Re: uTorrent overflow
On Sat, Jun 02, 2007 at 08:15:09PM -, [EMAIL PROTECTED] wrote: > if [ "$X" = "y" ];then > telnet $victamIP $victamport Um, is it just me, or does this "exploit" do nothing at all?
IE 6/Microsoft Html Popup Window (mshtml.dll) DoS
IE 6/Microsoft Html Popup Window (mshtml.dll) DoS Affected Software : MS Internet Explorer 6.x Overview: - An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer version 6(.x) . PoC (HTML) -- IE6 / MS Html Popup Window Crash ! Hessamx Credit -- Discovered By Hessam Salehi (Hessamx) Simorgh Security Team / www.simorgh-ev.org
Remote log injection on DenyHosts, Fail2ban and BlockHosts
Hi List, DenyHosts, Fail2ban and BlockHosts are vulnerable to remote log injection that can lead to arbitrarily injection of IP addresses in /etc/hosts.deny. To make it more "interesting", not only IP addresses can be added, but also the wild card "all", causing it to block the whole Internet out of the box (bypassing white lists) -- see DenyHosts exploit example. The following paper discuss these issues and contain the available patches for them: http://www.ossec.net/en/attacking-loganalysis.html Snippet from the article: " The purpose of this article is to point out some vulnerabilities that I found on open source log analysis tools aimed to stop brute force scans against SSH and ftp services. Since these tools also perform active response (automatically blocking the offending IP address), they would be good examples. However, any tool that parse logs can be equally vulnerable. We will show three 0-day denial-of-service attacks caused by remote log injection on BlockHosts, DenyHosts and fail2ban. This paper talks about remote log injection, where an external attacker can modify a log, based on the input it provides to an application (in our case OpenSSH and vsftpd). By modifying the way the application logs, we are able to attack these log analysis tools. We are not talking about local log modification or "syslog injection". " Links to these tools: http://denyhosts.sourceforge.net/ http://www.aczoom.com/cms/blockhosts http://www.fail2ban.org Link to the article: http://www.ossec.net/en/attacking-loganalysis.html Available patches: http://www.ossec.net/en/attacking-loganalysis.html#patches Thanks, -- Daniel B. Cid dcid ( at ) ossec.net
Re: uTorrent overflow
this exploit work only when you hold the enter key byee
[ GLSA 200706-02 ] Evolution: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200706-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Evolution: User-assisted execution of arbitrary code Date: June 06, 2007 Bugs: #170879 ID: 200706-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in Evolution allowing for the execution of arbitrary code. Background == Evolution is the mail client of the GNOME desktop environment. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 mail-client/evolution < 2.8.3-r2 >= 2.8.3-r2 Description === Ulf Härnhammar from Secunia Research has discovered a format string error in the write_html() function in the file calendar/gui/e-cal-component-memo-preview.c. Impact == A remote attacker could entice a user to open a specially crafted shared memo, possibly resulting in the execution of arbitrary code with the privileges of the user running Evolution. Workaround == There is no known workaround at this time. Resolution == All Evolution users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/evolution-2.8.3-r2" References == [ 1 ] CVE-2007-1002 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1002 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200706-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp1jSQe7bIzN.pgp Description: PGP signature
[ GLSA 200706-03 ] ELinks: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200706-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ELinks: User-assisted execution of arbitrary code Date: June 06, 2007 Bugs: #177512 ID: 200706-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in ELinks allowing for the user-assisted execution of arbitrary code. Background == ELinks is a text-mode web browser. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 www-client/elinks < 0.11.2-r1 >= 0.11.2-r1 Description === Arnaud Giersch discovered that the "add_filename_to_string()" function in file intl/gettext/loadmsgcat.c uses an untrusted relative path, allowing for a format string attack with a malicious .po file. Impact == A local attacker could entice a user to run ELinks in a specially crafted directory environment containing a malicious ".po" file, possibly resulting in the execution of arbitrary code with the privileges of the user running ELinks. Workaround == There is no known workaround at this time. Resolution == All ELinks users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/elinks-0.11.2-r1" References == [ 1 ] CVE-2007-2027 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2027 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200706-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpA9NucCeRPw.pgp Description: PGP signature
IE 6 / MS Office Outlook Express Address Book Activex DoS
IE 6 / MS Office Outlook Express Address Book Activex DoS Affected Software : MS Internet Explorer 6.x Overview: - when a browser use MS outlook Express Address book ActiveX , crash the browser immediately. An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer version 6(.x) . PoC (HTML) -- Microsoft Office Outlook Express Address Book DoS Hessamx Credit -- Discovered By Hessam Salehi (Hessamx) Simorgh Security Team / www.simorgh-ev.org
Light Blog 4.1 XSS Vulnerability
Application: Light Blog Web Site: http://www.publicwarehouse.co.uk/php_scripts/lightblog.php Versions: 4.1 Platform: linux, windows, freebsd, sun Bug: Cross site Scripting (XSS) Fix Available: Yes (fixed with the Same version number. download file now called LightBlog.zip instead of Light.zip) Advisory File: http://www.secvsn.com/content/Advisories/sr-060607-lightblog.html --- 1) Introduction 2) Bug 3) The Code 4) Fix 5) About Serapis 6) Disclaimer === 1) Introduction === "Version 4 has been completely remade. Security flaws have been fixed and countless features have been added Light Blog is a blogging system which uses text files to store it's data. All general blog features are available, which include, comments (with validation code to stop spam), admin control panel, BBCode and emoticons, pages and a full set of settings editable from the admin control panel. Light blog can easily use the design of your website with the use of the header, footer and style sheet." == 2) Bug == Cross Site Scripting. === 3) Proof of concept. === example: http://site/app_path/add_comment.php?id=>">alert(1234567576)%3B = 4) Fix = fillit 5) About Serapis.net www.Serapis.net - is a portal dedicated to monitoring web defacements, tracking defacements around the world 24/7. serapis is the R&D Site of Secure Vision. == 6) Disclaimer == The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. http://www.serapis.net- Web Site. http://calima.serapis.net/blogs/ - Web defacements blog. http://www.secvsn.com - SecureVision Web Site
FLEA-2007-0021-2: madwifi
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0021-2 Published: 2007-05-24 Updated: 21007-06-06 The previously released version of madwifi which fixes this security issue erroneously did not contain the kernel modules necessary for madwifi to properly function Rating: Major Updated Versions: madwifi=/[EMAIL PROTECTED]:devel//fl:desktop//[EMAIL PROTECTED]:1-devel//1/0.9.3.1-0.0.1.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3-0.1-6 References: http://secunia.com/advisories/25339/ Description: Previous versions of the madwifi kernel module were vulnerable to three issues whereby malicious remote users can cause a crash via specially formed packets sent to the vulnerable system. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUBRmbtidfwEn07iAtZAQJEoBAAlll6KJAXOLCJXs+UF48xasfRdaXiP9px KCd0ljj5qgq9DJoewOoyeuuoXUfZxy9tUG35kvUwyUwGDt3CwZ6ISQPG8qRmtqLO xcxNh42NPQ6R9A+cJGJLSo63YcQDeUaaVGKUfyWDH1PXphcYRsIGyjaiMuEC10GZ UIzsSSfsuar4bKShkAIp7y4np5gc7h97WLR3lawBNtIqXmnjK46FjKF0GBpdMeml nC2ZBB/8LDeSR5ESOb30sKMYL/d/It2v2/DyS29tToVr1uyFIjHGyQBAidUIS7+K PpRW6l/XRJyemqgflXjjAvU/IW71JdwNbQEbZ8HaHKeR7ax5DOJRE64u6s8vVBEG fbqfCWYasPiYCyeTyjVyZT5XTvhlpnu/25PN7/XIfH4Jjvi+xvXFT8bbzOwCJ03s xK1MZ9s6c0Hv5N1fYkHv72A6LuxUsgzjGCIh/HrdU0BZnKMlQUZohPC1LiSZoIXg 6PfkoNFmcOQocOLmB9hR8Xuk61EHLMnIUh1Lx2vor+bV5izgMixCFiVUyJxFU7ZR oCXmye72hIB09ZNjU1TWBzA1R3AKV5L7Tdch09lA7JATMYNQGd1cnbI3wxdV5cOI mlbpVS/RZLw26bMpGitSDgSJ5/+X0m83AkZt8EOrWpRqlQhGEL0ySAOwQQmEyTTO CDKh1RKmlFs= =85g3 -END PGP SIGNATURE-
ASP Folder Gallery Vulnerabilities
Discovered by freeprotect.net member Vendor site: http://www.tenyearsgone.com Exploit: http://target/aspfoldergallery/download_script.asp?file=viewimage.asp This can use to exploit other web applications.
Announce - Release RFIDIOt ver 0.1n (June 2007)
Folks, This is a quick and dirty release to try and get some feedback on e-passports. From the CHANGES: v0.n: add CLONE mode to 'unique.py' make 'mrpkey.py' more intelligent about reading passport contents: read all data groups extract image from CBEFF block in EF.DG2 extract public key certificate from EF.SOD (requires openssl installation) add asn.1 field length encoding rules add 'sod.py' tool for brute force finding of certificates in EF_SOD.BIN (requires openssl installation) New release can be downloaded from http://rfidiot.org Since I only have a couple of passports for testing it would be useful to hear from those who have foreign passports if my new code works better (should now extract any country's images/data without tweaking), or if I've totally broken it! The other major enhancement is extraction of public key certificates from the Security Object. Contents can be quite revealing and I'll post all the ones I've got on the website. Please send me any that you manage to extract. Here is example output of the extraction process on a UK passport: Reading: EF.SOD Document Security Object File Length: 1925 Reading: 0 Stored in /tmp/EF_SOD.BIN Certificate: Data: Version: 3 (0x2) Serial Number: 1119353116 (0x42b7f91c) Signature Algorithm: sha256WithRSAEncryption Issuer: C=gb, O=UKKPA, CN=Country Signing Authority Validity Not Before: May 22 12:43:30 2006 GMT Not After : Sep 21 01:13:30 2017 GMT Subject: C=gb, O=ukps, OU=london, CN=Document Signing Key 35 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:b8:00:3e:3d:b3:19:fe:b0:91:3a:4a:87:55:b1: 59:46:ec:b4:8d:91:9a:e9:c4:b3:29:a0:1a:ce:bc: 7a:21:16:87:42:83:79:fe:62:19:ba:db:41:60:68: 0b:25:17:b8:f5:59:e4:15:af:30:cf:f4:fe:c7:5e: 0e:27:42:8a:63:ba:3e:16:53:77:ba:23:df:68:fe: 45:1c:08:e2:6e:99:c9:12:00:fa:61:a0:3b:3c:a6: c1:46:42:d7:88:64:5f:6c:d3:9d:e9:95:5b:95:eb: be:e2:3c:60:48:e6:48:af:0a:62:55:4b:7e:91:90: de:ad:61:f1:83:27:67:b1:31:15:8e:53:0d:b0:f7: a4:7d:24:9d:20:5d:b6:1c:ea:a7:25:f5:a4:ea:40: 78:32:10:07:9c:51:bb:3a:2a:e2:b6:b9:38:26:5d: 73:46:3b:2b:3b:28:ef:dc:52:79:a1:d7:ed:d7:5f: 72:18:13:86:a9:a2:99:8f:38:6a:f0:ff:63:8d:7e: 76:c6:b2:cc:dd:bb:ff:21:34:d4:b1:7a:aa:59:1d: fa:4f:32:8a:c9:cb:ac:e8:d4:2c:6a:5c:8c:5b:fe: 12:6b:fa:1a:ca:d3:27:99:b6:94:d2:57:cd:0a:d1: b1:49:2c:54:d1:3e:bd:04:07:75:32:00:86:13:90: 16:ad Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Private Key Usage Period: Not Before: May 22 13:13:30 2006 GMT, Not After: Aug 24 13:13:30 2006 GMT X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: DirName:/C=gb/O=UKKPA/CN=Country Signing Authority/CN=CRL1 X509v3 Authority Key Identifier: keyid:3B:34:6F:4A:F5:6C:7F:8C:C4:C6:46:5F:F8:24:F8:30:9A:D2:18:C0 X509v3 Subject Key Identifier: BC:9E:2A:37:08:C6:B3:C4:12:A1:E8:BF:69:44:C1:76:0F:95:43:C5 Signature Algorithm: sha256WithRSAEncryption 42:60:0c:94:d7:ce:0e:a6:8d:2d:7c:1a:c2:6d:e6:be:7c:94: 14:2a:68:27:c2:93:c5:51:8e:77:f2:79:91:1f:5e:27:b6:85: 7d:78:40:7c:f4:0f:00:34:fa:31:49:f0:72:05:d1:32:3d:89: 33:82:32:85:86:8e:cd:55:ff:35:62:17:ff:c5:82:15:73:ba: 13:df:a8:d6:c6:06:08:98:44:bc:10:d8:7d:b3:59:a5:3e:06: e4:e3:81:fd:7e:60:87:02:ae:15:f9:50:5f:8d:7f:32:d3:eb: d4:ec:42:2f:e8:54:c4:16:85:75:a8:7b:15:3d:66:34:ff:d9: cc:57:ed:89:36:d9:32:ab:4b:74:4f:14:64:47:a5:9e:68:09: 07:21:33:d3:e8:8f:34:1c:e7:c5:c0:41:32:2a:a7:d0:19:0b: b9:6f:18:7c:fb:06:5b:57:66:c4:38:fc:1a:02:38:84:5e:1f: c3:c7:d6:74:4b:a3:c5:e0:91:11:5e:c0:0f:a9:ff:37:b0:7b: 60:ec:f0:5d:4b:02:ee:f4:e5:48:ca:06:0d:fb:68:cc:03:b1: fd:a6:86:26:27:bf:e1:5a:06:a9:60:88:b5:73:5b:0c:c0:e7: 58:59:e8:9c:3d:5f:b9:31:c1:79:7e:4f:b2:27:8d:c6:d0:21: 64:df:2c:5d:0b:db:af:1f:b2:ee:d5:b3:90:b1:b0:cd:a6:6a: 69:b5:a6:6a:02:d7:f1:ce:26:18:33:f7:c7:15:c8:61:93:8a: 29:3a:49:71:0d:c2:88:76:2f:c0:79:7e:d6:92:60:2f:5b:14: e6:fd:d8:98:a5:93:71:7d:55:45:a3:63:d8:f2:be:97:76:5b: c3:70:14:8c:c4:e2:fc:a9:22:2a:7e:d9:a1:0a:47:48:fc:f9: 36:b7:c6:02:f7:2b:26:07:2c:02:9d:27:e3:3f:03:24:be:79: d7:21:f4:b1:07:e2:76:f2:e5:54:ff:8b:f0:cf:87:2c:fb:5c: f6:ce:10:3d:ce:76:fb:86:87:0c:4b:86:55:83:85:1b:59:50: 08:46:5
iDefense Security Advisory 06.05.07: Symantec Ghost Multiple Denial of Service Vulnerabilities
Symantec Ghost Multiple Denial of Service Vulnerabilities iDefense Security Advisory 06.05.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 05, 2007 I. BACKGROUND Symantec Ghost Solution Suite is an enterprise disk imaging software that allows administrators to remotely back-up and restore client computers from a central server. More information is available from the vendors site at the following URL. http://www.symantec.com/enterprise/products/overview.jsp?pcid=1025&pvid=865_1 II. DESCRIPTION Remote exploitation of multiple denial of service vulnerabilities in Symantec Corp.'s Ghost could allow remote attackers to crash the Ghost service. These vulnerabilities affect both the client and server daemons due to what looks like a shared communications library. The daemons listen on UDP ports 1346, and 1347 respectively. By sending a malformed UDP-based request to either service, an attacker can cause the service to crash due to an invalid memory reference. This condition can be caused by any of several unique requests. In each case, the particular cause for the access violation varies. III. ANALYSIS Exploitation allows remote attackers to crash the Ghost client or server applications. The UDP packets can be multicast to an entire sub-net taking down all processes with one packet. Authentication is not required. Since it is a UDP packet, it is trivial for the attacker to mask the origin of the attack by forging the source IP address in the packet header. By default, the Ghost services are not set to auto restart in the event of failure. Regardless, exploitation would likely abort any Ghost procedures currently in progress when the crash occurred. IV. DETECTION iDefense confirmed the existence of these vulnerabilities using Symantec Ghost version 8.0.992 (as supplied with Ghost Solution Suite). Other versions may be vulnerable as well. V. WORKAROUND Employing firewalls to limit access to the client and server daemons can help prevent exploitation of these vulnerabilities. However, attackers could potentially bypass firewall rules by forging the origin of attack. VI. VENDOR RESPONSE Symantec has addressed this vulnerability with a software update. For more information consult their advisory at the following URL. http://www.symantec.com/avcenter/security/Content/2007.06.05b.html VII. CVE INFORMATION A Mitre Corp. Common Vulnerabilities and Exposures (CVE) number has not been assigned yet. VIII. DISCLOSURE TIMELINE 12/13/2006 Initial vendor notification 12/13/2006 Initial vendor response 06/05/2007 Coordinated public disclosure IX. CREDIT This vulnerability was reported to iDefense by Pravus. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2007 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail [EMAIL PROTECTED] for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
[USN-469-1] Thunderbird vulnerabilities
=== Ubuntu Security Notice USN-469-1 June 05, 2007 mozilla-thunderbird vulnerabilities CVE-2007-1558, CVE-2007-2867, CVE-2007-2868 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: mozilla-thunderbird 1.5.0.12-0ubuntu0.6.06 Ubuntu 6.10: mozilla-thunderbird 1.5.0.12-0ubuntu0.6.10 Ubuntu 7.04: mozilla-thunderbird 1.5.0.12-0ubuntu0.7.04 After a standard system upgrade you need to restart Thunderbird to effect the necessary changes. Details follow: Gaëtan Leurent showed a weakness in APOP authentication. An attacker posing as a trusted server could recover portions of the user's password via multiple authentication attempts. (CVE-2007-1558) Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious email, an attacker could execute arbitrary code with the user's privileges. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2007-2867, CVE-2007-2868) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06.diff.gz Size/MD5: 455017 6134996c92b001015b30150c2dc1ebc9 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06.dsc Size/MD5: 1603 a28b5d142a6f31040ed31e9a6d6bc89f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12.orig.tar.gz Size/MD5: 36087822 b4da2245a3b9e9aba57458892ccb4432 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_amd64.deb Size/MD5: 3536144 14ea0a1977a5320fd835fd001d67346f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_amd64.deb Size/MD5: 194244 8b458963ac0651ed0cd6391eff22 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_amd64.deb Size/MD5:59492 f72ea0bdf598e970be1fc2bc4c13aca5 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06_amd64.deb Size/MD5: 12072898 5c56a62ecebbd04b0d5800e02bb0f962 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_i386.deb Size/MD5: 3529200 7e19aa6138e8feed5cff6d838b6028a9 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_i386.deb Size/MD5: 187602 6820a2a671a38afd15a0f6a85d836e1a http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_i386.deb Size/MD5:55014 7bafe57ee68339de3cd6b652b38f732e http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06_i386.deb Size/MD5: 10348548 b9681e3ee16c04c08339ec2ef01a6c88 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_powerpc.deb Size/MD5: 3534496 3c48628681299abaee19fc0beba5ab78 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_powerpc.deb Size/MD5: 190946 fbbcce5b8063cb919394a9eb6606be14 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_powerpc.deb Size/MD5:58594 feced950d4786dca229a3311d78ebd92 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06_powerpc.deb Size/MD5: 11625662 84c92da6096228d1e9d9b88bd7b04175 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_sparc.deb Size/MD5: 3531010 bcc28364913ee9a39fcbe927c18c63b6 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_sparc.deb Size/MD5: 188396 269be710a7fba93ef6b097b2b9fff9db http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_sparc.deb
[ MDKSA-2007:117 ] - Updated lha packages fix unsafe temporary files creation issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:117 http://www.mandriva.com/security/ ___ Package : lha Date: June 5, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 ___ Problem Description: lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked. Updated packages have been patched to prevent this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2030 ___ Updated Packages: Mandriva Linux 2007.0: 1a86c72a37b9b75f20a1846afe078b7c 2007.0/i586/lha-1.14i-12.1mdv2007.0.i586.rpm e59b67dcbf26ce47367ad72392c02703 2007.0/SRPMS/lha-1.14i-12.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 8b9b38a7af95e1c9b2736fad57072055 2007.0/x86_64/lha-1.14i-12.1mdv2007.0.x86_64.rpm e59b67dcbf26ce47367ad72392c02703 2007.0/SRPMS/lha-1.14i-12.1mdv2007.0.src.rpm Mandriva Linux 2007.1: 2939b2af40f5d40ac7825ae8574b578e 2007.1/i586/lha-1.14i-12.1mdv2007.1.i586.rpm fcf1366bdb3b01a0380f2f69a264f5dc 2007.1/SRPMS/lha-1.14i-12.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: e74b2ff470799f29d4f4ab4abd98cf2e 2007.1/x86_64/lha-1.14i-12.1mdv2007.1.x86_64.rpm fcf1366bdb3b01a0380f2f69a264f5dc 2007.1/SRPMS/lha-1.14i-12.1mdv2007.1.src.rpm Corporate 3.0: 751fdee1c1570cf7ca69e5615d54256a corporate/3.0/i586/lha-1.14i-11.1.C30mdk.i586.rpm e7a018aec6d42cf0c5dc04e05fd60d02 corporate/3.0/SRPMS/lha-1.14i-11.1.C30mdk.src.rpm Corporate 3.0/X86_64: 449a040f7019656ef825527791a40255 corporate/3.0/x86_64/lha-1.14i-11.1.C30mdk.x86_64.rpm e7a018aec6d42cf0c5dc04e05fd60d02 corporate/3.0/SRPMS/lha-1.14i-11.1.C30mdk.src.rpm Corporate 4.0: d1dc05e42fed62f99cfcc17760b345f0 corporate/4.0/i586/lha-1.14i-11.1.20060mlcs4.i586.rpm c1448318b2a31a5b6654a12113ef7d70 corporate/4.0/SRPMS/lha-1.14i-11.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: a8835efff6d4124ede93111512f04685 corporate/4.0/x86_64/lha-1.14i-11.1.20060mlcs4.x86_64.rpm c1448318b2a31a5b6654a12113ef7d70 corporate/4.0/SRPMS/lha-1.14i-11.1.20060mlcs4.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGZhl7mqjQ0CJFipgRAn1qAKCpKFYL4L2hqkWddpFcC9MSKmUIcwCgw3Il lloGhPv2KPR/cTwu3lJntgY= =4M4s -END PGP SIGNATURE-
Re: Dansie Cart Script Exploit Reported
This advisory is an incomplete cut-and-paste from of a post to Bugtraq in April 2000 by "Joe" at BLARG.NET: Back Door in Commercial Shopping Cart http://archives.neohapsis.com/archives/bugtraq/2000-04/0051.html CVE-2000-0252 BID:1115 XF:dansie-shell-metacharacters(4975) - Steve
[ MDKSA-2007:116 ] - Updated libpng packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:116 http://www.mandriva.com/security/ ___ Package : libpng Date: June 5, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 ___ Problem Description: A flaw how libpng handled malformed images was discovered. An attacker able to create a carefully crafted PNG image could cause an application linked with libpng to crash when the file was manipulated. The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445 http://www.cert.org/advisories/684664 ___ Updated Packages: Mandriva Linux 2007.0: 4483193885966f919f283594719a0a90 2007.0/i586/libpng3-1.2.12-2.3mdv2007.0.i586.rpm d13427f7a6494c82a8becec26aaa158f 2007.0/i586/libpng3-devel-1.2.12-2.3mdv2007.0.i586.rpm 86e2b902df20f46bbab8c198be7bb623 2007.0/i586/libpng3-static-devel-1.2.12-2.3mdv2007.0.i586.rpm 2351bce470227141eecf5a3adb303ce7 2007.0/SRPMS/libpng-1.2.12-2.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 80168137deb6e23d5a2fb6e8f3abc2ef 2007.0/x86_64/lib64png3-1.2.12-2.3mdv2007.0.x86_64.rpm b45baf5195b6ffd1d32b5829ff861b50 2007.0/x86_64/lib64png3-devel-1.2.12-2.3mdv2007.0.x86_64.rpm 9e4f1d18db609adc5c2f92629814e360 2007.0/x86_64/lib64png3-static-devel-1.2.12-2.3mdv2007.0.x86_64.rpm 2351bce470227141eecf5a3adb303ce7 2007.0/SRPMS/libpng-1.2.12-2.3mdv2007.0.src.rpm Mandriva Linux 2007.1: 300ed9a63f60a1ee16ce4e5caa71f96b 2007.1/i586/libpng3-1.2.13-2.1mdv2007.1.i586.rpm fdd3c3cefc587622382d37cd5fe2795e 2007.1/i586/libpng3-devel-1.2.13-2.1mdv2007.1.i586.rpm d6b13aa08877aec2aaf165203d2a6817 2007.1/i586/libpng3-static-devel-1.2.13-2.1mdv2007.1.i586.rpm 00e882bf543c8730d656417304f3b4e1 2007.1/SRPMS/libpng-1.2.13-2.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: f1289336b45eb58bc2975011086fbfa9 2007.1/x86_64/lib64png3-1.2.13-2.1mdv2007.1.x86_64.rpm 8dc0504ac8c6ed8e6c5f641c738df144 2007.1/x86_64/lib64png3-devel-1.2.13-2.1mdv2007.1.x86_64.rpm d0b9f63131ecbfe01db295d15903fd40 2007.1/x86_64/lib64png3-static-devel-1.2.13-2.1mdv2007.1.x86_64.rpm 00e882bf543c8730d656417304f3b4e1 2007.1/SRPMS/libpng-1.2.13-2.1mdv2007.1.src.rpm Corporate 3.0: 9c0077ae596e6a2340ed6e08ab6c437c corporate/3.0/i586/libpng3-1.2.5-10.8.C30mdk.i586.rpm 2f44c9f5639aff57948b64cf845efa39 corporate/3.0/i586/libpng3-devel-1.2.5-10.8.C30mdk.i586.rpm e1638f0497b35341796bb74ccb5a95e7 corporate/3.0/i586/libpng3-static-devel-1.2.5-10.8.C30mdk.i586.rpm 5905453feaf135e67bbdf4fecbc55335 corporate/3.0/SRPMS/libpng-1.2.5-10.8.C30mdk.src.rpm Corporate 3.0/X86_64: 632b1254a5b2ee4def5ac2f98bc7bd4c corporate/3.0/x86_64/lib64png3-1.2.5-10.8.C30mdk.x86_64.rpm b4ad3f3a34be89a22c7bdfcb8b9f351d corporate/3.0/x86_64/lib64png3-devel-1.2.5-10.8.C30mdk.x86_64.rpm 419f3faddaeb3cbfa3ca020630858682 corporate/3.0/x86_64/lib64png3-static-devel-1.2.5-10.8.C30mdk.x86_64.rpm 5905453feaf135e67bbdf4fecbc55335 corporate/3.0/SRPMS/libpng-1.2.5-10.8.C30mdk.src.rpm Corporate 4.0: a444aa0f9b3c0e5bac0562b3274806a5 corporate/4.0/i586/libpng3-1.2.8-1.3.20060mlcs4.i586.rpm 25542984f9b920e9ab9197d383c201b9 corporate/4.0/i586/libpng3-devel-1.2.8-1.3.20060mlcs4.i586.rpm a0c238ea1c16f892b704b5055fcc340d corporate/4.0/i586/libpng3-static-devel-1.2.8-1.3.20060mlcs4.i586.rpm 9442bef36dbda9e9518ce367a7569d90 corporate/4.0/SRPMS/libpng-1.2.8-1.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 2ff58096a6a2961e15719aa35107fda6 corporate/4.0/x86_64/lib64png3-1.2.8-1.3.20060mlcs4.x86_64.rpm 78ecdacb1033eecfbf48e464d3106bb1 corporate/4.0/x86_64/lib64png3-devel-1.2.8-1.3.20060mlcs4.x86_64.rpm 85ee7effc74676da27c1c2c1219b97a7 corporate/4.0/x86_64/lib64png3-static-devel-1.2.8-1.3.20060mlcs4.x86_64.rpm 9442bef36dbda9e9518ce367a7569d90 corporate/4.0/SRPMS/libpng-1.2.8-1.3.20060mlcs4.src.rpm Multi Network Firewall 2.0: ea358d9ef4e412851f89abac96d015b7 mnf/2.0/i586/libpng3-1.2.5-10.8.M20mdk.i586.rpm 3068b2316e8225377b88dcaedbadb878 mnf/2.0/SRPMS/libpng-1.2.5-10.8.M20mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Li
[ MDKSA-2007:114 ] - Updated file packages fix vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:114 http://www.mandriva.com/security/ ___ Package : file Date: June 5, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 ___ Problem Description: The update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer overflow in the file_printf() function, introduced a new integer overflow as reported by Colin Percival. This flaw, if an atacker could trick a user into running file on a specially crafted file, could possibly lead to the execution of arbitrary code with the privileges of the user running file (CVE-2007-2799). As well, in file 4.20, flawed regular expressions to identify OS/2 REXX files could lead to a denial of service via CPU consumption (CVE-2007-2026). The updated packages have been patched to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2026 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2799 ___ Updated Packages: Mandriva Linux 2007.0: 3da3923de6da550bab34801eef616c65 2007.0/i586/file-4.17-2.2mdv2007.0.i586.rpm cdda9efd3b6b29b3bd959c27b9b4ff45 2007.0/i586/libmagic1-4.17-2.2mdv2007.0.i586.rpm 7a7639ae8578d60800a3606ea7846046 2007.0/i586/libmagic1-devel-4.17-2.2mdv2007.0.i586.rpm b88d355059a7abaa684ca4ccd2902f5e 2007.0/i586/libmagic1-static-devel-4.17-2.2mdv2007.0.i586.rpm 8be4b2fc01aae6687cea3d32bf13adec 2007.0/i586/python-magic-4.17-2.2mdv2007.0.i586.rpm 0faac11bd3ceb07623dcc538259b4920 2007.0/SRPMS/file-4.17-2.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 7b236e74e29e7322a63db012508f4ff7 2007.0/x86_64/file-4.17-2.2mdv2007.0.x86_64.rpm c9ee191afb3c4f13989aecc4c0550a64 2007.0/x86_64/lib64magic1-4.17-2.2mdv2007.0.x86_64.rpm 895f9822301c950fa52b34a8f1e6458d 2007.0/x86_64/lib64magic1-devel-4.17-2.2mdv2007.0.x86_64.rpm a667f8207f61a7407ad3434e779cd2a3 2007.0/x86_64/lib64magic1-static-devel-4.17-2.2mdv2007.0.x86_64.rpm 87b499c21853acc87c968c6a24a5f0d4 2007.0/x86_64/python-magic-4.17-2.2mdv2007.0.x86_64.rpm 0faac11bd3ceb07623dcc538259b4920 2007.0/SRPMS/file-4.17-2.2mdv2007.0.src.rpm Mandriva Linux 2007.1: 0f340f48900656e4d393c26f41cfd24a 2007.1/i586/file-4.20-1.1mdv2007.1.i586.rpm d690cf39a2b9d4bce78eb3ba76f89034 2007.1/i586/libmagic1-4.20-1.1mdv2007.1.i586.rpm adf38bdec1118a46cbc8063cd1c87bfd 2007.1/i586/libmagic1-devel-4.20-1.1mdv2007.1.i586.rpm 7f650e75b6bcbfee83f356e6a39f5d8b 2007.1/i586/libmagic1-static-devel-4.20-1.1mdv2007.1.i586.rpm d5556e8963b4f8e3750a8c2b4844f3cb 2007.1/i586/python-magic-4.20-1.1mdv2007.1.i586.rpm 4335066ac789ab04b344be24e80f26c7 2007.1/SRPMS/file-4.20-1.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 649ff715c11ed4de3233ac50f1cf0773 2007.1/x86_64/file-4.20-1.1mdv2007.1.x86_64.rpm a5c7e2604290b2523288614191ecb153 2007.1/x86_64/lib64magic1-4.20-1.1mdv2007.1.x86_64.rpm 239042ad851510f9e66e3c03067e3129 2007.1/x86_64/lib64magic1-devel-4.20-1.1mdv2007.1.x86_64.rpm a8597d9708ea995c85ae640b468ed43a 2007.1/x86_64/lib64magic1-static-devel-4.20-1.1mdv2007.1.x86_64.rpm f13b9cb6c65c4247a66a18b32f02a253 2007.1/x86_64/python-magic-4.20-1.1mdv2007.1.x86_64.rpm 4335066ac789ab04b344be24e80f26c7 2007.1/SRPMS/file-4.20-1.1mdv2007.1.src.rpm Corporate 3.0: 1df48d0c9911aa0bb1ffd7cd6541841a corporate/3.0/i586/file-4.07-3.2.C30mdk.i586.rpm a874520fc37514088e859482cecc1e74 corporate/3.0/i586/libmagic1-4.07-3.2.C30mdk.i586.rpm 45f463521c4a48a6fe5a94af29c0bf08 corporate/3.0/i586/libmagic1-devel-4.07-3.2.C30mdk.i586.rpm 8d2c8f7eafc9a606913c0d4ec5e4398c corporate/3.0/i586/libmagic1-static-devel-4.07-3.2.C30mdk.i586.rpm f3f6d9560bd1ef14795abec51391e776 corporate/3.0/SRPMS/file-4.07-3.2.C30mdk.src.rpm Corporate 3.0/X86_64: 554baaf5942ac5e533e72812394fc6ec corporate/3.0/x86_64/file-4.07-3.2.C30mdk.x86_64.rpm 5880184431f8918886543337a43f19d5 corporate/3.0/x86_64/lib64magic1-4.07-3.2.C30mdk.x86_64.rpm a1c8b2cd7a721e1429f3a4cd855b0235 corporate/3.0/x86_64/lib64magic1-devel-4.07-3.2.C30mdk.x86_64.rpm b56eba4a34a18ea5df00a1bfbd103b91 corporate/3.0/x86_64/lib64magic1-static-devel-4.07-3.2.C30mdk.x86_64.rpm f3f6d9560bd1ef14795abec51391e776 corporate/3.0/SRPMS/file-4.07-3.2.C30mdk.src.rpm Corporate 4.0: 0a2f24f69b886df7c5439dd4726bae7a corporate/4.0/i586/file-4.14-2.3.20060mlcs4.i586.rpm cf7484c68d78b2888290ed83ca69b2f7 corporate/4.0/i586/libmagic1-4.14-2.3.20060mlcs4.i586.rpm 4f71702b0528d8cb8f3a999043a37b60 corporate/4.0/i586/libmagic1-devel-4.14-2.3.20060mlcs4.i586.rpm 05d475851788a
