[Full-disclosure] SUSE Security Announcement: evolution (SUSE-SA:2008:014)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ SUSE Security Announcement Package:evolution Announcement ID:SUSE-SA:2008:014 Date: Fri, 14 Mar 2008 10:00:00 + Affected Products: SUSE LINUX 10.1 openSUSE 10.2 openSUSE 10.3 Novell Linux Desktop 9 SUSE Linux Enterprise Desktop 10 SP1 SLE SDK 10 SP1 Vulnerability Type: remote code execution Severity (1-10):8 SUSE Default Package: yes Cross-References: CVE-2008-0072 Content of This Advisory: 1) Security Vulnerability Resolved: format string vulnerability Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information __ 1) Problem Description and Brief Discussion Evolution is a personal information manager (PIM) and workgroup information management software. The function emf_multipart_encrypted() that is used to process encrypted messages is vulnerable to format-string bugs. This bug can be abused by a remote attacker to execute arbitrary code by sending a crafted encrypted eMail. 2) Solution or Work-Around No work-around. Please install the current security update package. 3) Special Instructions and Notes Please restart evolution. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv to apply the update, replacing with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/evolution-2.12.0-5.6.i586.rpm 4a13b961952e7913af466ef1738c0196 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/evolution-devel-2.12.0-5.6.i586.rpm 2ecaf3f223841665df554aa8e20d5978 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/evolution-pilot-2.12.0-5.6.i586.rpm d06a664885565b04774d5d3c2afb84f5 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/evolution-2.8.2-9.i586.rpm c7949a1af35d7abdb7a36fd7fc90607b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/evolution-devel-2.8.2-9.i586.rpm eadabc26ef71fbb91c498f202196e640 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/evolution-pilot-2.8.2-9.i586.rpm b8a8b80039aa8f1641c0103bb04f75a0 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/evolution-2.6.0-49.66.3.i586.rpm cc40ee93e3f2043a25dff22e62bc4e4e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/evolution-devel-2.6.0-49.66.3.i586.rpm b7fb5fec304a0e623be28233a66525ad ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/evolution-pilot-2.6.0-49.66.3.i586.rpm d2833e3948641af99a9e76026da6e8da Power PC Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/evolution-2.12.0-5.6.ppc.rpm a6e9d56b825c7809bc62a87f546bdb50 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/evolution-devel-2.12.0-5.6.ppc.rpm 772ce1adbb46a5ba5f703bf4dcfbd49e http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/evolution-pilot-2.12.0-5.6.ppc.rpm 946a9756bab858d4242736e055009173 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/evolution-2.8.2-9.ppc.rpm fa5ed56ee0d3a6718015bf722e34ff6f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/evolution-devel-2.8.2-9.ppc.rpm 91565615e83f40a40d435e9edcca2a63 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/evolution-pilot-2.8.2-9.ppc.rpm 443a51070cdb147473536fec3b704533 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/evolution-2.6.0-49.66.3.ppc.rpm 8b0beec2e2ecad7969fc91aa12c963d2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/evolution-devel-2.6.0-49.66.3.ppc.rpm 46706e204d46f01026af35b861c101a6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/evolution-pilot-2.6.0-49.66.3.ppc.rpm 0c946a353
Re: [Full-disclosure] hacking a pacemaker
On Wed, March 12, 2008 4:57 am, Gadi Evron wrote: > Almost a year ago I gave a talk at the CCC Camp in Germany I called > "hacking > the bionic man". It even made Wired, in some fashion. > http://blog.wired.com/27bstroke6/2007/08/will-the-bionic.html > http://events.ccc.de/camp/2007/Fahrplan/events/2049.en.html > > In the talk, among other things such as the DNA and scripting languages, > medical doctors and reverse engineers... was about cybernetic hacking. > I gave some predictions, some for 2 years, others 40 years. Some again > were > pure science fiction. I was wrong on the 2 years, it's here. > > Today, this came up in the news (hat tip to Paul Ferguson on the funsec > mailing > list): > http://www.nytimes.com/2008/03/12/business/12heart-web.html?_r=1&oref=slogin > > " The threat seems largely theoretical. But a team of computer security > researchers plans to report Wednesday that it had been able to gain > wireless > access to a combination heart defibrillator and pacemaker. > > They were able to reprogram it to shut down and to deliver jolts of > electricity > that would potentially be fatal . if the device had been in a person. In > this > case, the researcher were hacking into a device in a laboratory. " > When I got my pacemaker I was working on some RF programming project. My doctor told me to find another job, he could sense my curiosity. Who could resist such fun?! Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Local persistent DoS in Windows XP SP2 Taskmanager
Dear list, after weeks of total ignorance by Microsoft I decided to finally release all information related to a bug, that has to do with the Windows XP SP2 Taskmanager. Manipulating a Registry key makes it possible to disable the Taskmgr. On the next startup it will crash with an error message. It is possible to backup the key and repair the Registry doing so, but the attack scenario is clear: A virus uses this code, the user can't open the Taskmgr anymore and your process is somehow "hidden". The full information about this bug, can be found here: http://core-security.net/archive/2008/march/index.php#14032008 And the exploit is available here: http://core-security.net/releases/exploits/taskmgr_dos.c.txt Greets, SkyOut --- core-security.net ---___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Local persistent DoS in Windows XP SP2 Taskmanager
While I am sure MS is now trembling at the disclosure of such a high impact bug, I am wondering why you chose core-security.net as your domain when core security (.com) is already known as a leading security company with a good name? On Fri, Mar 14, 2008 at 2:49 PM, SkyOut <[EMAIL PROTECTED]> wrote: > Dear list, > > after weeks of total ignorance by Microsoft I decided to finally release > all information > related to a bug, that has to do with the Windows XP SP2 Taskmanager. > Manipulating > a Registry key makes it possible to disable the Taskmgr. On the next > startup it will crash with > an error message. It is possible to backup the key and repair the Registry > doing so, but > the attack scenario is clear: A virus uses this code, the user can't open > the Taskmgr anymore > and your process is somehow "hidden". > > The full information about this bug, can be found here: > http://core-security.net/archive/2008/march/index.php#14032008 > > And the exploit is available here: > http://core-security.net/releases/exploits/taskmgr_dos.c.txt > > Greets, > SkyOut > > --- > core-security.net > --- > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Diceware method adoption - brute force me if you dare
Not legalizing, but rather acknowledging its reality. -- razi On 3/13/08, blah <[EMAIL PROTECTED]> wrote: > On Wed, Mar 12, 2008 at 12:15 PM, M. B. Jr. <[EMAIL PROTECTED]> wrote: > > Doesn't adopting the Diceware method in a, say, government corporative > > environment means legalizing brute force attacks? > > > nah. > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Black Hat Announcements: New CFP system and Japan '08 confirmed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Full Disclosure, here is a big Black Hat update to keep inquiring minds up to date with all the goings on in our not-so-secret lair: Black Hat Amsterdam is a go! Training: 25-26 March 2008 Briefings: 27-28 March 2008 There will be four different tracks over two days comprised of over 20+ internationally renowned security professionals speaking on diverse topics from intercepting GSM traffic and the evolution of spam techniques to attacking Anti Virus products and new client side channels: https://www.blackhat.com/html/bh-europe-08/bh-eu-08-main.html Black Hat USA News: We're very proud to announce a new feature for paid Black Hat attendees starting with the USA show in August - delegate access to our CFP system! Paid delegates can now log into our CFP database, read and review our proposed presentations and share their ratings and comments with Black Hat. Your ratings will help us create the show you want to attend, and even help focus presentations as they're being created. We are excited to see what kind of information we learn about what interests our delegates and what kind of talks meet their needs best. We've always said that our delegates make Black hat the experience it is, and we're glad to have the opportunity to extend their influence on the final product. To read more about this new opportunity, go to: https://www.blackhat.com/html/blackpages/blackpages.html We're also unveiling an "Un-Track" where attendees create their own mash-up style presentations - so if you've got something to share with the security community, this is your moment. Continuing a popular new BH development, we will also have speaker Q&A rooms after every presentation to help you follow up with your speaker and network with likeminded delegates. Still have a question that didn't quite get answered? Follow your speaker and continue the conversation. Registration is now OPEN for The Black Hat Briefings USA, register now to take advantage of our early bird rates: Black Hat Briefings USA 2008, August 2-7 at the Caesars Palace Las Vegas Early registration rate closes May 1, 2008. Regular registration rate closes July 1, 2008. https://www.blackhat.com/html/bh-registration/bh-registration.html#USA The Black Hat USA Call for Papers is now open. For descriptions of the tracks and deadlines check out: https://www.blackhat.com/html/bh-usa-08/bh-usa-08-cfp.html To create or update a submission: https://cfp.blackhat.com/ Download all the Black Hat USA 2007 content for free in an iPod friendly format! For audio and video follow these links: https://www.blackhat.com/podcast/bh-usa-07-video.rss https://www.blackhat.com/podcast/bh-usa-07-audio.rss Black Hat Japan News: We're happy to announce that Black Hat is returning to Tokyo for another Black Hat Japan in October 2008. We'll be bringing another strong lineup of speakers and trainers and the best lineup of technical security presentations available in Japan. We hope to see you there! About Black Hat The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world - from the corporate and government sectors to academic and even underground researchers. The environment is strictly vendor-neutral and focused on the sharing of practical insights and timely, actionable knowledge. Black Hat remains the best and biggest event of its kind, unique in its ability to define tomorrow's information security landscape. 15 years at the intersection of network security and hacker ingenuity is what makes Black Hat the one-of-a-kind conference it is, one where the establishment and the underground are equally at home. In addition to the large number of short, topical presentations in the Briefings, Black Hat also provides hands-on, high-intensity, multi-day Trainings. The Training sessions are provided by some of the most respected experts in the world and many also provide formal certifications to qualifying attendees. Arrangements can also be made to bring Black Hat's trainers to your location for private and customized training. Subscribe to the Black Hat RSS feed to keep up to date on news, announcements, and content: https://www.blackhat.com/BlackHatRSS.xml UNSUBSCRIBE: These announcements get sent to past Black Hat attendees. If you wish to stop receiving them just reply saying so and I'll remove you from the list. Jeff Moss Director Black Hat -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.7.0 (Build 1012) Charset: us-ascii wsBVAwUBR9sCCEqsDNqTZ/G1AQgngQf/dEGYzUWa4Og92nGf42+TxfCaYgNBjkAU BdfHlaHHnPJj1xI+fN0oHr24NC4IY8WdYjiVSobGn7nNM1nGSDqPyVjlIsRkC/8t qubsuje6B+cQuY3AV01B8wVkg1ZWwre1i0mU1ENkD7rjW9cF9C2OLCTnIG9kcrQP v4tUzKgPK/Q8bZF4uAZadoEpAnVaUi96f7AnKMoMHu7wcltIskAtpHXrenePyDDI aq/SM+gFnbE4kQH1usLfqsdiKihWHDupHXyFD7IDMPK2ngreFwdMCV9zpemqVH4m FAbbHzz1R+4TJ5zhwmSiKf7uEw7NKmeY9oTsO5WmJoCiiq07sbxkig== =+xLy -END PGP SI
[Full-disclosure] [SECURITY] [DSA 1516-1] New dovecot packages fix privilege escalation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1516-1[EMAIL PROTECTED] http://www.debian.org/security/ Florian Weimer March 14, 2008 http://www.debian.org/security/faq - -- Package: dovecot Vulnerability : privilege escalation Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-1199 CVE-2008-1218 Debian Bug : 469457 Prior to this update, the default configuration for Dovecot used by Debian runs the server daemons with group mail privileges. This means that users with write access to their mail directory by other means (for example, through an SSH login) could read mailboxes owned by other users for which they do not have direct write access (CVE-2008-1199). In addition, an internal interpretation conflict in password handling has been addressed proactively, even though it is not known to be exploitable (CVE-2008-1218). Note that applying this update requires manual action: The configuration setting "mail_extra_groups = mail" has been replaced with "mail_privileged_group = mail". The update will show a configuration file conflict in /etc/dovecot/dovecot.conf. It is recommended that you keep the currently installed configuration file, and change the affected line. For your reference, the sample configuration (without your local changes) will have been written to /etc/dovecot/dovecot.conf.dpkg-new. If your current configuration uses mail_extra_groups with a value different from "mail", you may have to resort to the mail_access_groups configuration directive. For the stable distribution (etch), these problems have been fixed in version 1.0.rc15-2etch4. For the unstable distribution (sid), these problems have been fixed in version 1.0.13-1. For the old stable distribution (sarge), no updates are provided. We recommend that you consider upgrading to the stable distribution. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch4.dsc Size/MD5 checksum: 1300 8146ccf246ed64e1ac8c0127489ec798 http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15.orig.tar.gz Size/MD5 checksum: 1463069 26f3d2b075856b1b1d180146363819e6 http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch4.diff.gz Size/MD5 checksum: 102991 21959fc45cf0f8932fa9eb890791ff39 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_alpha.deb Size/MD5 checksum: 583482 a0d18885da096140ceb4110d525569d4 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_alpha.deb Size/MD5 checksum: 1379844 6103bce830848d3f9bb4347f5c9b94f0 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_alpha.deb Size/MD5 checksum: 621320 48127903af1fe2130cb84c57e5a607ff amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_amd64.deb Size/MD5 checksum: 1222430 1c2e1ffeb6bf745ed88cde01c62d264a http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_amd64.deb Size/MD5 checksum: 536634 4f64ed0cc16510e9c3d709342b3c57ca http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_amd64.deb Size/MD5 checksum: 569588 c17bac715f188f55ae20e5a3c95109b1 arm architecture (ARM) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_arm.deb Size/MD5 checksum: 1123030 47eb9fddcc68c2c213afa10c8e3d8747 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_arm.deb Size/MD5 checksum: 506134 0f4d939f2cf68f4e5b01140c846e50bc http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_arm.deb Size/MD5 checksum: 537564 82310ae4e42406429f8ade7cbb81abf0 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_hppa.deb Size/MD5 checksum: 1298818 603d12284115b6349e1d0334263d2af0 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_hppa.deb Size/MD5 checksum: 562192 413ac964849698428c1b08e9cc9075bc
