[Full-disclosure] [USN-924-1] Kerberos vulnerabilities
=== Ubuntu Security Notice USN-924-1 April 07, 2010 krb5 vulnerabilities CVE-2007-5901, CVE-2007-5902, CVE-2007-5971, CVE-2007-5972, CVE-2010-0629 === A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: krb5-kdc1.6.dfsg.3~beta1-2ubuntu1.4 libkrb531.6.dfsg.3~beta1-2ubuntu1.4 Ubuntu 8.10: krb5-kdc1.6.dfsg.4~beta1-3ubuntu0.4 Ubuntu 9.04: krb5-kdc1.6.dfsg.4~beta1-5ubuntu2.3 libkrb531.6.dfsg.4~beta1-5ubuntu2.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Sol Jerome discovered that the Kerberos kadmind service did not correctly free memory. An unauthenticated remote attacker could send specially crafted traffic to crash the kadmind process, leading to a denial of service. (CVE-2010-0629) It was discovered that Kerberos did not correctly free memory in the GSSAPI library. If a remote attacker were able to manipulate an application using GSSAPI carefully, the service could crash, leading to a denial of service. (Ubuntu 8.10 was not affected.) (CVE-2007-5901, CVE-2007-5971) It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. (Only Ubuntu 8.04 LTS was affected.) (CVE-2007-5902, CVE-2007-5972) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1-2ubuntu1.4.diff.gz Size/MD5: 1747579 857bc90fe202aacef9aa7ec1915912b0 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1-2ubuntu1.4.dsc Size/MD5: 1135 4cacf5667996472a34c29f5db3590a0a http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1.orig.tar.gz Size/MD5: 14672599 7a36c3471aa31ffd01d5a020f9d82dff Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.3~beta1-2ubuntu1.4_all.deb Size/MD5: 2121560 319ec346ce4f7acfcd3f535276b2e7e9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 140892 372ce44cc13bfcea71652553d16ab0f6 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 162164 6b37b079fa1b8fd1d512e8d5a268c6e3 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 1337522 23370d40c101659acb54bd203c263e3d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5:89344 02a61de3df97772e9a46ce5f960d392d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 497374 89e647e9beec851c340774d758f6d68c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5:88168 6f6c1a76b5fd3f579c26f5438fb04f69 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 230020 ff26ae7c13bedcd6335b36d335357f79 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5:65660 6ad8023f8ec936b19046b04c95c948bc http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 186140 af7b0135284c9bffd16a6a03b2c36703 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5:64960 abc799e9e887480fc993bdba504af466 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5:91866 cfb606d8378283313f5009faa2dec564 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5:73208 6ee86c16449e975666de4454ca001fb4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 131262 a8beec1ae2763a39f4224e6457d79a68 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 146000 ea7aad15118b9e3df627d9e41f641c25
[Full-disclosure] [USN-923-1] OpenJDK vulnerabilities
=== Ubuntu Security Notice USN-923-1 April 07, 2010 openjdk-6 vulnerabilities CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0840, CVE-2010-0845, CVE-2010-0847, CVE-2010-0848 === A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: openjdk-6-jre 6b11-2ubuntu2.2 openjdk-6-jre-lib 6b11-2ubuntu2.2 Ubuntu 8.10: openjdk-6-jre 6b12-0ubuntu6.7 openjdk-6-jre-lib 6b12-0ubuntu6.7 Ubuntu 9.04: openjdk-6-jre 6b14-1.4.1-0ubuntu13 openjdk-6-jre-lib 6b14-1.4.1-0ubuntu13 Ubuntu 9.10: openjdk-6-jre 6b16-1.6.1-3ubuntu3 openjdk-6-jre-lib 6b16-1.6.1-3ubuntu3 After a standard system upgrade you need to restart all Java applications to effect the necessary changes. Details follow: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. (CVE-2009-3555) It was discovered that Loader-constraint table, Policy/PolicyFile, Inflater/Deflater, drag/drop access, and deserialization did not correctly handle certain sensitive objects. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy. (CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0094) It was discovered that AtomicReferenceArray, System.arraycopy, InetAddress, and HashAttributeSet did not correctly handle certain situations. If a remote attacker could trigger specific error conditions, a Java application could crash, leading to a denial of service. (CVE-2010-0092, CVE-2010-0093, CVE-2010-0095, CVE-2010-0845) It was discovered that Pack200, CMM readMabCurveData, ImagingLib, and the AWT library did not correctly check buffer lengths. If a user or automated system were tricked into handling specially crafted JAR files or images, a remote attacker could crash the Java application or possibly gain user privileges (CVE-2010-0837, CVE-2010-0838, CVE-2010-0847, CVE-2010-0848). It was discovered that applets did not correctly handle certain trust chains. If a user were tricked into running a specially crafted applet, a remote attacker could possibly run untrusted code with user privileges. (CVE-2010-0840) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b11-2ubuntu2.2.diff.gz Size/MD5: 183148 c52d5567be104b1ecf671fae43a15682 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b11-2ubuntu2.2.dsc Size/MD5: 1797 3733e7dce2f951b329b777fb097b853a http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b11.orig.tar.gz Size/MD5: 51692912 a409bb4e935a22dcbd3529dc098c58de Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-doc_6b11-2ubuntu2.2_all.deb Size/MD5: 8465062 e8317e2c220626b5766ba857015f04e1 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-lib_6b11-2ubuntu2.2_all.deb Size/MD5: 4721000 0dea03e5492b2a86e1b0a78df4acb46b http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source_6b11-2ubuntu2.2_all.deb Size/MD5: 25593942 6fd45df7392ca30f33b4a282531eef12 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b11-2ubuntu2.2_amd64.deb Size/MD5: 47453206 eae77d94e79f5e4cb3c46cab6cd57c5c http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b11-2ubuntu2.2_amd64.deb Size/MD5: 2364290 2baf34a6a7a5a094d4b4438dbbc7147b http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b11-2ubuntu2.2_amd64.deb Size/MD5: 9447596 eef973ac531daaadf5ab760a265b41fe http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b11-2ubuntu2.2_amd64.deb Size/MD5: 22508466 8b15c220adb38f64ae754800396d3a19 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b11-2ubuntu2.2_amd64.deb Size/MD5: 228484 a323f8696f9a5378a3a631a95109450f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/univer
[Full-disclosure] [ MDVSA-2010:069 ] nss
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:069 http://www.mandriva.com/security/ ___ Package : nss Date: April 6, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability has been found and corrected in nss: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue (CVE-2009-3555). Additionally the NSPR package has been upgraded to 4.8.4 that brings numerous upstream fixes. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides the latest versions of NSS and NSPR libraries and for which NSS is not vulnerable to this attack. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://www.mozilla.org/security/announce/2010/mfsa2010-22.html ___ Updated Packages: Mandriva Linux 2008.0: 5808950f475b3f2469675520f8a526c9 2008.0/i586/libnspr4-4.8.4-0.1mdv2008.0.i586.rpm f09e7355e612a626c4e30baf851200e2 2008.0/i586/libnspr-devel-4.8.4-0.1mdv2008.0.i586.rpm 414e4e7e64202a7a01ce122f40fdbfa9 2008.0/i586/libnss3-3.12.6-0.1mdv2008.0.i586.rpm 37eb4d97e617dd78834801d5e3e2411e 2008.0/i586/libnss-devel-3.12.6-0.1mdv2008.0.i586.rpm 1186fe6aec619702ce3b3f76ad0a03a2 2008.0/i586/libnss-static-devel-3.12.6-0.1mdv2008.0.i586.rpm f2fc05e8cf4ef840229536a95397c02d 2008.0/i586/nss-3.12.6-0.1mdv2008.0.i586.rpm 157d696865f82a05167a98ff75d3bb05 2008.0/SRPMS/nspr-4.8.4-0.1mdv2008.0.src.rpm 3f4fb184412ba28e84334765300d48cf 2008.0/SRPMS/nss-3.12.6-0.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 8f61146ebf97dfaa93a8d8973c2c2f49 2008.0/x86_64/lib64nspr4-4.8.4-0.1mdv2008.0.x86_64.rpm 6375eb3bd5fac3fe5648e6083018f62f 2008.0/x86_64/lib64nspr-devel-4.8.4-0.1mdv2008.0.x86_64.rpm b5c368f59fae314c472d1bd40613738d 2008.0/x86_64/lib64nss3-3.12.6-0.1mdv2008.0.x86_64.rpm b947d236395ffbc0f750c32705b39ae2 2008.0/x86_64/lib64nss-devel-3.12.6-0.1mdv2008.0.x86_64.rpm c797275a9d57e4fefc2bc5942a0c1860 2008.0/x86_64/lib64nss-static-devel-3.12.6-0.1mdv2008.0.x86_64.rpm 9b5565826ca817fedc4c16866e0b432a 2008.0/x86_64/nss-3.12.6-0.1mdv2008.0.x86_64.rpm 157d696865f82a05167a98ff75d3bb05 2008.0/SRPMS/nspr-4.8.4-0.1mdv2008.0.src.rpm 3f4fb184412ba28e84334765300d48cf 2008.0/SRPMS/nss-3.12.6-0.1mdv2008.0.src.rpm Mandriva Linux 2009.0: d668c97cdd4c6f2a54364185689bc9c3 2009.0/i586/libnspr4-4.8.4-0.1mdv2009.0.i586.rpm 213e3167d01de2e3153282ec09448101 2009.0/i586/libnspr-devel-4.8.4-0.1mdv2009.0.i586.rpm 3416bcd2b299a4573a0de8920edee34f 2009.0/i586/libnss3-3.12.6-0.1mdv2009.0.i586.rpm 76324be5f2dc503848e15651c9201990 2009.0/i586/libnss-devel-3.12.6-0.1mdv2009.0.i586.rpm eb77fab010cf83b2a803c542595ef9d5 2009.0/i586/libnss-static-devel-3.12.6-0.1mdv2009.0.i586.rpm a2e0e29a6565534dd4470b8b8fe348e0 2009.0/i586/nss-3.12.6-0.1mdv2009.0.i586.rpm ef8c68c639efec98dedf89557d542730 2009.0/SRPMS/nspr-4.8.4-0.1mdv2009.0.src.rpm 7840542c10c58531c2e5007defe85b8e 2009.0/SRPMS/nss-3.12.6-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: c268178467753eb950ec3fc6c2fcf7c4 2009.0/x86_64/lib64nspr4-4.8.4-0.1mdv2009.0.x86_64.rpm 1cad4bd917e64990d862bee35b773d29 2009.0/x86_64/lib64nspr-devel-4.8.4-0.1mdv2009.0.x86_64.rpm 9dafd05dbae7859a91cb53f9f9add679 2009.0/x86_64/lib64nss3-3.12.6-0.1mdv2009.0.x86_64.rpm d624418468c98b63d058898f9dc68e1f 2009.0/x86_64/lib64nss-devel-3.12.6-0.1mdv2009.0.x86_64.rpm d9b103d310dfd8b8847694613068485d 2009.0/x86_64/lib64nss-static-devel-3.12.6-0.1mdv2009.0.x86_64.rpm 268e8d10f6184442b9a66672148f5687 2009.0/x86_64/nss-3.12.6-0.1mdv2009.0.x86_64.rpm ef8c68c639efec98dedf89557d542730 2009.0/SRPMS/nspr-4.8.4-0.1mdv2009.0.src.rpm 7840542c10c58531c2e5007defe85b8e 2009.0/SRPMS/nss-3.12.6-0.1mdv2009.0.src.rpm Mandriva Linux 2009.1: f2fc77ff32d9cc4dd3839c2644e3cad1 2009.1/i586/libnspr4-4.8.4-0.1mdv2009.1.i586.rpm e110eaa263397b81bff4873e8badf3b9 2009.1/i
[Full-disclosure] CORE-2010-0323: XSS Vulnerability in NextGEN Gallery Wordpress Plugin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
XSS Vulnerability in NextGEN Gallery Wordpress Plugin
1. *Advisory Information*
Title: XSS Vulnerability in NextGEN Gallery Wordpress Plugin
Advisory Id: CORE-2010-0323
Advisory URL:
http://www.coresecurity.com/content/nextgen-gallery-xss-vulnerability
Date published: 2010-04-06
Date of last update: 2010-03-25
Vendors contacted: Alex Rabe
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Cross site scripting [CWE-79]
Impact: Code execution
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: N/A
CVE Name: CVE-2010-1186
3. *Vulnerability Description*
An XSS[1] vulneravility has been discovered in NextGEN Gallery[2], a
very popular and commonly used plugin for the Wordpress content
management system commonly found as a blogging platform. This
vulnerability results from reflected unsanitized imput that can be
crafted into an attack by a malicious user by manipulating the 'mode'
parameter of the 'xml/media-rss.php' script.
4. *Vulnerable packages*
. NextGEN Gallery 1.5.0
. NextGEN Gallery 1.5.1
. Older versions are probably affected too, but they were not checked.
5. *Non-vulnerable packages*
. NextGEN Gallery 1.5.2
6. *Solutions and Workarounds*
On the server side, you can upgrade to a non-vulnerable version. Onthe
client you can use a browser that obeys the Content-Type header
specified by the server, such as Mozilla Firefox, Google Chrome, Apple
Safari or Opera. Internet Explorer 8 with the XSS Filter won't execute
the malicious scripts.
7. *Credits*
These vulnerabilities were discovered and researched by Alejandro
Rodriguez, from Core Security Technologies, during Core Bugweek 2009
as a member of the "Los Herederos de Don Pablo (HDP)" team.
8. *Technical Description / Proof of Concept Code*
This vulerablity is triggered because the 'mode' parameter on the
'media-rss.php' script is not correctly escaped to avoid HTML code
injection.
/-
$mode = $_GET["mode"];
- -/
This parameter is reflected back to the user if no correct 'mode' is
selected:
/-
} else {
header('content-type:text/plain;charset=utf-8');
echo sprintf(__("Invalid MediaRSS command (%s).","nggallery"), $mode);
exit;
}
- -/
Its worth to note that the 'Content-Type' is chosen safely by the
plugin, but this is note enough to avoid code injection because some
browsers (most notably Microsoft Internet Explorer) choose the content
type by parsing the content the web-server returns instead of obeying
the proper headers.
This vulnerability can be triggered on any Wordpress instalation with
the NextGEN Gallery extension installed by visiting the following URL
on a browser with this issue. If using IE 8 the XSS Filter must be
turned off.
/-
http://localhost/wordpress/wp-content/plugins/nextgen-gallery/xml/media-rss.php?mode=%3Cscript%3Ealert(1)%3C/script%3E
- -/
9. *Report Timeline*
. 2010-03-25:
Core Security Technologies notifies Alex Rabe of the vulnerability,
offering a draft for this advisory in plaintext or encrypted form (if
proper keys are sent). April 5th, 2010, is proposed as a release date.
. 2010-03-25:
Alex Rabe acknowledges Core Security Technologies's e-mail, and asks
for the advisory draft in plain text.
. 2010-03-25:
Core Security Technologies sends the advisory draft to Alex Rabe.
. 2010-03-25:
Alex Rabe acknowledges the vulneravility, confirms it for NextGEN
Gallery 1.5.0 and 1.5.1, and informs than 1.5.2 (due to be released on
March 26th) will contain a fix.
. 2010-03-26:
NextGEN Gallery 1.5.2 is released.
. 2010-04-06:
Advisory CORE-2010-0323 is published.
10. *References*
[1] http://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
[2] http://wordpress.org/extend/plugins/nextgen-gallery/
11. *About CoreLabs*
CoreLabs, the research center of Core Security Technologies, is
charged with anticipating the future needs and requirements for
information security technologies. We conduct our research in several
important areas of computer security including system vulnerabilities,
cyber attack planning and simulation, source code auditing, and
cryptography. Our results include problem formalization,
identification of vulnerabilities, novel solutions and prototypes for
new technologies. CoreLabs regularly publishes security advisories,
technical papers, project information and shared software tools for
public use at: http://www.coresecurity.com/corelabs.
12. *About Core Security Technologies*
Core Security Technologies develops strategic solutions that help
security-conscious organizations worldwide develop and maintain a
proactive process for securing their networks. The company's flagship
product, CORE IMPACT, is the most comprehensive product for performing
enterprise security assurance testing. CORE IMPACT evaluates network,
endpoint a
[Full-disclosure] ZDI-10-067: Apple QuickTime Pict BkPixPat Remote Code Execution Vulnerability
ZDI-10-067: Apple QuickTime Pict BkPixPat Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-067 April 6, 2010 -- CVE ID: CVE-2010-0529 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9568. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the primary QuickTime.qts library when parsing the BkPixPat opcode (0x12) within a PICT file. The application will use 2 fields within the file in a multiply which is then passed as an argument to an allocation. As both operands in the multiply are user-controllable, specific values can cause an under allocation which will later result in a heap overflow. Successful exploitation can lead to code execution under the context of the current user. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4104 -- Disclosure Timeline: 2009-11-06 - Vulnerability reported to vendor 2010-04-06 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Damian Put -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CA20100406-01: Security Notice for CA XOsoft
-BEGIN PGP SIGNED MESSAGE- CA20100406-01: Security Notice for CA XOsoft Issued: April 6, 2010 CA's support is alerting customers to multiple security risks with CA XOsoft products. Multiple vulnerabilities exist that can allow a remote attacker to gain sensitive information, cause a denial of service, or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability, CVE-2010-1221, occurs due to a lack of authentication. An attacker can make a SOAP request to enumerate user names. This vulnerability has a low risk rating and affects r12.0 and r12.5 XOsoft products. The second vulnerability, CVE-2010-1222, occurs due to a lack of authentication. An attacker can make a SOAP request to gain potentially sensitive information. This vulnerability has a low risk rating and affects only r12.5 XOsoft products. The third set of vulnerabilities, CVE-2010-1223, occurs due to insufficient bounds checking. An attacker can make a request that can cause a buffer overflow which may result in a crash or possibly code execution. These vulnerabilities have a high risk rating and affect r12.0 and r12.5 XOsoft products. Risk Rating High Platform Windows Affected Products CA XOsoft Replication r12.5 CA XOsoft High Availability r12.5 CA XOsoft Content Distribution r12.5 CA XOsoft Replication r12.0 CA XOsoft High Availability r12.0 CA XOsoft Content Distribution r12.0 Non-Affected Products CA XOsoft Replication r4 CA XOsoft High Availability r4 CA XOsoft Content Distribution r4 How to determine if the installation is affected 1. Using Windows Explorer, locate the files "mng_core_com.dll". By default, the file is located in the "C:\Program Files\CA\XOsoft\Manager" directory. 2. Right click on the file and select Properties. 3. Select the Version tab. 4. If the file version is previous than indicated in the below table, the installation is vulnerable. Product File Name File Version XOsoft 12.5 products mng_core_com.dll 12.5.2.563 XOsoft 12.0 products mng_core_com.dll 5.0.5.128 Solution CA issued the following patches to address the vulnerabilities. CA XOsoft Replication r12.5, CA XOsoft High Availability r12.5, CA XOsoft Content Distribution r12.5: RO15016 CA XOsoft Replication r12.0, CA XOsoft High Availability r12.0, CA XOsoft Content Distribution r12.0: RO16643 References CVE-2010-1221 - username enumeration CVE-2010-1222 - information disclosure CVE-2010-1223 - buffer overflows CA20100406-01: Security Notice for CA XOsoft (line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=23 2869 Acknowledgement CVE-2010-1221, CVE-2010-1222, CVE-2010-1223 - Andrea Micalizzi aka rgod reported through the TippingPoint ZDI program Change History Version 1.0: Initial Release If additional information is required, please contact CA Support at http://support.ca.com/ If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. (line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Kevin Kotas CA Product Vulnerability Response Team -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQEVAwUBS7txcJI1FvIeMomJAQEvnQf/ZQ+LZTLLRETjr06imXzcuT1KtlsvpLQj s+h0HfJO36QYYHWpBENRIJliSQJqQSRY1Jzh0Zy2Ilxu4j5/sJsZS7QhCw+JXiP5 FHY+Hg6xkSazYkS2/9RAZWj47CYK/xg+PRhLcK6+WNwhvNDBj/sHCi+Ub8U9f+h3 K5qV9Lr4PrDJt5VZog41mqCSmRBvRmtKtEWm4nBp4ebE0drzzoscANBxTs60kExi l8cMGoQR8OpHfHDTk70iRxN8+JDHNEI4qObgK1tgugq7TLrflk2Ts1pUKnxopXP2 L6TY+2ofP4L2dCxWDcb1FtYYNM34iHMnNXQa+tmSmyPqT9FIcu15CA== =CUG9 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-066: CA XOsoft Control Service entry_point.aspx Remote Code Execution Vulnerability
ZDI-10-066: CA XOsoft Control Service entry_point.aspx Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-066 April 6, 2010 -- CVE ID: CVE-2010-1223 -- Affected Vendors: Computer Associates -- Affected Products: Computer Associates XOsoft High Availability Computer Associates XOsoft Replication -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9493. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates XOsoft Control Replication and High Availability Control Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /entry_point.aspx service and occurs due to an unbounded string copy utilizing a string controlled by the user as the source into a fixed length buffer located on the stack. Successful exploitation can lead to code execution under the context of the service. -- Vendor Response: Computer Associates has issued an update to correct this vulnerability. More details can be found at: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869 -- Disclosure Timeline: 2009-12-16 - Vulnerability reported to vendor 2010-04-06 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Andrea Micalizzi aka rgod * AbdulAziz Hariri -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-065: CA XOsoft xosoapapi.asmx Multiple Remote Code Execution Vulnerabilities
ZDI-10-065: CA XOsoft xosoapapi.asmx Multiple Remote Code Execution Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-10-065 April 6, 2010 -- CVE ID: CVE-2010-1223 -- Affected Vendors: Computer Associates -- Affected Products: Computer Associates XOsoft High Availability Computer Associates XOsoft Replication -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9504,9507. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates XOsoft Control Replication and High Availability Control Service. Authentication is not required to exploit this vulnerability. The specific flaws exist within the /ws_man/xosoapapi.asmx SOAP endpoint and occur when submitting malformed requests to the server. Successful exploitation can lead to code execution under the context of the service. -- Vendor Response: Computer Associates has issued an update to correct this vulnerability. More details can be found at: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869 -- Disclosure Timeline: 2009-12-16 - Vulnerability reported to vendor 2010-04-06 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Andrea Micalizzi aka rgod -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] - Jzip (.zip) Unicode bof Vulnerability
|--| | __ __ | | _ / /___ _ / / _ ___ | | / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ | | / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / | | \___/\/_/ \___/_/\__,_/_/ /_/ \__/\___/\__,_/_/ /_/ /_/ | | | | http://www.corelan.be:8800 | | secur...@corelan.be | | | |-[ EIP Hunters ]--| Advisory : CORELAN-10-021 Disclosure date : 6th Apr 2010 0x00 : Vulnerability information ——– [*] Product : Jzip [*] Version : 1.3 [*] Vendor : http://www.jzip.com/ [*] URL : http://download.jzip.com/jZipV1.exe [*] Type of vulnerability : Local Stack Overflow [*] Risk rating : Low [*] Issue fixed in version : none [*] Vulnerability discovered by : mr_me [*] Greetings to : The Corelan Security Team (http://www.corelan.be:8800/index.php/security/corelan-team-members/) 0x01 : Vendor description of software - >From the vendor website: - Create, open and extract Zip, TAR, GZip and 7-Zip. Open and extract from RAR and ISO. - jZip is absolutely FREE for everybody, home and enterprise users - jZip is an easy to use and fast archiving software - jZip is based on proven 7-Zip technology by Igor Pavlov 0x02 : Vulnerability details —- Local Stack Overflow: When the application receives a malicious .zip file it can cause a buffer overflow in the 'filename' buffer of the application, resulting in a denial of service. Code execution may still be possible. 0x03 : Vendor communication — [*] 27th Mar, 2010 : Vendor contacted [*] 3rd Apr, 2010 : Vendor reminded of vulnerability [*] 6th Apr, 2010 : No contact [*] 6th Apr, 2010 : Public Disclosure 0x04 : Exploit/PoC —— http://net-ninja.net/blog/media/blogs/b/exploits/jzip.php.txt _ New, Used, Demo, Dealer or Private? Find it at CarPoint.com.au http://clk.atdmt.com/NMN/go/206222968/direct/01/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Hack.lu 2010 CfP
Call for Papers Hack.lu 2010 The purpose of the hack.lu convention is to give an open and free playground where people can discuss the implication of new technologies in society. hack.lu is a balanced mix convention where technical and non-technical people can meet each others and share freely all kind of information. The convention will be held in the Grand-Duchy of Luxembourg in October 2010 (27-29.10.2010). The most significant new discoveries about computer network attacks and defenses, commercial security solutions, and pragmatic real world security experience will be presented in a three days series of informative tutorials. We would like to announce the opportunity to submit papers, and/or lightning talk proposals for selection by the hack.lu technical review committee. This year we will be doing workshops on the first day and talks of 1 hour or 30 minutes in the main track the two following days. Scope == Topics of interest include, but are not limited to : * Software Engineering and Security * Honeypots/Honeynets * Spyware, Phishing and Botnets (Distributed attacks) * Newly discovered vulnerabilities in software and hardware * Electronic/Digital Privacy * Wireless Network and Security * Attacks on Information Systems and/or Digital Information Storage * Electronic Voting * Free Software and Security * Assessment of Computer, Electronic Devices and Information Systems * Standards for Information Security * Legal and Social Aspect of Information Security * Software Engineering and Security * Security in Information Retrieval * Network Security * Forensics and Anti-Forensics * Mobile Communications Security and Vulnerabilities Deadlines = The following dates are important if you want to participate in the CfP Abstract submission : no later than 1st June 2010 Full paper submission : no later than 15th July 2010 Notification date : mid of August Submission guideline Authors should submit a paper in English up to 5.000 words, using a non-proprietary and open electronic format. The program committee will review all papers and the author of each paper will be notified of the result, by electronic means. Abstract is up to 400 words. Submissions must be sent to http://2010.hack.lu/cfp/ Submissions should also include the following: 1. Presenter, and geographical location (country of origin/passport) and contact info. 2. Employer and/or affiliations. 3. Brief biography, list of publications or papers. 4. Any significant presentation and/or educational experience/background. 5. Reason why this material is innovative or significant or an important tutorial. 6. Optionally, any samples of prepared material or outlines ready. 7. Information about if yes or no the submission has already been presented and where. Presentations/topics that haven't been presented before will be rewarded. The information will be used only for the sole purpose of the hack.lu convention including the information on the public website. If you want to remain anonymous, you have the right to use a nickname. If the paper is not accepted in the main track, it could be accepted in short or lightning talk session but in this case the speakers' privileges are not applicable. Speakers' Privileges * Accommodation will be provided (3 nights) * Travel expenses will be covered up to a max amount * Conference speakers night Publication and rights == Authors keep the full rights on their publication/papers but give an unrestricted right to redistribute their papers for the hack.lu convention and its related electronic/paper publication. Sponsoring == If you want to support the initiative and gain visibility by sponsoring, please contact us by writing an e-mail to info(AT)hack.lu Web site and wiki = http://www.hack.lu/ CfP website : http://2010.hack.lu/cfp/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Vulnerabilities in TAK cms
Hello Full-Disclosure! I want to warn you about security vulnerabilities in TAK cms. It's Ukrainian commercial CMS. - Advisory: Vulnerabilities in TAK cms - URL: http://websecurity.com.ua/4050/ - Timeline: 04.02.2009 - found vulnerabilities. 30.09.2009 - informed owners of web sites where I found these vulnerabilities. Taking into account, that I didn't find any contact data of developer of TAK cms, then I hope, that owners of that site informed him about these vulnerabilities. This is one of those cases with commercial CMS, where developers didn't leave any contact data and there is no information about them in Internet. 19.03.2010 - disclosed at my site. - Details: These are Insufficient Anti-automation and Brute Force vulnerabilities. Insufficient Anti-automation: http://site/about/contacts/ http://site/register/getpassword/ At these pages there is not protection from automated requests (captcha). Brute Force: http://site/auth/ http://site/admin/ In login forms there is no protection from Brute Force attacks. Vulnerable are all versions of TAK cms. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2029-1] New imlib2 packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2029-1secur...@debian.org http://www.debian.org/security/ Nico Golde April 5th, 2010 http://www.debian.org/security/faq - -- Package: imlib2 Vulnerability : several Problem type : local Debian-specific: no Debian bug : 576469 CVE ID : CVE-2008-6079 It was discovered that imlib2, a library to load and process several image formats, did not properly process various image file types. Several heap and stack based buffer overflows - partly due to integer overflows - in the ARGB, BMP, JPEG, LBM, PNM, TGA and XPM loaders can lead to the execution of arbitrary code via crafted image files. For the stable distribution (lenny), this problem has been fixed in version 1.4.0-1.2+lenny1. For the testing distribution (squeeze), this problem has been fixed in version 1.4.2-1. For the unstable distribution (sid), this problem has been fixed in version 1.4.2-1. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Debian (stable) - --- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.4.0-1.2+lenny1.dsc Size/MD5 checksum: 1152 b7cae77599a1ea2301395e18937d7788 http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.4.0.orig.tar.gz Size/MD5 checksum: 845017 1f7f497798e06085767d645b0673562a http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.4.0-1.2+lenny1.diff.gz Size/MD5 checksum:58816 01418de90dce3c411ff6794b5d9e06cd alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.4.0-1.2+lenny1_alpha.deb Size/MD5 checksum: 238740 5d728b77bdaf3ad6c9b7ec58d6e0348f http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.4.0-1.2+lenny1_alpha.deb Size/MD5 checksum: 430388 688de8efff4ab7f8612e46ab68febd5e amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.4.0-1.2+lenny1_amd64.deb Size/MD5 checksum: 374282 62e14bee1f8870b98bf76c04e3e7145f http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.4.0-1.2+lenny1_amd64.deb Size/MD5 checksum: 220686 9d34ec5aa25ea6b531923d3db2553a4c arm architecture (ARM) http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.4.0-1.2+lenny1_arm.deb Size/MD5 checksum: 340058 1e256f1b506e43e0c2d296fa6ea138ec http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.4.0-1.2+lenny1_arm.deb Size/MD5 checksum: 206844 ce0402a348fb8dba20940c71ddde04f2 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.4.0-1.2+lenny1_armel.deb Size/MD5 checksum: 342736 a9411677d132fbb85d89e0fae6edb22f http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.4.0-1.2+lenny1_armel.deb Size/MD5 checksum: 215890 c80a62ed059ffd37d759e9192a22f220 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.4.0-1.2+lenny1_hppa.deb Size/MD5 checksum: 389348 7800351accb00c01d81b7bf5a99b88d7 http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.4.0-1.2+lenny1_hppa.deb Size/MD5 checksum: 227236 5b4a108161ef87f6907d35895bba46b9 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.4.0-1.2+lenny1_i386.deb Size/MD5 checksum: 208152 ae8a6d6ac41ea4969133270f73dae53f http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.4.0-1.2+lenny1_i386.deb Size/MD5 checksum: 334920 1fa233439d1346ff20e637648d9e878d ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.4.0-1.2+lenny1_ia64.deb Size/MD5 checksum: 461632 27e0586a22c9232dc7d878bc242b391b http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.4.0-1.2+lenny1_ia64.deb Size/MD5 checksum: 298746 133afe4b754ba5c17142e06afdfff6a1 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.4.0-1.2+lenny1_mipsel.deb Size/MD5 checksum: 372840 0acfa48bcf0
[Full-disclosure] [SECURITY] [DSA 2028-1] New xpdf packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2028-1secur...@debian.org http://www.debian.org/security/ Luciano Bello April 5th, 2010 http://www.debian.org/security/faq - -- Package: xpdf Vulnerability : multiple Problem type : local (remote) Debian-specific: no Debian bug : 551287 CVE ID : CVE-2009-1188 CVE-2009-3603 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608 CVE-2009-3609 Several vulnerabilities have been identified in xpdf, a suite of tools for viewing and converting Portable Document Format (PDF) files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1188 and CVE-2009-3603 Integer overflow in SplashBitmap::SplashBitmap which might allow remote attackers to execute arbitrary code or an application crash via a crafted PDF document. CVE-2009-3604 NULL pointer dereference or heap-based buffer overflow in Splash::drawImage which might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. CVE-2009-3606 Integer overflow in the PSOutputDev::doImageL1Sep which might allow remote attackers to execute arbitrary code via a crafted PDF document. CVE-2009-3608 Integer overflow in the ObjectStream::ObjectStream which might allow remote attackers to execute arbitrary code via a crafted PDF document. CVE-2009-3609 Integer overflow in the ImageStream::ImageStream which might allow remote attackers to cause a denial of service via a crafted PDF document. For the stable distribution (lenny), this problem has been fixed in version 3.02-1.4+lenny2. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 3.02-2. Upgrade instructions - - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Debian (stable) - --- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02.orig.tar.gz Size/MD5 checksum: 674912 599dc4cc65a07ee868cf92a667a913d2 http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny2.diff.gz Size/MD5 checksum:44597 d25be5fd97c9d9171db95025b7c32c5a http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny2.dsc Size/MD5 checksum: 1274 6cffe3ed50825b5a2746b71c4bd073ac Architecture independent packages: http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny2_all.deb Size/MD5 checksum: 1270 6a4da9738ca93522b57cafadb598ca65 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.02-1.4+lenny2_all.deb Size/MD5 checksum:66414 24f28ede9dcaeeb2b7aa24b9603496be alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny2_alpha.deb Size/MD5 checksum: 1019484 8d91cca64026c90667b2d29a94190892 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny2_alpha.deb Size/MD5 checksum: 1895246 cf7dc335f3e5987577ad3559a44f0666 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny2_amd64.deb Size/MD5 checksum: 922594 1ce29c4e15fe4600f557e8d055f5b203 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny2_amd64.deb Size/MD5 checksum: 1709600 989f4f4a09b07c4d08d4b69456e6e8bd arm architecture (ARM) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny2_arm.deb Size/MD5 checksum: 907674 b058407dae72e49939662466b3e3d139 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny2_arm.deb Size/MD5 checksum: 1667592 ebd3ae168496645940066041e51c0e32 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny2_armel.deb Size/MD5 checksum: 1603124 4f79ec52afae68ee081ee2073180878e http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny2_armel.deb Size/MD5 checksum: 886136 38594fe36b0a657a3d91ba2ec7fd74ac hppa architecture (HP PA R
Re: [Full-disclosure] Weev's Mugshot
Try squinting and turning your head at a 780o angle parallel with the moon. On Tue, Apr 6, 2010 at 8:37 AM, BMF wrote: > On Mon, Apr 5, 2010 at 8:36 PM, Scarf Pride Worldwide > wrote: > > Allegedly he "obstructed justice" by giving a false name.. most likely > > didn't put money in the parking meter at the synagogue > > He doesn't look very Jewish to me. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Weev's Mugshot
On Mon, Apr 5, 2010 at 8:36 PM, Scarf Pride Worldwide wrote: > Allegedly he "obstructed justice" by giving a false name.. most likely > didn't put money in the parking meter at the synagogue He doesn't look very Jewish to me. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
