Re: [Full-disclosure] Wikipedia and Pedophilia
thus J.A. Terranson spake: On Mon, 22 Jan 2007 [EMAIL PROTECTED] wrote: snip one __awe-inspiring__ /rant In other news: - GW Bush, Dick Cheney, Paul Wolfowitz, and Colin Powell piloted the planes on 9/11 (they jumped out at the last minute) no, but NORAD was 'offline' on 911 for the first time in history (no aircraft available on the east coast. of course, this was coincidence), the WTC (mind WTC No. 11 which collapsed without reason!) was the first buildings of that kind in history to collapse because of a fire (there are buildings still standing today after 36+ hours of even more fire), insurance contracts, no republican politicians on flights that day, etc. etc. etc. http://investigate911.bravehost.com/ Loose change and, the main reason: Genua, Italy. Canada. raising antiimperialistic mass movement. this had to be controlled. now it is. big brother is watching you. and it hits each and every one of you _personally_ :) - Hurricane Katrina was caused by the Yakuza using weather control technology developed in the 1960s- they are mad about the US using the atomic bombs in WWII maybe it's just about the higher energy levels in a warmer atmosphere (methane, carbon dioxide -- global warming)? - Hugo Chavez and Fidel Castro dine together nightly and always split the same dish: one human baby (this is what's keeping Castro alive) you forgot Mahmoud Ahmadinejad :) - The Russkies are STILL after our precious bodily fluids sure. You forgot one: - You STILL can't fight in the war room. very amused. patria o muerte! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Wikipedia and Pedophilia
Could you please please move to alt.politics.personal.statements.on.drugs ? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [New Tool]PReplay - A pcap traffic replay tool
hi all, few people messaged me reagarding link is not working. here is the direct link:- http://secgeeks.com/PReplay.zip let me know if anyone still has problems with it. regards, _CF On 1/22/07, crazy frog crazy frog [EMAIL PROTECTED] wrote: Hi All, For some work i wanted to replay the traffic which i captured using the ethereal.i searched the net but i have not found any good tool for windows(there are many for *nix) so i decided to code my own.so here it is PReplay - a traffic replay tool. i hope it will be helpful to you all. from the read me: PReplay is a utility to send the captured data.Its main feature is that it will keep the timediffrence between two packets(no very accuratly but it works with some micro/millisecond diffrence) it reads the capture file and then determine the time diffrence for the next packet. you can give list of capture file which you want to send in the Preplay.ini in the [SendingFileName] section as bellow: 1=IPDump.cap 2=IPDump2.cap ; is used for comment and that line will not be read.so you can comment out the file name which you dont want to send as [SendingFileName] 1=IPDump.cap ;2=IPDump2.cap it will not send 2nd file. SendingFilePath, here you can specify teh directoy which contains the captured files. download this tool from here: http://secgeeks.com/preplay_a_pcap_traffic_replay_tool.html Regards, SecGeek http://www.secgeeks.com -- --- http://www.secgeeks.com get a blog on secgeeks :) register here:- http://secgeeks.com/user/register rss feeds :- http://secgeeks.com/node/feed Submit you security articles,send them to [EMAIL PROTECTED] http://www.newskicks.com Submit and kick for new stories from all around the world. --- -- --- http://www.secgeeks.com get a blog on secgeeks :) register here:- http://secgeeks.com/user/register rss feeds :- http://secgeeks.com/node/feed Submit you security articles,send them to [EMAIL PROTECTED] http://www.newskicks.com Submit and kick for new stories from all around the world. --- This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160008bOW ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Wikipedia and Pedophilia
Summarizing, V Vendetta wrote: do you have the time to listen to me whine about nothing and everything all at once? Billy Joe?! Is that you? On 1/24/07, endrazine [EMAIL PROTECTED] wrote: Could you please please move to alt.politics.personal.statements.on.drugs ? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Marcio Barbado, Jr. == == ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CAID 34993]: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: [CAID 34993]: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities CA Vuln ID (CAID): 34993 CA Advisory Date: 2007-01-23 Discovered By: Next Generation Security Software Impact: Remote attacker can cause a denial of service or execute arbitrary code. Summary: CA BrightStor ARCserve Backup for Laptops and Desktops contains multiple overflow conditions that can allow a remote attacker to cause a denial of service, or execute arbitrary code with local SYSTEM privileges on Windows. Mitigating Factors: None. Severity: CA has given these vulnerability issues a High risk rating. Affected Products: BrightStor Products: BrightStor ARCserve Backup for Laptops and Desktops r11.1 SP1 BrightStor ARCserve Backup for Laptops and Desktops r11.1 BrightStor ARCserve Backup for Laptops and Desktops r11.0 BrightStor Mobile Backup r4.0 CA Protection Suites r2: CA Desktop Protection Suite r2 CA Business Protection Suite r2 CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2 CA Desktop Management Suite: DMS r11.0 DMS r11.1 Affected platforms: Microsoft Windows Status and Recommendation: Customers with vulnerable versions of the BrightStor ARCserve Backup Laptops Desktops product should upgrade to the latest versions, which are available for download from http://supportconnect.ca.com. BABLD r11.1 SP2 – SP2 does not contain the vulnerability, so there is no fix to apply. BABLD r11.1 SP1 - QO83833 BABLD r11.0 - QI85497 DMS r11.1 - QO85401 DMS r11.0 - QI85423 BMB r4.0 - QO85402 Determining if you are affected: Refer to the appropriate APAR for details. References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ CA SupportConnect Security Notice for this vulnerability: Important Security Notice for BrightStor ARCserve Backup for Laptops Desktops http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimps ec-notice.asp Solution Document Reference APARs: QO83833, QI85497, QO85401, QI85423, QO85402 CA Security Advisor posting: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97696 CAID: 34993 CAID Advisory link: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34993 Discoverer: Next Generation Security Software Next Generation Security Software advisories: http://www.ngssoftware.com/ CVE Reference: CVE-2007-0449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0449 OSVDB Reference: OSVDB ID: 31593 http://osvdb.org/31593 Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com. For technical questions or comments related to this advisory, please send email to [EMAIL PROTECTED] If you discover a vulnerability in CA products, please report your findings to [EMAIL PROTECTED], or utilize our Submit a Vulnerability form. URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research CA, One CA Plaza, Islandia, NY 11749 Contact http://www3.ca.com/contact/ Legal Notice http://www3.ca.com/legal/ Privacy Policy http://www3.ca.com/privacy/ Copyright (c) 2007 CA. All rights reserved. -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQA/AwUBRbeBc3klkd/ilBmFEQJG0gCfU2yQqk/uLptvrB+sYb3eNQjPNdkAn08/ 8iR6Fz4tAXZYN+CXFy8awg8L =8k42 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow
== Secunia Research 24/01/2007 - NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow - == Table of Contents Affected Software1 Severity.2 Vendor's Description of Software.3 Description of Vulnerability.4 Solution.5 Time Table...6 Credits..7 References...8 About Secunia9 Verification10 == 1) Affected Software The vulnerability is confirmed in the following products: - NCTAudioStudio 2.7.1 - NCTAudioEditor 2.7.1 - NCTDialogicVoice 2.7.1 NOTE: Other versions and products may also be affected. == 2) Severity Rating: Highly critical Impact: System compromise Where: Remote == 3) Vendor's Description of Software NCTAudioEditor ActiveX DLL is a visual multifunctional audio files editor. It can be used to build applications, which allow end-users to perform various operations with audio data such as displaying a waveform image and a spectral view of an audio file, recording, playing, editing, mixing, applying various audio effects and filters, format conversion and more. Supports all major audio formats.. Product Link: http://nctsoft.com/products/NCTAudioEditor2/ NCTAudioStudio is a package of 18 ActiveX Controls DLLs for work with audio data. Product Link: http://nctsoft.com/products/NCTAudioStudio2/ NCTDialogicVoice is a rapid application development tool for Dialogic voice boards. Product Link: http://nctsoft.com/products/NCTDialogicVoice2/ == 4) Description of Vulnerability Secunia Research has discovered a vulnerability in NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll) when handling the SetFormatLikeSample() method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (about 4124 bytes) as argument to the affected method. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website. == 5) Solution Set the kill-bit for the affected ActiveX control. Use another product. == 6) Time Table 03/01/2007 - Vendor notified. 10/01/2007 - Vendor notified again. 17/01/2007 - Other vendors using vulnerable component contacted. 24/01/2007 - Public disclosure. == 7) Credits Discovered by Carsten Eiram, Secunia Research. == 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2007-0018 for the vulnerability. == 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://corporate.secunia.com/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://corporate.secunia.com/secunia_research/33/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/secunia_vacancies/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/secunia_security_advisories/ == 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2007-2/ Complete list of vulnerability reports
[Full-disclosure] Secunia Research: Sienzo Digital Music Mentor NCTAudioFile2 ActiveX Control Buffer Overflow
== Secunia Research 24/01/2007 - Sienzo Digital Music Mentor - - NCTAudioFile2 ActiveX Control Buffer Overflow - == Table of Contents Affected Software1 Severity.2 Vendor's Description of Software.3 Description of Vulnerability.4 Solution.5 Time Table...6 Credits..7 References...8 About Secunia9 Verification10 == 1) Affected Software Sienzo Digital Music Mentor (DMM) 2.6.0.3 NOTE: Prior versions may also be affected. == 2) Severity Rating: Highly critical Impact: System compromise Where: Remote == 3) Vendor's Description of Software DMM is a software that helps you get the guitar chords and bass tabs for any pop/rock/country song. DMM even shows you how to play the chords! It is so simple to use. Product Link: http://www.sienzo.com/product.asp == 4) Description of Vulnerability Secunia Research has discovered a vulnerability in Sienzo Digital Music Mentor, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the NCTAudioFile2.AudioFile ActiveX control when handling the SetFormatLikeSample() method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (about 4124 bytes) as argument to the affected method. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website. == 5) Solution Update to version 2.6.0.4. == 6) Time Table 17/01/2007 - Vendor notified. 18/01/2007 - Vendor response. 19/01/2007 - Vendor issues fixed version. 24/01/2007 - Public disclosure. == 7) Credits Discovered by Carsten Eiram, Secunia Research. == 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2007-0018 for the vulnerability. == 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://corporate.secunia.com/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://corporate.secunia.com/secunia_research/33/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/secunia_vacancies/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/secunia_security_advisories/ == 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2007-15/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ == ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200701-21 ] MIT Kerberos 5: Arbitrary Remote Code Execution
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200701-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: MIT Kerberos 5: Arbitrary Remote Code Execution Date: January 24, 2007 Bugs: #158810 ID: 200701-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in MIT Kerberos 5 could potentially result in the execution of arbitrary code. Background == MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-crypt/mit-krb51.5.2 = 1.5.2 Description === The Kerberos administration daemon, and possibly other applications using the GSS-API or RPC libraries, could potentially call a function pointer in a freed heap buffer, or attempt to free an uninitialized pointer. Impact == A remote attacker may be able to crash an affected application, or potentially execute arbitrary code with root privileges. Workaround == There is no known workaround at this time. Resolution == All MIT Kerberos 5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-crypt/mit-krb5-1.5.2 References == [ 1 ] CVE-2006-6143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6143 [ 2 ] CVE-2006-6144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6144 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200701-21.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability
ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-006.html January 24, 2007 -- CVE ID: CVE-2007-0444 -- Affected Vendor: Citrix -- Affected Products: Citrix Presentation Server 4.0 Citrix MetaFrame Presentation Server 3.0 Citrix MetaFrame XP 1.0 -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since July 7, 2005 by the pre-existing Digital Vaccine protection filter ID 3583. For further product information on the TippingPoint IPS: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of Citrix Presentation Server, Metaframe Presentation Server or MetaFrame XP. Authentication is not required to exploit this vulnerability. The specific flaw exists in a print provider installed by the Presentation Server. The cpprov.dll library doesn't properly handle certain invalid calls to the EnumPrintersW() and OpenPrinter() functions. For example, passing a string of 130 or more characters in the first argument to the OpenPrinter() function results in a stack-based buffer overflow and can be leveraged to execute code in the context of the Spooler service, which runs as the privileged LocalSystem account. -- Vendor Response: Citrix has issued an update to correct this vulnerability. More details can be found at: http://support.citrix.com/article/CTX111686 -- Disclosure Timeline: 2005.07.07 - Pre-exiting Digital Vaccine released to TippingPoint customers 2006.10.02 - Vulnerability reported to vendor 2007.01.24 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by an anonymous researcher. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed
Openads security advisoryOPENADS-SA-2007-001 Advisory ID: OPENADS-SA-2007-001 Date: 2007-Jan-24 Security risk: low risk Applications affetced: phpAdsNew, phpPgAds Versions affected: = phpAdsNew 2.0.9-pr1, phpPgAds 2.0.9-pr1 Versions not affected: = Openads 2.0.10, Openads for PostgreSQL 2.0.10 Vulnerability: Cross-site scripting Description --- This is the description of the vulnerability recieved by JPCERT: We have confirmed that in admin-search.php, scripts included in 'keyword' parameter is shown without proper sanitization thus the script could be executed. However a user needs to login the system as administrator, which makes the exploit technically difficult. If this vulnerability is exploited, by script execution, a user's session ID included in HTTP Cookie might be stolen. Also there's a risk that the contents of phpAdsNew are falsified temporarily. References -- - JVN#07274813: http://jvn.jp/jp/JVN%2307274813/index.html Solution - The vulnerability was fixed in Openads and Openads for PostgreSQL 2.0.10 (released on Jan 18th), but we suggest you to upgrade to Openads or Openads for PostgreSQL 2.0.11 released today. Contact informations The security contact for Openads can be reached at: security AT openads DOT org Best regards -- Matteo Beccati http://www.openads.org http://phpadsnew.com http://phppgads.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability
On Wed, 24 Jan 2007, [EMAIL PROTECTED] wrote: -- Disclosure Timeline: 2005.07.07 - Pre-exiting Digital Vaccine released to TippingPoint customers 2006.10.02 - Vulnerability reported to vendor 2007.01.24 - Coordinated public release of advisory out of curiosity: why took it 1+ year to report this vulneralbility to the vendor? -- BOFH excuse #366: ATM cell has no roaming feature turned on, notebooks can't connect ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0trace - traceroute on established connections
On Sun, 2007-01-14 at 00:49 +0100, Robert Święcki wrote: Michal Zalewski wrote: Note: this is a 30-minute hack that involves C code coupled with a cheesy shellscript. It may not work on non-Linux systems, and may fail on some Linuxes, too. It could be improved in a number of ways - so if you like it, rewrite it. Slightly rewritten version in C, using libpcap is available here: http://www.swiecki.net/progs/intrace.tgz It should compile and work on Linux boxes. Current version also compiles (but is not tested yet) on FreeBSD6 (and maybe on some other BSD flavors). And of course, it wouldn't be complete without a python port: http://jon.oberheide.org/projects/0trace/ Regards, Jon Oberheide -- Jon Oberheide [EMAIL PROTECTED] GnuPG Key: 1024D/F47C17FE Fingerprint: B716 DA66 8173 6EDD 28F6 F184 5842 1C89 F47C 17FE signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Oracle Buffer Overflow in DBMS_DRS.GET_PROPERTY
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oracle Database Buffer overflow vulnerabilities in procedure DBMS_DRS.GET_PROPERTY (DB03) AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle Jan 18, 2007 Affected versions: Oracle Database Server versions 9iR2 and 10gR1 Risk level: Medium Remote exploitable: Yes (Authentication to Database Server is needed) Credits: This vulnerability was discovered and researched by Esteban Martínez Fayó of Application Security Inc. Details: Oracle Database Server provides the DBMS_DRS package that includes procedures used in Oracle Data Guard. This package contains the function GET_PROPERTY which is vulnerable to buffer overflow attacks. Impact: Any Oracle database user with EXECUTE privilege on the package SYS.DBMS_DRS can exploit this vulnerability. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DOS (Denial of service) killing Oracle server process. Vendor Status: Vendor was contacted and a patch was released. Workaround: Restrict access to the SYS.DBMS_DRS package. Fix: Apply Oracle Critical Patch Update January 2007 available at Oracle Metalink. Links: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html http://www.appsecinc.com/resources/alerts/oracle - -- _ Application Security, Inc. www.appsecinc.com AppSecInc is the leading provider of database security solutions for the enterprise. AppSecInc products proactively secure enterprise applications at more than 300 organizations around the world by discovering, assessing, and protecting the database against rapidly changing security threats. By securing data at its source, we enable organizations to more confidently extend their business with customers, partners and suppliers. Our security experts, combined with our strong support team, deliver up-to-date application safeguards that minimize risk and eliminate its impact on business. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFt+zI9EOAcmTuFN0RAuckAJ9bceygqFstqEV3P/dbyBsN1cmymACg01Tj bDRNdJKaT2COMIlcrbF8Fjk= =FepF -END PGP SIGNATURE- 0x64EE14DD.asc Description: application/pgp-keys ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Oracle Buffer Overflow in DBMS_LOGMNR.ADD_LOGFILE
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oracle Database Buffer overflow vulnerabilities in procedure DBMS_LOGMNR.ADD_LOGFILE (DB04) AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle Jan 18, 2007 Affected versions: Oracle Database Server versions 9iR2 Risk level: Medium Remote exploitable: Yes (Authentication to Database Server is needed) Credits: This vulnerability was discovered and researched by Esteban Martínez Fayó of Application Security Inc. Details: Oracle Database Server provides the DBMS_LOGMNR package that contains procedures used to initialize the LogMiner tool. This package contains the procedure ADD_LOGFILE which is vulnerable to buffer overflow attacks. Impact: Any Oracle database user with EXECUTE privilege on the package SYS.DBMS_LOGMNR can exploit this vulnerability. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DOS (Denial of service) killing Oracle server process. Vendor Status: Vendor was contacted and a patch was released. Workaround: Restrict access to the SYS.DBMS_LOGMNR package. Fix: Apply Oracle Critical Patch Update January 2007 available at Oracle Metalink. Links: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html http://www.appsecinc.com/resources/alerts/oracle - -- _ Application Security, Inc. www.appsecinc.com AppSecInc is the leading provider of database security solutions for the enterprise. AppSecInc products proactively secure enterprise applications at more than 300 organizations around the world by discovering, assessing, and protecting the database against rapidly changing security threats. By securing data at its source, we enable organizations to more confidently extend their business with customers, partners and suppliers. Our security experts, combined with our strong support team, deliver up-to-date application safeguards that minimize risk and eliminate its impact on business. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFt+0p9EOAcmTuFN0RAjDuAKDL763jeKhKDoY7YkDYjmVTnKpW1gCfQ1vL eLSOyryW3ZT+IVNlyBrmOHc= =Abub -END PGP SIGNATURE- 0x64EE14DD.asc Description: application/pgp-keys ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD (DB05) AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle Jan 18, 2007 Affected versions: Oracle Database Server versions 8i, 9i and 10gR1 Risk level: High Remote exploitable: Yes (Authentication to Database Server is needed) Credits: This vulnerability was discovered and researched by Esteban Martínez Fayó of Application Security Inc. Details: Oracle Database Server provides the MDSYS.MD package that is used in the Oracle Spatial component. These packages contain many public procedures that are vulnerable to buffer overflow and denial of service attacks. Impact: By default MDSYS.MD has EXECUTE permission to PUBLIC so any Oracle database user can exploit this vulnerability. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DOS (Denial of service) killing Oracle server process. Vendor Status: Vendor was contacted and a patch was released. Workaround: Restrict access to the MDSYS.MD package. Fix: Apply Oracle Critical Patch Update January 2007 available at Oracle Metalink. Links: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html http://www.appsecinc.com/resources/alerts/oracle - -- _ Application Security, Inc. www.appsecinc.com AppSecInc is the leading provider of database security solutions for the enterprise. AppSecInc products proactively secure enterprise applications at more than 300 organizations around the world by discovering, assessing, and protecting the database against rapidly changing security threats. By securing data at its source, we enable organizations to more confidently extend their business with customers, partners and suppliers. Our security experts, combined with our strong support team, deliver up-to-date application safeguards that minimize risk and eliminate its impact on business. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFt+289EOAcmTuFN0RAgY4AKChOeywrliRgXmsr/u/sba4ruFD1wCeORdI XpFgWZ2jkv2iXeWOjc3Btr0= =RAjS -END PGP SIGNATURE- 0x64EE14DD.asc Description: application/pgp-keys ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oracle Database Buffer overflow vulnerabilities in procedure DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT (DB07) AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle Jan 18, 2007 Affected versions: Oracle Database Server versions 8i, 9i and 10gR1 Risk level: Medium Remote exploitable: Yes (Authentication to Database Server is needed) Credits: This vulnerability was discovered and researched by Esteban Martínez Fayó of Application Security Inc. Details: Oracle Database Server provides the DBMS_REPCAT_UNTRUSTED package that can be used to administer a replicated environment. This package contains the procedure UNREGISTER_SNAPSHOT which is vulnerable to buffer overflow attacks. Impact: Any Oracle database user with EXECUTE privilege on the package SYS.DBMS_REPCAT_UNTRUSTED can exploit this vulnerability. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DOS (Denial of service) killing Oracle server process. Vendor Status: Vendor was contacted and a patch was released. Workaround: Restrict access to the SYS.DBMS_REPCAT_UNTRUSTED package. Fix: Apply Oracle Critical Patch Update January 2007 available at Oracle Metalink. Links: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html - -- _ Application Security, Inc. www.appsecinc.com AppSecInc is the leading provider of database security solutions for the enterprise. AppSecInc products proactively secure enterprise applications at more than 300 organizations around the world by discovering, assessing, and protecting the database against rapidly changing security threats. By securing data at its source, we enable organizations to more confidently extend their business with customers, partners and suppliers. Our security experts, combined with our strong support team, deliver up-to-date application safeguards that minimize risk and eliminate its impact on business. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFt+4n9EOAcmTuFN0RAkA7AJ98L2NyrmzSYVU0qcJBtNP5LWYJ2gCfX3qa MtRTW0vSW9EHppQP1BnhtXU= =vdPj -END PGP SIGNATURE- 0x64EE14DD.asc Description: application/pgp-keys ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oracle Database Buffer overflow vulnerability in procedure DBMS_LOGREP_UTIL.GET_OBJECT_NAME (DB08) AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle Jan 18, 2007 Affected versions: Oracle Database Server versions 9iR1, 9iR2 and 10gR1 Risk level: Medium Remote exploitable: Yes (Authentication to Database Server is needed) Credits: This vulnerability was discovered and researched by Esteban Martínez Fayó of Application Security Inc. Details: Oracle Database Server provides the DBMS_LOGREP_UTIL package that is used internally by Oracle. This package contains the procedure GET_OBJECT_NAME which is vulnerable to buffer overflow attacks. Impact: Any Oracle database user with EXECUTE privilege on the package SYS.DBMS_LOGREP_UTIL can exploit this vulnerability. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DOS (Denial of service) killing Oracle server process. Vendor Status: Vendor was contacted and a patch was released. Workaround: Restrict access to the SYS.DBMS_LOGREP_UTIL package. Fix: Apply Oracle Critical Patch Update January 2007 available at Oracle Metalink. Links: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html http://www.appsecinc.com/resources/alerts/oracle - -- _ Application Security, Inc. www.appsecinc.com AppSecInc is the leading provider of database security solutions for the enterprise. AppSecInc products proactively secure enterprise applications at more than 300 organizations around the world by discovering, assessing, and protecting the database against rapidly changing security threats. By securing data at its source, we enable organizations to more confidently extend their business with customers, partners and suppliers. Our security experts, combined with our strong support team, deliver up-to-date application safeguards that minimize risk and eliminate its impact on business. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFt+589EOAcmTuFN0RAuo1AJ9BSybG3BaJZJaJAh/F6A9b+nFVMgCfX8gL 3gaY/d69lCXXloETE2EJq8I= =OfPh -END PGP SIGNATURE- 0x64EE14DD.asc Description: application/pgp-keys ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CAID 34818]: CA Personal Firewall Multiple Privilege Escalation Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: [CAID 34818]: CA Personal Firewall Multiple Privilege Escalation Vulnerabilities CA Vuln ID (CAID): 34818 CA Advisory Date: 2007-01-22 Discovered By: Reverse Mode Impact: Local attacker can gain escalated privileges. Summary: Multiple vulnerabilities have been discovered in CA Personal Firewall drivers. The vulnerabilities are due to errors in the HIPS Core (KmxStart.sys) and HIPS Firewall (KmxFw.sys) drivers. Local attackers can exploit these vulnerabilities to gain escalated privileges. Mitigating Factors: Local user account required for exploitation. Severity: CA has given these vulnerability issues a Medium risk rating. Affected Products: CA Personal Firewall 2007 (v9.0) Engine version 1.0.173 and below CA Internet Security Suite 2007 (v3.0) with CA Personal Firewall 2007 (v9.0) Engine version 1.0.173 and below Affected platforms: Microsoft Windows Status and Recommendation: CA has addressed this issue by providing a new automatic update on January 22, 2007. Customers running one of the affected products simply need to ensure that they have allowed this automatic update to take place. Determining if you are affected: To ensure that the update has taken place, customers can view the Help About screen in their CA Personal Firewall product and confirm that their engine version number is 1.0.176 or higher. References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ CA Consumer Support Knowledge Document for this vulnerability: Medium Risk CA Personal Firewall Vulnerability - Multiple Privilege Escalation Vulnerabilities http://crm.my-etrust.com/login.asp?username=guesttarget=DOCUMENTopen parameter=2680 Solution Document Reference APARs: N/A CA Security Advisor posting: CA Personal Firewall Multiple Privilege Escalation Vulnerabilities http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97729 CAID: 34818 CAID Advisory link: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34818 Discoverer: Reverse Mode http://www.reversemode.com/index.php?option=com_contenttask=viewid=2 7Itemid=2 CVE Reference: CVE-2006-6952 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6952 OSVDB References: OSVDB ID: 30497, 30498 http://osvdb.org/30497 http://osvdb.org/30498 Other References: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities. http://marc.theaimsgroup.com/?l=bugtraqm=116379521731676w=2 Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com. For technical questions or comments related to this advisory, please send email to [EMAIL PROTECTED] If you discover a vulnerability in CA products, please report your findings to [EMAIL PROTECTED], or utilize our Submit a Vulnerability form. URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research CA, One CA Plaza, Islandia, NY 11749 Contact http://www3.ca.com/contact/ Legal Notice http://www3.ca.com/legal/ Privacy Policy http://www3.ca.com/privacy/ Copyright (c) 2007 CA. All rights reserved. -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQA/AwUBRbfulnklkd/ilBmFEQJ0NgCeOZpxVly2pVS+HQQhJiBCjG3sS+QAn2/f /Ky+kDlOxsKX69tdPU52QzGK =cOEr -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability
On 1/24/07, Christian Kujau [EMAIL PROTECTED] wrote: On Wed, 24 Jan 2007, [EMAIL PROTECTED] wrote: -- Disclosure Timeline: 2005.07.07 - Pre-exiting Digital Vaccine released to TippingPoint customers 2006.10.02 - Vulnerability reported to vendor 2007.01.24 - Coordinated public release of advisory out of curiosity: why took it 1+ year to report this vulneralbility to the vendor? Where do you see 1+ year? *Pre-existing* means there already existed a vaccine that blocked vulnerabilities of this type released in '05. This does not necessarily mean that was when ZDI received the bug submission. So it was reported to the vendor in October and released to the public in January... 4 months is not an outstanding patch time. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow
Hello, The following products are also affected and currently unpatched: Magic Video Products NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/3/ Aurora Media Workshop NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/4/ DB Audio Mixer And Editor NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/5/ J. Hepple Products NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/6/ EXPStudio Audio Editor NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/7/ iMesh NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/8/ Quikscribe Products NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/9/ RMBSoft Products NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/10/ CDBurnerXP Pro NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/11/ Code-it Software Products NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/12/ Movavi Products NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/13/ SoftDiv Software Products NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/14/ MP3 Normalizer NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/16/ Roemer Software Products NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/17/ Audio Edit Magic NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/18/ Joshua Software Products NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/19/ Virtual CD Products NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/20/ Cheetah CD/DVD Burner NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/21/ Mystik Media Products NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/22/ Power Audio Editor NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/23/ DanDans Digital Media Products NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/24/ Xrlly Software NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/25/ Absolute Software Products NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/26/ Easy Ringtone Maker NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/27/ RecordNRip NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/28/ McFunSoft Products NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/29/ MP3 WAV Converter NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/30/ NextLevel Systems Products NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/32/ Altdo Software Products NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/33/ Cool Audio Products NCTAudioFile2 ActiveX Control Buffer Overflow http://secunia.com/secunia_research/34/ On Wed, 2007-01-24 at 16:13 +0100, Secunia Research wrote: == Secunia Research 24/01/2007 - NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow - == Table of Contents Affected Software1 Severity.2 Vendor's Description of Software.3 Description of Vulnerability.4 Solution.5 Time Table...6 Credits..7 References...8 About Secunia9 Verification10 == 1) Affected Software The vulnerability is confirmed in the following products: - NCTAudioStudio 2.7.1 - NCTAudioEditor 2.7.1 - NCTDialogicVoice 2.7.1 NOTE: Other versions and products may also be affected. == 2) Severity Rating: Highly critical Impact: System compromise Where: Remote == 3) Vendor's Description of Software NCTAudioEditor ActiveX DLL is a visual multifunctional audio
[Full-disclosure] Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oracle Database Buffer overflow vulnerabilities in procedures of package DBMS_CAPTURE_ADM_INTERNAL (DB09) AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle Jan 18, 2007 Affected versions: Oracle Database Server versions 9iR1, 9iR2 and 10gR1 Risk level: Medium Remote exploitable: Yes (Authentication to Database Server is needed) Credits: This vulnerability was discovered and researched by Esteban Martínez Fayó of Application Security Inc. Details: Oracle Database Server provides the DBMS_CAPTURE_ADM_INTERNAL package that is used internally by the Streams Change Data Capture component. This package contains the procedures CREATE_CAPTURE, ALTER_CAPTURE, ABORT_TABLE_INSTANTIATION that are vulnerable to buffer overflow attacks. Impact: Any Oracle database user with EXECUTE privilege on the package SYS.DBMS_CAPTURE_ADM_INTERNAL can exploit this vulnerability. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DOS (Denial of service) killing Oracle server process. Vendor Status: Vendor was contacted and a patch was released. Workaround: Restrict access to the SYS.DBMS_CAPTURE_ADM_INTERNAL package. Fix: Apply Oracle Critical Patch Update January 2007 available at Oracle Metalink. Links: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html http://www.appsecinc.com/resources/alerts/oracle - -- _ Application Security, Inc. www.appsecinc.com AppSecInc is the leading provider of database security solutions for the enterprise. AppSecInc products proactively secure enterprise applications at more than 300 organizations around the world by discovering, assessing, and protecting the database against rapidly changing security threats. By securing data at its source, we enable organizations to more confidently extend their business with customers, partners and suppliers. Our security experts, combined with our strong support team, deliver up-to-date application safeguards that minimize risk and eliminate its impact on business. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFt+779EOAcmTuFN0RAghNAJ9au2zMaTryG5FlsOYhzCOpUUPPMgCgrxBy kFo9nef8098NsSBFvq6cbqU= =c+cz -END PGP SIGNATURE- 0x64EE14DD.asc Description: application/pgp-keys ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-414-1] Squid vulnerabilities
=== Ubuntu Security Notice USN-414-1 January 24, 2007 squid vulnerabilities CVE-2007-0247, CVE-2007-0248 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: squid2.5.12-4ubuntu2.2 Ubuntu 6.10: squid2.6.1-3ubuntu1.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: David Duncan Ross Palmer and Henrik Nordstrom discovered that squid incorrectly handled special characters in FTP URLs. Remote users with access to squid could crash the server leading to a denial of service. (CVE-2007-0247) Erick Dantas Rotole and Henrik Nordstrom discovered that squid could end up in an endless loop when exhausted of available external ACL helpers. Remote users with access to squid could cause CPU starvation, possibly leading to a denial of service. This does not affect a default Ubuntu installation, since external ACL helpers must be configured and used. (CVE-2007-0248) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.2.diff.gz Size/MD5: 247162 c77eda0d1ab1a685ddccba3cec2a http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.2.dsc Size/MD5: 666 728df6474a1a90b654f8e7068d49c4eb http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12.orig.tar.gz Size/MD5: 1407261 1fc92afd1e858a51a2ebeba28cb76656 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.12-4ubuntu2.2_all.deb Size/MD5: 203104 31807d0c54820bcb4ccaac324fd8ccb2 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.2_amd64.deb Size/MD5: 105858 ec1034625a294cd9a5aee3acd367e8e6 http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.2_amd64.deb Size/MD5: 843664 1fba5697e70517003303a1edc4fb91f9 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.2_amd64.deb Size/MD5:79354 2967f6690585721a640fbfde495a0fee i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.2_i386.deb Size/MD5: 104692 bf432d8afaab042920e20d5f0fa48587 http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.2_i386.deb Size/MD5: 756304 333887def26d690a1b40e06b1d6e9238 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.2_i386.deb Size/MD5:78198 d69eeb3c5f4bbb0c393c83292b95054b powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.2_powerpc.deb Size/MD5: 105550 add8f17581b0eba4254c9a78ecf20d6d http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.2_powerpc.deb Size/MD5: 838728 65488fafc44d1cbbeb54507734395c3a http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.2_powerpc.deb Size/MD5:79318 cd24525894b43ae769f00286412f6a8d sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.2_sparc.deb Size/MD5: 105074 95fa08d5f9a710a12331ffee2fe411da http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.2_sparc.deb Size/MD5: 793020 0b11d30e1704e3ad6eb939494fe46ae8 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.2_sparc.deb Size/MD5:79270 e7b4ab8c0b0939491c3ff37b0736278c Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.2.diff.gz Size/MD5: 250552 c7b1b1b80935e2e9e916bc5e6c1d72a1 http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.2.dsc Size/MD5: 675 cf59b558d3ec2f05fb5641a8eda9627d http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1.orig.tar.gz Size/MD5: 1593236 5035d9cc90e8033e4eac232ce19a665f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.6.1-3ubuntu1.2_all.deb Size/MD5: 415546 c59977fd127de425cbeb794dc0c9a460 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.2_amd64.deb Size/MD5: 109386 b94595843390e1aa91893fa7a434c7ca
Re: [Full-disclosure] gnupg diff available
Felix von Leitner wrote: I tried to give Werner Koch (the author) advance warning, but he was neither helpful nor did he appear interested. So please don't make 0-days out of this. Thank you, Felix Did you at least send him a copy of this diff? Matthew Flaschen signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Remove all admin-root authorization prompts from OSX
http://www.petitiononline.com/31337OSX/petition.html -KF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] SERIOUS PROBLEM WITH MACOS V+V HAHAHA
HOLY FUCK SHIT DUDES CHECK OUT THIS!!! http://lists.grok.org.uk/pipermail/full-disclosure/2007- January/052002.html SERIOUSLY KF WHAT THE FUCK YOU DUMB FUCKING NIGGER GO PRETEND THAT YOU'RE A BIG TIME VULN DEALER BY BEING A BROKER TO A BROKER AND CONTINUING YOUR BROKER IN THE MIDDLE ATTACKS. I BET THE HBGARY DUDES LAUGH THEIR ASSES OFF AT YOUR NIGGER SELF FOR THIS POST. IF YOU WERE HALF THE HACKER YOUR BLACK HALF ISN'T DON'T YOU THINK YOU COULD ACTUALLY MAKE MONEY YOURSELF INSTEAD OF TRYING TO SCAM OFF OF OTHER PEOPLE WHO MIGHT BE SLIGHTLY MORE CAPABLE OF DOING SECURITY RESEARCH?? YOUR SKIN IS MORE NIGGER THAN YOUR TECHNICAL SKILLS. WAY TO RIP OFF A CROSSDRESSING HOMOSEXUAL RETARD AND GET OWNED THEN TRY TO USE IT AS AN EXAMPLE OF YOU BEING ABLE TO SELL BUGS YOU WORTHLESS TWAT SHIT. I BET YOUR MOTHER HAD HORRIBLE DIARRHOEA DURING YOUR BIRTH AND NO ONE COULD TELL YOU WERE BORN SO YOU SPENT THE FIRST HOURS OF YOUR LIFE DROWNING IN THE OUTHOUSE. ps: snosoft is going to try to sell your exploits to hbgary, so just fucking bypass snosoft and contact them directly and make more money pps: kf is a nigger ppps: kf claims he is only 1/2 nigger does this mean he is also a failure at being a nigger TOTAL FAILURE AT COMPUTER SECURITY AND TOTAL FAILURE AT BEING A NIGGER!!! WHAT A NIGGER!! Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SERIOUS PROBLEM WITH MACOS V+V HAHAHA
Awe... someones mad that their penis isn't even half black. I get 2 extra inches of cock for being 1/2 black. The usual 3 inches did not apply for me since I am not totally black. Go look up the word Sarcasm before you sign the petition... in fact here is a link for ya. http://www.answers.com/sarcasmr=67 Btw dipsit... learn to read press releases. The broker is Adriel , not me. I technically left SNOSoft years ago. I am nothing more than a lowly researcher calling out iDefense on their bullshit vuln prices. You really haven't said anything here that wasn't already covered in h0h0 #3 ... Thanks -KF [EMAIL PROTECTED] wrote: HOLY FUCK SHIT DUDES CHECK OUT THIS!!! http://lists.grok.org.uk/pipermail/full-disclosure/2007- January/052002.html SERIOUSLY KF WHAT THE FUCK YOU DUMB FUCKING NIGGER GO PRETEND THAT YOU'RE A BIG TIME VULN DEALER BY BEING A BROKER TO A BROKER AND CONTINUING YOUR BROKER IN THE MIDDLE ATTACKS. I BET THE HBGARY DUDES LAUGH THEIR ASSES OFF AT YOUR NIGGER SELF FOR THIS POST. IF YOU WERE HALF THE HACKER YOUR BLACK HALF ISN'T DON'T YOU THINK YOU COULD ACTUALLY MAKE MONEY YOURSELF INSTEAD OF TRYING TO SCAM OFF OF OTHER PEOPLE WHO MIGHT BE SLIGHTLY MORE CAPABLE OF DOING SECURITY RESEARCH?? YOUR SKIN IS MORE NIGGER THAN YOUR TECHNICAL SKILLS. WAY TO RIP OFF A CROSSDRESSING HOMOSEXUAL RETARD AND GET OWNED THEN TRY TO USE IT AS AN EXAMPLE OF YOU BEING ABLE TO SELL BUGS YOU WORTHLESS TWAT SHIT. I BET YOUR MOTHER HAD HORRIBLE DIARRHOEA DURING YOUR BIRTH AND NO ONE COULD TELL YOU WERE BORN SO YOU SPENT THE FIRST HOURS OF YOUR LIFE DROWNING IN THE OUTHOUSE. ps: snosoft is going to try to sell your exploits to hbgary, so just fucking bypass snosoft and contact them directly and make more money pps: kf is a nigger ppps: kf claims he is only 1/2 nigger does this mean he is also a failure at being a nigger TOTAL FAILURE AT COMPUTER SECURITY AND TOTAL FAILURE AT BEING A NIGGER!!! WHAT A NIGGER!! Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SERIOUS PROBLEM WITH MACOS V+V HAHAHA
btw... nice pussy ass hushmail account. -KF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SERIOUS PROBLEM WITH MACOS V+V HAHAHA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hey kev, remember when you applied at idefense last year and got rejected? i bet they hired someone that was either white or skilled instead of you! they are such con artists that you want to work there, thinking they might be dumb enough to hire you. but it turns out that even idefense has enough sense, collectively, to reject worthless bottom feeders like you. can you at least publicly admit that you tried to get a job at idefense? or must we quote your mailspool further? seriously everyone is sick of you, your friends, your failed business attempts... you aren't on the same level as anyone who has at least written in even quickbasic.. you are nothing, the people you associate with are nothing, and the sad thing is you are too fucking stupid to realize exactly how far behind you are from absolutely everyone else. i sincerely hope that everyone from HR departments at various companies see how two-faced and unprofessional you are, and take this into consideration next time you get kicked off welfare and try to trick someone into giving you a job... face it nigs... any place that has anyone technically competent interviewing for any sort of technical role WILL NEVER HIRE YOU OR ANY OF YOUR CRACK BABY NIGGER FRIENDS FROM THE TOUGH STREETS OF SOMEWHERE WITH NO CRIME YOU PIECE OF SHIT. HAHAHA NO ONE LIKES A NIGGER!!! TRY BLEACHING YOUR SKIN MAYBE OR LEARN HOW TO USE COMPUTERS AND MAYBE SOMEDAY GET A JOB AS A LAB ASSISTANT LIKE YOUR OTHER ELITE HACKER FRIENDS!!! moderators: you will undoubtedly block this account... whatever... maybe you should start moderating these frauds too... their idiocy has the same effect as immaturity, whether it is intended or not. ignorancy, stupidity, being born half black... these aren't excuses that you can get by with in the real world. On Wed, 24 Jan 2007 21:48:29 -0500 K F (lists) [EMAIL PROTECTED] wrote: Awe... someones mad that their penis isn't even half black. I get 2 extra inches of cock for being 1/2 black. The usual 3 inches did not apply for me since I am not totally black. Go look up the word Sarcasm before you sign the petition... in fact here is a link for ya. http://www.answers.com/sarcasmr=67 Btw dipsit... learn to read press releases. The broker is Adriel , not me. I technically left SNOSoft years ago. I am nothing more than a lowly researcher calling out iDefense on their bullshit vuln prices. You really haven't said anything here that wasn't already covered in h0h0 #3 ... Thanks -KF [EMAIL PROTECTED] wrote: HOLY FUCK SHIT DUDES CHECK OUT THIS!!! http://lists.grok.org.uk/pipermail/full-disclosure/2007- January/052002.html SERIOUSLY KF WHAT THE FUCK YOU DUMB FUCKING NIGGER GO PRETEND THAT YOU'RE A BIG TIME VULN DEALER BY BEING A BROKER TO A BROKER AND CONTINUING YOUR BROKER IN THE MIDDLE ATTACKS. I BET THE HBGARY DUDES LAUGH THEIR ASSES OFF AT YOUR NIGGER SELF FOR THIS POST. IF YOU WERE HALF THE HACKER YOUR BLACK HALF ISN'T DON'T YOU THINK YOU COULD ACTUALLY MAKE MONEY YOURSELF INSTEAD OF TRYING TO SCAM OFF OF OTHER PEOPLE WHO MIGHT BE SLIGHTLY MORE CAPABLE OF DOING SECURITY RESEARCH?? YOUR SKIN IS MORE NIGGER THAN YOUR TECHNICAL SKILLS. WAY TO RIP OFF A CROSSDRESSING HOMOSEXUAL RETARD AND GET OWNED THEN TRY TO USE IT AS AN EXAMPLE OF YOU BEING ABLE TO SELL BUGS YOU WORTHLESS TWAT SHIT. I BET YOUR MOTHER HAD HORRIBLE DIARRHOEA DURING YOUR BIRTH AND NO ONE COULD TELL YOU WERE BORN SO YOU SPENT THE FIRST HOURS OF YOUR LIFE DROWNING IN THE OUTHOUSE. ps: snosoft is going to try to sell your exploits to hbgary, so just fucking bypass snosoft and contact them directly and make more money pps: kf is a nigger ppps: kf claims he is only 1/2 nigger does this mean he is also a failure at being a nigger TOTAL FAILURE AT COMPUTER SECURITY AND TOTAL FAILURE AT BEING A NIGGER!!! WHAT A NIGGER!! Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkW4JKwACgkQgSMOKd40iZipMQQAgs6DXJZ+Ew/YP0caGs6TmyzToIA8 wYtC1Iztg562yXD79XsBwOE9Bp4jBshN7WKGWTPTC2CBfaQe/qpUm94SByBg5f0CU9vS J/54Cdygj2qZdmGWVzW0wyg4bptKKuuswdhSAg0VAEQqBt9aKIDGM22mkQoQZ+ZP2q3F XuufekQ= =V+Vp -END PGP SIGNATURE- Concerned about your privacy? Instantly send FREE secure email, no account required
Re: [Full-disclosure] Remove all admin-root authorization prompts from OSX
On 24 Jan 07, at 17:20, K F (lists) wrote: http://www.petitiononline.com/31337OSX/petition.html The petition reads, in part: In efforts to minimize the apparently unnecessary dialog boxes that ask for permission to go from gid=admin to uid=root we are hereby petitioning Apple to remove any further use of dialog boxes when making the transition from gid=0 to uid=0. Since the admin group is ALREADY root why can't you just stop asking us for authorization? Do your research next time. gid=admin isn't root: powerbook% id uid=1000(me) gid=1000(me) groups=1000(me), 81(appserveradm), 79 (appserverusr), 80(admin) ... it's just an ordinary group with sudo, write privileges to some special folders, and some extra SecurityAgent magic in /etc/ authorization. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SERIOUS PROBLEM WITH MACOS V+V HAHAHA
Sure... I was aware of an opening and inquired about it as I was trying to offload the Veritas bug perhaps? I am pretty sure I never directly applied for it or even took an interview for it. In reality I was not willing to relocate thus the position was not even an after thought. hrmm how about those hushmail accounts. -KF can you at least publicly admit that you tried to get a job at idefense? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SERIOUS PROBLEM WITH MACOS V+V HAHAHA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 y0 br0 y0u 4ppl13d f0r 4 j0b b3c4us3 y0u th0ught y0u c0uld s3ll 4 bug th4t w4y? br0 th@ d03sn't c0mput3 ... try t0 c0m3 up w1th 4 m0r3 c0nv1nc1ng st0ry... t4k3 y0ur t1me n1gz! 1 b3t y0u w1sh y0ur m0th3r c0uld h4v3 4ff0rd3d th@ 4b0rt10n, 0r th4t y0ur p4r4pl3g1c f4th3r r3sp0ns1bl3 f0r y0ur m0th3rs r4p3 w4s phys1c4lly f1t 3n0ugh t0 b34t th3 w0mb h4rd 3n0ugh t0 sl1p y0ur und3rd3v3l0p3d f3tus 0ut 0f h3r f1v3 m3t3r d14m3t3r sn4tch... wtf 1s th@ 4ll 4b0ut 4nyw4yz... fuqn r3t4rd. n1gg3rs l1k3 y0u g1v3 wh1t3 s0uth 4rf1c4nz 4 b4d n4m3. vortexia will own you hack.co.za loving kids. On Wed, 24 Jan 2007 22:37:54 -0500 K F (lists) [EMAIL PROTECTED] wrote: Sure... I was aware of an opening and inquired about it as I was trying to offload the Veritas bug perhaps? I am pretty sure I never directly applied for it or even took an interview for it. In reality I was not willing to relocate thus the position was not even an after thought. hrmm how about those hushmail accounts. -KF can you at least publicly admit that you tried to get a job at idefense? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkW4LLQACgkQgSMOKd40iZiJzgP8DMyNYCbHM/lwxqtGQ3y1kiOLBo04 9aqIij4C0f3+4JRVyatQrsMI3mhIi/m0P7QJ3iuX7/eJtagZ+qLvyVnkJzvFEwwD6rNs rfdCZgbIHMb7soGMUQ5MVz51P+YhBMnOKBuObunvREHBwYCh7iE/93P+IKXTnvoaW7MD dqT3IXo= =RYvY -END PGP SIGNATURE- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SERIOUS PROBLEM WITH MACOS V+V HAHAHA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 how about we keep this da list! we wanna disclose our shiznits fully dip this sit. On Wed, 24 Jan 2007 22:42:13 -0500 The Rogue Fugu [EMAIL PROTECTED] wrote: Can you please take this off-list? I have NO interest whatsoever in having your crap clutter my inbox. -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkW4LVcACgkQgSMOKd40iZhOpwP9GGlCM6UYeiL+DQM4Bzu+nYx6oUnD J0O1cG9UTsa5ouGTqy3i5oECn+fTUsxJH5efD66n0m7ETB4fGg5H9qoZsvwGIopG+Y8J r6mselmyYYO8bhvtf/L6KMuL0jYmizJT5IV/nWlABMmoG89yg+MG8TTzjmPrNZpDsFv8 AMkA4mI= =bkm4 -END PGP SIGNATURE- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Cisco Security Advisory: Crafted IP Option Vulnerability
On 1/24/07, Gadi Evron [EMAIL PROTECTED] wrote: How many OPK's are being released today.. anyone? Ovulation Predictor Kits? OEM Preinstallation Kits? -dre ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
