[Full-disclosure] Preliminary CFP:The 2nd International Conference on Availability, Reliability and Security (ARES 07), Vienna, Austria, April 10-13, 2007

[Manh Tho]

Apologies for multiple copies due to cross postings. Please send to
interested colleagues and students.

 Preliminary Call for Papers
-
The Second International Conference on Availability, Reliability
and Security (AReS)
ARES 2007 - "The International Security and Dependability
Conference"
-
April 10th – April 13th, 2007
Vienna University of Technology, Austria
http://www.ares-conf.org
http://www.ares-conference.eu

Conference
---
The 1st International Conference on Availability, Reliability and
Security conference (ARES 2006) has been succesfully organized in
Vienna, AUSTRIA from April 20 to April 22, 2006 by the Technical
University of Vienna in cooperation with the European Network and
Security Agency (ENISA). We have attracted 250 participants for this
conference with its 3 keynotes speakers and its 9 workshops held
in conjunction with.

In continuation of the successful 1st ARES conference, The Second
International Conference on Availability, Reliability and Security
("ARES 2007 – The International Security and Dependability
Conference") will bring together researchers and practitioners in the
area of IT-Security and Dependability.

ARES 2007 will highlight the various aspects of security – with
special focus on secure internet solutions, trusted computing, digital
forensics, privacy and organizational security issues.

ARES 2007 aims at a full and detailed discussion of the research
issues of security as an integrative concept that covers amongst
others availability, safety, confidentiality, integrity,
maintainability and security in the different fields of applications.

Important Dates

*  Workshop Proposal: September, 10th 2006
*  Submission Deadline: November, 19th 2006
*  Author Notification: January, 7th 2007
*  Author Registration: January, 21st 2007
*  Proceedings Version: January, 21st 2007

Workshop Proposal
-
In conjunction with the AReS2007 conference, a number of workshops
will be organised. Workshop proposals which should include the call
for papers, the number of papers to be accepted, the contact person,
etc. are to be sent to the Workshop Organizing Committee
([EMAIL PROTECTED]), by September 10th 2006. Proceedings of the
ARES 2007 workshops will be published by IEEE Computer Society Press.

Topics of interest include, but are not limited to:

* Process based Security Models and Methods
* Authorization and Authentication
* Availability and Reliability
* Common Criteria Protocol
* Cost/Benefit Analysis
* Cryptographic protocols
* Dependability Aspects for Special Applications (e.g. ERP-Systems, Logistics)
* Dependability Aspects of  Electronic Government (e-Government)
* Dependability administration
* Dependability in Open Source Software
* Designing Business Models with security requirements
* Digital Forensics
* E-Commerce Dependability
* Failure Prevention
* IPR of Security Technology
* Incident Response and Prevention
* Information Flow Control
* Internet Dependability
* Interoperability aspects
* Intrusion Detection and Fraud Detection
* Legal issues
* Mobile Security
* Network Security
* Privacy-enhancing technologies
* RFID Security and Privacy
* Risk planning, analysis & awareness
* Safety Critical Systems
* Secure Enterprise Architectures
* Security Issues for Ubiquitous Systems
* Security and Privacy in E-Health
* Security and Trust Management in P2P and Grid applications
* Security and privacy issues for sensor networks, wireless/mobile
devices and applications
* Security as Quality of Service
* Security in Distributed Systems / Distributed Databases
* Security in Electronic Payments
* Security in Electronic Voting
* Software Engineering of Dependable Systems
* Software Security
* Standards, Guidelines and Certification
* Survivability of Computing Systems
* Temporal Aspects of Dependability
* Trusted Computing
* Tools for Dependable System Design and Evaluation
* Trust Models and Trust Management
* VOIP/Wireless Security

Submission Guidelines
--
Authors are invited to submit research and application papers
following the IEEE Computer Society Proceedings
Manuscripts style: two columns, single-spaced, including figures and
references, using 10 fonts, and number
each page. You can confirm the IEEE Computer Society Proceedings
Author Guidelines at the following web page:
URL: http://computer.org/cspress/instruct.htm

The Web site for paper registration and electronic submission will be
accessible from the first week of October 2006. Please refer to ARES
website (http://www.ares-conf.org or http://www.ares-conference.eu)
for update information.

Honorary Co-Chairs
---
Norman Revell, Middlesex University, United Kingdom
Roland Wagner, University of Linz, Austria

General Co-Chairs
-

[Full-disclosure] Contact @ Analex

[Josh L. Perrymon]

Anyone worked with management at Analex and have contact infomation?

JP

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Linux 2.6.x sys_prctl hotfix

[Abhisek Datta]

Hello,

Attached is a LKM based hotfix for sys_prctl vulnerability documented in:
http://rhn.redhat.com/errata/RHSA-2006-0574.html

and fixed in:
http://www.kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.6%2Fincr%2Fpatch-2.6.17.3-4.bz2;z=2

-abhisek


linux_prctl_lkm.tar.gz
Description: GNU Zip compressed data
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [OT] "Shellcoder's Handbook", 2nd edition?

[Aaron Gray]




No, not yet in UK anyway. Amazon are taking 
advanced orders.
 
Amazon says there are 620 pages in first edition, 
is this so or not ?
 
- Original Message - 

  From: 
  Peter Dawson 
  
  To: full-disclosure@lists.grok.org.uk 
  
  Sent: Thursday, July 13, 2006 12:00 
  AM
  Subject: Re: [Full-disclosure] [OT] 
  "Shellcoder's Handbook", 2nd edition?
  
  Is this available  order ??  I am only seeing the 1st edition 
  in the stores - paperback 648pp  
  On 7/12/06, Aaron 
  Gray <[EMAIL PROTECTED]> 
  wrote: 
  2nd 
edition is 800 pages compared to the 620 pages of the first 
edition.Aaron- Original Message - From: "Byron 
Sonne" <[EMAIL PROTECTED]>To: Sent: 
Wednesday, July 12, 2006 7:11 PM Subject: [Full-disclosure] [OT] 
"Shellcoder's Handbook", 2nd edition?> Fantastic book - great 
stuff and an excellent read. Does anyone know if a> 2nd edition is 
planned to correct the errors in the book and/or fine tune > the 
examples? Didn't find anything on the wiley.com.>> Cheers,> 
B>> ___> 
Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html> 
Hosted and sponsored by Secunia - http://secunia.com/ >>> 
--> No virus found in this incoming message.> Checked by AVG 
Free Edition.> Version: 7.1.394 / Virus Database: 268.9.10/386 - 
Release Date: 
12/07/2006>___ 
Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted 
and sponsored by Secunia - http://secunia.com/-- http://peterdawson.typepad.comPeterDawson 
  Home of ThoughtFlickr's "This message is printed on Recycled Electrons." 
  
  

  ___Full-Disclosure - We 
  believe in it.Charter: 
  http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored 
  by Secunia - http://secunia.com/
  
  

  No virus found in this incoming message.Checked by AVG Free 
  Edition.Version: 7.1.394 / Virus Database: 268.9.10/386 - Release Date: 
  12/07/2006
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Re: Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 )

[Jon Hart]

On Thu, Jul 13, 2006 at 01:23:10AM +0300, Ariel Biener wrote:
> On Wednesday 12 July 2006 03:15, Roman Medina-Heigl Hernandez wrote:
> 
> Ignore my previous post, it does create a setuid bash version in /tmp/sh, the 
> reason it doesn't work is due to SELinux contexts.

This is an important note, IMO.   While the original advisory states
that only kernels >= 2.6.13 and <= 2.6.17.4 are vulnerable, it looks
like, somehow, the same vulnerable code is present in patched Redhat
kernels.  The previous poster had a 2.6.9 version, and I've just
verified that 2.6.9-11.ELsmp (provided with RH EL 4 update 1) is also
vulnerable.

If this is the case of backporting, this should come as no surprise.  If
it is not a backport issue, what vulnerability is being exploited on
these supposedly older kernels?

-jon

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Re: Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 )

[advisory]

it would help if the exploit bothered to invoke bash (/bin/sh on almost all 
linux distros)
with -p so that it didnt drop euid root. There are alot of reasons why this 
shouldnt
work on selinux, using a strict policy, other than (file?) contexts.

"\n* * * * * root /bin/sh /tmp/commands_to_run_as_root.sh;exit;\n" might work 
better as
a payload.

<3
advisory.

On Thu, 13 Jul 2006 01:23:10 +0300
Ariel Biener <[EMAIL PROTECTED]> wrote:

> On Wednesday 12 July 2006 03:15, Roman Medina-Heigl Hernandez wrote:
> 
> Ignore my previous post, it does create a setuid bash version in /tmp/sh, the 
> reason it doesn't work is due to SELinux contexts.
> 
> --Ariel
> > Maybe this is obvious for Paul Starzetz (as well as many other people) but
> > full-disclosure is not really "full" without exploit code.
> >
> > Working exploit attached. You can also download it from:
> > http://www.rs-labs.com/exploitsntools/rs_prctl_kernel.c
> >
> > Greetz to !dSR ppl :-)
> 
> -- 
>  --
>  Ariel Biener
>  e-mail: [EMAIL PROTECTED]
>  PGP: http://www.tau.ac.il/~ariel/pgp.html
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 


-- 
Jack
- [EMAIL PROTECTED]

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Spam Filtering is Active

[Technical Support]

Dear Human,

This email is to inform you that spam filtering has been activated on this 
account and provide you with some basic instructions to assist in filtering 
spam from your email. The filtering software we are using is called DSPAM and 
is capable of dynamically learning your specific email behavior. We have 
started you off with a blank spam dictionary which will not help filter spam. 
As you continue to receive email, your specific email patterns will be learned 
by the spam software, which will result in increasing accuracy in catching 
spam. For this reason, it is important that you forward any spam you receive 
for this email account into the filtering software. By forwarding your spam, 
the software is capable of learning from its mistakes and will improve itself 
to do better next time.

To forward a spam into the system, please use the 'Forward' (as attachment) 
button in whatever email client you are using and send the spam to [EMAIL 
PROTECTED]  It is not necessary to provide an explanation of the message, as it 
will not be opened by a human, but processed by the software.  

The software also quarantines all messages that it believes are spam.  From 
time to time, you should check this quarantine to insure that it has not caught 
any legitimate email.  This too plays a significant role in the learning 
process.  To check your quarantine, use a web browser and go to the following 
URL:

https://webmail.rapturesecurity.org/dspamcc/index.php

You will be prompted for your username and password.  Use the same login and 
password you use to check your email.  From here, you can peruse your 
quarantine box.  If any legitimate messages have been caught, click on the 
message and then click 'THIS IS NOT SPAM!'.  The message will then be delivered 
and the software will re-learn so as not to make the same mistake next time.  
Once you have marked any legitimate messages, you may delete the messages in 
your quarantine by clicking the 'DELETE ALL' button at the bottom of the page.

Thank you, and please feel free to contact us if you have any questions.

Also please note the following urls:

Web Email:
https://webmail.rapturesecurity.org/www-mail/

Account Management:
https://webmail.rapturesecurity.org/madmin/

Thanks,
[EMAIL PROTECTED]

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Re: Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 )

[Ariel Biener]

On Wednesday 12 July 2006 03:15, Roman Medina-Heigl Hernandez wrote:

Ignore my previous post, it does create a setuid bash version in /tmp/sh, the 
reason it doesn't work is due to SELinux contexts.

--Ariel
> Maybe this is obvious for Paul Starzetz (as well as many other people) but
> full-disclosure is not really "full" without exploit code.
>
> Working exploit attached. You can also download it from:
> http://www.rs-labs.com/exploitsntools/rs_prctl_kernel.c
>
> Greetz to !dSR ppl :-)

-- 
 --
 Ariel Biener
 e-mail: [EMAIL PROTECTED]
 PGP: http://www.tau.ac.il/~ariel/pgp.html

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Re: Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 )

[Ariel Biener]

On Wednesday 12 July 2006 03:15, Roman Medina-Heigl Hernandez wrote:

On what kernels or Linux flavours is the below code supposed to work ?

RHEL 4WS (Nahant update 3), running 2.6.9-34.0.1.ELsmp doesn't yield
to this.

--Ariel
> Maybe this is obvious for Paul Starzetz (as well as many other people) but
> full-disclosure is not really "full" without exploit code.
>
> Working exploit attached. You can also download it from:
> http://www.rs-labs.com/exploitsntools/rs_prctl_kernel.c
>
> Greetz to !dSR ppl :-)

-- 
 --
 Ariel Biener
 e-mail: [EMAIL PROTECTED]
 PGP: http://www.tau.ac.il/~ariel/pgp.html

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [OT] "Shellcoder's Handbook", 2nd edition?

[Dave Aitel]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Aaron Gray wrote:
> 2nd edition is 800 pages compared to the 620 pages of the first
> edition.
>
> Aaron
It is? That's awesome. I wasn't told there was a second edition. I
wonder if I'm getting my one cent a book royalties on that. :>

It'd be interesting to go through the book and comment on what's aged
well and what hasn't.  One of the weaker aspects of the book is the
heap overflow stuff - watching a decent heap overflow person do their
thing is completely different from how I did it when we were writing
the book.

- -dave
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFEtVupB8JNm+PA+iURAnvPAJ4ht/WO2ZUhZhUKk5WtkcmAe4QZxgCeKZFa
rcVybrUSUAy1lmW2mYTfl9s=
=vRr7
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] CISCO Pix VPN Group Enumeration

[Zed Qyves]

Andreas,

although I think it is specific to VPN concentrators, this is what I
think you are refering to:

http://www.nta-monitor.com/posts/2005/06/cisco-concentrator-groupname-enumeration-vulnerability.html

and

http://www.nta-monitor.com/posts/2005/01/VPN-Flaws-Whitepaper.pdf

you need ike-scan, available from the aforementioned website as well

ZQ

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Debian Development Machine "Gluck" Hacked

[Morning Wood]

Debian Development Machine Hacked
http://lists.debian.org/debian-devel-announce/2006/07/msg3.html
or
http://www.zone-h.org/content/view/13853/31/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] 70 million computers are using Windows 98rightnow

[Dude VanWinkle]

On 7/12/06, Flavio Visentin <[EMAIL PROTECTED]> wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Castigliola, Angelo wrote:
> There are no known remote exploits for the
> Windows 98 operating system.

This doesn't mean that W98 is secure. On Secunia's site the latest
(corrected) vulnerability is dated 20060613, less than 1 month ago, and
tomorrow someone could find a new one that won't be corrected.

> I Could not tell you how many exploits are
> out there for Internet Explorer or Outlook\Express that will allow
> someone to compromise Windows 98 but I guess very few.

You don't need 2000 vulnerability. It's enough only one exploit to
create a 70 millions PC zombi net.



OK enough is enough

70 million is a made up number, lets stop using it.

and for the record, win9x doesnt have the option for security. no
ACL's, file system doesnt support them, doesnt that make the idea of
securing it moot?

-JP

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [OT] "Shellcoder's Handbook", 2nd edition?

[Peter Dawson]

Is this available  order ??  I am only seeing the 1st edition in the stores - paperback 648pp  
On 7/12/06, Aaron Gray <[EMAIL PROTECTED]> wrote:
2nd edition is 800 pages compared to the 620 pages of the first edition.Aaron- Original Message -
From: "Byron Sonne" <[EMAIL PROTECTED]>To: Sent: Wednesday, July 12, 2006 7:11 PM
Subject: [Full-disclosure] [OT] "Shellcoder's Handbook", 2nd edition?> Fantastic book - great stuff and an excellent read. Does anyone know if a> 2nd edition is planned to correct the errors in the book and/or fine tune
> the examples? Didn't find anything on the wiley.com.>> Cheers,> B>> ___> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and sponsored by Secunia - http://secunia.com/
>>> --> No virus found in this incoming message.> Checked by AVG Free Edition.> Version: 7.1.394 / Virus Database: 268.9.10/386 - Release Date: 12/07/2006>___
Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - 
http://secunia.com/-- http://peterdawson.typepad.comPeterDawson Home of ThoughtFlickr's "This message is printed on Recycled Electrons." 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] 70 million computers are using Windows 98rightnow

[Flavio Visentin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Castigliola, Angelo wrote:
> There are no known remote exploits for the
> Windows 98 operating system.

This doesn't mean that W98 is secure. On Secunia's site the latest
(corrected) vulnerability is dated 20060613, less than 1 month ago, and
tomorrow someone could find a new one that won't be corrected.

> I Could not tell you how many exploits are
> out there for Internet Explorer or Outlook\Express that will allow
> someone to compromise Windows 98 but I guess very few.

You don't need 2000 vulnerability. It's enough only one exploit to
create a 70 millions PC zombi net.

> is a better solution then the open source
> solutions that are notorious for features not working with Microsoft
> rich websites (if the website\application loads at all).

Maybe you are just getting confused. One thing is security and another
one are the "features". From a *security* point of view, OSS solutions
like FF or TB, can be more secure than the counterparts IE and OE.

However, AFAIR, browser's *features* are not the main topic of this
mailing list

> Seems like the
> major computer nerds always recommend firefox for windows however if you
> use a lot of .NET web applications then firefox is a very poor solution.

Seems MS partners are recommending using IE, but if you use a lot of XUL
applications IE is really the worst solution.

But I think this is OT, here, don't you agree?

- --
Flavio Visentin
GPG Key: http://www.zipman.it/gpgkey.asc

There are only 10 types of people in this world:
those who understand binary, and those who don't.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEtW/9usUmHkh1cnoRAo3UAJ9qOSp1a9LLUI51pHCqjVUigm8LTwCfXcl9
dbphXjK5pTzE/dWftOkVFyY=
=LmIq
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDKSA-2006:121 ] - Updated xine-lib packages fix buffer overflow vulnerability

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___
 
 Mandriva Linux Security Advisory MDKSA-2006:121
 http://www.mandriva.com/security/
 ___
 
 Package : xine-lib
 Date: July 12, 2006
 Affected: 2006.0, Corporate 3.0
 ___
 
 Problem Description:
 
 Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to cause 
 a denial of service (application crash) and possibly execute arbitrary code 
 via the (1) send_command, (2) string_utf16, (3) get_data, and (4) 
 get_media_packet functions, and possibly other functions. Xine-lib contains
 an embedded copy of the same vulnerable code. 
 
 The updated packages have been patched to correct this issue.
 ___

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200
 ___
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 34c23d8a858d2a2687297e25618c7b04  
2006.0/RPMS/libxine1-1.1.0-9.6.20060mdk.i586.rpm
 57f9a069b8fc968a12ce24605390c1f1  
2006.0/RPMS/libxine1-devel-1.1.0-9.6.20060mdk.i586.rpm
 7c2652ce586d087793536649d7da6966  
2006.0/RPMS/xine-aa-1.1.0-9.6.20060mdk.i586.rpm
 37eff9bda8595acfbaf80e0998db1c9e  
2006.0/RPMS/xine-arts-1.1.0-9.6.20060mdk.i586.rpm
 e5672e6558978051f6878dea6ba961b5  
2006.0/RPMS/xine-dxr3-1.1.0-9.6.20060mdk.i586.rpm
 6527706516fb99a53f82d2c8c4b2e5f8  
2006.0/RPMS/xine-esd-1.1.0-9.6.20060mdk.i586.rpm
 10d172825fdd5dd2dd92dfafd5d60e23  
2006.0/RPMS/xine-flac-1.1.0-9.6.20060mdk.i586.rpm
 87b9a38b877b67f0ac0ee4f58ed50983  
2006.0/RPMS/xine-gnomevfs-1.1.0-9.6.20060mdk.i586.rpm
 8656ea92b3fca51e2fad861ea963b14d  
2006.0/RPMS/xine-image-1.1.0-9.6.20060mdk.i586.rpm
 6a538ee35d785dfc7ea64a03c20060da  
2006.0/RPMS/xine-plugins-1.1.0-9.6.20060mdk.i586.rpm
 9defa64950f2feebab9dda16d35523cb  
2006.0/RPMS/xine-polyp-1.1.0-9.6.20060mdk.i586.rpm
 d207307cb338b46edd703797b693ea24  
2006.0/RPMS/xine-smb-1.1.0-9.6.20060mdk.i586.rpm
 4dc1623162c6092eb10c755ed2c5366a  
2006.0/SRPMS/xine-lib-1.1.0-9.6.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 8798915891b79ac134565f8ede0653b1  
x86_64/2006.0/RPMS/lib64xine1-1.1.0-9.6.20060mdk.x86_64.rpm
 dcd2eb828f921b04206124835eeada8e  
x86_64/2006.0/RPMS/lib64xine1-devel-1.1.0-9.6.20060mdk.x86_64.rpm
 a933644c1c56d642a5d576cb217d0356  
x86_64/2006.0/RPMS/xine-aa-1.1.0-9.6.20060mdk.x86_64.rpm
 238d8526e618dff3aa31e223c14ce432  
x86_64/2006.0/RPMS/xine-arts-1.1.0-9.6.20060mdk.x86_64.rpm
 d9f0269ae701936ce27b6515e5c73ac1  
x86_64/2006.0/RPMS/xine-dxr3-1.1.0-9.6.20060mdk.x86_64.rpm
 4683507048ec6535c2c5f63997ec719d  
x86_64/2006.0/RPMS/xine-esd-1.1.0-9.6.20060mdk.x86_64.rpm
 bc649ad82f11c8422f1e9fb711dd4803  
x86_64/2006.0/RPMS/xine-flac-1.1.0-9.6.20060mdk.x86_64.rpm
 52fe1d4ddeeea6ec91a776ccacf5df19  
x86_64/2006.0/RPMS/xine-gnomevfs-1.1.0-9.6.20060mdk.x86_64.rpm
 348cc9ecf59e378b3d1c6aa12a35f9b9  
x86_64/2006.0/RPMS/xine-image-1.1.0-9.6.20060mdk.x86_64.rpm
 d2f2300e0bd4e4e210bbfae485c07624  
x86_64/2006.0/RPMS/xine-plugins-1.1.0-9.6.20060mdk.x86_64.rpm
 afca19bc708fc5964c19fff3a2d16286  
x86_64/2006.0/RPMS/xine-polyp-1.1.0-9.6.20060mdk.x86_64.rpm
 ba7c60488a4459066ba4ed08046ce48c  
x86_64/2006.0/RPMS/xine-smb-1.1.0-9.6.20060mdk.x86_64.rpm
 4dc1623162c6092eb10c755ed2c5366a  
x86_64/2006.0/SRPMS/xine-lib-1.1.0-9.6.20060mdk.src.rpm

 Corporate 3.0:
 1390c15ca893041af1076e6a02d14f47  
corporate/3.0/RPMS/libxine1-1-0.rc3.6.12.C30mdk.i586.rpm
 ecc53b859629edd48ef27b477332889e  
corporate/3.0/RPMS/libxine1-devel-1-0.rc3.6.12.C30mdk.i586.rpm
 a4d85795d05266793fa61ba6bc986aa6  
corporate/3.0/RPMS/xine-aa-1-0.rc3.6.12.C30mdk.i586.rpm
 4dd4249d6b1911501ddcfa1ef36470af  
corporate/3.0/RPMS/xine-arts-1-0.rc3.6.12.C30mdk.i586.rpm
 c9a3f82dad17f32a6ab6c0b1926c52c1  
corporate/3.0/RPMS/xine-dxr3-1-0.rc3.6.12.C30mdk.i586.rpm
 c40b65dd7cde826b8bfa5fb5720d15ed  
corporate/3.0/RPMS/xine-esd-1-0.rc3.6.12.C30mdk.i586.rpm
 2a257f092fe4b304be7e358230aa0361  
corporate/3.0/RPMS/xine-flac-1-0.rc3.6.12.C30mdk.i586.rpm
 b04b482c8693272f7ead71ac3ce91e7f  
corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.12.C30mdk.i586.rpm
 ae63549d198004056aacacee5b2ccbef  
corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.12.C30mdk.i586.rpm
 d8fe8f9dff1190413e81e82e67762462  
corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.12.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 aad2ac9345e05d900910b8beade5ff21  
x86_64/corporate/3.0/RPMS/lib64xine1-1-0.rc3.6.12.C30mdk.x86_64.rpm
 b9540819f0250a2924297ce0388f6202  
x86_64/corporate/3.0/RPMS/lib64xine1-devel-1-0.rc3.6.12.C30mdk.x86_64.rpm
 53cc9dc911be64bf8764d76262df4a44  
x86_64/corporate/3.0/RPMS/xine-aa-1-0.rc3.6.12.C30mdk.x86_64.rpm
 280b7a7ceb168225d30eb97e95f45fb6  
x86_64/corporate/3.0/RPMS/xine-arts-1-0.rc3.6.12.C30mdk.x86_64.rpm
 4e3811096df50e37e6b10f

Re: [Full-disclosure] [OT] "Shellcoder's Handbook", 2nd edition?

[Aaron Gray]

2nd edition is 800 pages compared to the 620 pages of the first edition.

Aaron

- Original Message - 
From: "Byron Sonne" <[EMAIL PROTECTED]>

To: 
Sent: Wednesday, July 12, 2006 7:11 PM
Subject: [Full-disclosure] [OT] "Shellcoder's Handbook", 2nd edition?


Fantastic book - great stuff and an excellent read. Does anyone know if a 
2nd edition is planned to correct the errors in the book and/or fine tune 
the examples? Didn't find anything on the wiley.com.


Cheers,
B

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.10/386 - Release Date: 12/07/2006



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDKSA-2006:117-1 ] - Updated libmms packages fix buffer overflow vulnerability

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___
 
 Mandriva Linux Security Advisory   MDKSA-2006:117-1
 http://www.mandriva.com/security/
 ___
 
 Package : libmms
 Date: July 12, 2006
 Affected: 2006.0
 ___
 
 Problem Description:
 
 Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to cause 
 a denial of service (application crash) and possibly execute arbitrary code 
 via the (1) send_command, (2) string_utf16, (3) get_data, and (4) 
 get_media_packet functions, and possibly other functions. Libmms uses the
 same vulnerable code.

 Update:

 The previous update for libmms had an incorrect/incomplete patch. This
 update includes a more complete fix for the issue.
 ___

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200
 ___
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 e9fd0a2b5764917cfaf2e9bf45af2e5d  2006.0/RPMS/libmms0-0.1-1.2.20060mdk.i586.rpm
 b556179bdc4842b0cc923346494dadce  
2006.0/RPMS/libmms0-devel-0.1-1.2.20060mdk.i586.rpm
 a539ad416a9f9b1252fa12e5b2c29b60  2006.0/SRPMS/libmms-0.1-1.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 2a16fb87e7c00d2246f5f0716d6451eb  
x86_64/2006.0/RPMS/lib64mms0-0.1-1.2.20060mdk.x86_64.rpm
 b2775f1f51106cfdb390627a455c3c28  
x86_64/2006.0/RPMS/lib64mms0-devel-0.1-1.2.20060mdk.x86_64.rpm
 a539ad416a9f9b1252fa12e5b2c29b60  
x86_64/2006.0/SRPMS/libmms-0.1-1.2.20060mdk.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEtTOwmqjQ0CJFipgRAuL5AJ9bqGCwiEw5NRx9UIlaOQozMi8AZACdG3V/
3fsWvnOjupNxWCtteJZZEb0=
=lbPH
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [OT] "Shellcoder's Handbook", 2nd edition?

[Byron Sonne]

Fantastic book - great stuff and an excellent read. Does anyone know if 
a 2nd edition is planned to correct the errors in the book and/or fine 
tune the examples? Didn't find anything on the wiley.com.


Cheers,
B

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Cisco Security Advisory: Cisco Intrusion Prevention System Malformed Packet Denial of Service

[Cisco Systems Product Security Incident Response Team]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Cisco Security Advisory: Cisco Intrusion Prevention System Malformed
Packet Denial of Service

Advisory ID: cisco-sa-20060712-ips

http://www.cisco.com/warp/public/707/cisco-sa-20060712-ips.shtml

Revision 1.0

For Public Release 2006 July 12 1600 UTC (GMT)

- -

Contents


Summary
Affected Products
Details
Impact
Software Version and Fixes
Workarounds
Obtaining Fixed Software
Exploitation and Public Announcements
Status of this Notice: FINAL
Distribution
Revision History
Cisco Security Procedures

- -

Summary
===

Cisco Intrusion Prevention System (IPS) software version 5.1 is
vulnerable to a denial of service condition caused by a malformed
packet, which may result in an IPS device becoming inaccessible
remotely or via the console and fail to process packets. A power
reset is required to recover the IPS device. There are no workarounds
for this vulnerability.

Cisco has made free software available to address this vulnerability
for affected customers.

This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20060712-ips.shtml

Affected Products
=

Vulnerable Products
+--

Cisco Intrusion Prevention System 42xx appliances running IPS
software versions 5.1(1), 5.1(1a), 5.1(1b), 5.1(1c), 5.1(1d), 5.1(1e)
or 5.1(p1).

IPS software versions 5.1(1a), 5.1(1b), 5.1(1c), 5.1(1d) and 5.1(1e)
are repackaged versions of 5.1(1) created to fix various installation
problems. All 5.1(1) patch versions report 5.1(1) as the installed
version.

Note: Some IDS/IPS appliances shipped before IPS software version 5.0
was available and have model numbers starting with IDS, not IPS.

The following 42xx appliances are potentially affected.

  * IDS-4235
  * IPS-4240
  * IDS-4250-SX
  * IDS-4250-TX
  * IDS-4250-XL (4250 with XL accelerator card)
  * IPS-4255

Products Confirmed Not Vulnerable
+

All devices running Cisco Intrusion Detection Systems (IDS) software
versions 4.x or IPS versions 5.0(x).

Additionally, the following devices are not vulnerable even if
running IPS software versions 5.1(1), 5.1(1a), 5.1(1b), 5.1(1c), 5.1
(1d), 5.1(1e) or 5.1(1p1).

  * NM-CIDS
  * IDSM-2
  * ASA-SSM-AIP-10
  * ASA-SSM-AIP-20
  * IDS-4210
  * IDS-4215

The following devices do not support IPS software version 5.1 and are
not vulnerable.

  * IDS-4220
  * IDS-4230

To determine the version of software running an IPS device, log into
the IPS device using an SSH client and issue the command show version.

sensor#show version 
Application Partition: Cisco Intrusion
Prevention System, Version 5.1(1p1)S215.0


Details
===

Cisco Intrusion Prevention Systems (IPS) are a family of network
security devices that provide network based threat prevention
services. A vulnerability exists in the custom device driver for
Intel-based gigabit network adapters used to process packets received
by the sensing interfaces of certain IPS devices. A malformed IP
packet received on an Intel-based gigabit network adapter configured
for use as a sensing interface may result in the IPS device
experiencing a kernel panic. Affected IPS devices will cease
processing packets, producing alerts, performing automated actions
such as logging, and become inaccessible remotely or via the console.

If deployed as an inline device, the IPS will also stop forwarding
packets between interfaces and may cause a network outage. IPS
devices configured to use the auto-bypass feature will also fail to
forward packets. Attackers may use this vulnerability to disable an
IPS device to hide malicious activity. This vulnerability only
affects certain IPS devices configured to use Intel-based gigabit
network adapters as sensing interfaces. IPS devices configured to use
an Intel-based gigabit network adapter as a management interface are
not affected by this vulnerability. A power reset is required to
recover the IPS device.

This vulnerability is documented in Cisco bug ID CSCsd36590 ( 
registered customers only) .

Impact
==

Successful exploitation of the vulnerability may result in the
failure of an IPS device to operate as expected. Affected devices
will become inaccessible remotely or via the console and stop
processing packets. If deployed as an inline device, an IPS device
will stop forwarding packets, including devices configured to use the
auto-bypass feature. This may result in a network outage. A power
reset is required to recover the IPS device.

Software Version and Fixes
==

When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.

In all cases, customers should exercise caution to be certain the
devices to

[Full-disclosure] Cisco Security Advisory: Multiple Cisco Unified CallManager Vulnerabilities

[Cisco Systems Product Security Incident Response Team]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Cisco Security Advisory: Multiple Cisco Unified CallManager
Vulnerabilities

Advisory ID: cisco-sa-20060712-cucm

http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml

Revision 1.0

For Public Release 2006 July 12 1600 UTC (GMT)

- -

Contents


Summary
Affected Products
Details
Impact
Software Version and Fixes
Workarounds
Obtaining Fixed Software
Exploitation and Public Announcements
Status of this Notice: FINAL
Distribution
Revision History
Cisco Security Procedures

- -

Summary
===

Cisco Unified CallManager (CUCM) 5.0 has Command Line Interface (CLI)
and Session Initiation Protocol (SIP) related vulnerabilities. There
are potential privilege escalation vulnerabilities in the CLI which
may allow an authenticated administrator to access the base operating
system with root privileges. There is also a buffer overflow
vulnerability in the processing of hostnames contained in a SIP
request which may result in arbitrary code execution or cause a
denial of service. These vulnerabilities only affect Cisco Unified
CallManager 5.0.

Cisco has made free software available to address these
vulnerabilities for affected customers. There are no workarounds
available to mitigate the effects of these vulnerabilities.

This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml

Affected Products
=

Vulnerable Products
+--

Only Cisco Unified CallManager versions 5.0(1), 5.0(2), 5.0(3) and
5.0(3a) are affected.

The version of CallManager software running can be determined
navigating to Show > Software in the CUCM IPT Platform administration
interface or by running the command show version active in the CLI.

Products Confirmed Not Vulnerable
+

No other Cisco products are currently known to be affected by these
vulnerabilities, including all previous versions of Cisco Unified
CallManager.

Details
===

Cisco Unified CallManager is the software-based call-processing
component of the Cisco IP telephony solution which extends enterprise
telephony features and functions to packet telephony network devices
such as IP phones, media processing devices, voice-over-IP (VoIP)
gateways, and multimedia applications.

The CallManager CLI provides a backup management interface to the
system in order to diagnose and troubleshoot the primary HTTPS-based
management interfaces. The CLI, which runs as the root user, contains
two vulnerabilities in the parsing of commands. The first
vulnerability may allow an authenticated CUCM administrator to
execute arbitrary operating system programs as the root user. The
second vulnerability may allow output redirection of a command to a
file or a folder specified on the command line.

Cisco Unified CallManager supports the coexistence of both SCCP and
SIP phones, allowing for migration to SIP while protecting
investments in existing devices. CUCM contains a buffer overflow
vulnerability in the processing of excessively long hostnames which
may be included in a SIP request.

These issues are documented by the following Cisco bug IDs:

  * CSCse11005 ( registered customers only) Certain CLI commands
allow execution of arbitrary Linux commands
  * CSCse31704 ( registered customers only) User able to redirect
command output to a file folder
  * CSCsd96542 ( registered customers only) SD-GA: CCM cores when SIP
request line host name has ASCII overflow

Impact
==

Successful exploitation of the CLI vulnerability documented in Cisco
bug ID CSCse11005 may allow authenticated CLI users to execute
arbitrary operating system commands with root privileges.
Exploitation of the CLI vulnerability documented in Cisco bug ID
CSCse31704 may allow an authenticated CLI user to modify or overwrite
any file on the filesystem as the root user.

Exploitation of the SIP vulnerability documented in Cisco bug ID
CSCsd96542 may result in arbitrary code execution or a denial of
service.

Software Version and Fixes
==

When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.

In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center ("TAC") or your contracted
maintenance provider for assistance.

Workarounds
===

There are no workarounds for these vulnerabilities.

Obtaining Fixed Software


Cisco will make free software available to

[Full-disclosure] Cisco Security Advisory: Cisco Router Web Setup Ships with Insecure Default IOS Configuration

[Cisco Systems Product Security Incident Response Team]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Cisco Security Advisory: 
Cisco Router Web Setup Ships with Insecure Default IOS Configuration

Document ID: 70650

Advisory ID: cisco-sa-20060712-crws

http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml

Revision 1.0

For Public Release 2006 July 12 1600 UTC (GMT)

- ---

Contents


Summary
Affected Products
Details
Impact
Software Version and Fixes
Workarounds
Obtaining Fixed Software
Exploitation and Public Announcements
Status of this Notice: FINAL
Distribution
Revision History
Cisco Security Procedures

- ---

Summary
===

The default Cisco IOS configuration shipped with the Cisco Router Web
Setup (CRWS) application allows the execution of commands at privilege
level 15 through the Cisco IOS HTTP (Hypertext Transfer Protocol)
server web interface without requiring authentication credentials.
Privilege level 15 is the highest privilege level on Cisco IOS?
devices.

Fixed versions of the CRWS application have been modified by Cisco to
provide a more secure default IOS configuration and additional
functionality with regards to the Cisco IOS HTTP server web interface.

This issue does not require a Cisco IOS software upgrade or a CRWS
software upgrade. Customers who decide to upgrade to a fixed version of
CRWS and deploy the new default IOS configuration will not need to
deploy the suggested workarounds. Customers who elect NOT to upgrade to
a fixed CRWS version, or customers upgrading to a fixed CRWS version
who keep their existing configuration should implement the workarounds
identified in this advisory.

Additional information on the new default IOS configuration shipped
with the CRWS application is available in the Details section of this
advisory.

This advisory is posted at 
http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml.

Affected Products
=

Vulnerable Products
+--

The following Cisco routers whose configurations have been based on the
default IOS configuration shipped with any version of CRWS prior to
version 3.3.0 build 31 may be affected by this vulnerability:

  * Cisco 806
  * Cisco 826
  * Cisco 827
  * Cisco 827H
  * Cisco 827-4v
  * Cisco 828
  * Cisco 831
  * Cisco 836
  * Cisco 837
  * Cisco SOHO 71
  * Cisco SOHO 76
  * Cisco SOHO 77
  * Cisco SOHO 77H
  * Cisco SOHO 78
  * Cisco SOHO 91
  * Cisco SOHO 96
  * Cisco SOHO 97

Products Confirmed Not Vulnerable
+

Any of the previously listed Cisco routers whose IOS configuration is
not based on the default IOS configuration shipped with the CRWS
application are not vulnerable.

No other Cisco products are currently known to be affected by this
vulnerability.

Details
===

The Cisco Router Web Setup tool (CRWS) provides a graphical user
interface (GUI) for configuring Cisco SOHO and Cisco 800 series
routers, and allows users to set up their routers quickly and easily.
The GUI is accessed through the Cisco IOS HTTP server, which is enabled
on the default IOS configuration shipped with the CRWS application.

The Cisco IOS HTTP server uses the "enable password" (assuming one has
been configured) as its default authentication mechanism. Other
authentication mechanisms can be configured, including the use of a
local user database, an external RADIUS (Remote Authentication Dial In
User Service) or an external TACACS+ (Terminal Access Controller Access
Control System) server. The default IOS configuration shipped with the
CRWS application does not include an "enable password" or an "enable
secret" command, allowing access to the Cisco IOS HTTP server interface
at any privilege level, up to and including privilege level 15, without
providing authentication credentials. Privilege level 15 is the highest
privilege level on Cisco IOS devices.

To resolve this vulnerability, Cisco has made changes to the default
IOS configuration shipped with the CRWS application and to the CRWS
application itself. Those changes are as follows:

  * The addition of a default username and password combination to be
used during initial device configuration.

Note:  CRWS will prompt the user to change those default
credentials during its first invocation. It is strongly recommended
for customers to remove those default credentials from the device
configuration by using the Cisco IOS CLI (command line interface)
if not planning to use the CRWS application for device
configuration.

  * The addition of an authentication mechanism for the Cisco IOS HTTP
server to authenticate users based on the local user database.

  * The addition of an access restriction to only allow connections to
the Cisco IOS HTTP server from the internal network, using the
addressi

[Full-disclosure] [USN-315-1] libmms, xine-lib vulnerabilities

[Martin Pitt]

=== 
Ubuntu Security Notice USN-315-1  July 12, 2006
libmms, xine-lib vulnerabilities
===

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libxine1 1.0-1ubuntu3.8

Ubuntu 5.10:
  libmms0  0.1-0ubuntu1.2
  libxine1c2   1.0.1-1ubuntu10.4

Ubuntu 6.06 LTS:
  libxine-main11.1.1+ubuntu2-7.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Matthias Hopf discovered several buffer overflows in libmms. By
tricking a user into opening a specially crafted remote multimedia
stream with an application using libmms, a remote attacker could
exploit this to execute arbitrary code with the user's privileges.

The Xine library contains an embedded copy of libmms, and thus needs
the same security update.


Updated packages for Ubuntu 5.04:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.8.diff.gz
  Size/MD5: 5811 6a41fae784ef1516888d20a8ec08c663

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.8.dsc
  Size/MD5: 1070 9880832522e9ec56d035abe93b4e2471

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.orig.tar.gz
  Size/MD5:  7384258 96e5195c366064e7778af44c3e71f43a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.8_amd64.deb
  Size/MD5:   106922 2b8375b1f380d86fcf366a18d1f3b902

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.8_amd64.deb
  Size/MD5:  3567630 d752e90e7d26650aea95d367dcf84790

  i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.8_i386.deb
  Size/MD5:   106932 d95e46c206ca84e80a98e01ad404ef71

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.8_i386.deb
  Size/MD5:  3750548 743fae494abdd778263762de0100a7c9

  powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.8_powerpc.deb
  Size/MD5:   106944 2719a6a92c6e4cbbbd884ecdbfe7122e

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.8_powerpc.deb
  Size/MD5:  3925764 979cd9f6ba73ae35cdce5a965f3068a9

Updated packages for Ubuntu 5.10:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms_0.1-0ubuntu1.2.diff.gz
  Size/MD5: 5750 26bc4a3aa10f4c803fa97f9544ecd0bc

http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms_0.1-0ubuntu1.2.dsc
  Size/MD5:  607 592210915bc702a6d9e94ecfe0711fa7

http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms_0.1.orig.tar.gz
  Size/MD5:   317089 ebd88537af9875265e41ee65603ecd1a

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.4.diff.gz
  Size/MD5:10600 1e73a41d99fb1fb4b2eddb43895caeac

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.4.dsc
  Size/MD5: 1189 9f04d287f5ba301eaf6fd2f9e066e3ae

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
  Size/MD5:  7774954 9be804b337c6c3a2e202c5a7237cb0f8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1-0ubuntu1.2_amd64.deb
  Size/MD5:19984 21d4c0a07f60aeb1550f198722d9ec99

http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0ubuntu1.2_amd64.deb
  Size/MD5:16360 bf82acc8e708dbf4605fb6be016e0e40

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.4_amd64.deb
  Size/MD5:   108948 92beceb19f7806a47992ca8d6fcb5c9c

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.4_amd64.deb
  Size/MD5:  3611402 24bcea7ae2e5a4b5776213fd551851f8

  i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1-0ubuntu1.2_i386.deb
  Size/MD5:18312 bbe36a4ac6b616c24be2c7417a44bf26

http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0ubuntu1.2_i386.deb
  Size/MD5:15116 0ed843f14b406370a7a2426ba5c8f459

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.4_i386.deb
  Size/MD5:   108956 2c9357c05d883747cb7c1c8218e7a257

http://security.ubuntu.com/ubuntu/pool/main/x/xine

[Full-disclosure] [USN-314-1] samba vulnerability

[Martin Pitt]

=== 
Ubuntu Security Notice USN-314-1  July 12, 2006
samba vulnerability
CVE-2006-3403
===

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  samba3.0.10-1ubuntu3.1

Ubuntu 5.10:
  samba3.0.14a-6ubuntu1.1

Ubuntu 6.06 LTS:
  samba3.0.22-1ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

The Samba security team reported a Denial of Service vulnerability in
the handling of information about active connections. In certain
circumstances an attacker could continually increase the memory usage
of the  smbd process by issuing a large number of share connection
requests. By draining all available memory, this could be exploited to
render the remote Samba server unusable.


Updated packages for Ubuntu 5.04:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.10-1ubuntu3.1.diff.gz
  Size/MD5:   107580 f41e99280b44e47c1e1a0c86a56c66de

http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.10-1ubuntu3.1.dsc
  Size/MD5:  978 d516ac96d66dbda1388e861ec8220ee7
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.10.orig.tar.gz
  Size/MD5: 15176926 b19fd86d3c11a1b43f75a5988cd9ceeb

  Architecture independent packages:


http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.0.10-1ubuntu3.1_all.deb
  Size/MD5: 11676712 55beda5b448bd6ef999d76a8e75ad3aa

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/universe/s/samba/libpam-smbpass_3.0.10-1ubuntu3.1_amd64.deb
  Size/MD5:   372670 7e7a00d1458113ae03ab9ceef1c33f92

http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.10-1ubuntu3.1_amd64.deb
  Size/MD5:   780744 a9e481451b19277676fe825118b6097b

http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.10-1ubuntu3.1_amd64.deb
  Size/MD5:   590090 8d76d3c3b1215b421a09ad40714ae533

http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.4-samba_3.0.10-1ubuntu3.1_amd64.deb
  Size/MD5:  5070312 35dfb5c2e732296d16c242af7d1386e7

http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.10-1ubuntu3.1_amd64.deb
  Size/MD5:  2150094 835196ef9aeac4f16356522cb2d6b493

http://security.ubuntu.com/ubuntu/pool/universe/s/samba/samba-dbg_3.0.10-1ubuntu3.1_amd64.deb
  Size/MD5:  6390788 5b4cb573a5813c12dbca92895612306e

http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.10-1ubuntu3.1_amd64.deb
  Size/MD5:  2733990 311b65f9c3d9bcfbae6cf527a7101081

http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.10-1ubuntu3.1_amd64.deb
  Size/MD5:  2813560 a5fdc57b8c3f39a1599685971196cb1f

http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.10-1ubuntu3.1_amd64.deb
  Size/MD5:   403878 39ed8078277f923e533f01c62d96981a

http://security.ubuntu.com/ubuntu/pool/universe/s/samba/swat_3.0.10-1ubuntu3.1_amd64.deb
  Size/MD5:  4062114 94d4663ac08126eae60227429a8e1143

http://security.ubuntu.com/ubuntu/pool/universe/s/samba/winbind_3.0.10-1ubuntu3.1_amd64.deb
  Size/MD5:  1623058 83d1e2d9b57331a14d50d1a5fd231aff

  i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/universe/s/samba/libpam-smbpass_3.0.10-1ubuntu3.1_i386.deb
  Size/MD5:   329214 0a57f5b7ec5c9d426a1a5d0306a0ee72

http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.10-1ubuntu3.1_i386.deb
  Size/MD5:   704546 84d98ae1dd41a8161ad8ea097dbc8a4e

http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.10-1ubuntu3.1_i386.deb
  Size/MD5:   523310 59e49f6c871b85bf6cb04ee4b264bd39

http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.4-samba_3.0.10-1ubuntu3.1_i386.deb
  Size/MD5:  4464594 10ded0e61a32f344633d25eb5c6f55a3

http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.10-1ubuntu3.1_i386.deb
  Size/MD5:  1887970 19f0177cbc0cbcdc795c6fb742512152

http://security.ubuntu.com/ubuntu/pool/universe/s/samba/samba-dbg_3.0.10-1ubuntu3.1_i386.deb
  Size/MD5:  6543900 7920120df8ae6d539965c199c07d1604

http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.10-1ubuntu3.1_i386.deb
  Size/MD5:  2355884 d309130e0783d153dc891a9a6a5ecaf3

http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.10-1ubuntu3.1_i386.deb
  Size/MD5:  2394052 5aa3665da0c4e601c98bceae300d6873

http://security.ubuntu.com/ubuntu/pool/main/s/sa

[Full-disclosure] [USN-316-1] installer vulnerability

[Martin Pitt]

=== 
Ubuntu Security Notice USN-316-1  July 12, 2006
Installer vulnerability
https://launchpad.net/bugs/48350
===

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  passwd   1:4.0.13-7ubuntu3.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Iwan Pieterse discovered that, if you select "Go Back" at the final
message displayed by the alternate or server CD installer ("Installation
complete") and then continue with the installation from the installer's
main menu, the root password is left blank rather than locked. This was
due to an error while clearing out the root password from the
installer's memory to avoid possible information leaks.

Installations from the alternate or server CDs when the user selected
"Continue" when the "Installation complete" message was first displayed
are not affected by this bug. Installations from the desktop CD are not
affected by this bug at all.

When you upgrade your passwd package to the newest version, it will
detect this condition and lock the root password if it was previously
blank. The next point release of Ubuntu 6.06 LTS will include a
corrected installer.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.13-7ubuntu3.2.diff.gz
  Size/MD5:   204800 1b29e1615364944d98ea95498d6058b8

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.13-7ubuntu3.2.dsc
  Size/MD5:  885 8ccf50d026fa2c4cffe85330f0d0985a

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.13.orig.tar.gz
  Size/MD5:  1622557 034fab52e187e63cb52f153bb7f304c8

http://security.ubuntu.com/ubuntu/pool/main/u/user-setup/user-setup_1.1ubuntu4.dsc
  Size/MD5:  678 544762def71fb062b6d6f5484a4d7c45

http://security.ubuntu.com/ubuntu/pool/main/u/user-setup/user-setup_1.1ubuntu4.tar.gz
  Size/MD5:98334 f8d648ce6a9a007740b0e175b92385eb

  Architecture independent packages:


http://security.ubuntu.com/ubuntu/pool/main/u/user-setup/user-setup-udeb_1.1ubuntu4_all.udeb
  Size/MD5:79418 4ec2af1d5e09f129d486c142575f4081

http://security.ubuntu.com/ubuntu/pool/main/u/user-setup/user-setup_1.1ubuntu4_all.deb
  Size/MD5:   161864 bc876d6099a323cebd2ffc94df41db06

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.2_amd64.deb
  Size/MD5:   249450 bfdba1450cbe14f6c71f5d9dee5df9b3

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.2_amd64.deb
  Size/MD5:   683510 547ad48ac45f6f11cacbd268f42b152a

  i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.2_i386.deb
  Size/MD5:   240938 8500a4c2ab53f11b3fb8cb7fb4e00c78

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.2_i386.deb
  Size/MD5:   616346 a29d90e0ae7c7c70cbeffcbfba6bf04e

  powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.2_powerpc.deb
  Size/MD5:   251380 bd408187e20f19222e2b4fefe8706552

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.2_powerpc.deb
  Size/MD5:   665158 4975fe8598b4a8adc98fabcee1b4cb8e

  sparc architecture (Sun SPARC/UltraSPARC)


http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.2_sparc.deb
  Size/MD5:   239930 85dde4bfa6d09491338f70efe9d6d336

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.2_sparc.deb
  Size/MD5:   620124 b0fcdadde2568b1a8324e2500718a18b


signature.asc
Description: Digital signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [USN-313-1] OpenOffice.org vulnerabilities

[Martin Pitt]

===
Ubuntu Security Notice USN-313-1  July 11, 2006
openoffice.org-amd64, openoffice.org vulnerabilities
CVE-2006-2198, CVE-2006-2199, CVE-2006-3117
===

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  openoffice.org-bin1.1.3-8ubuntu2.4

Ubuntu 6.06 LTS:
  openoffice.org-base   2.0.2-2ubuntu12.1
  openoffice.org-common 2.0.2-2ubuntu12.1
  openoffice.org-core   2.0.2-2ubuntu12.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Ubuntu 5.10 is also affected by these flaws. Updated packages will be
provided shortly.

Details follow:

It was possible to embed Basic macros in documents in a way that
OpenOffice.org would not ask for confirmation about executing them. By
tricking a user into opening a malicious document, this could be
exploited to run arbitrary Basic code (including local file access and
modification) with the user's privileges. (CVE-2006-2198)

A flaw was discovered in the Java sandbox which allowed Java applets
to break out of the sandbox and execute code without restrictions.  By
tricking a user into opening a malicious document, this could be
exploited to run arbitrary code with the user's privileges. This
update disables Java applets for OpenOffice.org, since it is not
generally possible to guarantee the sandbox restrictions.
(CVE-2006-2199)

A buffer overflow has been found in the XML parser. By tricking a user
into opening a specially crafted XML file with OpenOffice.org, this
could be exploited to execute arbitrary code with the user's
privileges. (CVE-2006-3117)


Updated packages for Ubuntu 5.04:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org-amd64/openoffice.org-amd64_1.1.3-8ubuntu2.4-1.diff.gz
  Size/MD5:28789 514ea84d6f71ccf9db3ef260d5208659

http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org-amd64/openoffice.org-amd64_1.1.3-8ubuntu2.4-1.dsc
  Size/MD5:  711 b1b158d017923995de9baa90d78af405

http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org-amd64/openoffice.org-amd64_1.1.3-8ubuntu2.4.orig.tar.gz
  Size/MD5: 213206527 dc7f27c5ce697aeca39f8622e19d8b81

http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffice.org_1.1.3-8ubuntu2.4.diff.gz
  Size/MD5:  6775773 452a4984ad6e9099c90e535d4b8450e0

http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffice.org_1.1.3-8ubuntu2.4.dsc
  Size/MD5: 2970 fe922d379fc59ff63aa1f138bdd623d5

http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffice.org_1.1.3.orig.tar.gz
  Size/MD5: 166568714 5250574bad9906b38ce032d04b765772

  Architecture independent packages:


http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffice.org-l10n-af_1.1.3-8ubuntu2.4_all.deb
  Size/MD5:  2635378 b8fa9808c55979fb401b5e54712790d5

http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffice.org-l10n-ar_1.1.3-8ubuntu2.4_all.deb
  Size/MD5:  2680962 9b14a2caeb1198c5754c04f81f53281b

http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffice.org-l10n-ca_1.1.3-8ubuntu2.4_all.deb
  Size/MD5:  2678222 98170fad141dd06f8126450c3aebcbee

http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffice.org-l10n-cs_1.1.3-8ubuntu2.4_all.deb
  Size/MD5:  3575066 d207819f21a982a4125a3199b14684cd

http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffice.org-l10n-cy_1.1.3-8ubuntu2.4_all.deb
  Size/MD5:  2649914 bb4c611d7ed3323d48aa5dc29318f6b8

http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffice.org-l10n-da_1.1.3-8ubuntu2.4_all.deb
  Size/MD5:  3568972 e75a586b586e765d07e6e82723613f8f

http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffice.org-l10n-de_1.1.3-8ubuntu2.4_all.deb
  Size/MD5:  3441302 574d06d219935433da8fc72faaa854e3

http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffice.org-l10n-el_1.1.3-8ubuntu2.4_all.deb
  Size/MD5:  2729146 058e25d98f3d4f2d1b02bbfbbf030319

http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffice.org-l10n-en_1.1.3-8ubuntu2.4_all.deb
  Size/MD5:  3513912 6b6e6689293d2f1a6c31c7dbae8606a5

http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffice.org-l10n-es_1.1.3-8ubuntu2.4_all.deb
  Size/MD5:  3548974 9f8c29a74cd142b9f47d06bc79830653

http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffice.org-l10n-et_1.1.3-8ubuntu2.4_all.deb
  Size/MD5:  2632886 66825e4ed7f75cb77c1f2f8ded32acc2

http://security.ubuntu.com/ubuntu/pool/main/o/openof

[Full-disclosure] CISCO Pix VPN Group Enumeration

[Andres Molinetti]

List,

   While doing a Pentest for a client I found a Cisco Pix IPSEC VPN
with PSK auth and Aggressive mode enabled. I'm searching for a script
that exploits the vulnerability "Cisco IPSec VPN Implementation Group
Name Enumeration Vulnerability" that is detailed here :
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_security_notice09186a00804a7912.html
. Does anyone know of any exploits available for this one?

Thanks,

Andy.

_
Descarga gratis la Barra de Herramientas de MSN 
http://www.msn.es/usuario/busqueda/barra?XAPID=2031&DI=1055&SU=http%3A//www.hotmail.com&HL=LINKTAG1OPENINGTEXT_MSNBH


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Repost of Microsoft SMB Information Disclosure Vulnerability CVE-2006-1315

[David_Marcus]

___

McAfee, Inc.
McAfee(r) Avert(r) Labs Security Advisory
Public Release Date: 2006-07-11

SMB Information Disclosure Vulnerability

CVE-2006-1315

___

*   Synopsis

An information disclosure vulnerability exists in the Server service
that could allow an attacker to retrieve fragments of memory from an
affected host via the host's SMB server.
 

___

*   Vulnerable System or Application

Microsoft Windows 2000
Microsoft Windows XP w/ Service Pack 1
Microsoft Windows XP w/ Service Pack 2
Microsoft Windows Server 2003
Microsoft Windows Server 2003 w/ Service Pack 1


___

*   Vulnerability Information

This issue is caused by the Server protocol driver's failure to zero out
memory before reusing it when constructing SMB response messages. An
attacker could exploit this vulnerability by sending a specially crafted
request that when processed would result in a response packet being sent
that unintentionally contained portions of memory from the target host.
Note that this vulnerability would not allow an attacker to execute code
or to elevate their user rights directly. It could be used to produce
useful information to try to further compromise the affected system.

___

*   Resolution

Microsoft has released a security bulletin and associated patch for this
vulnerability:
http://www.microsoft.com/technet/security/Bulletin/MS06-035.mspx 


___

*   Credits

This vulnerability was discovered by Mike Price and Rafal Wojtczuk of
McAfee Avert Labs. 

___

*   Legal Notice

Copyright (C) 2006 McAfee, Inc.
The information contained within this advisory is provided for the
convenience of McAfee's customers, and may be redistributed provided
that no fee is charged for distribution and that the advisory is not
modified in any way. McAfee makes no representations or warranties
regarding the accuracy of the information referenced in this document,
or the suitability of that information for your purposes.

McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee,
Inc. and/or its affiliated companies in the United States and/or other
Countries.  All other registered and unregistered trademarks in this
document are the sole property of their respective owners.

Best regards,

Dave Marcus, B.A., CCNA, MCSE
Security Research and Communications Manager
McAfee(r) Avert(r) Labs
(443) 321-3771 Office
(443) 668-0048 Mobile
McAfee Threat Center
 
McAfee Avert Labs Research Blog 



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] S21Sec-032-en: Vulnerability in Fatwire Content Server

[labs]

##

 - S21Sec Advisory -

##

Title:   FatWire Content Server
   ID:   S21SEC-032-en
 Severity:   High - Administrative Privileges Escalation
  History:   31.May.2006 Vulnerability discovered
 05.Jun.2006 Fixed (patch available)
Scope:   FatWire Content Server Portal
Platforms:   Any
   Author:   Alberto Moro ([EMAIL PROTECTED])
  URL:   http://www.s21sec.com/avisos/s21sec-032-en.txt
  Release:   Public

[ SUMMARY ]

The FatWire Content Server product suite enables companies to deploy a wide
variety 
and large quantity of Web sites and content-centric applications that build
customer 
loyalty, reach new markets, strengthen brand identity, boost productivity,
and reduce costs.


[ AFFECTED VERSIONS ]

Following tested versions are affected with this issue:

- FatWire Content Server 5.5.0 


[ DESCRIPTION ]

It's possible to obtain administrative privileges in the portal without
previous registration or validation.


[ WORKAROUND ]

Upgrade FatWire CS to the last version or apply the patch provided by
vendor.


[ ACKNOWLEDGMENTS ]

These vulnerabilities have been found and researched by:

- Alberto Moro <[EMAIL PROTECTED]> S21Sec

With thanks to:

- Leonardo Nve <[EMAIL PROTECTED]> S21Sec


[ REFERENCES ]

* FatWire Content Server
  http://www.fatwire.com/cs/Satellite/CSPage_US.html

* S21Sec
  http://www.s21sec.com


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/