Re: [Full-disclosure] CCAvenue.com Payment Gateway Vulnerable SQL Injection UPDATE
Let's trust software from Microsoft or Apple. On Thu, May 19, 2011 at 12:33 PM, David Blanc davidblanc1...@gmail.comwrote: On Sat, May 7, 2011 at 6:53 PM, Xa Buri xab...@yahoo.com wrote: So who finally did it and when? ispy or d3hydr8? and I still don't buy the whole SQL Injection theory. There is no proof. Looks more like an insider dump. Never trust an Indian software company. http://hackerstreet.in/item?id=6323 http://blog.susam.in/2011/05/infosys-tcs-or-wipro.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Regards, webDEViL http://twitter.com/w3bd3vil ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CCAvenue.com Payment Gateway Vulnerable SQL Injection UPDATE
And let's trust HBGary. On Thu, May 19, 2011 at 7:03 AM, David Blanc davidblanc1...@gmail.comwrote: On Sat, May 7, 2011 at 6:53 PM, Xa Buri xab...@yahoo.com wrote: So who finally did it and when? ispy or d3hydr8? and I still don't buy the whole SQL Injection theory. There is no proof. Looks more like an insider dump. Never trust an Indian software company. http://hackerstreet.in/item?id=6323 http://blog.susam.in/2011/05/infosys-tcs-or-wipro.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Thanks and Regards, Vipul Agarwal ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CCAvenue.com Payment Gateway Vulnerable SQLInjection UPDATE
Lol . David, security vulnerabilities are not related to hometown of the developer in anyways ;) Regards; w0lf www.maestro-sec.com -- sent from BlackBerry -- -Original Message- From: Vipul Agarwal vi...@nuttygeeks.com Sender: full-disclosure-boun...@lists.grok.org.uk Date: Thu, 19 May 2011 07:30:13 To: David Blancdavidblanc1...@gmail.com Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] CCAvenue.com Payment Gateway Vulnerable SQL Injection UPDATE ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CCAvenue.com Payment Gateway Vulnerable SQL Injection UPDATE
On Thu, May 19, 2011 at 3:30 AM, Vipul Agarwal vi...@nuttygeeks.com wrote: And let's trust HBGary. :) On Thu, May 19, 2011 at 7:03 AM, David Blanc davidblanc1...@gmail.com wrote: On Sat, May 7, 2011 at 6:53 PM, Xa Buri xab...@yahoo.com wrote: So who finally did it and when? ispy or d3hydr8? and I still don't buy the whole SQL Injection theory. There is no proof. Looks more like an insider dump. Never trust an Indian software company. http://hackerstreet.in/item?id=6323 http://blog.susam.in/2011/05/infosys-tcs-or-wipro.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CCAvenue.com Payment Gateway Vulnerable SQL Injection UPDATE
Never trust an Indian software company. Sure, go ahead and trust the Pakis instead ;-) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Linux kernel 2011 local root does it exist
Actually FreeBSD copyright protected its latest FreeBSD X, you can only jailbreak OpenBSD now. -Original Message- From: root ro...@fibertel.com.ar To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Linux kernel 2011 local root does it exist Date: Wed, 18 May 2011 14:59:28 -0300 You can only jailbreak FreeBSD devices. On 05/18/2011 01:37 PM, Mario Vilas wrote: Hi, just a quick question, do those exploits you mention work in a jailbroken device? I'm running Linux Leopard lOS 4.3 on my iAndroid tablet. On Wed, May 18, 2011 at 11:41 AM, Joxean Koret joxeanko...@yahoo.es wrote: Sorry men, there is no exploit for Linux Kernel(TM) 2011. But you have exploits for Linux XP. I would like to know is there any local root exploit exist for linux kernel 2011 . ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Rove Monteux Senior Systems Administrator Twitter: @rovemonteux PGP Key: http://mcaf.ee/daf29 signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google chrome sending strange DNS queries
http://isc.sans.org/diary.html?storyid=10312; On Wed, May 18, 2011 at 11:07 PM, Eric dkn...@gmail.com wrote: Greetings, Has anyone ever noticed, the sort of DNS queries when you fire/running Google-chrome? The DNS queries for domain names likes: bsjghxplor hrrtjswxtt epjyptuure etc. Behavior has been observed on Linux as well as Windows systems. See the attached screenshot of wireshark dump. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Any POC code for policykit root encapsulation
Greetings, Is there any POC code for root encapsulation for the following cvs . https://bugzilla.redhat.com/show_bug.cgi?id=692922#c0 Looking forward for your kind response. Regards Net_Spy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Linux kernel 2011 local root does it exist
On 19 May 2011 11:03, Rove Monteux rove.mont...@fluid-rock.com wrote: Actually FreeBSD copyright protected its latest FreeBSD X, you can only jailbreak OpenBSD now. you can't jail break OpenBSD its secured by its pf (Proprietary Firewall) and StrlCpy (Strong Trusted Registered License Copyright Protection Yin) ok i couldn't think of a good word for the Y ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google chrome sending strange DNS queries
Interesting I will have to test this one and see. I know recently someone did a writeup about Microsoft doing a similar phone home when you launch I.E so it can verify you internet connection. http://blog.superuser.com/2011/05/16/windows-7-network-awareness/ Infolookup http://infolookup.securegossip.com www.twitter.com/infolookup -Original Message- From: Eric dkn...@gmail.com Sender: full-disclosure-boun...@lists.grok.org.uk Date: Thu, 19 May 2011 02:37:35 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Google chrome sending strange DNS queries Greetings, Has anyone ever noticed, the sort of DNS queries when you fire/running Google-chrome? The DNS queries for domain names likes: bsjghxplor hrrtjswxtt epjyptuure etc. Behavior has been observed on Linux as well as Windows systems. See the attached screenshot of wireshark dump. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MalBox Release! A Program Behavior Analysis System!
Hi, everyone We've published a whitepaper on Malbox's site, which will introduce Malbox's architecture and workflow. You can download it from http://malbox.xjtu.edu.cn. On Sat, May 14, 2011 at 10:55:30PM +0100, Chris M wrote: Not convinced. Tried to upload a few samples, only support EXE files no DLLs? yet you take URLs? only to exes? The file I upped was a PE file. Just with a renamed extension. Also submitted a couple of known bad files and got a list of tcp ports back how is this operating? _SHARED_ sandbox? Whats it based on? More information would be appreciated :) -C I can still get HTTP 500 errors easily. That service is running vulnerable version of Tomcat and still saying wrong TCP-connections with any scan url/exe-sample. JS checks aren't done in backend. Best regards, Henri Salo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google chrome sending strange DNS queries
Start Chrome and start Wireshark. Apply the filter udp.port==5355 For Link Local Multicast Name Resolution protocol (LLMNR) protocol you will similar output in wireshark. http://en.wikipedia.org/wiki/Link-local_Multicast_Name_Resolution This protocol was implemented Windows Vista onwards, so you should this in Windows Server 2008 and Windows 7 as well. - TAS http://twitter.com/p0wnsauc3 On 19 May 2011 17:50, Sherwyn infoloo...@gmail.com wrote: Interesting I will have to test this one and see. I know recently someone did a writeup about Microsoft doing a similar phone home when you launch I.E so it can verify you internet connection. http://blog.superuser.com/2011/05/16/windows-7-network-awareness/ Infolookup http://infolookup.securegossip.com www.twitter.com/infolookup -Original Message- From: Eric dkn...@gmail.com Sender: full-disclosure-boun...@lists.grok.org.uk Date: Thu, 19 May 2011 02:37:35 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Google chrome sending strange DNS queries Greetings, Has anyone ever noticed, the sort of DNS queries when you fire/running Google-chrome? The DNS queries for domain names likes: bsjghxplor hrrtjswxtt epjyptuure etc. Behavior has been observed on Linux as well as Windows systems. See the attached screenshot of wireshark dump. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Ubuntu Security Notice publication update
Historically, Ubuntu sends Ubuntu Security Notices (USNs) to bugtraq, full-disclosure and our own announce mailing list. After a recent review of our publication process, we decided we will no longer post USNs to bugtraq and full-disclosure. People interested in receiving USNs by email should subscribe to the ubuntu-security-announce mailing list directly: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce An archive of all USNs can be found at: https://lists.ubuntu.com/archives/ubuntu-security-announce/ Alternatively, people can view USNs and subscribe to news feeds on our website: http://www.ubuntu.com/usn/ -- Jamie Strandboge | http://www.canonical.com signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] New DDoS attack vector
Dear list readers, on today we officially published our observations regarding the new attack vector of the DDoS against the DNS servers. A full story can be read here http://www.zone-h.org/news/id/4739 Here is the excerpt. The attack phases are as follows: The attacker obtains the IP address /hostname of the target DNS server. The attacker updates the NS records of the pre-registered domain foo -domain.com with the IP address /hostname of the target DNS server. Some registrars or hosting providers do not provide this functionality, many other do. There are known hosting companies and ISP that are supporting the spam [5]. After the NS records update the attacker waits at least 24 hours until the new records are propagated all over the Internet. Now the attacker prepares a spam campaign. There are few aspects to note: as first, the sender mail address for the MAIL FROM can contain the same user name, but the subdomain — 3rd level domain must vary per each spam message (for example first spam message has the sender james@subdom1.foo-domain.com but the second sender has to be james@subdom2.foo-domain.com). The second important aspect is the selection of the white horse systems. White horse systems are the SMTP incoming mail servers with a high bandwidth. Once the spam campaign has been started to the white horse systems using the spam botnet, these systems check on the background whether the sender’s domain resolves to the domain MX or at least to an A record. Since the NS record is set to the target DNS server, the DNS requests will be performed to the target DNS server. Target DNS server receives multiple regular DNS requests for the bogus subdomain records(note that in the previous Denial of Service attacks against the DNS servers received either malformed, fragmented, ICMP messages or TCP SYN, with invalid length, or oversized and some of these can be filtered by the firewalls or security appliances). Since the DNS server does not have the records for the foo-domain.com, it has to respond negatively to the request. If the spam campaign is successful, the white horse systems flood the DNS server with multiple valid DNS requests. Regards Jakub Alimov [Seznam.cz] minor [zone-h.org] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CA20110420-02: Security Notice for CA Output Management Web Viewer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CA20110420-01: Security Notice for CA SiteMinder Issued: April 20, 2011 Updated: May 19, 2011 CA Technologies support is alerting customers to a security risk associated with CA SiteMinder. A vulnerability exists that can allow a malicious user to impersonate another user. CA Technologies has issued patches to address the vulnerability. The vulnerability, CVE-2011-1718, is due to improper handling of multi-line headers. A malicious user can send specially crafted data to impersonate another user. Risk Rating Medium Platform Windows Affected Products CA SiteMinder R6 IIS 6.0 Web Agents prior to R6 SP6 CR2 CA SiteMinder R12 IIS 6.0 Web Agents prior to R12 SP3 CR2 How to determine if the installation is affected Check the Web Agent log to obtain the installed release version. Note that the webagent.log file name is configurable by the SiteMinder administrator. Solution CA has issued patches to address the vulnerability. CA SiteMinder R6: Upgrade to R6 SP6 CR2 or later CA SiteMinder R12: Upgrade to R12 SP3 CR2 or later CR releases can be found on the CA SiteMinder Hotfix / Cumulative Release page: (URL may wrap) support.ca.com/irj/portal/anonymous/phpdocs?filePath=0/5262/5262_fixinde x.h tml References CVE-2011-1718 - CA SiteMinder Multi-line Header Vulnerability Acknowledgement April King (ap...@twoevils.org) Change History Version 1.0: Initial Release Version 1.1: Updated Affected Products section to clarify that only the IIS 6.0 Web Agents are affected. ISS 7 is not affected by this issue. If additional information is required, please contact CA Technologies Support at https://support.ca.com. If you discover a vulnerability in a CA Technologies product, please report your findings to the CA Technologies Product Vulnerability Response Team. support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782 -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.9.1 (Build 287) Charset: utf-8 wj8DBQFN1UDNeSWR3+KUGYURAuwVAJ4imZZZtXVKli8gWinrjky3gheQCwCghM/N 69B1MXsPDg5Gt3ICQg4U7vc= =uuIC -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New DDoS attack vector
2011/5/19 minor float minor.fl...@gmail.com Dear list readers, on today we officially published our observations regarding the new attack vector of the DDoS against the DNS servers. A full story can be read here http://www.zone-h.org/news/id/4739 Here is the excerpt. The attack phases are as follows: The attacker obtains the IP address /hostname of the target DNS server. The attacker updates the NS records of the pre-registered domain foo -domain.com with the IP address /hostname of the target DNS server. Some registrars or hosting providers do not provide this functionality, many other do. There are known hosting companies and ISP that are supporting the spam [5]. After the NS records update the attacker waits at least 24 hours until the new records are propagated all over the Internet. Note that it's not possible with several tld. Eg : fr nic, afinc.net (and I hope some other) checks that an SOA record is present (and much more. See http://www.zonecheck.fr) on the name server before updating NS records in the registry. Now the attacker prepares a spam campaign. There are few aspects to note: as first, the sender mail address for the MAIL FROM can contain the same user name, but the subdomain — 3rd level domain must vary per each spam message (for example first spam message has the sender james@subdom1.foo-domain.com but the second sender has to be james@subdom2.foo-domain.com). The second important aspect is the selection of the white horse systems. White horse systems are the SMTP incoming mail servers with a high bandwidth. Once the spam campaign has been started to the white horse systems using the spam botnet, these systems check on the background whether the sender’s domain resolves to the domain MX or at least to an A record. Since the NS record is set to the target DNS server, the DNS requests will be performed to the target DNS server. Target DNS server receives multiple regular DNS requests for the bogus subdomain records(note that in the previous Denial of Service attacks against the DNS servers received either malformed, fragmented, ICMP messages or TCP SYN, with invalid length, or oversized and some of these can be filtered by the firewalls or security appliances). Since the DNS server does not have the records for the foo-domain.com, it has to respond negatively to the request. If the spam campaign is successful, the white horse systems flood the DNS server with multiple valid DNS requests. Regards Jakub Alimov [Seznam.cz] minor [zone-h.org] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2011:094 ] pure-ftpd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:094 http://www.mandriva.com/security/ ___ Package : pure-ftpd Date: May 19, 2011 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 ___ Problem Description: A denial-of-service (DoS) attack related to glob brace expansion was discovered and fixed in pure-ftpd (CVE-2011-0418). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149amp;products_id=490 The updated packages have been upgraded to the latest 1.0.32 version which is not vulnerable to this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0418 http://www.pureftpd.org/project/pure-ftpd/news ___ Updated Packages: Mandriva Linux 2009.0: 2acd88195b55f8a53e0f22ccd5260c24 2009.0/i586/pure-ftpd-1.0.32-0.1mdv2009.0.i586.rpm bfac76c40846a52ddf9b8a1abc5edf3c 2009.0/i586/pure-ftpd-anon-upload-1.0.32-0.1mdv2009.0.i586.rpm b1e3fcd7ffa2259f02e186d4c5dc50a3 2009.0/i586/pure-ftpd-anonymous-1.0.32-0.1mdv2009.0.i586.rpm f58daf4b54a354e82a794d100d4781a6 2009.0/SRPMS/pure-ftpd-1.0.32-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 1ef86906a451c694bdba178f9371ff9d 2009.0/x86_64/pure-ftpd-1.0.32-0.1mdv2009.0.x86_64.rpm 4f68287740f187b37b3e7d5cf081e197 2009.0/x86_64/pure-ftpd-anon-upload-1.0.32-0.1mdv2009.0.x86_64.rpm 4b257580afe20999e43f34fa921d70d6 2009.0/x86_64/pure-ftpd-anonymous-1.0.32-0.1mdv2009.0.x86_64.rpm f58daf4b54a354e82a794d100d4781a6 2009.0/SRPMS/pure-ftpd-1.0.32-0.1mdv2009.0.src.rpm Mandriva Linux 2010.1: ccc0647d427a31a103ca739d0ba20bfc 2010.1/i586/pure-ftpd-1.0.32-0.1mdv2010.2.i586.rpm 72642833bdcc96ce5facd5952b06066a 2010.1/i586/pure-ftpd-anon-upload-1.0.32-0.1mdv2010.2.i586.rpm 6e4956263a8655cc5403a8f5958019b1 2010.1/i586/pure-ftpd-anonymous-1.0.32-0.1mdv2010.2.i586.rpm ca752489c3af7bd14ab5b7d1c232e72f 2010.1/SRPMS/pure-ftpd-1.0.32-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: c3361b5b91ee6429933b70785eba5a80 2010.1/x86_64/pure-ftpd-1.0.32-0.1mdv2010.2.x86_64.rpm 1a11cce6839229c1f312f56c322ca615 2010.1/x86_64/pure-ftpd-anon-upload-1.0.32-0.1mdv2010.2.x86_64.rpm ccdf372f525a69dca66ed58d1241dfa2 2010.1/x86_64/pure-ftpd-anonymous-1.0.32-0.1mdv2010.2.x86_64.rpm ca752489c3af7bd14ab5b7d1c232e72f 2010.1/SRPMS/pure-ftpd-1.0.32-0.1mdv2010.2.src.rpm Corporate 4.0: 0441583b4381e946911a13795b6edccf corporate/4.0/i586/pure-ftpd-1.0.32-0.1.20060mlcs4.i586.rpm 375127a30296a60eac2152905412b798 corporate/4.0/i586/pure-ftpd-anon-upload-1.0.32-0.1.20060mlcs4.i586.rpm 38b01d4b3584d3995ca7790b25ccaae6 corporate/4.0/i586/pure-ftpd-anonymous-1.0.32-0.1.20060mlcs4.i586.rpm dc7cec35f7bbb78c15ef04dc617a9c8a corporate/4.0/SRPMS/pure-ftpd-1.0.32-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 58de36c82139959d006fe0892f66d696 corporate/4.0/x86_64/pure-ftpd-1.0.32-0.1.20060mlcs4.x86_64.rpm 42f29b1fd2b858908e10ffd5bcd07247 corporate/4.0/x86_64/pure-ftpd-anon-upload-1.0.32-0.1.20060mlcs4.x86_64.rpm 6bad2661dd405402bd966222fdaec9e0 corporate/4.0/x86_64/pure-ftpd-anonymous-1.0.32-0.1.20060mlcs4.x86_64.rpm dc7cec35f7bbb78c15ef04dc617a9c8a corporate/4.0/SRPMS/pure-ftpd-1.0.32-0.1.20060mlcs4.src.rpm Mandriva Enterprise Server 5: ead5a422b7e60c1af65a81c53b618260 mes5/i586/pure-ftpd-1.0.32-0.1mdvmes5.2.i586.rpm ccc02756eb2130f16967487916cef75f mes5/i586/pure-ftpd-anon-upload-1.0.32-0.1mdvmes5.2.i586.rpm aca8ae84abda72076ee40a99e1d145ad mes5/i586/pure-ftpd-anonymous-1.0.32-0.1mdvmes5.2.i586.rpm f9015d52a7cb03280973a24874bf6267 mes5/SRPMS/pure-ftpd-1.0.32-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 641b2ef9d80017720523e3102ca2b78c mes5/x86_64/pure-ftpd-1.0.32-0.1mdvmes5.2.x86_64.rpm 5109cfc4c1747e0834fa47bb37269bf3 mes5/x86_64/pure-ftpd-anon-upload-1.0.32-0.1mdvmes5.2.x86_64.rpm 8baf20ef3e7b2b730e76d9310d8b8c09 mes5/x86_64/pure-ftpd-anonymous-1.0.32-0.1mdvmes5.2.x86_64.rpm f9015d52a7cb03280973a24874bf6267 mes5/SRPMS/pure-ftpd-1.0.32-0.1mdvmes5.2.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at:
[Full-disclosure] [SECURITY] [DSA 2238-1] vino security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2238-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff May 19, 2011 http://www.debian.org/security/faq - - Package: vino Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-0904 CVE-2011-0905 Kevin Chen discovered that incorrect processing of framebuffer requests in the Vino VNC server could lead to denial of service. For the stable distribution (squeeze), this problem has been fixed in version 2.28.2-2+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 2.28.2-3. We recommend that you upgrade your vino packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk3VYqUACgkQXm3vHE4uylpk2wCeITfrImq2r8pBuEPA5+7uH/9S 3b4AoKgMcCz2JPsMOMyItXGJEL9OWSQt =Xqna -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CCAvenue.com Payment Gateway Vulnerable SQL Injection UPDATE
Never trust an Indian software company. Sure, go ahead and trust the Pakis instead ;-) What's wrong with those countries? I've seen users from the both countries advertising services with words such as leading, professional and when we look at their contact emails, we'll find peng...@gmail.com etc. ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New DDoS attack vector
On May 19, 2011, at 9:44 PM, minor float wrote: Dear list readers, on today we officially published our observations regarding the new attack vector of the DDoS against the DNS servers. Filtering out the bogus DNS queries generated by the MX-record lookups is pretty trivial with modern intelligent DDoS mitigation systems (IDMS). The assertion that 'previous Denial of Service attacks against the DNS servers received either malformed, fragmented, ICMP messages or TCP SYN, with invalid length, or oversized and some of these can be filtered by the firewalls or security appliances' is demonstrably false. DNS servers have been targeted by bogus queries intended to exhaust the DNS server resources directly, or via spoofed queries which are intended to generate reflection/amplification attacks, but which also have a deleterious effect on the performance of the abused open recursors, for many years. The posited scenario is unnecessarily complex. It's a heck of a lot easier to simply bombard targeted authoritative DNS servers with spoofed bogus queries from botnets and/or hit them with reflection/amplification attacks, rather than go through this elaborate steps of registering a domain, pointing the NS/MX records at the target, then generating lots of spam. The proximate attack method described - layer-7 DDoS via excessive queries - isn't new or unique, and the NS-record-related steps are unnecessary. There's simply no need to go to this amount of trouble to launch a DDoS attack against authoritative DNS servers, nor is such an attack as difficult to defend against as is claimed in the write-up, meaning that this attack methodology has no unique advantages to justify the extra steps regarding re-targeting NS/MX records and spam generation. --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com The basis of optimism is sheer terror. -- Oscar Wilde ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/