[Full-disclosure] CVE-2013-3739 Local File Inclusion in Weathermap = 0.97C
= WEBERA ALERT ADVISORY 01 - Discovered by: Anthony Dubuissez - Severity: high - CVE Request - 03/06/2013 - CVE Assign - 03/06/2013 - CVE Number - CVE-2013-3739 - Vendor notification - 03/06/2013 - Vendor reply - No reply - Public disclosure - 10/06/2013 = I. VULNERABILITY - Local File Inclusion in Weathermap = 0.97C II. BACKGROUND - Network Weathermap is a network visualisation tool, to take data you already have and show you an overview of your network in map form. Support is built in for RRD, MRTG (RRD and old log-format), and tab-delimited text files. Other sources are via plugins or external scripts. III. DESCRIPTION - Network Weathermap 0.97C and lower versions contain a flaw that allows a local file inclusion attack. This flaw exists because the application does not properly sanitise the parameter mapname in the editor.php file. This allows an attacker to create a specially crafted URL to include any .config file on the web server, you can bypass the .config restriction filter with a php bug. the editor.php must be enabled to successfully exploit. IV. PROOF OF CONCEPT - LFI: http://vulnerablesite.com/editor.php?action=show_configmapname=../../../../../../../../../etc/apache2/apache2.conf V. BUSINESS IMPACT - LFI: With a php bug we can include any file that the webserver has right to read, including sensitive config files ( php file too, because it's not executed but read with fopen) . VI. SYSTEMS AFFECTED - Network Weathermap 0.97C and lower versions VII. SOLUTION - sanitize correctly the mapname parameter. TEMP SOLUTION : disable editor.php VIII. REFERENCES - http://www.webera.fr/advisory-01-network-weathermap-local-file-inclusion-exploit IX. CREDITS - the vulnerability has been discovered by Anthony Dubuissez (anthony (dot) dubuissez (at) webera (dot) fr). X. DISCLOSURE TIMELINE - June 01, 2013: Vulnerability acquired by Webera June 03, 2013: Sent to vendor. June 06, 2013: No reply of vendor, sent second email. June 10, 2013: No reply of vendor, Advisory published and sent to lists. XI. LEGAL NOTICES - The information contained within this advisory is supplied as-is with no warranties or guarantees of fitness of use or otherwise.Webera accepts no responsibility for any damage caused by the use or misuse of this information. XII. FOLLOW US - You can follow Webera, news and security advisories at: On twitter : @erathemass ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Hack Cup 2013
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Immunity is excited to announce our fourth annual Hack Cup this year in Las Vegas! As always, it will be held the day after BlackHat (August 2nd). Anyone interested in playing indoor soccer is welcome to join! The rules will be the same as previous years: o The tournament will go from 9:00-13:00. o We will have 12 teams of five players each, playing 15-minute matches in four different groups. We recommend that you have up to 3 substitutes as it's a very fast field and you may have had a few beers the night before. Last year, several teams absorbed people who came without a team, so if you don't know five other soccer players, all is not lost. You'll make new friends! Brazil won last year cup... Will this be the Argentinian year? or with the Champion League triumph, Germany will finally put together a team? We just opened the team subscription page which can be found here: http://www.hack-cup.com/add-your-team Keep in mind that there are only 12 spots and it's first come, first serve! For more information about the tournament, check out: http://www.hack-cup.com/ Thanks, Team Hack Cup! PS: And don't forget, if you dont have a team, just sign-up by yourself and we will find you one. - -- Nico Waisman Immunity, Inc. nico...@immunityinc.com (+54) 11-4833-3205. Malabia 2162 2nd floor Buenos Aires, Argentina -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlG116AACgkQnx8KWzmcRsFwNgCgp8uqpifa6vZTyTDT7+PERbxo NgUAn0mzn+M4sMo01zaJKA4yJnmslpLa =FGwl -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2705-1] pymongo security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2705-1 secur...@debian.org http://www.debian.org/security/ Giuseppe Iuculano June 10, 2013 http://www.debian.org/security/faq - - Package: pymongo Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2013-2132 Debian Bug : 710597 Jibbers McGee discovered that pymongo, a high-performance schema-free document-oriented data store, is prone to a denial-of-service vulnerability. An attacker can remotely trigger a NULL pointer dereference causing MongoDB to crash. The oldstable distribution (squeeze), is not affected by this issue. For the stable distribution (wheezy), this problem has been fixed in version 2.2-4+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 2.5.2-1. For the unstable distribution (sid), this problem has been fixed in version 2.5.2-1. We recommend that you upgrade your pymongo packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlG2BsAACgkQNxpp46476aoAaQCgnl/X00m0CRsoeMxfmEgiCEk7 ZtAAn0efAfm8EzRV6foV4yMvilWeDGtK =hOgv -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2706-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2706-1 secur...@debian.org http://www.debian.org/security/ Giuseppe Iuculano June 10, 2013 http://www.debian.org/security/faq - - Package: chromium-browser Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-2855 CVE-2013-2856 CVE-2013-2857 CVE-2013-2858 CVE-2013-2859 CVE-2013-2860 CVE-2013-2861 CVE-2013-2862 CVE-2013-2863 CVE-2013-2865 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-2855 The Developer Tools API in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2013-2856 Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input. CVE-2013-2857 Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images. CVE-2013-2858 Use-after-free vulnerability in the HTML5 Audio implementation in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2013-2859 Chromium before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors. CVE-2013-2860 Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process. CVE-2013-2861 Use-after-free vulnerability in the SVG implementation in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2013-2862 Skia, as used in Chromium before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2013-2863 Chromium before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. CVE-2013-2865 Multiple unspecified vulnerabilities in Chromium before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. For the stable distribution (wheezy), these problems have been fixed in version 27.0.1453.110-1~deb7u1. For the testing distribution (jessie), these problems have been fixed in version 27.0.1453.110-1. For the unstable distribution (sid), these problems have been fixed in version 27.0.1453.110-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlG2EQUACgkQNxpp46476aoVswCfTT3tgaA0Wpkmb/8x+jvc43GK o3gAn3plraTpR6vKqtXrVTLN9m6irBL+ =PLYK -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Why PRISM kills the cloud | Computerworld Blogs
http://m.blogs.computerworld.com/cloud-storage/22305/why-prism-kills-cloud ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Why PRISM kills the cloud | Computerworld Blogs
Why is the Prims program such a big deal today? Most of us knew about echellon and the patriot act didnt we? This program was unconstinutional at the first place and should have raised indignation when it was approved at that time... Seems like some people spend way to much time focusing on the second amendment rather than the first one... Le 2013-06-10 19:46, Ivan .Heca ivan...@gmail.com a écrit : http://m.blogs.computerworld.com/cloud-storage/22305/why-prism-kills-cloud ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Why PRISM kills the cloud | Computerworld Blogs
On Mon, Jun 10, 2013 at 9:15 PM, laurent gaffie laurent.gaf...@gmail.com wrote: Why is the Prims program such a big deal today? Most of us knew about echelon and the patriot act didn't we? This program was unconstitutional at the first place and should have raised indignation when it was approved at that time... +1. Below is my standard verbiage on clouds and backups to clouds. Jeff clouds and drop boxes. If you don’t want your data analyzed, inspected, shared, or mishandled, then don’t provide it in the first place. Data migration includes backups, so ensure you are using the proper attributes on your files. For Apple systems, the file should have kCFURLIsExcludedFromBackupKey file property or com.apple.MobileBackup extended attribute (see Technical QA QA1719 for details). Android applications should add android:allowBackup on the application tag and set it to false in AndroidManifest.xml. Windows’ integrated cloud backup is new, and there’s currently no way for an application to back up to the cloud (and hence, no way to stop it). A layman’s analysis of License Agreements and Terms and Conditions will reveal how little security is afforded to your documents in cloud storage. For those who don’t read them, one popular platform has 142 separate documents covering Terms of Conditions for its cloud alone.[18] The documents discuss your rights if the company (1) gives away your data, (2) shares you data with partners, (3) looses your data, (4) provides your data to authorities (sometimes without an order or warrant), (5) does not provide reasonable skill or care, (6) commits willful misconduct or fraud, and (7) acts with negligence or gross negligence. “Your rights” is misleading since it is consent, and the document effectively states you indemnify the company: “You agree to defend, indemnify and hold [company], its affiliates, subsidiaries, directors, officers, employees, agents, partners, contractors, and licensors harmless from any claim or demand, including reasonable attorneys’ fees, made by a third party.”[19] [18] iCloud Terms and Conditions, https://www.apple.com/legal/internet-services/icloud/ww/ [19] iCLOUD TERMS AND CONDITIONS, https://www.apple.com/legal/internet-services/icloud/en/terms.html Le 2013-06-10 19:46, Ivan .Heca ivan...@gmail.com a écrit : http://m.blogs.computerworld.com/cloud-storage/22305/why-prism-kills-cloud ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Why PRISM kills the cloud | Computerworld Blogs
A number of cloud provider business plans will need tweaking now On 11/06/2013 11:30 AM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Jun 10, 2013 at 9:15 PM, laurent gaffie laurent.gaf...@gmail.com wrote: Why is the Prims program such a big deal today? Most of us knew about echelon and the patriot act didn't we? This program was unconstitutional at the first place and should have raised indignation when it was approved at that time... +1. Below is my standard verbiage on clouds and backups to clouds. Jeff clouds and drop boxes. If you don’t want your data analyzed, inspected, shared, or mishandled, then don’t provide it in the first place. Data migration includes backups, so ensure you are using the proper attributes on your files. For Apple systems, the file should have kCFURLIsExcludedFromBackupKey file property or com.apple.MobileBackup extended attribute (see Technical QA QA1719 for details). Android applications should add android:allowBackup on the application tag and set it to false in AndroidManifest.xml. Windows’ integrated cloud backup is new, and there’s currently no way for an application to back up to the cloud (and hence, no way to stop it). A layman’s analysis of License Agreements and Terms and Conditions will reveal how little security is afforded to your documents in cloud storage. For those who don’t read them, one popular platform has 142 separate documents covering Terms of Conditions for its cloud alone.[18] The documents discuss your rights if the company (1) gives away your data, (2) shares you data with partners, (3) looses your data, (4) provides your data to authorities (sometimes without an order or warrant), (5) does not provide reasonable skill or care, (6) commits willful misconduct or fraud, and (7) acts with negligence or gross negligence. “Your rights” is misleading since it is consent, and the document effectively states you indemnify the company: “You agree to defend, indemnify and hold [company], its affiliates, subsidiaries, directors, officers, employees, agents, partners, contractors, and licensors harmless from any claim or demand, including reasonable attorneys’ fees, made by a third party.”[19] [18] iCloud Terms and Conditions, https://www.apple.com/legal/internet-services/icloud/ww/ [19] iCLOUD TERMS AND CONDITIONS, https://www.apple.com/legal/internet-services/icloud/en/terms.html Le 2013-06-10 19:46, Ivan .Heca ivan...@gmail.com a écrit : http://m.blogs.computerworld.com/cloud-storage/22305/why-prism-kills-cloud ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Why PRISM kills the cloud | Computerworld Blogs
On Mon, Jun 10, 2013 at 6:30 PM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Jun 10, 2013 at 9:15 PM, laurent gaffie laurent.gaf...@gmail.com wrote: Why is the Prims program such a big deal today? Most of us knew about echelon and the patriot act didn't we? This program was unconstitutional at the first place and should have raised indignation when it was approved at that time... +1. Below is my standard verbiage on clouds and backups to clouds. Jeff clouds and drop boxes. If you don’t want your data analyzed, inspected, shared, or mishandled, then don’t provide it in the first place. snip http://technet.microsoft.com/library/cc722487.aspx Numbers 3 and 6, at a minimum - from 1999/2000, or thereabouts. Kurt ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/