Re: [Full-disclosure] Why FD should unban n3td3v.
GO SUCK A LEMON -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Lane Christiansen Sent: 31. august 2009 06:07 To: John Q Publix Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Why FD should unban n3td3v. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To: Full-Disclosure At: Sun Aug 30 23:05:55 CDT 2009 I agree completely. n3td3v et. al. annoy me, but I like freedom of speech. ;) Censorship reflects a society's lack of confidence in itself. It is a hallmark of an authoritarian regime. --Potter Stewart _ )) ___ _ _ __ ((__ ((_( ((\( ((' -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkqbTCMACgkQv5kzl5yG7jcikQCdFg7fvyyfB8tW4250CduLiHKp k24Ani6X2SlLQYfEM8QEN3YgywSpNPNo =nzRh -END PGP SIGNATURE- On Sun, Aug 30, 2009 at 8:56 PM, John Q Publixjohnqpubl...@hush.com wrote: Some of you may call n3td3v annoying, others may call him funny, but others may genuinely value his comments on the list. Leave it up to the reader to decide. FD exists to be unmoderated and uncensored. This list is a great thing, and I'm requesting that it be restored to it's former glory. While I'm no fan of n3td3v, censoring him sets a dangerous precedent. If I wanted to filter out his mails client-side, I still could btw. Just don't censor him on the server. Just my 2 cents. john q public ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Illustrating the Linux sock_sendpage() NULL pointer dereference on Power/Cell BE Architecture
I've released an exploit for the Linux sock_sendpage() NULL pointer dereference[1], discovered by Tavis Ormandy and Julien Tinnes. This exploit was written to illustrate the exploitability of this vulnerability on Power/Cell BE architecture. The exploit makes use of the SELinux and the mmap_min_addr problem to exploit this vulnerability on Red Hat Enterprise Linux 5.3 and CentOS 5.3. The problem, first noticed by Brad Spengler, was described by Red Hat in Red Hat Knowledgebase article: Security-Enhanced Linux (SELinux) policy and the mmap_min_addr protection[2]. Support for i386 and x86_64 was added for completeness. For a more complete implementation, refer to Brad Spengler's exploit[3], which also implements the personality trick[4] published by Tavis Ormandy and Julien Tinnes. Linux kernel versions from 2.4.4 to 2.4.37.4, and from 2.6.0 to 2.6.30.4 are vulnerable. The exploit was tested on: * CentOS 5.3 (2.6.18-128.7.1.el5) is not vulnerable * CentOS 5.3 (2.6.18-128.4.1.el5) * CentOS 5.3 (2.6.18-128.2.1.el5) * CentOS 5.3 (2.6.18-128.1.16.el5) * CentOS 5.3 (2.6.18-128.1.14.el5) * CentOS 5.3 (2.6.18-128.1.10.el5) * CentOS 5.3 (2.6.18-128.1.6.el5) * CentOS 5.3 (2.6.18-128.1.1.el5) * CentOS 5.3 (2.6.18-128.el5) * CentOS 4.8 (2.6.9-89.0.9.EL) is not vulnerable * CentOS 4.8 (2.6.9-89.0.7.EL) * CentOS 4.8 (2.6.9-89.0.3.EL) * CentOS 4.8 (2.6.9-89.EL) * Red Hat Enterprise Linux 5.3 (2.6.18-128.7.1.el5) is not vulnerable * Red Hat Enterprise Linux 5.3 (2.6.18-128.4.1.el5) * Red Hat Enterprise Linux 5.3 (2.6.18-128.2.1.el5) * Red Hat Enterprise Linux 5.3 (2.6.18-128.1.16.el5) * Red Hat Enterprise Linux 5.3 (2.6.18-128.1.14.el5) * Red Hat Enterprise Linux 5.3 (2.6.18-128.1.10.el5) * Red Hat Enterprise Linux 5.3 (2.6.18-128.1.6.el5) * Red Hat Enterprise Linux 5.3 (2.6.18-128.1.1.el5) * Red Hat Enterprise Linux 5.3 (2.6.18-128.el5) * Red Hat Enterprise Linux 4.8 (2.6.9-89.0.9.EL) is not vulnerable * Red Hat Enterprise Linux 4.8 (2.6.9-89.0.7.EL) * Red Hat Enterprise Linux 4.8 (2.6.9-89.0.3.EL) * Red Hat Enterprise Linux 4.8 (2.6.9-89.EL) * SUSE Linux Enterprise Server 11 (2.6.27.19-5) * SUSE Linux Enterprise Server 10 SP2 (2.6.16.60-0.21) * Ubuntu 8.10 (2.6.27-14) is not vulnerable * Ubuntu 8.10 (2.6.27-11) * Ubuntu 8.10 (2.6.27-9) * Ubuntu 8.10 (2.6.27-7) The exploit is available at our exploits section or directly at the following address: http://www.risesecurity.org/exploits/linux-sendpage.c Please, let me know if you have any questions or comments. Also, feel free to leave a comment at: http://www.risesecurity.org/entry/illustrating-linux-sock_sendpage-null-pointer/ [1] http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html [2] http://kbase.redhat.com/faq/docs/DOC-18042 [3] http://www.grsecurity.net/~spender/wunderbar_emporium2.tgz [4] http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html Best regards, Ramon signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] windows future
On Sun, 30 Aug 2009 01:09:55 BST, lsi said: The biological metaphor does suggest that Microsoft would take some kind of evasive action, and I think their only option is to license unix, just as Apple did (although Apple did it for different reasons). Doing this will solve many problems, they can keep their proprietary interface and their reputation, and possibly even their licensing and marketing models, while under the hood, unix saves the day. Unlikely to work - there's just Too Damned Many legacy binaries that have all sorts of dependencies on undocumented quirks of the Windows APIs. So you end up needing to use a Wine-like shim to provide the API the binaries need - and if the shim is good enough for the backward-combatable binaries, it's *also* good enough for the malware to attack. If IE9 has a bug and some Javascript scribbles something into the 'Documents' folder, that Javascript really doesn't care if it's a Documents folder on a real Windows box, or one that's in a directory being managed by a shim on a Unix/Linux box. All it cares about is that it *behaves* like a Documents folder. Hint: If a Windows user's home directory is on a remote file share, it really doesn't care if it's a Genuine Windows(TM) or a Samba share, does it? Heck, it doesn't even know/care if its domain controller is Windows or Samba. All it cares is that the file share and the DC *act* like Windows. And unfortunately, that's true for both legitimate binaries and malware. pgphsCyqnpSar.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday
Confirmed. Ask yourselves why your fuzzers haven't found that one - Combination of MKDIR are required before reaching vuln code ? -- http://blog.zoller.lu Thierry Zoller ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday
Dear Thierry Zoller, I think yes, MKDIR is required. It should be variation of S99-003/MS02-018. fuzzer should be very smart to create directory and user both oversized buffer and ../ in NLST - it makes path longer than MAX_PATH with existing directory. --Monday, August 31, 2009, 8:21:12 PM, you wrote to full-disclosure@lists.grok.org.uk: TZ Confirmed. TZ Ask yourselves why your fuzzers haven't found that one - Combination of TZ MKDIR are required before reaching vuln code ? -- Skype: Vladimir.Dubrovin ~/ZARAZA http://securityvulns.com/ Жало мне не понадобится (С. Лем) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1875-1] New ikiwiki packages fix information disclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1875-1 secur...@debian.org http://www.debian.org/security/ Moritz Muehlenhoff August 31, 2009 http://www.debian.org/security/faq - Package: ikiwiki Vulnerability : missing input sanitising Problem type : remote Debian-specific: no CVE Id(s) : CVE-2009-2944 Josh Triplett discovered that the blacklist for potentially harmful TeX code of the teximg module of the Ikiwiki wiki compiler was incomplete, resulting in information disclosure. The old stable distribution (etch) is not affected. For the stable distribution (lenny), this problem has been fixed in version 2.53.4. For the unstable distribution (sid), this problem has been fixed in version 3.1415926. We recommend that you upgrade your ikiwiki package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_2.53.4.tar.gz Size/MD5 checksum: 768022 d2ab889b5aa29ed5c4910aebc5d10c82 http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_2.53.4.dsc Size/MD5 checksum: 1095 d4c29cc8a5c5e57bf73dff92738d2383 Architecture independent packages: http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_2.53.4_all.deb Size/MD5 checksum: 911086 6eac3777f3b38bc7e7a4a53571440b6e These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-annou...@lists.debian.org Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkqcBysACgkQXm3vHE4uylrTEACfXVWcIirFP8onN9L+/lsqFpP8 8osAniQWmqVnSE9TSFqpgZxVV9rXqF0n =G95e -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday
Hello list, I have to clarify some things on the globbing vulnerability here. The posted PoC (with the fine art) does NOT exploit IIS6 ftp servers, IIS6 ftp server IS affected by the buffer overflow but is properly protected by stack canaries. AFAIK it looks like a DoS on Windows Server 2003. Until someone finds a way to bypass Stack Canaries on recent Windows versions this remains a DoS on IIS6. Thanks to HD Moore and all people in the past you wrote exploits for my releases! Kudos! Nikolaos 2009/8/31 Kingcope kco...@googlemail.com: (see attachment) Cheerio, Kingcope ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0820: Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server 1. *Advisory Information* Title: Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server Advisory ID: CORE-2009-0820 Advisory URL: http://www.coresecurity.com/content/dnsmasq-vulnerabilities Date published: 2009-08-31 Date of last update: 2009-08-31 Vendors contacted: Simon Kelley Release mode: Coordinated release 2. *Vulnerability Information* Class: Buffer overflow Remotely Exploitable: Yes Locally Exploitable: No Bugtraq ID: 36120, 36121 CVE Name: CVE-2009-2957, CVE-2009-2958 3. *Vulnerability Description* Dnsmasq is a lightweight DNS forwarder and DHCP server. A vulnerability has been found that may allow an attacker to execute arbitrary code on servers or home routers running dnsmasq[1] with the TFTP service[2][3] enabled ('--enable-tfp'). This service is not enabled by default on most distributions; in particular it is not enabled by default on OpenWRT or DD-WRT. Chances of successful exploitation increase when a long directory prefix is used for TFTP. Code will be executed with the privileges of the user running dnsmasq, which is normally a non-privileged one. Additionally there is a potential DoS attack to the TFTP service by exploiting a null-pointer dereference vulnerability. 4. *Vulnerable packages* . dnsmasq 2.40. . dnsmasq 2.41. . dnsmasq 2.42. . dnsmasq 2.43. . dnsmasq 2.44. . dnsmasq 2.45. . dnsmasq 2.46. . dnsmasq 2.47. . dnsmasq 2.48. . dnsmasq 2.49. . Older versions are probably affected too, but they were not checked. 5. *Non-vulnerable packages* . dnsmasq 2.50 6. *Vendor Information, Solutions and Workarounds* If the TFTP service is enabled and patching is not available immediately, a valid workaround is to filter TFTP for untrusted hosts in the network (such as the Internet). This is the default configuration when enabling TFTP on most home routers. Patches are already available from the software author. Most distributions should release updates for binary packages soon. 7. *Credits* The heap-overflow vulnerability (CVE-2009-2957) was discovered during Bugweek 2009 by Pablo Jorge and Alberto Solino from the team Los Herederos de Don Pablo of Core Security Technologies. The null-pointer dereference (CVE-2009-2958) was reported to the author of dnsmasq independently by an uncredited code auditor. It was merged with this advisory for user's convenience. 8. *Technical Description* 8.1. *Heap Overflow vulnerability (CVE-2009-2957, BID 36121)* First let's focus on the overflow vulnerability. The 'tftp_request' calls 'strncat' on 'daemon-namebuff', which has a predefined size of 'MAXDNAME' bytes (defaulting to 1025). /--- else if (filename[0] == '/') daemon-namebuff[0] = 0; strncat(daemon-namebuff, filename, MAXDNAME); - ---/ This may cause a heap overflow because 'daemon-namebuff' may already contain data, namely the configured 'daemon-tftp_prefix' passed to the daemon via a configuration file. /--- if (daemon-tftp_prefix) { if (daemon-tftp_prefix[0] == '/') daemon-namebuff[0] = 0; strncat(daemon-namebuff, daemon-tftp_prefix, MAXDNAME) - ---/ The default prefix is '/var/tftpd', but if a longer prefix is used, arbitrary code execution may be possible. Sending the string resulting from the execution of the following python snippet to a vulnerable server, with a long enough directory prefix configured, should crash the daemon. /--- import sys sys.stdout.write( '\x00\x01' + A*1535 + '\x00' + netascii + '\x00' ) - ---/ 8.2. *Null-pointer Dereference vulnerability (CVE-2009-2958, BID 36120)* Now onto the null-pointer dereference. The user can crash the service by handcrafting a packet, because of a problem on the guard of the first if inside this code loop: /--- while ((opt = next(p, end))) { if (strcasecmp(opt, blksize) == 0 (opt = next(p, end)) !(daemon-options OPT_TFTP_NOBLOCK)) { transfer-blocksize = atoi(opt); if (transfer-blocksize 1) transfer-blocksize = 1; if (transfer-blocksize (unsigned)daemon-packet_buff_sz - 4) transfer-blocksize = (unsigned)daemon-packet_buff_sz - 4; transfer-opt_blocksize = 1; transfer-block = 0; } if (strcasecmp(opt, tsize) == 0 next(p, end) !transfer-netascii) { transfer-opt_transize = 1; transfer-block = 0; } } - ---/ The problem exists because the guard of the first if includes the result of 'opt = next(p, end)' as part of the check. If this returns 'NULL', the guard will fail and in the next if 'strcasecmp(opt, tsize)' will derrefence the null-pointer. 9. *Report Timeline* . 2009-08-20: Core
Re: [Full-disclosure] Why FD should unban n3td3v.
The readers did decide, that's why he's banned. If you still like reading his garbage go find whatever bridge he's currently living under and subscribe. If you believe that the days with n3td3v on the list were FD's glory days you're either ignorant or stupid. On Mon, Aug 31, 2009 at 1:56 AM, John Q Publixjohnqpubl...@hush.com wrote: Some of you may call n3td3v annoying, others may call him funny, but others may genuinely value his comments on the list. Leave it up to the reader to decide. FD exists to be unmoderated and uncensored. This list is a great thing, and I'm requesting that it be restored to it's former glory. While I'm no fan of n3td3v, censoring him sets a dangerous precedent. If I wanted to filter out his mails client-side, I still could btw. Just don't censor him on the server. Just my 2 cents. john q public ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday
why would anyone write a 0day with... # bug found exploited by Kingcope, kcope2atgooglemail.com # Affects IIS6 with stack cookie protection # August 2009 - KEEP THIS 0DAY PRIV8 ... then plaster it all over the internet? have you forgotten what you, yourself wrote? if you guys really wanna get that famous.. perhaps you should consider a new career - nobody even likes h4ck3rs these days anyway (especially james and da internet po-po). and please put a fkn' sleep in ur while(1)'s after a fork()... it appears as though you couldn't WAIT to get this one out... /rd remember to always r1d3 d1r7y n' bounce em. On Mon, 31 Aug 2009 16:31:51 -0400 Kingcope kco...@googlemail.com wrote: Hello list, I have to clarify some things on the globbing vulnerability here. The posted PoC (with the fine art) does NOT exploit IIS6 ftp servers, IIS6 ftp server IS affected by the buffer overflow but is properly protected by stack canaries. AFAIK it looks like a DoS on Windows Server 2003. Until someone finds a way to bypass Stack Canaries on recent Windows versions this remains a DoS on IIS6. Thanks to HD Moore and all people in the past you wrote exploits for my releases! Kudos! Nikolaos 2009/8/31 Kingcope kco...@googlemail.com: (see attachment) Cheerio, Kingcope ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday
Nice find Kingcope, As Thierry mentioned it, i guess it was a pain to find it, nice one as always, your finding rocks. Cheers 2009/8/31 r1d1nd1rty r1d1nd1...@hush.com why would anyone write a 0day with... # bug found exploited by Kingcope, kcope2atgooglemail.com # Affects IIS6 with stack cookie protection # August 2009 - KEEP THIS 0DAY PRIV8 ... then plaster it all over the internet? have you forgotten what you, yourself wrote? if you guys really wanna get that famous.. perhaps you should consider a new career - nobody even likes h4ck3rs these days anyway (especially james and da internet po-po). and please put a fkn' sleep in ur while(1)'s after a fork()... it appears as though you couldn't WAIT to get this one out... /rd remember to always r1d3 d1r7y n' bounce em. On Mon, 31 Aug 2009 16:31:51 -0400 Kingcope kco...@googlemail.com wrote: Hello list, I have to clarify some things on the globbing vulnerability here. The posted PoC (with the fine art) does NOT exploit IIS6 ftp servers, IIS6 ftp server IS affected by the buffer overflow but is properly protected by stack canaries. AFAIK it looks like a DoS on Windows Server 2003. Until someone finds a way to bypass Stack Canaries on recent Windows versions this remains a DoS on IIS6. Thanks to HD Moore and all people in the past you wrote exploits for my releases! Kudos! Nikolaos 2009/8/31 Kingcope kco...@googlemail.com: (see attachment) Cheerio, Kingcope ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] VMSA-2009-0011 VMware Studio 2.0 addresses a security issue in the public beta version of Studio 2.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - VMware Security Advisory Advisory ID: VMSA-2009-0011 Synopsis: VMware Studio 2.0 addresses a security issue in the public beta version of Studio 2.0 Issue date:2009-08-31 Updated on:2009-08-31 (initial release of advisory) CVE numbers: CVE-2009-2968 - 1. Summary VMware Studio 2.0 resolves a directory traversal vulnerability that was present in the VMware Studio 2.0 public beta. 2. Relevant releases VMware VMware Studio 2.0 public beta 3. Problem Description a. Directory traversal vulnerability Due to incomplete sanitation of user input, a support component of VMware Studio's web interface can be tricked into uploading a file to any directory inside the VMware Studio virtual appliance. This issue does not affect virtual machines that are created with Studio 2.0 beta. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2968 to this issue. VMware would like to thank Claudio Criscione of Secure Network for reporting this issue to us. VMware Product Running Replace with/ ProductVersion on Apply Patch = === = VMware Studio 1.0 VMware not affected VMware Studio 2.0 beta VMware VMware Studio 2.0 build 1017-185256 VMware Studio 2.0 VMware not affected 4. Solution Please review the patch/release notes for your product and version and verify the sha1sum and/or the md5sum of your downloaded file. VMware Studio 2.0 build 1017-185256 --- http://www.vmware.com/support/developer/studio/ Release notes: http://www.vmware.com/support/developer/studio/studio20/release_notes.html VMware Studio appliance in ZIP (md5sum:58cb40704d12f4ec329b887ae729aba9) (sha1sum:2931a6a4de7e77016d08c6539cab93a6304ab452) VMware Studio appliance in OVA Deployment URL: http://download3.vmware.com/software/studio/studio20/VMware_Studio-2.0.0.1017-185256_OVF10.ova (md5sum:0b0edb02865ae935bcffcccbf346adc2) (sha1sum:f126339ab0de5b684e60ab7dfd50ddb15f2391cc) VMware Studio appliance in OVF 1.0 Deployment URL: http://download3.vmware.com/software/studio/studio20/VMware_Studio-2.0.0.1017-185256_OVF10.ovf (md5sum:a3dfca29578a75b0440be3419396c85c) (sha1sum:67f08e73de18ddeea257fefe6475f289d643ad77) VMware Studio appliance in OVF 0.9 Deployment URL: http://download3.vmware.com/software/studio/studio20/VMware_Studio-2.0.0.1017-185256_OVF09.ovf (md5sum:959c61270dc872be2f5e65e59480852d) (sha1sum:ac3c2d612f0b877f10ca607467b6a95b31ed3dd7) VMDK associated to the OVF 1.0 and OVF 0.9 descriptor (md5sum:617ec59063d2ba180b19f680fb1b49b1) (sha1sum:eb1d474cde175a9e042c9613eae31822843394cf) VMware Studio Plugin for Eclipse in ZIP (md5sum:9970df718f08f92c053758187c979293) (sha1sum:2d5a9a8d3d68faa3afd317b148f060a74cbd359a) 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2968 - 6. Change log 2009-08-31 VMSA-2009-0011 Initial security advisory after release of Studio 2.0 on 2009-08-31. - 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2009 VMware Inc. All rights reserved. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) iD8DBQFKnLHmS2KysvBH1xkRAlUSAJ90vZzWYrMUgNwmnk1EWRTEyF+pKgCffeLt sMSBGdvumE+14/pi4woV46Q= =jbNX -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/