[Full-disclosure] [SECURITY] [DSA 1295-1] New php5 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1295-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff May 19th, 2007 http://www.debian.org/security/faq - -- Package: php5 Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-2509 CVE-2007-2510 Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2509 It was discovered that missing input sanitising inside the ftp extension permits an attacker to execute arbitrary FTP commands. This requires the attacker to already have access to the FTP server. CVE-2007-2510 It was discovered that a buffer overflow in the SOAP extension permits the execution of arbitrary code. The oldstable distribution (sarge) doesn't include php5. For the stable distribution (etch) these problems have been fixed in version 5.2.0-8+etch4. For the unstable distribution (sid) these problems have been fixed in version 5.2.2-1. We recommend that you upgrade your PHP packages. Packages for the Sparc architectures are not yet available, due to problems on the build host. They will be provided later. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch4.dsc Size/MD5 checksum: 1976 f30ccf2e16b3530adc5a49d84aa7a425 http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch4.diff.gz Size/MD5 checksum: 115375 5c1e308a96fc7ec96e4138802b24f02b http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0.orig.tar.gz Size/MD5 checksum: 8583491 52d7e8b3d8d7573e75c97340f131f988 Architecture independent components: http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.0-8+etch4_all.deb Size/MD5 checksum: 306912 aa9e02cc07d8121b20751ba38b2539e4 http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch4_all.deb Size/MD5 checksum: 1042 470f9d3c8287a37168b371ac1f56bfc7 Alpha architecture: http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch4_alpha.deb Size/MD5 checksum: 2560248 068e5a62db2a5591d314f1d12e3aee3a http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch4_alpha.deb Size/MD5 checksum: 2560742 232ac34bc4bf2397e5782dd0aec6021c http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch4_alpha.deb Size/MD5 checksum: 4932230 9bb7ca338fc77501d0bf1b8898225fbc http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch4_alpha.deb Size/MD5 checksum: 2481846 47e729b666449a003847ad993e6f18ff http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch4_alpha.deb Size/MD5 checksum: 218708 f3229c86b55ec35725bec60bd83dd900 http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch4_alpha.deb Size/MD5 checksum:24956 9305974ea45f06a8a5165a659f7f1194 http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch4_alpha.deb Size/MD5 checksum: 345956 2d4dcdd3caefc7332efa2660fb93c1b6 http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch4_alpha.deb Size/MD5 checksum:36548 88cadd7280dd7d6691917aa58a61a708 http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch4_alpha.deb Size/MD5 checksum:36542 213b73c43702978a2a165b425e4a5079 http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch4_alpha.deb Size/MD5 checksum:18616 a896e61749ed2d33cadbf55b61bbdb02 http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch4_alpha.deb Size/MD5 checksum:13474 20ba5a6fe7ef3e0fc319da2ce0c6d4c0 http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch4_alpha.deb Size/MD5 checksum: 5320 bd2a58019119b8a9e0e3a28685ef244c http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch4_alpha.deb Size/MD5 checksum:70902
Re: [Full-disclosure] Erratasec Research MD5
priceless!! On 5/18/07, David Maynor [EMAIL PROTECTED] wrote: dear lists, I've noticed a lot of people posting MD5 hashes on other mailing lists such as DailyDave to prove that they had an idea first. I'd like to lay down a claim that Robert and I thought up after our talk this weekend at Toorcon seattle. d2a027361bc41528c9415ecccdbcb1a7 This MD5 is to prove that I was the first to mention the subject of the newest Erratasec research: Click-logging. Let me backtrack a bit... I just got back from Toorcon seattle. It was a lot of fun. I got to see all sorts of fun people, with badass talks. The best one of course was mine and Roberts on sniffing wireless traffic. I find it truly amazing that people in the security space still use wireless at all! If I'm not sniffing you or sidejacking your google maps request to send you to the wrong denny's, then I will for sure be using my infamous kernel exploits on your box. Then send you the screen video capture of it. Think of it like shooting you in the face, but with wireless. Wireless bullets. If I wasn't already one of the top influential hackers of 2006, that would be proof right there. After we gave our talk, I got to thinking. Robert and I were sitting around sidejacking and Robert asked me David, what other old techniques can we rehash, rebrand and rejuvinate to talk about at the next con? Then I thought back to the sweet days of keylogging, and it came to me.. Click-Logging. If someone installs a rootkit or trojan horse program on your system, they can read what you're doing.. but not ALL of what we do is typed!! Like when I punch the monkey, that's with my mouse. Or whenn I make web pages in frontpage, that was WITH MY MOUSE! So naturally, we want to record all mosue strokes into our trojan horse program. We call this Click-Logging, and it's going to be our next major relase at all the conferences. That's just a taste. There is a lot more to come. David Maynor CTO, ErrataSec http://www.erratasec.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDKSA-2007:106 ] - Updated squirrelmailpackages fix vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:106 http://www.mandriva.com/security/ ___ Package : squirrelmail Date: May 19, 2007 Affected: Corporate 3.0, Corporate 4.0 ___ Problem Description: A number of HTML filtering bugs were found in SquirrelMail that could allow an attacker to inject arbitrary JavaScript leading to cross-site scripting attacks by sending an email viewed by a user within SquirrelMail (CVE-2007-1262). As well, SquirrelMail did not sufficiently check arguments to IMG tags in HTML messages that could be exploited by an attacker by sending arbitrary email messges on behalf of a SquirrelMail user tricked into opening a maliciously-crafted HTML email message (CVE-2007-2589). The packages provided have been updated to correct these vulnerabilities; Corporate Server 4 has been upgraded to SquirrelMail 1.4.10a and Corporate Server 3 has been patched to protect against these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1262 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2589 ___ Updated Packages: Corporate 3.0: e3c5f1b83f6f20915ea82419f7b878b5 corporate/3.0/i586/squirrelmail-1.4.5-1.6.C30mdk.noarch.rpm 2edfb083bb6215aab9bd46aeacdf32a9 corporate/3.0/i586/squirrelmail-poutils-1.4.5-1.6.C30mdk.noarch.rpm fdfb2f5cfc43752d836f55bf165531d4 corporate/3.0/SRPMS/squirrelmail-1.4.5-1.6.C30mdk.src.rpm Corporate 3.0/X86_64: e3c5f1b83f6f20915ea82419f7b878b5 corporate/3.0/x86_64/squirrelmail-1.4.5-1.6.C30mdk.noarch.rpm 2edfb083bb6215aab9bd46aeacdf32a9 corporate/3.0/x86_64/squirrelmail-poutils-1.4.5-1.6.C30mdk.noarch.rpm fdfb2f5cfc43752d836f55bf165531d4 corporate/3.0/SRPMS/squirrelmail-1.4.5-1.6.C30mdk.src.rpm Corporate 4.0: 00a9cbc5496e1e870744f6522c1bc773 corporate/4.0/i586/squirrelmail-1.4.10a-0.1.20060mlcs4.noarch.rpm d4e553f398f4235f150ee4122090ec88 corporate/4.0/i586/squirrelmail-ar-1.4.10a-0.1.20060mlcs4.noarch.rpm 76888c9511b69b7334e84acf9ef129ab corporate/4.0/i586/squirrelmail-bg-1.4.10a-0.1.20060mlcs4.noarch.rpm 4c61f79a417adf6eeea687b457462a8f corporate/4.0/i586/squirrelmail-bn-1.4.10a-0.1.20060mlcs4.noarch.rpm f089e4bb67c55cddd1f7629e593e703b corporate/4.0/i586/squirrelmail-ca-1.4.10a-0.1.20060mlcs4.noarch.rpm 0a379ace81dd9369f899b7b7118cb760 corporate/4.0/i586/squirrelmail-cs-1.4.10a-0.1.20060mlcs4.noarch.rpm dff33042bf47adef266547d7a9b3ade2 corporate/4.0/i586/squirrelmail-cy-1.4.10a-0.1.20060mlcs4.noarch.rpm 2d4edc19e56833116ab2294f4a27d23b corporate/4.0/i586/squirrelmail-cyrus-1.4.10a-0.1.20060mlcs4.noarch.rpm 7bec6d64bbe6999e11d7d0c77bcaab82 corporate/4.0/i586/squirrelmail-da-1.4.10a-0.1.20060mlcs4.noarch.rpm 5e14e81ec4f57f016656c7d0114fdcad corporate/4.0/i586/squirrelmail-de-1.4.10a-0.1.20060mlcs4.noarch.rpm 13813b8c28001bd43cdd6af745e736b8 corporate/4.0/i586/squirrelmail-el-1.4.10a-0.1.20060mlcs4.noarch.rpm a7f9076a6af3d2b98eec5bdf4f21811d corporate/4.0/i586/squirrelmail-en-1.4.10a-0.1.20060mlcs4.noarch.rpm ec38199eecabb658647e352b4f2c30ba corporate/4.0/i586/squirrelmail-es-1.4.10a-0.1.20060mlcs4.noarch.rpm ffe5ecdb63aaf4aead6d9d0cde35baf9 corporate/4.0/i586/squirrelmail-et-1.4.10a-0.1.20060mlcs4.noarch.rpm 07dcf84da41d89559b90681a87373dc6 corporate/4.0/i586/squirrelmail-eu-1.4.10a-0.1.20060mlcs4.noarch.rpm 9658a4ba0a0323ce9bba873fe4c1c4b9 corporate/4.0/i586/squirrelmail-fa-1.4.10a-0.1.20060mlcs4.noarch.rpm e25b7b37ee46ca3e51cf8c3c4f05663e corporate/4.0/i586/squirrelmail-fi-1.4.10a-0.1.20060mlcs4.noarch.rpm 407062a02f20eecc5b2f3ab0d4380e43 corporate/4.0/i586/squirrelmail-fo-1.4.10a-0.1.20060mlcs4.noarch.rpm 5cc39ed0d608875a7603701dacf6a0b7 corporate/4.0/i586/squirrelmail-fr-1.4.10a-0.1.20060mlcs4.noarch.rpm db6096f1b9bf670da192bb937d149168 corporate/4.0/i586/squirrelmail-he-1.4.10a-0.1.20060mlcs4.noarch.rpm ab01482e97c19c60db21026f8d910a09 corporate/4.0/i586/squirrelmail-hr-1.4.10a-0.1.20060mlcs4.noarch.rpm 7e950b64fb7c34c1ad285c1160d58d5e corporate/4.0/i586/squirrelmail-hu-1.4.10a-0.1.20060mlcs4.noarch.rpm 8e765a394db8a6f0ca05c9207bd2f025 corporate/4.0/i586/squirrelmail-id-1.4.10a-0.1.20060mlcs4.noarch.rpm cb68e301cbb371150d37883a69850589 corporate/4.0/i586/squirrelmail-is-1.4.10a-0.1.20060mlcs4.noarch.rpm b5645e48af1b39cdfa32e3fa52ea7bb4 corporate/4.0/i586/squirrelmail-it-1.4.10a-0.1.20060mlcs4.noarch.rpm 645c0f8c641986cb777bd058e95c6d32 corporate/4.0/i586/squirrelmail-ja-1.4.10a-0.1.20060mlcs4.noarch.rpm 8f220bf05ec6286877917d2509c0d3e5
[Full-disclosure] finance
www.sficco.com _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spoofing via Google
Yes and it also probably charges the person who's ad is there! Google does a blind redirect i guess now they will be a little more careful On 5/18/07, Aaron Gray [EMAIL PROTECTED] wrote: An example of spoof redirection via Google :- http://www.google.com/pagead/iclk?sa=lai=Br3ycNQz5Q-fXBJGSiQLU0eDSAueHkArnhtWZAu-FmQWgjlkQAxgFKAg4AEDKEUiFOVD-4r2f-P8BoAGyqor_A8gBAZUCCapCCqkCxU7NLQH0sz4num=5adurl=http://cpe-24-33-241-95.twmi.res.rr.com/www.paypal.com/cgi-bin/webscr=home=p/index.php Found on PayPal spoof email. Aaron ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/watches.asp?Brand=39 http://www.wazoozle.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CVE-2007-1355] Tomcat documentation XSS vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2007-1355: Tomcat documentation XSS vulnerabilities Severity: Moderate (Cross-site scripting) Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.36 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.23 Tomcat 6.0.0 to 6.0.10 Description: The Tomcat documentation web application includes a sample application that contains multiple XSS vulnerabilities. Mitigation: Undeploy the Tomcat documentation web application. Credit: These issues were discovered by Ferruh Mavituna. Example: http://server/tomcat-docs/appdev/sample/web/hello.jsp?test=scriptalert(document.domain)/script References: http://tomcat.apache.org/security.html Mark Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTxLXb7IeiTPGAkMRAhPzAKDxibK3Cn9Dq+2ZrlhZszmwPAJufACfdvjv AH8zWtQXPUbBVgDS+6KoNOE= =/6Zd -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] One worm to rule them all
WordPress Adsense Deluxe Vulnerability This vulnerability reminds me of the the old Hacker movies, where a worm is released that steals random pennys from unsuspecting victims. This vulnerability is the closest I have seen to this scenario. See: http://michaeldaw.org/alerts/alerts-200507/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDKSA-2007:107 ] - Updated evolution packages fix APOP weakness
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:107 http://www.mandriva.com/security/ ___ Package : evolution Date: May 19, 2007 Affected: 2007.0, 2007.1, Corporate 3.0 ___ Problem Description: A weakness in the way Evolution processed certain APOP authentication requests was discovered. A remote attacker could potentially obtain certain portions of a user's authentication credentials by sending certain responses when evolution-data-server attempted to authenticate against an APOP server. The updated packages have been patched to prevent this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558 ___ Updated Packages: Mandriva Linux 2007.0: 3bd403bc916d203da129ff64da6e95d6 2007.0/i586/evolution-data-server-1.8.0-1.1mdv2007.0.i586.rpm 5ec26069ec4cc12d1aca7b89501dde85 2007.0/i586/libcamel-provider8-1.8.0-1.1mdv2007.0.i586.rpm 096564eb455c60218dcec830938ffb71 2007.0/i586/libcamel0-1.8.0-1.1mdv2007.0.i586.rpm 384a7f4a699df4a853780e36d6f4e710 2007.0/i586/libebook9-1.8.0-1.1mdv2007.0.i586.rpm 239ef00f4e064bb5fc0ebe41f24391fa 2007.0/i586/libecal7-1.8.0-1.1mdv2007.0.i586.rpm 6dcd7809f1babbf4975e77431492ecd2 2007.0/i586/libedata-book2-1.8.0-1.1mdv2007.0.i586.rpm 3c54ad6bd97caab5e282d39c2b1b7d59 2007.0/i586/libedata-cal6-1.8.0-1.1mdv2007.0.i586.rpm 69cba1d4fe59229e03e56e0cb16229a6 2007.0/i586/libedataserver7-1.8.0-1.1mdv2007.0.i586.rpm 51b7de96ebc75e60de37d0913805 2007.0/i586/libedataserver7-devel-1.8.0-1.1mdv2007.0.i586.rpm 49a9591d3f7c6b63a86b3646be9a8410 2007.0/i586/libedataserverui8-1.8.0-1.1mdv2007.0.i586.rpm 92a634a4c2cd4960f4c04cb995e81d4d 2007.0/i586/libegroupwise12-1.8.0-1.1mdv2007.0.i586.rpm 27c04f0994775378fb12e401a667f8d2 2007.0/i586/libexchange-storage2-1.8.0-1.1mdv2007.0.i586.rpm 761f1980273fa50cc48c42bcf9a88290 2007.0/SRPMS/evolution-data-server-1.8.0-1.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 4f0f3f1c8357916972dca84a50b8b099 2007.0/x86_64/evolution-data-server-1.8.0-1.1mdv2007.0.x86_64.rpm cd32d9cc2ed3cb12a86ea904a279b6d8 2007.0/x86_64/lib64camel-provider8-1.8.0-1.1mdv2007.0.x86_64.rpm 2f221b08d49ae42121a64726cc6a7520 2007.0/x86_64/lib64camel0-1.8.0-1.1mdv2007.0.x86_64.rpm c1efe518516f6c766d166bfe83779c86 2007.0/x86_64/lib64ebook9-1.8.0-1.1mdv2007.0.x86_64.rpm fe9c17e67d7bda374744d091b50de1ac 2007.0/x86_64/lib64ecal7-1.8.0-1.1mdv2007.0.x86_64.rpm f8d5f3e7224de89f1be467f8c1f14e7c 2007.0/x86_64/lib64edata-book2-1.8.0-1.1mdv2007.0.x86_64.rpm d1a3c701e83e07487d0c2cfa4f4d5acd 2007.0/x86_64/lib64edata-cal6-1.8.0-1.1mdv2007.0.x86_64.rpm ae49945766fa722e4f45baec279c3626 2007.0/x86_64/lib64edataserver7-1.8.0-1.1mdv2007.0.x86_64.rpm 920a3664ac6ac8a83c2dc4be5dbbe2d1 2007.0/x86_64/lib64edataserver7-devel-1.8.0-1.1mdv2007.0.x86_64.rpm 65c5d018a2466cc211a1eb46abc780f4 2007.0/x86_64/lib64edataserverui8-1.8.0-1.1mdv2007.0.x86_64.rpm 237054b5f7daa05d02b045036171b199 2007.0/x86_64/lib64egroupwise12-1.8.0-1.1mdv2007.0.x86_64.rpm e0695d1594a2a96b4db55cd0922ef716 2007.0/x86_64/lib64exchange-storage2-1.8.0-1.1mdv2007.0.x86_64.rpm 761f1980273fa50cc48c42bcf9a88290 2007.0/SRPMS/evolution-data-server-1.8.0-1.1mdv2007.0.src.rpm Mandriva Linux 2007.1: 6bc136eb7c34f5e72a41fa5ad9e4aec2 2007.1/i586/evolution-data-server-1.10.0-4.1mdv2007.1.i586.rpm f30cf9bf82448f578b86f665f0baa25e 2007.1/i586/libcamel-provider10-1.10.0-4.1mdv2007.1.i586.rpm a41582465fa2bc9c4f9466d2cd64bd09 2007.1/i586/libcamel10-1.10.0-4.1mdv2007.1.i586.rpm f9df96d8c45df2872af8a786b4da76f6 2007.1/i586/libebook9-1.10.0-4.1mdv2007.1.i586.rpm 20352a353fa0211850127bd6bc3a6ae5 2007.1/i586/libecal7-1.10.0-4.1mdv2007.1.i586.rpm 549e8e95d14043b81d49c888cf83dedf 2007.1/i586/libedata-book2-1.10.0-4.1mdv2007.1.i586.rpm 04f800117ef38656ddf5c8acaadeb55a 2007.1/i586/libedata-cal6-1.10.0-4.1mdv2007.1.i586.rpm 1dd74f9962d93eafe49a175303afc6b0 2007.1/i586/libedataserver9-1.10.0-4.1mdv2007.1.i586.rpm 3ea1d0f435e650b270b719571ad16a5a 2007.1/i586/libedataserver9-devel-1.10.0-4.1mdv2007.1.i586.rpm 9234e2757cbc3e2f256aaf485490bf4c 2007.1/i586/libedataserverui8-1.10.0-4.1mdv2007.1.i586.rpm cccd0ff40fc3aad65cc94b0b28b38927 2007.1/i586/libegroupwise13-1.10.0-4.1mdv2007.1.i586.rpm d075020a451447f682c6bcdfc34bc245 2007.1/i586/libexchange-storage3-1.10.0-4.1mdv2007.1.i586.rpm f8e7380eacd984f96d95515323047a75 2007.1/SRPMS/evolution-data-server-1.10.0-4.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: aec9248ee8bb3e933fac186da9f8ec98