Re: [Full-disclosure] Remote buffer overflow in httpdx
Can't reproduce it too (XPSP3 En + httpdx 1.4.0)... On Fri, Oct 9, 2009 at 8:49 AM, dr_...@hushmail.com wrote: this didn't seem to work for me. Test system XPSP3 + httpdx 1.4.0. Definitely causes a crash but the retn/offsets must not be universal? -- Best wishes, Freddie Vicious http://twitter.com/viciousf ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] When is it valid to claim that a vulnerability leads to a remote attack?
On Sat, 10 Oct 2009 22:32:49 CDT, Rohit Patnaik said: Well, why are you relying on Thierry's clock to date your message? Your e-mail client should use your local clock/mail server clock to timestamp messages. Hint: your e-mail client *can't* timestamp this message, because it has no *clue* when I hit send on this message. Consider that you can't even trust the timestamp on the first Received: header, because I could very well have composed the mail and hit send while offline, and it got posted to a server once I had network connectivity again. The sending MUA is responsible for this, but often an end-user MUA will fail to add a Date: header and the fixup is done at the first mail server, pgpUxWJcgVj72.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Cellphone with USB host
valdis.kletni...@vt.edu wrote: So guys - what would be the ideal corporate-espionage device, and what's the best approximation currently on the market? AFAIK, it's a field of one: http://www.immunitysec.com/products-silica.shtml =i ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] A CALL TO ARMS ON RESPONSIBLE DISCLOSURE
Greetin's t'my homeys and colleagues uh Full Disclosho' man: De days uh responsible disclosho' man be now behind us. Fo' years many in de security community been playin' games wid software and hardware vendo's, by attemptin' t'responsibly repo't security vulnerabilities. Mo'e often dan not, especially de case wid some select few companies, only one uh de two ssnatchholders involved be actually practicin' nuthin dat resembles responsibility. Slap mah fro! One majo' vendo' comes t'mind here (Apple, I'm lookin' at ya'). Dis vendo' spends hundreds uh millions uh dollars each year on advertisin' drough various media claimin' deir products is secure, o' at least mo'e secure dan de competishun. When actual vulnerabilities is repo'ted t'Apple, de company may spend down t'a year sittin' on dese befo'e dey is mitigated by security downdates. Compoundin' dis issue be de observashun dat security practices in Apple code be ho'ribly substandard. Even wo'se - due t'de opaque nature uh de company - we gots absolutely no idea if changes is in place t'improve downon dese issues. All uh dis brin's us t'de inevitable conclusion, dig dis: Responsible disclosho' be only justifiable wid responsible vendo's. If vendo's likes Apple continue t'completely disregard security, dere be no reason fo' any sucka in de community t'play deir game. Dank ya', and bd night. Man! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:268 ] mono
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:268 http://www.mandriva.com/security/ ___ Package : mono Date: October 12, 2009 Affected: 2008.1, 2009.0, Enterprise Server 5.0 ___ Problem Description: Multiple vulnerabilities has been found and corrected in mono: Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren) (CVE-2008-3422). The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation (CVE-2009-0217). This update fixes these vulnerabilities. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217 ___ Updated Packages: Mandriva Linux 2008.1: de6e265dd80c5f7654d7f1781b3376aa 2008.1/i586/jay-1.2.6-4.2mdv2008.1.i586.rpm 97452600ab02162347cf54328aabd7bd 2008.1/i586/libmono0-1.2.6-4.2mdv2008.1.i586.rpm f2b1560754e944ca8c56afb1cfdd10b5 2008.1/i586/libmono-devel-1.2.6-4.2mdv2008.1.i586.rpm 6066d1f5a75d974bfb52080d88c99aa1 2008.1/i586/mono-1.2.6-4.2mdv2008.1.i586.rpm 60ac8f3516199746756973b6f2c88281 2008.1/i586/mono-bytefx-data-mysql-1.2.6-4.2mdv2008.1.i586.rpm fa88de113c3eae5911d5269656e0f7ae 2008.1/i586/mono-data-1.2.6-4.2mdv2008.1.i586.rpm e2cf3a1bec78c70d3e923fe6cfd6657d 2008.1/i586/mono-data-firebird-1.2.6-4.2mdv2008.1.i586.rpm 4d6f885af6d50ac55fbce71bfb5d7cd3 2008.1/i586/mono-data-oracle-1.2.6-4.2mdv2008.1.i586.rpm a04a52cd15bc0ece596a3aefc748583b 2008.1/i586/mono-data-postgresql-1.2.6-4.2mdv2008.1.i586.rpm ec526c8f8f1ff2c55c8f68ddc80440ac 2008.1/i586/mono-data-sqlite-1.2.6-4.2mdv2008.1.i586.rpm 42c6c3df6268fe5823151258aec47f21 2008.1/i586/mono-data-sybase-1.2.6-4.2mdv2008.1.i586.rpm 8dbf5a4694b0b0849dfb4db338a495b1 2008.1/i586/mono-doc-1.2.6-4.2mdv2008.1.i586.rpm 78e393239b960afa6c21758a18792b56 2008.1/i586/mono-extras-1.2.6-4.2mdv2008.1.i586.rpm 8166a539f5f63fb85feaeb5e6d4888d3 2008.1/i586/mono-ibm-data-db2-1.2.6-4.2mdv2008.1.i586.rpm 48506beebc8f97bbb72b8ae6c802f56e 2008.1/i586/mono-jscript-1.2.6-4.2mdv2008.1.i586.rpm 9984610d5485bdbd5daeb4cb1844ec7a 2008.1/i586/mono-locale-extras-1.2.6-4.2mdv2008.1.i586.rpm a29437ca4e9718ec03274791754d7eb8 2008.1/i586/mono-nunit-1.2.6-4.2mdv2008.1.i586.rpm 350eaa5dcbdc29ba80b393abbe6cc4d3 2008.1/i586/mono-web-1.2.6-4.2mdv2008.1.i586.rpm 209c1d3721b1dd3344f3cf9fa4e5c4d8 2008.1/i586/mono-winforms-1.2.6-4.2mdv2008.1.i586.rpm 35c1fbf300b903d847c6545f9b10702a 2008.1/SRPMS/mono-1.2.6-4.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: edc5a920e6b80e4ecf3d6ce792d3f272 2008.1/x86_64/jay-1.2.6-4.2mdv2008.1.x86_64.rpm 602c11d794ecc88275dc41c72467bbfa 2008.1/x86_64/lib64mono0-1.2.6-4.2mdv2008.1.x86_64.rpm 6e9cf2b10af360860e15141d7aae81b0 2008.1/x86_64/lib64mono-devel-1.2.6-4.2mdv2008.1.x86_64.rpm 4ae0c0472dbf89975804afec253fcece 2008.1/x86_64/mono-1.2.6-4.2mdv2008.1.x86_64.rpm 3e142d74f0f323b18f8041df29d9af23 2008.1/x86_64/mono-bytefx-data-mysql-1.2.6-4.2mdv2008.1.x86_64.rpm 72923b3d6c1ae03aaf7e7f112fb3985f 2008.1/x86_64/mono-data-1.2.6-4.2mdv2008.1.x86_64.rpm 6669388d97d8870e4ae1aac4561d437a 2008.1/x86_64/mono-data-firebird-1.2.6-4.2mdv2008.1.x86_64.rpm ff3b71cf21ede8bb278b22943032efc8 2008.1/x86_64/mono-data-oracle-1.2.6-4.2mdv2008.1.x86_64.rpm 41bf141eaa17dc71140292958c30a299 2008.1/x86_64/mono-data-postgresql-1.2.6-4.2mdv2008.1.x86_64.rpm ffbe552fcc362ce25577b01bae7d2d17 2008.1/x86_64/mono-data-sqlite-1.2.6-4.2mdv2008.1.x86_64.rpm 1ddfa0b0eb1fb021616cac7e539ebe15 2008.1/x86_64/mono-data-sybase-1.2.6-4.2mdv2008.1.x86_64.rpm 71728b6881d74243161d09b8bb287272 2008.1/x86_64/mono-doc-1.2.6-4.2mdv2008.1.x86_64.rpm 8b0b39af45958b8999d5cb4f835d22d6 2008.1/x86_64/mono-extras-1.2.6-4.2mdv2008.1.x86_64.rpm 3dbc4666c3dde4e7341d46a117f8e5c2 2008.1/x86_64/mono-ibm-data-db2-1.2.6-4.2mdv2008.1.x86_64.rpm 6939c8e5a38e0007d9cb3467877f0a1b 2008.1/x86_64/mono-jscript-1.2.6-4.2mdv2008.1.x86_64.rpm 22e17b6fb762740073627357ab0bfc8d 2008.1/x86_64/mono-locale-extras-1.2.6-4.2mdv2008.1.x86_64.rpm 17c4ea75b0b538c0932fe465fff7c150 2008.1/x86_64/mono-nunit-1.2.6-4.2mdv2008.1.x86_64.rpm
[Full-disclosure] [ MDVSA-2009:269 ] mono
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:269 http://www.mandriva.com/security/ ___ Package : mono Date: October 12, 2009 Affected: 2009.1 ___ Problem Description: A vulnerability has been found and corrected in mono: The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation (CVE-2009-0217). This update fixes this vulnerability. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217 ___ Updated Packages: Mandriva Linux 2009.1: 96e9b3a164ba54df856e53d75f9a770e 2009.1/i586/jay-2.2-2.1mdv2009.1.i586.rpm 4f4670e50e1b8ebab0ae1c4b26a08fd0 2009.1/i586/libmono0-2.2-2.1mdv2009.1.i586.rpm e3744379037dabebe6d42673d9eabe5b 2009.1/i586/libmono-devel-2.2-2.1mdv2009.1.i586.rpm 4a56747ad655d38fa12b1058d9064074 2009.1/i586/mono-2.2-2.1mdv2009.1.i586.rpm 003d4591273b096b5821e23568cf5e0a 2009.1/i586/mono-bytefx-data-mysql-2.2-2.1mdv2009.1.i586.rpm d9e290994110aa9dd017c66bddd7 2009.1/i586/mono-data-2.2-2.1mdv2009.1.i586.rpm 458f50bfd97cc07af88810454b010e1f 2009.1/i586/mono-data-firebird-2.2-2.1mdv2009.1.i586.rpm 9a1d5cb0870076d0295c3acf47c0f71f 2009.1/i586/mono-data-oracle-2.2-2.1mdv2009.1.i586.rpm 1122700a1b4c50a730ad4750854ab240 2009.1/i586/mono-data-postgresql-2.2-2.1mdv2009.1.i586.rpm dbd00c88b8c0d2cdd63abb17af398c27 2009.1/i586/mono-data-sqlite-2.2-2.1mdv2009.1.i586.rpm 3b3aa065531b9799deada8bd05f19916 2009.1/i586/mono-data-sybase-2.2-2.1mdv2009.1.i586.rpm 61f0442d103a426463656bc904b14616 2009.1/i586/mono-doc-2.2-2.1mdv2009.1.i586.rpm 7040660051b34492e967987f51ece5af 2009.1/i586/monodoc-core-2.2-2.1mdv2009.1.i586.rpm 00cd782fe8c4e709027d4971d29b8b3e 2009.1/i586/mono-extras-2.2-2.1mdv2009.1.i586.rpm 0f806054daf0af31829fe2b0354250f4 2009.1/i586/mono-ibm-data-db2-2.2-2.1mdv2009.1.i586.rpm f930305f456043350c81e3c44f19bb31 2009.1/i586/mono-jscript-2.2-2.1mdv2009.1.i586.rpm 189188a2077200423f6161b426204037 2009.1/i586/mono-locale-extras-2.2-2.1mdv2009.1.i586.rpm a237cc30a57ea6558fa26a04b9f3651b 2009.1/i586/mono-nunit-2.2-2.1mdv2009.1.i586.rpm 382a16b45688e1643f1891b3d1d95a22 2009.1/i586/mono-wcf-2.2-2.1mdv2009.1.i586.rpm f4e6ada2408f0da6a96fdb28e3999049 2009.1/i586/mono-web-2.2-2.1mdv2009.1.i586.rpm cfe865c6c6fc5e1fa705d169595b0b4d 2009.1/i586/mono-winforms-2.2-2.1mdv2009.1.i586.rpm 7232fac0d533279ca536237489068246 2009.1/SRPMS/mono-2.2-2.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: bff1779d589c70471dbb6b05ee82e227 2009.1/x86_64/jay-2.2-2.1mdv2009.1.x86_64.rpm a03b05d0e5f94da47e5c3105b2d0df22 2009.1/x86_64/lib64mono0-2.2-2.1mdv2009.1.x86_64.rpm 828983abe2dcb2d8a2967458bb90588f 2009.1/x86_64/lib64mono-devel-2.2-2.1mdv2009.1.x86_64.rpm 0c60ed0e602dcae3ec7308ee937133b0 2009.1/x86_64/mono-2.2-2.1mdv2009.1.x86_64.rpm 8bc1829108be95bb5e69a2ae3a920d5c 2009.1/x86_64/mono-bytefx-data-mysql-2.2-2.1mdv2009.1.x86_64.rpm 85ae4608e417cdb09f22e8105010666f 2009.1/x86_64/mono-data-2.2-2.1mdv2009.1.x86_64.rpm 3e280a15afa1e0e49260d0a1cab64ba9 2009.1/x86_64/mono-data-firebird-2.2-2.1mdv2009.1.x86_64.rpm 8b46279669d7058b4e694f10abfc5a71 2009.1/x86_64/mono-data-oracle-2.2-2.1mdv2009.1.x86_64.rpm 08bb987e63fa734630fa42cbd4765e5f 2009.1/x86_64/mono-data-postgresql-2.2-2.1mdv2009.1.x86_64.rpm 0de9d14ce9a694486ed1fc61fc849622 2009.1/x86_64/mono-data-sqlite-2.2-2.1mdv2009.1.x86_64.rpm 22686169abac34886e19a8e8ae317a2d 2009.1/x86_64/mono-data-sybase-2.2-2.1mdv2009.1.x86_64.rpm ac03ca7841196be3fb34cb952d426078 2009.1/x86_64/mono-doc-2.2-2.1mdv2009.1.x86_64.rpm a36a5699db35f9e265a2082cb9d47d9a 2009.1/x86_64/monodoc-core-2.2-2.1mdv2009.1.x86_64.rpm 96bf175550b6f4ae2713711c603226a5 2009.1/x86_64/mono-extras-2.2-2.1mdv2009.1.x86_64.rpm da4fd7e69ca81b3ac9c633905699b706 2009.1/x86_64/mono-ibm-data-db2-2.2-2.1mdv2009.1.x86_64.rpm d31b2c8140166736ce6a4adb00c9b2f7 2009.1/x86_64/mono-jscript-2.2-2.1mdv2009.1.x86_64.rpm 158058655ac916fb99bd9b16dab7f6c2 2009.1/x86_64/mono-locale-extras-2.2-2.1mdv2009.1.x86_64.rpm 1c4a616ecab13e6ecd21fc236fd0f075 2009.1/x86_64/mono-nunit-2.2-2.1mdv2009.1.x86_64.rpm 9cbdfc4932b805bbe20c8efd313b11c0 2009.1/x86_64/mono-wcf-2.2-2.1mdv2009.1.x86_64.rpm e6a47f1c4de5510bee4219e90380e679 2009.1/x86_64/mono-web-2.2-2.1mdv2009.1.x86_64.rpm 85901b71e4bea731f859f5fafdcb741f 2009.1/x86_64/mono-winforms-2.2-2.1mdv2009.1.x86_64.rpm 7232fac0d533279ca536237489068246 2009.1/SRPMS/mono-2.2-2.1mdv2009.1.src.rpm
[Full-disclosure] [SECURITY] [DSA 1906-1] End-of-life announcement for clamav in stable and oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1906-1 secur...@debian.org http://www.debian.org/security/ Steffen Joeris October 11, 2009 http://www.debian.org/security/faq - Package: clamav Security support for clamav, an anti-virus utility for Unix, has been discontinued for the stable distribution (lenny) and the oldstable distribution (etch). Clamav Upstream has stopped supporting the releases in etch and lenny. Also, it is not easily possible to receive signature updates for the virus scanner with our released versions anymore. We recommend that all clamav users consider switching to the version in debian-volatile, which receives regular updates and security support on a best effort basis. For more information on debian-volatile, please visit http://www.debian.org/volatile/ - Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkrRHHwACgkQ62zWxYk/rQfXfQCbBETZH8cHjX+0lXfUSvm/i3Xg xR8AnRgYQzPPPmldm/0lky7VrWt/vXMX =7Mzi -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:270 ] wireshark
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:270 http://www.mandriva.com/security/ ___ Package : wireshark Date: October 12, 2009 Affected: 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability has been found and corrected in wireshark: Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets (CVE-2009-3241). This update fixes this vulnerability. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3241 ___ Updated Packages: Mandriva Linux 2009.0: 2bde688e3de981ae3180da4f05f5e860 2009.0/i586/dumpcap-1.0.8-3.3mdv2009.0.i586.rpm 8216fb437b04046ad2b78c6a8ddebdce 2009.0/i586/libwireshark0-1.0.8-3.3mdv2009.0.i586.rpm 282063c02297a2a70be4fd87b69762c0 2009.0/i586/libwireshark-devel-1.0.8-3.3mdv2009.0.i586.rpm 93b7d86a3f5e45c8bbe0ecd349c97bde 2009.0/i586/rawshark-1.0.8-3.3mdv2009.0.i586.rpm f4f449adb85ac8bfc32ace580857a6ea 2009.0/i586/tshark-1.0.8-3.3mdv2009.0.i586.rpm 8716922a83cd417e9b7b2ce883ca884c 2009.0/i586/wireshark-1.0.8-3.3mdv2009.0.i586.rpm 08268e3ffdd712e455683461c7824932 2009.0/i586/wireshark-tools-1.0.8-3.3mdv2009.0.i586.rpm 557f530edfefccd6c86722471a420157 2009.0/SRPMS/wireshark-1.0.8-3.3mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 351498c928631fca8b4a17e2cda0e9e4 2009.0/x86_64/dumpcap-1.0.8-3.3mdv2009.0.x86_64.rpm 031e245b10fbceb7b0c31a6655f6e865 2009.0/x86_64/lib64wireshark0-1.0.8-3.3mdv2009.0.x86_64.rpm ea2868e2e3275ef8d81d1df0921c94a4 2009.0/x86_64/lib64wireshark-devel-1.0.8-3.3mdv2009.0.x86_64.rpm c2de9defd468a89b0253dc666c1deec5 2009.0/x86_64/rawshark-1.0.8-3.3mdv2009.0.x86_64.rpm b78e8891183e62b82c7e2b69c82d6b2f 2009.0/x86_64/tshark-1.0.8-3.3mdv2009.0.x86_64.rpm 77587f7f59238df2369268343fab38df 2009.0/x86_64/wireshark-1.0.8-3.3mdv2009.0.x86_64.rpm 7f73ef1ea62e8135449aef0081767b9a 2009.0/x86_64/wireshark-tools-1.0.8-3.3mdv2009.0.x86_64.rpm 557f530edfefccd6c86722471a420157 2009.0/SRPMS/wireshark-1.0.8-3.3mdv2009.0.src.rpm Mandriva Linux 2009.1: 60a5e67fccdef0c1262fbd0a09c2348c 2009.1/i586/dumpcap-1.0.8-3.3mdv2009.1.i586.rpm 5acf7dc50d50c411b95197afd57e900e 2009.1/i586/libwireshark0-1.0.8-3.3mdv2009.1.i586.rpm b5d518bb595eab0ae8d45076251f5310 2009.1/i586/libwireshark-devel-1.0.8-3.3mdv2009.1.i586.rpm 9e6420089364f4328f23f69097234ef4 2009.1/i586/rawshark-1.0.8-3.3mdv2009.1.i586.rpm 6f1185ef8f9f40bbb658f717aa3e1bc3 2009.1/i586/tshark-1.0.8-3.3mdv2009.1.i586.rpm abb50dcc4f9f724a9616c9312f22242d 2009.1/i586/wireshark-1.0.8-3.3mdv2009.1.i586.rpm 9b57739a885b779ed27f8ecd1741741c 2009.1/i586/wireshark-tools-1.0.8-3.3mdv2009.1.i586.rpm 0de2b5f93d233d934fc60db6b878df39 2009.1/SRPMS/wireshark-1.0.8-3.3mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: bd69b75efaf76123bc6f432b497c4d48 2009.1/x86_64/dumpcap-1.0.8-3.3mdv2009.1.x86_64.rpm ca9e6caf06d3d04b6733c91b4fdebadf 2009.1/x86_64/lib64wireshark0-1.0.8-3.3mdv2009.1.x86_64.rpm 080aeaac702ee188bb14117f4fb8ad78 2009.1/x86_64/lib64wireshark-devel-1.0.8-3.3mdv2009.1.x86_64.rpm 26f7faa79b096c647a7dc28b7437a43d 2009.1/x86_64/rawshark-1.0.8-3.3mdv2009.1.x86_64.rpm 907b493706802e0346f9b49d30c6ab8a 2009.1/x86_64/tshark-1.0.8-3.3mdv2009.1.x86_64.rpm e9f7324616e46f70f1121067c7e90763 2009.1/x86_64/wireshark-1.0.8-3.3mdv2009.1.x86_64.rpm 6d8711428172217d929ddde4af90d753 2009.1/x86_64/wireshark-tools-1.0.8-3.3mdv2009.1.x86_64.rpm 0de2b5f93d233d934fc60db6b878df39 2009.1/SRPMS/wireshark-1.0.8-3.3mdv2009.1.src.rpm Corporate 4.0: 235a73de04afa52b6c2bd4d15fc04de8 corporate/4.0/i586/dumpcap-1.0.8-0.3.20060mlcs4.i586.rpm 527692971e6feb970b85d660ec3db6f5 corporate/4.0/i586/libwireshark0-1.0.8-0.3.20060mlcs4.i586.rpm 54e5d379b63c1dd73dd0a6637117c80e corporate/4.0/i586/libwireshark-devel-1.0.8-0.3.20060mlcs4.i586.rpm 3c632ea90bef9509cb12c87ab4260bc5 corporate/4.0/i586/rawshark-1.0.8-0.3.20060mlcs4.i586.rpm 8009af53ab8d2f2e6771c08d88f3696e corporate/4.0/i586/tshark-1.0.8-0.3.20060mlcs4.i586.rpm 22f786d733ceada2b2714d7a92bdbd96 corporate/4.0/i586/wireshark-1.0.8-0.3.20060mlcs4.i586.rpm b4c9f6f49203ddfa51e71dc63a859f63 corporate/4.0/i586/wireshark-tools-1.0.8-0.3.20060mlcs4.i586.rpm c595cf7c6f131cf59cd842886f5ad4b8 corporate/4.0/SRPMS/wireshark-1.0.8-0.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 42469cfd64904936faa44d905748528c
[Full-disclosure] [ MDVSA-2009:271 ] libnasl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:271 http://www.mandriva.com/security/ ___ Package : libnasl Date: October 12, 2009 Affected: Corporate 4.0 ___ Problem Description: A vulnerability has been found and corrected in libnasl: nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 (CVE-2009-0125). This update fixes this vulnerability. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0125 ___ Updated Packages: Corporate 4.0: 5d0a75952ac9fa3c8fcf62a00bd072c1 corporate/4.0/i586/libnasl2-2.2.4-1.1.20060mlcs4.i586.rpm 49a5d1e0e484d36e5fdd31cfeff734b0 corporate/4.0/i586/libnasl2-devel-2.2.4-1.1.20060mlcs4.i586.rpm 727b1ff5b789fcce219553b95e1870a0 corporate/4.0/SRPMS/libnasl-2.2.4-1.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 11e767b9e52c2971e416d3c1207cc602 corporate/4.0/x86_64/lib64nasl2-2.2.4-1.1.20060mlcs4.x86_64.rpm 105602aac8d6f82ea356916778f64c7c corporate/4.0/x86_64/lib64nasl2-devel-2.2.4-1.1.20060mlcs4.x86_64.rpm 727b1ff5b789fcce219553b95e1870a0 corporate/4.0/SRPMS/libnasl-2.2.4-1.1.20060mlcs4.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFK00WhmqjQ0CJFipgRAuaSAKCCFkrs5t96+E2lhvJmA3l+CTplxgCeOtOO 0KIPfgnYr44XAVqBC+qAOSg= =/pkQ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [-SPAM-] Re: When is it valid to claim that a vulnerability leads to a remote attack?
Hi James, Well, that would explain why client side exploits are so fruity these days. Probably nobody invests into protection against them , as the risk assessment team tells them it is a local issue only ? Pun intended ;) A PDF/DOC exploit should be classified as remotely exploitable or else your assessment suffers from lack of reality - sorry. We have the following denominations in this thread, which all mean different things, doesn't really help us here : * a remote bug * a remote attack * remotely exploitable A remote attack = An action Remotely exploitable = possibility that vulnerability is exploited remotely A remote bug= a bug that is remotely triggerable (??) doesn't even imply it is exploitable. I only perceive one of these denominations to be worth being used in risk assessment -that being remotely exploitable JM If you classify a remote bug (anything that can be exploited remotely) then JM you are classifying all bugs (you can use a privilege escalation exploit JM remotely) Yes, you actually should consider you can use these types of attacks remotely, but normally not without a first degree remote vulnerability (add that to the list of denominations). JM I agree with Thor, anything that exploits a remote service JM (HTTP,FTP Etc..) without any user interaction. JM On Sun, Oct 11, 2009 at 12:54 AM, Thor (Hammer of God) t...@hammerofgod.com wrote: I think we can agree that yes, it is remotely exploitable and as such should be categorized as remote in Risk/Impactt scoring systems ? Does anybody disagree ? I'd be interested to hear your point of view. Hey Thierry - I hope all is well... I'm happy to include user assisted remote exploitation as a remote vulnerability in academic conversations, but I don't categorize it as remote when assessing overall risk to a particular threat in production environments. Like everyone else, my TMs include impact and skill required to exploit a particular vulnerability; but they also include likelihood of exploitation. While that may sound like a wildcard metric, I quantify it by applying the internal controls in place that may mitigate a particular attack. In my networks (networks I control, design, or consult for) most users couldn't execute [common] exploits even if they wanted to. I won't bore you with the controls I deploy as I'm confident you are well aware of the options one has, but the fact they exist at all place user assisted remote exploits in a different category for me when assessing risk. When the propensity for a vulnerability to be exploited lies in a particular user's response to any given trigger, as opposed to any authoritative in-place controls to mitigate exposure, then a model's relevant response options are greatly diminished (IMO). As such, I choose to categorize remote exploits as those that may be executed against a given host that is autonomously running a [vulnerable] service that can be connected to by some (any) other network client, device, or service for the purposes of ascertaining overall risk. t ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://blog.zoller.lu Thierry Zoller ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:272 ] libmikmod
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:272 http://www.mandriva.com/security/ ___ Package : libmikmod Date: October 12, 2009 Affected: 2008.1, 2009.0, Enterprise Server 5.0 ___ Problem Description: Multiple vulnerabilities has been found and corrected in libmikmod: libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels (CVE-2007-6720). libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file (CVE-2009-0179). This update fixes these vulnerabilities. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0179 ___ Updated Packages: Mandriva Linux 2008.1: ee13f78e0745fc4c3c0114ecbf9f4699 2008.1/i586/libmikmod2-3.1.11a-10.1mdv2008.1.i586.rpm aba86fb918942cd6b0b1fb56132d280d 2008.1/i586/libmikmod-devel-3.1.11a-10.1mdv2008.1.i586.rpm 99e59be60034ec2dc460d02466520cb2 2008.1/SRPMS/libmikmod-3.1.11a-10.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: f8705d80b93a24f70fbbac068a9a14db 2008.1/x86_64/lib64mikmod2-3.1.11a-10.1mdv2008.1.x86_64.rpm b27378922ebd3d0877df90307bc6f70d 2008.1/x86_64/lib64mikmod-devel-3.1.11a-10.1mdv2008.1.x86_64.rpm 99e59be60034ec2dc460d02466520cb2 2008.1/SRPMS/libmikmod-3.1.11a-10.1mdv2008.1.src.rpm Mandriva Linux 2009.0: 4d222768adda8adeeec869135c69db61 2009.0/i586/libmikmod3-3.2.0-0.beta2.2.1mdv2009.0.i586.rpm 0792993b84ec5165267f08215b94b249 2009.0/i586/libmikmod-devel-3.2.0-0.beta2.2.1mdv2009.0.i586.rpm b169668d67ed8f1ab2054390c2042e0d 2009.0/SRPMS/libmikmod-3.2.0-0.beta2.2.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 13348ccba98cdb6d03e968ef7c8d9d31 2009.0/x86_64/lib64mikmod3-3.2.0-0.beta2.2.1mdv2009.0.x86_64.rpm e90672c09034110b6115e250664ab09b 2009.0/x86_64/lib64mikmod-devel-3.2.0-0.beta2.2.1mdv2009.0.x86_64.rpm b169668d67ed8f1ab2054390c2042e0d 2009.0/SRPMS/libmikmod-3.2.0-0.beta2.2.1mdv2009.0.src.rpm Mandriva Enterprise Server 5: 56561664eb1c0a22d14f6e2115bcfb06 mes5/i586/libmikmod3-3.2.0-0.beta2.2.1mdvmes5.i586.rpm 3eafb10d9b0231549efc8b35d77bb95e mes5/i586/libmikmod-devel-3.2.0-0.beta2.2.1mdvmes5.i586.rpm 94450e433b21a78259f80b4ad356903c mes5/SRPMS/libmikmod-3.2.0-0.beta2.2.1mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 870f77ca7417e18cbaecc15060e24532 mes5/x86_64/lib64mikmod3-3.2.0-0.beta2.2.1mdvmes5.x86_64.rpm 999b6603d2267b3dbd7bb1cf5f0ad113 mes5/x86_64/lib64mikmod-devel-3.2.0-0.beta2.2.1mdvmes5.x86_64.rpm 94450e433b21a78259f80b4ad356903c mes5/SRPMS/libmikmod-3.2.0-0.beta2.2.1mdvmes5.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFK02dpmqjQ0CJFipgRAvltAKCQCTp82m2A5I4AFL8OyhhD9wep/gCgk0iS 7c/1cHxm8jY7luKdEH7QpiU= =Odi6 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:273 ] strongswan
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:273 http://www.mandriva.com/security/ ___ Package : strongswan Date: October 12, 2009 Affected: Multi Network Firewall 2.0 ___ Problem Description: A vulnerability has been found and corrected in strongswan: The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string (CVE-2009-2185). This update fixes this vulnerability. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2185 ___ Updated Packages: Multi Network Firewall 2.0: f6381e633c85c2bcc8e3ca37bc7244b4 mnf/2.0/i586/strongswan-2.0.2-1.1.M20mdk.i586.rpm efae951734094a0318c61d9fa7142369 mnf/2.0/SRPMS/strongswan-2.0.2-1.1.M20mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFK0362mqjQ0CJFipgRAiSUAKDC0zWYLyRM7iXgmu3ko2WF+1AxawCg0W6b vYUPvkQGjXTeL2CFAMsMw7w= =FhUG -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
