Re: [Full-disclosure] Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability

[Matthew Flaschen]

Stefan Esser wrote:
>Microsoft just sent a nonsense mail to us, claiming that we had
>disclosed this already to the public and that they like getting
>advance notice.

I mean, that's fair enough.  I mean, nobody's personality should get in
the way of fixing security vulnerabilities.  Err, I mean...

Matthew Flaschen



signature.asc
Description: OpenPGP digital signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDKSA-2007:049 ] - Updated spamassassin packages fix DoS vulnerability

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___
 
 Mandriva Linux Security Advisory MDKSA-2007:049
 http://www.mandriva.com/security/
 ___
 
 Package : spamassassin
 Date: February 23, 2007
 Affected: 2007.0, Corporate 4.0
 ___
 
 Problem Description:
 
 A bug in the way that SpamAssassin processes HTML emails containing
 URIs was discovered in versions 3.1.x.  A carefully crafted mail
 message could make SpamAssassin consume significant amounts of CPU
 resources that could delay or prevent the delivery of mail if a
 number of these messages were sent at once.
 
 SpamAssassin has been upgraded to version 3.1.8 to correct this
 problem, and other upstream bugs.  In addition, an invalid path setting
 in local.cf for the auto_whitelist_path has been fixed for Mandriva
 2007.0.
 ___

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0451
 http://qa.mandriva.com/show_bug.cgi?id=27424
 ___
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 d650293a8726a25c4fd3fac01058f758  
2007.0/i586/perl-Mail-SpamAssassin-3.1.8-0.1mdv2007.0.i586.rpm
 721c1aeebf3bf0eda9e82f165cebcd7b  
2007.0/i586/spamassassin-3.1.8-0.1mdv2007.0.i586.rpm
 bb191e955876ae1cd3a39a694f5c6259  
2007.0/i586/spamassassin-spamc-3.1.8-0.1mdv2007.0.i586.rpm
 845c7c94d98f06bdcc2949ea2cf3272b  
2007.0/i586/spamassassin-spamd-3.1.8-0.1mdv2007.0.i586.rpm
 730d7cb8c61a3c40149ffdabb3a2a039  
2007.0/i586/spamassassin-tools-3.1.8-0.1mdv2007.0.i586.rpm 
 ad0a0132bf2cea709038ae72af5ad72b  
2007.0/SRPMS/spamassassin-3.1.8-0.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 74e606f97f5d341eaaa7f1fae29af965  
2007.0/x86_64/perl-Mail-SpamAssassin-3.1.8-0.1mdv2007.0.x86_64.rpm
 b75394411af4c61a6e273ae0bfdd0cdb  
2007.0/x86_64/spamassassin-3.1.8-0.1mdv2007.0.x86_64.rpm
 841dbbe7e13527bbed478c4ee1673824  
2007.0/x86_64/spamassassin-spamc-3.1.8-0.1mdv2007.0.x86_64.rpm
 b0033170128717b308172d1be62d2fea  
2007.0/x86_64/spamassassin-spamd-3.1.8-0.1mdv2007.0.x86_64.rpm
 8cda04c353a295fe889b0373dd70c657  
2007.0/x86_64/spamassassin-tools-3.1.8-0.1mdv2007.0.x86_64.rpm 
 ad0a0132bf2cea709038ae72af5ad72b  
2007.0/SRPMS/spamassassin-3.1.8-0.1mdv2007.0.src.rpm

 Corporate 4.0:
 1cacb51bf040c259c069fa608e0e2c49  
corporate/4.0/i586/perl-Mail-SpamAssassin-3.1.8-0.1.20060mlcs4.i586.rpm
 f05942822badb56e42aa93f0b5717a58  
corporate/4.0/i586/spamassassin-3.1.8-0.1.20060mlcs4.i586.rpm
 8a70c211b6b9f900aeadcb701a82de08  
corporate/4.0/i586/spamassassin-spamc-3.1.8-0.1.20060mlcs4.i586.rpm
 cf64b92a8f7bf9e10f82e6ae5ff83d94  
corporate/4.0/i586/spamassassin-spamd-3.1.8-0.1.20060mlcs4.i586.rpm
 f58b265feb70a6129bb747e52d9b968e  
corporate/4.0/i586/spamassassin-tools-3.1.8-0.1.20060mlcs4.i586.rpm 
 663e6ce1d90085aea5840934b742641b  
corporate/4.0/SRPMS/spamassassin-3.1.8-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 69f4a1ef34a46eaf071d157dab7a19a1  
corporate/4.0/x86_64/perl-Mail-SpamAssassin-3.1.8-0.1.20060mlcs4.x86_64.rpm
 f18bd5698dfc5342984b6f2d0d15606f  
corporate/4.0/x86_64/spamassassin-3.1.8-0.1.20060mlcs4.x86_64.rpm
 87b7259668e39af9187acd29cd59a872  
corporate/4.0/x86_64/spamassassin-spamc-3.1.8-0.1.20060mlcs4.x86_64.rpm
 533fee6c7f174f9964584864d6da08e7  
corporate/4.0/x86_64/spamassassin-spamd-3.1.8-0.1.20060mlcs4.x86_64.rpm
 7a0df8727eb4f3024325995b920b47a7  
corporate/4.0/x86_64/spamassassin-tools-3.1.8-0.1.20060mlcs4.x86_64.rpm 
 663e6ce1d90085aea5840934b742641b  
corporate/4.0/SRPMS/spamassassin-3.1.8-0.1.20060mlcs4.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF30eemqjQ0CJFipgRAtogAKDGcmYv5ExJQdbQp8BIbj6Nst3cUQCgytlu
z4crGBL8AKM8dTZU0ps/Sy8=
=uiOS
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability

[Michal Zalewski]

On Fri, 23 Feb 2007, Stefan Esser wrote:

> Proof of Concept:
>
>The Hardened-PHP Project is not going to release a proof of concept
>exploit for this vulnerability.

...because pretty much no exploit is needed. Scary. Good catch.

/mz

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability

[Stefan Esser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Hardened-PHP Project
www.hardened-php.net

  -= Security  Advisory =-


 Advisory: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
 Release Date: 2007/02/23
Last Modified: 2007/02/23
   Author: Stefan Esser [EMAIL PROTECTED]

  Application: Firefox <= 2.0.0.1, Internet Explorer 7, Opera 9
 Not affected: Internet Explorer 6, Opera 8
 Severity: Web-pages without a defined charset will be rendered
   with the charset of the parent page when put into an
   (i)frame. This might allow bypassing XSS filters
   with for example UTF-7 payload
 Risk: Low
Vendor Status: Only Mozilla reacted and released Firefox 2.0.0.2 which fixes 
this issue
   References: http://www.hardened-php.net/advisory_032007.142.html


Overview:

   While testing Firefox it was discovered that pages not specifying
   a charset in a HTTP Content-Type header or from within a HTML META
   tag, inherit the charset of the parent page when they are rendered
   within an (i)frame, even when both pages are on different domains.

   This opens up Firefox to all the UTF-7 XSS vulnerabilities that were
   reported in the past (google.com, mediawiki, ...) and are usually
   attributed to only affect Internet Explorer due to its charset
   autodetection. All an attacker needs to get it working is put the
   XSS attack into an iframe on a site using UTF-7.

   After the initial contact with the Mozilla team Internet Explorer 7
   was released which unlike Internet Explorer is also vulnerable to
   the charset inheritance issue. Hinted by the Mozilla developers it
   was also discovered that Opera 9 unlike Opera 8 also introduced
   this vulnerability.

   Unfortunately neither Microsoft nor Opera were interested in the
   vulnerability. Opera did not react at all on our bug report and
   Microsoft just sent a nonsense mail to us, claiming that we had
   disclosed this already to the public and that they like getting
   advance notice. We never heard back from them after that initial
   email. Not really surprising because it is a similar behaviour we
   previously encountered when dealing with them.


Proof of Concept:

   The Hardened-PHP Project is not going to release a proof of concept
   exploit for this vulnerability.


Disclosure Timeline:

   11. October 2006  - Notified [EMAIL PROTECTED]
   23. February 2007 - Firefox 2.0.0.2 released
   23. February 2007 - Public Disclosure


Recommendation:

   We strongly recommend to upgrade to Firefox 2.0.0.2 which also
   fixes several other security vulnerabilities not reported by us
   and therefore not covered by this advisory.

   http://mozilla.org/


GPG-Key:

   http://www.hardened-php.net/hardened-php-signature-key.asc

   pub  1024D/0A864AA1 2004-04-17 Hardened-PHP Signature Key
   Key fingerprint = 066F A6D0 E57E 9936 9082  7E52 4439 14CC 0A86 4AA1


Copyright 2007 Stefan Esser. All rights reserved.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFF32E6RDkUzAqGSqERApcNAKCZuga9MqD8YXoVvBWvkPjBaskZwgCfV9wy
ir2XC0ZpOGDkW4f3twiBxsc=
=spEd
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability

[iDefense Labs]

Apologies... The correct advisory text follows.

Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability

iDefense Security Advisory 02.23.07
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 23, 2007

I. BACKGROUND

Network Security Services (NSS) is a set of libraries designed to support
cross-platform development of security-enabled client and server
applications, providing support for, among others, SSL (Secure Socket
Layer) protocol version 2 and 3. For more information visit the following
URL.

http://www.mozilla.org/projects/security/pki/nss/tools/

II. DESCRIPTION

Remote exploitation of an input validation error causing an integer
underflow in version 3.10 of the Mozilla Foundation's Network Security
Services (NSS) may allow an attacker to cause a stack-based buffer
overflow and execute arbitrary code on the affected application.

The vulnerability specifically exists in code responsible for handling the
client master key. While negotiating an SSLv2 session, a client can specify
invalid parameters which causes an integer underflow. The resulting value
is used as the amount of memory to copy into a fixed size stack buffer. As
a result, a potentially exploitable stack-based buffer overflow condition
occurs.

III. ANALYSIS

Successful exploitation of this vulnerability would allow an attacker to
execute arbitrary code in the context of the affected server. No
authentication is required to reach the vulnerable code. No user
interaction is required.

Since this vulnerability is in library code used by multiple applications,
the details of how an attacker would exploit it vary. In all cases, an
attacker would need to specify invalid parameters as part of the SSLv2
handshake.

Code execution has been demonstrated to be possible under Windows 2000
with a server utilizing the affected library. Depending on the precise
details of the server, this vulnerability may also be exploitable on other
platforms.

IV. DETECTION

iDefense has confirmed this vulnerability exists in versions 3.10 and
3.11.3 of the Mozilla Network Security Services. These libraries are used
in a variety of products from multiple vendors including Sun Microsystems,
Red Hat and Mozilla. Previous versions are also likely to be affected. The
names 'libnss3.so' on Linux based systems or 'nss3.dll' on Windows based
systems may indicate the library is being used by an application.

V. WORKAROUND

iDefense is not aware of any effective workaround for this vulnerability.
With some servers it may be possible to prevent exposure by disabling
SSLv2 support and employing a different protocol. However, this workaround
may prevent some clients from being able to access the server.

VI. VENDOR RESPONSE

The Mozilla Foundation has addressed this vulnerability in Mozilla
Foundation Security Advisory 2007-06. For more information, view their
advisory at the following URL.

http://www.mozilla.org/security/announce/2007/mfsa2007-06.html

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2007-0009 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

12/18/2006  Initial vendor notification
12/19/2006  Initial vendor response
02/23/2007  Coordinated public disclosure

IX. CREDIT

This vulnerability was reported to iDefense by regenrecht.

Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php

Free tools, research and upcoming events
http://labs.idefense.com/

X. LEGAL NOTICES

Copyright © 2007 iDefense, Inc.

Permission is granted for the redistribution of this alert electronically.
It may not be edited in any way without the express written consent of
iDefense. If you wish to reprint the whole or any part of this alert in
any other medium other than electronically, please e-mail
[EMAIL PROTECTED] for permission.

Disclaimer: The information in the advisory is believed to be accurate at
the time of publishing based on currently available information. Use of
the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on, this
information.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability

[iDefense Labs]

Mozilla Network Security Services SSLv2 Client Integer Underflow
Vulnerability

iDefense Security Advisory 02.23.07
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 23, 2007

I. BACKGROUND

Network Security Services (NSS) is a set of libraries designed to support
cross-platform development of security-enabled client and server
applications, providing support for, among others, SSL (Secure Socket
Layer) protocol version 2 and 3. For more information visit the following
URL.

http://www.mozilla.org/projects/security/pki/nss/tools/

II. DESCRIPTION

Remote exploitation of an input validation error causing an integer
underflow in version 3.10 of the Mozilla Foundation's Network Security
Services (NSS) may allow an attacker to execute arbitrary code in the
context of the affected application.

The vulnerability specifically exists due to a design error in the
processing of malformed SSLv2 server messages. By sending a certificate
with a public key too small to encrypt the "Master Secret", heap
corruption can be triggered which may result in the execution of arbitrary
code.

III. ANALYSIS

Successful exploitation of this vulnerability would allow an attacker to
execute arbitrary code in the context of the user running the affected
client.

Since this vulnerability is in library code used by multiple applications,
the details of how an attacker would exploit it vary. In all cases, the
affected client connects to a server which replies in the initial
handshake with a specially crafted certificate. This causes a heap based
overflow with random data and eventually causes a fault writing past the
end of the allocated space. Some applications may use values from the
overwritten memory locations before the program exits. In this case, it
may be possible for an attacker to cause code to execute.

Although the data which overruns the heap is random, code execution is
possible on some platforms with some applications using the library.
Although unreliable, iDefense has demonstrated that this vulnerability can
result in code execution with Firefox 1.5.0.9 on Windows XP.

IV. DETECTION

iDefense has confirmed this vulnerability exists in versions 3.10 and
3.11.3 of Mozilla Network Security Services. These libraries are used in a
variety of products from multiple vendors including Sun Microsystems, Red
Hat and Mozilla. Previous versions are also likely to be affected. The
names 'libnss3.so' on Linux based systems or 'nss3.dll' on Windows based
systems may indicate the library is being used by an application.

V. WORKAROUND

iDefense is not aware of any effective workaround for this vulnerability.
With some clients, it may be possible to mitigate exposure by disabling
SSLv2 support. However, this may cause problems connecting to servers
using only SSLv2.

VI. VENDOR RESPONSE

The Mozilla Foundation has addressed this vulnerability in Mozilla
Foundation Security Advisory 2007-06. For more information, view their
advisory at the following URL.

http://www.mozilla.org/security/announce/2007/mfsa2007-06.html

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2007-0008 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

12/18/2006  Initial vendor notification
12/19/2006  Initial vendor response
02/23/2007  Coordinated public disclosure

IX. CREDIT

This vulnerability was reported to iDefense by regenrecht.

Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php

Free tools, research and upcoming events
http://labs.idefense.com/

X. LEGAL NOTICES

Copyright © 2007 iDefense, Inc.

Permission is granted for the redistribution of this alert electronically.
It may not be edited in any way without the express written consent of
iDefense. If you wish to reprint the whole or any part of this alert in
any other medium other than electronically, please e-mail
[EMAIL PROTECTED] for permission.

Disclaimer: The information in the advisory is believed to be accurate at
the time of publishing based on currently available information. Use of
the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on, this
information.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability

[iDefense Labs]

Mozilla Network Security Services SSLv2 Client Integer Underflow
Vulnerability

iDefense Security Advisory 02.23.07
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 23, 2007

I. BACKGROUND

Network Security Services (NSS) is a set of libraries designed to support
cross-platform development of security-enabled client and server
applications, providing support for, among others, SSL (Secure Socket
Layer) protocol version 2 and 3. For more information visit the following
URL.

http://www.mozilla.org/projects/security/pki/nss/tools/

II. DESCRIPTION

Remote exploitation of an input validation error causing an integer
underflow in version 3.10 of the Mozilla Foundation's Network Security
Services (NSS) may allow an attacker to execute arbitrary code in the
context of the affected application.

The vulnerability specifically exists due to a design error in the
processing of malformed SSLv2 server messages. By sending a certificate
with a public key too small to encrypt the "Master Secret", heap
corruption can be triggered which may result in the execution of arbitrary
code.

III. ANALYSIS

Successful exploitation of this vulnerability would allow an attacker to
execute arbitrary code in the context of the user running the affected
client.

Since this vulnerability is in library code used by multiple applications,
the details of how an attacker would exploit it vary. In all cases, the
affected client connects to a server which replies in the initial
handshake with a specially crafted certificate. This causes a heap based
overflow with random data and eventually causes a fault writing past the
end of the allocated space. Some applications may use values from the
overwritten memory locations before the program exits. In this case, it
may be possible for an attacker to cause code to execute.

Although the data which overruns the heap is random, code execution is
possible on some platforms with some applications using the library.
Although unreliable, iDefense has demonstrated that this vulnerability can
result in code execution with Firefox 1.5.0.9 on Windows XP.

IV. DETECTION

iDefense has confirmed this vulnerability exists in versions 3.10 and
3.11.3 of Mozilla Network Security Services. These libraries are used in a
variety of products from multiple vendors including Sun Microsystems, Red
Hat and Mozilla. Previous versions are also likely to be affected. The
names 'libnss3.so' on Linux based systems or 'nss3.dll' on Windows based
systems may indicate the library is being used by an application.

V. WORKAROUND

iDefense is not aware of any effective workaround for this vulnerability.
With some clients, it may be possible to mitigate exposure by disabling
SSLv2 support. However, this may cause problems connecting to servers
using only SSLv2.

VI. VENDOR RESPONSE

The Mozilla Foundation has addressed this vulnerability in Mozilla
Foundation Security Advisory 2007-06. For more information, view their
advisory at the following URL.

http://www.mozilla.org/security/announce/2007/mfsa2007-06.html

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2007-0008 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

12/18/2006  Initial vendor notification
12/19/2006  Initial vendor response
02/23/2007  Coordinated public disclosure

IX. CREDIT

This vulnerability was reported to iDefense by regenrecht.

Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php

Free tools, research and upcoming events
http://labs.idefense.com/

X. LEGAL NOTICES

Copyright © 2007 iDefense, Inc.

Permission is granted for the redistribution of this alert electronically.
It may not be edited in any way without the express written consent of
iDefense. If you wish to reprint the whole or any part of this alert in
any other medium other than electronically, please e-mail
[EMAIL PROTECTED] for permission.

Disclaimer: The information in the advisory is believed to be accurate at
the time of publishing based on currently available information. Use of
the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on, this
information.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] myspace redirection

[Matthew Flaschen]

beNi wrote:
> http://dect.myspace.com/event.ng/Type=click&FlightID=26715&AdID=44985&TargetID=7242&Values=710&Redirect=http://www.google.de

How about
dect.myspace.com/event.ng/Type=click&FlightID=%31%30%30%26%41%64%49%44%3D%34%34%39%38%35%26%54%61%72%67%65%74%49%44%3D%37%32%34%32%26%56%61%6C%75%65%73%3D%37%31%30%26%52%65%64%69%72%65%63%74%3D%68%74%74%70%3A%2F%2F%67%6F%6F%67%6C%65%2E%63%6F%6D

A bit more plausible, as long as they don't look at the status bar.

Matthew Flaschen



signature.asc
Description: OpenPGP digital signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [WEB SECURITY] Plain Old Webserver - The coolest firefox extension

[Matthew Flaschen]

Stefano Di Paola wrote:
> Plain Old Web Server 
> Good  Old Dir Traversal
> 
> curl "127.0.0.1:6670/../../../../" -kivvv
> * About to connect() to 127.0.0.1 port 6670
> *   Trying 127.0.0.1... connected
> * Connected to 127.0.0.1 (127.0.0.1) port 6670
>> GET /../../../../ HTTP/1.1

Yep, I think it's just a rite of passage for all web servers.

Matthew Flaschen



signature.asc
Description: OpenPGP digital signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] 802.1q Vlan Packets

[David Barroso]

Hi,
yes, yersinia handles 802.1q VLAN packets, as well as builds some  
attacks upon them (Mitm over VLAN hopping) or you can just watch the  
802.1q packets flowing (but for that, I would advise you to run  
Wireshark).

David

El 23/02/2007, a las 3:31, pengo13 escribió:

> pengo13 wrote:
>> The IEEE standard paper:
>>
>> http://standards.ieee.org/getieee802/download/802.1Q-2003.pdf
>>
>> Other than wireshark/ethereal there is Yersinia which is a tool that
>> is supposed to take advantage of weaknesses in various protocols
>> (802.q being one of them). I know it includes a vlan spoofing  
>> feature,
>> but I haven't had time to really give the tool a try outside of
>> installing it and running it for abit.
>>
>> http://www.yersinia.net/
>>
>> Wikipedia has some info as well.
>>
>> Hope that helps maybe a little bit.
>>
>>
>> crazy frog crazy frog wrote:
>>> Hi List,
>>>
>>> I am looking for some information on 802.1q vlan packets.i recently
>>> seen some captures in which  the protocol type in their ethernet
>>> header is 802.1q (some googling gave me the packet structure) bellow
>>> that sometimes ppp strcutres comes and some times it doesn't come.my
>>> question is why its happening and can i get some sample capture or a
>>> decoder for this kind of protocol?
>>> thanks for any help.
>>>
>>> Regards,
>>>
>>>
>>>
>>
>>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] rPSA-2007-0036-1 kernel

[rPath Update Announcements]

rPath Security Advisory: 2007-0036-1
Published: 2007-02-23
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Remote User Deterministic Denial of Service
Updated Versions:
kernel=/[EMAIL PROTECTED]:devel//1/2.6.19.4-0.1-1

References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0772
http://issues.rpath.com/browse/RPL-1063

Description:
Previous versions of the kernel package are vulnerable to a denial of
service attack, which allows remote NFS clients to panic the kernel.
This vulnerability requires the NFS service to be active.

A system reboot is required to resolve this vulnerability.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [OpenPKG-SA-2007.010] OpenPKG Security Advisory (php)

[OpenPKG GmbH]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



Publisher Name:  OpenPKG GmbH
Publisher Home:  http://openpkg.com/

Advisory Id (public):OpenPKG-SA-2007.010
Advisory Type:   OpenPKG Security Advisory (SA)
Advisory Directory:  http://openpkg.com/go/OpenPKG-SA
Advisory Document:   http://openpkg.com/go/OpenPKG-SA-2007.010
Advisory Published:  2007-02-23 17:21 UTC

Issue Id (internal): OpenPKG-SI-20070211.02
Issue First Created: 2007-02-11
Issue Last Modified: 2007-02-23
Issue Revision:  11


Subject Name:php
Subject Summary: Programming Language
Subject Home:http://www.php.net/
Subject Versions:* <= 5.2.0

Vulnerability Id:CVE-2006-6383, CVE-2007-0905, CVE-2007-0906,
 CVE-2007-0907, CVE-2007-0908, CVE-2007-0909,
 CVE-2007-0910, CVE-2007-0988
Vulnerability Scope: global (not OpenPKG specific)

Attack Feasibility:  run-time
Attack Vector:   local system, remote network
Attack Impact:   denial of service, exposure of sensitive
 information, manipulation of data, arbitrary code
 execution

Description:
According to a vendor release announcement [0], multiple
vulnerabilities exist in the programming language PHP [1], version
up to and including 5.2.0.

PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and
open_basedir restrictions via a malicious path and a null byte
before a ";" in a session_save_path argument, followed by an allowed
path, which causes a parsing inconsistency in which PHP validates
the allowed path but sets session.save_path to the malicious path.
(CVE-2007-0905; possibly duplicate of CVE-2006-6383)

Multiple buffer overflows in PHP before 5.2.1 allow attackers to
cause a denial of service and possibly execute arbitrary code via
unspecified vectors in the session, imap and sqlite extensions; and
the str_replace function.
(CVE-2007-0906)

Buffer underflow in PHP before 5.2.1 allows attackers to cause
a denial of service via unspecified vectors involving the
sapi_header_op function.
(CVE-2007-0907)

The wddx extension in PHP before 5.2.1 allows remote attackers
to obtain sensitive information via unspecified vectors.
(CVE-2007-0908)

Multiple format string vulnerabilities in PHP before 5.2.1 might
allow attackers to execute arbitrary code via format string
specifiers to all of the *print functions on 64-bit systems, and the
odbc_result_all function.
(CVE-2007-0909)

Unspecified vulnerability PHP before 5.2.1 allows attackers to
"clobber" certain super-global variables via unspecified vectors.
(CVE-2007-0910)

If unserializing untrusted data on 64-bit platforms the
zend_hash_init() function can be forced to enter an infinite loop,
consuming CPU resources, for a limited length of time, until the
script timeout alarm aborts the script.
(CVE-2007-0988)

References:
[0] http://www.php.net/releases/5_2_1.php
[1] http://www.php.net/


Primary Package Name:php
Primary Package Home:http://openpkg.org/go/package/php

Corrected Distribution:  Corrected Branch: Corrected Package:
OpenPKG Enterprise   E1.0-SOLIDapache-1.3.37-E1.0.2
OpenPKG Enterprise   E1.0-SOLIDphp-5.1.6-E1.0.2
OpenPKG Community2-STABLE-20061018 apache-1.3.37-2.20070211
OpenPKG Community2-STABLE-20061018 php-5.2.1-2.20070211
OpenPKG Community2-STABLE  apache-1.3.37-2.20070211
OpenPKG Community2-STABLE  php-5.2.1-2.20070211
OpenPKG CommunityCURRENT   apache-1.3.37-20070208
OpenPKG CommunityCURRENT   php-5.2.1-20070208


For security reasons, this document was digitally signed with the
OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34)
which you can download from http://openpkg.com/openpkg.com.pgp
or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/.
Follow the instructions at http://openpkg.com/security/signatures/
for more details on how to verify the integrity of this document.


-BEGIN PGP SIGNATURE-
Comment: OpenPKG GmbH 

iD8DBQFF3xStZwQuyWG3rjQRAvZFAKCmEDPxVoc7iuari942F+vlwYrOkACgmne6
5JbbNEDrNBJO9CXHJ6ZLTdI=
=69CJ
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and spo

[Full-disclosure] CarolinaCon 2007 Announcement/Press Release

[Vic Vandal]

The Carolinacon Group, a North Carolina-based non-profit organization
dedicated to technology education, proudly announces and invites you to
join us for an event: Carolinacon 2007.

The conference will be held April 20-21 in Chapel Hill, NC at the Holiday
Inn on North Fordham Boulevard. Chapel Hill is within a 30 minute drive of
Raleigh, Durham, and The Research Triangle Park.

Now in its third year, started as a grass roots movement to bring local
technology enthusiasts together, the event spotlights a diverse array of
topics: computer and computer network security, software code, electronic
hardware modification, reverse engineering, information age privacy and
civil liberties issues, the state of underground cultures tied to
technology, and many other related subjects of discourse.

For a $20 admission fee, payable in advance or at the door, you can spend
a weekend among intelligent inquisitive people talking about far-reaching
ideas.

Despite being open to the public, there is an intimate atmosphere. You
will meet and hang out with speakers and other attendees alike. In
addition to seminars, you can participate in a number of challenges and
contests, and attend our now (in)famous after-hours social gatherings.

While the list of topics and speakers from our past two Carolinacon events
are hard to rival, this year we are expanding the number of speakers to
provide even more opportunities for information and education. They
include several talks Friday night, and all the talks we could possibly
squeeze in from noon to midnight on Saturday. As is our tradition, we will
close out Saturday night with an open trivia challenge based on
seminar-related subject categories.

The current draft of our agenda includes topics such as:
- computer filesystem forensics
- FreeBSD Jails
- the evolution of telephone switching technologies
- creating and managing a non-profit computer research lab
- human natural intelligence and a cortical primer
- an examination of the online black markets by a UNC Charlotte professor
- electronic circuits and circuit elements
- ways to win an electronic "capture the flag" contest
- non-cryptographic methods for protecting and sharing information
securely
- legal issues in open source software development, usage, and
distribution
and more!

For more information, please check out and stay tuned to our website
(http://www.carolinacon.org/) or send your specific information requests
to [EMAIL PROTECTED]

This invitation is submitted sincerely for your consideration by the
volunteers and staff of Carolinacon 2007.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux

[pdp (architect)]

I have no idea. I have tested it on 2.0.0.1.

On 2/23/07, Michael Silk <[EMAIL PROTECTED]> wrote:
> On 2/23/07, pdp (architect) <[EMAIL PROTECTED]> wrote:
> > http://www.gnucitizen.org/projects/hscan-redux/
>
> doesn't work, win 2k3, ff 1.5.0.9
>
> -- mike
>


-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux

[Ismail Dönmez]

On Friday 23 February 2007 16:29:35 Michael Silk wrote:
> On 2/23/07, pdp (architect) <[EMAIL PROTECTED]> wrote:
> > http://www.gnucitizen.org/projects/hscan-redux/
>
> doesn't work, win 2k3, ff 1.5.0.9

no go with FF 2.0.0.1 on Linux.


-- 
Ismail Donmez ismail (at) pardus.org.tr
GPG Fingerprint: 7ACD 5836 7827 5598 D721 DF0D 1A9D 257A 5B88 F54C
Pardus Linux / KDE developer

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux

[Ben Bucksch]

pdp (architect) wrote:
> it tells you which URLs you have attended during the current browser
> session

Filed bug 

It seems you can only test for specific URLs, not really getting the list.

See also bug .

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] 802.1q Vlan Packets

[Cedric Blancher]

Le jeudi 22 février 2007 à 18:31 -0800, pengo13 a écrit :
> Other than wireshark/ethereal there is Yersinia which is a tool that 
> is supposed to take advantage of weaknesses in various protocols 
> (802.q being one of them). I know it includes a vlan spoofing feature, 
> but I haven't had time to really give the tool a try outside of 
> installing it and running it for abit.

Scapy can provide 802.1q encapsulation as well:

http://www.secdev.org/projects/scapy/


-- 
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux

[Michael Silk]

On 2/23/07, pdp (architect) <[EMAIL PROTECTED]> wrote:
> http://www.gnucitizen.org/projects/hscan-redux/

doesn't work, win 2k3, ff 1.5.0.9

-- mike

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] 802.1q Vlan Packets

[pengo13]

pengo13 wrote:
> The IEEE standard paper:
>
> http://standards.ieee.org/getieee802/download/802.1Q-2003.pdf
>
> Other than wireshark/ethereal there is Yersinia which is a tool that 
> is supposed to take advantage of weaknesses in various protocols 
> (802.q being one of them). I know it includes a vlan spoofing feature, 
> but I haven't had time to really give the tool a try outside of 
> installing it and running it for abit.
>
> http://www.yersinia.net/
>
> Wikipedia has some info as well.
>
> Hope that helps maybe a little bit.
>
>
> crazy frog crazy frog wrote:
>> Hi List,
>>
>> I am looking for some information on 802.1q vlan packets.i recently
>> seen some captures in which  the protocol type in their ethernet
>> header is 802.1q (some googling gave me the packet structure) bellow
>> that sometimes ppp strcutres comes and some times it doesn't come.my
>> question is why its happening and can i get some sample capture or a
>> decoder for this kind of protocol?
>> thanks for any help.
>>
>> Regards,
>>
>>
>>   
>
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Secunia Research: Internet Explorer 7 "onunload" Event Spoofing Vulnerability

[Secunia Research]

== 

 Secunia Research 23/02/2007  

   - Internet Explorer 7 "onunload" Event Spoofing Vulnerability -

== 
Table of Contents

Affected Software1
Severity.2
Vendor's Description of Software.3
Description of Vulnerability.4
Solution.5
Time Table...6
Credits..7
References...8
About Secunia9
Verification10

== 
1) Affected Software 

The vulnerability is confirmed in Microsoft Internet Explorer 7.

== 
2) Severity 

Rating: Less critical
Impact: Spoofing
Where:  Remote

== 
3) Vendor's Description of Software 

Internet Explorer 7 provides improved navigation through tabbed
browsing, web search right from the toolbar, advanced printing, easy
discovery, reading and subscription to RSS feeds, and much more.

http://www.microsoft.com/windows/products/winfamily/ie/default.mspx

== 
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in Internet Explorer
7, which can be exploited by a malicious website to spoof the address
bar.

The vulnerability is caused due to an error in Internet Explorer 7's
handling of "onunload" events, enabling a malicious website to abort
the loading of a new website. This can be exploited to spoof the
address bar if e.g. the user enters a new website manually in the
address bar, which is commonly exercised as best practice.

The vulnerability is confirmed on a fully patched Windows XP SP2
system running Internet Explorer 7. Other versions may also be
affected. 

== 
5) Solution 

Close all browser windows after visiting untrusted websites.

== 
6) Time Table 

05/01/2007 - Vendor notified and responded.
16/02/2007 - Further communication with vendor.
23/02/2007 - Public disclosure due to dislosure by third party.

== 
7) Credits 

Discovered by Jakob Balle, Secunia Research.

== 
8) References

No references available.

== 
9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://corporate.secunia.com/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

http://secunia.com/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general:

http://corporate.secunia.com/secunia_research/33/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/secunia_vacancies/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/ 

== 
10) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2007-1/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

==



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Firefox Cache Hack - Firefox History Hack redux

[pdp (architect)]

http://www.gnucitizen.org/projects/hscan-redux/

Inspired by Michal Zalewski recent Firefox bug hunt, I decided to give
it a go and see what I can come up with. We all know how vulnerable
Firefox and other browsers are. This is the reason why I am not
particularly interested in finding specific browser bugs. However,
when you are in hackmode things like this don't really matter.

This vulnerability is not a reworked version of Jeremiah Grossman
history hack. It is completely different and it should be treated as a
new issue. The peculiar thing about this vulnerability is that it
tells you which URLs you have attended during the current browser
session (the last time you opened your browser). I am not sure how
useful this is.

Keep in mind that attackers can abuse this vulnerability in order to
extract valuable information about your browsing habits. They can also
use this hack to precisely detect whether you are logged into your
router management interface. They can use this hack to detect your
router type and version as well. Based on this information, they might
be able to compromise the integrity of your network.

-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Firefox: onUnload tailgating (MSIE7 entrapment bug variant)

[Michal Zalewski]

On Fri, 23 Feb 2007, Michal Zalewski wrote:

> Firefox isn't outright vulnerable to this problem, but judging from its
> behavior, it is likely to be susceptible to a variant of this bug

And indeed, susceptible it is. On the surface, the problem is even more
serious: the unloaded page can run Javascript in the context of a newly
loaded one.  Fortunately, at the time this is possible, 'document' and
'window' DOM hierarchies are not accessible - but then, 'location' is.
With a bit of clever trickery, we can mount the following attack:

  http://lcamtuf.coredump.cx/ietrap/ff/

As shown there, the problem is less serious than MSIE7 full-scale
Matrix-esque entrapment, but nevertheless - the bug is a cool one. And I
have a gut feeling this Javascript page jumping can be turned into
something nasty.

Bugzilla:
  https://bugzilla.mozilla.org/show_bug.cgi?id=371360

/mz

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [USN-427-1] enigmail vulnerability

[Martin Pitt]

=== 
Ubuntu Security Notice USN-427-1  February 23, 2007
enigmail vulnerability
CVE-2006-5877
===

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  mozilla-thunderbird-enigmail 2:0.94-0ubuntu0.5.10.1

Ubuntu 6.06 LTS:
  mozilla-thunderbird-enigmail 2:0.94-0ubuntu4.3

Ubuntu 6.10:
  mozilla-thunderbird-enigmail 2:0.94-0ubuntu5.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Mikhail Markin reported that enigmail incorrectly handled memory
allocations for certain large encrypted attachments. This caused
Thunderbird to crash and thus caused the entire message to be
inaccessible.


Updated packages for Ubuntu 5.10:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.94-0ubuntu0.5.10.1.diff.gz
  Size/MD5:21321 b0eeb33cd3ad124d5dcd85fa973e2b24

http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.94-0ubuntu0.5.10.1.dsc
  Size/MD5:  789 83be65baac3f221d53d2110b0a281db4

http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.94.orig.tar.gz
  Size/MD5:  3126659 7e34cbe51f5a1faca2e26fa0edfd6a06

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu0.5.10.1_amd64.deb
  Size/MD5:   335130 b90450e4de41369479cf795de5a101aa

  i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu0.5.10.1_i386.deb
  Size/MD5:   323052 11bbca4c7075d5648bf8139b34fddb02

  powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu0.5.10.1_powerpc.deb
  Size/MD5:   326360 1aac040e085e45a526f694f43857716b

  sparc architecture (Sun SPARC/UltraSPARC)


http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu0.5.10.1_sparc.deb
  Size/MD5:   324980 65860eec2c6351b2003693a9853e819d

Updated packages for Ubuntu 6.06 LTS:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.94-0ubuntu4.3.diff.gz
  Size/MD5:21266 08a7512c90738a1520b629a3c20f3c45

http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.94-0ubuntu4.3.dsc
  Size/MD5:  779 50e740ba86d915bdc0d8d0de4b8a35c6

http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.94.orig.tar.gz
  Size/MD5:  3126659 7e34cbe51f5a1faca2e26fa0edfd6a06

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu4.3_amd64.deb
  Size/MD5:   335344 a6935d372bc7250ef4a095b4bd17c33e

  i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu4.3_i386.deb
  Size/MD5:   322976 2f6d9053595aca961da315dc6f7a163c

  powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu4.3_powerpc.deb
  Size/MD5:   326424 13194f6448975780085fb460f3eddee1

  sparc architecture (Sun SPARC/UltraSPARC)


http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu4.3_sparc.deb
  Size/MD5:   324770 fc10ecc608681c7ba72a1d55d4197d66

Updated packages for Ubuntu 6.10:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.94-0ubuntu5.1.diff.gz
  Size/MD5:21268 0bb2f26745f5ece5800d2598776187d4

http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.94-0ubuntu5.1.dsc
  Size/MD5:  779 8d3b49530b67d0a92cb0209102a72f7d

http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.94.orig.tar.gz
  Size/MD5:  3126659 7e34cbe51f5a1faca2e26fa0edfd6a06

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu5.1_amd64.deb
  Size/MD5:   334880 7ac69a00d43457c1aa1e8b8d407c7a26

  i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu5.1_i386.deb
  Size/MD5:   324072 c916c764c6d6214a4ccc35894036c2e6

  powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu5.1_powerpc.deb
  Size/MD5:   3

Re: [Full-disclosure] MSIE7 browser entrapment vulnerability (probably Firefox, too)

[Michal Zalewski]

On Fri, 23 Feb 2007, Michal Zalewski wrote:

>   http://lcamtuf.coredump.cx/ietrap/

I accidentally left a portion of code used to test for the Firefox memory
corruption / MSIE7 NULL ptr condition inside 'attack.js' for this page.

This crashed the testcase for some users, instead of demonstrating the
entrapment issue.

If you had this problem, please re-test now.

Cheers,
/mz

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/