Re: [Full-disclosure] Mutt: failure to check server certificate in SMTP TLS connection
> As port 587 is for port for TLS/STARTTLS and port 465 is for ssl if I > am not mistaken. > > Please do point out if I have gotten this completely incorrect. Nope, you're right, it looks like I got the two mixed up. Good catch on the lack of certificate validation. tim ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Mutt: failure to check server certificate in SMTP TLS connection
I should add that mutt hanging on the set smtp_url = "smtps://tes...@lola.com:587" configuration is what I would expect to happen. As port 587 is for port for TLS/STARTTLS and port 465 is for ssl if I am not mistaken. Please do point out if I have gotten this completely incorrect. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Mutt: failure to check server certificate in SMTP TLS connection
Um. Sorry, but I didn't want to be sent 100 different configurations to test when perhaps someone knows about a configuration which is 'correct'. So my test case as you pointed out did contain an error. Here are the test case(s) I think you wanted me to run. 1. a muttrc with just set smtp_url = "smtps://tes...@lola.com" in it. This does not 'fix' the problem (mutt still connects). 2. a muttrc with just set smtp_url = "smtps://tes...@lola.com:587" it it. mutt is unable to connect (it just 'hangs'). Did you mean for me to test any other configurations? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Insect Pro 2.1 : New version release
On Tue, Mar 8, 2011 at 8:06 PM, Pete Smith wrote: > On 9 March 2011 11:13, Ryan Sears wrote: >> >> I agree, in order for it to qualify as 'free' it needs to be just that. >> >> Forcing someone to make a 'donation' before you give them said free >> software is SELLING that software. Saying it's free is not just misleading, >> it's a blatantly *not* true. >> >> Juan did however give me a download to test it out when I contacted him >> off-list, which was nice of him, but I don't think that these announcements >> should say 'free with a donation from 20$ up'. It should state that you HAVE >> to pay 20$ in order to get a download. Anything else is misleading. >> >> Also due to the fact that this is *not* open-source I did not try it out. >> Just too many red flags for me. >> I like the Live Chat Support - Offline. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Insect Pro 2.1 : New version release
On 9 March 2011 11:13, Ryan Sears wrote: > I agree, in order for it to qualify as 'free' it needs to be just that. > > Forcing someone to make a 'donation' before you give them said free > software is SELLING that software. Saying it's free is not just misleading, > it's a blatantly *not* true. > > Juan did however give me a download to test it out when I contacted him > off-list, which was nice of him, but I don't think that these announcements > should say 'free with a donation from 20$ up'. It should state that you HAVE > to pay 20$ in order to get a download. Anything else is misleading. > > Also due to the fact that this is *not* open-source I did not try it out. > Just too many red flags for me. > > > I agree with Ryan here, too many red flags... Essentially this $20 "donation" is paying for a windows only gui as most of the functionality that is being advertised to encourage people to download and pay the donation is provided by actual open-source products... Do you know what would be really good... not using FD to advertise and drum up donations for your product... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Insect Pro 2.1 : New version release
I agree, in order for it to qualify as 'free' it needs to be just that. Forcing someone to make a 'donation' before you give them said free software is SELLING that software. Saying it's free is not just misleading, it's a blatantly *not* true. Juan did however give me a download to test it out when I contacted him off-list, which was nice of him, but I don't think that these announcements should say 'free with a donation from 20$ up'. It should state that you HAVE to pay 20$ in order to get a download. Anything else is misleading. Also due to the fact that this is *not* open-source I did not try it out. Just too many red flags for me. Just my 2 cents. Ryan Sears - Original Message - From: "Mario Vilas" To: "Quentin Ducas" Cc: full-disclosure@lists.grok.org.uk Sent: Tuesday, March 8, 2011 6:55:38 PM GMT -05:00 US/Canada Eastern Subject: Re: [Full-disclosure] Insect Pro 2.1 : New version release It seems to be a different version. IMHO if I have to pay to download it then it's not really free. Insect should follow the same donation policy as any open source project - download should be free and donation should be optional. This is probably a non-issue anyway but I feel the word "free" shouldn't be used in this context, at least I find it misleading... On Tue, Mar 8, 2011 at 10:31 AM, Quentin Ducas wrote: > Real free version (no donation needed) here: > http://insectpro.highprofilesite.com/ > > Quentin > > 2011/3/7 Juan Sacco : > > The Insect Pro 2.1 new version is now accessible on Insecurity Research > > servers! > > Get it now to enjoy the positive changes that this update brings, based > > directly on user feedback > > > > Insect Pro is a penetration security auditing and testing software > > solution designed to allow organizations of all sizes mitigate, monitor > > and manage the latest security threats vulnerabilities and implement > > active security policies by performing penetration tests across their > > infrastructure and applications. > > > > Insect Pro 2.1 includes: > > Minimize to systray to work in background > > Video recording > > Capture screenshots > > Keylogging feature > > Command-line based control > > GUI improved > > > > Read full patch notes on our site to learn more about what's new and > > improved. > > > > Also, anyone that has not yet donate to get a license may do it now and > > obtain a free version of the new stealth keylogger! > > > > Juan Sacco > > -- > > _ > > Insecurity Research - Security auditing and testing software > > Web: http://www.insecurityresearch.com > > Insect Pro 2.1 was released stay tunned > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- “My daughter was asked by a little old lady in a London hotel restaurant what her daddy did - she answered, ‘He’s a pirate.’ I was very proud of that answer.” - *Johnny Depp* ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Mutt: failure to check server certificate in SMTP TLS connection
Instead of telling me what configurations to use why don't you test them out and tell me what happens? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Insect Pro 2.1 : New version release
It seems to be a different version. IMHO if I have to pay to download it then it's not really free. Insect should follow the same donation policy as any open source project - download should be free and donation should be optional. This is probably a non-issue anyway but I feel the word "free" shouldn't be used in this context, at least I find it misleading... On Tue, Mar 8, 2011 at 10:31 AM, Quentin Ducas wrote: > Real free version (no donation needed) here: > http://insectpro.highprofilesite.com/ > > Quentin > > 2011/3/7 Juan Sacco : > > The Insect Pro 2.1 new version is now accessible on Insecurity Research > > servers! > > Get it now to enjoy the positive changes that this update brings, based > > directly on user feedback > > > > Insect Pro is a penetration security auditing and testing software > > solution designed to allow organizations of all sizes mitigate, monitor > > and manage the latest security threats vulnerabilities and implement > > active security policies by performing penetration tests across their > > infrastructure and applications. > > > > Insect Pro 2.1 includes: > > Minimize to systray to work in background > > Video recording > > Capture screenshots > > Keylogging feature > > Command-line based control > > GUI improved > > > > Read full patch notes on our site to learn more about what's new and > > improved. > > > > Also, anyone that has not yet donate to get a license may do it now and > > obtain a free version of the new stealth keylogger! > > > > Juan Sacco > > -- > > _ > > Insecurity Research - Security auditing and testing software > > Web: http://www.insecurityresearch.com > > Insect Pro 2.1 was released stay tunned > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- “My daughter was asked by a little old lady in a London hotel restaurant what her daddy did - she answered, ‘He’s a pirate.’ I was very proud of that answer.” - *Johnny Depp* ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-1086-1] Linux kernel (EC2) vulnerabilities
=== Ubuntu Security Notice USN-1086-1March 08, 2011 linux-ec2 vulnerabilities CVE-2010-4076, CVE-2010-4077, CVE-2010-4158, CVE-2010-4163, CVE-2010-4175 === A security issue affects the following Ubuntu releases: Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 10.04 LTS: linux-image-2.6.32-314-ec2 2.6.32-314.27 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. Details follow: Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4076, CVE-2010-4077) Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4158) Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. (CVE-2010-4163) Dan Rosenberg discovered that the RDS protocol did not correctly check ioctl arguments. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4175) Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.32-314.27.diff.gz Size/MD5: 9075603 3b5ed62eef9ba6d5e63ca59a308035c8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.32-314.27.dsc Size/MD5: 2104 71e44d7e3a2422e18abc0039f50f5002 http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.32.orig.tar.gz Size/MD5: 81900940 4b1f6f6fac43a23e783079db589fc7e2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2-doc_2.6.32-314.27_all.deb Size/MD5: 6434392 09281aaccdce3fe2c4d70a0913ec5e49 http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2-source-2.6.32_2.6.32-314.27_all.deb Size/MD5: 68171196 7048f33fb28bc4a5f7634b12499b492d http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.32-314_2.6.32-314.27_all.deb Size/MD5: 10046624 a385860922eb209c56960edbd4874134 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.32-314-ec2_2.6.32-314.27_amd64.deb Size/MD5: 693912 7528587b27dbfe734761131cb0efb493 http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-image-2.6.32-314-ec2_2.6.32-314.27_amd64.deb Size/MD5: 20035640 bcc35c559c339452498c0b90a5e240bc i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.32-314-ec2_2.6.32-314.27_i386.deb Size/MD5: 659440 a75036c9ba32e477f202074a0b02f606 http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-image-2.6.32-314-ec2_2.6.32-314.27_i386.deb Size/MD5: 19234330 cd15dca40624901035313331878edf98 signature.asc Description: Digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2011:044 ] wireshark
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:044 http://www.mandriva.com/security/ ___ Package : wireshark Date: March 8, 2011 Affected: 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 ___ Problem Description: This advisory updates wireshark to the latest version (1.2.15), fixing several security issues: Wireshark 1.5.0, 1.4.3, and earlier frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file (CVE-2011-0538). Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file (CVE-2011-0713). wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field (CVE-2011-1139). Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet (CVE-2011-1140). epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements (CVE-2011-1141). Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-referential ASN.1 CHOICE values (CVE-2011-1142). The updated packages have been upgraded to the latest 1.2.x version (1.2.15) and patched to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0538 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0713 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1140 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1141 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1142 http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html ___ Updated Packages: Mandriva Linux 2010.0: 4db846abbacf7eac286b74f86382d238 2010.0/i586/dumpcap-1.2.15-0.1mdv2010.0.i586.rpm 3b4fe6b8e1edb2cbd83179d97fd84f23 2010.0/i586/libwireshark0-1.2.15-0.1mdv2010.0.i586.rpm 890665f35f7876060b247509ce31fd37 2010.0/i586/libwireshark-devel-1.2.15-0.1mdv2010.0.i586.rpm e8232ea22a396aca9bf71031f247fa01 2010.0/i586/rawshark-1.2.15-0.1mdv2010.0.i586.rpm d5536e102b608ed0665549e5e0ab507e 2010.0/i586/tshark-1.2.15-0.1mdv2010.0.i586.rpm 40d642d0cfb665ff3f8755e05638eac0 2010.0/i586/wireshark-1.2.15-0.1mdv2010.0.i586.rpm 0a8e773f4a0e1981342b7bb8b6816941 2010.0/i586/wireshark-tools-1.2.15-0.1mdv2010.0.i586.rpm 4fed7a360885bd7024b9c3fd69504224 2010.0/SRPMS/wireshark-1.2.15-0.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 62a1fda0c386e0aa6d3aadd8c3f7d62c 2010.0/x86_64/dumpcap-1.2.15-0.1mdv2010.0.x86_64.rpm d17ac71ad6ce839c8c3a81a0a06793de 2010.0/x86_64/lib64wireshark0-1.2.15-0.1mdv2010.0.x86_64.rpm 9235c2a8549951df7c77b07606962bc8 2010.0/x86_64/lib64wireshark-devel-1.2.15-0.1mdv2010.0.x86_64.rpm 691e8294144bedac0d49ea8b92b07240 2010.0/x86_64/rawshark-1.2.15-0.1mdv2010.0.x86_64.rpm 236960ab7c21e9b5e7646db762924b8d 2010.0/x86_64/tshark-1.2.15-0.1mdv2010.0.x86_64.rpm c1794b390d93cdbfaf05eb8bd36019a1 2010.0/x86_64/wireshark-1.2.15-0.1mdv2010.0.x86_64.rpm 148720aac3f7a0d7a981420caaea4616 2010.0/x86_64/wireshark-tools-1.2.15-0.1mdv2010.0.x86_64.rpm 4fed7a360885bd7024b9c3fd69504224 2010.0/SRPMS/wireshark-1.2.15-0.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 313756ef8291ba01def8a2e004903ca4 2010.1/i586/dumpcap-1.2.15-0.1mdv2010.2.i586.rpm cb340c3a4c8e3c900f4e54cdacf7d03d 2010.1/i586/libwireshark0-1.2.15-0.1mdv2010.2.i586.rpm 49755a2744bc696fc901380b25768bd0 2010.1/i586/libwireshark-devel-1.2.15-0.1mdv2010.2.i586.rpm 2dcd879857499f43a6700a4071b19963 2010.1/i586/rawshark-1.2.15-0.1mdv2010.2.i586.rpm 10df6360560c06cf88052154a0bf
Re: [Full-disclosure] Insect Pro 2.1 : New version release
msf rip imo On 7 March 2011 17:07, Juan Sacco wrote: > The Insect Pro 2.1 new version is now accessible on Insecurity Research > servers! > Get it now to enjoy the positive changes that this update brings, based > directly on user feedback > > Insect Pro is a penetration security auditing and testing software > solution designed to allow organizations of all sizes mitigate, monitor > and manage the latest security threats vulnerabilities and implement > active security policies by performing penetration tests across their > infrastructure and applications. > > Insect Pro 2.1 includes: > Minimize to systray to work in background > Video recording > Capture screenshots > Keylogging feature > Command-line based control > GUI improved > > Read full patch notes on our site to learn more about what's new and > improved. > > Also, anyone that has not yet donate to get a license may do it now and > obtain a free version of the new stealth keylogger! > > Juan Sacco > -- > _ > Insecurity Research - Security auditing and testing software > Web: http://www.insecurityresearch.com > Insect Pro 2.1 was released stay tunned > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Insect Pro 2.1 : New version release
Real free version (no donation needed) here: http://insectpro.highprofilesite.com/ Quentin 2011/3/7 Juan Sacco : > The Insect Pro 2.1 new version is now accessible on Insecurity Research > servers! > Get it now to enjoy the positive changes that this update brings, based > directly on user feedback > > Insect Pro is a penetration security auditing and testing software > solution designed to allow organizations of all sizes mitigate, monitor > and manage the latest security threats vulnerabilities and implement > active security policies by performing penetration tests across their > infrastructure and applications. > > Insect Pro 2.1 includes: > Minimize to systray to work in background > Video recording > Capture screenshots > Keylogging feature > Command-line based control > GUI improved > > Read full patch notes on our site to learn more about what's new and > improved. > > Also, anyone that has not yet donate to get a license may do it now and > obtain a free version of the new stealth keylogger! > > Juan Sacco > -- > _ > Insecurity Research - Security auditing and testing software > Web: http://www.insecurityresearch.com > Insect Pro 2.1 was released stay tunned > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] NSOADV-2011-003: Majordomo2 'help' Command Directory Traversal (Patch Bypass)
__ -- NSOADV-2011-003 --- Majordomo2 'help' Command Directory Traversal (Patch Bypass) __ __ 0 1 00110 0011000 11 01 01 1 10 1 0 11 01 0 11 1 1 111011001 101 1 11 0110111 110 1001 0 1 10 11 0 10 11 111 1 111 111001 1 0 10 0 11 11 1 1 1101 10 00111 0 0 11 00 0 1110 1 10111 111 11 100 1011 0 01 0 1 1 10 11 1 011 00 0110 1110 1 0 11101011 11100 00 0 0 10 1110 1 01 1 1101 01 01110 0 10 10 110 0 111010101 11 11 0 0 1 1 1 1 1101 111 10110 10 010 1 0 0 1 110 111 1 1 1 111 1 10011 10110 0 1100 111 10 110 10100010 111 11 0011100 11 10 001100 0001 11 10 11 0 0 00100 1 10 1 101010001 111010 1011 100100 111001101 0 0110 111011011 0110 10001101 0 1011 1 10 101 0101 00 1010 1 11001 1 1101 10 110101011 0 101 0 11011 111 __ __ Title: Majordomo2 'help' Command Directory Traversal Severity: Medium Advisory ID:NSOADV-2011-003 CVE:CVE-2011-0063 Found Date: 03.02.2011 Date Reported: 03.02.2011 Release Date: 19.02.2011 Author: Nikolas Sotiriu Mail: nso-research at sotiriu.de Website:http://sotiriu.de/ Twitter:http://twitter.com/nsoresearch Advisory-URL: http://sotiriu.de/adv/NSOADV-2011-003.txt Vendor/Project: http://www.mj2.org/ Affected Products: majordomo2 <= 20110203 Remote Exploitable: Yes Local Exploitable: No Patch Status: Vendor released a patch (See Solution) Discovered by: Nikolas Sotiriu Disclosure Policy: http://sotiriu.de/policy.html Thanks to: Thierry Zoller: For the permission to use his Policy Background: === Majordomo 2 is an upwardly-compatible rewrite of the popular majordomo mailing list manager software by Jason Tibbitts and Michael Yount. Description: Majordomo2 <= 20110203 is affected by a Directory Traversal vulnerability due to parameter 'extra' of the 'help' command in the function '_list_file_get()' is not properly sanitized. The original bug was made public on 03.02.2011 by Michael Brooks of sitewat.ch: https://sitewat.ch/en/Advisory/View/1 https://bugzilla.mozilla.org/show_bug.cgi?id=628064 I discovered, that the patch, which is in the CVS since version 20110125 don't protect against the Directory Traversal bug. https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481 The diff build in the regex '$file =~ s!/?\.\./?!!g;', which deletes '../' from $file. Bypassing this regex is quiet simple by using './.../' insted '../'. Proof of Concept : == HTTP: http:///cgi-bin/mj_wwwusr?passw=&list=GLOBAL&user=&func=help& extra=./..././..././..././..././..././..././..././.../etc/passwd SMTP: help ./..././..././..././..././..././..././..././.../etc/passwd Solution: = Update to Majordomo2 >= 20110204 http://ftp.mj2.org/pub/mj2/snapshots/2011-02/majordomo-20110204.tar.gz References: === Sitewatch Advisory: https://sitewat.ch/en/Advisory/View/1 Original Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=628064 Patch Bypass: https://bugzilla.mozilla.org/show_bug.cgi?id=631307 Disclosure Timeline (/MM/DD): = 2011.02.03: Patch bypass vulnerability found 2011.02.03: Informed security [at] mozilla.org 2011.02.03: Mozilla opend Bug 631307 in bugzilla 2011.02.03: Jason Tibbitts comitted a fix (Sorry again) 2011.02.04: Snapshot available for download 2011.02.04: Discuss the public disclosure 2011.03.04: Got the Bug Bounty Money 2011.03.08: Release of Advisory ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-char
Re: [Full-disclosure] Mutt: failure to check server certificate in SMTP TLS connection
> If I have > > set smtp_url = "smtps://tes...@lola.com:587" > set ssl_starttls = yes > set ssl_force_tls = yes > > mutt is unable to connect. In this case, shouldn't you disable ssl_starttls ? tim ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Python ssl handling could be better...
On Mon, 07 Mar 2011 11:39:49 EST, Charles Morris said: > > I've had this conversation at many different times with different > > people over the years. > > If you tell a lie enough times. Took long enough to Godwin this thread. ;) pgpsGQWCJPnlH.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2011:043 ] libtiff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:043 http://www.mandriva.com/security/ ___ Package : libtiff Date: March 8, 2011 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 ___ Problem Description: A buffer overflow was discovered in libtiff which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding (CVE-2011-0192). Additionally it was discovered that the fixes for CVE-2009-2347 and CVE-2010-2065 were incomplete for Mandriva Linux 2010.0 and 2010.2 and being resolved as well. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2347 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2065 http://support.apple.com/kb/HT4554 ___ Updated Packages: Mandriva Linux 2009.0: 6161b79e9a210ef10136cf522fcae735 2009.0/i586/libtiff3-3.8.2-12.4mdv2009.0.i586.rpm a4c724e9889a465d7c3f80618c137a6e 2009.0/i586/libtiff3-devel-3.8.2-12.4mdv2009.0.i586.rpm 59bd1f954344f75c89562942b8e67f26 2009.0/i586/libtiff3-static-devel-3.8.2-12.4mdv2009.0.i586.rpm f0e36e04e25d5f7194d51c8ec5aceace 2009.0/i586/libtiff-progs-3.8.2-12.4mdv2009.0.i586.rpm 4dba15dd4b9930f9eb8819feea83fdc2 2009.0/SRPMS/libtiff-3.8.2-12.4mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 43bd1b087e1bd33785e0391508958cc0 2009.0/x86_64/lib64tiff3-3.8.2-12.4mdv2009.0.x86_64.rpm a4c118fd83be8cc4e68bcfef5364c768 2009.0/x86_64/lib64tiff3-devel-3.8.2-12.4mdv2009.0.x86_64.rpm 134ae47488e549ef44b37467039d8c48 2009.0/x86_64/lib64tiff3-static-devel-3.8.2-12.4mdv2009.0.x86_64.rpm 96a726fe5e7bdd10c4add7b5b6a9765f 2009.0/x86_64/libtiff-progs-3.8.2-12.4mdv2009.0.x86_64.rpm 4dba15dd4b9930f9eb8819feea83fdc2 2009.0/SRPMS/libtiff-3.8.2-12.4mdv2009.0.src.rpm Mandriva Linux 2010.0: d473eec0df8bf76047b4cc9fd039517f 2010.0/i586/libtiff3-3.9.1-4.3mdv2010.0.i586.rpm 571154033ffa0756e328080a2903 2010.0/i586/libtiff-devel-3.9.1-4.3mdv2010.0.i586.rpm 7dbf407fb2ad92bbcc8e07dd50378145 2010.0/i586/libtiff-progs-3.9.1-4.3mdv2010.0.i586.rpm 6f00afaaa934688a567fb835fdba6408 2010.0/i586/libtiff-static-devel-3.9.1-4.3mdv2010.0.i586.rpm 476e72930534b39b3a233ff39d32b749 2010.0/SRPMS/libtiff-3.9.1-4.3mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 9b00125f6db8ef5f0007015f824a2297 2010.0/x86_64/lib64tiff3-3.9.1-4.3mdv2010.0.x86_64.rpm 5bce8273b1596a72b20762a2a10a4ba5 2010.0/x86_64/lib64tiff-devel-3.9.1-4.3mdv2010.0.x86_64.rpm 1dfce1fe83cc7e20fb28ed6b90620cb6 2010.0/x86_64/lib64tiff-static-devel-3.9.1-4.3mdv2010.0.x86_64.rpm e945257630a37a38ff6a182fcb9a3983 2010.0/x86_64/libtiff-progs-3.9.1-4.3mdv2010.0.x86_64.rpm 476e72930534b39b3a233ff39d32b749 2010.0/SRPMS/libtiff-3.9.1-4.3mdv2010.0.src.rpm Mandriva Linux 2010.1: 1ebefe4b147df76b2432e35efb6ccc68 2010.1/i586/libtiff3-3.9.2-2.3mdv2010.2.i586.rpm 3b3f043455d4fa867de179c0d445812f 2010.1/i586/libtiff-devel-3.9.2-2.3mdv2010.2.i586.rpm a4c9326657d3fa9c238c59a0a54c5fa5 2010.1/i586/libtiff-progs-3.9.2-2.3mdv2010.2.i586.rpm bec7660cf735caef3d795254ee12dfb8 2010.1/i586/libtiff-static-devel-3.9.2-2.3mdv2010.2.i586.rpm 11d15974ed4ffe30164791e0603dff7e 2010.1/SRPMS/libtiff-3.9.2-2.3mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 72ce70d9e1db8e677ec346e69aa57469 2010.1/x86_64/lib64tiff3-3.9.2-2.3mdv2010.2.x86_64.rpm b09392f442a6f79a3b7b668b15fb93b6 2010.1/x86_64/lib64tiff-devel-3.9.2-2.3mdv2010.2.x86_64.rpm fdfd079e10cfd09d27771bf6d95610f2 2010.1/x86_64/lib64tiff-static-devel-3.9.2-2.3mdv2010.2.x86_64.rpm 763fb491e5896c4c4cddb46e0935a69e 2010.1/x86_64/libtiff-progs-3.9.2-2.3mdv2010.2.x86_64.rpm 11d15974ed4ffe30164791e0603dff7e 2010.1/SRPMS/libtiff-3.9.2-2.3mdv2010.2.src.rpm Corporate 4.0: 3ff2e1a4ef40b7da017d2d508037434b corporate/4.0/i586/libtiff3-3.6.1-12.10.20060mlcs4.i586.rpm 64a74440c32e4dbd0f27148400b2277f corporate/4.0/i586/libtiff3-devel-3.6.1-12.10.20060mlcs4.i586.rpm 5849512079a3fccfd6794ad516585c0b corporate/4.0/i586/libtiff3-static-devel-3.6.1-12.10.20060mlcs4.i586.rpm 70fa38c74000f8c6a00c5f13611a41fb corporate/4.0/i586/libtiff-progs-3.6.1-12.10.20060mlcs4.i586.rpm d3cb50ab91beab6a422425dc024c41ef corporate/4.0/SRPMS/libtiff-3.6.1-12.10.20060
Re: [Full-disclosure] Mutt: failure to check server certificate in SMTP TLS connection
Actually it doesn't seem like switching the configuration 'fixes' the issue. If I have set smtp_url = "smtps://tes...@lola.com" set ssl_starttls = yes set ssl_force_tls = yes It _still_ connects to the 'incorrect server' fine(I expect it to connect to lola.com and it connects to gmail's smtp server which presents a certificate which is not valid for lola.com ... so mutt should disconnect!). If I have set smtp_url = "smtps://tes...@lola.com:587" set ssl_starttls = yes set ssl_force_tls = yes mutt is unable to connect. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Mutt: failure to check server certificate in SMTP TLS connection
On 8 March 2011 19:00, Joachim Schipper wrote: > On Tue, Mar 08, 2011 at 12:36:01PM +1100, dave b wrote: >> Hi all. It seems that mutt fails to check the validity of a SMTP >> servers certificate during a TLS connection. In my mutt configuration >> I have >> >> set ssl_starttls = yes >> set ssl_force_tls = yes >> >> However, after performing the steps below I found that mutt did not >> properly validate the remote servers SMTP tls certificate. This means >> that an attacker could potentially MITM a mutt user connecting to >> their SMTP server even when the user has forced a TLS connection. >> >> Steps to test this: >> 1. I set in my hosts file the ip for smtp.gmail.com to be bound to >> mail.lolok.com >> >> in /etc/hosts >> 74.125.127.109 mail.LOLOK.com >> >> 2.Then I changed my >> >> set smtp_url = "smtp://myusern...@smtp.gmail.com:587/" >> to be >> set smtp_url = "smtp://myusern...@mail.lolok.com:587/" >> >> 3. I opened up mutt and emailed my self. I note that I saw mutt say >> "connecting to mail.lolok.com". >> >> I feel that this is an issue because mutt _does_ actually perform IMAP >> server certificate validation (at least it did when I last tested it >> :P). > > I'm on the train and not able to test, but the muttrc(5) man page has > > smtp_url > Type: string > Default: "" > > Defines the SMTP smarthost where sent messages should relayed > for delivery. This should take the form of an SMTP URL, e.g.: > > > > smtp[s]://[user[:pass]@]host[:port] > > > > where "[...]" denotes an optional part. Setting this variable > overrides the value of the $sendmail variable. > > Note the "[s]". But yes, you should arguably file a documentation-bug > with the Mutt maintainers, since ssl_starttls does suggest that it works > for SMTP too. Oh really? I'll test it out now! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [HITB-Announce] HITB Magazine Call for Articles
HITB Magazine is currently seeking submissions for our next issue. If you have something interesting to write, please drop us an email at: editor...@hackinthebox.org TOPICS Topics of interest include, but are not limited to the following: * New Attack and Defense Techniques * Reverse Code Engineering * Network Security * Forensics and Incident Response * WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security * Cryptography * Hardware Hacking * Malware Analysis * Lock Picking / Physical Security HITB Magazine is a deep-knowledge technical magazine. Articles that are more technical or that discuss new and never before seen attack methods are of more interest than a subject that has been covered several times before. Please send your article to editorial () hackinthebox org Submissions for issue #6 due no later than 5th of April 2011 --- Hafez Kamal HITB Crew Hack in The Box (M) Sdn. Bhd. Suite 26.3, Level 26, Menara IMC, No. 8 Jalan Sultan Ismail, 50250 Kuala Lumpur, Malaysia Tel: +603-20394724 Fax: +603-20318359 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Mutt: failure to check server certificate in SMTP TLS connection
On Tue, Mar 08, 2011 at 12:36:01PM +1100, dave b wrote: > Hi all. It seems that mutt fails to check the validity of a SMTP > servers certificate during a TLS connection. In my mutt configuration > I have > > set ssl_starttls = yes > set ssl_force_tls = yes > > However, after performing the steps below I found that mutt did not > properly validate the remote servers SMTP tls certificate. This means > that an attacker could potentially MITM a mutt user connecting to > their SMTP server even when the user has forced a TLS connection. > > Steps to test this: > 1. I set in my hosts file the ip for smtp.gmail.com to be bound to > mail.lolok.com > > in /etc/hosts > 74.125.127.109 mail.LOLOK.com > > 2.Then I changed my > > set smtp_url = "smtp://myusern...@smtp.gmail.com:587/" > to be > set smtp_url = "smtp://myusern...@mail.lolok.com:587/" > > 3. I opened up mutt and emailed my self. I note that I saw mutt say > "connecting to mail.lolok.com". > > I feel that this is an issue because mutt _does_ actually perform IMAP > server certificate validation (at least it did when I last tested it > :P). I'm on the train and not able to test, but the muttrc(5) man page has smtp_url Type: string Default: "" Defines the SMTP smarthost where sent messages should relayed for delivery. This should take the form of an SMTP URL, e.g.: smtp[s]://[user[:pass]@]host[:port] where "[...]" denotes an optional part. Setting this variable overrides the value of the $sendmail variable. Note the "[s]". But yes, you should arguably file a documentation-bug with the Mutt maintainers, since ssl_starttls does suggest that it works for SMTP too. Joachim ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Insect Pro 2.1 : New version release
The Insect Pro 2.1 new version is now accessible on Insecurity Research servers! Get it now to enjoy the positive changes that this update brings, based directly on user feedback Insect Pro is a penetration security auditing and testing software solution designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities and implement active security policies by performing penetration tests across their infrastructure and applications. Insect Pro 2.1 includes: Minimize to systray to work in background Video recording Capture screenshots Keylogging feature Command-line based control GUI improved Read full patch notes on our site to learn more about what's new and improved. Also, anyone that has not yet donate to get a license may do it now and obtain a free version of the new stealth keylogger! Juan Sacco -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.1 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/