Security Update: [CSSA-2003-013.0] Linux: integer overflow vulnerability in XDR/RPC routines
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] __ SCO Security Advisory Subject:Linux: integer overflow vulnerability in XDR/RPC routines Advisory number:CSSA-2003-013.0 Issue date: 2003 March 19 Cross reference: __ 1. Problem Description The xdrmem_getbytes() function in the XDR library provided by Sun Microsystems contains an integer overflow that can lead to improperly sized dynamic memory allocation. 2. Vulnerable Supported Versions System Package -- OpenLinux 3.1.1 Server prior to glibc-2.2.4-26.i386.rpm prior to glibc-devel-2.2.4-26.i386.rpm prior to glibc-devel-static-2.2.4-26.i386.rpm prior to glibc-localedata-2.2.4-26.i386.rpm OpenLinux 3.1.1 Workstation prior to glibc-2.2.4-26.i386.rpm prior to glibc-devel-2.2.4-26.i386.rpm prior to glibc-devel-static-2.2.4-26.i386.rpm prior to glibc-localedata-2.2.4-26.i386.rpm OpenLinux 3.1 Serverprior to glibc-2.2.4-26.i386.rpm prior to glibc-devel-2.2.4-26.i386.rpm prior to glibc-devel-static-2.2.4-26.i386.rpm prior to glibc-localedata-2.2.4-26.i386.rpm OpenLinux 3.1 Workstation prior to glibc-2.2.4-26.i386.rpm prior to glibc-devel-2.2.4-26.i386.rpm prior to glibc-devel-static-2.2.4-26.i386.rpm prior to glibc-localedata-2.2.4-26.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-013.0/RPMS 4.2 Packages 22c6bf3a5dc5423c57eea99f7fef610dglibc-2.2.4-26.i386.rpm ec9c2ce3c84aee5256371fa23067a07bglibc-devel-2.2.4-26.i386.rpm 16f2585ecc1b33ff7d3ad9b38e7dcc9aglibc-devel-static-2.2.4-26.i386.rpm c51af00de6e168ee6ae562d91e5db1d1glibc-localedata-2.2.4-26.i386.rpm 4.3 Installation rpm -Fvh glibc-2.2.4-26.i386.rpm rpm -Fvh glibc-devel-2.2.4-26.i386.rpm rpm -Fvh glibc-devel-static-2.2.4-26.i386.rpm rpm -Fvh glibc-localedata-2.2.4-26.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-013.0/SRPMS 4.5 Source Packages 67ba9387370089a15afd038ecc277e1eglibc-2.2.4-26.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-013.0/RPMS 5.2 Packages 5774225efb99e5401da7aceaf864206cglibc-2.2.4-26.i386.rpm a1b8257b874681a45a6e89baf63f7b94glibc-devel-2.2.4-26.i386.rpm 79311a60b66b2d62dc6ba4e7733dd58bglibc-devel-static-2.2.4-26.i386.rpm 294be611e6540c4a821e3a21e9782de1glibc-localedata-2.2.4-26.i386.rpm 5.3 Installation rpm -Fvh glibc-2.2.4-26.i386.rpm rpm -Fvh glibc-devel-2.2.4-26.i386.rpm rpm -Fvh glibc-devel-static-2.2.4-26.i386.rpm rpm -Fvh glibc-localedata-2.2.4-26.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-013.0/SRPMS 5.5 Source Packages 9acadcee5ab04b65760d047b1859c028glibc-2.2.4-26.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-013.0/RPMS 6.2 Packages 4271adc975e6ebaaecb108d72cbb4760glibc-2.2.4-26.i386.rpm d549f0a97100dc9aadde9bf16e8344eeglibc-devel-2.2.4-26.i386.rpm 39f53de2a5c120564b6bafeb205c1081glibc-devel-static-2.2.4-26.i386.rpm 50b0702cf93243af4905f79ed04a1d67glibc-localedata-2.2.4-26.i386.rpm 6.3 Installation rpm -Fvh glibc-2.2.4-26.i386.rpm rpm -Fvh glibc-devel-2.2.4-26.i386.rpm rpm -Fvh glibc-devel-static-2.2.4-26.i386.rpm rpm -Fvh glibc-localedata-2.2.4-26.i386.rpm 6.4
[ESA-20030320-010] Several vulnerabilities in the OpenSSL toolkit.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ++ | EnGarde Secure Linux Security Advisory March 20, 2003 | | http://www.engardelinux.org/ ESA-20030320-010 | || | Package: openssl | | Summary: Several vulnerabilities in the OpenSSL toolkit. | ++ EnGarde Secure Linux is a secure distribution of Linux that features improved access control, host and network intrusion detection, Web based secure remote management, e-commerce, and integrated open source security tools. OVERVIEW - Recently several vulnerabilities have been found in the OpenSSL toolkit. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2003-0131 and CAN-2003-0147 to these issues. CAN-2003-0131 - Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa have come up with an extension of the Bleichenbacher attack on RSA with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0 [1]. OpenSSL has been found to be vulnerable to this type of attack. CAN-2003-0147 - Recently David Brumley and Dan Boneh of Stanford University discovered and documented [2] a timing attack against RSA private keys, to be presented at the UNIX Security Symposium. OpenSSL has been found to be vulnerable to this type of attack if RSA blinding [3] is not enabled (which it is not by default). To defend against this vulnerability, this update enables RSA blinding by default. All users are recommended to upgrade immediately using the special SOLUTION in this advisory. [1] http://eprint.iacr.org/2003/052/ [2] http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html [3] http://www.openssl.org/docs/crypto/RSA_blinding_on.html SOLUTION - Users of the EnGarde Professional edition can use the Guardian Digital Secure Network to update their systems automatically. EnGarde Community users should upgrade to the most recent version as outlined in this advisory. Updates may be obtained from: ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ http://ftp.engardelinux.org/pub/engarde/stable/updates/ Before upgrading the package, the machine must either: a) be booted into a standard kernel; or b) have LIDS disabled. To disable LIDS, execute the command: # /sbin/lidsadm -S -- -LIDS_GLOBAL To install the updated package, execute the command: # rpm -Uvh files You must now update the LIDS configuration by executing the command: # /usr/sbin/config_lids.pl To re-enable LIDS (if it was disabled), execute the command: # /sbin/lidsadm -S -- +LIDS_GLOBAL To verify the signatures of the updated packages, execute the command: # rpm -Kv files Once the updated packages are installed, you must restart all the daemons which use the OpenSSL libraries. You may either reboot the system or restart the following daemons: httpd -- Apache web server (with mod_ssl) snortd -- Snort intrusion detection system sshd-- Secure shell daemon stunnel-imap-- SSL-enabled IMAP daemon stunnel-pop3-- SSL-enabled POP3 daemon UPDATED PACKAGES - These updated packages are for EnGarde Secure Linux Community Edition. Source Packages: SRPMS/openssl-0.9.6-1.0.19.src.rpm MD5 Sum: 950c1b57ac45404a4cbfc92143fbef8f Binary Packages: i386/openssl-0.9.6-1.0.19.i386.rpm MD5 Sum: cf76fc7d51366228d86b6ccc646ea234 i386/openssl-misc-0.9.6-1.0.19.i386.rpm MD5 Sum: e584ba5db7e3e320eebd66851ee2 i686/openssl-0.9.6-1.0.19.i686.rpm MD5 Sum: cdf88671bfacf2157fe999fff844d9c2 i686/openssl-misc-0.9.6-1.0.19.i686.rpm MD5 Sum: d0ad30b1522741299e6d689fd02df774 REFERENCES - -- Guardian Digital's public key: http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY OpenSSL's Official Web Site: http://www.openssl.org/ Security Contact: [EMAIL PROTECTED] EnGarde Advisories: http://www.engardelinux.org/advisories.html - -- $Id: ESA-20030320-010-openssl,v 1.2 2003/03/20 13:36:57 rwm Exp $ - -- Author: Ryan W. Maple [EMAIL PROTECTED] Copyright 2003, Guardian Digital, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+eceqHD5cqd57fu0RAn/YAJ9X1NTo7IR6fUu9vlF5e55XNrotwQCbB63D iK/joz2bz3PVkNP+9NoBy1I= =SXzU -END PGP SIGNATURE-
[RHSA-2003:088-01] New kernel 2.2 packages fix vulnerabilities
- Red Hat Security Advisory Synopsis: New kernel 2.2 packages fix vulnerabilities Advisory ID: RHSA-2003:088-01 Issue date:2003-03-20 Updated on:2003-03-20 Product: Red Hat Linux Keywords: ethernet frame padding /proc/pid/mem Cross references: Obsoletes: RHSA-2002:264 CVE Names: CAN-2003-0001 CAN-2003-1380 CAN-2003-0127 - 1. Topic: Updated kernel packages for Red Hat Linux 6.2 and 7.0 are now available that fix several security vulnerabilities. 2. Relevant releases/architectures: Red Hat Linux 6.2 - i386, i586, i686 Red Hat Linux 7.0 - i386, i586, i686 3. Problem description: The Linux kernel handles the basic functions of the operating system. A bug in the kernel module loader code allows a local user to gain root privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0127 to this issue. Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0001 to this issue. The Linux 2.2 kernel allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-1380 to this issue. All users of Red Hat Linux 6.2 and 7 should upgrade to these errata packages, which contain version 2.2.24 of the Linux kernel with patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. The procedure for upgrading the kernel is documented at: http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html Please read the directions for your architecture carefully before proceeding with the kernel upgrade. Please note that this update is also available via Red Hat Network. Many people find this to be an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Note that you need to select the kernel explicitly on default configurations of up2date. 5. RPMs required: Red Hat Linux 6.2: SRPMS: ftp://updates.redhat.com/6.2/en/os/SRPMS/kernel-2.2.24-6.2.3.src.rpm i386: ftp://updates.redhat.com/6.2/en/os/i386/kernel-smp-2.2.24-6.2.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-2.2.24-6.2.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-BOOT-2.2.24-6.2.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-ibcs-2.2.24-6.2.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-utils-2.2.24-6.2.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-pcmcia-cs-2.2.24-6.2.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-doc-2.2.24-6.2.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-headers-2.2.24-6.2.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-source-2.2.24-6.2.3.i386.rpm i586: ftp://updates.redhat.com/6.2/en/os/i586/kernel-smp-2.2.24-6.2.3.i586.rpm ftp://updates.redhat.com/6.2/en/os/i586/kernel-2.2.24-6.2.3.i586.rpm i686: ftp://updates.redhat.com/6.2/en/os/i686/kernel-enterprise-2.2.24-6.2.3.i686.rpm ftp://updates.redhat.com/6.2/en/os/i686/kernel-smp-2.2.24-6.2.3.i686.rpm ftp://updates.redhat.com/6.2/en/os/i686/kernel-2.2.24-6.2.3.i686.rpm Red Hat Linux 7.0: SRPMS: ftp://updates.redhat.com/7.0/en/os/SRPMS/kernel-2.2.24-7.0.3.src.rpm i386: ftp://updates.redhat.com/7.0/en/os/i386/kernel-smp-2.2.24-7.0.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-2.2.24-7.0.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-BOOT-2.2.24-7.0.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-ibcs-2.2.24-7.0.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-utils-2.2.24-7.0.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-pcmcia-cs-2.2.24-7.0.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-doc-2.2.24-7.0.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-source-2.2.24-7.0.3.i386.rpm i586: ftp://updates.redhat.com/7.0/en/os/i586/kernel-smp-2.2.24-7.0.3.i586.rpm ftp://updates.redhat.com/7.0/en/os/i586/kernel-2.2.24-7.0.3.i586.rpm i686: ftp://updates.redhat.com/7.0/en/os/i686/kernel-enterprise-2.2.24-7.0.3.i686.rpm ftp://updates.redhat.com/7.0/en/os/i686/kernel-smp-2.2.24-7.0.3.i686.rpm ftp://updates.redhat.com/7.0/en/os/i686/kernel-2.2.24-7.0.3.i686.rpm 6. Verification: MD5 sum
Microsoft Security Bulletin MS03-009: Flaw In ISA Server DNS IntrusionDetection Filter Can Cause Denial Of Service (331065) (fwd)
David Mirza Ahmad Symantec sabbe dhamma anatta 0x26005712 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12 -- Forwarded message -- -BEGIN PGP SIGNED MESSAGE- - --- Title: Flaw In ISA Server DNS Intrusion Detection Filter Can Cause Denial Of Service (331065) Date: 19 March 2003 Software: Microsoft ISA Server Impact: Denial of Service Max Risk: Moderate Bulletin: MS03-009 Microsoft encourages customers to review the Security Bulletins at: http://www.microsoft.com/technet/security/bulletin/MS03-009.asp http://www.microsoft.com/security/security_bulletins/ms03-009.asp - --- Issue: == Microsoft Internet Security and Acceleration (ISA) Server 2000 contains the ability to apply application filters to incoming traffic. Application filters allow ISA Server to analyze a data stream for a particular application and provide application- specific processing including inspecting, screening or blocking, redirecting, or modifying the data as it passes through the firewall. This mechanism is used to protect against invalid URLs which may indicate attempted attacks as well as attacks against internal Domain Name Service (DNS) Servers. A flaw exists in the ISA Server DNS intrusion detection application filter, and results because the filter does not properly handle a specific type of request when scanning incoming DNS requests. An attacker could exploit the vulnerability by sending a specially formed request to an ISA Server computer that is publishing a DNS server, which could then result in a denial of service to the published DNS server. DNS requests arriving at the ISA Server would be stopped at the firewall, and not passed through to the internal DNS server. All other ISA Server functionality would be unaffected. Mitigating Factors: - By default, no DNS servers are published. DNS server publishing must be manually enabled. - The vulnerability would not enable an attacker to gain any privileges on an affected ISA Server or the published DNS server or to compromise any cached content on the server. It is strictly a denial of service vulnerability. Risk Rating: - Moderate Patch Availability: === - A patch is available to fix this vulnerability. Please read the Security Bulletins at http://www.microsoft.com/technet/security/bulletin/ms03-009.asp http://www.microsoft.com/security/security_bulletins/ms03-009.asp for information on obtaining this patch. - --- THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. -BEGIN PGP SIGNATURE- Version: PGP 7.1 iQEVAwUBPni3qo0ZSRQxA/UrAQGl3gf+LrKTjf5hyCV2b+qkEagre6zgb2CuOP+A auPp73+kYOHiI5Bd8STtHSdeedevmui5EDWDIkWR9tWm45eDXuy4dLFU8N9qH+id lVrL/61eJuJz/9W53PxSsCy2wAisYrXcRA9nl0TrBU3/2WApHY2AkcIXWieG/KBS XIcZQ+1gNb5Go+i/vrhNhsQaJJcWf7ziKLks5SRtWYUPc947DYLGulFhc+FRzwnc OxSxKVGgncg/nc/86cDLZVM1jGzYao78VloPQoIVNPfsBmjx6s3+x0oGzOKCJwNp w/GWnDIK8usqPu62pQYsjVDViA7Rz5Piub+73gbwEX1ytri/FHPsgg== =Uf5c -END PGP SIGNATURE-
[Sorcerer-spells] GLIBC-SORCERER2003-03-20
Sorcerer Update Advisory Tap Into the Source Source Name:glibc-2.3.2 Advisory ID:SORCERER2003-03-20-2 Date: March 20th, 2003 Problem Description: Patch more RPC XDR decoder bugs. Update: Patches have been added. Patched Sources: glibc-2.3.2 Recomendation: augur synch augur update Contacts: Email: [EMAIL PROTECTED] Mail List: https://lists.berlios.de/mailman/listinfo/sorcerer-spells Web:http://sorcerer.wox.org Irc:irc://irc.freenode.net #sorcerer
Fwd: CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library routines
*** There is an attachment in this mail. *** _ --- [ATTITUDEX.COM] http://www.attitudex.com/ --- _ Select your own custom email address for FREE! Get [EMAIL PROTECTED] w/No Ads, 6MB, POP more! http://www.everyone.net/selectmail?campaign=tag ---BeginMessage--- -BEGIN PGP SIGNED MESSAGE- CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library routines Original release date: March 19, 2003 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected Applications using vulnerable implementations of SunRPC-derived XDR libraries, which include * Sun Microsystems network services library (libnsl) * BSD-derived libraries with XDR/RPC routines (libc) * GNU C library with sunrpc (glibc) Overview There is an integer overflow in the xdrmem_getbytes() function distributed as part of the Sun Microsystems XDR library. This overflow can cause remotely exploitable buffer overflows in multiple applications, leading to the execution of arbitrary code. Although the library was originally distributed by Sun Microsystems, multiple vendors have included the vulnerable code in their own implementations. I. Description XDR (external data representation) libraries are used to provide platform-independent methods for sending data from one system process to another, typically over a network connection. Such routines are commonly used in remote procedure call (RPC) implementations to provide transparency to application programmers who need to use common interfaces to interact with many different types of systems. The xdrmem_getbytes() function in the XDR library provided by Sun Microsystems contains an integer overflow that can lead to improperly sized dynamic memory allocation. Depending on how and where the vulnerable xdrmem_getbytes() function is used, subsequent problems like buffer overflows may result. Researchers at eEye Digital Security discovered this vulnerability and have also published an advisory. This issue is currently being tracked as VU#516825 by the CERT/CC and as CAN-2003-0028 in the Common Vulnerabilities and Exposures (CVE) dictionary. Note that this vulnerability is similar to, but distinct from, VU#192995. II. Impact Because SunRPC-derived XDR libraries are used by a variety of vendors in a variety of applications, this defect may lead to a number of security problems. Exploiting this vulnerability will lead to denial of service, execution of arbitrary code, or the disclosure of sensitive information. Specific impacts reported include the ability to crash the rpcbind service and possibly execute arbitrary code with root privileges. In addition, intruders may be able to crash the MIT KRB5 kadmind or cause it to leak sensitive information, such as secret keys. III. Solution Apply a patch from your vendor Apply the appropriate patch or upgrade as specified by your vendor. See Appendix A below and the Systems Affected section of VU#516825 for further information. Note that XDR libraries can be used by multiple applications on most systems. It may be necessary to upgrade or apply multiple patches and then recompile statically linked applications. Applications that are statically linked must be recompiled using patched libraries. Applications that are dynamically linked do not need to be recompiled; however, running services need to be restarted in order to use the patched libraries. System administrators should consider the following process when addressing this issue: 1. Patch or obtain updated XDR/RPC libraries. 2. Restart any dynamically linked services that make use of the XDR/RPC libraries. 3. Recompile any statically linked applications using the patched or updated XDR/RPC libraries. Disable access to vulnerable services or applications Until patches are available and can be applied, you may wish to disable access to services or applications compiled with the vulnerable xdrmem_getbytes() function. As a best practice, the CERT/CC recommends disabling all services that are not explicitly required. Appendix A. - Vendor Information This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments. Apple Computer, Inc. Mac OS X
[Sorcerer-spells] LINUX-SORCERER2003-03-20
Sorcerer Update Advisory Tap Into the Source Source Name:linux-2.4.20 Advisory ID:SORCERER2003-03-19 Date: March 20th, 2003 Problem Description: Fixes several kernel bugs. sync_fs.patch sync_fs-fix.patch ext3-use-after-free.patch sync_fs-fix-2.patch ext3-scheduling-storm.patch linux-2.4.20.ptrace.diff Update: Patches have been added. Patched Sources: linux-2.4.20 Recomendation: augur synch augur update Contacts: Email: [EMAIL PROTECTED] Mail List: https://lists.berlios.de/mailman/listinfo/sorcerer-spells Web:http://sorcerer.wox.org Irc:irc://irc.freenode.net #sorcerer
[IPS] osCommerce multiple XSS vulnerabilities
iProyectos Security Advisory: XSS Bugs in osCommerce 1. Problem description. 2. Risk 3. Solution 4. Manual fix 5. About iProyectos 1. Problem description: osCommerce is a widely installed open source shopping e-commerce solution. Some XSS (cross-site scripting) problems exists in versions of osCommerce prior to 3/14/2003 that allow an attacker to inject arbitrary HTML code into a web page. An attacker could guide the victim to a specially crafted url that, when followed, would send the cookie to the attacker. With the cookie of an user, an attacker would be able to hijack his account. iProyectos wont provide direct exploit this time due to the simplicity of the bug (exploitation is straightforward with XSS bugs). Here is a proof of concept on one of the four existent bugs. (implode the next three lines to form the url) http://vulnerable.host/default.php?error_message=%3Cscr ipt%20language=javascript%3Ewindow.alert%28document.coo kie%29;%3C/script%3E The full list of vulnerabilities is available in our website http://www.iproyectos.com/english.php that explains the four bugs. We contacted the vendor on 3/13/2003. They fixed 4 XSS bugs in 24 hours and committed the patches to CVS. We found this bugs in last milestone version and they probably have a long history. The online demonstration in the osCommerce website which is said to be 2.2ms1 version was modified, so be aware of trusting the milestone because of this. At 3/18/2003, the last milestone available (2.2ms1) is still vulnerable. Contrary to what can be understood by reading the vendor report, this is not a cvs version bug. Furthermore, we conducted a little survey and found this bug in 27 out of 30 osCommerce shops. 2. Risk iProyectos has given this vulnerability medium risk, as long as some degree of social enginering is required. 3. Solution To patch, update by CVS. Downloading the last milestone WON'T fix this. 4. Manual Fix Many installations of osCommerce are severely modified to suit the needs of each shop, using just the core osCommerce engine. For these, direct patching won't be possible. If you are interested in a guide to fixing customized osCommerce installations please contact us at [EMAIL PROTECTED] . We will publish a checklist guide to fix osCommerce if demand is high enough. 5. About iProyectos iProyectos is a new IT company established in Spain which stress security research. We provide quality security auditing at reasonable prices. - Daniel Alcántara de la Hoz Director de Proyectos [EMAIL PROTECTED] iProyectos Desarrollos Tecnológicos http://www.iproyectos.com/english.php
[OpenPKG-SA-2003.025] OpenPKG Security Advisory (mutt)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenPKG Security AdvisoryThe OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] OpenPKG-SA-2003.025 20-Mar-2003 Package: mutt Vulnerability: buffer overflow in IMAP client OpenPKG Specific:no Affected Releases: Affected Packages:Corrected Packages: OpenPKG CURRENT = mutt-1.4i-20030103 = mutt-1.4.1i-20030320 OpenPKG 1.2 = mutt-1.4i-1.2.0= mutt-1.4i-1.2.1 OpenPKG 1.1 = mutt-1.4i-1.1.0= mutt-1.4i-1.1.1 Dependent Packages: none Description: According to a posting on Bugtraq [0], Edmund Grimley Evans fixed a buffer overflow which exists in the IMAP client code of the mail user agent Mutt [1]. The bug was found by Core Security Technologies [2]. Please check whether you are affected by running prefix/bin/rpm -q mutt. If you have the mutt package installed and its version is affected (see above), we recommend that you immediately upgrade it (see Solution). [3][4] Solution: Select the updated source RPM appropriate for your OpenPKG release [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror location, verify its integrity [9], build a corresponding binary RPM from it [3] and update your OpenPKG installation by applying the binary RPM [4]. For the current release OpenPKG 1.2, perform the following operations to permanently fix the security problem (for other releases adjust accordingly). $ ftp ftp.openpkg.org ftp bin ftp cd release/1.2/UPD ftp get mutt-1.4i-1.2.1.src.rpm ftp bye $ prefix/bin/rpm -v --checksig mutt-1.4i-1.2.1.src.rpm $ prefix/bin/rpm --rebuild mutt-1.4i-1.2.1.src.rpm $ su - # prefix/bin/rpm -Fvh prefix/RPM/PKG/mutt-1.4i-1.2.1.*.rpm References: [0] http://www.securityfocus.com/archive/1/315679 [1] http://www.mutt.org/ [2] http://www.corest.com/common/showdoc.php?idx=310idxseccion=10 [3] http://www.openpkg.org/tutorial.html#regular-source [4] http://www.openpkg.org/tutorial.html#regular-binary [5] ftp://ftp.openpkg.org/release/1.1/UPD/mutt-1.4i-1.1.1.src.rpm [6] ftp://ftp.openpkg.org/release/1.2/UPD/mutt-1.4i-1.2.1.src.rpm [7] ftp://ftp.openpkg.org/release/1.1/UPD/ [8] ftp://ftp.openpkg.org/release/1.2/UPD/ [9] http://www.openpkg.org/security.html#signature For security reasons, this advisory was digitally signed with the OpenPGP public key OpenPKG [EMAIL PROTECTED] (ID 63C4CB9F) of the OpenPKG project which you can find under the official URL http://www.openpkg.org/openpkg.pgp or on http://keyserver.pgp.com/. To check the integrity of this advisory, verify its digital signature by using GnuPG (http://www.gnupg.org/). For instance, pipe this message to the command gpg --verify --keyserver keyserver.pgp.com. -BEGIN PGP SIGNATURE- Comment: OpenPKG [EMAIL PROTECTED] iD8DBQE+eeyKgHWT4GPEy58RArpCAKDcaOeLoSA5Z9OvQ0U/vT38ZXi4wwCg1ZNF M+mSz6l/Oi9I43eNw8wB4s4= =r1SF -END PGP SIGNATURE-
Re: PROBLEMS WITH WINDOWS SHORTCUTS
Verified on Windows XP Pro SP1. Crashes Explorer everytime. /Alex Kiwerski On a side note, if you browse to the folder through an application and the application is set to view all file types it will crash the application instead of explorer. I have tested this with Windows XP Pro SP1 in Dreamweaver and Photoshop. I can imagine this will work with any application. Dan Daggett
Safeboot PC Security User Emuneration Vulnerability
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- IRM Security Advisory No. 003 Safeboot PC Security User Emuneration Vulnerability Vulnerablity Type / Importance: User Enumeration / Medium Problem discovered: Fri, 31 Jan 2003 Vendor contacted: Mon, 3 Feb 2003 Advisory published: March 20th 2003 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Abstract: Safe boot PC security allows the discovery (by trial and error) of valid user account names by distinguishing between bad login names and bad passwords. Description: Safeboot (www.safeboot.com) is a software product to prevent access to a PCs hard disk drive. This protection takes two forms: 1) Pre-Boot user authentication, 2) Hard Disk Encryption. It is with the former that IRM identified a vulnerability. Whilst safeboot supports a number of hardware-based tokens to provide user authentication, without these it relies on Username and Password Authentication. When a user has entered a bad username or password, Safeboot will produce an error, specifically stating which of the credentials (username or password) is incorrect. By leaving the password blank, or entering anything, an attacker could use trial and error to establish valid usernames for this or other related systems, before proceding to attempt discovery of the associated password. Tested Versions: Safeboot 4.1 (current version) (The authors were not able to obtain any previous versions, but understand these would be equally effected) Tested Operating Systems: Windows XP SP1 Vendor Patch Information: The vendor of this product, Control Break International, was contacted. They were receptive to our report and produced a statement reproduced here: Control Break International is aware of IRM's findings. We have not considered enumeration of the user list sensitive information up to now, as real-world user ID's are often trivial combinations of first name, last name, and initials, and are usually easily guessable through social engineering. With the popularity of directory systems such as AD and Novell, user id's are increasingly similar to e-mail addresses, yielding them even simpler to determine. We are however sensitive to customer concerns, so for those who would like to redefine the error messages reported for incorrect user id and password information, we can make available replacement error message files accordingly. These error message files are not available for public download, but users of Safeboot can obtain it by contacting Control Break via their Website. Workarounds: See Vendor and Patch Information. Credits: Initial vulnerability discovery:Chris Crute Disclaimer: All information in this advisory is provided on an 'as is' basis in the hope that it will be useful. Information Risk Management Plc is not responsible for any risks or occurrences caused by the application of this information. A copy of this advisory may be found at http://www.irmplc.com/advisories The PGP key used to sign IRM advisories can be obtained from the above URL, or from keyserver.net and its mirrors. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Information Risk Management Plc.http://www.irmplc.com 22 Buckingham Gate [EMAIL PROTECTED] London [EMAIL PROTECTED] SW1E 6LB+44 (0)207 808 6420
[Sorcerer-spells] KRB5-SORCERER2003-03-20
Sorcerer Update Advisory Tap Into the Source Source Name:krb5-1.2.7 Advisory ID:SORCERER2003-03-20-1 Date: March 20th, 2003 Problem Description: Bugs in the RPC calls where patched. Update: Patches have been added. Patched Sources: krb5-1.2.7 Recomendation: augur synch augur update Contacts: Email: [EMAIL PROTECTED] Mail List: https://lists.berlios.de/mailman/listinfo/sorcerer-spells Web:http://sorcerer.wox.org Irc:irc://irc.freenode.net #sorcerer
IBM Tivoli Firewall Security Toolbox buffer overflow vulnerability
*** Subject : IBM Tivoli Firewall Security Toolbox (TFST) remote buffer overflow vulnerability Version : Tivoli Firewall Toolbox version 1.2 Platform: All supported platforms *** 0o Overview --- The Tivoli Firewall Toolbox is an optional component of the Tivoli management environment and provides the underlying communication for the framework-based applications within a firewall environment. A vulnerability was discovered in the Tivoli relay daemon, which is part of this communication layer. 0o Impact - The vulnerability may allow a Tivoli endpoint to execute arbitrary code on an affected system. 0o Technical description The TFST relay daemon, which listens on a TCP network socket, performs no bounds checking while storing data from Tivoli nodes into a memory buffer. Due to this it is possible for Tivoli nodes to cause a buffer overflow in the relay daemon. The buffer overflow can be used to overwrite critical program control data on the stack and may therefore be used to inject malicious code in the relay daemon process. This code can then be executed with the privileges of this process. On Unix platforms, abuse of this vulnerability can initially allow remote attackers to penetrate affected systems with user 'nobody' privileges. Due to insecure permissions on the relay.sh script, which is executed at boot time, it is possible to elevate the user 'nobody' privileges to those of the 'root' user on these systems. It should be noted that the relay daemon, under normal circumstances, is configured to only accept connections from trusted Tivoli nodes. 0o Solution --- Affected Tivoli customers should upgrade to the IBM Tivoli Firewall Toolbox version 1.3, which can be found at: http://www-3.ibm.com/software/sysmgmt/products/support/IBMTivoliManagementFramework.html (Entitled Customers only) ftp://ftp.software.ibm.com/software/tivoli_support/patches/patches_1.3 (anonymous access) 0o Disclaimer - ** All information, advice and statements are provided AS IS, without any warranty of any kind, express or implied, including but not limited to, warranties of accuracy, timeliness, non-infringement or fitness for a particular purpose. Ubizen assumes no liability for any loss or damage whatsoever (direct, indirect, consequential or otherwise). The use of and/or reliance on any of the information, advice or statements provided will be at the sole risk of the using/relying party. Copyright (c) 2003 by Ubizen N.V. All rights reserved. All trademarks or registered trademarks are the property of their respective owners. **
CORE-20030304-02: Vulnerability in Mutt Mail User Agent
Core Security Technologies Advisory http://www.coresecurity.com Vulnerability in Mutt Mail User Agent Date Published: 2003-03-20 Last Update: 2003-03-19 Advisory ID: CORE-20030304-02 Bugtraq ID: 7120 CVE CAN: None currently assigned Title: Mutt Controlled IMAP server buffer overflow Class: Boundary Error Condition (Buffer Overflow) Remotely Exploitable: Yes Locally Exploitable: No Advisory URL: http://www.coresecurity.com/common/showdoc.php?idx=310idxseccion=10 Vendors notified: . Core Notification: 2003-03-11 . Notification aknowledged by Mutt: 2003-03-12 . Fix developed by Mutt: 2003-03-17 . Fix incorporated to releases of Mutt stable and unstable branches: 2003-03-19 . Public announcement of fixed packages: 2003-03-19 Release Mode: COORDINATED RELEASE *Vulnerability Description:* Mutt is a very popular small text-based MUA (Mail User Agent) for Unix operating systems. For more information about Mutt visit http://www.mutt.org The Mutt Mail User Agent (MUA) has support for accessing remote mailboxes through the IMAP protocol. By controlling a malicious IMAP server and providing a specially crafted folder, an attacker can crash the mail reader and possibly force execution of arbitrary commands on the vulnerable system with the privileges of the user running Mutt. *Vulnerable Packages:* Versions of Mutt up to, and including, 1.4.0 (stable) Versions of Mutt up to, and including, 1.5.3 (unstable) *Solution/Vendor Information/Workaround:* Mutt 1.4.1 (stable branch) and 1.5.4 (unstable) have been released with a fix for the vulnerability. These versions will soon be available from ftp://ftp.mutt.org/mutt/. *Credits:* This vulnerability was found by Diego Kelyacoubian, Javier Kohen, Alberto Solino, and Juan Vera from Core Security Technologies during Bugweek 2003 (March 3-7, 2003). We would like to thank Thomas Roessler, Edmund Grimley Evans and Marco d'Itri for their quick response to our report and the generation of fixed Mutt packages. *Technical Description - Exploit/Concept Code:* According to the RFC2060 (INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1), section 5.1.3: By convention, international mailbox names are specified using a modified version of the UTF-7 encoding described in [UTF-7]. When mutt has to convert from its internal representation in UTF-8 to UTF-7-like encoding it calls indirectly the function utf8_to_utf7() in module imap/utf7.c. The aforementioned function miscalculates the maximum output length; therefore provided that one can control the IMAP server, it is possible to craft a folder name that will generate output at least 50% larger than the calculated maximum. These perl oneliners will generate two different folder names whose length is past the calculated maximum: perl -e 'print (chr(0x10) x 20)' perl -e 'print ((chr(0x10) . chr(0x41)) x 20)' The second produces a longer output after conversion. It might be necessary to increase the multiplier to see Mutt crash. A post-mortem analysis of the crashed process shows: #0 0x4207434f in _int_realloc () from /lib/i686/libc.so.6 #1 0x42073416 in realloc () from /lib/i686/libc.so.6 #2 0x080aafbd in safe_realloc (p=0xbfffe194, siz=121) at lib.c:96 #3 0x080c58d2 in utf8_to_utf7 (u8=0x80f5708 , u8len=0, u7=0xbfffe1d4, u7len=0x0) at utf7.c:237 #4 0x080c5961 in imap_utf7_encode (s=0xbfffe1d4) at utf7.c:252 #5 0x080c4cf7 in imap_munge_mbox_name ( dest=0xbfffe720 imap://[EMAIL PROTECTED]/\020A\020A\020A\020A\020A\020A\020A\020A \020A\020A\020A\020A\020A\020A\020A\020A\020A\020A\020A\020A, dlen=1024, src=0x80f0e90 \020A\020A\020A\020A\020A\020A\020A\020A\020A\020A\020A\020A\020A \020A\020A\020A\020A\020A\020A\020A) at util.c:507 #6 0x080bfe65 in imap_open_mailbox (ctx=0x80f0d78) at imap.c:548 #7 0x08082cca in mx_open_mailbox ( path=0xbfffedd0 imap://[EMAIL PROTECTED]/\020A\020A\020A\020A\020A\020A\020A\020A \020A\020A\020A\020A\020A\020A\020A\020A\020A\020A\020A\020A, flags=0, pctx=0x0) at mx.c:694 #8 0x0805ff66 in mutt_index_menu () at curs_main.c:1032 #9 0x08079083 in main (argc=3, argv=0xba04) at main.c:841 #10 0x420158d4 in __libc_start_main () from /lib/i686/libc.so.6 gdb) x/10i $pc 0x4207434f _int_realloc+175: testb $0x1,0x4(%eax,%esi,1) 0x42074354 _int_realloc+180: jne0x4207440b _int_realloc+363 0x4207435a _int_realloc+186: mov0xffe8(%ebp),%edi 0x4207435d _int_realloc+189: add%eax,%edi 0x4207435f _int_realloc+191: cmp0xfff0(%ebp),%edi 0x42074362 _int_realloc+194: jb 0x4207440b _int_realloc+363 0x42074368 _int_realloc+200: mov0x8(%esi),%edx 0x4207436b _int_realloc+203: mov0xc(%esi),%eax 0x4207436e _int_realloc+206: mov%eax,0xc(%edx) 0x42074371 _int_realloc+209: mov%edx,0x8(%eax) (gdb) p/x $eax $22 = 0x41424120 (gdb) p/x $esi $23 = 0x80f2b70 $22 is controlled by the attacker. Although we believe this vulnerability
[OpenPKG-SA-2003.026] OpenPKG Security Advisory (openssl)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenPKG Security AdvisoryThe OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] OpenPKG-SA-2003.026 20-Mar-2003 Package: openssl Vulnerability: information leakage OpenPKG Specific:no Affected Releases: Affected Packages: Corrected Packages: OpenPKG CURRENT = openssl-0.9.7a-20030317 = openssl-0.9.7a-20030320 OpenPKG 1.2 = openssl-0.9.7-1.2.2 = openssl-0.9.7-1.2.3 OpenPKG 1.1 = openssl-0.9.6g-1.1.2= openssl-0.9.6g-1.1.3 Affected Releases: Dependent Packages: OpenPKG CURRENT apache cadaver cpu curl dsniff easysoap ethereal exim fetchmail imap imapd inn linc links lynx mico mixmaster mozilla mutt nail neon openldap openvpn perl-ssl postfix postgresql qpopper samba sendmail siege sio sitecopy socat stunnel subversion sysmon w3m wget OpenPKG 1.2 apache cpu curl ethereal fetchmail imap inn links lynx mico mutt nail neon openldap perl-ssl postfix postgresql qpopper samba sendmail siege sitecopy socat stunnel sysmon w3m wget OpenPKG 1.1 apache curl fetchmail inn links lynx mutt neon openldap perl-ssl postfix postgresql qpopper samba siege sitecopy socat stunnel sysmon w3m Description: According to an OpenSSL [0] security advisory [1], Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa have come up with an extension of the Bleichenbacher attack on RSA with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. The attack was documented in their report Attacking RSA-based Sessions in SSL/TLS [2]. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2003-0147 [3] to the problem. Their attack requires the attacker to open millions of SSL/TLS connections to the server under attack. The server's behaviour when faced with specially made-up RSA ciphertexts can reveal information that in effect allows the attacker to perform a single RSA private key operation on a ciphertext of its choice using the server's RSA key. Note that the server's RSA key is not compromised in this attack. Please check whether you are affected by running prefix/bin/rpm -q openssl. If you have the openssl package installed and its version is affected (see above), we recommend that you immediately upgrade it (see Solution) and it's dependent packages (see above), if any, too. [4][5] Solution: Select the updated source RPM appropriate for your OpenPKG release [6][7], fetch it from the OpenPKG FTP service [8][9] or a mirror location, verify its integrity [10], build a corresponding binary RPM from it [4] and update your OpenPKG installation by applying the binary RPM [5]. For the current release OpenPKG 1.2, perform the following operations to permanently fix the security problem (for other releases adjust accordingly). $ ftp ftp.openpkg.org ftp bin ftp cd release/1.2/UPD ftp get openssl-0.9.7-1.2.3.src.rpm ftp bye $ prefix/bin/rpm -v --checksig openssl-0.9.7-1.2.3.src.rpm $ prefix/bin/rpm --rebuild openssl-0.9.7-1.2.3.src.rpm $ su - # prefix/bin/rpm -Fvh prefix/RPM/PKG/openssl-0.9.7-1.2.3.*.rpm Additionally, you have to rebuild and reinstall all dependent packages (see above), too. [4][5] References: [0] http://www.openssl.org/ [1] http://www.openssl.org/news/secadv_20030319.txt [2] http://eprint.iacr.org/2003/052/ [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0131 [4] http://www.openpkg.org/tutorial.html#regular-source [5] http://www.openpkg.org/tutorial.html#regular-binary [6] ftp://ftp.openpkg.org/release/1.1/UPD/openssl-0.9.6g-1.1.3.src.rpm [7] ftp://ftp.openpkg.org/release/1.2/UPD/openssl-0.9.7-1.2.3.src.rpm [8] ftp://ftp.openpkg.org/release/1.1/UPD/ [9] ftp://ftp.openpkg.org/release/1.2/UPD/ [10] http://www.openpkg.org/security.html#signature For security reasons, this advisory was digitally signed with the OpenPGP public key OpenPKG [EMAIL PROTECTED] (ID 63C4CB9F) of the OpenPKG project which you can find under the official URL http://www.openpkg.org/openpkg.pgp or on http://keyserver.pgp.com/. To check the integrity of this advisory, verify its digital signature by using GnuPG (http://www.gnupg.org/). For instance, pipe this message to the command gpg --verify --keyserver keyserver.pgp.com
Opara 6.06 Released, Security-Hole Left
Opera Software released Opera 6.06. However, the security hole that we had released on Feb 9th, 2003 (Opera Username Buffer Overflow Vulnerability [http://www.securityfocus.com/archive/1/311194]) has not been fixed yet. Opera 6.06 still has this security hole, to which we should pay heed. Here attached an HTML file that you can easily check this vulnerability. This would run the code that launches the Internet Explorer. Change file extension to HTML. -- nesumin [EMAIL PROTECTED] unbof_demo.txt Description: Binary data
[SCSA-011] Path Disclosure Vulnerability in XOOPS
Security Corporation Security Advisory [SCSA-011] PROGRAM: XOOPS HOMEPAGE: http://www.xoops.org/ VULNERABLE VERSIONS: v2.0 (and prior ?) DESCRIPTION XOOPS is a dynamic OO (Object Oriented) based open source portal script written in PHP. XOOPS is the ideal tool for developing small to large dynamic community websites,intra company portals, corporate portals, weblogs and much more. (direct quote from XOOPS website) DETAILS EXPLOITS ¤ Details Path Disclosure : A vulnerability have been found in XOOPS which allow attackers to determine the physical path of the application. This vulnerability would allow a remote user to determine the full path to the web root directory and other potentially sensitive information. This vulnerability can be triggered by a remote user submitting a specially crafted HTTP request including invalid input to the $xoopsOption variable. ¤ Exploits Path Disclosure : http://[target]/index.php?xoopsOption=any_word Affected files: admin.php edituser.php footer.php header.php image.php lostpass.php pmlite.php readpmsg.php register.php search.php user.php userinfo.php viewpmsg.php class/xoopsblock.php modules/contact/index.php modules/mydownloads/index.php modules/mydownloads/brokenfile.php modules/mydownloads/modfile.php modules/mydownloads/ratefile.php modules/mydownloads/singlefile.php modules/mydownloads/submit.php modules/mydownloads/topten.php modules/mydownloads/viewcat.php modules/mylinks/brokenlink.php modules/mylinks/index.php modules/mylinks/modlink.php modules/mylinks/ratelink.php modules/mylinks/singlelink.php modules/mylinks/submit.php modules/mylinks/topten.php modules/mylinks/viewcat.php modules/newbb/index.php modules/newbb/search.php modules/newbb/viewforum.php modules/newbb/viewtopic.php modules/news/archive.php modules/news/article.php modules/news/index.php modules/sections/index.php modules/system/admin.php modules/xoopsfaq/index.php modules/xoopsheadlines/index.php modules/xoopsmembers/index.php modules/xoopspartners/index.php modules/xoopspartners/join.php modules/xoopspoll/index.php modules/xoopspoll/pollresults.php SOLUTIONS No solution for the moment. VENDOR STATUS The vendor has reportedly been notified. LINKS Version Française : http://www.security-corporation.com/index.php?id=advisoriesa=011-FR Grégory Le Bras aka GaLiaRePt | http://www.Security-Corporation.com