[Full-disclosure] [ MDVSA-2009:031 ] avahi

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2009:031
 http://www.mandriva.com/security/
 ___

 Package : avahi
 Date: January 30, 2009
 Affected: 2008.0, 2008.1, 2009.0
 ___

 Problem Description:

 A vulnerability has been discovered in Avahi before 0.6.24, which
 allows remote attackers to cause a denial of service (crash) via a
 crafted mDNS packet with a source port of 0 (CVE-2008-5081).
 
 The updated packages have been patched to prevent this.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5081
 ___

 Updated Packages:

 Mandriva Linux 2008.0:
 1b56b1eb5bead43beae5c96d42a9a8be  
2008.0/i586/avahi-0.6.21-2.1mdv2008.0.i586.rpm
 8ce4c40b4b456c1a3c6c08e7603887a4  
2008.0/i586/avahi-dnsconfd-0.6.21-2.1mdv2008.0.i586.rpm
 4554358ce9aedfdbd91a0bdd2b513638  
2008.0/i586/avahi-python-0.6.21-2.1mdv2008.0.i586.rpm
 63b58ca8886d8933e06e47bb748a2c98  
2008.0/i586/avahi-sharp-0.6.21-2.1mdv2008.0.i586.rpm
 98ee1e65f66bb225da58473c72e359c9  
2008.0/i586/avahi-sharp-doc-0.6.21-2.1mdv2008.0.i586.rpm
 1566ac97a6952b2c3b8a48f25ec142fd  
2008.0/i586/avahi-x11-0.6.21-2.1mdv2008.0.i586.rpm
 f492e026cbe09b142f382124ba399e76  
2008.0/i586/libavahi-client3-0.6.21-2.1mdv2008.0.i586.rpm
 750dfed5028ae010425ed2fc929366a1  
2008.0/i586/libavahi-client3-devel-0.6.21-2.1mdv2008.0.i586.rpm
 b634fb27a0916ad34cc0906c9ed430bc  
2008.0/i586/libavahi-common3-0.6.21-2.1mdv2008.0.i586.rpm
 f3fcecc013ebb9656acf4480ae4ec786  
2008.0/i586/libavahi-common3-devel-0.6.21-2.1mdv2008.0.i586.rpm
 509bf54e4b4806a333699c1be3f6f279  
2008.0/i586/libavahi-compat-howl0-0.6.21-2.1mdv2008.0.i586.rpm
 3d7b2e1d2737b13299f362858ce1e2d9  
2008.0/i586/libavahi-compat-howl0-devel-0.6.21-2.1mdv2008.0.i586.rpm
 7794f14970fb9db04ba7b72115ee12db  
2008.0/i586/libavahi-compat-libdns_sd1-0.6.21-2.1mdv2008.0.i586.rpm
 7f1446cf7b3e792f8cfbcd8f5cc437e0  
2008.0/i586/libavahi-compat-libdns_sd1-devel-0.6.21-2.1mdv2008.0.i586.rpm
 dd81e324b362fa6f2d1dbf83beb6f762  
2008.0/i586/libavahi-core5-0.6.21-2.1mdv2008.0.i586.rpm
 1554c8860f3404cde74c9edb76dfdcb7  
2008.0/i586/libavahi-core5-devel-0.6.21-2.1mdv2008.0.i586.rpm
 6f2515efb842992e70fdb7c531947992  
2008.0/i586/libavahi-glib1-0.6.21-2.1mdv2008.0.i586.rpm
 5deaaf13547b88abc6404ad0ccf38c23  
2008.0/i586/libavahi-glib1-devel-0.6.21-2.1mdv2008.0.i586.rpm
 cf0b6ebdd0045d704189c2cf5453f8de  
2008.0/i586/libavahi-qt3_1-0.6.21-2.1mdv2008.0.i586.rpm
 70497963db8920dec2646ddb33033d8e  
2008.0/i586/libavahi-qt3_1-devel-0.6.21-2.1mdv2008.0.i586.rpm
 1d6ffdaed849403723e91b3f86f052b4  
2008.0/i586/libavahi-qt4_1-0.6.21-2.1mdv2008.0.i586.rpm
 bdc1dec1e8d7ab58e87b6ae4ce425340  
2008.0/i586/libavahi-qt4_1-devel-0.6.21-2.1mdv2008.0.i586.rpm
 334b9bb60f890ddc10af1b857f002c7b  
2008.0/i586/libavahi-ui1-0.6.21-2.1mdv2008.0.i586.rpm
 cac123ea958f242f31d04670492a47da  
2008.0/i586/libavahi-ui1-devel-0.6.21-2.1mdv2008.0.i586.rpm 
 182d2542851fb35536527c70473d305d  
2008.0/SRPMS/avahi-0.6.21-2.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 39e5c59d11cc690006e2a51f1c9bf126  
2008.0/x86_64/avahi-0.6.21-2.1mdv2008.0.x86_64.rpm
 72357f9ef6da33623508bf69ad50a750  
2008.0/x86_64/avahi-dnsconfd-0.6.21-2.1mdv2008.0.x86_64.rpm
 34984f3c6829ccdf395ec9d4d1dba8e5  
2008.0/x86_64/avahi-python-0.6.21-2.1mdv2008.0.x86_64.rpm
 63e7405880cbcb0eb834f9b3f7832ff9  
2008.0/x86_64/avahi-sharp-0.6.21-2.1mdv2008.0.x86_64.rpm
 850feaec3d0344416b397f9650105665  
2008.0/x86_64/avahi-sharp-doc-0.6.21-2.1mdv2008.0.x86_64.rpm
 8c39aadfc914894bb3691a13d81177d7  
2008.0/x86_64/avahi-x11-0.6.21-2.1mdv2008.0.x86_64.rpm
 d4d3ca6750dd1472aed76e691d0df87c  
2008.0/x86_64/lib64avahi-client3-0.6.21-2.1mdv2008.0.x86_64.rpm
 13a0405c41e57811e9707abfac0d8864  
2008.0/x86_64/lib64avahi-client3-devel-0.6.21-2.1mdv2008.0.x86_64.rpm
 30dc7116f22641206f8d9aa533dbdecc  
2008.0/x86_64/lib64avahi-common3-0.6.21-2.1mdv2008.0.x86_64.rpm
 1561b7b47d1777bec739243cfae0c9f9  
2008.0/x86_64/lib64avahi-common3-devel-0.6.21-2.1mdv2008.0.x86_64.rpm
 4605c3490967d5098129b6bdad068e54  
2008.0/x86_64/lib64avahi-compat-howl0-0.6.21-2.1mdv2008.0.x86_64.rpm
 4e391c6932c8cffb5cd0a78a0bc905b5  
2008.0/x86_64/lib64avahi-compat-howl0-devel-0.6.21-2.1mdv2008.0.x86_64.rpm
 4980b2fec6b99c04c3baf71754c7e180  
2008.0/x86_64/lib64avahi-compat-libdns_sd1-0.6.21-2.1mdv2008.0.x86_64.rpm
 d96ae24a9e3b8bc1c21f972535be2524  
2008.0/x86_64/lib64avahi-compat-libdns_sd1-devel-0.6.21-2.1mdv2008.0.x86_64.rpm
 8a336627eab7e6905ca90eccf45eaa6f  
2008.0/x86_64/lib64avahi-core5-0.6.21-2.1mdv2008.0.x86_64.rpm
 dd320a2c741261a29debff672e923e49  
2008.0/x86_64/lib64avahi-core5-devel-0.6.21-2.1m

[Full-disclosure] [ MDVSA-2009:032 ] kernel

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2009:032
 http://www.mandriva.com/security/
 ___

 Package : kernel
 Date: January 30, 2009
 Affected: 2009.0
 ___

 Problem Description:

 Some vulnerabilities were discovered and corrected in the Linux
 2.6 kernel:
 
 net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8
 and earlier allows local users to cause a denial of service (kernel
 infinite loop) by making two calls to svc_listen for the same socket,
 and then reading a /proc/net/atm/*vc file, related to corruption of
 the vcc table. (CVE-2008-5079)
 
 Linux kernel 2.6.28 allows local users to cause a denial of service
 (soft lockup and process loss) via a large number of sendmsg function
 calls, which does not block during AF_UNIX garbage collection
 and triggers an OOM condition, a different vulnerability than
 CVE-2008-5029. (CVE-2008-5300)
 
 Additionaly, wireless and hotkeys support for Asus EEE were fixed,
 systems with HDA sound needing MSI support were added to the quirks
 list to be autodetected, STAC92HD71Bx and STAC92HD75Bx based HDA
 support was enhanced and fixed, support for HDA sound on Acer Aspire
 8930 was added, Dell Inspiron Mini 9 HDA sound support was added, CIFS
 filesystem should now work with Kerberos, and a few more things. Check
 the package changelog for details.
 
 To update your kernel, please follow the directions located at:
 
   http://www.mandriva.com/en/security/kernelupdate
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5300
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5079
 https://qa.mandriva.com/43332
 https://qa.mandriva.com/44855
 https://qa.mandriva.com/45838
 https://qa.mandriva.com/46164
 https://qa.mandriva.com/44988
 https://qa.mandriva.com/45136
 ___

 Updated Packages:

 Mandriva Linux 2009.0:
 20710ef4f450699d30e3de433b338eed  
2009.0/i586/alsa_raoppcm-kernel-2.6.27.10-desktop-1mnb-0.5.1-2mdv2008.0.i586.rpm
 44abdc390fb8b1031871907debf5a8c1  
2009.0/i586/alsa_raoppcm-kernel-2.6.27.10-desktop586-1mnb-0.5.1-2mdv2008.0.i586.rpm
 ebb537a63e543712699158fb70671214  
2009.0/i586/alsa_raoppcm-kernel-2.6.27.10-server-1mnb-0.5.1-2mdv2008.0.i586.rpm
 4785cce5fe8c09dd698175b09a313837  
2009.0/i586/alsa_raoppcm-kernel-desktop586-latest-0.5.1-1.20090130.2mdv2008.0.i586.rpm
 d17314a15a5a95ae40fcba932a3538f3  
2009.0/i586/alsa_raoppcm-kernel-desktop-latest-0.5.1-1.20090130.2mdv2008.0.i586.rpm
 22bee5d2d94ec29740c9fd0c82df1752  
2009.0/i586/alsa_raoppcm-kernel-server-latest-0.5.1-1.20090130.2mdv2008.0.i586.rpm
 eb01235af40d7479ead2966b2df03b80  
2009.0/i586/drm-experimental-kernel-2.6.27.10-desktop-1mnb-2.3.0-2.20080912.1mdv2009.0.i586.rpm
 568abeb8e721168fa9c232bee9d52dcf  
2009.0/i586/drm-experimental-kernel-2.6.27.10-desktop586-1mnb-2.3.0-2.20080912.1mdv2009.0.i586.rpm
 005e5430e003e2a4415c41973d5f6b9a  
2009.0/i586/drm-experimental-kernel-2.6.27.10-server-1mnb-2.3.0-2.20080912.1mdv2009.0.i586.rpm
 465fdea6b0edf6b5918764ca5a505f91  
2009.0/i586/drm-experimental-kernel-desktop586-latest-2.3.0-1.20090130.2.20080912.1mdv2009.0.i586.rpm
 09fbc68a7274849e4c36e6e37cefe67d  
2009.0/i586/drm-experimental-kernel-desktop-latest-2.3.0-1.20090130.2.20080912.1mdv2009.0.i586.rpm
 4ae9589547ad0971c0b13dfccee1c5aa  
2009.0/i586/drm-experimental-kernel-server-latest-2.3.0-1.20090130.2.20080912.1mdv2009.0.i586.rpm
 7b99e8cdd7e559f26461c2b67442b339  
2009.0/i586/et131x-kernel-2.6.27.10-desktop-1mnb-1.2.3-7mdv2009.0.i586.rpm
 c169f9623557fd9085dd40be7e108a00  
2009.0/i586/et131x-kernel-2.6.27.10-desktop586-1mnb-1.2.3-7mdv2009.0.i586.rpm
 ba4cb92297452ae62fae8c2edf317d0f  
2009.0/i586/et131x-kernel-2.6.27.10-server-1mnb-1.2.3-7mdv2009.0.i586.rpm
 59edf18fe68c22695b19596da9d45ddd  
2009.0/i586/et131x-kernel-desktop586-latest-1.2.3-1.20090130.7mdv2009.0.i586.rpm
 e42f9aea1c2412a825d2df516926b1af  
2009.0/i586/et131x-kernel-desktop-latest-1.2.3-1.20090130.7mdv2009.0.i586.rpm
 eee7d2c28fa7abd121d990e8fc2c9e02  
2009.0/i586/et131x-kernel-server-latest-1.2.3-1.20090130.7mdv2009.0.i586.rpm
 a8b3f0b374cacde79e2270650a593890  
2009.0/i586/fcpci-kernel-2.6.27.10-desktop-1mnb-3.11.07-7mdv2009.0.i586.rpm
 7dd1d6bdbb7164baaf81e689a0537c63  
2009.0/i586/fcpci-kernel-2.6.27.10-desktop586-1mnb-3.11.07-7mdv2009.0.i586.rpm
 8d30b732b2269b66cc382a9f18e1aaf5  
2009.0/i586/fcpci-kernel-2.6.27.10-server-1mnb-3.11.07-7mdv2009.0.i586.rpm
 aaa0e4a9aa1dd69c01374ae8c4472695  
2009.0/i586/fcpci-kernel-desktop586-latest-3.11.07-1.20090130.7mdv2009.0.i586.rpm
 e6f580ae8a826fff638d76e7301e092c  
2009.0/i586/fcpci-kernel-desktop-latest-3.11.07-1.20090130.7mdv2009

Re: [Full-disclosure] Administrivia: Spring Cleaning

[Jeremy Brown]

Create a blacklist for blacklists, then use Guninski's solution. Simple :)

On Fri, Jan 30, 2009 at 9:14 PM, Bipin Gautam  wrote:
> On 1/31/09, Georgi Guninski  wrote:
>> 2. you fail to realize that blacklisting is not a solution - ask the
>> antivirus sellers. it is much cpu-wise to filter the *known* few
>> accounts of n3td3v instead of reading every email saying "*X* sux much"
>> sent from a pseudo dummy email created at the cost of solving a
>> captcha.
>>
>>
>
> Georgi, please run a mailing list first and put your *practical*
> experience into theory...
>
> n3td3v was a simple problem, and this is the only solution. n3td3v may
> create different email id and post but he will be tired after
> being ban for a hundred times / hundred tries.
>
> chill...
>
> -bipin
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Administrivia: Spring Cleaning

[Bipin Gautam]

On 1/31/09, Georgi Guninski  wrote:
> 2. you fail to realize that blacklisting is not a solution - ask the
> antivirus sellers. it is much cpu-wise to filter the *known* few
> accounts of n3td3v instead of reading every email saying "*X* sux much"
> sent from a pseudo dummy email created at the cost of solving a
> captcha.
>
>

Georgi, please run a mailing list first and put your *practical*
experience into theory...

n3td3v was a simple problem, and this is the only solution. n3td3v may
create different email id and post but he will be tired after
being ban for a hundred times / hundred tries.

chill...

-bipin

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control

[Michael Holstein]

> Have any of you guys heard of RFID?

Yeah .. wouldn't it make more sense to just build one that reads the 
AVID chip most pets have in them anyway?

Then again .. I think the point was to deny entry if kitty was bringing 
in a prize.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Administrivia: Spring Cleaning

[Georgi Guninski]

On Fri, Jan 30, 2009 at 02:32:05PM +, John Cartwright wrote:
> Hi
> 
> I have recently begun some 'spring cleaning' of the Full-Disclosure list.
>

0. i would like this list to be unmoderated (not sold like \aleph_1's
one)
1. ads like hosted and sponsored by $lamers is not a good idea
2. you fail to realize that blacklisting is not a solution - ask the
antivirus sellers. it is much cpu-wise to filter the *known* few
accounts of n3td3v instead of reading every email saying "*X* sux much"
sent from a pseudo dummy email created at the cost of solving a
captcha.

-- 
EOM






































___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Aint no such thing as cyberwar...

[Valdis . Kletnieks]

"Last week IWMP received a phone call from a colleague in Central Asia.
Apparently, Kyrgyzstan is under a massive denial of service attack. Three of
four ISPs have been taken down, and their upstream providers in Russia, and
Kazakhstan are refusing to pass traffic because of the scale of the attacks. At
this stage, the motivation appears to be political, and follows several
political/mass media websites which have been blocked in the past two weeks by
Kyrgyz authorities. The suspicion is that the current DOS attacks are
commercial -- commissioned and similar to those we reported back in 2005. IWMP
will investigate these attacks to see if we can establish any similarities
between these attacks and those used against Estonia and Georgia ( as this
would indicate the use of commercial botnets). Separately, the blocking of
major websites in Kyrgyzstan suggests that IWMP should probably move this
country up the relative scale of importance for monitoring cyberwar around the
world."

http://www.infowar-monitor.net/modules.php?op=modload&name=News&file=article&sid=2149&mode=thread&order=0&thold=0

If it isn't cyberwar, we're gonna need to use a new word to describe this - and
then figure out how to get everybody to use the new word instead of cyberwar.



pgpjpsRSwDNcM.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control

[Jordan Bray]

On Fri, Jan 30, 2009 at 11:57 AM, Charles Morris wrote:

> On Thu, Jan 29, 2009 at 6:04 PM, hack ery 
> wrote:
> > Security Risk:  High
> > Exploitable: Local
> > Vulnerability: Arbitrary Flow Control Control, Cat Spoofing
> > Discovered by: The Hackery Channel
> > Tested: No
> >
> > The Flow Control project is an access control project for a cat.  It
> > consists of a cat door, an electromagnetic latch, a access control
> device,
> > and image recognition software that allows Flow to enter the house, and
> only
> > when she is not carrying prey.  When Flow is within proximity of the
> door,
> > she passes through a light that casts a shadow on an area monitored by a
> > camera.  If the silouhette, appears to be  Flow without prey, access is
> > granted.
> >
> > Cat Spoofing:  An attacker could potentially gain access by posing as a
> > kitty by placing a cut out of the kitty next to the light.
> >
> > Mitigation: None.
> > Work around: Guard dog
> > Vendor Notified: No
> > Vendor Site: http://www.quantumpicture.com/Flo_Control/flo_control.htm
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
> The solution of course would be to clone the system and take a
> vertical image, creating a decent 3-D map of the Cat attempt. What
> about two-factor authentication? I'm thinking a mass spectrometer
> reading in combination with the facial recognition. That could detect
> a Cat spoofing and/or brute-force attack with a bust or cardboard
> cut-outs. With any biometric authentication it's going to be expensive
> and have all kinds of bugs and quirks... just teach him a password..
> sheesh.

Have any of you guys heard of RFID?

-- 
/me
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Browser Fuzzer 2

[Krakow Labs]

Krakow Labs Development

Browser Fuzzer 2 (bf2) is a comprehensive web browser fuzzer that fuzzes 
CSS, DOM, HTML and JavaScript.

bf2 is available @ www.krakowlabs.com 

-KL

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control

[Valdis . Kletnieks]

On Thu, 29 Jan 2009 17:04:53 CST, hack ery said:
> 
> Security Risk:  High
> Exploitable: Local
> Vulnerability: Arbitrary Flow Control Control, Cat Spoofing
> Discovered by: The Hackery Channel

Note the additional possibility of a brute force attack:

http://icanhascheezburger.files.wordpress.com/2009/01/funny-pictures-your-cat-is-ready-to-admit-he-gained-weight.jpg


pgpYNe7XWQjIC.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control

[Charles Morris]

On Thu, Jan 29, 2009 at 6:04 PM, hack ery  wrote:
> Security Risk:  High
> Exploitable: Local
> Vulnerability: Arbitrary Flow Control Control, Cat Spoofing
> Discovered by: The Hackery Channel
> Tested: No
>
> The Flow Control project is an access control project for a cat.  It
> consists of a cat door, an electromagnetic latch, a access control device,
> and image recognition software that allows Flow to enter the house, and only
> when she is not carrying prey.  When Flow is within proximity of the door,
> she passes through a light that casts a shadow on an area monitored by a
> camera.  If the silouhette, appears to be  Flow without prey, access is
> granted.
>
> Cat Spoofing:  An attacker could potentially gain access by posing as a
> kitty by placing a cut out of the kitty next to the light.
>
> Mitigation: None.
> Work around: Guard dog
> Vendor Notified: No
> Vendor Site: http://www.quantumpicture.com/Flo_Control/flo_control.htm
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

The solution of course would be to clone the system and take a
vertical image, creating a decent 3-D map of the Cat attempt. What
about two-factor authentication? I'm thinking a mass spectrometer
reading in combination with the facial recognition. That could detect
a Cat spoofing and/or brute-force attack with a bust or cardboard
cut-outs. With any biometric authentication it's going to be expensive
and have all kinds of bugs and quirks... just teach him a password..
sheesh.

-- 
Charles Morris
   cmor...@cs.odu.edu,
   cmor...@occs.odu.edu

Network Security Administrator,
Software Developer

Office of Computing and Communications Services,
CS Systems Group  Old Dominion University
http://www.cs.odu.edu/~cmorris

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Administrivia: Spring Cleaning

[John Cartwright]

Hi

I have recently begun some 'spring cleaning' of the Full-Disclosure list.

Those individuals who have proven themselves incapable of behaving in
an open environment are no longer welcome, and I am in the process
of removing the accounts of those concerned.

Primarily, Mr Wallace will no longer be participating, and I will waste 
no time in deleting any further email addresses associated with this 
individual as and when they are discovered.

Please refrain from adding to the noise whilst this process is completed.

I'd like to thank those ex-subscribers who took the time to point out their
reasons for leaving, giving me the justification I needed.

Comments are welcome off-list (unless you are n3td3v, in which case I really
don't care what you have to say any more).

Cheers
- John

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Solaris IPv6 DoS vulnerabilities (was: Solaris Devs Are Smoking Pot)

[Michael Simpson]

On 1/30/09, GomoR  wrote:
>
> This vulnerability only exists when setting next header to 0x3c
> or does it work with other values ?
>
> My guess is that we have a more general issue here.
>
> --
>  ^  ___  ___ http://www.GomoR.org/  <-+
>  | / __ |__/   Research Engineer  |
>  | \__/ |  \ ---[ zsh$ alias psed='perl -pe ' ]---|
>  +-->  Net::Frame <=> http://search.cpan.org/~gomor/  <---+
>

Sun Alert 251006 has been published here for this issue:



This corresponds to Sun bugID 6797796 has been addressed in build 108 of
OpenSolaris / Indiana:



mike

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] ANNOUNCE - RFIDIOt 0.1w released - January 2009

[Adam Laurie]

Hi,

I've been working on adding Global Platform functionality to non-PC/SC 
devices so folks with LAHF and HF ACG devices can play with JCOP 
cards... It's not quite there yet, but jcoptool.py is a work in progress 
which currently supports printing manufacturer info and card contents. 
I'll be working on installing/deleting applets next.

Other fixes are mostly to do with e-passports...

 From CHANGES:

v0.w
fix ACG reset/info sequence in RFIDIOt.py
fix facial image display bug in mrpkey.py where conversion is required 
[Andreas Schmidt]
fix RANDOM_UID setting in jcop_mifare_access.cap/jcopmifare.py (you will 
need a secret key from NXP)
add jcoptool.py - JCOP toolkit (work in progress)
mrpkey.py changes:
   fix binary mode when reading files under Windows (for WRITE to card)
   fix computation of composite checksum digit
   support reading non-BAC passports
   specify a dummy MRZ or simply the keyword 'PLAIN' for Plain Access if 
there is no Basic Access Control
   support writing non-BAC passports (only for vonJeek cards)
   new commands SETBAC and UNSETBAC to toggle the BAC mode on vonJeek cards
   extract & display signature image stored in DG7, if any
   fix bug in Jpeg 2000 handling & add Jpeg 2000 support for DG7
   better error handling if PCSC daemon is down or no reader is found
   support clone mode by specifying PLAIN/MRZ and WRITE: first read then 
write
   support shortened MRZ (as in mrp0wn)
   strip AA & EAC by default when writing, set STRIP_INDEX=False to 
disable stripping
change Makefile to match vonJeek gpshell files (upload2jcop.gpsh & 
upload2nokia.gpsh)

Full details here:

   http://rfidiot.org

BTW, I'm giving a course with Zac Franken at BH Europe in April, and USA 
in July if you want to get hands on with this stuff...

   http://www.blackhat.com/html/bh-europe-09/train-bh-eu-09-zf.html

cheers,
Adam
-- 
Adam Laurie Tel: +44 (0) 20 7993 2690
Suite 117   Fax: +44 (0) 1308 867 949
61 Victoria Road
Surbiton
Surrey  mailto:a...@algroup.co.uk
KT6 4JX http://rfidiot.org

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Solaris IPv6 DoS vulnerabilities (was: Solaris Devs Are Smoking Pot)

[GomoR]

On Mon, Jan 26, 2009 at 08:23:45AM +0100, Kingcope Kingcope wrote:
[..]
> unsigned char rawData[] =
> "\x60\xfc\x57\x29\x00\x00\x3c\x56\x6f\x35\x40\x72\x70\x2f\x52\x58"
> "\xcc\x95\x12\x79\x30\xbb\xbe\x25\xfe\x80\x00\x00\x00\x00\x00\x00"
> "\x02\x0c\x29\xff\xfe\xf1\x1e\xbb";
[..]

% perl -MNet::Frame::Simple -e 'print Net::Frame::Simple->new(raw => 
"\x60\xfc\x57\x29\x00\x00\x3c\x56\x6f\x35\x40\x72\x70\x2f\x52\x58\xcc\x95\x12\x79\x30\xbb\xbe\x25\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x0c\x29\xff\xfe\xf1\x1e\xbb",firstLayer
 => 'IPv6')->print."\n"'
Unable to unpack next layer, not yet implemented in layer: 0:IPv6
IPv6: version:6  trafficClass:0x0f  flowLabel:0xc5729  nextHeader:0x3c
IPv6: payloadLength:0  hopLimit:86
IPv6: src:6f35:4072:702f:5258:cc95:1279:30bb:be25  dst:fe80::20c:29ff:fef1:1ebb

So this vulnerability is due to an implementation flaw in the 
parsing of IPv6 Destination Header (0x3c). Of course, there is 
no IPv6 DH to parse :)

This vulnerability only exists when setting next header to 0x3c 
or does it work with other values ?

My guess is that we have a more general issue here.

-- 
  ^  ___  ___ http://www.GomoR.org/  <-+
  | / __ |__/   Research Engineer  |
  | \__/ |  \ ---[ zsh$ alias psed='perl -pe ' ]---|
  +-->  Net::Frame <=> http://search.cpan.org/~gomor/  <---+

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Security Psychology

[James Rankin]

God damn. I thought you had finally gone. Another address for the spam
folder.

2009/1/30 hackthegov 

> On Sun, Jan 25, 2009 at 4:55 AM, Gadi Evron  wrote:
> > I am currently engaged in research looking into the Estonian cyber war
> >
> > Gadi Evron.
> >
>
> It wasn't a cyber war, for crying out load.
>
> Andrew
> Intelligencer &
> Founder of n3td3v
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Security Psychology

[hackthegov]

On Sun, Jan 25, 2009 at 4:55 AM, Gadi Evron  wrote:
> I am currently engaged in research looking into the Estonian cyber war
>
> Gadi Evron.
>

It wasn't a cyber war, for crying out load.

Andrew
Intelligencer &
Founder of n3td3v

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SECURITY] [DSA 1704-2] Updated netatalk packages fix denial of service

[Nico Golde]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- --
Debian Security Advisory DSA 1704-2secur...@debian.org
http://www.debian.org/security/ Nico Golde
January 30th, 2009  http://www.debian.org/security/faq
- --

Package: netatalk
Vulnerability  : arbitrary code execution
Problem type   : remote
Debian-specific: no
CVE ID : CVE-2008-5718
Debian Bug : 510585

The update in DSA 1704-1 was incomplete as it missed to escape a few
important characters which enabled an attacker to overwrite arbitrary
files.

It was discovered that netatalk, an implementation of the AppleTalk
suite, is affected by a command injection vulnerability when processing
PostScript streams via papd.  This is leading to arbitrary remote
code execution.  Note that this only affects installations that are
configured to use a pipe command in combination with wildcard symbols
substituted with values of the printed job.

For the stable distribution (etch) this problem has been fixed in
version 2.0.3-4+etch2.

For the unstable distribution (sid) this problem has been fixed in
version 2.0.4~beta2-1.1.

We recommend that you upgrade your netatalk package.


Upgrade Instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2.diff.gz
Size/MD5 checksum:27721 434f6f5d9457398a673ec69bb30307ab
  
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2.dsc
Size/MD5 checksum:  822 24e5e47499a0a1dfd5431e4a6155b7b3
  
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3.orig.tar.gz
Size/MD5 checksum:  1920570 17917abd7d255d231cc0c6188ccd27fb

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_alpha.deb
Size/MD5 checksum:   869730 bde96c1e64bb233907f09030707dff2a

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_amd64.deb
Size/MD5 checksum:   751502 b8a5955988a0d59901faf4ed0464fbd6

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_arm.deb
Size/MD5 checksum:   729434 2037b3d25d6014b3349a7eff040eddb7

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_hppa.deb
Size/MD5 checksum:   800406 0d3f791475418ce8d4dcff2b4a5ac0b5

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_i386.deb
Size/MD5 checksum:   706692 f9d73cc2e974b8d3ad968d94def616f3

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_ia64.deb
Size/MD5 checksum:  1007912 d6322917392bd75b00b00ba3d50e125f

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_mips.deb
Size/MD5 checksum:   765606 6f09e63d5663495b21954510e56ba2eb

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_mipsel.deb
Size/MD5 checksum:   773460 ae5779311e770d841fd819df94a13179

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_powerpc.deb
Size/MD5 checksum:   757730 c6eed701024c155a9e08306d16edd6a9

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_s390.deb
Size/MD5 checksum:   770510 bdf58f88ed39829c7defcb0d7b623b88

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch2_sparc.deb
Size/MD5 checksum:   712126 8ea90b6e13fb5f136badaa3878a61474


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-annou...@lists.debian.org

[Full-disclosure] [OPENX-SA-2009-001] OpenX 2.4.10 and 2.6.4 fix multiple vulnerabilities

[Matteo Beccati]

OpenX security advisoryOPENX-SA-2009-001

Advisory ID:   OPENX-SA-2009-001
Date:  2009-Jan-30
Security risk: Moderately critical
Applications affetced: OpenX
Versions affected: <= 2.4.9, <= 2.6.3
Versions not affected: >= 2.4.10, >= 2.6.4




Multiple vulnerabilities: XSS, SQL inection, directory traversal


Description
---
A security review of OpenX 2.6.3 was recently being conducted on Openx
2.6.3 by Sarid Harper on behalf of Secunia and reported to us. One of
the vulnerabilities was also independently discovered by Charlie Briggs
and disclosed on milw0rm.com, forcing Secunia to publish the research
results before our fix releases were ready.

The review contains a list of 22 items for multiple vulnerabilities
ranging from XSS to SQL injection to directory traversal. Some are only
exploitable by authenticated users, others can be conducted by
unauthenticated users.

All the the items were fixed in OpenX 2.6 and backported to 2.4 when
applicable. New versions of both OpenX 2.6 and 2.4 have been released.

Solution

 - Upgrade to OpenX 2.4.10 or 2.6.4

References
--
 - http://secunia.com/advisories/32197/
 - http://www.milw0rm.com/exploits/7883
 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0291

Timeline

2009-Jan-20: Secunia reported the security review results to OpenX
2009-Jan-20: OpenX started investigation and scheduled the fixes
 according to the company release plans
2009-Jan-26: the fc.php MAX_type vulnerability was independently
 discovered and disclosed
2009-Jan-27: an OpenX user reported the link to our forums
2009-Jan-27: Secunia was forced to disclose the entire review
2009-Jan-29: OpenX 2.4.10 and 2.6.4 were released by OpenX


Contact informations


The security contact for OpenX can be reached at:



Best regards

-- 
Matteo Beccati

OpenX - http://www.openx.org

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control

[Jeremy Brown]

Forget cats, watch out for the ligers!

On Fri, Jan 30, 2009 at 2:50 AM, Nancy Kramer  wrote:
> Another cat not carrying prey would also work well.  Lots of stray cats
> like to come in when it is cold so this could very likely happen.  The cat
> the device was bought for could also attract other cats that would follow
> it into the house.  Some cats are quite social and have "friends".  This
> should maybe be called cat spoofing as the cat this device was intended for
> is not the cat getting entry.
>
> Lots of fun finding strange cats in your house at 3AM.  Note;  Cats tend to
> be nocturnal.  You don't need any kind of high tech device for this.  Just
> open the door for your cat and others may come in.  Cats are fast so it is
> hard to keep them out.  Besides they are awake and you are probably NOT.
>
> Been there done that.
>
> Regards,
>
> Nancy Kramer
>
>
>
>
>
> At 06:04 PM 1/29/2009, hack ery wrote:
>
>>Security Risk:  High
>>Exploitable: Local
>>Vulnerability: Arbitrary Flow Control Control, Cat Spoofing
>>Discovered by: The Hackery Channel
>>Tested: No
>>
>>The Flow Control project is an access control project for a cat.  It
>>consists of a cat door, an electromagnetic latch, a access control device,
>>and image recognition software that allows Flow to enter the house, and
>>only when she is not carrying prey.  When Flow is within proximity of the
>>door, she passes through a light that casts a shadow on an area monitored
>>by a camera.  If the silouhette, appears to be  Flow without prey, access
>>is granted.
>>
>>Cat Spoofing:  An attacker could potentially gain access by posing as a
>>kitty by placing a cut out of the kitty next to the light.
>>
>>Mitigation: None.
>>Work around: Guard dog
>>Vendor Notified: No
>>Vendor Site:
>>http://www.quantumpicture.com/Flo_Control/flo_control.htm
>>___
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - http://secunia.com/
>>
>>No virus found in this incoming message.
>>Checked by AVG.
>>Version: 7.5.552 / Virus Database: 270.10.15/1924 - Release Date:
>>1/29/2009 5:57 PM
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG.
> Version: 7.5.552 / Virus Database: 270.10.15/1924 - Release Date: 1/29/2009 
> 5:57 PM
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/