[Full-disclosure] Last (short) chance to submit papers for PacSec in Tokyo Nov 13-14. Deadline FRIDAY.

2013-08-21 Thread Dragos Ruiu 
Since we didn't mail out to the traditional mailing lists for the PacSec CFP 
this year, this note is being sent out, and
we are allowing submissions to secwes...@pacsec.jp up until this Friday, August 
23.  

After more than ten years, you know the drill, and if you don't CFP details are 
on the website.

thanks,
--dr
--
Dragos Ruiu (d...@kyx.net)
PacSec - Technology Enhancement  - 2013 Tokyo November 13-14 - https://pacsec.jp
PGP: https://cansecwest.com/kyxpgp2013-2.asc - E471 9B0E E774 EB21 18C8 8C95 
37D1 C250 5D2B 20D0







___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] HackInTheBox CTF Weapons of Mass Destruction: War of the World

2013-08-21 Thread Jin Fu 
HackInTheBox Capture The Flag Malaysia is now back with more firepower 
and epic pwnage!


#-#
#A Bit of Histrory#
#-#

In our previous CTF (Fallout Apocalypse), each team had a set of 
daemons (called the Reactor Cores, or RC) running on their machines. 
Every solved RC granted the solving team with a Weaponized SCADA Exploit 
(WSE) that can be used to damage rival team’s’ RC. Teams could also bid 
for exploits of certain RC on the Black Market using the currency 
LeetCash (LC). Each team started with an equal amount of LC and they 
generated LC by keeping their RCs up and running.


##
#Moving On to 2013...#
##

Sponsored again by Trustwave Spiderlabs, CTF WMD: War of the World 
(referred to as WMD:WotW) will see teams given a ‘country’ which they’re 
required to protect their daemons  represented by Government Centers 
(GC), Finance Centers (FC), and Business Centers (BC). They are also 
required to launch attacks against rival teams’ countries. Teams will 
also be given side challenges (from categories such as forensic, 
reversing, network analysis (pcap), steganography and cryptography) that 
can be accessed by solving daemons. Nukes that are capable of completely 
destroying a rival team’s daemon can be unlocked by solving bonus 
challenges.


For more info + registration, please visit 
https://conference.hitb.org/hitbsecconf2013kul/event/capture-the-flag/


--
Best Regards,
Jin Fu | @tommychai67
http://www.hitb.org/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Who's behind limestonenetworks.com AKA DDoS on polipo(8123)

2013-08-21 Thread Luther Blissett 
Hello once more!

I was just one step away from seppuku when I remembered I've already
asked sillier questions that went unpunished... :D

Thank you for your time. It would have taken me some weeks at least to
figure out that this hex was no mystery at all to the trained eye. I'm
also a lot less worried after reading through your debate on the issue,
so no apologies needed. Harshness served to prompt others who might
otherwise have kept silent.

Though it is true that I'm running tor on slow consumer network, it's
not that slow. This guard machine has syn flood specific rules, so it
shouldn't have got blocked out.

I'm a little out of ideas and feeling in lack of knowledge. I shall
probably try to reproduce the "light wind" and see what happens.

Thanks to all!

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2013:214 ] python

2013-08-21 Thread security 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2013:214
 http://www.mandriva.com/en/support/security/
 ___

 Package : python
 Date: August 21, 2013
 Affected: Business Server 1.0
 ___

 Problem Description:

 Updated python packages fix security vulnerability:
 
 Ryan Sleevi of the Google Chrome Security Team has discovered that
 Python's SSL module doesn't handle NULL bytes inside subjectAltNames
 general names. This could lead to a breach when an application uses
 ssl.match_hostname() to match the hostname againt the certificate's
 subjectAltName's dNSName general names. (CVE-2013-4328).
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4328
 http://advisories.mageia.org/MGASA-2013-0250.html
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 752209b35068bee71a37ebf5a3529526  
mbs1/x86_64/lib64python2.7-2.7.3-4.4.mbs1.x86_64.rpm
 7005795c9900d103dc06fba1e63a4369  
mbs1/x86_64/lib64python-devel-2.7.3-4.4.mbs1.x86_64.rpm
 25a9f67c8e64f8f7cada826edbd6cc03  mbs1/x86_64/python-2.7.3-4.4.mbs1.x86_64.rpm
 b7db45905e718ec28d1aa13520443918  
mbs1/x86_64/python-docs-2.7.3-4.4.mbs1.noarch.rpm
 a944c78f7347b66f95c9e2fb9185bab0  mbs1/x86_64/tkinter-2.7.3-4.4.mbs1.x86_64.rpm
 52c5bd1a11d814b7a25412763b5d4cb5  
mbs1/x86_64/tkinter-apps-2.7.3-4.4.mbs1.x86_64.rpm 
 7eca355fc59fcf1e782edfbb762846a6  mbs1/SRPMS/python-2.7.3-4.4.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSFKqEmqjQ0CJFipgRAt5xAJ9PgVzBG3egWHFpJY0Ssp22ttnflQCgiRmH
LIuCymbMx5Dt7foQHGL/QQA=
=ZZBt
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager

2013-08-21 Thread Cisco Systems Product Security Incident Response Team 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Multiple Vulnerabilities in Cisco Unified Communications Manager

Advisory ID: cisco-sa-20130821-cucm

Revision 1.0

For Public Release 2013 August 21 16:00  UTC (GMT)
+-

Summary
===

Cisco Unified Communications Manager (Unified CM) contains multiple 
vulnerabilities that could allow an unauthenticated, remote attacker to modify 
data, execute arbitrary commands, or cause a denial of service (DoS) condition.

Cisco has released free software updates that address these vulnerabilities. 
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlIUzXcACgkQUddfH3/BbTpXXgD/WeFyThlNqzfx3Kaz/mbCYNSl
nw+mLEosxsMQ0kwhTYcA/0p6XATzXcrg/S2fFfez3FU1NT7RuVJIo38TqRiauwyo
=Yf0M
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Cisco Security Advisory: Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities

2013-08-21 Thread Cisco Systems Product Security Incident Response Team 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of 
Service Vulnerabilities

Advisory ID: cisco-sa-20130821-hcm

Revision 1.0

For Public Release 2013 August 21 16:00  UTC (GMT)
+-

Summary
===

Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance contains 
multiple vulnerabilities that could allow an unauthenticated, remote attacker 
to cause a denial of service (DoS) condition. Exploitation of these 
vulnerabilities could interrupt the monitoring of voice services and exhaust 
system resources.

Cisco has released free software updates that address these vulnerabilities. 
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-hcm

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlIUzXsACgkQUddfH3/BbToJkAD5AQjAro8GcIhpkruiGl278xX+
CS9W9PVkb+XhNdiIJEkA/1a0hHJ7hOwDzddAfa5epKOMiXOmDZhL+RLW9v4yT2E+
=WTtz
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Cisco Security Advisory: Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability

2013-08-21 Thread Cisco Systems Product Security Incident Response Team 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Cisco Unified Communications Manager IM and Presence Service Denial of Service 
Vulnerability

Advisory ID: cisco-sa-20130821-cup

Revision 1.0

For Public Release 2013 August 21 16:00  UTC (GMT)
+-

Summary
===

Cisco Unified Communications Manager IM and Presence Service contains a denial 
of service (DoS) vulnerability that could allow an unauthenticated, remote 
attacker to cause a denial of service (DoS) condition. Exploitation of this 
vulnerability could cause an interruption of presence services.

Cisco has released free software updates that address this vulnerability.  

There are no workarounds available to mitigate exploitation of this 
vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cup
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlIUzXQACgkQUddfH3/BbTofOAD9EqfgTnNVxIJYLzYUC5gIn8Hs
xU7IztTDmNcT5MYk7JIA+gLzD3I64qxWRUvGie8/9Wpex+7g7n07l/oYPKZ35j8h
=h+xc
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] CVE-2013-3186 - The case of a one click sandbox escape on IE

2013-08-21 Thread Fermín J . Serna 
Hi,

Lately I have been researching IE sandbox escapes with some nice outcome...
 Find further details of a 1 click sandbox escape on IE at:

http://zhodiac.hispahack.com/index.php?section=blog&day=21&month=8&year=2013

Cheers,

---
Fermín J. Serna

Web & Blog: http://zhodiac.hispahack.com
Pgp key: http://zhodiac.hispahack.com/gpg/zhodiac.asc
Twitter: @fjserna
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Windows Embedded POSReady 2009: cruft, not craft

2013-08-21 Thread Stefan Kanthak 
Hi,

the cruft in the evaluation version of Windows Embedded POSReady 2009
(see ) is not only
present there, but also in systems built with Microsofts official
"OEM preinstallation kit", distributed as DVD X15-28127.

Result: all these embedded systems are susceptible to a trivial to
exploit privilege escalation!


BUT: there is more garbage in Windows Embedded POSReady 2009!

[HKEY_LOCAL_MACHINE\SOFTWARE\3Com\...]
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\...]
[HKEY_LOCAL_MACHINE\SOFTWARE\Aureal\...]
[HKEY_LOCAL_MACHINE\SOFTWARE\BCMDM\...]
[HKEY_LOCAL_MACHINE\SOFTWARE\Brother\...]
[HKEY_LOCAL_MACHINE\SOFTWARE\Creative Tech\...]
[HKEY_LOCAL_MACHINE\SOFTWARE\Digi\...]
[HKEY_LOCAL_MACHINE\SOFTWARE\Generic\...]
[HKEY_LOCAL_MACHINE\SOFTWARE\GenericSoftModemUninstallInfo\...]
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\...]
[HKEY_LOCAL_MACHINE\SOFTWARE\Logitech\...]
[HKEY_LOCAL_MACHINE\SOFTWARE\Lucent\...]
[HKEY_LOCAL_MACHINE\SOFTWARE\Neomagic\...]
[HKEY_LOCAL_MACHINE\SOFTWARE\PCTEL\...]
[HKEY_LOCAL_MACHINE\SOFTWARE\S3\...]
[HKEY_LOCAL_MACHINE\SOFTWARE\Specialix\...]
[HKEY_LOCAL_MACHINE\SOFTWARE\TOSHIBA\...]
[HKEY_LOCAL_MACHINE\SOFTWARE\Vid_0471\...]
[HKEY_LOCAL_MACHINE\SOFTWARE\Vid_05A9\...]
[HKEY_LOCAL_MACHINE\SOFTWARE\VN_VUIns\...]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}]
@="GraphicsShellExt Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}\InProcServer32]
@="C:\\WINDOWS\\system32\\igfxpph.dll"
...

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300b0160-6129-11d7-8dc7-00d0b72c72f7}]
@="S3Display Property Sheet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300b0160-6129-11d7-8dc7-00d0b72c72f7}\InProcServer32]
@="VTDisply.dll"
...

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300b0161-6129-11d7-8dc7-00d0b72c72f7}]
@="S3Gamma2 Property Sheet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300b0161-6129-11d7-8dc7-00d0b72c72f7}\InProcServer32]
@="VTGamma2.dll"
...

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300b0162-6129-11d7-8dc7-00d0b72c72f7}]
@="S3Info2 Property Sheet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300b0162-6129-11d7-8dc7-00d0b72c72f7}\InProcServer32]
@="VTInfo2.dll"
...

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300b0163-6129-11d7-8dc7-00d0b72c72f7}]
@="S3Overlay Property Sheet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300b0163-6129-11d7-8dc7-00d0b72c72f7}\InProcServer32]
@="VTOvrlay.dll"
...

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba87e880-5a57-11d3-bfcb-00aa0022f394}]
@="S3ConfigD3D Property Sheet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba87e880-5a57-11d3-bfcb-00aa0022f394}\InProcServer32]
@="S3Cfg3d.dll"
...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls 
Folder\Display\ShellEx\PropertySheetHandlers\igfxcui]
@="{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls 
Folder\Display\ShellEx\PropertySheetHandlers\S3Config3D]
@="{ba87e880-5a57-11d3-bfcb-00aa0022f394}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls 
Folder\Display\ShellEx\PropertySheetHandlers\S3Display]
@="{300b0160-6129-11d7-8dc7-00d0b72c72f7}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls 
Folder\Display\ShellEx\PropertySheetHandlers\S3Gamma2]
@="{300b0161-6129-11d7-8dc7-00d0b72c72f7}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls 
Folder\Display\ShellEx\PropertySheetHandlers\S3Info2]
@="{300b0162-6129-11d7-8dc7-00d0b72c72f7}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls 
Folder\Display\ShellEx\PropertySheetHandlers\S3Overlay]
@="{300b0163-6129-11d7-8dc7-00d0b72c72f7}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls 
Folder\Display\ShellEx\PropertySheetHandlers\VTConfig3D]
@="{ba87e880-5a57-11d3-bfcb-00aa0022f394}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls 
Folder\Display\ShellEx\PropertySheetHandlers\VTDisplay]
@="{300b0160-6129-11d7-8dc7-00d0b72c72f7}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls 
Folder\Display\ShellEx\PropertySheetHandlers\VTGamma2]
@="{300b0161-6129-11d7-8dc7-00d0b72c72f7}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls 
Folder\Display\ShellEx\PropertySheetHandlers\VTInfo2]
@="{300b0162-6129-11d7-8dc7-00d0b72c72f7}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls 
Folder\Display\ShellEx\PropertySheetHandlers\VTOverlay]
@="{300b0163-6129-11d7-8dc7-00d0b72c72f7}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VModes"="VModes UpdateRegistryOnly"
"VTTrayp"="VTtrayp.exe"
"VTTimer"="VTTimer.exe"
"S3Trayp"="S3trayp.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"TrackPointSrv"="tp4mon.exe"
"USBC"="C:\\WINDOWS\\system32\\wscript.exe 
C:\\W

[Full-disclosure] [Security-news] SA-CONTRIB-2013-070 - Zen - Cross Site Scripting

2013-08-21 Thread security-news 
View online: https://drupal.org/node/2071157

  * Advisory ID: DRUPAL-SA-CONTRIB-2013-070
  * Project: Zen [1] (third-party module)
  * Version: 7.x
  * Date: 2013-August-21
  * Security risk: Moderately critical [2]
  * Exploitable from: Remote
  * Vulnerability: Cross Site Scripting

 DESCRIPTION  
-

The Zen theme is a very popular base/starter theme.

Zen doesn't sufficiently escape the breadcrumb separator field, allowing a
possible XSS exploit.

This vulnerability is mitigated by the fact that an attacker must have a role
with the permission "administer themes".


 CVE IDENTIFIER(S) ISSUED  


  * /A CVE identifier [3] will be requested, and added upon issuance, in
accordance with Drupal Security Team processes./

 VERSIONS AFFECTED  
---

  * Zen 7.x-3.x versions prior to 7.x-3.2.
  * Zen 7.x-5.x versions prior to 7.x-5.4.

Drupal core is not affected. If you do not use the contributed Zen [4]
module, there is nothing you need to do.

 SOLUTION  


Install the latest version:

  * If you use the Zen theme for Drupal 7.x, upgrade to Zen 7.x-3.2 [5] or Zen
7.x-5.4 [6].

Also see the Zen [7] project page.

 REPORTED BY  
-

  * Daniel Nitsche [8]

 FIXED BY  


  * John Albin Wilkins [9], the theme maintainer

 COORDINATED BY  
--

  * Greg Knaddison [10] of the Drupal Security Team
  * Klaus Purer [11] of the Drupal Security Team

 CONTACT AND MORE INFORMATION  


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [12].

Learn more about the Drupal Security team and their policies [13], writing
secure code for Drupal [14], and securing your site [15].


[1] http://drupal.org/project/zen
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/zen
[5] https://drupal.org/node/2071065
[6] https://drupal.org/node/2071055
[7] http://drupal.org/project/zen
[8] http://drupal.org/user/1151108
[9] http://drupal.org/user/32095
[10] http://drupal.org/user/36762
[11] http://drupal.org/user/262198
[12] http://drupal.org/contact
[13] http://drupal.org/security-team
[14] http://drupal.org/writing-secure-code
[15] http://drupal.org/security/secure-configuration

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SECURITY] [DSA 2739-1] cacti security update

2013-08-21 Thread Moritz Muehlenhoff 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- -
Debian Security Advisory DSA-2739-1   secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
August 21, 2013http://www.debian.org/security/faq
- -

Package: cacti
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID : CVE-2013-1434 CVE-2013-1435

Two security issues (SQL injection and command line injection via SNMP
settings) were found in Cacti, a web interface for graphing of monitoring 
systems. 

For the oldstable distribution (squeeze), these problems have been fixed in
version 0.8.7g-1+squeeze2.

For the stable distribution (wheezy), these problems have been fixed in
version 0.8.8a+dfsg-5+deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 0.8.8b+dfsg-2.

We recommend that you upgrade your cacti packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (GNU/Linux)

iEYEARECAAYFAlIVGbIACgkQXm3vHE4uylreEgCbBAn3yyfWbdhnXbyGYIHh9PFv
u3YAnioUU1Bpnb51iQ3n2M27RskKnH3Y
=XvPc
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Vulnerabilities in Avaya IP Office Customer Call Reporter

2013-08-21 Thread MustLive 

Hello list!

I want to warn you about vulnerabilities in Avaya IP Office Customer Call
Reporter. These are Remote HTML Include and Remote XSS Include (Cross-Site
Scripting) vulnerabilities.

After I found multiple vulnerabilities in Avaya IP Office Customer Call
Reporter in December, I informed ZDI about them (critical ones). ZDI was
very slow in processing these holes (regardless of my remindings) and only
at 30th of July they begun actively working with them. I wrote about this
case with ZDI in WASC Mailing List
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-July/008883.html).

When Avaya ignored my informing in July and ZDI stopped working on this case
in August (since Avaya was not responding to them also), I published these
two vulnerabilities (the least critical). There are many other
vulnerabilities, including critical holes which allow to take control over
admin panel, so Avaya still has a chance to get details of vulnerabilities
in their product before public disclosure.

-
Affected products:
-

Vulnerable are Avaya IP Office Customer Call Reporter 8.0.9.13 (tested in
December 2012) and 9.0.0.0 (tested recently) and previous versions.

-
Affected vendors:
-

Avaya Inc.
http://www.avaya.com

--
Details:
--

Remote HTML Include (Frame Injection) (WASC-12):

http://site/CCRWebClient/Help/en-US/index.htm?//websecurity.com.ua

Remote XSS Include (Cross-Site Scripting) (WASC-08):

http://site/CCRWebClient/Help/en-US/index.htm?//websecurity.com.ua/webtools/xss_r2.html


Timeline:
 


2012.12.06 - found multiple vulnerabilities (these ones and other critical
holes).
2012.12.13 - informed ZDI about other critical vulnerabilities.
2012.12.18 - again informed ZDI about other critical vulnerabilities.
2013.01.27 - registered at zerodayinitiative.com and informed them through
the site. ZDI started working on the case.
2013.07.28 - informed Avaya (via two contact forms) about these holes and
other critical vulnerabilities, due to slowness of ZDI.
2013.07.29 - wrote about ZDI in WASC Mailing List.
2013.07.30 - if earlier ZDI only pretended they work on the case, then this
time they started working actively on it (and tried to contact Avaya).
2013.08.07 - ZDI stopped working on the case and closed it, since Avaya was
not responding.
2013.08.20 - disclosed at my site (http://websecurity.com.ua/6717/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/