[Full-disclosure] [Full-censorship]: Tarik Maliq and Michael Faulkner
Subject: Tarik Maliq Topic: Telephone Terrorist per SmokingGun.com BTW: The owner of this list is blocking and filtering mail on this list. You can't make new emails. I hope this gets lifted. Sorry for earlier this month JohnC... ~==~~~== OFFICIAL N3TD3V INTELLIGENCE REPORT =~~~==~ zf0 ~ royal antisec ~zf0 F U L LC E N S O R S H I P 100% D I S C L O S U RE 100% TOTAL INFORMATION AWARENESS GARY MCKINNON HAS ASPERGERS... ... SO HE CAN DO NO WRONG! n3td3v takes full responsibility for the information mentioned herein.Everyone in this document is innocent until proven guilty. If you have any disagreement you're free to waive your right to attorney and confess. Whatever the case, you will be at a loss. And enjoy btw. Name: Tarik Maliq Race: Middle Eastern, Pakistan Country of location: Canada Age: 25 (of 2009) Known troll group: Pranknet Job: Jobless, lives with mom Fail: Failed hosting business Former Address: 1637 Assumption Street Apt B Windsor, Ontario, Canada Pictures: http://tinyurl.com/tariq-malik-lazyeye http://tinyurl.com/tarik-maliq-yearbook http://tinyurl.com/tariq-malik-oldapt Smoking Gun TinyURL: http://tinyurl.com/pranknet-smokinggun Tarik Maliq the troll, you have been defeated and subsequently memorialized on the internet by FULL-CENSORSHIP. Permanence. We are a movement to rid the security intelligence community of trolls. ~~ I'd also like to go ahead here and publish information regards Michael Faulkner. He is the warez downloading guy from Dallas, Texas. Crydon, CygonX. He has a pretty big melt down. And we at n3td3v are laughing, because we hate criminals. You know this guy is guilty as hell and he's squirming... The FBI played dirty with him so he would go into verbal vomit mode. Now the US Attorney get his juicy statements. :) *salivates* Michael Faulkner. Faulkner fakes death, criticizes informant who narc'd on him. 2009-10-14. URL:http://uwwwb.com/. Accessed: 2009-10- 14. (Archived by WebCite® at http://www.webcitation.org/5kVy0YMCl) Michael Faulkner. FBI Raid. . 2009-10-14. URL:http://uwwwb.com/FBIRaid.html. Accessed: 2009-10-14. (Archived by WebCite® at http://www.webcitation.org/5kVy60fG6) Michael Faulkner. FBI Raid update. . 2009-10-14. URL:http://uwwwb.com/update.html. Accessed: 2009-10-14. (Archived by WebCite® at http://www.webcitation.org/5kVy8kEOb) Michael Faulkner. FBI / Government rant. . 2009-10-14. URL:http://uwwwb.com/rant.html. Accessed: 2009-10-14. (Archived by WebCite® at http://www.webcitation.org/5kVyAii7u ~~~ www.twitter.com/n3td3v F U L L C E N S O R S H I P (The movement, By Beethoven) n3td3v intel underground Winners don't do drugs 2009 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [AntiSnatchOr] Eclipse BIRT = 2.2.1 Reflected XSS
Eclipse BIRT = 2.2.1 Reflected XSS Vendor: Eclipse Advisory: http://antisnatchor.com/2008/12/18/eclipse-birt-reflected-xss/ Author: Michele euronymous Orrù (euronymous AT antisnatchor DOT com) Quite a common problem in a lot of Java based applications: reflected XSS in Java stack trace. A Reflected XSS is present in the _report parameter: here below the modified request (that is the BIRT 2.2.1 version included in Konakart 2.2.6) GET /birt-viewer/run?__report='iframe%20src=javascript:alert(666)r=-703171660 HTTP/1.1 Host: localhost:8780 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Referer: http://localhost:8780/konakartadmin/ Konakart is actually using org.eclipse.birt.core_2.2.1.r22x_v20070924, that is actually old. - Disclosure timeline: 2008-12-17 11:04:15 EST : Vendor Contacted 2009-02-11 03:39:09 EST: Bug fix 2009-03-09 05:32:42 EDT: Patches verified on 2.5.0 - CREDITS Michele euronymous Orru' - LEGAL NOTICES Copyright (c) 2009 Michele euronymous Orru' Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without mine express written consent. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email me for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1908-1] New samba packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1908-1secur...@debian.org http://www.debian.org/security/ Nico Golde October 14th, 2009 http://www.debian.org/security/faq - -- Package: samba Vulnerability : several Problem type : local/remote Debian-specific: no Debian bug : none CVE ID : CVE-2009-2948 CVE-2009-2906 CVE-2009-2813 Several vulnerabilities have been discovered in samba, an implementation of the SMB/CIFS protocol for Unix systems, providing support for cross-platform file and printer sharing with other operating systems and more. The Common Vulnerabilities and Exposures project identifies the following problems: The mount.cifs utility is missing proper checks for file permissions when used in verbose mode. This allows local users to partly disclose the content of arbitrary files by specifying the file as credentials file and attempting to mount a samba share (CVE-2009-2948). A reply to an oplock break notification which samba doesn't expect could lead to the service getting stuck in an infinite loop. An attacker can use this to perform denial of service attacks via a specially crafted SMB request (CVE-2009-2906). A lack of error handling in case no home diretory was configured/specified for the user could lead to file disclosure. In case the automated [homes] share is enabled or an explicit share is created with that username, samba fails to enforce sharing restrictions which results in an attacker being able to access the file system from the root directory (CVE-2009-2813). For the oldstable distribution (etch), this problem will be fixed soon. For the stable distribution (lenny), this problem has been fixed in version 2:3.2.5-4lenny7. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 2:3.4.2-1. We recommend that you upgrade your samba packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Debian (stable) - --- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7.dsc Size/MD5 checksum: 1830 7cc3718e19bbad5aa7099889c6c503a5 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5.orig.tar.gz Size/MD5 checksum: 50276407 0f7539e09803ae60a2912e70adf1c747 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7.diff.gz Size/MD5 checksum: 235342 836141a1924843383cc385e544c933e5 Architecture independent packages: http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny7_all.deb Size/MD5 checksum: 7952438 630b57065388404b8a9fe3e9e111dc47 http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny7_all.deb Size/MD5 checksum: 6252326 cded2ecbaa3fd39bd215dbb4ec666d4c alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_alpha.deb Size/MD5 checksum: 1945142 a6804ba408657cc4c89c80b0d6e4b8a4 http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_alpha.deb Size/MD5 checksum: 1078442 0bedbb5cdb5ca36f52d2e1d1a6015804 http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_alpha.deb Size/MD5 checksum: 3273896 082fdadedaf0234b97a8aefc1ef62d8a http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_alpha.deb Size/MD5 checksum: 2572542 ed15d1a7aa9c065986a8e896d63479e2 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_alpha.deb Size/MD5 checksum: 4830106 58ed5cd28d4c43d07195d013cf25553f http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_alpha.deb Size/MD5 checksum: 1461944 71adea7a3b47b65f8df4f3dc5efc4422 http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_alpha.deb Size/MD5 checksum:81488 d521efbda414cf6d4a588873442eb987 http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_alpha.deb Size/MD5 checksum: 5730522 cca571adc80b833e7d9c45d5dd7fa103
[Full-disclosure] Multiple Vulnerabilities in Adobe Acrobat / Reader
Multiple Vulnerabilities in Adobe Acrobat / Reader 2009.October.13 Summary: Fortinet discovers multiple vulnerabilities in Adobe Reader / Acrobat which may allow a remote attacker to compromise a system. Impact: Remote Code Execution / Denial of Service (DoS). Risk: Critical. Affected Software: Adobe Reader 9.1.3 and earlier versions for Windows, Macintosh and UNIX Adobe Acrobat 9.1.3 and earlier versions for Windows and Macintosh Additional Information: Four vulnerabilities were discovered in Adobe Reader / Acrobat, each of which are highlighted below: FG-VD-09-015: Memory corruption vulnerability in Javascript implementation (CVE-2009-3460) FG-VD-09-017: Denial of service through an ActiveX control specific to the OS, in AcroPDF.DLL (CVE-2009-2987) FG-VD-09-018: Denial of service through an input validation issue in annots.api (CVE-2009-2988) FG-VD-09-023: Memory corruption vulnerability in Javascript implementation (CVE-2009-2996) Solutions: Use the solution provided by Adobe (APSB09-15). The FortiGuard Global Security Research Team released a signature Adobe.Acrobat.JS.Collab.Memory.Corruption, which covers a vulnerability listed in CVE-2009-2996. The FortiGuard Global Security Research Team released a signature Adobe.Acrobat.ActiveX.Control.DoS, which covers a vulnerability listed in CVE-2009-2987. The FortiGuard Global Security Research Team released a signature Adobe.Acrobat.JS.Collab.DoS, which covers a vulnerability listed in CVE-2009-2988. The FortiGuard Global Security Research Team released a signature FG-VD-09-015-Adobe, which covers a vulnerability listed in CVE-2009-3460. Fortinet customers who subscribe to Fortinet’s intrusion prevention (IPS) service should be protected against these vulnerabilities. Fortinet’s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle. References: Adobe Security Bulletin: http://www.adobe.com/support/security/bulletins/apsb09-15.html CVE ID: CVE-2009-3460 (FG-VD-09-015) CVE ID: CVE-2009-2987 (FG-VD-09-017) CVE ID: CVE-2009-2988 (FG-VD-09-018) CVE ID: CVE-2009-2996 (FG-VD-09-023) Acknowledgment: Zhenhua Liu and XiaoPeng Zhang of Fortinet's FortiGuard Global Security Research Team For Discovering: CVE-2009-2987, CVE-2009-2988, CVE-2009-2996 Haifei Li of Fortinet's FortiGuard Global Security Research Team For Discovering: CVE-2009-3460 Disclaimer: Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. More specific information is available on request from Fortinet. Please note that Fortinet's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing. About Fortinet ( www.fortinet.com ): Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Everfocus EDSR remote authentication bypass
** Product: Everfocus EDSR series Version affected: 1.4 and older Website: http://www.everfocus.com/ Discovered By: Andrea Fabrizi Email: andrea.fabr...@gmail.com Web: http://www.andreafabrizi.it Vuln: remote DVR applet authentication bypass ** The EDSR firmware don't handle correctly users authentication and sessions. This exploit let you to connect to every remote DVR (without username and password) and see the live cams :) Exploit: http://www.andreafabrizi.it/files/EverFocus_Edsr_Exploit.tar.gz I discovered this vulnerability one year ago and i have informed the vendor, but apparently there is no solution at this time. -- Andrea Fabrizi http://www.andreafabrizi.it ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:277 ] samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:277 http://www.mandriva.com/security/ ___ Package : samba Date: October 14, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0 ___ Problem Description: Multiple vulnerabilities has been found and corrected in samba: The SMB (aka Samba) subsystem in Apple Mac OS X 10.5.8, when Windows File Sharing is enabled, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories (CVE-2009-2813). smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet (CVE-2009-2906). mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option (CVE-2009-2948). The versions of samba shipping with Mandriva Linux CS4/MES5/2008.1/2009.0/2009.1 have been updated to the latest version that includes the fixes for these issues. Additionally for 2009.1 the version upgrade provides many upstream bug fixes such as improved Windows(tm) 7 support. The version for CS3 has been patched to address these security issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948 http://www.samba.org/samba/security/CVE-2009-2813.html http://www.samba.org/samba/security/CVE-2009-2906.html http://www.samba.org/samba/security/CVE-2009-2948.html ___ Updated Packages: Mandriva Linux 2008.1: 4f552578709de0466d922e8a0759f8be 2008.1/i586/libsmbclient0-3.0.37-0.1mdv2008.1.i586.rpm 9bb10c3a99989ddb6c3479c8cd6d 2008.1/i586/libsmbclient0-devel-3.0.37-0.1mdv2008.1.i586.rpm cecadda3b37593746894536d2392d5c1 2008.1/i586/libsmbclient0-static-devel-3.0.37-0.1mdv2008.1.i586.rpm 7edfbf4deea7b57e7c7db53c85d62a41 2008.1/i586/mount-cifs-3.0.37-0.1mdv2008.1.i586.rpm 7a4a8d4577893ef1a0b410d1d2a1420e 2008.1/i586/nss_wins-3.0.37-0.1mdv2008.1.i586.rpm 236a200f0fea567b71b2fc6b2ab76d01 2008.1/i586/samba-client-3.0.37-0.1mdv2008.1.i586.rpm 1ab41b7a86e1100ebfc0f8a3f3c7585a 2008.1/i586/samba-common-3.0.37-0.1mdv2008.1.i586.rpm e26405b50094478abf9c8e6f0cecb4d1 2008.1/i586/samba-doc-3.0.37-0.1mdv2008.1.i586.rpm 92c5ee7aa8a23df6f8e63e721d6cd1eb 2008.1/i586/samba-server-3.0.37-0.1mdv2008.1.i586.rpm 4192000a9c943240cc49285172a4365a 2008.1/i586/samba-swat-3.0.37-0.1mdv2008.1.i586.rpm 4979847252345d54d1ca4d57f2eab2f7 2008.1/i586/samba-vscan-icap-3.0.37-0.1mdv2008.1.i586.rpm 47272746a7af49923bd4f7599905a533 2008.1/i586/samba-winbind-3.0.37-0.1mdv2008.1.i586.rpm 814b5cbb37717cfb25d86de35231c436 2008.1/SRPMS/samba-3.0.37-0.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: ced0d1b4aebfc1dcf3640e2d0eb22668 2008.1/x86_64/lib64smbclient0-3.0.37-0.1mdv2008.1.x86_64.rpm 9d4efa92699f9cfa9cb67cbfc8e0bf80 2008.1/x86_64/lib64smbclient0-devel-3.0.37-0.1mdv2008.1.x86_64.rpm b951dd85f7b5520615a8bfa9efa94e15 2008.1/x86_64/lib64smbclient0-static-devel-3.0.37-0.1mdv2008.1.x86_64.rpm c989e22b38dd6190655a6a147d9b4320 2008.1/x86_64/mount-cifs-3.0.37-0.1mdv2008.1.x86_64.rpm 1c5d88beecca4b39e814c865f67d67f1 2008.1/x86_64/nss_wins-3.0.37-0.1mdv2008.1.x86_64.rpm c4c16d39b64ab8a63f9a04af29984cf3 2008.1/x86_64/samba-client-3.0.37-0.1mdv2008.1.x86_64.rpm 1afe4d19ed5ad2409c03399dd23bde51 2008.1/x86_64/samba-common-3.0.37-0.1mdv2008.1.x86_64.rpm 9913781e24af986bbdace14171361726 2008.1/x86_64/samba-doc-3.0.37-0.1mdv2008.1.x86_64.rpm ebe658ed48038b5cce733c78775e2948 2008.1/x86_64/samba-server-3.0.37-0.1mdv2008.1.x86_64.rpm 9db457d2ec2e6694eedc71e65686e075 2008.1/x86_64/samba-swat-3.0.37-0.1mdv2008.1.x86_64.rpm c53a88fc82dd5a7ddc4c33c606a50ce6 2008.1/x86_64/samba-vscan-icap-3.0.37-0.1mdv2008.1.x86_64.rpm f6419abf5f60d68a7f5255a24493ca94 2008.1/x86_64/samba-winbind-3.0.37-0.1mdv2008.1.x86_64.rpm 814b5cbb37717cfb25d86de35231c436 2008.1/SRPMS/samba-3.0.37-0.1mdv2008.1.src.rpm Mandriva Linux 2009.0:
[Full-disclosure] Secunia Research: Microsoft Office BMP Image Colour Handling Integer Overflow
== Secunia Research 14/10/2009 - Microsoft Office BMP Image Colour Handling Integer Overflow - == Table of Contents Affected Software1 Severity.2 Vendor's Description of Software.3 Description of Vulnerability.4 Solution.5 Time Table...6 Credits..7 References...8 About Secunia9 Verification10 == 1) Affected Software * Microsoft Office XP == 2) Severity Rating: Highly critical Impact: System compromise Where: Remote == 3) Vendor's Description of Software Microsoft Office is a complete suite of productivity and database software that will help you save time and stay organized. Product Link: http://office.microsoft.com/ == 4) Description of Vulnerability Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow when processing the number of colours used in a bitmap image. This can be exploited to cause a heap-based buffer overflow via a specially crafted bitmap image. Successful exploitation may allow execution of arbitrary code. == 5) Solution Apply patches. == 6) Time Table 15/08/2008 - Vendor notified. 15/08/2008 - Vendor response. 21/08/2008 - Vendor provides status update. 04/09/2008 - Additional information provided to the vendor. 04/09/2008 - Vendor response. 17/09/2008 - Additional information provided to the vendor. 26/09/2008 - Additional information provided to the vendor. 26/09/2008 - Vendor response. 16/01/2009 - Vendor provides status update. 20/02/2009 - Vendor provides status update. 24/04/2009 - Vendor provides status update. 14/10/2009 - Public disclosure. == 7) Credits Discovered by Carsten Eiram, Secunia Research. == 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2009-2518 for the vulnerability. == 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ == 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2008-37/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ == ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities Advisory ID: cisco-sa-20091014-cup Revision 1.0 For Public Release 2009 October 14 1600 UTC (GMT) +- Summary === Cisco Unified Presence contains two denial of service (DoS) vulnerabilities that may cause an interruption to presence services. These vulnerabilities were discovered internally by Cisco, and there are no workarounds. Cisco has released free software updates that address these vulnerabilities. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20091014-cup.shtml Affected Products = Vulnerable Products +-- The following products are affected: * Cisco Unified Presence 1.x versions * Cisco Unified Presence 6.x versions prior to 6.0(6) * Cisco Unified Presence 7.x versions prior to 7.0(4) Administrators of systems running Cisco Unified Presence can determine the software version by viewing the main page of the Cisco Unified Presence Administration interface. The software version can be determined by running the command show version active via the Command Line Interface (CLI). Products Confirmed Not Vulnerable + No other Cisco products are currently known to be affected by these vulnerabilities. Details === Network Flooding Vulnerability +- Cisco Unified Presence contains a denial of service (DoS) vulnerability that may cause the TimesTenD process to fail when TCP ports 16200 or 22794 are flooded with connections. TCP 3-way handshakes must be completed for the attack to be successful. The TimesTenD process will be automatically restarted upon failure. This vulnerability is documented in Cisco Bug ID CSCsy17662 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-2874. Network Connection Tracking Vulnerability + Cisco Unified Presence contains a DoS vulnerability that involves the tracking of network connections by the embedded firewall. An attacker can overwhelm the table that is used to track network connections and prevent new connections from being established to system services by establishing many TCP connections with a vulnerable system. Any service that listens to a TCP port on a vulnerable system could be affected by this vulnerability. This vulnerability is documented in Cisco Bug ID CSCsw52371 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-2052. Vulnerability Scoring Details = Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCsy17662 - TimesTenD Coredump During TCP Flood CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact- None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsw52371 - CUP: IP_Conntrack Fills Up During TCP Flood Attack CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact- None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact == Successful exploitation of any of the vulnerabilities may result in the interruption of presence services. Software Versions and Fixes === When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. Cisco Unified Presence version 6.0(6) is available at the following link: http://tools.cisco.com/support/downloads/go/ReleaseType.x?optPlat=isPlatform=Ymdfid=281010019sftType=Unified+Presence+Server+%28CUPS%29+UpdatestreeName=Voice+and+Unified+CommunicationsmodelName=Cisco+Unified
[Full-disclosure] [USN-848-1] Zope vulnerabilities
=== Ubuntu Security Notice USN-848-1 October 14, 2009 zope3 vulnerabilities CVE-2009-0668, CVE-2009-0669 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: zope3 3.2.1-1ubuntu1.2 Ubuntu 8.04 LTS: zope3 3.3.1-5ubuntu2.2 Ubuntu 8.10: zope3 3.3.1-7ubuntu0.2 Ubuntu 9.04: zope3 3.4.0-0ubuntu3.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the Zope Object Database (ZODB) database server (ZEO) improperly filtered certain commands when a database is shared among multiple applications or application instances. A remote attacker could send malicious commands to the server and execute arbitrary code. (CVE-2009-0668) It was discovered that the Zope Object Database (ZODB) database server (ZEO) did not handle authentication properly when a database is shared among multiple applications or application instances. A remote attacker could use this flaw to bypass security restrictions. (CVE-2009-0669) It was discovered that Zope did not limit the number of new object ids a client could request. A remote attacker could use this flaw to consume a huge amount of resources, leading to a denial of service. (No CVE identifier) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1-1ubuntu1.2.diff.gz Size/MD5:15470 fed4749b4509f19f8429af7ec2c55b1d http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1-1ubuntu1.2.dsc Size/MD5: 882 43db6cc1f279ab194c2c7bc694c2f72e http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1.orig.tar.gz Size/MD5: 6521432 1db39a5c406c160506559cb9f2f165d4 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterface_3.2.1-1ubuntu1.2_all.deb Size/MD5:39342 f9532d2dd3a1ed5d373662644f66 http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-sandbox_3.2.1-1ubuntu1.2_all.deb Size/MD5:39592 6a9e3b2952462546e8ea8335138e2820 http://security.ubuntu.com/ubuntu/pool/universe/z/zope3/zope3-doc_3.2.1-1ubuntu1.2_all.deb Size/MD5: 219974 f8622b303f2bb444cc8b5d22ec80 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python2.4-zopeinterface_3.2.1-1ubuntu1.2_amd64.deb Size/MD5: 118764 1a06516e83a33fd4ec310e9a9301ffd8 http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1-1ubuntu1.2_amd64.deb Size/MD5: 4182650 44483957f944105491ad8e7dabadedb8 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python2.4-zopeinterface_3.2.1-1ubuntu1.2_i386.deb Size/MD5: 118246 d6b56bf7eafa02c980b3e620c2e995f5 http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1-1ubuntu1.2_i386.deb Size/MD5: 4142116 1f90fece0a372539e9544d7513df0ba6 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python2.4-zopeinterface_3.2.1-1ubuntu1.2_powerpc.deb Size/MD5: 120234 cc813def7203f824efa6c553a548ef23 http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1-1ubuntu1.2_powerpc.deb Size/MD5: 4191884 a2ac7c0be56df2967a87ad2be8ab810f sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python2.4-zopeinterface_3.2.1-1ubuntu1.2_sparc.deb Size/MD5: 118506 fdf7ae68ec2438b18c600ceae942b671 http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1-1ubuntu1.2_sparc.deb Size/MD5: 4155510 22300574bee36421a1d67a29083c4206 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1-5ubuntu2.2.diff.gz Size/MD5:18083 20487df2b36f3b62e87e5e3674f9b49f http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1-5ubuntu2.2.dsc Size/MD5: 1102 c3cac6a2beceaebf9a7ea19e5c6a3e3a http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1.orig.tar.gz Size/MD5: 6582320 c0b6165233900ba29ced72b9ad95c443 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-doc_3.3.1-5ubuntu2.2_all.deb Size/MD5: 226188 b0768ba423bd4f7119672ada0c5b28a7 http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-sandbox_3.3.1-5ubuntu2.2_all.deb Size/MD5:47508 4f191893824bf8ab9b571979f2c0f39b
[Full-disclosure] [ MDVSA-2009:278 ] compiz-fusion-plugins-main
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:278 http://www.mandriva.com/security/ ___ Package : compiz-fusion-plugins-main Date: October 14, 2009 Affected: 2009.0 ___ Problem Description: A vulnerability has been found and corrected in compiz-fusion-plugins-main: The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920 (CVE-2008-6514). This update fixes this vulnerability. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6514 ___ Updated Packages: Mandriva Linux 2009.0: bafa47759a906d7756c8bb7b050f319b 2009.0/i586/compiz-fusion-plugins-main-0.7.8-0.20080912.1.1mdv2009.0.i586.rpm 51c3cd6e6d4ffc74129adb1809bdb8a6 2009.0/i586/compiz-fusion-plugins-main-devel-0.7.8-0.20080912.1.1mdv2009.0.i586.rpm 5d450b074781386b82648c1360d97abd 2009.0/SRPMS/compiz-fusion-plugins-main-0.7.8-0.20080912.1.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 03053d73d9ddc896252f27f6b9a776fc 2009.0/x86_64/compiz-fusion-plugins-main-0.7.8-0.20080912.1.1mdv2009.0.x86_64.rpm 92fed0c26499ff812ebfd24a5cd894f6 2009.0/x86_64/compiz-fusion-plugins-main-devel-0.7.8-0.20080912.1.1mdv2009.0.x86_64.rpm 5d450b074781386b82648c1360d97abd 2009.0/SRPMS/compiz-fusion-plugins-main-0.7.8-0.20080912.1.1mdv2009.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFK1ekKmqjQ0CJFipgRAokxAKDyubC7JE9D5Y55qCLcV9G+XmsnqgCfatBG 5BbA5iu5M4n8WwpJZJ09KKE= =lWB8 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1910-1] New mysql-ocaml packages provide secure escaping
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1910-1 secur...@debian.org http://www.debian.org/security/ Steffen Joeris October 14, 2009 http://www.debian.org/security/faq - Package: mysql-ocaml Vulnerability : missing escape function Problem type : remote Debian-specific: no CVE Id : CVE-2009-2942 It was discovered that mysql-ocaml, OCaml bindings for MySql, was missing a function to call mysql_real_escape_string(). This is needed, because mysql_real_escape_string() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called real_escape() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility. Developers using these bindings are encouraged to adjust their code to use the new function. For the stable distribution (lenny), this problem has been fixed in version 1.0.4-4+lenny1. For the oldstable distribution (etch), this problem has been fixed in version 1.0.4-2+etch1. For the testing distribution (squeeze) and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your mysql-ocaml packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Debian (oldstable) - -- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/m/mysql-ocaml/mysql-ocaml_1.0.4-2+etch1.diff.gz Size/MD5 checksum: 4922 747ef04d7a1889198ec4dbf74c67b2f9 http://security.debian.org/pool/updates/main/m/mysql-ocaml/mysql-ocaml_1.0.4-2+etch1.dsc Size/MD5 checksum: 1330 7fc48e4dcd193742a45c876fd526a57b amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-2+etch1_amd64.deb Size/MD5 checksum:11790 fd99b55a5cd4b4a31ab19be4bcb381b1 http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-2+etch1_amd64.deb Size/MD5 checksum:56456 be0d2ab9fff0963365ebd00ad292a099 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-2+etch1_mips.deb Size/MD5 checksum:41052 0e192c84931718413f68bbbeecaae8de http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-2+etch1_mips.deb Size/MD5 checksum:11188 cfe215c414389beb6e209e0b1ad53836 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-2+etch1_mipsel.deb Size/MD5 checksum:41082 b5f411607c26b4ba66fdf5ca3fafdc1e http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-2+etch1_mipsel.deb Size/MD5 checksum:11212 55dbbcd2aaf1ce70c5f29ca294ab7c2f sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-2+etch1_sparc.deb Size/MD5 checksum:56836 945b6f4c98413031a91a14e48da7 http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-2+etch1_sparc.deb Size/MD5 checksum:10650 8c92747279818c517a0ebf6873fa01a3 Debian GNU/Linux 5.0 alias lenny - Debian (stable) - --- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/m/mysql-ocaml/mysql-ocaml_1.0.4-4+lenny1.dsc Size/MD5 checksum: 1912 30bca56e3d5818eaca5bb7fde48fb7c4 http://security.debian.org/pool/updates/main/m/mysql-ocaml/mysql-ocaml_1.0.4-4+lenny1.diff.gz Size/MD5 checksum: 5094 99ca09aea5510a14cd9c89ef3df7db7b http://security.debian.org/pool/updates/main/m/mysql-ocaml/mysql-ocaml_1.0.4.orig.tar.gz Size/MD5 checksum: 119584 76f1282bb7299012669bf40cde78216b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_alpha.deb Size/MD5 checksum:42870 8e8dbef7120c2ccfe7f4afc8c651f774
[Full-disclosure] [SECURITY] [DSA 1911-1] New pygresql packages provide secure escaping
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1911-1 secur...@debian.org http://www.debian.org/security/ Steffen Joeris October 14, 2009 http://www.debian.org/security/faq - Package: pygresql Vulnerability : missing escape function Problem type : remote Debian-specific: no CVE Id : CVE-2009-2940 It was discovered that pygresql, a PostgreSQL module for Python, was missing a function to call PQescapeStringConn(). This is needed, because PQescapeStringConn() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The new function is called pg_escape_string(), which takes the database connection as a first argument. The old function escape_string() has been preserved as well for backwards compatibility. Developers using these bindings are encouraged to adjust their code to use the new function. For the stable distribution (lenny), this problem has been fixed in version 1:3.8.1-3+lenny1. For the oldstable distribution (etch), this problem has been fixed in version 1:3.8.1-1etch2. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 1:4.0-1. We recommend that you upgrade your pygresql packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Debian (oldstable) - -- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/p/pygresql/pygresql_3.8.1-1etch2.dsc Size/MD5 checksum: 694 086a34b31967d51ff8ca7a8804d39a91 http://security.debian.org/pool/updates/main/p/pygresql/pygresql_3.8.1-1etch2.diff.gz Size/MD5 checksum: 4253 f32240024a278f6650b4342a0ebcbb71 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_alpha.deb Size/MD5 checksum:93958 dbf107badf6bf7c7b0b2820141e42ef2 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_amd64.deb Size/MD5 checksum:92400 ea6b668eab27ad64d2e7b02e4affc727 arm architecture (ARM) http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_arm.deb Size/MD5 checksum:90130 7b15f232b3dc6facd956eb7fca1bd4e5 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_i386.deb Size/MD5 checksum:90362 eaec4a360b3af5e4c334126cf870f4fc ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_ia64.deb Size/MD5 checksum:98092 488b3090825b958784a5ee748899f337 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_mips.deb Size/MD5 checksum:88844 92b80b8485000c7170959b1b10aa93a4 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_mipsel.deb Size/MD5 checksum:88586 8b64c4326529429d0bd1fbff149eb471 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_powerpc.deb Size/MD5 checksum:91086 653410357846b7870f33d93fc87e7348 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_s390.deb Size/MD5 checksum:91506 e3ad96489ac5acaf13d850a01027b8c8 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_sparc.deb Size/MD5 checksum:89030 a82665887545c1ef1d30f3aa55be7804 Debian GNU/Linux 5.0 alias lenny - Debian (stable) - --- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/p/pygresql/pygresql_3.8.1-3+lenny1.diff.gz Size/MD5 checksum: 4466 a1c2ce06c800d605bfe14bcfe2dd0827 http://security.debian.org/pool/updates/main/p/pygresql/pygresql_3.8.1.orig.tar.gz Size/MD5