[Full-disclosure] Announce: RFIDIOt credit card sub-module: ChAP.py
Folks, I have yet to integrate it into RFIDIOt itself, but I've written a test program for reading Chip And PIN credit cards using the EMV standard. This is very much a work in progress, so don't be surprised if it isn't stable, but it is showing promise! :) It currently only works with PC/SC readers, but does support both the physical chip and RFID interfaces, so AmEx Expresspay and MasterCard paypass etc. should work. I've not yet tested the Visa version. I will work on porting it into RFIDIOt over the next few weeks so ACG readers will be able to support it. Please let me know how you get on, or if you find any new AIDs (send these to [EMAIL PROTECTED]). http://www.rfidiot.org/ChAP.py Thanks and enjoy, Adam -- Adam Laurie Tel: +44 (0) 1304 814800 The Bunker Secure Hosting Ltd. Fax: +44 (0) 1304 814899 Ash Radar Station Marshborough Road Sandwichmailto:[EMAIL PROTECTED] Kent CT13 0PL UNITED KINGDOM PGP key on keyservers ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Tool release: extract Windows credentials from registry hives
CredDump is a new tool implemented entirely in Python that is capable of extracting: * LM and NT hashes (SYSKEY protected) * Cached domain passwords * LSA secrets It has no dependencies on any part of Windows, and operates directly on registry hive files. It is licensed under the GPL and intended to be easy to read, so you can find out how various Windows obfuscation algorithms work by reading the code. (I will also be posting a series of articles explaining the algorithms in detail on my blog in the coming weeks). You can download the tool at: http://code.google.com/p/creddump/ Or read a more detailed introduction at: http://moyix.blogspot.com/2008/02/creddump-extract-credentials-from.html CredDump is based on the hard work of many people, so please to read the credits section in the README. Cheers, Brendan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory
Hello Please find attached an advisory from Portcullis Computer Security Ltd. Kind Regards Advisories Portcullis Computer Security Ltd ### This email originates from the systems of Portcullis Computer Security Limited, a Private limited company, registered in England in accordance with the Companies Act under number 02763799. The registered office address of Portcullis Computer Security Limited is: The Grange Barn, Pikes End, Pinner, MIDDX, United Kingdom, HA5 2EX. The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Any opinions expressed are those of the individual and do not represent the opinion of the organisation. Access to this email by persons other than the intended recipient is strictly prohibited. If you are not the intended recipient, any disclosure, copying, distribution or other action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email is subject to the terms and conditions expressed in the applicable Portcullis Computer Security Limited terms of business. ### # This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal. # Portcullis Security Advisory07_016 Vulnerable System: Cisco Unified CallManager Vulnerability Title: Multiple SQL Injections In User And Admin Interface Vulnerability discovery and development: Nico Leidecker of Portcullis Computer Security Ltd discovered this vulnerability. Further research was then carried out. Affected systems: System Version: 5.0.4.2000-1 and 5.1, 6.0-6.1. Details: The Cisco Unified CallManager is vulnerable to multiple SQL injections in the user interface as well as in the administration interface. The value of the 'key' parameter used in various GET requests is not properly sanatized and it is therefore possible to inject SQL queries. In addition, the application discloses table and attribute names in the 'primaryTable'and 'dispCols' parameters of some POST requests. Another SQL injection point can be found there. The following is a simplified POST request: POST /ccmuser/personaladdressbookFindList.do?%3C%=reqParams%%3ErecCnt=1colCnt=4 HTTP/1.1 Host: example.org Referer: https://example.org/ccmuser/personaladdressbookFindList.do Cookie: JSESSIONID=D650CB2B43F85CD8D260B69A948FA7B5; JSESSIONIDSSO=315C472AA4B90A6765D4EDEFAC24897C Content-Length: 170 org.apache.struts.taglib.html.TOKEN=9a4f6e1e4e11a72ed4be0981c26e6f53 primaryTable=personaladdressbookdispCols=pkid%23nickname%23firstname%23lastname searchField=nickname Impact: Attackers need access to either the user or administration interface. They then might be able to read data from the database such as password hashes. Exploit: Proof of concept exploit code is not required. The injection points are the 'key' or the primaryTable' and 'dispCols' parameters. E.g.: https://example.org/ccmuser/personaladdressbookEdit.do?key='+UNION+ALL+ SELECT+'','',firstname,lastname,userid,password+from+enduser;-- or https://example.org/ccmuser/personaladdressbookEdit.do?key='+UNION+ALL+ SELECT+'','','',user,'',password+from+applicationuser;-- Vendor Status: Vendor contacted - Cisco advise that they will be using bug ID CSCsk64286 for this incident. CVE-2008-0026 has been assiged to this vulnerability. The Cisco advisory is now available at:- http://www.cisco.com/warp/customer/707/cisco-sa-20080213-cucmsql.shtml The vendor has advised that the CUCM versions not vulnerable to this issue are 5.1(3a) and 6.1(1a). Copyright: Copyright © Portcullis Computer Security Limited 2007, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited. Disclaimer: The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-579-1] Qt vulnerability
=== Ubuntu Security Notice USN-579-1 February 20, 2008 qt4-x11 vulnerability CVE-2007-5965 === A security issue affects the following Ubuntu releases: Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: libqt4-core 4.3.2-0ubuntu3.2 After a standard system upgrade you need to restart applications linked against Qt to effect the necessary changes. Details follow: It was discovered that QSslSocket did not properly verify SSL certificates. A remote attacker may be able to trick applications using QSslSocket into accepting invalid SSL certificates. Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.3.2-0ubuntu3.2.diff.gz Size/MD5:50784 34e258b7ef8ddb98baff43b8addda445 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.3.2-0ubuntu3.2.dsc Size/MD5: 1605 13abaddb49b3db3c5c30e9f9f04de057 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.3.2.orig.tar.gz Size/MD5: 43462686 a60490b36099bdd10c4d2f55430075b3 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-doc_4.3.2-0ubuntu3.2_all.deb Size/MD5: 25346480 99cd0e2b1094ed55284db1d58605d079 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.3.2-0ubuntu3.2_amd64.deb Size/MD5: 1943082 b4e65e7adebc86ba9b6cc871a60bbd0e http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-debug_4.3.2-0ubuntu3.2_amd64.deb Size/MD5: 81469132 14a6f12efd943643de8dad9c0e34f339 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.3.2-0ubuntu3.2_amd64.deb Size/MD5: 4803626 e72bbf5adf05487893c14820191aa485 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-gui_4.3.2-0ubuntu3.2_amd64.deb Size/MD5: 5395948 c66f7f37b88c2f153bd2fde0f5f949a8 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-qt3support_4.3.2-0ubuntu3.2_amd64.deb Size/MD5: 1140384 4f2364042868f3c780e26fd80b40919a http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql_4.3.2-0ubuntu3.2_amd64.deb Size/MD5: 154934 8fa24a2d0efe9bd826d20e79e26de0de http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-designer_4.3.2-0ubuntu3.2_amd64.deb Size/MD5: 1295424 435d9d6947a1becd34602c9b68a48176 http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-dev-tools_4.3.2-0ubuntu3.2_amd64.deb Size/MD5: 769864 652ecbdfe495cc23e4cf160cca21d36d http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-qtconfig_4.3.2-0ubuntu3.2_amd64.deb Size/MD5:99416 8868ca06f4ee62152de3cc4b9b426b80 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.3.2-0ubuntu3.2_i386.deb Size/MD5: 1768524 131d6c2c0551f2398fce9ff082b37ef2 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-debug_4.3.2-0ubuntu3.2_i386.deb Size/MD5: 81026292 8ebfec68d6e0955a3e0a5e1e476a5b55 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.3.2-0ubuntu3.2_i386.deb Size/MD5: 4437758 222c08edb1bfc0785ed467a5e5ce83a8 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-gui_4.3.2-0ubuntu3.2_i386.deb Size/MD5: 4887460 434b7dbebf234ff398e0fe33e8fcc486 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-qt3support_4.3.2-0ubuntu3.2_i386.deb Size/MD5: 1021026 db8cb6acd0537582fc6ff4012e359555 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql_4.3.2-0ubuntu3.2_i386.deb Size/MD5: 138812 4492b7b101fbf43cd914a7085c8c5481 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-designer_4.3.2-0ubuntu3.2_i386.deb Size/MD5: 1249678 1e65a2dcc55131b96f793b69a56eeb08 http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-dev-tools_4.3.2-0ubuntu3.2_i386.deb Size/MD5: 699468 9f2a65ffc4dac8f019bcdadba7571d9c http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-qtconfig_4.3.2-0ubuntu3.2_i386.deb Size/MD5:93364 db90b49be856de532888e68d3bbe402b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.3.2-0ubuntu3.2_powerpc.deb Size/MD5: 1861838 4ad11d44b4208bb7a5a2519a02de72fc http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-debug_4.3.2-0ubuntu3.2_powerpc.deb Size/MD5: 82142134 aa5b06c09de5c25944ad9b98f5dcb676 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.3.2-0ubuntu3.2_powerpc.deb Size/MD5: 4567070
[Full-disclosure] Cisco and Vocera wireless LAN VoIP devices don't check certificates
Looks like Vocera's wireless LAN VoIP communicators don't bother to cryptographically confirm the validity of a digital certificate because it's too much processing overhead required. This is clearly stated in the Vocera documentation. I am also waiting for verification on Cisco's wireless VoIP handsets. I heard that the Cisco devices have the same design flaw, but it's fairly simple to confirm if you have one of those wireless LAN VoIP handsets. That means you can basically put up your own bogus access point with a rogue RADIUS backend with your own self-signed digital certificate claiming it's the same as the certificate the client is use to seeing. Since the client never bothers to cryptographically check the signature, it thinks it's talking to the right server and it will send its hashed password or pin to the server making it very easy to crack. I have more details here: http://blogs.zdnet.com/security/?p=896 George Ou ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-580-1] libcdio vulnerability
=== Ubuntu Security Notice USN-580-1 February 20, 2008 libcdio vulnerability CVE-2007-6613 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libcdio60.76-1ubuntu1.6.06.1 Ubuntu 6.10: libcdio60.76-1ubuntu1.6.10.1 Ubuntu 7.04: libcdio60.76-1ubuntu2.7.04.1 Ubuntu 7.10: libcdio60.76-1ubuntu2.7.10.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Devon Miller discovered that the iso-info and cd-info tools did not properly perform bounds checking. If a user were tricked into using these tools with a crafted iso image, an attacker could cause a denial of service via a core dump, and possibly execute arbitrary code. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libc/libcdio/libcdio_0.76-1ubuntu1.6.06.1.diff.gz Size/MD5: 4589 5269ab54d9e511ee96affd3a105e8490 http://security.ubuntu.com/ubuntu/pool/main/libc/libcdio/libcdio_0.76-1ubuntu1.6.06.1.dsc Size/MD5: 722 92bc1e7a65224dc7138aead2c45c9c90 http://security.ubuntu.com/ubuntu/pool/main/libc/libcdio/libcdio_0.76.orig.tar.gz Size/MD5: 1821519 6d5f97847c8be003f4018dd2b5afe23d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libc/libcdio/libcdio-dev_0.76-1ubuntu1.6.06.1_amd64.deb Size/MD5: 229090 1cf181a4f5e45d04f4c2c843d584651e http://security.ubuntu.com/ubuntu/pool/main/libc/libcdio/libcdio6_0.76-1ubuntu1.6.06.1_amd64.deb Size/MD5: 126624 7ac26be54b8362ffe3efd48464685f2f http://security.ubuntu.com/ubuntu/pool/universe/libc/libcdio/libcdio-cdda-dev_0.76-1ubuntu1.6.06.1_amd64.deb Size/MD5:96792 7ef8197fff4cd9fc1930a11d0d1594bc http://security.ubuntu.com/ubuntu/pool/universe/libc/libcdio/libcdio-cdda0_0.76-1ubuntu1.6.06.1_amd64.deb Size/MD5:90670 893303f06d7091cd1410e8bd2976d4ca http://security.ubuntu.com/ubuntu/pool/universe/libc/libcdio/libcdio-paranoia-dev_0.76-1ubuntu1.6.06.1_amd64.deb Size/MD5:94982 60449eaf267304dd47c2a5699ddb3561 http://security.ubuntu.com/ubuntu/pool/universe/libc/libcdio/libcdio-paranoia0_0.76-1ubuntu1.6.06.1_amd64.deb Size/MD5:91616 f71c76f4384bede51c32a0d5578726eb http://security.ubuntu.com/ubuntu/pool/universe/libc/libcdio/libiso9660-4_0.76-1ubuntu1.6.06.1_amd64.deb Size/MD5:96318 393da121592cc528006001cd71cd9786 http://security.ubuntu.com/ubuntu/pool/universe/libc/libcdio/libiso9660-dev_0.76-1ubuntu1.6.06.1_amd64.deb Size/MD5: 113606 11178bb645f98dd5e97ff2239ce51972 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libc/libcdio/libcdio-dev_0.76-1ubuntu1.6.06.1_i386.deb Size/MD5: 217752 db9ca235cd3bc156810f6baa33645a36 http://security.ubuntu.com/ubuntu/pool/main/libc/libcdio/libcdio6_0.76-1ubuntu1.6.06.1_i386.deb Size/MD5: 119546 8704de6369a647b23865ab0964957684 http://security.ubuntu.com/ubuntu/pool/universe/libc/libcdio/libcdio-cdda-dev_0.76-1ubuntu1.6.06.1_i386.deb Size/MD5:94050 748e1f2ae5922192b1f079d64e884abd http://security.ubuntu.com/ubuntu/pool/universe/libc/libcdio/libcdio-cdda0_0.76-1ubuntu1.6.06.1_i386.deb Size/MD5:88836 50c7e84104a2cb1aef508efd8695fb86 http://security.ubuntu.com/ubuntu/pool/universe/libc/libcdio/libcdio-paranoia-dev_0.76-1ubuntu1.6.06.1_i386.deb Size/MD5:93424 57a430b257d12ab5ce30126271e239db http://security.ubuntu.com/ubuntu/pool/universe/libc/libcdio/libcdio-paranoia0_0.76-1ubuntu1.6.06.1_i386.deb Size/MD5:90726 b716af32c6f60e453f2b4ed34b9aed76 http://security.ubuntu.com/ubuntu/pool/universe/libc/libcdio/libiso9660-4_0.76-1ubuntu1.6.06.1_i386.deb Size/MD5:94858 b3366694d2f82fe18460aeb1b1d46161 http://security.ubuntu.com/ubuntu/pool/universe/libc/libcdio/libiso9660-dev_0.76-1ubuntu1.6.06.1_i386.deb Size/MD5: 110506 c3424732452acad7395c2655f44f2be1 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/libc/libcdio/libcdio-dev_0.76-1ubuntu1.6.06.1_powerpc.deb Size/MD5: 230758 e49019ff90b559bc08cdd3b0dd54a619 http://security.ubuntu.com/ubuntu/pool/main/libc/libcdio/libcdio6_0.76-1ubuntu1.6.06.1_powerpc.deb Size/MD5: 125596 740d49cf915444ec7ca564b211bcb930 http://security.ubuntu.com/ubuntu/pool/universe/libc/libcdio/libcdio-cdda-dev_0.76-1ubuntu1.6.06.1_powerpc.deb Size/MD5:
Re: [Full-disclosure] Cisco and Vocera wireless LAN VoIP devices don't check certificates
On 2/21/08, George Ou [EMAIL PROTECTED] wrote: I am also waiting for verification on Cisco's wireless VoIP handsets. I heard that the Cisco devices have the same design flaw, but it's fairly simple to confirm if you have one of those wireless LAN VoIP handsets. So you just generalize and make assumptions about a product based on heresay? If the product is vulnerable, that's one thing. Go ahead and write about it, but if you can't confirm the vulnerability of the product, don't attempt to use a company to garner more attempts at reading your article. Perhaps your title should have read. I think Cisco is vulnerable, but I don't know? We all know Cisco is no better than anyone else when it comes to bugs/issues, but don't just go making assumptions and posts without proof. That's just sad journalism! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1500-1] New splitvt packages fix privilege escalation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1500-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp February 21, 2008 http://www.debian.org/security/faq - Package: splitvt Vulnerability : privilege escalation Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-0162 Mike Ashton discovered that splitvt, a utility to run two programs in a split screen, did not drop group privileges prior to executing 'xprop'. This could allow any local user to gain the privileges of group utmp. For the stable distribution (etch), this problem has been fixed in version 1.6.5-9etch1. For the unstable distribution (sid), this problem has been fixed in version 1.6.6-4. We recommend that you upgrade your splitvt package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1.dsc Size/MD5 checksum: 602 38c5d340fe95abbd78edfa806618fce8 http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1.diff.gz Size/MD5 checksum:10746 ea95a61da623237d715e5b1fdce9e92a alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_alpha.deb Size/MD5 checksum:41314 06622ad249f48ee2009f03ef1b4ba1ad amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_amd64.deb Size/MD5 checksum:37754 dd591bff5b03378ab225dbf41648e037 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_hppa.deb Size/MD5 checksum:38398 f9c5dc35197dcd1b8a2843a29c200bbb i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_i386.deb Size/MD5 checksum:34754 70d76970fb5017197c78861c4d070cab ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_ia64.deb Size/MD5 checksum:50166 d2328ca3f1d1114cc9a2497d59e0ff9a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_mips.deb Size/MD5 checksum:39434 3205ddfd371fd0edd5175333a5c94c1b powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_powerpc.deb Size/MD5 checksum:37800 7c8d9c7f20e4a4fc92531f0a5cd7bb26 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_s390.deb Size/MD5 checksum:37854 9c39d0109f6600022862c3ee6d1fb0c8 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHvd1awM/Gs81MDZ0RAg06AKDJ/V4YC2YkBD2zeAgBxlaZQagpnQCfUkSm EM24FdX8f8pceWCmyHPKnA8= =BVtM -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] round and round they go
http://blog.wired.com/27bstroke6/2008/02/researchers-dis.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] round and round they go, keys in ram are ripe for picking...
On Thu, Feb 21, 2008 at 12:43 PM, Elazar Broad [EMAIL PROTECTED] wrote: http://blog.wired.com/27bstroke6/2008/02/researchers-dis.html Lest We Remember: Cold Boot Attacks on Encryption Keys the best part is: ''' Countermeasures and their Limitations Memory imaging attacks are difficult to defend against because cryptographic keys that are in active use need to be stored somewhere. Our suggested countermeasures focus on discarding or obscuring encryption keys before an adversary might gain physical access, preventing memory-dumping software from being executed on the machine, physically protecting DRAM chips, and possibly making the contents of memory decay more readily. ''' executive summary: - don't let malware read keys from memory. (ah, security, so many holes, so many weak links...) - the ability to scrub keys out of memory is ideal, but likely fallible. can you hit that panic button fast enough? - boot from secure media. you're booting from a read-only iso into that FDE protected OS, right? - avoid pre-computation of key schedules. high throughput hardware crypto implementations are great for this. i love padlock engines... - key expansion: i'm not familiar with any FDE that does this. anyone? note that if you're not using key scrubbing in your disk encryption (loop-aes?) you've got bigger remanence problems to worry about: Data Remanence in Semiconductor Devices http://www.cypherpunks.to/~peter/usenix01.pdf ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200802-09 ] ClamAV: Multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200802-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: ClamAV: Multiple vulnerabilities Date: February 21, 2008 Bugs: #209915 ID: 200802-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in ClamAV may result in the remote execution of arbitrary code. Background == Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-antivirus/clamav 0.92.1 = 0.92.1 Description === An integer overflow has been reported in the cli_scanpe() function in file libclamav/pe.c (CVE-2008-0318). Another unspecified vulnerability has been reported in file libclamav/mew.c (CVE-2008-0728). Impact == A remote attacker could entice a user or automated system to scan a specially crafted file, possibly leading to the execution of arbitrary code with the privileges of the user running ClamAV (either a system user or the clamav user if clamd is compromised). Workaround == There is no known workaround at this time. Resolution == All ClamAV users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-antivirus/clamav-0.92.1 References == [ 1 ] CVE-2008-0318 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0318 [ 2 ] CVE-2008-0728 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0728 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200802-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHvgCZuhJ+ozIKI5gRAi3sAJ0cHaG977lwZ3q03jH5cz3kHUJA5gCfQABE LOck+OQtxagIF6NgWr1HPVA= =gLEB -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Malicious Advertisements Serving Domains
Hello, These are some of the domains behind the recent malicious advertising campaigns pushing rogue SWF ads. Besides being connected, the majority of ad campaigns point to RBN's customers' base as well. http://ddanchev.blogspot.com/2008/02/malicious-advertising-malvertising.html Here's another such malicious ecosystem based on an affiliate model, where participating sites serve malware on behalf of the fake advertising agency : http://ddanchev.blogspot.com/2008/02/serving-malware-through-advertising.html Regards, Dancho ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Cisco and Vocera wireless LAN VoIP devices don't check certificates
No, the source is VERY good. They just don't admit it openly on their website like Vocera's documentation. From: JxT [mailto:[EMAIL PROTECTED] Sent: Thursday, February 21, 2008 8:21 AM To: George Ou Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Cisco and Vocera wireless LAN VoIP devices don't check certificates On 2/21/08, George Ou [EMAIL PROTECTED] wrote: I am also waiting for verification on Cisco's wireless VoIP handsets. I heard that the Cisco devices have the same design flaw, but it's fairly simple to confirm if you have one of those wireless LAN VoIP handsets. So you just generalize and make assumptions about a product based on heresay? If the product is vulnerable, that's one thing. Go ahead and write about it, but if you can't confirm the vulnerability of the product, don't attempt to use a company to garner more attempts at reading your article. Perhaps your title should have read. I think Cisco is vulnerable, but I don't know? We all know Cisco is no better than anyone else when it comes to bugs/issues, but don't just go making assumptions and posts without proof. That's just sad journalism! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1501-1] New dspam packages fix information disclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1501-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst February 21, 2008 http://www.debian.org/security/faq - Package: dspam Vulnerability : programming error Problem type : local Debian-specific: yes CVE Id(s) : CVE-2007-6418 Debian Bug : 448519 Tobias Gruetzmacher discovered that a Debian-provided CRON script in dspam, a statistical spam filter, included a database password on the command line when using the MySQL backend. This allowed a local attacker to read the contents of the dspam database, such as emails. For the stable distribution (etch), this problem has been fixed in version 3.6.8-5etch1. Packages for the mipsel architecture will be added as soon as they become available. The old stable distribution (sarge) does not contain the dspam package. For the unstable distribution (sid), this problem has been fixed in version 3.6.8-5.1. We recommend that you upgrade your dspam package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/d/dspam/dspam_3.6.8.orig.tar.gz Size/MD5 checksum: 743275 c4b1a7079690ee16d8b0f36b2a2a90a4 http://security.debian.org/pool/updates/main/d/dspam/dspam_3.6.8-5etch1.dsc Size/MD5 checksum: 1425 aca91c929ec1c4e3f575e7e8eb37ba55 http://security.debian.org/pool/updates/main/d/dspam/dspam_3.6.8-5etch1.diff.gz Size/MD5 checksum:53607 9e4fa44cfd9154eeea77a895d08e2952 Architecture independent packages: http://security.debian.org/pool/updates/main/d/dspam/dspam-doc_3.6.8-5etch1_all.deb Size/MD5 checksum:94508 22874dcda2fff6d04a0c644338dcf848 http://security.debian.org/pool/updates/main/d/dspam/dspam-webfrontend_3.6.8-5etch1_all.deb Size/MD5 checksum: 109488 2fcf87ed0a9d0a82b984f1d7a83fd92a alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/d/dspam/libdspam7_3.6.8-5etch1_alpha.deb Size/MD5 checksum: 116722 fbeea9d902b354bf94b0e8358b2e035f http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-mysql_3.6.8-5etch1_alpha.deb Size/MD5 checksum:97600 426456f7a254c4deb9caa4fe46497006 http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-pgsql_3.6.8-5etch1_alpha.deb Size/MD5 checksum: 106284 07ce97c65711d9e45e6fff61424fcef4 http://security.debian.org/pool/updates/main/d/dspam/libdspam7-dev_3.6.8-5etch1_alpha.deb Size/MD5 checksum: 151074 565a30c4964601abdc3d7590e37df3cb http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-db4_3.6.8-5etch1_alpha.deb Size/MD5 checksum:71262 662cbe35889767f8cfa0628347c6f1f8 http://security.debian.org/pool/updates/main/d/dspam/dspam_3.6.8-5etch1_alpha.deb Size/MD5 checksum: 360272 2ff991276cafa57e04843a93b5bc818d http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-sqlite3_3.6.8-5etch1_alpha.deb Size/MD5 checksum:86090 0bcb341c0d38afe2a6f91c5ccc89a7e6 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-sqlite3_3.6.8-5etch1_amd64.deb Size/MD5 checksum:85046 f116fad2f6a59b334548c1e410dca1b0 http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-db4_3.6.8-5etch1_amd64.deb Size/MD5 checksum:71178 6791d5a9e01eec2014b9a2384f6ff72f http://security.debian.org/pool/updates/main/d/dspam/dspam_3.6.8-5etch1_amd64.deb Size/MD5 checksum: 335094 c95a6da6a5569a3bc93f146a8e4150b4 http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-pgsql_3.6.8-5etch1_amd64.deb Size/MD5 checksum: 104680 fabdcca6612f273a075e9b553c065cb6 http://security.debian.org/pool/updates/main/d/dspam/libdspam7-dev_3.6.8-5etch1_amd64.deb Size/MD5 checksum: 132954 59b06e7c1a4f91a03fa29846adc31732 http://security.debian.org/pool/updates/main/d/dspam/libdspam7_3.6.8-5etch1_amd64.deb Size/MD5 checksum: 112174 412daf4a7e2581b7f7039c6236ddd4c9 http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-mysql_3.6.8-5etch1_amd64.deb Size/MD5 checksum:97026 f53ca8975eb626cbcfdc85001a3c6bd3 arm architecture (ARM) http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-db4_3.6.8-5etch1_arm.deb
[Full-disclosure] [USN-581-1] PCRE vulnerability
=== Ubuntu Security Notice USN-581-1 February 21, 2008 pcre3 vulnerability CVE-2008-0674 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpcre37.4-0ubuntu0.6.06.2 Ubuntu 6.10: libpcre37.4-0ubuntu0.6.10.2 Ubuntu 7.04: libpcre37.4-0ubuntu0.7.04.2 Ubuntu 7.10: libpcre37.4-0ubuntu0.7.10.2 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: It was discovered that PCRE did not correctly handle very long strings containing UTF8 sequences. In certain situations, an attacker could exploit applications linked against PCRE by tricking a user or automated system in processing a malicious regular expression leading to a denial of service or possibly arbitrary code execution. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.6.06.2.diff.gz Size/MD5:85474 a26fd1f612736924ca75f5ed3eff1110 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.6.06.2.dsc Size/MD5: 619 19e32becc5643dd9f840db767d2df3e1 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4.orig.tar.gz Size/MD5: 1106897 de886b22cddc8eaf620a421d3041ee0b Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pgrep_7.4-0ubuntu0.6.06.2_all.deb Size/MD5: 770 2aaddc4022b1274d5e23d0944b5add3e amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.6.06.2_amd64.deb Size/MD5: 254882 ce810152d7ce84c914dde8ddd83ee3da http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.6.06.2_amd64.deb Size/MD5: 198662 204ae1da2eeecf5637259e62995f161d http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.6.06.2_amd64.deb Size/MD5:90258 5863807c7290cc84252bb4d1a068da21 http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.6.06.2_amd64.deb Size/MD5:20344 f79fa8e9db880efac499b85d500b0229 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.6.06.2_i386.deb Size/MD5: 246520 64c77daa56fe6cd715fca17740afb1a7 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.6.06.2_i386.deb Size/MD5: 194138 7d22404b34330e7c7d1fe069a6a99feb http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.6.06.2_i386.deb Size/MD5:88578 d5d1a1e5b46c75d5354e4ba743232266 http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.6.06.2_i386.deb Size/MD5:18956 70b6a832804f4d7f257b0e44adfecc07 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.6.06.2_powerpc.deb Size/MD5: 258710 72dbd0765a3c0d98887e63e118150930 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.6.06.2_powerpc.deb Size/MD5: 199858 7f88d40576441513e82b874385f3222b http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.6.06.2_powerpc.deb Size/MD5:91344 19b5d78aacb9064b0c2ec8ff262fcaf8 http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.6.06.2_powerpc.deb Size/MD5:21360 2156110f2dcff84d2028803a7f14cdec sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.6.06.2_sparc.deb Size/MD5: 250172 5c67abd4640d0b7e79ae3a1389924ce8 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.6.06.2_sparc.deb Size/MD5: 196560 072b620a6a0060d9db75a825889336f0 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.6.06.2_sparc.deb Size/MD5:88026 161fe2eb283bcba7f97a3a9df8322354 http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.6.06.2_sparc.deb Size/MD5:19582 30bedd0dbc84b42613d303709404cfc4 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.6.10.2.diff.gz Size/MD5:85863 f1496e16dd7bb1e3534a9b37a851c92a http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.6.10.2.dsc Size/MD5: 612 dc58861573c8e05c78bda7adcc3d8ff1
