[Full-disclosure] [SECURITY] [DSA 2619-1] xen-qemu-dm-4.0 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2619-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff February 10, 2013 http://www.debian.org/security/faq - - Package: xen-qemu-dm-4.0 Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2012-6075 A buffer overflow was found in the e1000e emulation, which could be triggered when processing jumbo frames. For the stable distribution (squeeze), this problem has been fixed in version 4.0.1-2+squeeze3. For the unstable distribution (sid), this problem has been fixed in version 4.1.3-8 of the xen source package. We recommend that you upgrade your xen-qemu-dm-4.0 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlEX5CcACgkQXm3vHE4uylo4mgCdFJc+356WLUt64gpK/iA3pTt7 nB0AoOQ24Y1lE7KKo9FOExLXV9YOBqfN =M4Nv -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2612-2] ircd-ratbox update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2612-2 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff February 10, 2013 http://www.debian.org/security/faq - - Package: ircd-ratbox Vulnerability : programming error Problem type : remote Debian-specific: no CVE ID : CVE-2012-6084 This update to the previous ircd-ratbox DSA only raises the version number to ensure that a higher version is used than a previously binNMU on some architectures. For the stable distribution (squeeze), this problem has been fixed in version 3.0.6.dfsg-2+squeeze1. We recommend that you upgrade your ircd-ratbox packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEUEARECAAYFAlEX6JUACgkQXm3vHE4uylpioQCcDQvyJFUkZ53pzs3k7CFDvlL1 v6gAlAkyL/gZnYMKLZiUgbE7m3Stvg0= =J5xk -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ifIndex overflow (Linux Kernel - net/core/dev.c) [maybe offtopic]
That would require that you have sufficient access to create pseudo-eth devices in the first place. A vector of attack which requires previous privilege escalation or which is carried out by an individual in a position of trust is wholly uninteresting. The former requiring too much effort and the latter requiring a reexamination of your interpersonal relationships. -Daniel Daniel Preussker dan...@preussker.net writes: Hi, I was looking into the net/core/dev.c from the current Kernel (previous also have this) and found out that ifIndex gets incremented by an endless loop. After creating 4 billion pseudo-eth devices I finally got it to overflow and endless loop, had to kill the kernel - fun right? General question, is this known? Daniel Preussker [ Security Consultant, Network Protocol Security and Cryptography [ LPI Novell Certified Linux Engineer and Researcher [ +49 178 600 96 30 [ dan...@preussker.net [ http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x87E736968E490AA1 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] New security advisories for Apache CXF
Hi all, Two new critical security advisories against Apache CXF are announced: http://cxf.apache.org/cve-2012-5633.html http://cxf.apache.org/cve-2013-0239.html Upgrading to CXF 2.7.3, 2.6.6 or 2.5.9 is strongly recommended. Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Arbitrary command execution and trivial password guessing on Brother printers
Tested on Brother HL5370 latest firmware so far, confirmed working against many others by Brother documentation From Brother .de website - http://qr.cx/zCt9 Syntax for PJL JOB command includes - PASSWORD = password ( HL-1660e/2060/2400C/2400Ce/3400CN/1650/1670N/3260N/2460/7050/ 1850/1870N/5040/5050/5070N/5140/5150D/5170DN/2600CN/2700CN/3450CN/6050/6050D/6050DN/805 0N only ) When the password is set by the DEFAULT command, modifying the NVRAM by using the DEFAULT or INITIALIZE commands is locked with the password. Sending the correct password with this command can unlock this until the EOJ command is executed. password = 0 to 65,535 Default value = 0 When the printer receives the JOB command, the UEL command is not recognized as a job boundary until an EOJ command is received. Guessing 16-bit password is very fast, and printer does not or can not? slow down password guessing. Worse, password is easily found or not necessary. from printer ROM image header - 12345X@PJL SUPERUSER PASSWORD=[any 16-bit sign value] @PJL DEFAULT LANGSELECT=1 @PJL SUPERUSEROFF @PJL SUPERUSER PASSWORD=[any 16-bit sign value] @PJL WNVRAMBIT ADDRESS=288161793 DATA=1 @PJL SUPERUSEROFF @PJL SET PAGEPROTECT=OFF @PJL ENTER LANGUAGE=PCL -- binary begins here Have not tested past uploading arbitrary firm ware. This should be enough to worry. Probably no point to Brother network controller supporting https and snmp 3 now... Brother snmp 3 support only short keys any way. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ifIndex overflow (Linux Kernel - net/core/dev.c) [maybe offtopic]
The former requiring too much effort I'm not sure I agree with this statement. When Sony pissed off folks over the Playstation, countless hours were spent on the breaks and breach. Confer: http://thehackernews.com/2012/10/sony-playstation-3-hacked-with-custom.html and http://www.nbcnews.com/technology/ingame/hackers-stole-personal-data-playstation-network-123618. It does not hurt that Sony chronically drives drunk on the information superhighway. Confer: http://attrition.org/security/rants/sony_aka_sownage.html. Don't under estimate an attackers will or resolve. Jeff On Fri, Feb 8, 2013 at 6:05 AM, Daniel Corbe co...@corbe.net wrote: That would require that you have sufficient access to create pseudo-eth devices in the first place. A vector of attack which requires previous privilege escalation or which is carried out by an individual in a position of trust is wholly uninteresting. The former requiring too much effort and the latter requiring a reexamination of your interpersonal relationships. -Daniel Daniel Preussker dan...@preussker.net writes: Hi, I was looking into the net/core/dev.c from the current Kernel (previous also have this) and found out that ifIndex gets incremented by an endless loop. After creating 4 billion pseudo-eth devices I finally got it to overflow and endless loop, had to kill the kernel - fun right? General question, is this known? Daniel Preussker [ Security Consultant, Network Protocol Security and Cryptography [ LPI Novell Certified Linux Engineer and Researcher [ +49 178 600 96 30 [ dan...@preussker.net [ http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x87E736968E490AA1 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/