[Full-disclosure] VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - VMware Security Advisory Advisory ID: VMSA-2010-0014 Synopsis: VMware Workstation, Player, and ACE address several security issues. Issue date:2010-09-23 Updated on:2010-09-23 (initial release of advisory) CVE numbers: CVE-2010-3277 CVE-2010-1205 CVE-2010-0205 CVE-2010-2249 CVE-2010-0434 CVE-2010-0425 - 1. Summary VMware Workstation and Player address a potential installer security issue and security issues in libpng. VMware ACE Management Server (AMS) for Windows updates Apache httpd. 2. Relevant releases VMware Workstation 7.1.1 and earlier, VMware Player 3.1.1 and earlier, VMware ACE Management Server 2.7.1 and earlier, Note: VMware Server was declared End Of Availability on January 2010, support will be limited to Technical Guidance for the duration of the support term. 3. Problem Description a. VMware Workstation and Player installer security issue The Workstation 7.x and Player 3.x installers will load an index.htm file located in the current working directory on which Workstation 7.x or Player 3.x is being installed. This may allow an attacker to display a malicious file if they manage to get their file onto the system prior to installation. The issue can only be exploited at the time that Workstation 7.x or Player 3.x is being installed. Installed versions of Workstation and Player are not affected. The security issue is no longer present in the installer of the new versions of Workstation 7.x and Player 3.x (see table below for the version numbers). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-3277 to this issue. VMware would like to thank Alexander Trofimov and Marc Esher for independently reporting this issue to VMware. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ ProductVersion on Apply Patch = === = VirtualCenter any Windows not affected Workstation7.x any 7.1.2 build 301548 or later * Workstation6.5.x any not affected Player 3.x any 3.1.2 build 301548 or later * Player 2.5.x any not affected AMSany any not affected Server any any not affected Fusion any Mac OS/X not affected ESXi any ESXi not affected ESXany ESX not affected * Note: This only affects the installer, if you have a version of Workstation or Player installed you are not vulnerable. b. Third party libpng updated to version 1.2.44 A buffer overflow condition in libpng is addressed that could potentially lead to code execution with the privileges of the application using libpng. Two potential denial of service issues are also addressed in the update. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1205, CVE-2010-0205, CVE-2010-2249 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ ProductVersion on Apply Patch = === = VirtualCenter any Windows not affected Workstation7.1.x any 7.1.2 build 301548 or later Workstation6.5.x any affected, patch pending Player 3.1.x any 3.1.2 build 301548 or later Player 2.5.x any affected, patch pending AMSany any not affected Server any any affected, no patch planned Fusion any Mac OS/X not affected ESXi any ESXi not affected ESXany ESX not affected c. VMware ACE Management Server (AMS) for Windows updates Apache httpd version 2.2.15. A function in Apache HTTP Server when multithreaded MPM is used does not properly handle headers in subrequests in certain circumstances which may allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. The Apache mod_isapi module can be forced to unload a specific library before the processing of a request is complete, resulting in memory corruption. This vulnerability may allow a remote
[Full-disclosure] [ MDVSA-2010:189 ] pcsc-lite
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:189 http://www.mandriva.com/security/ ___ Package : pcsc-lite Date: September 24, 2010 Affected: 2008.0, 2009.0, 2009.1, Enterprise Server 5.0 ___ Problem Description: Multiple vulnerabilities has been found and corrected in pcsc-lite: The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407 (CVE-2009-4901). Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407 (CVE-2009-4902). Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled (CVE-2010-0407). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149products_id=490 The updated packages have been patched to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0407 ___ Updated Packages: Mandriva Linux 2008.0: 8542435bcf848ec4a758f08abb440de6 2008.0/i586/libpcsclite1-1.4.4-1.1mdv2008.0.i586.rpm b2cba2d308ce62f0db856cbeb397e579 2008.0/i586/libpcsclite-devel-1.4.4-1.1mdv2008.0.i586.rpm 91aa91411c7755f9fef3bc9d2247ae8d 2008.0/i586/libpcsclite-static-devel-1.4.4-1.1mdv2008.0.i586.rpm a9b3733633dea019f2604a3edaee1108 2008.0/i586/pcsc-lite-1.4.4-1.1mdv2008.0.i586.rpm f08e053f4969deef763e11fd6d66b408 2008.0/SRPMS/pcsc-lite-1.4.4-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 6e0f7e5e8069e5aa694de0b51d51e7f7 2008.0/x86_64/lib64pcsclite1-1.4.4-1.1mdv2008.0.x86_64.rpm ecb3d147a0989e9f11b6c21a99d78b00 2008.0/x86_64/lib64pcsclite-devel-1.4.4-1.1mdv2008.0.x86_64.rpm 217d8be73202d169f0749b586d2fc78d 2008.0/x86_64/lib64pcsclite-static-devel-1.4.4-1.1mdv2008.0.x86_64.rpm 5124ffac456d3ddcbe83c2cc20b3e65b 2008.0/x86_64/pcsc-lite-1.4.4-1.1mdv2008.0.x86_64.rpm f08e053f4969deef763e11fd6d66b408 2008.0/SRPMS/pcsc-lite-1.4.4-1.1mdv2008.0.src.rpm Mandriva Linux 2009.0: 9e6699c3b26d60127e0caaa1aa2289d2 2009.0/i586/libpcsclite1-1.4.102-1.1mdv2009.0.i586.rpm 72a1a3d5e01ed8345f265a77f4ea05dd 2009.0/i586/libpcsclite-devel-1.4.102-1.1mdv2009.0.i586.rpm 349726056604450832d18ebef0b719c0 2009.0/i586/libpcsclite-static-devel-1.4.102-1.1mdv2009.0.i586.rpm e87e4987d3fbf641f645b2009471f387 2009.0/i586/pcsc-lite-1.4.102-1.1mdv2009.0.i586.rpm 76334baf4d0a4c7e7269be6855aee4c2 2009.0/SRPMS/pcsc-lite-1.4.102-1.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 0ecec7927fddbf1791384667d4c2cb0f 2009.0/x86_64/lib64pcsclite1-1.4.102-1.1mdv2009.0.x86_64.rpm 628debd6fb07c332a72b836c165bcc8d 2009.0/x86_64/lib64pcsclite-devel-1.4.102-1.1mdv2009.0.x86_64.rpm ae015f03362f7399c9aba451f2f7fecd 2009.0/x86_64/lib64pcsclite-static-devel-1.4.102-1.1mdv2009.0.x86_64.rpm 64fbc7257cbfc5a18c1d3f63ab8860e8 2009.0/x86_64/pcsc-lite-1.4.102-1.1mdv2009.0.x86_64.rpm 76334baf4d0a4c7e7269be6855aee4c2 2009.0/SRPMS/pcsc-lite-1.4.102-1.1mdv2009.0.src.rpm Mandriva Linux 2009.1: f6fbc67ddacadd6e421fd68d02e12633 2009.1/i586/libpcsclite1-1.5.2-1.1mdv2009.1.i586.rpm a1ba1511fd5dd26573527ef50ce81b5e 2009.1/i586/libpcsclite-devel-1.5.2-1.1mdv2009.1.i586.rpm 4b9ba378d857ae48a846f00e286024e8 2009.1/i586/libpcsclite-static-devel-1.5.2-1.1mdv2009.1.i586.rpm 6a704dd4e7d8423d35db366dbf689cb7 2009.1/i586/pcsc-lite-1.5.2-1.1mdv2009.1.i586.rpm 01a7091c9fcf2337578c9caeebc87833 2009.1/SRPMS/pcsc-lite-1.5.2-1.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 613b7a63921e05a482fb4aae6a36d5cf 2009.1/x86_64/lib64pcsclite1-1.5.2-1.1mdv2009.1.x86_64.rpm 9dd66b08eb34e7fa8d00c569f0face33 2009.1/x86_64/lib64pcsclite-devel-1.5.2-1.1mdv2009.1.x86_64.rpm 8b7f3042144456046ac6a550d49466f7
[Full-disclosure] [ MDVSA-2010:189-1 ] pcsc-lite
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:189-1 http://www.mandriva.com/security/ ___ Package : pcsc-lite Date: September 24, 2010 Affected: Corporate 4.0 ___ Problem Description: Multiple vulnerabilities has been found and corrected in pcsc-lite: The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407 (CVE-2009-4901). Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407 (CVE-2009-4902). Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled (CVE-2010-0407). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149products_id=490 The updated packages have been patched to correct these issues. Update: The previous MDVSA-2010:189 advisory was missing the packages for CS4, this advisory corrects the problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0407 ___ Updated Packages: Corporate 4.0: 0c66f40efecdc0c3ae8f27dbe1abc4c5 corporate/4.0/i586/libpcsclite1-1.3.0-2.1.20060mlcs4.i586.rpm 5623a50de3f9505c5a8b503a844d9ac5 corporate/4.0/i586/libpcsclite1-devel-1.3.0-2.1.20060mlcs4.i586.rpm ab1f8bec0cee4bd2e88e40b6c34d9160 corporate/4.0/i586/libpcsclite1-static-devel-1.3.0-2.1.20060mlcs4.i586.rpm 27431d0962492720c5b7cca1491ebade corporate/4.0/i586/pcsc-lite-1.3.0-2.1.20060mlcs4.i586.rpm 524c61d97f58343dee043627407f37ee corporate/4.0/SRPMS/pcsc-lite-1.3.0-2.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 679754ead473749cc755350951df0478 corporate/4.0/x86_64/lib64pcsclite1-1.3.0-2.1.20060mlcs4.x86_64.rpm 974188458cb887457a22cb4be169ba24 corporate/4.0/x86_64/lib64pcsclite1-devel-1.3.0-2.1.20060mlcs4.x86_64.rpm 300a3a9416d02cfd092bb5e3bc81302d corporate/4.0/x86_64/lib64pcsclite1-static-devel-1.3.0-2.1.20060mlcs4.x86_64.rpm 7e491ebb83c94c00b249db757c0e052b corporate/4.0/x86_64/pcsc-lite-1.3.0-2.1.20060mlcs4.x86_64.rpm 524c61d97f58343dee043627407f37ee corporate/4.0/SRPMS/pcsc-lite-1.3.0-2.1.20060mlcs4.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMnI0kmqjQ0CJFipgRAkbCAJ9WgEQY8sy1UUqXjCgQFMy9SfTa4QCgqgbV daNX/N1UA/Xi7dcWucABNSU= =Z3Xz -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] the real stuxnet authors plz stand up
On Thu, Jul 29, 2010 at 10:49 AM, coderman coder...@gmail.com wrote: stuxnet is strategic, and misleading. ... red team off roading? ... one of you two of eight snitches knows the details, full-disclosure! [0] h0 h0 h0! this gift keeps on giving... no more for me thanks. e4ffa4d8cb70e97af381aea2232d1064b51ecf9bdcd70824fe4675679d9fbf93 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] the real stuxnet authors plz stand up
natanz focus, not bushehr. costs and delays to both sites a bonus... (everyone else, well, you're collateral damage that learned a valuable lesson, right? :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] the real stuxnet authors plz stand up
On Thu, Jul 29, 2010 at 10:49 AM, coderman coder...@gmail.com wrote: stuxnet is strategic, and misleading... misleading because the failures induced in target present as inefficiencies and mechanical fatigue in centrifuge process; intent is to cast suspicion and resources on manufacturing and/or assembly of centrifuge hardware as cursory checks of digital systems (data presumably acquired from floor) return normative. good game, sirs! target spends dollars and weeks/months pursuing errors in physical supply and installation paths en-route to / on site, all the while the wear is digitally done; out of sight, out of mind... this game (offensive, methodical, precision targeted high-assurance malware) is an odd sort of global-actor assasination politik. like china blasting sats in space, it was bound to happen sooner or later :P ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/