-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions affected: Hadoop 2.6.x and earlier
Description:
HDFS clients interact with a servlet on the DataNode to browse the
is just as vulnerable to all the attacks that I
assume your tool is attempting to mitigate.
It's Monday and I haven't had my tea yet, so maybe I'm missing
something. What is it?
--
Chris Nehren
pgpBv2EfswLYL.pgp
Description: PGP signature
that users take the issue seriously it
is not one which is expected to be particularly urgent.
Credit:
Chris Travers discovered this issue.
Kodak has produced a security patch for ICW that removes this vulnerability.
Customers are encouraged to contact their local Response Center to request this
drop-in patch.
Vulnerability Type: Insufficiently Protected Credentials [CWE-522]
CVE Reference: CVE-2013-2503
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Discovery: Chris John Riley ( http://blog.c22.cc )
Advisory Details:
During research into browser and proxy server handling of HTTP
Hi all,
Can anyone tell me what risk there is around placing an iCompel device
inside of our network?
There is a web interface but there will be no external access. Are
there any known vulnerabilities that our internal users could exploit?
I am not even sure what OS it is running or if it is
invoice number settings can be
overwritten, this problem can run users into regulatory compliance
problems. Users in areas which require gapless numbering of financial
documents need to treat this problem as more severe.
Discovery:
Chris Travers found the problem during work on forthcoming
XSRF
vulnerabilities should probably have their own advisories.
Best Wishes,
Chris Travers
LedgerSMB Core Team
Metatron Technology Consulting
per user, thus
ensuring that sql injection issues do not pose the privilege
escalation issues that are present in prior versions. Thus the impact
of an attack like this is greatly limited. The impact on the
pre-releases should be seen as moderate.
Best Wishes,
Chris Travers
tests by security vendors.
Thank you for your time,
Chris Travers
LedgerSMB Core Team
for LedgerSMB. I expect to send a
full disclosure email discussing the vulnerability in a week.
Best Wishes,
Chris Travers
it is desired.
Imagine if you find a Solaris system running a web server that has a
remote exploit which allows for the execution of arbitrary code. If the
web server happens to be listening on the wildcard interface than you
can very easily insert your own web server in front of it!
--
Chris O'Regan
by
default and provide a system variable to enable the behaviour only when
it is desired.
--
Chris O'Regan ch...@encs.concordia.ca
Senior Unix Systems Administrator, Academic IT Services
Faculty of Engineering and Computer Science
Concordia University, Montreal, Canada
-and-html-encoding-document.aspx
Best regards,
Chris Weber
-Original Message-
From: Trustwave Advisories [mailto:trustwaveadvisor...@trustwave.com]
Sent: Tuesday, February 09, 2010 2:41 PM
To: webapp...@lists.securityfocus.com; websecur...@webappsec.org;
full-disclos...@lists.grok.org.uk
moves in that direction.
I do think we need some sort of HTTP status or other header
information that would tell a browser to clear the auth cache and not
try again.
Best Wishes,
Chris Travers
the proper value should be
determined by each customer. The current default value (3600) which
sets the default value to one hour is way to high though. This issue
will be documented as an issue in future versions of LedgerSMB.
Best Wishes,
Chris Travers
LedgerSMB 1.1.x, this is an excellent reason
to upgrade.
I can confirm this problem for the versions mentioned.
Best Wishes,
Chris Travers
repository this code does not appear there.
Best Wishes,
Chris Travers
, an incorrect guess as to the request
number deletes the user session and requests a password from the user.
To obtain the hotfix either email me at the address mentioned above or
download the most recent file from svn (branches/1.2):
LedgerSMB/Session/DB.pm.
Sincerely,
Chris Travers
The LedgerSMB Team
The POC link isn´t working anymore; chr1x.sectester.net/winrar380_PoC.zip
Could you guys upload it again?
Thank you
the good work!
Chris Schmidt
http://yet-another-dev.blogspot.com
Java Developer and Application Security Analyst
ServiceMagic, Inc.
-Original Message-
From: Inferno [mailto:infe...@securethoughts.com]
Sent: Thursday, August 20, 2009 2:18 AM
To: bugtraq@securityfocus.com
Subject: Bypassing
An early release of 4.0.0 has the same problem!
So Acajoom has a general security issue or the developers were stupid enough to
develop with old code.
: http://scary.beasts.org/security/CESA-2009-008.html
Blog post:
http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-also-fixes-cross-domain.html
(includes 1-click demo)
Cheers
Chris
details: http://scary.beasts.org/security/CESA-2009-006.html
Blog post:
http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html
(includes 1-click demos)
Cheers
Chris
.
New checks are being planned, and new check ideas or contributions are very
welcome. For example:
Unicode transformation hot-spot detection (planned)
User-controllable javascript events (planned)
Contact me with any questions, bugs, or suggestions.
-Chris Weber
://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html
The blog post goes into a little more detail on which attack surfaces
LittleCMS is present, and which system-level defenses mitigate this
vulnerability.
Cheers
Chris
syscall and visa versa. The syscall number
check can get confused and permit a syscall it did not intend to.
Advisory: http://scary.beasts.org/security/CESA-2009-001.html
Blog post:
http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html
Cheers
Chris
://scarybeastsecurity.blogspot.com/2008/12/firefox-cross-domain-text-theft.html
Cheers
Chris
://scarybeastsecurity.blogspot.com/2008/11/firefox-cross-domain-image-theft-and.html
Cheers
Chris
Severity: Medium (Local Privilege Escalation)
Authors: Chris Clark cclark[at]isecpartners[dot]com
Rachel Engel rachel[at]isecpartners[dot]com
Vendor notified: Yes
Public release: 10/10/08
Advisory URL: https://www.isecpartners.com/advisories/2008-02-lenovornr.txt
Summary:
Lenovo
for unlimited data in POST operations
to any screen. Authentication is not required and this can be used to
deny service not only to LedgerSMB but potentially to anything else
running on the server. This was corrected in 1.2.15.
Credit for discovery:
Chris Murtagh
Vulnerability 2: SQL Injection in AR/AP
(with RSS):
http://scarybeastsecurity.blogspot.com/2008/07/buffer-overflow-in-libxslt.html
http://scarybeastsecurity.blogspot.com/
Cheers
Chris
off all the aircon in the
data centre...
cheers,
Chris
--
Simplistix - Content Management, Zope Python Consulting
- http://www.simplistix.co.uk
fair game to expect them to implement
some kind of real security.
cheers,
Chris
--
Simplistix - Content Management, Zope Python Consulting
- http://www.simplistix.co.uk
of the above:
http://scarybeastsecurity.blogspot.com/2008/03/sun-jdk-image-parsing-vulnerabilities.html
Cheers
Chris
-2008-001.html
Cheers
Chris
XML accepting technologies) deployed under JDK6. I haven't had time to
look into common web service frameworks and see how they implement XXE
protection. Might be interesting to look into specific technologies
that broke.
Cheers
Chris
RubyGnome2 0.16.0
Format String Vulnerability In Gtk::MessageDialog
http://em386.blogspot.com
Ruby Gnome2 is a project to provide GTK2 bindings to ruby scripts so you can
write GUI code in less time. There is a format string vulnerability in
Gtk::MessageDialog(). This design flaw does not
that
can actually do anything about this?
cheers,
Chris
--
Simplistix - Content Management, Zope Python Consulting
- http://www.simplistix.co.uk
] /tmp/.bx
sleep 4
rm -rf /tmp/.bx
What's up with this? Last time I downloaded this that wasn't there,
and it's the same version number but different md5.
.. and this file wasn't included.
Chris
Network security professional
[EMAIL PROTECTED]
Computer games don't affect kids. I mean
injection
issues in that application. Our official recommendation for
SQL-Ledger users is to restrict access to database relations to the
least privelege necessary. While this does not entirely solve the
issues, it does limit the damage considerably.
Best Wishes,
Chris Travers
Affected: All Ruby Platforms
Severity: Medium - Compromise of SSL connection integrity
Author: Chris Clark cclark[at]isecpartners[dot]com
Vendor notified: Yes
Public release: Yes
Advisory URL: http://www.isecpartners.com/advisories/2007-006-rubyssl.txt
Summary:
The Ruby Net::HTTP and Net::HTTPS
Streamripper 1.62.1 Security Advisory | http://streamripper.sf.net
Multiple Buffer Overflows
12 August 2007
Chris Rohlf
http://em386.blogspot.com
---
Description
---
Streamripper is a program used to rip streaming media to mp3 format to
your harddrive.
Multiple buffer
that 3-5 lines of code are going to affect
anything.
Let's do something about this!
Terry
import standard.disclaimer;
- --
Chris Stromblad (CEH)
Head of Security Services
Outpost24 UK
90 Long Acre
Covent Garden
London, WC2 E9RZ
- -
Tel: +44 (0) 207 849 3097
Dir
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
Bigby Findrake wrote:
On Wed, 18 Jul 2007, Chris Stromblad wrote:
deletia
One more thing about advisories. I think it would be better to release
them immediately and let people know what they are facing. With public
dissemination
to find a way to fix the vulnerability.
Michael Zalewski is in my opinion someone who is using the bug-traq list
in a way that is meaningful. He brings up topics for discussion that
concern us all. More people should do that.
Anyways, enough ranting.
/ Chris
Gadi Evron wrote:
On Sat, 14 Jul
(such as embezzlement) appear to be tied to any
other legitimate user.
This is the most important security vulnerability since 1.1.5 and all
users are advised to upgrade immediately.
Best Wishes,
Chris Travers
begin:vcard
fn:Chris Travers
n:Travers;Chris
email;internet:[EMAIL PROTECTED]
tel;work:509-888-0220
tel
products or are responsible for the security of
their networks. All questions regarding more information on this
vulnerability can be directed to Chris Travers ( [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] or [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]).
begin:vcard
fn:Chris Travers
n:Travers;Chris
(CCS)
http://www.auto.tuwien.ac.at/~chris/worm07.html
=
Important Dates:
Submission deadline: 24 June, 2007 (23:59 PST)
Acceptance Notification: 07 August, 2007
Camera-ready papers: 22 August, 2007
to find and is:
[EMAIL PROTECTED]
Please do your research next time, and if you actually find a
security problem, let us know so that we can release a patch for it
and credit you on our website with the release announcement. thanks!
-Chris
Gallery Project Manager
--
Chris Kelly
[EMAIL
purposes and that roles need to be isolated into
separate database accounts (which the application does support).
However, this process is cumbersome. The LedgerSMB project intends to
automate this process properly in 1.3.0 (perhaps six months away).
Best Wishes,
Chris Travers
begin:vcard
fn:Chris
,
Chris Travers
begin:vcard
fn:Chris Travers
n:Travers;Chris
email;internet:[EMAIL PROTECTED]
tel;work:509-888-0220
tel;cell:509-630-7794
x-mozilla-html:FALSE
version:2.1
end:vcard
a Perl script named sql-ledger.conf
in the directory above where these scripts are normally stored. So the
username forces the execution of that script, doesn't find a password,
and so allows the user in. Lovely
Best Wishes,
Chris Travers
begin:vcard
fn:Chris Travers
n:Travers;Chris
email
can upgrade to 2.6.26 should do so, and LedgerSMB 1.1 or 1.0 users
should upgrade to 1.1.9. Users who cannot upgrade should configure
their web servers to use http authentication for the admin.pl script in
the main root directory.
Best Wishes,
Chris Travers
begin:vcard
fn:Chris Travers
are advised to upgrade to the latest version, and
all LedgerSMB users using versions prior to 1.1.5 should upgrade as well.
Best Wishes,
Chris Travers
begin:vcard
fn:Chris Travers
n:Travers;Chris
email;internet:[EMAIL PROTECTED]
tel;work:509-888-0220
tel;cell:509-630-7794
x-mozilla-html:FALSE
version
at every
page load, are created on login, and destroyed at logout. Using the
same method, you can add arbitrary Perl code to the end of these files
causing that to be loaded the next time the target user loads a page.
Best Wishes,
Chris Travers
begin:vcard
fn:Chris Travers
n:Travers;Chris
email
Amit Klein wrote:
Chris Anley wrote:
Hi folks,
I've posted a paper that explains a little more here:
http://www.ngssoftware.com/research/papers/Randomness.pdf
Nice paper. I do notice an enumeration loop over 2^16 possible 16-bit
values. This can be improved as following (note
advanced generators such as
the Mersenne twister and SHA1PRNG.
Cheers,
-chris.
--
E-MAIL DISCLAIMER
The information contained in this email and any subsequent
correspondence is private, is solely for the intended recipient(s) and
may contain confidential or privileged information. For those
.
Best Wishes,
Chris Travers
diff -C3 -r sql-ledger-orig/SL/Form.pm sql-ledger/SL/Form.pm
*** sql-ledger-orig/SL/Form.pm 2007-02-05 18:20:34.0 -0800
--- sql-ledger/SL/Form.pm 2007-02-05 18:23:06.0 -0800
***
*** 311,318
if ($self-{callback}) {
! my
, but
it is still not corrected in SQL-Ledger.
There is no workaround to prevent the problem except to hope that those
who are using vulnerable software can be trusted.
I will be sending a full disclosure of the problem, as well as an
unofficial patch to SQL-Ledger in a week.
Best Wishes,
Chris
://127.0.0.1/sql-ledger/login.pl?login=demoscript=-e%3fprint%20STDERR%20%27hello%20world%27%3baction=logout
http://127.0.0.1/sql-ledger/login.pl?login=demoscript=-e%3fprint%20STDERR%20%27hello%20world%27%3baction=logout
Best Wishes,
Chris Travers
Metatron Technology Consulting
begin:vcard
fn:Chris
release
candidates)
http://gallery.svn.sourceforge.net/viewvc/gallery/trunk/gallery/
contrib/phpBB2/modules.php?view=markup
-Chris
Gallery Project Manager
--
Chris Kelly
[EMAIL PROTECTED]
http://ckdake.com/
On Jan 16, 2007, at 8:52 AM, me you wrote
Researchers and vendor contacts should also be aware of the great vendor
dictionary created by OSVDB at http://osvdb.org/vendor_dict.php that
contains many security contact addresses.
-Chris
On Mon, 8 Jan 2007, Steven M. Christey wrote:
We frequently see requests for contact on this mailing
, and that it has been fixed in Gentoo. It isn't meant as
a generic disclosure or advisory.
Sorry if there was any confusion.
--
Chris Gianelloni
Release Engineering Strategic Lead
Alpha/AMD64/x86 Architecture Teams
Games Developer/Council Member/Foundation Trustee
Gentoo Foundation
signature.asc
Last night HD Moore released an exploit module for Metasploit
Framework 3 that exploits a fully patched Windows XP SP2 system, which
includes remote code execution. Previously this was announced on the
Browser Fun blog as a DoS only exploit.
More information at:
should upgrade to the newest versions of these packages at
their earliest convenience.
Credit for this disclosure should go to Chris Murtagh (a private
individual) and Richard Patterson of Quickhelp.
Best Wishes,
Chris Travers
Metatron Technology Consulting
begin:vcard
fn:Chris Travers
Hi all;
I have received many requests from security professions responsible for the
security of Linux distros to move the full disclosure ahead. Now that I am
reasonably sure that the full scope of the problem is known and fixed in
the fix that Chris Murtagh and myself put together, it has been
should post its full advisories to
the list and so should everyone else.
-Chris
1. Bugtraq: Administrivia AOL IM Advisory,
http://seclists.org/bugtraq/2000/Dec/0197.html
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/marquee
/font
/p
/body
/html
--
--
Chris Rothecker
System
Multiple XSS Vulnerabilities exist in vbulletin.com's website that allow the
attacker to gain sensitive credentials for authentication himself as a user on
the forum and site.
The first problem lies in the the site's Sales Form for opening an issue
ticket. Proper sanitation of variables
UBBThreads 5.x,6.x md5 hash disclosure
---
Using XSS such as the one reported earlier:
http://[site]/[ubbpath]/index.php?debug=[xss]
will allow you to inject javascript and steal MD5 Hashes from:
http://[site]/[ubbpath]/editbasic.php
The MD5 is
results were inconsistent. Both SYN and ACK
scans had similar issues.
IMHO this is a feature. I would certainly rather see a port scanner
receiving bogus results rather than accurate info that would assist in a
compromise. Make them work a bit harder and earn it. ;-)
HTH,
Chris
://geo.yahoo.com/serv?s=76001067t=1147288798f=us-w61;
ALT=1 WIDTH=1 HEIGHT=1
Saluti da P4
- --
Chris Horry KG4TSM A conservative is a man with two perfectly
[EMAIL PROTECTED] good legs who, however, has never learned how
http://www.wibble.co.uk to walk forward. -- Franklin D. Roosevelt
There is no such bug and even if I'am wrong, there's already version 4.1.3!
---
Software:
Firefox Web Browser
Tested:
Linux, Windows clients' version 1.5.0.2
Result:
Firefox Remote Code Execution and Denial of Service - Vendor contacted, no
patch yet.
Problem:
A handling issue exists in how Firefox handles certain
and my manpages for rmdir(1) [the utility] and rmdir(2) [the system
call] both say that the directory must be empty (ie, have no entries
other than . or ..).
rmdir(2) should fail and errno should be set to ENOTEMPTY if the
directory is not empty.
On 3/14/06, Steven M. Christey [EMAIL PROTECTED]
The default on 1.5.2, 2.0 and 2.0.1 is to automatically approve comments
without moderation IF the following are true:
- The comment author has filled out name and e-mail (trivial)
- The comment author must have a previously approved comment (not so trivial)
This means the first comment must
02 August 2003
Hardware: D-Link 704p
Vulnerability: Multiple Local/Remote (see below)
Warning Level: Moderate
Description:
This small advisory is on the D-Link 704p router with firmware version
2.70. The router is a small 4 port DSL/CABLE router. Earlier this year I
made a small post on
that a control does not access files, memory,
or registers directly. The only purpose of the Windows Update control is to
access (and update) files directly, so it should not be marked as safe for
scripting.
--
Chris Jackson
Software Engineer
Microsoft MVP
--
understanding of the problem, and preventing
the attacks as far as is possible.
Chris Paget
On Fri, 11 Jul 2003, iDEFENSE Labs wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 07.11.03:
http://www.idefense.com/advisory/07.11.03.txt
Win32 Message Vulnerabilities
allow other vendors to send them CLSIDs to kill. Or maybe they already do
allow this but it is not publicized.
-Chris
Sincerely,
Jason Coombs
[EMAIL PROTECTED]
you reset the router.
--
i sent an email to dlink containing a copy of this post. Thanx
--
--chris
www.securityindex.net
-apex security group-
On 7/1/03 2:58 am, Floyd Russell [EMAIL PROTECTED] wrote:
Negative on Windows 98 SE
No problems with Mac OS X 10.2.3, which also contains an OpenType engine.
Cheers,
Chris
=Haxor; filename=../../../tmp/haxor.html
HTML
HEADTITLEHaxor/TITLE/HEAD
BODYH1This page should not be here/H1/BODY
/HTML
--#123456789#multipart#boundary#1234567890#--
=request end
Best Regards,
Chris Leishman
msg10509/pgp0.pgp
Description: PGP signature
in switching, running something other than BIND is looking
good).
--
Chris Adams [EMAIL PROTECTED]
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
]
-Chris
On Tue, 5 Nov 2002, Steven M. Christey wrote:
On the full-disclosure list, low halo asked:
Could someone please give me the security contact address for Oracle
Corporation? It seems as though their marketing department's
Unbreakable slogan makes them think that its OK to bury
carefully that
there is a few more parts in it which needs to be rewritten. So if you
run a KDC, please protect it carefully! There will probably be new realeases of
Heimdal out in a week or so.
Please upgrade your systems ASAP becase this is a really serios problem!
--Chris
--
Powered
.
A lengthier advisory can be found at
http://www.ngssoftware.com/advisories/snmp_dos.txt
Once again, this is an old bug, fixed in Windows 2000 SP3. I'm publishing
this so folks with pre-sp3 boxes are aware of the issue.
-chris.
is allowed to access the network. Some clever
shellcode can then do whatever you'd like.
Chris
--
Chris Paget
[EMAIL PROTECTED]
end the VNC session (But not the
shellcode, which stayed functional)).
SUMMARY DESCRIPTION:
After reading up on the 'shatter' class of Win32 API exploits discovered
by Chris Paget (aka Foon), I decided to see what other programs
immediately leapt out at me as being potentially vulnerable
someone...
This appears to be corrected in Winamp 2.80, as i was
unable to get the exploit functional.
- Chris ([EMAIL PROTECTED])
http://linux.box.sk/
http://blacksun.box.sk/
__
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http
of releasing the advisory. If that doesn't happen,
things are going to get messy.
Chris
--
Chris Paget
[EMAIL PROTECTED]
On Wed, 31 Jul 2002 11:15:27 -0400 (EDT), Greg A. Woods wrote:
[ On Wednesday, July 31, 2002 at 11:34:57 (+0100), Chris Paget wrote: ]
Subject: Re: It takes two to tango
Does V still have the right to sue R?
Absolutely not. They were given more than fair notice.
According to the CNet
(Q216562)
http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q216562
-Chris
Systems Affected: All ISAs written using MFC ISAPI framework
Issue: User-input length values can result in a buffer overflow.
Risk: Critical
Scope: Remote Server Compromise
The MFC ISAPI framework
, comments, flames etc will
be gratefully received. Well, received, anyhow. :o)
-chris.
Quick clarification on several points based on emails that I've received:
1) We did notify Apache before going public. ISS X-Force emailed
Apache in the morning at 9:44am regarding this Advisory. We waited until
the afternoon before sending to Bugtraq for approval and finally reaching
the
PROTECTED]) and freeshmat.
Why do you broadcast the Bug-Report but not the Fix-Report?
I am really angry about that. It looks as if I do not take
error-reports seriously.
Chris
--
Chris Huebsch www.huebsch-gemacht.de
TU Chemnitz, Str. d. Nationen 62, 1/B204
D-09107 Chemnitz --- +49 371 531
more, when I can get a more
controlled target environment -- I apologize for the haste of this
update. Thanks to Dug for the strings -- 1 byte is really small! If
anyone gets to experiment with this before I do, please, share your
findings.
--Chris
of our clients for
donating some time on a few external dev boxes for a few trial runs, and
thanks to the ISS team for their continuing efforts with the ICECap
suite.
--Chris
Chris Deibler, CISSP
Senior Security Consultant
VigilantMinds Inc.
Office 412
picked off the cuff. Know of any papers that measure
the avg and std deviation of TTLs on normal internet traffic across a
large sample and I'll be your buddy.
--
Chris Green [EMAIL PROTECTED]
Yeah, but you're taking the universe out of context.
1 - 100 of 155 matches
Mail list logo