MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:005 http://www.mandriva.com/security/ ___ Package : xpdf Date: January 5, 2006 Affected: 2006.0, Corporate 2.1, Corporate 3.0 ___ Problem Description: Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerbilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to FlateDecode stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to CCITTFaxDecode stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the FlateDecode stream. (CVE-2005-3626) Overflows of compInfo array in DCTDecode stream. (CVE-2005-3627) Possible to use index past end of array in DCTDecode stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in DCTDecode stream. (CVE-2005-3627) The updated packages have been patched to correct these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 ___ Updated Packages: Mandriva Linux 2006.0: 9f0d2d83c61f4cab871138ac2866dd30 2006.0/RPMS/xpdf-3.01-1.1.20060mdk.i586.rpm 51daa161fb5581aba221d4be39c5acbc 2006.0/SRPMS/xpdf-3.01-1.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: c0eb562149fe7025798ce38ef361d9c7 x86_64/2006.0/RPMS/xpdf-3.01-1.1.20060mdk.x86_64.rpm 51daa161fb5581aba221d4be39c5acbc x86_64/2006.0/SRPMS/xpdf-3.01-1.1.20060mdk.src.rpm Corporate Server 2.1: d35b8a8e201185bff3b6acfa9c3b9186 corporate/2.1/RPMS/xpdf-1.01-4.10.C21mdk.i586.rpm 1f5f85d3bc3577b1141d3ea54015b63a corporate/2.1/SRPMS/xpdf-1.01-4.10.C21mdk.src.rpm Corporate Server 2.1/X86_64: f1a715d6a7fe797d09cde9dff6db4800 x86_64/corporate/2.1/RPMS/xpdf-1.01-4.10.C21mdk.x86_64.rpm 1f5f85d3bc3577b1141d3ea54015b63a x86_64/corporate/2.1/SRPMS/xpdf-1.01-4.10.C21mdk.src.rpm Corporate 3.0: bfb96e34ea12293b22cd766b61da64fe corporate/3.0/RPMS/xpdf-3.00-5.7.C30mdk.i586.rpm 1e4153bea0ed2092819aa88dbc67ade4 corporate/3.0/SRPMS/xpdf-3.00-5.7.C30mdk.src.rpm Corporate 3.0/X86_64: 0eb5eba5d264041cd67931add3d6e841 x86_64/corporate/3.0/RPMS/xpdf-3.00-5.7.C30mdk.x86_64.rpm 1e4153bea0ed2092819aa88dbc67ade4 x86_64/corporate/3.0/SRPMS/xpdf-3.00-5.7.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security
Re: MD:Pro - Malware Distribution Project
On 01 February 2006 Frame4 Security Systems will launch their Malware Distribution Project (MD:Pro) service, which will offer developers of security systems and anti-malware products a vast collection of downloadable malware from a secure and reliable source, exclusively for the purposes of analysis, testing, research and development. For a preview of MD:Pro, visit http://www.frame4.net/mdpro. Bringing together for the first time a large back-catalogue of malware, computer underground related information and IT security resources under one project, this major new system also contains a large selection of undetected malware, along with an open, collaborative platform, where malware samples can be shared among its members. The database is constantly being updated with new files, and maintained to keep it running at an optimum. MD:Pro will contain around 120.000 downloadable malware samples by the end of 2006. There are currently 6500+ files in the system (and counting). A product of many years' research, cataloging and compilation of hard to find information, this subscription based service will be extremely attractive to anti-virus/anti-spyware manufacturers, developers of IDS/IPS systems, etc., along with large corporations and ISPs. Registrations will be limited to corporate customers only. Key benefits are: - A single, secure, and reliable download resource - Vast amounts of historical data, along with the very latest malware sources - Custom system, designed to provide maximum benefit to anti-malware research staff - Contents updated and maintained continuously by skilled security engineers - Systems monitored 24 x 7 for maximum possible uptime and availability - A non-public list, made available for the purposes of analysis, testing, research development PLEASE NOTE - The system is currently under heavy development; we are due to go live 01 February 2006, and as such, are not accepting any registrations for now (we are keeping applications pending until then however, and will allow access after go-live). As mentioned above, registrations will be limited to corporate customers only. Best regards, Anthony Aykut Frame4 Security Systems http://www.frame4.com/ http://www.frame4.net/mdpro Tel : +31(0)172-515901 vx.netlux.org already provides a huge collection for free. Kind regards, Rembrandt -- God did a bless on me, So accapt the dark side in you. Hate leads me to victory, so give me a war.
Re: [USN-237-1] nbd vulnerability
* Martin Pitt: CVE-2005-3354 This CVE ID is wrong. The correct one is CVE-2005-3534.
Recon2006 - Call for papers
RECON 2006 - Call for papers - 06/01/06 Montreal, Quebec, Canada 16 - 18 June 2006 We are pleased to announce the second annual RECON conference, which will take place in Montreal from the 16th to the 18th of June 2006. We are looking for original technical presentations, in the fields of reverse engineering and/or information security. Presentations should last no longer than 50 minutes and be presented in english. We will be accepting talk proposals until the 31st of March, 2006. All submitted presentations will be reviewed by the RECON program committee. Preferred topics Reverse engineering (Software, Protocols, Hardware, Social) Exploit development and vulnerability assessment Data analysis and visualization techniques Crypto and anonymity Physical security countermeasures Cool network stuff Please include the following with your submission 1) Speaker name(s) and/or handle 2) Contact information (Email and Cell phone) 3) Brief biography 4) Motivations for presentation (500 words max.) 5) Presentation abstract (500 words max.) 6) If your presentation references a paper or piece of software that you have published please provide us with either a copy of the said paper or s oftware or, an URL where we can obtain them. Please send the above information to cfp (at) recon.cx RECON program committee Cédric Blancher Nicolas Brulez Guillaume Duteille Hugo Fortier Jason Geffner Ryan Russel Mathieu Sauvé-Frankel Visit http://recon.cx for more information.
[ GLSA 200601-04 ] VMware Workstation: Vulnerability in NAT networking
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200601-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: VMware Workstation: Vulnerability in NAT networking Date: January 07, 2006 Bugs: #116238 ID: 200601-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis VMware guest operating systems can execute arbitrary code with elevated privileges on the host operating system through a flaw in NAT networking. Background == VMware Workstation is a powerful virtual machine for developers and system administrators. Affected packages = --- Package /Vulnerable/ Unaffected --- 1 vmware-workstation 5.5.1.19175 = 5.5.1.19175 *= 4.5.3.19414 Description === Tim Shelton discovered that vmnet-natd, the host module providing NAT-style networking for VMware guest operating systems, is unable to process incorrect 'EPRT' and 'PORT' FTP requests. Impact == Malicious guest operating systems using the NAT networking feature or local VMware Workstation users could exploit this vulnerability to execute arbitrary code on the host system with elevated privileges. Workaround == Disable the NAT service by following the instructions at http://www.vmware.com/support/kb, Answer ID 2002. Resolution == All VMware Workstation users should upgrade to a fixed version: # emerge --sync # emerge --ask --oneshot --verbose app-emulation/vmware-workstation References == [ 1 ] CVE-2005-4459 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4459 [ 2 ] VMware Security Response http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200601-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 pgpk5RVSxcW13.pgp Description: PGP signature
[eVuln] NavBoard BBcode XSS Vulnerability
New eVuln Advisory: NavBoard BBcode XSS Vulnerability Summary Vendor: NavBoard Vendor's Web Site: http://navarone.f2o.org/ Software: NavBoard Sowtware's Web Site: http://sourceforge.net/projects/navboard/ Versions: checked: V16 Stable(2.6.0) and V17beta2 Critical Level: Moderate Type: Cross-Site Scripting Class: Remote Status: Unpatched Exploit: Available Solution: Available Discovered by: Aliaksandr Hartsuyeu (eVuln.com) Published: 2006.01.07 eVuln ID: EV0019 -Description-- Arbitrary script code insertion is possible in BBcode. Vulnerable Script: post.php BBcode isn't properly sanitized. This can be used to post arbitrary script code which will be executed in the browser of every visitor. Administrator's cookie-based authentication is threatened. Login and plain text Password are stored in Cookies. Administrator can modify PHP Code from Administrator's panel. --Exploit- BBcode Examples: For V16(2.6.0) [b]XSS[/b] [textlarge]XSS[/textlarge] For V16(2.6.0) and V17beta2 [url=javascript:alert(123)]title[/url] --Solution- No vendor-provided patch availabve. Solution: disable BBcode --Credit- Original Advisory: http://evuln.com/vulns/19/summary.html Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
Re: Interview: Ilfak Guilfanov
Matthew == Matthew Murphy [EMAIL PROTECTED] writes: Matthew The URL for that blog post is: Matthew http://blogs.securiteam.com/index.php/archives/176 The Security Now! podcast interviewed Ilfak as well. For an audio interview and transcript, see episode #21 at http://www.grc.com/securitynow.htm. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 merlyn@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
Survey on Vuln Disclosure: Request for Participation
(x-posted to Full-Disclosure and elsewhere) Greetings -- As part of my doctoral studies, I am seeking community input regarding how secrecy and openness can be balanced in the analysis and alerting of security vulnerabilities to protect critical national infrastructures. To answer this question, my thesis is investigating: 1.How vulnerabilities are analyzed, understood and managed throughout the vulnerability lifecycle process. 2.The ways that the critical infrastructure security community interact to exchange security-related information and the outcome of such interactions to date. 3.The nature of and influences upon collaboration and information-sharing within the critical infrastructure protection community, particularly those handling internet security concerns. 4.The relationship between secrecy and openness in providing and exchanging security-related information. The survey is located at http://www.infowarrior.org/survey.html and should take 10-15 minutes to complete. Participation is both voluntary and anonymous. Thank you for your help with this endeavor, and for helping distribute this request for participation to other interested parties/lists. The survey will be online through early March. Thanks again, Rick -infowarrior.org