[SECURITY] [DSA 1527-1] New debian-goodies packages fix privilege escalation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1527-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst March 24, 2008http://www.debian.org/security/faq - Package: debian-goodies Vulnerability : insufficient input sanitising Problem type : local Debian-specific: yes CVE Id(s) : CVE-2007-3912 Debian Bug : 440411 Thomas de Grenier de Latour discovered that the checkrestart tool in the debian-goodies suite of utilities, allowed local users to gain privileges via shell metacharacters in the name of the executable file for a running process. For the stable distribution (etch), this problem has been fixed in version 0.27+etch1. For the old stable distribution (sarge), this problem has been fixed in version 0.23+sarge1. For the unstable distribution (sid), this problem has been fixed in version 0.34. We recommend that you upgrade your debian-goodies package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/d/debian-goodies/debian-goodies_0.23+sarge1.tar.gz Size/MD5 checksum:11779 e0834e7e962fabc65362a60c73362585 http://security.debian.org/pool/updates/main/d/debian-goodies/debian-goodies_0.23+sarge1.dsc Size/MD5 checksum: 819 37eb124fef7c9897ea41ec861ec740ff Architecture independent packages: http://security.debian.org/pool/updates/main/d/debian-goodies/debian-goodies_0.23+sarge1_all.deb Size/MD5 checksum:22488 c8bc8eab12c7e3f29e53f4172ee837a4 Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/d/debian-goodies/debian-goodies_0.27+etch1.dsc Size/MD5 checksum: 836 8653d033f9e6b9f0949fab2cc1813970 http://security.debian.org/pool/updates/main/d/debian-goodies/debian-goodies_0.27+etch1.tar.gz Size/MD5 checksum:28708 089ff8f154eb3fe4bc47dd85f1581a65 Architecture independent packages: http://security.debian.org/pool/updates/main/d/debian-goodies/debian-goodies_0.27+etch1_all.deb Size/MD5 checksum:36868 2739973911e8b0d9ec12559507f6a708 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR+e+pmz0hbPcukPfAQKaXQgAp/pr+VzHt3ffa8JXbydWVn4uBGsXs/Xe eEJHc9amXTpDXvV6M3MOspbmX7bNXLCVpAx3TEudeJN+NqPodygIlZbh1sNoGE+y uXR7bhCK4lHobQPEhCINEaIeP3sIQSpPGIafXFQccSgIxFcu3tJZMXbFNDJ5dfVp YFgR7fCuIf0OAMEEyLR/RaUTuuU4MO7be31JNxBhqsqm0fxm7Rhz9MXyslt5WXYp H25noMcJa1sgVw9pworhXvSXq0GXAe7Z5Q9l50udN42/BrWXs7ud/BpWPVzrLRUZ tMrADJFfxK6fnyj+Gacyf1N3k6Ph6TspJ5TuJGFrH8EJKDhhR7s66g== =xQXP -END PGP SIGNATURE-
[DSECRG-08-019] LFI in PowerBook 1.21
Hello, bugtraq. [DSECRG-08-031] Digital Security Research Group [DSecRG] Advisory Application:PowerBook Versions Affected: 1.21 Vendor URL: http://www.powerscripts.org/ Bug:Local File Include Exploits: YES Reported: 01.02.2008 Vendor Response:none Solution: none Date of Public Advisory:..2008 Author: Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru) Description *** Local File Include vulnerability found in script pb_inc/admincenter/index.php Non-authentication user can directly access to this script. To exploit this vulnerability REGISTER_GLOBALS option must be ON in php config file. Code # if (!$page) { $page = home; } $page .= .inc.php; if(file_exists($page) == false) { echo div align=\center\Sorry, the page b$page/b does not exist!/div ; } else { include($page); } # Example: http://[server]/[installdir]/pb_inc/admincenter/index.php?page=../../../../../../../../../../../../../etc/passwd%00 About * Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website. Contact:research [at] dsec [dot] ru http://www.dsec.ru (in Russian) -- Alexandr Polyakov DIGITAL SECURITY RESEARCH GROUP mailto:[EMAIL PROTECTED]
Re: Linksys phone adapter denial of service
There's a difference between being able to get onto a network (via wifi maybe?) and getting physical access to a device. [EMAIL PROTECTED] wrote: Linksys phone adapter denial of service Product Information Product Name: SPA-2102Serial Number: FM500G582390 Software Version: 3.3.6 Hardware Version: 1.2.5(a) Another device hit with the PoD! ping -l 65500 192.168.0.1 Only seems to work on the internal network. discovered by sipher http://core.ifconfig.se/~core/ This is just as bad as the pull the plug out of the device since you're local attack. Is Linksys going to provide an epoxy fix for the plug?
Re: Linksys phone adapter denial of service
orsino wrote: There's a difference between being able to get onto a network (via wifi maybe?) and getting physical access to a device. For starters this is a VoIP device (Product Name: SPA-2102), but even if it weren't it makes no difference to me and in the security realm it shouldn't make a difference to anyone else either. 1) I don't have an open network and if you do and are on this list its either going to be a honeypot or for theft of information (bad guys roam this list too) 2) Think about how insanely stupid it would be to go on a live network then ping a VoIP device offline. What does this accomplish other then pure stupidity. 3) Where is the vendor contact information. Was this meant to be posted to Bugtrag or Fool Disclosure? -- J. Oquendo SGFA #579 (FW+VPN v4.1) SGFE #574 (FW+VPN v4.1) wget -qO - www.infiltrated.net/sig|perl http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x3AC173DB smime.p7s Description: S/MIME Cryptographic Signature
HIS-webshop is vulnerable against Directory-Traversal (www.shoppark.de)
HIS-Webshop is a shopping-system written in Perl by www.shoppark.de The script doesn´t check the t-parameter. Example: http://server.com/cgi-bin/his-webshop.pl?t=../../../../../../../../etc/passwd%00 Greetz Zero X
[SECURITY] [DSA 1528-1] New serendipity packages fix cross site scripting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1528-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst March 24, 2008http://www.debian.org/security/faq - Package: serendipity Vulnerability : insufficient input sanitising Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-6205 CVE-2008-0124 BugTraq ID : 28298 Debian Bug : 469667 Peter Hüwe and Hanno Böck discovered that Serendipity, a weblog manager, did not properly sanitise input to several scripts which allowed for cross site scripting. For the stable distribution (etch), this problem has been fixed in version 1.0.4-1+etch1. The old stable distribution (sarge) does not contain a serendipity package. For the unstable distribution (sid), this problem has been fixed in version 1.3-1. We recommend that you upgrade your serendipity package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/s/serendipity/serendipity_1.0.4.orig.tar.gz Size/MD5 checksum: 3058582 eaf26277af3d864fc3d6bbc6c42a00b7 http://security.debian.org/pool/updates/main/s/serendipity/serendipity_1.0.4-1+etch1.diff.gz Size/MD5 checksum:21652 3de75c5011be95ffea76afe72ac2b598 http://security.debian.org/pool/updates/main/s/serendipity/serendipity_1.0.4-1+etch1.dsc Size/MD5 checksum: 888 2f8a7d7009104ed9c7ca804c7b6a2b15 Architecture independent packages: http://security.debian.org/pool/updates/main/s/serendipity/serendipity_1.0.4-1+etch1_all.deb Size/MD5 checksum: 2756036 4b2b44137ed11caacba846c0761204f6 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR+fYn2z0hbPcukPfAQKg0wf/czuQH07svGh4MbuvWf+WWO5EuxiKKAdV 5W+YGT+7UmxIjQjZMIK68hpwtEuR0Ndem1p2fcGqoqozCd0mfuAhQ9UTua1xJr6L kK97d8haU5c1NgdMw30ENNqOHLMzYkgsndkG2yzlnueXcI/YyIJVonyiNCoqO5WK zsTMYiVaDzvGI4fsBvval1jqjXyWGXU/1ECvCzBBI+jioBbL09lFDLQE0Jn1RbDW yqAZ2dIIeTf3wWYTM+uXu2lXi8ViRaFyYEGUfkUQ7T8k0B3csHIJ3BW/0MlhgERy XhHWeMRl6VAgqmlLlnfCUuRFW2AFtCyBm1s7wN+44px9OCUoWXEI0Q== =8CmS -END PGP SIGNATURE-
[USN-590-1] bzip2 vulnerability
=== Ubuntu Security Notice USN-590-1 March 24, 2008 bzip2 vulnerability CVE-2008-1372 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libbz2-1.0 1.0.3-0ubuntu2.1 Ubuntu 6.10: libbz2-1.0 1.0.3-3ubuntu0.1 Ubuntu 7.04: libbz2-1.0 1.0.3-6ubuntu0.1 Ubuntu 7.10: libbz2-1.0 1.0.4-0ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that bzip2 did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted bzip2 archive, applications linked against libbz2 could be made to crash, possibly leading to a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-0ubuntu2.1.diff.gz Size/MD5:72067 9b73f1a1cbea8f8e7dfba9b0cd358bf3 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-0ubuntu2.1.dsc Size/MD5: 833 180fa43bfd8645b2a0c353b8927961c4 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3.orig.tar.gz Size/MD5: 669075 8a716bebecb6e647d2e8a29ea5d8447f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-0ubuntu2.1_amd64.deb Size/MD5: 268000 b9532e26529bda8991e97cd819544aba http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib32bz2-1.0_1.0.3-0ubuntu2.1_amd64.deb Size/MD5:38388 baf7e58f129b30288d0cf1f76df39255 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib32bz2-dev_1.0.3-0ubuntu2.1_amd64.deb Size/MD5:30688 1c98274562642c9a3dee9bb91c070b5a http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-0ubuntu2.1_amd64.deb Size/MD5:40978 b904382cd76c9ffcd0dc92a5c3219a1a http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-0ubuntu2.1_amd64.deb Size/MD5:32500 f6bf61f94fc0b4351fd79532df9025b1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-0ubuntu2.1_i386.deb Size/MD5: 265034 71b410100340e0df581c1dd8b5dfe316 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-0ubuntu2.1_i386.deb Size/MD5:35690 ad14744ff24eb1decb20995a7a9bbeb1 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-0ubuntu2.1_i386.deb Size/MD5:29518 a835eb9af19b2c045393c8c4c483f51c http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-0ubuntu2.1_i386.deb Size/MD5:43012 4407f311343b9ca791aabf98bfdcd751 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-0ubuntu2.1_i386.deb Size/MD5:32564 1b4dbd9a480cf4515cd7a7b64e1c215b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-0ubuntu2.1_powerpc.deb Size/MD5: 268616 c397d3782a2b937a84f05d39bbe0666d http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-0ubuntu2.1_powerpc.deb Size/MD5:39518 5dc92398adb2a55977e4aa395062deac http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-0ubuntu2.1_powerpc.deb Size/MD5:33064 d8d02ff467de3cb1aa966d01d55bff63 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-0ubuntu2.1_powerpc.deb Size/MD5:43586 2c0696f8499181a13ca2c4a019972b9f http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-0ubuntu2.1_powerpc.deb Size/MD5:33864 60dde6ba6b87d7bb261e04dfe1a89560 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.3-0ubuntu2.1_sparc.deb Size/MD5: 266558 69f664880f5c2d982a7906c21d01b60d http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-1.0_1.0.3-0ubuntu2.1_sparc.deb Size/MD5:37524 1cc8f48aa7130c5d6523aa9be202b1d5 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/lib64bz2-dev_1.0.3-0ubuntu2.1_sparc.deb Size/MD5:31480 9a826b5230f20fe079150562ab96d427 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-1.0_1.0.3-0ubuntu2.1_sparc.deb Size/MD5:40510 3a5787038eb631638918245f0ecb0460 http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/libbz2-dev_1.0.3-0ubuntu2.1_sparc.deb Size/MD5:32010 7a05d5fe1e1b4a90dfef111e01e6c661 Updated packages for Ubuntu 6.10: Source archives:
[ GLSA 200803-31 ] MIT Kerberos 5: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: MIT Kerberos 5: Multiple vulnerabilities Date: March 24, 2008 Bugs: #199205, #212363 ID: 200803-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilites have been found in MIT Kerberos 5, which could allow a remote unauthenticated user to execute arbitrary code with root privileges. Background == MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. kadmind is the MIT Kerberos 5 administration daemon, KDC is the Key Distribution Center. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-crypt/mit-krb5 1.6.3-r1 = 1.6.3-r1 Description === * Two vulnerabilities were found in the Kerberos 4 support in KDC: A global variable is not set for some incoming message types, leading to a NULL pointer dereference or a double free() (CVE-2008-0062) and unused portions of a buffer are not properly cleared when generating an error message, which results in stack content being contained in a reply (CVE-2008-0063). * Jeff Altman (Secure Endpoints) discovered a buffer overflow in the RPC library server code, used in the kadmin server, caused when too many file descriptors are opened (CVE-2008-0947). * Venustech AD-LAB discovered multiple vulnerabilities in the GSSAPI library: usage of a freed variable in the gss_indicate_mechs() function (CVE-2007-5901) and a double free() vulnerability in the gss_krb5int_make_seal_token_v3() function (CVE-2007-5971). Impact == The first two vulnerabilities can be exploited by a remote unauthenticated attacker to execute arbitrary code on the host running krb5kdc, compromise the Kerberos key database or cause a Denial of Service. These bugs can only be triggered when Kerberos 4 support is enabled. The RPC related vulnerability can be exploited by a remote unauthenticated attacker to crash kadmind, and theoretically execute arbitrary code with root privileges or cause database corruption. This bug can only be triggered in configurations that allow large numbers of open file descriptors in a process. The GSSAPI vulnerabilities could be exploited by a remote attacker to cause Denial of Service conditions or possibly execute arbitrary code. Workaround == Kerberos 4 support can be disabled via disabling the krb4 USE flag and recompiling the ebuild, or setting v4_mode=none in the [kdcdefaults] section of /etc/krb5/kdc.conf. This will only work around the KDC related vulnerabilities. Resolution == All MIT Kerberos 5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-crypt/mit-krb5-1.6.3-r1 References == [ 1 ] CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894 [ 2 ] CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 [ 3 ] CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 [ 4 ] CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 [ 5 ] CVE-2008-0947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-31.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200803-32 ] Wireshark: Denial of Service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Wireshark: Denial of Service Date: March 24, 2008 Bugs: #212149 ID: 200803-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple Denial of Service vulnerabilities have been discovered in Wireshark. Background == Wireshark is a network protocol analyzer with a graphical front-end. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-analyzer/wireshark 0.99.8= 0.99.8 Description === Multiple unspecified errors exist in the SCTP, SNMP, and TFTP dissectors. Impact == A remote attacker could cause a Denial of Service by sending a malformed packet. Workaround == Disable the SCTP, SNMP, and TFTP dissectors. Resolution == All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-analyzer/wireshark-0.99.8 References == [ 1 ] CVE-2008-1070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1070 [ 2 ] CVE-2008-1071 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1071 [ 3 ] CVE-2008-1072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1072 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-32.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH6BUquhJ+ozIKI5gRApGzAJ4lfbH9WHNkx9aN7wQJy7BTPwV73gCfSoY+ lAHeENYUVycUipIjSerYOhw= =Hh+U -END PGP SIGNATURE-