vulnerability In-Reply-To: References: <1695017750.20090227143622@Zoller.lu> <72daeffd0903021813n56c3be5aq330518f9cd713ca8@mail.gmail.com> Message-ID: <72daeffd0903022253t5888cac5wf5be6ef0f1764fe7@mail.gmail.com> On Tue, Mar 3, 2009 at 2:22 AM, jf wrote: >> Eh? If you visit www.evil.com and your tab crashes, that's no >> different from www.evil.com closing its own tab with Javascript. > > While I generally agree that if its just a straight DoS that there is > very little difference-- but to play devils advocate some-- > the difference is that with JS closing the tab, the code path was a > known/valid/authorized one, whereas the other could potentially be > anything, and whatever it is, it could be useful given the right > circumstances. > > I know you know this, Chris, actually both of you (&& Thierry), so I'm > somewhat preaching to the choir perhaps, but imho, all sigsegv's are at > least worth investigating; Sure. For the sake of prolonging a pointless argument, let's stick to the original premise of a tab crash with no other consequence, and see where it goes :) > 99.9% of them may be a useless dos, .09% might > be useful dos's and .01% might just be the thing that turns $'s into #'s. > Say saying 'lol xor eax, eax mov [eax], 0x01234567... trash' is a bit > silly > From lcamtuf at coredump.cx Tue Mar 3 09:21:23 2009 From: lcamtuf at coredump.cx (Michal Zalewski) Date: Tue, 3 Mar 2009 10:21:23 +0100 Subject: [Full-disclosure] Apple Safari ... DoS Vulnerability In-Reply-To: <49AD4C91.9523.C4CA7E2E@nick.virus-l.demon.co.uk> References: <1695017750.20090227143622@Zoller.lu> <72daeffd0903021813n56c3be5aq330518f9cd713ca8@mail.gmail.com> <49AD4C91.9523.C4CA7E2E@nick.virus-l.demon.co.uk> Message-ID: <448e9a320903030121j77816595x95371bfe9965c501@mail.gmail.com> > But what if www.evil.com has run an injection attack of some kind (SQL, > XSS in blog comments, etc, etc) against www.stupid.com? > > Visitors to stupid.com then suffer a DoS... In such a case, the attacker may just as well clobber body.innerHTML, run a while (1) loop, or otherwise logically deny or alter service to visitors without actually exploiting any specific bug - so I do not see any significant benefit to killing this particular tab. Crashing / hanging the entire browser is somewhat different, as it bears some risk of data loss in plausible usage scenarios. Unfortunately, most implementations do very little to prevent cases that were permitted by standards in the first place (things such as "while (1) str += str", "while (1) alert('foo')", looped blocking XMLHttpRequest calls, ridiculously nested XML and other expensive-to-render content, etc) - which makes finding new instances somewhat futile and pointless, and a result, somewhat frowned upon on security mailing lists (ugh). /mz From nick at virus-l.demon.co.uk Tue Mar 3 10:00:02 2009 From: nick at virus-l.demon.co.uk (Nick FitzGerald) Date: Tue, 03 Mar 2009 23:00:02 +1300 Subject: [Full-disclosure] Apple Safari ... DoS Vulnerability In-Reply-To: <448e9a320903030121j77816595x95371bfe9965c501@mail.gmail.com> References: <1695017750.20090227143622@Zoller.lu> <49AD4C91.9523.C4CA7E2E@nick.virus-l.demon.co.uk> <448e9a320903030121j77816595x95371bfe9965c501@mail.gmail.com> Message-ID: <49ADB672.24232.C6681B5F@nick.virus-l.demon.co.uk> Michal Zalewski to me: > > But what if www.evil.com has run an injection attack of some kind (SQL, > > XSS in blog comments, etc, etc) against www.stupid.com? > > > > Visitors to stupid.com then suffer a DoS... > > In such a case, the attacker may just as well clobber body.innerHTML, > run a while (1) loop, or otherwise logically deny or alter service to > visitors without actually exploiting any specific bug ... So? > ... - so I do not > see any significant benefit to killing this particular tab. Where in any usable definition of "denial of service" does the word "useful" or concept of "benefit" appear? The question was, is it a DoS. It is. > Crashing / hanging the entire browser is somewhat different, as it > bears some risk of data loss in plausible usage scenarios. > Unfortunately, most implementations do very little to prevent cases > that were permitted by standards in the first place (things such as > "while (1) str += str", "while (1) alert('foo')", looped blocking > XMLHttpRequest calls, ridiculously nested XML and other > expensive-to-render content, etc) - which makes finding new instances > somewhat futile and pointless, and a result, somewhat frowned upon on > security mailing lists (ugh). I agree, but I was not addressing that. Is it useful? Probably not. But it's still a DoS... And, will the Safari folk find something more important to fix if/when they look into it? Who knows but it won't hurt for them to look... Regards, Nick FitzGerald From nick at virus-l.demon.co.uk Tue Mar 3 09:52:48 2009 From: nick at virus-l.demon.co.uk (Nick FitzGerald) Date: Tue, 03 Mar 2009 22:52:48 +1300 Subject: [Full-disclosure] Apple Safari ... DoS Vulnerability In-Reply-To: <72daeffd0903022249w76833ea3gf93fd80df9df3fcc@mail.gmail.com> References: <1695017750.20090227143622@Zoller.lu> <49AD4C91.9523.C4CA7E2E@nick.virus-l.demon.co.uk> <72daeffd0903022249w76833ea3gf93fd80df9df3fcc@mail.gmail.com> Message-ID: <49ADB4C0.9503.C6617D7B@nick.virus-l.demon.co.uk> Chris Evans to me: > So, you have injected HTML into stupid.com, and you choose to inflict > the fury of a closing tab upon hapless visitors? Your point? I said nothing about how big or bad of a vulnerability it is, just that it is one. Are there lots and lots of trivial vulns in software? Yes. Do we reliably know which ones are safe to ignore? Not if history is any vague kind of guide... Regards, Nick FitzGerald From lcamtuf at coredump.cx Tue Mar 3 10:19:59 2009 From: lcamtuf at coredump.cx (Michal Zalewski) Date: Tue, 3 Mar 2009 11:19:59 +0100 Subject: [Full-disclosure] Apple Safari ... DoS Vulnerability In-Reply-To: <49ADB4C0.9503.C6617D7B@nick.virus-l.demon.co.uk> References: <1695017750.20090227143622@Zoller.lu> <49AD4C91.9523.C4CA7E2E@nick.virus-l.demon.co.uk> <72daeffd0903022249w76833ea3gf93fd80df9df3fcc@mail.gmail.com> <49ADB4C0.9503.C6617D7B@nick.virus-l.demon.co.uk> Message-ID: <448e9a320903030219p4955c4ffof859ab26e0f5034a@mail.gmail.com> > I said nothing about how big or bad of a vulnerability it is, just that > it is one. Which, in a wonderfully circular manner, brings us to the very beginning of this branch of the thread, where opposing views on the subject were discussed before Thierry brought this specific example in ;-) Are we done yet?:p /mz From bobby.mugabe at hushmail.com Tue Mar 3 11:16:02 2009 From: bobby.mugabe at hushmail.com (bobby.mugabe at hushmail.com) Date: Tue, 03 Mar 2009 06:16:02 -0500 Subject: [Full-disclosure] Apple Safari ... DoS Vulnerability Message-ID: <20090303111602.73F1828042@smtp.hushmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Mr. FitzGerald, Exactly what is this dick-wad you speak of? Please elaborate, for the sake of professionalism and coherency on this fine list of ours. thanks, - -bm On Mon, 02 Mar 2009 23:35:00 -0500 Nick FitzGerald wrote: >bobby.mugabe at hushmail.com wrote: > >> Dear Nick, >> >> You and Thierry Loller are wrong. > >Thank-you for your comprehensive and compelling argument. > >Applying your debating technique, I now see that you are a dick- >wad. > > >Regards, > >Nick FitzGerald > > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAkmtERMACgkQhNp8gzZx3sgNdgP+L56ztyzKFEa0WuDsTssqaBHYZCV7 jPeGJkrdFlR14gtt0IvIc1GeidocFLXVB6U0jODdZVaTL3qThzR7syARCG3Q6483G6BH naw9z72y6XNRvsZLg8UPZSWmV/NJdDaWWpaNHcZSYf1Q1Vykd3UaFhKHF6be3tUkVsVs GiyT08Y= =e2tj -----END PGP SIGNATURE----- -- Click to get Medical Insurance options that meet your needs. http://tagline.hushmail.com/fc/BLSrjkqeQhUmnBophPGCGyiYzMCuJSzWx4baKgHncbsGQFWerc36fK9uXXy/ From bobby.mugabe at hushmail.com Tue Mar 3 11:18:25 2009 From: bobby.mugabe at hushmail.com (bobby.mugabe at hushmail.com) Date: Tue, 03 Mar 2009 06:18:25 -0500 Subject: [Full-disclosure] Apple Safari ... DoS Vulnerability Message-ID: <20090303111825.D3B8D28042@smtp.hushmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Valdis, I have been able to reproduce a similar situation using Firefox under MacOSX, using different websites and a significantly larger number of tabs. Do you think these issues might be related or are they operating system specific? What model of CPU were you testing this issue under? Thanks, - -bm On Mon, 02 Mar 2009 23:41:53 -0500 Valdis' Mustache wrote: >I would like to point out that I have been able to create a "hung" >state in the Firefox browser by opening 30 simultaneous tabs >pointed >at http://www.welcometointernet.org/lawnmower/ and adding a 31st >tab >viewing http://www.hotrussianbrides.com. > >Also, I am not amused. > > >Your humble servant, >Ze Mustache von Kletnieks > >On Mon, Mar 2, 2009 at 10:29 PM, >wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Dear Nick, >> >> You and Thierry Loller are wrong. >> >> - -bm >> >> On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald > l.demon.co.uk> wrote: >>>Chris Evans to Thierry Zoller: >>> >>>> > Example >>>> > If a chrome tab can be crashed arbritarely (remotely) it is >a >>>DoS attack >>>> > but with ridiculy low impact to the end-user as it only >>>crashes the tab >>>> > it was subjected to, and not the whole browser or operation >>>system. >>>> > But the fact remains that this was the impact of a DoS >>>condition, >>>> > the tab crashes arbritarily. >>>> >>>> Eh? If you visit www.evil.com and your tab crashes, that's no >>>> different from www.evil.com closing its own tab with >Javascript. >>> >>>But what if www.evil.com has run an injection attack of some >kind >>>(SQL, >>>XSS in blog comments, etc, etc) against www.stupid.com? >>> >>>Visitors to stupid.com then suffer a DoS... >>> >>>Yes, stupid.com should run their site better, fix their myriad >XSS >>>holes, >>>etc, etc. >>> >>>But this is the Internet, so this "software flaw" can be >leveraged >>>as >>>security vulnerability. >>> >>>I'm with Thierry on this... >>> >>> >>>Regards, >>> >>>Nick FitzGerald >>> >>> >>>_______________________________________________ >>>Full-Disclosure - We believe in it. >>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>Hosted and sponsored by Secunia - http://secunia.com/ >> -----BEGIN PGP SIGNATURE----- >> Charset: UTF8 >> Version: Hush 3.0 >> Note: This signature can be verified at >https://www.hushtools.com/verify >> >> >wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qvh8+ >0 >> >b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53fxXF >m >> >7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5eAh >p >> UpXIZ1s= >> =zgqd >> -----END PGP SIGNATURE----- >> >> -- >> Become a medical transcriptionist at home, at your own pace. >> ? >http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWafc7c >DXj4iASDyccuLtQA2i9f1le/ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkmtEaMACgkQhNp8gzZx3shZFwQAjiE2W/WUkNHrLIu1lBRz6oeDVrkn TmV8TCcaDpsvkRmhNrKFXYObPEatdJ0po7Iul333mllga8+elMukkH15J7BwUZdGlNA5 wpE6zNx8ks6L9qS9UxklE8BErdTfUY/OF5FK4aZ92JcngL1xFTkZlDJS0lvIKGry3vju P7xAvvQ= =avqi -----END PGP SIGNATURE----- -- Click to find great rates on health insurance, save big, shop here. http://tagline.hushmail.com/fc/BLSrjkqeRcNd9NCXSJiZxV7gq821SXvgq2GWai39WLJo4QlOxYCnjxaqn9u/ From steffen.joeris at skolelinux.de Mon Mar 2 20:56:21 2009 From: steffen.joeris at skolelinux.de (Steffen Joeris) Date: Mon, 02 Mar 2009 20:56:21 +0000 Subject: [Full-disclosure] [SECURITY] [DSA 1730-1] New proftpd-dfsg packages fix SQL injection vulnerabilites Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1730-1 security at debian.org http://www.debian.org/security/ Steffen Joeris March 02, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : proftpd-dfsg Vulnerability : SQL injection vulnerabilites Problem type : remote Debian-specific: no CVE Id : CVE-2009-0542 CVE-2009-0543 The security update for proftpd-dfsg in DSA-1727-1 caused a regression with the postgresql backend. This update corrects the flaw. Also it was discovered that the oldstable distribution (etch) is not affected by the security issues. For reference the original advisory follows. Two SQL injection vulnerabilities have been found in proftpd, a virtual-hosting FTP daemon. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0542 Shino discovered that proftpd is prone to an SQL injection vulnerability via the use of certain characters in the username. CVE-2009-0543 TJ Saunders discovered that proftpd is prone to an SQL injection vulnerability due to insufficient escaping mechanisms, when multybite character encodings are used. For the stable distribution (lenny), these problems have been fixed in version 1.3.1-17lenny2. The oldstable distribution (etch) is not affected by these problems. For the unstable distribution (sid), these problems have been fixed in version 1.3.2-1. For the testing distribution (squeeze), these problems will be fixed soon. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny2.dsc Size/MD5 checksum: 1348 999a90bce53bdbedb466c330f53930b3 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny2.diff.gz Size/MD5 checksum: 102454 7aef5be0467c618268e6855853cc6ede http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1.orig.tar.gz Size/MD5 checksum: 2662056 da40b14c5b8ec5467505c98b4ee4b7b9 Architecture independent packages: http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.1-17lenny2_all.deb Size/MD5 checksum: 194944 c8ff69e853fa9f2d99ac2f2ec6ef1931 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-doc_1.3.1-17lenny2_all.deb Size/MD5 checksum: 1256374 246af0eb2708ed8a95a4b09e6c12eeb6 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_alpha.deb Size/MD5 checksum: 204606 e7684fb8cea0eab2e70768e649cabfda http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_alpha.deb Size/MD5 checksum: 204494 0a8af70dbca35c00922dd74ac157950e http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_alpha.deb Size/MD5 checksum: 783174 412ec178e00e2c81b5ac03c011289cb9 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_alpha.deb Size/MD5 checksum: 215212 8ed3a97fd48134c095155b80280944f4 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_amd64.deb Size/MD5 checksum: 744994 088cc61e58bfe5cb69d1a289a01583c9 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_amd64.deb Size/MD5 checksum: 214394 2f91032b7ed9ac63bd185e44fbd9f9fc http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_amd64.deb Size/MD5 checksum: 203948 93a20998ec01d0146896715fff2eef4b http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_amd64.deb Size/MD5 checksum: 203960 2432cb98472f84d422af51b1e73f162f arm architecture (ARM) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_arm.deb Size/MD5 checksum: 203054 82374f3091fde19ef25a05c6e84875f3 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_arm.deb Size/MD5 checksum: 699514 2780b586246090d45c89018a7c55405a http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_arm.deb Size/MD5 checksum: 203210 4a03125743c3a1648d19063f4f2da049 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_arm.deb Size/MD5 checksum: 213892 57cd6dd74cc84056983c6bd33b570336 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_armel.deb Size/MD5 checksum: 708946 be11be15d30a2006e1dc48e66729df5c http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_armel.deb Size/MD5 checksum: 213904 e90774a0f2b1872c1d263e767098395d http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_armel.deb Size/MD5 checksum: 203448 60fb5e55dac79485ac647428b6352e25 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_armel.deb Size/MD5 checksum: 203348 c374bc03f28fd0c28f4fcc2873044f9f i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_i386.deb Size/MD5 checksum: 688594 4cd06204ef629266c1c8155947a6b6a2 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_i386.deb Size/MD5 checksum: 212258 bafaa0315c5b5297b88b60b8616aac60 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_i386.deb Size/MD5 checksum: 203120 a227e785663434eae3dab1009a0bc62f http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_i386.deb Size/MD5 checksum: 203068 48b8a2dd5dff88c7efc712d10194378b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_ia64.deb Size/MD5 checksum: 207290 590a5a7e19eaf9894a7e4ca7daca5b14 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_ia64.deb Size/MD5 checksum: 207130 03ca7f3af176a288f34629e858a2ca95 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_ia64.deb Size/MD5 checksum: 980558 0ef2425118c7512e57b1cdb71244cef8 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_ia64.deb Size/MD5 checksum: 222020 5a7e799ae7a49dc9d90835eb31da6aae mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_mips.deb Size/MD5 checksum: 203074 79d45e3f03cb02da954c88cdc02d814d http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_mips.deb Size/MD5 checksum: 203200 293e8ae86efc6db5974ea918c97e15d5 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_mips.deb Size/MD5 checksum: 211744 392471183f511b5af897ba94ee288c15 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_mips.deb Size/MD5 checksum: 688174 67dba7a05c79d64237dc9613556024b1 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_mipsel.deb Size/MD5 checksum: 203088 7fe0c3ca99c6a09d0c23132e5079c0ed http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_mipsel.deb Size/MD5 checksum: 203232 1686c31ecbc317e5ad06fd82c2561764 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_mipsel.deb Size/MD5 checksum: 688842 dace55dd469da8536ad0bd59bbc2be4b http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_mipsel.deb Size/MD5 checksum: 211658 6851634f6d477e86639c1251fd099fd7 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_powerpc.deb Size/MD5 checksum: 218060 2ed41953d64c3cc937a2b0536f7c2399 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_powerpc.deb Size/MD5 checksum: 205960 fc56a5d5bb506410f01096a97097cdf4 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_powerpc.deb Size/MD5 checksum: 205814 ecc3ac792892e290cf9e3ffd6d28fc90 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_powerpc.deb Size/MD5 checksum: 776858 79a93a35a4ef2f141598ffa73811f57c s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_s390.deb Size/MD5 checksum: 204214 7106c2dafe368d8433a4a3ff239e8039 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_s390.deb Size/MD5 checksum: 204292 2b3489d42a909772a8a2185bb8d60e1c http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_s390.deb Size/MD5 checksum: 214240 5822e4fb227da29983f2cabd119a7e9a http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_s390.deb Size/MD5 checksum: 739348 87004df746c69fe18a73544977dbd36a These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJrEdGYrVLjBFATsMRAmFWAJ0RHS6vv9UfhoX300gl4dZK/AwjDwCfSrzU O78qmS5B51smaHAXMOT/Mdc= =t+Ak -----END PGP SIGNATURE----- From steffen.joeris at skolelinux.de Mon Mar 2 20:38:00 2009 From: steffen.joeris at skolelinux.de (Steffen Joeris) Date: Mon, 02 Mar 2009 20:38:00 +0000 Subject: [Full-disclosure] [SECURITY] [DSA 1729-1] New gst-plugins-bad0.10 packages fix multiple vulnerabilities Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1729-1 security at debian.org http://www.debian.org/security/ Noah Meyerhans March 02, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : gst-plugins-bad0.10 Vulnerability : several vulnerabilities Problem type : local (remote) Debian-specific: no CVE Id : CVE-2009-0386 CVE-2009-0387 CVE-2009-0397 Several vulnerabilities have been found in gst-plugins-bad0.10, a collection of various GStreamer plugins. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0386 Tobias Klein discovered a buffer overflow in the quicktime stream demuxer (qtdemux), which could potentially lead to the execution of arbitrary code via crafted .mov files. CVE-2009-0387 Tobias Klein discovered an array index error in the quicktime stream demuxer (qtdemux), which could potentially lead to the execution of arbitrary code via crafted .mov files. CVE-2009-0397 Tobias Klein discovered a buffer overflow in the quicktime stream demuxer (qtdemux) similar to the issue reported in CVE-2009-0386, which could also lead to the execution of arbitrary code via crafted .mov files. For the stable distribution (lenny), these problems have been fixed in version 0.10.8-4.1~lenny1 of gst-plugins-good0.10, since the affected plugin has been moved there. The fix was already included in the lenny release. For the oldstable distribution (etch), these problems have been fixed in version 0.10.3-3.1+etch1. For the unstable distribution (sid) and the testing distribution (squeeze), these problems have been fixed in version 0.10.8-4.1 of gst-plugins-good0.10. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.3-3.1+etch1.dsc Size/MD5 checksum: 819 3a44313023fb5a930247b5b981e700ae http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.3.orig.tar.gz Size/MD5 checksum: 1377759 6d09962ac9ae6218932578ccc623407f http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.3-3.1+etch1.diff.gz Size/MD5 checksum: 9477 74cfd15f0e32f3b56509e648953fdec8 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_alpha.deb Size/MD5 checksum: 733630 5a57a10505b41e4c28bc4e0642f8650a amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_amd64.deb Size/MD5 checksum: 549878 cd0413ebf02e178ea27c5c8d16ad95fa arm architecture (ARM) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_arm.deb Size/MD5 checksum: 561194 a0724a6cab918a8da823d7bf46443ef1 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_i386.deb Size/MD5 checksum: 552386 5925c3bdbbb3d1f498653ca201112ca0 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_ia64.deb Size/MD5 checksum: 832140 365297044bf80b32378e97fa3657f201 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_mips.deb Size/MD5 checksum: 619356 053cceaa42b6c38dc1cc1d64a8d3e7bd mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_mipsel.deb Size/MD5 checksum: 600068 09cf53d117f6c449664d96bba3e3fc9a powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_powerpc.deb Size/MD5 checksum: 600966 6a0e5ed57d4da5875040be8cc96345f5 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_s390.deb Size/MD5 checksum: 580644 1bdfe57a99a1b2398fe163421d97cc9d sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_sparc.deb Size/MD5 checksum: 576270 cbe44fa23352da55f24506ee60262bfd These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJrELUYrVLjBFATsMRAs/rAJ4u0ozLEF8iFBt+NiFnDso2uyhZiACfTiIR hLpLh3he1Zg+z0gNSTR7Y+k= =FhiP -----END PGP SIGNATURE----- From steffen.joeris at skolelinux.de Mon Mar 2 21:09:55 2009 From: steffen.joeris at skolelinux.de (Steffen Joeris) Date: Mon, 02 Mar 2009 21:09:55 +0000 Subject: [Full-disclosure] [SECURITY] [DSA 1731-1] New ndiswrapper packages fix arbitrary code execution vulnerability Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1731-1 security at debian.org http://www.debian.org/security/ Steffen Joeris March 02, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : ndiswrapper Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE Id : CVE-2008-4395 Debian Bugs : 504696 Anders Kaseorg discovered that ndiswrapper suffers from buffer overflows via specially crafted wireless network traffic, due to incorrectly handling long ESSIDs. This could lead to the execution of arbitrary code. For the oldstable distribution (etch), this problem has been fixed in version 1.28-1+etch1. For the stable distribution (lenny), this problem has been fixed in version 1.53-2, which was already included in the lenny release. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 1.53-2. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper_1.28-1+etch1.diff.gz Size/MD5 checksum: 8480 5f89b53c0adefd6c3a894ea0f35f8d25 http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper_1.28.orig.tar.gz Size/MD5 checksum: 187576 c7655d7e85df7d724be4c0ae973d957e http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper_1.28-1+etch1.dsc Size/MD5 checksum: 723 b38be610377feff2433069addb88bb7b Architecture independent packages: http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-common_1.28-1+etch1_all.deb Size/MD5 checksum: 16556 335ac5bfd0898d13d2467005a68b1a03 http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-source_1.28-1+etch1_all.deb Size/MD5 checksum: 150532 7a09fe7069f263df9c659f519a5e5a2e amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-utils-1.9_1.28-1+etch1_amd64.deb Size/MD5 checksum: 30402 3316cdad5626350a07a09830b29cb55a i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-utils-1.9_1.28-1+etch1_i386.deb Size/MD5 checksum: 30414 464e12e2751d26e6e0d810d608fde8d9 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJrErsYrVLjBFATsMRAv/DAJ4tYKYJmdtVdhtORaWR7pzwXnN7DQCghNfd W7LFAgF1YopnDi6HGmeMBBM= =CEvb -----END PGP SIGNATURE----- From announce-noreply at rpath.com Mon Mar 2 20:45:26 2009 From: announce-noreply at rpath.com (rPath Update Announcements) Date: Mon, 02 Mar 2009 15:45:26 -0500 Subject: [Full-disclosure] rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl Message-ID: <49ac4566.pnycEytEk6ohnUjN%announce-noreply@rpath.com> rPath Security Advisory: 2009-0035-1 Published: 2009-03-02 Products: rPath Appliance Platform Linux Service 1 rPath Appliance Platform Linux Service 2 rPath Linux 1 rPath Linux 2 Rating: Critical Exposure Level Classification: Remote System User Deterministic Unauthorized Access Updated Versions: php=conary.rpath.com at rpl:2/5.2.8-0.1-1 php5=conary.rpath.com at rpl:1/5.2.8-1-1 php5-cgi=conary.rpath.com at rpl:1/5.2.8-1-1 php5-imap=conary.rpath.com at rpl:1/5.2.8-1-1 php5-mcrypt=conary.rpath.com at rpl:1/5.2.8-1-1 php5-mysql=conary.rpath.com at rpl:1/5.2.8-1-1 php5-mysqli=conary.rpath.com at rpl:1/5.2.8-1-1 php5-pear=conary.rpath.com at rpl:1/5.2.8-1-1 php5-pgsql=conary.rpath.com at rpl:1/5.2.8-1-1 php5-soap=conary.rpath.com at rpl:1/5.2.8-1-1 php5-xsl=conary.rpath.com at rpl:1/5.2.8-1-1 php-cgi=conary.rpath.com at rpl:2/5.2.8-0.1-1 php-imap=conary.rpath.com at rpl:2/5.2.8-0.1-1 php-mcrypt=conary.rpath.com at rpl:2/5.2.8-0.1-1 php-mysql=conary.rpath.com at rpl:2/5.2.8-0.1-1 php-mysqli=conary.rpath.com at rpl:2/5.2.8-0.1-1 php-pgsql=conary.rpath.com at rpl:2/5.2.8-0.1-1 php-soap=conary.rpath.com at rpl:2/5.2.8-0.1-1 php-xsl=conary.rpath.com at rpl:2/5.2.8-0.1-1 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-2963 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2666 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2829 Description: Previous versions of the php version 5 packages contain multiple vulnerabilities, the most serious of which may allow a remote attacker to execute arbitrary code. In its default configuration, rPath Linux 1 does not install php version 5 and is thus not vulnerable to these attacks; however, systems to which php version 5 has been added may be vulnerable. http://wiki.rpath.com/Advisories:rPSA-2009-0035 Copyright 2009 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html From white at debian.org Tue Mar 3 08:23:22 2009 From: white at debian.org (Steffen Joeris) Date: Tue, 03 Mar 2009 08:23:22 +0000 Subject: [Full-disclosure] [SECURITY] [DSA 1732-1] New squid3 packages fix denial of service Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1732 security at debian.org http://www.debian.org/security/ Steffen Joeris March 03, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : squid3 Vulnerability : denial of service Problem type : remote Debian-specific: no CVE Id(s) : CVE-2009-0478 Joshua Morin, Mikko Varpiola and Jukka Taimisto discovered an assertion error in squid3, a full featured Web Proxy cache, which could lead to a denial of service attack. For the stable distribution (lenny), this problem has been fixed in version 3.0.STABLE8-3, which was already included in the lenny release. For the oldstable distribution (etch), this problem has been fixed in version 3.0.PRE5-5+etch1. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 3.0.STABLE8-3. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5.orig.tar.gz Size/MD5 checksum: 3061614 35cc83c17afb17c4718ffc8d0d71bcae http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1.diff.gz Size/MD5 checksum: 13354 4993554616685c3596d9f96eb12d53c1 http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1.dsc Size/MD5 checksum: 735 98fac484b56ec7ee5f69ad6336656e28 Architecture independent packages: http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3.0.PRE5-5+etch1_all.deb Size/MD5 checksum: 248732 2b26e7e28cefe82d5c7a94d7cdb73c74 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_alpha.deb Size/MD5 checksum: 66928 73ba707ff043dabf778d8839591ff00c http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_alpha.deb Size/MD5 checksum: 887986 246a0992ee6867cba9b5bd90ae3bb167 http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_alpha.deb Size/MD5 checksum: 71404 11af955fd5604bd2595fcce41e6d4632 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_amd64.deb Size/MD5 checksum: 64534 3bb28edd86a31e8fdfb37551631f3da8 http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_amd64.deb Size/MD5 checksum: 68328 798fa101699710b329935a78bf0cd0ea http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_amd64.deb Size/MD5 checksum: 792302 78aa4fae02843d22ee8784e5f1ee87cb arm architecture (ARM) http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_arm.deb Size/MD5 checksum: 63484 d6f2107d20788bf7dd07abb9b206172c http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_arm.deb Size/MD5 checksum: 769738 10d6ac7123424be28690c2030cbf5eb7 http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_arm.deb Size/MD5 checksum: 67272 2fdd845095b8fa0cb3d9574e5fdb4bcd hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_hppa.deb Size/MD5 checksum: 69974 604c4c10f65c185b89d1cff91136a32e http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_hppa.deb Size/MD5 checksum: 929058 a90594d57f20ea12d7f1cd05fab538a4 http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_hppa.deb Size/MD5 checksum: 66514 961004e071bff449058b1fcbbf11910c i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_i386.deb Size/MD5 checksum: 64442 8f93ed7979e6346f09240bda0f8397fb http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_i386.deb Size/MD5 checksum: 743098 85d673af4e6a9451acca3e519a057727 http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_i386.deb Size/MD5 checksum: 68450 b4b71002a819ed312b5049f52f6b26af ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_ia64.deb Size/MD5 checksum: 1185186 d0a0f2f96cdcaa68f64fb712e60e388a http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_ia64.deb Size/MD5 checksum: 76120 59e1000682f659bd8c279cdbb03aabbe http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_ia64.deb Size/MD5 checksum: 70344 70082e6f0d055c6fbc5bb659d291a59c mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_mipsel.deb Size/MD5 checksum: 70014 2776662dce0de56454d4e19525c616fa http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_mipsel.deb Size/MD5 checksum: 911840 16122bd2616f77ac6019dc142fe64157 http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_mipsel.deb Size/MD5 checksum: 66332 1e67fe985396c482e963876626975523 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_powerpc.deb Size/MD5 checksum: 69072 311a6d89f5e29f14319fde9d7aee364c http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_powerpc.deb Size/MD5 checksum: 819050 28e74d4371d39fa553c1ecacb282c7a3 http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_powerpc.deb Size/MD5 checksum: 64818 35cbc5e8ebd78dc0294750d2e2d32d7a s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_s390.deb Size/MD5 checksum: 787254 1303b619f1b56d7908fea5308c88669c http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_s390.deb Size/MD5 checksum: 65164 cc13b2a7b237ff84219a65760a8cca95 http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_s390.deb Size/MD5 checksum: 69104 de5334329dbad3f151a6322b9ec6d2d0 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJrOarU5XKDemr/NIRAruiAJ4n/G69QyOXkYcxSXzgKuJtexgf1QCgwiKe JqUm+FjVX2eyDn2e0zcSJdE= =1HUa -----END PGP SIGNATURE----- From david.kierznowski at gmail.com Tue Mar 3 08:25:14 2009 From: david.kierznowski at gmail.com (David Kierznowski) Date: Tue, 3 Mar 2009 08:25:14 +0000 Subject: [Full-disclosure] cURL/libcURL Arbitrary File Access Message-ID: cURL/libcURL Arbitrary File Access Release date: 03/Jan/2009 CVE: CVE-2009-0037 Quote from: http://curl.haxx.se/libcurl/: "libcurl is a free and easy-to-use client-side URL transfer library, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS and FILE." This vulnerability could permit remote arbitrary file access and command execution under ?less-likely? circumstances. This is a joint advisory release with cURL. The latest version addresses this problem. Full advisory available here: http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090303/7e11cbe1/attachment.html From white at debian.org Tue Mar 3 08:35:06 2009 From: white at debian.org (Steffen Joeris) Date: Tue, 03 Mar 2009 08:35:06 +0000 Subject: [Full-disclosure] [SECURITY] [DSA 1733-1] New vim packages fix multiple vulnerabilities Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1733 security at debian.org http://www.debian.org/security/ Steffen Joeris March 03, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : vim Vulnerability : several vulnerabilities Problem type : local (remote) Debian-specific: no CVE Ids : CVE-2008-2712 CVE-2008-3074 CVE-2008-3075 CVE-2008-3076 CVE-2008-4104 Debian Bugs : 486502 506919 Several vulnerabilities have been found in vim, an enhanced vi editor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-2712 Jan Minar discovered that vim did not properly sanitise inputs before invoking the execute or system functions inside vim scripts. This could lead to the execution of arbitrary code. CVE-2008-3074 Jan Minar discovered that the tar plugin of vim did not properly sanitise the filenames in the tar archive or the name of the archive file itself, making it prone to arbitrary code execution. CVE-2008-3075 Jan Minar discovered that the zip plugin of vim did not properly sanitise the filenames in the zip archive or the name of the archive file itself, making it prone to arbitrary code execution. CVE-2008-3076 Jan Minar discovered that the netrw plugin of vim did not properly sanitise the filenames or directory names it is given. This could lead to the execution of arbitrary code. CVE-2008-4101 Ben Schmidt discovered that vim did not properly escape characters when performing keyword or tag lookups. This could lead to the execution of arbitrary code. For the stable distribution (lenny), these problems have been fixed in version 1:7.1.314-3+lenny1, which was already included in the lenny release. For the oldstable distribution (etch), these problems have been fixed in version 1:7.0-122+1etch4. For the testing distribution (squeeze), these problems have been fixed in version 1:7.1.314-3+lenny1. For the unstable distribution (sid), these problems have been fixed in version 2:7.2.010-1. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/v/vim/vim_7.0.orig.tar.gz Size/MD5 checksum: 8457888 9ba05680b0719462f653e82720599f32 http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5.diff.gz Size/MD5 checksum: 309257 3fb68c04086cf384e9a0be519a0faa6d http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5.dsc Size/MD5 checksum: 1445 f49da047b6b5836abfe2d7d93d30d11d Architecture independent packages: http://security.debian.org/pool/updates/main/v/vim/vim-gui-common_7.0-122+1etch5_all.deb Size/MD5 checksum: 166080 77259d158e96c1406dba1f1b4b47a2d2 http://security.debian.org/pool/updates/main/v/vim/vim-runtime_7.0-122+1etch5_all.deb Size/MD5 checksum: 6436142 3e7fee588474fbc9ad1110ae78cdffb5 http://security.debian.org/pool/updates/main/v/vim/vim-doc_7.0-122+1etch5_all.deb Size/MD5 checksum: 2048224 d5005e3efc24d3d7bd3d6a9c7b01cc42 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_alpha.deb Size/MD5 checksum: 1072856 8193230db603c1254188fc2013288c55 http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_alpha.deb Size/MD5 checksum: 1158448 6ceb30fd5932d2945b962dee13d4f4cf http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_alpha.deb Size/MD5 checksum: 925404 23d8b9608aaf47fe3a651aedd3b3c3ce http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_alpha.deb Size/MD5 checksum: 205362 0c7fb486c98a609ac9185c2a794c4ef8 http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_alpha.deb Size/MD5 checksum: 1065236 90a42e55852d6450cbd79b10a2dd9582 http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_alpha.deb Size/MD5 checksum: 1080626 973d5e77cf259e3025fb73d9e5734e51 http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_alpha.deb Size/MD5 checksum: 1124104 59ef34ed09e3f8e1d2d01c7a419dd15f http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_alpha.deb Size/MD5 checksum: 681132 4dd97b0d70f400ce31e75a7c005103fc http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_alpha.deb Size/MD5 checksum: 1069628 9a8757df139e529a7f04edaa015c0db4 http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_alpha.deb Size/MD5 checksum: 1118000 5553bc93d68daa7010bd2b439603a805 http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_alpha.deb Size/MD5 checksum: 1129778 7c68287a63f92c85bbe7c451e0cd79db amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_amd64.deb Size/MD5 checksum: 970296 adb9326145046a8517f29430d9185356 http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_amd64.deb Size/MD5 checksum: 1024798 474fc78e7e8d1baefbfbbb3b803c4593 http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_amd64.deb Size/MD5 checksum: 615478 70ac9e55bb99b0e1b5d22f105e099ce0 http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_amd64.deb Size/MD5 checksum: 1019868 97ecb9505f3497309aeff9c821da7451 http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_amd64.deb Size/MD5 checksum: 1029122 0b446946ede11c6bd0acca6c701f7043 http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_amd64.deb Size/MD5 checksum: 961786 6d0d2f78b0111b1b996fabec5b697230 http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_amd64.deb Size/MD5 checksum: 835050 3cfcc7270baad54009293a3aacb1587a http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_amd64.deb Size/MD5 checksum: 972692 71f4f5e25b0962058740ba4d718b7ee0 http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_amd64.deb Size/MD5 checksum: 203924 5c46591877f80de331011eb2fc8922e2 http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_amd64.deb Size/MD5 checksum: 1055448 750e596ed6bf61bd0c369834577d0760 http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_amd64.deb Size/MD5 checksum: 977848 70898b3a8793165593e2279df412847d arm architecture (ARM) http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_arm.deb Size/MD5 checksum: 880468 e49632c4a2368c7caf5321e1d501f5d2 http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_arm.deb Size/MD5 checksum: 959492 8f06863583aa9d8de9e0bae69bdb22ec http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_arm.deb Size/MD5 checksum: 194216 9f1a19f592d16ee5984e70309fd3046e http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_arm.deb Size/MD5 checksum: 936934 a32d6e6c4c655469db40537d5e67ed46 http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_arm.deb Size/MD5 checksum: 925570 7ec6e1bd4de8d545fdd452b630ef4200 http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_arm.deb Size/MD5 checksum: 875960 d40a82f95a046771e12158c715394b44 http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_arm.deb Size/MD5 checksum: 548658 b65534d4f507d17343338b209fb4a7ef http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_arm.deb Size/MD5 checksum: 930386 db9786b5c368e0f7d0c85137720ac265 http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_arm.deb Size/MD5 checksum: 885960 f0a44d7da770bc2c28dd18ac48fcc5f0 http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_arm.deb Size/MD5 checksum: 878132 8afa2754690619255e62c685ecbd7384 http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_arm.deb Size/MD5 checksum: 756278 7d66f29205b21154a9ef1a4cd544b2f1 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_i386.deb Size/MD5 checksum: 918284 2dbb674af6d8fb2906bd7ed6fec1dd95 http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_i386.deb Size/MD5 checksum: 215990 07fc4b6106d1316c92338aa5c5645a2f http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_i386.deb Size/MD5 checksum: 540652 9c15ac5b85c605011d1b0ab4b13b0269 http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_i386.deb Size/MD5 checksum: 947842 cd7147610def6f6aebfc8ddd14a1f7ed http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_i386.deb Size/MD5 checksum: 914094 0273374e2bba8706ac12ee449c1835e3 http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_i386.deb Size/MD5 checksum: 866124 00dd2547963789615b71b0f0fb291eb9 http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_i386.deb Size/MD5 checksum: 868326 3f04461e4f0414368fe60e0f4085d28c http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_i386.deb Size/MD5 checksum: 873570 dae9ebb6f4e2cd0c3d82e5e547dd1957 http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_i386.deb Size/MD5 checksum: 860292 467ce64f0171f10ac4149e5716f651da http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_i386.deb Size/MD5 checksum: 745560 ade89928c860c4990ec6e202a294f0c8 http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_i386.deb Size/MD5 checksum: 924858 1942cedccbe124303b4ad0f7c650f0c6 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_ia64.deb Size/MD5 checksum: 1591938 aaa5a72cfdacb3c3d2574390902bcfa2 http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_ia64.deb Size/MD5 checksum: 1523258 08f9a82ec68f452e1701f11b9c20d0e3 http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_ia64.deb Size/MD5 checksum: 1530006 9b77cd0ec49c8519d0c1af0914092260 http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_ia64.deb Size/MD5 checksum: 1538210 3dbde934956291182e5bf61157a80b44 http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_ia64.deb Size/MD5 checksum: 1575130 e328ca048ee883dba500128a2a06fc88 http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_ia64.deb Size/MD5 checksum: 1525510 e3736c90e105fa354c691546bec3922b http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_ia64.deb Size/MD5 checksum: 1325622 693a3412efd63e8ac0d975b4fcae3ac5 http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_ia64.deb Size/MD5 checksum: 1627904 90ca86e74caf9c0367c20b32eb9d42b3 http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_ia64.deb Size/MD5 checksum: 970874 2dccfb8e2287cd9e6285545e43dac87a http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_ia64.deb Size/MD5 checksum: 1585804 06a43c2668bf468ffe521880cc497518 http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_ia64.deb Size/MD5 checksum: 184650 516d8eddce4e6628e8b6ee32f55ce2aa mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mips.deb Size/MD5 checksum: 1061694 a2e9b2bc8f31cf878805dbc1babd4074 http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mips.deb Size/MD5 checksum: 1027336 d86f7c3fab9143c1c93d82b3762f8c0d http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mips.deb Size/MD5 checksum: 215734 c23239c8579e53a4277325a048567e75 http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mips.deb Size/MD5 checksum: 1021942 d75231c3c7950785df8f52680e28c956 http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mips.deb Size/MD5 checksum: 1029478 e74670d4918287fb3d05436419b7f5a9 http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mips.deb Size/MD5 checksum: 1037498 ac41c65a077d84f0f5405356d0b52ef1 http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mips.deb Size/MD5 checksum: 654740 994339f109e5db97079633b5249bd8d2 http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mips.deb Size/MD5 checksum: 1034390 2c4337c763ea13a11e13b711c25313b5 http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mips.deb Size/MD5 checksum: 1033336 eb70a508dd3a9f30f31a87c4a2266959 http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mips.deb Size/MD5 checksum: 1024984 8d99fbb2712f791c3a0989929cf3f0a4 http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mips.deb Size/MD5 checksum: 884306 7aeb2418d5366493e09306cb0dff0080 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 884962 b58372db99660ff0e4f547b3c66335e2 http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 1034202 0622c0fac8ee51c7dd403a2d3a709f1f http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 1024616 fa6a91224476aadab8e9086031c93843 http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 655488 9ecdf0e56665da0aff429e23e9c0cb85 http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 1061362 accba14e8f0043ef3a0b9be85ae481cd http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 181736 5ba79db87623562481162cbac53ec2b6 http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 1037954 28979a474d512ec1abfb33a598b524c7 http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 1026874 5c10e35e281ec28eecc36b8fa80ef0d7 http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 1032800 75be0356398f5a88e836eafccdf11154 http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 1029056 0a13b0913667d03e2d3875611498c54c http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 1022658 18d03119dc62eaca237a2513cba2c0ca powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 996154 f3c3d5660dd3e5e7fdb325a1f9ee80f3 http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 1019842 f626233054124e014d335722e6b7b1f5 http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 592366 e4bd0cbf615c36476bff4979d0987393 http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 936024 be64d238a9cbf4d938999472026fde89 http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 808854 7dfff56d11567d2dabafa290618b5e18 http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 990262 6114d3fcd53521a8c2cd317d586b6fcd http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 933488 503e433ae6fd737f2b3ae48698e8e671 http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 985094 28babdde5091f90ae7b64f6e33c6c50f http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 943596 3beb1be6cde901814742b33ee4973142 http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 181648 b71e88d76eacbfa861c24c6c21881f66 http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 938174 3a729f2922d8e84b222947a18bc6ace3 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_s390.deb Size/MD5 checksum: 1023236 1ee38cca410e5bd069a72a325fd8147e http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_s390.deb Size/MD5 checksum: 1019258 e1f6cae1e293d3cb212ff17dd7beb264 http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_s390.deb Size/MD5 checksum: 1049408 4b1f42bb092f9dd62d7324e430a1a88e http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_s390.deb Size/MD5 checksum: 825560 2b8b69171c45094c184e357b1a6a7336 http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_s390.deb Size/MD5 checksum: 955228 ceea2d07ea609414724aeedae57a3a0a http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_s390.deb Size/MD5 checksum: 965878 824e5bfdcc9a8ed7ee54e4553c9461f8 http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_s390.deb Size/MD5 checksum: 971822 194d010d7aea2f2c47075b6f205de0c1 http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_s390.deb Size/MD5 checksum: 963294 a7636d870a3bc1de7fc8248d35c74cf3 http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_s390.deb Size/MD5 checksum: 610092 6762beafb4e7376087c4f8962d1521f6 http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_s390.deb Size/MD5 checksum: 181488 00d25451b3c22213bf5eb807a6d4a75f http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_s390.deb Size/MD5 checksum: 1013748 598ccccd6f90df0ca7bedd5ec1d136c7 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 881430 2688537934012af957695fea329b48a1 http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 545376 1ea2967048cd369cc870441f5caeb1b1 http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 867886 f663757c3929af6b241a91efa07a626a http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 928250 9c0199efd36a47c6d05861af5e04ff02 http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 874108 4d351161d497905352ac6ef1dcabfc9e http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 934390 2151ef35c9424c90850c579f90effce4 http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 874100 c05ccf6f4ffb15037cfd794647848617 http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 204512 1e3590447f3f0804e9fe27ea61959b31 http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 876370 1782507a950cbb17519d768f5655278a http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 751910 582313f03a36980fab96074ee218c0eb http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 952632 31875cb1a0037cf8923e7eda269ead80 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ ze/MD5 checksum: 970874 2dccfb8e2287cd9e6285545e43dac87a http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_ia64.deb Size/MD5 checksum: 1585804 06a43c2668bf468ffe521880cc497518 http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_ia64.deb Size/MD5 checksum: 184650 516d8eddce4e6628e8b6ee32f55ce2aa mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mips.deb Size/MD5 checksum: 1061694 a2e9b2bc8f31cf878805dbc1babd4074 http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mips.deb Size/MD5 checksum: 1027336 d86f7c3fab9143c1c93d82b3762f8c0d http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mips.deb Size/MD5 checksum: 215734 c23239c8579e53a4277325a048567e75 http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mips.deb Size/MD5 checksum: 1021942 d75231c3c7950785df8f52680e28c956 http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mips.deb Size/MD5 checksum: 1029478 e74670d4918287fb3d05436419b7f5a9 http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mips.deb Size/MD5 checksum: 1037498 ac41c65a077d84f0f5405356d0b52ef1 http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mips.deb Size/MD5 checksum: 654740 994339f109e5db97079633b5249bd8d2 http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mips.deb Size/MD5 checksum: 1034390 2c4337c763ea13a11e13b711c25313b5 http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mips.deb Size/MD5 checksum: 1033336 eb70a508dd3a9f30f31a87c4a2266959 http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mips.deb Size/MD5 checksum: 1024984 8d99fbb2712f791c3a0989929cf3f0a4 http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mips.deb Size/MD5 checksum: 884306 7aeb2418d5366493e09306cb0dff0080 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 884962 b58372db99660ff0e4f547b3c66335e2 http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 1034202 0622c0fac8ee51c7dd403a2d3a709f1f http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 1024616 fa6a91224476aadab8e9086031c93843 http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 655488 9ecdf0e56665da0aff429e23e9c0cb85 http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 1061362 accba14e8f0043ef3a0b9be85ae481cd http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 181736 5ba79db87623562481162cbac53ec2b6 http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 1037954 28979a474d512ec1abfb33a598b524c7 http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 1026874 5c10e35e281ec28eecc36b8fa80ef0d7 http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 1032800 75be0356398f5a88e836eafccdf11154 http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 1029056 0a13b0913667d03e2d3875611498c54c http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mipsel.deb Size/MD5 checksum: 1022658 18d03119dc62eaca237a2513cba2c0ca powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 996154 f3c3d5660dd3e5e7fdb325a1f9ee80f3 http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 1019842 f626233054124e014d335722e6b7b1f5 http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 592366 e4bd0cbf615c36476bff4979d0987393 http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 936024 be64d238a9cbf4d938999472026fde89 http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 808854 7dfff56d11567d2dabafa290618b5e18 http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 990262 6114d3fcd53521a8c2cd317d586b6fcd http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 933488 503e433ae6fd737f2b3ae48698e8e671 http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 985094 28babdde5091f90ae7b64f6e33c6c50f http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 943596 3beb1be6cde901814742b33ee4973142 http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 181648 b71e88d76eacbfa861c24c6c21881f66 http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_powerpc.deb Size/MD5 checksum: 938174 3a729f2922d8e84b222947a18bc6ace3 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_s390.deb Size/MD5 checksum: 1023236 1ee38cca410e5bd069a72a325fd8147e http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_s390.deb Size/MD5 checksum: 1019258 e1f6cae1e293d3cb212ff17dd7beb264 http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_s390.deb Size/MD5 checksum: 1049408 4b1f42bb092f9dd62d7324e430a1a88e http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_s390.deb Size/MD5 checksum: 825560 2b8b69171c45094c184e357b1a6a7336 http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_s390.deb Size/MD5 checksum: 955228 ceea2d07ea609414724aeedae57a3a0a http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_s390.deb Size/MD5 checksum: 965878 824e5bfdcc9a8ed7ee54e4553c9461f8 http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_s390.deb Size/MD5 checksum: 971822 194d010d7aea2f2c47075b6f205de0c1 http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_s390.deb Size/MD5 checksum: 963294 a7636d870a3bc1de7fc8248d35c74cf3 http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_s390.deb Size/MD5 checksum: 610092 6762beafb4e7376087c4f8962d1521f6 http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_s390.deb Size/MD5 checksum: 181488 00d25451b3c22213bf5eb807a6d4a75f http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_s390.deb Size/MD5 checksum: 1013748 598ccccd6f90df0ca7bedd5ec1d136c7 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 881430 2688537934012af957695fea329b48a1 http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 545376 1ea2967048cd369cc870441f5caeb1b1 http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 867886 f663757c3929af6b241a91efa07a626a http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 928250 9c0199efd36a47c6d05861af5e04ff02 http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 874108 4d351161d497905352ac6ef1dcabfc9e http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 934390 2151ef35c9424c90850c579f90effce4 http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 874100 c05ccf6f4ffb15037cfd794647848617 http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 204512 1e3590447f3f0804e9fe27ea61959b31 http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 876370 1782507a950cbb17519d768f5655278a http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 751910 582313f03a36980fab96074ee218c0eb http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_sparc.deb Size/MD5 checksum: 952632 31875cb1a0037cf8923e7eda269ead80 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJrOlOU5XKDemr/NIRAr4MAJ9albLKf0txEhSML8el6c2wNrcrvgCfav20 S+9XuS0g1xNC3Bwlv5Ck0AA= =dEJC -----END PGP SIGNATURE----- From advisories at isecauditors.com Tue Mar 3 10:55:50 2009 From: advisories at isecauditors.com (ISecAuditors Security Advisories) Date: Tue, 03 Mar 2009 11:55:50 +0100 Subject: [Full-disclosure] [ISecAuditors Security Advisories] CSRF vulnerability in GMail service Message-ID: <49AD0CB6.1060101@isecauditors.com> ============================================= INTERNET SECURITY AUDITORS ALERT 2007-003 - Original release date: August 1st, 2007 - Last revised: January 11th, 2009 - Discovered by: Vicente Aguilera Diaz - Severity: 3/5 ============================================= I. VULNERABILITY ------------------------- CSRF vulnerability in GMail service II. BACKGROUND ------------------------- Gmail is Google's free webmail service. It comes with built-in Google search technology and over 2,600 megabytes of storage (and growing every day). You can keep all your important messages, files and pictures forever, use search to quickly and easily find anything you're looking for, and make sense of it all with a new way of viewing messages as part of conversations. III. DESCRIPTION ------------------------- Cross-Site Request Forgery, also known as one click attack or session riding and abbreviated as CSRF (Sea-Surf) or XSRF, is a kind of malicious exploit of websites. Although this type of attack has similarities to cross-site scripting (XSS), cross-site scripting requires the attacker to inject unauthorized code into a website, while cross-site request forgery merely transmits unauthorized commands from a user the website trusts. GMail is vulnerable to CSRF attacks in the "Change Password" functionality. The only token for authenticate the user is a session cookie, and this cookie is sent automatically by the browser in every request. An attacker can create a page that includes requests to the "Change password" functionality of GMail and modify the passwords of the users who, being authenticated, visit the page of the attacker. The attack is facilitated since the "Change Password" request can be realized across the HTTP GET method instead of the POST method that is realized habitually across the "Change Password" form. IV. PROOF OF CONCEPT ------------------------- 1. An attacker create a web page "csrf-attack.html" that realize many HTTP GET requests to the "Change Password" functionality. For example, a password cracking of 3 attempts (see "OldPasswd" parameter): ...

... or with hidden frames: ...