From vulcanius at gmail.com Tue Sep 1 02:50:41 2009 From: vulcanius at gmail.com (vulcanius) Date: Tue, 1 Sep 2009 01:50:41 +0000 Subject: [Full-disclosure] Why FD should unban n3td3v. In-Reply-To: <20090831015654.E61AE20040@smtp.hushmail.com> References: <20090831015654.E61AE20040@smtp.hushmail.com> Message-ID: The readers did decide, that's why he's banned. If you still like reading his garbage go find whatever bridge he's currently living under and subscribe. If you believe that the days with n3td3v on the list were FD's glory days you're either ignorant or stupid. On Mon, Aug 31, 2009 at 1:56 AM, John Q Publix wrote: > Some of you may call n3td3v annoying, others may call him funny, > but others may genuinely value his comments on the list. > > Leave it up to the reader to decide. > > FD exists to be unmoderated and uncensored. This list is a great > thing, and I'm requesting that it be restored to it's former glory. > > While I'm no fan of n3td3v, censoring him sets a dangerous > precedent. If I wanted to filter out his mails client-side, I still > could btw. > > Just don't censor him on the server. > > > Just my 2 cents. > > john q public > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From r1d1nd1rty at hush.com Tue Sep 1 03:47:12 2009 From: r1d1nd1rty at hush.com (r1d1nd1rty) Date: Mon, 31 Aug 2009 22:47:12 -0400 Subject: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday Message-ID: <20090901024712.81877B8043@smtp.hushmail.com> why would anyone write a 0day with... # bug found & exploited by Kingcope, kcope2googlemail.com # Affects IIS6 with stack cookie protection # August 2009 - KEEP THIS 0DAY PRIV8 ... then plaster it all over the internet? have you forgotten what you, yourself wrote? if you guys really wanna get that famous.. perhaps you should consider a new career - nobody even likes h4ck3rs these days anyway (especially james and da internet po-po). and please put a fkn' sleep in ur while(1)'s after a fork()... it appears as though you couldn't WAIT to get this one out... /rd remember to always r1d3 d1r7y n' bounce em. On Mon, 31 Aug 2009 16:31:51 -0400 Kingcope wrote: >Hello list, > >I have to clarify some things on the globbing vulnerability here. >The posted PoC (with the fine art) does NOT exploit IIS6 ftp >servers, >IIS6 ftp server IS affected by the buffer overflow but is properly >protected >by stack canaries. AFAIK it looks like a DoS on Windows Server >2003. >Until someone finds a way to bypass Stack Canaries on recent >Windows >versions this remains a DoS on IIS6. > >Thanks to HD Moore and all people in the past you wrote exploits >for >my releases! >Kudos! > >Nikolaos > >2009/8/31 Kingcope : >> (see attachment) >> >> Cheerio, >> >> Kingcope >> > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ From laurent.gaffie at gmail.com Tue Sep 1 04:47:32 2009 From: laurent.gaffie at gmail.com (laurent gaffie) Date: Mon, 31 Aug 2009 23:47:32 -0400 Subject: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday In-Reply-To: <20090901024712.81877B8043@smtp.hushmail.com> References: <20090901024712.81877B8043@smtp.hushmail.com> Message-ID: <4b13609c0908312047q309bb6ddt5022f9f60fc52030@mail.gmail.com> Nice find Kingcope, As Thierry mentioned it, i guess it was a pain to find it, nice one as always, your finding rocks. Cheers 2009/8/31 r1d1nd1rty > why would anyone write a 0day with... > > # bug found & exploited by Kingcope, kcope2googlemail.com > # Affects IIS6 with stack cookie protection > # August 2009 - KEEP THIS 0DAY PRIV8 > > ... then plaster it all over the internet? have you forgotten what > you, yourself wrote? > > if you guys really wanna get that famous.. perhaps you should > consider a new career - nobody even likes h4ck3rs these days anyway > (especially james and da internet po-po). > > and please put a fkn' sleep in ur while(1)'s after a fork()... it > appears as though you couldn't WAIT to get this one out... > > /rd > > remember to always r1d3 d1r7y n' bounce em. > > On Mon, 31 Aug 2009 16:31:51 -0400 Kingcope > wrote: > >Hello list, > > > >I have to clarify some things on the globbing vulnerability here. > >The posted PoC (with the fine art) does NOT exploit IIS6 ftp > >servers, > >IIS6 ftp server IS affected by the buffer overflow but is properly > >protected > >by stack canaries. AFAIK it looks like a DoS on Windows Server > >2003. > >Until someone finds a way to bypass Stack Canaries on recent > >Windows > >versions this remains a DoS on IIS6. > > > >Thanks to HD Moore and all people in the past you wrote exploits > >for > >my releases! > >Kudos! > > > >Nikolaos > > > >2009/8/31 Kingcope : > >> (see attachment) > >> > >> Cheerio, > >> > >> Kingcope > >> > > > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090831/0df16f28/attachment.html From security at vmware.com Tue Sep 1 06:32:24 2009 From: security at vmware.com (VMware Security team) Date: Mon, 31 Aug 2009 22:32:24 -0700 Subject: [Full-disclosure] VMSA-2009-0011 VMware Studio 2.0 addresses a security issue in the public beta version of Studio 2.0 Message-ID: <4A9CB1E8.1040309@vmware.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2009-0011 Synopsis: VMware Studio 2.0 addresses a security issue in the public beta version of Studio 2.0 Issue date: 2009-08-31 Updated on: 2009-08-31 (initial release of advisory) CVE numbers: CVE-2009-2968 - ------------------------------------------------------------------------ 1. Summary VMware Studio 2.0 resolves a directory traversal vulnerability that was present in the VMware Studio 2.0 public beta. 2. Relevant releases VMware VMware Studio 2.0 public beta 3. Problem Description a. Directory traversal vulnerability Due to incomplete sanitation of user input, a support component of VMware Studio's web interface can be tricked into uploading a file to any directory inside the VMware Studio virtual appliance. This issue does not affect virtual machines that are created with Studio 2.0 beta. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2968 to this issue. VMware would like to thank Claudio Criscione of Secure Network for reporting this issue to us. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VMware Studio 1.0 VMware not affected VMware Studio 2.0 beta VMware VMware Studio 2.0 build 1017-185256 VMware Studio 2.0 VMware not affected 4. Solution Please review the patch/release notes for your product and version and verify the sha1sum and/or the md5sum of your downloaded file. VMware Studio 2.0 build 1017-185256 ----------------------------------- http://www.vmware.com/support/developer/studio/ Release notes: http://www.vmware.com/support/developer/studio/studio20/release_notes.html VMware Studio appliance in ZIP (md5sum:58cb40704d12f4ec329b887ae729aba9) (sha1sum:2931a6a4de7e77016d08c6539cab93a6304ab452) VMware Studio appliance in OVA Deployment URL: http://download3.vmware.com/software/studio/studio20/VMware_Studio-2.0.0.1017-185256_OVF10.ova (md5sum:0b0edb02865ae935bcffcccbf346adc2) (sha1sum:f126339ab0de5b684e60ab7dfd50ddb15f2391cc) VMware Studio appliance in OVF 1.0 Deployment URL: http://download3.vmware.com/software/studio/studio20/VMware_Studio-2.0.0.1017-185256_OVF10.ovf (md5sum:a3dfca29578a75b0440be3419396c85c) (sha1sum:67f08e73de18ddeea257fefe6475f289d643ad77) VMware Studio appliance in OVF 0.9 Deployment URL: http://download3.vmware.com/software/studio/studio20/VMware_Studio-2.0.0.1017-185256_OVF09.ovf (md5sum:959c61270dc872be2f5e65e59480852d) (sha1sum:ac3c2d612f0b877f10ca607467b6a95b31ed3dd7) VMDK associated to the OVF 1.0 and OVF 0.9 descriptor (md5sum:617ec59063d2ba180b19f680fb1b49b1) (sha1sum:eb1d474cde175a9e042c9613eae31822843394cf) VMware Studio Plugin for Eclipse in ZIP (md5sum:9970df718f08f92c053758187c979293) (sha1sum:2d5a9a8d3d68faa3afd317b148f060a74cbd359a) 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2968 - ------------------------------------------------------------------------ 6. Change log 2009-08-31 VMSA-2009-0011 Initial security advisory after release of Studio 2.0 on 2009-08-31. - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2009 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFKnLHmS2KysvBH1xkRAlUSAJ90vZzWYrMUgNwmnk1EWRTEyF+pKgCffeLt sMSBGdvumE+14/pi4woV46Q= =jbNX -----END PGP SIGNATURE----- From remove-vuln at secunia.com Tue Sep 1 09:04:08 2009 From: remove-vuln at secunia.com (Secunia Research) Date: Tue, 1 Sep 2009 10:04:08 +0200 Subject: [Full-disclosure] Secunia Research: OpenOffice.org Word Document Table Parsing Integer Underflow Message-ID: <200909010804.n81848Bo026772@ca.secunia.com> ====================================================================== Secunia Research 01/09/2009 - OpenOffice.org Word Document Table Parsing Integer Underflow - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Solution.............................................................5 Time Table...........................................................6 Credits..............................................................7 References...........................................................8 About Secunia........................................................9 Verification........................................................10 ====================================================================== 1) Affected Software * OpenOffice.org 3.1 NOTE: Other versions may also be affected. ====================================================================== 2) Severity Rating: Highly critical Impact: System access Where: From remote ====================================================================== 3) Vendor's Description of Software "OpenOffice.org 3 is the leading open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more.". Product Link: http://openoffice.org/ ====================================================================== 4) Description of Vulnerability Secunia Research has discovered a vulnerability in OpenOffice.org, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an integer underflow error when parsing certain records in the document table. This can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. ====================================================================== 5) Solution Update to version 3.1.1. ====================================================================== 6) Time Table 14/05/2009 - Vendor notified. 14/05/2009 - Vendor response. 01/09/2009 - Public disclosure. ====================================================================== 7) Credits Discovered by Dyon Balding, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2009-0200 for the vulnerability. ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2009-26/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== From remove-vuln at secunia.com Tue Sep 1 09:04:20 2009 From: remove-vuln at secunia.com (Secunia Research) Date: Tue, 1 Sep 2009 10:04:20 +0200 Subject: [Full-disclosure] Secunia Research: OpenOffice.org Word Document Table Parsing Buffer Overflow Message-ID: <200909010804.n8184Kc1026780@ca.secunia.com> ====================================================================== Secunia Research 01/09/2009 - OpenOffice.org Word Document Table Parsing Buffer Overflow - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Solution.............................................................5 Time Table...........................................................6 Credits..............................................................7 References...........................................................8 About Secunia........................................................9 Verification........................................................10 ====================================================================== 1) Affected Software * OpenOffice.org 3.1 NOTE: Other versions may also be affected. ====================================================================== 2) Severity Rating: Highly critical Impact: System access Where: Remote ====================================================================== 3) Vendor's Description of Software "OpenOffice.org 3 is the leading open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more.". Product Link: http://openoffice.org/ ====================================================================== 4) Description of Vulnerability Secunia Research has discovered a vulnerability in OpenOffice.org, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error when parsing certain records and can be exploited to cause a heap-based buffer overflow via a specially crafted document. Successful exploitation may allow execution of arbitrary code. ====================================================================== 5) Solution Update to version 3.1.1. ====================================================================== 6) Time Table 18/05/2009 - Vendor notified. 18/05/2009 - Vendor response. 01/09/2009 - Public disclosure. ====================================================================== 7) Credits Discovered by Dyon Balding, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2009-0201 for the vulnerability. ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2009-27/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== From drupal at hush.com Tue Sep 1 11:15:32 2009 From: drupal at hush.com (Drupal is under attack) Date: Tue, 01 Sep 2009 10:15:32 +0000 Subject: [Full-disclosure] Think Drupal was FLOSS and non-profit? Think again. Message-ID: <20090901101532.998E7B0048@smtp.hushmail.com> Thought Drupal was open source and non-profit? Not anymore. This brings back memories of when Mambo and Joomla split. If you want to build a website based around this GPL+MIT framework, you should read the fine print. For your convenience of course, it's governed by the laws and regulations of Belgium. Someone has dollar signs in their eyes. Source: http://buytaert.net/drupal-trademark-policy-officially- available All I need is this euro putz putting his ugly mug on a big projector like we should take it. He's freaking using us like pawns. He shows us pictures of his god damn babies on his blog like he's God or we care. Enough. Hand power of the trademark to Drupal Association and stop killing the project. People don't want Dries, they want Drupal. Policy Attached. 1. Background information The Drupal trademark ? i.e. the word "Drupal", whether or not in capitals ? is owned and controlled by Dries Buytaert, who cooperates with the Drupal Association and local non-profit associations to foster the use of the Drupal software. Although you are encouraged to use the Drupal trademark (and the official Drupal logo (official link to be included when released by the Drupal Association), which is itself a use of the Drupal trademark) for your own purposes, you must first obtain a license. You can either obtain this license automatically, or through a license grant procedure, as further explained below in this policy. This policy therefore first explains whether you receive an automatic license, or whether you need to obtain a license through the license grant procedure. In addition, this policy explains which "rules of use" apply when you use the Drupal trademark (whether you obtained the license automatically, or through the license grant procedure). 2. Why this policy was created This policy is based on the questions received by Dries Buytaert from various persons and companies, and tries to cover the most typical use cases for the Drupal trademark. By imposing simple rules, this policy aims to create a level playing field for everyone interested in using the Drupal trademark. 3. Limitations of this policy Do not assume that this policy will answer every question you may have about the use of the Drupal trademark. There will be scenarios where your intended use of the Drupal trademark is not entirely covered by this policy, or where you have doubts as to whether or not a specific rule applies. In all these cases, you should contact Dries Buytaert. Please also note that, while the use of the official Drupal logo is covered by this trademark policy, the use of the Drupal icon (druplicon) is not. Any use of the Drupal icon is subject to separate licensing. Contact the Drupal Association for details. I. AUTOMATIC LICENSE OR LICENSE GRANT PROCEDURE? This section explains whether you are entitled to an automatic license (in which case you can use the Drupal trademark without having to complete or receive any document), or whether you need to follow the license grant procedure. You will only be entitled to an automatic license when you are in any of the situations described under subsection A below, and not simultaneously in any of the situations described under subsection B below. A. You receive an automatic license when: 1. You exclusively use the Drupal trademark to either extend or improve the Drupal software, or to encourage the use of the Drupal software (in short "foster the Drupal software" ). Examples of "fostering the Drupal software": * a course entitled "How to use Drupal in your business" organized by a local non-profit organization; * an open access monthly journal called "Drupal Coding magazine"; * an open source Apache plugin "JIT Compiler for Drupal"; * a freely distributed homebrew Drupal theme "John's Drupal Christmas Theme"; * a website "drupalhalloffame.com" with pictures of famous Drupal contributors; * administering a database with Drupal bugs and corresponding workarounds. Examples which do not qualify as "fostering the Drupal software": * creating a Drupal fork "ImprovedDrupal"; * publishing a website "drupalhallofshame.com" with pictures of infamous Drupal contributors. Examples of not "exclusively to foster the Drupal software": * a charitable organisation selling t-shirts with the Drupal trademark to sponsor its fight against global warming; * a company selling t-shirts with the Drupal trademark, while donating 25% of the profits to the Drupal Association. "Exclusively" means that any direct profits generated by using the Drupal trademark, must also be exclusively used to foster the Drupal software. Examples: * A high-traffic website "drupalindepth.com" containing sponsored ads, qualifies for an automatic license when the profits generated from these ads (minus hosting costs and other obvious costs incurred for maintaining the website) are used to pay a full- time developer working on the new open source Drupal template engine. * A Drupal contributor wants to start a website called "newtodrupal.com", with helpful tutorials aimed at people new to Drupal. This website contains ads under the form of sponsored links, which would normally exclude the automatic license. However, because the referral code used for these ads is the Drupal Association's, any money earned goes directly to support the Drupal project. Hence, this website can benefit from an automatic license. * The New York Drupal user group sells t-shirts with the Drupal trademark to sponsor its functioning. This also qualifies for an automatic license. 2. The Drupal trademark is used in a domain name, title of website, title of a seminar, title of a course or title of a software package that is either exclusively intended to foster the Drupal software, or also mentions your trademark (or your trade name, name of your company, name of your organization, or name of your association). Example uses for which you receive an automatic license: * a course entitled "Acme's Drupal Gold Course" or "Acme's Drupal Certification Course" or "Acme's Learn to Code in Drupal "; * a domain name that is used for commercial purposes and is entitled "drupalacme.com" or "commonusesofdrupal.acme.com"; * a domain name that is exclusively intended to foster Drupal use, and is entitled "drupalusersgroupcalifornia.org" or "drupalunofficialfaq.com"; * an open source plugin to connect Acme's SQL-server to the Drupal software; * a commercial plugin to connect Acme's SQL-server to the Drupal software, called "Acme's SQL plugin for Drupal"; * a Drupal course entitled "Drupal 6" that is taught at a university; * a free Drupal seminar entitled "Creating websites with Drupal", organized by a local non-profit organization Example uses for which the license grant procedure must be followed: * a commercial website hosted under domain name "commonusesofdrupal.com"; * a commercial course entitled "Drupal Newbies Course 2009". 3. The Drupal trademark is used in the title of a book, newsletter, video, magazine or similar instructional instrument regarding Drupal that does not suggest an "official link". Example titles for which you receive an automatic license: * "Drupal ninja secrets: the complete guide", "Monthly Drupal Bits", "Drupal in Depth", "Drupal Step by Step", "John Smith's Drupal 6 Installation Guide", "Illustrated Drupal Guide", "More effective ways to use Drupal", "Drupal Screenshot Guided Tour", "Beginning Drupal", "Drupal inside out", "Drupal for network professionals". Example titles for which the license grant procedure must be followed, because an "official link" may be suggested by the title (see B.1 below): * "Drupal 6", "Official Drupal Guide", "The Drupal Association's Book on Drupal". 4. The Drupal trademark is used for the title of a camp or meet- up. Examples: "Drupal Bootcamp 2009", "Annual Drupal Meeting", "Drupal Gathering New York", "DrupalCamp Antarctica". Note, however, that the license grant procedure must be used when the Drupal trademark is used in combination with the words "conference", "convention" or "association". See examples below. 5. You want to display the official Drupal logo (whether for commercial or non-commercial use) in a standalone and unaltered form. * "Standalone" means that the Drupal logo is not part of another logo. For example, a local Spanish Drupal user group that would like to create a "Drupal Spain" logo by extending the word "Drupal" with the word "Spain" (in the same font and color), will not be entitled to an automatic license. "Unaltered" means that the Drupal logo cannot be changed in any way ? e.g., by changing the color, by slightly altering the shape of the letters, etc. * Examples for which you receive an automatic license: creating a banner that displays the Drupal logo; using the Drupal logo on your (commercial or non-commercial) website; displaying the Drupal logo on product packaging; selling a t-shirt with the Drupal logo printed on the back. 6. Your intended use qualifies as "nominative fair use" of the Drupal trademark, i.e., merely identifying that you are talking about Drupal in a text, without suggesting sponsorship or endorsement by Dries Buytaert or the Drupal Association. Examples: * describing a new Drupal release in a review; * referring to Drupal in a comprehensive overview of content management systems; * complaining in a blog about a missing feature in the Drupal software; * reporting about a Drupal conference on your personal homepage. The use of the Drupal trademark as part of the name of a function, procedure, variable name or similar source code component is also considered "nominative fair use" for which no license is required. Examples: * a procedure called drupal_add_link(); * a constant called DRUPAL_AUTHENTICATED_RID; * a variable named $drupal_tag; * a set of source code files called drupal.module and drupal.js. B. The license grant procedure must always be followed when you are in one or more of the following situations (even when you would also be in any of the situations under subsection A above) 1. The use of the Drupal trademark suggests an "official link" between your product or service and Dries Buytaert / the Drupal Association (i.e., the product or service can be perceived as either emanating from Dries Buytaert / the Drupal Association, or being endorsed by Dries Buytaert / the Drupal Association). Examples: * a domain name "drupalofficialfaq.com"; * a domain name "drupalsupport.nl"; * a company called "Drupal Services Inc."; * a course entitled "Drupal Exams". 2. The Drupal trademark is used in combination with the words "conference", "convention" or "association", as well as any translation, abbreviation or variation thereof. Examples: "drupalcon, "drupalconference", "Drupalconvention", "drupal con", "drupal conference", "Drupal Convention", "Drupal Association". 3. The Drupal trademark is used as part of another registered trademark. Example: a trademark "Drupal Plugin Optimizer". 4. The Drupal trademark is used as part of a "drupal.tld" domain name. Examples: "drupal.com", "drupal.info","drupal.co.uk". 5. The Drupal trademark is used as part of a domain name that covers either an entire category of products or services that are relevant to the Drupal community, that covers an entire target group of Drupal users or that is otherwise too generic. Examples for which the license grant procedure must be followed: "drupal-design.com", "drupal-themes.co.uk", "drupal- modules.com", "drupal-support.nl", "drupal-hosting.com", "drupal- administrators.co.uk", "drupal-tshirts.com", "drupal-magazine.com", "mobiledrupal.com", "drupal-intranet.com", "drupal-services.com", "drupal-development.co.uk". 6. The Drupal trademark is used in a domain name, title of a website, title of a seminar, title of a course or title of a software package that is not exclusively intended to foster the Drupal software, and this domain name or title does not also mention your trademark (or your trade name, name of your company, name of your organization, or name of your association). Examples: * when a "Drupal Course for New Administrators" is organized by a local Drupal community, the license grant procedure does not need to be used ? even when a $600 registration fee would be requested ? because the money earned is exclusively used to foster the Drupal software; * when the same course is organized by a commercial organization and not all of the profits earned are used to foster the Drupal software, the license grant procedure must be followed; * when the same course is organized by a commercial organization, but under the name of "Acme's Drupal Course for New Administrators", the license grant procedure does not need to be used, even when none of the profits earned are used to foster the Drupal software; * when a commercial organization "Acme" has a product called "Drupal River" that is not exclusively intended to foster Drupal software, the license grant procedure must be followed; 7. The Drupal trademark is used as part of the name of a company, organization, trade name or association. Examples: a company named "Drupal, Inc.", "Drupal Experts GmbH" or "Drupal Support BV"; "Drupal Hosting LLC"; an organization called "Drupal Peru" or "Drupal User Group Germany". 8. You want to use the official Drupal logo in altered form or as part of another logo. 9. There is any doubt as to how this policy should be interpreted or applied to a specific case. II. THE LICENSE GRANT PROCEDURE In the license grant procedure, you must complete a form with your contact details and a description of the intended use of the Drupal trademark. It may take a month or more for your application to be evaluated, and applications may be rejected for any reason (you may, however, reapply as often as you like). Furthermore, a license fee may be requested for any commercial use of the Drupal trademark. Although licenses are granted at Dries Buytaert's sole discretion, and specific conditions or obligations may be imposed, the following factors will be taken into account during the license grant procedure: 1. With respect to a Drupal-related product or service, it will be considered whether the product or service: * does not suggest an official link; * promotes or expands Drupal adoption and usage; * is not a fork of Drupal, and does not promote or encourage forks of Drupal; * is licensed in a way that is compatible with the Drupal open source license; * substantially strengthens and empowers the Drupal community; * is of a high quality in both form and function; * is created by significant contributors to the Drupal project; * is created by those with a track record of liberally "giving back" to their communities; * in the case of a domain name, does not create an unfair monopoly towards others because it spans a relevant category of services. * With respect to the name of a company, organization or association, it is considered whether: * o the name does not suggest an official link; o the company / organization or association is founded by significant contributors to the Drupal project, who have a track record of liberally "giving back" to their communities. III. RULES OF USE With the exception of the "nominative fair use" of the Drupal trademark, your use of the Drupal trademark is subject to the following rules (irrespective of whether you followed the license grant procedure or obtained an automatic license): 1. Any use of the Drupal trademark implies acceptance of this policy. 2. The Drupal trademark cannot be used for illegal, defamatory or humiliating purposes, or any other purpose that may negatively impact the Drupal software. 3. Examples: * a Drupal fork entitled "A Better Drupal"; * a domain name "drupal-is-worthless.com" (note, however, that merely mentioning or referring to the Drupal software ? for example in a critical blog post - qualifies as "nominative fair use", to which the rules of use do not apply). 4. The name of your company or organization should be used in combination with the Drupal trademark so that there can be no confusion about the true source (company, organization, association or author) of your product or service. The combination of the name of your product or service with the Drupal trademark must be unique and identifiable. 5. Examples: * if your company is called "Acme", refer to your Drupal certification product as "Acme Drupal Certification" or "Drupal Certification by Acme" instead of "Drupal Certification"; or * if your company called "Acme" has a Drupal podcast, clearly refer to it as the "Acme Drupal Podcast", "Drupal Podcast provided by Acme" instead of just "Drupal Podcast"; * if your company called "Acme" has a product or service called "Drupal River," clearly indicate that the "Drupal River is a product (or service) of Acme" so that there can be no confusion about the true source. 6. The Drupal trademark should be accompanied by the following text (or an appropriate translation): "Drupal is a registered trademark of Dries Buytaert." IV. OTHER LEGAL STUFF 1. Any license granted under this policy, is legally granted as a sub-license by the company Dries Buytaert BVBA (company number 0893.231.032), which is mandated by Dries Buytaert to evaluate the applications and assign sub-licenses of the Drupal trademark on behalf of Dries Buytaert. 2. Any license granted under this policy can be terminated upon sixty (60) days prior written notice if you breach any provision of this policy. If your breach can be cured (and you have not previously breached this policy), you may be granted forty-five (45) days from the date of notice to cure the breach. 3. All implicit or automatic permissions or licenses to use the Drupal trademark that were granted before the publication of the current version of this policy are revoked after a grace period of six (6) months (calculated as from the date of publication). 4. This policy ? as well as the accompanying website - may be changed at any time. You accept that all licenses accorded under this policy are non-exclusive, non-transferable, non-sub- licensable, revocable at any time, and subject to changes in policy. Hence, changes in this policy may cause permissions to be revoked or made dependent on additional obligations. 5. Any changes to this policy will enter into force sixty (60) days after publication on the licensing page of the Drupal website (http://drupal.com/trademark). 6. If any provision of this policy would be found by any court or administrative body of competent jurisdiction to be invalid or unenforceable, the invalidity or unenforceable of such provision shall not affect the other provisions of this policy, so that all other provisions shall remain in full force and effect. In such case, the invalid or unenforceable provision shall be replaced by a valid or enforceable provision that achieves to the greatest extent possible the economic, legal and commercial objectives of the invalid or unenforceable provision. 7. All disputes in connection with this policy or any permission granted by it will be submitted to the applicable Court of Brussels, Belgium. This policy is governed by the laws and regulations of Belgium. -- Dries Buytaert, Owner of the Drupal Trademark From research at sec-consult.com Tue Sep 1 12:41:32 2009 From: research at sec-consult.com (Johannes Greil) Date: Tue, 1 Sep 2009 13:41:32 +0200 Subject: [Full-disclosure] SEC Consult SA-20090901-0 :: File disclosure vulnerability in JSFTemplating, Mojarra Scales and GlassFish Application Server v3 Admin console Message-ID: <20090901134132.7d455e5a@sec-consult.com> SEC Consult Security Advisory < 20090901-0 > ======================================================================= title: File disclosure vulnerability in JSFTemplating, Mojarra Scales and GlassFish Application Server v3 Admin console products: JSFTemplating (FileStreamer/PhaseListener component) Mojarra Scales GlassFish Application Server v3 Preview (Admin console) vulnerable version: JSFTemplating: all versions < v1.2.11 Mojarra Scales: all versions < v1.3.2 GlassFish: v3 Preview fixed version: JSFTemplating: v1.2.11 Mojarra Scales: v1.3.2 GlassFish: v2 is not affected according to vendor impact: critical homepage: https://jsftemplating.dev.java.net http://kenai.com/projects/scales https://glassfish.dev.java.net found: 2009-07-01 by: J. Greil / SEC Consult / www.sec-consult.com ======================================================================= Vendor description: ------------------- Templating for JavaServer? Faces Technology plugs into JavaServer? Faces to make building pages and components easy. Creating pages or components is done using a template file. JSFTemplating's design allows for multiple syntaxes, currently it supports 2 of its own plus most of the Facelets syntax. All syntaxes support all of JSFTemplating's features such as PageSession, Events & Handlers, dynamic reloading of page conent, etc. source: https://jsftemplating.dev.java.net/#what also see: http://kenai.com/projects/scales/ https://glassfish.dev.java.net/ Vulnerability overview/description: ----------------------------------- The JSFTemplating FileStreamer functionality (when using the PhaseListener), basically used for including static or dynamic content, such as Yahoo UI API files with Mojarra Scales, is vulnerable to * file disclosure and also allows an attacker * to retrieve directory listings of the whole server Furthermore Mojarra Scales and the GlassFish Application Server (v3 Preview) Admin console are using vulnerable components too. JSFTemplating/FileStreamer can be exploited to read sensitive application data on the whole server depending on the configuration. One tested server allowed us to access all files on the server (with rights of the webserver user), another server was restricted to files within the webroot (but including WEB-INF) - it might depend on the Java Security Model or filesystem rights. An attacker is able to gain sensitive data such as configuration files (WEB-INF/web.xml), the whole source code of the application or other sensitive data on the server. Furthermore it is possible to retrieve directory listings of directories on the whole server and the webroot by specifying a directory instead of a file. Proof of concept: ----------------- The URLs to exploit this vulnerability may differ from server to server. The vulnerable HTTP parameters are usually named "filename" or "file". By specifying the following URLs an attacker gains access to sensitive configuration files, source code or other possibly sensitive files: ======================== /jsft_resource.jsf?contentSourceId=resourceCS&filename=WEB-INF/web.xml /jsft_resource.jsf?contentSourceId=resourceCS&filename=index.jsp /jsft_resource.jsf?contentSourceId=resourceCS&filename=at/mycompany/ /jsft_resource.jsf?contentSourceId=resourceCS&filename=at/mycompany/some.class ======================== By using an empty value for the file/filename parameter, a directory listing of the webroot is being shown. Directory traversal is also possible but it depends on the installation/configuration whether it is possible to access data outside the webroot. ======================== /scales_static_resource.jsf?file= /scales_static_resource.jsf?file=../../../../../../etc/ /scales_static_resource.jsf?file=../../../../../../etc/passwd ======================== Vulnerable versions: -------------------- JSFTemplating: * all versions < v1.2.11 Mojarra Scales: * all versions < v1.3.2 GlassFish: * v3 Preview (Admin console) According to the vendor, GlassFish v2 does not use vulnerable components. Vendor contact timeline: ------------------------ 2009-07-07: Contacting the developers of JSFTemplating by email. 2009-07-07: Very fast response from the developers by email and IRC, initial attempts to fix the issue were being made 2009-07-08: Agreed on taking a further look into the issue by the end of July 2009-07-30: Contacted the developers again, they need more time 2009-08-10/13: Asked the developers for any news 2009-08-14: Anwser that the fix will make it into next release 2009-08-31: Fixes for JSFTemplating and Mojarra Scales available 2009-09-01: Coordinated release date Special thanks to Jason and Ken! Solution: --------- * Upgrade to the latest version of JSFTemplating, v1.2.11 has the fix: http://download.java.net/maven/1/com.sun.jsftemplating/jars/ CVS commit logs with some information regarding new security features can be found here: https://jsftemplating.dev.java.net/servlets/BrowseList?listName=cvs&by=date&from=2009-08-01&to=2009-08-31&first=1&count=16 * Upgrade to the latest version of Mojarra Scales, v1.3.2 has the fix: http://kenai.com/projects/scales/downloads/directory/Mojarra%20Scales%201.3.2/ * GlassFish: Use the current stable version v2 or see workaround section for v3. Workaround: ----------- GlassFish v3 Preview: Use strong passwords for the GlassFish Admin console and restrict access to the Admin console port (4848). Advisory URL: ------------- https://www.sec-consult.com/advisories_e.html#a61 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC Consult Unternehmensberatung GmbH Office Vienna Mooslackengasse 17 A-1190 Vienna Austria Tel.: +43 / 1 / 890 30 43 - 0 Fax.: +43 / 1 / 890 30 43 - 25 Mail: research at sec-consult dot com www.sec-consult.com SEC Consult conducts periodical information security workshops on ISO 27001/BS 7799 in cooperation with BSI Management Systems. For more information, please refer to https://www.sec-consult.com/academy_e.html EOF J. Greil / @2009 From inferno at securethoughts.com Tue Sep 1 07:51:39 2009 From: inferno at securethoughts.com (Inferno) Date: Mon, 31 Aug 2009 23:51:39 -0700 Subject: [Full-disclosure] Pwning Opera Unite with Inferno's Eleven Message-ID: <001b01ca2ad0$a89e20e0$f9da62a0$@com> Pwning Opera Unite with Inferno's Eleven ---------------------------------------- Complete Post at http://securethoughts.com/2009/08/pwning-opera-unite-with-infernos-eleven/ Opera Unite, the upcoming version of the Opera browser has a strong vision to change how we look at the web. For those who are unknown to this radical technology, it extends your browser into a full-blown collaboration suite where you can chat with people, leave notes, share files, play media, host your sites, etc. (Wow!!). Opera Unite comes bundled with a bunch of standard services such as Fridge (Notes), The Lounge (chatroom), etc. It is important to understand that these services have two distinct views. One view is of the Service Owner, who installs, customizes and runs these services on his or her computer. The service owner and the computer running these services have associated identifiers. By default, computer name is "home". So, your administrative homepage is http://admin.home.uid.operaunite.com/. Remember that even though the protocol of communication looks like http, it is not. Opera relays all traffic using a proprietary ucp protocol (encrypted) to asd.opera.com and auth.opera.com (no protocol details except here). The other view is of the Service Page which is used by your users (friends, customers, etc) to access your selected content. These trusted users can access your services from any browser (not just opera unite) and uses the plain http protocol. The service homepage is http://home.uid.operaunite.com/. I was fascinated by this idea, so I decided to look at the security aspects of the product (while it was in beta). Here are my findings in no particular priority order (tested on 10.00 Beta 3 Build 1703). 1. Enumerating Service Owner Usernames 2. Enumerating Computer names for a particular Service Owner 3. Enumerating Service Owner Server IP address and Port number 4. Hijacking Insecure Communication in Service Pages 5. Hosting Phishing Pages and other Malware on Trusted Operaunite.com 6. CSRF-ing a File Upload from a Trusted User 7. CSRF-ing a Note on the Fridge 8. CSRF-Ing anyuserid to join a chatroom 9. XSS ing the unite-session-id cookie, works for almost all services 10. Clickjacking any Service Page 11. Inconsistency in Password Policy for some services Read details at http://securethoughts.com/2009/08/pwning-opera-unite-with-infernos-eleven/ Thanks and Regards, Inferno Security Researcher SecureThoughts.com From namn at bluemoon.com.vn Tue Sep 1 17:51:52 2009 From: namn at bluemoon.com.vn (Nam Nguyen) Date: Tue, 1 Sep 2009 23:51:52 +0700 Subject: [Full-disclosure] [BMSA-2009-06] Remote code execution in BKAV eOffice Message-ID: <20090901235152.d21d593e.namn@bluemoon.com.vn> BLUE MOON SECURITY ADVISORY 2009-06 =================================== :Title: Remote code execution in BKAV eOffice :Severity: Critical :Reporter: Blue Moon Consulting :Products: eOffice v5.1.5 :Fixed in: -- Description ----------- We could not find out the definitive description for eOffice in English. This is our own understanding of the application: eOffice is an IMAP email client. We have discovered a remote code execution vulnerability in eOffice. The attacker could force an unknowning user to execute arbitrary code. To exploit this bug, an attacker only needs to send a specially-crafted email to his target's address. When the victim clicks on the email, malicious code will run immediately. From there, the attacker might take full control of the machine, or simply cause a Denial of Service. This vulnerability exists in versions up to 5.1.5. Newer version might also be affected. Workaround ---------- Current eOffice users are strongly advised to switch to other email clients such as the free Thunderbird, Sylpheed, Outlook Express, or commercial Outlook in the MS Office suite until the bug has been resolved. Fix --- Customers are advised to contact and request a fix directly from the vendor. Disclosure ---------- Due to negative response in previous report (``_), Blue Moon Consulting decided not to report this bug to the vendor but contacted the Vietnam Computer Emergency Response Team -- VNCERT. :Initial contact: August 01, 2009: Initial security alert sent to office at vncert.vn, vncert at mpt.gov.vn, vncert at mic.gov.vn :Co-ordinator response: August 01, 2009: Operation team replied that it would be the point of contact for VNCERT. :Further communication: August 02, 2009: VNCERT requested proof of vulnerability. August 02, 2009: Blue Moon Consulting showed and recorded the proof of concept exploit. August 02, 2009: Blue Moon Consulting sent a draft advisory to VNCERT. August 07, 2009: Blue Moon Consulting showed the proof of concept exploit under close observation of VNCERT and Ministry of Information and Communications. August 09, 2009: Nguyen Minh Duc from BKAV requested us to provide technical details prior to the emergency meeting called for by VNCERT. August 10, 2009: Blue Moon Consulting requested to discuss with BKAV at the meeting. August 10, 2009: Ministry of Information and Communications held an emergency meeting comprising of representatives from the Ministry, VNCERT, VNISA, Blue Moon Consulting, and BKAV to verify the vulnerability in an independent environment. BKAV refused to attend the meeting. August 17, 2009: Nguyen Minh Duc asked Blue Moon Consulting to provide more technical information about the vulnerability based on VNCERT's request. August 19, 2009: Blue Moon Consulting replied with clear reasons why BKAV had voluntarily denied itself from such information. Blue Moon Consulting also requested that written request should be made if further assistance was required. August 24, 2009: Nguyen Minh Duc did not use official communication channel, and therefore was ignored. :Public disclosure: September 01, 2009 :Exploit code: No exploit code provided. Disclaimer ---------- The information provided in this advisory is provided "as is" without warranty of any kind. Blue Moon Consulting Co., Ltd disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Your use of the information on the advisory or materials linked from the advisory is at your own risk. Blue Moon Consulting Co., Ltd reserves the right to change or update this notice at any time. -- Nam Nguyen, CISA, CISSP, CSSLP Blue Moon Consulting Co., Ltd http://www.bluemoon.com.vn -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090901/3b65fe11/attachment.bin From security at mandriva.com Tue Sep 1 20:32:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Tue, 01 Sep 2009 21:32:01 +0200 Subject: [Full-disclosure] [ MDVSA-2009:197 ] nss Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:197 http://www.mandriva.com/security/ _______________________________________________________________________ Package : nss Date : August 7, 2009 Affected: 2008.1 _______________________________________________________________________ Problem Description: Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate (CVE-2009-2404). This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks. Update: This update also provides fixed packages for Mandriva Linux 2008.1 _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 9228daed5355d9175cbd25faf90a1323 2008.1/i586/libnspr4-4.7.5-0.1mdv2008.1.i586.rpm 58c5ec5d221d0013254d144272162ece 2008.1/i586/libnspr-devel-4.7.5-0.1mdv2008.1.i586.rpm 910b4ddc4285154103c7fd251feac41e 2008.1/i586/libnss3-3.12.3.1-0.1mdv2008.1.i586.rpm 1ef05d27d0d04facfcbf1f13cc84c166 2008.1/i586/libnss-devel-3.12.3.1-0.1mdv2008.1.i586.rpm 1add6ba2355ec0a0571407571f02226e 2008.1/i586/libnss-static-devel-3.12.3.1-0.1mdv2008.1.i586.rpm 18de04c0e62a1e09800b25f045de726e 2008.1/i586/nss-3.12.3.1-0.1mdv2008.1.i586.rpm daa825f74749ae4e255e7783eb590b90 2008.1/SRPMS/nspr-4.7.5-0.1mdv2008.1.src.rpm 0d17f86fabf84c9ae04f7e520bc0a679 2008.1/SRPMS/nss-3.12.3.1-0.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 58d390af357253669d802b948adcd728 2008.1/x86_64/lib64nspr4-4.7.5-0.1mdv2008.1.x86_64.rpm 81b4060266dc9451903c1ba359b49ebe 2008.1/x86_64/lib64nspr-devel-4.7.5-0.1mdv2008.1.x86_64.rpm ddb36ba3de5f39010481bc71c8c6b6f1 2008.1/x86_64/lib64nss3-3.12.3.1-0.1mdv2008.1.x86_64.rpm 404e5c1d07c1838c7cfcc03d4ca0d94a 2008.1/x86_64/lib64nss-devel-3.12.3.1-0.1mdv2008.1.x86_64.rpm ad4bd40e77dd746fe9cddfb4c34d2f62 2008.1/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdv2008.1.x86_64.rpm cbad5d086771ecd927edd51eda1fd36c 2008.1/x86_64/nss-3.12.3.1-0.1mdv2008.1.x86_64.rpm daa825f74749ae4e255e7783eb590b90 2008.1/SRPMS/nspr-4.7.5-0.1mdv2008.1.src.rpm 0d17f86fabf84c9ae04f7e520bc0a679 2008.1/SRPMS/nss-3.12.3.1-0.1mdv2008.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKnUuBmqjQ0CJFipgRAo4ZAJ9NgZWnA+od3Avaz/JL0AUPsLuifwCg4Ko7 xlh7P0f6Beuzo4/4fxPw+EU= =I1n/ -----END PGP SIGNATURE----- From badmotherfsckr at gmail.com Tue Sep 1 20:39:06 2009 From: badmotherfsckr at gmail.com (BMF) Date: Tue, 1 Sep 2009 12:39:06 -0700 Subject: [Full-disclosure] Think Drupal was FLOSS and non-profit? Think again. Message-ID: drupal at hush.com wrote: > Thought Drupal was open source and non-profit? Not anymore. This seems like a relatively minor issue. I thought the fact that it is written by newbs in PHP (if they weren't newbs they wouldn't still be coding php) and therefore a remote root server would be enough to keep people away from it, much less any trademark issues. BMF -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090901/5aff3755/attachment.html From fw at deneb.enyo.de Tue Sep 1 20:41:26 2009 From: fw at deneb.enyo.de (Florian Weimer) Date: Tue, 01 Sep 2009 19:41:26 +0000 Subject: [Full-disclosure] [SECURITY] [DSA 1876-1] New dnsmasq packages fix remote code execution Message-ID: <87ws4ia1w9.fsf@mid.deneb.enyo.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1876-1 security at debian.org http://www.debian.org/security/ Florian Weimer September 01, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : dnsmasq Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE Id(s) : CVE-2009-2957 CVE-2009-2958 Several remote vulnerabilities have been discovered in the TFTP component of dnsmasq. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2957 A buffer overflow in TFTP processing may enable arbitrary code execution to attackers which are permitted to use the TFTP service. CVE-2009-2958 Malicious TFTP clients may crash dnsmasq, leading to denial of service. The old stable distribution is not affected by these problems. For the stable distribution (lenny), these problems have been fixed in version 2.45-1+lenny1. For the unstable distribution (sid), these problems have been fixed in version 2.50-1. We recommend that you upgrade your dnsmasq packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.45.orig.tar.gz Size/MD5 checksum: 377466 59106495260bb2d0f184f0d4ae88d740 http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.45-1+lenny1.diff.gz Size/MD5 checksum: 14514 c841708d86ea6a13f4f168d311638ff5 http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.45-1+lenny1.dsc Size/MD5 checksum: 1006 377658fb3cb46cc670a86e475ff70533 Architecture independent packages: http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.45-1+lenny1_all.deb Size/MD5 checksum: 12110 716c6f4f6e478f5a0f248725e4544dda alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_alpha.deb Size/MD5 checksum: 267294 d7ba6bd2b7363246587cf4ab8b78f721 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_amd64.deb Size/MD5 checksum: 258118 3b5fc290f6bfacd7450fbc138e63bcb7 arm architecture (ARM) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_arm.deb Size/MD5 checksum: 250676 0011c21826ab5f3b9c64444113acc97f armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_armel.deb Size/MD5 checksum: 252830 5999eff243a849fe31fba765e92228d0 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_hppa.deb Size/MD5 checksum: 258292 cadea4880ef01292affd271cde276226 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_i386.deb Size/MD5 checksum: 251182 cdad8cd873dc28fd69fdd7ca2e59cec1 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_ia64.deb Size/MD5 checksum: 301522 2723ddacd61bf4378115a1701848fa2c mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_mips.deb Size/MD5 checksum: 256426 0873691aa0b37c2873e93e1132d0db95 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_mipsel.deb Size/MD5 checksum: 257982 dd6342a053fc0bb9a3be6ec5b4aa3b2f powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_powerpc.deb Size/MD5 checksum: 257426 58e705f584e41b2598a6d62bfc7e2671 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_s390.deb Size/MD5 checksum: 255328 3abfb764f944344064aed16352156b04 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_sparc.deb Size/MD5 checksum: 252234 4a6db5969b47698346b59828928dc0b5 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJKnXmhAAoJEL97/wQC1SS+BPQIAK1x7nctuD1BkdIVjSt5BXRG cBlfdwgsyjXLoLocyN6A1lsHwcAcFPZI189aqLD2MU8MBJmugDdgReF4d6GTLI/T zv2G0fkj9rggJXAeqpFOlMK/nhUNxRDAn8h/ZgXcFuTkY0zm1M2D1qhqKpvOjByC U7im5+V/rp9VAFOaTdMnnvnBJX2nRnXULj85eIAaJYZSahX544UfKi6GLkjN0wji b/FJvtn9yOT6Rkzgs528icZ3ZoDslTV8xQhuBgILhCcP5Dmp7JokbdzZ7h3zH1YV 8b0WwxEIF/mhmhlNVYDP6n2k2jLw+zLBF2c5jSIlHa67vChsLGeU3auqXAHMpq0= =h2eE -----END PGP SIGNATURE----- From dpcybuck at gmail.com Tue Sep 1 22:08:02 2009 From: dpcybuck at gmail.com (dpcybuck at gmail.com) Date: Tue, 1 Sep 2009 21:08:02 +0000 Subject: [Full-disclosure] Nipper licensing Message-ID: <1056085496-1251839280-cardhu_decombobulator_blackberry.rim.net-1105781716-@bda565.bisx.prod.on.blackberry> Which version of nipper will you be using? 0.10.x or 0.12.6? Which one is not governed by the new Titania license? Sent from my Verizon Wireless BlackBerry From jamie at canonical.com Tue Sep 1 22:51:56 2009 From: jamie at canonical.com (Jamie Strandboge) Date: Tue, 1 Sep 2009 16:51:56 -0500 Subject: [Full-disclosure] [USN-827-1] Dnsmasq vulnerabilities Message-ID: <20090901215156.GA32579@severus.strandboge.com> =========================================================== Ubuntu Security Notice USN-827-1 September 01, 2009 dnsmasq vulnerabilities CVE-2009-2957, CVE-2009-2958 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: dnsmasq-base 2.41-2ubuntu2.2 Ubuntu 8.10: dnsmasq-base 2.45-1ubuntu1.1 Ubuntu 9.04: dnsmasq-base 2.47-3ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: IvAin Arce, Pablo HernAin Jorge, Alejandro Pablo Rodriguez, MartA?n Coco, Alberto SoliAto Testa and Pablo Annetta discovered that Dnsmasq did not properly validate its input when processing TFTP requests for files with long names. A remote attacker could cause a denial of service or execute arbitrary code with user privileges. Dnsmasq runs as the 'dnsmasq' user by default on Ubuntu. (CVE-2009-2957) Steve Grubb discovered that Dnsmasq could be made to dereference a NULL pointer when processing certain TFTP requests. A remote attacker could cause a denial of service by sending a crafted TFTP request. (CVE-2009-2958) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41-2ubuntu2.2.diff.gz Size/MD5: 22736 b0b1196898ba0a1d49dd3d767c1d685c http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41-2ubuntu2.2.dsc Size/MD5: 706 ecf4c36193d5063039a63f33712df6e2 http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41.orig.tar.gz Size/MD5: 357997 8d0acd6656299a800c4d1be5a1193e39 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/d/dnsmasq/dnsmasq_2.41-2ubuntu2.2_all.deb Size/MD5: 11964 e5fa2630695acfe9caa62d0d30a89b01 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.2_amd64.deb Size/MD5: 210274 aab9865b6ad46104e28e5db9e98f6c74 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.2_i386.deb Size/MD5: 202712 36d3885ee58bdb59ae323c9ea9528f3c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.2_lpia.deb Size/MD5: 203286 0c2f1dbfefdbc27905284d323be2023d powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.2_powerpc.deb Size/MD5: 210564 53e28b512b863f41a605979c2ae4d51e sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.2_sparc.deb Size/MD5: 204218 2c03e7df659884baeac446d0a87c8e9e Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.45-1ubuntu1.1.diff.gz Size/MD5: 15256 100f87ac7b49fd2ad56a1baccd1aeae5 http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.45-1ubuntu1.1.dsc Size/MD5: 1098 74863177e20c0340d7cf225fb60ac182 http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.45.orig.tar.gz Size/MD5: 377466 59106495260bb2d0f184f0d4ae88d740 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/d/dnsmasq/dnsmasq_2.45-1ubuntu1.1_all.deb Size/MD5: 12164 c78f9591778ad9fdea8744553cfe21d0 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.45-1ubuntu1.1_amd64.deb Size/MD5: 219310 7d5435aeb7bd3b1c8c12c8e830f6e167 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.45-1ubuntu1.1_i386.deb Size/MD5: 212322 c3053944a71e5be108251e1eadcb206c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.45-1ubuntu1.1_lpia.deb Size/MD5: 211744 976e638797537eac32e3fd96ec0a78b9 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.45-1ubuntu1.1_powerpc.deb Size/MD5: 217828 78d5925bd54239598042b81230341f95 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.45-1ubuntu1.1_sparc.deb Size/MD5: 213498 b43f01c34f8471173bd8177b0300f292 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.47-3ubuntu0.1.diff.gz Size/MD5: 15599 54f4b48ec1ec03b06a5fa8b2706c0611 http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.47-3ubuntu0.1.dsc Size/MD5: 1098 786c3dc587ceb870ea724d66ff0085dc http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.47.orig.tar.gz Size/MD5: 393306 8bf2bd2dcbd5b3e7a689611d20b51126 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/d/dnsmasq/dnsmasq_2.47-3ubuntu0.1_all.deb Size/MD5: 13004 11219fb5f0ecd525a1bfb7ce95fd5e81 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.47-3ubuntu0.1_amd64.deb Size/MD5: 229344 9c43a00001bb1feef5e3340225fc4704 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.47-3ubuntu0.1_i386.deb Size/MD5: 221568 e28309342282e463efdf10694046b96c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.47-3ubuntu0.1_lpia.deb Size/MD5: 221032 19755ca579fa44543f3658d20abbcaac powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.47-3ubuntu0.1_powerpc.deb Size/MD5: 227238 a30b637a127aa09a0425550be64c5b49 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.47-3ubuntu0.1_sparc.deb Size/MD5: 222732 0f7dd8d1aabcad788a50b147fd1cb6ba -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090901/7876ff2d/attachment.bin From jlay at slave-tothe-box.net Tue Sep 1 23:00:25 2009 From: jlay at slave-tothe-box.net (jlay at slave-tothe-box.net) Date: Tue, 1 Sep 2009 16:00:25 -0600 (MDT) Subject: [Full-disclosure] Nipper licensing In-Reply-To: <1056085496-1251839280-cardhu_decombobulator_blackberry.rim.net-110578 1716-@bda565.bisx.prod.on.blackberry> References: <1056085496-1251839280-cardhu_decombobulator_blackberry.rim.net-1105781716-@bda565.bisx.prod.on.blackberry> Message-ID: > Which version of nipper will you be using? 0.10.x or 0.12.6? > Which one is not governed by the new Titania license? > > > > Sent from my Verizon Wireless BlackBerry > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > Isn't nipper that little application to parse through your cisco configs and look for errors? Looks like the dev wanted to make some money: Nipper Up to 5 devices 1 Year ?100 Nipper Up to 10 devices 1 Year ?180 Nipper Up to 50 devices 1 Year ?600 Nipper Up to 100 devices 1 Year ?1000 Nipper Up to 500 devices 1 Year ?3000 Nipper Up to 1000 devices 1 Year ?5000 Nipper Unlimited devices 1 Year ?7000 >From $161 bucks a year for 5 devices up to $11312 for unlimited per year...looks like the dev wanted to make a lot of money :D Good luck dev. James From kees at ubuntu.com Wed Sep 2 02:16:13 2009 From: kees at ubuntu.com (Kees Cook) Date: Tue, 1 Sep 2009 18:16:13 -0700 Subject: [Full-disclosure] [USN-810-2] NSS regression Message-ID: <20090902011613.GZ10947@outflux.net> =========================================================== Ubuntu Security Notice USN-810-2 September 02, 2009 nss regression https://launchpad.net/bugs/409864 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libnss3-1d 3.12.3.1-0ubuntu0.8.04.2 Ubuntu 8.10: libnss3-1d 3.12.3.1-0ubuntu0.8.10.2 Ubuntu 9.04: libnss3-1d 3.12.3.1-0ubuntu0.9.04.2 After a standard system upgrade you need to restart any applications that use NSS, such as Firefox, to effect the necessary changes. Details follow: USN-810-1 fixed vulnerabilities in NSS. Jozsef Kadlecsik noticed that the new libraries on amd64 did not correctly set stack memory flags, and caused applications using NSS (e.g. Firefox) to have an executable stack. This reduced the effectiveness of some defensive security protections. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404) Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408) Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.2.diff.gz Size/MD5: 37655 e64b043a01d0e7daf6bb65204f26d8b0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.2.dsc Size/MD5: 1008 8a24bd65b71653c370ee2465fb0e5a72 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.2_amd64.deb Size/MD5: 18338 5120cc7f89e608b0b6ff8555cbe30053 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.2_amd64.deb Size/MD5: 3166314 23ff5a3e893029f31a09f4ab76eb4859 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.2_amd64.deb Size/MD5: 1147172 bc387e5fb7f699ba9b5d60f1fde92264 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.2_amd64.deb Size/MD5: 257894 dc77d3e6ab408d4637387e4bea4af785 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.2_amd64.deb Size/MD5: 312636 e888713d46b0c771ab736b28c77dc131 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.2_i386.deb Size/MD5: 18306 9d586744b66ee55defa95ffa440768ce http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.2_i386.deb Size/MD5: 3012638 2461ab65482203195c2dcfc66af2f4ee http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.2_i386.deb Size/MD5: 1040140 47882c0d3d2f5b21c9fe82babb8f440e http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.2_i386.deb Size/MD5: 254986 203a63ee2717335eceb721facaf1508d http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.2_i386.deb Size/MD5: 295214 66e9264a666a83fca9847414d48ac760 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.2_lpia.deb Size/MD5: 18298 feef4b1491cd185b5f3288294823f5f3 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.2_lpia.deb Size/MD5: 3042042 377b3815135cfd7282063efb9e51230e http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.2_lpia.deb Size/MD5: 1016320 44680d617fd1ab1cb2da49f6d9e97aa1 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.2_lpia.deb Size/MD5: 253690 aabbf2d4e97c7b2484bd204d164e24d0 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.2_lpia.deb Size/MD5: 292588 4c967b30f7a3fb57d8854df8a79bd379 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.2_powerpc.deb Size/MD5: 20786 9ce81e2cea44fef0f6faf2fdd5171623 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.2_powerpc.deb Size/MD5: 3125854 697fffc58a744fe15f7fd9f168ca9733 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.2_powerpc.deb Size/MD5: 1143970 8f92496cb9f162cc157ebe989e2b3fb0 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.2_powerpc.deb Size/MD5: 256716 08d9924b808f9ceb5054fa96b83ed1ab http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.2_powerpc.deb Size/MD5: 325026 7c4cee2fb1e099aa8b04b20fbad7566a sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.2_sparc.deb Size/MD5: 18408 8db62c70395cff75f2bb89de95e73881 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.2_sparc.deb Size/MD5: 2834732 1f0c58ae1fae93bff8544a174ff536bb http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.2_sparc.deb Size/MD5: 1020050 d162fccf68e82cf9ebced93bb46f2809 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.2_sparc.deb Size/MD5: 251696 9cc85bbdf62ea769b2cd60e1052aabd4 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.2_sparc.deb Size/MD5: 299608 557d429224fdcc935e71fc64b3ac47ff Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.2.diff.gz Size/MD5: 33119 fe83a32ef210370566ccb411aa48fe54 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.2.dsc Size/MD5: 1412 451fa76bfb507e1269fee26218141551 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.2_amd64.deb Size/MD5: 3310704 efec40c9fdc2b0ce66fda361c1aba543 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.2_amd64.deb Size/MD5: 1195180 63cee7f4eda8ffb4c0c3523ac9c6ad91 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.2_amd64.deb Size/MD5: 257682 05088498123a0736834f5c3c22c5cf46 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.2_amd64.deb Size/MD5: 18406 ba1d9dae921d0b52ce87adf573eded44 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.2_amd64.deb Size/MD5: 317148 db5eeeea33c98f32dd12b5e76b745355 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.2_i386.deb Size/MD5: 3137376 b6f8c176fb6d3805f329550e939a7c58 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.2_i386.deb Size/MD5: 1077028 6ce44322395faa4a3fcbdde41ee5e68e http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.2_i386.deb Size/MD5: 254812 771285009e0fdbb6ad1272d631906204 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.2_i386.deb Size/MD5: 18370 37815dfc4cfe17039df586a98428c93d http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.2_i386.deb Size/MD5: 300312 898cf2f8d5eefe3b3beca32df52b94bf lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.2_lpia.deb Size/MD5: 3173916 13a0a5a89a4bf8299357ebd828112ddf http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.2_lpia.deb Size/MD5: 1050862 a5ed8d7e53cc98fe1ebe24e33994cd53 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.2_lpia.deb Size/MD5: 253322 db070f03d5f4e0fa7ca62b4076feb1a5 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.2_lpia.deb Size/MD5: 18346 f3cb5c7f8c0cccaeced8d8bbc63ac9b3 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.2_lpia.deb Size/MD5: 296258 ee56f8195c14ebe9a3b30e26c9a31dd8 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.2_powerpc.deb Size/MD5: 3284490 3e9567373c1d8a407184c3454cdbdee2 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.2_powerpc.deb Size/MD5: 1165908 aea197dd9fbb3c5cd9e76bd8a7411214 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.2_powerpc.deb Size/MD5: 256530 7a3e87d818c828f4d4b98aff841f77cf http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.2_powerpc.deb Size/MD5: 20780 32b3073b20ab252ccf7892d92b2dd76f http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.2_powerpc.deb Size/MD5: 320830 cd055119a68308f42a29fe551217819b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.2_sparc.deb Size/MD5: 2942786 dc36959a5a02fdc2068e10bbf811a2b3 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.2_sparc.deb Size/MD5: 1038452 147a34131c51deb6bb74264eadb1c3ba http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.2_sparc.deb Size/MD5: 251344 ff7eff0cd42a95f044ed3cc539d61532 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.2_sparc.deb Size/MD5: 18506 5fc6b96c8d8555457e39b6b0cdd52713 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.2_sparc.deb Size/MD5: 301552 95ef3e3b2679ceea72e97cfe0ea12762 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.2.diff.gz Size/MD5: 36540 f42b1d62ed98ee110c10954b55902c63 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.2.dsc Size/MD5: 1412 b85ff4f8dbe0432df858f415bf48bff0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.2_amd64.deb Size/MD5: 3309826 9dcbef4357653044d8b25731a1d130b9 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.2_amd64.deb Size/MD5: 1196818 929ca127030a1c1d42f662f5692da089 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.2_amd64.deb Size/MD5: 258356 4fadbc6290fc184158a9a724cf82940f http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.2_amd64.deb Size/MD5: 17536 4369982ce7f6ce3e9e899d6506114911 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.2_amd64.deb Size/MD5: 317782 661b518dd87a1b7057c3b36a6a0cb746 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.2_i386.deb Size/MD5: 3137640 bed2f6981fa4c243873b999fc5c7502c http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.2_i386.deb Size/MD5: 1078426 512252fb2ac440c37aa899392776d581 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.2_i386.deb Size/MD5: 255444 2cd57c0a08300355ee3e1afd8e161923 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.2_i386.deb Size/MD5: 17534 4dd67a9b274b61230afbfe5b40437184 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.2_i386.deb Size/MD5: 300900 c20821c5fa989f906188e73e557876b3 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.2_lpia.deb Size/MD5: 3171624 9698ffc8645b5ecdb03746d567bf575f http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.2_lpia.deb Size/MD5: 1052256 7c3f11b222fc420ea53b02ce30aa13e0 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.2_lpia.deb Size/MD5: 253972 c734ddc4fa68d6bdbae8bfab4a0b44af http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.2_lpia.deb Size/MD5: 17530 78eb3d97799199999c96f44c33a91487 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.2_lpia.deb Size/MD5: 296900 483e370ded82ed6a038fb719726d5524 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.2_powerpc.deb Size/MD5: 3282350 7c9b8a3b8754b3ced78e56e4561e0ef5 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.2_powerpc.deb Size/MD5: 1167974 0d5b73714c4bc7803889a383d2979fdb http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.2_powerpc.deb Size/MD5: 257192 8369a4b0fa1846dea82673ad50ff77a6 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.2_powerpc.deb Size/MD5: 17544 ea286e5376301bb7d6066153b23834fa http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.2_powerpc.deb Size/MD5: 321510 4af0bf6942079e5d3fa4119f43a85ab7 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.2_sparc.deb Size/MD5: 2942220 4d7c1d6e6b96d5b40f974a635c6a7f2d http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.2_sparc.deb Size/MD5: 1039542 5cb75a79da1dd8fbebecd78534ed3736 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.2_sparc.deb Size/MD5: 251998 00b0e28d20dd45068e1403d7e3191fab http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.2_sparc.deb Size/MD5: 17532 402a209aaebb2ab84200d5bcf1145c0d http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.2_sparc.deb Size/MD5: 301942 f5655e1c3da7303bde30982520882422 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 235 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090901/7eeaed75/attachment.bin From A.L.M.Buxey at lboro.ac.uk Wed Sep 2 09:16:35 2009 From: A.L.M.Buxey at lboro.ac.uk (Alan Buxey) Date: Wed, 2 Sep 2009 09:16:35 +0100 Subject: [Full-disclosure] Nipper licensing In-Reply-To: References: <1056085496-1251839280-cardhu_decombobulator_blackberry.rim.net-1105781716-@bda565.bisx.prod.on.blackberry> Message-ID: <20090902081635.GA6087@lboro.ac.uk> Hi, > Nipper Unlimited devices 1 Year ?7000 ouch. a couple of years ago we had some home-brew code doing the job. Nipper came along...was free..and did everything we did + a little more. but now it looks like we'll be picking up our old Perl code and fixing it up to do everything that Nipper does - and a little more. :-( alan From lists at keamera.org Wed Sep 2 09:33:47 2009 From: lists at keamera.org (Guido Landi) Date: Wed, 02 Sep 2009 10:33:47 +0200 Subject: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday In-Reply-To: <1103053067.20090831210418@SECURITY.NNOV.RU> References: <72f8221d0908310434p54cf96bbw62bbcc7f733b69aa@mail.gmail.com> <363819697.20090831182112@Zoller.lu> <1103053067.20090831210418@SECURITY.NNOV.RU> Message-ID: <4A9E2DEB.7090107@keamera.org> no, MKDIR is *not* required, also write access is *not* required. Assuming a directory with a name that starts with "A" exists and that is at least 14 chars long, this pattern will trigger the overflow: NLST [Ax206]*/../A*/../A*/../A*/../A*/../A*/../A*/../A*/\r\n At least on win2k3. Therefore, the workarounds for kb975191 on microsoft.com are wrong. Guido Landi Vladimir '3APA3A' Dubrovin wrote: > Dear Thierry Zoller, > > I think yes, MKDIR is required. It should be variation of > S99-003/MS02-018. fuzzer should be very smart to create directory and > user both oversized buffer and ../ in NLST - it makes path longer than > MAX_PATH with existing directory. > > --Monday, August 31, 2009, 8:21:12 PM, you wrote to full-disclosure at lists.grok.org.uk: > > > TZ> Confirmed. > > TZ> Ask yourselves why your fuzzers haven't found that one - Combination of > TZ> MKDIR are required before reaching vuln code ? > > > > > From badmotherfsckr at gmail.com Wed Sep 2 09:35:16 2009 From: badmotherfsckr at gmail.com (BMF) Date: Wed, 2 Sep 2009 01:35:16 -0700 Subject: [Full-disclosure] Nipper licensing In-Reply-To: <20090902081635.GA6087@lboro.ac.uk> References: <1056085496-1251839280-cardhu_decombobulator_blackberry.rim.net-1105781716-@bda565.bisx.prod.on.blackberry> <20090902081635.GA6087@lboro.ac.uk> Message-ID: On Wed, Sep 2, 2009 at 1:16 AM, Alan Buxey wrote: > ouch. a couple of years ago we had some home-brew code doing the job. > Nipper > came along...was free..and did everything we did + a little more. > > but now it looks like we'll be picking up our old Perl code and fixing it > up > to do everything that Nipper does - and a little more. > Was Nipper not available as source and licensed so it could be forked in an event such as this? If not, consider it an object lesson in free as in beer vs free as in speech. BMF -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090902/91cf6b32/attachment.html From 3APA3A at SECURITY.NNOV.RU Wed Sep 2 10:00:16 2009 From: 3APA3A at SECURITY.NNOV.RU (Vladimir '3APA3A' Dubrovin) Date: Wed, 2 Sep 2009 13:00:16 +0400 Subject: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday In-Reply-To: <4A9E2DEB.7090107@keamera.org> References: <72f8221d0908310434p54cf96bbw62bbcc7f733b69aa@mail.gmail.com> <363819697.20090831182112@Zoller.lu> <1103053067.20090831210418@SECURITY.NNOV.RU> <4A9E2DEB.7090107@keamera.org> Message-ID: <702248252.20090902130016@SECURITY.NNOV.RU> Dear Guido Landi, For DoS - yes, you can use existing file, but it's (almost) impossible to create reliable code excution exploit since you can not (fully) control return address, like required in JMP ESP technique used in this exploit. --Wednesday, September 2, 2009, 12:33:47 PM, you wrote to 3APA3A at SECURITY.NNOV.RU: GL> no, MKDIR is *not* required, also write access is *not* required. GL> Assuming a directory with a name that starts with "A" exists and that is GL> at least 14 chars long, this pattern will trigger the overflow: GL> NLST [Ax206]*/../A*/../A*/../A*/../A*/../A*/../A*/../A*/\r\n GL> At least on win2k3. Therefore, the workarounds for kb975191 on GL> microsoft.com are wrong. GL> Guido Landi GL> Vladimir '3APA3A' Dubrovin wrote: >> Dear Thierry Zoller, >> >> I think yes, MKDIR is required. It should be variation of >> S99-003/MS02-018. fuzzer should be very smart to create directory and >> user both oversized buffer and ../ in NLST - it makes path longer than >> MAX_PATH with existing directory. >> >> --Monday, August 31, 2009, 8:21:12 PM, you wrote to >> full-disclosure at lists.grok.org.uk: >> >> >> TZ> Confirmed. >> >> TZ> Ask yourselves why your fuzzers haven't found that one - Combination of >> TZ> MKDIR are required before reaching vuln code ? >> >> >> >> >> GL> _______________________________________________ GL> Full-Disclosure - We believe in it. GL> Charter: http://lists.grok.org.uk/full-disclosure-charter.html GL> Hosted and sponsored by Secunia - http://secunia.com/ -- Skype: Vladimir.Dubrovin ~/ZARAZA http://securityvulns.com/ ???? ??? ?????? ??????, ??? ????????? ????? ?????. (???) From lists at keamera.org Wed Sep 2 10:14:21 2009 From: lists at keamera.org (Guido Landi) Date: Wed, 02 Sep 2009 11:14:21 +0200 Subject: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday In-Reply-To: <702248252.20090902130016@SECURITY.NNOV.RU> References: <72f8221d0908310434p54cf96bbw62bbcc7f733b69aa@mail.gmail.com> <363819697.20090831182112@Zoller.lu> <1103053067.20090831210418@SECURITY.NNOV.RU> <4A9E2DEB.7090107@keamera.org> <702248252.20090902130016@SECURITY.NNOV.RU> Message-ID: <4A9E376D.7060100@keamera.org> Dear Vladimir, "almost" is often enough :) btw, it was about triggering the vuln, not about exploiting it. Guido Landi Vladimir '3APA3A' Dubrovin wrote: > Dear Guido Landi, > > For DoS - yes, you can use existing file, but it's (almost) impossible > to create reliable code excution exploit since you can not (fully) > control return address, like required in JMP ESP technique used in this > exploit. > > --Wednesday, September 2, 2009, 12:33:47 PM, you wrote to 3APA3A at SECURITY.NNOV.RU: > > GL> no, MKDIR is *not* required, also write access is *not* required. > > GL> Assuming a directory with a name that starts with "A" exists and that is > GL> at least 14 chars long, this pattern will trigger the overflow: > > > GL> NLST [Ax206]*/../A*/../A*/../A*/../A*/../A*/../A*/../A*/\r\n > > > GL> At least on win2k3. Therefore, the workarounds for kb975191 on > GL> microsoft.com are wrong. > > > > GL> Guido Landi > > GL> Vladimir '3APA3A' Dubrovin wrote: >>> Dear Thierry Zoller, >>> >>> I think yes, MKDIR is required. It should be variation of >>> S99-003/MS02-018. fuzzer should be very smart to create directory and >>> user both oversized buffer and ../ in NLST - it makes path longer than >>> MAX_PATH with existing directory. >>> >>> --Monday, August 31, 2009, 8:21:12 PM, you wrote to >>> full-disclosure at lists.grok.org.uk: >>> >>> >>> TZ> Confirmed. >>> >>> TZ> Ask yourselves why your fuzzers haven't found that one - Combination of >>> TZ> MKDIR are required before reaching vuln code ? >>> >>> >>> >>> >>> > > GL> _______________________________________________ > GL> Full-Disclosure - We believe in it. > GL> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > GL> Hosted and sponsored by Secunia - http://secunia.com/ > > From snakebyte at gmx.de Wed Sep 2 10:48:42 2009 From: snakebyte at gmx.de (Eric Sesterhenn) Date: Wed, 2 Sep 2009 11:48:42 +0200 Subject: [Full-disclosure] Nipper licensing In-Reply-To: References: <1056085496-1251839280-cardhu_decombobulator_blackberry.rim.net-1105781716-@bda565.bisx.prod.on.blackberry> <20090902081635.GA6087@lboro.ac.uk> Message-ID: <20090902094842.GA22491@alice> * BMF (badmotherfsckr at gmail.com) wrote: > On Wed, Sep 2, 2009 at 1:16 AM, Alan Buxey wrote: > > > ouch. a couple of years ago we had some home-brew code doing the job. > > Nipper > > came along...was free..and did everything we did + a little more. > > > > but now it looks like we'll be picking up our old Perl code and fixing it > > up > > to do everything that Nipper does - and a little more. > > > > Was Nipper not available as source and licensed so it could be forked in an > event such as this? If not, consider it an object lesson in free as in beer > vs free as in speech. LICENSE file for nipper-cli 0.12.0 and libnipper 0.12.6 states: THIS IS IMPORTANT: libNipper and all other Nipper products are licensed under the GPL version 3 with the following exceptions. 1. The code cannot be used as part of a commercial product. A commercial license can be arranged for the integration of Nipper with a commercial product. Contact fizz at titania.co.uk for commercial licensing information. 2. Any code that integrates Nipper MUST display the following copyright information with the programs own copyright information: Nipper Copyright (C) 2006 - 2008 by Ian Ventura-Whiting In order to maintain the latest copyright information for each libNipper release, this information can be extracted using the API. Nipper is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License v3 (below) for more details. Regards, Eric From fizz at titania.co.uk Wed Sep 2 12:16:31 2009 From: fizz at titania.co.uk (Fizz) Date: Wed, 2 Sep 2009 12:16:31 +0100 Subject: [Full-disclosure] Nipper licensing In-Reply-To: <20090902094842.GA22491@alice> References: <1056085496-1251839280-cardhu_decombobulator_blackberry.rim.net-1105781716-@bda565.bisx.prod.on.blackberry> <20090902094842.GA22491@alice> Message-ID: <200909021216.31737.fizz@titania.co.uk> It has cost me a *LOT* of money to develop Nipper. Network devices are very expensive as I am sure everyone knows. It also took me a *LOT* of time to develop Nipper. It is also true that a lot of companies use Nipper to to make money, such as auditing companies and internal IT departments. During that time only 1 person has ever seen the need to donate to the project, even though it makes money for a *LOT* of businesses. Nipper has had commercial licensing exclusions for a little while now. Version 1 is now released as a full commercial version. This means that companies who benefit from using Nipper will now have to pay a licence fee. This fee will enable the purchase of more expensive network devices and further improve Nipper. NOTE: Home users will be able to continue to use Nipper for free. Nipper is a complex program that supports almost 30 devices in its present release. Nipper 1 has almost twice the number of code lines from the previous version and over triple that of the one before. It is not a simple grep of a configuration file and it audits a huge number of different settings and protocols. Ian Ventura-Whiting On Wednesday 02 September 2009 10:48:42 Eric Sesterhenn wrote: > * BMF (badmotherfsckr at gmail.com) wrote: > > On Wed, Sep 2, 2009 at 1:16 AM, Alan Buxey wrote: > > > ouch. a couple of years ago we had some home-brew code doing the job. > > > Nipper > > > came along...was free..and did everything we did + a little more. > > > > > > but now it looks like we'll be picking up our old Perl code and fixing > > > it up > > > to do everything that Nipper does - and a little more. > > > > Was Nipper not available as source and licensed so it could be forked in > > an event such as this? If not, consider it an object lesson in free as in > > beer vs free as in speech. > > LICENSE file for nipper-cli 0.12.0 and libnipper 0.12.6 states: > > THIS IS IMPORTANT: > > libNipper and all other Nipper products are licensed under the GPL version > 3 with the following exceptions. > > 1. The code cannot be used as part of a commercial product. A commercial > license can be arranged for the integration of Nipper with a commercial > product. Contact fizz at titania.co.uk for commercial licensing > information. > > 2. Any code that integrates Nipper MUST display the following copyright > information with the programs own copyright information: > > Nipper Copyright (C) 2006 - 2008 by Ian Ventura-Whiting > > In order to maintain the latest copyright information for each libNipper > release, this information can be extracted using the API. > > > Nipper is distributed in the hope that it will be useful, but WITHOUT ANY > WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS > FOR A PARTICULAR PURPOSE. See the GNU General Public License v3 (below) for > more details. > > Regards, Eric > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ From dpcybuck at gmail.com Wed Sep 2 12:32:46 2009 From: dpcybuck at gmail.com (dpcybuck at gmail.com) Date: Wed, 2 Sep 2009 11:32:46 +0000 Subject: [Full-disclosure] Nipper licensing In-Reply-To: <200909021216.31737.fizz@titania.co.uk> References: <1056085496-1251839280-cardhu_decombobulator_blackberry.rim.net-1105781716-@bda565.bisx.prod.on.blackberry><20090902094842.GA22491@alice><200909021216.31737.fizz@titania.co.uk> Message-ID: <300661724-1251891169-cardhu_decombobulator_blackberry.rim.net-1590142841-@bda565.bisx.prod.on.blackberry> Um...so what I think I am hearing is that all versions less than 1.0, including 0.12.6 are not commercial, right? Sent from my Verizon Wireless BlackBerry -----Original Message----- From: Fizz Date: Wed, 2 Sep 2009 12:16:31 To: Subject: Re: [Full-disclosure] Nipper licensing It has cost me a *LOT* of money to develop Nipper. Network devices are very expensive as I am sure everyone knows. It also took me a *LOT* of time to develop Nipper. It is also true that a lot of companies use Nipper to to make money, such as auditing companies and internal IT departments. During that time only 1 person has ever seen the need to donate to the project, even though it makes money for a *LOT* of businesses. Nipper has had commercial licensing exclusions for a little while now. Version 1 is now released as a full commercial version. This means that companies who benefit from using Nipper will now have to pay a licence fee. This fee will enable the purchase of more expensive network devices and further improve Nipper. NOTE: Home users will be able to continue to use Nipper for free. Nipper is a complex program that supports almost 30 devices in its present release. Nipper 1 has almost twice the number of code lines from the previous version and over triple that of the one before. It is not a simple grep of a configuration file and it audits a huge number of different settings and protocols. Ian Ventura-Whiting On Wednesday 02 September 2009 10:48:42 Eric Sesterhenn wrote: > * BMF (badmotherfsckr at gmail.com) wrote: > > On Wed, Sep 2, 2009 at 1:16 AM, Alan Buxey wrote: > > > ouch. a couple of years ago we had some home-brew code doing the job. > > > Nipper > > > came along...was free..and did everything we did + a little more. > > > > > > but now it looks like we'll be picking up our old Perl code and fixing > > > it up > > > to do everything that Nipper does - and a little more. > > > > Was Nipper not available as source and licensed so it could be forked in > > an event such as this? If not, consider it an object lesson in free as in > > beer vs free as in speech. > > LICENSE file for nipper-cli 0.12.0 and libnipper 0.12.6 states: > > THIS IS IMPORTANT: > > libNipper and all other Nipper products are licensed under the GPL version > 3 with the following exceptions. > > 1. The code cannot be used as part of a commercial product. A commercial > license can be arranged for the integration of Nipper with a commercial > product. Contact fizz at titania.co.uk for commercial licensing > information. > > 2. Any code that integrates Nipper MUST display the following copyright > information with the programs own copyright information: > > Nipper Copyright (C) 2006 - 2008 by Ian Ventura-Whiting > > In order to maintain the latest copyright information for each libNipper > release, this information can be extracted using the API. > > > Nipper is distributed in the hope that it will be useful, but WITHOUT ANY > WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS > FOR A PARTICULAR PURPOSE. See the GNU General Public License v3 (below) for > more details. > > Regards, Eric > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From Valdis.Kletnieks at vt.edu Wed Sep 2 15:33:40 2009 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Wed, 02 Sep 2009 10:33:40 -0400 Subject: [Full-disclosure] Nipper licensing In-Reply-To: Your message of "Wed, 02 Sep 2009 11:48:42 +0200." <20090902094842.GA22491@alice> References: <1056085496-1251839280-cardhu_decombobulator_blackberry.rim.net-1105781716-@bda565.bisx.prod.on.blackberry> <20090902081635.GA6087@lboro.ac.uk> <20090902094842.GA22491@alice> Message-ID: <74081.1251902020@turing-police.cc.vt.edu> On Wed, 02 Sep 2009 11:48:42 +0200, Eric Sesterhenn said: > LICENSE file for nipper-cli 0.12.0 and libnipper 0.12.6 states: > > THIS IS IMPORTANT: > > libNipper and all other Nipper products are licensed under the GPL version 3 > with the following exceptions. > 1. The code cannot be used as part of a commercial product. I wonder how Rich Stallman feels about the concept of 'GPLV3 plus exceptions'. Oh, we already know. Section 10 of the GPLV3 says: "You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. " And that would certainly qualify as a "further restriction". (In particular, "as part of a commercial product" has some serious GPL issues if the person is trying to use it as part of a commercial product that is itself under GPLV3). Your second exception (regarding copyright info) can probably be rephrased so it's aggreeable with clause 7(c). You might want to run this past the good guys at the FSF and get their reaction. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090902/5018c6fa/attachment.bin From fizz at titania.co.uk Wed Sep 2 16:06:05 2009 From: fizz at titania.co.uk (Fizz) Date: Wed, 2 Sep 2009 16:06:05 +0100 Subject: [Full-disclosure] Nipper licensing In-Reply-To: <300661724-1251891169-cardhu_decombobulator_blackberry.rim.net-1590142841-@bda565.bisx.prod.on.blackberry> References: <1056085496-1251839280-cardhu_decombobulator_blackberry.rim.net-1105781716-@bda565.bisx.prod.on.blackberry> <200909021216.31737.fizz@titania.co.uk> <300661724-1251891169-cardhu_decombobulator_blackberry.rim.net-1590142841-@bda565.bisx.prod.on.blackberry> Message-ID: <200909021606.05509.fizz@titania.co.uk> No, since the Nipper 0.11.x release series Nipper has included commercial use clauses in its license. On Wednesday 02 September 2009 12:32:46 dpcybuck at gmail.com wrote: > Um...so what I think I am hearing is that all versions less than 1.0, > including 0.12.6 are not commercial, right? > > > Sent from my Verizon Wireless BlackBerry > > -----Original Message----- > From: Fizz > > Date: Wed, 2 Sep 2009 12:16:31 > To: > Subject: Re: [Full-disclosure] Nipper licensing > > > It has cost me a *LOT* of money to develop Nipper. Network devices are very > expensive as I am sure everyone knows. It also took me a *LOT* of time to > develop Nipper. It is also true that a lot of companies use Nipper to to > make money, such as auditing companies and internal IT departments. > > During that time only 1 person has ever seen the need to donate to the > project, even though it makes money for a *LOT* of businesses. > > Nipper has had commercial licensing exclusions for a little while now. > Version 1 is now released as a full commercial version. This means that > companies who benefit from using Nipper will now have to pay a licence fee. > This fee will enable the purchase of more expensive network devices and > further improve Nipper. > > NOTE: Home users will be able to continue to use Nipper for free. > > Nipper is a complex program that supports almost 30 devices in its present > release. Nipper 1 has almost twice the number of code lines from the > previous version and over triple that of the one before. It is not a simple > grep of a configuration file and it audits a huge number of different > settings and protocols. > > Ian Ventura-Whiting > > On Wednesday 02 September 2009 10:48:42 Eric Sesterhenn wrote: > > * BMF (badmotherfsckr at gmail.com) wrote: > > > On Wed, Sep 2, 2009 at 1:16 AM, Alan Buxey > > wrote: > > > > ouch. a couple of years ago we had some home-brew code doing the job. > > > > Nipper > > > > came along...was free..and did everything we did + a little more. > > > > > > > > but now it looks like we'll be picking up our old Perl code and > > > > fixing it up > > > > to do everything that Nipper does - and a little more. > > > > > > Was Nipper not available as source and licensed so it could be forked > > > in an event such as this? If not, consider it an object lesson in free > > > as in beer vs free as in speech. > > > > LICENSE file for nipper-cli 0.12.0 and libnipper 0.12.6 states: > > > > THIS IS IMPORTANT: > > > > libNipper and all other Nipper products are licensed under the GPL > > version 3 with the following exceptions. > > > > 1. The code cannot be used as part of a commercial product. A commercial > > license can be arranged for the integration of Nipper with a > > commercial product. Contact fizz at titania.co.uk for commercial licensing > > information. > > > > 2. Any code that integrates Nipper MUST display the following copyright > > information with the programs own copyright information: > > > > Nipper Copyright (C) 2006 - 2008 by Ian Ventura-Whiting > > > > In order to maintain the latest copyright information for each > > libNipper release, this information can be extracted using the API. > > > > > > Nipper is distributed in the hope that it will be useful, but WITHOUT ANY > > WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS > > FOR A PARTICULAR PURPOSE. See the GNU General Public License v3 (below) > > for more details. > > > > Regards, Eric > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ From ad_lists at netragard.com Wed Sep 2 17:06:22 2009 From: ad_lists at netragard.com (Adriel T. Desautels) Date: Wed, 2 Sep 2009 12:06:22 -0400 Subject: [Full-disclosure] Nipper licensing In-Reply-To: <20090902081635.GA6087@lboro.ac.uk> References: <1056085496-1251839280-cardhu_decombobulator_blackberry.rim.net-1105781716-@bda565.bisx.prod.on.blackberry> <20090902081635.GA6087@lboro.ac.uk> Message-ID: <3A18EB0A-125E-4EE5-88AE-F7D128D491A4@netragard.com> You going to share that perl code so that we can help you make it even better? On Sep 2, 2009, at 4:16 AM, Alan Buxey wrote: > Hi, > >> Nipper Unlimited devices 1 Year ?7000 > > > > ouch. a couple of years ago we had some home-brew code doing the > job. Nipper > came along...was free..and did everything we did + a little more. > > but now it looks like we'll be picking up our old Perl code and > fixing it up > to do everything that Nipper does - and a little more. > > :-( > > > alan > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ Adriel T. Desautels ad_lists at netragard.com -------------------------------------- Subscribe to our blog http://snosoft.blogspot.com From A.L.M.Buxey at lboro.ac.uk Wed Sep 2 18:59:49 2009 From: A.L.M.Buxey at lboro.ac.uk (Alan Buxey) Date: Wed, 2 Sep 2009 18:59:49 +0100 Subject: [Full-disclosure] Nipper licensing In-Reply-To: <3A18EB0A-125E-4EE5-88AE-F7D128D491A4@netragard.com> References: <1056085496-1251839280-cardhu_decombobulator_blackberry.rim.net-1105781716-@bda565.bisx.prod.on.blackberry> <20090902081635.GA6087@lboro.ac.uk> <3A18EB0A-125E-4EE5-88AE-F7D128D491A4@netragard.com> Message-ID: <20090902175949.GB7637@lboro.ac.uk> Hi, > You going to share that perl code so that we can help you make it even > better? I believe in Open Source - GPL or BSD - and the best way to make a better place is to release code and allow as many skilled people to work on it as possible. the internet would be dead without such philosophy. I can understand the authors private reasons for the change in Nipper but the pros/cons of GPL were surely known from the early days? not sure how making it 100% commercial will help - the old version is out there and is useful (with some niggles)..i expect some person will fork it.. call it 'slipper' or somesuch. A better route would be the 'make a commercial version' with more features, support, etc. regarding OS - unlss i work on it privately and start from scratch then my paymasters need to agree on IP/copyright :-| alan From fw at deneb.enyo.de Wed Sep 2 19:56:06 2009 From: fw at deneb.enyo.de (Florian Weimer) Date: Wed, 02 Sep 2009 18:56:06 +0000 Subject: [Full-disclosure] [SECURITY] [DSA 1878-1] New devscripts packages fix remote code execution Message-ID: <87y6oxp455.fsf@mid.deneb.enyo.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1878-1 security at debian.org http://www.debian.org/security/ Florian Weimer September 02, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : devscripts Vulnerability : missing input sanitation Problem type : remote Debian-specific: yes CVE Id(s) : CVE-2009-2946 Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update addresses this issue by reimplementing the relevant Perl operators without relying on the Perl interpreter, trying to preserve backwards compatibility as much as possible. For the old stable distribution (etch), this problem has been fixed in version 2.9.26etch4. For the stable distribution (lenny), this problem has been fixed in version 2.10.35lenny6. For the unstable distribution (sid), this problem will be fixed in version 2.10.54. We recommend that you upgrade your devscripts package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4.tar.gz Size/MD5 checksum: 432330 6d13d4ec0e161a62d0babd45b58e9f75 http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4.dsc Size/MD5 checksum: 682 0cd547c5e78642f16762e0d687997563 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_alpha.deb Size/MD5 checksum: 389730 42458f68b3f75d87bb0397e6befde980 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_amd64.deb Size/MD5 checksum: 399454 8f648a32c698f15d4c6c2a90f9cdc19a arm architecture (ARM) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_arm.deb Size/MD5 checksum: 396212 3187e3df12e04da5b2abb3aabf63f293 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_hppa.deb Size/MD5 checksum: 400058 bc84514b7d6e87c2bace8ee054cea2b6 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_i386.deb Size/MD5 checksum: 394688 35c9379172ffb63d89f512e7b46653db ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_ia64.deb Size/MD5 checksum: 391116 f0d5a42de7f2f36d1433c550655c9cc9 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_mips.deb Size/MD5 checksum: 396716 30793d09ae26fdd5fbcf47fc011fb7d9 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_mipsel.deb Size/MD5 checksum: 389640 750928f91a3066a5288f807cd5afa953 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_powerpc.deb Size/MD5 checksum: 391870 5b5b3fcbf001a6d390515fb64829ba80 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_s390.deb Size/MD5 checksum: 389540 40471968ab5a26bb0227b4954814a270 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_sparc.deb Size/MD5 checksum: 397816 5f773402f6ebf2b00170d46686ee0418 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6.tar.gz Size/MD5 checksum: 602179 4bc83fe370d730667e9fe8fe222bf115 http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6.dsc Size/MD5 checksum: 1417 6cd189a95491bdd4ce32e908acd55cd8 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_alpha.deb Size/MD5 checksum: 509058 dd02c9afaf74b8633699b7e5aee3aef3 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_amd64.deb Size/MD5 checksum: 519036 3f274c25fabc3d22cb329c621dd0f630 arm architecture (ARM) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_arm.deb Size/MD5 checksum: 520644 e4ee996772f786c6883c779420125dda armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_armel.deb Size/MD5 checksum: 520300 eae935b7a416989bb2cddabae3870e37 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_hppa.deb Size/MD5 checksum: 524510 648acee4d3d9ed48eb2415ce36c5519e i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_i386.deb Size/MD5 checksum: 517734 f5e74325fdfda2cf7cfb690be807a1de ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_ia64.deb Size/MD5 checksum: 510044 bde1efc77895c33d6e0ff5e49fcea63f mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_mips.deb Size/MD5 checksum: 508946 2e3c9714a01e41655c467c2fd4f41f09 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_mipsel.deb Size/MD5 checksum: 508980 4cc636a2e0391f8405808b80529020a6 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_powerpc.deb Size/MD5 checksum: 511348 96628900942da87fed1133f6d97ed8ea s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_s390.deb Size/MD5 checksum: 508898 f6eaf845971c27830890021c1106c19b sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_sparc.deb Size/MD5 checksum: 523130 773b2a7f70551467601af5d1daf8a776 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJKnsCQAAoJEL97/wQC1SS+jq4IAK6B72weqFDOyezbc0PsTxsA Ipgg6bkbtRXwqOvllAP9wngvYLz+Az0GLoYFUVsyCUcRzqPWbDJQQKo+uWkPfliE ArEFHHz4Vsk7NYohT2R4DrWvkIA4fI621hUOHJb7pDa7jP2BDInm30fiZHkBIir5 FrUdabAUl9FU2SYq0dWucxTPSCoZOaS5ZjImwYTzIAeLV4NL8uOpR42lZjg2mCa3 7MZ6EauIhCCV4RmA+5wHyggDa6uCXL1x9UQU3f5vah0HCHT5VehwxFzCgmSx0v9Z v0deqHKEe/9P+7J8hJ97wHFOd9VV9ViE3W55IirzMqRioOrpZxoeAXlsZ/gEqf8= =A/Xm -----END PGP SIGNATURE----- From extraexploit at gmail.com Wed Sep 2 20:15:23 2009 From: extraexploit at gmail.com (exploit dev) Date: Wed, 2 Sep 2009 21:15:23 +0200 Subject: [Full-disclosure] Secunia PSI (RC3) - memory corruption condition Message-ID: Hi I have detect, in some circumstance, a memory corruption issue in Secunia PSI (release candidate 3). The vendor was contacted without response. ...I know that this kind of issues in release candidate are not so rare but if you are interested check: http://extraexploit.blogspot.com/2009/09/secunia-psi-rc3-undefined-memory.html Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090902/d28690e8/attachment.html From tk at secunia.com Wed Sep 2 21:27:18 2009 From: tk at secunia.com (Thomas Kristensen) Date: Wed, 02 Sep 2009 22:27:18 +0200 Subject: [Full-disclosure] Secunia PSI (RC3) - memory corruption condition In-Reply-To: References: Message-ID: <1251923238.7050.64.camel@ts-hq-3> Hi, Thank you for the report. Based on the provided information, this is not a security issue (as securityfocus wrongfully hasted to conclude), but rather a bug (in an ancient release candidate). If you have any further details, please send those to security at secunia.com. -- Kind regards, Thomas Kristensen CTO Secunia Weidekampsgade 14A DK-2300 Copenhagen S Denmark Phone: +45 7020 5144 Fax: +45 7020 5145 Looking for a vulnerability research and reversing job? http://secunia.com/corporate/jobs/open_positions/ On Wed, 2009-09-02 at 21:15 +0200, exploit dev wrote: > Hi > I have detect, in some circumstance, a memory corruption issue in > Secunia PSI (release candidate 3). > The vendor was contacted without response. > > ...I know that this kind of issues in release candidate are not so > rare but if you are interested check: > > http://extraexploit.blogspot.com/2009/09/secunia-psi-rc3-undefined-memory.html > > > Regards > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ From extraexploit at gmail.com Thu Sep 3 00:40:54 2009 From: extraexploit at gmail.com (exploit dev) Date: Thu, 3 Sep 2009 01:40:54 +0200 Subject: [Full-disclosure] Secunia PSI (RC3) - memory corruption condition In-Reply-To: <1251923238.7050.64.camel@ts-hq-3> References: <1251923238.7050.64.camel@ts-hq-3> Message-ID: Hi Thomas, my post is not to intend for malicious activities. In report I write that is usually for rc stage, discovery condition of this kind. Usually these ancient bugs, IMHO, may be used for support analysis based on binary diff using the historical releases of an application for obtain a delta of "critical" zone. But, again, it's only my opinion. Thank you for your answer. Kind regards. On Wed, Sep 2, 2009 at 10:27 PM, Thomas Kristensen wrote: > Hi, > > Thank you for the report. > > Based on the provided information, this is not a security issue (as > securityfocus wrongfully hasted to conclude), but rather a bug (in an > ancient > release candidate). > > If you have any further details, please send those to > security at secunia.com. > > -- > Kind regards, > > Thomas Kristensen > CTO > > Secunia > Weidekampsgade 14A > DK-2300 Copenhagen S > Denmark > > Phone: +45 7020 5144 > Fax: +45 7020 5145 > > Looking for a vulnerability research and reversing job? > http://secunia.com/corporate/jobs/open_positions/ > > > On Wed, 2009-09-02 at 21:15 +0200, exploit dev wrote: > > Hi > > I have detect, in some circumstance, a memory corruption issue in > > Secunia PSI (release candidate 3). > > The vendor was contacted without response. > > > > ...I know that this kind of issues in release candidate are not so > > rare but if you are interested check: > > > > > http://extraexploit.blogspot.com/2009/09/secunia-psi-rc3-undefined-memory.html > > > > > > Regards > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090903/127244ea/attachment.html From seb at debian.org Wed Sep 2 19:20:43 2009 From: seb at debian.org (Sebastien Delafond) Date: Wed, 2 Sep 2009 20:20:43 +0200 Subject: [Full-disclosure] [SECURITY] [DSA 1877-1] New mysql-dfsg-5.0 packages fix arbitrary code execution Message-ID: <20090902182043.GA24529@galadriel.inutil.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1877-1 security at debian.org http://www.debian.org/security/ Sebastien Delafond September 02, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : mysql-dfsg-5.0 Vulnerability : denial of service/execution of arbitrary code Problem type : remote (for authenticated users only) Debian-specific: no CVE Id(s) : CVE-2009-2446 Debian Bug : 536726 In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatch_command() function in libmysqld/sql_parse.cc in mysqld allow remote authenticated users to cause a denial of service (daemon crash) and potentially the execution of arbitrary code via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request. For the stable distribution (lenny), this problem has been fixed in version 5.0.51a-24+lenny2. For the old stable distribution (etch), this problem has been fixed in version 5.0.32-7etch11. We recommend that you upgrade your mysql packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Oldstable updates are available for alpha, amd64, arm, hppa, i386, mips, mipsel, powerpc, and sparc. Packages for s390 and ia64 will be provided later. Source archives: http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch11.dsc Size/MD5 checksum: 1127 04d446b8c3d2197749a1f2fa2f4d0425 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch11.diff.gz Size/MD5 checksum: 317868 a6d964d228f060e736c7a4893b635a7b Architecture independent packages: http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch11_all.deb Size/MD5 checksum: 48568 f461780f168fdd796d64de29d65f780f http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch11_all.deb Size/MD5 checksum: 46498 8289827ff2d32c3f186e8315bffd8623 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch11_all.deb Size/MD5 checksum: 55722 d50cd81c4de475f456be6c85658bd1f7 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_alpha.deb Size/MD5 checksum: 8910394 e022ad902c9062b1d23c7200efd4c2b9 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_alpha.deb Size/MD5 checksum: 1948048 a8a3e301a0cc8a50121d8b1c8d241d8d http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_alpha.deb Size/MD5 checksum: 27385186 462235f9cae189b200dd0150500b0df8 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_alpha.deb Size/MD5 checksum: 8406012 3b33aba1253a77c0cd7b5c9940beefe0 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_alpha.deb Size/MD5 checksum: 48596 06075036afdfa985e184d64cd7467dbb amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_amd64.deb Size/MD5 checksum: 7371940 60846ded8f56a14fe4acea25b3fef8ed http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_amd64.deb Size/MD5 checksum: 7549540 d8f07a77db3d9e390ee738d3e1c12e2a http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_amd64.deb Size/MD5 checksum: 48590 77d0e70ce3be061558d74edf94a9db3e http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_amd64.deb Size/MD5 checksum: 25811214 88cacbc41360716cc1e8fe3d0b94c183 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_amd64.deb Size/MD5 checksum: 1831258 8644d004d2edbce351ddaa7624e2ef55 arm architecture (ARM) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_arm.deb Size/MD5 checksum: 6928472 10c87727be06ced03bb85c7e4f418c61 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_arm.deb Size/MD5 checksum: 25392708 f1baa44136b257be42aeac92f2c0ca4b http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_arm.deb Size/MD5 checksum: 48642 4112aeacd22315c05e79e3825140cbdd http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_arm.deb Size/MD5 checksum: 7208402 1f9add4b08a529c64fad7bd7dcfb4f21 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_arm.deb Size/MD5 checksum: 1748976 c1fbff2b11833d125383635ad411887a hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_hppa.deb Size/MD5 checksum: 8052818 59038dab097f1cdd776d21390316bce1 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_hppa.deb Size/MD5 checksum: 8004290 48e83f9e9d234b8068e171c2172d9c9d http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_hppa.deb Size/MD5 checksum: 48586 6d9665e91d15e7334158190da1634d41 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_hppa.deb Size/MD5 checksum: 27192742 a0029b97c43db98c0436261cd597405b http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_hppa.deb Size/MD5 checksum: 1922302 0f6f2cf520f0a2829c7009e324dc0edb i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_i386.deb Size/MD5 checksum: 25368664 6d42e8a39ead35df9a4ce1070cab31f8 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_i386.deb Size/MD5 checksum: 7189996 28199849ef78c31cadf0f001df675993 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_i386.deb Size/MD5 checksum: 6979206 2ebfba367d29db3604a9a9aac74de368 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_i386.deb Size/MD5 checksum: 1793618 05be6803bfedaaa71e699bca307e1ceb http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_i386.deb Size/MD5 checksum: 48588 6a9afa9558767aee492e7a86362f19a3 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_mips.deb Size/MD5 checksum: 7751694 136803e42eae2260798484f8eb17048d http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_mips.deb Size/MD5 checksum: 1836806 bb44f8a99aabc6fbe7929fd203d04867 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_mips.deb Size/MD5 checksum: 48592 4939af52e5b88d6086596d8a84a04832 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_mips.deb Size/MD5 checksum: 26346132 7e0d97dec16a809f264219def70bcc03 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_mips.deb Size/MD5 checksum: 7658598 2a719a8848a7ba8dd3777021f25f4c40 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_mipsel.deb Size/MD5 checksum: 48594 cb7b35326bc1cd42716087f240aa4e7b http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_mipsel.deb Size/MD5 checksum: 25848730 336466dce5cc2850a9a52ae189687d71 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_mipsel.deb Size/MD5 checksum: 7643162 78792b110ee9cb1836eca555a08e832b http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_mipsel.deb Size/MD5 checksum: 1790322 207f9822675334f3b60ad20ecb6acc8e http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_mipsel.deb Size/MD5 checksum: 7564258 9fe5ce4a44d54dba5ad3d30510a3d748 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_powerpc.deb Size/MD5 checksum: 1833298 798fa89f6153c25f38f3afa4ba0db0e0 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_powerpc.deb Size/MD5 checksum: 7576088 21eef1f8d91fd1fbac1ec38a2cd870ac http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_powerpc.deb Size/MD5 checksum: 26170328 b688d2927c5d88e9dbe1370d1d34a2e0 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_powerpc.deb Size/MD5 checksum: 48598 3d5d0e081d10592c5f4242182e13c15e http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_powerpc.deb Size/MD5 checksum: 7514082 b5de98b5a1a5a039b409fa498227a9ba sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_sparc.deb Size/MD5 checksum: 1799228 ae8234f9cb645d102e47e951d4e5c5ac http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_sparc.deb Size/MD5 checksum: 48600 7a05cc7532bfbd4b7e9e3c7473aa3904 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_sparc.deb Size/MD5 checksum: 7156640 57438514f3ca6aed2ab90ede3cda8018 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_sparc.deb Size/MD5 checksum: 25567498 b23fc4694a1c07c4de79bdab89561815 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_sparc.deb Size/MD5 checksum: 7025424 94d3c5ab08be6c14f1916976070a6c72 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-24+lenny2.diff.gz Size/MD5 checksum: 336017 73e71bc1448601de508d0aa47ca3c0c2 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a.orig.tar.gz Size/MD5 checksum: 17946664 6fae978908ad5eb790fa3f24f16dadba http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-24+lenny2.dsc Size/MD5 checksum: 1745 55c6c40c4cee89c4b9602b1f5c9fbab2 Architecture independent packages: http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.51a-24+lenny2_all.deb Size/MD5 checksum: 60754 29e2385383abbe3b88e370d7c024d8c1 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.51a-24+lenny2_all.deb Size/MD5 checksum: 55140 1b33f8d6803d58f3510f2b1a6fff9935 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.51a-24+lenny2_all.deb Size/MD5 checksum: 52942 1559a30bde9a3c81192c90401b11988c alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_alpha.deb Size/MD5 checksum: 2017870 476e1c12341cc3a11dbe917721b75d1e http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_alpha.deb Size/MD5 checksum: 28330292 9d284271d9fd8522fbbd97d5440ec97d http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_alpha.deb Size/MD5 checksum: 8921314 ca7cf1404f85bc4a2d440c6a96880a9e http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_alpha.deb Size/MD5 checksum: 9078662 47a1373f35c7222401b522f755b2301f amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_amd64.deb Size/MD5 checksum: 27158788 f12f0a8b1c8f2e57ab7a8ef7a76ec873 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_amd64.deb Size/MD5 checksum: 7585692 b943efea233b5fbe9a6b0f3c4f8033a6 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_amd64.deb Size/MD5 checksum: 1905520 ae5104de599dcb093bbf6ac5dd81dbb4 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_amd64.deb Size/MD5 checksum: 8207396 be902135b35a82b58d2e950fee807ff0 arm architecture (ARM) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_arm.deb Size/MD5 checksum: 1782278 27838be87f1be0ec27f8903c581b680e http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_arm.deb Size/MD5 checksum: 26204152 940359457063ec7d8e4983f087cb1e14 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_arm.deb Size/MD5 checksum: 7606956 caabe01f25582fd25af02adae2f4ec9d http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_arm.deb Size/MD5 checksum: 7159894 66345fae371067905bb57c15972ae7d0 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_armel.deb Size/MD5 checksum: 26214696 41209680b8b9d18f6a28c16e0f7dd9ca http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_armel.deb Size/MD5 checksum: 7643564 40518e3bab9f1fff7a283e857b1060ea http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_armel.deb Size/MD5 checksum: 7250106 957a0523f1c5e104acc4c52fcfb3970a http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_armel.deb Size/MD5 checksum: 1779630 9a3a19ac577140817de54689be25887a hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_hppa.deb Size/MD5 checksum: 1959030 734a3da246f12cf57a20a7cf97b49dfd http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_hppa.deb Size/MD5 checksum: 8429462 f1eda586a25f39ca2a1c86901600eceb http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_hppa.deb Size/MD5 checksum: 8167710 f24a6bcc11604a640999c6bb8990f55b http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_hppa.deb Size/MD5 checksum: 27884660 b67835502617a5ab6968072e3658e2de i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_i386.deb Size/MD5 checksum: 26514714 6628ec53d3a651053b4426a51fac77a0 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_i386.deb Size/MD5 checksum: 1859180 a4384b5580df4a2f92e0fb0850100128 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_i386.deb Size/MD5 checksum: 7785324 f662a309b3aeca56a98034b2a254f1eb http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_i386.deb Size/MD5 checksum: 7192962 f105e413fd396eb1babf2e44c79f3393 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_ia64.deb Size/MD5 checksum: 9933762 56ea092348134c381609dd5ca0810aa8 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_ia64.deb Size/MD5 checksum: 2186372 6384de38ec7b94e13e3e4e8a51679a07 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_ia64.deb Size/MD5 checksum: 10913816 064a4375c5362a388df59194e1a12755 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_ia64.deb Size/MD5 checksum: 31431352 6166f2278ce608e9fa06c06d5e27547a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_mips.deb Size/MD5 checksum: 7838826 c57e35cd720dad5da1446eb5a4aae50f http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_mips.deb Size/MD5 checksum: 7884454 75b266b3aa2090508cbf9ae06b47b9e8 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_mips.deb Size/MD5 checksum: 26823432 ed752cabb21dc5fb0430a7c45cd2a737 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_mips.deb Size/MD5 checksum: 1856346 cf3ba65f0cf6267be41fb7545e8e5901 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_mipsel.deb Size/MD5 checksum: 1809944 5111d32fb25ba5edbb2d10266d392b14 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_mipsel.deb Size/MD5 checksum: 7721196 b8e6e847c7de3b0ae28bbad61caa50b7 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_mipsel.deb Size/MD5 checksum: 7775944 8e414f48de6ce8847dfd9685d22471f3 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_mipsel.deb Size/MD5 checksum: 26342272 14296d3d8840864277a65f927bbfe56b powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_powerpc.deb Size/MD5 checksum: 7605690 a744878f16ad45b1eca1297cbb06b8e1 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_powerpc.deb Size/MD5 checksum: 8153482 89e959eb5e49d34c44582853b132f9d7 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_powerpc.deb Size/MD5 checksum: 27153830 87e5ccde8c6bf5651dddd995f511e6b8 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_powerpc.deb Size/MD5 checksum: 1916488 5b27a646603c23738894e0ffc720facf s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_s390.deb Size/MD5 checksum: 7697658 619a5cfa2c4b354ef1f136f34034787f http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_s390.deb Size/MD5 checksum: 2031312 3eb312a64bd41d97f5c4e68935e03f1f http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_s390.deb Size/MD5 checksum: 28101096 0a8b92944d8e74796a9c1d41901005cd http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_s390.deb Size/MD5 checksum: 8227138 0043bd8ab2dd81e7120362ed96c01caa sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_sparc.deb Size/MD5 checksum: 7148012 0c8b5f16f0406778333f8ef3238e14c0 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_sparc.deb Size/MD5 checksum: 1868442 e6d037f41f0e5e7f83bebac0bafd8a61 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_sparc.deb Size/MD5 checksum: 7762294 d07b91712d343ac17f4d74f3dbfa4787 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_sparc.deb Size/MD5 checksum: 26833028 17eed220211bfbe9072afd9ca1ef80af These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkqetwoACgkQXm3vHE4uylobqwCgkN2NURTJH0JS/QU6K8ESaYOi vdoAn2qVHQI/Mb1/LHFvFqjx+e8x2B1n =zAKf -----END PGP SIGNATURE----- From desnos at esiea.fr Thu Sep 3 08:28:35 2009 From: desnos at esiea.fr (Anthony Desnos) Date: Thu, 03 Sep 2009 09:28:35 +0200 Subject: [Full-disclosure] iAWACS : List of accepted papers and talks Message-ID: <4A9F7023.5060804@esiea.fr> (The final program will published later) - Xavier Carcelle - Security overview and vulnerabilities of PLC technologies - Philippe Langlois & Eugene Parkinson - Fully-Automated Wireless Security Audit Platform on Embedded Hardware - Leonardo Nve Egea - Playing in a Satellite environment 1.2 - Erwan Abgrall - Oracle: A new hop - Mahmoud Maqableh & Stefan Dantchev - Cryptanalysis of Chaos-Based Hash Function (CBHF) - Robert Erra & Eric Filiol - Processor-dependent malware - Benjamin Caillat - WiShMaster - Windows Shellcode MASTERy... reloaded (tutorial with technical practice) - Robert Erra & Christophe Grenier - How to chose RSA keys? (Past, Present and Future) - Anthony Desnos - Organizer of the PWN2RM Challenge http://esiea-recherche.eu/iawacs_2009.html From kralor at coromputer.net Thu Sep 3 10:24:23 2009 From: kralor at coromputer.net (kralor at coromputer.net) Date: Thu, 3 Sep 2009 11:24:23 +0200 (CEST) Subject: [Full-disclosure] Adobe Acrobat and Reader Collab 'getIcon()' JavaScript Method Exploit and Report (CVE-2009-0927) Message-ID: <64070.160.53.250.124.1251969863.squirrel@webmail.doowan.net> Hi everyone, I published some work I did concerning the adobe reader Collab.getIcon() buffer overflow. You can find the package (exploit/report/payload) on: http://www.coromputer.net/CVE-2009-0927_package.zip Cheers, Ivan Rodriguez Almuina kralor - [HiC] && [Crpt] From 0day.expose at gmail.com Thu Sep 3 13:10:37 2009 From: 0day.expose at gmail.com (expose 0day) Date: Thu, 3 Sep 2009 20:10:37 +0800 Subject: [Full-disclosure] PPStream PPSMediaList Activex 0day exploit In-Reply-To: <726b70f70909030456r40c65b1j1762b21db247efed@mail.gmail.com> References: <726b70f70909030456r40c65b1j1762b21db247efed@mail.gmail.com> Message-ID: <726b70f70909030510o58385d87l7ae656d3584ce21b@mail.gmail.com> ****************************************************************************** PPStream is the most huge p2p media player in the world. There are two hundred million ppstream users in the world. The vulnerability is exploitable,but I have no time to make it,you could visit my blog for detail.^@^ welcome to http://0dayexpose.blogspot.com/ COM Object - {D22DE742-04CD-4B5C-A8A3-82AB3DAEC43D} PPSMediaList Control COM Object Filename : C:\PROGRA~1\PPStream\MList.ocx RegKey Safe for Script: True RegkeySafe for Init: True KillBitSet: False Company Name : PPStream Inc. Version : V2.6.86.8900 Web Site : http://www.ppstream.com ******************************************************************************* -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090903/3f95e99d/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: ppstream.0day.poc.zip Type: application/zip Size: 239982 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090903/3f95e99d/attachment-0001.zip From quanticle at gmail.com Thu Sep 3 16:26:15 2009 From: quanticle at gmail.com (Rohit Patnaik) Date: Thu, 03 Sep 2009 10:26:15 -0500 Subject: [Full-disclosure] PPStream PPSMediaList Activex 0day exploit In-Reply-To: <726b70f70909030510o58385d87l7ae656d3584ce21b@mail.gmail.com> References: <726b70f70909030456r40c65b1j1762b21db247efed@mail.gmail.com> <726b70f70909030510o58385d87l7ae656d3584ce21b@mail.gmail.com> Message-ID: <4A9FE017.8070909@gmail.com> There isn't exactly a whole lot of detail here. All you've got posted on your blog are two screenshots of the PPStream call stack after a crash. There's no detail about what input causes the crash, nor any other details about how to make it exploitable. At present, it's not even clear (beyond your word, of course) that vulnerability even *is* exploitable. With more detail, it'd be easier to analyze this vulnerability and propose a fix to the developers of this application. Thanks, Rohit Patnaik expose 0day wrote: > ****************************************************************************** > PPStream is the most huge p2p media player in the world. > There are two hundred million ppstream users in the world. > The vulnerability is exploitable,but I have no time to make it,you > could visit my blog for detail.^@^ > welcome to http://0dayexpose.blogspot.com/ > > > COM Object - {D22DE742-04CD-4B5C-A8A3-82AB3DAEC43D} PPSMediaList Control > COM Object Filename : C:\PROGRA~1\PPStream\MList.ocx > RegKey Safe for Script: True > RegkeySafe for Init: True > KillBitSet: False > Company Name : PPStream Inc. > Version : V2.6.86.8900 > Web Site : http://www.ppstream.com > ******************************************************************************* > > ------------------------------------------------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ From william.dragonlegion.dyer at gmail.com Thu Sep 3 20:47:04 2009 From: william.dragonlegion.dyer at gmail.com (William Dyer) Date: Thu, 3 Sep 2009 19:47:04 +0000 Subject: [Full-disclosure]