[Full-disclosure] Ebay and HTML/JS/PDF/FLash includes
hi there, does someone can tell me why ebay allows html/javasciprt/pdf/flash - includes on their pages via OBJECT - tags? http://members.ebay.com/ws/eBayISAPI.dll?ViewUserPageuserid=shakyoneill i had some issues last year with malicious memberpages, spreading exploits'n'stuff, and emailed them about this, but they just removed the pages, not the cause. regards, tanja ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ebay and HTML/JS/PDF/FLash includes
This is because the average Iq of your typical eBay user is 100 and thus rely on 'ooohh shiny' --Original Message-- From: bugme not Sender: full-disclosure-boun...@lists.grok.org.uk To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Ebay and HTML/JS/PDF/FLash includes Sent: Oct 7, 2010 07:56 hi there, does someone can tell me why ebay allows html/javasciprt/pdf/flash - includes on their pages via OBJECT - tags? http://members.ebay.com/ws/eBayISAPI.dll?ViewUserPageuserid=shakyoneill i had some issues last year with malicious memberpages, spreading exploits'n'stuff, and emailed them about this, but they just removed the pages, not the cause. regards, tanja ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Sent from my BlackBerry® wireless device ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WikiLeaks
False assertion, it's an attention whoring story for anyone in #sec..or in RPG 1- Fetch sparce elements wget: http://www.wired.com/threatlevel/2010/10/cryptome-hacked/ https://eta.securesslhost.net/~pgpboar/viewtopic.php?f=2t=129 http://cryptome.org/0002/cryptome-hack3.htm 2- Make your own salad ( who's chasing who ). CRYPTOME Wikileaks Insiders WIKILEAKS ( rux...@cryptome.hack ) Wikileaks Insiders pgpBoard ( the opponents ?[.gov]? ) J.A. Wikileaks ( the .gov.target ) WIRED.COM Ruxpin Kim Zetter ( fear, Insiderz! + panic.nicetry ) I'm not sure why everyone is so fussed about this tbh.. And surely, full-disclosure is no place for such a discussion either.. /rant On 06/10/2010 19:06, Juha-Matti Laurio wrote: It's the newest tweet still. Juha-Matti Jeffrey Walton [noloa...@gmail.com] kirjoitti: The latest is kind of funny (Latest smear attempt: Chinese spy agency gave WikiLeaks $20M). Just call it a 'PAC Contribution' and everything will be fine. On Mon, Oct 4, 2010 at 7:05 AM, Juha-Matti Laurio juha-matti.lau...@netti.fi wrote: And nothing related is not tweeted at http://twitter.com/wikileaks Juha-Matti Harry Behrens [ha...@behrens.com] kirjoitti: for 5 days and nothing about this to be found on google. Does anybody have an idea what is happening here - it does smell slightly fishy... -h ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Syhunt Advisory: Visual Synapse HTTP Server Directory Traversal Vulnerability
Syhunt Advisory: Visual Synapse HTTP Server Directory Traversal Vulnerability Advisory-ID: 201010071 Discovery Date: 09.07.2010 Release Date: 10.07.2010 Affected Applications: Visual Synapse HTTP Server 1.0 RC3, 1.0 RC2, 1.0 RC1, 0.60 and previous releases; And any applications using the Visual Synapse HTTP Server component Class: Directory Traversal Status: Unpatched/Vendor informed Vendor: Rene Tegel Vendor URL: http://sourceforge.net/projects/visualsynapse/ Advisory URL: http://www.syhunt.com/advisories/?id=vs-httpd-dirtrav The Common Vulnerabilities and Exposures (CVE) project has assigned the following CVE to this vulnerability: CVE-2010-3743 Overview: Visual Synapse HTTP Server is an open source HTTP server and also server component for Delphi, Freepascal and C++ Builder developed by Rene Tegel. The server supports PHP, Perl and CGI and is distributed both as source and as precompiled binary. Description: A vulnerability in the Visual Synapse HTTP server allows remote attackers to traverse directories on the system. This is possible by sending a specially-crafted URL request containing dot dot sequences (/..\). Details: Example 1: GET /..\..\..\..\windows/system.ini HTTP/1.0 Example 2: GET /..\..\..\boot.ini HTTP/1.0 Note: the server was installed in the C:\Server\VSHTTPD\ directory. Sandcat can also be used to identify this issue: http://www.syhunt.com/sandcat Vulnerability Status: The vendor was notified, but no reply has been received. The source code of the server warns about possible security issues and that it is not suitable for production environments yet. This warning must be taken seriously. Any application using this source is vulnerable unless the code is patched. Any machine running the compiled HTTPD Server demo is vulnerable as well, unless the application is replaced with an up-to-date and patched version. Credit: Felipe Aragon Syhunt Security Research Team, www.syhunt.com --- Copyright © 2010 Syhunt Security Disclaimer: The information in this advisory is provided as is without warranty of any kind. Details provided are strictly for educational and defensive purposes. Syhunt is not liable for any damages caused by direct or indirect use of the information provided by this advisory. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ZDI-10-191: Adobe Reader ICC Parsing Remote Code Execution Vulnerability
Well, awesome. This sounds near-identical to some issues that the Sun JRE had a few years back[1]. I wonder if the code shares a common lineage? :) Yes, Chris, though unnecessary (the lineage), it makes sense, really. And this is due to Adobe and Sun, partnering in the ICC's foundation. Regards, On Thu, Oct 7, 2010 at 2:05 AM, Chris Evans scarybea...@gmail.com wrote: On Wed, Oct 6, 2010 at 11:28 AM, ZDI Disclosures zdi-disclosu...@tippingpoint.com wrote: ZDI-10-191: Adobe Reader ICC Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-191 October 6, 2010 -- CVE ID: CVE-2010-3621 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Adobe -- Affected Products: Adobe Reader -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required in that a target must be coerced into opening a file or visiting a web page. The specific flaw exists within the ACE.dll module responsible for parsing ICC streams. When processing an ICC stream, the process performs math on two DWORD values from the input file. If these values wrap over the maximum integer value of 0x a mis-allocation can occur. Later, the process uses one of the original DWORD values as a size to a copy function. This can be abused by an attacker to overflow a stack buffer and subsequently execute code under the context of the user running the process. Well, awesome. This sounds near-identical to some issues that the Sun JRE had a few years back[1]. I wonder if the code shares a common lineage? :) Cheers Chris [1] - http://scary.beasts.org/security/CESA-2006-004.html http://scary.beasts.org/misc/jdk/badicc.jpg (And additional integer problems not released at the time) http://scary.beasts.org/misc/jdk/badicc2.jpg http://scary.beasts.org/misc/jdk/badicc3.jpg http://scary.beasts.org/misc/jdk/badicc4.jpg http://scary.beasts.org/security/CESA-2007-005.html In addition, there have been plenty of bugs against lcms[2] and Apple's ICC profile parser. So it seems like ICC profile parsing is hard ;-) [2] - http://scary.beasts.org/security/CESA-2009-003.html -- Vendor Response: Adobe has issued an update to correct this vulnerability. More details can be found at: http://www.adobe.com/support/security/bulletins/apsb10-21.html -- Disclosure Timeline: 2010-06-23 - Vulnerability reported to vendor 2010-10-06 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Sebastian Apelt (www.siberas.de) -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WikiLeaks
I still maintain this is completely out of topic for full-disclosure. Maybe there should be a new list for this kind of gossip whoring? [gossip-disclosure] maybe... *shrugs* On 07/10/2010 13:53, PsychoBilly wrote: False assertion, it's an attention whoring story for anyone in #sec..or in RPG 1- Fetch sparce elements wget: http://www.wired.com/threatlevel/2010/10/cryptome-hacked/ https://eta.securesslhost.net/~pgpboar/viewtopic.php?f=2t=129 http://cryptome.org/0002/cryptome-hack3.htm 2- Make your own salad ( who's chasing who ). CRYPTOME Wikileaks Insiders WIKILEAKS ( rux...@cryptome.hack ) Wikileaks Insiders pgpBoard ( the opponents ?[.gov]? ) J.A. Wikileaks ( the .gov.target ) WIRED.COM Ruxpin Kim Zetter ( fear, Insiderz! + panic.nicetry ) I'm not sure why everyone is so fussed about this tbh.. And surely, full-disclosure is no place for such a discussion either.. /rant On 06/10/2010 19:06, Juha-Matti Laurio wrote: It's the newest tweet still. Juha-Matti Jeffrey Walton [noloa...@gmail.com] kirjoitti: The latest is kind of funny (Latest smear attempt: Chinese spy agency gave WikiLeaks $20M). Just call it a 'PAC Contribution' and everything will be fine. On Mon, Oct 4, 2010 at 7:05 AM, Juha-Matti Laurio juha-matti.lau...@netti.fiwrote: And nothing related is not tweeted at http://twitter.com/wikileaks Juha-Matti Harry Behrens [ha...@behrens.com] kirjoitti: for 5 days and nothing about this to be found on google. Does anybody have an idea what is happening here - it does smell slightly fishy... -h ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WikiLeaks
Quit whining Sent from my BlackBerry® wireless device -Original Message- From: Cal Leeming [Simplicity Media Ltd] cal.leem...@simplicitymedialtd.co.uk Sender: full-disclosure-boun...@lists.grok.org.uk Date: Thu, 07 Oct 2010 15:05:18 To: full-disclosure@lists.grok.org.uk Reply-To: cal.leem...@simplicitymedialtd.co.uk Subject: Re: [Full-disclosure] WikiLeaks I still maintain this is completely out of topic for full-disclosure. Maybe there should be a new list for this kind of gossip whoring? [gossip-disclosure] maybe... *shrugs* On 07/10/2010 13:53, PsychoBilly wrote: False assertion, it's an attention whoring story for anyone in #sec..or in RPG 1- Fetch sparce elements wget: http://www.wired.com/threatlevel/2010/10/cryptome-hacked/ https://eta.securesslhost.net/~pgpboar/viewtopic.php?f=2t=129 http://cryptome.org/0002/cryptome-hack3.htm 2- Make your own salad ( who's chasing who ). CRYPTOME Wikileaks Insiders WIKILEAKS ( rux...@cryptome.hack ) Wikileaks Insiders pgpBoard ( the opponents ?[.gov]? ) J.A. Wikileaks ( the .gov.target ) WIRED.COM Ruxpin Kim Zetter ( fear, Insiderz! + panic.nicetry ) I'm not sure why everyone is so fussed about this tbh.. And surely, full-disclosure is no place for such a discussion either.. /rant On 06/10/2010 19:06, Juha-Matti Laurio wrote: It's the newest tweet still. Juha-Matti Jeffrey Walton [noloa...@gmail.com] kirjoitti: The latest is kind of funny (Latest smear attempt: Chinese spy agency gave WikiLeaks $20M). Just call it a 'PAC Contribution' and everything will be fine. On Mon, Oct 4, 2010 at 7:05 AM, Juha-Matti Laurio juha-matti.lau...@netti.fiwrote: And nothing related is not tweeted at http://twitter.com/wikileaks Juha-Matti Harry Behrens [ha...@behrens.com] kirjoitti: for 5 days and nothing about this to be found on google. Does anybody have an idea what is happening here - it does smell slightly fishy... -h ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WikiLeaks
I will when people stop gossiping in the wrong list :) On Thu, Oct 7, 2010 at 3:16 PM, Benji m...@b3nji.com wrote: Quit whining Sent from my BlackBerry® wireless device -Original Message- From: Cal Leeming [Simplicity Media Ltd] cal.leem...@simplicitymedialtd.co.uk Sender: full-disclosure-boun...@lists.grok.org.uk Date: Thu, 07 Oct 2010 15:05:18 To: full-disclosure@lists.grok.org.uk Reply-To: cal.leem...@simplicitymedialtd.co.uk Subject: Re: [Full-disclosure] WikiLeaks I still maintain this is completely out of topic for full-disclosure. Maybe there should be a new list for this kind of gossip whoring? [gossip-disclosure] maybe... *shrugs* On 07/10/2010 13:53, PsychoBilly wrote: False assertion, it's an attention whoring story for anyone in #sec..or in RPG 1- Fetch sparce elements wget: http://www.wired.com/threatlevel/2010/10/cryptome-hacked/ https://eta.securesslhost.net/~pgpboar/viewtopic.php?f=2t=129 http://cryptome.org/0002/cryptome-hack3.htm 2- Make your own salad ( who's chasing who ). CRYPTOME Wikileaks Insiders WIKILEAKS ( rux...@cryptome.hack ) Wikileaks Insiders pgpBoard ( the opponents ?[.gov]? ) J.A. Wikileaks ( the .gov.target ) WIRED.COM Ruxpin Kim Zetter ( fear, Insiderz! + panic.nicetry ) I'm not sure why everyone is so fussed about this tbh.. And surely, full-disclosure is no place for such a discussion either.. /rant On 06/10/2010 19:06, Juha-Matti Laurio wrote: It's the newest tweet still. Juha-Matti Jeffrey Walton [noloa...@gmail.com] kirjoitti: The latest is kind of funny (Latest smear attempt: Chinese spy agency gave WikiLeaks $20M). Just call it a 'PAC Contribution' and everything will be fine. On Mon, Oct 4, 2010 at 7:05 AM, Juha-Matti Laurio juha-matti.lau...@netti.fiwrote: And nothing related is not tweeted at http://twitter.com/wikileaks Juha-Matti Harry Behrens [ha...@behrens.com] kirjoitti: for 5 days and nothing about this to be found on google. Does anybody have an idea what is happening here - it does smell slightly fishy... -h ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Cal Leeming Operational Security Support Team *Out of Hours: *+44 (07534) 971120 | *Support Tickets: * supp...@simplicitymedialtd.co.uk *Fax: *+44 (02476) 578987 | *Email: *cal.leem...@simplicitymedialtd.co.uk *IM: *AIM / ICQ / MSN / Skype (available upon request) Simplicity Media Ltd. All rights reserved. Registered company number 7143564 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-1003-1] OpenSSL vulnerabilities
=== Ubuntu Security Notice USN-1003-1 October 07, 2010 openssl vulnerabilities CVE-2009-3245, CVE-2010-2939 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.13 Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.11 Ubuntu 9.04: libssl0.9.8 0.9.8g-15ubuntu3.6 Ubuntu 9.10: libssl0.9.8 0.9.8g-16ubuntu3.3 Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.3 Ubuntu 10.10: libssl0.9.8 0.9.8o-1ubuntu4.1 After a standard system update you need to reboot your computer to make all the necessary changes. Details follow: It was discovered that OpenSSL incorrectly handled return codes from the bn_wexpand function calls. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2009-3245) It was discovered that OpenSSL incorrectly handled certain private keys with an invalid prime. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2010-2939) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.13.diff.gz Size/MD5:68027 2ff284e0b0ec7eb599b79abafe900961 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.13.dsc Size/MD5: 1465 7b2460515cb03fa7122e6973a472d802 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.13_amd64.udeb Size/MD5: 572016 b92dd62de96f08401478f9c5204738d6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.13_amd64.deb Size/MD5: 2181568 4b21583f714cdc82515c54a545b0deb4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.13_amd64.deb Size/MD5: 1696516 130cdef55a1afb02647ea08f7d655903 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.13_amd64.deb Size/MD5: 880182 0b9dc85f2dc1bcfa02cd09c7c4b5eed7 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.13_amd64.deb Size/MD5: 998354 b485f4bfaac16faf2a553add0c5638de i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.13_i386.udeb Size/MD5: 509640 888c37f7cc3ac622cd178f201b8a5ba2 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.13_i386.deb Size/MD5: 2037066 6774e94d928da6c8c692b6cfcb198924 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.13_i386.deb Size/MD5: 5193182 e433673d391c7071aef4b30a4cb5cf0c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.13_i386.deb Size/MD5: 2662124 45da91cc1a491b75e4d3d13dfc313486 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.13_i386.deb Size/MD5: 988924 9bcd7c6ca5340d48bd37ef5b1ec0373b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.13_powerpc.udeb Size/MD5: 558016 03e205e102615c8834c0086df295c3a8 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.13_powerpc.deb Size/MD5: 2188938 bacdcdd0132fde57359e17a1a28857f4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.13_powerpc.deb Size/MD5: 1740442 699238b2f5c496696b540f4de519 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.13_powerpc.deb Size/MD5: 865688 1bc24d78f4e412c9a4d4110c658c4aba http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.13_powerpc.deb Size/MD5: 984232 93c7b729cdba22c685d6fb394d864646 sparc architecture (Sun SPARC/UltraSPARC):
[Full-disclosure] [USN-1002-2] PostgreSQL vulnerability
=== Ubuntu Security Notice USN-1002-2 October 07, 2010 postgresql-8.4 vulnerability CVE-2010-3433 === A security issue affects the following Ubuntu releases: Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 10.10: postgresql-plperl-8.4 8.4.5-0ubuntu10.10 postgresql-pltcl-8.48.4.5-0ubuntu10.10 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. Details follow: USN-1002-1 fixed vulnerabilities in PostgreSQL. This update provides the corresponding update for Ubuntu 10.10. Original advisory details: It was discovered that PostgreSQL did not properly enforce permissions within sessions when PL/Perl and PL/Tcl functions or operators were redefined. A remote authenticated attacker could exploit this to execute arbitrary code with permissions of a different user, possibly leading to privilege escalation. Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10.diff.gz Size/MD5:39535 23f8b3a352178737bb56ead8312c86ce http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10.dsc Size/MD5: 2618 ed2b36e5dae9278e12d57c3d5c12d41c http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5.orig.tar.gz Size/MD5: 17590296 8ddea33493bf5cf6f5ea62212bb079df Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-client_8.4.5-0ubuntu10.10_all.deb Size/MD5:18046 1c384292787a8d1a5dd42f17e2a7efc8 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-contrib_8.4.5-0ubuntu10.10_all.deb Size/MD5:17944 bd565d773cf1f570cfe8f90bbebac5dc http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-doc-8.4_8.4.5-0ubuntu10.10_all.deb Size/MD5: 2118952 1c0163b0b9458c91cee4f8f0f9a4cfe4 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-doc_8.4.5-0ubuntu10.10_all.deb Size/MD5: 3450 26111ec43a687d13ce3fa44f9664fe6a http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql_8.4.5-0ubuntu10.10_all.deb Size/MD5:18084 848a9af8970f015693af8ae73fe0a2cb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-compat3_8.4.5-0ubuntu10.10_amd64.deb Size/MD5:11340 130564cc4628ceafc3921713ab2e4dcc http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-dev_8.4.5-0ubuntu10.10_amd64.deb Size/MD5: 240990 e3f6824a873520f17e230a62ad05ac80 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg6_8.4.5-0ubuntu10.10_amd64.deb Size/MD5:33164 308b7aaa612e6c680f5583590e62986e http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpgtypes3_8.4.5-0ubuntu10.10_amd64.deb Size/MD5:49340 f24763b931ba512742dd6d03f86d62c5 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq-dev_8.4.5-0ubuntu10.10_amd64.deb Size/MD5: 201420 36249bf7794d77cfb7c05ff4901c0317 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq5_8.4.5-0ubuntu10.10_amd64.deb Size/MD5:88556 20c083d536a138cc44bfa460b93d1eb3 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10_amd64.deb Size/MD5: 4030288 6384be605d8d3597b9d34be34fafaa03 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-client-8.4_8.4.5-0ubuntu10.10_amd64.deb Size/MD5: 822908 055d780c681d443e7d31a0b36d7d5ed8 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-contrib-8.4_8.4.5-0ubuntu10.10_amd64.deb Size/MD5: 406728 3230bf51c73075032ac03f65770ad976 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-server-dev-8.4_8.4.5-0ubuntu10.10_amd64.deb Size/MD5: 630842 fb7866cb18076664c304d81e0b8cb021 http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plperl-8.4_8.4.5-0ubuntu10.10_amd64.deb Size/MD5:46686 f8834eb50b0298b2e09f44ce3dde5946 http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plpython-8.4_8.4.5-0ubuntu10.10_amd64.deb Size/MD5:39898 53066a883e73930773d282bf302e9fdb http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-pltcl-8.4_8.4.5-0ubuntu10.10_amd64.deb Size/MD5:37482 73ed6ddaf822a4fb9a5d4ad990e9adbb i386 architecture (x86 compatible Intel/AMD):
Re: [Full-disclosure] WikiLeaks
*sighs* On 07/10/2010 19:53, Paul Schmehl wrote: Then you will be whining for a long time. I was the second person to subscribe to this list, and I can guarantee you that no amount of whining will change it. The bozos who post crap will continue to post crap. The folks who don't understand what *un*-moderated list means will continue to complain about the bozos posting crap. And the sun will still come up in the morning. And the list will still go out every day. Ad infinitum ad nauseum. Either learn to use filters, stop complaining or unsubscribe. Those are your options. Pick one. --On Thursday, October 07, 2010 15:16:54 +0100 Cal Leeming [Simplicity Media Ltd] cal.leem...@simplicitymedialtd.co.uk wrote: I will when people stop gossiping in the wrong list :) On Thu, Oct 7, 2010 at 3:16 PM, Benji m...@b3nji.com wrote: Quit whining Sent from my BlackBerry® wireless device -Original Message- From: Cal Leeming [Simplicity Media Ltd] cal.leem...@simplicitymedialtd.co.uk Sender: full-disclosure-boun...@lists.grok.org.uk Date: Thu, 07 Oct 2010 15:05:18 To: full-disclosure@lists.grok.org.uk Reply-To: cal.leem...@simplicitymedialtd.co.uk Subject: Re: [Full-disclosure] WikiLeaks I still maintain this is completely out of topic for full-disclosure. Maybe there should be a new list for this kind of gossip whoring? [gossip-disclosure] maybe... *shrugs* On 07/10/2010 13:53, PsychoBilly wrote: False assertion, it's an attention whoring story for anyone in #sec..or in RPG 1- Fetch sparce elements wget: http://www.wired.com/threatlevel/2010/10/cryptome-hacked/ https://eta.securesslhost.net/~pgpboar/viewtopic.php?f=2t=129 http://cryptome.org/0002/cryptome-hack3.htm 2- Make your own salad ( who's chasing who ). CRYPTOME Wikileaks Insiders WIKILEAKS ( rux...@cryptome.hack ) Wikileaks Insiders pgpBoard ( the opponents ?[.gov]? ) J.A. Wikileaks ( the .gov.target ) WIRED.COM Ruxpin Kim Zetter ( fear, Insiderz! + panic.nicetry ) I'm not sure why everyone is so fussed about this tbh.. And surely, full-disclosure is no place for such a discussion either.. /rant On 06/10/2010 19:06, Juha-Matti Laurio wrote: It's the newest tweet still. Juha-Matti Jeffrey Walton [noloa...@gmail.com] kirjoitti: The latest is kind of funny (Latest smear attempt: Chinese spy agency gave WikiLeaks $20M). Just call it a 'PAC Contribution' and everything will be fine. On Mon, Oct 4, 2010 at 7:05 AM, Juha-Matti Laurio juha-matti.lau...@netti.fiwrote: And nothing related is not tweeted at http://twitter.com/wikileaks Juha-Matti Harry Behrens [ha...@behrens.com] kirjoitti: for 5 days and nothing about this to be found on google. Does anybody have an idea what is happening here - it does smell slightly fishy... -h ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WikiLeaks
Then you will be whining for a long time. I was the second person to subscribe to this list, and I can guarantee you that no amount of whining will change it. The bozos who post crap will continue to post crap. The folks who don't understand what *un*-moderated list means will continue to complain about the bozos posting crap. And the sun will still come up in the morning. And the list will still go out every day. Ad infinitum ad nauseum. Either learn to use filters, stop complaining or unsubscribe. Those are your options. Pick one. --On Thursday, October 07, 2010 15:16:54 +0100 Cal Leeming [Simplicity Media Ltd] cal.leem...@simplicitymedialtd.co.uk wrote: I will when people stop gossiping in the wrong list :) On Thu, Oct 7, 2010 at 3:16 PM, Benji m...@b3nji.com wrote: Quit whining Sent from my BlackBerry® wireless device -Original Message- From: Cal Leeming [Simplicity Media Ltd] cal.leem...@simplicitymedialtd.co.uk Sender: full-disclosure-boun...@lists.grok.org.uk Date: Thu, 07 Oct 2010 15:05:18 To: full-disclosure@lists.grok.org.uk Reply-To: cal.leem...@simplicitymedialtd.co.uk Subject: Re: [Full-disclosure] WikiLeaks I still maintain this is completely out of topic for full-disclosure. Maybe there should be a new list for this kind of gossip whoring? [gossip-disclosure] maybe... *shrugs* On 07/10/2010 13:53, PsychoBilly wrote: False assertion, it's an attention whoring story for anyone in #sec..or in RPG 1- Fetch sparce elements wget: http://www.wired.com/threatlevel/2010/10/cryptome-hacked/ https://eta.securesslhost.net/~pgpboar/viewtopic.php?f=2t=129 http://cryptome.org/0002/cryptome-hack3.htm 2- Make your own salad ( who's chasing who ). CRYPTOME Wikileaks Insiders WIKILEAKS ( rux...@cryptome.hack ) Wikileaks Insiders pgpBoard ( the opponents ?[.gov]? ) J.A. Wikileaks ( the .gov.target ) WIRED.COM Ruxpin Kim Zetter ( fear, Insiderz! + panic.nicetry ) I'm not sure why everyone is so fussed about this tbh.. And surely, full-disclosure is no place for such a discussion either.. /rant On 06/10/2010 19:06, Juha-Matti Laurio wrote: It's the newest tweet still. Juha-Matti Jeffrey Walton [noloa...@gmail.com] kirjoitti: The latest is kind of funny (Latest smear attempt: Chinese spy agency gave WikiLeaks $20M). Just call it a 'PAC Contribution' and everything will be fine. On Mon, Oct 4, 2010 at 7:05 AM, Juha-Matti Laurio juha-matti.lau...@netti.fi wrote: And nothing related is not tweeted at http://twitter.com/wikileaks Juha-Matti Harry Behrens [ha...@behrens.com] kirjoitti: for 5 days and nothing about this to be found on google. Does anybody have an idea what is happening here - it does smell slightly fishy... -h ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson There are some ideas so wrong that only a very intelligent person could believe in them. George Orwell ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2010:198 ] kernel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:198 http://www.mandriva.com/security/ ___ Package : kernel Date: October 7, 2010 Affected: 2009.0 ___ Problem Description: Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount symlinks, which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW. (CVE-2010-1088) The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. (CVE-2009-3228) The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel node set. (CVE-2010-0415) The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. (CVE-2009-3620) The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. (CVE-2010-0622) The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL pointer dereference in the gfn_to_rmap function. (CVE-2009-2287) The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly verify the Current Privilege Level (CPL) before accessing a debug register, which allows guest OS users to cause a denial of service (trap) on the host OS via a crafted application. (CVE-2009-3722) The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. (CVE-2009-4308) The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds read in the readb function. (CVE-2009-2846) Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the read_buf and nfsd4_decode_compound functions. (CVE-2010-2521) mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcommit is enabled and CONFIG_SECURITY is disabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1643. (CVE-2008-7256) The release_one_tty function in drivers/char/tty_io.c in the Linux kernel before 2.6.34-rc4 omits certain required calls to the put_pid function, which has unspecified impact and local attack vectors. (CVE-2010-1162) mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. (CVE-2010-1643) The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote
Re: [Full-disclosure] WikiLeaks
Paul has a point Cal - one should note that a full 53% of the posts on this topic (including this one) are in response to your posts about how this isn't the proper list for such posts in the first place. That means the majority of the posts that you call inappropriate were actually created by you. Filtering (or simply ignoring) original posts would have gone much further to perpetuate your goal of less off-topic chatter. t -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure- boun...@lists.grok.org.uk] On Behalf Of Cal Leeming [Simplicity Media Ltd] Sent: Thursday, October 07, 2010 11:54 AM To: Paul Schmehl; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] WikiLeaks *sighs* On 07/10/2010 19:53, Paul Schmehl wrote: Then you will be whining for a long time. I was the second person to subscribe to this list, and I can guarantee you that no amount of whining will change it. The bozos who post crap will continue to post crap. The folks who don't understand what *un*-moderated list means will continue to complain about the bozos posting crap. And the sun will still come up in the morning. And the list will still go out every day. Ad infinitum ad nauseum. Either learn to use filters, stop complaining or unsubscribe. Those are your options. Pick one. --On Thursday, October 07, 2010 15:16:54 +0100 Cal Leeming [Simplicity Media Ltd] cal.leem...@simplicitymedialtd.co.uk wrote: I will when people stop gossiping in the wrong list :) On Thu, Oct 7, 2010 at 3:16 PM, Benji m...@b3nji.com wrote: Quit whining Sent from my BlackBerry® wireless device -Original Message- From: Cal Leeming [Simplicity Media Ltd] cal.leem...@simplicitymedialtd.co.uk Sender: full-disclosure-boun...@lists.grok.org.uk Date: Thu, 07 Oct 2010 15:05:18 To: full-disclosure@lists.grok.org.uk Reply-To: cal.leem...@simplicitymedialtd.co.uk Subject: Re: [Full-disclosure] WikiLeaks I still maintain this is completely out of topic for full-disclosure. Maybe there should be a new list for this kind of gossip whoring? [gossip-disclosure] maybe... *shrugs* On 07/10/2010 13:53, PsychoBilly wrote: False assertion, it's an attention whoring story for anyone in #sec..or in RPG 1- Fetch sparce elements wget: http://www.wired.com/threatlevel/2010/10/cryptome-hacked/ https://eta.securesslhost.net/~pgpboar/viewtopic.php?f=2t=129 http://cryptome.org/0002/cryptome-hack3.htm 2- Make your own salad ( who's chasing who ). CRYPTOME Wikileaks Insiders WIKILEAKS ( rux...@cryptome.hack ) Wikileaks Insiders pgpBoard ( the opponents ?[.gov]? ) J.A. Wikileaks ( the .gov.target ) WIRED.COM Ruxpin Kim Zetter ( fear, Insiderz! + panic.nicetry ) I'm not sure why everyone is so fussed about this tbh.. And surely, full-disclosure is no place for such a discussion either.. /rant On 06/10/2010 19:06, Juha-Matti Laurio wrote: It's the newest tweet still. Juha-Matti Jeffrey Walton [noloa...@gmail.com] kirjoitti: The latest is kind of funny (Latest smear attempt: Chinese spy agency gave WikiLeaks $20M). Just call it a 'PAC Contribution' and everything will be fine. On Mon, Oct 4, 2010 at 7:05 AM, Juha-Matti Laurio juha-matti.lau...@netti.fiwrote: And nothing related is not tweeted at http://twitter.com/wikileaks Juha-Matti Harry Behrens [ha...@behrens.com] kirjoitti: for 5 days and nothing about this to be found on google. Does anybody have an idea what is happening here - it does smell slightly fishy... -h ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WikiLeaks
Yeah, you both have valid points. In this case though, I really just don't see why everyone is so hyped up about the wikileaks / cryptome stuff. :S On 07/10/2010 21:21, Thor (Hammer of God) wrote: Paul has a point Cal - one should note that a full 53% of the posts on this topic (including this one) are in response to your posts about how this isn't the proper list for such posts in the first place. That means the majority of the posts that you call inappropriate were actually created by you. Filtering (or simply ignoring) original posts would have gone much further to perpetuate your goal of less off-topic chatter. t -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure- boun...@lists.grok.org.uk] On Behalf Of Cal Leeming [Simplicity Media Ltd] Sent: Thursday, October 07, 2010 11:54 AM To: Paul Schmehl; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] WikiLeaks *sighs* On 07/10/2010 19:53, Paul Schmehl wrote: Then you will be whining for a long time. I was the second person to subscribe to this list, and I can guarantee you that no amount of whining will change it. The bozos who post crap will continue to post crap. The folks who don't understand what *un*-moderated list means will continue to complain about the bozos posting crap. And the sun will still come up in the morning. And the list will still go out every day. Ad infinitum ad nauseum. Either learn to use filters, stop complaining or unsubscribe. Those are your options. Pick one. --On Thursday, October 07, 2010 15:16:54 +0100 Cal Leeming [Simplicity Media Ltd]cal.leem...@simplicitymedialtd.co.uk wrote: I will when people stop gossiping in the wrong list :) On Thu, Oct 7, 2010 at 3:16 PM, Benjim...@b3nji.com wrote: Quit whining Sent from my BlackBerry® wireless device -Original Message- From: Cal Leeming [Simplicity Media Ltd] cal.leem...@simplicitymedialtd.co.uk Sender: full-disclosure-boun...@lists.grok.org.uk Date: Thu, 07 Oct 2010 15:05:18 To:full-disclosure@lists.grok.org.uk Reply-To: cal.leem...@simplicitymedialtd.co.uk Subject: Re: [Full-disclosure] WikiLeaks I still maintain this is completely out of topic for full-disclosure. Maybe there should be a new list for this kind of gossip whoring? [gossip-disclosure] maybe... *shrugs* On 07/10/2010 13:53, PsychoBilly wrote: False assertion, it's an attention whoring story for anyone in #sec..or in RPG 1- Fetch sparce elements wget: http://www.wired.com/threatlevel/2010/10/cryptome-hacked/ https://eta.securesslhost.net/~pgpboar/viewtopic.php?f=2t=129 http://cryptome.org/0002/cryptome-hack3.htm 2- Make your own salad ( who's chasing who ). CRYPTOME Wikileaks Insiders WIKILEAKS ( rux...@cryptome.hack ) Wikileaks Insiders pgpBoard ( the opponents ?[.gov]? ) J.A. Wikileaks ( the .gov.target ) WIRED.COM Ruxpin Kim Zetter ( fear, Insiderz! + panic.nicetry ) I'm not sure why everyone is so fussed about this tbh.. And surely, full-disclosure is no place for such a discussion either.. /rant On 06/10/2010 19:06, Juha-Matti Laurio wrote: It's the newest tweet still. Juha-Matti Jeffrey Walton [noloa...@gmail.com] kirjoitti: The latest is kind of funny (Latest smear attempt: Chinese spy agency gave WikiLeaks $20M). Just call it a 'PAC Contribution' and everything will be fine. On Mon, Oct 4, 2010 at 7:05 AM, Juha-Matti Laurio juha-matti.lau...@netti.fi wrote: And nothing related is not tweeted at http://twitter.com/wikileaks Juha-Matti Harry Behrens [ha...@behrens.com] kirjoitti: for 5 days and nothing about this to be found on google. Does anybody have an idea what is happening here - it does smell slightly fishy... -h ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___
Re: [Full-disclosure] WikiLeaks
Am 07.10.2010 22:37, schrieb Cal Leeming [Simplicity Media Ltd]: Yeah, you both have valid points. In this case though, I really just don't see why everyone is so hyped up about the wikileaks / cryptome stuff. :S If you don't understand why something like Wikileaks being down with no obvious reason or explanation is an issue - then I guess continue sleeping... And it is indeed a security issue - in fact of international proportions.. -h ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WikiLeaks
Am 07.10.2010 22:37, schrieb Cal Leeming [Simplicity Media Ltd]: Yeah, you both have valid points. In this case though, I really just don't see why everyone is so hyped up about the wikileaks / cryptome stuff. :S If you don't understand why something like Wikileaks being down with no obvious reason or explanation is an issue - then I guess continue sleeping... And security or disclosure is not just bits and bytes ... -h ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] XSS in Oracle default fcgi-bin/echo
Many Oracle web server installations have a fcgi-bin/echo script left over from default demo (google for inurl:fcgi-bin/echo). That script seems vulnerable to XSS. (PoC exploit and explanation of impact withheld now.) I asked secur...@oracle.com and they said that ... this issue has been resolved in an earlier Critical Patch Update. I looked at some recent CPU summaries, but did not notice anything relevant: maybe their reply refers to the old http://www.kb.cert.org/vuls/id/717827 ? Website owners please remove demo software from production servers, e.g. as per Oracle recommendation http://download.oracle.com/docs/cd/B14099_19/core.1012/b13999/checklist.htm#BABIBCIC Cheers, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Filezilla's silent caching of user's credentials
Hi all, As some of you may or may not be aware, the popular (and IMHO one of the best) FTP/SCP program Filezilla caches your credentials for every host you connect to, without either warning or ability to change this without editing an XML file. There have been quite a few bug and features requests filed, and they all get closed or rejected within a week or so. I also posted something in the developer forum inquiring about this, and received this response: I do not see any harm in storing credentials as long as the rest of your system is properly secure as it should be. Source:(http://forum.filezilla-project.org/viewtopic.php?f=3t=17932) To me this is not only concerning, but also completely un-acceptable. The passwords all get stored in PLAIN TEXT within your %appdata% directory in an XML file. This is particularly dangerous in multi-user environments with local profiles, because as we all know physical access to a computer means it's elementary at best to acquire information off it. Permissions only work if your operating system chooses to respect them, not to mention how simple it is *even today* to maliciously get around windows networks using pass-the-hash along with network token manipulation techniques. There has even been a bug filed that draws out great ways to psudo-mitigate this using built-in windows API calls, but it doesn't seem to really be going anywhere. This really concerns me because a number of my coworkers and friends were un-aware of this behavior, and I didn't even know about it until I'd been using it for a year or so. All I really want to see is at the very least just some warning that Filezilla does this. Filezilla bug report:(http://trac.filezilla-project.org/ticket/5530) My feelings have been said a lot more eloquently than I could ever hope to in that bug report: Whoever keeps closing this issue and/or dismissing its importance understands neither security nor logical argument. I apologize for the slam, but it is undeniably true. Making the same mistake over and over does not make it any less of a mistake. The fact that a critical deficiency has existed for years does not make it any less critical a deficiency. Similarly, the fact that there are others (pidgin) who indulge in the same faulty reasoning does not make the reasoning any more sound. ~btrower While it's true you can mitigate this behavior, why should it even be enabled by default? The total lapse in security for such a feature-rich, robust piece of software is quite disturbing, and I don't understand how the developers don't think this is an issue. I just wanted to gauge the FD community on this issue, because with enough backing and explanation from the security community as to why this is a problem, this issue may finally be resolved (it's been doing this for years now). Regards, Ryan Sears ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Filezilla's silent caching of user's credentials
I agree. I've always wondered why this information was stored in plain text...baffles me -- Sent from my Droid Incredible Virtuous ROM v3.0.1 On Oct 7, 2010 11:22 PM, Ryan Sears rdse...@mtu.edu wrote: Hi all, As some of you may or may not be aware, the popular (and IMHO one of the best) FTP/SCP program Filezilla caches your credentials for every host you connect to, without either warning or ability to change this without editing an XML file. There have been quite a few bug and features requests filed, and they all get closed or rejected within a week or so. I also posted something in the developer forum inquiring about this, and received this response: I do not see any harm in storing credentials as long as the rest of your system is properly secure as it should be. Source:(http://forum.filezilla-project.org/viewtopic.php?f=3t=17932) To me this is not only concerning, but also completely un-acceptable. The passwords all get stored in PLAIN TEXT within your %appdata% directory in an XML file. This is particularly dangerous in multi-user environments with local profiles, because as we all know physical access to a computer means it's elementary at best to acquire information off it. Permissions only work if your operating system chooses to respect them, not to mention how simple it is *even today* to maliciously get around windows networks using pass-the-hash along with network token manipulation techniques. There has even been a bug filed that draws out great ways to psudo-mitigate this using built-in windows API calls, but it doesn't seem to really be going anywhere. This really concerns me because a number of my coworkers and friends were un-aware of this behavior, and I didn't even know about it until I'd been using it for a year or so. All I really want to see is at the very least just some warning that Filezilla does this. Filezilla bug report:(http://trac.filezilla-project.org/ticket/5530) My feelings have been said a lot more eloquently than I could ever hope to in that bug report: Whoever keeps closing this issue and/or dismissing its importance understands neither security nor logical argument. I apologize for the slam, but it is undeniably true. Making the same mistake over and over does not make it any less of a mistake. The fact that a critical deficiency has existed for years does not make it any less critical a deficiency. Similarly, the fact that there are others (pidgin) who indulge in the same faulty reasoning does not make the reasoning any more sound. ~btrower While it's true you can mitigate this behavior, why should it even be enabled by default? The total lapse in security for such a feature-rich, robust piece of software is quite disturbing, and I don't understand how the developers don't think this is an issue. I just wanted to gauge the FD community on this issue, because with enough backing and explanation from the security community as to why this is a problem, this issue may finally be resolved (it's been doing this for years now). Regards, Ryan Sears ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/