Re: [Full-disclosure] DoS vulnerability in Internet Explorer
This is double plus good! You are a double plus good duckspeak! Oh, by the way, I got a mail from anonymous who claims that he/she/it DISCOVERED a series of important DoS of Intenet Exploder which, in every Fool-Disclosure participant's opinion, may greatly enhance the importance of your achievement. Sent: Mon 43/13/4274 B.C. 28:77 UTC To: HaveToPerish Hi, I want to warn you about Denial of Service vulnerablities in Internet Exploder. I will inform Micro$oft 6,000 years later. This attack I called recursion to death which is none of homepage's business. (homepage is my friend lived in another cave). DoS #1: script while(1) window.external.AddToFavoritesBar( 'http://example.com/slices.aspx#weather', 'Weather Conditions','slice'); /script DoS #2: script while(1) window.external.ContentDiscoveryReset(); /script ... ... ... ... Sincerely yours, Ferland Ullrich Clark Kurt Useful as the information was, I cannot reply nor hear from him/her/it again. All I know is, according to his/her/its last mail which remains in my inbox, he/she/it lived in stone age and his/her/its parents are cousins. Double plus sincerely yours, Have T. Perish ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1933-1] New cups packages fix cross-site scripting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1933-1 secur...@debian.org http://www.debian.org/security/ Steffen Joeris November 10, 2009 http://www.debian.org/security/faq - Package: cups Vulnerability : missing input sanitising Problem type : remote Debian-specific: no CVE Id : CVE-2009-2820 Aaron Siegel discovered that the web interface of cups, the Common UNIX Printing System, is prone to cross-site scripting attacks. For the stable distribution (lenny), this problem has been fixed in version 1.3.8-1+lenny7. For the oldstable distribution (etch), this problem has been fixed in version 1.2.7-4+etch9. For the testing distribution (squeeze) and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your cups packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Debian GNU/Linux 5.0 alias lenny - Debian (oldstable) - -- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9.diff.gz Size/MD5 checksum: 112995 fe3566daa6615bcd625288ce98e9384f http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9.dsc Size/MD5 checksum: 1095 804241054cda1301d183492ea5969649 Architecture independent packages: http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4+etch9_all.deb Size/MD5 checksum: 917720 bc97c75dacbd345dfd07e9397c91c38f http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4+etch9_all.deb Size/MD5 checksum:46524 4f95c2485efda6dc7fc306162a5b1641 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_alpha.deb Size/MD5 checksum:72990 bf27b53404f44fcea401f8ff88de8aa2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_alpha.deb Size/MD5 checksum: 1095268 d25ffb1cdb0d32cb3d80d6a551b355c7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_alpha.deb Size/MD5 checksum: 184818 00aa5f531b8c3a30c6c77b926be722d2 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_alpha.deb Size/MD5 checksum: 175652 d52f9ee130bbf84d5436a71bb526f56c http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_alpha.deb Size/MD5 checksum:95922 8d80f7b83c755b59401fa7dd0b2ca81e http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_alpha.deb Size/MD5 checksum: 1605614 26620cc74617e392217a198fbde74860 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_alpha.deb Size/MD5 checksum:86404 5cebb372c4230f6ec95f89be9183293c http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_alpha.deb Size/MD5 checksum:39290 429780ee5c35d47504291877979b6a15 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_amd64.deb Size/MD5 checksum: 162858 1efc0ec7be9fc17ec25aab13eeb6e169 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_amd64.deb Size/MD5 checksum:80712 2f639382f1e7767254a39358e7a79aed http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_amd64.deb Size/MD5 checksum: 1090142 e33720ca87a04a87fe9a23b281c1bac0 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_amd64.deb Size/MD5 checksum:86648 7eacddf27156689a52fe3b620392f734 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_amd64.deb Size/MD5 checksum: 1578128 1726cfeb573c14d325bd7d3c6ec29188 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_amd64.deb Size/MD5 checksum:53050 342387c9d81a32530263493d8a11eb86 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_amd64.deb
Re: [Full-disclosure] How Prosecutors Wiretap Wall Street
Mind IANAL; however it is I think a bailment even though the bailee is also engaged to act as a delivery agent. Point is that the item remains someone's property at all times, with what seem to me fairly well defined expectations around who has what rights to it. This does not disappear when delivery is done by other than the person who made the property. Electronic delivery is just another form. If the law is going to accept a notion that something is property, this follows. I would submit though that the 4th Amendment language effects is somewhat broader than items a person owns. Abolish all copyright and patent law and it would IMO still apply. Or ought to... -Original Message- From: Paul Schmehl [mailto:pschmehl_li...@tx.rr.com] Sent: Monday, November 09, 2009 9:29 PM To: Everhart, Glenn (Card Services); full-disclosure@lists.grok.org.uk Subject: RE: [Full-disclosure] How Prosecutors Wiretap Wall Street I fail to see how that applies. The law of bailment basically means that you continue to own a possession, the physical possession of which you *temporarily* grant to another party. (Allowing someone to drive your car, for example, but expecting them to return it when they're done.) When you send a twitter or email, etc., you don't have any intention of continuing to possess the property. The reason you sent the communication is so that someone else could *receive* it from you, not so they could watch it for you temporarily. When you send a letter to someone you don't continue to possess the letter. The recipient does. --On Monday, November 09, 2009 10:40 AM -0500 glenn.everh...@chase.com wrote: The law of bailment applies, I would submit, to information sent on wires. The act of sending something out is not handing it to the public domain (though it may arrive in the public domain, depending on intent). However the law of bailments seems to have been ignored by many, even though it has been around for hundreds of years. (mind: I am not a lawyer - have just read some books - and speak for myself.) -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Paul Schmehl Sent: Saturday, November 07, 2009 8:53 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] How Prosecutors Wiretap Wall Street --On November 7, 2009 4:06:42 PM -0600 mikelito...@hushmail.com wrote: But to gather intelligence about what terrorists are up to, even if a US citizen is involved, should not require a warrant. This is all well and good, until the definition of terrorist is changed and you become labeled a terrorist because your reason is suddenly counterproductive to someone else's opinion. You must apply the warrant requirement consistently. Otherwise, when interpretation of the word terrorist changes, it affects the meaning of the law. Sure. I agree with that. I think it's also important that law enforcement activities have much more stringent requirements than military intelligence has. The former is directed toward citizens, the latter toward enemies the military has to deal with. And call me crazy, but I'm just not willing to assume that someone won't abuse the power of being able to surveil US citizens and do exactly what Nixon did, spy on their competition/detractors. Surely you can admit that some people do things that they wouldn't normally do when big money and big power are involved. After all, Those who cannot learn from history are doomed to repeat it. Don't be so naive to think it can't happen again. Of course. I've never said they didn't. In fact I've stated that people in government have the same range of motives that people not in government have, including the seven deadly sins, if you will. But I've also pointed out that they are not totally evil either, as some seem to think. There are also good people in government just as there are in every other walk of life. Intelligence works best in a world of secrecy. So does deception. Significantly more so, in fact. As I've pointed out now several times, it's analogous to people that get all hot and bothered by the fact that admins have access to the data on their computers. Yes, but that computer probably doesn't belong to me but instead to my employer. If it belongs to me, you better have a policy that prevents me from using it at work, and/or a login disclaimer informing me of your right to monitor what I do if I connect to your network. If not, you better damn well have a warrant if you want to take a look at my property. Therein lies the rub. Whose property are the bits on the wire? Once you've clicked on send, be it email or im or twitter or whatever, does that transmission still belong to you? I would submit that it does not, and that the privacy laws that protect you and your house and belongings can no longer be sensibly applied. Even
Re: [Full-disclosure] How Prosecutors Wiretap Wall Street
It’s a bailment if I give a package to an agent to deliver somewhere too, but in that case the bailment Ends when delivery occurs. From: s...@strawberrycupcak.es [mailto:s...@strawberrycupcak.es] On Behalf Of dramacrat Sent: Monday, November 09, 2009 9:50 PM To: Paul Schmehl Cc: Everhart, Glenn (Card Services); full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] How Prosecutors Wiretap Wall Street The only property in a tweet or email is intellectual property, and that remains the property of the sender... in my jurisdiction, at least, which isn't even a US one. Also, this is the most pathetic nerd-fight I have seen for many a year. 2009/11/10 Paul Schmehl pschmehl_li...@tx.rr.com I fail to see how that applies. The law of bailment basically means that you continue to own a possession, the physical possession of which you *temporarily* grant to another party. (Allowing someone to drive your car, for example, but expecting them to return it when they're done.) When you send a twitter or email, etc., you don't have any intention of continuing to possess the property. The reason you sent the communication is so that someone else could *receive* it from you, not so they could watch it for you temporarily. When you send a letter to someone you don't continue to possess the letter. The recipient does. --On Monday, November 09, 2009 10:40 AM -0500 glenn.everh...@chase.com wrote: The law of bailment applies, I would submit, to information sent on wires. The act of sending something out is not handing it to the public domain (though it may arrive in the public domain, depending on intent). However the law of bailments seems to have been ignored by many, even though it has been around for hundreds of years. (mind: I am not a lawyer - have just read some books - and speak for myself.) -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Paul Schmehl Sent: Saturday, November 07, 2009 8:53 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] How Prosecutors Wiretap Wall Street --On November 7, 2009 4:06:42 PM -0600 mikelito...@hushmail.com wrote: But to gather intelligence about what terrorists are up to, even if a US citizen is involved, should not require a warrant. This is all well and good, until the definition of terrorist is changed and you become labeled a terrorist because your reason is suddenly counterproductive to someone else's opinion. You must apply the warrant requirement consistently. Otherwise, when interpretation of the word terrorist changes, it affects the meaning of the law. Sure. I agree with that. I think it's also important that law enforcement activities have much more stringent requirements than military intelligence has. The former is directed toward citizens, the latter toward enemies the military has to deal with. And call me crazy, but I'm just not willing to assume that someone won't abuse the power of being able to surveil US citizens and do exactly what Nixon did, spy on their competition/detractors. Surely you can admit that some people do things that they wouldn't normally do when big money and big power are involved. After all, Those who cannot learn from history are doomed to repeat it. Don't be so naive to think it can't happen again. Of course. I've never said they didn't. In fact I've stated that people in government have the same range of motives that people not in government have, including the seven deadly sins, if you will. But I've also pointed out that they are not totally evil either, as some seem to think. There are also good people in government just as there are in every other walk of life. Intelligence works best in a world of secrecy. So does deception. Significantly more so, in fact. As I've pointed out now several times, it's analogous to people that get all hot and bothered by the fact that admins have access to the data on their computers. Yes, but that computer probably doesn't belong to me but instead to my employer. If it belongs to me, you better have a policy that prevents me from using it at work, and/or a login disclaimer informing me of your right to monitor what I do if I connect to your network. If not, you better damn well have a warrant if you want to take a look at my property. Therein lies the rub. Whose property are the bits on the wire? Once you've clicked on send, be it email or im or twitter or whatever, does that transmission still belong to you? I would submit that it does not, and that the privacy laws that protect you and your house and belongings can no longer be sensibly applied. Even you send a private email, to whom does it belong while it's in the process of transmission? And as far as I know, there's no login disclaimer on the interwebs that allows the government to monitor what I do on
[Full-disclosure] [USN-856-1] CUPS vulnerability
=== Ubuntu Security Notice USN-856-1 November 10, 2009 cups, cupsys vulnerability CVE-2009-2820 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.15 Ubuntu 8.04 LTS: cupsys 1.3.7-1ubuntu3.6 Ubuntu 8.10: cups1.3.9-2ubuntu9.3 Ubuntu 9.04: cups1.3.9-17ubuntu3.4 Ubuntu 9.10: cups1.4.1-5ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Aaron Sigel discovered that the CUPS web interface incorrectly protected against cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.15.diff.gz Size/MD5: 104771 87e69cec16a6ce946d9596058c0261d1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.15.dsc Size/MD5: 1060 87fa569bd9079b3f9ae30a7f5b1f3ed8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.15_all.deb Size/MD5: 996 5d9f34a7f057bea3779c75981ca1d7e5 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.15_amd64.deb Size/MD5:36226 a186aaa1808f0fa03cff48951770b61b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.15_amd64.deb Size/MD5:81904 a73eba03491711b206001709bac3a550 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.15_amd64.deb Size/MD5: 2288926 bdb47ce648589b90bd4a10dbdc94f5bb http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.15_amd64.deb Size/MD5: 6096 0b87c751ab9a74660e413a0f69d68712 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.15_amd64.deb Size/MD5:77794 0c51a6a20c0007ce2f8c3be394db475b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.15_amd64.deb Size/MD5:25744 c440f5af5a1d0be9283b80eb0f4d0c83 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.15_amd64.deb Size/MD5: 130490 06fa7d92ad32a77ea5199ba83d673f2a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.15_i386.deb Size/MD5:34774 829f4e4086e8adb0eba77bcb58ecee0b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.15_i386.deb Size/MD5:77974 a7bf3198c8b5fa6da7e857e6eb8416eb http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.15_i386.deb Size/MD5: 2256010 fcd1236998321b7a8c65b3d318ee7023 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.15_i386.deb Size/MD5: 6096 6bb5d1d19ec1fc2f1875805f17e779a6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.15_i386.deb Size/MD5:76904 c61e67f0700f841e2da1e5602268df71 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.15_i386.deb Size/MD5:25742 9d736132828e8565b7d4f87fd06f9ae1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.15_i386.deb Size/MD5: 122698 03f0cc40b9f63ad05067f977f1743afc powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.15_powerpc.deb Size/MD5:40470 b13d7d7e2ebfd52f7935f230592b977a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.15_powerpc.deb Size/MD5:89554 fdf6dc49944611171160ca2e9b668886 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.15_powerpc.deb Size/MD5: 2303628 854768b41f63c26d0213a12c4bdcea6d
[Full-disclosure] [USN-857-1] Qt vulnerabilities
=== Ubuntu Security Notice USN-857-1 November 10, 2009 qt4-x11 vulnerabilities CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1699, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1725 === A security issue affects the following Ubuntu releases: Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: libqt4-webkit 4.4.3-0ubuntu1.4 Ubuntu 9.04: libqt4-webkit 4.5.0-0ubuntu4.3 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: It was discovered that QtWebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0945) Several flaws were discovered in the QtWebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1725) It was discovered that QtWebKit did not properly handle certain XSL stylesheets. If a user were tricked into viewing a malicious website, an attacker could exploit this to read arbitrary local files, and possibly files from different security zones. (CVE-2009-1699, CVE-2009-1713) It was discovered that QtWebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1712) Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.4.3-0ubuntu1.4.diff.gz Size/MD5: 116770 f73a330179df7d453f50b286ea3a2c7a http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.4.3-0ubuntu1.4.dsc Size/MD5: 2506 711cb90dfd206bd6553dbe0fb8ecd1e2 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.4.3.orig.tar.gz Size/MD5: 112939803 376c003317c4417326ba2116370227d0 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-doc-html_4.4.3-0ubuntu1.4_all.deb Size/MD5: 25758932 0b783fa95d4d41487e58d43823806355 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-doc_4.4.3-0ubuntu1.4_all.deb Size/MD5: 52821772 7d1f3762baf09178176e99e41a502a2b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-assistant_4.4.3-0ubuntu1.4_amd64.deb Size/MD5:19104 bdc4880e85e007e64d6c5fe8c7c1d81e http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 7560 b65d2d20cdac05a7e8a04c7b51bc6417 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dbg_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 87571534 73643e89deb481e7a42785d6c65b4594 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dbus_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 216798 85994fe5c3b286b137ec4f8f3ed9d55a http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-designer_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 2046478 9f4f973c93c20f88838b3b0e48548c75 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 5880176 87946243b9f91e6421a8275417bbecd5 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-gui_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 7548 df209948939090506a2f3315aa8bb63a http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-help_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 213524 556f130d7e1c1ec8f3c427888715807a http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-network_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 432962 a8f5b6db939fd74616b7e666d32dbcbb http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-0ubuntu1.4_amd64.deb Size/MD5:42350 6281fc06f2395d8462c2fd30ea3f1883 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-opengl_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 162238 3379fc614bd58cc9647b8c40782a45f3 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-qt3support_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 1352676 528c9e209ba652d994292fbfb461cb60 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-script_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 435712 af2919097110286db882cba8c40958e1
[Full-disclosure] ZDI-09-082: Microsoft Office Excel PivotTable Cache Record Parsing Memory Corruption Vulnerability
ZDI-09-082: Microsoft Office Excel PivotTable Cache Record Parsing Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-082 November 10, 2009 -- CVE ID: CVE-2009-3127 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Office Excel -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9245. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious document. The specific flaw exists when parsing a document containing a malformed PivotCache Stream. The application will utilize the iCache value of an SXVI record to seek into a list of objects. While setting an attribute of that particular object, the application will corrupt memory which can lead to code execution under the context of the currently logged in user. -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/bulletin/MS09-067.mspx -- Disclosure Timeline: 2009-08-20 - Vulnerability reported to vendor 2009-11-10 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-09-083: Microsoft Excel Shared Feature Header Pointer Offset Memory Corruption Vulnerability
ZDI-09-083: Microsoft Excel Shared Feature Header Pointer Offset Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-083 November 10, 2009 -- CVE ID: CVE-2009-3129 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Office Excel -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9231. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious spreadsheet. The specific flaw exists in the handling of Shared Feature Header (0x867) tags in an Excel BIFF file format. When processing the cbHdrData size element of the FEATHEADER it is possible to directly control the distance of a calculated pointer. This condition can be leveraged successfully to execute arbitrary code under the context of the currently logged in user. -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/bulletin/MS09-067.mspx -- Disclosure Timeline: 2009-10-20 - Vulnerability reported to vendor 2009-11-10 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iDefense Security Advisory 11.10.09: Microsoft Word FIB Processing Stack Buffer Overflow Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDefense Security Advisory 11.10.09 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 10, 2009 I. BACKGROUND Microsoft Word is a word processing application that is part of the Microsoft Office suite of products. For more information about Microsoft Word, see following web site. http://office.microsoft.com/en-us/word/default.aspx II. DESCRIPTION Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code with the privileges of the targeted user. This vulnerability occurs when Word parses the File Information Block (FIB) structure inside a Word document. When a malformed FIB structure is processed, a stack buffer overflow will occur which can lead to an exploitable condition. III. ANALYSIS Exploitation allows remote attackers to execute arbitrary code on the affected host under the context of the user opening the file. Exploitation might require that the user open a specially crafted word document with a vulnerable application. The most likely exploitation vector involves convincing a user to open a word document sent to them via e-mail or linked on a website. IV. DETECTION iDefense has confirmed fully patched Microsoft Word 2003 SP3, Microsoft Word XP SP3, Microsoft Word 2000 SP3 are vulnerable. Microsoft Word 2007 SP1 is not affected. V. WORKAROUND iDefense is currently unaware of any effective workaround for this issue. Since the vulnerability occurs in the core parsing code, it is not possible to disable the affected module. User awareness is the best defense against this type of attack. Users should not follow links or open attachments from untrusted sources or that are received unexpectedly from trusted sources. VI. VENDOR RESPONSE Microsoft Corp. has released a patch which addresses this issue. Information about downloadable vendor updates can be found by clicking on the URLs shown. http://www.microsoft.com/technet/security/bulletin/MS09-068.mspx VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2009-3135 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 03/06/2009 - Initial Contact 03/07/2009 - Initial Response 05/21/2009 - Tentative disclosure set for September 06/25/2009 - Requested CVE from Vendor 11/10/2009 - Coordinated Public Disclosure IX. CREDIT This vulnerability was discovered by Jun Mao, iDefense Labs. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2009 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerserv...@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFK+crgbjs6HoxIfBkRAkGtAKCviMdz47DU9ywyFupo4if04iOwIgCgxf/K j1lnXEpPKhx8rxYDKrGH3qM= =DyLr -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iDefense Security Advisory 11.10.09: Microsoft Excel FEATHEADER Record Memory Corruption Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDefense Security Advisory 11.10.09 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 10, 2009 I. BACKGROUND Excel is the spreadsheet application included with Microsoft Corp.'s Office productivity software suite. More information is available at the following website: http://office.microsoft.com/excel/ II. DESCRIPTION Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a FEATHEADER record within an Excel file. This record is used to store information common to multiple other records, and was introduced with Excel 2002 (XP). When certain fields of this record are set to a trigger value, it is possible to corrupt memory in such a way that the next 4 bytes in the record are treated as an object pointer. This pointer is then used to make a virtual function call, which results in the execution of arbitrary code. III. ANALYSIS Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user opening the file. To exploit this vulnerability, an attacker needs to convince a user to open a malicious file. Labs testing has demonstrated this vulnerability is highly exploitable. However, on systems where they are present, anti-exploitation technologies like DEP and ASLR make the vulnerability extremely difficult to exploit in a reliable way. IV. DETECTION iDefense has confirmed the existence of this vulnerability in Excel versions 2007, 2003, and XP. The record that causes the vulnerability is not supported by Excel 2000, so it is not affected by this vulnerability. V. WORKAROUND The vulnerability occurs in the core parsing code of Excel, and this code can not be disabled. However, it is possible to disable the opening of the older binary format files, and use MOICE to convert the file to the newer XML based format. These two methods are linked to in the Sources section. VI. VENDOR RESPONSE Microsoft Corp. has released a patch which addresses this issue. Information about downloadable vendor updates can be found by clicking on the URLs shown. http://www.microsoft.com/technet/security/bulletin/MS09-067.mspx VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2009-3129 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 04/30/2009 - Initial Contact 04/30/2009 - Initial Vendor Response 11/10/2009 - Coordinated Public Disclosure IX. CREDIT This vulnerability was discovered by Sean Larsson, iDefense Labs. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2009 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerserv...@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFK+dSZbjs6HoxIfBkRAnZaAKDgpjNlHlka6V3yAA1yPPnC1+7NxgCeNAya d+qxzvPFO8GQNsaeEX/7T/Y= =lrou -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Spying on Americans: Obama Endorses Bush Era Warrantless Wiretapping
In a Court filing late Friday night, the Obama Administration attempted to dress up in new clothes its embrace of one of the worst Bush Administration positions--that courts cannot be allowed to review the National Security Agency's massive, well-documented program of warrantless surveillance. In doing so it demonstrated that it will not willingly set limits on its own power and reinforced the need for Congress to step in and reform the so-called 'state secrets' privilege. (Kevin Bankston, As Congress Considers State Secrets Reform, Obama Admin Tries to Shut Down Yet Another Warrantless Wiretapping Lawsuit, Electronic Frontier Foundation, November 2, 2009) http://www.globalresearch.ca/index.php?context=viewArticlecode=BUR20091106articleId=15941 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Why the FBI, JTTF (Joint Terrorism Task Force) and DOJ policies are destined to backfire
Berlin Wall: Why we aren't the Stasi intelligence friendly country the FBI thinks, and why they are doomed to falter. The folly of making FBI into a domestic intelligence agency has fatal flaws: - Belief that adding more hay makes the needle easier to find These guys have shitloads of information bought from the private sector that they keep top secret. - Harassing innocent people The datamining that finds people staying 2 months at a motel is more likely a poor schmuck down on his life with domestic problems, as opposed to a terrorist. - Makes terrorists smarter Terrorists will adapt and learn to blend in better - Excessive secrecy The secrecy of this makes it difficult to manage performance. Without appropriate congressional, judicial and public oversight we can't see the efficiencies *or* inefficiencies of the system. Instead we say the DOJ cherrypick lone wolfs and black, schizophrenic felons who delude themselves into being prophets. Further, how do you really tell if someone is a terrorist to check if they're a security risk without ruining their lives. What are your friends worth when FBI/JTTF go to them and tell them to inform on you. When they wear a wire on you. When they try to introduce you to muslims. Ask about your political beliefs. Take control of your friends AOL account to record conversations. I thought I was developer schizophrenia... Until I found out, guess what, my friends were told by them to inform on me. (I have no criminal record) Even innocent people can tell what a bunch of stinky egotistical shadowbastards at the JTTF play this game. Here I stand before you, with no criminal charges. I am a harassed individual. I have been royally fucked by these assholes. I'm not a fucking criminal. I'm not a terrorist. I'm innovative. I'm smart. I'm industrious. I love life. I love America. On the other hand, they're [JTTF, FBI] are the biggest fuckups and guess what! They're the ones with no oversight or transparency. Counterterrorism in it's classic sense fought to take out real threats. But now we see what inefficiencies our current dragnet has. Fort Hood allowed an obviously disturbed person to go overboard. This isn't because they're isn't enough power in the FBI/DOJ/JTTF, it's because there is too much power, too much data, and a lack of oversight. More FBI agents, spying laws and bigger databases aren't the cure. The thought pattern of this is more of a disease. We need lean databases where data is deleted if not important, keeping a tight ship. Neat and organized. Only the essentials. Professionalism. We're treating the FBI and JTTF like fat spoiled autistic kids in a toy store so they can do whatever we want. For all we know they run child sex chambers. We can't open discovery because guess what! State secret privelege! Oh dear! My heart aches for the people who lost lives to cowardly terrorists. But the insult is how their hearts are twisted to have a political purpose to it so a certain part of the government can exert spying and control. Fix this government. Use common sense. Let our society make sense. Remove this dark, excessive cancer from the US Code. Andrew Wallace xploita...@gmail.com - Mail me here, don't accept impersonators. I will call the information cyber seucirty service police and my laywer http://www.twitter.com/n3td3v - Twitter http://n3td3v.blogspot.com - Personal Blog http://sites.google.com/site/n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] UK surveillance plan to go ahead
The Home Office says it will push ahead with plans to ask communications firms to monitor all internet use. http://news.bbc.co.uk/2/hi/uk_news/politics/8350660.stm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
