Advisory: Google Chrome Window Object Suppressing Remote Denial of Service.

Google Chrome Window Object Suppressing Remote Denial of Service. *Version Affected:* Chrome/0.2.149.30 Chrome/0.2.149.29 Chrome/0.2.149.27 *Severity:* High *Description:* The Google chrome browser is vulnerable to window object based denial of service attack. The Google Chrome fails to sanitiz

Re: Sun M-class hardware denial of service

> > > How absolutely bizzare. Basically you spend half a million dollars on > > > Sun hardware, and it isn't required to do this better than VMWare? > > > > I think you've got it exactly backwards: you don't let non-trusted > > people run code on these machines because they are so expensive. > >

Re: Sun M-class hardware denial of service

On Sun, Sep 28, 2008 at 08:53:10PM -0600, Theo de Raadt wrote: > > Oh you can avoid the problem by using only the vendor recommended > configurations! > Yes. > Or so you think. A Solaris kernel module could trigger exactly the > same bug. > Uh duh. You need to read a bit closer - you realis

Re: Sun M-class hardware denial of service

On Sun, Sep 28, 2008 at 08:36:17PM -0600, Theo de Raadt wrote: > > Oh I get it. > No you don't. > You can use a "trust relationship with your > administrators" to get around the fact that Sun sold a piece of > hardware which does not provide the isolation they promised in their > white papers a

Re: Sun M-class hardware denial of service

On Sun, Sep 28, 2008 at 08:14:35PM -0600, Theo de Raadt wrote: > > OpenBSD of course cannot run in a Solaris zone. > Right. Glad that is clear. > OpenBSD can run in a hardware zone, and when something it does (which > we don't know yet) locks up that hardware zone, the only way to get > the ha

Re: Sun M-class hardware denial of service

On Sun, Sep 28, 2008 at 07:53:11PM -0600, Theo de Raadt wrote: > > Apparently you just plain can't understand simple english. > and apparently you cannot read the whole message - I said "too bad if OpenBSD cannot do this"... > If you put someone running OpenBSD into a zone, and that zone locks

Re: Sun M-class hardware denial of service

> > Oh I get it. > > > > No you don't. > > > You can use a "trust relationship with your > > administrators" to get around the fact that Sun sold a piece of > > hardware which does not provide the isolation they promised in their > > white papers and documentation. > > > > It is a bug. What y

[ MDVSA-2008:207 ] openafs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:207 http://www.mandriva.com/security/

Re: Sun M-class hardware denial of service

> On Sun, Sep 28, 2008 at 08:14:35PM -0600, Theo de Raadt wrote: > > > > OpenBSD of course cannot run in a Solaris zone. > > > > Right. Glad that is clear. > > > OpenBSD can run in a hardware zone, and when something it does (which > > we don't know yet) locks up that hardware zone, the only w

Re: Sun M-class hardware denial of service

On Sun, Sep 28, 2008 at 08:14:16AM -0600, Theo de Raadt wrote: > > the only workaround is to buy a seperate machine for the other uses. > No. > So you buy a machine that can be split up into different machines, and > guess what, you still have to buy extra ones because it doesn't > work. > Un

Re: Sun M-class hardware denial of service

> On Sun, Sep 28, 2008 at 08:14:16AM -0600, Theo de Raadt wrote: > > > > the only workaround is to buy a seperate machine for the other uses. > > > > No. > > > So you buy a machine that can be split up into different machines, and > > guess what, you still have to buy extra ones because it does

Re: Sun M-class hardware denial of service

> and apparently you cannot read the whole message - I said "too bad if > OpenBSD cannot do this"... > > > If you put someone running OpenBSD into a zone, and that zone locks up > > completely and cannot be reset because of a flaw Sun has now admitted, > > then if you NEED that zone back, you have

Re: Sun M-class hardware denial of service

* Theo de Raadt: >> On the other hand, I generally prefer a "trust me, I know what I'm >> doing" switch on the systems I deal with. It's really frustrating if a >> system tries to protect itself from me, and consequently fails to comply >> with the actual requirements in this situation. > > As we

Re: Sun M-class hardware denial of service

> On the other hand, I generally prefer a "trust me, I know what I'm > doing" switch on the systems I deal with. It's really frustrating if a > system tries to protect itself from me, and consequently fails to comply > with the actual requirements in this situation. As well, note that a power-off

Re: Sun M-class hardware denial of service

* Theo de Raadt: > Oh I get it. You can use a "trust relationship with your > administrators" to get around the fact that Sun sold a piece of > hardware which does not provide the isolation they promised in their > white papers and documentation. Quoting from

[security bulletin] HPSBMA02373 SSRT071467 rev.1 - HP Insight Diagnostics, Remote Unauthorized Access to Files

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01561336 Version: 1 HPSBMA02373 SSRT071467 rev.1 - HP Insight Diagnostics, Remote Unauthorized Access to Files NOTICE: The information in this Security Bulletin should be acted upon as soon a

Re: php create_function commond injection vulnerability

There are two main takeaways from this advisory: 1) PHP application programmers can and will misuse this function (CVE-2008-4096, CVE-2007-5423), but most PHP code auditors probably don't check for it yet. So it's good for awareness. 2) Any language that has an equivalent capability for c

Advisory : Opera Window Object Suppressing Remote Denial of Service

Opera Window Object Suppressing Remote Denial of Service. *Version Affected:* Opera 9.52 *Severity:* High *Description:* The opera browser is vulnerable to window object based denial of service attack. The opera fails to sanitize a check when window.close() function is called in number of dynam

Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service.

Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service. *Version Tested:* Mozilla 3.0.3 - 1.9.0 Branch /(Specifically for Latest Version)/ *Severity:* High *Description:* The mozilla firefox is vulnerable to user interface event dispatcher null poi

[oCERT-2008-013] MPlayer Real demuxer heap overflow

2008/09/29 #2008-013 MPlayer Real demuxer heap overflow Description: The MPlayer multimedia player suffers from a vulnerability which could result in arbitrary code execution and at the least, in unexpected process termination. Three integer underflows located in the Real demuxer code can be us

Re: php create_function commond injection vulnerability

On Mon, 29 Sep 2008, [EMAIL PROTECTED] wrote: > On Thu, 25 Sep 2008, [EMAIL PROTECTED] wrote: > > > Are you kidding ? > > > > As the PHP manual said "if you use double quotes there will be a need to > > escape the variable names". > > > > In your example you use a function with double quotes, with

RE: Verizon FIOS (and DSL?) wireless access point insecure default WEP key

It's WEP. What would it matter if the key were not predictable? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine [EMAIL PROTECTED] -Original Message- From: Paul [mailto:[EMAIL PROTECTED] Sen

Re: php create_function commond injection vulnerability

On Thu, 25 Sep 2008, [EMAIL PROTECTED] wrote: Are you kidding ? As the PHP manual said "if you use double quotes there will be a need to escape the variable names". In your example you use a function with double quotes, without escaping the variable $sort_by, so this is not a PHP vulnerabili

Verizon FIOS (and DSL?) wireless access point insecure default WEP key

By default, the 40-bit WEP key for the wireless router provided by Verizon to FiOS (fiber optic) and possibly DSL customers is set to the last 40 bits of the router's 48-bit MAC address. This is significant because the router's MAC address (the MAC address of it's WAN-side ethernet port) is easily

ParsaWeb CMS SQL Injection

## www.BugReport.ir ### # # AmnPardaz Security Research Team # # Title: ParsaWeb CMS SQL Injection # Vendor: http://www.parsagostar.com # Demo: http://cms.parsagostar.com/ # Exploit: Available # Impact: High # Fix: N/A # O

PHP Calendar Script Remote XSS (Permanent) Vulnerabilities

== PHP Calendar Script Remote XSS (Permanent) Vulnerabilities == ,--^--,,-,---^--, | | `' | O .. CWH Undergr