Re: [Full-disclosure] More High Profile Sites IFRAME Injected
On Wed, Mar 12, 2008 at 2:51 PM, Dancho Danchev [EMAIL PROTECTED] wrote: The ongoing monitoring of this campaign reveals that the group is continuing to expand the campaign, introducing over a hundred new bogus .info domains acting as traffic redirection points to the campaigns hardcoded within the secondary redirection point, in this case radt.info where a new malware variant of Zlob is attempting to install though an ActiveX object. Sample domains targeted within the past 48 hours : lib.ncsu.edu; fulldownloads.us; cso.ie; dblife.cs.wisc.edu; www-history.mcs.st-andrews.ac.uk; ehawaii.gov; timeanddate.com; boisestate.edu; aoa.gov; gustavus.edu; archive.org; gsbapps.stanford.edu; bushtorrent.com; ccie.com; uvm.edu; thehipp.org; mnsu.edu; camajorityreport.com; medicare.gov; usamriid.army.mil http://ddanchev.blogspot.com/2008/03/more-high-profile-sites-iframe-injected.html Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://windowsecurity.com/Dancho_Danchev i call government involvement... worried if u are a government who wants an attack highly known about do you A) attack some random blog, or b) attack high profile news website? worried if are a gov who wants an attack highly known about,written about by the biggest technology sites, and investigated by everybody whos interested in security worried an unknown blog or a high profile news website worried a normal hacker would not do whats been done worried just to get some gay passwords worried this is the gov with a politcal agenda worried their not normal hackers they are state sponsored or are the actual us-gov worried normal hackers who want passwords do not hack cnet asia, they want their attack to be unfound as long as possible worried a normal hacker would not do whats been done worried just to get some gay passwords for world of warcraft worried why would a normal hacker who jsut wants a few gaming passwords hack a news site ? worried i would not want the media's attention or the global security research community knowing what i was doing, i would at all costs do everything possible to make sure news websites like cnet did not get infected cryptowave i've just spent the last several hours doing malware analysis that links back to china worried americans would make an attack link back to china cryptowave well, they are pretty convincing when every thing points back to china cryptowave domains registered there, ip located there, code with chinese cryptowave and they used chinese dollars to register the domains? cryptowave and used chinese email addresses too worried yes, all bases would be covered worried proper gov hackers know ppl like u are going to check details like that worried they put it on a high profile technology news website to make sure the attack was covered by internet news and the thing they wanted the security experts to find is the chinese connection cryptowave you don't need to write your code in chinese, register your domains via chinese registrars, use a chinese email address, etc worried western goverment hackers or western state sponsored hackers would go that far to convince everyone. cryptowave worried: you're jumping to conclusions ;) worried whoever is behind this wanted the attack to be known about and investigated with the core objective that the blame is on china worried and funnily enough the western gov world has a political agenda on that very topic right now, coincidence? worried the fact cnet asia,trend micro was hacked makes me highly suspicious of government involvement, normal hackers who just want a few gay gaming passwords, they would be the last people they would hack. worried this is political, this is done by the government to further bring public notice about chinese hackers as a pretext to ramp up the need for cyber commands, convince the whitehouse about offensive cyber security funding etc etc and the joe average middle american who dont know anything about the internet. these are my conspiracy theories, good bye dancho. what i say is probably bullshit, but you've got to wonder why the high profile sites, especially the biggest technology journalist site and anti virus site was hacked, why would a normal hacker do this for gay passwords?, all the benefits and rewards from this would be a government wanting an attack investigated that links back to china. our supposed number one cyber enemy, according to western super powers. they hacked cnet asia to make sure the asian news were covering the attack as well, to make sure the eventual finding of the china link was known by the public in asia as well. there is more to this than meets the eye of just normal hackers trying to get passwords, because of the type of the first websites which were hacked. a government here is wanting maximum publicity, thats not something small time hackers trying to get world of warcraft passwords want. there is a political game
Re: [Full-disclosure] More High Profile Sites IFRAME Injected
I love the way whenever anything happens, someone always assumes its some big conspiracy. -- razi On 3/15/08, worried security [EMAIL PROTECTED] wrote: On Wed, Mar 12, 2008 at 2:51 PM, Dancho Danchev [EMAIL PROTECTED] wrote: The ongoing monitoring of this campaign reveals that the group is continuing to expand the campaign, introducing over a hundred new bogus .info domains acting as traffic redirection points to the campaigns hardcoded within the secondary redirection point, in this case radt.info where a new malware variant of Zlob is attempting to install though an ActiveX object. Sample domains targeted within the past 48 hours : lib.ncsu.edu; fulldownloads.us; cso.ie; dblife.cs.wisc.edu; www-history.mcs.st-andrews.ac.uk; ehawaii.gov; timeanddate.com; boisestate.edu; aoa.gov; gustavus.edu; archive.org; gsbapps.stanford.edu; bushtorrent.com; ccie.com; uvm.edu; thehipp.org; mnsu.edu; camajorityreport.com; medicare.gov; usamriid.army.mil http://ddanchev.blogspot.com/2008/03/more-high-profile-sites-iframe-injected.html Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://windowsecurity.com/Dancho_Danchev i call government involvement... worried if u are a government who wants an attack highly known about do you A) attack some random blog, or b) attack high profile news website? worried if are a gov who wants an attack highly known about,written about by the biggest technology sites, and investigated by everybody whos interested in security worried an unknown blog or a high profile news website worried a normal hacker would not do whats been done worried just to get some gay passwords worried this is the gov with a politcal agenda worried their not normal hackers they are state sponsored or are the actual us-gov worried normal hackers who want passwords do not hack cnet asia, they want their attack to be unfound as long as possible worried a normal hacker would not do whats been done worried just to get some gay passwords for world of warcraft worried why would a normal hacker who jsut wants a few gaming passwords hack a news site ? worried i would not want the media's attention or the global security research community knowing what i was doing, i would at all costs do everything possible to make sure news websites like cnet did not get infected cryptowave i've just spent the last several hours doing malware analysis that links back to china worried americans would make an attack link back to china cryptowave well, they are pretty convincing when every thing points back to china cryptowave domains registered there, ip located there, code with chinese cryptowave and they used chinese dollars to register the domains? cryptowave and used chinese email addresses too worried yes, all bases would be covered worried proper gov hackers know ppl like u are going to check details like that worried they put it on a high profile technology news website to make sure the attack was covered by internet news and the thing they wanted the security experts to find is the chinese connection cryptowave you don't need to write your code in chinese, register your domains via chinese registrars, use a chinese email address, etc worried western goverment hackers or western state sponsored hackers would go that far to convince everyone. cryptowave worried: you're jumping to conclusions ;) worried whoever is behind this wanted the attack to be known about and investigated with the core objective that the blame is on china worried and funnily enough the western gov world has a political agenda on that very topic right now, coincidence? worried the fact cnet asia,trend micro was hacked makes me highly suspicious of government involvement, normal hackers who just want a few gay gaming passwords, they would be the last people they would hack. worried this is political, this is done by the government to further bring public notice about chinese hackers as a pretext to ramp up the need for cyber commands, convince the whitehouse about offensive cyber security funding etc etc and the joe average middle american who dont know anything about the internet. these are my conspiracy theories, good bye dancho. what i say is probably bullshit, but you've got to wonder why the high profile sites, especially the biggest technology journalist site and anti virus site was hacked, why would a normal hacker do this for gay passwords?, all the benefits and rewards from this would be a government wanting an attack investigated that links back to china. our supposed number one cyber enemy, according to western super powers. they hacked cnet asia to make sure the asian news were covering the attack as well, to make sure the eventual finding of the china link was known by the public in
Re: [Full-disclosure] More High Profile Sites IFRAME Injected
ya, it's political game over playing by the gov agencies to pinpoint CHINA where these issues are not covered by their law at all. I aware lots of undergrounds attacks where hackers were hired specially for this purpose but due to gov involvement it's just a game wait and watch Taneja Vikas http://www.annysoft.com On 3/15/08, Razi Shaban [EMAIL PROTECTED] wrote: I love the way whenever anything happens, someone always assumes its some big conspiracy. -- razi On 3/15/08, worried security [EMAIL PROTECTED] wrote: On Wed, Mar 12, 2008 at 2:51 PM, Dancho Danchev [EMAIL PROTECTED] wrote: The ongoing monitoring of this campaign reveals that the group is continuing to expand the campaign, introducing over a hundred new bogus .info domains acting as traffic redirection points to the campaigns hardcoded within the secondary redirection point, in this case radt.info where a new malware variant of Zlob is attempting to install though an ActiveX object. Sample domains targeted within the past 48 hours : lib.ncsu.edu; fulldownloads.us; cso.ie; dblife.cs.wisc.edu; www-history.mcs.st-andrews.ac.uk; ehawaii.gov; timeanddate.com; boisestate.edu; aoa.gov; gustavus.edu; archive.org; gsbapps.stanford.edu; bushtorrent.com; ccie.com; uvm.edu; thehipp.org ; mnsu.edu; camajorityreport.com; medicare.gov; usamriid.army.mil http://ddanchev.blogspot.com/2008/03/more-high-profile-sites-iframe-injected.html Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://windowsecurity.com/Dancho_Danchev i call government involvement... worried if u are a government who wants an attack highly known about do you A) attack some random blog, or b) attack high profile news website? worried if are a gov who wants an attack highly known about,written about by the biggest technology sites, and investigated by everybody whos interested in security worried an unknown blog or a high profile news website worried a normal hacker would not do whats been done worried just to get some gay passwords worried this is the gov with a politcal agenda worried their not normal hackers they are state sponsored or are the actual us-gov worried normal hackers who want passwords do not hack cnet asia, they want their attack to be unfound as long as possible worried a normal hacker would not do whats been done worried just to get some gay passwords for world of warcraft worried why would a normal hacker who jsut wants a few gaming passwords hack a news site ? worried i would not want the media's attention or the global security research community knowing what i was doing, i would at all costs do everything possible to make sure news websites like cnet did not get infected cryptowave i've just spent the last several hours doing malware analysis that links back to china worried americans would make an attack link back to china cryptowave well, they are pretty convincing when every thing points back to china cryptowave domains registered there, ip located there, code with chinese cryptowave and they used chinese dollars to register the domains? cryptowave and used chinese email addresses too worried yes, all bases would be covered worried proper gov hackers know ppl like u are going to check details like that worried they put it on a high profile technology news website to make sure the attack was covered by internet news and the thing they wanted the security experts to find is the chinese connection cryptowave you don't need to write your code in chinese, register your domains via chinese registrars, use a chinese email address, etc worried western goverment hackers or western state sponsored hackers would go that far to convince everyone. cryptowave worried: you're jumping to conclusions ;) worried whoever is behind this wanted the attack to be known about and investigated with the core objective that the blame is on china worried and funnily enough the western gov world has a political agenda on that very topic right now, coincidence? worried the fact cnet asia,trend micro was hacked makes me highly suspicious of government involvement, normal hackers who just want a few gay gaming passwords, they would be the last people they would hack. worried this is political, this is done by the government to further bring public notice about chinese hackers as a pretext to ramp up the need for cyber commands, convince the whitehouse about offensive cyber security funding etc etc and the joe average middle american who dont know anything about the internet. these are my conspiracy theories, good bye dancho. what i say is probably bullshit, but you've got to wonder why the high profile sites, especially
Re: [Full-disclosure] Local persistent DoS in Windows XP SP2 Taskmanager
Dear SkyOut, I see no security impact here. RegOpenKeyEx(HKEY_LOCAL_MACHINE, SOFTWARE\\Microsoft\\PCHealth\\ErrorReporting, 0, KEY_SET_VALUE, hKey); requires administrative privileges. If user has ones, you can achieve better results by deleting task manager of trojaning it. You can also use HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debug key to launch notepad.exe instead of taskmgr.exe. --Friday, March 14, 2008, 10:49:31 PM, you wrote to full-disclosure@lists.grok.org.uk: S Dear list, S after weeks of total ignorance by Microsoft I decided to finally S release all information S related to a bug, that has to do with the Windows XP SP2 Taskmanager. S Manipulating S a Registry key makes it possible to disable the Taskmgr. On the next S startup it will crash with S an error message. It is possible to backup the key and repair the S Registry doing so, but S the attack scenario is clear: A virus uses this code, the user can't S open the Taskmgr anymore S and your process is somehow hidden. S The full information about this bug, can be found here: S http://core-security.net/archive/2008/march/index.php#14032008 S And the exploit is available here: S http://core-security.net/releases/exploits/taskmgr_dos.c.txt S Greets, S SkyOut S --- S core-security.net S --- -- ~/ZARAZA http://securityvulns.com/ ЭНИАКам - по морде! (Лем) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firewire Attack on Windows Vista
On Fri, 7 Mar 2008, Erik Trulsson wrote: I wonder what other expansion ports can allow such control over the host computer. What about SCSI (which Firewire is partly based on in some aspects)? Or eSATA? Or PCMCIA/PCCard? Good question. SCSI: I do not think you can coax the HBA to let you access arbitrary parts of the host memory. You can probably do nasty things to other SCSI devices when you are attached to a shared bus. eSATA: Probably quite safe, everything you have got is a point-to-point connection to the HBA. I suppose the HBA will not allow you to mess with the host or with other devices. PCMCIA/PCCard: Afaik you get a direct connection to the host bus: ISA for PCMCIA/PCCard, PCI for CardBus and PCIe (or USB) for ExpressCard. If you get a bus-mastering device inserted into such a slot, you can probably access the host memory (within the DMA address range) without much trouble. USB is probably safe. B in USB stands for a bus. You could probably do some interesting tricks when you find yourself attached to the same bus as a trusted device (like a keyboard). -- Pavel Kankovsky aka Peak / Jeremiah 9:21\ For death is come up into our MS Windows(tm)... \ 21th century edition / ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] New penetration testing tool for wifi
New penetration testing tool for wifi wep0ff-ng can be used to generate traffic with WEP-based wireless clients, who are seeking for AP to mount KoreK or other attacks. Download: http://download.securitylab.ru/wep0ff-ng.tar.gz Article (Russian): http://www.securitylab.ru/analytics/312606.php From readme: This tool can be used to generate traffic with WEP-based wireless clients, who are seeking for AP. It waits while client connects to our 'fake' access point (AP), then intercepts either Gratuitous ARP (IPv4) or ICMPv6 Neighbor Solicitation (IPv6) packet, slightly modifies it and sends back. If target machine answers our packet, we start to send it in the endless loop. Written by Alexander Markov amarkov (at) ptsecurity (dot) com Released under a BSD Licence This code was tested on madwifing drivers 0.9.3.3. How to Use: -- 0. Say, we are sitting in airport in front of a man who's notebook is seeking for his home wireless WEP protected net named 'foo'. 1. Setup WEP protected AP with essid 'foo' and specify any key you like 2. Start this program ( ./wep0ff-ng iface in MONITOR mode drivername mac address of AP, you've just launched [log_packets] ) 3. Wait until client connects to our access point 4. Launch airodump-ng to collect packets 5. Launch aircrack-ng to recover WEP key How to Compile: gcc -o wep0ff-ng wep0ff-ng.c -lpcap -lorcon gcc -o airfile airfile.c -lorcon If wep0ff-ng was launched with 'log_packets' option it will save processed packets on disk. Received packets will be stored with the names recvd0, recvd1, recvd2 etc. Modified packets - with the names arp0, arp1, icmp2, etc. One can use airfile utility to mainly transmit saved packet over the air. (there is no sense to transmit received packets. one should better try modified ones.) While trying to get all this stuff to work I've met a couple of troubles. The first one concerns madwifi-ng drivers. You can learn more about it at the tracker we've worked out (http://madwifi.org/ticket/1699). Our sample configuration script demonstrates this technique (prepare_ath.sh). The second trouble was to make our tool to work with airodump-ng. You can learn more about it at the tracker we've created (http://trac.aircrack-ng.org/ticket/364). At the time of this writing we haven't received any feedback from the aircrack team. So to fix this problem one can use airodump.patch file we supply. This code based on following works and POCs: Sergey Gordeychik. wep0ff. (in russian) http://www.ptsecurity.ru/download/client-side-wep.pdf http://www.ptsecurity.ru/download/wepoff.tar.gz Cafe-Latte http://www.airtightnetworks.net/knowledgecenter/ppt/Toorcon.ppt ieee802_11.h by Charlie Lenahan ( [EMAIL PROTECTED] ) Best Regards, Valery Marchuk www.SecurityLab.ru ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-586-1] mailman vulnerability
=== Ubuntu Security Notice USN-586-1 March 15, 2008 mailman vulnerability CVE-2008-0564 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: mailman 2.1.5-9ubuntu4.2 Ubuntu 6.10: mailman 1:2.1.8-2ubuntu2.1 Ubuntu 7.04: mailman 1:2.1.9-4ubuntu1.2 Ubuntu 7.10: mailman 1:2.1.9-8ubuntu0.2 In general, a standard system upgrade is sufficient to effect the necessary changes. NOTE: Due to an internal release testing mistake, earlier published mailman versions 1:2.1.9-4ubuntu1.1 (for Ubuntu 7.04) and 1:2.1.9-8ubuntu0.1 (for Ubuntu 7.10) accidentally included an incorrect patch and caused a regression, as reported in https://launchpad.net/bugs/202332 This update includes fixes for the problem. We apologize for the inconvenience. Details follow: Multiple cross-site scripting flaws were discovered in mailman. A malicious list administrator could exploit this to execute arbitrary JavaScript, potentially stealing user credentials. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-9ubuntu4.2.diff.gz Size/MD5: 231090 d3e7124adf9454e2754e41c98df1a79c http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-9ubuntu4.2.dsc Size/MD5: 626 0ac6344f31b1fd756ff3c724a059c907 http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5.orig.tar.gz Size/MD5: 5745912 f5f56f04747cd4aff67427e7a45631af amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-9ubuntu4.2_amd64.deb Size/MD5: 6613254 72d9727b248c5e8ac1ffe6699989b546 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-9ubuntu4.2_i386.deb Size/MD5: 6612872 6fa80a2c5f9fb4ef86fc37f5948eb7ea powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-9ubuntu4.2_powerpc.deb Size/MD5: 6621726 45ad75a62c903f80ccaed21d8bff8e0f sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-9ubuntu4.2_sparc.deb Size/MD5: 6620818 7dc3bc18e981e78fa7d9e18bda151ecc Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.8-2ubuntu2.1.diff.gz Size/MD5: 203009 ee4a019ea676c82f040bad51a13f2a04 http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.8-2ubuntu2.1.dsc Size/MD5: 819 53355a3ca08c288d785123da51dbb10e http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.8.orig.tar.gz Size/MD5: 6856039 b9308ea3ffe8dd447458338408d46bd6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.8-2ubuntu2.1_amd64.deb Size/MD5: 8017888 34628b56f38515676c840c10f2aa100d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.8-2ubuntu2.1_i386.deb Size/MD5: 8016276 18b60f0774f2f664d5505391834ed0c6 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.8-2ubuntu2.1_powerpc.deb Size/MD5: 8025122 20b2783ab25dd270751211463fdedc77 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.8-2ubuntu2.1_sparc.deb Size/MD5: 8023672 02dd507266718e196abef08311a995b5 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-4ubuntu1.2.diff.gz Size/MD5: 142531 2e32aeebcbf3d45e498d4241bf1cf0c8 http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-4ubuntu1.2.dsc Size/MD5: 981 0c8c78087bcf0213f17013c94fea9764 http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9.orig.tar.gz Size/MD5: 7829201 dd51472470f9eafb04f64da372444835 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-4ubuntu1.2_amd64.deb Size/MD5: 8606862 74502c6c9e9a8bb277c6f741abd46541 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-4ubuntu1.2_i386.deb Size/MD5: 8605384 46330ecad45d07957ac827e5f8e944e2 powerpc architecture (Apple
[Full-disclosure] Troopers08 Security Conference, 23/24 April (Munich/Germany)
Troopers08 Presentations Keynote on Invulnerable Software - Dan Bernstein KIDS - Kernel Intrusion Detection System - Rodrigo Branco State of Security - Andrew Cushman, Microsoft Release of the next revision of the free Exploit-Me series of application penetration testing tools - Nish Bhalla, Security Compass Side Channel Analysis - Job de Haas, Riscure Hackertools according to German law (? 202c StGB) - Horst Speichert, Lawyer Hardening Oracle in Corporate Environments - Alexander Kornbrust, Red-Database-Security Virtualization: There is no spoon - Michael Kemp Straight Talk about Cryptography - Jon Callas, PGP Evilgrade: You have pending upgrades - Francisco Amato Self defending networks - hype or essential need for international organisations? - Rolf Strehle, VOITH AG Keynote Virtualization: Floor Wax, Dessert Topping and The End of Information Security As We Know It? - Christopher Hoff, Unisys GPUs, password recovery and thunder tables - Andrey Belenko, ElcomSoft Incident Management - tasks and organization. - Volker Kozok, German Ministry of Defense A penetration testing learning kit - Ariel Waissbein, Core Security Organizing and analyzing logdata with entropy - Sergey Bratus, Dartmouth College Hacking Second Life(TM) - Michael Thumann, ERNW GmbH Enterprise Webapplication Security [EMAIL PROTECTED] S.E., Dr. Johannes Raab Thomas Stocker, Allianz S.E. Tapping $$$ Enterprises - Pierre Kroma Virtual Honey Pots - Thorsten Holz, Universitaet Mannheim SCADA and National Critical Infrastructures: is security an optional? - Raoul Chiesa Data Loss Protection - Hope or Hype? - Enno Rey Angus Blitter -- Additional Pre-Con Latenight Talks PacketWars Evening Fun check out www.troopers08.org! thanks, -- Enno Rey ERNW GmbH - Breslauer Str. 28 - 69124 Heidelberg - www.ernw.de Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 PGP FP 055F B3F3 FE9D 71DD C0D5 444E C611 033E 3296 1CC1 Handelsregister Heidelberg: HRB 7135 Geschaeftsfuehrer: Roland Fiege, Enno Rey ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200803-23 ] Website META Language: Insecure temporary file usage
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Website META Language: Insecure temporary file usage Date: March 15, 2008 Bugs: #209927 ID: 200803-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple insecure temporary file vulnerabilities have been discovered in the Website META Language. Background == Website META Language is a free and extensible Webdesigner's off-line HTML generation toolkit for Unix. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-lang/wml 2.0.11-r3= 2.0.11-r3 Description === Temporary files are handled insecurely in the files wml_backend/p1_ipp/ipp.src, wml_contrib/wmg.cgi, and wml_backend/p3_eperl/eperl_sys.c, allowing users to overwrite or delete arbitrary files with the privileges of the user running the program. Impact == Local users can exploit the insecure temporary file vulnerabilities via symlink attacks to perform certain actions with escalated privileges. Workaround == Restrict access to the temporary directory to trusted users only. Resolution == All Website META Language users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-lang/wml-2.0.11-r3 References == [ 1 ] CVE-2008-0665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0665 [ 2 ] CVE-2008-0666 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0666 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-23.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH3EVJuhJ+ozIKI5gRAjhXAJ9QOlvhQXkdO+xOUpf2XHnrRUf82QCfetQD djft0/We2+F+f5zP0Uo4rI8= =C1oY -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
