SAPGui BI wadmxhtml.dll Tags Property Heap Corruption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Who - SAP http://www.sap.com What - SAPGui BI component File: %PROGRAMFILES%\sap\business explorer\bi\wadmxhtml.dll Version: 7100.1.400.8 ClassID: 30DD068D-5AD9-434C-AAAC-46ABE37194EB RegKey Safe for Script: False RegKey Safe for Init: False Implements IObjectSafety: True IDisp Safe: Safe for untrusted: caller,data IPersist Safe: Safe for untrusted: caller,data KillBitSet: False How - Vulnerable Property: Tags The Tags property can be manipulated to trigger heap corruption resulting in the execution of arbitrary code. Fix - SAP set the kill-bit for this control with Patch 17 for SAPGui. Alternatively, you can set the kill-bit manually, please see http://support.microsoft.com/kb/240797. Credit - Elazar Broad -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQECAAYFAkw/NAsACgkQi04xwClgpZiFhQP/RfjeHhaBzFZDcwpvkq8eAsE1QclV 8pqzmhDv5xXh8s+hbKYyLqLq8St/3z6reBKoHP0//BVbOSE/1CTRCyiJuKjV0SLP3qdb vkCzrtg5eoGCKUvEWoqjE6NNysmV/P0j88T/NRBv3jkznINWAl6mf+n/JwKC4KC57wKQ 9n3IjvY= =yNee -END PGP SIGNATURE-
Re: Five days left to find the oldest data loss incident
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Do cipher disks count? Though not mechanical, I guess you could say that they compute in a way similar to manual calculators i.e. the abacus. On Mon, 11 May 2009 12:39:47 -0400 Dragos Ruiu wrote: >On 11-May-09, at 7:29 AM, Juha-Matti Laurio wrote: > >> The oldest documented vulnerability in computer security world >is >> password file disclosure vulnerability from 1965, found by Mr. >Ryan >> Russell. >> >> Open Security Foundation launched a competition in April to find >the >> oldest documented data loss incident. >> >> They have announced that the last day to make a submission is >next >> Friday - 15th May. >> >> The contest page is located at >> http://datalossdb.org/oldest_incidents_contest >> >> Juha-Matti > > >Mechanical computers are computers. The loss and the algorithmic >crack >of the Enigma machine circa 1939 should count - the story and >break >of the more difficult 4 rotor Naval Machine at Bletchley park >recovered from the U-boat and cracked in 1941 is the most famous. > >http://users.telenet.be/d.rijmenants/en/enigmauboats.htm > >But I would nominate the break of the 3 Rotor Enigma circa 1939, >by >the Polish, as the first documented computer security >vulnerability. > >http://www.avoca.ndirect.co.uk/enigma/index.html > >cheers, >--dr > >-- >World Security Pros. Cutting Edge Training, Tools, and Techniques >London, U.K. May 27/28 2009 http://eusecwest.com >Tokyo, Japan November 4/5 2009 http://pacsec.jp >Vancouver, Canada March 22-26 http://cansecwest.com >pgpkey http://dragos.com/ kyxpgp -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQECAAYFAkoI/Z8ACgkQi04xwClgpZg6HAP8DdoRINn/iXZH2NOhm/iyhbNME9Ez xU1Mggp2NXfkPd3ZoPoBy8rDo55XsvYNZkFsv1INHLfcsHVoPyK5XFRkGelJSSeIkMw4 pLtFkPW5dPE2rcRixvpdGKPWUsNRRV+n8kvhtNGpPO83vJIycZGADuWItboICeit3qyc OoS+YX8= =afdk -END PGP SIGNATURE- -- Become a Top Chef! http://tagline.hushmail.com/fc/BLSrjkqeZGC1iU8UNYnXYs2wzVbwlJNjPEysbtG8p61keg2RW7WhQGpdXuY/
Autodesk IDrop ActiveX Control Heap Corruption Vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Who:
Autodesk
http://www.autodesk.com
What:
Autodesk IDrop ActiveX Control
http://usa.autodesk.com/adsk/servlet/index?siteID=123112&id=2753219&;
linkID=9240618
IDrop.ocx
version 17.1.51.160
{21E0CB95-1198-4945-A3D2-4BF804295F78}
How:
The Src, Background, PackageXml properties can be manipulated to
trigger a heap use after free condition resulting in arbitrary
remote code execution. Other properties may be vulnerable as well.
Fix:
Remove or set the killbit for the affected control, see
http://support.microsoft.com/kb/240797.
Currently, there will be NO official patch for this issue.
Autodesk's statement is as follows:
"Thank you for taking the time and effort to identify a potential
issue with our technology. We do take each and every customer or
developer issue seriously and have spent time in reviewing your
analysis of our i-drop technology. At this time, we have ceased
investment in i-drop technology. It was released over five years
ago as a means for developers to leverage their content delivery;
we’ve made no new investment in this tool and have no current plans
to update it in the near future. We’ve recorded your issue in our
tracking database and will determine its priority if/when we
determine new investment is required for this technology.
Thank You – Autodesk"
Timeline:
06/17/2008 - Vendor notified
03/31/2009 - Vendor final response
04/02/2009 - this advisory
Credit:
Elazar Broad
-BEGIN PGP SIGNATURE-
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify
wpwEAQECAAYFAknVCzkACgkQi04xwClgpZjlOAP/XPrEIbz0bxFCYPQRo+NoK+3DlfIP
/PmdSufN+ySHp1XrFmYwRbYaer09DHMqzos39h5g824qOiWAlSLWsWa8CXGz0MMoDnnl
f0mly7WKylghfbu7OeK2/K3FI867671NvVWtDVaGOWlGQtZyfbC93FH5lA8CxztHcTBW
9YlNtYQ=
=ocum
-END PGP SIGNATURE-
--
Top brands, low prices. Find the right air conditioner for you. Click Now!
http://tagline.hushmail.com/fc/BLSrjkqbxEyvLt703epmRxAxFQPfXpFNLe6mM84JyH6LVRuZguTES9k38fm/
Belkin BullDog Plus UPS-Service Buffer Overflow Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Who: Belkin International, Inc. http://www.belkin.com What: Belkin BullDog Plus UPS Management Software v4.0.2 Build 1219 UPS-Service.exe v1.0.0.1 dated 12/19/2006 How: The UPS management software contains a built-in web server which allows for remote management of the UPS. The management interface is protected by a username and password. Authentication is performed via Basic authentication. There is a small stack-based overflow in the base64 decoding routine which handled the Basic authentication data. Caveats: The web server is not enabled by default. Exploit: The size of the buffer is too small for shellcode, however, this can be stored in the GET request, which sits at esp+0x58. Fix: I was unable to locate any security contact information for this vendor, so I attempted to contact their support department, which turned out to be waste of time. Workaround: As previously stated, the web server is not enabled by default. If you do need to use it, use a firewall or OS port filtering capabilities to restrict access. Elazar -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQECAAYFAkmzNkYACgkQi04xwClgpZiDbAP/TY+XD+L+LOXZ7XbFf5QL+t0UILhh 1dMv3Q565keOjTXbREbaS602KjZk5D1t2chPxvDCecjgCu5oghrTkmzYcG1cS+o8H9HP CHw58Ckl0u8qwFX04knxD721YQGihoASrKIVQXPexV9xwW1LAfn/6qW3r8dKTopayjL3 039YSEM= =BoqQ -END PGP SIGNATURE- -- Free information - Learn about Hardwood Floors. Click now! http://tagline.hushmail.com/fc/BLSrjkqfXT1M3QReMMSa5Cm5PutBynYJHMxNZHYSJcrlcpIUIlqZaYxtQha/
