[Full-disclosure] ZDI-10-208: Oracle Java Runtime HeadspaceSoundbank.nGetName BANK Record Size Remote Code Execution Vulnerability
ZDI-10-208: Oracle Java Runtime HeadspaceSoundbank.nGetName BANK Record Size Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-208 October 12, 2010 -- CVE ID: CVE-2010-3559 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10073. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for processing SoundBank files. While parsing BANK records, the HeadspaceSoundbank.nGetName function improperly sign-extends the one byte value into 4 bytes. It is later used as the size to a memcpy when operating on the BANK record's data. An attacker can abuse this to execute arbitrary code under the context of the user running the web browser. -- Vendor Response: Oracle has issued an update to correct this vulnerability. More details can be found at: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html -- Disclosure Timeline: 2010-06-23 - Vulnerability reported to vendor 2010-10-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-207: Oracle Java ActiveX Plugin Uninitialized Window Handle Remote Code Execution Vulnerability
ZDI-10-207: Oracle Java ActiveX Plugin Uninitialized Window Handle Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-207 October 12, 2010 -- CVE ID: CVE-2010-3555 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java platform that utilize the ActiveX Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the plugin initializes objects. While the plugin is in a particular state, the application will fail to initialize a field that is used as a window handle. Exploitation can lead to code execution under the privileges of the application. -- Vendor Response: Oracle has issued an update to correct this vulnerability. More details can be found at: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html -- Disclosure Timeline: 2010-06-01 - Vulnerability reported to vendor 2010-10-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous * Stephen Fewer of Harmony Security (www.harmonysecurity.com) -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-206: Oracle Java IE Browser Plugin docbase Parameter Remote Code Execution Vulnerability
ZDI-10-206: Oracle Java IE Browser Plugin docbase Parameter Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-206 October 12, 2010 -- CVE ID: CVE-2010-3552 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10241. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JP2IEXP.dll responsible for handling the Java plugin within Internet Explorer. When an applet is embedded within a page, the code within this module parses out the docbase parameter and copies it into a fixed-length buffer located on the stack. An attacker can overflow this buffer and execute remote code under the context of the user running the browser. -- Vendor Response: Oracle has issued an update to correct this vulnerability. More details can be found at: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html -- Disclosure Timeline: 2010-07-20 - Vulnerability reported to vendor 2010-10-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Stephen Fewer of Harmony Security (www.harmonysecurity.com) -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-205: Oracle Sun JRE JPEGImageWriter.writeImage Remote Code Execution Vulnerability
ZDI-10-205: Oracle Sun JRE JPEGImageWriter.writeImage Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-205 October 12, 2010 -- CVE ID: CVE-2010-3565 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10580. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of JPEG image dimensions. When specifying large values to the dimensions of a subsample an integer overflow occurs leading to memory corruption. Successful exploitation of this vulnerability can lead to remote compromise under the credentials of the currently logged in user. -- Vendor Response: Sun Microsystems has issued an update to correct this vulnerability. More details can be found at: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html -- Disclosure Timeline: 2010-06-17 - Vulnerability reported to vendor 2010-10-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-204: Oracle Sun JRE ICC Profile Device Information Tag Remote Code Execution Vulnerability
ZDI-10-204: Oracle Sun JRE ICC Profile Device Information Tag Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-204 October 12, 2010 -- CVE ID: CVE-2010-3566 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10579. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the implementation of the color profile parser. When processing a the 'devs' tag structure out of a color profile, the parser will read a 32-bit integer and use it to calculate the size for a memory allocation. Due to the result being larger than 32 bits, an integer overflow will occur. This will lead to code execution under the context of the application. -- Vendor Response: Sun Microsystems has issued an update to correct this vulnerability. More details can be found at: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html -- Disclosure Timeline: 2010-06-17 - Vulnerability reported to vendor 2010-10-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Intevydis http://intevydis.com -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-203: Oracle Sun Java ICC Profile Unicode Description Remote Code Execution Vulnerability
ZDI-10-203: Oracle Sun Java ICC Profile Unicode Description Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-203 October 12, 2010 -- CVE ID: CVE-2010-3571 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10577. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the implementation of the color profile parser. When processing a particular Tag structure out of a color profile, the parser will read a 32-bit integer and use it to calculate the size for a memory allocation. Due to the result being larger than 32 bits, an integer overflow will occur. This will lead to code execution under the context of the application. -- Vendor Response: Sun Microsystems has issued an update to correct this vulnerability. More details can be found at: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html -- Disclosure Timeline: 2010-06-30 - Vulnerability reported to vendor 2010-10-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Intevydis http://intevydis.com -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-202: Sun Java Web Start BasicServiceImpl Remote Code Execution Vulnerability
ZDI-10-202: Sun Java Web Start BasicServiceImpl Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-202 October 12, 2010 -- CVE ID: CVE-2010-3563 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9673. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Sun Java Runtime. User interaction is required in that a target must visit a malicious page. The specific flaw exists within the com.sun.jnlp.BasicServiceImpl class. By abusing how Web Start retrieves security policies, an attacker can forge their own and force the removal of sandbox restrictions. Successful exploitation leads to code execution under the context of the user running the browser. -- Vendor Response: Sun Microsystems has issued an update to correct this vulnerability. More details can be found at: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html -- Disclosure Timeline: 2010-04-05 - Vulnerability reported to vendor 2010-10-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Matthias Kaiser (mka) -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-201: Oracle Database Java Stored Procedure Race Condition Remote Code Execution Vulnerability
ZDI-10-201: Oracle Database Java Stored Procedure Race Condition Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-201 October 12, 2010 -- CVE ID: CVE-2010-2419 -- CVSS: 9, (AV:N/AC:L/Au:S/C:C/I:C/A:C) -- Affected Vendors: Oracle -- Affected Products: Oracle Database Server -- Vulnerability Details: This vulnerability allows remote attackers to break out of the Java Sandbox implemented by Oracle's relational database. Authentication is required in that a user must be able to create a Java stored procedure to trigger the issue. The specific flaw exists within Oracle's custom SecurityManager implementation. Due to the implementation's dependence on a flag of a particular object to determine success or failure of a privileged call, a race condition exists which will allow one to execute Java code bypassing the sandbox. Successful exploitation will allow an attacker to execute arbitrary code in the context of the server. -- Vendor Response: Oracle has issued an update to correct this vulnerability. More details can be found at: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html -- Disclosure Timeline: 2010-01-15 - Vulnerability reported to vendor 2010-10-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Sami Koivu -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-200: Tivoli Storage Manager FastBack 0xfafbfcfd Packet Remote Code Execution Vulnerability
ZDI-10-200: Tivoli Storage Manager FastBack 0xfafbfcfd Packet Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-200 October 12, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: IBM -- Affected Products: IBM Tivoli Storage Manager -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10533. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tivoli Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe which listens by default on TCP port 1320. When handling a packet with header type 0xFAFBFCFD the process blindly copies user supplied data into a heap buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user. -- Vendor Response: IBM states: http://www-01.ibm.com/support/docview.wss?uid=swg21443820 Issue 2 -- Disclosure Timeline: 2010-06-17 - Vulnerability reported to vendor 2010-10-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * AbdulAziz Hariri -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2120-1] New postgresql-8.3 packages fix privilege escalation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2120-1 secur...@debian.org http://www.debian.org/security/ Florian Weimer October 12, 2010 http://www.debian.org/security/faq - Package: postgresql-8.3 Vulnerability : privilege escalation Problem type : remote Debian-specific: no CVE Id(s) : CVE-2010-3433 Tim Bunce discovered that PostgreSQL, a database server software, does not properly separate interpreters for server-side stored procedures which run in different security contexts. As a result, non-privileged authenticated database users might gain additional privileges. Note that this security update may impact intended communication through global variables between stored procedures. It might be necessary to convert these functions to run under the plperlu or pltclu languages, with database superuser privileges. This security update also includes unrelated bug fixes from PostgreSQL 8.3.12. For the stable distribution (lenny), this problem has been fixed in version 8.3_8.3.12-0lenny1. For the unstable distribution (sid), this problem has been fixed in version 8.4.5-1 of the postgresql-8.4 package. We recommend that you upgrade your PostgreSQL packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Source archives: http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.12-0lenny1.dsc Size/MD5 checksum: 2313 1663c4c9915f51a31ff6e6b7b3bda545 http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.12.orig.tar.gz Size/MD5 checksum: 13955500 03b56e23c3bcdc36eee3156334b8b97b http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.12-0lenny1.diff.gz Size/MD5 checksum:52479 e39048a272b6085ad0dce1933a1b1f5b Architecture independent packages: http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-doc_8.3.12-0lenny1_all.deb Size/MD5 checksum: 273756 95f2dc5525e464769715c302d9141df4 http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib_8.3.12-0lenny1_all.deb Size/MD5 checksum: 273824 0c762a2fed4bf2b85120b4fc6a3c5d09 http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.12-0lenny1_all.deb Size/MD5 checksum: 2213230 61228c350de23b18674fc3a2b0d11e44 http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql_8.3.12-0lenny1_all.deb Size/MD5 checksum: 273944 b89079dac539bbbaed5794bee7f4d3c3 http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client_8.3.12-0lenny1_all.deb Size/MD5 checksum: 273928 744cf8e343f7c1c658eb64f976797736 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.12-0lenny1_alpha.deb Size/MD5 checksum: 293706 41c14c7e0ea6dc1f6b4015fa0b3bdc9a http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.12-0lenny1_alpha.deb Size/MD5 checksum: 638416 e3c55350fc57d889281157d9047da119 http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.12-0lenny1_alpha.deb Size/MD5 checksum: 498186 27c76b0e919d5d98d5573dd3cf8a29b4 http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.12-0lenny1_alpha.deb Size/MD5 checksum: 1720192 853975a17102b21ae9bcfe8ada0e8f20 http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.12-0lenny1_alpha.deb Size/MD5 checksum: 412750 6514158a601f1f553c2930a647f777a1 http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.12-0lenny1_alpha.deb Size/MD5 checksum: 282464 ceca3e409d28a80f4fc409a01f605065 http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.12-0lenny1_alpha.deb Size/MD5 checksum: 292584 0435ab52cdf05454cc911432c03276fa http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.12-0lenny1_alpha.deb Size/MD5 checksum: 850022 2ff3573cbdd9dd0d89666a619c7e43b9 http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.12-0lenny1_alpha.deb Size/MD5 checksum: 302546 e1dfd28c264c5f99ce6e6e7b25500b61 http://security.debian.org/pool/updates/main/p
[Full-disclosure] [SECURITY] [DSA 2116-1] New poppler packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2116-1 secur...@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 12, 2010 http://www.debian.org/security/faq - Package: poppler Vulnerability : several Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2010-3702 CVE-2010-3704 Debian Bug : 599165 Joel Voss of Leviathan Security Group discovered two vulnerabilities in the Poppler PDF rendering library, which may lead to the execution of arbitrary code if a malformed PDF file is opened. For the stable distribution (lenny), these problems have been fixed in version 0.8.7-4. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your poppler packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7.orig.tar.gz Size/MD5 checksum: 1469587 9af81429d6f8639c357a5eed25583365 http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7-4.diff.gz Size/MD5 checksum:23876 219c5db15e7e0ad3ce01c45b5d2d17b5 http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7-4.dsc Size/MD5 checksum: 1481 a2d28a0e06fd0b226e9e87d88aab52e8 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_alpha.deb Size/MD5 checksum: 891456 eecf847b41f68e67cfa250c239ab95ff http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_alpha.deb Size/MD5 checksum: 220410 cdc18593a727b1a80279ad941a929dee http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_alpha.deb Size/MD5 checksum: 329946 83a82f4a995727adac2a9cbb19cd0705 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_alpha.deb Size/MD5 checksum: 303118 8407f059f1395ad93f765cdcf70f6246 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_alpha.deb Size/MD5 checksum: 180578 f625e16840c1262de1e33579bfff3e00 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_alpha.deb Size/MD5 checksum: 197172 2573621fc79b03251735690bfd818f5e http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_alpha.deb Size/MD5 checksum: 1334994 5fbda5e9f2b3824d3d7ccbb1bcf000d0 http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_alpha.deb Size/MD5 checksum: 3204616 7c7c37da8b894e462b2758524365ca46 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_alpha.deb Size/MD5 checksum: 234854 06e4977b32fb63577a918c110147e5f6 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_alpha.deb Size/MD5 checksum: 452718 751233edf2ec85fd1e095893124f8909 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_amd64.deb Size/MD5 checksum: 184848 ed2abc9b1edd4cde56eb40b9b775cf45 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_amd64.deb Size/MD5 checksum: 1119492 16725109ae348df90c30896be4a0c5de http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_amd64.deb Size/MD5 checksum: 232702 2e7740b7098cd91493f178745b966d4a http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_amd64.deb Size/MD5 checksum: 178414 497a3f7cbff9acdb0b01d58aae33415a http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_amd64.deb Size/MD5 checksum: 358376 461a59da2c6b0c7531bba1a385f3607d http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_amd64.deb Size/MD5 checksum: 275318 3c6b86fb8a57e9f17fbe058a36fa426e http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_amd64.deb Size/MD5 checksum: 314086 3381ccceeaa1d2727f331d92b59818dd http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_amd64.deb Size/MD5 checksum: 3148992 c1f76eb6ca390ef674647dc5def03c4
[Full-disclosure] Internet Explorer Uninitialized Memory Corruption Vulnerability - CVE-2010-3331
Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/ Internet Explorer Uninitialized Memory Corruption Vulnerability CVE-2010-3331 - MS10-071 INTRODUCTION There exists a vulnerability within the way internet explorer handles specific objects that has not been correctly initialized or has been deleted, which leads to uninitialized memory reference and code execution. This vulnerability can be triggered thru different vectors, been Microsoft Word one of the tested ones. This problem was confirmed in the following versions of Internet Explorer and Windows, other versions maybe also affected. Internet Explorer 6 running in All Versions of Windows Internet Explorer 7 running in All Versions of Windows Internet Explorer 8 running in All Versions of Windows MICROSOFT EXPLOTABILITY INDEX In order to help the Microsoft Response Team we did further analysis on the vulnerability and we classify it as: 1 consistent exploit code likely. Important to note again that since the faulty code also appears inside the mshtml.dll other applications may behave differently when triggering the problem (even more when talking about 3rd parties). CVSS Scoring System The CVSS score is: 8.3 Base Score: 10 Temporal Score: 8.3 We used the following values to calculate the scores: Base score is: AV:N/AC:L/Au:N/C:C/I:C/A:C Temporal score is: E:F/RL:OF/RC:C TRIGGERING THE PROBLEM This vulnerability can be triggered by creating a persistent object with class id: CLSID:AE24FDAE-03C6-11D1-8B76-0080C744F389. The problem is triggered by the an exploit code available to interested party which causes invalid memory access in all the referred versions. CREDITS This vulnerability was discovered and researched by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT). Best Regards, Rodrigo. -- Rodrigo Rubira Branco Senior Security Researcher Vulnerability Discovery Team (VDT) Check Point Software Technologies ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-199: Windows Media Player Network Sharing ServiceRemote Code Execution Vulnerability
ZDI-10-199: Windows Media Player Network Sharing ServiceRemote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-199 October 12, 2010 -- CVE ID: CVE-2010-3225 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Microsoft -- Affected Products: Microsoft Windows Media Player 11 -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10540. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. Authentication is not required to exploit this vulnerability. The specific flaw exists within Windows Media Player's support for streaming media to other equipment located on the same network. If a specially formatted RTSP request is made to an instance of the application's streaming service, the application will free an object, and then later reuse it. This can lead to code execution under the context of the application. -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/bulletin/MS10-075.mspx -- Disclosure Timeline: 2010-06-30 - Vulnerability reported to vendor 2010-10-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Oleksandr Mirosh -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-198: Microsoft Internet Explorer EOT File hdmx Parsing Remote Code Execution Vulnerability
ZDI-10-198: Microsoft Internet Explorer EOT File hdmx Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-198 October 12, 2010 -- CVE ID: CVE-2010-1883 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 4062. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of an Embedded OpenType file to TrueType format within t2embed.dll. The most likely vector for this to be exploited is via Internet Explorer as an embedded font in an HTML/CSS document. The flaw itself is due to an integer overflow when parsing hdmx records. A record size and record count variable are trusted and operated upon. The resulting value is used in a copy loop that can be manipulated to corrupt memory. This can be abused by an attacker to execute remote code under the context of the user running the browser. -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/bulletin/MS10-076.mspx -- Disclosure Timeline: 2010-06-23 - Vulnerability reported to vendor 2010-10-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Sebastian Apelt (www.siberas.de) -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-197: Microsoft Internet Explorer Stylesheet PrivateFind Remote Code Execution Vulnerability
ZDI-10-197: Microsoft Internet Explorer Stylesheet PrivateFind Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-197 October 12, 2010 -- CVE ID: CVE-2010-3328 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10543. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the function CAttrArray::PrivateFind as defined in mshtml.dll. If a specific property of a stylesheet object is set, the code within mshtml can be forced to free an object which is subsequently accessed later. This can be leveraged by an attacker to execute remote code under the context of the user running the browser. -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/bulletin/MS10-071.mspx -- Disclosure Timeline: 2010-06-08 - Vulnerability reported to vendor 2010-10-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Peter Vreugdenhil ( http://vreugdenhilresearch.nl ) -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Privat24 (Facebook version) bypass of static password for accounts of PrivatBank (Ukraine, Russia and CIS)
On Tue, Oct 12, 2010 at 12:02 AM, Andriy Tereshchenko wrote: > Hi, > > I suspect that real reason for this app is intelligence on data about > bank clients from Facebook database. > To be used during debt collection or while making loan decisions. > > App has no Privacy Policy defined, but request permissions to access > Facebook profile, friends list and other info. ;-) > > Person who has "invented" this app Alexander Vityaz has posted on his > wall (on 1 October) link to article on how many data-mining employees > LinkedIn has and that they do. Seems like he is willing to replicate > same effort for banking purpose. > > References: > 1. Alexander Vityaz Facebook Wall > http://www.facebook.com/profile.php?id=544590214&v=wall&ref=ts > > 2. Article about Dip Nashar - CEO of LinkedIn (in russian) > http://www.forbes.ru/karera/rynok-truda/57722-zaprogrammirovat-kareru > > -- > TAG > Interesting. Providing the same level of security to financial details and FarmVille is really bad idea. Many banks are providing two factor authentication, different password for transactions etc to provide better security but, in this case things have gone backwards. Shreyas Zare Sr. Information Security Researcher Secfence Technologies www.secfence.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2010:199 ] subversion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:199 http://www.mandriva.com/security/ ___ Package : subversion Date: October 12, 2010 Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability was discovered and corrected in subversion: authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands (CVE-2010-3315). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3315 ___ Updated Packages: Mandriva Linux 2009.0: 3c5262a04208c769fa100a2c37264909 2009.0/i586/apache-mod_dav_svn-1.5.7-0.2mdv2009.0.i586.rpm d4d0f1eb34518213d8fb71f6c639f2a0 2009.0/i586/apache-mod_dontdothat-1.5.7-0.2mdv2009.0.i586.rpm 3706eadcd645ff05210b2092a03d6e4d 2009.0/i586/libsvn0-1.5.7-0.2mdv2009.0.i586.rpm c594c657540168ba5988cb54ac948916 2009.0/i586/libsvnjavahl0-1.5.7-0.2mdv2009.0.i586.rpm 7a95024ebd0ef23308092938559e8adc 2009.0/i586/perl-SVN-1.5.7-0.2mdv2009.0.i586.rpm 3f5f72542cdc2426219c9d822a09447c 2009.0/i586/python-svn-1.5.7-0.2mdv2009.0.i586.rpm b62e8ef9ca026ff37eda18ffe8fc73fc 2009.0/i586/ruby-svn-1.5.7-0.2mdv2009.0.i586.rpm b0adcbc0ffcb59c8a8230c4c873e9789 2009.0/i586/subversion-1.5.7-0.2mdv2009.0.i586.rpm 3d54cf32b7ecf5ac32335aa858c4e7e1 2009.0/i586/subversion-devel-1.5.7-0.2mdv2009.0.i586.rpm 15bec29060ecee011910a48f94d6e2ee 2009.0/i586/subversion-doc-1.5.7-0.2mdv2009.0.i586.rpm b3a52aa4798730ef2e1ab781aa2f68cf 2009.0/i586/subversion-server-1.5.7-0.2mdv2009.0.i586.rpm 792f0462d19067e8264f06f80b48b439 2009.0/i586/subversion-tools-1.5.7-0.2mdv2009.0.i586.rpm 49f4a2cb2e79c4fe9961e3cc630ec453 2009.0/i586/svn-javahl-1.5.7-0.2mdv2009.0.i586.rpm e2b222a73619a793fbd8934328310f6c 2009.0/SRPMS/subversion-1.5.7-0.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 782d18c3b343df7fa726c396834eeb5a 2009.0/x86_64/apache-mod_dav_svn-1.5.7-0.2mdv2009.0.x86_64.rpm fbd9cc05b93883d9e3c630471b00e5bd 2009.0/x86_64/apache-mod_dontdothat-1.5.7-0.2mdv2009.0.x86_64.rpm 04055b4d74b7097a3c234f6d7d9256a1 2009.0/x86_64/lib64svn0-1.5.7-0.2mdv2009.0.x86_64.rpm 1560a934628b787e0cd2d08acd12067c 2009.0/x86_64/lib64svnjavahl0-1.5.7-0.2mdv2009.0.x86_64.rpm 358f95e926e72678d765f57711af0606 2009.0/x86_64/perl-SVN-1.5.7-0.2mdv2009.0.x86_64.rpm c770bb63fa5ae12b57d6a9c7a36d1d12 2009.0/x86_64/python-svn-1.5.7-0.2mdv2009.0.x86_64.rpm f10301b8a525a295b4347ee131ee2e57 2009.0/x86_64/ruby-svn-1.5.7-0.2mdv2009.0.x86_64.rpm 943cebc4216b89f3282211c63023aeef 2009.0/x86_64/subversion-1.5.7-0.2mdv2009.0.x86_64.rpm 1f1c8a3ae2021b45af52cc719db230c6 2009.0/x86_64/subversion-devel-1.5.7-0.2mdv2009.0.x86_64.rpm 79086daec4cce2fd12591e4d19fd4ccd 2009.0/x86_64/subversion-doc-1.5.7-0.2mdv2009.0.x86_64.rpm 0da2869701ec437967bde60ddd052be3 2009.0/x86_64/subversion-server-1.5.7-0.2mdv2009.0.x86_64.rpm 6fc1972ec0ad9ccecabfe44043faecdb 2009.0/x86_64/subversion-tools-1.5.7-0.2mdv2009.0.x86_64.rpm cf00724b08eb63d974143590ce60f586 2009.0/x86_64/svn-javahl-1.5.7-0.2mdv2009.0.x86_64.rpm e2b222a73619a793fbd8934328310f6c 2009.0/SRPMS/subversion-1.5.7-0.2mdv2009.0.src.rpm Mandriva Linux 2009.1: e39eaf6afdb0701923943486ae6e3b90 2009.1/i586/apache-mod_dav_svn-1.6.4-0.2mdv2009.1.i586.rpm da23b78111e459494543a81ddc2c423b 2009.1/i586/apache-mod_dontdothat-1.6.4-0.2mdv2009.1.i586.rpm 9c5a0a18bfe6ffd57af3ada8f48d74e4 2009.1/i586/libsvn0-1.6.4-0.2mdv2009.1.i586.rpm cf4cd7e6f1bea4b768067f438be9a912 2009.1/i586/libsvnjavahl1-1.6.4-0.2mdv2009.1.i586.rpm 39c27856a9db53da369fa61647a70f56 2009.1/i586/perl-SVN-1.6.4-0.2mdv2009.1.i586.rpm 05efc5339b6d1ecd3707cfb07319706d 2009.1/i586/python-svn-1.6.4-0.2mdv2009.1.i586.rpm 8bc7dbeebd2e753c53da8c4cc6b9ebac 2009.1/i586/ruby-svn-1.6.4-0.2mdv2009.1.i586.rpm d76bde6bdd9b94926bbf4bcafc8af3e2 2009.1/i586/subversion-1.6.4-0.2mdv2009.1.i586.rpm caf3f9edf79f50c9bd96c037fe39a53a 2009.1/i586/subversion-devel-1.6.4-0.2mdv2009.1.i586.rpm dbd45bc646717381fd40371993298a1b 2009.1/i586/subversion-doc-1.6.4-0.2mdv2009.1
[Full-disclosure] [ MDVSA-2010:199 ] subversion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:199 http://www.mandriva.com/security/ ___ Package : subversion Date: October 12, 2010 Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability was discovered and corrected in subversion: authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands (CVE-2010-3315). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3315 ___ Updated Packages: Mandriva Linux 2009.0: 3c5262a04208c769fa100a2c37264909 2009.0/i586/apache-mod_dav_svn-1.5.7-0.2mdv2009.0.i586.rpm d4d0f1eb34518213d8fb71f6c639f2a0 2009.0/i586/apache-mod_dontdothat-1.5.7-0.2mdv2009.0.i586.rpm 3706eadcd645ff05210b2092a03d6e4d 2009.0/i586/libsvn0-1.5.7-0.2mdv2009.0.i586.rpm c594c657540168ba5988cb54ac948916 2009.0/i586/libsvnjavahl0-1.5.7-0.2mdv2009.0.i586.rpm 7a95024ebd0ef23308092938559e8adc 2009.0/i586/perl-SVN-1.5.7-0.2mdv2009.0.i586.rpm 3f5f72542cdc2426219c9d822a09447c 2009.0/i586/python-svn-1.5.7-0.2mdv2009.0.i586.rpm b62e8ef9ca026ff37eda18ffe8fc73fc 2009.0/i586/ruby-svn-1.5.7-0.2mdv2009.0.i586.rpm b0adcbc0ffcb59c8a8230c4c873e9789 2009.0/i586/subversion-1.5.7-0.2mdv2009.0.i586.rpm 3d54cf32b7ecf5ac32335aa858c4e7e1 2009.0/i586/subversion-devel-1.5.7-0.2mdv2009.0.i586.rpm 15bec29060ecee011910a48f94d6e2ee 2009.0/i586/subversion-doc-1.5.7-0.2mdv2009.0.i586.rpm b3a52aa4798730ef2e1ab781aa2f68cf 2009.0/i586/subversion-server-1.5.7-0.2mdv2009.0.i586.rpm 792f0462d19067e8264f06f80b48b439 2009.0/i586/subversion-tools-1.5.7-0.2mdv2009.0.i586.rpm 49f4a2cb2e79c4fe9961e3cc630ec453 2009.0/i586/svn-javahl-1.5.7-0.2mdv2009.0.i586.rpm e2b222a73619a793fbd8934328310f6c 2009.0/SRPMS/subversion-1.5.7-0.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 782d18c3b343df7fa726c396834eeb5a 2009.0/x86_64/apache-mod_dav_svn-1.5.7-0.2mdv2009.0.x86_64.rpm fbd9cc05b93883d9e3c630471b00e5bd 2009.0/x86_64/apache-mod_dontdothat-1.5.7-0.2mdv2009.0.x86_64.rpm 04055b4d74b7097a3c234f6d7d9256a1 2009.0/x86_64/lib64svn0-1.5.7-0.2mdv2009.0.x86_64.rpm 1560a934628b787e0cd2d08acd12067c 2009.0/x86_64/lib64svnjavahl0-1.5.7-0.2mdv2009.0.x86_64.rpm 358f95e926e72678d765f57711af0606 2009.0/x86_64/perl-SVN-1.5.7-0.2mdv2009.0.x86_64.rpm c770bb63fa5ae12b57d6a9c7a36d1d12 2009.0/x86_64/python-svn-1.5.7-0.2mdv2009.0.x86_64.rpm f10301b8a525a295b4347ee131ee2e57 2009.0/x86_64/ruby-svn-1.5.7-0.2mdv2009.0.x86_64.rpm 943cebc4216b89f3282211c63023aeef 2009.0/x86_64/subversion-1.5.7-0.2mdv2009.0.x86_64.rpm 1f1c8a3ae2021b45af52cc719db230c6 2009.0/x86_64/subversion-devel-1.5.7-0.2mdv2009.0.x86_64.rpm 79086daec4cce2fd12591e4d19fd4ccd 2009.0/x86_64/subversion-doc-1.5.7-0.2mdv2009.0.x86_64.rpm 0da2869701ec437967bde60ddd052be3 2009.0/x86_64/subversion-server-1.5.7-0.2mdv2009.0.x86_64.rpm 6fc1972ec0ad9ccecabfe44043faecdb 2009.0/x86_64/subversion-tools-1.5.7-0.2mdv2009.0.x86_64.rpm cf00724b08eb63d974143590ce60f586 2009.0/x86_64/svn-javahl-1.5.7-0.2mdv2009.0.x86_64.rpm e2b222a73619a793fbd8934328310f6c 2009.0/SRPMS/subversion-1.5.7-0.2mdv2009.0.src.rpm Mandriva Linux 2009.1: e39eaf6afdb0701923943486ae6e3b90 2009.1/i586/apache-mod_dav_svn-1.6.4-0.2mdv2009.1.i586.rpm da23b78111e459494543a81ddc2c423b 2009.1/i586/apache-mod_dontdothat-1.6.4-0.2mdv2009.1.i586.rpm 9c5a0a18bfe6ffd57af3ada8f48d74e4 2009.1/i586/libsvn0-1.6.4-0.2mdv2009.1.i586.rpm cf4cd7e6f1bea4b768067f438be9a912 2009.1/i586/libsvnjavahl1-1.6.4-0.2mdv2009.1.i586.rpm 39c27856a9db53da369fa61647a70f56 2009.1/i586/perl-SVN-1.6.4-0.2mdv2009.1.i586.rpm 05efc5339b6d1ecd3707cfb07319706d 2009.1/i586/python-svn-1.6.4-0.2mdv2009.1.i586.rpm 8bc7dbeebd2e753c53da8c4cc6b9ebac 2009.1/i586/ruby-svn-1.6.4-0.2mdv2009.1.i586.rpm d76bde6bdd9b94926bbf4bcafc8af3e2 2009.1/i586/subversion-1.6.4-0.2mdv2009.1.i586.rpm caf3f9edf79f50c9bd96c037fe39a53a 2009.1/i586/subversion-devel-1.6.4-0.2mdv2009.1.i586.rpm dbd45bc646717381fd40371993298a1b 2009.1/i586/subversion-doc-1.6.4-0.2mdv2009.1
[Full-disclosure] [CORE-2010-0624] MS OpenType CFF Parsing Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ MS OpenType CFF Parsing Vulnerability 1. *Advisory Information* Title: MS OpenType CFF Parsing Vulnerability Advisory Id: CORE-2010-0624 Advisory URL: [http://www.coresecurity.com/content/ms-opentype-cff-parsing-vulnerability] Date published: 2010-10-12 Date of last update: 2010-10-08 Vendors contacted: Microsoft Release mode: Coordinated release 2. *Vulnerability Information* Class: Input validation error [CWE-20] Impact: Code execution Remotely Exploitable: No Locally Exploitable: Yes CVE Name: CVE-2010-2741 Bugtraq ID: N/A 3. *Vulnerability Description* While investigating the OpenType Compact Font Format vulnerability disclosed in MS10-037, Diego Juarez discovered another kernel bug in the parsing of OTF files. Loading a malformed OpenType font can cause the entire system to crash. The vulnerability could be used locally by attackers with access to an unprivileged account to elevate privileges to those of a System Adminsitrator. 4. *Vulnerable packages* . Windows XP . Windows 2003 5. *Non-vulnerable packages* . Windows Vista . Windows 2008 . Windows 7 6. *Vendor Information, Solutions and Workarounds* Microsoft has released security bulletin MS10-078 [http://go.microsoft.com/fwlink/?LinkId=201084] addressing this issue. 7. *Credits* This vulnerability was discovered and researched by Diego Juarez from Core Security Technologies. Publication was coordinated by Ivan Arce and Jorge Lucangeli Obes. 8. *Technical Description / Proof of Concept Code* The vulnerability occurs in the font cache. A well-formed font is loaded, and thus stored in the cache. Afterwards, the same font is reloaded, but with invalid 'offset' and 'length' fields for the 'head' table of the font. The 'offset' field is located at offset '0x64' in the file, and the 'length' field is located at offset '0x68'. A valid OpenType font: /- 000 544f 4f54 0b00 8000 0300 3000 4643 2046 010 7009 ee89 b004 b800 4646 4d54 020 1fbf 9a8f 8805 1c00 4447 4645 030 2f00 0400 6805 2000 534f 322f 040 9755 6c5b 2001 6000 6d63 7061 050 ecff f903 4403 4a01 6568 6461 060 99ef c1cf bc00 3600 6868 6165 ... - -/ The same font, with invalid 'offset' and 'length' fields: /- 000 544f 4f54 0b00 8000 0300 3000 4643 2046 010 7009 ee89 b004 b800 4646 4d54 020 1fbf 9a8f 8805 1c00 4447 4645 030 2f00 0400 6805 2000 534f 322f 040 9755 6c5b 2001 6000 6d63 7061 050 ecff f903 4403 4a01 6568 6461 060 99ef 00cf 00ff ff00 3600 6868 6165 ... - -/ 9. *Report Timeline* . 2010-06-28: Initial notification sent to MSRC, including proof-of-concept code to reproduce it. Publication date set to August 10, 2010. . 2010-06-29: MSRC acknowledges bug report. Case 10135 opened. . 2010-06-29: Core indicates that it has assigned id CORE-2010-0624 to this advisory. . 2010-07-12: Vendor confirms the vulnerability causes a Read Access Violation and will investigate further to discard the possibility of a Write AV. Vista and above are not affected. . 2010-07-22: Core ask for an update with the list of vulnerable platforms and confirmation that fixes for the bug will be release in August 2010. . 2010-07-23: Vendor replies with the list of vulnerable platforms, but requests to push the publication date forward due to the extensive variant investigation needed. . 2010-07-26: Core accepts postponing the publication date, but with a firm commitment for a future publication date, no later than October 2010. . 2010-07-26: Vendor replies with a commitment to release fixes on October 12th. . 2010-07-28: Core sets the publication date of the advisory to October 12th, and notes that this release date is final. . 2010-08-17: Core verifies the list of vulnerable platforms with MSRC. . 2010-08-17: MSRC replies with the final list of vulnerable platforms, and confirms the release date of the advisory to be October 12th. . 2010-09-15: MSRC updates the status of the case and confirms the acknowledgment for the vulnerability. . 2010-09-21: Core acknowledges the update and confirms the release date of the advisory. . 2010-09-24: Core requests a bulletin number for the fix, and asks if MSRC has already requested a CVE number for the vulnerability. . 2010-09-24: MSRC answers with the CVE number assigned to the vulnerability and the link that's going to point to the bulletin once it's released. . 2010-10-01: MSRC informs the tentative bulletin number for this vulnerability, and requests to review the advisory before it's published. . 2010-10-01: Core replies that the draft will be sent once the technical details are finished. . 2010-10-07: Core sends the draft advisory. . 2010-10-08: MSRC acknowledges the advisory text, and confirms
[Full-disclosure] ZDI-10-196: SAP Crystal Reports JobServer GIOP Request Remote Code Execution Vulnerability
ZDI-10-196: SAP Crystal Reports JobServer GIOP Request Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-196 October 12, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: SAP -- Affected Products: SAP Crystal Reports -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10482. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JobServer.exe process which listens by default on several TCP ports above 1024. When parsing a GIOP request, the process trusts a user-supplied 32-bit value and allocates a buffer on the heap. The process then proceeds to copy the string following this value from the packet until it finds a NULL byte. By crafting a specifically sized packet a remote attacker can overflow the buffer and gain code execution under the context of the SYSTEM user. -- Vendor Response: SAP states: A solution was provided via SAP note 1509604 (https://websmp130.sap-ag.de/sap/support/notes/1509604) -- Disclosure Timeline: 2010-07-20 - Vulnerability reported to vendor 2010-10-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * AbdulAziz Hariri -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-195: SAP BusinessObjects Crystal Reports Server CMS.exe Remote Code Execution Vulnerability
ZDI-10-195: SAP BusinessObjects Crystal Reports Server CMS.exe Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-195 October 12, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: SAP -- Affected Products: SAP Crystal Reports -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10482. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CMS.exe process which listens by default on several TCP ports above 1024. When parsing a GIOP request, the process trusts a user-supplied 32-bit value and allocates a buffer on the heap. The process then proceeds to copy the string following this value from the packet until it finds a NULL byte. By crafting a specifically sized packet a remote attacker can overflow the buffer and gain code execution under the context of the SYSTEM user. -- Vendor Response: SAP states: A solution was provided via SAP note 1509604 (https://websmp130.sap-ag.de/sap/support/notes/1509604) -- Disclosure Timeline: 2010-07-20 - Vulnerability reported to vendor 2010-10-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * AbdulAziz Hariri * Andrea Micalizzi aka rgod -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] List Charter
[Full-Disclosure] Mailing List Charter John Cartwright - Introduction & Purpose - This document serves as a charter for the [Full-Disclosure] mailing list hosted at lists.grok.org.uk. The list was created on 9th July 2002 by Len Rose, and is primarily concerned with security issues and their discussion. The list is administered by John Cartwright. The Full-Disclosure list is hosted and sponsored by Secunia. - Subscription Information - Subscription/unsubscription may be performed via the HTTP interface located at http://lists.grok.org.uk/mailman/listinfo/full-disclosure. Alternatively, commands may be emailed to full-disclosure-requ...@lists.grok.org.uk, send the word 'help' in either the message subject or body for details. - Moderation & Management - The [Full-Disclosure] list is unmoderated. Typically posting will be restricted to members only, however the administrators may choose to accept submissions from non-members based on individual merit and relevance. It is expected that the list will be largely self-policing, however in special circumstances (eg spamming, misappropriation) then offending members may be removed from the list by the management. An archive of postings is available at http://lists.grok.org.uk/pipermail/full-disclosure/. - Acceptable Content - Any information pertaining to vulnerabilities is acceptable, for instance announcement and discussion thereof, exploit techniques and code, related tools and papers, and other useful information. Gratuitous advertisement, product placement, or self-promotion is forbidden. Disagreements, flames, arguments, and off-topic discussion should be taken off-list wherever possible. Humour is acceptable in moderation, providing it is inoffensive. Politics should be avoided at all costs. Members are reminded that due to the open nature of the list, they should use discretion in executing any tools or code distributed via this list. - Posting Guidelines - The primary language of this list is English. Members are expected to maintain a reasonable standard of netiquette when posting to the list. Quoting should not exceed that which is necessary to convey context, this is especially relevant to members subscribed to the digested version of the list. The use of HTML is discouraged, but not forbidden. Signatures will preferably be short and to the point, and those containing 'disclaimers' should be avoided where possible. Attachments may be included if relevant or necessary (e.g. PGP or S/MIME signatures, proof-of-concept code, etc) but must not be active (in the case of a worm, for example) or malicious to the recipient. Vacation messages should be carefully configured to avoid replying to list postings. Offenders will be excluded from the mailing list until the problem is corrected. Members may post to the list by emailing full-disclos...@lists.grok.org.uk. Do not send subscription/ unsubscription mails to this address, use the -request address mentioned above. - Charter Additions/Changes - The list charter will be published at http://lists.grok.org.uk/full-disclosure-charter.html. In addition, the charter will be posted monthly to the list by the management. Alterations will be made after consultation with list members and a concensus has been reached. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cryptome and Kryogeniks - Obstruction of Justice / Evidence destruction
Anyone else getting nice lulz out of the kryogeniks - john young drama? How much trouble are these script kiddies in? They don't sound very intelligent. They picked a wrong target when they picked on Mr. Young - who is basically the last person you would want to hack. I'm honestly expecting this personal vigilante case w/ Young and Kryogeniks to escalate into raids and arrests (Kryogeniks on their website posted they were destroying HD's, obstruction of justice). When people lulz up like that or just commit crimes I love to use webcitation to snapshot the proof so officials can use them for easy pickings. Webcitation evidence of obstruction: http://webcitation.org/5tLDc5a10 Enjoy The theory is everyone is held accountable to the law, if you were suspected of breaking the law or knew someone who does you would be harassed and investigated. When someone else breaks the law and isn't held to the same standard, it is personally crossing you. The laws are rendered useless if you don't report. Can't wait to have john young drop the rest of the docs on these criminals. It'll be sweet justice to people who just don't care about the rules and honestly come off like a bunch of trash. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/