Re: Netgear FVG318 is vunerable to DOS attack
I experience the same issue when I ran the same test. Firmware version is v2.1.2-67N.
Re: Re: Netgear FVG318 is vunerable to DOS attack
Firmware 2.1.2-67 is also affected.
Fail2ban 0.8.9, Denial of Service (Apache rules only)
Version 0.8.9 (latest) of Fail2ban allows to perform remote denial of service for arbitrary chosen IP address. Address listed on Fail2ban's whitelist are not affected. The vulnerability exists in Apache rules and it is caused by improper validation of a log file by regular expression. Malicious user can easily inject his own data to analyzed logs and deceive monitoring engine. Affected files: /filter.d/apache-auth.conf /filter.d/apache-nohome.conf /filter.d/apache-noscript.conf /filter.d/apache-overflows.conf Time frames: 01.06.2013 - Cyril Jaquier (contact section) has been informed about the vulnerability (no response) 08.06.2013 - The vulnerability has been released to the public. More information, including proof of concept and patches is available here: https://vndh.net/note:fail2ban-089-denial-service signature.asc Description: Message signed with OpenPGP using GPGMail
Bluetooth Chat Connect v1.0 iOS - Multiple Vulnerabilities
Title: == Bluetooth Chat Connect v1.0 iOS - Multiple Vulnerabilities Date: = 2013-05-31 References: === http://www.vulnerability-lab.com/get_content.php?id=960 VL-ID: = 960 Common Vulnerability Scoring System: 3.9 Introduction: = Bluetooth application has small but pleasant features that promise to facilitate your life a little and add charm to it. Firstly, it allows user to turn on Bluetooth easily and quickly with just one tap without entering device settings. And that means that you can manage your Bluetooth distantly i.e. more conveniently and quickly. Secondly, the application allows managing your private on-line chat between two devices where you can chat with your talker freely and with no limits locating pretty far away from him/her. You don’t need to stop an interesting talk to your friend, business partner or beloved person during lectures, business meetings or at somebody’s presence. Bluetooth will let you have a talk quietly and without being noticed, to discuss what’s going on, to exchange your ideas and to send prompts and correct answers to each other. Bluetooth chat let you exchange quick messages with a friend of yours conveniently, amazingly and for free. Easy and compact interface allows you typing and sending your messages without any difficulties and connection problems. Bluetooth will make you and your talker feel private in everyone’s hearing allowing to talk to each other silently and without being noticed staying in a public place. Feel double happy – enjoy free and virtual talk and artfully turn on and off your Bluetooth for a pretty short period of time. (Copy of the Homepage: https://itunes.apple.com/app/bluetooth-chat/id608328404 ) Abstract: = The Vulnerability Laboratory Research Team discovered multiple vulnerabilities in the in the Bluetooth Connect Chat v1.0 iOS Application (Apple - iPad iPhone). Report-Timeline: 2013-05-31: Public Disclosure Status: Published Affected Products: == Apple AppStore Product: Bluetooth Chat Connect 1.0 Exploitation-Technique: === Remote Severity: = Medium Details: 1.1 A persistent input validation web vulnerability is detected in the in the Bluetooth Connect Chat v1.0 iOS Application (Apple - iPad iPhone). The vulnerability typus allows remote attackers to inject own malicious persistent (application-side) script codes to compromise the iOS application. The persistent input validation web vulnerability is located in the message board listing when processing to display manipulated messages. Attacker can inject own malicious script code to execute the context persistent from the message listing. To inject the code the remote attacker needs to bypass the basic validation of the client which is possible with a standard obfuscated char to char injection. Exploitation of the persistent web vulnerability requires low user interaction and a free but low privilege application user account. Successful exploitation of the persistent input validation web vulnerability results in persistent session hijacking, persistent web phishing, persistent external redirects or persistent module context manipulation. Vulnerable Module(s): [+] Message Board - Chat Vulnerable Parameter(s): [+] message (context) Affected Module(s): [+] Message Board Listing 1.2 A denial of service vulnerability is detected in the Bluetooth Connect Chat v1.0 iOS Application for Apples iPad iPhone. The vulnerability typus allows remote attackers to freeze, block or stable crash down the application or software. The remote DoS vulnerability is located in the chat name and chat message encoding when processing to load a message special crafted message. The remote attacker uses any random html or quote tag as chat name. After including the tag as name the attacker connects to an existing chatroom via bluetooth or w-lab. Now he writes the name (used to logon for chatting) as message. The result is a stable iOS app crash (shutdown) on both sides because of a collision in the message client when processing to load both strings with an unknown exception. Exploitation of the remote vulnerability requires no user interaction and a free but low privilege application user account. Successful exploitation of the remote denial of service bug results in stable application crash and unauthorized shutdowns. Vulnerable Module(s): [+] Message Board - Chat Vulnerable Module(s): [+] Chatname [+] Message Context Solution: = 1.1 The persistent issue can be addressed by a restriction to the chat-name input fields. Parse the chat name input fields itself and encode the chat
[SECURITY] [DSA 2703-1] subversion security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2703-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso June 09, 2013 http://www.debian.org/security/faq - - Package: subversion Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1968 CVE-2013-2112 Debian Bug : 711033 Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1968 Subversion repositories with the FSFS repository data store format can be corrupted by newline characters in filenames. A remote attacker with a malicious client could use this flaw to disrupt the service for other users using that repository. CVE-2013-2112 Subversion's svnserve server process may exit when an incoming TCP connection is closed early in the connection process. A remote attacker can cause svnserve to exit and thus deny service to users of the server. For the oldstable distribution (squeeze), these problems have been fixed in version 1.6.12dfsg-7. For the stable distribution (wheezy), these problems have been fixed in version 1.6.17dfsg-4+deb7u3. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your subversion packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJRtB5GAAoJEHidbwV/2GP+I8UP/RuShUL3wDaLm8YTM2JlKCHy iaed1q3/kecWdYDRVc3JI6tudURQFvn5lrPKC2G62YUTEiZ4DnkOn8T+697XSxwN 6Mwie3+awcuhgOp54JQk+J4GnvV8GCky1uHVLmkzRy8C9dYTxwy2vPp1xo6na9VC 939MLCfqdYte+CHiQBrsVcTVKu91vPfCGaHpAZNNkAUkXzBFD5J24CIafiLyxAwI TeIh+ZNS1mRb90TXc2hYrWj4UIWGEnsi6MHHHrbOWAaZhMdthHhu39kp92mbWzVS JRYlkW/HtmKzLm/raTmMSPoorSmG4k2t6ZrNLSS4wAHunaayMCMyrPS24BoT87lX b+Lbx0VDTqo8rrBUyyClJE6DnHBN+8g7rcn8R8Q20nLVuSbn1uUVmcECvio31vh2 jfm3ATxCDG0W25IjIOxMlfEuah9H5CEWyDi06TOlfEyWe+UCAzzwKQa+fXK1gtwK S7pv0PInYh0YCtkfByUAiyfwGAMTU28LoNXigpAKk+18bdbHGTGBnFPk1rhyJbku UCttBXs3Fg/b7wy2vgb7253X9opQ/tuz85m8CwzVscviBV7PDKPSXJ4FP9+Rba8m 0/0jYdNSEcRvOFPy++PnvNoNG8x9Phl3y9oajOJF1rujN3FdW9jsiGsnXMOQjFSB TKPLcvqvqnW71dcw/pP8 =Tnvw -END PGP SIGNATURE-
[SECURITY] [DSA 2704-1] mesa security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2704-1 secur...@debian.org http://www.debian.org/security/ Raphael Geissert June 09, 2013 http://www.debian.org/security/faq - - Package: mesa Vulnerability : out of bounds access Problem type : remote Debian-specific: no CVE ID : CVE-2013-1872 It was discovered that applications using the mesa library, a free implementation of the OpenGL API, may crash or execute arbitrary code due to an out of bounds memory access in the library. This vulnerability only affects systems with Intel chipsets. The oldstable distribution (squeeze) is not affected by this problem. For the stable distribution (wheezy), this problem has been fixed in version 8.0.5-4+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 8.0.5-7. We recommend that you upgrade your mesa packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlG0+TEACgkQYy49rUbZzlqRZACfQkGTJ24Ee4N5PH2hVzic0vRu tkYAnRS15FAeP44cbM4AVf0H19K0Rxhi =LqZn -END PGP SIGNATURE-
CVE-2013-3739 Local File Inclusion in Weathermap = 0.97C
= WEBERA ALERT ADVISORY 01 - Discovered by: Anthony Dubuissez - Severity: high - CVE Request - 03/06/2013 - CVE Assign - 03/06/2013 - CVE Number - CVE-2013-3739 - Vendor notification - 03/06/2013 - Vendor reply - No reply - Public disclosure - 10/06/2013 = I. VULNERABILITY - Local File Inclusion in Weathermap = 0.97C II. BACKGROUND - Network Weathermap is a network visualisation tool, to take data you already have and show you an overview of your network in map form. Support is built in for RRD, MRTG (RRD and old log-format), and tab-delimited text files. Other sources are via plugins or external scripts. III. DESCRIPTION - Network Weathermap 0.97C and lower versions contain a flaw that allows a local file inclusion attack. This flaw exists because the application does not properly sanitise the parameter mapname in the editor.php file. This allows an attacker to create a specially crafted URL to include any .config file on the web server, you can bypass the .config restriction filter with a php bug. the editor.php must be enabled to successfully exploit. IV. PROOF OF CONCEPT - LFI: http://vulnerablesite.com/editor.php?action=show_configmapname=../../../../../../../../../etc/apache2/apache2.conf V. BUSINESS IMPACT - LFI: With a php bug we can include any file that the webserver has right to read, including sensitive config files ( php file too, because it's not executed but read with fopen) . VI. SYSTEMS AFFECTED - Network Weathermap 0.97C and lower versions VII. SOLUTION - sanitize correctly the mapname parameter. TEMP SOLUTION : disable editor.php VIII. REFERENCES - http://www.webera.fr/advisory-01-network-weathermap-local-file-inclusion-exploit IX. CREDITS - the vulnerability has been discovered by Anthony Dubuissez (anthony (dot) dubuissez (at) webera (dot) fr). X. DISCLOSURE TIMELINE - June 01, 2013: Vulnerability acquired by Webera June 03, 2013: Sent to vendor. June 06, 2013: No reply of vendor, sent second email. June 10, 2013: No reply of vendor, Advisory published and sent to lists. XI. LEGAL NOTICES - The information contained within this advisory is supplied as-is with no warranties or guarantees of fitness of use or otherwise.Webera accepts no responsibility for any damage caused by the use or misuse of this information. XII. FOLLOW US - You can follow Webera, news and security advisories at: On twitter : @erathemass
[SECURITY] [DSA 2705-1] pymongo security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2705-1 secur...@debian.org http://www.debian.org/security/ Giuseppe Iuculano June 10, 2013 http://www.debian.org/security/faq - - Package: pymongo Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2013-2132 Debian Bug : 710597 Jibbers McGee discovered that pymongo, a high-performance schema-free document-oriented data store, is prone to a denial-of-service vulnerability. An attacker can remotely trigger a NULL pointer dereference causing MongoDB to crash. The oldstable distribution (squeeze), is not affected by this issue. For the stable distribution (wheezy), this problem has been fixed in version 2.2-4+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 2.5.2-1. For the unstable distribution (sid), this problem has been fixed in version 2.5.2-1. We recommend that you upgrade your pymongo packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlG2BsAACgkQNxpp46476aoAaQCgnl/X00m0CRsoeMxfmEgiCEk7 ZtAAn0efAfm8EzRV6foV4yMvilWeDGtK =hOgv -END PGP SIGNATURE-
[SECURITY] [DSA 2706-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2706-1 secur...@debian.org http://www.debian.org/security/ Giuseppe Iuculano June 10, 2013 http://www.debian.org/security/faq - - Package: chromium-browser Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-2855 CVE-2013-2856 CVE-2013-2857 CVE-2013-2858 CVE-2013-2859 CVE-2013-2860 CVE-2013-2861 CVE-2013-2862 CVE-2013-2863 CVE-2013-2865 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-2855 The Developer Tools API in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2013-2856 Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input. CVE-2013-2857 Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images. CVE-2013-2858 Use-after-free vulnerability in the HTML5 Audio implementation in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2013-2859 Chromium before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors. CVE-2013-2860 Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process. CVE-2013-2861 Use-after-free vulnerability in the SVG implementation in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2013-2862 Skia, as used in Chromium before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2013-2863 Chromium before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. CVE-2013-2865 Multiple unspecified vulnerabilities in Chromium before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. For the stable distribution (wheezy), these problems have been fixed in version 27.0.1453.110-1~deb7u1. For the testing distribution (jessie), these problems have been fixed in version 27.0.1453.110-1. For the unstable distribution (sid), these problems have been fixed in version 27.0.1453.110-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlG2EQUACgkQNxpp46476aoVswCfTT3tgaA0Wpkmb/8x+jvc43GK o3gAn3plraTpR6vKqtXrVTLN9m6irBL+ =PLYK -END PGP SIGNATURE-
CFP: IEEE SafeConfig: 6th Symposium on Security Analytics and Automation
CALL FOR PAPERS IEEE SafeConfig 2013 6th Symposium on Security Analytics and Automation (www.safeconfig.org) (collocated with IEEE Conference on Communications and Network Security) Washington, D.C., USA October 14, 2013 Sponsors: IEEE (COMSOC). Important Dates Abstract Registration Deadline: June 25 Manuscript Submission: July 1, 2013 Review Notification: August 7, 2013 Camera Ready: August 15, 2012 Conference Dates: October 14, 2012 The new sophisticated cyber security threats demand new security management approaches that offer a holistic security analytics based on the system data including configurations, logs and network traffic. Security analytics must be able to handle large volumes of data in order to model, integrate, analyze and respond to threats at real time. The system configuration/policy is a key component that determines the security and resiliency of networked information systems and services. However, a typical enterprise networked environment contains thousands of network and security devices and millions of inter-dependent configuration variables (e.g., rules) that orchestrate the end-to-end system behavior globally. As the current technology moves toward smart cyber infrastructure and open networking platforms (e.g. OpenFlow and virtual computing), the need for security analytics and automation significantly increases. The coupled integration of network sensor data and configuration in a unified framework will enable intelligent response, automated defense, and network resiliency/agility. This symposium offers a unique opportunity by bringing together researchers form academic, industry as well as government agencies to discuss these challenges, exchange experiences, and propose joint plans for promoting research and development in this area. SafeConfig Symposium is a one day program that will include invited talks, technical presentations of peer-reviewed papers, poster/demo sessions, and joint panels on research collaboration. SafeConfig Symposium solicits the submission of original unpublished ideas in 8-page long papers, 4-page sort papers, or 2-pages posters. Security analytics and automation for new emerging application domains such as clouds and data centers, cyber-physical systems software defined networking and Internet of things are of particular interest to SafeConfig community. Topics (but are not limited to) Science of Security Analytics and Automation: • Security metrics. • Abstract models and languages for configuration specification. • Formal semantics of security policies. • Model composition and integration. • Autonomic defense and configuration. • Integration of sensor information and policy configuration. • Theory of defense-of-depth. • Security games. • Attack prediction and attribution. Security Analytics Techniques: • Techniques: formal methods, statistical, interactive visualization, reasoning, etc. • Methodology: multi-level, multi-abstraction, hierarchical etc. • Analytics under uncertainty. • Security analytics using heterogeneous sensors. • Automated configuration verification. • Integrated network and host configuration. • Configuration testing, forensics, debugging and evaluation. • Analytics of attacks motive and attribution. • Tools and case studies. • Security analytics for wireless sensors and MANET. • Security policy management. • Accountability and provenance. • Attack forensics and automated incident analysis. Security Automation Techniques: • Automated security hardening and optimization • Security synthesis and planning. • Policy/Configuration refinement and enforcement. • Health-inspired security. • Risk-aware and context-aware security. • Cyber agility and moving target defense. • Security configuration economics. • Continuous monitoring. • Usability issues in security management. • Automated patch management. • Automated attack response and alarm management. Submission Guidelines EDAS Paper/Abstract submission link for SafeConfig 2013 can be found at www.safeconfig.org. Papers must present original work and must be written in English. We require that the authors use the IEEE format for papers, using one of the IEEE Proceeding Templates. We solicit two types of papers, regular papers and position papers. The length of the regular papers in the proceedings format should not exceed 8 US letter pages excluding well-marked appendices. Committee members are not required to read the appendices, so papers must be intelligible without them. Short papers and posters may not exceed 4, and 2 pages, respectively. Papers are to be submitted electronically as a single PDF file at www.edas.info. Authors of accepted papers must guarantee that their papers will be presented at the conference. TPC Co-Chairs James Joshi, University of Pittsburgh , USA Ehab Al-Shaer, UNC Charlotte, USA
[security bulletin] HPSBHF02885 rev.1 - HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO), Remote Unauthorized Access
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03787836 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03787836 Version: 1 HPSBHF02885 rev.1 - HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO), Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-06-11 Last Updated: 2013-06-11 Potential Security Impact: Remote unauthorized access Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO). The vulnerability could be remotely exploited resulting in unauthorized access. References: CVE-2013-2338 (SSRT101180) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Integrated Lights-Out 3 (iLO3) firmware versions prior to v1.57. HP Integrated Lights-Out 4 (iLO4) firmware versions prior to v1.22. BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2013-2338(AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following Firmware updates available to resolve the vulnerability. The latest firmware and installation instructions are available from the HP Business Support Center: http://www.hp.com/go/bizsupport HP Integrated Lights-Out 3 (iLO3) Online ROM Flash Component for Linux and Windows v1.57 or subsequent. HP Integrated Lights-Out 4 (iLO4) Online ROM Flash Component for Linux and Windows v1.22 or subsequent. HISTORY Version:1 (rev.1) - 11 June 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided as is without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlG3UqQACgkQ4B86/C0qfVlpyQCeIFpaCbfSwmC+0Kyes4mON3Kz Z1EAoOwT75zEgAjuQ8PSLVhmHnZgxHAi =RrMu -END PGP SIGNATURE-
t2'13: Call for Papers 2013 (Helsinki / Finland)
# t2'13 - Call For Papers # Helsinki, Finland October 24 - 25, 2013 We are pleased to announce the annual t2'13 infosec conference, which will take place in Helsinki, Finland, from October 24 to 25, 2013. We are looking for original, preferably technical presentations in the fields of information security. Presentations should last a minimum of 60 minutes and a maximum of two hours and be presented in English. Please note that presentations that focus on marketing or directly promoting a company's products will not be accepted. We will be accepting talk proposals until July 15, 2013. All submitted presentations will be reviewed by the t2 Advisory Board. As usual selected speakers will be reimbursed for travel and hotel costs. We also proud ourselves of taking good care of the speakers and there is always something going on during the evenings :) We suggest strongly that you submit earlier rather than later, since we will close the CFP early once we receive enough quality submissions to fill the slots. Please include the following with your submission (incomplete submissions won’t be accepted): 1. Contact information (email and cell phone) 2. Country and city of origin for your travel to the conference 3. Brief biography (including employer and/or affiliations) 4. Title of the presentation 5. Presentation abstract 6. Explanation why your submission is significant 7. If your presentation references a paper or piece of software that you have published, please provide us with either a copy of the said paper or software, or an URL where we can obtain it 8. List any other publications or conferences where this material has been or will be published/submitted Please send the above information to cfp-2013 (at) lists.t2.fi For more information: https://t2.fi Links to past schedules: https://t2.fi/schedules/ -- Tomi 'T' Tuominen | Founder @ t2 infosec conference | https://t2.fi signature.asc Description: OpenPGP digital signature
Re: WordPress 3.5.1, Denial of Service
On Fri, Jun 07, 2013 at 06:29:48PM +0200, Krzysztof Katowicz-Kowalewski wrote: Version 3.5.1 (latest) of popular blogging engine WordPress suffers from remote denial of service vulnerability. The bug exists in encryption module (class-phpass.php). The exploitation of this vulnerability is possible only when at least one post is protected by a password. Time frames: 31.05.2013 WordPress security team has been informed about the vulnerability (no response). 07.06.2013 The vulnerability has been released to the public. More information (including proof of concept): https://vndh.net/note:wordpress-351-denial-service A way out (before official WordPress update) to secure existing installations is to apply the following patch: --- wp-includes/class-phpass.php +++ wp-includes/class-phpass.php @@ -120,7 +120,7 @@ return $output; $count_log2 = strpos($this-itoa64, $setting[3]); - if ($count_log2 7 || $count_log2 30) + if ($count_log2 7 || $count_log2 13) return $output; $count = 1 $count_log2; Hi, This phpass.php isn't hand-rolled like you stated in your blog post; it's a copy of a public domain crypt()-workalike: http://www.openwall.com/phpass/ There are several other systems which implement their password hashing using this library. Having said that, being able to control the setting looks like a mistake on the part of Wordpress, so I'm not sure the bug is in phpass, strictly speaking. However, have you considered contacting upstream (Solar Designer/OpenWall) about this? Cheers, Peter -- http://www.more-magic.net