[Full-disclosure] Firefox 2.0.0.4 0day local file reading flaw
Firefox 2.0.0.4 is still vulnerable to 0day local file reading Proof of Concept: http://larholm.com/misc/ffresourcefile.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] 0day to sell
hi, some 0day to sell : sap, excel, linux and many other (0day vulns and/or exploits too) contact by mail regards, t0t0 t0t0 = Cummins Natural Gas Generators Cummins Power Generation designs, manufactures and maintains power generation equipment, standby and prime power systems, diesel and natural gas generators and switch gear. http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=411dac8e5815b1f82b5855882b63786f -- Powered by Outblaze ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORRECTION: June 1st Chicago 2600 Meeting Information
The June Chicago 2600 Meeting is near! The meeting will be Friday, June 1st at the Neighborhood Boys and Girls Club and will feature much of the same usual fun that all of you have grown to expect! [Presentation Information] - 8:00pm - DefCon CTF (spork) - 8:30pm - Meet-n-Greet - 9:00pm - Website Part Duex (Maniac, Darkstorm, Lobo, Battery, et. al.) - 9:30pm - Hax by Jaku [life] (Jaku) - 10.30pm - How to Build a IDS Sensornet on The Cheap (Maniac) - After hours - Wii, Music, Socializing, etc. [General Information] - Meeting Time: 7.00pm - Approx. 3-5am - Meeting Date: Friday, May. 4th - Place : 2501 W Irving Park Road, Chicago - More Info : http://chicago2600.net ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] June 1st Chicago 2500 Meeting Information
The May Chicago 2600 Meeting is near! The meeting will be Friday, May 4th at the Neighborhood Boys and Girls Club and will feature much of the same usual fun that all of you have grown to expect! [Presentation Information] - 8:00pm - DefCon CTF (spork) - 8:30pm - Meet-n-Greet - 9:00pm - Website Part Duex (Maniac, Darkstorm, Lobo, Battery, et. al.) - 9:30pm - Hax by Jaku [life] (Jaku) - 10.30pm - How to Build a IDS Sensornet on The Cheap (Maniac) - After hours - Wii, Music, Socializing, etc. [General Information] - Meeting Time: 7.00pm - Approx. 3-5am - Meeting Date: Friday, May. 4th - Place : 2501 W Irving Park Road, Chicago - More Info : http://chicago2600.net ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CyTRAP Labs - Urs+Nahum's Security Checklist
Dear Colleague, The latest version will always be here: - Urs+Nahum's Security Checklist pdf 350 KB for download - http://regustand.cytrap.eu/?p=1 (PS. it is complementary and free for everybody, of course) Urs+Nahum's Security Checklist was released May 30, 2007 but an UPDATED version was released today May 31, 2007 and is available for download at the above link. Cordially Urs E. Gattiker CyTRAP Labs Roentgenstrasse 49 8005 Zurich Switzerland +41 (0)44 272 - 1876 +41 (0)76 200 - 7778 (mobile) email: Urs+Nahum-Checklist at CyTRAP.eu XX At 13:00 2007-05-30, you wrote: Message: 8 Date: Tue, 29 May 2007 14:53:17 -0700 From: blah [EMAIL PROTECTED] Subject: Re: [Full-disclosure] CyTRAP Labs - Urs+Nahum's Security Checklist To: CyTRAP Labs - advisory [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 I tried the link you listed, but it didn't work (no surprise there since it's not released), but it looks like the document's available at: http://www.cytrap.eu/files/ReguStand/2007/pdf/Urs%2BNahumChecklist-2007-05-29.pdf so i guess it is released. who wants to wait til tomorrow? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Palimm Palimmm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 5DFFC7C3DCFBCED5CEDD48F216936CF9 9B704583D6E5056E67C959B5CCEE2F548D3C70F3 3ABC8C9964BDBB6E8521E58C641B4812 AD1C3B3CC1E821CA8D91E7A01ADC0C96B7854235 9D74F62FBD9A44311D42BF0C5B051A9C 0DBB6B045ED8F83C34E08832E57DB143B5ECB82C 632D332771B1314604762E855B58987C 349E7A0AEC82090A7206F603A5EB474E9762611C 5D717685786D54BBFC9E1200BEEA3C2E 9BC107502C21AF59903AC9FE388E8C98907F466F A2761D0E2AF8DFA6F6BE26A48565B863 4E5C27420A66418CA7F9EB0635436A5B5B5BE2D8 F866801EF3BE6D6749B745176363C58B 5804EB264F318ED1ADBC8195A84527D8CDF72AA9 F095752B5CB8C7FD52B52A13987143D9 6C81F23E6AF0375020E4B5AC644F0CADA67F2A77 64D950594527059E23836858806D177E 3A5DEF28C4624C2A29A0188959F65693598B7C93 B4F093AEBA68D786B646E27B392C55FC 5820788972BF117B796391C8F6B0D46DD4B0A00C B9BED56CC3CF2A5F2D8C9E83DDAE172F E22C25C6E10493BA7AA1DAAFA88125F11BA6501B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGXvKysUkP5Dr8mwkRAt11AJ9+LGB7nFHDpTzy7PORTcxnRgBlAwCePzIc gZxohWL4ZNDYN8O7WZKlAs8= =sdno -END PGP SIGNATURE- -- http://secdev.zoller.lu Thierry Zoller ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Palimm Palimmm
On Thu, May 31, 2007 at 06:07:30PM +0200, Thierry Zoller wrote: 5DFFC7C3DCFBCED5CEDD48F216936CF9 9B704583D6E5056E67C959B5CCEE2F548D3C70F3 This list is not called SHA1- or MD5-disclosure, it is called full-disclosure. Tell us the real thing or be silent. Ciao, Marcus ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Palimm Palimmm
Hello Martin, Read the charter please, you may filter messages from me to the trash bin in the future if you don't like what I write. -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Palimm Palimmm
I think I read this before... :) RMS -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 5DFFC7C3DCFBCED5CEDD48F216936CF9 9B704583D6E5056E67C959B5CCEE2F548D3C70F3 3ABC8C9964BDBB6E8521E58C641B4812 AD1C3B3CC1E821CA8D91E7A01ADC0C96B7854235 9D74F62FBD9A44311D42BF0C5B051A9C 0DBB6B045ED8F83C34E08832E57DB143B5ECB82C 632D332771B1314604762E855B58987C 349E7A0AEC82090A7206F603A5EB474E9762611C 5D717685786D54BBFC9E1200BEEA3C2E 9BC107502C21AF59903AC9FE388E8C98907F466F A2761D0E2AF8DFA6F6BE26A48565B863 4E5C27420A66418CA7F9EB0635436A5B5B5BE2D8 F866801EF3BE6D6749B745176363C58B 5804EB264F318ED1ADBC8195A84527D8CDF72AA9 F095752B5CB8C7FD52B52A13987143D9 6C81F23E6AF0375020E4B5AC644F0CADA67F2A77 64D950594527059E23836858806D177E 3A5DEF28C4624C2A29A0188959F65693598B7C93 B4F093AEBA68D786B646E27B392C55FC 5820788972BF117B796391C8F6B0D46DD4B0A00C B9BED56CC3CF2A5F2D8C9E83DDAE172F E22C25C6E10493BA7AA1DAAFA88125F11BA6501B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGXvKysUkP5Dr8mwkRAt11AJ9+LGB7nFHDpTzy7PORTcxnRgBlAwCePzIc gZxohWL4ZNDYN8O7WZKlAs8= =sdno -END PGP SIGNATURE- -- http://secdev.zoller.lu Thierry Zoller ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Palimm Palimmm
Dumb kettle, disagreements, flames, arguments, and off-topic discussion should be taken off-list wherever possible. :D:D:D:D _Joey On Thu, 31 May 2007 12:45:42 -0400 Thierry Zoller [EMAIL PROTECTED] wrote: Hello Martin, Read the charter please, you may filter messages from me to the trash bin in the future if you don't like what I write. -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Prices, software, charts analysis. Click here to open your online FX trading account. http://tagline.hushmail.com/fc/CAaCXv1QmG99L1uiQTW4tYUrkp7jX2kX/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200705-23 ] Sun JDK/JRE: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Sun JDK/JRE: Multiple vulnerabilities Date: May 31, 2007 Bugs: #176675, #178851 ID: 200705-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE). Background == The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment (JRE) provide the Sun Java platform. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-java/sun-jdk 1.5.0.11 = 1.5.0.11 *= 1.4.2.14 2 dev-java/sun-jre-bin 1.5.0.11 = 1.5.0.11 *= 1.4.2.14 --- 2 affected packages on all of their supported architectures. --- Description === An unspecified vulnerability involving an incorrect use of system classes was reported by the Fujitsu security team. Additionally, Chris Evans from the Google Security Team reported an integer overflow resulting in a buffer overflow in the ICC parser used with JPG or BMP files, and an incorrect open() call to /dev/tty when processing certain BMP files. Impact == A remote attacker could entice a user to run a specially crafted Java class or applet that will trigger one of the vulnerabilities. This could lead to the execution of arbitrary code outside of the Java sandbox and of the Java security restrictions, or crash the Java application or the browser. Workaround == There is no known workaround at this time. Resolution == All Sun Java Development Kit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-java/sun-jdk All Sun Java Runtime Environment users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-java/sun-jre-bin References == [ 1 ] CVE-2007-2435 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2435 [ 2 ] CVE-2007-2788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788 [ 3 ] CVE-2007-2789 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-23.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpWUkDVxWFq6.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200705-24 ] libpng: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libpng: Denial of Service Date: May 31, 2007 Bugs: #178004 ID: 200705-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability in libpng may allow a remote attacker to crash applications that handle untrusted images. Background == libpng is a free ANSI C library used to process and manipulate PNG images. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 media-libs/libpng 1.2.17 = 1.2.17 Description === Mats Palmgren fixed an error in file pngrutil.c in which the trans[] array might be not allocated because of images with a bad tRNS chunk CRC value. Impact == A remote attacker could craft an image that when processed or viewed by an application using libpng causes the application to terminate abnormally. Workaround == There is no known workaround at this time. Resolution == Please note that due to separate bugs in libpng 1.2.17, Gentoo does not provide libpng-1.2.17 but libpng-1.2.18. All libpng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/libpng-1.2.18 References == [ 1 ] CVE-2007-2445 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-24.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgptWld7rAEXt.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200705-25 ] file: Integer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: file: Integer overflow Date: May 31, 2007 Bugs: #179583 ID: 200705-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An integer overflow vulnerability has been reported in file allowing for the user-assisted execution of arbitrary code. Background == file is a utility that guesses a file format by scanning binary data for patterns. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 sys-apps/file4.21= 4.21 --- # Package 1 only applies to x86, PPC and HPPA users. Description === Colin Percival from FreeBSD reported that the previous fix for the file_printf() buffer overflow introduced a new integer overflow. Impact == A remote attacker could entice a user to run the file program on an overly large file (more than 1Gb) that would trigger an integer overflow on 32-bit systems, possibly leading to the execution of arbitrary code with the rights of the user running file. Workaround == There is no known workaround at this time. Resolution == Since file is a system package, all Gentoo users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =sys-apps/file-4.21 References == [ 1 ] CVE-2007-2799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2799 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-25.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp08asXDwKq1.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Microsoft Windows Active Directory Logon Hours User Enumeration Weakness
Windows Server 2003 can be configured http://support.microsoft.com/kb/81 to restrict the hours and days that a user may log on to a Windows Server 2003 domain. This could lead to username enumeration. *Issue*:- Microsoft Windows Active Directory Username Enumeration *Criticality*:- Less Critical *Impact*:- Exposure of system information *Description*:- It has been identified that the Microsoft windows Active Directory contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the Windows Domain Controller returns different error messages depending on if a valid username was supplied via windows terminal services. This only happens for the user accounts that have time restrictions set and when these accounts are accessed during restricted time. This can be exploited to help enumerate valid usernames resulting in a loss of confidentiality. *Vendors response*:- We will NOT be issuing a security update for this issue. It is likely that in a next version or service pack of the product we may consider making changes, but not before then. *Screenshots:* 1. Error returned When Account is Accessed at Restricted timehttp://www.notsosecure.com/folder2/2007/05/27/logon-time-restrictions-in-a-domain-in-windows-server-2003-allows-username-enumeration/error-returned-when-account-is-accessed-at-restricted-time/ 2. Error returned When Account is Accessed at Permitted timehttp://www.notsosecure.com/folder2/wp-content/uploads/2007/05/error-when-account-is-accessed-at-permitted-time.PNG Thanks Sid www.notsosecure.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Certain Prior Notices Concerning the Unauthorized Distribution of HBO Television Programming
SafeNet goofs again they haven't mastered the concept of timezones. Cheers, Michael Holstein CISSP GCIA Information Security Administrator Cleveland State University --snip-- May 31, 2007 [our address] RE: Certain Prior Notices Concerning the Unauthorized Distribution of HBO Television Programming Dear [me] Please be advised that some of the Notices of Claimed Infringement” previously sent by us regarding infringements of HBO programs identified on either the BitTorrent or eDonkey protocols and occurring during the period 04/02 to 04/28, inclusive, might have incorrect time stamps. Specifically, the offer to download referenced in the notice may have occurred four hours later than the time identified in the notice, which in some cases may also affect the referenced date. As a result, out of an abundance of caution, we request that you disregard the notices that are described above, notwithstanding that we can and do confirm our prior information and belief that each such notice accurately identified an IP address owned by you that was utilized to offer a download of HBO television programming via BitTorrent or eDonkey. We regret any inconvenience this error may have caused. Please direct any inquiries to Steve Rosenthal, Legal Department, Home Box Office, Inc., 1100 Avenue of the Americas, New York, NY 10036, 212-512-1780 (phone), 212-512-5854 (fax), email: [EMAIL PROTECTED] Respectfully, Mark Weaver Enforcement Coordinator SafeNet, Inc. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0023-1: firefox
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0023-1 Published: 2007-05-31 Rating: Major Updated Versions: firefox=/[EMAIL PROTECTED]:1-devel//1/2.0.0.4-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3-0.1-5 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1362 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2868 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2870 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2871 https://issues.rpath.com/browse/RPL-1425 Description: Previous versions of the firefox package are vulnerable to several types of attacks, one of which is understood to potentially allow compromised or malicious sites to run arbitrary code as the user running the vulnerable application. A number of cross-site-scripting bugs have also been corrected. - --- Copyright 2007 Foresight Linux Project Portions Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iD8DBQFGXx1K0e1Yawpq2XMRAoelAKCk33IUSF6C57DbPhaxbGZzBHZ8OQCcDQ0z AudB9mK058R4FGSVKvmnGdQ= =SUV2 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-467-1] Gimp vulnerability
=== Ubuntu Security Notice USN-467-1 May 31, 2007 gimp vulnerability CVE-2007-2356 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: gimp 2.2.11-1ubuntu3.2 Ubuntu 6.10: gimp 2.2.13-1ubuntu3.1 Ubuntu 7.04: gimp 2.2.13-1ubuntu4.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Gimp did not correctly handle RAS image format color tables. By tricking a user into opening a specially crafted RAS file with Gimp, an attacker could exploit this to execute arbitrary code with the user's privileges. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11-1ubuntu3.2.diff.gz Size/MD5:34440 bdc1f59f4e8509532205cc8f7707ddf9 http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11-1ubuntu3.2.dsc Size/MD5: 1264 fb1320380859fb8efc3926938f7a263f http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11.orig.tar.gz Size/MD5: 18549092 c4312189e3a7f869a26874854dc6a1d7 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-data_2.2.11-1ubuntu3.2_all.deb Size/MD5: 2093574 1329c70db8cd69f83e0becefa4e2469b http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-doc_2.2.11-1ubuntu3.2_all.deb Size/MD5: 527572 3d7fafd040d9ad6f2110b99009ade41f amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-dbg_2.2.11-1ubuntu3.2_amd64.deb Size/MD5: 8473796 99e1cbd0d6c038f2b72df2e5ed459eec http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.11-1ubuntu3.2_amd64.deb Size/MD5:53194 5619cd9f170f3f1b84757769c7671302 http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.11-1ubuntu3.2_amd64.deb Size/MD5: 133586 e0b1ca666de5befffd1f0ae623730db7 http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.11-1ubuntu3.2_amd64.deb Size/MD5:53254 7d3700aa23b500f8925e87f6aa31eb26 http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11-1ubuntu3.2_amd64.deb Size/MD5: 3148084 553792069611f6b21f33a470b4f9154b http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.11-1ubuntu3.2_amd64.deb Size/MD5: 108842 97a5fc85c62645b5fef63eff0f0b2e7a http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.11-1ubuntu3.2_amd64.deb Size/MD5: 453550 53a52661ea65febe342ddad587e59ca5 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-dbg_2.2.11-1ubuntu3.2_i386.deb Size/MD5: 7197306 6da1595d437f265aae4c12dedc66ff54 http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.11-1ubuntu3.2_i386.deb Size/MD5:51890 d604356b391b63992cbb3f14f785b88e http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.11-1ubuntu3.2_i386.deb Size/MD5: 125966 161255aa69a1e9e2e88012ea6ff527b8 http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.11-1ubuntu3.2_i386.deb Size/MD5:52314 f31695714598bc06adb8c71f9486192d http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11-1ubuntu3.2_i386.deb Size/MD5: 2777862 a0a83fffe71d98d5534bd1a49e677dde http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.11-1ubuntu3.2_i386.deb Size/MD5: 108838 c7b201abc6038edbd5a6a10f7b10b3d2 http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.11-1ubuntu3.2_i386.deb Size/MD5: 410406 931a49d570d973370b76f657eeceb3c5 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-dbg_2.2.11-1ubuntu3.2_powerpc.deb Size/MD5: 8506756 e25c5e40652a07fb1a2a6d8ee8de54fe http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.11-1ubuntu3.2_powerpc.deb Size/MD5:53666 7fe0f1182fdcdcfcb60e3a7ea7d3076f http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.11-1ubuntu3.2_powerpc.deb Size/MD5: 129498 8be9c7d1ed3c7e5ffb904b7dc3e9b476 http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.11-1ubuntu3.2_powerpc.deb Size/MD5:54312 fc6acc79a884fd6d92932f55945cd281 http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11-1ubuntu3.2_powerpc.deb Size/MD5: 3229200 08440562bdecf8f01020cac711d3a182
[Full-disclosure] rPSA-2007-0112-1 firefox thunderbird
rPath Security Advisory: 2007-0112-1 Published: 2007-05-31 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: firefox=/[EMAIL PROTECTED]:devel//1/1.5.0.12-0.1-1 thunderbird=/[EMAIL PROTECTED]:devel//1/1.5.0.12-0.1-1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1362 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2868 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2870 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2871 https://issues.rpath.com/browse/RPL-1424 Description: Previous versions of the firefox and thunderbird packages are vulnerable to several types of attacks, some of which are understood to allow compromised or malicious sites to run arbitrary code as the user running the vulnerable application. Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/