date:20130620

Re: [Full-disclosure] Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :)

2013-06-20 Thread Mark Felder


On Wed, 19 Jun 2013 16:32:59 -0500, Hunger hun...@hunger.hu wrote:


$ uname -a
FreeBSD fbsd91x64 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec
4 09:23:10 UTC 2012
r...@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
$ id
uid=1001(hunger) gid=1002(hunger) groups=1002(hunger)
$ gcc fbsd9lul.c -o fbsd9lul
$ ./fbsd9lul
FreeBSD 9.{0,1} mmap/ptrace exploit
by Hunger fbsd9...@hunger.hu
# id
uid=0(root) gid=0(wheel) egid=1002(hunger) groups=1002(hunger)
#


But does your exploit compile with clang?

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Microsofts NEW Bug Bounty Program 2013 BlueHat Competition Bonus Update!

2013-06-20 Thread Vulnerability Lab

Reference(s): Public News
http://threatpost.com/microsoft-launches-10-bug-bounty-program/
http://www.wired.com/threatlevel/2013/06/microsoft-bug-bounty-program/
http://winfuture.de/news,76612.html http://winfuture.de/news,76612.html
http://www.golem.de/news/microsoft-windows-8-1-bis-zu-100-000-us-dollar-fuer-sicherheitsfehler-1306-99917.html
http://www.forbes.com/sites/tonybradley/2013/06/19/microsoft-bug-bounty-program-puts-big-bucks-on-the-line/
http://www.wired.com/threatlevel/2013/06/microsoft-bug-bounty-program/
http://www.zdnet.com/microsoft-unleashes-bug-bounty-program-for-betas-too-716956/
http://www.theregister.co.uk/2013/06/19/microsoft_bug_bounty_black_hat/
http://arstechnica.com/security/2013/06/microsoft-will-pay-up-to-100k-for-new-windows-exploit-techniques/
http://www.computerweekly.com/news/2240186490/Microsoft-offers-cash-rewards-for-security-bug-hunters
http://www.scmagazine.com/microsofts-new-bug-bounty-program-offers-up-to-11k-in-incentives/article/299436/
http://krebsonsecurity.com/2013/06/microsoft-to-offer-standing-bug-bounty/
http://www.informationweek.com/security/vulnerabilities/microsoft-dangles-10-bug-bounty/240156953
http://www.heise.de/security/meldung/Microsoft-zahlt-Finderlohn-fuer-Sicherheitsluecken-1892925.html
http://www.golem.de/news/microsoft-windows-8-1-bis-zu-100-000-us-dollar-fuer-sicherheitsfehler-1306-99917.html
http://www.pcmag.com/article2/0,2817,2420691,00.asp
http://news.cnet.com/8301-10805_3-57590079-75/microsoft-offers-up-a-bounty-for-finding-bugs-in-beta/

-- 
VULNERABILITY RESEARCH LABORATORY
LABORATORY RESEARCH TEAM
CONTACT: resea...@vulnerability-lab.com

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] FPD, XSS and CS vulnerabilities in Slash WP theme for WordPress

2013-06-20 Thread MustLive


Hello list!

I want to warn you about multiple vulnerabilities in Slash WP theme for 
WordPress. This is commercial theme for WP.


These are Full path disclosure, Cross-Site Scripting and Content Spoofing 
vulnerabilities.


-
Affected products:
-

Vulnerable are all versions of Slash WP theme for WordPress. After I've 
informed developers about these vulnerabilities in April, they just thanked 
and promised to look at these vulnerabilities. There are no information if 
they fixed these holes already or when they are planning to do it. So all 
users of the theme should contact the developers for updates.


-
Affected vendors:
-

Dream-Theme
http://dream-theme.com

--
Details:
--

Full path disclosure (WASC-13):

http://site/wp-content/themes/slash-wp/

FPD in index.php and other php-files in plugin's folder and subfolders.

Cross-Site Scripting (WASC-08):

In the theme there are jPlayer 2.1.0 and JW Player 5.8.2011, about 
vulnerabilities in which I wrote earlier (in 2012 and 2013).


http://site/wp-content/themes/slash-wp/js/jplayer/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(document.cookie)//

http://site/wp-content/themes/slash-wp/js/jplayer/Jplayer.swf?id=%27))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//

http://site/wp-content/themes/slash-wp/js/jwplayer/player.swf?playerready=alert(document.cookie)

http://site/wp-content/themes/slash-wp/js/jwplayer/player.swf?displayclick=linklink=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ%2Bfile=1.jpg

There is flash file of JW Player at some sites with this theme, but not at 
others. According to theme's description, theme has built-in support of JW 
Player, but it's not included in standard bundle (only jPlayer). But it can 
be installed separately and some web sites owners do it.


Content Spoofing (WASC-12):

About Content Spoofing vulnerabilities and about other XSS vulnerabilities 
in JW Player (http://securityvulns.com/docs28176.html) and in jPlayer 
(http://securityvulns.com/docs29316.html), you can read in corresponding 
advisories.



Timeline:
 


2013.04.11 - announced at my site.
2013.04.12 - informed developers.
2013.06.20 - disclosed at my site (http://websecurity.com.ua/6440/).

Best wishes  regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :)

2013-06-20 Thread Valdis . Kletnieks

On Thu, 20 Jun 2013 06:56:16 -0500, Mark Felder said:

 But does your exploit compile with clang?

I'm gonna have to call Poe's Law on this one.  I can't tell if you're
trolling or merely confused. :)


pgpaBf1CNScQF.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :)

2013-06-20 Thread Kurt Buff

On Thu, Jun 20, 2013 at 3:41 PM,  valdis.kletni...@vt.edu wrote:
 On Thu, 20 Jun 2013 06:56:16 -0500, Mark Felder said:

 But does your exploit compile with clang?

 I'm gonna have to call Poe's Law on this one.  I can't tell if you're
 trolling or merely confused. :)

My guess is he's troll-baiting.

Incorporation of clang in FreeBSD as the default compiler (vs. gnucc)
has been a matter of some heat+light in the FreeBSD community.

Kurt

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :)

Re: [Full-disclosure] Microsofts NEW Bug Bounty Program 2013 BlueHat Competition Bonus Update!

[Full-disclosure] FPD, XSS and CS vulnerabilities in Slash WP theme for WordPress

Re: [Full-disclosure] Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :)

Re: [Full-disclosure] Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :)

5 matches

Site Navigation

Mail list logo

Footer information