DC4420 - 2013 CFP
hey! i know it's a bit late, but Happy New Year! i've posted the dates for 2013 meetings on dc4420.org but you'll notice there is very little else! that's because we still need talks! for those that are yet to join us for our monthly gathering, the format is we meet in a private room in a pub, we have a 1 hour talk and a 20 minute talk on *any subject*, but hopefully something that is interesting to the 'hacker' community in the past we've had everything from reverse engineering Windows DEP to building your own Thermic Lance, so when I say any subject, i really do mean any subject that is either interesting or amusing or preferably both... you will be speaking to a small crowd (normally between 60 and 100), so if you want to practice a talk that you're thinking of submitting to a 'real' conference, or you've already given it somewhere that a small section of London is unlikely to have attended, or you have an idea that you can cover in just 20 minutes and never really though of turning it into a talk, or you've never done any public speaking before then this is the place... you will be most welcome and someone may even buy you a nice warm beer! we have the one-hour slot filled for January, but all others are currently open so don't be shy - send your submission to ta...@dc4420.org... all other details are here: http://dc4420.org i hope to see you there! cheers, MM -- "In DEFCON, we have no names..." errr... well, we do... but silly ones...
Cisco Security Advisory: Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability Advisory ID: cisco-sa-20130116-asa1000v Revision 1.0 For Public Release 2013 January 16 16:00 UTC (GMT) + Summary === A vulnerability in Cisco Adaptive Security Appliance (ASA) Software for the Cisco ASA 1000V Cloud Firewall may cause the Cisco ASA 1000V to reload after processing a malformed H.323 message. Cisco ASA 1000V Cloud Firewall is affected when H.323 inspection is enabled. Cisco has released free software updates that address this vulnerability. This advisory is posted at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130116-asa1000v Note: Only Cisco ASA Software for the Cisco ASA 1000V Cloud Firewall is affected by the vulnerability described in this advisory. Cisco ASA 5500 Series Adaptive Security Appliances, Cisco Catalyst 6500 Series ASA Services Module or Cisco Catalyst 6500 Series Firewall Services Module (FWSM) are not affected by this vulnerability. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAlD2zq8ACgkQUddfH3/BbTrc+QD9EA2SnUVPkVGB1+My7ht3NaAB /uDfg0ucWklkxx8IVwwA/jivGTajOF33PJ3IlcUPgb/2PMjwROqzxAoV5DNdUZn/ =Tn8w -END PGP SIGNATURE-
Re: [CVE-ID REQUEST] vBulletin - Multiple Open Redirects
Assigned CVE-2011-5251
Re: [CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities
Assigned CVE-2012-6342.
Re: Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability
Beni, looking at the source code, filename_1 is referenced only in gllr_plugin_install and its value is hardcoded and not taken from the request. Are you sure it's filename_1 the parameter affected? Paolo On 11 January 2013 10:06, Henri Salo wrote: > On Thu, Jan 10, 2013 at 01:01:18PM +, beni_va...@yahoo.com wrote: >> a bug in Wordpress gallery-3.8.3 plugin that allows to us to occur a >> Arbitrary File Read on a Local machin >> >> >> >> ## >> # >> # Exploit Title : Wordpress gallery-3.8.3 plugin Arbitrary File Read >> Vulnerability >> # >> # Author: IrIsT.Ir >> # >> # Discovered By : Beni_Vanda >> # >> # Home : http://IrIsT.Ir/forum/ >> # >> # Software Link : http://wordpress.org/extend/plugins/gallery-plugin/ >> # >> # Security Risk : High >> # >> # Version : All Version >> # >> # Tested on : GNU/Linux Ubuntu - Windows Server - win7 >> # >> # Dork : inurl:plugins/nextgen-gallery >> # >> ## >> # >> # Expl0iTs : >> # >> # >> [Target]/wp-content/plugins/gallery-plugin/gallery-plugin.php?filename_1=[AFR] >> # >> # >> ## >> # >> # Greats : Amir - B3HZ4D - C0dex - TaK.FaNaR - Dead.Zone - nimaarek - m3hdi >> - F@rid - dr.tofan >> # >> # and All Members In Www.IrIsT.Ir/forum >> # >> ## > > Seems to be false positive. At least I can't make that PoC URL work. This > goes to Apache's error.log after trying to reproduce with the newest version > of this plugin: > > mod_fcgid: stderr: PHP Fatal error: Call to undefined function > register_activation_hook() in > /wp-content/plugins/gallery-plugin/gallery-plugin.php on line 1334 > > Does the plugin need some kind of configuration before this vulnerability > "activates"? Does "arbitrary file read vulnerability" mean it is not the same > as remote file inclusion? > > - Henri Salo -- $ cd /pub $ more beer The blog that fills the gap between appsec and developers: http://armoredcode.com
[slackware-security] freetype (SSA:2013-015-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] freetype (SSA:2013-015-01) New freetype packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--+ patches/packages/freetype-2.4.11-i486-1_slack14.0.txz: Upgraded. This release fixes several security bugs that could cause freetype to crash or run programs upon opening a specially crafted file. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5668 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5669 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5670 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/freetype-2.4.11-i486-1_slack12.1.tgz Updated package for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/freetype-2.4.11-i486-1_slack12.2.tgz Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/freetype-2.4.11-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/freetype-2.4.11-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/freetype-2.4.11-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/freetype-2.4.11-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/freetype-2.4.11-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/freetype-2.4.11-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/freetype-2.4.11-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/freetype-2.4.11-x86_64-1_slack14.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/freetype-2.4.11-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/freetype-2.4.11-x86_64-1.txz MD5 signatures: +-+ Slackware 12.1 package: 4d5295c13a8a4499d0adf3999b3de868 freetype-2.4.11-i486-1_slack12.1.tgz Slackware 12.2 package: fd6d0cb912feb28ca1e4ef5afaf4e374 freetype-2.4.11-i486-1_slack12.2.tgz Slackware 13.0 package: 2d36e3d0feabecf05377265bba7fb212 freetype-2.4.11-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 396fbce466003efe9943b727c3fc8781 freetype-2.4.11-x86_64-1_slack13.0.txz Slackware 13.1 package: 9e3a839ad4e10824f5e3c4d4ab929787 freetype-2.4.11-i486-1_slack13.1.txz Slackware x86_64 13.1 package: e4f445a443e2c35349f2862c69ac094e freetype-2.4.11-x86_64-1_slack13.1.txz Slackware 13.37 package: 9eae4d85099556bd0cf83b2421e751cd freetype-2.4.11-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 0480a082207c0cd323c3937ac36e043a freetype-2.4.11-x86_64-1_slack13.37.txz Slackware 14.0 package: 5a105c177d2efc56ad13cac3a4e8da10 freetype-2.4.11-i486-1_slack14.0.txz Slackware x86_64 14.0 package: e07e161d4b9018cc8b8d5cbb98c8b2c5 freetype-2.4.11-x86_64-1_slack14.0.txz Slackware -current package: 10fa0b771447a25afe289f0e5f4785f6 l/freetype-2.4.11-i486-1.txz Slackware x86_64 -current package: d560da3a4928881d89d19ccdafd94e25 l/freetype-2.4.11-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg freetype-2.4.11-i486-1_slack14.0.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | comp