[Full-disclosure] [SECURITY] [DSA 2597-1] rails security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2597-1 secur...@debian.org http://www.debian.org/security/Nico Golde January 04, 2013 http://www.debian.org/security/faq - - Package: rails Vulnerability : input validation error Problem type : remote Debian-specific: no CVE ID : CVE-2012-5664 joernchen of Phenoelit discovered that rails, an MVC ruby based framework geared for web application development, is not properly treating user-supplied input to find_by_* methods. Depending on how the ruby on rails application is using these methods, this allows an attacker to perform SQL injection attacks, e.g., to bypass authentication if Authlogic is used and the session secret token is known. For the stable distribution (squeeze), this problem has been fixed in version 2.3.5-1.2+squeeze4. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in ruby-activerecord-2.3 version 2.3.14-3. We recommend that you upgrade your rails/ruby-activerecord-2.3 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlDnU5AACgkQHYflSXNkfP8q1wCgpLa0xB5jta45XcB0xCHcPcN/ iH4AniCdZzHSPW5kzYb8zYxvQ84BIJ9E =xdrl -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CFP: InfoSec Southwest Open
I'm pleased to announce the opening of the Call for Papers (CFP) for InfoSec SouthWest 2013! ISSW2013 will be held Friday, April 19 through Sunday, April 21, in Austin, Texas, USA. The CFP will run six weeks, closing on February 15, 2013. We are also excited about our selection for this year's keynote speaker, Dan Guido. Mr. Guido will be kicking off the conference with remarks about his experiences in the educational and academic corners of infosec. So, while we will happily accept and review any reasonable submission for ISSW2013, papers and presentations dealing with the unique concerns of .edu are especially appreciated. Please send (at a minimum) a two to three paragraph abstract describing your work, as well as a short biographical blurb about the presenter(s) to c...@infosecsouthwest.com. The more complete material you provide, the more likely your talk will be selected. Accepted presentations will be expected to fill time slots of approximately 50 minutes on a single track. ISSW2013 will also be hosting a continuous lightning talk venue, so if your work can be condensed to 15 minutes, you need not go through the CFP selection process. If you would like to be mentioned on the Turbo Talk agenda, though, please send in your name, topic title, and a brief, one to two sentence summary. The complete speaking agenda for ISSW2013 will be published on Friday, March 1, 2013, approximately two weeks after the CFP closes. To keep current, check on http://2013.infosecsouthwest.com/cfp.html -- Tod Beardsley CFP Committee Chair, ISSW2013 t...@metasploit.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2599-1] nss security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2599-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst January 06, 2013 http://www.debian.org/security/faq - - Package: nss Vulnerability : mis-issued intermediates Problem type : remote Debian-specific: no Google, Inc. discovered that the TurkTrust certification authority included in the Network Security Service libraries (nss) mis-issued two intermediate CA's which could be used to generate rogue end-entity certificates. This update explicitly distrusts those two intermediate CA's. The two existing TurkTrust root CA's remain active. For the stable distribution (squeeze), this problem has been fixed in version 3.12.8-1+squeeze6. For the testing distribution (wheezy), this problem has been fixed in version 2:3.13.6-2. For the unstable distribution (sid), this problem has been fixed in version 2:3.14.1.with.ckbi.1.93-1. We recommend that you upgrade your nss packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJQ6YrjAAoJEFb2GnlAHawEaXwH/AtwI3yLvEjagBZlixlFHT3K LHP6oMCA7k1nzZbVyAGzLZloWRQchsER6L2Y4DtW8aF3ZlzaH5iBgUTQCfbwyA30 25P1xBpY6AWaa51zY1BUGRJFibhTsTP4K5kv9RVpCt7uKSAfY9JOGh26BXcdsAjQ B2r+Ke62cAyCGhlKsF/ye8AJFV0Mw4b/kj8Mcu++xaKy+xvhe9d5qYrWSI0+5fOv OdB5Zmkb/mvX7RE8Fi3Nf+23wMaBUNHLqWUP3zgX7yw5S0HxNPSgXE1vlX3xBhiH azdsD8uPb1IPPgFwpYL4Pe/ahIdPZHNuR3C65aUsO/dC+RMcJQQnFkt+vQXecXU= =kAhN -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] TomatoCart 1.x | Cross Site Request Forgery Protection Bypass via JavaScript Hijacking
1. OVERVIEW TomatoCart 1.x versions are vulnerable to Cross Site Request Forgery Protection Bypass. 2. BACKGROUND TomatoCart is an innovative Open Source shopping cart solution developed by Wuxi Elootec Technology Co., Ltd. It is forked from osCommerce 3 as a separate project and is released under the GNU General Public License V2. Equipped with the web2.0 Technology Ajax and Rich Internet applications (RIAs), TomatoCart Team is devoted to building a landmark eCommerce solution. 3. VULNERABILITY DESCRIPTION TomatoCart 1.x versions contain a flaw related to the script '/admin/tocdesktop.php' failure to properly protect the JavaScript object, token which is used to prevent Cross Site Request Forgery attack. This allows an attacker to gain access to the token object via JavaScript Hijacking upon an administrator user's visit to his crafted page. Using the compromised token value, the attacker will then be able to perform administrator-privileged functions such as uploading file, creating user accounts and so forth. 4. VERSIONS AFFECTED Tested on 1.x (Note that we did not verify this issue on upcoming 2.x version - currently it's on alpha.) 5. PROOF-OF-CONCEPT/EXPLOIT The following recorded movie will demonstrate how we can leverage the CSRF-bypass flaw to create an arbitrary shell script. http://yehg.net/lab/pr0js/training/view/misc/TomatoCart-Anti-CSRF-Bypass-2-Shell/ 6. SOLUTION The vendor did not show commitment in hardening the application. Workaround is not to visit malicious web sites during login or to use a dedicated browser for TomatoCart administration. It is recommended to use alternative shopping cart application with good track record of security fixes. 7. VENDOR Wuxi Elootec Technology Co., Ltd. 8. CREDIT Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar. 9. DISCLOSURE TIME-LINE 2012-04-22: Contacted the vendor through email 2012-04-29: Vendor replied and the vulnerability information was sent 2013-01-07: Vulnerability not fixed 2013-01-07: Vulnerability disclosed 10. REFERENCES Original Advisory URL: http://yehg.net/lab/pr0js/advisories/%5Btomatocart1.x%5D_ant-csrf_bypass Other TomatoCart Advisory URL: http://yehg.net/lab/pr0js/advisories/%5Btomatocart1.x%5D_arbitrary_file_creation Other TomatoCart Advisory URL: http://yehg.net/lab/pr0js/advisories/%5Btomatocart1.x%5D_vulnerable_piwik TomatoCart Home Page: http://www.tomatocart.com/ #yehg [2013-01-07] - Best regards, YGN Ethical Hacker Group Yangon, Myanmar http://yehg.net Our Lab | http://yehg.net/lab Our Directory | http://yehg.net/hwd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/