[Full-disclosure] [SECURITY] [DSA 2406-1] icedove security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2406-1 secur...@debian.org http://www.debian.org/security/Florian Weimer February 09, 2012 http://www.debian.org/security/faq - - Package: icedove Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 Several vulnerabilities have been discovered in Icedove, Debian's variant of the Mozilla Thunderbird code base. CVE-2011-3670 Icedove does not not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. CVE-2012-0442 Memory corruption bugs could cause Icedove to crash or possibly execute arbitrary code. CVE-2012-0444 Icedove does not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. CVE-2012-0449 Icedove allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document For the stable distribution (squeeze), this problem has been fixed in version 3.0.11-1+squeeze7. We recommend that you upgrade your icedove packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJPM7PyAAoJEL97/wQC1SS+46QH/0NkqnkfapTtEUKV71mvSufA KSjeYaZqowMJtM1JQcuGdcGQifTeOoXqfm9lBCyXOpoxgGS5ltqOTYkbYRT+2XNr +sw6SbMA+X5N3+gHIpeuZtDgEqT3hZWlyxoB83LarvVoQfxU+43jfjeR3d4GPNQe kL0H40v3mt7WneVOdrk+N1LUlqO/EY1KK7lStXhyjSGShTQqOTrWzUXcogKBDcY9 DFT9bR3jKKjPXYKHr1kc4/mEUSGsJ9XHxm0nEAGiXEV6Np+6owB54ANb4BoLV3ON ZXpYglfqw44ikYi+wDGaPsq91ofmIwb7eqiAadQPBMZTmjUM3BMLKLvumrp1CBY= =KEq1 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2407-1] cvs security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2407-1 secur...@debian.org http://www.debian.org/security/Florian Weimer February 09, 2012 http://www.debian.org/security/faq - - Package: cvs Vulnerability : heap overflow Problem type : remote Debian-specific: no CVE ID : CVE-2012-0804 It was discovered that a malicious CVS server could cause a heap overflow in the CVS client, potentially allowing the server to execute arbitrary code on the client. For the stable distribution (squeeze), this problem has been fixed in version 1:1.12.13-12+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 2:1.12.13+real-7. We recommend that you upgrade your cvs packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJPM8aCAAoJEL97/wQC1SS+sTkH/0CT3+vm2K0QcK8KUEJcY7ML a9Wt/rChtSDnWWAcUJqnzizR0HJbjKdOzlX6RqVOfR3JwFfMPMo0j3RA8tqEb+Mn l/Z9pdI/fJAB0qSrlb1yeWQaL1k/GQo1bcIbRsAEbAeETDTzbNRVuEm0O1Arf6ij IwIa9B54Gbfuw4eEvzCJeaokyp/yMS4TEoxuPC/GYQkQTwEOeEhbh9PLz9p+W5k8 wTNhYzvIGNaUFqg0NKUm4ffbWyQ2f/Yt2F09UgSg5PNKraF2AhhURouwKCXLzXa8 GFiAXkJqoJIrc30YjGNhzTNoWrWkFSyAlRjXnMdfZ8FfTHbJj/78FJ1bk4UTm1c= =nPqk -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Drupal Finder Module Multiple Vulnerabilities
Vulnerability Report
Description of Vulnerability:
-
Drupal (http://drupal.org) is a robust content management system (CMS)
written in PHP and MySQL. The Drupal Finder module
(https://drupal.org/project/finder) allows Drupal site administrators
to create flexible faceted search forms to find entities such as nodes
or users based on the values of fields and database attributes. The
Finder module contains multiple vulnerabilities including persistent
cross site scripting (XSS) and an arbitrary code execution
vulnerability.
Systems affected:
-
Drupal 6.22 with Finder 6.x-1.9 was tested and shown to be vulnerable
Impact
-
Users can execute code with the permissions of the web server. Malicious
users could inject arbitrary HTML into search results that could display
to all users.
Mitigating factors:
-
In order to execute arbitrary code execution malicious users must have
the ability to import finders. In order to execute arbitrary script
injection malicious users must have the ability to create content.
Proof of Concept Exploit (Code Execution):
--
1. Install and enable the Finder modules
2. Enter '$a = phpinfo()' in the form at ?q=admin/build/finder/import
3. Submit the form to view the executed code
Proof of Concept Exploit (XSS):
--
1. Install and enable the Finder modules
2. At ?q=node/add/story create a new node with the title
scriptalert('xss');/script and save it
3. Create a new Node finder using the drop down at the bottom of the
page ?q=admin/build/finder
4. Check 'Provide block' and select Autocomplete textfield from the
'Add element' drop down
5. Save the new finder using the button at the bottom of the form
6. In the resulting configuration scree
(?q=admin/build/finder/X/edit/2/edit/ where X is the Finder ID) select
Node:Title from the 'Find items by this field:' select list and click
'Save finder element'
7. Enable the new Finder block at ?q=admin/build/block
8. Type 'xss' into the Finder block to view the rendered JavaScript
Vendor Response:
-
Upgrade to the latest version of Finder. SA-CONTRIB-2012-017
(https://drupal.org/node/1432970)
Text of this advisory also available at
http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities
--
Justin Klein Keane
http://www.MadIrish.net
signature.asc
Description: This is a digitally signed message part
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2012:015 ] wireshark
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:015 http://www.mandriva.com/security/ ___ Package : wireshark Date: February 9, 2012 Affected: 2011. ___ Problem Description: Multiple file parser and NULL pointer vulnerabilities including a RLC dissector buffer overflow was found and corrected in Wireshark. This advisory provides the latest version of Wireshark (1.6.5 ) which is not vulnerable to these issues. ___ References: http://www.wireshark.org/security/wnpa-sec-2012-01.html http://www.wireshark.org/security/wnpa-sec-2012-02.html http://www.wireshark.org/security/wnpa-sec-2012-03.html ___ Updated Packages: Mandriva Linux 2011: 928f521ace4a9057612993e648d258bd 2011/i586/dumpcap-1.6.5-0.1-mdv2011.0.i586.rpm 5050ae3283980435098e8b49adad47be 2011/i586/libwireshark1-1.6.5-0.1-mdv2011.0.i586.rpm ba897182d44dba67f80ee7090d9f8d12 2011/i586/libwireshark-devel-1.6.5-0.1-mdv2011.0.i586.rpm 6275cc3611c5587c5dbf46cb34a6fa17 2011/i586/rawshark-1.6.5-0.1-mdv2011.0.i586.rpm 389cac9860619287201c8ac6527cacb6 2011/i586/tshark-1.6.5-0.1-mdv2011.0.i586.rpm f19e04986353d7baa5cc19ebd96f2cc3 2011/i586/wireshark-1.6.5-0.1-mdv2011.0.i586.rpm 2d504b85fac7e81c954e2014c8bf6f47 2011/i586/wireshark-tools-1.6.5-0.1-mdv2011.0.i586.rpm 614335cad461abe9b6a22cd39d4e08a2 2011/SRPMS/wireshark-1.6.5-0.1.src.rpm Mandriva Linux 2011/X86_64: 2b08fbbbd05b606f24e718bdf63c40bb 2011/x86_64/dumpcap-1.6.5-0.1-mdv2011.0.x86_64.rpm 8a6ded3e508fdc70409afc73fd01fa0a 2011/x86_64/lib64wireshark1-1.6.5-0.1-mdv2011.0.x86_64.rpm 700de695c75daffa202e03e07e76bb98 2011/x86_64/lib64wireshark-devel-1.6.5-0.1-mdv2011.0.x86_64.rpm d0bc1a32027baddeebbb2b5bf50cf955 2011/x86_64/rawshark-1.6.5-0.1-mdv2011.0.x86_64.rpm b50919e405dbb3d6a0a1a24be68c2e2f 2011/x86_64/tshark-1.6.5-0.1-mdv2011.0.x86_64.rpm 2e0394ddaf1fbc71dd70166cc0e83938 2011/x86_64/wireshark-1.6.5-0.1-mdv2011.0.x86_64.rpm 90ab7081f9966a9277b32a0a9edd22e0 2011/x86_64/wireshark-tools-1.6.5-0.1-mdv2011.0.x86_64.rpm 614335cad461abe9b6a22cd39d4e08a2 2011/SRPMS/wireshark-1.6.5-0.1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPM6YZmqjQ0CJFipgRAoqPAKDeBMgn8+6zGZvgHDfUOFQRYnbDSQCdHhaA 5IL+RS/TUC3GPqZhEuks4KU= =Oxsu -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Creating backdoors using SQL Injection
An InfoSec Institute Review on Creating backdoors using SQL Injection: http://resources.infosecinstitute.com/backdoor-sql-injection/ A novel technique that highlights the risk of not chrooting your SQL servers. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] List Charter
[Full-Disclosure] Mailing List Charter John Cartwright jo...@grok.org.uk - Introduction Purpose - This document serves as a charter for the [Full-Disclosure] mailing list hosted at lists.grok.org.uk. The list was created on 9th July 2002 by Len Rose, and is primarily concerned with security issues and their discussion. The list is administered by John Cartwright. The Full-Disclosure list is hosted and sponsored by Secunia. - Subscription Information - Subscription/unsubscription may be performed via the HTTP interface located at http://lists.grok.org.uk/mailman/listinfo/full-disclosure. Alternatively, commands may be emailed to full-disclosure-requ...@lists.grok.org.uk, send the word 'help' in either the message subject or body for details. - Moderation Management - The [Full-Disclosure] list is unmoderated. Typically posting will be restricted to members only, however the administrators may choose to accept submissions from non-members based on individual merit and relevance. It is expected that the list will be largely self-policing, however in special circumstances (eg spamming, misappropriation) then offending members may be removed from the list by the management. An archive of postings is available at http://lists.grok.org.uk/pipermail/full-disclosure/. - Acceptable Content - Any information pertaining to vulnerabilities is acceptable, for instance announcement and discussion thereof, exploit techniques and code, related tools and papers, and other useful information. Gratuitous advertisement, product placement, or self-promotion is forbidden. Disagreements, flames, arguments, and off-topic discussion should be taken off-list wherever possible. Humour is acceptable in moderation, providing it is inoffensive. Politics should be avoided at all costs. Members are reminded that due to the open nature of the list, they should use discretion in executing any tools or code distributed via this list. - Posting Guidelines - The primary language of this list is English. Members are expected to maintain a reasonable standard of netiquette when posting to the list. Quoting should not exceed that which is necessary to convey context, this is especially relevant to members subscribed to the digested version of the list. The use of HTML is discouraged, but not forbidden. Signatures will preferably be short and to the point, and those containing 'disclaimers' should be avoided where possible. Attachments may be included if relevant or necessary (e.g. PGP or S/MIME signatures, proof-of-concept code, etc) but must not be active (in the case of a worm, for example) or malicious to the recipient. Vacation messages should be carefully configured to avoid replying to list postings. Offenders will be excluded from the mailing list until the problem is corrected. Members may post to the list by emailing full-disclosure@lists.grok.org.uk. Do not send subscription/ unsubscription mails to this address, use the -request address mentioned above. - Charter Additions/Changes - The list charter will be published at http://lists.grok.org.uk/full-disclosure-charter.html. In addition, the charter will be posted monthly to the list by the management. Alterations will be made after consultation with list members and a consensus has been reached. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] What's up with the ImmunityInc forums?
Hey, anyone know why it's taking so long for the ImmunityInc forums to come back up? It's been weeks, man. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla
On Wed, Feb 8, 2012 at 9:12 PM, . . kerdezd...@gmail.com wrote: https://bugzilla.mozilla.org/show_bug.cgi?id=718066 what the hell is this?! I'll bite ... (I know your question was rhetorical) It's a very bad idea IMO. From TFA: (https://wiki.mozilla.org/MetricsDataPing) Mozilla has a critical need to be able to understand the factors that cause installations of Firefox to no longer be used. The system must have some way to detect an abandoned installation. Their proposed solution seems to be (from the bug and wiki) to include code in Firefox to submit a lot of information to mozilla.org, on a regular basis, about the individual FF installation ... date installed, list of add-ons installed, with date each add-on installed, date FF last used, OS type, FF version, whether up to date when last used, etc. Far too much information for comfort - sufficient to _enable_ fingerprinting and tracking of individual FF installation use (e.g. is this browser installation using Tor the same as that other browser not using Tor ?), even if that is not the _intention_. Contravention of EU data protection laws seems probable, or at least German laws. OT: They should just make FF quality high and the design impeccable - that's all they need do to win our hearts and minds (many other FLOSS projects exist to attest to that). The engineers know what's needed, and the users have spoken out endlessly on the forums - metrics are for managers. Sigh. Nick -- public void Ballmer(Developers developers) throws Chair ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
