Re: [Full-disclosure] when did piracy/theft become expression of freedom
No, it follows the fact that vengeance (the fuck you Byron mentioned) isn't fruitful to remedy the situation. On Mon, Jan 30, 2012 at 8:54 AM, Mike Hale eyeronic.des...@gmail.comwrote: What you said doesn't follow. Making a digital copy isn't burning down a business. The analogy linking 'piracy' with theft is ludicrous. On Sun, Jan 29, 2012 at 11:50 PM, Christian Sciberras uuf6...@gmail.com wrote: Byron, you don't protest to the government by burning down 100-year-old business, if you know what I mean... On Mon, Jan 30, 2012 at 12:12 AM, Byron L. Sonne byron.so...@gmail.com wrote: The thing that makes me laugh about all of this, and one of the key things I learned from reading Gibbon's Decline Fall is this: The number and frequency of laws passed regarding things directly relates to how widespread these things are, and how they much the laws are ignored and ineffective. Laws can't prevent a damn thing, they can only specify remedies. As it is said, it's only illegal if you get caught. The cat is out of the bag and will never be put back in. There's no way to stop people from 'illegally' copying copyrighted material. If they somehow managed to require and implement tech so that perfect digital copies can't be made (unlikely) then people will simply use a camera to record the video as it plays on the screen. Hey, wait a minute, that sounds just like that screener I downloaded someone taped in Russia! ;) If they manage to require and implement tech so that you can't trade it over the internet (unlikely) then people will simply trade it on private networks or, like we used to do in the old days, via sneakernet. The problem is that in an attempt to control the dissemination of copyrighted material (and people are right, artists do have a right to reap the benefits of their effort) the powers-that-be are stepping over the line and into territory that impacts our ability to communicate in the fashion we choose. It might be fine to try and prevent piracy but in the process of doing so you are trashing the other desires of people that have nothing to do with piracy. I'm sure if the copyright lobby had their way, they'd require us to wear special glasses in order to see our laptop screens, on the assumption that anything not explicitly licensed was assumed to be unlicensed, and thus pirated, which we would be blocked from our field of view... and as a result, some girl/guy who wants to write a simple freeware text editor now has to jump through regulatory hoops and spend money to obtain a special registration that allows their text editor to display to the screen. This is a cheesy example, but I think it makes the point. In the guise of 'protecting artists and businesses' what is happening is that the powers-that-be are requesting (and too often getting) powers that allow them to trample on the general idea of freedom of communications and other things people cherish. As a result, people are inclined to engage in the very behaviours that elicited the laws and crackdowns, quite simply, as a way to raise their middle finger and say Fuck You. This is when piracy and theft becomes freedom of expression - when it's done in protest. -- http://www.freebyron.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] when did piracy/theft become expression of freedom
Not necessarily. Look at the effects of people posting DeCSS and the HDDVD keys a while back. The industry ended up giving in precisely because people said, en masse, fuck off. On Mon, Jan 30, 2012 at 12:05 AM, Christian Sciberras uuf6...@gmail.com wrote: No, it follows the fact that vengeance (the fuck you Byron mentioned) isn't fruitful to remedy the situation. On Mon, Jan 30, 2012 at 8:54 AM, Mike Hale eyeronic.des...@gmail.com wrote: What you said doesn't follow. Making a digital copy isn't burning down a business. The analogy linking 'piracy' with theft is ludicrous. On Sun, Jan 29, 2012 at 11:50 PM, Christian Sciberras uuf6...@gmail.com wrote: Byron, you don't protest to the government by burning down 100-year-old business, if you know what I mean... On Mon, Jan 30, 2012 at 12:12 AM, Byron L. Sonne byron.so...@gmail.com wrote: The thing that makes me laugh about all of this, and one of the key things I learned from reading Gibbon's Decline Fall is this: The number and frequency of laws passed regarding things directly relates to how widespread these things are, and how they much the laws are ignored and ineffective. Laws can't prevent a damn thing, they can only specify remedies. As it is said, it's only illegal if you get caught. The cat is out of the bag and will never be put back in. There's no way to stop people from 'illegally' copying copyrighted material. If they somehow managed to require and implement tech so that perfect digital copies can't be made (unlikely) then people will simply use a camera to record the video as it plays on the screen. Hey, wait a minute, that sounds just like that screener I downloaded someone taped in Russia! ;) If they manage to require and implement tech so that you can't trade it over the internet (unlikely) then people will simply trade it on private networks or, like we used to do in the old days, via sneakernet. The problem is that in an attempt to control the dissemination of copyrighted material (and people are right, artists do have a right to reap the benefits of their effort) the powers-that-be are stepping over the line and into territory that impacts our ability to communicate in the fashion we choose. It might be fine to try and prevent piracy but in the process of doing so you are trashing the other desires of people that have nothing to do with piracy. I'm sure if the copyright lobby had their way, they'd require us to wear special glasses in order to see our laptop screens, on the assumption that anything not explicitly licensed was assumed to be unlicensed, and thus pirated, which we would be blocked from our field of view... and as a result, some girl/guy who wants to write a simple freeware text editor now has to jump through regulatory hoops and spend money to obtain a special registration that allows their text editor to display to the screen. This is a cheesy example, but I think it makes the point. In the guise of 'protecting artists and businesses' what is happening is that the powers-that-be are requesting (and too often getting) powers that allow them to trample on the general idea of freedom of communications and other things people cherish. As a result, people are inclined to engage in the very behaviours that elicited the laws and crackdowns, quite simply, as a way to raise their middle finger and say Fuck You. This is when piracy and theft becomes freedom of expression - when it's done in protest. -- http://www.freebyron.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] when did piracy/theft become expression of freedom
Uhm, that was a ridiculous situation anyway (@illegal primes). So lets leave it at 'not necessarily'. On Mon, Jan 30, 2012 at 9:08 AM, Mike Hale eyeronic.des...@gmail.comwrote: Not necessarily. Look at the effects of people posting DeCSS and the HDDVD keys a while back. The industry ended up giving in precisely because people said, en masse, fuck off. On Mon, Jan 30, 2012 at 12:05 AM, Christian Sciberras uuf6...@gmail.com wrote: No, it follows the fact that vengeance (the fuck you Byron mentioned) isn't fruitful to remedy the situation. On Mon, Jan 30, 2012 at 8:54 AM, Mike Hale eyeronic.des...@gmail.com wrote: What you said doesn't follow. Making a digital copy isn't burning down a business. The analogy linking 'piracy' with theft is ludicrous. On Sun, Jan 29, 2012 at 11:50 PM, Christian Sciberras uuf6...@gmail.com wrote: Byron, you don't protest to the government by burning down 100-year-old business, if you know what I mean... On Mon, Jan 30, 2012 at 12:12 AM, Byron L. Sonne byron.so...@gmail.com wrote: The thing that makes me laugh about all of this, and one of the key things I learned from reading Gibbon's Decline Fall is this: The number and frequency of laws passed regarding things directly relates to how widespread these things are, and how they much the laws are ignored and ineffective. Laws can't prevent a damn thing, they can only specify remedies. As it is said, it's only illegal if you get caught. The cat is out of the bag and will never be put back in. There's no way to stop people from 'illegally' copying copyrighted material. If they somehow managed to require and implement tech so that perfect digital copies can't be made (unlikely) then people will simply use a camera to record the video as it plays on the screen. Hey, wait a minute, that sounds just like that screener I downloaded someone taped in Russia! ;) If they manage to require and implement tech so that you can't trade it over the internet (unlikely) then people will simply trade it on private networks or, like we used to do in the old days, via sneakernet. The problem is that in an attempt to control the dissemination of copyrighted material (and people are right, artists do have a right to reap the benefits of their effort) the powers-that-be are stepping over the line and into territory that impacts our ability to communicate in the fashion we choose. It might be fine to try and prevent piracy but in the process of doing so you are trashing the other desires of people that have nothing to do with piracy. I'm sure if the copyright lobby had their way, they'd require us to wear special glasses in order to see our laptop screens, on the assumption that anything not explicitly licensed was assumed to be unlicensed, and thus pirated, which we would be blocked from our field of view... and as a result, some girl/guy who wants to write a simple freeware text editor now has to jump through regulatory hoops and spend money to obtain a special registration that allows their text editor to display to the screen. This is a cheesy example, but I think it makes the point. In the guise of 'protecting artists and businesses' what is happening is that the powers-that-be are requesting (and too often getting) powers that allow them to trample on the general idea of freedom of communications and other things people cherish. As a result, people are inclined to engage in the very behaviours that elicited the laws and crackdowns, quite simply, as a way to raise their middle finger and say Fuck You. This is when piracy and theft becomes freedom of expression - when it's done in protest. -- http://www.freebyron.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploit Pack - New video - Ultimate 2.1
This is Juan Sacco's new spam puppet. He just posted the same thing using his real name elsewhere. nore...@exploitpack.com skrev: Exploit Pack - New video! Release - Ultimate 2.1 Check it out! http://www.youtube.com/watch?v=4TrsFry13TU Exploit Pack Team http://exploitpack.com _ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] when did piracy/theft become expression of freedom
Just to be clear, what's been done in the name of intellectual property protection is fucking ridiculous. I just do not see how getting something someone put a non-zero value of work and materials into without even so much as asking or being given permission from the person who made it is somehow not even at the very least disrespectful. Even if it is just a reproduction, it took effort to create, and you must figure it's worth something or you wouldn't have expended the effort to reproduce it to begin with. (Fair use being the main exception there, but fair use usually implies something distinctive being done to the work, too, as opposed to minor editing/shitty encoding. Feel free to correct!) To be honest and realistic, nothing can ever be done to stop copying. Ever. Nor should it. I'm just saying I consider there's no harm in it to be a myth in most cases. At the core of it, I think copyright's a totally valid thing to have, if only to stop plagiarism. Its implementation, however... (I don't see my stance changing in the near future, either. I'm sorry, I'm kind of rigid in that line of thought and I haven't heard or read anything yet to adequately address everything.) Anyway; back to lurking for me. :) On Jan 30, 2012 12:17 AM, Christian Sciberras uuf6...@gmail.com wrote: Uhm, that was a ridiculous situation anyway (@illegal primes). So lets leave it at 'not necessarily'. On Mon, Jan 30, 2012 at 9:08 AM, Mike Hale eyeronic.des...@gmail.comwrote: Not necessarily. Look at the effects of people posting DeCSS and the HDDVD keys a while back. The industry ended up giving in precisely because people said, en masse, fuck off. On Mon, Jan 30, 2012 at 12:05 AM, Christian Sciberras uuf6...@gmail.com wrote: No, it follows the fact that vengeance (the fuck you Byron mentioned) isn't fruitful to remedy the situation. On Mon, Jan 30, 2012 at 8:54 AM, Mike Hale eyeronic.des...@gmail.com wrote: What you said doesn't follow. Making a digital copy isn't burning down a business. The analogy linking 'piracy' with theft is ludicrous. On Sun, Jan 29, 2012 at 11:50 PM, Christian Sciberras uuf6...@gmail.com wrote: Byron, you don't protest to the government by burning down 100-year-old business, if you know what I mean... On Mon, Jan 30, 2012 at 12:12 AM, Byron L. Sonne byron.so...@gmail.com wrote: The thing that makes me laugh about all of this, and one of the key things I learned from reading Gibbon's Decline Fall is this: The number and frequency of laws passed regarding things directly relates to how widespread these things are, and how they much the laws are ignored and ineffective. Laws can't prevent a damn thing, they can only specify remedies. As it is said, it's only illegal if you get caught. The cat is out of the bag and will never be put back in. There's no way to stop people from 'illegally' copying copyrighted material. If they somehow managed to require and implement tech so that perfect digital copies can't be made (unlikely) then people will simply use a camera to record the video as it plays on the screen. Hey, wait a minute, that sounds just like that screener I downloaded someone taped in Russia! ;) If they manage to require and implement tech so that you can't trade it over the internet (unlikely) then people will simply trade it on private networks or, like we used to do in the old days, via sneakernet. The problem is that in an attempt to control the dissemination of copyrighted material (and people are right, artists do have a right to reap the benefits of their effort) the powers-that-be are stepping over the line and into territory that impacts our ability to communicate in the fashion we choose. It might be fine to try and prevent piracy but in the process of doing so you are trashing the other desires of people that have nothing to do with piracy. I'm sure if the copyright lobby had their way, they'd require us to wear special glasses in order to see our laptop screens, on the assumption that anything not explicitly licensed was assumed to be unlicensed, and thus pirated, which we would be blocked from our field of view... and as a result, some girl/guy who wants to write a simple freeware text editor now has to jump through regulatory hoops and spend money to obtain a special registration that allows their text editor to display to the screen. This is a cheesy example, but I think it makes the point. In the guise of 'protecting artists and businesses' what is happening is that the powers-that-be are requesting (and too often getting) powers that allow them to trample on the general idea of freedom of communications and other things people cherish. As a result, people are inclined to engage in the very behaviours that elicited
Re: [Full-disclosure] Exploit Pack - New video - Ultimate 2.1
I fear the day when he finally succeeds in making enough people believe he's a real security researcher. I wish attrition.org did a piece on him in the charlatans section. 2012/1/30 Peter Osterberg j...@vel.nu: This is Juan Sacco's new spam puppet. He just posted the same thing using his real name elsewhere. nore...@exploitpack.com skrev: Exploit Pack - New video! Release - Ultimate 2.1 Check it out! http://www.youtube.com/watch?v=4TrsFry13TU Exploit Pack Team http://exploitpack.com Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] eBank IT Online Banking - Multiple Web Vulnerabilities
Title: == eBank IT Online Banking - Multiple Web Vulnerabilities Date: = 2012-01-26 References: === http://www.vulnerability-lab.com/get_content.php?id=313 VL-ID: = 313 Introduction: = As a leading provider of innovative online banking software solutions, eBank-IT! provides an accessible venue for offering a full-valued online banking platform to your clients, using a cross-browser interface that`s secure and free of complexities and considering maximum privacy and data protection procedures, as well as a wide scope of contenual functionalities, which exceed the standard scope of most major online banking systems in the world. (Copy of the Vendor Website: http://www.ebank-it.com/ ) Abstract: = Vulnerability-Lab Team (Chokri B.A.) discovered multiple refelctive web vulnerability on the Online Banking Software eBank-IT. Report-Timeline: 2011-11-08: Vendor Notification 2011-**-**: Vendor Response/Feedback 2011-**-**: Vendor Fix/Patch 2012-01-27: Public or Non-Public Disclosure Status: Published Exploitation-Technique: === Remote Severity: = Medium Details: Multiple refelctive cross site vulnerabilities are detected on the online banking software eBank-IT. The bug allows remote attacker to implement malicious script code on the application side. Successful exploitation of the vulnerability allows an attacker to manipulate specific modules can lead to session hijacking (user/mod/admin). Vulnerable Module(s): [+] login [+] requestpw Pictures: ../1.png ../2.png Proof of Concept: = The vulnerabilities can be exploited by remote attackers with low required user inter action. For demonstration or reproduce ... tr td width=7% img src=images2/icons/error.gif/td td width=94% class=cal_font\img src=http://www.vulnerability-lab.com/gfx/partners/vlab.png / /td /tr tr td colspan=3 align=center\img src=http://www.vulnerability-lab.com/gfx/partners/vlab.png / /td /tr Risk: = The security risk of the reflective xss vulnerabilities are estimated as medium. Credits: Vulnerability Research Laboratory - Chokri B.A (Me!ster) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers. Copyright © 2012|Vulnerability-Lab -- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: ad...@vulnerability-lab.com or supp...@vulnerability-lab.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ME Monitoring Manager v9.x; v10.x - Multiple Vulnerabilities
Title: == ME Monitoring Manager v9.x; v10.x - Multiple Vulnerabilities Date: = 2012-01-27 References: === http://www.vulnerability-lab.com/get_content.php?id=115 VL-ID: = 115 Introduction: = Mit dem ManageEngine Applications Manager können IT-Administratoren von Unternehmen und Datenzentrumsgruppen die Leistung ihrer heterogenen Applikationen von einer einzigen Web-Konsole aus überwachen, bei Problemen Alarme empfangen, Fehler suchen bzw. diagnostizieren, Tendenzen analysieren und Kapazitäten mit Hilfe umfassender Reports planen. Um den verschiedenen Ansprüchen aller Administratoren gerecht zu werden, unterstützt der Applications Manager wichtige Produkte. Diese sind in drei Kategorien aufgeteilt: Die Funktionalität „Application Server Monitoring“ bietet detailierte Informationen zu häufig verwendeter Software, wie z.B. Java/J2EE, Microsoft .NET, Oracle Application Server und Tomcat. Von diesen Diensten hängen wiederum viele Anwendungen ab, so dass die Sicherung der Stabilität dieser Application Server essentiell ist. Auf der Seite der Datenbanken werden Protokolle und administrative Informationen zu gängige Produkten, wie Oracle Datenbanken, MySQL und DB2 abgefragt und können direkt nach Abfrage Benachrichtigungen auslösen. Dies hilft einzuschreiten, bevor kritische Zustände erreicht werden. Schlussendlich vervollständigt „System Management“ die drei Kategorien, da neben den Applikationen und Datenbanken auch die Schicht darunter, die Betriebssysteme vom Applications Manager überwacht werden. Dabei spielt es keine Rolle, ob Sie zum Beispiel Microsoft Windows, diverse Linux Distributionen oder Mac OS verwenden. (Copy of the Vendor Homepage: http://www.manageengine.com/) Abstract: = Vulnerability-Lab Team discovered multiple Vulnerabilities on Application Monitoring Manager by ManageEngine. Report-Timeline: 2011-08-01: Vendor Notification 2011-**-**: Vendor Response/Feedback 2011-**-**: Vendor Fix/Patch 2012-01-27: Public or Non-Public Disclosure Status: Published Exploitation-Technique: === Remote Severity: = High Details: 1.1 Multiple non-persistent input validation vulnerabilities are detected (client-side). Attackers can hijack customer/admin sessions via cross site scripting. Vulnerable Module(s): [+] ThresholdActionConfiguration [+] PopUp_Graph [+] Showresource Picture(s): ../1.png ../2.png ../3.png 1.2 Multiple SQl Injection vulnerabilities are detected on the alert module the ?periods parameter request. Vulnerable Param(s): [+] ?periods --- SQL Error Logs --- Syntax error or access violation message from server: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near root at line 1 ; nested exception is: java.sql.SQLException: Syntax error or access violation message from server: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near root at line 1 Syntax error or access violation message from server: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near root at line 1 ; nested exception is: java.sql.SQLException: Syntax error or access violation message from server: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near root at line 1 Picture(s): ../4.png ../5.png Proof of Concept: = The vulnerabilities can be exploited by remote attackers. For demonstration or reproduce ... 1.1 Path: /jsp/ File: ThresholdActionConfiguration.jsp Para: ?resourceid=1579attributeIDs=1902attributeToSelect=1902redirectto= Path: ../jsp/ File: PopUp_Graph.jsp Para: ?restype=QueryMonitormonID=1499resids=10003726baseid=1011attids=1113listsize=1attName= Path: ../ File: showresource.do Para: showresource.do?method=showResourceTypesnetwork= References: http://xxx.com/Search.do?query=%3E%22%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E%3Cdiv+style%3D%221domain=all http://xxx.com/jsp/ThresholdActionConfiguration.jsp?resourceid=1579attributeIDs=1902attributeToSelect=1902 redirectto=%3E%22%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cdiv%20style=%221
[Full-disclosure] FAA US Academy (AFS) - Auth Bypass Vulnerability
Title: == FAA US Academy (AFS) - Auth Bypass Vulnerability Date: = 2012-01-28 References: === http://vulnerability-lab.com/get_content.php?id=171 VL-ID: = 171 Introduction: = This is a FAA computer system. FAA computer systems are provided for the processing of Official U.S. Government information only. All data contained on FAA computer systems is owned by the FAA may be monitored, intercepted, recorded, read, copied, or captured in any manner and disclosed in any manner, by authorized personnel. THERE IS NO RIGHT OF PRIVACY IN THIS SYSTEM. System personnel may give to law enforcement officials any potential evidence of crime found on FAA computer systems. USE OF THIS SYSTEM BY ANY USER, AUTHORIZED OR UNAUTHORIZED, CONSTITUTES CONSENT TO THIS MONITORING, INTERCEPTION, RECORDING, READING, COPYING, OR CAPTURING and DISCLOSURE. (Copy of the Vendor Homepage: http://www.faa.gov/afs650/) Abstract: = An anonymous Vulnerability-Laboratory researcher/analyst discovered an Auth Bypass vulnerability on the AFS application of the Federal Aviation Administration [Academy]. Report-Timeline: 2011-02-07: Vendor Notification 1 2011-03-23: Vendor Notification 2 2011-07-19: Vendor Notification 3 2011-**-**: Vendor Response/Feedback 2011-**-**: Vendor Fix/Patch 2012-01-28: Public or Non-Public Disclosure Status: Published Affected Products: == Exploitation-Technique: === Remote Severity: = Critical Details: An auth bypass vulnerability is detected in the FAA AFS Evaluation Application System. The bug is located in a vulnerable login form which allows an remote attacker to bypass the application unauthorized. Successful exploitation can result in dbms academy website compromise via injection. Vulnerable Module(s): [+] Login - All Forms Affected Version(s): FAA AFS-300 Aircraft Maintenance Division FAA AFS-630 Customer Satisfaction Survey FAA AFS-640 Course Evaluation FAA AFS-650 Evaluation System --- AFS-630, AFS-640 AFS-650 Proof of Concept: = The auth bypass vulnerability can be exploited by remote attackers. For demonstration ... Username: 'or 1=1-- Password: 'or 1=1-- Reference(s): http://www.xxx.faa.gov/afs650/admin/ http://www.xxx.faa.gov/afs640/admin/ http://www.xxx.faa.gov/afs630/admin/ Note: Remember it's forbidden (law) to access or attack the FAA Computer System! We just analysed a submission! Risk: = The security risk of the auth bypass vulnerability is estimated as critical. Credits: Vulnerability Research Laboratory - Benjamin Kunz Mejri (Rem0ve) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers. Copyright © 2012|Vulnerability-Lab -- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: ad...@vulnerability-lab.com or supp...@vulnerability-lab.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] honeypots
i am looking for a good honeypot thanks___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FatCat Auto SQLl Injector
How does this compete with already existing tools? 2012/1/28 sandeep k sandeepk.l...@gmail.com This is an automatic SQL Injection tool called as FatCat, Use of FatCat for testing your web application and exploit your application more deeper. FatCat Features that help you to extract the Database information, Table information, and Column information from web application. Only If it is vulnerable to Mysql SQL Injection Vulnerability. The user friendly GUI of FatCat and automatically detect the sql vulnerability and start exploiting vulnerability. *Features* 1)Normal SQL Injection 2) Double Query SQL Injection *In Next Version* 1) WAF bypass 2) Cookie Header passing 3) Load File 3) Generating XSS from SQL *Requirement* 1) PHP Verison 5.3.0 2) Enable file_get_function *Print Screen * Click image for larger version Name: fatcat.jpg Views: 6 Size: 15.4 KB ID: 180 *Download* http://code.google.com/p/fatcat-sql-injector/downloads/list *Video* http://dl.dropbox.com/u/18007092/FatCat.swf ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ..twitter rights
Twitter said recently they would start deleting posts in countries that require it but the tweets would still be visible to the rest of the world http://www.cnn.com/2012/01/27/tech/twitter-deleting-posts/index.html On Jan 28, 2012 1:40 PM, RandallM randa...@fidmail.com wrote: is posting attacking us gov site, or exposing personal info of another on twitter a freedom on speech/full disclosure? Twitter is the main voice of anon and they blatantly voice such. Even showing the vids and work. What is twitters take? -- been great, thanks RandyM a.k.a System ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] when did piracy/theft become expression of freedom
Of course I wouldn't, downloading a car would be like stealing a car. Piracy is horrible and all the boats used by the pirate scum should be taken away. 2012/1/28 Laurelai laure...@oneechan.org On this topic i saw this https://thepiratebay.org/torrent/6960965/1970_Chevelle_Hot-Rod_3d_model , real question is would you download a car if you could? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] when did piracy/theft become expression of freedom
DDoS their boats. 2012/1/28 Laurelai laure...@oneechan.org On 1/28/2012 3:13 PM, Julius Kivimäki wrote: Of course I wouldn't, downloading a car would be like stealing a car. Piracy is horrible and all the boats used by the pirate scum should be taken away. 2012/1/28 Laurelai laure...@oneechan.org On this topic i saw this https://thepiratebay.org/torrent/6960965/1970_Chevelle_Hot-Rod_3d_model , real question is would you download a car if you could? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ If you took away their boats they would just download more...duh. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] when did piracy/theft become expression of freedom
On Sat, Jan 28, 2012 at 5:41 PM, Benjamin Kreuter ben.kreu...@gmail.com wrote: The best compromise I can think of is to treat noncommercial copyright infringement like a parking violation: you get a ticket for some small but annoying amount of money. This is the best solution I've seen anywhere, by far. Kudos. Alex ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] when did piracy/theft become expression of freedom
Saw this subject on the work email. Follow this list to learn random stuff ans stay informed, so thanks for all your posts and such. Also do the music thing, and I can tell you that if you ask ten musicians who write and record their own music, you'll get ten different answers. From personal experience, I don't really care about electronic copies being redistributed for free, but when people sell electronic copies or steal physical copies (that shit gets expensive quick), that's when I get. pissed. However, I also feel that if you have an opinion about that, it should be communicated to folks before you give them copies, so my act has a little statement on our website, goatropinbastards.com, that asks the downloader to only uses the stuff for their own personal use. I can understand artists being pissed if they spend six figures to make a record and such, but when you're a hobbyist making albums on a computer in a tar papershack in the Appalachia, I guess your a little more lax. Hope that helps with the rights-holder point of view. FUCK SOPA!!! Sent from my Verizon Wireless BlackBerry ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 201201-18 ] bip: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201201-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: bip: Multiple vulnerabilities Date: January 30, 2012 Bugs: #336321, #400599 ID: 201201-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in bip might allow remote unauthenticated attackers to cause a Denial of Service or possibly execute arbitrary code. Background == bip is a multi-user IRC proxy with SSL support. Affected packages = --- Package / Vulnerable /Unaffected --- 1 net-irc/bip 0.8.8-r1 = 0.8.8-r1 Description === Multiple vulnerabilities have been discovered in bip: * Uli Schlachter reported that bip does not properly handle invalid data during authentication, resulting in a daemon crash (CVE-2010-3071). * Julien Tinnes reported that bip does not check the number of open file descriptors against FD_SETSIZE, resulting in a stack buffer overflow (CVE-2012-0806). Impact == A remote attacker could exploit these vulnerabilities to execute arbitrary code with the privileges of the user running the bip daemon, or cause a Denial of Service condition. Workaround == There is no known workaround at this time. Resolution == All bip users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-irc/bip-0.8.8-r1 NOTE: The CVE-2010-3071 flaw was already corrected in an earlier version of bip and is included in this advisory for completeness. References == [ 1 ] CVE-2010-3071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3071 [ 2 ] CVE-2012-0806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0806 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201201-18.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 201201-19 ] Adobe Reader: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201201-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Reader: Multiple vulnerabilities Date: January 30, 2012 Bugs: #354211, #382969, #393481 ID: 201201-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Adobe Reader might allow remote attackers to execute arbitrary code or conduct various other attacks. Background == Adobe Reader is a closed-source PDF reader. Affected packages = --- Package / Vulnerable /Unaffected --- 1 app-text/acroread 9.4.7= 9.4.7 Description === Multiple vulnerabilities have been discovered in Adobe Reader. Please review the CVE identifiers referenced below for details. Impact == A remote attacker could entice a user to open a specially crafted PDF file using Adobe Reader, possibly resulting in the remote execution of arbitrary code, a Denial of Service, or other impact. Workaround == There is no known workaround at this time. Resolution == All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/acroread-9.4.7 References == [ 1 ] CVE-2010-4091 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4091 [ 2 ] CVE-2011-0562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0562 [ 3 ] CVE-2011-0563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0563 [ 4 ] CVE-2011-0565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0565 [ 5 ] CVE-2011-0566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0566 [ 6 ] CVE-2011-0567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0567 [ 7 ] CVE-2011-0570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0570 [ 8 ] CVE-2011-0585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0585 [ 9 ] CVE-2011-0586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0586 [ 10 ] CVE-2011-0587 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0587 [ 11 ] CVE-2011-0588 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0588 [ 12 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 13 ] CVE-2011-0590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0590 [ 14 ] CVE-2011-0591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0591 [ 15 ] CVE-2011-0592 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0592 [ 16 ] CVE-2011-0593 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0593 [ 17 ] CVE-2011-0594 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0594 [ 18 ] CVE-2011-0595 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0595 [ 19 ] CVE-2011-0596 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0596 [ 20 ] CVE-2011-0598 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0598 [ 21 ] CVE-2011-0599 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0599 [ 22 ] CVE-2011-0600 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0600 [ 23 ] CVE-2011-0602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0602 [ 24 ] CVE-2011-0603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0603 [ 25 ] CVE-2011-0604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0604 [ 26 ] CVE-2011-0605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0605 [ 27 ] CVE-2011-0606 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0606 [ 28 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 29 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 30 ] CVE-2011-2135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 31 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 32 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 33 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 34 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 35 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 36 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 37 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 38 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 39 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 40 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 41 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 42 ] CVE-2011-2431
[Full-disclosure] Fw: honeypots
winnie the pooh would know... (had to) bma - Original Message - From: lallant...@tvazteca.com.mx To: J. von Balzac Cc: Full Disclosure ; Security Basics ; listbou...@securityfocus.com Sent: Friday, January 27, 2012 12:56 PM Subject: [Full-disclosure] honeypots i am looking for a good honeypot thanks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Fw: Fw: honeypots
http://www.sans.org/security-resources/idfaq/honeypot3.php good paper on how to build your own and some links to commercial products. Sorry for the pooh add em. Still recovering from open heart surgery and the meds get to me... bma - Original Message - From: Jerry dePriest To: full-disclosure@lists.grok.org.uk Sent: Monday, January 30, 2012 6:55 AM Subject: [Full-disclosure] Fw: honeypots winnie the pooh would know... (had to) bma - Original Message - From: lallant...@tvazteca.com.mx To: J. von Balzac Cc: Full Disclosure ; Security Basics ; listbou...@securityfocus.com Sent: Friday, January 27, 2012 12:56 PM Subject: [Full-disclosure] honeypots i am looking for a good honeypot thanks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] when did piracy/theft become expression of freedom
On Mon, 30 Jan 2012 01:22:23 PST, Zach C. said: (Fair use being the main exception there, but fair use usually implies something distinctive being done to the work, too, as opposed to minor editing/shitty encoding. Feel free to correct!) Two of the major areas of fair use *are* minor editing/shitty encoding: 1) minor editing - The ability to take small chunks for analysis/commentary/reviews. It's a lot easier and more informative if you're talking about the chord changes in a Beatles song to actually *include* snippets of the changes, or if you're writing about how Halloweeen 37 sucks, being able to include the 5 suckiest scenes so you can voice-over why the scene sucks... And HERE we see the scriptwriter abandon all pretense at believability... 2) shitty encoding - At one time, it was legal to buy an album or a CD, and then re-record it yourself onto other media. I believe the term is ripping. :) And there was even a Supreme Court decision that said it was perfectly OK. Unfortunately, the DMCA makes that a *lot* harder or even illegal - Skylarov got in trouble for revealing that Adobe was using rot-13 to encrypte ebooks. What was Skylarov trying to do? Feed an ebook to a text-to-speech so blind people could actually use the ebook they had purchased - which everybody sane agrees is covered under 'fair use', but there isn't any such exemption in the anti-circumvention clause. pgpe61GdarCcH.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fw: Fw: honeypots
In terms of SSH honeypots Kojoney (http://kojoney.sourceforge.net/) is very good but is sort of abandoned, so be prepared to do your own customization. I hear very good things about Kippo (https://code.google.com/p/kippo/) as well. For HTTP I ran Glastopf (http://glastopf.org/) for a while but never got any good results. -- Justin Klein Keane http://www.MadIrish.net On Mon, 2012-01-30 at 07:35 -0600, Jerry dePriest wrote: http://www.sans.org/security-resources/idfaq/honeypot3.php good paper on how to build your own and some links to commercial products. Sorry for the pooh add em. Still recovering from open heart surgery and the meds get to me... bma - Original Message - From: Jerry dePriest To: full-disclosure@lists.grok.org.uk Sent: Monday, January 30, 2012 6:55 AM Subject: [Full-disclosure] Fw: honeypots winnie the pooh would know... (had to) bma - Original Message - From: lallant...@tvazteca.com.mx To: J. von Balzac Cc: Full Disclosure ; Security Basics ; listbou...@securityfocus.com Sent: Friday, January 27, 2012 12:56 PM Subject: [Full-disclosure] honeypots i am looking for a good honeypot thanks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fw: Fw: honeypots
Here is a short step by step guide on how to make a honeypot. 1.Acquire a pot, refer to some other guide on how to do this. 2.Acquire some honey, refer to some other guide on how to do this. 3.Put honey in pot, refer to some other guide on how to do this. 4.Congratulations you now have a honeypot! 2012/1/30 Jerry dePriest jerr...@mc.net ** http://www.sans.org/security-resources/idfaq/honeypot3.php good paper on how to build your own and some links to commercial products. Sorry for the pooh add em. Still recovering from open heart surgery and the meds get to me... bma - Original Message - *From:* Jerry dePriest jerr...@mc.net *To:* full-disclosure@lists.grok.org.uk *Sent:* Monday, January 30, 2012 6:55 AM *Subject:* [Full-disclosure] Fw: honeypots winnie the pooh would know... (had to) bma - Original Message - *From:* lallant...@tvazteca.com.mx *To:* J. von Balzac jhm.bal...@gmail.com *Cc:* Full Disclosure full-disclosure@lists.grok.org.uk ; Security Basics security-bas...@securityfocus.com ; listbou...@securityfocus.com *Sent:* Friday, January 27, 2012 12:56 PM *Subject:* [Full-disclosure] honeypots i am looking for a good honeypot thanks -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory: sudo 1.8 Format String Vulnerability
Hi,
FYI, see attached.
cheers,
joernchen
--
joernchen ~ Phenoelit
joernc...@phenoelit.de ~ C776 3F67 7B95 03BF 5344
http://www.phenoelit.de ~ A46A 7199 8B7B 756A F5AC
Phenoelit Advisory wir-haben-auch-mal-was-gefunden #0815 +--++
[ Authors ]
joernchen joernchen () phenoelit de
Phenoelit Group (http://www.phenoelit.de)
[ Affected Products ]
sudo 1.8.0 - 1.8.3p1 (http://sudo.ws)
[ Vendor communication ]
2012-01-24 Send vulnerability details to sudo maintainer
2012-01-24 Maintainer is embarrased
2012-01-27 Asking maintainer how the fixing goes
2012-01-27 Maintainer responds with a patch and a release date
of 2012-01-30 for the patched sudo and advisory
2012-01-30 Release of this advisory
[ Description ]
Observe src/sudo.c:
void
sudo_debug(int level, const char *fmt, ...)
{
va_list ap;
char *fmt2;
if (level debug_level)
return;
/* Backet fmt with program name and a newline to make it a single
write */
easprintf(fmt2, %s: %s\n, getprogname(), fmt);
va_start(ap, fmt);
vfprintf(stderr, fmt2, ap);
va_end(ap);
efree(fmt2);
}
Here getprogname() is argv[0] and by this user controlled. So
argv[0] goes to fmt2 which then gets vfprintf()ed to stderr. The
result is a Format String vulnerability.
[ Example ]
/tmp $ ln -s /usr/bin/sudo %n
/tmp $ ./%n -D9
*** %n in writable segment detected ***
Aborted
/tmp $
A note regarding exploitability: The above example shows the result
of FORTIFY_SOURCE which makes explotitation painful but not
impossible (see [0]). Without FORTIFY_SOURCE the exploit is straight
forward:
1. Use formatstring to overwrite the setuid() call with setgid()
2. Trigger with formatstring -D9
3. Make use of SUDO_ASKPASS and have shellcode in askpass script
4. As askpass will be called after the formatstring has
overwritten setuid() the askepass script will run with uid 0
5. Enjoy the rootshell
[ Solution ]
Update to version 1.8.3.p2
[ References ]
[0] http://www.phrack.org/issues.html?issue=67id=9
[ end of file ]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] honeypots
Hi there, You may first need identify the purpose of using it. - If you want to collect malwares exploiting Windows vulnerabilities, you've Nepenthes which is a low-interaction honeypot. It can be easily installed in Debian from the official repo. - If you're looking something to detect intrusion in a production environment, you've Honeyd (even this is available as a Debian package) - For something more specific, like capturing live ssh sessions, you may use Kippo. It stores the logs in UML format that can be played back on a later stage using tools like Ajaxterm. You even get a separate copy of the tools and bots they download using wget. - Glastopf is another good high interaction honeypot with a nice vulnerability emulator. Although, you need patience and some SEO to get best results out of it. I hope this helps. Regards, Vipul On Fri, Jan 27, 2012 at 6:56 PM, lallant...@tvazteca.com.mx wrote: i am looking for a good honeypot thanks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Thanks and Regards, Vipul Agarwal ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Advisory: sudo 1.8 Format String Vulnerability
On Mon, Jan 30, 2012 at 02:56:26PM +0100, joernchen of Phenoelit wrote: Hi, FYI, see attached. cheers, joernchen Reported to Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657985 - Henri Salo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fw: Fw: honeypots
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Played with this for a year or so.. It's OSS easy to use and understand, uses recognised components, easy to hack and bend to your whim. http://www.honeynet.org https://projects.honeynet.org/honeywall/ http://www.honeynet.pk/honeywall/roo/index.htm regards Dave On 30/01/2012 13:35, Jerry dePriest wrote: http://www.sans.org/security-resources/idfaq/honeypot3.php good paper on how to build your own and some links to commercial products. Sorry for the pooh add em. Still recovering from open heart surgery and the meds get to me... bma - Original Message - From: Jerry dePriest To: full-disclosure@lists.grok.org.uk Sent: Monday, January 30, 2012 6:55 AM Subject: [Full-disclosure] Fw: honeypots winnie the pooh would know... (had to) bma - Original Message - From: lallant...@tvazteca.com.mx To: J. von Balzac Cc: Full Disclosure ; Security Basics ; listbou...@securityfocus.com Sent: Friday, January 27, 2012 12:56 PM Subject: [Full-disclosure] honeypots i am looking for a good honeypot thanks -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTybW5bIvn8UFHWSmAQIbUgf8DButObuemLA/K1Ajz5wu2iM1i1QD1a71 xNEVVjHXZloQN2az2JPng5HLvuoqFDBFRrHD3JQx9VIHBFcLF2x5gVtunGt7m+c4 wXt6bRRbEPRdYMVKAb4tzBKriFd8dZ3pvjUD1LDyuunfsuUr4Un5ImY096NUkzaO xh/pReLnZR/f7WA6ZzTKDPZJ6Xbnp4LQLXmLsrQa9QLqRwmUpSXPq47AaRhOun69 IDHtjyOZtYO5FNQjKxT6I1KNuipTX3lmenTl9USQv/CD0ukvO1wOTp91iOXnJ8NL Xyf7ANTDQJ30pmSxWnRP1LsQZ3hnKPE9W4tU6MkkDqHP7s0lazrDtQ== =7nuq -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Advisory: sudo 1.8 Format String Vulnerability
On Mon, Jan 30, 2012 at 02:56:26PM +0100, joernchen of Phenoelit wrote: Hi, FYI, see attached. cheers, joernchen -- joernchen ~ Phenoelit joernc...@phenoelit.de ~ C776 3F67 7B95 03BF 5344 http://www.phenoelit.de ~ A46A 7199 8B7B 756A F5AC This seems to be CVE-2012-0809 and reported to Gentoo as https://bugs.gentoo.org/show_bug.cgi?id=401533 - Henri Salo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-12-019 : IBM SPSS mraboutb.dll ActiveX Control SetLicenseInfoEx Method Remote Code Execution Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-019 : IBM SPSS mraboutb.dll ActiveX Control SetLicenseInfoEx Method Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-019 January 30, 2012 - -- CVE ID: CVE-2012-0188 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: IBM - -- Affected Products: IBM SPSS - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11970. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com - -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within SetLicenseInfoEx() method exposed by the mraboutb.dll ActiveX Control. String data supplied to the first parameter (strInstallDir) of SetLicenseInfoEx() is copied into a 256 byte global buffer without first checking the string length. This overflow can be exploited to remotely execute arbitrary code on the target system. - -- Vendor Response: IBM has issued an update to correct this vulnerability. More details can be found at: http://www-01.ibm.com/support/docview.wss?uid=swg21577956 - -- Disclosure Timeline: 2011-07-20 - Vulnerability reported to vendor 2012-01-30 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Andrea Micalizzi aka rgod - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBAgAGBQJPJuJtAAoJEFVtgMGTo1scHTIH/j7+/owwRRpwjC7lz6ied5tq GPdODAgMN2oSSsXoBTNyZrFoQT1SvTZT6Ct63C1i2OaJJGvBvY6h4FqU5a9EIYc0 2y4OJUfoQfnWCHp6fsHKg4tcVK1xqqPfYqrriux50+W3gAJYh5gfLeRQWJa5CXOF u6hdfVBtmlpiN/CLhK5fVEtRAqXe0RDlaQNlKNL/zoy+q/C+2p5o6bCB8jcYL0Rm 3h5mBeDsE4TShRV1gAA5lAZQEXVlim4icNVuq0KJClw+yVrgcNE2ruEYoqHq+FzF qBd1ElcVVUMVLm4KtSR6f2mixvbz8crZKKATHJaLF5ljqXk24ynUXOZ/z1joymE= =UoMT -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-12-020 : IBM SPSS VsVIEW6.ocx ActiveX Control Multiple Methods Remote Code Execution Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-020 : IBM SPSS VsVIEW6.ocx ActiveX Control Multiple Methods Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-020 January 30, 2012 - -- CVE ID: CVE-2012-0189 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: IBM - -- Affected Products: IBM SPSS - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11971. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com - -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SaveDoc and PrintFile functions exposed by the VsVIEW6.ocx ActiveX control. The SaveDoc function causes a file to be created at an arbitrary path specified by the first argument (FileName). The file contents can be controlled by setting the 'Header' member and calling PrintFile() with the same path argument. These behaviors can be exploited by a remote attacker to execute arbitrary code on the target system. - -- Vendor Response: IBM has issued an update to correct this vulnerability. More details can be found at: http://www-01.ibm.com/support/docview.wss?uid=swg21577951 - -- Disclosure Timeline: 2011-07-20 - Vulnerability reported to vendor 2012-01-30 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Andrea Micalizzi aka rgod - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBAgAGBQJPJuKaAAoJEFVtgMGTo1scQ1IH/1nyJ24hKmgTiBeyFD2RQuC7 xGClPYWb4FHsburxcBA6ZCi+cm/8f2JHIa6zJVcsil27SlUthjhsAYhTvTk6KQ4V C+OEsvthXbg9jJG7Nm2V7+VNS4jBhRfbkb5Orc189TUD+eID8viJna74eHkIJ58N gqypjCg2V6rjrAv/0DWYZMuzfrghuCuq1S0X1oYfRXFuRHqHEBDj6TM1qjcmb4pH w3WVg/zrjm8BqfFUU0qaq1hwC1njnWS5Ue80O+Blc+RJajGWjF1g5jP4yCp8+Vsd rBaV+MwTERbb/rYMCWju4kCSCj+xT0JhhksaYmVEOivXwIua6V0QG8aW3mQa/no= =AqRa -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Advisory: sudo 1.8 Format String Vulnerability
On Mon, 30 Jan 2012, Henri Salo wrote: On Mon, Jan 30, 2012 at 02:56:26PM +0100, joernchen of Phenoelit wrote: Hi, FYI, see attached. cheers, joernchen -- joernchen ~ Phenoelit joernc...@phenoelit.de ~ C776 3F67 7B95 03BF 5344 http://www.phenoelit.de ~ A46A 7199 8B7B 756A F5AC This seems to be CVE-2012-0809 and reported to Gentoo as https://bugs.gentoo.org/show_bug.cgi?id=401533 Fixed in Mageia 1 : https://bugs.mageia.org/show_bug.cgi?id=4348 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2398-1] curl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2398-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff January 30, 2012 http://www.debian.org/security/faq - - Package: curl Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3389 CVE-2012-0036 Several vulnerabilities have been discovered in Curl, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-3389 This update enables OpenSSL workarounds against the BEAST attack. Additional information can be found in the Curl advisory: http://curl.haxx.se/docs/adv_20120124B.html CVE-2012-0036 Dan Fandrich discovered that Curl performs insufficient sanitising when extracting the file path part of an URL. For the oldstable distribution (lenny), this problem has been fixed in version 7.18.2-8lenny6. For the stable distribution (squeeze), this problem has been fixed in version 7.21.0-2.1+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 7.24.0-1. We recommend that you upgrade your curl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk8m8/EACgkQXm3vHE4uylpUOwCeKPn+RnVyLB82PNxYhxlVk1B7 Kk0Anj7/2ja+Hp/861Xfz7C+ootCG0Us =dvXX -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Advisory: sudo 1.8 Format String Vulnerability
Beautiful would have become Like a winter blossom Died too soon On 01/30/2012 10:56 AM, joernchen of Phenoelit wrote: Hi, FYI, see attached. cheers, joernchen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 -- VMware Security Advisory Advisory ID: VMSA-2012-0001 Synopsis:VMware ESXi and ESX updates to third party library and ESX Service Console Issue date: 2012-01-30 Updated on: 2012-01-30 (initial advisory) CVE numbers: --- COS Kernel --- CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 --- COS cURL --- CVE-2011-2192 --- COS rpm --- CVE-2010-2059, CVE-2011-3378 --- COS samba --- CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522, CVE-2011-2694 --- COS python --- CVE-2009-3720, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521 --- python library --- CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, CVE-2011-1521 -- 1. Summary VMware ESXi and ESX updates to third party library and ESX Service Console address several security issues. 2. Relevant releases ESXi 4.1 without patch ESXi410-201201401-SG ESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG, ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG, ESX410-201201407-SG 3. Problem Description a. ESX third party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the COS kernel. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ ProductVersion on Apply Patch = === = vCenterany Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX4.1 ESX ESX410-201201401-SG ESX4.0 ESX patch pending ESX3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. b. ESX third party update for Service Console cURL RPM The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-2192 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ ProductVersion on Apply Patch = === = vCenterany Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX4.1 ESX ESX410-201201402-SG ESX4.0 ESX patch pending ESX3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. c. ESX third party update for Service Console nspr and nss RPMs The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving a security issues. A Certificate
